Welcome to our biweekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our biweekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
Behind the Clouds: Attackers Targeting Governments in Southeast Asia Implement Novel Covert C2 Communication
Source: Unit 42
Researchers discovered HazyBeacon, a sophisticated backdoor targeting government agencies in Southeast Asia. Read more.
Octalyn Stealer Unmasked
Source: CYFIRMA
Octalyn Forensic Toolkit on GitHub appears as research tool but functions as credential stealer. Built with C++ and Delphi, uses Telegram for control and hides in Windows startup. Read more.
Google Gemini flaw hijacks email summaries for phishing
Source: BLEEPING COMPUTER
Google Gemini for Workspace has a newly discovered vulnerability. Attackers can embed hidden instructions in emails that manipulate Gemini’s summary generation, potentially directing users to phishing sites. Read more.
Dark Web Profile: Arkana Ransomware
Source: SOCRadar
Arkana Ransomware made headlines attacking WOW! internet provider in March 2025. Linked to Qilin Ransomware network, they disguise extortion as “post-penetration testing services.” Read more.
Likely Belarus-Nexus Threat Actor Delivers Downloader to Poland
Source: BLEEPING COMPUTER
The FrostyNeighbor threat group (UNC1151), attributed to Belarus, is actively targeting Eastern European nations with malicious CHM files. Read more.
295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat Manager
Source: The Hacker News
Researchers discovered 295 malicious IP addresses launching coordinated brute-force attacks against Apache Tomcat Manager interfaces worldwide. Read more.
Hackers are exploiting critical RCE flaw in Wing FTP Server
Source: BLEEPING COMPUTER
Wing FTP Server vulnerability is being actively exploited by threat actors. This flaw allows remote code execution with full system privileges without authentication. Read more.
macOS.ZuRu Resurfaces | Modified Khepri C2 Hides Inside Doctored Termius App
Source: SentinelOne
macOS.ZuRu malware hides in fake versions of popular apps like iTerm2 and Remote Desktop. Hackers trick users through poisoned search results. Read more.
GreyNoise Identifies New Scraper Botnet Concentrated in Taiwan
Source: GreyNoise
A scraper botnet variant has been identified with the user-agent “Hello-World/1.0”. Researchers are tracking it through unique behavioral patterns. Read more.
Count(er) Strike – Data Inference Vulnerability in ServiceNow
Source: Varonis
Researchers discovered a critical ServiceNow vulnerability dubbed “Count(er) Strike” that could expose sensitive data across hundreds of tables. It required only basic user access to exploit. Read more.