Cybersecurity researchers have uncovered a series of sophisticated campaigns targeting both individuals and organizations. Two phishing servers have been linked to Iran-affiliated APT35, which is actively targeting government, military, and international entities using simple domains disguised as popular services like Google Meet. Meanwhile, a new Android banking trojan called Datzbro is preying on elderly users through AI-generated Facebook travel scams, tricking them into downloading malicious APKs that allow attackers to take over devices and steal funds. In another campaign, Ukrainian government entities are being targeted with phishing attacks that deliver Amatera Stealer and PureMiner malware via malicious SVG files. Keep reading for more cybersecurity updates from the last 24 hours.
01
Researchers linked two phishing servers to Iran-affiliated APT35, which targets government, military, and international organizations using simplistic domains posing as services like Google Meet.
02
A new Android banking trojan, Datzbro, is tricking elderly users with AI-generated Facebook travel scams to download malicious APKs, enabling device takeover and financial theft.
03
Klopatra, a new Android banking trojan, gives attackers full remote control, leveraging Accessibility Services and hidden VNC, to stealthily execute fraudulent transactions against users of major financial institutions.
04
XiebroC2 malware, delivered via PowerShell, is targeting poorly managed MS-SQL servers using open-source C2 frameworks, exploiting weak credentials to deploy CoinMiner and JuicyPotato for privilege escalation.
05
A phishing campaign has been targeting Ukrainian government entities, delivering Amatera Stealer and PureMiner malware through malicious SVG files.
06
Interpol's Operation Contender 3.0 dismantled 81 cybercrime networks across 14 African countries, arresting 260 suspects involved in romance and sextortion scams that defrauded nearly 1,500 victims of $2.8 million.
07
Broadcom released updates to fix two high-severity VMware NSX vulnerabilities reported by the NSA, including password recovery and username enumeration flaws that could lead to unauthorized access.
08
Scans exploiting Palo Alto Global Protect vulnerability (CVE-2024-3400) are rising, as attackers leverage unvalidated session IDs to upload files on previously unpatched systems.
09
Apple released macOS Sequoia 15.7.1 to patch a critical font parser vulnerability (CVE-2025-43400) that could cause crashes or memory corruption via malicious fonts.
10
Vulnerability management firm Mondoo secured $17.5 million in a Series A extension led by HV Capital, with contributions from T.Capital, Atomico, Firstminute Capital, and System.One.
