Cybersecurity News | Daily Recap [10 Jun 2025]

Chinese-linked groups including APT41, PurpleHaze, and APT15 targeted global enterprises and infrastructure with ShadowPad and GOREshell malware, while a North Korea-linked group exploited social media for malware campaigns. Vulnerabilities in Roundcube, SAP NetWeaver, and Wazuh server were actively exploited, leading to data breaches and DDoS attacks; meanwhile, major outages impacted Heroku and OpenAI. #APT41 #ShadowPad #WazuhVulnerability #HerokuOutage

Read More
Understanding CYBEREYE RAT Builder: Capabilities and Implications

CyberEye, also known as TelegramRAT, is a modular .NET-based Remote Access Trojan that uses Telegram Bot API for command and control, enabling stealthy surveillance and data theft without requiring attacker infrastructure. Its capabilities include credential harvesting, defense evasion by disabling Windows Defender, clipboard hijacking, and persistence via scheduled tasks, making it a significant threat for users and organizations. #CyberEye #TelegramRAT #TelegramBotAPI

Read More
The Week in Vulnerabilities: Cyble Warns of Rising Exploits Targeting ICS, Enterprise, and Web Systems

Between May 28 and June 3, 2025, multiple high-severity vulnerabilities were actively exploited by various threat actors, including a China-linked APT group targeting diverse industries. Cyble Research & Intelligence Labs observed increased exploit attempts, malware campaigns, and critical infrastructure risks, emphasizing the urgency of patching and enhanced cybersecurity measures. #CVE-2024-56145 #CVE-2025-5419 #ChinaAPT #MiraiBotnet

Read More
CVE-2025-33053, Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage

Check Point Research revealed a sophisticated campaign by the APT group Stealth Falcon exploiting a zero-day vulnerability (CVE-2025-33053) through malicious .url files to deliver custom malware implants such as the Horus Agent. The group targets government and defense sectors in the Middle East and Africa using spear-phishing, WebDAV exploitation, and customized post-exploitation tools including keyloggers and credential dumpers. #StealthFalcon #CVE2025-33053 #HorusAgent

Read More
Stealth Falcon Exploits New Zero-Day (CVE-2025-33053) in Sophisticated Cyberespionage Campaign

A sophisticated cyberespionage campaign attributed to Stealth Falcon involves a zero-day vulnerability (CVE-2025-33053) in Microsoft Windows WebDAV to infiltrate defense organizations in the Middle East and Africa. The attackers utilized malicious .url files, custom malware loaders, and a C++ implant called Horus, demonstrating advanced obfuscation and stealth techniques. #StealthFalcon #CVE-2025-33053…

Read More
New Secure Boot flaw lets attackers install bootkit malware, patch now

Cybersecurity experts have revealed a critical Secure Boot bypass vulnerability (CVE-2025-3052) that allows attackers to disable security features and install malicious bootkits on most systems trusting Microsoft’s UEFI CA 2011 certificate. Microsoft has issued patches and updated the revocation list to mitigate the flaw, which can be exploited if attackers gain administrative access. #CVE-2025-3052 #UEFICA2011 #SecureBoot

Read More