Ciberseguridad

A newly disclosed security vulnerability affecting 7-Zip is being actively exploited in practice, according to an advisory issued by the United Kingdom’s NHS England Digital. The vulnerability allows remote attackers to execute arbitrary code on affected systems. Vulnerability Details (CVE-2025-11001) The primary vulnerability, identified as CVE-2025-11001 (with a CVSS score of 7.0), lies in the handling of symbolic links within ZIP files. Exploitation Mechanism: Attackers can create crafted data within a ZIP archive that forces the decompression process to traverse unwanted directories. Impact: Allows remote code execution (RCE) in the context of the affected user or service account. Discovery: The flaw was discovered and reported by Ryota Shiga of GMO Flatt Security Inc., with the help of the AI-powered AppSec Auditor Takumi audit tool. Related Vulnerability (CVE-2025-11002) The 7-Zip version 25.00 update also addresses another similar flaw, CVE-2025-11002 (CVSS score of 7.0). This vulnerability also exploits improper handling of symbolic links in ZIP files to achieve directory traversal and RCE. Both flaws were introduced in 7-Zip version 21.02. ...

The cyber threat landscape targeting Chinese-speaking users has intensified with the detection of multiple malware campaigns. Two recent reports highlight the sophistication of threat actors using the Gh0st RAT remote access trojan, a malware known for its versatility. One of the campaigns involves the threat actor known as Dragon Breath (also APT-Q-27 or Golden Eye), which uses a multi-phase loader called RONINGLOADER to deliver a modified variant of Gh0st RAT. Simultaneously, another series of large-scale phishing campaigns have been distributing the same malware. ...

The threat group known as Dragon Breath, also tracked as APT-Q-27 and Golden Eye, has been detected using a multi-stage loader called RONINGLOADER to deliver a modified variant of the Gh0st RAT remote access Trojan. This campaign primarily targets Chinese-speaking users and uses Trojanized NSIS installers that impersonate legitimate software such as Google Chrome and Microsoft Teams. According to researchers at Elastic Security Labs, the infection chain employs a multi-stage delivery mechanism that incorporates advanced evasion techniques. These techniques are specifically designed to neutralize popular endpoint security products in the Chinese market. ...

 Fortinet has issued a crucial security alert about a new vulnerability in its FortiWeb product (a web application firewall), confirming that the flaw is already being actively exploited by attackers. This vulnerability, classified as medium severity, requires immediate action by system administrators. Vulnerability Details (CVE-2025-58034) The security flaw, identified as CVE-2025-58034, has a CVSS score of 6.7. Fortinet describes it as a “Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)” vulnerability (CWE-78). ...

A newly discovered cyberattack campaign, dubbed Operation WrtHug, has compromised tens of thousands of ASUS routers that are end-of-life (EoL) or outdated. The operation has recruited these devices into a vast network of botnets. Over the past six months, SecurityScorecard’s STRIKE team identified more than 50,000 unique IP addresses of compromised devices globally. The most affected regions include Taiwan, the United States and Russia, although infections have also been reported in Southeast Asia and European countries. ...

 The PlushDaemon threat actor has been identified using a new Go-based network backdoor, called EdgeStepper, to facilitate Adversary in the Middle (AitM) attacks. EdgeStepper has the ability to redirect all DNS queries to an external malicious node, diverting traffic from legitimate software update infrastructure to attacker-controlled infrastructure. About Threat Actor PlushDaemon PlushDaemon is a China-aligned threat group, active since at least 2018. It is known for directing attacks against entities in the United States, New Zealand, Cambodia, Hong Kong, Taiwan, South Korea, and mainland China. ...

 The threat group known as PlushDaemon has been detected using a new Go-based network backdoor, called EdgeStepper, to facilitate Adversary in the Middle (AitM) attacks and hijack software update mechanisms. EdgeStepper, a previously undocumented implant, has been designed to reroute victims’ DNS queries to attacker-controlled infrastructure. This backdoor allows PlushDaemon to redirect legitimate software update traffic to malicious nodes, facilitating the delivery of second-stage payloads. The Threat Actor PlushDaemon and His Objectives PlushDaemon is a China-aligned advanced persistent threat (APT) group, active since at least 2018. It has targeted entities in various regions, including the US, New Zealand, Cambodia, Hong Kong, Taiwan, South Korea, and mainland China. ...

The third quarter of 2025 saw a significant increase in ransomware attacks, with an 11% increase in data breach publications compared to the previous quarter. According to a report from Beazley Security, only three ransomware groups were responsible for the majority of cases (65%), with the primary initial entry route being compromised VPN credentials. Dominant Ransomware Groups The three most prolific ransomware groups in the third quarter were Akira, Qilin, and INC Ransomware. These groups have demonstrated great operational capacity, contributing to the vast majority of reported incidents. ...

The idea of entering into a romantic relationship with an artificial intelligence system, popularized by the movie “Her,” has moved from the realm of science fiction to a tangible reality thanks to the proliferation of generative AI and large-scale language models (LLM). Virtual companion apps, also known as companion apps, are experiencing a significant boom, satisfying psychological and sometimes romantic needs for a growing user base. Platforms like Character.AI, Nomi, and Replika, as well as the foray of big players like OpenAI (with “verified adult erotica” plans) and Elon Musk’s xAI (with flirtatious companions in Grok), demonstrate the market demand for this technology. However, this rapid growth comes with serious security and privacy risks that users should consider before sharing intimate information with their AI peers. ...

Food delivery service DoorDash has confirmed that it suffered a data breach in October 2025, where some customers’ personal information was accessed. The company detailed that the incident was the result of a social engineering scam targeting one of its employees. Details of the Data Breach DoorDash informed customers via email about the incident, providing details about the compromised information: Data affected: Names, phone numbers, physical addresses and email details. Data NOT affected: The company highlighted that confidential information, such as social security numbers, driver’s licenses or bank card and payment information, was not accessed. So far, DoorDash has stated that there is no indication that the data has been misused for fraud or identity theft. ...