A new hacking group, Storm-2657, is targeting U.S. universities with sophisticated phishing attacks aimed at hijacking payroll payments. These 'pirate payroll' attacks exploit social engineering tactics to manipulate staff into providing sensitive login information.

The rise of AI-powered ransomware marks a significant shift in the cybersecurity landscape, with 80% of ransomware attacks now utilizing artificial intelligence. This new category of ransomware not only encrypts files but also learns and adapts to maximize damage, posing unprecedented challenges for organizations worldwide.

A sophisticated text message phishing campaign, attributed to the Smishing Triad, is targeting users globally, affecting over 121 countries. The operation utilizes advanced social engineering tactics and operates through a Phishing-as-a-Service ecosystem.

OpenAI's new AI web browser, ChatGPT Atlas, has been found to be vulnerable to clipboard injection attacks. This vulnerability could allow malicious actors to manipulate the user's clipboard, potentially leading to security breaches.

Researchers have identified a new wave of cybersecurity attacks against European drone makers by the Lazarus Group, a North Korean government-affiliated threat actor. This campaign, part of 'Operation DreamJob,' uses social engineering tactics to exfiltrate proprietary information.

Two teenagers have been charged with computer hacking offenses related to a cyber attack on Transport for London (TfL) that caused significant disruption last year. The attack, attributed to the cyber-criminal group Scattered Spider, resulted in £39 million in damages.

Cybercriminals are increasingly leveraging Clickfix social engineering tactics and AI in Business Email Compromise (BEC) scams, leading to a 500% surge in Clickfix attacks in early 2025. Mimecast's latest report reveals a shift in tactics that focus on the human element, making phishing and scams harder to detect.

Mimecast's latest report reveals a staggering 500% increase in AI-driven phishing and ClickFix schemes as cybercriminals exploit trusted services to bypass email security. The report highlights that phishing now accounts for 77% of all attacks, marking a significant evolution in attacker behavior.

The Warlock ransomware campaign, linked to Chinese threat actors, exploits the ToolShell zero-day vulnerability in Microsoft SharePoint (CVE-2025-53770). This shift towards direct financial cybercrime marks a significant change in tactics among these groups.

Security flaws in Microsoft's Azure ecosystem enable cybercriminals to create deceptive applications that imitate official services like the Azure Portal. Varonis discovered that attackers can bypass safeguards using invisible Unicode characters, leading to potential phishing attacks.

Cybersecurity experts have raised concerns about OpenAI's new browser, ChatGPT Atlas, which may be susceptible to attacks that could compromise user data. The browser's features, including 'browser memories' and 'agent mode,' could potentially be exploited through prompt injection attacks, leading to unauthorized access to sensitive information.

In Q3 2025, Cisco Talos observed a significant rise in ToolShell attacks, primarily targeting public-facing applications, with a notable increase in post-exploitation phishing campaigns. The report emphasizes the importance of network segmentation and rapid patching to mitigate these threats.

Threat actors are exploiting X’s generative AI bot Grok to disseminate phishing links, according to ESET researchers. By tricking Grok into providing links in its responses, attackers are circumventing restrictions on promoted posts.

The Bitter APT group is leveraging an old vulnerability in WinRAR to deploy new backdoor attacks. This highlights the ongoing threat posed by advanced persistent threats (APTs) that exploit outdated software vulnerabilities.

CISA has flagged a critical vulnerability in the Windows SMB client that is actively being exploited, allowing attackers to gain elevated privileges on affected systems. Organizations are urged to patch immediately to prevent potential compromises.

Jewett-Cameron Company, an Oregon-based provider of fencing and pet solutions, experienced a cyberattack that led to the theft of sensitive information and disruption of business operations. The company reported that hackers deployed encryption software and threatened to release stolen data unless a ransom is paid.

A large-scale intrusion campaign, tracked as REF3927, is exploiting misconfigured Microsoft IIS servers that reuse publicly exposed ASP.NET machine keys. Attackers are deploying malicious modules and webshells to gain control over affected systems.

Cybercriminals are exploiting Microsoft 365's Direct Send feature to bypass security filters and conduct phishing campaigns. This legitimate feature, designed for enterprise convenience, has become a vector for business email compromise attacks, prompting security researchers to raise alarms.

Cybercriminals are evolving their email phishing tactics, utilizing legacy methods combined with advanced techniques to evade security measures. New strategies include the use of QR codes, password-protected attachments, and multi-stage verification chains to compromise victims.

Researchers at Koi Security have identified a new cyber threat named GlassWorm that spreads through infected Visual Studio Code extensions. Utilizing invisible Unicode characters, this worm evades detection and employs the Solana blockchain for command-and-control operations.