A massive network, active for over 14 years, is being used for illegal online gambling and malware distribution, doubling as a command and control (C2) and anonymity infrastructure.

A sophisticated phishing campaign is targeting email users with fake spam filter alerts. These emails impersonate legitimate spam filter notifications and redirect users to spoofed login pages designed to harvest sensitive information.

A recent analysis of nearly 200 data privacy-related insurance claims and 5,000 business websites reveals that 77% of wrongful collection claims stem from web activity. The Meta Pixel alone was cited in 43% of all web privacy claims.

A comprehensive analysis of 10 million devices across 700+ organizations revealed that nearly two-thirds of connected assets were non-traditional IT devices. These included network infrastructure (routers, firewalls) and xIoT devices such as OT.

A new wave of AI-powered malware is emerging, leveraging LLMs to dynamically alter behavior, evade detection, and enhance threat actor capabilities. State-sponsored actors from China and Iran have been observed misusing LLMs to craft lures.

A critical remote code execution vulnerability in Windows Server Update Services (WSUS), tracked as CVE-2025-59287, is being actively exploited in the wild. Attackers are leveraging this flaw to deploy the Skuld infostealer.

A new AI-driven attack method, FOICE (Face-to-Voice), enables the generation of synthetic speech from facial images, posing a significant threat to voice authentication systems. This technique bypasses traditional deepfake detectors.

A high-severity vulnerability, CVE-2025-40778, has been identified in BIND 9, the only actively maintained version of the Berkeley Internet Name Domain (BIND) software suite developed by the Internet Systems Consortium (ISC).

A surge in social engineering scams is targeting international students in the US. These scams impersonate government officials, police, or university staff to coerce victims into disclosing sensitive information or making payments.

As the global gaming market approaches $188.8 billion in value, attackers are exploiting its vast user base, digital assets, and third-party ecosystems to launch increasingly sophisticated attacks.