Major Incidents or Breaches

• Jaguar Land Rover has reportedly experienced a cyber incident resulting in significant financial impact, noted as setting an expensive new record. Details on the specific nature of the breach or attack are not provided.

Newly Discovered Vulnerabilities

• Researchers have identified a vulnerability in OpenAI’s Atlas browser omnibox, where prompts can be disguised as URLs and are accepted as valid input. This allows for prompt injection/jailbreaks, potentially enabling malicious actors to bypass intended security controls.
• Two low-impact vulnerabilities were disclosed to Meta in WhatsApp following a failed $1M exploit attempt at Pwn2Own. According to Meta, these vulnerabilities cannot be exploited for arbitrary code execution.

Notable Threat Actor Activity

Major Incidents or Breaches

• Toys ‘R’ Us Canada experienced a data breach resulting in customer information, including names, addresses, phone numbers, and email addresses, being leaked and published on the dark web.
• A major AWS outage occurred this week due to a significant DNS failure, impacting multiple websites and online services.
• A large-scale malicious network on YouTube has been identified, with over 3,000 videos used as malware delivery traps, leveraging trusted platforms for distribution.
• Multiple fraudulent domains and fake applications have targeted users of the newly launched Perplexity Comet browser.
• LastPass customers are being targeted by a phishing campaign involving fake death claims to illicitly access password vaults via legacy inheritance processes.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Toys “R” Us Canada has notified customers of a data breach involving leaked customer records previously stolen from its systems.
• Collin’s Aerospace suffered a cyberattack impacting check-in and passenger systems at several European airports in late September 2025, resulting in significant delays and flight cancellations.
• The Universe Browser, downloaded millions of times, has been identified as behaving like malware, with links to Asian cybercrime and illegal gambling networks.
• Jingle Thief, a cybercriminal group, has been observed exploiting cloud infrastructure in the retail and consumer services sectors to steal millions in gift cards.
• WIRED reported that hacked Deckmate 2 card shufflers enabled a mob-related poker scam that resulted in millions of dollars in losses.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Over 250 Magento and Adobe Commerce stores were compromised overnight through active exploitation of the critical “SessionReaper” vulnerability (CVE-2025-54236), with hundreds of attack attempts recorded.
• FinWise suffered a data breach attributed to insider threat activity, exposing sensitive data.
• Jewett-Cameron, a fencing and pet company, was hit by ransomware, with attackers exfiltrating sensitive information and threatening to release it unless a ransom is paid.
• More than 100 Chrome extensions were found to be abusing WhatsApp Web for bulk messaging, violating both Chrome and WhatsApp anti-spam policies.
• Ukraine war relief organizations and regional government entities were targeted in a spear-phishing campaign (“PhantomCaptcha”) delivering remote access malware via weaponized PDFs and fake Zoom meeting invitations.
• Home Depot customers were targeted by a phishing campaign using fake Halloween giveaways, leveraging tracking pixels and compromised websites.
• A fake Nethereum NuGet package using homoglyph attacks was discovered stealing cryptocurrency wallet keys via a supply chain attack.
• The North Korean Lazarus Group is conducting cyber-espionage campaigns targeting European drone manufacturing data.
• The Iranian MuddyWater APT group targeted over 100 global government and private organizations with the Phoenix backdoor, leveraging compromised mailboxes and phishing with macro-enabled documents.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• The PassiveNeuron cyber-espionage campaign has been reported targeting high-profile servers in government, industrial, and financial sectors across Asia, Africa, and Latin America. Attackers are deploying custom Neursite and NeuralExecutor APT implants alongside Cobalt Strike to maintain persistence and exfiltrate data.
• CISA has confirmed active exploitation of an Oracle E-Business Suite SSRF vulnerability (CVE-2025-61884) and has added it to its Known Exploited Vulnerabilities catalog.
• Over 73,000 WatchGuard Firebox devices are impacted by a critical flaw in the Fireware OS iked process, allowing unauthenticated remote code execution.
• Myanmar military authorities have shut down a major cybercrime centre, detaining over 2,000 individuals involved in global cyberscam operations.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• F5 disclosed a cyber attack, reportedly carried out by threat actors who maintained long-term, undetected access to internal systems.
• Retailer Muji suspended online sales after a ransomware attack on its delivery partner, Askul, caused a logistics outage.
• Envoy Air, an American Airlines subsidiary, confirmed a breach resulting in the theft of business information following an Oracle-related hack.
• A European telecommunications organization was breached using Snappybee malware and a Citrix vulnerability, attributed to the China-linked Salt Typhoon group.
• AWS suffered a significant outage, disrupting Amazon.com, Prime Video, Fortnite, Perplexity AI, Canva, and other major services for approximately two hours.
• A phishing campaign impersonating Home Depot used fake giveaways and tracking pixels to lure victims and compromise data.
• Over 75,000 WatchGuard Firebox security appliances remain exposed online and vulnerable to a critical remote code execution flaw (CVE-2025-9242).
• 131 malicious Chrome extensions, cloned from a WhatsApp Web automation tool, were used to hijack WhatsApp Web sessions and conduct large-scale spam campaigns, primarily targeting Brazilian users.
• A self-propagating malware named GlassWorm targeted the OpenVSX and Visual Studio Code extension registries, infecting an estimated 36,000 developer systems and acting as a criminal proxy network.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• China’s Ministry of State Security (MSS) has accused the US National Security Agency (NSA) of conducting a multi-stage cyberattack against the National Time Service Center (NTSC) in Beijing. The MSS claims the NSA used 42 different cyber tools and exploited vulnerabilities in the messaging services of a foreign mobile phone brand to steal sensitive information.
• Experian Netherlands has been fined €2.7 million ($3.2 million) for violations of the General Data Protection Regulation (GDPR) related to the mass collection of personal data.

Notable Threat Actor Activity

Major Incidents or Breaches

• Europol dismantled a cybercrime-as-a-service SIM farm network responsible for powering 49 million fake accounts globally. The operation enabled clients to conduct a range of criminal activities, including fraud and phishing, by automating account creation and abuse.

• Hackers published personal information (“doxed”) of officials from US agencies including ICE, DHS, DOJ, and FBI. The same incident exposed details of a secret FBI anti-ransomware task force.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Envoy Air, a subsidiary of American Airlines, confirmed a data compromise involving its Oracle E-Business Suite application. The Clop extortion gang has claimed responsibility.
• Sotheby’s disclosed a data breach involving theft of sensitive personal information, including Social Security Numbers.
• Prosper suffered a data breach impacting 17.6 million accounts, with exposed data including names, addresses, dates of birth, email addresses, Social Security numbers, government IDs, and other sensitive information.
• Cybercriminals exploited lax authentication in Zendesk’s customer service platform to execute email bombing attacks, flooding targeted inboxes with abusive messages from legitimate Zendesk accounts.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Sotheby’s disclosed a data breach in which threat actors accessed sensitive information, including financial details of individuals.
• Financial services company Prosper suffered a breach impacting over 17.6 million accounts, with personal information stolen.
• F5 confirmed a long-term breach of its systems, with attribution linked to Chinese threat actors. The attack exploited BIG-IP vulnerabilities, prompting patch releases and government alerts.
• Video call app Huddle01 exposed over 600,000 user logs due to a misconfigured Kafka broker.
• Fashion retailer Mango reported a data breach at a third-party marketing provider, exposing limited contact details.
• LastPass and other top password managers are being targeted by phishing campaigns aiming to exploit user trust in password vaults.

Newly Discovered Vulnerabilities