Threat Note

Key Takeaways: 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date. 1,590 victims disclosed across 85 leak sites, showing high, sustained activity despite law-enforcement pressure. 14 new ransomware brands launched this quarter, proving how quickly affiliates reconstitute after takedowns. LockBit’s reappearance with

 The Washington Post has publicly disclosed a significant data breach involving external hacking of its Oracle E-Suite system, impacting over 9,700 employees and contractors worldwide. The breach notification, filed with…

State-sponsored threat actors from China used artificial intelligence (AI) technology developed by Anthropic to orchestrate automated cyber attacks as part of a "highly sophisticated espionage campaign" in mid-September 2025. "The attackers used AI's 'agentic' capabilities to an unprecedented degree – using AI not just as an advisor, but to execute the cyber attacks themselves," the AI upstart

[[{"value":"A vulnerability in ImunifyAV can be exploited for arbitrary code execution by uploading a malicious file to shared servers. The post Imunify360 Vulnerability Could Expose Millions of Sites to Hacking…

 A severe remote code execution (RCE) vulnerability has been discovered in Imunify360 AV, a widely used malware scanner protecting approximately 56 million websites. The security flaw, recently patched by CloudLinux,…

 A deceptive Chrome extension named Safery: Ethereum Wallet has emerged as a serious threat to cryptocurrency users. Published on the Chrome Web Store on November 12, 2024, this extension masquerades…

Cybersecurity researchers are sounding the alert about an authentication bypass vulnerability in Fortinet Fortiweb WAF that could allow an attacker to take over admin accounts and completely compromise a device. "The watchTowr team is seeing active, indiscriminate in-the-wild exploitation of what appears to be a silently patched vulnerability in Fortinet's FortiWeb product," Benjamin Harris,

[[{"value":"A state-sponsored threat actor manipulated Claude Code to execute cyberattacks on roughly 30 organizations worldwide. The post Anthropic Says Claude AI Powered 90% of Chinese Espionage Campaign appeared first on…

 The notorious Cl0P ransomware group has claimed responsibility for breaching digital security firm Entrust, exploiting a critical zero-day vulnerability in Oracle E-Business Suite (EBS). The attack, tied to CVE-2025-61882, marks…

 In August 2025, a new ransomware threat emerged with capabilities that fundamentally changed how organizations should approach enterprise security. Kraken, a Russian-speaking cybercriminal group, began executing sophisticated attacks targeting large…

[[{"value":"The cybercriminals informed customers that their cloud server was shut down due to complaints. The post Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following Lawsuit   appeared first on SecurityWeek."}]] Read More  

 A growing social engineering technique called ClickFix has emerged as one of the most successful methods for distributing malware in recent months. This attack tricks users into copying and running…

 Digital photo frames have become a standard household device for displaying family memories, and most users assume these simple gadgets prioritize simplicity over complexity. However, a troubling discovery reveals that…

 The rise of cryptocurrency has created new opportunities for cybercriminals to exploit unsuspecting users. Attackers are now disguising the notorious DarkComet remote access trojan as Bitcoin-related applications, targeting cryptocurrency enthusiasts…