New ransomware groups rise. Infostealers surge. Firewall exploits persist.
PDI’s latest threat intelligence reveals NightSpire’s rapid emergence, dark web listings nearly doubling, and evolving exploit tactics targeting edge devices. Get actionable insights to protect what matters most.
Hover over tiles to learn more
APRIL THROUGH JUNE
Q2 2025 in Review
Q2 2025 revealed a dramatic spike in dark web listings, the emergence of new ransomware groups, and continued targeting of VPNs, firewalls, and edge devices.
Total Publications
Daily Publications
Change from Q1
Ransomware extortion publications dipped 11.10% from Q1, with 1,946 incidents recorded. Despite the decline, new actors like NightSpire drove notable activity.
Total Listings
Vidar Increase
Total Increase from Q1
Dark web marketplace activity nearly doubled, driven by Vidar’s return and Lumma’s rebound. Listings jumped by 99.36%, including a 2,290% surge in Vidar-related entries.
Events
Unique Exploits
Change from Q1
Q2 exploit activity saw a 28.77% decrease, but edge devices remain highly targeted. Cisco WLC vulnerability (CVSS 10) was a major concern with PoC code in circulation.
As PDI's Director of Security Operations, Justin Heard is at the helm of the company's key security initiatives, encompassing incident response, threat hunting and cyber intelligence. With over 16 years of experience in cybersecurity, including roles such as threat hunter, incident commander and intelligence analyst, Justin has a deep understanding of the cybersecurity domain. His leadership is instrumental in bolstering PDI’s defenses and adapting to the rapidly changing landscape of cyber threats.
Before his tenure at PDI, Justin enhanced his skill set in the defense sector, serving as a network administrator and security engineer. Justin has an associate degree in Computer Networking Systems from ITT Tech.
Josh is a supervisor of threat intelligence at PDI who works closely in organizational threat landscapes, curating threat intelligence, and authoring PDI’s Quarterly Threat Landscape Report. Josh holds a Master’s degree in Cybersecurity Technology. Previously he served with the U.S. Navy as an Operations Specialist with 14 years of service. Josh has been quoted in Forbes, CSO Online, Channel Futures, Dark Reading, and others.