ThreatsDay Bulletin: Emerging Cyber Threat Trends
Summary
Hide ▲
Show ▼
The ThreatsDay Bulletin continues to highlight the accelerating pace of cyber threats, where attackers rapidly adapt infrastructure shifts and social engineering lures to exploit familiar systems. Recent developments include targeted exploitation of Fortinet FortiGate devices via Ransomware-as-a-Service (RaaS), active abuse of Citrix ADC/Gateway vulnerabilities in production environments, widespread misuse of Microsoft Configuration Manager (MCP) for lateral movement and data theft, and weaponized LiveChat integrations in phishing campaigns. These trends reflect a broader pattern of quiet, cumulative exposure where small tactical changes accumulate undetected until they surface as major incidents, underscoring the need for continuous monitoring and adaptive defense strategies.
Timeline
-
18.12.2025 15:10 3 articles · 3mo ago
ThreatsDay Bulletin: Emerging Cyber Threat Trends
The article reinforces the existing trend of attackers leveraging small tactical changes to exploit familiar systems and trusted workflows, emphasizing the persistent threat of infrastructure shifts and sophisticated social engineering techniques. It highlights new exploitation vectors targeting Fortinet FortiGate devices via Ransomware-as-a-Service (RaaS), Citrix ADC/Gateway vulnerabilities in production environments, abuse of Microsoft Configuration Manager (MCP) for lateral movement and data exfiltration, and weaponization of LiveChat integrations for phishing campaigns. The piece underscores the ongoing challenge of distinguishing transient noise from emerging threats, noting that seemingly minor vulnerabilities or tactics often evolve into significant security incidents over time.
Show sources
- ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories — thehackernews.com — 18.12.2025 15:10
- ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories — thehackernews.com — 22.01.2026 16:23
- ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More — thehackernews.com — 19.03.2026 16:25
Information Snippets
-
Attackers are increasingly leveraging small tactical changes to exploit familiar systems.
First reported: 18.12.2025 15:101 source, 3 articlesShow sources
- ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories — thehackernews.com — 18.12.2025 15:10
- ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories — thehackernews.com — 22.01.2026 16:23
- ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More — thehackernews.com — 19.03.2026 16:25
-
The threat landscape is characterized by rapid adaptation and minimal pauses between vulnerability discovery and exploitation.
First reported: 18.12.2025 15:101 source, 3 articlesShow sources
- ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories — thehackernews.com — 18.12.2025 15:10
- ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories — thehackernews.com — 22.01.2026 16:23
- ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More — thehackernews.com — 19.03.2026 16:25
-
Social engineering lures and infrastructure shifts are notable trends in recent cyber threats.
First reported: 18.12.2025 15:101 source, 3 articlesShow sources
- ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories — thehackernews.com — 18.12.2025 15:10
- ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories — thehackernews.com — 22.01.2026 16:23
- ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More — thehackernews.com — 19.03.2026 16:25
-
Attackers are leveraging familiar systems and trusted workflows to gain control through scale, patience, and misplaced trust.
First reported: 22.01.2026 16:231 source, 2 articlesShow sources
- ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories — thehackernews.com — 22.01.2026 16:23
- ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More — thehackernews.com — 19.03.2026 16:25
-
The 'background layer' of technology has become the front line, with exposure accumulating quietly and surfacing all at once.
First reported: 22.01.2026 16:231 source, 2 articlesShow sources
- ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories — thehackernews.com — 22.01.2026 16:23
- ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More — thehackernews.com — 19.03.2026 16:25
-
Fortinet FortiGate devices are being targeted by Ransomware-as-a-Service (RaaS) operations exploiting known vulnerabilities.
First reported: 19.03.2026 16:251 source, 1 articleShow sources
- ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More — thehackernews.com — 19.03.2026 16:25
-
Citrix ADC and Gateway appliances are actively exploited via recently disclosed vulnerabilities in production environments.
First reported: 19.03.2026 16:251 source, 1 articleShow sources
- ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More — thehackernews.com — 19.03.2026 16:25
-
Malicious campaigns are abusing Microsoft Configuration Manager (MCP) for lateral movement and data exfiltration.
First reported: 19.03.2026 16:251 source, 1 articleShow sources
- ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More — thehackernews.com — 19.03.2026 16:25
-
LiveChat platform integrations are being weaponized for phishing campaigns targeting enterprise credentials.
First reported: 19.03.2026 16:251 source, 1 articleShow sources
- ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More — thehackernews.com — 19.03.2026 16:25
Similar Happenings
ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine & More
This week's ThreatsDay Bulletin highlights several significant developments in the cybersecurity landscape. Researchers uncovered new bot scalping tactics targeting DDR5 memory, Samsung TV tracking capabilities, and a substantial privacy fine imposed on Reddit. These updates reflect the evolving threat landscape and the continuous shifts in cybersecurity dynamics.
ThreatsDay Bulletin: AI Voice Cloning, Wi-Fi Kill Switch, and PLC Vulnerabilities
The ThreatsDay Bulletin highlights several emerging cybersecurity threats and trends. These include AI voice cloning exploits, the discovery of a Wi-Fi kill switch vulnerability, and vulnerabilities in programmable logic controllers (PLCs). The report emphasizes the rapid evolution of attack methods and the importance of vigilance in cybersecurity practices.
Attackers Optimize Traditional TTPs with AI in 2025
In 2025, attackers continued to leverage traditional techniques such as supply chain attacks and phishing, but with increased efficiency and scale due to AI advancements. The Shai Hulud NPM campaign demonstrated how a single compromised package can affect thousands of downstream projects. AI has lowered the barrier to entry for cybercriminals, enabling lean teams or even individuals to execute sophisticated attacks. Phishing remains effective, with one click potentially compromising large-scale systems. Malicious Chrome extensions bypassing official stores highlight the ongoing challenge of automated reviews and human moderators keeping pace with attacker sophistication.
Emerging Trends in Cyber Threat Tactics and Techniques
Cyber threat actors are increasingly adopting stealthy and sophisticated methods to blend into everyday digital environments. This shift involves hijacking trusted tools, apps, and AI assistants to execute precise, patient, and persuasive attacks. The focus is on quiet manipulation and automation, making it challenging to distinguish malicious intent from normal tech usage. These trends highlight the evolving nature of cyber threats and the need for heightened awareness and sharper defensive strategies.
2025 Phishing Trends: Omni-Channel Attacks, PhaaS Dominance, and Bypassing Phishing-Resistant Authentication
In 2025, phishing attacks evolved significantly, becoming more sophisticated and widespread across multiple channels. Attackers increasingly targeted non-email vectors such as LinkedIn DMs and Google Search, leveraging Phishing-as-a-Service (PhaaS) kits to bypass MFA and other security controls. The year saw a rise in techniques like consent phishing, device code phishing, and ClickFix, which allowed attackers to circumvent traditional authentication methods. These trends highlight the need for security teams to adapt their strategies to address the evolving threat landscape.