News – April 2025


  • Lumma Stealer – Tracking distribution channels

    April 21, 2025

    The evolution of Malware-as-a-Service (MaaS) has significantly lowered the barriers to entry for cybercriminals, with information stealers becoming one of the most commercially successful categories in this underground economy. Among these threats, Lumma Stealer has emerged as a particularly sophisticated player since its introduction in 2022 by the threat actor known as Lumma. Initially marketed as ...

  • New Rust Botnet “RustoBot” is Routed via Routers

    April 21, 2025

    FortiGuard Labs recently discovered a new botnet propagating through TOTOLINK devices. Unlike previous malware targeting these devices, this variant is written in Rust—a programming language introduced by Mozilla in 2010. Due to its Rust-based implementation, we’ve named the malware “RustoBot.” In January and February of 2025, FortiGuard Labs observed a significant increase in alerts related to ...

  • Phishing attacks leveraging HTML code inside SVG files

    April 21, 2025

    With each passing year, phishing attacks feature more and more elaborate techniques designed to trick users and evade security measures. Attackers employ deceptive URL redirection tactics, such as appending malicious website addresses to seemingly safe links, embed links in PDFs, and send HTML attachments that either host the entire phishing site or use JavaScript to ...

  • Google Confirms Gmail Warning – 3 Billion Users Must Now Act

    April 20, 2025

    Google has confirmed another attack on Gmail users that combines inherent vulnerabilities in the platform with devious social engineering. The net result is a flurry of headlines and viral social media posts followed by an urgent platform update. Google’s security warning is clear. Users should stop using their passwords. This latest attack has been bubbling on ...

  • Two Pentagon officials fired amid sweeping leak investigation

    April 20, 2025

    The week of turmoil affecting the Pentagon’s inner circle continued Friday, when two political appointees suspended earlier this week were terminated, multiple officials told CBS News. Secretary of Defense Pete Hegseth’s chief of staff, Joe Kasper, ordered an investigation into unauthorized disclosures in March. His memo said the investigation would seek “a complete record” of leaks ...

  • FBI Warns of Scammers Impersonating the IC3

    April 18, 2025

    The Federal Bureau of Investigation (FBI) warns the public about an ongoing fraud scheme where criminal scammers are impersonating FBI Internet Crime Complaint Center (IC3) employees to deceive and defraud individuals. Between December 2023 and February 2025, the FBI received more than 100 reports of IC3 impersonation scams. How It Works Complainants report initial contact from the ...

  • Over 1.6 million customers now hit in massive insurance data breach

    April 17, 2025

    More than 1.6 million people are now thought to have been affected by the May 2024 cyberattack at Landmark Admin, twice as many as originally thought. The company confirmed the news in an updated report filed with the Office of the Maine Attorney General. “The forensic investigation determined that data was encrypted and exfiltrated from Landmark’s ...

  • IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

    April 17, 2025

    Day after day, threat actors create new malware to use in cyberattacks. Each of these new implants is developed in its own way, and as a result gets its own destiny – while the use of some malware families is reported for decades, information about others disappears after days, months or several years. Kaspersky researchers observed ...

  • Cisco Releases Security Advisory for Webex App

    April 17, 2025

    Cisco has released a security advisory to address a high severity vulnerability affecting Webex App, regardless of configuration or operating system. Cisco Webex is a web conferencing software solution. CVE-2025-20236 is an ‘insufficient input validation’ vulnerability with a CVSSv3 score of 8.8. If exploited, a remote, unauthenticated attacker could achieve remote code execution (RCE) by persuading ...

  • Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis

    April 16, 2025

    In December 2024, Palo Alto Unit 42 researchers uncovered an attack chain that employs distinct, multi-layered stages to deliver malware like Agent Tesla variants, Remcos RAT or XLoader. Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution. The phishing campaign we analyzed used deceptive ...