Cyber threats continued unabated last week, with attackers showing increased sophistication. Malware is now being hidden in virtual machines, side-channel leaks are exposing AI chats, and spyware is quietly targeting Android devices in the wild.
However, the surface has only been scratched. From sleeper logic bombs to a new alliance between major threat groups, this week’s roundup underscores a clear evolution in cybercrime, where technical stealth and strategic coordination are becoming increasingly intertwined.
Every story highlighted here carries real risks that teams need to be aware of immediately. It’s crucial to stay informed. Read on for a comprehensive recap.
⚡ Threat of the Week
Curly COMrades Abuses Hyper-V to Hide Malware in Linux VMs — Curly COMrades, a threat actor linked to Russia’s geopolitical interests, has been found exploiting Microsoft’s Hyper-V hypervisor to conceal a hidden Alpine Linux-based virtual machine on compromised Windows systems. This method allows malware to operate outside the host OS’s visibility, evading endpoint security tools. The campaign, observed in July 2025, involved deploying CurlyShell and CurlyCat. The attackers configured the VM to use the Default Switch network adapter in Hyper-V, ensuring that malicious traffic appears to originate from the legitimate host’s IP address. The sophisticated tactics employed by Curly COMrades demonstrate a trend where threat actors are adept at bypassing EDR/XDR solutions through techniques like VM isolation.
🔔 Top News
- ‘Whisper Leak’ That Identifies AI Chat Topics in Encrypted Traffic — Microsoft has disclosed a side-channel attack dubbed Whisper Leak, which allows passive adversaries to infer conversation topics from encrypted traffic of remote language models. The attack poses a risk to user privacy and security.
- Samsung Mobile Flaw Exploited as Zero-Day to Deploy LANDFALL Android Spyware — A security flaw in Samsung Galaxy devices was exploited to deliver the LANDFALL Android spyware in precision attacks. The flaw, CVE-2025-21042, was addressed by Samsung in April 2025.
- Hidden Logic Bombs in Malicious NuGet Packages Go Off Years After Deployment — A set of malicious NuGet packages have been identified to drop time-delayed payloads targeting database operations and industrial control systems.
- Flaws in Microsoft Teams Expose Users to Impersonation Risks — Multiple security vulnerabilities in Microsoft Teams could have exposed users to impersonation and social engineering attacks. These vulnerabilities have been patched by Microsoft.
- Three High-Profile Groups Come Together — Scattered LAPSUS$ Hunters, a merger of Scattered Spider, LAPSUS$, and ShinyHunters, has formed a coordinated alliance for financially motivated attacks.
️🔥 Trending CVEs
This week’s list of critical vulnerabilities gaining industry attention includes CVE-2025-20354, CVE-2025-20358, CVE-2025-20343, CVE-2025-62626, CVE-2025-5397, CVE-2025-48593, CVE-2025-48581, and many more.
📰 Around the Cyber World
- RDP Accounts Breached to Drop Cephalus Ransomware — Cephalus ransomware has been breaching organizations by exploiting RDP accounts without multi-factor authentication since mid-June 2025.
- WhatsApp to Roll Out Enhanced Protections for High-Risk Accounts — WhatsApp is introducing extra security features for high-risk accounts to prevent hacking attempts.
- Aurologic Provides Hosting for Sanctioned Entities — German hosting provider aurologic GmbH has been identified as a central hub for high-risk hosting networks.
- Australia Sanctions North Korean Threat Actors — Australia has imposed sanctions on entities and individuals engaging in cybercrime to fund North Korea’s illegal programs.
- U.K. Takes Action on Spoofed Mobile Numbers — U.K. mobile carriers are upgrading networks to prevent scammers from spoofing U.K. numbers.
🎥 Cybersecurity Webinars
- Learn How Top Experts Secure Multi-Cloud Workloads Without Slowing Innovation — Join this expert-led session to discover ways to protect cloud workloads without hindering innovation.
- Guardrails, Not Guesswork: How Mature IT Teams Secure Their Patch Pipelines — Learn how mature IT teams balance speed and security in their patch management processes.
- Discover How Leading Enterprises Are Cutting Exposure Time in Half with DASR — Explore how Dynamic Attack Surface Reduction helps reduce attack surfaces and strengthen defenses.
🔧 Cybersecurity Tools
- FuzzForge — An open-source tool for automating application and offensive security testing using AI and fuzzing.
- Butler — A tool to scan and review workflows, actions, secrets, and dependencies in GitHub organizations.
- Find-WSUS — A PowerShell tool to find all WSUS servers defined in Group Policy.
Disclaimer: These tools are for educational and research purposes only. Use them responsibly and follow all ethical and legal guidelines.
🔒 Tip of the Week
Stop Sensitive Data From Reaching AI Chats — Implement security measures to prevent sensitive data from being shared in AI chat systems, as this information can pose a risk if leaked or exposed.
Conclusion
Stay informed about evolving cyber threats and take proactive measures to protect your organization from potential risks.
