A China-aligned advanced persistent threat group, LongNosedGoblin, has been identified targeting government institutions in Southeast Asia and Japan. The group exploits Windows Group Policy to deploy malware and conduct long-term surveillance.

A critical vulnerability has been patched in SonicWall's Secure Mobile Access (SMA) 1000 appliances. This vulnerability, when combined with CVE-2025-23006, allows attackers to achieve unauthenticated remote code execution with root privileges.

A massive network, active for over 14 years, is being used for illegal online gambling and malware distribution, doubling as a command and control (C2) and anonymity infrastructure.

A sophisticated phishing campaign is targeting email users with fake spam filter alerts. These emails impersonate legitimate spam filter notifications and redirect users to spoofed login pages designed to harvest sensitive information.

A recent analysis of nearly 200 data privacy-related insurance claims and 5,000 business websites reveals that 77% of wrongful collection claims stem from web activity. The Meta Pixel alone was cited in 43% of all web privacy claims.

A comprehensive analysis of 10 million devices across 700+ organizations revealed that nearly two-thirds of connected assets were non-traditional IT devices. These included network infrastructure (routers, firewalls) and xIoT devices such as OT.

A new wave of AI-powered malware is emerging, leveraging LLMs to dynamically alter behavior, evade detection, and enhance threat actor capabilities. State-sponsored actors from China and Iran have been observed misusing LLMs to craft lures.

A critical remote code execution vulnerability in Windows Server Update Services (WSUS), tracked as CVE-2025-59287, is being actively exploited in the wild. Attackers are leveraging this flaw to deploy the Skuld infostealer.

A new AI-driven attack method, FOICE (Face-to-Voice), enables the generation of synthetic speech from facial images, posing a significant threat to voice authentication systems. This technique bypasses traditional deepfake detectors.

A high-severity vulnerability, CVE-2025-40778, has been identified in BIND 9, the only actively maintained version of the Berkeley Internet Name Domain (BIND) software suite developed by the Internet Systems Consortium (ISC).