The Agenda ransomware group (also known as Qilin) has intensified its operations in early 2025, targeting critical sectors such as healthcare, finance, technology, and telecommunications across the US, Netherlands, Brazil, India, and the Philippines.

Trend Micro Research identified two vulnerabilities (CVE-2025-23242 and CVE-2025-23243) in NVIDIA Riva deployments, exposing AI-powered speech and translation services to unauthorized access, resource abuse, and intellectual property theft.

North Korean-aligned threat actors, particularly the Void Dokkaebi group, are leveraging Russian IP infrastructure to conduct cybercrime operations. These campaigns focus on cryptocurrency theft, social engineering, and malware deployment.

Researchers found that FOG ransomware is being distributed by cybercriminals trolling users by abusing the name of the Department of Government Efficiency (DOGE), or individuals connected to the government initiative.

CrazyHunter has established itself as a significant ransomware threat, specifically targeting Taiwanese organizations, predominantly in healthcare, education, and industrial sectors.

The SocGholish loader can download and execute malicious payloads, exfiltrate sensitive data, and execute arbitrary commands, providing persistent access for further exploitation and payload deployment.

Trend Research uncovered a campaign that uses fake GitHub repositories to distribute SmartLoader, which is then used to deliver Lumma Stealer and other malicious payloads.

The attack involved three business partners (Partner A, Partner B, and Partner C) exchanging invoices via email. The threat actor gained access to a third-party email server, giving them complete visibility into ongoing transactions.

The attackers gained initial access through social engineering tactics, including Microsoft Teams impersonation and abuse of Quick Assist for remote access. They exploited OneDriveStandaloneUpdater.exe to side-load malicious DLLs.

The Shadowpad malware family has targeted at least 21 companies across 15 countries in Europe, the Middle East, Asia, and South America, with more than half of the targets being in the manufacturing industry.