Just when you thought it was safe to trust your banking app, the Godfather makes an offer your phone can’t refuse. Researchers have uncovered a malware variant by the same name that hijacks mobile banking and crypto apps using sneaky virtualization tricks. Expanding on the threat to the crypto space, North Korean group Famous Chollima is deploying a Python-based RAT called PylangGhost through fake job listings, leading users to malicious skill-test sites. Meanwhile, another campaign involves a compromised jQuery Migrate library on a hacked WordPress site, using Parrot TDS to deliver tailored malware based on users' devices and browsers. Catch the latest happenings in the cybersecurity landscape below.
01
Researchers identified a GodFather banking malware, which uses advanced virtualization techniques to hijack legitimate mobile banking and cryptocurrency applications by creating an isolated virtual environment on the victim’s device.
02
North Korean threat group Famous Chollima is using a new Python-based RAT, PylangGhost, to target crypto and blockchain professionals via fake job listings impersonating firms like Coinbase and Uniswap, luring victims to bogus skill-test sites to deploy malware.
03
Threat actors are exploiting sponsored Google ads to mislead users into calling fake support numbers by hijacking legitimate websites like Netflix, PayPal, and Bank of America.
04
Scammers are impersonating European tax authorities, such as the Dutch Belastingdienst, targeting crypto holders through phishing emails and fake government websites to steal wallet credentials or drain wallets via malicious smart contracts.
05
Cofense uncovered a phishing campaign using a .gov domain and GovDelivery to pose as unpaid toll notices, tricking victims into a fake TxTag page to steal personal and credit card information.
06
A hidden malware has been found in a corrupted jQuery Migrate library on a hacked WordPress site that uses Parrot TDS to deliver targeted payloads based on user device and browser.
07
Barracuda’s analysis of 2022–2025 emails shows a sharp rise in AI-generated spam post-ChatGPT, with 51% of spam and 14% of BEC attacks AI-generated by April 2025.
08
Two critical Linux bugs (CVE-2025-6018, CVE-2025-6019) let unprivileged users gain root access via PAM misconfigurations and privilege escalation through libblockdev and the udisks daemon.
09
IBM has issued a critical security update for its QRadar SIEM platform due to multiple vulnerabilities, including a severe flaw (CVE-2025-33117) that allows privileged users to execute arbitrary commands.
10
Cyberoo S.p.A., an SME that specializes in cybersecurity for businesses, has acquired Cyberoo Global AL, Cyberoo Global UA, and a business unit from Cyberoo Global S.p.A. for $1.5 million.
