North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance.

A fake Go module posing as golang.org/x/crypto captures terminal passwords, installs SSH persistence, and delivers the Rekoobe Linux backdoor.

Hackers exploited CVE-2025-64328, a FreePBX command injection vulnerability, to infect hundreds of instances with web shells.