In this week’s cybersecurity bulletin, we highlight several critical vulnerabilities, ongoing attack campaigns, and sophisticated malware threats that are actively shaping the global threat landscape. Organizations are urged to remain vigilant, apply timely patches, and enhance user awareness to counter the growing sophistication of cyberattacks.
Critical Vulnerabilities to Watch
1. Veeam Backup & Replication – CVE-2025-23121
A critical vulnerability (CVSS 9.9) affecting Veeam Backup & Replication versions 12.3.1.1139 and earlier allows remote code execution by authenticated users. This can result in full system compromise. Organizations using these versions must apply the latest security updates immediately.
More info: https://www.veeam.com/kb4743
2. SUSE Linux Privilege Escalation – CVE-2025-6018 & CVE-2025-6019
Two serious LPE vulnerabilities were discovered in SUSE 15’s PAM and libblockdev via udisks. Attackers can escalate from unprivileged user to root, threatening local systems.
More info: https://ubuntu.com/security/CVE-2025-6018#notes and https://ubuntu.com/security/CVE-2025-6019#notes
Active Exploits and Campaigns
1. TP-Link Routers – CVE-2023-33538
CISA has flagged a high-severity command injection flaw in popular TP-Link models (e.g., TL-WR940N, TL-WR841N), which is currently being exploited in the wild. Attackers can execute arbitrary commands via crafted HTTP requests.
More info: https://web.archive.org/web/20230609111043/https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/3/TL-WR940N_TL-WR841N_userRpm_WlanNetworkRpm_Command_Injection.md
2. Linux Kernel – OverlayFS Privilege Escalation
An old but now actively exploited Linux kernel vulnerability allows local attackers to abuse improper ownership management and gain elevated privileges.
More info: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Threat Intelligence & Security News
1. Godfather Android Malware Evolves
The Godfather banking trojan now leverages virtualization to create fake, virtualized versions of over 500 banking and crypto apps. This enables credential theft and transaction hijacking in a stealthy and hard-to-detect manner.
More Info: https://www.bleepingcomputer.com/news/security/godfather-android-malware-now-uses-virtualization-to-hijack-banking-apps/
2. Deepfake Zoom Attacks by North Korean Hackers
The BlueNoroff group is using AI-generated deepfakes of executives in Zoom calls to deploy Mac malware. Victims are lured with fake audio issues and asked to download a malicious "Zoom fix," which installs malware targeting crypto wallets and enterprise data.
More info: https://www.bleepingcomputer.com/news/security/north-korean-hackers-deepfake-execs-in-zoom-call-to-spread-mac-malware/
3. Russian APT29 Phishing Campaign via Gmail App Passwords
Russian hackers are bypassing Gmail 2FA by convincing targets to generate app-specific passwords. These phishing attacks have been tailored to deceive academics and government affiliates using legitimate Google features.
More info: https://thehackernews.com/2025/06/russian-apt29-exploits-gmail-app.html
4. Supply Chain Malware in PyPI & npm
Multiple malicious packages are targeting developers on PyPI and npm with obfuscated code, RATs, and clipboard hijackers. Notably, attackers are exploiting AI coding assistants' hallucinated package names to insert malicious libraries.
More info: https://thehackernews.com/2025/06/malicious-pypi-package-masquerades-as.html
5. Anubis Ransomware: Encrypt + Wipe
Anubis ransomware, which first appeared in late 2024, now combines file encryption with permanent deletion using a “wipe mode,” intensifying pressure on victims. It targets industries across North and South America, Australia, and more.
More info: https://www.trendmicro.com/en_us/research/25/f/anubis-a-closer-look-at-an-emerging-ransomware.html
Recommendations for Businesses
Stay secure. Stay informed.
Subscribe to our weekly threat intelligence updates to safeguard your systems and teams from emerging cyber risks. For consultation and for tailored cybersecurity advisory, contact our team at Crowe UAE, +971 55 343 8693, manesh.nair@crowe.ae