Cybersecurity researchers warn of a sophisticated ransomware attack that uses a Python-based backdoor for persistent access to compromised networks, deploying RansomHub ransomware. The initial access is facilitated by JavaScript malware SocGholish, distributed via browser update scams, often through infected websites. The Python script has been observed since December 2023. Other precursor tools disable endpoint detection, steal credentials, brute-force email accounts, and deliver more payloads.

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)
A suspected Chinese advanced persistent threat (APT) group exploited CVE-2025-22457, a previously unexploitable buffer overflow bug, to compromise devices running Ivanti Connect Secure (ICS) and