CERT-UA reports PLUGGYAPE malware attacks targeting Ukrainian defense forces via Signal and WhatsApp, using phishing links and evolving backdoors.

The Tidyverse Blog offers insights, tutorials, and updates on the Tidyverse, a collection of R packages for data science and statistical computing. Covering topics such as data manipulation, visualization, and analysis, the blog provides resources for R developers looking to leverage the power of the Tidyverse for their data projects. Developers can learn how to use Tidyverse packages effectively to clean, transform, and analyze data in R.

The Hacker News

CERT-UA identified PLUGGYAPE malware attacks targeting Ukrainian defense forces between October and December 2025, attributed to Russian group Void Blizzard. Attackers used Signal and WhatsApp to distribute phishing links disguised as charity organizations, delivering Python-based backdoors with WebSocket/MQTT communication. The malware retrieves C2 addresses from paste services like Pastebin for operational resilience. Additional campaigns deployed FILEMESS stealer via VHD files and GAMYBEAR backdoor through LNK/HTA payloads, targeting defense forces, local governments, and educational institutions.

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces