FortiGuard Labs recently observed several targeted phishing campaigns in Taiwan that use themes designed to exploit local business processes. These campaigns disseminate Winos 4.0 (ValleyRat) and subsequent malicious plugins through weaponized attachments or embedded links.
The lures mimic official communications, such as tax audit notifications, tax filing software installers, and cloud-based e-invoice downloads. Fortinet researchers analysis of domain registration data reveals that attackers use a rotating set of domains and cloud services to host and distribute malware. The highly volatile nature of this infrastructure renders traditional, static domain blocking insufficient as a primary defense. Over the past two months, the researchers have identified various delivery techniques, including malicious LNK files used for a downloader.
Read more…
Source: Fortinet
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- US accuses former L3Harris cyber boss of stealing and selling secrets to Russian buyer
October 23, 2025
The U.S. government has accused a former executive at defense contractor L3Harris of stealing trade secrets and selling them to a buyer in Russia, according to court documents seen by TechCrunch. On October 14, the Department of Justice accused Peter Williams of stealing eight trade secrets from two unnamed companies. The DOJ made the allegation in ...
- Hidden debug code returns from the dead as TP-Link routers face a wave of new critical root access flaws
October 23, 2025
Two newly disclosed flaws in TP-Link’s Omada and Festa VPN routers have exposed deep-seated weaknesses in the company’s firmware security. The vulnerabilities, tracked as CVE-2025-7850 and CVE-2025-7851, were identified by researchers from Forescout’s Vedere Labs. These vulnerabilities were described as part of a recurring pattern of incomplete patching and residual debug code. Read more… Source: TechPro News Sign up ...
- Deep analysis of the flaw in BetterBank reward logic
October 22, 2025
From August 26 to 27, 2025, BetterBank, a decentralized finance (DeFi) protocol operating on the PulseChain network, fell victim to a sophisticated exploit involving liquidity manipulation and reward minting. The attack resulted in an initial loss of approximately $5 million in digital assets. Following on-chain negotiations, the attacker returned approximately $2.7 million in assets, mitigating the ...
- Unmasking MuddyWater’s New Malware Toolkit Driving International Espionage
October 22, 2025
Group-IB Threat Intelligence uncovered a sophisticated phishing campaign orchestrated by the Advanced Persistent Threat (APT) MuddyWater, targeting international organizations worldwide to gather foreign intelligence. MuddyWater accessed the compromised mailbox through NordVPN(a legitimate service abused by the threat actor), and used it to send phishing emails that appeared to be authentic correspondence. By exploiting the trust and ...
- CISA warns high-severity Windows SMB flaw now exploited in attacks – update now
October 22, 2025
Microsoft has acknowledged older versions of Windows 10, Windows 11 and Windows Server could be exploited due to a vulnerability related to SMB. The vulnerability, tracked as CVE-2025-33073 with a score of 8.8, was added to America’s Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) list on October 20. Thankfully, Microsoft has already issued ...
- Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities
October 21, 2025
On October 6, 2025, the developer known as “Loadbaks” announced the release of Vidar Stealer v2.0 on underground forums. This new version features a complete transition from C++ to a pure C implementation, allegedly enhancing performance and efficiency. Its release coincides with a decline in activity surrounding the Lumma Stealer, suggesting cybercriminals under its operation ...