A North Korean spyware slipped into Google Play before anyone noticed. The KoSpy surveillance tool was secretly distributed through Google Play Store and Firebase Firestore, targeting Android users before its takedown. A ransomware strain built for chaos is now hitting critical targets. Elysium, a variant of Ghost ransomware, is exploiting outdated applications to cripple critical infrastructure and more. Facebook has flagged a FreeType vulnerability that’s already being exploited in real-world attacks, threatening Linux, Android, and online platforms. Read on for more.
01
A new Android surveillance tool called KoSpy has been discovered, which is linked to the North Korean APT group ScarCruft. KoSpy was distributed through the Google Play Store and Firebase Firestore.
02
A new ransomware variant, Elysium, linked to the Ghost ransomware family, has been targeting critical infrastructure, healthcare, and government sectors by exploiting vulnerabilities in outdated applications.
03
Mandiant discovered custom TinyShell backdoors on Juniper Networks’ Junos OS routers, attributed to the China-nexus espionage group UNC3886. The attacks affected routers running EOL hardware and software.
04
GreyNoise has detected a coordinated surge in the exploitation of SSRF vulnerabilities across multiple platforms, with at least 400 IPs actively exploiting multiple SSRF CVEs simultaneously.
05
Facebook has warned about a vulnerability in the FreeType open-source font rendering library. The flaw, tracked as CVE-2025-27363, can lead to arbitrary code execution and has been reportedly exploited in attacks.
06
Fortinet has released 17 new advisories for 18 vulnerabilities found in various products, including FortiOS, FortiProxy, FortiPAM, FortiSRA, FortiAnalyzer, FortiManager, and others.
07
The FBI, the CISA, and MS-ISAC warned about the ongoing threat of Medusa ransomware that has impacted over 300 victims across various critical infrastructure sectors since June 2021.
08
The quick service restaurant industry observed a significant increase in account takeover attacks, with over 130 companies affected, a 72% rise from the previous year, due to the expansion of digital transactions and loyalty programs.
09
An extensive scam cryptocurrency investment campaign has been discovered, which operates similarly to Ponzi schemes and impersonates popular brands, organizations, and events to lure victims.
10
Security validation vendor Pentera raised $60 million in a Series D funding round led by Evolution Equity Partners, with participation from Farallon Capital.
