A sophisticated text message phishing campaign, attributed to the Smishing Triad, is targeting users globally, affecting over 121 countries. The operation utilizes advanced social engineering tactics and operates through a Phishing-as-a-Service ecosystem.

OpenAI's new AI web browser, ChatGPT Atlas, has been found to be vulnerable to clipboard injection attacks. This vulnerability could allow malicious actors to manipulate the user's clipboard, potentially leading to security breaches.

Microsoft has released an out-of-band security update for a critical vulnerability in Windows Server Update Services (WSUS), tracked as CVE-2025-59287. This flaw allows remote code execution by unauthenticated threat actors, and a new patch is necessary to fully mitigate the issue as the initial patch was incomplete.

Researchers have identified a new wave of cybersecurity attacks against European drone makers by the Lazarus Group, a North Korean government-affiliated threat actor. This campaign, part of 'Operation DreamJob,' uses social engineering tactics to exfiltrate proprietary information.

Toys “R” Us Canada has confirmed a data breach where customer records were leaked by threat actors. The company is notifying affected customers and has upgraded its security measures following the incident.

The Warlock ransomware campaign, linked to Chinese threat actors, exploits the ToolShell zero-day vulnerability in Microsoft SharePoint (CVE-2025-53770). This shift towards direct financial cybercrime marks a significant change in tactics among these groups.

Researchers have uncovered a large-scale phishing operation known as Smishing Triad, which utilizes text messages to deceive victims. The campaign involves thousands of malicious actors and has registered approximately 195,000 domains since January 2024, primarily targeting sensitive personal information.

Threat actors are exploiting X’s generative AI bot Grok to disseminate phishing links, according to ESET researchers. By tricking Grok into providing links in its responses, attackers are circumventing restrictions on promoted posts.

A vulnerability tracked as CVE-2025-6515 in the Oat++ MCP implementation allows threat actors with HTTP server access to hijack AI agent sessions. This flaw can lead to accelerated session creation and destruction, enabling attackers to exploit session IDs for malicious purposes.

A phishing campaign is impersonating well-known brands like KFC, Red Bull, and Ferrari to compromise Facebook login details. Malicious emails lead targets to a fake job posting site where they are prompted to enter their credentials.

Cybercriminals are evolving their email phishing tactics, utilizing legacy methods combined with advanced techniques to evade security measures. New strategies include the use of QR codes, password-protected attachments, and multi-stage verification chains to compromise victims.

A newly uncovered attack campaign, dubbed Jingle Thief, is targeting global retailers' gift card systems using phishing and smishing techniques. The attackers, believed to be based in Morocco, operate entirely in cloud environments without deploying traditional malware.

Oracle has issued an emergency fix for a critical information disclosure vulnerability in its E-Business Suite, tracked as CVE-2025-61884. The flaw allows remote unauthenticated access to sensitive resources, raising concerns about potential exploitation by threat actors.

Threat actors are increasingly using Discord webhooks as covert command-and-control channels within open-source packages, allowing for the stealthy exfiltration of sensitive data. This tactic leverages hard-coded webhook URLs to bypass security measures and exfiltrate secrets from developer environments.

China-based group Storm-2603 has exploited an outdated version of the Velociraptor tool to maintain persistence and deploy multiple ransomware strains including Warlock, LockBit, and Babuk. This incident highlights the evolving tactics of threat actors utilizing legitimate tools for malicious purposes.

Asahi, Japan's leading beer producer, has been forced to halt production at most of its factories due to a cyber-attack attributed to the ransomware group Qilin. The company is currently processing orders manually, leading to significant shortages of its products across the country.