ATM Hackers Using ‘Ploutus’ Malware Charged in US
The US Department of Justice has charged 54 individuals for their involvement in a large-scale ATM jackpotting campaign using the Ploutus malware family. The suspects are linked to the Venezuelan crime syndicate Tren de Aragua and face severe penalties, including decades-long prison sentences, for bank fraud, computer hacking, and money laundering.
Source: SecurityWeek

Hackers Abuse Popular Monitoring Tool Nezha as a Stealth Trojan
Researchers discovered that the open-source monitoring tool Nezha is being repurposed as a Remote Access Trojan (RAT). Because Nezha is legitimate software widely used by administrators and shows zero antivirus detections, attackers are exploiting it to gain persistent, stealthy access to compromised systems.
Source: Hackread

MacSync macOS Malware Distributed via Signed Swift Application
Jamf reports that MacSync Stealer, a macOS information-stealing malware, is now being distributed through a signed Swift application, removing the need for terminal-based execution. The malware has evolved from the earlier Mac.c stealer and now includes full backdoor functionality via a Go-based agent.
Source: SecurityWeek

Critical RCE Flaw Impacts Over 115,000 WatchGuard Firewalls
More than 115,000 internet-exposed WatchGuard Firebox devices remain vulnerable to an actively exploited remote code execution flaw (CVE-2025-14733). Successful exploitation allows unauthenticated attackers to execute arbitrary code, particularly on devices configured with IKEv2 VPN services.
Source: BleepingComputer

ClickFix Used to Deploy Stealc and Qilin Ransomware
Sophos researchers detail how the ClickFix social-engineering technique is being used to deploy Stealc infostealers and facilitate Qilin ransomware attacks. Victims are tricked into following fake human-verification steps on compromised websites, leading to malware installation and later ransomware deployment.
Source: Sophos