Who knew our ever-so-helpful IoT gadgets were secretly rolling out the welcome mat for cybercriminals? Recently, researchers accessed 40,000 vulnerable IoT camera live feeds, notably impacting the U.S. with cameras at data centers and healthcare facilities. Simultaneously, over 20 malicious cryptocurrency phishing apps impersonating legitimate wallets like SushiSwap and PancakeSwap have been found on the Google Play Store. These are compounded by the HelloTDS Traffic Direction System, which is actively delivering FakeCaptcha scams and other malware to millions of devices. Read further for more cybersecurity news from the past 24 hours.
01
Researchers globally accessed 40,000 vulnerable IoT camera live feeds, enabling espionage and crime. The U.S, notably with cameras at data centers and healthcare facilities, is most affected.
02
Over 20 malicious cryptocurrency phishing apps have been discovered on the Google Play Store, targeting users by impersonating legitimate wallets like SushiSwap, PancakeSwap, Hyperliquid, and Raydium.
03
Two malicious npm packages—express-api-sync and system-health-sync-api—have been masquerading as utilities but contain backdoors for system destruction.
04
A malicious Python package, imad213, has been found posing as an Instagram growth tool, collecting user credentials and sending them to third-party bot services.
05
Threat actors are using social engineering and GitHub to distribute malicious code mimicking legitimate AI models like OpenAI’s Sora.
06
A Traffic Direction System (TDS) infrastructure, HelloTDS, has been delivering FakeCaptcha scams and other malware to millions of devices.
07
Akamai detected active exploitation of the critical RCE vulnerability CVE-2025-24016 in Wazuh servers that allows attackers to execute arbitrary code via unsanitized API requests.
08
A critical vulnerability (CVE-2025-3835) in ManageEngine Exchange Reporter Plus allows RCE, potentially compromising system integrity.
09
The CISA added two critical vulnerabilities impacting Erlang/OTP SSH (CVE-2025-32433) and Roundcube Webmail (CVE-2024-42009) to its KEV catalog due to active exploitation.
10
Liongard, an Attack Surface Management (ASM) platform provider, has acquired Darklight Cyio, an AI-powered cyber risk platform.
