Google’s Managed Defense team has discovered that attackers are using popular VPN applications as a backdoor to spread Playfulghost malware. The malware is distributed through SEO poisoning, which involves manipulating search engine results to make the infected software appear legitimate. Once on a device, Playfulghost can remotely execute a range of activities such as keylogging, screenshot capturing, and audio capturing.

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)
A suspected Chinese advanced persistent threat (APT) group exploited CVE-2025-22457, a previously unexploitable buffer overflow bug, to compromise devices running Ivanti Connect Secure (ICS) and