Cybersecurity threats are evolving faster than ever, with attackers leveraging both old and emerging technologies to exploit vulnerabilities across IT, OT, and cloud systems. This week’s roundup highlights the most critical developments in hacking, malware, and digital security.
Redis Vulnerability Opens Door to Remote Code Execution
A critical security flaw in Redis (CVE-2025-62507, CVSS 8.8) could allow unauthenticated remote code execution. The vulnerability stems from a stack buffer overflow in the new XACKDEL command used to manage stream cleanup. JFrog’s analysis shows the flaw can be triggered simply by sending a large number of message IDs without authentication—putting at least 2,924 servers at risk. Redis patched the issue in version 8.3.2.
Surge in Signed Malware Attacks
BaoLoader and associated campaigns emerged as top malware threats late last year, exploiting legitimate code-signing certificates to bypass detection. By registering businesses in Panama and Malaysia, attackers make their payloads appear trustworthy, while leveraging “node.exe” for in-memory execution, reconnaissance, and command-and-control traffic through cloud services.
RMM Tools Exploited via Phishing
Phishing emails posing as invoices, holiday invitations, and PayPal alerts are increasingly used to deliver Remote Monitoring and Management (RMM) tools, including LogMeIn Resolve, ScreenConnect, and AnyDesk. In some campaigns, attackers establish corporate access by convincing employees to install these tools, often over the phone, giving them persistent control without triggering traditional antivirus defenses.
Dutch Authorities Arrest Counter-Antivirus Operator
A 33-year-old suspect was apprehended at Schiphol Airport for allegedly running AVCheck, a counter-antivirus service that helped criminals evade detection. Law enforcement credited the operation with dismantling a service that allowed malware authors to maximize victimization by avoiding antivirus software.
Apple and Google Collaborate on Next-Gen Siri
Apple announced that its next-generation Siri will leverage Google’s Gemini AI models and cloud technology in a multi-year collaboration. The update promises more personalized experiences while maintaining privacy standards, with Apple devices running the AI on private cloud infrastructure.
China Restricts Foreign Cybersecurity Tools
China has instructed domestic firms to stop using security software from U.S. and Israeli companies—including VMware, Palo Alto Networks, Fortinet, and Check Point—citing national security concerns that the software could transmit sensitive data abroad.
AI and Machine Learning Libraries Exposed
Remote code execution vulnerabilities have been discovered in AI/ML Python libraries from Apple (FlexTok), NVIDIA (NeMo), and Salesforce (Uni2TS). The flaws allow attackers to embed malicious code in model metadata, which executes when loaded in vulnerable libraries. Updates and mitigations have been released by all affected vendors.
VocalBridge Enables AI Voice Cloning Attacks
Researchers at the University of Texas at San Antonio developed VocalBridge, a framework that bypasses standard security defenses in voice cloning systems. Using advanced purification techniques, attackers can replicate voices and evade speaker verification protections.
Russian Telecom Operators Face Fines
Roskomnadzor, Russia’s telecommunications regulator, cited 33 operators for failing to implement mandated traffic inspection and content filtering systems. The violations could lead to fines and ongoing enforcement, part of post-2022 regulations requiring monitoring of internet traffic.
Turla Kazuar Malware Revealed
Security analysts dissected Turla’s Kazuar V3 malware, uncovering complex evasion methods such as COM object abuse, ETW patchless logging, and AMSI bypass. The multi-stage .NET backdoor manages keylogging, operational monitoring, and exfiltration through compromised WordPress plugins.
PLC Vulnerabilities Threaten Industrial Systems
Critical flaws affecting Delta Electronics’ DVP-12SE11T PLC (CVE-2025-15102, CVE-2025-15103, CVE-2025-15358, CVE-2025-15359) pose severe operational risks, including authentication bypass, memory corruption, and denial-of-service. Firmware updates were released to mitigate potential industrial disruptions.
Salesforce Security Audit Tool Released
Mandiant launched AuraInspector, an open-source tool to help Salesforce admins detect misconfigurations in Experience Cloud environments. The tool automates discovery of exposed records, self-registration issues, and unauthorized access points, helping prevent data breaches.
Wi-Fi Networks Vulnerable to DoS Attacks
A high-severity flaw in Broadcom Wi-Fi chipsets (CVSS 8.4) allows attackers to take 5GHz networks offline with a single malicious frame, bypassing WPA2/WPA3 protections. Affected routers require a manual reboot to restore service, and Broadcom has issued a patch.
$26 Million Stolen from Truebit Smart Contract
Attackers exploited a vulnerability in Truebit’s five-year-old smart contract, draining $26 million in Ether. The exploit leveraged mispriced TRU tokens, enabling high-value minting and resale at full contract value.
Ransomware Hits Taiwan Hospitals
CrazyHunter ransomware has targeted multiple organizations in Taiwan, mainly hospitals, exploiting Active Directory weaknesses and weak passwords. Using SharpGPOAbuse and modified anti-malware drivers, attackers distribute payloads across networks and exfiltrate sensitive data.
Cybersecurity threats are accelerating in both sophistication and scale. Regular updates, proactive auditing, and vigilance against phishing or unusual activity remain essential defenses against emerging digital threats.
