The public sector faces a surge in sophisticated cyber threats, including ransomware, phishing, and exploitation of 0-day vulnerabilities. They target sensitive data, disrupt essential services, and exploit trust in government institutions.

AI agents in SOCs and SIEMs are vulnerable to indirect prompt injection, where malicious inputs are embedded in log files. These log files, when ingested by the AI, can trigger unintended behaviors such as altering event classifications.

A recent investigation uncovered a deceptive malware campaign leveraging fake AI-themed content to distribute a malicious ScreenConnect installer. This installer is pre-configured to deliver the Xworm malware.

A recent campaign orchestrated by the EncryptHub threat group combines social engineering tactics with exploitation of CVE-2025-26633 to deliver malicious payloads. Attackers impersonate Brave Support to deceive users.

CVE-2024-7348 is a race condition vulnerability in PostgreSQL's `pg_dump` utility that allows attackers with sufficient privileges to execute arbitrary SQL commands as the user running the dump, often a superuser.

KAWA4096 is a newly identified ransomware strain that surfaced in June 2025. Its name, derived from the Japanese word for "river," reflects a thematic branding. The ransomware adopts stylistic elements from established groups.

Blind Eagle, also known as APT-C-36, is a persistent threat actor that targets organizations across Latin America, with a particular focus on Colombian financial institutions.

A new phishing campaign leveraging the Tycoon2FA Phishing-as-a-Service (PhaaS) platform has been linked to the threat actor Storm-1575, also known for the Dadsec platform.

Trustwave SpiderLabs uncovered a resurgence of malicious campaigns in March 2025 that exploit deceptive CAPTCHA verifications to deploy NodeJS-based backdoors. The campaign is referred to as "Yet Another NodeJS Backdoor (YANB)."

A recent surge in malicious activity has been observed originating from the Proton66 ASN. This activity includes mass scanning, credential brute forcing, and exploitation attempts. The observed activity is targeting organizations worldwide.