intelligence gathering

The year 2025 is a year of "unprecedented complexity" in the field of cybersecurity. With the rapid development and large-scale application of artificial intelligence (AI) technology, cyber threats will present unprecedented complexity and scale. This report analyzes the new posture of global cyberattacks, typical security incidents, AI security threats, and corresponding risk management strategies in 2025, providing technical references and decision-making basis for AI engineers, security engineers, and chief security officers (CSOs).

AI development-driven IDEs such as Cursor, Windsurf and Google Antigravity are at risk of supply chain attacks due to configuration file flaws inherited from VSCode. The three platforms, which collectively have more than a million users, have an automated recommendation mechanism for extensions that could be exploited by an attacker to push malicious code to developers by polluting the OpenVSX extension marketplace. The vulnerability allows an attacker to register undeclared extension namespaces and upload malicious extensions to gain SSH keys, AWS credentials, and source code access without traditional social engineering. The risk's impact surface highlights an emerging attack vector in the developer toolchain and marks the formal inclusion of IDE extensions in the MITRE ATT&CK framework.

As AI evolves from mere "Chatbots" to "Agentic AI" with autonomous planning, decision-making and execution capabilities, the attack surface of applications has fundamentally changed. In contrast to traditional LLM ...

With the widespread penetration of Large Language Models (LLM) and Generative Artificial Intelligence (GenAI) in enterprise applications, the traditional software security paradigm based on deterministic logic is struggling to cope with new stochastic threats such as model inversion, data poisoning, and cue word injection.Google's Secure AI Framework (SAIF), to be launched in 2023, proposes a systematic defense architecture that aims to combine traditional Cybersecurity best practices with the specificities of Artificial Intelligence (AI) systems. The Secure AI Framework (SAIF), launched by Google in 2023, proposes a systematic defense architecture that aims to combine the best practices of traditional cybersecurity with the specificities of AI systems. In this paper, we will analyze the six core pillars, ecological synergy mechanism and evolution path of SAIF from the perspective of architectural design, providing theoretical and practical references for the construction of enterprise-level AI security system.

Group-IB researchers observed a threat actor named Bloody Wolf launching a cyberattack campaign against Kyrgyzstan targeting the delivery of the NetSupport RAT beginning in June 2025.By early October 2025, its attacks expanded to Uzbekistan. By masquerading as the Kyrgyz Ministry of Justice, the attackers utilized official-looking PDF documents and domains, which in turn hosted malicious Java Archive (JAR) files designed to deploy the NetSupport RAT. The attack uses social engineering and easy-to-access tools via phishing emails to trick recipients into clicking on a link to download a malicious JAR loader file and install the Java Runtime, which in turn executes the loader in order to obtain the NetSupport RAT and establish persistence. Geofencing restrictions were also added to the attack against Uzbekistan.

CVE-2025-47812 is an extremely high-risk vulnerability with a confirmed exploit in the wild. Due to its low threshold of exploitation and high destructive power, it is recommended that all organizations using Wing FTP Server give it the highest priority for disposal, and must complete version upgrades or implement effective traffic blocking policies as soon as possible.

The Apple iMessage Zero-Click vulnerability allows an attacker to remotely compromise a device by sending a maliciously crafted iMessage message without user interaction. It has been exploited by Graphite spyware to launch attacks against journalists.

The vulnerability stems from the V8 TurboFan compiler's incorrect handling of dynamic index loading when performing store-store elimination optimization, which leads to misclassification of alias relationships and incorrect elimination of critical store operations, which in turn leads to memory access out-of-bounds. An attacker can construct a specially crafted HTML page to induce user access, trigger malicious JavaScript code execution, exploit the vulnerability to achieve remote code execution and sandbox escape, and ultimately take full control of the victim's device.

Aim Security has discovered the "EchoLeak" vulnerability, which exploits a design flaw typical of RAG Copilot, allowing an attacker to automatically steal any data in the context of M365 Copilot without relying on specific user behavior. The main attack chain consists of three different vulnerabilities, but Aim Labs has identified other vulnerabilities during its research that may enable exploitation.

A new proof of concept (PoC), identified as CVE-2025-21298, has been released for a Microsoft Outlook zero-click remote code execution (RCE) vulnerability in Windows Object Linking and Embedding (OLE).