Sansec reports 250+ attacks exploiting Adobe Commerce flaw CVE-2025–54236; 62% of stores remain unpatched.
Get the latest international news and world events from around the world.
Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files
Cybersecurity researchers have disclosed details of a coordinated spear-phishing campaign dubbed PhantomCaptcha targeting organizations associated with Ukraine’s war relief efforts to deliver a remote access trojan that uses a WebSocket for command-and-control (C2).
The activity, which took place on October 8, 2025, targeted individual members of the International Red Cross, Norwegian Refugee Council, United Nations Children’s Fund (UNICEF) Ukraine office, Norwegian Refugee Council, Council of Europe’s Register of Damage for Ukraine, and Ukrainian regional government administrations in the Donetsk, Dnipropetrovsk, Poltava, and Mikolaevsk regions, SentinelOne said in a new report published today.
The phishing emails have been found to impersonate the Ukrainian President’s Office, carrying a booby-trapped PDF document that contains an embedded link, which, when clicked, redirects victims to a fake Zoom site (“zoomconference[.]app”) and tricks them into running a malicious PowerShell command via a ClickFix-style fake Cloudflare CAPTCHA page under the guise of a browser check.
Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft’s July Patch
CVE-2025–53770, assessed to be a patch bypass for CVE-2025–49704 and CVE-2025–49706, has been weaponized as a zero-day by three Chinese threat groups, including Linen Typhoon (aka Budworm), Violet Typhoon (aka Sheathminer), and Storm-2603, the latter of which is linked to the deployment of Warlock, LockBit, and Babuk ransomware families in recent months.
However, the latest findings from Symantec indicate that a much wider range of Chinese threat actors have abused the vulnerability. This includes the Salt Typhoon (aka Glowworm) hacking group, which is said to have leveraged the ToolShell flaw to deploy tools like Zingdoor, ShadowPad, and KrustyLoader against the telecom entity and the two government bodies in Africa.
KrustyLoader, first detailed by Synacktiv in January 2024, is a Rust-based loader previously put to use by a China-nexus espionage group dubbed UNC5221 in attacks exploiting flaws in Ivanti Endpoint Manager Mobile (EPMM) and SAP NetWeaver.
Meta launches new anti-scam tools for WhatsApp and Messenger
Meta has announced new tools to help WhatsApp and Messenger users protect themselves from potential scams and secure their accounts.
On Messenger, the company has started testing more advanced scam-detection for suspicious chats that will warn users when a new contact sends a potentially scammy message, giving them the option to send recent messages for AI scam review to check for signs of a scam.
When a potential scam is spotted, users will be alerted and provided a set of suggested actions, such as blocking or reporting the sender.
When we dream, does our brain wake up?
An international consortium of researchers has created the largest-ever database compiling records of brain activity during sleep and dream reports. One of the first analyses of the database confirmed that dreams do not occur only during REM sleep, but also during deeper and calmer NREM stages. In these cases, brain activity resembles wakefulness more than deep sleep, as if the brain were “partially awake.”
One third of a healthy adult’s life is spent sleeping, and a significant portion of that time is spent dreaming. Throughout the night, during any sleep stage, subjective conscious experiences, what we call dreams, can repeatedly occur.
Interest in dreams dates back thousands of years, from ancient Egypt to ancient Mesopotamia and ancient Greece, and spans many cultures and traditions.
Parkinson’s Discovery Suggests We May Have an FDA-Approved Treatment Already
Researchers have discovered how a surface protein on brain cells, called Aplp1, can play a role in spreading material responsible for Parkinson’s disease from cell to cell in the brain.
Promisingly, an FDA-approved cancer drug that targets another protein – Lag3 – which interacts with Aplp1 – was found to block this process in mice. This suggests a potential treatment for Parkinson’s may already exist.
In a paper published last year, an international team of scientists detailed how the two proteins work together to help toxic clumps of alpha-synuclein protein get into brain cells.