WEEKLY TOP TEN: June 09, 2025, 16:00 GMT
- PathWiper Malware Targets Ukrainian Infrastructure
A newly discovered malware dubbed PathWiper is being used to attack Ukrainian critical infrastructure. Unlike ransomware, this malware focuses on data destruction, wiping files and rendering systems inoperable. Security researchers have attributed the malware to a known APT group with a history of targeting Eastern Europe. - Zero-Click iMessage Exploit Used Against EU and U.S. Officials
Targeted surveillance attacks against government officials in the U.S. and EU have employed a sophisticated zero-click iMessage exploit, codenamed Nickname. The exploit, believed to be associated with a state-sponsored group, enables remote compromise of Apple devices without user interaction. - Fortinet Vulnerabilities Exploited by Qilin Ransomware
Two critical vulnerabilities in Fortinet’s FortiOS and FortiProxy—CVE-2024-21762 and CVE-2024-23113—are now being actively exploited by the Qilin ransomware gang. These flaws allow attackers to gain remote code execution on exposed appliances. Admins are urged to patch immediately, as these exploits are now publicly known and integrated into ransomware toolkits. - North Korean IT Workers Steal Millions While Masquerading as Freelancers
North Korean operatives have been infiltrating Western companies by posing as remote IT freelancers. U.S. authorities report that these individuals have stolen millions of dollars, which are then funneled back to support North Korea’s cyber and weapons programs. - U.S. Offers $10 Million for Info on RedLine Cybercriminals
The U.S. State Department is offering a $10 million reward for information leading to the identification or location of individuals associated with RedLine Stealer, a malware widely used to steal credentials and financial data. The stealer is frequently sold and distributed via underground forums, fueling a large ecosystem of cybercrime. - Critical Webmail Exploit in Roundcube Up for Sale
A hacker is selling a zero-day exploit for the popular Roundcube webmail platform that allows for remote code execution without user interaction. Technical details and a working proof-of-concept have already been disclosed, raising alarms in the infosec community over impending exploitation. - Backdoored Malware Repositories Discovered Online
Security researchers have uncovered multiple malware repositories that were secretly backdoored, including cracked versions of Redline and Raccoon stealers. These altered tools exfiltrate data not only from victims but also from cybercriminals who use them, turning attacker against attacker. - Fake AI Tools Used to Distribute Ransomware
A new malware campaign is leveraging the popularity of AI to trick users into downloading fake productivity tools laced with ransomware. These malicious applications imitate legitimate business software but execute file-encrypting payloads once installed. - BidenCash Carding Market Domains Seized
An international law enforcement operation has successfully seized multiple domains operated by BidenCash, a notorious carding market that specialized in selling stolen credit card data. The takedown highlights ongoing global efforts to dismantle cybercrime infrastructures used for financial fraud. - Chaos RAT Targets Windows and Linux Devices
A new variant of Chaos RAT has emerged, capable of targeting both Windows and Linux systems. Distributed via fake software downloads, the malware allows full remote control of compromised devices and is being actively used in espionage and criminal campaigns.
Our Threat Operations and Intelligence team compiles a daily digest of the most recent online cybersecurity risks. The following top 10 stories were selected from the 40+ original ones we determined to be most significant during the course of the week, ranking by highest risk and using multiple sources when available:
