Major Incidents or Breaches

• Wealthsimple, a Canadian online investment management service, disclosed a data breach involving the theft of personal data from an undisclosed number of customers.
• Multiple cybersecurity firms, including Proofpoint, SpyCloud, Tanium, and Tenable, were affected by a breach involving their Salesforce instances, with attackers accessing stored information.
• Nexar’s dashcam video database was compromised, exposing video recordings from vehicle-mounted cameras.
• The City of Baltimore was reported to have sent $1.5 million to a scammer in a cyber fraud incident.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• PowerSchool Data Breach: Texas Attorney General filed a lawsuit against PowerSchool following a December breach that exposed the personal information of 62 million students, including 880,000 Texans.
• Chess.com Data Breach: Chess.com disclosed a breach after threat actors accessed a third-party file transfer application, compromising user data.
• Bridgestone Cyberattack: Bridgestone confirmed a cyberattack affecting manufacturing operations in North America; details of the attack vector remain under investigation.
• Wytec Website Hack: Wytec’s website was defaced twice by unknown actors and remains offline, with the company anticipating significant financial losses.
• Salesloft Drift Supply Chain Attack: Multiple high-profile customers reported data breaches linked to a recent supply chain attack involving Salesloft Drift, though the full impact is still unclear.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Jaguar Land Rover experienced a severe cyberattack, forcing the disconnection of systems and causing significant disruption to both retail and manufacturing operations.
• Workiva, a major SaaS provider, disclosed a data breach after attackers accessed customer data via a compromised third-party Salesforce CRM system.
• Multiple security firms, including Cloudflare, Palo Alto Networks, and Zscaler, were impacted by a breach involving Salesforce, Salesloft, and Drift, resulting in the exposure of customer contact information and case data.
• The Pennsylvania Attorney General’s office confirmed a ransomware attack that caused weeks-long outages of email, phone, and web services. No ransom was paid.
• Wiz Research reported a data leak at Chinese AI company DeepSeek, exposing over 1 million sensitive log streams.
• The US Department of Justice filed a lawsuit against Apitor Technology for exposing children’s geolocation data to a Chinese third party without consent.
• Disney agreed to pay $10 million to settle US FTC claims regarding the improper collection of children’s data on YouTube.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Salesloft Drift Supply Chain Attack: Multiple organizations, including Cloudflare, Palo Alto Networks, and Zscaler, were impacted by a supply chain attack stemming from the compromise of OAuth tokens via Salesloft Drift, a marketing SaaS application. Attackers leveraged the compromised tokens to access Salesforce instances, exposing customer data and support cases.
• Jaguar Land Rover Cyberattack: Jaguar Land Rover reported a cyberattack that severely disrupted production and required the shutdown of certain systems.
• Evertec/Sinqia Attempted Bank Heist: Hackers breached Sinqia S.A., the Brazilian subsidiary of fintech firm Evertec, and attempted to steal $130 million via unauthorized access to the central bank’s Pix real-time payment system.
• Pennsylvania Attorney General’s Office Ransomware Attack: The Pennsylvania AG’s office confirmed a ransomware attack responsible for a two-week service outage.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Zscaler experienced a data breach after threat actors accessed its Salesforce instance via compromised third-party platforms (Salesloft and Drift), resulting in the exposure of customer information, including support case contents.
• The breach at AI chatbot maker Salesloft continues to have repercussions, with mass theft of authentication tokens affecting numerous organisations that integrate Salesloft with Salesforce.
• Amazon researchers disrupted an operation by Russian state-sponsored threat group Midnight Blizzard (APT29), who were targeting Microsoft 365 accounts and data.
• American consumer credit reporting agency TransUnion was listed among the week’s top attacks and breaches.

Newly Discovered Vulnerabilities

Newly Discovered Vulnerabilities

• Wireshark 4.4.9 has been released, addressing five bugs. No CVEs or critical vulnerabilities were specified in the release notes.
• A bug was reported in the pdf-parser tool causing errors when dumping all filtered streams. This issue could impact the reliability of forensic or malware analysis workflows relying on the tool.

Trends, Tools, or Tactics of Interest

• OpenAI is testing a “Thinking effort” picker for ChatGPT, allowing users to select the level of reasoning or computational effort applied to responses. This may have future implications for AI-driven security automation and analysis tools.

Major Incidents or Breaches

• TransUnion Data Breach: TransUnion disclosed a data breach affecting 4.4 million US consumers. The incident stemmed from a compromise of a third-party application used for consumer support operations.
• Nevada Ransomware Attack: The State of Nevada confirmed a ransomware incident that led to widespread service disruptions, office closures, and data theft. The state is collaborating with CISA and law enforcement to restore services.
• Google Workspace Accounts Compromised: Google confirmed that the OAuth token compromise involved in the Salesforce–Salesloft Drift data theft campaign also allowed unauthorized access to a small number of Google Workspace accounts.
• VerifTools Fake ID Marketplace Seized: US and Dutch authorities dismantled the VerifTools marketplace, which sold fraudulent identity documents enabling bypass of KYC checks and access to online accounts. Operators relaunched the service on a new domain shortly after the seizure.
• Iranian Ships Hacked: Communications of dozens of Iranian ships were disrupted in a targeted cyberattack.
• TamperedChef Infostealer Campaign: Threat actors distributed the TamperedChef infostealer via fraudulent PDF editor websites promoted through Google ads.
• Sogou Zhuyin Update Server Hijacked: An abandoned update server for the Sogou Zhuyin IME was hijacked and used to deliver multiple malware families in an espionage campaign targeting Taiwan.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• TransUnion Data Breach: TransUnion reported a data breach impacting 4.4 million individuals. The breach was linked to a third-party application used for US consumer support operations. No further details on the application were disclosed.
• Nevada Ransomware Attack: The state of Nevada confirmed a ransomware attack that resulted in office closures, service disruptions, and data theft. Nevada is working with CISA and law enforcement to restore affected systems.
• Google Workspace Accounts Compromised: Google confirmed that the OAuth token compromise, previously associated with Salesforce data theft, also enabled attackers to access a limited number of Google Workspace accounts via the Salesloft Drift integration.
• VerifTools Marketplace Takedown: US and Dutch authorities dismantled the VerifTools marketplace, which sold fraudulent identity documents used to bypass KYC checks and facilitate online fraud. Operators relaunched the service on a new domain after the takedown.
• Sogou Zhuyin Update Server Hijack: An abandoned update server for the Sogou Zhuyin IME was hijacked and weaponised in a Taiwan-focused espionage campaign, delivering multiple malware families.
• Iranian Ships Hacked: Communications for dozens of Iranian ships were disrupted in a cyber operation, details of which were not attributed to any specific actor.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• TransUnion suffered a data breach impacting over 4.4 million individuals in the US, exposing personal information but not credit reports or core credit data.
• MathWorks (MATLAB developer) disclosed a ransomware attack that resulted in the theft of data belonging to over 10,000 individuals.
• Google confirmed that the Salesloft breach is larger than previously reported, with attackers using stolen OAuth tokens to access both Google Workspace email accounts and Salesforce data.
• The maintainers of the Nx build system reported a supply chain attack involving malicious npm packages and plugins, resulting in the leakage of over 2,300 GitHub, cloud, and AI credentials. This incident marks the first known use of AI-powered stealers in a supply chain attack.
• Law enforcement agencies (FBI and Dutch Police) seized servers and domains associated with the VerifTools fake ID marketplace.
• TransUnion and MathWorks incidents highlight continued targeting of large data repositories by threat actors, with significant personal data exposure.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• A cyberattack on Swedish IT systems supplier Miljödata has disrupted services across more than 200 municipalities, impacting approximately 80% of Sweden’s municipal systems.
• Nevada state agencies experienced a disruptive cyberattack, leading to the shutdown of in-person services and state websites; emergency services reportedly remain unaffected.
• Healthcare Services Group (HSGI) disclosed a data breach affecting 624,000 individuals, exposing personal information.
• Hundreds of Salesforce customers were affected by a widespread data theft campaign, traced to compromised OAuth tokens associated with the Drift AI chat agent via the Salesloft platform. Attackers exported corporate data, including AWS and Snowflake keys.
• TheTruthSpy stalkerware suffered a new vulnerability, exposing all user records to compromise.
• 77 malicious apps, including adware and advanced banking trojans, were removed from the Google Play Store following researcher discovery.

Newly Discovered Vulnerabilities