TA2900, is targeting French-speaking individuals with fraudulent rental payment schemes. The campaigns are designed to steal funds by impersonating rental agencies and redirecting rent payments to attacker-controlled bank accounts.

Storm-1977 has been targeting cloud tenants in the education sector through password spraying attacks using AzureChecker.exe. The campaign led to the compromise of accounts and the deployment of over 200 containers for illicit cryptocurrency mining.

APT36 weaponized a fake "Pahalgam Terror Attack" report to lure Indian government and defense personnel. The phishing emails contained links mimicking legitimate Indian government domains, leading to the download of CrimsonRAT.

IntelBroker is a prolific cybercriminal who transitioned from ransomware operations to data brokering and forum administration, notably BreachForums, between August 2024 and January 2025.

The Darcula phishing-as-a-service (PhaaS) platform has introduced generative AI (GenAI) capabilities, significantly enhancing its accessibility and effectiveness for cybercriminals.

North Korean-aligned threat actors, particularly the Void Dokkaebi group, are leveraging Russian IP infrastructure to conduct cybercrime operations. These campaigns focus on cryptocurrency theft, social engineering, and malware deployment.

Security researchers have uncovered a new campaign by the Russian-affiliated APT group Gamaredon, leveraging the PteroLNK variant of the Pterodo malware family to target Ukrainian military, government, and infrastructure sectors.

Researchers have identified dormant but potentially malicious infrastructure linked to the Iranian threat group APT34 (OilRig), known for targeting sectors such as education, government, energy, telecom, and NGOs.

A newly uncovered campaign by the threat group ELUSIVE COMET exploits Zoom’s remote control feature to hijack victims’ systems. The attackers use social engineering tactics, impersonating Bloomberg Crypto.

A threat actor known as ELUSIVE COMET is exploiting Zoom’s remote control feature to deploy malware during fake podcast interviews. The attacker is targeting individuals in the cryptocurrency and DeFi sectors.