More than seven years ago, cybersecurity researchers were thoroughly rattled by the discovery of Meltdown and Spectre, two major security vulnerabilities uncovered in the microprocessors found in virtually every computer on the planet.

Perhaps the scariest thing about these vulnerabilities is that they didn’t stem from typical software bugs or physical CPU problems, but from the actual processor architecture. These attacks changed our understanding of what can be trusted in a system, forcing security researchers to fundamentally reexamine where they put resources.

These attacks emerged from an optimization technique called “speculative execution” that essentially gives the processor the ability to execute multiple instructions while it waits for memory, before discarding the instructions that aren’t needed.

Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands.

DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishing kit, and the related activity under the moniker Morphing Meerkat.

RansomHub’s EDRKillShifter used in 2024 ransomware by Medusa, BianLian, and Play, revealing cross-gang tool sharing.

Phishing Office files and CVE-2017–11882 exploits still active in 2025, exposing unpatched systems to malware.

The legacy domain for Microsoft Stream was hijacked to show a fake Amazon site promoting a Thailand casino, causing all SharePoint sites with old embedded videos to display it as spam.

Microsoft Stream is an enterprise video streaming service that allows organizations to upload and share videos in Microsoft 365 apps, such as Teams and SharePoint.

Video content hosted on Microsoft Stream was accessed or embedded through a portal at microsoftstream.com.

The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC.

“In this attack, the threat actor manipulates.msc files and the Multilingual User Interface Path (MUIPath) to download and execute malicious payload, maintain persistence and steal sensitive data from infected systems,” Trend Micro researcher Aliakbar Zahravi said in an analysis.

The vulnerability in question is CVE-2025–26633 (CVSS score: 7.0), described by Microsoft as an improper neutralization vulnerability in Microsoft Management Console (MMC) that could allow an attacker to bypass a security feature locally. It was fixed by the company earlier this month as part of its Patch Tuesday update.

RedCurl deployed QWCrypt ransomware via fake CVs and ISO lures, disabling entire virtual infrastructures.