Phishing season is open, and CoGUI is casting a wide net. This crafty phishing kit has been actively targeting organizations in Japan by impersonating well-known consumer and financial brands. In a separate campaign, the threat actor Venom Spider is targeting corporate HR departments with spear-phishing emails disguised as job applications. Meanwhile, German authorities, led by Bavarian law enforcement, have successfully dismantled the Pygmalion dark web marketplace, seizing servers, onion domains, and customer data linked to over 7,000 illegal drug transactions. Today’s must-know stories in cybersecurity, all in one place.
01
A phishing kit named CoGUI has been targeting Japanese organizations by impersonating well-known consumer and finance brands to steal credentials and payment data.
02
A new campaign by Venom Spider is targeting corporate HR departments using spear-phishing emails disguised as job applications. These emails deploy a backdoor called More_eggs.
03
Mamona, a new commodity ransomware strain, has been identified that operates entirely offline, encrypting files locally without data exfiltration or C2 communication.
04
The Panda Shop smishing kit, linked to Chinese cybercriminals, has been enabling large-scale SMS phishing attacks through a crime-as-a-service model, utilizing platforms like Telegram and compromised accounts to distribute fraudulent messages globally.
05
APT36 threat actors have spoofed the official website of the Indian Ministry of Defence to distribute cross-platform malware, leveraging a ClickFix-style infection chain that targets both Windows and Linux users.
06
The Bavarian law enforcement and other federal authorities have dismantled the dark web marketplace Pygmalion, seizing servers, onion domains, and customer data linked to over 7,000 drug transactions.
07
A cybersecurity vulnerability termed ‘Bring Your Own Installer’ has been identified in SentinelOne EDR software that allows threat actors to bypass SentinelOne’s anti-tamper protections and deploy the Babuk ransomware.
08
A researcher has exploited a flaw in a frontend RegEx filter that lacked corresponding backend validation, enabling RCE by sending crafted HTTP requests that bypassed client-side restrictions.
09
Google addressed 47 vulnerabilities, including a critical FreeType flaw (CVE-2025-27363) under limited exploitation in its May Android security update. The vulnerability could enable arbitrary code execution and affects over a billion devices.
10
A critical vulnerability has been discovered in Samsung MagicINFO 9 Server, tracked as CVE-2024-7399. It could allow unauthenticated attackers to upload malicious JSP files, leading to RCE with system-level privileges.
