Major Incidents or Breaches

• The threat actor group Scattered Spider has been conducting a campaign targeting VMware ESXi hypervisors, focusing on organisations in the retail, airline, transportation, and insurance sectors in North America. The group has been observed deploying ransomware on critical infrastructure by compromising virtualized environments.

Newly Discovered Vulnerabilities

• Researchers have identified over a dozen security vulnerabilities in Tridium’s Niagara Framework. These flaws could allow an attacker present on the same network to compromise smart building and industrial systems globally.
• A critical vulnerability has been found in the Post SMTP email delivery WordPress plugin, which has approximately 400,000 installations. The flaw enables website takeover, and around half of the affected websites remain unpatched.

Notable Threat Actor Activity

Major Incidents or Breaches

• Allianz Life confirmed a data breach impacting the majority of its 1.4 million customers, exposing personal information.
• Steam platform was abused to distribute malware via a pre-release version of a game, leading to infostealer infections.
• Instagram users are being targeted in a novel phishing campaign using convincing emails to steal credentials.

Newly Discovered Vulnerabilities

• Over 200,000 WordPress sites are exposed to hijacking attacks due to a vulnerability in the Post SMTP plugin, allowing attackers to take control of administrator accounts.
• Mitel patched a critical authentication bypass vulnerability in its MiVoice MX-ONE enterprise communication platform, which could allow attackers to access user or admin accounts.
• LG Innotek LNV5110R security cameras are vulnerable to unauthenticated remote code execution; no patch is available.
• A Google Cloud Build vulnerability was disclosed, earning a $30,000 bug bounty.
• ToolShell bugs in Microsoft SharePoint are being actively exploited by cybercriminals and APT groups worldwide.

Notable Threat Actor Activity

Major Incidents or Breaches

• Ransomware attacks increased by 63% year-over-year in Q2 2025, with 276 publicly disclosed incidents reported.
• A hacker compromised Amazon’s Q Developer Extension for Visual Studio Code, injecting data-wiping commands into the AI-powered coding agent.
• Louis Vuitton experienced a data breach impacting customers in multiple countries.
• Steam’s game publishing platform was abused to distribute info-stealing malware via a pre-release version of a game.
• UK national Ollie Holman was sentenced to prison for selling over 1,000 phishing kits, causing losses exceeding $134 million.
• Instagram users are being targeted in a novel phishing campaign leveraging legitimate-looking emails to steal credentials.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Law enforcement has seized the dark web extortion sites of the BlackSuit ransomware operation, which has breached hundreds of organizations globally.
• Toptal’s GitHub organization account was compromised, with attackers publishing ten malicious npm packages to the npm registry.
• Security flaws in Airportr, a luggage service used by 10 airlines, exposed user data and allowed attackers to potentially redirect or steal luggage.
• A threat actor named EncryptHub compromised an early access Steam game to distribute info-stealing malware to users.
• CastleLoader malware has infected 469 devices by leveraging fake GitHub repositories and phishing techniques (ClickFix) to deliver info-stealers and remote access trojans.
• Multiple npm developer accounts were compromised in a phishing campaign, resulting in malware being injected into popular npm packages.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• The US National Nuclear Security Administration was breached via exploitation of a Microsoft SharePoint zero-day vulnerability chain. At least three Chinese nation-state cyber-espionage groups are implicated in targeting older, on-premises SharePoint instances after a flawed patch attempt.
• Clorox has filed a $380M lawsuit against Cognizant, alleging gross negligence after hackers successfully impersonated an employee and convinced the help desk to reset credentials, enabling a major August 2023 cyberattack.
• Ongoing phishing campaigns are mimicking the US Department of Education’s G5 grant portal, exploiting recent layoffs and political turmoil to target users.
• The npm package ‘is’, with 2.8 million weekly downloads, was compromised in a supply chain attack, injecting backdoor malware that gave attackers full device access.
• npm accidentally removed the Stylus package, breaking builds and pipelines globally that depend on the library.
• Ukraine arrested the suspected administrator of the Russian-language cybercrime forum XSS.is at the request of French authorities.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• AMEOS Group, a large Central European healthcare network, disclosed a security breach potentially exposing customer, employee, and partner information.
• Dior confirmed a cyberattack from January 2025 that resulted in the theft of personal information. Payment information was not compromised.
• Dell reported a breach of its Customer Solution Center demo environment by the World Leaks group. The company stated the leaked data was synthetic and not from real customers or partners.
• A tech startup was found to be selling personal data stolen by infostealer malware and sourced from the dark web.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Dell confirmed that the “World Leaks” extortion group breached one of its product demonstration/test lab platforms. The group is attempting to extort Dell for ransom.
• Dior has begun notifying U.S. customers of a May cybersecurity incident that compromised their personal information.
• Cierant Corporation and law firm Zumpano Patricios disclosed separate data breaches, each affecting over 200,000 individuals.
• The Alcohol & Drug Testing Service (TADTS) reported a ransomware attack in July 2024 that exposed personal information of 750,000 people.
• Over 1,000 CrushFTP servers are currently exposed online and vulnerable to hijack attacks exploiting a critical security bug that provides admin access via HTTPS.
• Louis Vuitton suffered a cyberattack, as reported in recent threat intelligence bulletins.
• Ring users reported a surge in unauthorized device logins on May 28. Ring (Amazon) attributed the incident to a backend update bug and denied an external breach.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Over 75 company servers have been breached via active, large-scale exploitation of a critical Microsoft SharePoint zero-day vulnerability (CVE-2025-53770, CVSS 9.8). At least 85 organisations are confirmed affected, with exploitation ongoing since at least July 18th.
• Over 3,500 websites have been compromised to host stealth JavaScript-based cryptocurrency miners using advanced obfuscation and WebSocket communication to evade detection.
• Five npm packages were injected with malware following a phishing campaign that resulted in the theft of maintainer tokens, constituting a significant software supply chain attack.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Salt Typhoon, a Chinese state-linked threat actor, maintained unauthorised access to US National Guard systems for nearly a year, according to new reporting.
• A study has found that at least 750 US hospitals experienced disruptions during last year’s CrowdStrike outage, with over 200 hospitals suffering outages that affected patient care.

Newly Discovered Vulnerabilities

• A 20-year-old vulnerability in train braking systems has been publicly disclosed, making these systems susceptible to remote attacks.

Notable Threat Actor Activity

Major Incidents or Breaches

• WineLab, the largest alcohol retailer in Russia, has closed stores following a ransomware attack that disrupted operations and customer purchases.
• Radiology Associates of Richmond disclosed a data breach impacting 1.4 million individuals’ protected health and personal information.
• Anne Arundel Dermatology reported a data breach affecting 1.9 million people, with hackers having access to systems for three months and potentially exfiltrating personal and health information.
• Thousands of spoofed news sites (over 17,000) are being used to push investment fraud scams, per CTM360.
• Arch Linux removed three malicious AUR packages that installed the CHAOS RAT on Linux devices.
• A powerful US law firm was reportedly hacked by Chinese threat actors.
• CitrixBleed 2 vulnerability in NetScaler has led to compromises at 100 organizations, with thousands of instances still vulnerable even after patching.
• Veeam users have been targeted by a phishing campaign using voicemail-themed emails with malicious .wav file attachments.
• Meta executives settled an $8 billion shareholder lawsuit over alleged disregard for privacy regulations.

Newly Discovered Vulnerabilities