Major Incidents or Breaches

• Scania, a major automotive manufacturer, confirmed a cybersecurity incident involving the compromise of insurance claim documents through stolen credentials. The breach was linked to an extortion attempt.
• Cock.li, an email hosting provider, disclosed a data breach impacting over one million user records. Attackers exploited vulnerabilities in the now-retired Roundcube webmail platform to access the data.
• Indian car-sharing firm Zoomcar reported a breach affecting more than 8 million users. Exposed data included names, phone numbers, car registration numbers, addresses, and emails.
• 23andMe was fined £2.31 million by the UK ICO for a data breach exposing genetic data, attributed to serious security failings.
• WestJet Airlines warned customers and employees to be cautious with personal information following a cyber incident affecting its app and website, though core operations continued.
• Paddle.com and its U.S. subsidiary settled with the U.S. FTC for $5 million over allegations of facilitating tech-support scams that harmed consumers.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• The Washington Post disclosed a cyberattack in which email accounts of several journalists, including those covering national security, economic policy, and China, were compromised. The attack is believed to have been conducted by a foreign government and involved breaches of Microsoft accounts.
• Zoomcar Holdings reported a data breach impacting 8.4 million users, as disclosed in a filing with the U.S. Securities and Exchange Commission.
• Law enforcement agencies from six countries seized the Archetyp Market darknet drug marketplace and arrested its administrator. Archetyp Market had been operating since May 2020.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• A malicious package was discovered on the Python Package Index (PyPI), masquerading as the legitimate Chimera module. The package is designed to steal sensitive developer-related information, including AWS credentials, CI/CD secrets, and macOS data.

Newly Discovered Vulnerabilities

• Over 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability. This vulnerability allows for the execution of a malicious plugin and could result in account takeover.
• Microsoft acknowledged that the June 2025 Windows Server security updates are causing DHCP services to freeze on some systems, potentially impacting network operations.

Notable Threat Actor Activity

Major Incidents or Breaches

• WestJet, Canada’s second-largest airline, is investigating a cyberattack that has disrupted access to some internal systems. The company is responding to the breach and assessing the impact on its operations.

• Spyware was discovered on the phones of two Italian journalists. Details on the specific spyware and attribution are not disclosed.

• Ukraine claims to have hacked a Russian aircraft manufacturer. No further technical details were provided.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Victoria’s Secret restored all critical systems following a security incident on 24 May that led to the shutdown of corporate and e-commerce systems.
• Google experienced a major Cloud outage due to an API management issue, disrupting Google services and other online platforms. Cloudflare also suffered a significant outage but confirmed it was not security-related and no data was compromised.
• Microsoft is investigating an ongoing incident affecting authentication for Microsoft 365 users, resulting in user errors with authentication features.
• Microsoft is investigating Secure Boot errors caused by the KB5060533 update, which prevents Surface Hub v1 devices from starting up.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Forensic investigations confirmed that Paragon’s Graphite spyware was used in zero-click attacks targeting Apple iOS devices of at least two journalists in Europe.
• Google Cloud and Cloudflare experienced widespread service outages impacting access to multiple sites and services across various regions.
• Over 80,000 Microsoft Entra ID accounts at hundreds of organizations were targeted in password-spraying attacks using the TeamFiltration pentesting framework.
• A ransomware campaign using the Fog ransomware strain leveraged an unusual mix of legitimate and open-source tools, including the Syteca employee monitoring software, to carry out attacks.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Erie Insurance and Erie Indemnity Company confirmed a cyberattack that caused recent business disruptions and platform outages.
• INTERPOL’s Operation Secure dismantled over 20,000 malicious IP addresses or domains linked to 69 infostealer malware variants, resulting in 32 arrests, the seizure of 117 command-and-control servers, and disruption of infrastructure in 26 countries.
• Over 80,000 Microsoft Entra ID (formerly Azure AD) accounts were targeted in an account takeover campaign using the open-source TeamFiltration tool.
• Coordinated brute-force attacks involving 295 malicious IPs targeted Apache Tomcat Manager interfaces exposed online.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• The Texas Department of Transportation (TxDOT) suffered a data breach in which a threat actor downloaded 300,000 crash records from its database.
• United Natural Foods, Inc. (UNFI) experienced a cybersecurity incident, leading to proactive system shutdowns and operational disruption. The exact attack vector remains unknown.
• A widespread outage impacted Heroku, preventing developers from accessing the platform and disrupting web services for over six hours.
• OpenAI’s ChatGPT experienced a global outage, affecting user access across web, mobile, and desktop platforms.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Sensata Technologies confirmed a data breach following an April ransomware attack, with personal data of current and former employees compromised.
• United Natural Foods (UNFI), North America’s largest publicly traded grocery wholesaler, experienced a cyberattack that forced the shutdown of some systems.
• Data stolen from Ticketmaster during the 2024 Snowflake data theft attacks was briefly relisted for sale by the Arkana Security extortion group, but no new breach is indicated.
• SentinelOne disclosed new details about an attempted supply chain attack by Chinese hackers, targeting the company through an IT services and logistics provider.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• A supply chain attack targeting npm and PyPI ecosystems has been identified, affecting over a dozen packages associated with GlueStack. The attack delivers malware via a change to “lib/commonjs/index.js,” potentially impacting millions globally.
• Over 700 users across Latin America, primarily in Brazil, have been infected since early 2025 through a campaign distributing malicious Chromium-based browser extensions designed to steal user data.

Newly Discovered Vulnerabilities

• A command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices is being actively exploited by a new Mirai botnet variant, enabling attackers to hijack vulnerable devices.

Notable Threat Actor Activity