A China-linked threat actor, UNC5174, exploited three Ivanti CSA zero-days (CVE-2024-8190, CVE-2024-8963, CVE-2024-9380) to target French critical infrastructure sectors from September to November 2024.

Hunters International, a prolific Ransomware-as-a-Service (RaaS) operation responsible for nearly 300 global attacks, has officially shut down. The group announced the closure on July 3, 2025, offering free decryption tools to victims.

Blind Eagle, also known as APT-C-36, is a persistent threat actor that targets organizations across Latin America, with a particular focus on Colombian financial institutions.

BlueNoroff, a North Korean state-sponsored APT group and a subgroup of the Lazarus Group, is conducting a sophisticated campaign targeting macOS users in the cryptocurrency sector.

Blind Eagle (APT-C-36), a threat group active since 2018, has launched a new phishing campaign targeting Colombian organizations. The group uses phishing emails to deliver malware via malicious URLs.

A threat actor group tracked as CL-CRI-1014 has been targeting financial institutions across Africa since at least 2023. These attackers function as initial access brokers (IABs), compromising networks and selling access on the dark web.

A newly uncovered spearphishing campaign by North Korean threat actor Kimsuky has been active since March 2025, leveraging GitHub and Dropbox to distribute malware, including the open-source XenoRAT.

Operation RoundPress, orchestrated by the Russia-aligned Sednit group, is actively exploiting cross-site scripting (XSS) vulnerabilities in widely used webmail platforms such as Roundcube, Horde, MDaemon, and Zimbra.

Qilin introduced a controversial new feature in its affiliate panel—a "Call lawyer" button. This feature is designed to provide affiliates with access to legal experts who can assist in ransom negotiations by advising on legal implications.

APT36 is conducting a targeted phishing campaign against Indian defense personnel. The campaign uses spear-phishing emails with malicious PDF attachments that mimic official government documents to deliver credential-stealing malware.