Threat actors are actively exploiting vulnerabilities across multiple platforms—from AI tools and remote access software to enterprise security systems—to deploy malware, steal credentials, and extract data. Russian operatives continue targeting encrypted messaging apps, while various groups abuse legitimate services like OAuth and Google APIs as entry points. The threat landscape is expanding as attackers adapt to new AI infrastructure and coordinate multi-stage attacks.
·Attackers exploit FortiClient EMS vulnerability to deploy credential-stealing malware
·SEO-poisoned software download sites abuse ScreenConnect for AsyncRAT distribution
·Russian threat actors targeting Signal and WhatsApp users with escalating campaigns
·Langflow RCE flaws allow miners and malware deployment on exposed AI endpoints
·Multiple threat groups operating simultaneously within single compromised networks
drawn from Microsoft, The Hacker News, BankInfoSecurity · updated 7h ago