Initial Access Brokers have become pivotal in the cybercrime ecosystem, facilitating the outsourcing of intrusion tasks to advanced adversaries. This commoditization of access to critical systems allows IABs to sell access to the highest bidder.

A recent campaign linked to the ShinyHunters threat actor is exploiting OAuth tokens from third-party applications—specifically those developed by Gainsight—integrated into Salesforce environments.

A ransomware attack targeting the state of Nevada was traced back to a malware-laced tool downloaded by a state employee from a spoofed website. The attack, which culminated in ransomware deployment on August 24, impacted over 60 state agencies.

A significant surge in cyberattacks targeting Android and Internet of Things (IoT) devices has been observed across critical infrastructure sectors between June 2024 and May 2025.

Multiple critical vulnerabilities in Microsoft Teams have been identified that allow attackers to manipulate messages, spoof notifications, and impersonate users in chats and calls. These flaws affect both internal and external communications.

A significant data breach at Conduent, a New Jersey-based government contractor, has been traced back to an intrusion that began in October 2024 and persisted undetected until January 2025.

The automotive sector is facing an unprecedented wave of cyberattacks that threaten business continuity, disrupt global supply chains, and expose critical vulnerabilities in connected vehicle systems.

Threat actors are increasingly exploiting resurgent vulnerabilities—older CVEs that re-emerge years after disclosure—due to their ease of weaponization and lack of monitoring.

According to a report from Shadowserver, the majority of exploitation attempts originate from IP addresses in Asia, with a small number coming from Europe and North America.

A startling majority — 82% — of K-12 schools experienced a cyber incident between July 2023 and December 2024, according to a report released Thursday by the nonprofit Center for Internet Security.