Cybercriminals are leveraging LastPass's after-death account handover procedures to trick users into revealing their login credentials. The campaign, linked to the CryptoChameleon group, involves sending fake emails about legacy access requests that redirect victims to phishing sites.

The rise of AI-powered ransomware marks a significant shift in the cybersecurity landscape, with 80% of ransomware attacks now utilizing artificial intelligence. This new category of ransomware not only encrypts files but also learns and adapts to maximize damage, posing unprecedented challenges for organizations worldwide.

A sophisticated text message phishing campaign, attributed to the Smishing Triad, is targeting users globally, affecting over 121 countries. The operation utilizes advanced social engineering tactics and operates through a Phishing-as-a-Service ecosystem.

Researchers have identified a new wave of cybersecurity attacks against European drone makers by the Lazarus Group, a North Korean government-affiliated threat actor. This campaign, part of 'Operation DreamJob,' uses social engineering tactics to exfiltrate proprietary information.

Google's Threat Intelligence Group has uncovered a Vietnamese cybercriminal campaign that uses fake job postings to compromise digital marketing professionals. The campaign, tracked as UNC6229, employs social engineering and malware tactics to hijack corporate advertising accounts.

Toys “R” Us Canada has confirmed a data breach where customer records were leaked by threat actors. The company is notifying affected customers and has upgraded its security measures following the incident.

Cybercriminals are increasingly leveraging Clickfix social engineering tactics and AI in Business Email Compromise (BEC) scams, leading to a 500% surge in Clickfix attacks in early 2025. Mimecast's latest report reveals a shift in tactics that focus on the human element, making phishing and scams harder to detect.

Mimecast's latest report reveals a staggering 500% increase in AI-driven phishing and ClickFix schemes as cybercriminals exploit trusted services to bypass email security. The report highlights that phishing now accounts for 77% of all attacks, marking a significant evolution in attacker behavior.

Caminho, a Brazilian Loader-as-a-Service (LaaS), uses Least Significant Bit (LSB) steganography to hide .NET payloads in images, allowing malware to bypass defenses. This threat targets businesses across South America, Africa, and Eastern Europe, utilizing spear-phishing tactics to deliver its payloads.

The Warlock ransomware campaign, linked to Chinese threat actors, exploits the ToolShell zero-day vulnerability in Microsoft SharePoint (CVE-2025-53770). This shift towards direct financial cybercrime marks a significant change in tactics among these groups.

Researchers have uncovered a large-scale phishing operation known as Smishing Triad, which utilizes text messages to deceive victims. The campaign involves thousands of malicious actors and has registered approximately 195,000 domains since January 2024, primarily targeting sensitive personal information.

In Q3 2025, Cisco Talos observed a significant rise in ToolShell attacks, primarily targeting public-facing applications, with a notable increase in post-exploitation phishing campaigns. The report emphasizes the importance of network segmentation and rapid patching to mitigate these threats.

Threat actors are exploiting X’s generative AI bot Grok to disseminate phishing links, according to ESET researchers. By tricking Grok into providing links in its responses, attackers are circumventing restrictions on promoted posts.

The Bitter APT group is leveraging an old vulnerability in WinRAR to deploy new backdoor attacks. This highlights the ongoing threat posed by advanced persistent threats (APTs) that exploit outdated software vulnerabilities.

Jewett-Cameron Company, an Oregon-based provider of fencing and pet solutions, experienced a cyberattack that led to the theft of sensitive information and disruption of business operations. The company reported that hackers deployed encryption software and threatened to release stolen data unless a ransom is paid.

The latest version of Vidar Stealer, known as Vidar 2.0, employs advanced memory injection techniques to bypass browser encryption and steal login credentials. This update marks a significant evolution in its capabilities, allowing it to efficiently extract sensitive information from multiple browsers.

Russian state-backed hacking group Coldriver has introduced three new malware strains, NOROBOT, YESROBOT, and MAYBEROBOT, following the exposure of their previous tool, LostKeys. These new tools are designed to evade detection and target high-value data.

A large-scale intrusion campaign, tracked as REF3927, is exploiting misconfigured Microsoft IIS servers that reuse publicly exposed ASP.NET machine keys. Attackers are deploying malicious modules and webshells to gain control over affected systems.

Cybercriminals are evolving their email phishing tactics, utilizing legacy methods combined with advanced techniques to evade security measures. New strategies include the use of QR codes, password-protected attachments, and multi-stage verification chains to compromise victims.

Researchers at Koi Security have identified a new cyber threat named GlassWorm that spreads through infected Visual Studio Code extensions. Utilizing invisible Unicode characters, this worm evades detection and employs the Solana blockchain for command-and-control operations.