Major Incidents or Breaches

• Google has suffered a data breach as part of an ongoing campaign targeting Salesforce CRM data, attributed to the ShinyHunters extortion group. Several major companies have been impacted by this wave of attacks.
• DaVita has notified over 1 million individuals that their personal and health information was stolen in a ransomware attack.
• WhatsApp has taken down 6.8 million accounts linked to criminal scam centres, with Meta attributing the activity to a scam centre in Cambodia.
• A hacker, Chukwuemeka Victor Amachukwu, has been extradited from France to the US for spearphishing attacks on US tax preparers, resulting in the theft of $3.3 million from taxpayers.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Pandora, the Danish jewelry retailer, confirmed a data breach after customer information was stolen in connection with ongoing Salesforce data theft attacks. The company warned customers of potential phishing attempts using their stolen data.
• Cisco disclosed a data breach affecting Cisco.com user accounts after a voice phishing (vishing) attack targeted a company representative. Stolen data includes names, email addresses, and phone numbers.
• PBS suffered a data breach resulting in the exposure of corporate contact information for employees and affiliates, which was subsequently leaked on Discord servers.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Chanel has suffered a data breach as part of a broader wave of attacks targeting Salesforce data, joining other organisations affected by this campaign.
• Northwest Radiologists disclosed a data breach impacting 350,000 individuals, with personal information stolen in an incident dating back to January 2025.
• Russia’s largest airline, Aeroflot, was reportedly attacked, according to Check Point’s latest threat intelligence report.

Newly Discovered Vulnerabilities

• SonicWall is investigating a potential zero-day vulnerability in its SSL VPN devices after a surge in targeted attacks, notably by the Akira ransomware group.
• NVIDIA patched multiple critical vulnerabilities in its Triton Inference Server for Windows and Linux. These flaws could allow unauthenticated remote code execution, model theft, data leaks, and response manipulation on AI servers.
• A previously undocumented Linux backdoor, dubbed “Plague,” was discovered. The malware, implemented as a malicious PAM module, enables persistent SSH access, bypasses authentication, and removes traces of SSH sessions. It is reported to have evaded detection for over a year.
• Proton fixed a vulnerability in its Authenticator iOS app where TOTP secrets were logged in plaintext, potentially exposing multi-factor authentication codes.
• Several vulnerabilities were patched in the AI code editor Cursor, which previously allowed attackers to modify sensitive MCP files and execute arbitrary code without user approval.

Notable Threat Actor Activity

Major Incidents or Breaches

• Researchers have identified a new Android remote access trojan (RAT) named PlayPraetor, which has infected over 11,000 devices. The campaign primarily targets users in Portugal, Spain, France, and Morocco. Infection vectors include fake Google Play pages and malicious ads distributed via Meta platforms.

Notable Threat Actor Activity

• Telnet and SSH logs have shown renewed activity involving the legacy username “pop3user,” suggesting threat actors are targeting outdated or legacy authentication mechanisms, possibly exploiting systems still using old POP3 configurations.

Trends, Tools, or Tactics of Interest

Major Incidents or Breaches

• Telecommunications organizations in Southeast Asia have been targeted by the state-sponsored threat actor CL-STA-0969, which installed covert malware to enable remote control and espionage over a 10-month campaign. The activity is attributed to a persistent and sophisticated espionage operation targeting telecom infrastructure.

Newly Discovered Vulnerabilities

• Security researchers have identified a previously undocumented Linux backdoor named “Plague.” The malware is implemented as a malicious Pluggable Authentication Module (PAM), allowing silent credential theft and persistent access. Plague has evaded detection for approximately one year and poses a significant risk to affected Linux systems.

Notable Threat Actor Activity

Major Incidents or Breaches

• Akira ransomware has been observed exploiting SonicWall SSL VPN devices in a surge of attacks since late July 2025, reportedly targeting fully-patched devices and suggesting exploitation of a likely zero-day vulnerability.
• Pi-hole disclosed a data breach resulting from exploitation of a vulnerability in the GiveWP WordPress donation plugin, exposing donor names and email addresses.
• A malicious npm package, @kodane/patch-manager, generated using AI, was identified and removed after it was used to drain Solana cryptocurrency funds from over 1,500 victims.
• Microsoft is investigating whether the ToolShell exploit was leaked via the Microsoft Active Protections Program (MAPP).
• Russian state-sponsored APT group Secret Blizzard (Nobelium) conducted adversary-in-the-middle (AitM) attacks at the ISP level targeting foreign embassies in Moscow, leading to malware infections on diplomatic devices.
• An Apple ID phishing scam in Ohio led to an in-person theft of $27,000 from a victim.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• A Florida correctional institution inadvertently leaked the names, email addresses, and telephone numbers of all facility visitors to every inmate.
• North Korea-linked threat actor UNC4899 targeted two organizations to steal millions in cryptocurrency by luring employees via LinkedIn and Telegram, leveraging cloud account access and malware.
• Financially motivated threat actor UNC2891 breached ATM networks using a 4G-equipped Raspberry Pi device and attempted to deploy the CAKETAP rootkit for fraudulent activity.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• The ShinyHunters extortion group has been linked to data breaches at Qantas, Allianz Life, LVMH, and Adidas, using voice phishing attacks to steal data from Salesforce environments.
• SafePay ransomware group claims to have stolen 3.5TB of data from Ingram Micro and is threatening to leak the data.
• Telecom provider Orange suffered a cyberattack resulting in service disruptions for both corporate and individual customers.
• The UNC2891 (LightBasin) threat group attempted a physical intrusion by planting a 4G-equipped Raspberry Pi on a bank’s network during a failed ATM heist.
• The City of Saint Paul, Minnesota, called in the National Guard to respond to a cyberattack.
• The National Treasury of South Africa and several other organisations were compromised in mass exploits of on-premises Microsoft SharePoint servers.
• A U.S.-based chemicals company was breached via exploitation of a SAP NetWeaver vulnerability, leading to deployment of the Auto-Color backdoor.
• The Python Software Foundation warned that attackers are using a fake PyPI website to phish for developer credentials.
• Over 250 fake mobile apps targeting Koreans have been used to deploy spyware and conduct blackmail campaigns.
• Discord and other social platforms are being flooded with fraudulent online gaming and wagering sites, which lure users and steal funds.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• The City of Saint Paul, Minnesota, suffered a significant cyberattack, prompting the activation of the National Guard in response to disruptions.
• French telecommunications giant Orange disclosed a cyberattack after detecting a breached system on its network.
• Russian airline Aeroflot experienced a cyberattack resulting in the cancellation of over 60 flights and severe delays.
• Allianz Life reported a data breach impacting the majority of its 1.4 million US customers, exposing sensitive personal information.
• The Tea Dating Advice app suffered two security incidents, resulting in the leak of approximately 72,000 images and 59,000 additional images from posts, comments, and direct messages, including unauthorized access to private messages.
• A U.S.-based chemicals company was targeted by attackers exploiting a SAP NetWeaver vulnerability (CVE-2025-31324) to deploy the Linux Auto-Color malware.
• The FBI seized $2.4 million in Bitcoin from a member of the newly emerged Chaos ransomware operation, linked to cyberattacks and extortion payments in Texas.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Toptal suffered a breach of its GitHub organization account, which was used to publish 10 malicious npm packages. These packages were downloaded approximately 5,000 times, constituting a significant software supply chain attack.
• France’s state-owned defense firm Naval Group is investigating a cyberattack after 1TB of allegedly stolen data was leaked on a hacking forum.
• Allianz Life confirmed a data breach impacting the majority of its 1.4 million US customers, including compromised information of customers, financial professionals, and employees.
• NASCAR disclosed that personal information, including names and Social Security numbers, was stolen in an April 2025 ransomware attack.
• The Tea app breach expanded, with a second database leak exposing 1.1 million private user messages and data being circulated on hacking forums.
• Lovense’s connected sex toy app is vulnerable to a flaw that exposes user email addresses, putting users at risk of doxxing.
• Endgame Gear’s OP1w 4k v2 mouse configuration tool was infected with malware and distributed via the official website between June 26 and July 9, 2025.
• The US Energy Department, including its National Nuclear Security Administration, was listed among recent high-profile attacks according to threat intelligence bulletins.

Newly Discovered Vulnerabilities