Welcome to this week’s edition of Cybersecurity News Recap! In this issue, we bring you the latest updates and critical developments across the threat landscape.
Stay ahead of risks with key insights on newly discovered Chrome and Gemini vulnerabilities, the surge of sophisticated Linux malware, and an in-depth look at the emerging “man-in-the-prompt” attack tactic targeting AI systems.
Whether you’re an IT professional, security enthusiast, or simply concerned about digital safety, our roundup delivers essential information and actionable takeaways to keep you secure in an ever-evolving cyber world.
1. New Shuyal Malware Hits 19 Popular Browsers
A new channel of the Shuyal malware family is targeting 19 widely used web browsers. Shuyal’s operators employ advanced evasion techniques to bypass security solutions and deploy multi-stage payloads, posing a significant risk to organizations relying on mainstream browsers.
Read more: cybersecuritynews.com/new-shuyal-attacking-19-popular-browsers/
2. Muddled Libra Shifts to Voice Phishing for Rapid Corporate Breaches
The Muddled Libra group has pivoted from email phishing to sophisticated voice-based social engineering (vishing), targeting organizational call centers. By impersonating employees, they convince IT support to reset credentials and MFA, granting near-instant access to sensitive systems. Attackers reach domain admin privileges in under 40 minutes and have expanded focus to government, insurance, retail, and aviation sectors.
Read more: cybersecuritynews.com/muddled-libra-actors-attacking-organizations/
3. IIS Servers Attacked with Advanced Web Shell Script
Hackers are actively exploiting vulnerabilities in Microsoft IIS servers using a new web shell script, allowing stealthy remote code execution and persistent access. System administrators are urged to patch and monitor their servers for unusual activity.
Read more: cybersecuritynews.com/hackers-attacking-iis-servers-with-new-web-shell-script/
4. SAP NetWeaver Zero-Day Exploited by Multiple Threat Actors
Researchers report active exploitation of a critical SAP NetWeaver vulnerability (CVE-2025-31324). The flaw enables unauthenticated attackers to upload malicious files and execute remote commands, targeting both Windows and Linux installations. The patch has been released—customers must act immediately.
Read more: cybersecuritynews.com/sap-netweaver-vulnerability-exploited-malware/
5. ATM Networks Breached Using Raspberry Pi Devices
A financially motivated group, UNC2891, gained access to ATM networks by physically installing a 4G-enabled Raspberry Pi device. This attack exploited both physical and digital vulnerabilities, allowing remote command-and-control access and risking financial fraud through hidden rootkits and undetected malware.
Read more: cybersecuritynews.com/atm-network-hacked-using-raspberry-pi/
6. SharePoint Servers Severely Exposed to Internet Attacks
A zero-day vulnerability affecting on-premises SharePoint servers is being actively exploited. Impacted organizations are advised to take all internet-exposed SharePoint instances offline and apply available patches. SharePoint Online is not affected.
Read more: cybersecuritynews.com/sharepoint-servers-exposed-to-internet/
7. EDR-on-EDR Attacks Highlight Endpoint Security Risks
Attackers are now leveraging vulnerabilities in Endpoint Detection and Response (EDR) products to target and disable competing EDR solutions within the same network, paving the way for undetected malware deployment. This underscores the need for robust EDR configurations and layered defenses.
Read more: cybersecuritynews.com/edr-on-edr-violence/
Threats
1. Atomic macOS Stealer Launches with Sophisticated New Backdoor
A new variant of the Atomic macOS Stealer has been spotted with enhanced backdoor capabilities. This latest version can avoid detection, steal credentials, and maintain persistent access, posing a growing threat to Mac users.
Read more: cybersecuritynews.com/atomic-macos-stealer-comes-with-new-backdoor/
2. Android Malware Rental Includes Advanced 2FA Interception
Researchers have discovered a service offering Android malware as a rentable package, now including 2FA interception features. Cybercriminals are increasingly leveraging these tools to capture one-time passcodes during the login process, making attacks more dangerous for mobile users.
Read more: cybersecuritynews.com/renting-android-malware-with-2fa-interception/
3. Armouryloader: Bypassing System Security Protections
The new ‘Armouryloader’ malware demonstrates advanced techniques to bypass system security protections. Targeted attacks using this malware can evade traditional defenses, emphasizing the need for updated endpoint security.
Read more: cybersecuritynews.com/armouryloader-bypassing-system-security-protections/
4. Lumma Stealer Reveals Full Attack and Infection Chain
A deep dive into the Lumma password stealer exposes a complex malware infection chain that can spread rapidly across systems. The report details techniques that enhance infection rates and data exfiltration.
Read more: cybersecuritynews.com/lumma-password-stealer-attack-infection-chain/
5. 0bj3ctivityStealer Exploits New Execution Techniques
A new threat, 0bj3ctivityStealer, has emerged with a novel execution chain that helps it evade detection and maximize payload delivery on compromised systems.
Read more: cybersecuritynews.com/0bj3ctivitystealers-execution-chain/
6. Ransomware Groups Collaborate with TrickBot Operators
Recent campaigns show ransomware groups partnering with TrickBot malware operators, combining resources to breach enterprise networks and increase ransom payouts.
Read more: cybersecuritynews.com/ransomware-groups-using-trickbot-malware/
7. Plague Malware Targets Linux Servers
A newly identified “Plague” malware is attacking Linux servers by exploiting unpatched vulnerabilities and poor security configurations, posing risks to server infrastructure and hosted data.
Read more: cybersecuritynews.com/plague-malware-attacking-linux-servers/
Vulnerability
1. Critical Vulnerability in Cisco Identity Services Engine
A newly discovered vulnerability exposes Cisco’s ISE platform to remote code execution and privilege escalation risks. The flaw can be exploited by unprivileged attackers via a network, underlining the importance of rapid patching.
Read more: cybersecuritynews.com/cisco-identity-services-engine-vulnerability
2. Gemini CLI Under Fire: Vulnerability Allows Hidden Command Execution
Researchers identified a critical flaw in Google’s Gemini CLI tool—allowing attackers to silently run malicious commands on developer systems through prompt injection and broken validation. Disguised payloads could exfiltrate credentials without user awareness. Upgrade to v0.1.14+ immediately!
Read more: cybersecuritynews.com/gemini-cli-vulnerability/
3. SonicWall: Multiple n-Day Vulnerabilities Revealed
Recently published advisories detail several exploited n-day vulnerabilities in SonicWall products, pushing organizations to update and implement layered defenses as attackers increasingly target unpatched endpoints.
Read more: cybersecuritynews.com/sonicwall-n-day-vulnerabilities/
4. Chrome Pushes Emergency Security Update
Google issued an urgent security update for the Chrome browser to address multiple actively exploited vulnerabilities. Users are urged to apply updates to prevent infections and data breaches.
Read more: cybersecuritynews.com/chrome-security-update-138/
5. SonicWall SSL VPN Exposed to DoS Attacks
A new Denial-of-Service vulnerability affecting SonicWall SSL VPN devices could enable attackers to disrupt business operations. Prompt software upgrades are recommended.
Read more: cybersecuritynews.com/sonicwall-ssl-vpn-dos-vulnerability/
6. “Man-in-the-Prompt” Attack Targets AI-Powered Dev Tools
Cybersecurity experts are warning of a novel “Man-in-the-Prompt” attack targeting AI-driven coding assistants, where malicious prompt manipulation could cause AI models to execute harmful commands or leak secrets.
Read more: cybersecuritynews.com/man-in-the-prompt-attack/
7. CrushFTP 0-Day: Technical Details & PoC Published
Full technical details and a proof-of-concept have been released for an actively exploited 0-day in CrushFTP. Immediate action is required for at-risk admins.
Read more: cybersecuritynews.com/crushftp-0-day-technical-details-poc-released/
8. Google Project Zero’s Latest Vulnerability Disclosure
Project Zero researchers at Google published their latest findings, including detailed reports on recently uncovered zero-day exploits and their impact on major software ecosystems.
Read more: cybersecuritynews.com/google-project-zero-vulnerability-disclosure/
Other News
1. GitHub Outage Disrupts Millions of Developers
On July 28, 2025, GitHub experienced a global outage, briefly hindering code pushes, API requests, and issue tracking functions for developers worldwide. The incident, traced to networking problems, caused intermittent errors for around 4% of requests and delayed deployments, but full recovery occurred within about 3.5 hours.
Read more: cybersecuritynews.com/github-outage-disrupts-core-services
2. Apple Integrates Native Containerization in macOS
Apple unveiled a native containerization stack for macOS at WWDC 25, enabling Macs to run OCI images in micro-VMs—making it possible to launch Kali Linux directly without Docker Desktop. This feature, targeting Apple Silicon with full release in “Tahoe” (macOS 26) this fall, vastly improves security, speed, and resource use for Linux workflows on Mac.
Read more: cybersecuritynews.com/apples-containerization-feature-macos
3. Palo Alto Networks to Acquire CyberArk
Palo Alto Networks announced intentions to acquire identity security leader CyberArk, signaling a major consolidation in the cybersecurity sector. The strategic move aims to strengthen cloud identity protection and expand zero-trust offerings.
Read more: cybersecuritynews.com/palo-alto-networks-acquire-cyberark
4. ChatGPT: Shaping the Future of Search Engines
OpenAI’s ChatGPT is increasingly influencing search trends, offering natural language answers that reshape how users access information—posing new challenges and opportunities for established search engines.
Read more: cybersecuritynews.com/chatgpt-conversations-search-engines
5. WhatsApp Zero-Click Exploit Alert
Security experts warn of a zero-click vulnerability in WhatsApp, allowing attackers to compromise devices without user interaction. Immediate patching and vigilance are advised for both individuals and enterprises.
Read more: cybersecuritynews.com/whatsapp-0-click-exploit
