North Korean Hackers Caught on Video Using AI Filters in Fake Job Interviews
North Korean state-sponsored hackers from the Famous Chollima APT group are using real-time AI deepfakes to impersonate software engineers during job interviews with cryptocurrency and Web3 companies. They steal legitimate identities and resumes, using AI-powered facial filters to disguise their faces and secure employment under false pretenses. The campaign aims to infiltrate Western firms for espionage and financial gain, with multiple infiltration attempts observed by Quetzal Team analysts targeting senior software engineering roles.
Source: HackRead

The Week in Vulnerabilities: Cyble Urges Apache, Microsoft Fixes
Cyble researchers tracked 1,128 vulnerabilities over the past week, 138 of which already have public Proof-of-Concept exploits, increasing the risk of real-world attacks. Sixty-seven flaws were rated critical under CVSS v3.1 and 22 under CVSS v4.0. Among them, CVE-2025-55754 affects Apache Tomcat and could allow indirect administrative command execution via console manipulation, posing a serious risk to system integrity if administrators are deceived into executing malicious commands.
Source: Cyble

Remote Access, Real Cargo: Cybercriminals Targeting Trucking and Logistics
Proofpoint identified a cybercriminal campaign targeting logistics and trucking companies using remote monitoring and management (RMM) tools to hijack cargo shipments. Attackers collaborate with organized crime to gain network access and bid on legitimate freight jobs, then steal the physical goods. The stolen items, ranging from electronics to beverages, are sold online or shipped overseas, causing millions in damages and major disruptions to supply chains.
Source: Proofpoint

Operation SkyCloak: Tor Campaign Targets Military of Russia & Belarus
SEQRITE Labs uncovered a Tor-based campaign targeting the military of Russia and Belarus, including the Russian Airborne Forces and Belarusian Special Forces. The infection chain exposes local services via Tor using obfs4 bridges for anonymous communication. Attackers used multi-stage PowerShell scripts, military-themed decoys, and hidden SSH services to maintain persistence. Similar regional campaigns, such as HollowQuill and CargoTalon, were also observed throughout 2025, focusing on aerospace and defense sectors.
Source: Seqrite

Leak Site Ransomware Victims Spike 13% in a Year
European ransomware victims increased by 13% between September 2024 and August 2025, with the UK being the most affected, according to CrowdStrike’s European Threat Landscape Report. The total number of leaked victims reached 1,380, with Germany, Italy, France, and Spain following closely behind. The most targeted sectors include manufacturing, technology, and professional services, reflecting a sustained trend of financially motivated attacks across Europe.
Source: Infosecurity Magazine