Cyberthreat News – The Latest Trends in Cyberthreats and Threat Intelligence
Cyberthreat News is a weekly digest of the latest cyberattacks, threat intelligence, and cybersecurity news from around the world. It is designed to help readers keep up with the rapidly evolving landscape of the global cyberthreat.
September 2025: Hackers infiltrated servers at luxury conglomerate Kering, stealing personal data from clients of brands including Gucci and Alexander McQueen. Criminal group ShinyHunters claimed responsibility for the incident, which relied on credential-stuffing tools and web-exfiltration scripts.
July 2025: Chinese state-linked hackers targeted African IT providers servicing government customers in a new wave of cyberespionage. The attack involved phishing, OAuth 2.0 refresh tokens, and Salesforce integrations to steal millions of records. June 2025: Researchers uncovered the largest known data leak in China, exposing 4 billion user records across platforms like WeChat and Alipay. The information was likely used for mass profiling, espionage research, and covert influence campaigns.
March 2026: Medical device maker Stryker reported a cyberattack that disrupted business operations, requiring multiple factor resets on 200,000 corporate devices. An Iranian-linked hacking group called Handala claimed responsibility, saying the attack was retaliation for the U.S. strike on a school in southern Iran.
December 2024: Russian hackers hijacked the systems of a Pakistani hacking group, enabling them to view sensitive data stolen from South Asian government and military targets. The incident demonstrated how state actors can leverage other hacking groups for intelligence and disruption.
Many of the most damaging incidents in 2025 started with compromised vendors and shared platforms. Campaigns targeting M&S, Ukraine government users, and SaaS solutions highlight the importance of MFA, identity monitoring, and security hygiene. Also, attacks using password spraying and credential stuffing over complex malware illustrate how threat groups favor stolen credentials to gain rapid access without raising alarms.