Vidar Stealer 2.0 represents a significant evolution in infostealer malware, featuring a complete rewrite in C, multithreaded architecture, and advanced evasion and credential theft capabilities.

A targeted underground doxxing campaign has severely disrupted the operations of Lumma Stealer (also known as Water Kurita), a prominent infostealer malware. The campaign exposed personal and operational details of five alleged core members.

The Agenda ransomware group (also known as Qilin) has intensified its operations in early 2025, targeting critical sectors such as healthcare, finance, technology, and telecommunications across the US, Netherlands, Brazil, India, and the Philippines.

Trend Micro Research identified two vulnerabilities (CVE-2025-23242 and CVE-2025-23243) in NVIDIA Riva deployments, exposing AI-powered speech and translation services to unauthorized access, resource abuse, and intellectual property theft.

North Korean-aligned threat actors, particularly the Void Dokkaebi group, are leveraging Russian IP infrastructure to conduct cybercrime operations. These campaigns focus on cryptocurrency theft, social engineering, and malware deployment.

Researchers found that FOG ransomware is being distributed by cybercriminals trolling users by abusing the name of the Department of Government Efficiency (DOGE), or individuals connected to the government initiative.

CrazyHunter has established itself as a significant ransomware threat, specifically targeting Taiwanese organizations, predominantly in healthcare, education, and industrial sectors.

The SocGholish loader can download and execute malicious payloads, exfiltrate sensitive data, and execute arbitrary commands, providing persistent access for further exploitation and payload deployment.

Trend Research uncovered a campaign that uses fake GitHub repositories to distribute SmartLoader, which is then used to deliver Lumma Stealer and other malicious payloads.

The attack involved three business partners (Partner A, Partner B, and Partner C) exchanging invoices via email. The threat actor gained access to a third-party email server, giving them complete visibility into ongoing transactions.