Today’s roundup

• HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands
• Google to Verify All Android Developers in 4 Countries to Block Malicious Apps
• CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git
• US: Maryland Confirms Cyber Incident Affecting State Transport Systems

Summary

The following updates highlight significant threats, vulnerabilities, and incidents impacting enterprises and critical infrastructure.
Hook Android Trojan variant now deploys full‑screen ransomware overlays to coerce payments and expands to 107 remote commands, increasing its attack surface.
Google will require identity verification for all Android developers, including non‑Play Store channels, to curb malicious app distribution.
CISA added three actively exploited CVEs—CVE‑2024‑8068 in Citrix Session Recording, CVE‑2024‑8069, and CVE‑2024‑8070 in Git—to its KEV catalog, signaling real‑world exploitation.
A cyber incident disrupted Maryland’s state transport operations; all pre‑scheduled trips are still honored, indicating a mitigated but visible impact on critical infrastructure.
Tech manufacturer Data I/O faced a ransomware breach that forced certain systems offline, causing operational disruption and highlighting the ongoing threat to manufacturing firms.