Cybersecurity Chronicles: A Compilation of Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit, and More Security Threats

into plain text. The fake “authorization” process allowed attackers to harvest card credentials by having victims hold their bank card to the back of their smartphone and enter their PIN. This led to over 200 million rubles in losses. Security researcher Kevin Beaumont discovered that a bug in Notepad++ was being exploited by threat actors in China to redirect traffic from the Notepad++ updater to malicious servers, tricking users into downloading malware. The maintainers of Notepad++ identified a weakness in the updater’s validation process, allowing attackers to prompt the updater to download and execute unwanted binaries. To address this issue, Notepad++ released version 8.8.9 with improved security measures, including verifying certificates and signatures on downloaded update installers. The malware in question does not encrypt files but instead displays a frightening overlay that prompts victims to contact a Proton email address within 24 hours or face the possibility of their files being destroyed. This Android malware, like others of its kind, utilizes accessibility services to execute its malicious activities, such as changing the device lock screen PIN or password to lock users out. It also employs traditional WebView overlays on targeted apps to capture credentials. # The Rise of ValleyRAT Malware: A Year in Review

In the time span between November 2024 and November 2025, around 6,000 instances of ValleyRAT-related samples have been identified in the wild. Alongside this, there have been 30 unique variants of the ValleyRAT builder and 12 variations of the rootkit driver.

The Latest Threat: AI Chat Guides Used to Spread Stealers

A recent cyber campaign has seen threat actors leveraging AI chat platforms such as OpenAI ChatGPT, DeepSeek, and Grok to disseminate malicious content. By manipulating search results through malvertising or SEO poisoning, users are tricked into downloading stealers like AMOS Stealer or Shamus. This is achieved by targeting search queries related to macOS issues such as “sound not working on macOS” or “clear disk space on macOS.” The attackers strategically share chat sessions disguised as troubleshooting guides, leading users to execute commands that ultimately install malware on their systems.

According to Huntress, the attackers are employing multiple AI platforms to ensure their poisoned instructions reach a wide audience. This method involves weaponizing AI conversations with SEO tactics to deceive users searching for legitimate assistance. The campaign has been described as a deliberate and widespread effort to exploit common troubleshooting queries, with bad actors utilizing prompt engineering to craft convincing installation guides containing malicious instructions.

In parallel developments, threat actors are also utilizing platforms like itch.io and Patreon to distribute Lumma Stealer. Through newly created Itch.io accounts, the attackers spam comments on legitimate games, directing users to Patreon links supposedly offering game updates. However, these links lead to ZIP archives containing malicious executables designed to deploy the stealer malware after running anti-analysis checks.

The Significance of Cybersecurity in Daily Life

Cybersecurity has transcended beyond being a mere tech issue and has become an integral part of daily life. The same digital tools that enhance productivity and communication are now being exploited by cybercriminals to infiltrate systems unnoticed. As cyber threats continue to evolve, awareness becomes the primary defense against malicious activities.

The Threatsday Bulletin serves the purpose of cutting through the noise and highlighting the most critical cybersecurity developments. This weekly digest offers insights into the latest breaches, discoveries, and decisions shaping the digital landscape.

Stay informed, stay vigilant, and prioritize cybersecurity in all your digital interactions.