A sophisticated malware campaign leveraging Pulsar RAT has been identified, targeting Windows systems. This campaign employs advanced techniques to evade detection and maintain persistent access, posing a significant threat to affected systems.

The RedKitten cyber campaign, attributed to a Farsi-speaking threat actor aligned with Iranian state interests, targets NGOs and individuals documenting human rights abuses in Iran.

A critical path-traversal vulnerability in WinRAR is being actively exploited by nation-state groups. The vulnerability, disclosed and patched six months ago, continues to be a target for espionage and financially motivated attacks.

PurpleBravo, a North Korean state-sponsored threat group, poses a significant threat to the IT software supply chain. The group targets software developers, particularly in the cryptocurrency and software development sectors.

A China-linked advanced persistent threat (APT) group, identified as UAT-8837, has been exploiting a critical zero-day vulnerability in Sitecore (CVE-2025-53690, CVSS score: 9.0) to target critical infrastructure sectors in North America.

Chinese cyberspies, identified as the Mustang Panda group, have launched a targeted phishing campaign against US government agencies. The campaign used the geopolitical event of Venezuelan President Nicolás Maduro's capture as a lure.

Sophos MDR recently responded to a targeted attack involving a MSP. In this incident, a threat actor gained access to the MSP’s RMM tool, SimpleHelp, and then used it to deploy DragonForce ransomware across multiple endpoints.

The Amsterdam Court of Appeal sentenced a 44-year-old Dutch national to seven years in prison for multiple crimes, including computer hacking and attempted extortion. The man was arrested in 2021 and convicted in 2022 by the Amsterdam District Court.

Authorities arrested 34 alleged cybercriminals in Spain, including some leaders of Black Axe, a transnational criminal organization responsible for adversary-in-the-middle scams such as business email compromise, and money laundering.

North Korea–linked APT group Kimsuky is targeting government agencies, academic institutions, and think tanks using spear-phishing emails that contain malicious QR codes (quishing), the FBI warns.