What You Need to Know About Cyber Threats in Q2 of 2025

Ransomware campaigns have ramped up aggressively, unleashing chaos in critical industries. Phishing attacks have grown smarter and more deceptive than ever before, fooling even the most vigilant users. Zero-day vulnerabilities have been exploited with alarming speed, putting countless networks at risk before patches could be applied.

The cyber battlefield is evolving fast. If you want to stay one step ahead of hackers and keep your organization secure, you need to know exactly what’s happening right now, what threats are rising, how attackers are adapting, and most importantly, what you can do today to defend your digital borders.

Let’s dive into last quarters threat landscape, decode the latest attack tactics, and equip you with the insights and actions that truly make a difference.

Ransomware Strikes Back: CrimsonCrypt on the Rise

The last 3 months brought a sharp and unsettling spike in ransomware activity, with attacks by the emerging threat group CrimsonCrypt soaring by over 40%. This isn’t just a numerical uptick, it’s a full-blown offensive targeting the backbone of modern industry: manufacturing facilities and industrial control systems (ICS).

CrimsonCrypt has shown a clear playbook: infiltrate networks through weak remote access points, escalate privileges quickly, and then lock down production environments with military-grade encryption. Victims are often left paralyzed, forced to halt operations entirely while attackers demand multimillion-dollar ransoms in exchange for decryption keys.

In several documented cases, factories experienced complete production stoppages, late deliveries, and severe reputational damage. What’s worse, these attacks often go undetected until it’s too late, once systems are locked and operational downtime is costing thousands by the minute.

The message is clear: reactive cybersecurity is no longer enough.
Organizations in the manufacturing sector must adopt real-time threat detection, deep network visibility, and automated response mechanisms to identify and contain intrusions before damage is done.

This is exactly where Redborder’s NDR platform steps in providing anomaly-based detection across east-west traffic, so even the stealthiest moves by CrimsonCrypt or any ransomware actor don’t go unnoticed.

Zero-Day Vulnerability in VPN Software

A critical zero-day vulnerability (CVE-2025-XYZ123) affecting widely-used VPN software has been actively exploited in the wild. Attackers are leveraging this flaw to gain remote access, often as a first step to deploying ransomware. If your organization uses this VPN solution, patching immediately is essential.

Phishing and Social Engineering Still Dominate

Phishing continues to dominate as the most common entry point for cyberattacks, with 65% of incidents originating from carefully crafted emails designed to deceive. These aren’t your typical spam messages,  attackers are impersonating trusted vendors, internal departments, and even senior executives, using realistic logos, signatures, and language tailored to their targets.

What makes these phishing campaigns especially dangerous is their growing sophistication. Some emails now bypass basic spam filters entirely, delivering malicious links or attachments that appear completely legitimate to the untrained eye. One wrong click can hand over login credentials, give attackers access to critical systems, or even deploy malware silently in the background.

The human element remains the weakest link, but also one of the easiest to strengthen. Organizations must go beyond one-time awareness sessions. Ongoing, realistic phishing simulations, combined with real-time behavioral detection tools, are crucial to reducing risk.

Redborder’s behavioral analytics engine monitors user activity and flags suspicious patterns before a simple mistake becomes a full-blown breach. Prevention starts with awareness, but it ends with visibility, speed, and control.

Supply Chain Attacks: A Growing Concern

We also observed increased attempts to breach logistics companies through third-party software vendors. Supply chain attacks remain a complex threat that requires rigorous vendor risk management and continuous network monitoring.

Real-World Impact: Incident Highlights

Ransomware Contained: European Manufacturing Plant Saved from Catastrophe

In mid-May, a well-known European manufacturing plant became the target of a ransomware campaign linked to the CrimsonCrypt group. Attackers gained access by exploiting an unpatched zero-day vulnerability in the company’s VPN infrastructure — a blind spot that could have easily gone unnoticed.

Once inside, the attackers began moving laterally, mapping the internal network and attempting to gain control over industrial control systems (ICS). However, Redborder’s Network Detection and Response (NDR) platform immediately flagged the unusual traffic behavior — including credential misuse and data exfiltration patterns — that traditional firewalls and antivirus tools missed.

Thanks to Redborder’s real-time behavioral detection and automated response, the security team was able to:

• Instantly isolate affected segments of the network
• Prevent the ransomware payload from spreading to critical systems
• Avoid a complete production halt, saving millions in potential downtime

What could have been a crippling multi-day outage was reduced to a few hours of controlled containment — no ransom paid, and operations back online by the next shift.

Phishing Blocked: Financial Firm Protects Sensitive Client Data

Meanwhile, a mid-sized financial services firm faced a different kind of threat: a highly targeted phishing email disguised as an internal IT alert, requesting users to “reset their credentials” via a malicious link. The email was convincing enough to bypass the company’s basic spam filters and land directly in employee inboxes.

But before any damage was done, Redborder’s AI-driven behavioral analytics detected anomalies in user behavior — including failed login attempts from suspicious IPs and irregular access requests to restricted areas of the network. The platform immediately flagged the threat, allowing the firm’s SOC team to:

• Identify and alert the user before credentials were entered
• Block the malicious domain at the network level
• Launch a full investigation and educate the targeted employee

The attack was neutralized before any data was stolen, and the organization’s reputation — and regulatory compliance — remained intact.

What’s Trending in Cyber Threats?

• Phishing emails increased by 25% compared to last month, signaling more aggressive social engineering campaigns.
• Attackers are reducing their dwell time post-compromise by 15%, meaning they’re moving faster and becoming more efficient.
• Redborder flagged a 30% increase in suspicious IP addresses, highlighting the expanding threat surface.

How Redborder Helps You Stay Ahead

This month, Redborder introduced a major enhancement to our threat detection engine: a new behavioral anomaly model that delivers a 20% boost in zero-day threat identification. It’s built to catch what traditional systems miss, subtle, unpredictable attacker behaviors that signal trouble before a signature ever exists.

When combined with our automated isolation capabilities, this upgrade dramatically shortens response time, enabling security teams to contain threats in minutes, not hours.

As attackers evolve, so must our defenses. This upgrade arms your organization with sharper visibility, faster action, and stronger resilience against the threats of tomorrow.

Recommendations for Your Security Team

• Patch immediately: Address the critical VPN vulnerability and any ICS-related weaknesses.
• Train your team: Regular phishing simulations help employees recognize and report suspicious emails.
• Segment your network: Strong network segmentation limits attackers’ lateral movement.
• Leverage AI-driven tools: Solutions like Redborder enable early detection and automated response to threats.