ThreatsDay Bulletin: Emerging Cyber Threat Trends
Summary
Hide ▲
Show ▼
The ThreatsDay Bulletin highlights evolving cyber threat tactics, including infrastructure shifts and sophisticated social engineering lures. Attackers are rapidly adapting, with minimal gaps between vulnerability discovery and exploitation. The report underscores the fluid nature of the threat landscape and emphasizes the importance of continuous monitoring and adaptation. Recent incidents show how attackers leverage familiar systems and trusted workflows to gain control through scale, patience, and misplaced trust, with exposure accumulating quietly and surfacing all at once.
Timeline
-
18.12.2025 15:10 2 articles · 1mo ago
ThreatsDay Bulletin: Emerging Cyber Threat Trends
The ThreatsDay Bulletin reports on the evolving tactics of cyber attackers, including infrastructure shifts and sophisticated social engineering lures. The report emphasizes the rapid adaptation of attackers and the need for continuous monitoring and adaptation to counter emerging threats. Recent incidents show how attackers leverage familiar systems and trusted workflows to gain control through scale, patience, and misplaced trust, with exposure accumulating quietly and surfacing all at once.
Show sources
- ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories — thehackernews.com — 18.12.2025 15:10
- ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories — thehackernews.com — 22.01.2026 16:23
Information Snippets
-
Attackers are increasingly leveraging small tactical changes to exploit familiar systems.
First reported: 18.12.2025 15:101 source, 2 articlesShow sources
- ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories — thehackernews.com — 18.12.2025 15:10
- ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories — thehackernews.com — 22.01.2026 16:23
-
The threat landscape is characterized by rapid adaptation and minimal pauses between vulnerability discovery and exploitation.
First reported: 18.12.2025 15:101 source, 2 articlesShow sources
- ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories — thehackernews.com — 18.12.2025 15:10
- ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories — thehackernews.com — 22.01.2026 16:23
-
Social engineering lures and infrastructure shifts are notable trends in recent cyber threats.
First reported: 18.12.2025 15:101 source, 2 articlesShow sources
- ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories — thehackernews.com — 18.12.2025 15:10
- ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories — thehackernews.com — 22.01.2026 16:23
-
Attackers are leveraging familiar systems and trusted workflows to gain control through scale, patience, and misplaced trust.
First reported: 22.01.2026 16:231 source, 1 articleShow sources
- ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories — thehackernews.com — 22.01.2026 16:23
-
The 'background layer' of technology has become the front line, with exposure accumulating quietly and surfacing all at once.
First reported: 22.01.2026 16:231 source, 1 articleShow sources
- ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories — thehackernews.com — 22.01.2026 16:23
Similar Happenings
Attackers Optimize Traditional TTPs with AI in 2025
In 2025, attackers continued to leverage traditional techniques such as supply chain attacks and phishing, but with increased efficiency and scale due to AI advancements. The Shai Hulud NPM campaign demonstrated how a single compromised package can affect thousands of downstream projects. AI has lowered the barrier to entry for cybercriminals, enabling lean teams or even individuals to execute sophisticated attacks. Phishing remains effective, with one click potentially compromising large-scale systems. Malicious Chrome extensions bypassing official stores highlight the ongoing challenge of automated reviews and human moderators keeping pace with attacker sophistication.
Emerging Trends in Cyber Threat Tactics and Techniques
Cyber threat actors are increasingly adopting stealthy and sophisticated methods to blend into everyday digital environments. This shift involves hijacking trusted tools, apps, and AI assistants to execute precise, patient, and persuasive attacks. The focus is on quiet manipulation and automation, making it challenging to distinguish malicious intent from normal tech usage. These trends highlight the evolving nature of cyber threats and the need for heightened awareness and sharper defensive strategies.
2025 Phishing Trends: Omni-Channel Attacks, PhaaS Dominance, and Bypassing Phishing-Resistant Authentication
In 2025, phishing attacks evolved significantly, becoming more sophisticated and widespread across multiple channels. Attackers increasingly targeted non-email vectors such as LinkedIn DMs and Google Search, leveraging Phishing-as-a-Service (PhaaS) kits to bypass MFA and other security controls. The year saw a rise in techniques like consent phishing, device code phishing, and ClickFix, which allowed attackers to circumvent traditional authentication methods. These trends highlight the need for security teams to adapt their strategies to address the evolving threat landscape.
Gentlemen Ransomware Exploits Vulnerable Driver to Disable Security Software
The Gentlemen ransomware gang is using a vulnerable driver to disable security software in enterprise environments. The group employs a bring-your-own-vulnerable-driver (BYOVD) attack to terminate antivirus and extended detection and response (EDR) processes. The ransomware exploits CVE-2025-7771, a high-severity vulnerability in the ThrottleStop driver. The gang has demonstrated advanced capabilities, including tailored bypasses for specific security vendors. The attacks have been observed since this summer, with the group adapting its tactics mid-campaign. The use of legitimate, signed drivers complicates detection and defense. The ransomware was first observed this summer. The Gentlemens have been exploiting vulnerable, Internet-facing infrastructure and VPNs in their attacks. The group uses PowerRun.exe and Allpatch2.exe to escalate privileges and disable security products. Recently, the group targeted Oltenia Energy Complex, Romania's largest coal-based energy producer, on December 26, 2025. The attack encrypted documents and temporarily disabled several computer applications, including ERP systems, document management applications, the company's email service, and website. The company is cooperating with authorities and working to restore its IT systems using backups. Organizations are advised to implement zero-trust controls and monitor for unusual process combinations to defend against these attacks.
GPT-5 Jailbreak and Zero-Click AI Agent Attacks Exposed
Researchers have demonstrated a jailbreak technique to bypass GPT-5's ethical guardrails, leveraging the Echo Chamber and narrative-driven steering methods. This technique can produce harmful procedural content by framing it within a story, avoiding direct malicious prompts. Additionally, zero-click AI agent attacks have been detailed, targeting cloud and IoT systems through indirect prompt injections. These attacks exploit vulnerabilities in AI connectors and integrations, leading to data exfiltration and unauthorized access. The findings highlight the risks associated with integrating AI models with external systems, emphasizing the need for robust security measures and continuous red teaming to mitigate these threats. The Echo Chamber and Storytelling technique was executed in 24 hours after the release of GPT-5, demonstrating how attackers can increase their effectiveness by combining Echo Chamber with complementary strategies.