Security
AI Threats on the Rise: Claude 0-Click Exploits, RenEngine Loader Malware, and Auto 0-Day Vulnerabilities Uncovered in Latest ThreatsDay Bulletin
into plain text.
A recent surge in attacks targeting cryptocurrency exchanges has been observed, with threat actors using a combination of phishing and credential stuffing techniques to gain unauthorized access to user accounts. The attackers are then able to steal funds from the compromised accounts, leading to financial losses for the users. Security researchers have identified multiple campaigns targeting popular exchanges, including Binance, Coinbase, and Kraken. Users are advised to enable two-factor authentication (2FA) on their accounts and use unique, strong passwords to protect against these types of attacks. Additionally, exchanges are urged to implement stronger security measures to prevent unauthorized access and protect user funds. The rise in attacks on cryptocurrency exchanges highlights the need for improved security practices in the industry to safeguard user assets and maintain trust in the market.
According to data from Cyble, there were 6,604 ransomware attacks recorded in 2025, representing a 52% increase from the 4,346 attacks reported by ransomware groups in 2024.
Threat actors are exploiting unpatched vulnerabilities in Microsoft Exchange Server to deploy ransomware, coin miners, and other malicious payloads. According to Sophos, attackers have been leveraging ProxyShell, ProxyLogon, and ProxyOracle exploits to compromise servers and deploy web shells to maintain persistence for subsequent attacks. “These attackers are scanning the internet for vulnerable servers, exploiting them to deploy ransomware, and then using the already-deployed ransomware to deploy coin miners,” the company said. “The attacks seem to be automated, with attackers targeting as many servers as possible, without regard for who the targets are or what data the servers contain.” Exchange servers have been targeted in the past by threat actors to deploy payloads like DearCry, BlackKingdom, and LockFile ransomware strains. Ellison noted that while attacks can still occur, having strong resilience and recovery plans in place can significantly reduce the likelihood of a successful attack and minimize the impact if one does occur.
Evolution of Kernel-Level Rootkits: A Closer Look at UAT-9921 Threat Actor
A recent report from Cisco Talos sheds light on the evolving tactics of threat actors, particularly in the realm of kernel-level rootkits. According to the findings, a kernel-level rootkit is now able to adapt its stealth approach based on the host’s kernel version. This sophisticated technique has been observed in campaigns orchestrated by a new threat actor known as UAT-9921, believed to have been active since 2019.
The modular framework employed by UAT-9921 allows for customized stealth strategies, making it harder for traditional security measures to detect and mitigate the threat. Additionally, Cisco Talos uncovered a Windows equivalent of VoidLink, a tool used by the threat actor, which has the capability to load plugins, enhancing its functionality.
One of the primary methods used by UAT-9921 is the installation of VoidLink command and control (C2) on compromised hosts. These C2 servers are then utilized to conduct scanning activities, both internally and externally, within the network. This approach enables the threat actor to gather information and identify potential vulnerabilities for exploitation.
These findings underscore the evolving landscape of cyber threats, with threat actors combining speed and stealth to maximize their impact. By blending into normal operations, these malicious actors can evade detection until significant damage is already done.
For cybersecurity defenders, the challenge lies in detecting misuse of legitimate access, identifying anomalous behavior within trusted systems, and addressing seemingly harmless gaps that could be exploited by threat actors. It is no longer sufficient to focus solely on preventing initial entry; a holistic approach to security is required to effectively combat modern threats.
It is important to note that the insights provided in this report are part of a larger trend in cybersecurity, with threats constantly evolving and adapting to circumvent defenses. By staying informed and proactive, organizations can better protect themselves against emerging threats.
Beware: The Latest Cyber Threats Targeting iPhone Users in 2026
Racing Towards Perfection: The Ferrari 296 Challenge Stradale
Steam Machine Ready: Unleashing the Power of My PC Specs
The Elusive Two: Every Galaxy S26 Core Colour Leak Revealed
Navigating the World of Commercial Real Estate: Essential Tips for Beginners
AI Threats on the Rise: Claude 0-Click Exploits, RenEngine Loader Malware, and Auto 0-Day Vulnerabilities Uncovered in Latest ThreatsDay Bulletin
Inquiry into AI: Exploring the Future of Online Privacy in 2026
Apple’s Latest iOS 26 Update: Are Users Making the Switch?
Why NFTs are pretty dumb.
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook and Instagram to Reduce Personalized Ads for European Users
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Breaking Updates: Meta Connect 2025 Unveils Latest Developments
Why NFTs are pretty dumb.
How Apple AirTags are becoming Dangerous ⚠️
The Samsung S22 Ultra is secretly AMAZING.
Samsung S22 Ultra vs iPhone 13 Pro Max Camera Test
Samsung S22 Ultra vs S21 / iPhone 13 Pro Max / Pixel 6 Pro / Xiaomi 12 Pro Battery Life Drain Test!
I tested the BULLETPROOF iPhone.
POCO X4 Pro Review – $250 iPhone Destroyer?
10 Million!
