What’s Trending: Top Cyber Attacker Techniques, June–August 2025

Executive summary: This report details active, high-impact malware and ransomware campaigns (Oyster, Gamarue, Akira, Lumma, Qilin, GLOBAL) exploiting unpatched internet-facing vulnerabilities and trusted tools (rundll32, RDP, SMB), with AI/automation scaling SEO-poisoning and negotiation capabilities, a dramatic spike in unauthorized IP‑KVM device abuse, and extremely fast attacker escalation (average breakout 18 minutes; some incidents as fast as 6 minutes) that threaten critical sectors such as healthcare and utilities.