Malware

The attacks, discovered in October 2025, utilize RAR or 7-Zip archives with lures to deliver a dropper called LucidPawn.

The campaign, uncovered by Trend Micro and attributed to APT28 (also known as Fancy Bear and Pawn Storm), exploits newly disclosed vulnerabilities, including CVE-2026-21509 and CVE-2026-21513, to bypass security measures and gain initial access.

The skimmer operates by establishing a WebRTC peer connection to a hard-coded IP address over UDP port 3479 to retrieve JavaScript code.

First documented in September 2022, Chaos is a cross-platform malware that can run remote shell commands, deploy additional modules, propagate via SSH brute-forcing, mine cryptocurrency, and launch DDoS attacks.

The attackers leverage the applescript:// URL scheme to launch Script Editor with pre-filled malicious code.

Increasingly stealthy compromise of major telecommunication networks has been enabled by seven new variants of the BPFDoor malware, which have gained stateless command-and-control routing capabilities, according to GBHackers News.

Inauthentic Reddit posts offering free access to the popular charting platform TradingView have been published using multiple aged and compromised accounts to facilitate the distribution of the Vidar and Atomic macOS Stealer payloads on Windows and macOS systems, respectively, as part of an ongoing campaign, Cyber Security News reports.

Windows systems are being subjected to intrusions involving the newly emergent ResokerRAT malware, which leverages Telegram Bot API to facilitate remote tracking and control of compromised systems, while maintaining stealth, according to GBHackers News.