Google's Threat Analysis Group (TAG) has reported a series of watering-hole attacks targeting Mongolian government websites, leveraging exploits for iOS and Android devices. The attacks, attributed to the Russian hacking group APT29, utilized vulnerabilities that were strikingly similar to those previously employed by commercial surveillance vendors such as Intellexa and NSO Group. In a related development, North Korean hackers have been identified as exploiting a zero-day vulnerability in Chromium, designated CVE-2024-7971, to execute remote code and conduct cyberattacks. This vulnerability has allowed them to launch attacks on various targets, including developers and cryptocurrency users. The ongoing cyber threats highlight the increasing sophistication of state-sponsored hacking groups and their reliance on advanced exploits to compromise systems and steal sensitive information.