Major Incidents or Breaches

• Norwegian intelligence has attributed a cyber attack on a dam to Kremlin-linked threat actors.
• ICE agents inadvertently added an unauthorised individual to a sensitive group chat, potentially exposing confidential information.

Newly Discovered Vulnerabilities

• A security researcher has released a partial proof-of-concept exploit for a vulnerability in FortiWeb web application firewalls that allows remote authentication bypass. The researcher intends to release a full exploit, increasing the risk of exploitation in the near term.

Notable Threat Actor Activity

Major Incidents or Breaches

• Colt Technology Services, a UK-based telecommunications provider, experienced a cyberattack attributed to the WarLock ransomware group. The incident resulted in a multi-day outage affecting hosting and porting services, with stolen data now being offered for sale.
• Italian hotels suffered a breach in which tens of thousands of scanned guest IDs were stolen and subsequently listed for sale on underground forums, according to CERT-AGID.
• Web infrastructure entities in Taiwan were compromised by the Chinese-speaking APT group UAT-7237. The attackers used customized open-source tools to establish persistent access.
• National Public Data, a service previously involved in a significant Social Security Number leak, has resumed operations under new ownership, raising concerns about the continued exposure and handling of leaked personal data.
• The Canadian House of Commons was reportedly hacked, and the Pennsylvania Attorney General was targeted in a cyberattack. Russia was identified as being behind a separate attack on a court system.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• The House of Commons of Canada is investigating a data breach after a cyberattack resulted in the theft of employee information.
• Pro-Russian hackers have been blamed for taking control of critical operation systems at a Norwegian water dam and opening outflow valves, according to the Norwegian Police Security Service.
• Over $300 million in cryptocurrency linked to cybercrime and fraud schemes has been seized through two joint law enforcement and private sector operations.
• The US Courts records system suffered a breach, with details about the exposure and responsible party still unclear.
• Cybercriminals are auctioning live police and government email credentials on the dark web, offering access to sensitive systems and confidential intelligence.
• Four individuals from Ghana have been charged with stealing over $100 million via romance scams and business email compromise (BEC) schemes.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• The Office of the Pennsylvania Attorney General experienced a cyberattack that disrupted email, phone systems, and their website.
• Manpower disclosed a data breach affecting 140,000 individuals after the RansomHub ransomware group stole sensitive information in January.
• US investigators confirmed that Russian hackers breached the US court electronic filing system, accessing court records and sealed filings.
• Norwegian police attributed suspected sabotage at a dam to pro-Russian hackers, who accessed and manipulated a remote valve control system.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Hackers leaked data stolen from Allianz Life in ongoing Salesforce data theft campaigns, exposing 2.8 million records containing sensitive information on business partners and customers.
• Over 275 million patient records were breached in the healthcare sector in 2024, primarily due to weak or stolen passwords.
• Researchers identified Docker images on Docker Hub still containing the XZ Utils backdoor, more than a year after its public disclosure. At least 35 Linux images remain affected, posing ongoing supply chain risks.
• The U.S. Department of Justice seized approximately $1 million in cryptocurrency from the BlackSuit ransomware gang.
• Over 3,300 Citrix NetScaler devices remain unpatched against the actively exploited “CitrixBleed 2” vulnerability, leaving organisations at risk of authentication bypass attacks.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Connex Credit Union disclosed a data breach affecting 172,000 members, with attackers stealing personal and financial information after breaching its systems.
• The Netherlands’ National Cyber Security Centre (NCSC) reported exploitation of Citrix NetScaler vulnerability CVE-2025-6543 to breach critical organisations in the country.
• Air France experienced a data breach resulting in the leak of frequent flyer data (as per Check Point’s weekly threat bulletin).
• A major automaker’s dealership platform used by over 1,000 US dealerships was found to be vulnerable, allowing car hacking and personal data theft, including the ability for unauthorised remote vehicle unlocking.
• Two hackers reportedly breached North Korean state-sponsored group Kimsuky, stealing and leaking internal data.
• Law enforcement, in collaboration with international partners, took down infrastructure and seized over $1 million associated with the BlackSuit (Royal) ransomware group.
• Over 29,000 Microsoft Exchange servers remain unpatched against a high-severity vulnerability, leaving them exposed to lateral movement and cloud environment compromise.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Google patched a vulnerability that allowed malicious Google Calendar invites to hijack Gemini agents on target devices, enabling attackers to leak sensitive user data.
• Researchers reported that attackers are leveraging Google paid ads to promote fake Tesla websites, potentially leading to credential theft and other fraudulent activities.

Newly Discovered Vulnerabilities

• WinRAR maintainers released an update addressing an actively exploited zero-day vulnerability (CVE-2025-8088, CVSS 8.8).
• New attack techniques have been identified that exploit flaws in Windows domain controllers, allowing attackers to leverage public DCs via RPC and LDAP to create DDoS botnets.
• Researchers disclosed a now-patched Windows Remote Procedure Call (RPC) Endpoint Mapper (EPM) poisoning vulnerability that could be exploited to escalate privileges within a Windows domain.

Notable Threat Actor Activity

Major Incidents or Breaches

• Google confirmed a data breach involving one of its Salesforce CRM instances, exposing information related to potential Google Ads customers.
• The US federal court records system was compromised in a cyberattack, with details on the scope and impact emerging.
• Sixty malicious Ruby gems containing credential-stealing code were downloaded over 275,000 times since March 2023, targeting developer accounts.

Newly Discovered Vulnerabilities

• Vulnerabilities in select Linux-based Lenovo webcam models were disclosed, allowing remote attackers to exploit them as BadUSB devices for injecting keystrokes.
• Researchers identified security flaws in free Wi-Fi systems on buses, enabling remote hacking that could allow attackers to track, control, or spy on bus systems.

Notable Threat Actor Activity

Major Incidents or Breaches

• Columbia University suffered a significant data breach impacting nearly 870,000 individuals, including students, applicants, and employees. Stolen data includes personal, financial, and health information.
• French telecom provider Bouygues disclosed a breach affecting 6.4 million customers, with personal information compromised.
• Allianz Life reported a cybersecurity incident exposing personal information of hundreds of thousands of individuals.
• The U.S. Federal Judiciary confirmed a cyberattack on its electronic case management systems, impacting confidential court documents.
• Royal and BlackSuit ransomware operations breached over 450 U.S. companies before their infrastructure was dismantled, according to the U.S. Department of Homeland Security.
• FTC reported that Americans aged 60 and older lost a record $700 million to online scams in 2024, indicating a sharp increase in fraud targeting seniors.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Bouygues Telecom confirmed a data breach affecting 6.4 million customers, exposing personal information.
• Air France and KLM disclosed a breach via a third-party customer service platform, compromising customer names, email addresses, phone numbers, and other non-financial data.
• Chanel notified clients of a third-party breach impacting customer data, joining other luxury brands affected by similar incidents.
• Google, Adidas, and other organisations suffered breaches after employees were tricked via phone calls into granting access to Salesforce data, attributed to ShinyHunters.
• Mozilla’s Firefox add-on store was targeted by the “GreedyBear” campaign, which uploaded 150 malicious extensions that drained cryptocurrency wallets, stealing an estimated $1 million.
• TeaOnHer, a dating advice app, was found leaking user personal data.
• Recent ransomware attacks against SonicWall Gen 7 firewalls with SSL VPN enabled were linked to exploitation of an older, patched vulnerability, not a zero-day.

Newly Discovered Vulnerabilities