In Q4 2025, a sophisticated phishing campaign unleashed the XWorm backdoor across industrial control systems worldwide, revealing critical security gaps even as overall malware activity declined. Oil and gas sectors were hit hardest, with attackers exploiting email and removable media to bypass defenses.
Cybercriminals are using Excel attachments and a years-old vulnerability to deliver XWorm 7.2 malware, hidden inside JPEG images. This modular, stealthy threat hijacks Windows PCs, evading antivirus tools and enabling data theft, ransomware, and DDoS attacks.
A wave of fake parking fines and medical results hit US inboxes over the holidays, masking a sophisticated XWorm malware attack by the cybercriminal group Storm-0900.