Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

ClickFix campaign exploits CAPTCHAs, attack activity spikes ahead of CVE disclosures, and Vietnamese-speaking threat group deploys PXA Stealer.

In early August 2025 a new Telegram channel emerged presenting itself as an amalgam of three well-known cybercriminal labels Scattered Spider, ShinyHunters and LAPSUS$. Within 24 hours the channel published a steady stream of claims, partial data dumps and screenshots tied to a wide range of incidents, including retail and luxury brands, government entities, and cloud-platform related breaches. The channel’s activity revived public attention on several overlapping trends.

Summertime in the U.S., Europe, and many other regions typically falls between June and September. Tech teams, admins, and even their bosses take vacations. Inboxes slow down, and production systems finally get a breather. But for the threat actors behind Oyster, while others were reaching for sunscreen or enjoying real sea fishing, they launched their own phishing campaign using something far more effective than email and sharpened their hook.

This research explores an unconventional malware delivery vector, demonstrating how trusted creative software tools can be repurposed to deliver payloads in ways that bypass common defences, user expectations, and AI-based analysis. The work concludes with the creation of a successful Proof-of-Concept (PoC) for code execution and AV/EDR evasion using the open-source 3D software suite Blender.

Cybersecurity teams worldwide have been fighting against ransomware attacks on ESXi infrastructure for years. ESXi is a lightweight, bare-metal hypervisor developed by VMware that allows multiple virtual machines to run on a single physical server. ESXi is widely used in enterprise environments, often hosting virtual machines that support essential services for an entire organization.

Steganography is the art of hiding information inside a seemingly ordinary, legitimate object so that no one suspects anything is hidden. The technique T1027.003 has been around for a long time and is increasingly used by malware authors and threat actors to avoid detection. This involves hiding malicious payloads inside innocent-looking files such as images, audio, or documents. By embedding malware in these files, attackers can bypass traditional security tools that scan for obvious threats.

Cybercriminals are shifting tactics. Rather than relying solely on ransomware’s tried-and-true method of using encryption to lock files and demand payment to decrypt, many are now instead embracing exfiltration and extortion, with encryption as a secondary tactic. This marks a significant evolution in ransom-based attack methods, one where encryption is optional, but leverage is mandatory.