THE Hacker News’ weekly recap highlights a pattern of trusted paths being exploited, with Vercel’s Context[.]ai breach cited as an example where an employee’s Google Workspace access enabled exposure of some internal environments and environment variables. It notes a shift to multi-stage payloads and a greater use of real-world tools in attacks, including supply-chain links and memory-resident techniques, alongside a pattern of attackers delaying checks and hiding activity.
Among the top stories, PowMix botnet campaigns targeting Czech workers use randomized C2 beaconing to evade detection, and QEMU is described as being abused to hide malicious activity and facilitate later ransomware deployment. The piece also covers several Android threats, including malformed APKs and four banking trojans—RecruitRat, SaferRat, Astrinox, and Massiv—designed to harvest data and enable financial fraud, affecting hundreds of apps across banking, cryptocurrency, and social media sectors.
Rounding out the week, threats ranged from cyber-espionage against Ukrainian and other public-sector targets to adware that can disable security tools, while security researchers discuss improvements in threat intelligence, CTEM prioritisation, and defensive AI tools. According to Sophos, QEMU abuse illustrates how criminals leverage virtualisation to evade detection and expand access.