Qilin is a sophisticated Ransomware-as-a-Service (RaaS) group that emerged in 2022 and has since targeted high-value organizations globally. The group leverages bulletproof hosting (BPH) infrastructure to evade law enforcement and sustain operations.

Chinese APT group Flax Typhoon exploited ArcGIS Server's Server Object Extension (SOE) to maintain undetected access in a target network for over a year. The attackers used valid admin credentials to deploy a malicious Java SOE.

A threat actor known as TigerJack is actively distributing malicious VSCode extensions to steal crypto, exfiltrate source code, and execute arbitrary code. Researchers have identified at least 11 malicious VSCode extensions distributed by TigerJack.

Researchers have identified over 130 fake personas linked to more than 6,500 job interviews across approximately 5,000 companies over a four-year period through mid-2025.

North Korean threat actors have stolen over $2 billion in cryptocurrency assets in 2025, marking the largest annual total on record. The largest confirmed theft was the Bybit hack in February 2025, resulting in the loss of $1.46 billion.

A new ransomware alliance has emerged between DragonForce, LockBit, and Qilin, signaling a major evolution in the cyber threat landscape. This coalition aims to enhance attack effectiveness by sharing tools and infrastructure.

The Confucius hacking group has significantly evolved its attack methodologies over the past year, transitioning from document stealers like WooperStealer to sophisticated Python-based backdoors including AnonDoor malware.

A widespread extortion campaign is targeting Oracle customers with emails claiming data theft from Oracle’s E-Business Suite. The emails are allegedly linked to the Clop ransomware group.

Threat actors are increasingly adopting stealthy and unconventional techniques inspired by the Chinese APT group Salt Typhoon, which previously infiltrated major telecommunications providers.

Turla has been known for deploying stealthy Linux malware and using satellite-based Internet links to maintain the stealth of its operations. These activities suggest a strategic alignment between the two groups to enhance operational effectiveness.