The most common initial access vectors included: VPN accounts – 23.5% Domain user accounts – 19.9% Remote Desktop Protocol (RDP) – 16.7% Such access enables threat actors to perform lateral movement, defense evasion, and data exfiltration.

Since late 2022, threat researchers from Unit 42 have tracked at least seven distinct strike teams associated with Muddled Libra. These teams are not static; personas frequently move between them, and their objectives and methods evolve over time.

A persistent malvertising campaign active throughout 2025 is delivering PS1Bot, a modular multi-stage malware framework written in PowerShell and C#. PS1Bot is designed for stealth and flexibility.

The vulnerabilities pose severe risks including full system compromise, unauthorized code execution, and unauthorized database access. Exploitation could lead to loss of confidentiality, integrity, and availability across affected SAP environments.

A recent cyberattack on the U.S. federal court filing system, PACER, has been attributed to Russian government hackers. The breach has compromised sealed legal records and potentially exposed the identities of confidential informants.

The Pennsylvania Office of Attorney General (OAG) is experiencing a major service outage due to a suspected cyber incident. The disruption has rendered its website, email systems, and phone lines inoperable for two consecutive days.

A phishing campaign is actively targeting UK organizations licensed to sponsor foreign workers and students by impersonating the UK Home Office. The attackers aim to steal Sponsorship Management System credentials to facilitate immigration fraud.

Four Ghanaian nationals have been indicted for orchestrating a transnational fraud ring responsible for over $100 million in losses through romance scams and Business Email Compromise (BEC) schemes.

Cybersecurity firm Profero has successfully cracked the encryption used by the DarkBit ransomware, enabling victims to recover encrypted files without paying a ransom. The ransomware is attributed to the Iran-linked MuddyWater APT group.

The vulnerability poses a significant threat to public cloud providers, whose business model involves offering remote code execution as a service and renting out shared hardware resources.