The China-linked advanced persistent threat (APT) group known as Lotus Panda conducted cyberattacks across Southeast Asia from August 2024 to February 2025, targeting government agencies, telecommunications, and air traffic sectors. The group employed new hacking tools, including browser stealers that exfiltrated Chrome data and hijacked legitimate software to facilitate their operations. Separately, a new malware strain targeting Docker containers has been identified, shifting from traditional cryptojacking to exploiting the Web3 network Teneo. This malware hijacks Docker to run fake nodes that generate TENEO tokens by sending counterfeit heartbeat signals. Over 325 downloads of this malware have been recorded from Docker Hub. Additionally, the Billbug espionage group has deployed new cyber tools in Southeast Asia, indicating increased cyber operations in the region.