Welcome to our biweekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our biweekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
Crypto Operation Using Fake Investment Platforms Dismantled in Spain
Source: Bitdefender
Spain’s Guardia Civil, in collaboration with Europol and other global law enforcement agencies, has arrested five individuals suspected of laundering hundreds of millions of euros through cryptocurrency scams that have affected over 5,000 victims worldwide. Read more.
New FileFix attack runs JScript while bypassing Windows MoTW alerts
Source: BLEEPING COMPUTER
A new FileFix attack, created by security researcher mr.d0x, exploits browser handling of saved HTML files to bypass Windows’ MoTW protection, tricking victims into executing a disguised PowerShell command via a phishing page. Read more.
Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update
Source: The Hacker News
Google has issued security updates to address a zero-day vulnerability, CVE-2025-6554, currently being exploited in the wild, characterized as a type confusion flaw in the V8 JavaScript and WebAssembly engine. Read more.
Godfather Evolves With Advanced On-Device Virtualization Capabilities
Source: PolySwarm
Godfather malware exploits Android’s Accessibility Service to capture detailed tap events and screen information, targeting around 484 applications with commands sent through a Base64-encoded C2 server. Read more.
Bluetooth flaws could let hackers spy through your microphone
Source: BLEEPING COMPUTER
Recent vulnerabilities in a Bluetooth chipset affect 29 audio devices from brands like Beyerdynamic, Bose, and Sony, potentially allowing for eavesdropping or data theft. Read more.
Taking the shine off BreachForums
Source: SOPHOS
French authorities have reported the arrest of four members of the ShinyHunters (also known as ShinyCorp) cybercriminal group across various regions in France for their involvement in cybercrime activities and the underground forum BreachForums. Read more.
GIFTEDCROOK Malware Evolves: From Browser Stealer to Intelligence-Gathering Tool
Source: The Hacker News
The threat actor behind the GIFTEDCROOK malware has upgraded it from a simple browser data stealer to a sophisticated intelligence-gathering tool. Read more.
Evidence Suggests Exploitation of CitrixBleed 2 Vulnerability
Source: SECURITY WEEK
The Citrix NetScaler vulnerability, known as CitrixBleed 2 and CVE-2025–5777, might be exploited in real-world scenarios, as indicated by cybersecurity firm ReliaQuest. Read more.
Microsoft 365 Direct Send Abused for Phishing
Source: SECURITY WEEK
Varonis has identified a phishing campaign exploiting Microsoft 365 Direct Send, which allows attackers to send spoofed emails that seem to originate from within the victim’s organization. Read more.
CyberAv3ngers: From Infrastructure Hacks to Propaganda Machines in the Iran-Israel Cyber War
Source: Domain Tools
A prominent group, CyberAv3ngers, has been involved in hijacking water systems, altering PLCs, and mocking Israeli cybersecurity initiatives on platforms like Telegram and Twitter. Read more.