Android Apps Laced With North Korean Spyware Found in Google Play
Summary: Researchers have identified multiple Android apps that, despite passing Google Play’s security checks, are secretly uploading sensitive user data to North Korean intelligence. These apps, which appear as utility tools, collect various personal information including SMS messages, call logs, and location data. The detected malware, named KoSpy, highlights the risk of installing seemingly legitimate applications from app marketplaces.…
Read More
New North Korean Android spyware slips onto Google Play
Summary: A new spyware known as ‘KoSpy,’ attributed to North Korean threat group APT37, has infiltrated Google Play and APKPure through five malicious apps. The campaign, active since March 2022, primarily targets Korean and English-speaking users by masquerading as legitimate applications. Although the apps have been removed, users are advised to manually uninstall them and scan their devices for any residual threats.…
Read More
Signal no longer cooperating with Ukraine on Russian cyber threats, official says
Summary: Ukrainian officials have expressed concern that the encrypted messaging app Signal has ceased responding to law enforcement requests, which they claim aids Russian intelligence operations. Signal, previously relied upon by Ukrainian military and government personnel, has been implicated in espionage activities, and Ukraine is seeking alternatives for secure communication.…
Read More
Cybersecurity News Review, — Week 10 (2025)
The latest cybersecurity newsletter highlights vulnerabilities and attacks involving multiple platforms including VMware, Microsoft, Google, and more. Key updates include the patching of critical zero-day vulnerabilities, ransomware attacks, and the rise of sophisticated malware targeting various industries. The report emphasizes the importance of cybersecurity measures to protect sensitive data and infrastructure.…
Read More
A Serbian youth activist fell victim to a sophisticated zero-day exploit targeting Android devices, believed to be developed by Cellebrite. This exploit exploited a critical vulnerability allowing unauthorized access, raising concerns about user privacy and data security. Affected: Android devices, privacy rights, cybersecurity sector

Keypoints :

A Serbian activist had their Android phone compromised using a Cellebrite exploit.…
Read More
Threat Intelligence RoundUp: February
This recap outlines notable cybersecurity incidents reported in recent articles, emphasizing the evolving landscape of cyber threats and significant actions taken against cybercriminals. Affected: Cybersecurity, Government Entities, Journalists, Organizations, Healthcare

Keypoints :

U.K., U.S., and Australia imposed sanctions on Russian cyber entity “Zservers” linked to ransomware attacks.…
Read More
Google’s March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities
Summary: Google has published its March 2025 Android Security Bulletin, addressing 44 vulnerabilities, including two high-severity flaws actively exploited in the wild. Notably, these vulnerabilities, CVE-2024-43093 and CVE-2024-50302, stem from privilege escalation issues within the Android framework and Linux kernel respectively. Google has advised its partners and users to implement the latest security patches to mitigate the risks associated with these vulnerabilities.…
Read More
Turkey’s Attacking APT Groups and Attack Analyses
This study offers a comprehensive examination of Advanced Persistent Threats (APTs), focusing on their dynamics, techniques employed, and preventive measures. The article discusses the identification of APTs, the reasons behind attacks on Turkey, and their geopolitical and economic impacts. Furthermore, it explains the concept of Tactics, Techniques, and Procedures (TTP), their subdivision into sub-techniques, and details effective strategies to mitigate APT attacks.…
Read More
2024 Malicious Infrastructure Report
In 2024, Insikt Group expanded its monitoring of malicious infrastructure, particularly focusing on malware families and infrastructure types. Key trends included the rise of malware-as-a-service infostealers, with significant activity from LummaC2, and persistent targeting of Android for mobile malware. State-sponsored groups from China and Russia adapted their tactics, leveraging legitimate internet services to enhance cybercrime efforts.…
Read More
Amnesty Reveals Cellebrite Zero-Day Android Exploit on Serbian Student Activist
Summary: Amnesty International revealed that Cellebrite’s mobile forensic tools exploited zero-day vulnerabilities to access a locked Android device of a Serbian student activist. The exploitation targeted essential Linux USB drivers, potentially affecting over a billion Android devices. This incident exemplifies the misuse of forensic technology by authorities and the urgent need for enhanced security measures by Android vendors to protect against such vulnerabilities.…
Read More
Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone
Summary: A Serbian youth activist’s Android phone was targeted using a zero-day exploit developed by Cellebrite, enabling authorities to bypass the device’s lock screen. The exploit leveraged vulnerabilities in Linux kernel USB drivers and was discovered post the activist’s arrest following a protest. Amnesty International raised concerns about the misuse of technology for surveillance and hacking purposes.…
Read More
Serbian police used Cellebrite zero-day hack to unlock Android phones
Summary: Serbian authorities utilized a zero-day exploit chain by Cellebrite to unlock a student activist’s device and install spyware. This incident has raised concerns over privacy rights, prompting Cellebrite to restrict access to its tools for Serbian security services. Meanwhile, vulnerabilities identified in the Android kernel remain partially unaddressed, posing ongoing risks.…
Read More
Cellebrite zero-day exploit used to target phone of Serbian student activist – Amnesty International Security Lab
Amnesty International’s Security Lab revealed a case of Cellebrite’s forensic tools being misused to surveil a youth activist in Serbia. Subsequent investigations indicated that the Serbian authorities continue to exploit such tools for illegitimate surveillance of civil society despite international criticism. Further research highlighted zero-day vulnerabilities in Android USB drivers potentially affecting over a billion devices.…
Read More
Cellebrite cuts off Serbia over abuse of phone-cracking software against civil society
Summary: Cellebrite, an Israeli company, has decided to cease licensing its mobile unlocking software to Serbia after allegations of misuse by Serbian authorities, including the illegal break-in of citizens’ phones. This decision follows an Amnesty International report that highlighted the use of Cellebrite’s technology to install spyware on civilians.…
Read More
Attacks Against Government Entities, Defense Sector, and Human Targets
This article discusses the ongoing cyber warfare between Russia and Ukraine, highlighting various attacks perpetrated by both sides against government entities, military targets, and human resources. It details significant events, cyber techniques, and implications for future warfare. Affected: Ukrainian Government, Defense Sector, Russian Government, Civilian Targets

Keypoints :

Russian XakNet hackers targeted Ukrainian government entities, erasing records from the Ministry of Justice.…
Read More
LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile
Summary: Cybersecurity researchers have identified updates to the LightSpy implant, a modular spyware with expanded capabilities for data extraction from social media platforms like Facebook and Instagram. This updated version supports an extensive range of commands across multiple operating systems and has introduced new Windows-specific plugins for data collection and surveillance.…
Read More
⚡ THN Weekly Recap: From .5B Crypto Heist to AI Misuse & Apple’s Data Dilemma
Summary: This week’s cyber news highlights a record-breaking .5 billion crypto theft linked to the Lazarus Group, the banning of ChatGPT accounts for malicious activities by OpenAI, and Apple’s withdrawal of its Advanced Data Protection feature in the UK. These incidents underscore the evolving landscape of cyber threats and their impact on organizations and users alike.…
Read More