Skip to content
No results
  • Home
Red Dot Security - A weekly cybersecurity newsletter from Integris
Red Dot Security - A weekly cybersecurity newsletter from Integris

Q2 2025 Security Trends Report

  • Jan BroucinekJan Broucinek
  • August 2, 2025
  • Commentary, Red Dot Weekly

Links to items mentioned in the video presentation.

State Sponsored Breaches and Embedding

  • https://nypost.com/2025/04/10/us-news/china-acknowledges-its-role-in-years-of-cyberattacks-against-us-over-support-of-taiwan-report/
  • https://www.politico.com/news/2025/06/30/justice-department-north-korea-it-workers-00433744
  • https://www.yahoo.com/news/north-korean-operative-reveals-inner-083614595.html?guccounter=2
  • https://www.reuters.com/world/russia-backed-group-hacked-into-networks-police-nato-say-dutch-authorities-2025-05-27/
  • https://www.theregister.com/2025/05/29/china_preparing_war_mcmaster/

Fake CAPTCHA, Malvertising, and Scareware via pop-ups

  • https://www.techradar.com/pro/millions-at-risk-as-cybercriminals-successfully-compromise-popular-youtube-accounts-heres-how-to-stay-safe
  • https://www.techradar.com/pro/security/state-sponsored-actors-spotted-using-clickfix-hacking-tool-developed-by-criminals
  • https://www.techradar.com/pro/fake-pdf-converters-are-spreading-malware-to-steal-user-information-and-worse-heres-how-to-stay-secure
  • https://cybersecuritynews.com/threat-actors-manipulate-search-results/
  • https://www.bleepingcomputer.com/news/security/interlock-ransomware-gang-pushes-fake-it-tools-in-clickfix-attacks/

Phishing, Spear-Phishing, Whaling, Vishing, Quishing, and Smishing

  • https://cybersecuritynews.com/street-level-qr-phishing/
  • https://www.theguardian.com/money/2025/jun/24/police-sms-scams-blaster-texts-smishing
  • https://www.bleepingcomputer.com/news/security/3am-ransomware-uses-spoofed-it-calls-email-bombing-to-breach-networks/
  • https://www.bleepingcomputer.com/news/security/focused-phishing-attack-targets-victims-with-trusted-sites-and-live-validation/

Password Hacking, Account Takeovers, and MFA bypass

  • https://www.microsoft.com/en-us/security/blog/2025/05/01/pushing-passkeys-forward-microsofts-latest-updates-for-simpler-safer-sign-ins/
  • https://thehackernews.com/2025/05/how-browser-in-middle-attacks-steal.html?m=1
  • https://www.darkreading.com/cyberattacks-data-breaches/threat-actors-spam-bombing-malicious-motives
  • https://www.bleepingcomputer.com/news/security/hackers-target-ssrf-bugs-in-ec2-hosted-sites-to-steal-aws-credentials/
  • https://www.bleepingcomputer.com/news/security/phishing-kits-now-vet-victims-in-real-time-before-stealing-credentials/

AI, Voice-cloning, Deepfakes, and Social Engineering

  • https://www.bleepingcomputer.com/news/security/fbi-us-officials-targeted-in-voice-deepfake-attacks-since-april/
  • https://www.esecurityplanet.com/news/ai-deepfakes-surge-200-million-lost/
  • https://securityboulevard.com/2025/06/n-korean-group-bluenoroff-uses-deepfake-zoom-calls-in-crypto-scams/#google_vignette
  • https://www.scworld.com/perspective/deepfakes-have-reshaped-corporate-security-and-culture

Supply Chain Attacks

  • https://www.darkreading.com/threat-intelligence/dark-web-vendors-third-parties-supply-chains
  • https://www.bleepingcomputer.com/news/security/dragonforce-ransomware-abuses-simplehelp-in-msp-supply-chain-attack/
  • https://cybernews.com/news/marks-spencer-breach-tcs-third-party-vendor-social-engineering-attack/
  • https://www.helpnetsecurity.com/2025/05/27/third-party-breaches-increase/
  • https://www.yahoo.com/news/ghost-machine-rogue-communication-devices-050547906.html
  • https://www.theregister.com/2025/04/24/security_snafus_third_parties/

Ransomware

  • https://www.cnbc.com/2025/05/15/coinbase-says-hackers-bribed-staff-to-steal-customer-data-and-are-demanding-20-million-ransom.html
  • https://www.ransomware.live/
  • https://cyberscoop.com/verizon-data-breach-investigations-report-2025/
  • https://www.ccjdigital.com/technology/cybersecurity/article/15743432/ransomware-as-a-service-lowers-barrier-to-entry-for-cyber-threat-actors
  • https://therecord.media/ransomware-in-half-of-all-data-breaches-verizon
  • https://www.halcyon.ai/blog/hunters-international-moving-to-straight-data-extortion-attacks

Governance, Risk, and Compliance (GRC)

  • https://ermprotect.com/blog/cyber-insurance-audits-what-it-auditors-need-to-know/
  • https://www.apptega.com/blog/the-role-of-security-frameworks-in-determining-cyber-insurance-risks
  • https://connectsecure.com/blog/preparing-for-cyber-insurance-audits-with-compliance-scanners
  • https://blogs.infoblox.com/threat-intelligence/cloudy-with-a-chance-of-hijacking-forgotten-dns-records-enable-scam-actor/

Like this:

Like Loading...
Tags
# Account takeover# AI# China# Deepfake# DPRK# Fake CAPTCHA# GRC# Malvertising# Malware# PaaS# Phishing# quishing# RaaS# ransomware# smisshing# Supply Chain Attack# Threat Actor# vishing# Voice Cloning
Share this with:

Copyright © 2026 

%d