Recent investigations have revealed that the Chinese state-sponsored threat group Hafnium (also known as Silk Typhoon) is linked to a network of front companies developing advanced surveillance and cyber-espionage tools.

An attack on ATM infrastructure was uncovered involving a Raspberry Pi device physically connected to a network switch shared with an ATM. UNC2891 used this device to bypass perimeter firewalls and gain remote access to the bank’s internal network.

A wave of cyberattacks severely disrupted healthcare and critical infrastructure services across Russia. Stolichki and Neofarm were forced to suspend operations, affecting access to medications and healthcare services for thousands of citizens.

A sophisticated cyberattack campaign active from late 2024 to April 2025 targeted Russian IT firms and international entities using Cobalt Strike Beacon. The attackers employed spear phishing, DLL hijacking, and social media-based payload delivery.

A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770/53771 and exploited via the ToolShell exploit, has led to the compromise of 396 systems across 41 countries.

Palo Alto Networks is reportedly negotiating to acquire CyberArk Software, an Israeli publicly traded IT company, in a deal potentially exceeding $20bn. This potential acquisition of CyberArk would mark Palo Alto Networks’ largest deal to date.

A cyberattack targeting Seychelles Commercial Bank (SCB) has resulted in the exfiltration of 2.2GB of sensitive customer and government data. The attacker, operating under the alias "ByteToBreach," exploited a vulnerability in Oracle WebLogic Server.

A new malware campaign has been identified targeting Linux systems via a critical SAP NetWeaver vulnerability (CVE-2025-31324). The malware, dubbed Auto-Color, was deployed in a targeted intrusion against a US-based chemicals company in April 2025.

A newly identified USB-based attack technique, dubbed Choicejacking, enables cybercriminals to steal data from smartphones via public charging stations. This method bypasses traditional security prompts.

An updated joint advisory from U.S., U.K., Canadian, and Australian cybersecurity agencies warns of ongoing campaigns by Scattered Spider. This group is targeting Snowflake data storage environments to exfiltrate large volumes of sensitive data.