MS-ISAC loses federal support
The Multi-State Information Sharing and Analysis Center, which has supported the cybersecurity operations of state and local governments since its creation in 2004, has lost its federal funding and cooperative agreement, a Cybersecurity and Infrastructure Security Agency spokesperson confirmed with StateScoop on Tuesday. The news, first reported by freelance reporter Eric Geller, follows the Department of Homeland Security last month severing support for the Elections Infrastructure ISAC. A representative from the Center for Internet Security, the Upstate New York nonprofit that operated both information-sharing bodies, was not immediately available to comment.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
An analysis report released by CTM360, a cybersecurity company based in Bahrain, has identified a new threat – the PlayPraetor trojan. PlayPraetor is an Android trojan that is being spread through thousands of malicious websites designed to look like trusted, legitimate sources such as the Google Play Store. Instead of being official pages, these fake ones prompt users to download an app as a malicious APK file that requests dangerous permissions such as access to accessibility services.
US Hasn’t Determined Who Was Behind Cyberattack That Caused Outage on Musk’s X
U.S. officials have not determined who was behind an apparent cyberattack on the social media site X that limited access to the platform for thousands of users, according to a Trump administration official familiar with the ongoing investigation into the matter. Monday’s outage was described as a cyberattack by the official, who was not authorized to comment publicly on the matter and spoke Tuesday on the condition of anonymity. The official added that the Republican administration takes all cyberattacks against American companies seriously but underscored that the U.S. government had not gleaned any specific intelligence about who might have been behind the attack.
Microsoft patches an ‘extraordinary’ number of zero-day security vulnerabilities
Today is a good day to make sure your Windows 10 and 11 machines are up to date, as Microsoft has released a hefty new security update for a number of zero-day vulnerabilities. The patch, part of Microsoft’s Patch Tuesday update, contains fixes for Windows Server as well and include patches for six vulnerabilities which have already been exploited plus six more critical issues. The new update addresses security issues of a hefty seven zero-days, including flaws which can enable remote code execution, in which an attacker can run code on the victim’s system. One of these vulnerabilities requires the attacker to first trick a local user into taking some specific actions like mounting a malicious virtual hard disk image, and has already been taken advantage of my some hackers. This vulnerability, CVE-2025-24993, is marked as a severity 7.8 by Microsoft so it’s important to patch to protect against it.
North Korean government hackers snuck spyware on Android app store
A group of hackers with links to the North Korean regime uploaded Android spyware onto the Google Play app store and were able to trick some people into downloading it, according to cybersecurity firm Lookout. In a report published on Wednesday, and exclusively shared with TechCrunch ahead of time, Lookout details an espionage campaign involving several different samples of an Android spyware it calls KoSpy, which the company attributes with “high confidence” to the North Korean government.
