PowerShell Gallery has been identified as a potential vector for software supply chain attacks. Malicious actors can exploit PowerShell’s autoloading and command clobbering features to override legitimate system commands.

The accused allegedly acted as affiliates of the ALPHV ransomware group, targeting at least 5 US-based companies - a Florida-based medical device manufacturer, a Virginia-based drone maker, and a Maryland-headquartered pharmaceutical company.

A China-affiliated threat actor known as UNC6384 has been linked to a fresh set of attacks exploiting an unpatched Windows shortcut vulnerability to target European diplomatic and government entities between September and October 2025.

The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCANDY.

A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack. Airstalk misuses the AirWatch API for Workspace ONE Unified Endpoint Management.

A China-linked hacking group is exploiting a Windows zero-day in attacks targeting European diplomats in Hungary, Belgium, and other European nations. The attack chain begins with spearphishing emails that lead to the delivery of malicious LNK files.

A new AI-driven attack method, FOICE (Face-to-Voice), enables the generation of synthetic speech from facial images, posing a significant threat to voice authentication systems. This technique bypasses traditional deepfake detectors.

AI-powered malicious SEO is rapidly transforming the digital threat landscape, enabling threat actors to manipulate search engine algorithms at scale. This undermines the visibility of legitimate content, erodes trust in online information.

Between January and October 2025, two major ClickFix campaigns were tracked, including an Interlock ransomware incident in August targeting a U.S. SLTT entity. It has been used to deliver malware such as Lumma Stealer, NetSupport RAT, and SocGholish.

CoPhish abuses the flexibility of Microsoft Copilot Studio, which allows users to create and share chatbot agents hosted on copilotstudio.microsoft.com. These agents can be customized using "topics"—automated workflows that include login prompts.