Overview: A Turbulent Week in Cybersecurity
The cybersecurity landscape continues to evolve at an alarming pace. This past week has delivered a stark reminder of the risks posed by advanced persistent threats (APTs), critical vulnerabilities, and state-backed espionage. From TikTok being misused to distribute malware to new revelations on AI assistant exploitation, the complexity of cyber threats is escalating.
Security teams must now think beyond firewalls and antivirus solutions. They must understand the adversary’s tactics, exploit patterns, and attack surfaces. This article compiles and analyses key events, breaches, and campaigns from the past seven days to inform both practitioners and decision-makers.
Lumma Stealer and DanaBot Infrastructure Dismantled
In a rare coordinated operation, global law enforcement and private sector actors neutralised over 2,300 domains associated with Lumma Stealer and DanaBot. Authorities also shut down 300 command-and-control servers and disrupted ransomware networks linked to these malware families.
Notably, DanaBot had been linked to Russian state-sponsored groups, highlighting how even commoditised malware can be weaponised for espionage.
Key Stats:
- 2,300+ C2 domains seized
- 300 servers taken down
- 650 ransomware domains disrupted
TikTok Weaponised for AI-Driven Malware Campaigns
Attackers are now exploiting TikTok’s popularity by uploading AI-generated videos that guide users into running malicious scripts disguised as software activations. Malware such as Vidar and StealC are distributed under the pretence of activating pirated apps like Microsoft Office or CapCut.
This is an alarming sign of how AI content generation and viral platforms can combine to scale social engineering attacks.
APT28 Targets Western Infrastructure
Russian hacker group APT28, long suspected of state ties, continues targeting logistics and technology firms across Europe, Australia, and the US. The campaign uses known techniques such as phishing and vulnerability chaining to steal sensitive data and establish long-term access.
APT28’s historical links to surveillance of IP cameras in NATO-aligned regions add to concerns of hybrid warfare in cyberspace.
China-Linked UNC5221 Exploits Ivanti Flaws
The Chinese threat actor UNC5221 exploited vulnerabilities CVE-2025-4427 and CVE-2025-4428 in Ivanti EPMM software. The attacks delivered reverse shells and malware like KrustyLoader to gain persistent access to mobile device management systems, a critical foothold for future exploitation.
Affected Sectors:
- Government IT departments
- Telecom providers
- Enterprises across APAC, Europe, and North America
Critical Chrome Extensions Pose Stealth Threats
Over 100 malicious Chrome extensions have been identified mimicking legitimate tools. These extensions steal cookies, credentials, and user session data, all while operating under a benign facade.
Malicious Functions Include:
- DOM manipulation
- Cookie and credential theft
- Ad injection and phishing
SaaS Environments at Risk: Commvault Incident
The US CISA issued a warning regarding unauthorised access to Commvault’s M365 SaaS solution hosted on Azure. Threat actors reportedly obtained client secrets, enabling access to backup environments.
This event illustrates the risks tied to default SaaS configurations and highlights the importance of least-privilege access controls.
AI Tools Becoming Vulnerable Attack Surfaces
GitLab’s AI assistant Duo was found vulnerable to indirect prompt injection attacks. Researchers demonstrated the ability to leak private source code and inject malicious HTML by embedding hidden instructions in code or markdown files.
This discovery adds weight to concerns over AI integration in developer tools.
Trending CVEs to Patch Immediately
Here are the most urgent vulnerabilities disclosed this week:
| CVE ID | Affected Product | Severity | Exploitable Remotely |
|---|---|---|---|
| CVE-2025-34025 | Versa Concerto | High | Yes |
| CVE-2025-0993 | GitLab | Critical | Yes |
| CVE-2025-5063 | Chrome | High | Yes |
| CVE-2025-47947 | ModSecurity | High | Yes |
| CVE-2025-4322 | Motors WP Theme | Medium | Yes |
| CVE-2025-40775 | BIND DNS | Critical | Yes |
Around the World: Cyber Law, Malware and Influence Ops
- Sandworm Deploys ZEROLOT Wiper in Ukraine
- Signal Fights Back Against Recall on Windows 11
- Russia Mandates Tracking Apps for Foreigners
- Dutch Government Criminalises Espionage
- EU Sanctions Stark Industries for Enabling Russian Cyber Attacks
These developments reflect the growing overlap between policy, civil liberties, and digital warfare.
Cybercrime Insights: Scams, SIM-Swaps, and Session Hijacks
- Cookie-Bite: A new technique to steal Azure authentication cookies using rogue browser extensions.
- Coinbase Scam Campaign: Attackers used AI voice calls and social engineering to siphon user funds.
- DICOM Vulnerability (ELFDICOM): Medical image formats are being abused to hide Linux malware payloads.
- CrowdStrike Faces Lawsuit: Delta Airlines sues over July 2024 Falcon software outage.
Cybersecurity Tools of the Week
- ScriptSentry: Audits dangerous script configs in AD environments.
- Aftermath: A macOS forensic toolkit for incident response.
- AI Red Teaming Playground: Learn how to attack and secure AI systems via hands-on labs.
Tip of the Week: Revoke Old OAuth Permissions
Unmaintained third-party apps with OAuth access can expose email, files, or calendars. Head to your Google, Microsoft, or GitHub permissions page and revoke any unused app access immediately.
Final Thoughts
Cybersecurity isn’t just technical — it’s strategic. Every vulnerability, campaign, or tool reflects deeper trends in how digital systems are secured or subverted. As nation-states and criminal groups evolve, defenders must rethink trust, privilege, and transparency at all layers of their stack.
Discussion