Cybersecurity Threats Update: FortiGate Ransomware-as-a-Service, Citrix Vulnerabilities, MCP Exploitation, LiveChat Phishing Attacks, and More

Google Play Protect Expands Fraud Protection to 2.8 Billion Android Devices

Google Play Protect has recently extended its ‘enhanced fraud protection’ to cover more than 2.8 billion Android devices across 185 markets. This expansion has resulted in the blocking of 266 million installation attempts from 872,000 unique risky apps. Additionally, Google has introduced Scam Detection for phone calls on Google Pixel devices in several countries including the U.S., U.K., Australia, Canada, France, Germany, India, Ireland, Italy, Japan, Mexico, and Spain. This feature is also being expanded to Samsung Galaxy S26 series in the U.S.

Report Shows 1% of Vulnerabilities Account for Majority of Cyberattacks

According to a report by VulnCheck, only 1% of 2025 CVEs were exploited by the end of the year. Network edge devices were responsible for a third of all products exploited in the past year. The report also noted a decrease in new vulnerabilities linked to named state-sponsored threat groups and APTs, with an increase in CVE exploits attributed to China-nexus groups. Another report from IBM X-Force revealed a 44% increase in cyberattacks exploiting public-facing applications.

EU Extends Rules for CSAM Detection

The European Parliament has voted to extend a temporary exemption to E.U. privacy legislation, allowing online platforms to detect child sexual abuse material (CSAM) voluntarily until August 2027. Lawmakers believe that this extension will provide more time for the bloc to negotiate and adopt a long-term legal framework to prevent and combat CSAM online.

New AOT Malware Evades Analysis and Detection

A newly discovered attack chain delivered via a phishing URL has been found distributing a C++ trojan downloader, which then deploys the Rhadamanthys stealer and XMRig cryptocurrency miner. The malware uses .NET Native Ahead-of-Time (AOT) compiled binaries to evade traditional analysis tools, making detection and reverse engineering challenging. The AOT loader includes sophisticated anti-analysis capabilities to avoid detection.

GitGuardian Reports Surge in Secrets Sprawl on GitHub

GitGuardian’s State of Secrets Sprawl report revealed a significant increase in leaked secrets on public GitHub commits, with 28,649,024 new secrets added in 2025 alone. AI service secrets also saw a notable increase, reaching 1,275,105. Additionally, the report identified thousands of unique secrets exposed in MCP-related configuration files on public GitHub.

Malicious Themes Inject Ads and Redirects

Six malicious Packagist packages posing as OphimCMS themes were found to contain trojanized jQuery that exfiltrates URLs, injects ads, and loads redirects to malicious sites. These packages include various themes such as ophimcms/theme-dy and ophimcms/theme-legend. The malicious JavaScript assets within these themes aim to redirect visitors and inject unwanted content.

Multi-Stage Phishing Campaign Bypasses Security Filters

A C-level executive at a security firm was targeted in a multi-stage phishing attack that impersonated JPMorgan Chase. The campaign utilized URL redirects through legitimate domains to bypass security filters and conceal the final phishing destination. The attackers implemented various tactics, including a Cloudflare-based ‘human validation’ step, to ensure the success of the phishing attack.

Stay informed about these cybersecurity developments to protect yourself and your devices. Remember, vigilance is key in staying ahead of potential threats.

Transform the following:

Original: The cat is sleeping on the couch.
Transformed: The couch is being slept on by the cat.