Top 5 this week

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024

Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns

Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack

ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps

Warning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign

Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks

| CYBER ATTACK |

Admin User

December 31, 2025

Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks — Image credit:
The Hacker News

Since early January 2025, threat actors have been using the ClickFix technique to spread the NetSupport RAT remote access trojan. An updated version of the Lumma Stealer malware that uses the ChaCha20 cipher to decrypt a configuration file containing the list of command-and-control (C2) servers is also being spread via the ClickFix method. According to an analysis of the attack chains, "These changes provide insight into the evasive tactics employed by the developer(s) who are actively working to circumvent current extraction and analysis tools," eSentire stated.

The development coincides with the threat actors' use of the Click fix method to spread a Lumma stealer version that encrypts a Configuration file with a list of C2 servers using a different cipher.

CYBER ATTACK CYBERSECURITY DATA BREACH VULNERABILITY