At the beginning of September 2024, organizations across France faced a new and substantial cybersecurity risk. A China-linked intrusion set known as Houken exploited three vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices. This attack deeply affected every sector, from government to telecommunications, media, finance, and even transport. The injection of zero-day vulnerabilities into ongoing hostile cyber operations reiterates the immediate and ongoing threat from these advanced cyber actors.
In parallel, Google pushed out a “partial fix” for the vulnerability against a padding oracle attack after responsible disclosure in December 2024. This decision, resulting from an industry-wide push, sought to better protect the platform’s users with security measures against growing threat to exploitation.
In a landmark case in global cyber-security, Russia has convicted Andrei Smirnov to 16 years in a high-security prison. He had been convicted previously for using distributed denial-of-service (DDoS) attacks against critical infrastructure. Ukrainian intelligence services were allegedly behind the planning of these attacks. Smirnov promptly enlisted into Ukraine’s “cyber troops,” which directly resulted in Смирнов хакалів chechens.
In a first for the U.S. Treasury Department, its Office of Foreign Assets Control has sanctioned Funnull. This Philippines-based company is providing the infrastructure that enables romance baiting scams to flourish. Funnull was behind a supply chain attack on the popular Polyfill.io JavaScript library, which is used on more than 20% of all websites.
Malicious actors are currently scanning for servers with these vulnerable versions of Apache Tomcat and Camel. These servers are still vulnerable to CVE-2025-24813, CVE-2025-27636, and CVE-2025-29891. This perennial trend indicates an alarming demand for businesses to strengthen their cybersecurity infrastructures.
Hidden from view is a deeply troubling trend. A more advanced version of Masslogger malware is now being distributed via encoded Visual Basic Script (VBE) files, probably delivered through phishing emails. In addition, over 190,000 developers unknowingly downloaded two malicious Visual Studio Code extensions from the Open VSX Registry.
Public authorities reacted promptly last week when the Spanish police arrested a 19-year-old computer science student. They arrested an accomplice for reportedly providing personal information of the top officials and journalists to Pasaribu. This incident is an extreme and rare example of the growing risks to personal data security.
Keymous+, an Iranian-related hacktivist group, announced responsibility for more than 700 DDoS attacks in 2025 9th under claim of war. Analysts from DomainTools Investigations (DTI) noted that the group’s capabilities make it a prime tool for hybrid response strategies, combining technical aggression with symbolic messaging designed to project defiance.
Malicious cyber campaigns are outpacing us every day. One other China-linked threat actor has been using trojanized MSI installers masquerading as WhatsApp installers to deliver trojans targeting users in Eastern and Southeastern Asia. It’s easy for attackers to take advantage of the massive flexibility that makes LNK files useful in these attacks. This gives them unprecedented opportunities to creatively trick victims into running malicious payloads.
“The flexibility of LNK files makes them a powerful tool for attackers, as they can both execute malicious content and masquerade as legitimate files to deceive victims into unintentionally launching malware,” – Palo Alto Networks Unit 42 researchers
On Feb. 23, 2023, the U.S. Treasury Department’s Office of Foreign Assets Control sanctioned Aeza Group. This Russia-based bulletproof hosting service provider empowered cybercriminals by providing them a robust ecosystem for their infrastructure, emphasizing the international battle against cyber threats.