A supply chain attack targeted eScan antivirus software, distributing malware through its update server. The attack involved a malicious file that initiated a multi-stage infection chain.

The EmEditor supply chain compromise involved tampering with Windows Installer (MSI) packages to embed malicious scripts. The attackers used look-alike domains and command-and-control (C2) infrastructure to execute their operations.

ShadowHS is an advanced fileless Linux exploitation framework designed for stealthy, in-memory operations. It enables attackers to maintain long-term access to compromised systems without leaving persistent traces.

Operation Bizarre Bazaar is a significant cyberattack campaign targeting AI systems to steal compute power and resell access. The campaign, led by a hacker known as Hecker, involves exploiting unprotected AI models, particularly those using MCP.

A cybercrime operation named "Bizarre Bazaar" is actively targeting exposed LLM service endpoints. This operation involves unauthorized access to weakly protected LLM infrastructure, leading to significant security risks and financial implications.

The GoTo Resolve tool, a legitimate remote administration software, has been identified as a potential security risk due to its ability to be exploited for activities similar to ransomware tactics.

A cyber attack on the Polish power grid in December 2025 has been attributed to the Russian state-sponsored group ELECTRUM. The attack targeted operational technology systems managing distributed energy resources.

Two cyber campaigns, Gopher Strike and Sheet Attack, have been identified targeting Indian government entities. These campaigns are linked to a Pakistan-based threat actor and employ sophisticated techniques to compromise systems and exfiltrate data.

A massive data breach has exposed 149 million credentials, including those from major platforms such as Facebook, Instagram, and government domains. This breach underscores the ongoing threat posed by infostealing malware.

A sophisticated phishing campaign has been identified targeting energy-sector organizations. Attackers are exploiting Microsoft SharePoint services to harvest credentials and take over corporate email accounts, leading to widespread phishing attacks.