Major Incidents or Breaches

• Cloudflare mitigated a record-breaking 29.7 Tbps distributed denial-of-service (DDoS) attack attributed to the Aisuru botnet, which leveraged up to 4 million infected hosts and launched over 1,300 attacks in three months.
• Marquis Software Solutions reported a data breach impacting over 74 US banks and credit unions.
• French retailer Leroy Merlin disclosed a data breach that compromised customer personal data in France.
• Freedom Mobile, a major Canadian wireless carrier, suffered a breach exposing customer data after attackers accessed its customer account management platform.
• The University of Phoenix and the University of Pennsylvania confirmed data breaches linked to the exploitation of vulnerable Oracle E-Business Suite instances in a campaign attributed to the Clop ransomware group.
• WordPress sites using the King Addons for Elementor plugin are being actively compromised via exploitation of a critical vulnerability (CVE-2025-8489), allowing attackers to create admin accounts and take over sites.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Coupang, a major South Korean e-commerce platform, suffered a data breach compromising the personal information (names, addresses, email addresses, and phone numbers) of 33.7 million users over a five-month period.
• The University of Pennsylvania confirmed a data breach after attackers stole documents containing personal information from Oracle E-Business Suite servers in August.
• Korean authorities arrested four individuals for hacking over 120,000 IP cameras and selling intimate footage to a foreign adult site.
• The Shai-Hulud 2.0 npm malware attack exposed up to 400,000 developer secrets after infecting hundreds of npm packages and publishing stolen data in 30,000 GitHub repositories.
• Five Chrome and Edge browser extensions, with over 4 million installs, turned malicious after years of benign operation, acting as spyware and tracking users.
• Microsoft Defender XDR portal experienced a prolonged outage, disrupting access to security alerts and threat hunting capabilities for over 10 hours.
• OpenAI’s ChatGPT service suffered a global outage, with users unable to access conversations.
• Yearn Finance’s yETH pool on Ethereum was exploited for approximately $9 million via a critical vulnerability.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Coupang, South Korea’s largest retailer, suffered a data breach impacting 33.7 million customers, exposing personal information.
• The CodeRED Emergency Alert Platform was shut down following a cyberattack attributed to the Inc ransomware gang, which claims to have stolen sensitive subscriber data.
• The open-source SmartTube YouTube app for Android TV was compromised after an attacker accessed the developer’s signing keys, resulting in a malicious update being distributed to users.
• OpenAI experienced a data breach that resulted in exposure of sensitive information, as reported in recent threat intelligence updates.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Asahi Group Holdings, Japan’s largest beer producer, has confirmed that a September cyberattack resulted in a data breach affecting up to 1.9 million individuals. The breach exposed personal information, including names, addresses, phone numbers, and email addresses.

Newly Discovered Vulnerabilities

• The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2021-26829, a cross-site scripting (XSS) vulnerability in OpenPLC ScadaBR, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw is being actively exploited.

Notable Threat Actor Activity

Major Incidents or Breaches

• Asahi Group Holdings, Japan’s largest beer producer, confirmed a data breach affecting up to 1.9 million individuals following a September cyberattack.
• The French Football Federation (FFF) disclosed a data breach after attackers accessed administrative management software using a compromised account, resulting in the theft of member data.
• A security engineer discovered over 17,000 exposed secrets—including credentials and API keys—across more than 2,800 unique domains in public GitLab repositories.
• A 44-year-old individual was sentenced to over seven years in prison for operating “evil twin” WiFi networks at Australian airports to steal travelers’ data.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• The French Football Federation (FFF) disclosed a data breach following a cyberattack in which attackers used a compromised account to access administrative management software. Member data was confirmed stolen.
• More than 17,000 secrets were found exposed in public GitLab repositories, spanning over 2,800 unique domains, following a scan of all 5.6 million public GitLab Cloud repositories.
• A man was sentenced to over seven years in prison for operating “evil twin” WiFi networks to steal data from travelers at Australian airports.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• OpenAI disclosed a data breach affecting ChatGPT API customers, resulting from a compromise at third-party analytics provider Mixpanel. Limited identifying information of API customers was exposed. Multiple Mixpanel customers were impacted by the incident.
• Asahi, a Japanese company, suffered a ransomware attack that resulted in the theft of personal information of customers and employees, impacting approximately 2 million individuals and significantly disrupting operations.
• The CodeRED emergency alert system in the US experienced a ransomware attack, leading to a nationwide outage and a data breach, putting millions at risk.
• Amazon and the FBI have issued warnings regarding a surge in account takeover attacks targeting holiday shoppers, with scammers impersonating brands to gain access to user accounts.

Notable Threat Actor Activity

Major Incidents or Breaches

• Gainsight has expanded its list of impacted customers following a recent security alert from Salesforce, indicating the breach affected more customers than initially disclosed.
• Multiple London councils, including the Royal Borough of Kensington and Chelsea and Westminster City Council, have experienced IT service disruptions due to a cyberattack.
• Comcast will pay a $1.5 million fine after a vendor data breach in February 2024 exposed the personal information of nearly 275,000 customers.
• Dartmouth College confirmed a data breach resulting from an Oracle hack, with over 226 GB of files stolen and leaked.
• The OnSolve CodeRED emergency alert platform in the US was disrupted by a ransomware attack from the Inc Ransom group, resulting in operational impact and data breach.
• Thousands of secrets, including credentials and private keys, were leaked by users of JSONFormatter and CodeBeautify code formatting platforms.
• A major sportswear company was targeted by a high-volume phishing campaign between 29 and 30 October 2025, as detected by KnowBe4 analysts.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Dartmouth College disclosed a data breach after the Clop extortion gang leaked data allegedly stolen from Oracle E-Business Suite servers.
• The OnSolve CodeRED platform suffered a cyberattack disrupting emergency notification systems used by state and local governments, police departments, and schools across the US.
• Major US banks were impacted by a hack of SitusAMC, resulting in the theft of corporate data such as accounting records and legal agreements. No ransomware was deployed.
• Harvard University confirmed a compromise of a system containing alumni, donor, student, and staff information, following a phone phishing attack.
• Researchers identified that years of credential leaks—including passwords and API keys—originated from organizations pasting sensitive data into public online tools like JSONFormatter and CodeBeautify, affecting banks, governments, and tech firms.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• SitusAMC, a major real-estate finance services provider, disclosed a data breach impacting customer data.
• Harvard University reported a compromise of its Alumni Affairs and Development systems via a voice phishing attack, resulting in exposure of personal data of students, alumni, donors, and staff.
• Delta Dental of Virginia suffered a breach affecting 146,000 individuals, with names, Social Security numbers, ID numbers, and health information stolen from a compromised email account.
• Spanish airline Iberia notified customers of a data breach following claims of 77GB of stolen data.
• Multiple organisations, including Canon, Cox, and Mazda, have been named as victims in the Oracle E-Business Suite (EBS) extortion campaign, with Cox confirming over 1.6 TB of data was stolen and Canon confirming subsidiary impact. Mazda reported no data leakage or operational impact.
• Illegal streaming devices (e.g., Superbox, modded Amazon Fire TV Sticks) have been implicated in widespread scams, data theft, and integration into botnets.
• Russian-linked threat actors are distributing StealC V2 infostealer malware via malicious Blender 3D model files uploaded to online marketplaces.
• CISA issued a warning about active spyware campaigns targeting high-value Signal and WhatsApp users, leveraging commercial spyware and remote access trojans (RATs).

Newly Discovered Vulnerabilities