The cyber threat ecosystem is undergoing a structural transformation starting in the last quarter of 2025. The use of artificial intelligence by attackers not only as an advisor but also as an operator is no longer a theory; it is a verified, attributed, and repeated reality. The actor activities we’ve been monitoring at Cyberthint indicate that discovering 0-days is no longer a specialized task that takes months, but has become a process that can be automated in a matter of minutes.
We discovered a new BEC infrastructure: What happens when a 20-year-old domain is used in a BEC attack? An analysis of a phishing attack using a malicious SVG File.
KarstoRat (Remote Access Trojan) is an advanced modular malware consisting of 7 different modules, first detected in February 2026. This malware is designed for cyber espionage and financial gain and has been found to operate through a C2 infrastructure located in Germany.