Financial institutions remain prime targets as cyber threats escalate. The latest Anatsa Android banking trojan, spread via Google Play, now hits 831+ banks worldwide, expanding into Germany, South Korea, and even cryptocurrency platforms. Meanwhile, Chinese-backed MURKY PANDA is targeting North American government, tech, academic, legal, and professional services sectors using RDP, web shells, and CloudedHope malware. Adding to the mix, the Go module golang-random-ip-ssh-bruteforce disguises as an SSH brute forcer but secretly steals credentials to a Telegram bot run by Russian actor IllDieAnyway. Read further for more cybersecurity updates from the weekend.
01
The latest variant of Anatsa malware, an Android banking trojan distributed via the Google Play Store, has been targeting over 831 financial institutions globally, including new regions like Germany and South Korea, and cryptocurrency platforms.
02
Chinese state-backed group MURKY PANDA is exploiting Citrix NetScaler ADC/Gateway (CVE-2023-3519) to target North American government, tech, academic, legal, and professional services sectors, using RDP, web shells, and CloudedHope malware for lateral movement and persistence.
03
In an ongoing cyber-espionage campaign, Pakistani APT36 is targeting Indian government entities using weaponized .desktop files disguised as legitimate documents to infiltrate Linux BOSS systems and deploy malware via malicious domains for C2 operations.
04
Android.Backdoor.916.origin, a malware disguised as an antivirus app, has been targeting Russian business executives by mimicking security tools, abusing Accessibility Services, and requesting dangerous permissions to enable surveillance, keylogging, and data theft.
05
A new macOS malware, Mac.c, has emerged on the dark web, developed by the hacker "mentalpositive" as a stripped-down version of the infamous AMOS stealer.
06
Attackers are exploiting SendGrid’s trusted reputation to bypass email security, sending phishing emails with spoofed addresses and polished branding that claim suspicious logins, "Elite Tier" benefits, or phone number changes.
07
A malicious Go module, golang-random-ip-ssh-bruteforce, has been found masquerading as an SSH brute forcer while secretly exfiltrating credentials to a Telegram bot controlled by the Russian-speaking threat actor IllDieAnyway.
08
Researchers detected coordinated SaaS account compromises using VPS infrastructure to run phishing campaigns and manipulate inbox rules, with attackers exploiting VPS to bypass defenses, evade checks, and mimic legitimate behavior.
09
Apple patched a critical Image IO vulnerability (CVE-2025-43300) that allowed attackers to hijack devices and gain remote control through maliciously crafted images exploiting a memory-corruption flaw.
10
A critical type confusion vulnerability (CVE-2025-26496) has been discovered in Tableau Server, along with four other flaws, including unrestricted file upload and path traversal that allow attackers to upload and execute malicious files and potentially compromise the system.
