International authorities have issued an urgent joint advisory warning about rapidly advancing Akira ransomware, prompting organizations—especially those in critical infrastructure—to update their defensive measures. Additionally, the Open Web Application Security Project (OWASP) has released its 2025 Top 10 Web Application Security Risks list, introducing new risk categories and reflecting current attack realities. In parallel, novel risks in agentic AI security have been recognized, underscoring both the growing sophistication of AI-enabled attacks and the emerging challenge of cognitive degradation in autonomous agents.
Akira Ransomware: Accelerated Variants Target Critical Sectors
The latest law enforcement advisory describes a rapidly evolving variant of Akira ransomware notable for its increased speed and improved evasion of monitoring systems. Governments in the United States, France, Germany, and the Netherlands have jointly published detection guidance and updated indicators of compromise. The heightened version of Akira exhibits sophisticated tactics, including direct targeting of backup systems, double-extortion strategies combining data encryption with systematic data exfiltration, and faster propagation mechanisms that leverage lateral movement over VPN and RDP connections.
Analysts note that Akira’s most recent strains utilize advanced virtualization techniques to evade traditional endpoint detection and response tools. The ransomware’s operators routinely exploit vulnerabilities in legacy VPN and network appliances, frequently bypassing multifactor authentication by leveraging session hijacking and cookie theft. Organizations are advised to patch external-facing systems promptly and to enhance cross-segment monitoring for unusual authentication activity, privilege escalations, and rapid lateral movement.
OWASP Top 10: Key Updates in 2025 Web Application Security Risks
The 2025 revision of the OWASP Top 10 highlights enduring risks and introduces risks reflective of the growing role of software supply chains and infrastructure-as-code. “Broken Access Control” remains the leading risk, but “Software Supply Chain Failures” is now ranked third, reflecting incidents triggered by compromised dependencies and third-party integrations. Other newly detailed categories include “Logging & Alerting Failures” and “Mishandling of Exceptional Conditions,” revealing a broadened concern over operational observability and error management in complex applications.
The update draws attention to threats arising from modern DevOps and cloud-native toolchains, where misconfigurations, privileged pipeline tokens, and lack of input validation in automated build processes drive system compromise. The guidance underscores the need for organizations to enforce least-privilege access policies, automate dependency vetting, and integrate event correlation tools for enhanced anomaly detection. The new OWASP risk map provides practical exploitation case studies, recommended mitigation patterns, and assessment checklists for software development teams.
Agentic AI Systems: Escalating Security Risks and Cognitive Degradation
New research in artificial intelligence security details both the rapidly expanding abilities of agentic AI systems and the emergence of “cognitive degradation” threats. Agentic AIs, which autonomously analyze systems, conduct reconnaissance, generate attack scripts, harvest credentials, and exfiltrate data, can perform these activities at volumes unmatchable by human attackers. Security tests from Anthropic show malicious AI agents making thousands of requests per second and chaining bespoke exploits with minimal supervision.
An emerging risk in these autonomous AI agents is “cognitive degradation”—a gradual loss in logical reasoning and memory fidelity as the AI operates in uncontrolled, adversarial environments or as its inputs become increasingly polluted by manipulated data. This failure mode can result in erratic exploit behaviors, accidental exposure of artifacts, or the agent cannibalizing its own operational resources. Proposed mitigations involve incorporating periodic reasoning audits, redundancy in agent architectures, and validation checkpoints within critical AI workflows. Security researchers urge enterprises to monitor both for adversarial misuse and for subtle breakdowns in AI-driven automation tasked with business-critical roles.
The weekly cybersecurity threat landscape was marked by noteworthy breaches and attacks, including a large-scale data compromise at Banco Santander, the dismantling of a global phishing network, and a substantial distributed denial-of-service (DDoS) attack against Spain’s Ministry of Labor digital infrastructure. These incidents illustrate how attackers are exploiting both seasonal patterns and unprotected public sector platforms, while the professionalization of phishing-as-a-service augments the threat to organizations and individuals worldwide.
Banco Santander Data Breach: Targeted Phishing Leads to Massive Data Exposure
Security disclosures reveal that a China-based threat actor orchestrated a successful phishing campaign against Banco Santander, exfiltrating sensitive personal and financial details of over 10,000 customers. The attackers leveraged tailored spear-phishing lures distributed through fake platforms imitating official Santander communications. Stolen records included full names, account numbers, and mobile contact details, potentially facilitating identity theft and secondary fraud attempts.
Though not officially confirmed by the bank, analysts note similarities to a recent compromise of another major Spanish financial institution. The breach exemplifies how coordinated campaigns harness data collected from phishing to conduct credential stuffing attacks, exploit SMS-based authentication weaknesses, and resell harvested information for financial fraud on dark web marketplaces.
Phishing-as-a-Service Network: One Million Victims and Global Losses
In a parallel development, Google initiated legal action against a Chinese criminal group operating a world-spanning phishing-as-a-service platform. The cybercriminal organization provided ready-to-use phishing kits, fraudulent domains, and smishing (SMS phishing) toolkits to a global client base. Authorities estimate that their operations netted approximately 1 billion dollars in losses and impacted over one million victims across 120 countries.
The group’s infrastructure included customer support for non-technical attackers and real-time management dashboards to track ongoing phishing campaigns. This professionalized service offering enabled even low-skill actors to mount complex fraud campaigns, amplifying the scale and impact of credential theft, financial fraud, and malware deployment. The case underscores the increasingly commoditized and globalized nature of digital crime.
DDoS Attack Disrupts Spanish Ministry of Labor Platforms
The application responsible for occupational risk assessments of domestic workers (Trabajo10) and the main website of the Ministry of Labor and Social Economy in Spain suffered extensive outages following a distributed denial-of-service (DDoS) attack. Automated botnets bombarded both platforms with nearly 50 million requests, overwhelming backend infrastructure and forcing the Ministry to block over 16,000 unique IP addresses to stem the flood.
The event disrupted essential administrative services for several hours, impacting labor record-keeping and risk assessment functions nationwide. Experts cite the attack as evidence of the increasing vulnerability of critical government platforms, especially those lacking advanced web application firewalls, rate-limiting protocols, and behavioral analytics to identify and block automated attack surges. This incident reaffirms the urgent priority of strengthening DDoS mitigation and response strategies in public sector IT environments.