Major Incidents and Breaches

• UK Legal Aid Agency Data Breach: The UK Legal Aid Agency confirmed a significant data breach, with hackers stealing a large volume of sensitive applicant data. The breach led to the shutdown of the affected online service, and warnings have been issued to lawyers and defendants.
• Arla Foods Cyberattack: Arla Foods experienced a cyberattack disrupting production operations and causing delays.
• RVTools Supply Chain Compromise: The official RVTools website was compromised, distributing a trojanized installer delivering Bumblebee malware to users. Both Robware.net and RVTools.com are offline pending remediation.
• Fake KeePass Distributions: Threat actors have been distributing trojanized KeePass password manager installers for at least eight months, leading to credential theft, Cobalt Strike beacon deployment, and subsequent ESXi ransomware attacks.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• TeleMessage, a messaging app marketed as a secure Signal alternative and reportedly used by at least one Trump administration official, suffered a breach earlier this month. An attacker exploited a basic misconfiguration to compromise the platform in under 20 minutes.

Newly Discovered Vulnerabilities

• The TeleMessage breach highlights the risk of security misconfigurations in enterprise communication platforms, particularly those marketed for secure or government use.

Notable Threat Actor Activity

Major Incidents or Breaches

• Coinbase will reimburse customers up to $400 million following a data breach. This incident highlights the significant financial impact of breaches affecting cryptocurrency platforms.

Notable Threat Actor Activity

• Twelve individuals have been indicted in relation to a $263 million cryptocurrency heist, underscoring ongoing organised cybercriminal activity targeting digital assets.

Newly Discovered Vulnerabilities & Tools

• A new tool, ‘Defendnot’, has emerged that can disable Microsoft Defender on Windows devices by registering a fake antivirus product. This technique allows attackers to bypass built-in endpoint protection, even if no legitimate AV is installed. The tactic may facilitate further malware deployment or persistence on compromised systems.

Trends, Tools, or Tactics of Interest

Major Incidents and Breaches

• Procolored Printer Malware Incident: Official drivers for Procolored printers were found to be distributing malware, including a remote access trojan and a cryptocurrency stealer, for at least six months.
• Australian Human Rights Commission Data Breach: An internal error resulted in the public exposure of sensitive documents, increasing the risk of follow-on cyberattacks.
• Coinbase Extortion: Coinbase was extorted following a cyberattack and is now offering a $20 million reward for information leading to the identification of the attackers, signalling a potentially new approach in incident response.
• Nomad Bridge Crypto Hack – Arrest: Israeli authorities arrested a suspect linked to the $190 million Nomad Bridge cryptocurrency hack from August 2022.
• US Crypto Theft Charges: Twelve additional individuals have been charged in the US for their alleged roles in a $230 million cryptocurrency theft and associated money laundering.
• Email-Based Attacks and Cyber Insurance: Business email compromise (BEC) and funds transfer fraud (FTF) accounted for 60% of cyber insurance claims in 2024, underscoring the continued prevalence and impact of email-based threats.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Coinbase Data Breach: Coinbase disclosed a breach affecting approximately 1% of its users. Cybercriminals bribed customer support agents to steal customer data, including government-issued IDs. Attackers attempted to extort $20 million, but the attempt failed.
• Nova Scotia Power Data Breach: Nova Scotia Power confirmed a cyberattack resulting in the theft of sensitive customer data.
• Steel Manufacturer Cyber Incident: Nucor, a major steelmaker, halted operations due to a cyber incident. Details on the nature and scope of the breach remain undisclosed.
• Breachforums Settlement: The former administrator of Breachforums agreed to pay nearly $700,000 to settle a civil lawsuit related to a healthcare data breach.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Coinbase Data Breach and Extortion Attempt

  • Coinbase disclosed a data breach affecting approximately 1% of its users after cybercriminals bribed customer support agents. Attackers accessed sensitive customer information, including government IDs, and attempted to extort $20 million. The extortion attempt failed, but the incident highlights ongoing risks to cryptocurrency platforms from both insider and external threats.

• Nova Scotia Power Data Breach

  • Nova Scotia Power confirmed a cyberattack resulting in the theft of sensitive customer data. The breach was discovered last month and underscores the persistent targeting of critical infrastructure and utility providers.

Newly Discovered Vulnerabilities

Major Incidents and Breaches

• Marks & Spencer confirmed customer data was stolen in a recent cyberattack. While no account passwords were compromised, customers are being required to reset passwords as a precaution.
• Dior disclosed a cybersecurity incident resulting in the exposure of customer information.
• Nucor Corporation, a major steel producer, experienced network disruptions due to a cyberattack, forcing parts of its systems offline for containment.
• The Australian Human Rights Commission suffered a data breach in which private documents were leaked online and indexed by search engines.
• Xinbi Guarantee, a Chinese-language Telegram marketplace, has been linked to $8.4 billion in illicit transactions, including crypto crime, romance scams, and North Korean money laundering.
• North Korean IT worker scams are being exposed at scale, with researchers publishing 1,000 email addresses and photos linked to infiltration of Western companies.
• Kosovo extradited the admin of BlackDB, an online cybercrime marketplace, to the US to face charges.

Newly Discovered Vulnerabilities and Exploits

Major Incidents or Breaches

• Output Messenger Zero-Day Exploited in Espionage

  • A Türkiye-backed threat actor exploited a zero-day vulnerability in Output Messenger, an Indian enterprise communication platform, to deploy Golang-based backdoors on Kurdish servers. The campaign, ongoing since April 2025, targeted Kurdish military operations in Iraq as part of a cyber espionage effort.

• Airline Confirms Cyberattack

  • An airline involved in deportation flights for the US government disclosed a cybersecurity incident to the SEC, confirming reports of a cyberattack.

• DoppelPaymer Ransomware Arrest

Major Incidents or Breaches

• The iClicker student engagement platform website was compromised in a ClickFix attack, deploying malware via fake CAPTCHA prompts. Both students and instructors were targeted, highlighting ongoing risks to educational technology platforms.

Notable Threat Actor Activity

• Threat actors are distributing the Noodlophile information stealer malware by leveraging fake AI-powered tools as lures. Over 62,000 users have been targeted via Facebook, illustrating continued abuse of AI branding and social media for malware campaigns.

Trends, Tools, or Tactics of Interest

Major Incidents or Breaches

• The US Immigration and Customs Enforcement (ICE) deportation airline hack has exposed sensitive information, including details of a man who was subsequently ‘disappeared’ to El Salvador. This highlights ongoing risks to sensitive government and personal data in the aviation and government sectors.
• A school software company is experiencing a renewed ransomware attack, indicating persistent targeting of the education sector by ransomware groups.

Newly Discovered Vulnerabilities

• Fake AI-powered video generation tools are being leveraged to distribute a new infostealer malware family called ‘Noodlophile.’ The malware is delivered under the guise of legitimate AI-generated media content, representing an emerging attack vector exploiting interest in AI tools.

Notable Threat Actor Activity