Cybersecurity Alert: AI Malware, Voice Bot Vulnerabilities, Crypto Laundering, IoT Attacks, and More Top Threats Discussed

The payload, when executed, drops and executes a Cobalt Strike beacon that communicates with a C2 server located at “185[.]250[.]52[.]130”. The technique leverages a vulnerability in the MSC (Microsoft Common Console Document) format, allowing the threat actor to execute arbitrary code on the target system. “The use of MSC files to deliver malicious payloads is an emerging trend in the threat landscape,” according to Cisco Talos. “The technique has been seen used in recent campaigns, including those attributed to the Russia-linked TA505 threat actor group.” TA505, also known as Evil Corp, is a financially motivated cybercriminal group known for distributing the Dridex banking Trojan and Locky ransomware.

Apple patches Actively exploited macOS zero-day vulnerabilities

Apple has released security updates to address two zero-day vulnerabilities actively exploited in the wild: CVE-2025-1135 and CVE-2025-1136. The first vulnerability, tracked as CVE-2025-1135, is a memory corruption issue in the XNU kernel that could allow an application to execute arbitrary code with kernel privileges. The second vulnerability, tracked as CVE-2025-1136, is a use-after-free flaw in the CoreGraphics component that could lead to arbitrary code execution when processing a maliciously crafted PDF file. Both vulnerabilities were reported to Apple by an anonymous researcher. “Given the critical nature of these vulnerabilities, users are advised to update their systems to the latest version available from Apple,” the company said.

into its JSON representation.

The Pay2Key ransomware, along with malware developed by PureCoder such as PureCrypter, PureHVNC, and PureLogs Stealer, were used in the latest series of attacks recorded between August and November 2025.

The Dangers of Fake Calls and Unpatched Security

Fake calls have the potential to cause serious harm, including unauthorized actions, security breaches, data leaks, and various forms of manipulation. Unfortunately, the issue of fake calls remains unresolved and poses a significant risk.

Study Reveals Parallel Labor Market in Cybercrime

An analysis conducted by Kaspersky has shed light on the existence of a parallel labor market within the dark web that mimics real-world economic trends. Job seekers in this market often do not specify a particular field, with a majority expressing willingness to take on any available work. Roles in IT, such as developers, penetration testers, and money launderers, are in high demand, with reverse engineers commanding top salaries. The market also sees the involvement of teenagers seeking quick earnings through fraudulent schemes.

Android Malware Exploits Legitimate Sites for Malicious Activities

AhnLab recently uncovered an Android APK malware disguised as a popular Korean delivery service, utilizing obfuscation and packing techniques to evade security measures. The stolen data is transmitted to a compromised legitimate site for command and control purposes. Additionally, a malicious program posing as SteamCleaner is being distributed through websites offering cracked software, allowing attackers to communicate with a command and control server and potentially install harmful payloads like proxyware.

ASIO Warns of State-Backed Cyber Threats

The Director-General of Security of Australia’s Security Intelligence Organisation (ASIO) issued a warning about cyber threats orchestrated by state actors on behalf of China’s government and military. These threat actors have targeted the country’s telecoms network and critical infrastructure, posing a significant risk of cyber sabotage. The financial impact of espionage related to these threats is substantial, with China denying the allegations as false and provocative.

Fake Mayor Jailed for Cyber Scam Involvement

A Chinese woman who falsely claimed to be a local mayor and was involved in a large cyber scam operation under online casinos in the Philippines has been sentenced to life in prison. Along with three accomplices, she was found guilty of human trafficking and faces a substantial fine.

Legacy Windows Protocol Vulnerabilities Exploited for Credential Theft

Threat actors have been exploiting multiple vulnerabilities in Microsoft Windows to steal NTLM hashes and enhance their post-exploitation activities. Despite Microsoft’s plans to phase out this outdated protocol, its widespread use in legacy systems and enterprise networks continues to make it a target for cyber attacks. Attackers leverage newly discovered flaws to conduct credential relay attacks, privilege escalation, and lateral movement within networks, highlighting the ongoing security risks associated with NTLM.

In conclusion, cybercrime is evolving rapidly, posing greater challenges to cybersecurity. Maintaining awareness, updating software regularly, and staying vigilant against suspicious activities are crucial in mitigating these risks. By remaining proactive and informed, individuals and organizations can better protect themselves against cyber threats.