From espionage to fraud, government entities are increasingly targeted by sophisticated cyber operations spanning multiple continents. One such campaign, Operation RoundPress, has been exposed by researchers as a Russia-linked Sednit operation that exploits XSS vulnerabilities in webmail servers to infiltrate government and defense organizations in Ukraine and beyond. Google has also flagged Scattered Spider for shifting its ransomware and extortion attacks to U.S. retail chains. Meanwhile, the Kaleidoscope ad fraud campaign is abusing over 130 malicious Android apps to push unskippable ads, driving 2.5 million fake installs monthly. Here are the cybersecurity updates from the past 24 hours.
01
Researchers uncovered Operation RoundPress, a Russia-linked Sednit campaign exploiting XSS flaws in webmail servers to spy on government and defense targets, mainly in Ukraine and across Eastern Europe, Africa, and South America.
02
Google has warned that the hacking group Scattered Spider, previously responsible for ransomware attacks on UK retailers, is now targeting U.S. retail chains using similar ransomware and extortion tactics.
03
A new Windows-targeting botnet called HTTPBot has been uncovered, using sophisticated HTTP-based DDoS attacks that imitate real user behavior to bypass conventional security measures.
04
Researchers discovered a malicious npm package, os-info-checker-es6, which uses Unicode steganography to hide its code and Google Calendar as a dynamic C2 dropper.
05
A new ad fraud campaign dubbed Kaleidoscope is abusing over 130 malicious and lookalike Android apps, many on Google Play, to deliver unskippable ads, generating 2.5 million fraudulent installs each month.
06
Google has released Chrome 136 update to address four vulnerabilities, including a high-severity flaw (CVE-2025-4664) that allows remote attackers to leak cross-origin data via crafted HTML pages.
07
Adobe has issued patches for 39 vulnerabilities across multiple products, including critical updates for Adobe ColdFusion, Photoshop, Illustrator, Lightroom, and others, addressing risks like code execution and privilege escalation.
08
Ivanti has released patches for two vulnerabilities (CVE-2025-4427 and CVE-2025-4428) in its EPMM software, which can be exploited together to achieve unauthenticated RCE.
09
ClearVector, an identity-driven security company, secured $13m in a Series A funding round led by Scale Venture Partners, with support from Okta Ventures, Inner Loop Capital, and Menlo Ventures.
10
Ekinops announced its acquisition of Olfeo, a French cybersecurity software provider for enterprises.
