A major telecommunications company located in Asia was allegedly breached by Chinese state-sponsored hackers who spent over four years inside its systems, according to a new report from incident response firm Sygnia.

The cybersecurity company is tracking the activity under the name Weaver Ant, describing the threat actor as stealthy and highly persistent. The name of the telecom provider was not disclosed.

“Using web shells and tunneling, the attackers maintained persistence and facilitated cyber espionage,” Sygnia said. “The group behind this intrusion […] aimed to gain and maintain continuous access to telecommunication providers and facilitate cyber espionage by collecting sensitive information.”

A new phishing campaign targets Counter-Strike 2 players utilizing (BitB) attacks that display a realistic window that mimics Steam’s login page.

The attackers impersonate the Ukrainian e-sports team Navi to bait devoted fans and add legitimacy to the phishing page by using a recognizable brand.

The campaign uses the <a href=“https://www.bleepingcomputer.com/news/security/new-phishing-toolkit-lets-anyone-create-fake-chrome-browser-windows/” target=“_blank” rel=“nofollow (BitB) phishing technique created by cybersecurity researcher mr. dox in March 2022. This phishing framework allows threat actors to create realistic-looking popup windows with custom address URLs and titles within another browser window.

A new multi-platform ransomware-as-a-service (RaaS) operation named VanHelsing has emerged, targeting Windows, Linux, BSD, ARM, and ESXi systems.

VanHelsing was first promoted on underground cybercrime platforms on March 7, offering experienced affiliates a free pass to join while mandating a deposit of $5,000 from less experienced threat actors.

The new ransomware operation was first documented by CYFIRMA late last week, while Check Point Research performed a more in-depth analysis published yesterday.

Active exploitation of Cisco CVE-2024–20439 & 20440 in Smart Licensing forces urgent patching of vulnerable versions.

YouTube game cheat videos deliver Arcane stealer malware; attack chain extracts sensitive data via batch files and PowerShell.

Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025–23120 in its Backup & Replication software that impacts domain-joined installations.

The flaw was disclosed yesterday and affects Veeam Backup & Replication version 12.3.0.310 and all earlier version 12 builds. The company fixed it in version 12.3.1 (build 12.3.1.1139), which was released yesterday.

According to a technical writeup by watchTowr Labs, who discovered the bug, CVE-2025–23120 is a deserialization vulnerability in the Veeam. Backup. EsxManager.xmlFrameworkDs and Veeam.Backup.Core. BackupSummary. NET classes.

Two malicious VSCode Marketplace extensions were found deploying in-development ransomware, exposing critical gaps in Microsoft’s review process.

The extensions, named “ahban.shiba” and “ahban.cychelloworld,” were downloaded seven and eight times, respectively, before they were eventually removed from the store.

It is notable that the extensions were uploaded onto the VSCode Marketplace on October 27, 2024 (ahban.cychelloworld) and February 17, 2025 (ahban.shiba), bypassing safety review processes and remaining on Microsoft’s store for an extensive period of time.