Cybercriminals are distributing malware disguised as AI tool installers, targeting users seeking AI solutions. Cisco Talos has identified three major threats: CyberLock ransomware, Lucky_Gh0$t ransomware, and a destructive malware named Numero.

A Chinese threat group, UAT-6382, is actively exploiting CVE-2025-0994—a remote code execution vulnerability in Trimble Cityworks—to deploy malware and maintain persistent access in U.S. local government networks.