ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories

Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update. Behind the scenes, the tactics are sharper. Access happens faster. Control is established sooner. Cleanup becomes harder...

⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More

Last week's cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day behave in unexpected ways. Old flaws resurfaced. New ones were used almost immediately. A common theme ran through it all in 2025. Attackers moved...

New Variant of ClayRat Android Spyware Seize Full Device Control

The dangerous ClayRat Android spyware has evolved, gaining the ability to steal PINs, record screens, and disable security by abusing Accessibility Services. Users must beware of fake apps spreading through phishing sites and Dropbox...

CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday issued an alert warning of bad actors actively leveraging commercial spyware and remote access trojans RATs to target users of mobile messaging applications. "These cyber actors use sophisticated targeting and social...

New RadzaRat Spyware Poses as File Manager to Hijack Android Devices

Certo Software found RadzaRat, an Android RAT disguised as a file manager that has a 0/66 detection rate on VirusTotal. It keylogs passwords and steals files...

Fantasy Hub is spyware for rent—complete with fake app kits and support

Researchers at Zimperium identified Fantasy Hub, a new Android spyware developed and sold as a subscription on Russian-language cybercrime forums. Malware-as-a-Service MaaS means cybercriminals rent out to malware to other criminals, complete with the infrastructure necessary to harvest and abuse...

Samsung Mobile Flaw Exploited as Zero-Day to Deploy LANDFALL Android Spyware

A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a "commercial-grade" Android spyware dubbed LANDFALL in targeted attacks in the Middle East. The activity involved the exploitation of CVE-2025-21042 CVSS score: 8.8, an out-of-bounds write flaw i...

Fake TikTok and WhatsApp Apps Infect Android Devices with ClayRat Spyware

Zimperium's zLabs warns of ClayRat, a fast-spreading Android spyware targeting Russia. It hides in fake apps like TikTok and steals texts, calls records, and camera photos...

New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps

A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google Photos, TikTok, and YouTube as lures to install them. "Once active, the spyware can exfiltra...

Spyware Disguised as Signal and ToTok Apps Targets UAE Android Users

ESET warns of fake Signal and ToTok apps spreading Android spyware in the UAE, stealing contacts, messages, and chat backups from users...

Warning: Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro

Cybersecurity researchers have discovered two Android spyware campaigns dubbed ProSpy and ToSpy that impersonate apps like Signal and ToTok to target users in the United Arab Emirates U.A.E.. Slovak cybersecurity company ESET said the malicious apps are distributed via fake websites and social...

Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices

Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the guise of the Alpine Quest mapping software. "The attackers hide this trojan inside modified Alpine Quest mapping software and distribute it...

Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States

The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome , marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns. "BoneSpy and PlainGnome...

New Android Spyware LianSpy Evades Detection Using Yandex Cloud

Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021. Cybersecurity vendor Kaspersky, which discovered the malware in March 2024, noted its use of Yandex Cloud, a Russian cloud service, for command-and-control C2...

Pro-Houthi Group Targets Yemen Aid Organizations with Android Spyware

A suspected pro-Houthi threat group targeted at least three humanitarian organizations in Yemen with Android spyware designed to harvest sensitive information. These attacks, attributed to an activity cluster codenamed OilAlpha, entail a new set of malicious mobile apps that come with their own...

SpyNote Android Spyware Poses as Legit Crypto Wallets, Steals Funds

By Deeba Ahmed From Banking Apps to Crypto Wallets: SpyNote Malware Evolves for Financial Gain. This is a post from HackRead.com Read the original post: SpyNote Android Spyware Poses as Legit Crypto Wallets, Steals Funds...

Stealthy Kamran Spyware Targeting Urdu-speaking Users in Gilgit-Baltistan

Urdu-speaking readers of a regional news website that caters to the Gilgit-Baltistan region have likely emerged as a target of a watering hole attack designed to deliver a previously undocumented Android spyware dubbed Kamran. The campaign, ESET has discovered, leverages Hunza News...

Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App

The threat actor known as Arid Viper aka APT-C-23, Desert Falcon, or TAG-63 has been attributed as behind an Android spyware campaign targeting Arabic-speaking users with a counterfeit dating app designed to harvest data from infected handsets. "Arid Viper's Android malware has a number of featur...

Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware

New findings have identified connections between an Android spyware called DragonEgg and another sophisticated modular iOS surveillanceware tool named LightSpy. DragonEgg, alongside WyrmSpy aka AndroidControl, was first disclosed by Lookout in July 2023 as a strain of malware capable of gathering...

Predator Android Spyware: Researchers Uncover New Data Theft Capabilities

Security researchers have detailed the inner workings of the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexapreviously Cytrox. Predator was first documented by Google's Threat Analysis Group TAG in May 2022 as part of attacks leveraging five differen...