Threatsploit Adversary Report December 2025
Detailed intelligence on modern attack chains including AI-assisted exploitation, living-off-the-land tactics, ransomware evolution, malicious npm and VS Code packages, mobile RATs, cloud and containe...
Most breaches didn’t start with an alert. They started by blending in.
Recent cyber incidents show attackers avoiding noisy exploits and instead abusing trusted tools, legitimate platforms, and everyday workflows. Many compromises unfolded quietly, leaving security teams unaware until data was stolen, systems were encrypted, or access was deeply entrenched.
This edition highlights how small gaps in identity, configuration, and trust are being chained into full-scale compromise across industries.
1. AI Browser Memory Injection
Attackers planted persistent hidden commands inside AI browser sessions, triggering malicious actions later without user awareness.
2. Hybrid Ransomware on Windows
Qilin ransomware deployed Linux-based payloads on Windows systems using stolen credentials and vulnerable drivers to bypass traditional defenses.
3. Developer Supply-Chain Attacks
Malicious npm packages and VS Code extensions quietly harvested credentials, impacting thousands before detection.
4. LinkedIn-Based Phishing
Threat actors shifted phishing from email to LinkedIn messages, reaching users directly on corporate devices.
5. Living-Off-The-Land Techniques
Adversaries relied on legitimate system tools and webshells to move laterally, evade detection, and exfiltrate data over time.
Need Help Responding to These Threats?
Talk to our CREST-certified threat intelligence and incident response experts today