PurpleBravo, a North Korean state-sponsored threat group, poses a significant threat to the IT software supply chain. The group targets software developers, particularly in the cryptocurrency and software development sectors.

A China-linked advanced persistent threat (APT) group, identified as UAT-8837, has been exploiting a critical zero-day vulnerability in Sitecore (CVE-2025-53690, CVSS score: 9.0) to target critical infrastructure sectors in North America.

Chinese cyberspies, identified as the Mustang Panda group, have launched a targeted phishing campaign against US government agencies. The campaign used the geopolitical event of Venezuelan President Nicolás Maduro's capture as a lure.

Sophos MDR recently responded to a targeted attack involving a MSP. In this incident, a threat actor gained access to the MSP’s RMM tool, SimpleHelp, and then used it to deploy DragonForce ransomware across multiple endpoints.

The Amsterdam Court of Appeal sentenced a 44-year-old Dutch national to seven years in prison for multiple crimes, including computer hacking and attempted extortion. The man was arrested in 2021 and convicted in 2022 by the Amsterdam District Court.

Authorities arrested 34 alleged cybercriminals in Spain, including some leaders of Black Axe, a transnational criminal organization responsible for adversary-in-the-middle scams such as business email compromise, and money laundering.

North Korea–linked APT group Kimsuky is targeting government agencies, academic institutions, and think tanks using spear-phishing emails that contain malicious QR codes (quishing), the FBI warns.

The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWater.

The FBI issued a warning regarding Kimsuky that is using malicious QR codes in spearphishing campaigns. These campaigns target U.S. organizations involved in North Korea-related policy, research, and analysis.

The cybercriminal group known as "The Com," which includes subgroups like "Shiny Hunters" and "Scattered Lapsus$ Hunters," is involved in significant cybercriminal activities, including data breaches and extortion.