Russia’s notorious Sandworm group has slithered back into action, launching destructive cyberattacks on Ukraine’s grain and other industries using data-wiping malware like ZeroLot and Sting to cripple operations. In parallel, a new Windows RAT named ValleyRAT is targeting Chinese-language users through platforms like WeChat and DingTalk. Adding to the global malware surge, Zscaler’s 2025 ThreatLabz report revealed over 42 million downloads of infected apps from Google Play, marking a 67% spike in Android malware and a staggering 387% rise in mobile attacks on the energy sector. Keep reading for more cybersecurity updates.
01
Russian state-backed group Sandworm was found launching destructive cyberattacks on Ukraine’s grain and other industries using data-wiping malware like ZeroLot and Sting, designed to irreversibly corrupt or erase data and disrupt operations.
02
A sophisticated Windows RAT named ValleyRAT has been targeting Chinese-language users via apps like WeChat and DingTalk in targeted malware campaigns.
03
A phishing campaign has been targeting Booking.com hotels and customers using compromised accounts and ClickFix social engineering technique to spread PureRAT malware, steal sensitive data, and defraud users through hijacked booking accounts.
04
After a seven-month hiatus, Gootloader malware has reemerged, using SEO poisoning and fake legal document sites to spread malicious JavaScript files that enable ransomware attacks through backdoors and bots.
05
Google has warned of emerging AI-powered malware families like PROMPTFLUX, PROMPTSTEAL, FRUITSHELL, and QUIETVAULT that use LLMs for dynamic code changes, obfuscation, and credential theft, with PROMPTLOCK even experimenting with AI-driven ransomware.
06
Zscaler’s 2025 ThreatLabz report revealed that hundreds of malware-infected apps were downloaded 42 million times from Google Play, marking a 67% surge in Android malware, with productivity apps most exploited and mobile attacks on the energy sector spiking by 387%.
07
A critical vulnerability (CVE-2025-11833) in the Post SMTP plugin allowed unauthenticated attackers to view email logs and reset passwords, affecting 400,000 WordPress sites and leading to account takeovers.
08
Multiple vulnerabilities in the Django web framework have been addressed through critical patches. These vulnerabilities, CVE-2025-64459 and CVE-2025-64458, pose risks of SQL injection and DoS attacks.
09
US-Israeli cybersecurity startup Armis has secured $435 million in a funding round led by Goldman Sachs’ alternative investments platform and CapitalG.
10
Flare, a threat exposure management platform, raised $30 million through a Series B extension and debt financing round led by Inovia Capital’s Growth Fund, Base10 Partners, White Star Capital, and the Bank of Montréal.
