Major Incidents or Breaches

• Cryptocurrency exchange BigONE suffered a security breach resulting in the theft of digital assets valued at $27 million.
• An adoption agency leaked over 1.1 million records, including names and sensitive information of children, birth parents, and adoptive parents.
• Chinese state-sponsored group Salt Typhoon breached a U.S. Army National Guard network for nine months in 2024, exfiltrating network configuration files and credentials.
• Security researchers revealed that poor password practices at Paradox.ai led to the exposure of personal information belonging to millions of job applicants.
• A vulnerability in Meta AI (now fixed) could have allowed unauthorized access to private chatbot conversations.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• UK retailer Co-op confirmed the theft of personal data belonging to 6.5 million members following a major cyberattack in April, which also disrupted operations and caused food shortages.
• Louis Vuitton disclosed that customer data breaches in the UK, South Korea, and Turkey are linked to a single security incident, reportedly associated with the ShinyHunters group.
• United Natural Foods, Inc. (UNFI) projected up to $400 million in sales impact and $50–$60 million in net income loss due to a June cyberattack that disrupted operations, with insurance expected to cover most losses.
• Compumedics, a medical technology company, suffered a ransomware attack by the VanHelsing group, resulting in the theft of files affecting 318,000 individuals.
• An adoption agency left 1.1 million sensitive records of children and parents exposed on the open web due to a data misconfiguration.
• A former US Army colonel leaked national secrets via a foreign dating app after being targeted by a scammer.
• Amazon warned 200 million Prime customers about an ongoing phishing campaign targeting their login credentials.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Century Support Services, a Pennsylvania-based debt settlement firm, disclosed a data breach impacting 160,000 individuals after its systems were compromised in November 2024.
• US department store chain Belk was targeted by the DragonForce ransomware group, which claims to have stolen over 150GB of data during a May 2025 attack.
• Abacus Market, a major Western darknet drug marketplace, has gone offline in a suspected exit scam, shutting down its public infrastructure.
• McDonald’s hiring platform inadvertently exposed data of approximately 64 million job applicants due to the use of default credentials.
• Several companies in Italy’s Lombardy region suffered business disruption after a Romanian ransomware group known as ‘Diskstation’ attacked NAS devices. The group was dismantled by international law enforcement.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Louis Vuitton has notified customers in the UK, South Korea, Turkey, and possibly other countries of a data breach affecting their personal information.
• McDonald’s has suffered a data breach resulting in the exposure of customer data.
• Two versions of the Gravity Forms WordPress plugin, distributed via the official download page, were compromised in a supply chain attack, with malware injected into the plugin.
• A malicious Visual Studio Code extension for the Cursor AI IDE led to the theft of $500,000 in cryptocurrency from a Russian crypto firm, after infecting devices with remote access tools and infostealers.
• India’s Central Bureau of Investigation (CBI) dismantled a transnational cybercrime syndicate responsible for a £390,000 UK tech support scam, arresting key operatives at a Noida call center.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Thirteen Romanian nationals were arrested in coordinated operations involving HMRC and Romanian police for conducting phishing attacks targeting the UK’s tax service (HMRC). The arrests took place in Ilfov, Giurgiu, and Calarasi counties and are linked to a large-scale campaign against UK taxpayers.

Newly Discovered Vulnerabilities

• A critical vulnerability was identified in Kigen’s eUICC (embedded Universal Integrated Circuit Card) eSIM technology, which is widely used in smartphones and IoT devices. The flaw allows attackers to exploit eSIM provisioning processes, potentially exposing billions of IoT devices to remote attacks.
• Google Gemini for Workspace contains a flaw that allows attackers to manipulate AI-generated email summaries, embedding malicious instructions or phishing warnings that can redirect users to phishing websites without the need for malicious attachments or links.

Notable Threat Actor Activity

Major Incidents or Breaches

• Over 600 Laravel applications have been exposed to remote code execution (RCE) due to leaked APP_KEYs found on GitHub, enabling attackers to compromise affected deployments.
• Hackers are actively exploiting a critical RCE vulnerability in Wing FTP Server, following the public release of technical details about the flaw.
• Four individuals have been arrested in connection with the Scattered Spider hacking group, which has been implicated in a series of high-profile attacks.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• A vulnerability in McHire, McDonald’s chatbot job application platform, exposed chat histories and personal data of over 64 million job applicants in the United States due to weak authentication (“123456” password) and insecure API design.
• The developer account for the WordPress Gravity Forms plugin was compromised, leading to backdoored plugin installers being distributed via the official website in a supply-chain attack.
• A critical vulnerability (CVE-2025-47812) in Wing FTP Server is being actively exploited in the wild, allowing attackers to execute arbitrary commands with root or system privileges.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Four individuals were arrested in the UK for cyberattacks targeting major retailers Marks & Spencer, Co-op, and Harrods. The suspects are believed to be connected to the Scattered Spider group, which has also targeted airlines and other sectors.
• Qantas confirmed a data breach affecting 5.7 million customers. Exposed information includes names, addresses, email addresses, phone numbers, and other personal data.
• Nippon Steel’s NS Solutions subsidiary suffered a breach exposing customer and employee data. There is currently no evidence of the data being leaked on dark web sites.
• Ingram Micro experienced a ransomware attack that disrupted online ordering for customers. The company has since restored operations.
• McDonald’s suffered a data exposure incident involving its AI-powered job application bot, which allowed access to applicant data using a weak default password.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Qantas confirmed a data breach affecting 5.7 million customers, with threat actors exfiltrating customer data.
• Bitcoin Depot reported a data breach impacting nearly 27,000 cryptocurrency users, exposing sensitive customer information.
• Ingram Micro is restoring operations after a ransomware attack by the SafePay group, which disrupted systems and business services.
• McDonald’s AI hiring platform, operated by Paradox.ai, exposed the personal information of tens of millions of job applicants due to basic security flaws, including the use of the password ‘123456’.
• Nippon Steel Solutions disclosed a data breach following exploitation of a zero-day vulnerability in network equipment.
• Nova Scotia Power, a Canadian electric utility, reported disruption of power meters and a data breach affecting individuals in both Canada and the United States.
• Researchers identified millions of users being spied on via malicious browser extensions available in the Chrome and Edge web stores.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• M&S confirmed a significant ransomware attack by DragonForce, initiated via a sophisticated social engineering/impersonation attack.
• Qantas experienced a data breach resulting in an extortion demand after customer data was stolen from a contact centre.
• South Korean telecommunications provider SK Telecom suffered a breach exposing 27 million records; the government imposed a monetary penalty and new regulatory requirements.
• Over 17,000 fake news websites were uncovered globally as part of a large-scale investment fraud campaign (“BaitTrap”).
• More than 1.7 million installations of malicious Chrome extensions were identified, capable of tracking users, stealing browser activity, and redirecting to unsafe sites.
• The Anatsa Android banking trojan was distributed via a fake PDF viewer app on Google Play, impacting over 90,000 users, primarily targeting US banks.
• Russian organisations were targeted by a new Windows spyware dubbed Batavia, used in ongoing espionage campaigns.
• A supply chain attack compromised the Ethcode Visual Studio Code extension, exposing over 6,000 developers to malicious pull requests.
• The RondoDox botnet exploited vulnerabilities in TBK DVRs and Four-Faith routers to conscript devices for DDoS attacks.

Newly Discovered Vulnerabilities