Threat actors stories

Iran-linked cyber spies have combined tactics from multiple hacking groups in a new phishing campaign targeting US experts on Iranian politics and the IRGC.

Curly COMrades exploit Microsoft Hyper-V to run hidden malware inside lightweight VMs, evading detection and maintaining stealthy control over targets.

Ransom payments fell to a historic low of 23% in Q3 2025 as cyber extortion tactics shift towards targeted, costlier attacks on larger firms.

Despite 94% public sector confidence in handling supply chain cyberattacks, nearly half faced breaches last year, revealing a troubling gap in resilience.

Automation and AI slash ransomware attack times to 18 minutes, challenging defenders to match speed with automated defences, says ReliaQuest report.

Ransomware has evolved into a profit-centric business, driving cybercrime costs to USD $10.5 trillion and reshaping global cybersecurity risks and responses.

Expel has launched Expel Intel, a new team providing actionable cyber threat insights based on real-world incidents to help security teams improve defences.

Oracle has issued an urgent patch for a critical flaw in its E-Business Suite, exploited by the Cl0p ransomware group using advanced social engineering tactics.

Broadcom patches a VMware zero-day flaw exploited for nearly a year, allowing attackers root access to virtual machines in certain configurations.

A Chinese cyber group has targeted US government and policy organisations with spearphishing attacks amid trade talks, using advanced tactics to gain persistent access.

Vane Viper, a threat actor posing as an adtech firm, generated over 1 trillion DNS queries last year linked to malware and ad fraud, warns Infoblox.

Lazarus subgroup deploys three remote access trojans, including PondRAT and ThemeForestRAT, to target financial and cryptocurrency organisations with advanced cyberattacks.

Bell launched Bell Cyber, aiming to build a CAD $1 billion AI-powered solutions business amid rising cyber threats in Canada.

Oyster Backdoor malware, disguised as WinSCP and PuTTY, targets healthcare IT professionals to enable ransomware operations like Rhysida, warns BlueVoyant.

Proactive threat intelligence enables organisations to anticipate cyber threats, enhancing security resilience and shifting focus from reactive to preventive defence strategies.

Ransomware attacks surge to 20 daily incidents in 2025H1, with healthcare facing increased cyber threats and hackers targeting overlooked IoT devices worldwide.

Proofpoint exposes phishing attacks using fake Microsoft apps to bypass MFA and hijack Microsoft 365 accounts, affecting thousands globally in 2025.

Half of Australian government agencies have not adopted the strongest email security, risking cyberattacks on sensitive public sector data and communications.

LevelBlue and Akamai have teamed up to offer a managed web app and API security service, tackling rising threats with AI-driven, 24/7 protection and expert support.

Ransomware attacks in Australia and New Zealand have surged, with one in three incidents repeated and executives facing rising physical threats, warns new report.