Predator spyware, developed by Intellexa, is actively being used in several countries, including Iraq and Pakistan. Researchers have found indicators likely associated with the use of Predator spyware by an entity tied to Pakistan.

Google has released an update for its Chrome browser, addressing 13 security vulnerabilities, including four high-severity issues. One critical vulnerability, CVE-2025-13633, affects the Digital Credentials feature.

GoldFactory, a financially motivated cybercriminal group, has launched a new wave of attacks in Southeast Asia, targeting mobile users in Indonesia, Thailand, and Vietnam. The group uses modified banking apps to distribute Android malware.

A critical pre-authentication RCE bug has been identified in Oracle Identity Manager’s REST WebServices. This vulnerability allows unauthenticated attackers to exploit URI and matrix parameter parsing weaknesses to execute arbitrary code.

CISA has added two new bugs to its KEV Catalog. The vulnerabilities include: 1. CVE-2025-48572: Android Framework Privilege Escalation Vulnerability 2. CVE-2025-48633: Android Framework Information Disclosure Vulnerability

The Aisuru botnet has launched over 1,300 DDoS attacks in just three months, with Cloudflare mitigating 2,867 attacks since the beginning of the year. The botnet's most significant attack peaked at 29.7 Tbps, setting a new record.

Sha1-Hulud has resurfaced with a new campaign targeting npm packages, affecting thousands of code repositories. This malware compromises development environments by trojaning npm packages.

A high-severity Windows LNK vulnerability, tracked as CVE-2025-9491, has been exploited by multiple state-backed and cybercrime groups in zero-day attacks. This flaw allows attackers to hide malicious commands within Windows LNK files.

The ClickFix attack, a sophisticated social engineering threat, has seen a 517% surge in usage. It involves fake ChatGPT Atlas browser installers that trick users into running password-stealing software.

The ValleyRAT campaign targets job seekers by disguising malicious files as legitimate job-related documents. It leverages Foxit PDF Reader for DLL side-loading, allowing threat actors to gain control of systems and steal sensitive data.