A Russian state-linked threat actor, Storm-1516, has launched a sophisticated disinformation campaign across Europe by impersonating legitimate journalists and publishing fabricated stories on spoofed news websites.

A new ransomware group named Bert has emerged, targeting healthcare, technology, and event services sectors across Asia, Europe, and the U.S. The ransomware affects both Windows and Linux systems and is under active development.

A sophisticated cyberattack has disrupted the infrastructure used to distribute the “1001” firmware—custom software developed by Russian entities to convert civilian DJI drones for military use in the ongoing conflict in Ukraine.

On April 22, 2025, Gloucester County, Virginia, experienced a ransomware attack that compromised sensitive data of 3,527 current and former employees. The BlackSuit ransomware group later claimed responsibility for the attack.

A sophisticated phishing campaign, likely operated by China-based cybercriminals, is targeting global online shoppers through thousands of fraudulent retail websites impersonating major brands.

Surmodics, a Minnesota-based medical device manufacturer, reported a cyberattack discovered on June 5, 2025, which forced the company to shut down parts of its IT infrastructure.

The DOJ launched a major crackdown on a North Korean IT worker scheme, conducting raids on 29 "laptop farms" across 16 states. These workers accessed sensitive data, including International Traffic in Arms Regulations (ITAR) information.

The International Criminal Court (ICC) has reported a new, sophisticated, and targeted cybersecurity incident, detected and contained through its internal alert and response mechanisms.

A ransomware attack by the Qilin cybercrime group on Synnovis, a pathology service provider in London, severely disrupted NHS services in June 2023. The breach also exposed sensitive data of over 900,000 individuals.

Glasgow City Council has reported a cyber incident that has disrupted several of its online services and may have resulted in the exfiltration of customer data. The council has taken affected servers offline as a precautionary measure.