The FBI and CISA are issuing this update to the , Public Service Announcement I-032026-PSA to provide additional information to the public and encourage device owners to take actions to protect themselves.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Post-exploitation framework now also delivered via npm
October 17, 2025
The first version of the AdaptixC2 post-exploitation framework, which can be considered an alternative to the well-known Cobalt Strike, was made publicly available in early 2025. In spring of 2025, the framework was first observed being used for malicious means. In October 2025, Kaspersky experts found that the npm ecosystem contained a malicious package with a ...
- Mango shopper data stolen in cyber-attack
October 16, 2025
Mango has become the latest retailer to face a cyber-attack, where “limited” shopper data was stolen from one of its external marketing services. The fashion chain, which recently reported a sales boost, told customers that data “accessed” by hackers was limited to personal contact details used in its marketing campaigns. This included email addresses, country, first ...
- Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing
October 16, 2025
In September 2025, Trend Micro researchers noted a striking decline in new command and control infrastructure activity associated with Lummastealer (which Trend Micro tracks as Water Kurita), as well as a significant reduction in the number of endpoints targeted by this notorious malware. This sudden drop appears to align with a targeted underground exposure campaign that has ...
- The Rising Threat of Insider Recruitment in Ransomware Campaigns
October 15, 2025
In cybersecurity, we often say that attackers only need to be right once – and defenders need to be right every time. Traditionally, we’ve focused on perimeter breaches, phishing campaigns, and zero-day exploits. But increasingly, attackers are bypassing these hardened defenses and taking a different route: persuading someone on the inside to hand over the keys. ...
- Maverick: a new banking Trojan abusing WhatsApp in a mass-scale distribution
October 15, 2025
A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs. To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware itself. The whole infection chain is complex and fully fileless, and by the end, it will ...
- Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits
October 15, 2025
TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices. The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older ...