The rise of AI-powered ransomware marks a significant shift in the cybersecurity landscape, with 80% of ransomware attacks now utilizing artificial intelligence. This new category of ransomware not only encrypts files but also learns and adapts to maximize damage, posing unprecedented challenges for organizations worldwide.

A sophisticated text message phishing campaign, attributed to the Smishing Triad, is targeting users globally, affecting over 121 countries. The operation utilizes advanced social engineering tactics and operates through a Phishing-as-a-Service ecosystem.

Microsoft has released an out-of-band security update for a critical vulnerability in Windows Server Update Services (WSUS), tracked as CVE-2025-59287. This flaw allows remote code execution by unauthenticated threat actors, and a new patch is necessary to fully mitigate the issue as the initial patch was incomplete.

The SideWinder advanced persistent threat group has developed a sophisticated attack methodology utilizing ClickOnce applications to deploy StealerBot malware against diplomatic and governmental targets in South Asia. This campaign marks a significant evolution in their tactics, employing spear-phishing emails and advanced evasion techniques.

Everest Ransomware has reportedly breached AT&T Careers, compromising 576,000 records. This incident highlights the ongoing threat of ransomware attacks targeting large organizations.

Researchers have identified a new wave of cybersecurity attacks against European drone makers by the Lazarus Group, a North Korean government-affiliated threat actor. This campaign, part of 'Operation DreamJob,' uses social engineering tactics to exfiltrate proprietary information.

Google's Threat Intelligence Group has uncovered a Vietnamese cybercriminal campaign that uses fake job postings to compromise digital marketing professionals. The campaign, tracked as UNC6229, employs social engineering and malware tactics to hijack corporate advertising accounts.

Toys “R” Us Canada has confirmed a data breach where customer records were leaked by threat actors. The company is notifying affected customers and has upgraded its security measures following the incident.

Medusa Ransomware has leaked a significant amount of data from Comcast, totaling 834 GB, after the company failed to meet a $1.2 million ransom demand. This incident highlights the ongoing threat posed by ransomware groups.

Cybercriminals are increasingly leveraging Clickfix social engineering tactics and AI in Business Email Compromise (BEC) scams, leading to a 500% surge in Clickfix attacks in early 2025. Mimecast's latest report reveals a shift in tactics that focus on the human element, making phishing and scams harder to detect.

Caminho, a Brazilian Loader-as-a-Service (LaaS), uses Least Significant Bit (LSB) steganography to hide .NET payloads in images, allowing malware to bypass defenses. This threat targets businesses across South America, Africa, and Eastern Europe, utilizing spear-phishing tactics to deliver its payloads.

Atlassian has disclosed a critical path traversal vulnerability in Jira Software Data Center and Server, allowing authenticated attackers to write files to any path accessible by the JVM. The flaw, tracked as CVE-2025-22167, affects versions from 9.12.0 through 11.0.1 and poses significant risks if unpatched.

The Warlock ransomware campaign, linked to Chinese threat actors, exploits the ToolShell zero-day vulnerability in Microsoft SharePoint (CVE-2025-53770). This shift towards direct financial cybercrime marks a significant change in tactics among these groups.

GlassWorm malware is exploiting the OpenVSX marketplace to target developers, highlighting the risks associated with third-party software repositories. Developers are urged to exercise caution when downloading extensions.

Cybersecurity experts have raised concerns about OpenAI's new browser, ChatGPT Atlas, which may be susceptible to attacks that could compromise user data. The browser's features, including 'browser memories' and 'agent mode,' could potentially be exploited through prompt injection attacks, leading to unauthorized access to sensitive information.

In Q3 2025, Cisco Talos observed a significant rise in ToolShell attacks, primarily targeting public-facing applications, with a notable increase in post-exploitation phishing campaigns. The report emphasizes the importance of network segmentation and rapid patching to mitigate these threats.

A serious vulnerability, dubbed TARmageddon (CVE-2025-62518), has been discovered in the async-tar Rust library and its forks, including tokio-tar. This critical flaw could allow attackers to execute arbitrary code through file overwriting attacks, posing significant risks to Rust-based applications.

Threat actors are exploiting X’s generative AI bot Grok to disseminate phishing links, according to ESET researchers. By tricking Grok into providing links in its responses, attackers are circumventing restrictions on promoted posts.

The Bitter APT group is leveraging an old vulnerability in WinRAR to deploy new backdoor attacks. This highlights the ongoing threat posed by advanced persistent threats (APTs) that exploit outdated software vulnerabilities.

A vulnerability tracked as CVE-2025-6515 in the Oat++ MCP implementation allows threat actors with HTTP server access to hijack AI agent sessions. This flaw can lead to accelerated session creation and destruction, enabling attackers to exploit session IDs for malicious purposes.