The rise of AI-powered ransomware marks a significant shift in the cybersecurity landscape, with 80% of ransomware attacks now utilizing artificial intelligence. This new category of ransomware not only encrypts files but also learns and adapts to maximize damage, posing unprecedented challenges for organizations worldwide.

The SideWinder advanced persistent threat group has developed a sophisticated attack methodology utilizing ClickOnce applications to deploy StealerBot malware against diplomatic and governmental targets in South Asia. This campaign marks a significant evolution in their tactics, employing spear-phishing emails and advanced evasion techniques.

Salt Typhoon, a China-linked APT group, is leveraging zero-day exploits and DLL sideloading techniques to conduct sophisticated cyber espionage campaigns against critical infrastructure worldwide. Recent activities include targeting telecommunications and energy sectors, demonstrating advanced capabilities to compromise lawful intercept systems.

The Warlock ransomware campaign, linked to Chinese threat actors, exploits the ToolShell zero-day vulnerability in Microsoft SharePoint (CVE-2025-53770). This shift towards direct financial cybercrime marks a significant change in tactics among these groups.

The Russian state-sponsored APT known as Star Blizzard has transitioned to using a new backdoor, MaybeRobot, following the public disclosure of its LostKeys malware. This change comes as the group continues to employ sophisticated infection techniques to target civil society members in Russia.

The Bitter APT group is leveraging an old vulnerability in WinRAR to deploy new backdoor attacks. This highlights the ongoing threat posed by advanced persistent threats (APTs) that exploit outdated software vulnerabilities.

AI technology is increasingly integrated into workplaces, shaping the labor market and HR practices. Employers and employees must adapt to effectively manage generative AI and other AI-powered systems.

China-based group Storm-2603 has exploited an outdated version of the Velociraptor tool to maintain persistence and deploy multiple ransomware strains including Warlock, LockBit, and Babuk. This incident highlights the evolving tactics of threat actors utilizing legitimate tools for malicious purposes.