Today’s roundup
Trend Micro fixed a remote code execution in Apex Central
MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors
Hackers target misconfigured proxies to access paid LLM services
Illicit Crypto Economy Surges as Nation-States Join in the Fray
Basketball player arrested for alleged ransomware ties freed in Russia-France prisoner swap
Summary
Trend Micro has issued patches for three vulnerabilities in its Apex Central management console, discovered by Tenable. The most critical, CVE-2025-69258 (CVSS 9.8), is a LoadLibraryEX remote code execution flaw that allows an unauthenticated remote attacker to execute arbitrary code with SYSTEM privileges on affected Windows installations (versions below Build 7190). Two denial-of-service vulnerabilities, CVE-2025-69259 and CVE-2025-69260 (CVSS 7.5), were also addressed. Users are urged to apply Critical Patch Build 7190 immediately.
The Iranian state-sponsored threat group MuddyWater has initiated a new spear-phishing campaign deploying a Rust-based Remote Access Trojan (RAT) dubbed RustyWater. Targets include diplomatic, maritime, financial, and telecommunications entities across the Middle East. The attacks utilize icon spoofing and malicious Word documents to deliver the implant, which features asynchronous command and control, anti-analysis capabilities, and registry persistence.
Threat actors are actively seeking out misconfigured proxy servers to gain unauthorized access to commercial large language model (LLM) services. This systematic targeting aims to exploit common misconfigurations to bypass authentication and utilize paid LLM resources without authorization, highlighting an evolving attack vector against AI infrastructure.
The illicit cryptocurrency economy experienced a significant surge in 2025, with billions in transactions linked to cybercriminal activities. A key driver of this increase is attributed to the growing involvement of sanctioned nation-states, particularly Russia and Iran, in these illicit financial operations, signaling an escalation in state-backed cybercrime funding.
Daniil Kasatkin, a 26-year-old basketball player previously arrested on allegations of ties to ransomware activities, has been released from Russian custody as part of a prisoner exchange with France. Kasatkin was exchanged for French researcher Laurent Vinatier, who was being held in Russia. This incident underscores the international and geopolitical dimensions now entwined with cybersecurity and cybercrime enforcement.
Want to dig deeper?
Vulnerabilities
Cyber Groups
| MuddyWater | Earth Vetala, MERCURY, Static Kitten, Seedworm, TEMP.Zagros, Mango Sandstorm, TA450 |