Cybersecurity firm Kaspersky has linked the known threat actor DoNot Team to the use of a new .NET-based backdoor named Firebird, targeting victims in Pakistan and Afghanistan. The attack chains have also been configured to deliver a downloader, named CSVtyrei. The attackers are suspected to be of Indian origin, employing spear-phishing emails and rogue Android apps to spread malware.

Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat
Google’s Mandiant team has issued an alert about a remote code execution flaw in the Ivanti Connect Secure VPN platform. The vulnerability, designated CVE-2025-22457, is