A spam campaign that has been active since at least January 2025 is targeting Portuguese-speaking users in Brazil. The campaign abuses free trials of commercial RMM tools, including N-able and PDQ Connect, to gain unauthorized access to systems.

The LockBit ransomware gang has suffered a major breach after its dark web affiliate panels were defaced and replaced with a link to a MySQL database dump. This breach exposes sensitive operational data and further damages LockBit’s reputation.

The Agenda ransomware group (also known as Qilin) has intensified its operations in early 2025, targeting critical sectors such as healthcare, finance, technology, and telecommunications across the US, Netherlands, Brazil, India, and the Philippines.

Security researchers have uncovered a supply chain attack involving three malicious npm packages—sw-cur, sw-cur1, and aiide-cur—that target macOS installations of the Cursor AI IDE.

A newly uncovered cyberespionage campaign, attributed with high confidence to Iranian threat actors and with lower confidence to APT35 (Charming Kitten), involves a fake website impersonating the German Mega Model Agency.

Ngioweb, a proxy server botnet first identified in 2017, remains active with minimal code changes. It has grown from 3,000 daily IPs in 2020 to nearly 30,000 in 2024. It targets residential ISP users, who make up over 75% of infected systems.

Threat actors are increasingly leveraging blob URIs (Uniform Resource Identifiers) to deliver credential phishing pages that bypass Secure Email Gateways (SEGs) and evade automated analysis.

Multiple critical vulnerabilities have been discovered in the on-premise version of SysAid IT support software, enabling pre-authenticated remote code execution (RCE) with elevated privileges.

Microsoft has confirmed that the April 2025 security update (KB5055523) is causing authentication issues on domain controllers running Windows Server 2016, 2019, 2022, and 2025.

A newly uncovered campaign by the Lampion banking malware group has targeted Portuguese organizations in the government, finance, and transportation sectors. Lampion is an info stealer known for stealing sensitive banking credentials.