The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the RESURGE malware, which exploits a vulnerability in Ivanti VPNs identified as CVE-2025-0282. This malware is characterized by its rootkit, bootkit, and web shell features, posing a threat to critical infrastructure. CISA has advised users to patch their systems, specifically those running Ivanti versions earlier than 22.7R2.5. In a related development, Russian hackers linked to the Gamaredon group are using fake military documents to deploy the Remcos Remote Access Trojan (RAT) on Ukrainian systems. This operation involves a series of deceptive tactics, including ZIP files and PowerShell scripts, to gain full access to targeted systems. Additionally, another Russian group, Water Gamayun, is exploiting a Windows zero-day vulnerability (CVE-2025-26633) to deploy backdoors named SilentPrism and DarkWisp, using signed MSI files masquerading as legitimate applications. CISA has also added a flaw in Cisco's Smart Licensing Utility to its Known Exploited Vulnerabilities catalog, further highlighting ongoing cybersecurity threats.