Week in review: Keyloggers found on Outlook login pages, police shut down dark web drug market - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Researchers unearth keyloggers on Outlook login pages
Special Webinar: Key Insights from Verizon’s 2025 DBIR - PRSOL:CC
The Verizon Data Breach Investigations Report (DBIR) is one of cybersecurity's most authoritative annual reports. The 2025 DBIR highlights critical trends including rising GenAI-related risks, credential theft, and vulnerabilities from third-party partners. LayerX is hosting Alex Pinto, one of the …
OpenVPN Driver Vulnerability Let Attackers Crash Windows Systems
Network administrators and cybersecurity experts will be pleased to learn that OpenVPN 2.7_alpha2 will be released.
US recovers $225 million of crypto stolen in investment scams - PRSOL:CC
The U.S. Department of Justice has seized more than $225 million in cryptocurrency linked to investment fraud and money laundering operations, the largest crypto seizure in the history of the U.S. Secret Service. The state's investigators used blockchain analysis to trace the funds stolen from over…
Critical ANPR Camera Flaw (CVE-2025-34022, CVSS 9.3) Exposes Selea TARGA Devices, PoC Available, No Vendor Response
A critical path traversal flaw (CVE-2025-34022, CVSS 9.3) in Selea TARGA ANPR cameras allows unauthenticated remote access to sensitive files. PoC is public
DuckDuckGo beefs up scam defense to block fake stores, crypto sites - PRSOL:CC
The DuckDuckGo web browser has expanded its built-in Scam Blocker tool to protect against a broader range of online scams, including fake e-commerce, cryptocurrency exchanges, and "scareware" sites. DuckDuckGo is a privacy-focused web browser and search engine that doesn't track users' searchers or…
Iran confirmed it shut down internet to protect the country against cyberattacks
Iran confirmed Internet shutdown to counter Israeli cyberattacks,citing threats to critical infrastructure, interference with drone control
Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages | #cybercrime | #infosec - National Cyber Security Consulting
Jun 21, 2025Ravie LakshmananCyber Attack / Critical Infrastructure The April 2025 cyber attacks targeting U.K. retailers Marks & Spencer and Co-op have been classified as a “single combined cyber event.” That’s according to an assessment from the Cyber Monitoring Centre (CMC), a U.K.-based indepe…
Ryuk ransomware’s initial access expert extradited to the U.S. - PRSOL:CC
A member of the notorious Ryuk ransomware operation who specialized in gaining initial access to corporate networks has been extradited to the United States. The suspect is a 33-year-old foreign man who was arrested in April 2025 in his home in Kyiv at the request of the FBI. He was extradited to t…
Godfather Android trojan uses virtualization to hijack banking and crypto apps
Godfather Android trojan uses virtualization to hijack banking and crypto apps, stealing user funds, warns mobile security firm Zimperium.
Critical Mattermost Flaw (CVE-2025-4981, CVSS 9.9) Allows RCE Via Path Traversal
A critical flaw (CVE-2025-4981, CVSS 9.9) in Mattermost allows authenticated users to achieve RCE via path traversal during archive uploads. Update immediately!
IBM QRadar SIEM Exposed by Trio of Security Flaws, Including Critical Command Execution Bug
IBM warns of three critical QRadar SIEM flaws (CVSS 9.1 RCE, XXE, info disclosure). Update to 7.5.0 UP12 IF02 immediately to protect your SIEM.
Hackers Target 700+ ComfyUI AI Image Generation Servers to Spread Malware
China’s National Cybersecurity Notification Center has issued an urgent warning about critical vulnerabilities in ComfyUI.
Aflac Reports Breach as Insurance Cyberattacks Grow
Insurance giant Aflac reported today that it was hit by a cyberattack on June 12 but was able to stop
Aflac discloses breach amidst Scattered Spider insurance attacks | #ransomware | #cybercrime - National Cyber Security Consulting
On Friday, American insurance giant Aflac disclosed that its systems were breached in a broader campaign targeting insurance companies across the United States by attackers who may have stolen personal and health information. Aflac (short for American Family Life Assurance Company) is the largest s…
Cloudflare blocked record-breaking 7.3 Tbps DDoS attack against a hosting provider
Cloudflare blocked a record 7.3 Tbps DDoS attack in May 2025, +12% than its previous peak and 1 Tbps greater than attack reported by Krebs
Prometei Botnet Targets Linux Servers for Cryptocurrency Mining Operations
Unit 42 researchers from Palo Alto Networks have identified a renewed wave of attacks by the Prometei botnet, specifically targeting Linux servers.
Insomnia API Client Vulnerability Enables Arbitrary Code Execution via Template Injection
A severe security vulnerability in the Insomnia API Client, a widely used tool by developers and security testers for interacting with APIs.
Threat Actors Exploit Vercel Hosting Platform to Distribute Remote Access Malware
CyberArmor has uncovered a sophisticated phishing campaign exploiting Vercel, a widely used frontend hosting platform.
PowerShell Loaders Use In-Memory Execution to Evade Disk-Based Detection
A recent threat hunting session has revealed a sophisticated PowerShell script, named y1.ps1, hosted in an open directory on a Chinese server.
CVE-2025-49763 - Remote DoS via Memory Exhaustion in Apache Traffic Server via ESI Plugin | Imperva
Remote attackers can trigger an avalanche of internal ESI requests, exhausting memory and causing denial-of-service in Apache Traffic Server. Executive Summary Imperva’s Offensive Security Team discovered CVE-2025-49763, a high-severity vulnerability (CVSS v3.1 estimated score: 7.5) in Apache Traff…
Zoom & doom: BlueNoroff call opens the door
Field Effect Analysis team investigates a targeted campaign using spoofed domains, social engineering, and malware tied to APT BlueNoroff.
Oxford City Council Cyberattack Disrupts Services and Exposes Historic Election Data
The Oxford City Council is investigating a recent cybersecurity breach that disrupted various council services and potentially exposed the personal
CVE-2025-49763 – Remote DoS via Memory Exhaustion in Apache Traffic Server via ESI Plugin
Remote attackers can trigger an avalanche of internal ESI requests, exhausting memory and causing denial-of-service in Apache Traffic Server. Executive Summary Imperva’s Offensive Security Team discovered CVE-2025-49763, a high-severity vulnerability (CVSS v3.1 estimated score: 7.5) in Apache Traff…
AntiDot 3-in-1 Android Botnet Malware Grants Attackers Full Control Over Victim Devices
A new Android botnet malware named AntiDot has emerged as a formidable threat, granting cybercriminals unprecedented control over infected devices.
SpyMax – A Fake Wedding Invitation App Targeting Indian Mobile Users - K7 Labs
We have recently received a report from an Android user, who is not a K7 customer, detailing fraudulent activity and […]
Versa Director Flaws Let Attackers Execute Arbitrary Commands
A newly disclosed set of vulnerabilities in Versa Networks’ SD-WAN orchestration platform, Versa Director, with the flaws enabling authenticated attackers to upload malicious files and execute arbitrary commands on affected systems.
CVE-2025-49763: Apache Traffic Server Vulnerability Enables Memory Exhaustion Attacks
A security flaw in Apache Traffic Server (ATS) is targeting cloud service providers worldwide. The vulnerability, identified as CVE-2025-49763, exposes
Linux flaws chain allows Root access across major distributions
Two local privilege escalation flaws could let attackers gain root access on systems running major Linux distributions.
Dover Fueling Solutions Flaw Lets Attackers Control Fueling Operations
A newly disclosed critical vulnerability in Dover Fueling Solutions’ ProGauge MagLink LX consoles has sent shockwaves through the global fuel infrastructure sector.
Cybersecurity Snapshot: Tenable Report Spotlights Cloud Exposures, as Google Catches Pro-Russia Hackers Impersonating Feds
Check out highlights from Tenable’s “2025 Cloud Security Risk Report,” which delves into the critical risk from insecure cloud configurations. Plus, Google reveals a Russia-sponsored social engineering campaign that targeted prominent academics’ Gmail accounts. And get the latest on AI system secur…
Iran Plunges into Near-Total Internet Blackout Amid Escalating Cyberwar with Israel
Iran has drastically cut internet connectivity to 3% nationwide, citing Israeli cyberattacks. The blackout includes international calls, affecting millions amid rising tensions.
Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
A prominent expert on Russian information operations was targeted by a sophisticated spear phishing attack likely coming from Russian hackers
IBM QRadar SIEM Bug Lets Attackers Run Arbitrary Commands
IBM has issued a critical security update for its QRadar SIEM platform after researchers uncovered multiple vulnerabilities.
Apache SeaTunnel Flaw Lets Unauthorized Users Launch Deserialization Attacks
A newly disclosed vulnerability in Apache SeaTunnel, a popular distributed data integration platform.
The world's biggest data breach: what should folks do?
16 billion exposed login credentials allegedly leaked online. We tell you what everyone needs to do right now.
A ransomware attack pushed the German napkin firm Fasana into insolvency
A cyberattack pushed the German napkin firm Fasana into insolvency, worsening existing financial troubles and serving as the final blow
Urgent WordPress Alert: Motors Theme Flaw (CVE-2025-4322) Actively Exploited for Site Takeover
A critical flaw (CVE-2025-4322) in the WordPress Motors theme allows unauthenticated attackers to reset passwords for full site takeover.
SERPENTINE#CLOUD: Stealthy Malware Campaign Leverages Cloudflare Tunnels for In-Memory RAT Delivery
The SERPENTINE#CLOUD campaign exploits Cloudflare Tunnel subdomains and LNK files to deliver in-memory RATs like AsyncRAT and Remcos, evading detection.
Microsoft 365 Boosts Security: Legacy File Access Protocols RPS & FrontPage RPC Phased Out July 2025
Microsoft will disable outdated RPS and FrontPage RPC protocols for file access in Microsoft 365, Office, SharePoint, and OneDrive starting July 2025 to enhance security.
Amatera Stealer Unveiled: Rebranded ACR Stealer Now More Evasive, Targeting Your Data
Amatera Stealer, a rebranded and enhanced version of ACR Stealer, uses advanced evasion tactics like NTSockets and WoW64 syscalls to steal data from browsers, crypto wallets, and apps.
Russian APT UNC6293 Exploits Google Application-Specific Passwords to Hack Critics
A Russian state-sponsored APT, UNC6293 (likely APT29), is exploiting Google Application-Specific Passwords in a sophisticated phishing campaign targeting critics of Russia
Stargazers Ghost Network: Minecraft Mods Used to Distribute Multi-Stage Stealers via GitHub
A new campaign, "Stargazers Ghost Network," weaponizes Minecraft mods on GitHub to distribute a multi-stage infostealer, targeting user credentials and crypto wallets.
Critical Privilege Escalation Flaw in FreeIPA Threatens Linux Domain Security
A critical flaw (CVE-2025-4404, CVSS 9.1) in FreeIPA allows authenticated users to escalate privileges to domain admin via Kerberos impersonation.
CISA Warning: Critical Flaw (CVE-2025-5310) Exposes Fueling Station Devices
CISA warns fuel infrastructure operators of a critical flaw (CVE-2025-5310) in Dover Fueling Solutions ProGauge MagLink devices, risking control
ComfyUI Under Attack: "Pickai" C++ Backdoor Compromises 700+ AI Image Generation Servers Globally
A C++ backdoor named Pickai is actively exploiting ComfyUI servers, compromising nearly 700 AI image generation hosts and posing a supply chain risk
Aflac discloses breach amidst Scattered Spider insurance attacks
On Friday, American insurance giant Aflac disclosed that its systems were breached in a broader campaign targeting insurance companies across the United States by attackers who may have stolen personal and health information.
The Good, the Bad and the Ugly in Cybersecurity – Week 25
Pentagon modernize defense via AI, Water Curse spreads malware through GitHub repos, and TaxOff uses Chrome zero-day to deploy backdoor.
TCC Bypass vulnerabilities in two macOS applications
TCC Bypass vulnerability has been found in two macOS applications: Phoneix Code (CVE-2025-5255), Postbox (CVE-2025-5963).
Russian Hackers Bypass Gmail 2FA in Complex Phishing and Social Engineering Attack
Hackers have waged a sophisticated social engineering and phishing campaign to target a high-profile researcher by exploiting a Gmail feature.
SERPENTINE#CLOUD Campaign on Cloudflare Tunnel
A new malware campaign called SERPENTINE#CLOUD uses Cloudflare Tunnel subdomains to host and deliver malicious payloads via phishing emails.
Researchers discovered the largest data breach ever, exposing 16 billion login credentials
Researchers discovered the largest data breach ever, exposing 16 billion login credentials, likely due to multiple infostealers.
Qilin Ransomware Emerges as World's Top Threat, Demands $50 Million Ransom | #ransomware | #cybercrime - National Cyber Security Consulting
Qilin ransomware has rapidly ascended to become the world’s most prevalent ransomware threat, accumulating over $50 million in ransom payments throughout 2024 alone. Originally developed as ‘Agent’ in 2022 and later recorded in the Rust programming language, this sophisticated malware has evolved …
Over 100,000 WordPress Sites Exposed to Privilege Escalation via MCP AI Engine
The Wordfence Threat Intelligence team identified a severe security flaw in the AI Engine plugin, a widely used tool installed.
U.S. Files to Seize $225.3 Million Obtained Through Crypto Scams
The U.S. Department of Justice has filed a civil forfeiture complaint to seize more than $225.3 million in cryptocurrency that
North Korean Hackers Deploy Malware Using Weaponized Calendly and Google Meet Links
The North Korean state-sponsored threat actor group, identified as TA444, has unleashed a sophisticated malware campaign.
Gamers Targeted! Fake Minecraft Mods Enable Attackers to Take Control of Your System
Minecraft, the wildly popular sandbox game with over 200 million monthly active players, has become the latest hunting ground for cybercriminals.
China-linked group Salt Typhoon breached satellite firm Viasat
China-linked APT Typhoon has reportedly targeted satellite firm Viasat, the group has breached multiple telecom providers in the past.
Why Kerberoasting Still Matters for Security Teams
Sometimes the old ones are best... avoided. Explore Kerberoasting and how it remains a relevant attack method.
Threat Intelligence Snapshot: Week 25, 2025
QuoIntelligence’s Weekly Intelligence Snapshot for the week of 6 to 18 June 2024 is now available! Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affi…
CVE-2025-6018 and CVE-2025-6019 Vulnerability Exploitation: Chaining Local Privilege Escalation Flaws Lets Attackers Gain Root Access on Most Linux Distributions | SOC Prime
Explore the details of CVE-2025-6019 and CVE-2025-6018 exploit chain that can enable root access on Linux distros with insights on SOC Prime blog.
Hackers Deploy Amatera Stealer Using Advanced Web Injection and Anti-Analysis Techniques
Proofpoint has uncovered a rebranded and significantly enhanced information stealer named Amatera Stealer, derived from the previously known ACR Stealer.
Two public exploits for Linux, one observed in the wild
Exploits for three Linux vulnerabilities give attackers root access. One is active in the wild—patch now and audit configs to reduce risk.
Weekly Intelligence Report - 20 June 2025 | #ransomware | #cybercrime - National Cyber Security Consulting
Published On : 2025-06-19 Ransomware of the week CYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring various forums. This includes multiple – industries, geography, and technology – that could be relevant to your organization. Type: Ra…
CVE-2025-6019: time to upgrade Linux
Vulnerability CVE-2025-6019 allows an attacker to gain root privileges in most Linux distributions.
Iran experienced a near-total national internet blackout
Iran experienced a near-total internet blackout on Wednesday as tensions with Israel escalated into the first week of conflict.
Cato CTRL™ Threat Research: PoC Attack Targeting Atlassian’s Model Context Protocol (MCP) Introduces New “Living off AI” Risk
Cato CTRL is unveiling a PoC attack targeting Atlassian’s MCP, where a simple support ticket submitted through Jira Service Management (JSM) becomes a vehicle for data exfiltration and privileged access
FBI Cracks Two-Year Cyberstalking Case Involving Minors in Florida and Alabama
Charles M. Schmaltz, 28, of Pensacola, Florida, has pleaded guilty to cyberstalking and sending obscene materials to minor females. The
Mocha Manakin Attack Detection: Hackers Spread a Custom NodeJS Backdoor Dubbed NodeInitRAT Using the Paste-and-Run Technique | SOC Prime
Detect Mocha Manakin past-and-run attacks spreading a custom NodeJS backdoor, NodeInitRAT, with Sigma rules from SOC Prime Platform.
Threat Actor Exploit GitHub and Hosted 60 GitHub Repositories with 100s of Malware
A threat actor group known as Banana Squad has been found exploiting GitHub, a cornerstone platform for developers worldwide.
Sophisticated Phishing Attack Uses ASP Pages to Target Prominent Russia Critics -Google
Google Threat Intelligence Group (GTIG), in collaboration with external partners, has uncovered a sophisticated phishing campaign.
MacOS hacking part 2: classic injection trick into macOS applications. Simple C example
﷽ Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment helps support this platform at no extra cost to you. Hello, cyber…
Malicious Minecraft mods distributed by the Stargazers DaaS target Minecraft gamers
Java-based malware targets Minecraft users via fake cheat tools, utilizing the Stargazers Ghost Network distribution-as-a-service (DaaS).
ClamAV 1.4.3 and 1.0.9 Released with Fixes for Critical Remote Code Execution Vulnerability
The ClamAV development team has rolled out two crucial security patch releases, versions 1.4.3 and 1.0.9, aimed.
Hackers Exploit Cloudflare Tunnels to Infect Windows Systems With Python Malware
A sophisticated malware campaign dubbed SERPENTINE#CLOUD has emerged, leveraging Cloudflare Tunnel infrastructure.
How CVE-2025-6018 and CVE-2025-6019 Enable Full Root Access on Linux
How CVE-2025-6018 and CVE-2025-6019 Enable Full Root Access on Linux Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment h…
CVE-2025-3248 in Langflow Exploited to Deploy Flodrix Botnet
CVE-2025-3248 in Langflow Exploited to Deploy Flodrix Botnet Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment helps sup…
Meta Embraces Passkeys: Facebook & Messenger Get Secure, Passwordless Login
Meta introduces Passkey support for Facebook and Messenger on iOS/Android, enabling secure, passwordless logins via biometrics or PINs, enhancing user convenience and security.
LogMeIn Remote Access Abused in Targeted System Compromise
A sophisticated cyberattack campaign has been uncovered, leveraging LogMeIn Resolve remote access software to gain unauthorized control over user systems.
Why AI code assistants need a security reality check - Help Net Security
AI code assistants’ security depends on training data and architecture, which can both cause the generation of insecure code.
Cisco AnyConnect VPN Flaw Allows Attackers to Launch DoS Attacks
A newly disclosed vulnerability in Cisco’s AnyConnect VPN implementation for Meraki MX and Z Series devices enables denial-of-service (DoS) conditions.
Two High-Severity Flaws Found in NetScaler Products: CVE-2025-5349 and CVE-2025-5777
Cloud Software Group has released a security bulletin warning customers of two newly identified vulnerabilities, CVE-2025-5349 and CVE-2025-5777, affecting both
Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month - CyberSRC
In an alarming development, cybersecurity researchers have uncovered a massive JavaScript malware campaign affecting over 269,000 websites in a single […]
91% noise: A look at what's wrong with traditional SAST tools - Help Net Security
A new study finds SAST tools generate over 90% false positives, wasting time and missing real risk in modern application security.
Apache Traffic Server Vulnerability Allows DoS Attacks Through Memory Exhaustion
CVE-2025-49763, affects multiple versions of ATS and has prompted urgent mitigation guidance from the Apache Software Foundation.
XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service (CVE-2025-30220)
Summary A high-severity vulnerability has been identified in GeoServer’s Web Feature Service (WFS) that allows XML External Entity (XXE) attacks, potentially leading toinformation disclosure …
Open Next SSRF Flaw in Cloudflare Lets Hackers Fetch Data from Any Host
A critical Server-Side Request Forgery (SSRF) vulnerability has been discovered in the @opennextjs/cloudflare package.
Windows 11 Recall Adds Data Export for EU Users: Share Snapshots with Third Parties
Windows 11's Recall feature now allows EU users to export snapshots for sharing with third parties, but with strict security measures and a one-time export code.
Seamless eSIM Transfer: iOS 26 Now Supports Direct Migration to Android
iOS 26 introduces direct eSIM transfer to Android, simplifying cross-platform migration and eliminating the need for carrier intervention.
CVE-2025-23171 & CVE-2025-23172: Versa Director Bugs Open Doors to Webshell Uploads and Command Execution
Two flaws in Versa Director SD-WAN allow authenticated RCE via insecure file uploads and privilege escalation via webhook abuse. PoC code is public.
Critical Versa Director Flaw (CVSS 9.8): Hardcoded Credentials Grant Root Access, PoC Available
A critical flaw (CVE-2025-24288, CVSS 9.8) in Versa Director exposes hardcoded default credentials for high-privilege accounts with sudo access. PoC released. Update now
Cisco ClamAV Critical Flaws: CVE-2025-20260 (CVSS 9.8) Allows Code Execution
Cisco ClamAV versions 1.4.3 and 1.0.9 fix critical flaws: CVE-2025-20260 (CVSS 9.8) in PDF scanning could allow RCE, and CVE-2025-20234 (UDF) leads to DoS.
WordPress AI Engine Flaw (CVE-2025-5071): Critical Bug Allows Subscriber-Level Account Takeover
A critical flaw (CVE-2025-5071) in WordPress's AI Engine plugin allows subscribers to escalate privileges and take over websites with Dev Tools/MCP enabled.
MySQL Servers Under Attack: Threat Actors Exploiting UDFs to Inject Gh0stRAT, XWorm & Zoho Agents
Threat actors are actively compromising poorly managed MySQL servers, using UDFs to inject Gh0stRAT, XWorm, HpLoader, and legitimate Zoho agents for full system control and data theft.
SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying
A critical SSRF flaw (CVE-2025-6087) in @opennextjs/cloudflare allows unauthenticated users to proxy arbitrary remote content via /_next/image endpoint.
Elastic Uncovers Stealthy Campaign Using GHOSTPULSE and ARECHCLIENT2 Malware
Elastic uncovers a sophisticated ClickFix campaign deploying the GHOSTPULSE loader to deliver ARECHCLIENT2 malware, leveraging social engineering for credential theft and remote access.
Ransomware Gang Qilin Rises Amid Collapse of Major Gangs Like RansomHub and LockBit
Qilin ransomware is rapidly dominating the RaaS landscape, as rivals like RansomHub and LockBit face collapse, internal chaos, and public defacements by "XOXO from Prague."
Critical Auth Bypass Vulnerability (CVE-2025-51381) Found in KAON KCM3100 Gateways
A critical flaw (CVE-2025-51381) in KAON KCM3100 Wi-Fi gateways allows local attackers to bypass authentication. Update firmware to version 1.4.8 immediately.
Invoice to Infection: Sorillus RAT Campaign Strikes European Organizations
A new wave of invoice-themed phishing emails is distributing the Sorillus RAT across Europe, leveraging legitimate platforms like OneDrive and Ngrok for stealthy delivery.
Amatera Stealer Launches Sophisticated Multi-Stage Attacks via ClearFake
Threat Type: Infostealer malware (Malware-as-a-Service) Exploited Vulnerabilities: CVE-2024-21412 (SmartScreen Bypass), user execution via ClearFake+ClickFix, EtherHiding Malware Used: Amatera Stealer (formerly ACR Stealer) Threat Score: 🔴 High (8.0/10) – Evasive, persistent, dynamically updated Ma…