Remember when the Internet of Things (IoT) was primarily about devices like smart speakers, thermostats, and connected lightbulbs? Today, IoT extends far beyond our homes — into our factories, hospitals, energy grids, and even the defense sector. Securing these devices is now a matter of national security.

I'd like to thank my coauthors, Victor Vrabie, Adrian Schipor, and Martin Zugec, for their invaluable contributions to this research. TL;DR A Chinese APT group compromised a Philippine military company using a new, fileless malware framework called EggStreme. This multi-stage toolset achieves persistent, low-profile espionage by injecting malicious code directly into memory and leveraging DLL sideloading to execute payloads. The core component, EggStremeAgent, is a full-featured backdoor that enables extensive system reconnaissance, lateral movement, and data theft via an injected keylogger. 

Ransomware groups continue to evolve their tactics, but few have made as sharp an impact in 2025 as SafePay. Once a lesser-known player, the group has surged into prominence by quietly amassing hundreds of victims across the globe. In June, SafePay topped Bitdefender’s Threat Debrief rankings after claiming 73 victim organizations in a single month, and the group followed up with 42 more victims in July—its second-highest monthly tally to date.

One of the greatest challenges in cybersecurity is the constant evolution of threats. While the threat landscape changes frequently, a significant amount of publicly available information is a cumulative summary of threats from the last decade. This makes it difficult for security professionals to prioritize and focus on the attacks that are happening right now, and not the ones from past years. 

Threat actors are pushing boundaries—and we’re pushing back.

Data reveals an AI reality check, mounting pressure to remain silent after a breach, and an increased focus on reducing the attack surface. Bitdefender’s 2025 Cybersecurity Assessment Report provides a timely, data-focused snapshot of the current state of cybersecurity. Two data sources drive the findings: an independent survey of more than 1,200 IT and security professionals across the U.S., U.K., France, Germany, Italy, and Singapore; and a Bitdefender Labs analysis of 700,000 cyber incidents. This year, the third annual report reveals critical truths behind today’s evolving risks, internal challenges, and operational blind spots.

This article shares initial findings from internal Bitdefender Labs research into Living off the Land (LOTL) techniques. Our team at Bitdefender Labs, comprised of hundreds of security researchers with close ties to academia, conducted this analysis as foundational research during the development of our GravityZone Proactive Hardening and Attack Surface Reduction (PHASR) technology. The results reveal adversaries' persistent and widespread use of trusted system tools in most significant security incidents. While this research was primarily for our internal development efforts, we believe these initial insights from Bitdefender Labs are valuable for broader understanding and we are sharing them now, ahead of a more comprehensive report.