Apt

🟠 High | Source: The Hacker News A China-linked threat group, TA4922, has significantly expanded its phishing campaigns beyond its previous targets to now include organisations in the UK, Germany, Italy, and South Africa. The group is deploying known remote access trojans including ValleyRAT and Atlas RAT, with a fast-moving operational pace and an evolving malware toolkit. This matters because the expansion into European markets signals a deliberate strategic shift, increasing risk for organisations in these regions. ...

🟠 High | Source: The Hacker News Russian state-linked threat group Gamaredon is actively exploiting CVE-2025-8088, a path traversal vulnerability in WinRAR, to deploy a chain of malware against Ukrainian targets. The attack begins with an HTML Application payload (GammaPhish) which then downloads further malware including GammaWorm and GammaSteel, designed for data theft and lateral propagation. This is a targeted, state-sponsored campaign with significant implications for organisations operating in or with Ukraine. ...