Cybercriminals are proving that social media isn’t just for influencers - it’s a goldmine for deception. The Russian-speaking gang Crazy Evil has been running over 10 active scams, spreading various malware to Windows and macOS users. Not all wedding invitations bring good news, especially the fake ones. Cybercriminals in Malaysia and Brunei are using fake invites over Telegram and WhatsApp to spread Tria, an Android malware. Even nation-state hackers are leaning on AI to sharpen their cyber arsenals. Google warned that multiple nation-state actors are using Gemini for various purposes, including malware development. Read on for more.
01
The Russian-speaking cybercrime gang Crazy Evil has been linked to over 10 active social media scams using StealC and AMOS to target both Windows and macOS users.
02
Cybercriminals are using fake wedding invitations to distribute new Android malware called Tria in Malaysia and Brunei. They have been using Telegram and WhatsApp to send invitations that prompt users to install a rogue app.
03
A web skimming campaign affected at least 17 websites, including Casio UK, likely due to vulnerabilities in e-commerce platforms like Magento.
04
The CISA issued a warning about Contec CMS8000 devices, which contain a backdoor. This backdoor secretly sends patient data to a remote address and can download and execute files on the device.
05
A new race condition in Apple’s macOS kernel, tracked as CVE-2025-24118, lets hackers escalate privileges and execute code at the kernel level. This critical flaw was patched.
06
U.S. and Dutch authorities seized 39 domains and servers linked to the Pakistan-based HeartSender cybercrime group, which sold hacking and fraud tools.
07
APT groups from Iran, China, North Korea, and Russia have been observed using Gemini for various purposes, including reconnaissance, vulnerability research, and malware development, warned Google.
08
Google blocked 2.3 million Android app submissions to the Play Store in 2024 due to policy violations. Play Protect scanned over 200 billion apps daily, identifying 13 million new malware apps from outside Google Play.
09
PyPI introduced Project Archival to allow publishers to indicate that projects are no longer being updated, improving supply-chain security and user awareness.
10
Enterprise browser security startup Seraphic raised $29 million in a Series A funding round led by GreatPoint Ventures, with participation from the CrowdStrike Falcon Fund and existing investors.
