Weekly Threat Advisory: Top Cyber Threats from September 15 – September 21 2025
🚨 Weekly Cyber Threat Advisory: Confronting the Next Wave of Attacks
This week’s threat intelligence highlights a rapid escalation in the scale and complexity of cyber operations. From multi-stage malware campaigns to sophisticated phishing ecosystems and zero-day exploitation, adversaries are evolving at unprecedented speed—demanding a shift toward proactive, intelligence-led defense strategies.
🔍 Key Threat Developments
📈 Advanced Threat Actors & Modular Malware
Emerging adversary groups are deploying stealth-focused, modular malware frameworks engineered for persistence, lateral movement, and high-impact infiltration—designed to evade traditional defenses.
🔐 Ransomware Evolution & Supply Chain Risks
Modern ransomware groups now leverage double-extortion schemes, encrypting data while threatening leaks. Increasingly, they exploit third-party vendors and supply chains, amplifying systemic risk across entire ecosystems.
⚠️ High-Speed Vulnerability Exploitation
Cybercriminals are operationalizing newly disclosed CVEs within days, particularly those affecting critical infrastructure and enterprise applications—underscoring the need for agile patching and risk-based vulnerability prioritization.
🎭 Phishing Infrastructure at Scale
Phishing campaigns are powered by sophisticated toolkits that mirror trusted services with surgical accuracy. By using geolocation and device-tailored lures, attackers are achieving mass credential theft and widespread access breaches.
🧠 Adaptive, Polymorphic Malware
Adversaries are increasingly deploying runtime-morphing malware with sandbox evasion and anti-analysis techniques. Static detection is no longer effective—driving the need for dynamic, behavior-driven defense mechanisms.
🛡️ Strategic Takeaway
The cyber threat landscape is accelerating in both speed and sophistication. To stay ahead, organizations must:
- Invest in continuous threat hunting
- Prioritize rapid vulnerability management
- Evolve toward adaptive, intelligence-driven defenses
🛡️ Weekly Threat Advisory – Critical Trends Shaping the Cybersecurity Landscape
| NAME_OF_ADVERSARY | ADVERSARY_TYPE | SEVERITY | NUMBER_OF_IOC | IOC_TYPE_COUNT_SUMMARY |
| Ivanti EPMM systems | Threat Actor | High | 35 | IP–>13 | HASH–>22 |
| TA415 | Threat Actor | High | 19 | HASH–>11 | URL–>8 |
| SideWinder` | Threat Actor | High | 64 | HASH–>35 | URL–>29 |
| Akira | Ransomware | High | 2 | IP–>1 | HASH–>1 |
| BlackLock | Ransomware | High | 11 | IP–>1 | HASH–>8 | URL–>2 |
| FunkSec | Ransomware | High | 71 | DOMAIN–>11 | HASH–>52 | URL–>8 |
| GOLD SALEM | Ransomware | High | 6 | HASH–>6 |
| Kawa4096 | Ransomware | High | 12 | HASH–>9 | URL–>1 | EMAIL–>1 | OTHERS–>1 |
| LockBit 5.0 | Ransomware | High | 8 | DOMAIN–>6 | HASH–>1 | OTHERS–>1 |
| RaccoonO365 | Phishing Kit | Medium | 116 | DOMAIN–>100 | HASH–>13 | OTHERS–>3 |
| VoidProxy | Phishing Kit | Medium | 7 | IP–>1 | DOMAIN–>4 | URL–>2 |
| Axios | Phishing Campaign | Low | 9 | IP–>4 | DOMAIN–>5 |
| New_FileFix_Campaign | Phishing Campaign | Low | 21 | IP–>1 | DOMAIN–>7 | HASH–>9 | URL–>4 |
| NPM_Crypto_Heist | Phishing Campaign | Low | 8 | IP–>1 | DOMAIN–>1 | URL–>5 | EMAIL–>1 |
| Oyster | Malware_campaign | High | 7 | IP–>5 | DOMAIN–>2 |
| SEO poisoning campaign | Malware_campaign | High | 23 | IP–>4 | DOMAIN–>9 | HASH–>10 |
| AISURU | Malware | High | 20 | IP–>6 | DOMAIN–>7 | HASH–>7 |
| Banker Trojan | Malware | High | 136 | DOMAIN–>136 |
| ChillyHell | Malware | High | 13 | IP–>2 | HASH–>6 | OTHERS–>5 |
| Clickfix | Malware | High | 16 | IP–>2 | DOMAIN–>1 | HASH–>10 | URL–>3 |
| Cthulhu Stealer | Malware | High | 6 | IP–>1 | HASH–>5 |
| Maranhão Stealer | Malware | High | 44 | HASH–>40 | URL–>4 |
| NotDoor_Malware | Malware | High | 3 | HASH–>3 |
| Raven Stealer | Malware | High | 3 | HASH–>2 | URL–>1 |
| Salat Stealer | Malware | High | 11 | DOMAIN–>7 | HASH–>2 | URL–>2 |
| Shai-Hulud | Malware | High | 5 | HASH–>4 | URL–>1 |
| SilentSync | Malware | High | 5 | IP–>1 | HASH–>3 | URL–>1 |
| SmokeLoader | Malware | High | 19 | HASH–>5 | URL–>14 |
| SystemBC | Malware | High | 178 | IP–>177 | DOMAIN–>1 |
| VenomRAT | Malware | High | 9 | HASH–>8 | OTHERS–>1 |
| NightshadeC2 | C2 | Medium | 70 | IP–>24 | DOMAIN–>10 | HASH–>33 | URL–>3 |
