Beyond the Watering Hole — APT24 Shifts to Multi-Vector Espionage Attacks
TL;DR Google's Threat Intelligence Group is tracking a three-year campaign by APT24, a PRC-nexus actor, that uses a custom, heavily…
Sanctioned Intellexa Continues to Deploy Multiple Mobile Zero-Day Exploits
TL;DR Google's Threat Intelligence Group reports that Intellexa, despite US sanctions, remains an active commercial spyware vendor exploiting numerous mobile…
Multiple Threat Actors Exploiting React2Shell (CVE-2025-55182)
TL;DR A critical unauthenticated RCE in React Server Components, CVE-2025-55182 (React2Shell), was disclosed Dec. 3, 2025 and quickly saw widespread…
Are Android TV Streaming Boxes Being Recruited into Botnets?
TL;DR Security researchers examining Superbox Android TV-style streaming devices found software that replaces Google Play with an unofficial app store…
Meet Rey, the Teen Admin Behind Scattered LAPSUS$ Hunters Ransom Group
TL;DR A core operator known as 'Rey' has been identified as an administrator of the Scattered LAPSUS$ Hunters ransomware and…
SMS Phishers Shift Tactics: Points, Tax Refunds and Fake Shops
TL;DR Security researchers say China-based phishing groups have expanded SMS scams to include offers of rewards points, tax refunds and…
How a $25M Essay-Mill Network Connects to Russia’s Synergy University
TL;DR An international essay- and homework-writing network operating under “Nerdy” brands has generated nearly $25 million and repeatedly used Google…
Most Parked and Typosquatting Domains Now Redirect Visitors to Malware
TL;DR A study by security firm Infoblox finds that over 90% of parked and typosquatting domains now lead visitors to…
Ofcom opens probes after BT and Three outages blocked 999 access
TL;DR Ofcom has launched formal investigations into BT and Three following nationwide mobile voice outages that at times prevented users…
PostHog: Shai‑Hulud 2.0 worm was company’s largest security failure
TL;DR PostHog says the Shai‑Hulud 2.0 incident — where malicious npm releases were pushed and a worm harvested developer secrets…