This week saw a surge in major cyber incidents worldwide. A ransomware attack crippled Japan’s Askul retail network, Qilin claimed Habib Bank AG Zurich, and Google uncovered AI-powered malware that rewrites its code. Cisco issued urgent fixes for firewall exploits, while Oglethorpe and NMHC disclosed healthcare data breaches.
This week’s cybersecurity highlights include a Chrome zero-day exploited by Memento Labs for spyware attacks, new npm supply chain threats like PhantomRaven and an info-stealer campaign, and active exploitation of DELMIA Apriso and XWiki flaws. Meanwhile, ransomware hit Sedgebrook and Heartland Health Center, exposing patient data and prompting renewed healthcare security concerns.
Cyber threats kept security teams busy this week. A new campaign called PassiveNeuron is spying on government and industry networks across several regions, while the Jingle Thief group is running cloud-based gift card scams.Hackers are also exploiting the SessionReaper bug in Adobe Commerce, and a critical Lanscope flaw has been flagged by CISA. In healthcare, a breach at Conduent exposed personal data from 462,000 Blue Cross Blue Shield members, underscoring how widespread and damaging these attacks have become. Here are the latest updates from this past week.
It’s been a hectic week for enterprise security, with several major companies pushing out critical fixes. F5 admitted that attackers stole its BIG-IP source code, which even triggered a federal emergency directive. Microsoft wasn’t far behind, releasing 183 patches, including three zero-days, just as Windows 10 support was ending, and it had to tighten security on Edge’s IE mode after reports of it being exploited. On top of that, successive flaws struck Oracle’s E-Business Suite, and Cisco devices were hit by a new campaign called Operation Zero Disco that used a zero-day exploit to deploy stealthy Linux rootkits.
We are once again back with fresh news pieces highlighting the important news where major platforms and giant industries have been targeted. To start with, a critical WordPress flaw is being widely exploited to hijack administrator accounts, with over 13,800 attack attempts recorded. SonicWall confirmed that firewall backup files for all cloud backup customers were exposed in a breach, overturning earlier claims of limited impact.
It was a busy week for cybersecurity threats. Hackers exploited a flaw in VMware software, giving them full control over virtual machines. At the same time, Microsoft flagged a phishing campaign that used AI written code in fake file sharing emails to trick victims. A new Android Trojan, Datzbro, also spread through fake senior community apps, letting criminals take over phones. To top it off, the Confucius group launched fresh phishing attacks, and researchers found a malicious Python package that secretly installed backdoors on Windows systems.
This week saw a wave of cyber incidents across critical sectors. A stealthy campaign used the BRICKSTORM backdoor to hide inside networks for over a year, while a flaw in Pandoc was exploited in attempts to steal AWS credentials. Libraesva patched a bug in its Email Security Gateway that attackers are already abusing. Airports across Europe faced massive disruptions after a ransomware attack, and researchers flagged ShadowV2, a new Docker-targeting botnet offering DDoS-for-hire services.
Cyber incidents this week underline just how disruptive attacks have become. One of the country’s biggest carmakers has kept its production lines shut, losing around 1,000 vehicles a day while work continues to restore systems. Investigators also uncovered a vast ad-fraud scheme that ran across 224 apps with 38 million downloads, generating more than two billion fake ad requests daily. Alongside that, a worm-like breach spread through hundreds of npm packages, while poisoned search results and phishing emails delivered remote-access malware to new victims.
This week’s cyber reports reveal escalating threats on trusted platforms. A significant phishing attack on npm spread malware to millions, while a compromise of Salesloft’s GitHub account impacted the Drift application. Researchers also uncovered a malvertising campaign using fake GitHub commits and detailed the stealthy EggStreme framework, highlighting how attackers are exploiting familiar workflows with increasing sophistication and success.
This week brought a wave of innovative and large-scale cyberattacks. Scammers abused social media ads with AI features to push harmful links, with hundreds of accounts posting thousands of scams. More than 100 compromised government email accounts were used in a global phishing campaign against embassies and international organisations. At least 65 servers were hijacked to manipulate Google search rankings, while new backdoors turned email into a data theft tool. Attackers also exploited a Microsoft-signed driver to shut down security defences and install malware. These incidents highlight how quickly trusted platforms and tools can be weaponized, emphasizing the critical need for robust email security measures.
Cybersecurity threats are on the rise again this week. Hybrid cloud ransomware attacks are becoming more and more frequent. Intruders are now stealing vast amounts of data and wiping out backups without even using traditional malware. Also, government networks in Asia have been targeted in long-running data theft campaigns. On top of all that, a global wave of phishing is hitting people with new malware delivered through fake voicemails and purchase orders. In South Asia, some skilled attackers are expanding their threat space to target Linux systems. And if that’s not enough, a massive healthcare data breach has exposed the personal details of more than 600,000 individuals.
Cybersecurity threats continue to escalate this week. Apple issued its seventh zero-day fix of 2025 after reports of active exploitation. Hackers are abusing a two-year-old Apache flaw to install hidden back doors that patch themselves to evade detection. A phishing campaign is spreading malware against enterprises worldwide. Authorities renewed sanctions on crypto exchanges that moved over $100 million for ransomware groups and froze another $300 million tied to fraud. At the same time, another malware is exploiting Windows flaws to infiltrate multiple industries.
Cybersecurity incidents this week include Google completing notifications for a Salesforce breach linked to ShinyHunters, and the discovery of Charon ransomware targeting the Middle East public and aviation sectors with APT-style tactics. Researchers exposed new 2TETRA:2BURST flaws in critical TETRA radio systems, while a WinRAR zero-day was exploited by Paper Werewolf and RomCom groups. The GreedyBear campaign stole over $1 million via malicious browser extensions, alongside an Ethereum trading bot scam using AI-generated YouTube videos to drain wallets of nearly $900,000. Let’s dissect each news in brief!
Recent cybersecurity incidents underscore growing threats everywhere in healthcare, cloud services, and mobile platforms. A ransomware attack compromised over 113,500 patient records at a cancer centre; meanwhile, critical flaws in AI servers and enterprise security systems exposed risks of credential stealing and remote code execution. Alongside, fake VPN apps on official stores tricked users into fraudulent subscriptions, and a cloud container vulnerability allowed malicious actors to avoid isolation controls. These cases point to the need for prompt patching, stricter access controls, and user vigilance against growing cyber threats.
From arrests slowing down major hacker groups to new threats quickly taking their place, this week has been full of movement in the cybersecurity space. Threat actors are shifting tactics, launching new ransomware groups, targeting telecoms, and using fake mobile apps to steal and extort. Even major airlines and telecom giants like Aeroflot and Orange haven’t been spared. Here’s a roundup of the key cyber incidents and developments of the week.
From malware sneaking in through fake game cheats to ransomware hitting hospitals, this week’s cyber stories are anything but quiet. Lumma’s back in action, Coyote’s abusing Windows in clever ways, and even Dior couldn’t dodge a data breach. If you use the internet (and who doesn’t?), here’s what you should be paying attention to.
Attackers are getting creative again, using copy-paste tricks to drop malware, hiding Android threats inside broken app files, and setting up entire fake startups to steal crypto. Developers are being targeted through tampered npm packages, while a newly exposed Wing FTP flaw is already under active abuse. With techniques evolving fast, staying patched and alert is more important than ever. Read on to stay a step ahead!
This week’s cyber world feels like a game of digital whack-a-mole, where every time defenders squash one threat, another pops up somewhere else. There are hackers sneaking malware into trusted tools, trojans hiding in mobile apps, and cybercriminals hijacking search results and online ads. From leaked security software fueling new attacks to crafty scams riding the wave of AI buzz, cybercriminals are proving they’ll exploit anything. Here’s how they’ve been keeping security teams on their toes!
This week’s cybersecurity round-up brings you stories you need to know, from fake crypto wallets lurking in Firefox to major breaches hitting airlines, global courts, and healthcare groups. We’ll see how threat actors are shifting from traditional tactics and which new threats are on the radar.
Stay digitally safe and well-informed about your personal information security!
SonicWall Malware Warning, Crypto Phishing Scheme, Medical Data Exposed – Cybersecurity News [June 23, 2025]
by DuoCircle
If you’re online, you’re a target, and this week proves it once again. Attackers have cloned a popular VPN app, used crypto support tools for phishing, and exposed data from hospitals, city councils, and even an international sports event. Here’s a deeper look into cybersecurity’s latest threats and how to stay protected!
![Askul Ransomware Disruption, Qilin Targets Habib, Google Exposes Malware – Cybersecurity News [November 03, 2025]](https://www.duocircle.com/wp-content/uploads/2025/11/spf-record-5602.jpg)
![Chrome Spyware Exploited, npm InfoStealer Attack, DELMIA XWiki Vulnerabilities – Cybersecurity News [October 27, 2025]](https://www.duocircle.com/wp-content/uploads/2025/11/spf-record-tester-6780.jpg)
![Silent PassiveNeuron Attacks, Jingle Thief Fraud, SessionReaper Adobe Exploit – Cybersecurity News [October 20, 2025]](https://www.duocircle.com/wp-content/uploads/2025/10/spf-validator-7800.jpg)
![F5 Breach Response, Windows 10 Patch, Oracle Security Flaws – Cybersecurity News [October 13, 2025]](https://www.duocircle.com/wp-content/uploads/2025/10/dkim-validation-5602.jpg)
![Hackers Hijack WordPress, SonicWall Backup Breach, Oracle Data Theft – Cybersecurity News [October 06, 2025]](https://www.duocircle.com/wp-content/uploads/2025/10/sendgrid-alternative-4502.jpg)
![VMware Exploit Attacks, AI Phishing Alert, Android Trojan Hijack – Cybersecurity News [September 29, 2025]](https://www.duocircle.com/wp-content/uploads/2025/10/email-smtp-service-8041.jpg)
![Ransomware Disrupts Airports, BRICKSTORM Backdoor Intrusions, Pandoc Flaw Exploited – Cybersecurity News [September 22, 2025]](https://www.duocircle.com/wp-content/uploads/2025/09/dkim-validation-5601.jpg)
![JLR Cyber Shutdown, SlopAds App Fraud, Worm Hits npm – Cybersecurity News [September 15, 2025]](https://www.duocircle.com/wp-content/uploads/2025/09/spf-permerror-0009.jpg)
![Malicious npm Packages, Salesloft GitHub Breach, Malvertising Commit Trick – Cybersecurity News [September 08, 2025]](https://www.duocircle.com/wp-content/uploads/2025/09/spf-record-generator-6703.jpg)
![AI Spreads Malware, Diplomats Phished Globally, GhostRedirector Exploits Servers – Cybersecurity News [September 01, 2025]](https://www.duocircle.com/wp-content/uploads/2025/09/sender-policy-framework-5670.jpg)
![Ransomware Hits Hybrid, Data Theft Campaigns, Phishing Targets Companies – Cybersecurity News [August 25, 2025]](https://www.duocircle.com/wp-content/uploads/2025/09/dmarc-reporting-service-3456.jpg)
![Apple Patches ImageIO, Hackers Exploit Apache, Noodlophile Targets Firms – Cybersecurity News [August 18, 2025]](https://www.duocircle.com/wp-content/uploads/2025/08/What-is-a-dmarc-5601.jpg)
![Charon Ransomware Threatens, Data Breach Notifications, TETRA Security Flaws – Cybersecurity News [August 11, 2025]](https://www.duocircle.com/wp-content/uploads/2025/08/spf-record-tester-5670.jpg)
![Patient Data Breach, Hackers Exploit AI, Code Execution Bug – Cybersecurity News [August 04, 2025]](https://www.duocircle.com/wp-content/uploads/2025/08/dmarc-generator-8901.jpg)
![Scattered Spider Imitators, New RaaS Emerges, Fake Apps Threaten – Cybersecurity News [July 28, 2025]](https://www.duocircle.com/wp-content/uploads/2025/08/sender-policy-framework-7840.jpg)
![Lumma Infostealer Returns, Coyote Malware Exploits, Interlock Ransomware Alert – Cybersecurity News [July 21, 2025]](https://www.duocircle.com/wp-content/uploads/2025/07/spf-record-generator-3672.jpg)
![FileFix Ransomware Threat, Konfety Malware Evasion, Crypto Users Targeted – Cybersecurity News [July 14, 2025]](https://www.duocircle.com/wp-content/uploads/2025/07/spf-record-tester-2341.jpg)
![Hackers Exploit Shellter, Anatsa Trojan Spreads, Pull Request Breach – Cybersecurity News [July 07, 2025]](https://www.duocircle.com/wp-content/uploads/2025/07/spf-record-check-8960.jpg)
![Fake Wallet Extensions, Qantas Hack Revealed, ICC Cyberattack Unveiled– Cybersecurity News [June 30, 2025]](https://www.duocircle.com/wp-content/uploads/2025/07/check-dmarc-record-3656.jpg)
![SonicWall Malware Warning, Crypto Phishing Scheme, Medical Data Exposed – Cybersecurity News [June 23, 2025]](https://www.duocircle.com/wp-content/uploads/2025/06/sender-policy-framework-7953.jpg)