Threat Intelligence Executive Report – Volume 2025, Number 5

Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild. The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below – CVE-2025-21479 and CVE-2025-21480 (CVSS score: 8.6) – Two incorrect authorization vulnerabilities…

Today’s post is a reminder why maybe we should all wait a bit before just repeating criminals’ claims about an attack. The group known as World Leaks recently added Freedman Healthcare to their leak site, claiming to have acquired 52.4 GB of data comprising more than 42,000 files. Some news sites reporting on the listing…

A new agentic browser attack targeting Perplexity’s Comet browser that’s capable of turning a seemingly innocuous email into a destructive action that wipes a user’s entire Google Drive contents, findings from Straiker STAR Labs show. The zero-click Google Drive Wiper technique hinges on connecting the browser to services like Gmail and Google Drive to automate…

Explore the causes and consequences of ransomware in 2025 based on findings from a vendor-agnostic survey of 3,400 organizations hit by ransomware in the last year.

Esse Health has notified the Maine Attorney General’s Office that 263,601 people were affected by an incident they first disclosed in early May. Esse has 45 locations in and around the St. Louis metropolitan area. According to their notices and update of June 20, 2025, Esse first became aware of unusual activity on its system…

Moldovan law enforcement authorities have arrested a 45-year-old foreign man suspected of involvement in a series of ransomware attacks targeting Dutch companies in 2021. “He is wanted internationally for committing several cybercrimes (ransomware attacks, blackmail, and money laundering) against companies based in the Netherlands,” officials said in a statement Monday. In conjunction with the