Salt Typhoon, a China-linked APT group, is leveraging zero-day exploits and DLL sideloading techniques to conduct sophisticated cyber espionage campaigns against critical infrastructure worldwide. Recent activities include targeting telecommunications and energy sectors, demonstrating advanced capabilities to compromise lawful intercept systems.

The Warlock ransomware campaign, linked to Chinese threat actors, exploits the ToolShell zero-day vulnerability in Microsoft SharePoint (CVE-2025-53770). This shift towards direct financial cybercrime marks a significant change in tactics among these groups.

During the second day of the Pwn2Own Ireland 2025 hacking competition, researchers exploited 56 unique zero-day vulnerabilities, earning $792,750 in cash. Notable exploits included a chain of five security flaws in the Samsung Galaxy S25 and multiple vulnerabilities in various NAS devices and printers.

A zero-day vulnerability, tracked as CVE-2025-11371, is being actively exploited in Gladinet CentreStack and Triofox products, allowing local users to access system files without authentication. Experts warn that while mitigations exist, the flaw remains unpatched.

Huntress warns users of Gladinet's CentreStack and Triofox file-sharing tools to apply an urgent mitigation for a zero-day vulnerability (CVE-2025-11371) that is actively being exploited. With no patch available, the vulnerability could allow attackers to execute remote code.