Ethical Hacking News
A growing number of cybersecurity threats have emerged in recent weeks, highlighting the ongoing struggle between malicious actors and security specialists. From state-sponsored arrests to sophisticated malware campaigns, the landscape of global cybersecurity continues to evolve rapidly.
21-year-old Russian tech entrepreneur Timur Kilin has been arrested on treason charges for criticizing a state-backed messaging app.A Chinese-speaking cybercriminal group expanded its operations to target Egypt's financial sector and postal services with Smishing attacks.A new threat actor named NetMedved targeted Russian companies with phishing emails containing ZIP archives that dropped a RAT, while Positive Technologies observed the activity in mid-October 2025.Blockchain-hosted payloads delivered malware like AMOS, Vidar, and Lumma stealers, which were linked to these blockchains for easy distribution and execution.The Tor Project announced an upgrade to its Counter Galois Onion (CGO) relay encryption algorithm to enhance user privacy with a tagging-resistant cipher and reduced malleability risk.A report by Kaspersky showed a surge in phishing attacks during the 2025 shopping season, targeting online shoppers and payment systems.ESET discovered a new toolset dubbed QuietEnvelope that targeted MailGates email protection system of OpenFind email servers, with stealthy backdoors for remote access.The Mirai-based ShadowV2 botnet was observed infecting IoT devices across industries and continents, exploiting vulnerabilities like CVE-2009-2765 and CVE-2024-53375.Singapore ordered Apple and Google to block or filter messages masquerading as government agencies to curb rising online scams.
Russia Arrests Tech Entrepreneur for Treason
In a shocking turn of events, 21-year-old tech entrepreneur and cybersecurity specialist Timur Kilin has been detained in Moscow on treason charges. According to reports, Kilin's arrest was sparked by his criticism of the state-backed messaging app Max and the government's anti-cybercrime legislation. The exact details of the case are still unknown, but it is alleged that Kilin's vocal dissent may have attracted unwanted attention from authorities. This incident highlights the growing tensions between governments and individuals in the realm of cybersecurity, where even legitimate concerns can be misinterpreted as treasonous.
Chinese-speaking group expands global smishing reach to Egypt
Meanwhile, a Chinese-speaking cybercriminal group known for its Smishing Triad has expanded its operations to target Egypt's financial sector and postal services. The group, which utilizes a phishing kit named Panda, has set up malicious domains impersonating major Egyptian service providers. This development marks an expansion of the group's global reach, as it targets users across different regions with tailored templates that aim to harvest personal identifiable information (PII). The Smishing Triad's tactics demonstrate the evolving nature of cyber threats, where threats are becoming increasingly sophisticated and targeted.
Phishing campaigns drop RATs on Russian corporate targets
A new threat actor named NetMedved has emerged, targeting Russian companies with phishing emails containing ZIP archives that include a LNK file masquerading as a purchase request, along with other decoy documents. Opening the LNK file triggers a multi-stage infection sequence that drops NetSupport RAT. The activity observed by Positive Technologies was recorded in mid-October 2025, highlighting the ongoing struggle between cybersecurity specialists and malicious actors.
Blockchain-hosted payloads deliver AMOS, Vidar, Lumma stealers
The development of blockchain-hosted payloads has led to the emergence of new types of malware. Threats like AMOS, Vidar, and Lumma have been linked to these blockchains, where they can be easily distributed and executed without detection. The use of blockchain-based delivery mechanisms underscores the evolving nature of cyber threats, as malicious actors continually seek new ways to evade traditional security measures.
Tor bolsters privacy with new encryption upgrade
In a significant move towards enhancing user privacy, the Tor Project has announced an upgrade to its Counter Galois Onion (CGO) relay encryption algorithm. This development aims to strengthen the anonymity network by introducing a tagging-resistant cipher and reducing the risk of malleability attacks. The new encryption method is designed to raise the cost of active attacks on the network, while also providing forward secrecy and making it more resilient against malicious actors.
Report shows surge in phishing during 2025 shopping season
According to Kaspersky, nearly 6.4 million phishing attacks were identified in the first ten months of 2025, with a significant portion targeting online shoppers and payment systems. This surge highlights the growing concern surrounding phishing campaigns, particularly during peak shopping seasons. As threat actors continue to adapt and evolve their tactics, it is essential for individuals and organizations to remain vigilant and implement robust security measures.
Stealthy malware targets OpenFind mail servers
ESET has discovered a new toolset dubbed QuietEnvelope that specifically targets MailGates email protection system of OpenFind email servers. The toolset, comprising Perl scripts and stealthy backdoors, enables attackers to have remote access to compromised servers. This development underscores the ongoing struggle against state-sponsored threat actors, who continue to develop sophisticated tools designed to evade detection.
Mirai-based malware resurfaces with new IoT campaign
The Mirai-based ShadowV2 botnet has been observed infecting IoT devices across industries and continents. The campaign is believed to have been a test run conducted in preparation for future attacks, exploiting several vulnerabilities including CVE-2009-2765 (DDWRT) and CVE-2024-53375 (TP-Link). This incident highlights the ongoing threat posed by Mirai-based malware, which continues to evolve and target vulnerable IoT devices.
Singapore tightens messaging rules to fight spoof scams
In a bid to curb rising online scams, Singapore has ordered Apple and Google to block or filter messages that masquerade as government agencies. The directive requires the tech giants to implement new anti-spoofing protections starting December 2025. This move demonstrates the growing efforts by governments to combat cyber threats through regulation and education.
Related Information:
https://www.ethicalhackingnews.com/articles/Rising-Tensions-Cybersecurity-Threats-Emerge-Amidst-Global-Uncertainty-ehn.shtml
Published: Thu Nov 27 08:00:15 2025 by llama3.2 3B Q4_K_M
