Cyber threat activity continues to intensify globally, with state-sponsored actors and sophisticated malware campaigns targeting key sectors and geopolitical hotspots. North Korean state-sponsored group TA406 has been conducting phishing campaigns against Ukrainian government entities, aiming to gather strategic intelligence amid the ongoing Russian invasion. In a separate campaign dubbed ‘Operation: ToyBox Story,’ North Korean APT37 employed spear-phishing emails disguised as invitations to a national security forum. Meanwhile, Check Point’s April 2025 report highlights a surge in advanced malware attacks involving FakeUpdates, Remcos, and AgentTesla. Keep on reading for more cybersecurity news from the past 24 hours.
01
The North Korean state-sponsored group TA406 has been found launching phishing campaigns targeting Ukrainian government entities to gather strategic intelligence on the Russian invasion.
02
North Korean APT37 launched Operation: ToyBox Story, using spear-phishing disguised as national security forum invitations. Dropbox was used as a delivery and C2 channel.
03
Earth Ammit, linked to Chinese-speaking APT groups, has been targeting Taiwan’s drone supply chain in the VENOM (2023–2024) and TIDRONE (2024) campaigns.
04
Researchers have discovered PupkinStealer, a new .NET-based malware that targets Windows users to steal browser credentials, messaging sessions, and desktop documents. It uses Telegram’s Bot API for data exfiltration.
05
Turkish espionage group Marbled Dust exploited a zero-day vulnerability (CVE-2025-27920) in the Output Messenger app to spy on the Kurdish military in Iraq.
06
Threat actors are embedding malicious .NET payloads as bitmap image resources within PE files to evade detection and deliver malware such as Remcos and NjRAT.
07
As per Check Point’s April 2025 report, a surge in sophisticated malware attacks using FakeUpdates, Remcos, and AgentTesla has been observed, with the education sector being the most targeted.
08
CISA has identified a security vulnerability (CVE-2025-47729) in the TeleMessage application, which has been added to its KEV catalog. The flaw allows hackers to access unencrypted chat logs from platforms like Signal and Telegram.
09
Apple released security updates for iOS and macOS to address critical vulnerabilities, including CVE-2025-31251 in AppleJPEG, CVE-2025-31233 in CoreMedia, and multiple CVEs in WebKit. These flaws could allow attackers to execute malicious code by processing crafted media files.
10
SAP's May 2025 Security Patch Day has unveiled critical vulnerabilities, including a zero-day flaw actively exploited by attackers. The patch includes 16 new Security Notes and updates to two older ones, addressing severe threats in SAP’s business-critical applications.
