Recruiters are the new targets in FIN6’s evolving playbook. The financially motivated group is impersonating job seekers on platforms, sending phishing emails that deliver malware through deceptive resumes. Using AWS-hosted sites and fingerprinting tactics, they deploy the More Eggs backdoor to steal credentials and pivot further.

Adobe just patched a mountain of vulnerabilities - most of them XSS. A total of 254 flaws were addressed across multiple products, with many posing risks of arbitrary code execution. Key patches include CVE-2025-47110 and CVE-2025-43585, both rated high in severity and impact.

A sprawling scam network is impersonating trusted brands at scale. Researchers uncovered over 4,000 domains tied to GhostVendors, a fake marketplace campaign abusing Meta’s ad system to evade detection. By spoofing major brands and rotating scam sites, the operation continues to lure users into fraudulent purchases.

Top Malware Reported in the Last 24 Hours

FIN6 mimics job seekers, drops malware

The FIN6 hacking group, known for financial fraud and ransomware, is now targeting recruiters by impersonating job seekers. They approach recruiters on platforms like LinkedIn and Indeed, using convincing resumes and phishing emails with non-clickable URLs to deliver malware. These phishing sites, hosted on AWS, employ environmental fingerprinting to ensure only specific targets can access the malicious content. Victims are tricked into downloading a ZIP file that contains a Windows shortcut file, which executes a script to install the More Eggs backdoor, enabling credential theft and further attacks. The group’s tactics highlight a shift in social engineering strategies within employment scams.

Myth Stealer spreads via gaming sites

Myth Stealer is a Rust-based information stealer malware that spreads through fake gaming websites, targeting users of Chromium- and Gecko-based browsers like Chrome and Firefox. Initially offered for free on Telegram, it has transitioned to a Malware-as-a-Service model. Upon execution, it displays a fake window to appear legitimate while secretly stealing passwords, cookies, and autofill data. The malware employs anti-analysis techniques, including string obfuscation, and is regularly updated to evade antivirus detection. It has been found distributed through compromised websites, including those hosted on Google’s Blogger, and is capable of exfiltrating stolen data to remote servers or Discord webhooks.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft June 2025 Patch Tuesday 

Microsoft released its Patch Tuesday updates, addressing 66 security vulnerabilities. Among these, one actively exploited zero-day vulnerability, CVE-2025-33053, pertains to a remote code execution flaw in Web Distributed Authoring and Versioning (WebDAV). This vulnerability was exploited by an APT group named Stealth Falcon. Additionally, another zero-day, CVE-2025-33073, involves an elevation of privilege vulnerability in the Windows SMB client. The updates include ten critical vulnerabilities, with 25 categorized as remote code execution and 13 as elevation of privilege. Other notable vulnerabilities include several affecting Microsoft Office applications, such as Excel, Outlook, and SharePoint. 

Adobe fixes 254 bugs

Adobe has released security updates addressing 254 vulnerabilities in its software, primarily impacting Adobe Experience Manager (AEM), with 225 flaws classified as XSS vulnerabilities. These XSS vulnerabilities could lead to arbitrary code execution. The most critical issues include a reflected XSS flaw (CVE-2025-47110) in Adobe Commerce and Magento Open Source, rated with a CVSS score of 9.1, and an improper authorization flaw (CVE-2025-43585) with a CVSS score of 8.2. Other affected products include Adobe InCopy and Substance 3D Sampler, which also had code execution vulnerabilities addressed. 

Chrome and Firefox released updates

Google and Mozilla released updates for Chrome 137 and Firefox 139 to address high-severity memory vulnerabilities. Chrome updates fixed a use-after-free issue (CVE-2025-5958) and a type confusion bug (CVE-2025-5959), which could lead to RCE and system compromise. Firefox updates resolved a memory corruption flaw (CVE-2025-49709) and an integer overflow issue (CVE-2025-49710). Thunderbird updates addressed a critical vulnerability (CVE-2025-5986) that could lead to unsolicited file downloads and credential leaks.

Top Scams Reported in the Last 24 Hours

GhostVendors scam campaign

Silent Push identified over 4,000 domains in the GhostVendors fake marketplace scam network impersonating major brands. Threat actors exploit Meta's ad policy to remove evidence of their campaigns by stopping ads, making tracking difficult. The campaign impersonates brands known for significant online ad purchases and smaller brands relying on online sales. Examples include spoofed ads for Milwaukee Tools, GE Appliances, and Wayfair, with domains redirecting users to different scam sites. The researchers also found multiple Facebook pages linked to the scam, such as "Millaeke," "Rabx-B," and "Tools Clearance," which repeatedly launched and removed campaigns.