The past quarter saw relentless activity in the global cyber domain. From critical vulnerabilities exploited within days of disclosure, to the continued evolution of ransomware groups and nation-state actors, defenders faced a complex and shifting threat environment that demanded both speed and resilience.
Q3 was marked by a zero-day exploitation of Microsoft SharePoint servers and multiple critical vulnerabilities in Cisco products, both leveraged in rapid mass-exploitation campaigns. The race between disclosure and exploitation has never been tighter, with many organizations caught in the gap.
Beyond direct exploits, the Salesloft supply chain breach highlighted the growing fragility of trust in interconnected SaaS ecosystems. Attackers weaponized legitimate update and integration mechanisms, serving as a stark reminder that even trusted vendors can become an attack vector.
Ransomware groups like LockBit, Black Basta, and Qilin refined their extortion tactics, expanding their targeting toward critical services, manufacturing, and healthcare sectors. Notably, we observed an uptick in double- and triple-extortion methods, blending data theft, leaks, and sustained harassment of victims.
