Iranian group used 104 hijacked accounts in embassy spear-phishing, exploiting geopolitical tensions for espionage.

Silver Fox exploited a Microsoft-signed WatchDog driver in May 2025 to bypass defenses, deploy ValleyRAT, and enable fraud.

Lazarus Group used PondRAT, ThemeForestRAT, and RemotePE in a 2024 DeFi attack, likely via Chrome zero-day.

FDN3 brute-force attacks peaked July 6–8, 2025, tied to Seychelles bulletproof hosts enabling ransomware entry.

Consumer credit reporting giant TransUnion warns it suffered a data breach exposing the personal information of over 4.4 million people in the United States, with BleepingComputer learning the data was stolen from it’s Salesforce account.

Researchers have disrupted an operation attributed to the Russian state-sponsored threat group Midnight Blizzard, which sought access to Microsoft 365 accounts and data.

Also known as APT29, the hacker group compromised websites in a watering hole campaign to redirect selected targets “to malicious infrastructure designed to trick users into authorizing attacker-controlled devices through Microsoft’s device code authentication flow.”

The Midnight Blizzard threat actor has been linked to Russia’s Foreign Intelligence Service (SVR) and is well-known for its clever phishing methods that recently impacted European embassies, Hewlett Packard Enterprise, and TeamViewer.

ScarCruft’s Operation HanKook Phantom uses RokRAT malware in spear-phishing campaigns, targeting South Korean academics for espionage.