Loading
Yanuki
ARTICLE DETAIL
Ukraine Phishing Campaign and Cisco Firewall Vulnerabilities | Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group | JS#SMUGGLER Campaign Deploys NetSupport RAT via Compromised Websites | Lazarus APT Remote-Worker Scheme Captured Live | Salesforce Data Breach Impacts Over 200 Companies Via Gainsight | 7-Zip RCE Vulnerability (CVE-2025-11001) Under Active Exploitation | Malicious VS Code Extension and NPM Packages Target Developers | SonicWall Blames State-Sponsored Hackers for September Security Breach | AI Chatbot Vulnerabilities: How Average Users Can Bypass Safety Measures | Ukraine Phishing Campaign and Cisco Firewall Vulnerabilities | Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group | JS#SMUGGLER Campaign Deploys NetSupport RAT via Compromised Websites | Lazarus APT Remote-Worker Scheme Captured Live | Salesforce Data Breach Impacts Over 200 Companies Via Gainsight | 7-Zip RCE Vulnerability (CVE-2025-11001) Under Active Exploitation | Malicious VS Code Extension and NPM Packages Target Developers | SonicWall Blames State-Sponsored Hackers for September Security Breach | AI Chatbot Vulnerabilities: How Average Users Can Bypass Safety Measures

Cyber Attacks / Vulnerabilities

Ukraine Phishing Campaign and Cisco Firewall Vulnerabilities

This article summarizes two critical cybersecurity updates: a phishing campaign targeting Ukrainian entities and newly discovered vulnerabilities in Cisco firewalls. Stay informed to protect your systems and data.

Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine
Share
X LinkedIn

cybersecurity news today
Ukraine Phishing Campaign and Cisco Firewall Vulnerabilities Image via The Hacker News

Key Insights

  • A Russia-aligned threat actor is using trojanized ESET installers to distribute the Kalambur backdoor in phishing attacks against Ukrainian organizations. Why this matters: This campaign exploits trust in a reputable cybersecurity company to compromise systems.
  • Cisco warns of a new attack variant targeting devices running Cisco Secure Firewall ASA and FTD software, exploiting CVE-2025-20333 and CVE-2025-20362. Why this matters: Unpatched devices are at risk of unexpected reloads and denial-of-service conditions.
  • Cisco addressed critical security flaws in Unified Contact Center Express (Unified CCX) that could allow unauthenticated, remote attackers to upload arbitrary files, bypass authentication, and execute arbitrary commands with root privileges. Why this matters: These vulnerabilities could lead to significant system compromise if left unpatched.

In-Depth Analysis

Recent cybersecurity threats highlight the ongoing risks faced by organizations. The phishing campaign in Ukraine involves a sophisticated approach, using a trojanized ESET installer to deliver the Kalambur backdoor. This campaign leverages the widespread use of ESET software in Ukraine, tricking recipients into installing malicious software.

Simultaneously, Cisco has issued warnings about vulnerabilities in its firewall products. The exploitation of CVE-2025-20333 and CVE-2025-20362 can lead to denial-of-service conditions. Additionally, critical flaws in Cisco Unified CCX could allow attackers to gain complete control over affected systems.

Organizations should promptly apply the necessary patches and updates to mitigate these risks. Continuous monitoring and employee training are also crucial to defend against phishing attacks and other cyber threats.

Read source article

FAQ

What is the Kalambur backdoor?

Kalambur is a C# backdoor that uses the Tor anonymity network for command-and-control and can enable remote access via RDP.

What actions should Cisco firewall users take?

Users should apply the latest updates to their Cisco Secure Firewall ASA and FTD software to address CVE-2025-20333 and CVE-2025-20362.

What are the risks associated with the Cisco Unified CCX vulnerabilities?

Successful exploitation could allow attackers to upload arbitrary files, bypass authentication, execute arbitrary commands, and elevate privileges to root.

Takeaways

  • Be cautious of unsolicited emails or messages, especially those prompting you to download software.
  • Always download software from official sources.
  • Keep your cybersecurity software and systems up to date with the latest patches.
  • Implement continuous monitoring to detect and respond to threats quickly.
  • Educate employees about phishing tactics and other cyber threats.

Discussion

Do you think these types of attacks will become more common? Let us know in the comments!

Share this article with others who need to stay ahead of this trend!

Sources

Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362 Cisco Patches Critical Vulnerabilities in Contact Center Appliance

Disclaimer

This article was compiled by Yanuki using publicly available data and trending information. The content may summarize or reference third-party sources that have not been independently verified. While we aim to provide timely and accurate insights, the information presented may be incomplete or outdated.

All content is provided for general informational purposes only and does not constitute financial, legal, or professional advice. Yanuki makes no representations or warranties regarding the reliability or completeness of the information.

This article may include links to external sources for further context. These links are provided for convenience only and do not imply endorsement.

Always do your own research (DYOR) before making any decisions based on the information presented.

Related Stories

Cyber Attacks / Supply Chain

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

A recent compromise of Notepad++'s hosting infrastructure has been linked to the China-linked Lotus Blossom hacking group. This breach allowed the attackers to deliver a previously undocumented backdoor, named Chrysalis, to users of the ope...

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

Cybersecurity / Cyber Attacks

JS#SMUGGLER Campaign Deploys NetSupport RAT via Compromised Websites

Cybersecurity researchers have uncovered a sophisticated campaign named JS#SMUGGLER that leverages compromised websites to distribute the NetSupport RAT (Remote Access Trojan). This multi-stage attack grants cybercriminals extensive control...

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT

Cybersecurity / Threat Intelligence

Lazarus APT Remote-Worker Scheme Captured Live

A joint investigation has uncovered North Korea's Lazarus Group's infiltration scheme using remote IT workers. Researchers captured operators live, revealing their tactics on controlled sandbox environments, highlighting a sophisticated met...

Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera

Security / Data Breach

Salesforce Data Breach Impacts Over 200 Companies Via Gainsight

A significant data breach has impacted over 200 companies using Salesforce, stemming from a vulnerability in apps published by Gainsight, a customer support platform provider. This supply chain attack highlights the increasing risks associa...

Salesforce says customer data possibly exposed following incident

Vulnerabilities / Exploits

7-Zip RCE Vulnerability (CVE-2025-11001) Under Active Exploitation

A remote code execution (RCE) vulnerability in 7-Zip, identified as CVE-2025-11001, is actively being exploited in the wild. This flaw allows attackers to execute arbitrary code on affected systems. It is crucial to update 7-Zip to version...

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)

Security / Malware

Malicious VS Code Extension and NPM Packages Target Developers

The software development ecosystem is facing increased threats from malicious actors. Recent incidents involve a VS Code extension with ransomware capabilities and NPM packages distributing information-stealing malware, highlighting the imp...

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Security / Data Breach

SonicWall Blames State-Sponsored Hackers for September Security Breach

SonicWall has officially attributed the September security breach, which led to the unauthorized exposure of firewall configuration backup files, to state-sponsored threat actors. The company's investigation, conducted with Mandiant, conclu...

SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach

AI / Model Security

AI Chatbot Vulnerabilities: How Average Users Can Bypass Safety Measures

Recent research highlights significant vulnerabilities in AI chatbots, demonstrating that even non-technical users can bypass safety measures and elicit biased or unintended responses. This exposes potential risks in various applications of...

Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data