Hackers are widening their attack surface, and Linux is now in their crosshairs. A new variant of the SystemBC RAT has emerged, stealthily infiltrating Linux environments. Given its history of pairing with ransomware, this development signals a growing threat to corporate systems and cloud infrastructures.

Physical access shouldn’t mean instant compromise, but for iPhones and iPads, it briefly did. Apple has rushed to patch a flaw that allowed attackers to disable USB Restricted Mode on locked devices. Designed to prevent unauthorized access, this feature was rendered useless by the vulnerability.

Thousands of firewalls meant to protect businesses are instead exposing them to serious risks. Over 12,000 GFI KerioControl firewalls remain unpatched against a critical remote code execution flaw. Despite a fix being available since December, many instances are still vulnerable.

Top Malware Reported in the Last 24 Hours

SystemBC RAT now targets Linux

Threat analysts have discovered a new risk: a version of the SystemBC RAT that is now targeting Linux-based systems. The updated SystemBC RAT is designed to be stealthy and hard to detect, using encrypted communication to avoid detection and allow attackers to navigate compromised systems freely. The SystemBC RAT acts as a proxy implant, facilitating lateral movement within a network without needing easily detectable tools. It typically works alongside other malware, raising the risk of ransomware attacks and data theft in Linux environments. 

New FinStealer targets Indian banks

A new cybersecurity threat called FinStealer has emerged, targeting customers of a major Indian bank through fake mobile applications. This malware uses advanced methods to steal sensitive financial and personal information, including banking login details and credit card numbers. It spreads through phishing links and unofficial app stores, mimicking real banking apps to trick users. The goal of this campaign is financial gain through credential theft and unauthorized transactions. Researchers have found connections to a website hosting fake bank apps, enhancing the risks to users. 

Top Vulnerabilities Reported in the Last 24 Hours

Apple released emergency patch

Apple released urgent security updates on Monday to fix a flaw in iOS and iPadOS, which has been exploited. The vulnerability, identified as CVE-2025-24200, allows attackers with physical access to a locked device to disable USB Restricted Mode. This mode, introduced to prevent unauthorized access to data, restricts device communication with accessories if not unlocked for an hour. The updates are available for various devices running iOS 18.3.1, iPadOS 18.3.1, and earlier versions. 

RCE flaw exploited in KerioControl firewalls

Over 12,000 GFI KerioControl firewall instances have a critical remote code execution vulnerability, CVE-2024-52875. KerioControl is a security tool for small and medium-sized businesses, used for various network protections. GFI Software released an initial fix on December 19, 2024, but many instances remained unpatched weeks later. The Shadowserver Foundation indicated 12,229 vulnerable firewalls, mainly in countries like Iran and the U.S. Users are urged to update to KerioControl version 9.4.5 Patch 2 for enhanced security.

SAP addresses multiple bugs

SAP issued new security patches that tackle 19 new vulnerabilities and update 2 previous security notes. The updates include fixes for serious issues, such as a significant authorization flaw in the SAP BusinessObjects Business Intelligence platform. The most critical vulnerability (CVE-2025-0064) allows an attacker with admin rights to impersonate any user, risking sensitive data and system functions. SAP advises customers to address this urgently. Other high-risk vulnerabilities include a Path Traversal vulnerability in SAP Supplier Relationship Management, an Authentication Bypass in SAP Approuter, and multiple issues in SAP Enterprise Project Connection.