A series of cyberattacks against government organizations in Central Asia and the Asia-Pacific has been linked to a threat cluster known as ShadowSilk, according to new research by Group-IB.

A financially motivated data extortion campaign, active since at least December 2024, is targeting high-end retailers and luxury commerce sectors. The campaign involves threat actors compromising Salesforce environments using social engineering .

Murky Panda has recently compromised cloud service providers to abuse their trusted access to customer environments. In one case, they exploited zero-day vulnerabilities to access a SaaS provider’s cloud infrastructure.

A surge in cyberespionage activity has been observed from the Chinese state-sponsored Silk Typhoon, also known as Murky Panda. The group has intensified its targeting of government, technology, legal sectors in North America.

The Kinsing cryptomining group, also known as H2Miner and Resourceful Wolf, has expanded its operations into Russia, marking a significant shift in its targeting strategy. The campaign began in April and exploits outdated software vulnerabilities.

A threat actor using the name Chucky_BF on a cybercrime and hacker forum is advertising what they claim to be a massive PayPal data dump. The post describes a trove allegedly containing more than 15.8 million records of email and plaintext passwords.

Blue Locker ransomware hits Pakistan’s oil & gas sector. NCERT-Pakistan has warned ministries of severe ongoing risk. Notably, the malicious cyber activity took place in close proximity to the celebration of Pakistan’s Independence Day.

Cisco Talos discovered UAT-7237, a Chinese-speaking advanced persistent threat (APT) group active since at least 2022, which has significant overlaps with UAT-5918. UAT-7237 aims to establish long-term persistence in high-value victim environments.

According to a new report, the Embargo ransomware group has amassed approximately $34.2 million in cryptocurrency since its emergence in April 2024. The group primarily targets the healthcare, business services, and manufacturing sectors.

Nation-state actors from China and Russia are actively attempting to compromise open-source software ecosystems by embedding malicious code and backdoors through trusted contributor roles.