Go to listing page

Daily Cybersecurity Roundup, July 25, 2025

In search of connection, dating apps have become a popular gateway, but cybercriminals are now weaponizing that very trust, as seen in the SarangTrap campaign, which uses fake dating and social networking apps to steal sensitive data from Android and iOS users, primarily in South Korea. Meanwhile, the Dropping Elephant APT group has shifted its focus to Turkey’s defense sector using spear-phishing emails laced with malicious LNK files. In the Linux ecosystem, a newly discovered AI-crafted malware dubbed Koske is exploiting misconfigured JupyterLab instances. Keep reading for more cybersecurity news from the last 24 hours.


01

A large-scale malware campaign, dubbed SarangTrap, uses fake dating and social networking apps to steal sensitive data across Android and iOS platforms, targeting users primarily in South Korea.

02

The Dropping Elephant APT group is targeting Turkish defense contractors involved in precision-guided missile systems through spear-phishing attacks using malicious LNK files disguised as unmanned vehicle system conference invitations.

03

Hive0156, a Russian-aligned threat actor, has been targeting Ukraine using decoy documents, weaponized LNK and PowerShell files, and HijackLoader malware to deliver Remcos RAT.

04

An attacker hijacked Amazon’s AI coding assistant ‘Q’ for VS Code by injecting malicious code that instructed the software to wipe users' computers.

05

Koske, a new AI-generated Linux malware, has been exploiting misconfigured JupyterLab instances, using panda-themed polyglot JPEG images to stealthily deploy malicious payloads directly into system memory.

06

A hacker known as EncryptHub compromised the Steam game "Chemia" by injecting HijackLoader and Vidar infostealer, which fetch C2 addresses from Telegram and steal credentials and crypto wallet data.

07

Researchers have identified a widespread Telnet-based attack campaign originating from misconfigured VOIP devices, revealing a global reconnaissance pattern executed via dozens of IPs tied to VOIP-enabled devices.

08

High-severity flaws in Weidmueller IE-SR-2TX routers (VDE-2025-052) allow RCE with root access, posing risks to industrial and critical infrastructure systems.

09

IdentifAI, an Italian cybersecurity firm, has secured $5.8 million in a funding round led by United Ventures.

10

A cybersecurity startup, Daylight Security, has raised $7 million in seed funding led by Bain Capital Ventures, with participation from Maple VC and prominent Israeli angel investors.

Get the Daily Cybersecurity Roundup delivered to your email!