Cisco released security updates in an advisory for a maximum severity flaw in their Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) products on July 2, 2025.
A new report from SentinelLabs, released on July 2, 2025, reveals a sophisticated cyberattack campaign targeting Web3 and cryptocurrency companies. Threat actors aligned with North Korea are aggressively exploiting macOS systems with a newly discovered malware called NimDoor, utilizing complex, multi-stage attacks and encrypted communications to remain undetected.
FortiGuard Labs has identified a sharp increase in exploitation attempts tied to the RondoDox botnet, which targets critical vulnerabilities in TBK DVR devices and Four-Faith routers, enabling remote attackers to execute arbitrary commands and fully compromise systems.
The French cybersecurity agency ANSSI disclosed that government, telecom, media, finance, and transport sectors in France were impacted by a Chinese hacking group that weaponized multiple zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices as part of a sophisticated intrusion campaign detected in September 2024.
Hunters International, a well-known Ransomware-as-a-Service operation, announced its official shutdown and stated that it will provide free decryption tools to assist victims in recovering their encrypted data without having to pay ransoms.
June 2025 saw Qilin emerge as the dominant ransomware group, reclaiming the top victim count for the second time in three months with 86 reported victims, a significant lead over its rivals.
This incident involved a new ransomware sample that, at first glance, appeared to be a typical DragonForce build, but in fact, was really a hybrid variant used by DEVMAN or an affiliate partner associated with them.
Attackers are increasingly leveraging Windows shortcut files to deliver malware, with malicious LNK samples rising from 21,098 in 2023 to 68,392 in 2024, indicating a clear surge in adoption by threat actors.
Threat actors are increasingly leveraging Vercel's v0, a generative AI tool that creates web interfaces from natural language prompts, to build realistic phishing sites that impersonate legitimate sign-in pages, including those of Okta customers.
The U.S. Department of the Treasury has taken decisive action by sanctioning Aeza Group, a Russian hosting company, along with its four primary operators: Arsenii Aleksandrovich Penzev, Yurii Meruzhanovich Bozoyan, Vladimir Vyacheslavovich Gast, and Igor Anatolyevich Knyazev.
On 16 June, Swiss charity entity Radix was hit by ransomware from the Sarcoma gang, a cyber gang that has been linked with double extortion. The gang published leaked data on its dark web site on 29 June.
Google has released security updates to address a high-severity type confusion flaw (CVE-2025-6554) found in the V8 JavaScript and WebAssembly engine used by Google Chrome.
TA829 is a financially motivated cybercriminal group that also conducts espionage aligned with Russian interests, using a mix of phishing campaigns, automation, and custom tooling based on the legacy RomCom backdoor to target victims.
The U.S. Department of Justice has launched a sweeping operation against North Korea's fraudulent IT worker scheme, resulting in the arrest of Zhenxing “Danny” Wang in New Jersey and the seizure of nearly 200 computers, 29 financial accounts, and 21 fraudulent websites used in the scheme.
A formidable threat, Odyssey Stealer (rebranded from Poseidon Stealer, which was forked from AMOS Stealer), has emerged within the macOS-targeting malware landscape, specifically targeting users in Western nations while avoiding CIS nations, through highly deceptive social engineering tactics.
The FBI has issued a warning to the public about a rising scam involving criminals who impersonate legitimate health insurance companies and their investigative teams. These fraudsters are targeting both patients and healthcare providers by sending deceptive emails and text messages that appear to be from trusted medical organizations.
A British IT worker, Mohammed Umar Taj, has been jailed for seven months and 14 days after carrying out what police described as a deliberate cyberattack against his employer.
Adversary-in-the-Middle attacks are an advanced evolution of man-in-the-middle techniques, exploiting weaknesses in credential-based security and legacy MFA systems by intercepting and relaying traffic between victims and legitimate services.
Hackers associated with Scattered Spider” have expanded from targeting insurance and retail sectors to now attacking aviation and transportation industries in North America.
Arctic Wolf Labs has unveiled a sophisticated and rapidly escalating cyber-espionage campaign attributed to UAC-0226, centered around the potent and stealthy malware, GIFTEDCROOK.
Security researcher mrd0x highlighted a novel social engineering method, dubbed ‘FileFix,' that capitalizes on the common File Upload functionality seen on websites, with the unique twist of using the File Explorer window to execute malicious commands.
GreyNoise has reported a significant surge in scanning activity targeting Progress MOVEit Transfer systems, beginning on May 27, 2025, when the daily count of scanning IPs spiked from fewer than 10 to over 100, followed by 319 IPs on May 28.
In the early days of 2022, Russia's military intelligence agency, GRU (specifically Unit 26165), began launching an extensive cyber-espionage campaign targeting Western companies involved in logistics, technology, and defense.
Anubis ransomware, first observed in December 2024 and evolved from a prototype known as Sphinx, is a Ransomware-as-a-Service operation gaining traction for its combination of data encryption and an optional file-wiping feature that permanently destroys victim data.
A sophisticated phishing campaign, active since May 2025, is exploiting a little-known and inherently risky Microsoft 365 feature called "Direct Send" to bypass traditional email security controls and steal credentials.
The recent conflict between Iran, Israel, and the US has heightened the risk of cyber spillover.
Dire Wolf is a newly emerged ransomware group first observed in May 2025 and has since carried out a wave of targeted attacks, particularly against organizations in the manufacturing and technology sectors.
Researchers at Trellix have uncovered details of a campaign, dubbed OneClik, targeting the energy, oil, and gas sectors through highly sophisticated phishing attacks and abuse of ClickOnce, a Microsoft .NET deployment technology that enables users to install and run Windows applications from a web browser or network share.
Amid heightened tensions between Iran and Israel, the Iranian threat group Educated Manticore, linked to the Islamic Revolutionary Guard Corps—has intensified spear-phishing operations targeting Israeli journalists, cybersecurity professionals, and computer science professors.
On June 25th, 2025, Citrix disclosed a critical zero-day vulnerability (CVE-2025-6543) in its widely deployed NetScaler ADC and NetScaler Gateway appliances.
The U.S. should stay vigilant about the ongoing digital threat posed by China even though events in the Middle East have drawn attention to potential cyberattacks by Iran, according to a senior FBI official.
In the wake of U.S. airstrikes on Iranian nuclear facilities on June 21, 2025, several Iran-aligned hacktivist groups launched cyberattacks against American military, defense, and financial institutions.
Researchers from the Socket Threat Research Team have exposed a sophisticated and ongoing North Korean supply chain attack embedded within the npm ecosystem.
Cybercriminals are increasingly exploiting artificial intelligence technologies, particularly large language models, to support malicious activities such as writing malware, crafting phishing emails, and scanning for system vulnerabilities.
Between March 2024 and May 2025, Ukrainian cybersecurity authorities investigated a cyber campaign attributed to UAC-0001, APT28, targeting government entities. The attackers deployed two custom malware tools, BEARDSHELL and SLIMAGENT, and leveraged components of the COVENANT C2 framework.
Fortinet researchers have published a detailed analysis of a Havoc post-exploitation framework variant deployed during a long-term intrusion targeting critical national infrastructure (CNI) in the Middle East.
sraeli authorities have issued an urgent warning that Iranian cyber actors are targeting internet-connected surveillance cameras to support military operations.
On June 22, 2025, the threat group known as "Cyber Fattah" leaked thousands of records stolen from the Saudi Games, a major sporting event in Saudi Arabia. The data, consisting of SQL dumps, included personal information of athletes and visitors.
SecurityScorecard's STRIKE team has uncovered a sophisticated and gradually expanding Operational Relay Box network known as “LapDogs,” believed to be operated by China-nexus threat actors.
Since March 2025, a new wave of attacks, tracked as "EvilConwi," has emerged, exploiting legitimate ConnectWise software through validly signed samples to distribute malware. This follows a previous spike in ConnectWise-related ransomware activity tied to CVE-2024-1708 and CVE-2024-1709 in February 2024.
Cybercriminals are hijacking search engine results by creating fake sponsored ads that impersonate customer support pages for major brands like Apple, Microsoft, Facebook, HP, Netflix, PayPal, and Bank of America. These scams exploit users' trust in familiar brand names and begin when a victim searches for help using a search engine like Google.
The Cofense Phishing Defense Center has identified a new phishing campaign that impersonates government toll services to trick recipients into providing personal and financial data.
News of "one of the largest data breaches in history," has sparked widespread media attention, but it is not a new breach. Rather, it is a massive compilation of previously stolen credentials gathered from infostealers, data breaches, and credential stuffing attacks.
In June 2025, cybersecurity firm Huntress investigated a highly targeted and technically sophisticated intrusion attributed to the North Korean state-sponsored group TA444 (also known as BlueNoroff).
Between April and early June 2025, Google's Threat Intelligence Group (GTIG), in partnership with external entities, identified an ongoing cyberespionage operation carried out by a likely Russia state-sponsored threat actor, tracked as UNC6293.
Veeam has released a security update addressing multiple vulnerabilities in its Backup & Replication (VBR) software, including a critical remote code execution (RCE) flaw identified as CVE-2025-23121.
A now-patched zero-day vulnerability in Google Chrome (CVE-2025-2783) was exploited by the threat group TaxOff to deploy a custom backdoor named Trinper in a targeted campaign dubbed Operation ForumTroll.