GrayAlpha, a threat actor overlapping with FIN7, has been observed deploying NetSupport RAT using diverse infection vectors and custom loaders. The group utilizes PowerNet, a PowerShell loader, and MaskBat.

A newly emerged ransomware group known as Warlock, also referred to as Warlock Dark Army, has claimed responsibility for a series of cyberattacks targeting both government and private sector organizations globally.

A threat actor known as Rare Werewolf has launched a crypto-mining campaign targeting hundreds of devices in Russia, Belarus, and Kazakhstan. The attackers deploy the XMRig miner to hijack computing resources for Monero mining.

This shift reflects a broader trend in the cyber threat landscape where ideological motives are increasingly replaced by profit-driven objectives. These groups now employ double extortion tactics, targeting a wide range of sectors and geographies.

BO Team (Black Owl) is a pro-Ukraine hacktivist group that has emerged as a significant cyber threat to Russian state institutions and critical industries. BO Team employs a sophisticated and patient approach to cyberattacks.

A newly emerged threat actor, “Often9,” has claimed to possess a dataset containing 428 million unique TikTok user records. The data is allegedly being sold on a prominent cybercrime forum and includes sensitive, non-public user information.

A Chinese threat actor group known as Earth Lamia has been actively exploiting known vulnerabilities in public-facing web applications to compromise organizations across sectors such as finance, government, IT, logistics, retail, and education.

Bitter APT (TA397), a suspected South Asian state-sponsored threat actor, launched a targeted spear phishing campaign against Pakistan Telecommunication Company Limited (PTCL) on May 7, 2025, during the India-Pakistan conflict.

The "Dark Partners" group is conducting a global crypto theft campaign using fake websites mimicking popular AI, VPN, and crypto apps. These sites distribute Poseidon (macOS) and Lumma (Windows) infostealers, along with the PayDay Loader malware.