A significant surge in scanning and exploitation activity has been observed targeting Progress Software’s MOVEit Transfer platform. Over 682 unique IP addresses have been identified in scanning operations.

Blind Eagle (APT-C-36), a threat group active since 2018, has launched a new phishing campaign targeting Colombian organizations. The group uses phishing emails to deliver malware via malicious URLs.

A campaign targeting WordPress websites involves attackers brute-forcing wp-admin credentials to deploy spam posts and pages for blackhat SEO purposes. The attackers use two malicious plugins to conceal their activity and maintain persistent access.

Two critical vulnerabilities in Cisco Identity Services Engine (ISE) and ISE-PIC (versions 3.3 and later) could allow unauthenticated remote attackers to execute arbitrary code with root privileges.

A threat actor group tracked as CL-CRI-1014 has been targeting financial institutions across Africa since at least 2023. These attackers function as initial access brokers (IABs), compromising networks and selling access on the dark web.

A ransomware attack by the Qilin cybercrime group on Synnovis, a pathology service provider in London, severely disrupted NHS services in June 2023. The breach also exposed sensitive data of over 900,000 individuals.

Glasgow City Council has reported a cyber incident that has disrupted several of its online services and may have resulted in the exfiltration of customer data. The council has taken affected servers offline as a precautionary measure.

A vulnerability in Kubernetes, tracked as CVE-2025-4563, allows compromised nodes to bypass authorization checks for dynamic resource allocation. It can lead to privilege escalation in clusters where specific configurations are enabled.

A new variant of the long-running "sextortion" scam campaign has emerged, featuring increased ransom demands, spoofed email addresses, and references to Pegasus spyware. The email usually starts with “Hello pervert.”

A UK government website originally created for the Home Office’s 2022 “No Place to Hide” anti-encryption campaign has been hijacked to promote a payday loan scheme. The campaign was initially expected to target Facebook Messenger.