Malwarebytes Labs discovered a Bing ad disguised as a link to install NordVPN, which instead led to a remote access trojan named SecTopRAT. The researchers found that the trojan could control browser sessions and send system information to an attacker’s control server. The deceptive ad was reported to Microsoft and Dropbox, the latter of which has since removed the linked account. Despite this, the malvertising campaign may still be active under a different identity.

Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat
Google’s Mandiant team has issued an alert about a remote code execution flaw in the Ivanti Connect Secure VPN platform. The vulnerability, designated CVE-2025-22457, is