A new strain of malware known as PDFSider has been deployed in ransomware attacks against a Fortune 100 company in the finance sector. Attackers utilized social engineering tactics.

The cybercriminal group known as "The Com," which includes subgroups like "Shiny Hunters" and "Scattered Lapsus$ Hunters," is involved in significant cybercriminal activities, including data breaches and extortion.

React2Shell is a critical RCE vulnerability affecting React Server Components and the React Flight protocol. This vulnerability allows unauthenticated attackers to execute arbitrary code on vulnerable servers through a single crafted HTTP request.

The emergence of DIG AI, an uncensored darknet AI assistant, has been identified as a significant threat, with a notable increase of over 200% in mentions and use of malicious AI tools from 2024 to 2025.

A China-linked threat actor, UNC5221, has compromised F5 BIG-IP systems, stealing source code and vulnerability data. The attackers deployed the BRICKSTORM backdoor, a sophisticated Go-based malware, enabling stealthy C2 and data exfiltration.

Qilin is a sophisticated Ransomware-as-a-Service (RaaS) group that emerged in 2022 and has since targeted high-value organizations globally. The group leverages bulletproof hosting (BPH) infrastructure to evade law enforcement and sustain operations.

A cyberattack targeting Seychelles Commercial Bank (SCB) has resulted in the exfiltration of 2.2GB of sensitive customer and government data. The attacker, operating under the alias "ByteToBreach," exploited a vulnerability in Oracle WebLogic Server.

A new smishing kit named "Panda Shop" has emerged, linked to Chinese cybercriminals and believed to be a rebranded evolution of the Smishing Triad. This kit enables large-scale phishing campaigns targeting global consumers and financial institutions.

Chinese cybercriminals are especially active in NFC-enabled fraud and are known for their well-established money laundering chains across multiple continents. They arrange for an NFC-enabled POS terminal and a merchant account linked to it.

The Smishing Triad group has been linked to a surge in smishing campaigns targeting the U.S. and the U.K. The fraudulent text messages claim unpaid toll bills or payment requests related to toll services like FasTrak, E-ZPass, and I-Pass.