Most severe of the newly added flaws is the Edimax IC-7100 IP camera OS command injection vulnerability, tracked as CVE-2025-1316.

All of the information posted by the daughter of Baidu Vice President Xie Guangjun has been procured from foreign platforms' "doxing databases," said Baidu.

Most of the exposed secrets were GitHub install action tokens but their 24-hour expiration has restricted exploitation opportunities.

After achieving initial access by targeting vulnerable internet-exposed web and application servers, UAT-5918 utilized tools previously associated with Volt Typhoon and Flax Typhoon to facilitate lateral movement, credential and data theft, and further compromise.

Attackers, tracked under the UAC-0200 threat cluster, leveraged the Signal messaging app to deliver messages purportedly containing minutes of the meeting reports as archive files.

Threat actors have leveraged fake mailing-related apps to facilitate the distribution of Betruger, which has been integrated with network scanning, keylogging, privilege escalation, credential dumping, and other capabilities prevalent in tools often distributed prior to ransomware deployment.

Exploitation of the the static credential flaw through the use of simple fixed passwords could facilitate the compromise of a log file exposed by the information disclosure bug.

Israel-based systems were most targeted by the attempted exploitation of ServiceNow bugs but threat actors also sought to compromise instances in Germany, Japan, and Lithuania

Such a development comes as Swiss global solutions provider Ascom disclosed having its technical ticketing system compromised in a cyberattack.

While most of the browser-based phishing attempts involved the spoofing of Microsoft, Facebook, and Netflix.