A targeted campaign exploited Microsoft Entra ID’s legacy authentication protocol BAV2ROPC, allowing attackers to bypass MFA and gain unauthorized access to admin accounts across finance, healthcare, and tech sectors.

A sophisticated email campaign has been uncovered targeting users in Spain, Italy, and Portugal, distributing the cross-platform RATty RAT. The campaign uses the legitimate Spanish email service provider serviciodecorreo.es to send phishing emails.

A joint investigation has uncovered FreeDrain, a large-scale cryptocurrency phishing operation that exploits SEO manipulation, free-tier web services, and redirection techniques to deceive users of popular cryptocurrency wallets.

A coordinated cyber campaign dubbed #OpIndia was launched by over 40 ideologically motivated hacktivist groups following recent geopolitical tensions between India and Pakistan.

The Qilin ransomware gang claimed responsibility for a cyberattack on the Hamilton County Sheriff’s Office in Chattanooga, Tennessee, on April 14, 2025. The sheriff’s office stated that the attackers demanded a $300,000 ransom, which was not paid.

A recent malware campaign leverages steganography to embed malicious payloads within bitmap resources of 32-bit .NET applications. These payloads are delivered via malspam targeting the financial sector in Türkiye and the logistics sector in Asia.

Ubiquity has disclosed two vulnerabilities in its UniFi Protect platform, including a critical RCE flaw (CVE-2025-23123) with a CVSS score of 10.0 and a medium-severity livestream access issue (CVE-2025-23164) with a CVSS score of 4.4.

A new wave of cyberattacks is exploiting WinRM to conduct stealthy lateral movement within AD environments. By leveraging this legitimate administrative tool, attackers evade detection and blend into normal network activity.

Ransomware groups Qilin and Hunters International are abusing Kickidler, a legitimate employee monitoring tool used by over 5,000 organizations across 60 countries, to conduct stealthy reconnaissance and credential harvesting.

A supply chain attack has compromised the npm package rand-user-agent, which averaged 45,000 weekly downloads. Although deprecated, the package remained popular, making it an attractive target for attackers.