Most of this week’s threats didn’t rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows were enough to open doors without forcing them.
What stands out is how little friction attackers now need. Some activity focused on quiet reach and coverage, others on timing and reuse. The emphasis wasn’t speed or spectacle, but control gained through scale, patience, and misplaced trust.
The stories below trace where that trust bent, not how it broke. Each item is a small signal of a larger shift, best seen when viewed together.
-
Spear-phishing delivers custom backdoor
Government entities in Afghanistan have been at the receiving end of a spear-phishing campaign dubbed Operation Nomad Leopard that employs bogus administrative documents as decoys to distribute a backdoor named FALSECUB by means of a GitHub-hosted ISO image file. The campaign was first detected in late December 2025. “The ISO file contains three files,” Seqrite Lab said. “The LNK file, Doc.pdf.lnk, is responsible for displaying the PDF to the victim and executing the payload. The PDF file, doc.pdf, contains the government-themed lure.” The final payload is a C++ executable that’s capable of receiving commands from an external server. The activity has not been attributed to any specific country or known hacker group. “The campaign appears to be conducted by a regionally focused threat actor with a low-to-moderate sophistication level,” the Indian cybersecurity company added.
-
DoS attacks hit UK services
The U.K. government is warning of continued malicious activity from Russian-aligned hacktivist groups like NoName057(16) targeting critical infrastructure and local government organizations in the country with denial-of-service (DoS) attacks. The end goal of these attacks is to take websites offline and disable access to essential services. “Although DoS attacks are typically low in sophistication, a successful attack can disrupt entire systems, costing organisations significant time, money, and operational resilience by having to analyse, defend against, and recover from them,” the U.K. National Cyber Security Centre (NCSC) said.
-
Trusted apps load malicious DLLs
Google-owned VirusTotal has disclosed details of an information stealer campaign that relies on a trusted executable to trick the operating system into loading a malicious DLL (“CoreMessaging.dll”) payload – a technique called DLL side-loading – leading to the execution of secondary-stage infostealers designed to exfiltrate sensitive data. Both the executable and the DLL are distributed via ZIP archives that mimic installers for legitimate applications like Malwarebytes (e.g., “malwarebytes-windows-github-io-6.98.5.zip”) and other programs.
…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
