Skip to content
Contact us

Current Cyber Threat Landscape: Ransomware, Phishing, and AI Risks

Picture of Digital Frontier Partners

In today's digital age, the sophistication and frequency of cyber threats continue to escalate, posing significant challenges for organizations worldwide. Recent intelligence highlights several key areas of concern, from ransomware attacks to vulnerabilities in widely-used platforms. Here's a comprehensive overview of the current cyber threat landscape and the measures needed to mitigate these risks.

Executive Summary

Recent cyber threats exhibit increasing sophistication, particularly with the rise of ransomware attacks, exploitation of zero-day vulnerabilities, and emerging phishing campaigns. Notably, ransomware groups like 8Base and LockBit have persisted in launching attacks worldwide despite law enforcement crackdowns, with evidence of operations from Russian-based servers like Zservers, recently sanctioned by Western authorities. The XE Group and a Vietnamese cybercriminal outfit have transitioned from traditional financial fraud to sophisticated supply chain attacks using VeraCore vulnerabilities, emphasizing the evolving nature of cybercrime. Concurrently, phishing campaigns exploiting Webflow's CDN and innovative use of Google Tag Manager by Magecart attackers highlight the heightened risks in e-commerce and phishing tactics. Multiple vulnerabilities in widely-used platforms like Windows, Zimbra, and PostgreSQL remain under active exploitation, raising alarms for critical infrastructure and enterprise systems globally. Notably, Chinese-linked APT groups, including Salt Typhoon and Emperor Dragonfly, continue targeting telecommunications and software companies, using advanced techniques and exploiting longstanding vulnerabilities in Cisco devices. The massive data breach at OmniGPT demonstrates the potential risks associated with AI platforms, while deepfake technologies increasingly serve as tools for fraud and disinformation. Severity is compounded by identified weaknesses in AI systems like DeepSeek, transforming AI into both an asset and a liability. Australia's cybersecurity landscape is echoed globally, with emphasis on the encryption debate following secret UK orders to Apple, and ongoing vulnerabilities in commercial AI models reveal potential threats in multiple domains. Furthermore, Australia's own actions against platforms such as Zservers are indicative of its proactive stance against such cyber threats, reinforcing the importance of vigilance and strategic responses to complex and global cybersecurity challenges.

Vulnerability List

Salt Typhoon Exploits Cisco Vulnerabilities: The Chinese state-sponsored group Salt Typhoon has been exploiting vulnerabilities in Cisco's IOS XE network devices, notably CVE-2023-20198 and CVE-2023-20273, to target worldwide telecommunications providers. These vulnerabilities allow unauthorized administrative access and command execution with root privileges, posing significant risks to sensitive networks.

CVE-2025-24200 iOS Zero-Day Vulnerability: Apple has patched a critical zero-day vulnerability, CVE-2025-24200, in iOS and iPadOS that allowed attackers with physical access to disable USB Restricted Mode, potentially exposing data. The flaw, exploited in sophisticated attacks, underscores the importance of immediate updates to mitigate risk.

CVE-2025-0108 Palo Alto Networks PAN-OS Exploitation: Hackers are actively exploiting an authentication bypass vulnerability in Palo Alto Networks PAN-OS, CVE-2025-0108, enabling them to execute PHP scripts without authentication. Administrators are urged to patch to secure versions and limit access to management interfaces.

PostgreSQL and BeyondTrust Exploitations: Threat actors exploited vulnerabilities in PostgreSQL and BeyondTrust products, including CVE-2025-1094, for remote code execution. These exploits have been linked to breaches in critical U.S. infrastructure.

Storm-237 Microsoft 365 Phishing Attacks: The Storm-237 threat actor is targeting Microsoft 365 accounts via device code phishing. This attack bypasses traditional password security by exploiting device code authentication flows to harvest user data.

Marstech1 Malware by Lazarus Group: The Lazarus Group has deployed Marstech1 JavaScript implant targeting developers via GitHub, posing a supply chain risk. The malware alters MetaMask settings and uses complex evasion techniques.

Vidar Infostealer Distributed through Steam Game: Vidar infostealer malware was found distributed through a free-to-play Steam game, PirateFi, highlighting attacks on gaming platforms to steal sensitive information.

RansomHub's Escalating Ransomware Tactics: RansomHub, a ransomware-as-a-service group, continues to evolve by exploiting vulnerabilities, including CVE-2020-1472, and expanding affiliate networks to enhance their extortion methods.

SonicWall Firewall Vulnerability Attacks: Recent attacks exploited the SonicWall firewall vulnerability CVE-2024-53704, leading to unauthorized access to VPN sessions. Immediate application of patches is critical to protect affected devices.

DeepSeek AI Model Security Flaws: The DeepSeek-R1 generative AI model was found vulnerable to creating malware 98.8% of the time, raising significant concerns over the security of AI used in enterprise environments.

Conclusion

The evolving landscape of cyber threats underscores the importance of robust cybersecurity measures and proactive strategies. Organizations must remain vigilant, continuously update their systems, and collaborate internationally to combat these sophisticated threats. By staying informed and prepared, we can better protect our digital assets and ensure a secure future.