This report highlights the increasing cyber threats targeting small and medium businesses (SMBs), with a focus on credential abuse and ransomware. It details the rise of business email compromise and ransomware-as-a-service, emphasizing the need for stronger security measures like passwordless authentication.

Researchers found a phishing campaign using Phorpiex malware to spread Global Group ransomware. The attack employs deceptive file names to trick users into downloading a Windows shortcut that encrypts files offline, making recovery nearly impossible. It also erases backup files to cover its tracks.

Yes24, South Korea's leading K-pop ticketing platform, suffered a ransomware attack, rendering its website and app inaccessible and causing widespread cancellations of events. Fans are advised to be cautious of phishing attempts and wait for updates on refunds and compensation.

A credential harvesting campaign targeting ScreenConnect super administrators has been identified, leveraging low-volume spear phishing tactics with the EvilGinx framework. The operation aims to capture super admin credentials for potential ransomware deployment, utilizing sophisticated techniques to bypass traditional security measures. Mimecast has implemented protective measures and recommends user education and technical controls to mitigate the threat.

Cyberattacks surged during the summer of 2025, with ransomware groups targeting healthcare and retail sectors, while nation-state actors engaged in geopolitical cyber activities. Major incidents included the rise of the Interlock and Qilin ransomware groups, significant data breaches in retail, and the exploitation of Microsoft SharePoint vulnerabilities in a widespread campaign. Organizations are urged to improve their defenses by patching vulnerabilities, training personnel, and monitoring for lateral movement post-intrusion.

A fake version of ChatGPT, disguised as an InVideo AI tool, is tricking users into downloading ransomware. This malicious software locks users out of their systems and demands a ransom for access. The incident highlights the urgent need for vigilance against such deceptive schemes in the AI landscape.

Cybercriminals are impersonating job seekers to deliver ransomware through malicious resumes. By establishing trust on platforms like LinkedIn and using phishing tactics, they manipulate recruiters into opening harmful files. Security experts advise organizations to implement stricter measures to protect against these sophisticated social engineering attacks.

Ransomware is evolving with the integration of GenAI and LLMs, leading to more sophisticated attacks such as AI-driven phishing and quadruple extortion. Experts discuss how groups like CL0P and FunkSec utilize AI to enhance their operations and pressure victims, while emphasizing the need for defenders to implement AI-aware security measures across various platforms. Strategies for securing identities and leveraging API visibility against emerging threats are also highlighted.