IN this week’s recap, The Hacker News highlights a Lua-based malware named fast16 developed years before Stuxnet and designed to tamper with high-precision calculation software, with analysis suggesting activity five years before Stuxnet and origins linked to a joint U.S.-Israeli project; three potential target software types were noted and security researchers quoted in WIRED described subtle, damaging effects.
The piece also covers UNC6692’s use of social engineering to deploy a Snow malware suite, comprising a browser extension, a tunneler and a backdoor, with SnowBasin and SnowGlaze forming a data‑exfiltration and command pipeline. On the threat landscape, a FIRESTARTER backdoor is described as targeting a federal agency’s Cisco ASA firmware via CVE‑2025‑20333 and CVE‑2025‑20362, with Cisco advising reimaging and updating to fixed versions.
Other items flagged include Lotus Wiper attacking Venezuelan energy systems, and The Gentlemen’s activity around SystemBC as part of a ransomware operation, with NCC Group noting rising activity and regional prominence. The roundup also mentions a Bitwarden CLI compromise linked to TeamPCP in a broader supply-chain campaign and other security developments such as new phishing toolkits and Chrome extensions involved in credential theft and data exfiltration.