Major Incidents or Breaches

  • The Interlock ransomware group claimed responsibility for a cyberattack on Kettering Health, leaking data allegedly stolen from the healthcare network’s systems.
  • A threat actor has re-released data from the 2021 AT&T breach, this time combining files to directly link Social Security numbers and birth dates to 49 million phone numbers.
  • Two members of the ViLE gang were sentenced for breaching a US federal law enforcement web portal and conducting an extortion scheme.
  • The U.S. Department of Justice seized cryptocurrency funds and 145 clearnet and dark web domains associated with the BidenCash carding marketplace.
  • Cisco Talos researchers reported a destructive ‘PathWiper’ attack using new wiper malware against an unnamed critical infrastructure organization in Ukraine.
  • Thousands of Asus routers have been compromised and incorporated into botnets.
  • Cybercriminals are exploiting a simple technique to steal Salesforce business data for extortion purposes.
  • The FBI issued an alert that the BADBOX 2.0 Android malware campaign has infected over 1 million consumer IoT devices, converting them into residential proxies for malicious use.

Newly Discovered Vulnerabilities

  • Hackers are actively exploiting CVE-2025-49113, a critical vulnerability in the Roundcube open-source webmail application, enabling remote code execution. Technical details have been disclosed and exploits are for sale.
  • Cisco warned of a static credential vulnerability (CVSS 9.9) in Identity Services Engine (ISE) cloud deployments on AWS, Azure, and Oracle Cloud, resulting in shared credentials across instances running the same software release and cloud platform.
  • ConnectWise issued a patch for an unspecified vulnerability affecting ScreenConnect customers, though details about the flaw and timeline of exploitation remain unclear.
  • Several popular Google Chrome extensions were found to transmit data over HTTP and hard-code sensitive credentials, leaking API keys and user data.

Notable Threat Actor Activity

  • The Silent Ransom Group (SRG) is targeting law firms with IT-themed social engineering attacks and callback phishing emails, according to an FBI alert.
  • BladedFeline, an Iran-aligned APT group with likely ties to OilRig/APT34, has been conducting cyberespionage campaigns targeting Kurdish and Iraqi government officials. ESET research indicates the group has maintained long-term access to targeted networks for up to eight years, deploying Whisper and Spearal malware.
  • The Bitter APT group, assessed as state-backed and aligned with Indian government interests, is expanding its geographic scope and evolving its tactics for intelligence gathering.
  • A phishing campaign using copyright infringement lures is targeting European countries, as reported by Cybereason.
  • Sophos researchers identified a campaign distributing backdoored malware targeting novice cybercriminals via GitHub repositories, with links to other campaigns dating back to August 2022.

Trends, Tools, or Tactics of Interest

  • Q1 2025 threat statistics show a significant increase in attacks on both non-mobile (Windows, macOS, IoT) and mobile platforms, including ransomware, miners, adware, and unwanted apps.
  • AI is increasingly being embedded into threat detection and response tools, but hallucinations and inaccurate guidance remain a risk for security operations teams.
  • Proxy services are capitalizing on Ukraine’s loss of IP address space, with significant portions of the country’s internet resources now under Russian control or sold to brokers.
  • Cybercriminals are leveraging compromised consumer IoT devices as residential proxies for malicious activity, as highlighted by the BADBOX 2.0 campaign.
  • The DShield honeypot network is introducing changes to allow greater customization and data analysis.
  • There is a trend of cybercriminals leveraging simple but effective social engineering and phishing techniques to steal sensitive business data, as seen in Salesforce data theft and callback phishing attacks.

Regulatory or Policy Developments Affecting the Security Industry

  • Germany’s data protection authority (BfDI) fined Vodafone GmbH €45 million ($51.4 million) for privacy and security violations.
  • Cellebrite, a digital forensics firm, is set to acquire virtualization vendor Corellium for $170 million, which may have implications for mobile device forensics and privacy.
  • The US continues to debate the appropriate regulatory approach to AI, with commentary emphasizing the need to balance innovation and security without waiting for political consensus.