Over the last several months, a number of notable public cybersecurity developments have occurred—illustrating the rapidly changing world of digital threats today. When Quarkslab announced the creation of dangerous flaws over multiple embedded systems in June 2025, the cybersecurity community dropped everything and jumped into action. Cybercriminals have recently begun making powerful new infostealers available for sale on underground forums. This unprecedented wave of development has sent up red flags for groups here and abroad.
The U.K.’s National Cyber Security Centre (NCSC) has seen an 80 percent increase in cyber incidents identified. This ironic trend makes the situation even worse. Between September 2024 and August 2025, the UK’s National Cyber Security Centre (NCSC) categorized 204 cyber incidents as “nationally significant.” This is a shocking 130% increase over last year. As hackers are more creative and more aggressive every day, the stakes for connected businesses and people couldn’t be higher.
Quarkslab’s Discoveries and Exploits
Quarkslab’s discovery in mid-2025 is crucial to understand vulnerabilities that are being potentially exploited by cybercriminals. The company published a full proof-of-concept exploit, showing off all the vulnerabilities found. These disclosures are vital for companies to assess risks and take appropriate protective measures before harm occurs.
“The weakness of LLMNR and NBT-NS is that they accept responses from any device without authentication.” – Resecurity
These vulnerabilities allow attackers on the same network to respond to name resolution requests, tricking systems into sending authentication attempts. This manipulation allows attackers to bypass normal defensive layers and gain access to sensitive data, allowing attackers to laterally traverse networks without having to exploit software vulnerabilities.
“Using tools such as Responder, the attacker can capture NTLMv2 hashes, usernames, and domain details, which can then be cracked offline or relayed to other services.” – Resecurity
The potential ramifications of such exploits are enormous. Organizations need to be alert and proactive in protecting their organization against these growing threats and risks.
Malware as a Service and Emerging Threats
With the development of Malware as a Service (MaaS), a new aspect of cybercrime has emerged. Today, hackers are peddling infostealers on underground forums. This lowers the bar for anyone—including those with no or limited technical skills—to become highly effective perpetrators of targeted attacks. This commodification of malware lowers barriers to entry for aspiring cybercriminals.
Kaspersky recently released the analysis of Maverick, a new banking trojan targeting Brazilian users. We’ve tracked this trojan’s spread via a WhatsApp worm that we have dubbed SORVEPOTEL. This malware was found to have considerable code similarities with a previous trojan dubbed Coyote. This new and alarming development is a reminder that cyber threats are constantly changing.
“Hackers don’t always break systems anymore — they use them.” – The Hacker News
The change from simply stealing information to using systems for societal control and domination is the next step in a horrifying evolution of technology. Cybercriminals are more motivated than ever before to exploit systems for monetary profit and control over people’s lives.
In addition, as reported at mid-June 2025, over 800 illegal domains have been shut down, showing the consistent fight against cybercrime. The Assetnote team at Searchlight Cyber have been instrumental in exposing CVEs on widely used platforms. Earlier this month, Adobe stepped up to respond to these complaints.
The Extent of Cyber Incidents and Responses
The proliferation of cyber incidents is alarming. The NCSC’s 2022 report documenting 204 major incidents underscores the need for improved security in all sectors. This rise is a reflection of the global reality that cyber threats are everywhere today.
Furthermore, a particularly prickly find was some 200,000 Linux desktops deployed with signed UEFI shell files. These elements might be manipulated to undermine Secure Boot safeguards, threatening significant compromises to system integrity.
“This command, present in many UEFI shells, provides direct read and write access to system memory. While this capability is essential for legitimate diagnostics, it’s also the perfect tool for bypassing every security control in the system.” – Eclypsium
As companies struggle to address these exposures, the participation of Zhi, a cybercrime crime lord, adds fuel to the fire. Allegedly still at large, Zhi’s interconnected global network is known to be behind extensive extortion campaigns targeting hundreds of organizations—including Qantas and Fujifilm. As of writing, the extortion crew has released information from six of the intended victims.
Cryptocurrency balances linked to illicit activities have reportedly exceeded $75 billion. This further underscores the ways in which cybercriminals misuse digital currencies to further their illegal activities.
Alongside these challenges, Google’s “Sign in with Mobile Number” feature poses an additional threat to the integrity of accounts. Users can sign in to their Google Accounts without a password at all, using only the lock-screen passcode of their last device to prove their identity.
“All you need is the lock-screen passcode from your previous device for verification, no password needed.” – Google
This approach is much easier, but it can put users at more risk if their old devices are already hacked.