The ValleyRAT campaign targets job seekers by disguising malicious files as legitimate job-related documents. It leverages Foxit PDF Reader for DLL side-loading, allowing threat actors to gain control of systems and steal sensitive data.

The Water Saci campaign in Brazil leverages AI-enhanced, multi-format attacks via WhatsApp, utilizing a layered infection chain with various file formats and scripting languages.

Recent ransomware developments have shifted focus toward exploiting cloud-native environments, particularly Amazon S3, through misconfigurations and advanced misuse of AWS encryption and access mechanisms.

DragonForce is a rapidly evolving Ransomware-as-a-Service (RaaS) group, first observed in 2023 and gaining notoriety in 2025. Operating under the alias Water Tambanakua, the group has adopted a cartel model.

“Premier Pass-as-a-Service” describes the emerging trend of advanced collaboration tactics between multiple China-aligned APT groups, notably Earth Estries and Earth Naga, that are making modern cyberespionage campaigns even more complex.

Vidar Stealer 2.0 represents a significant evolution in infostealer malware, featuring a complete rewrite in C, multithreaded architecture, and advanced evasion and credential theft capabilities.

A targeted underground doxxing campaign has severely disrupted the operations of Lumma Stealer (also known as Water Kurita), a prominent infostealer malware. The campaign exposed personal and operational details of five alleged core members.

The Agenda ransomware group (also known as Qilin) has intensified its operations in early 2025, targeting critical sectors such as healthcare, finance, technology, and telecommunications across the US, Netherlands, Brazil, India, and the Philippines.

Trend Micro Research identified two vulnerabilities (CVE-2025-23242 and CVE-2025-23243) in NVIDIA Riva deployments, exposing AI-powered speech and translation services to unauthorized access, resource abuse, and intellectual property theft.

North Korean-aligned threat actors, particularly the Void Dokkaebi group, are leveraging Russian IP infrastructure to conduct cybercrime operations. These campaigns focus on cryptocurrency theft, social engineering, and malware deployment.