Today’s cybersecurity news highlights a continuing surge in ransomware sophistication, emerging threats targeting developers, and significant advancements in AI-driven browser security. These developments underscore the evolving tactics of threat actors and the critical need for organisations to stay vigilant and adaptive.

Ransomware Evolution and Financial Impact

Ransomware Gangs Adopt Shanya EXE Packer to Evade Detection

Several ransomware groups are now leveraging Shanya, a packer-as-a-service platform, to conceal their EDR (endpoint detection and response) killing operations. This technique helps ransomware evade security tools designed to detect and stop malicious activity, making attacks harder to identify and mitigate. Security teams must update detection strategies to counter increasingly sophisticated evasion methods.

Financial Crimes Enforcement Network (FinCEN) Reports Over $2.1 Billion Extorted

FinCEN’s latest report reveals ransomware gangs extorted more than $2.1 billion between 2022 and 2024. Although ransomware activity peaked in 2023, it declined in 2024 following targeted law enforcement actions against major groups like ALPHV/BlackCat and LockBit. This data highlights the ongoing financial threat ransomware poses and the tangible impact of coordinated law enforcement efforts.

US Treasury Tracks $4.5 Billion in Ransom Payments Since 2013

The US Treasury’s Financial Crimes Enforcement Network has also shared data showing a dramatic increase in ransomware payments over the last decade. This long-term view emphasises the persistent and growing nature of ransomware as a lucrative criminal enterprise, reinforcing the necessity for robust defence and incident response plans.

Emerging Threats to Developers and Web Infrastructure

Malicious Visual Studio Code Extensions Deliver Infostealers

Two malicious extensions discovered on Microsoft’s VSCode Marketplace infected developer machines with information-stealing malware capable of taking screenshots, stealing credentials, and hijacking browser sessions. As developers are prime targets due to their access to sensitive code and systems, security teams must enforce strict extension vetting and educate developers about supply chain risks.

JS#SMUGGLER Campaign Uses Compromised Sites to Deploy NetSupport RAT

A new campaign called JS#SMUGGLER has been identified using compromised websites to distribute the NetSupport Remote Access Trojan (RAT). The attack involves obfuscated JavaScript loaders and encrypted payloads, allowing attackers to stealthily gain control over victim systems. This underlines the importance of securing web infrastructure and monitoring for unusual script activity.

Rapid Exploitation of React2Shell Vulnerability

Exploitation activity against the recently disclosed CVE-2025-55182 (React2Shell) has ramped up quickly, illustrating how threat actors move fast to weaponise new vulnerabilities. Organisations using affected software components should prioritise patching and monitor for signs of compromise.

Apache Issues Updated Max-Severity CVE for Tika After Initial Patch Miss

The Apache Software Foundation has released an updated advisory and CVE for a critical flaw in the Tika library after the initial patch failed to fully address the vulnerability. This highlights the ongoing challenges in vulnerability management and the importance of thorough patch verification.

Advances in AI Browsing Security

Google Chrome Introduces New Security Layer for Gemini AI Agentic Browsing

Google Chrome is rolling out a new security architecture to safeguard its upcoming Gemini-powered agentic AI browsing features. This includes mechanisms to prevent indirect prompt injection attacks—where attackers manipulate AI prompts to perform unintended actions.

Fortifying Agentic AI Against Indirect Prompt Injection Attacks

Security enhancements in Chrome include a user alignment critic, expanded origin isolation, and mandatory user confirmations. These measures aim to ensure that AI-driven browsing behaves as intended and minimises risks posed by adversarial inputs.

Notable Law Enforcement Action

Poland Arrests Ukrainians Using Advanced Hacking Equipment

Polish authorities have detained three Ukrainian nationals suspected of attempting to disrupt IT systems and accessing sensitive defence-related data. This incident reflects the ongoing geopolitical dimension of cyber threats and the critical role of international cooperation in countering state-sponsored and advanced persistent threats.

What This Means for Security Teams and Business Leaders

The latest news stories reveal several interconnected trends: ransomware gangs are innovating to bypass defences while law enforcement action is having measurable impact; software supply chains and developer tools remain attractive targets for attackers; and AI technologies, while promising, introduce new attack surfaces requiring robust security architectures. These underscore the need for a multi-layered, proactive approach to cybersecurity.

Key Takeaways

• Ransomware operators continue to evolve, using tools like Shanya packer to evade detection, demanding updated EDR strategies.
• Despite a dip in ransomware activity, financial losses remain substantial, emphasising ongoing risk.
• Developers and software supply chains face rising threats from malicious extensions and compromised websites.
• Rapid exploitation of new vulnerabilities like React2Shell demands prioritised patching and monitoring.
• AI-powered browsing introduces fresh security challenges, prompting new protective measures in Chrome.
• Geopolitical tensions manifest in cybercrime activities, highlighting the importance of cross-border law enforcement collaboration.
• Organisations must adopt defence-in-depth, continuous monitoring, and user education to mitigate these evolving threats.