Qilin ransomware emerged as the most active ransomware group in 2025, with 701 claimed attacks and 116 TB of data stolen. Operating under a ransomware-as-a-service (RaaS) model, Qilin has seen a surge in activity following the shutdown of RansomHub.

The cybersecurity landscape has seen a significant shift in threat actor behavior, with a marked increase in the exploitation of public-facing applications, evolving ransomware tactics, and targeted cyber-espionage campaigns.

A new technique called LLM salting has been introduced to counteract jailbreak attacks on LLMs such as LLaMA-2-7B and Vicuna-7B. These attacks exploit the reuse of precomputed adversarial prompts across similar model deployments.

Microsoft has implemented a security enhancement in File Explorer that disables the preview pane for files downloaded from the internet. This change is designed to prevent credential theft attacks that exploit NTLM hash leakage.

Security researchers have uncovered a critical vulnerability in OpenAI's Atlas and Perplexity's Comet browsers that allows attackers to spoof the built-in AI sidebar. This spoofing attack can deceive users into executing malicious actions.

These vulnerabilities may expose organizations to potential security risks, including unauthorized access, data leakage, or service disruption, depending on the nature of the flaws in the affected products.

A sophisticated malware campaign known as the "YouTube Ghost Network" has been dismantled by Google and Check Point after distributing over 3,000 malicious videos on YouTube.

A newly discovered zero-click attack, dubbed Shadow Escape, exploits MCP used by AI assistants. This attack enables the silent exfiltration of sensitive data—including SSNs, financial records, and medical identifiers—without any user interaction.

The Medusa ransomware group has leaked a 186.36 GB compressed archive of data allegedly stolen from Comcast Corporation. The data was released after Comcast reportedly failed to meet a $1.2 million ransom demand.

Toys R Us Canada disclosed that attackers accessed a customer database and exfiltrated personal information including names, addresses, phone numbers, and email addresses. However, the exact number of affected individuals remains undisclosed.