Major Incidents or Breaches

• F5 disclosed a significant breach attributed to nation-state actors, resulting in the theft of BIG-IP source code, undisclosed security vulnerabilities, and some customer information. The attack profile suggests Chinese involvement. Patches for stolen vulnerabilities have been released, and CISA has issued an emergency directive regarding F5 devices.
• Capita has been fined £14 million by the UK Information Commissioner’s Office for a 2023 data breach that exposed personal data of 6.6 million people.
• Harvard University suffered a breach via an Oracle zero-day exploit, with the Clop ransomware group claiming responsibility as part of a broader campaign targeting Oracle customers.
• Spanish retailer MANGO disclosed a data breach affecting customer information, resulting from a compromise at a marketing vendor.
• A 19-year-old individual was sentenced to four years in prison for orchestrating a major cyberattack on PowerSchool in December 2024.
• Over 100 Visual Studio Code (VS Code) extensions were found to have leaked access tokens, creating supply chain risks by allowing attackers to update extensions maliciously.
• Discord named customer service firm 5CA as the third-party responsible for a data breach; 5CA denies involvement.
• Scientists reported ongoing leakage of unencrypted voice calls and text messages from geostationary satellites, exposing sensitive personal and business data.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• The U.S. Department of Justice, with UK cooperation, seized $15 billion in bitcoin from the leader of the Prince Group, a criminal syndicate responsible for large-scale “pig butchering” cryptocurrency investment fraud targeting US victims.
• Harvard University was confirmed as a victim of the Oracle E-Business Suite zero-day vulnerability (CVE-2025-61884), with over 1TB of data allegedly stolen and leaked by the Cl0p ransomware group.
• Chinese APT threat actors, attributed as “Flax Typhoon,” compromised an ArcGIS geo-mapping server, maintaining undetected persistence for over a year by modifying the software into a stealth backdoor.
• Malicious crypto-stealing Visual Studio Code extensions, attributed to the “TigerJack” group, resurfaced on the OpenVSX registry and the Microsoft VSCode marketplace, targeting developers to exfiltrate cryptocurrency and sensitive data.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• SimonMed Imaging disclosed a data breach impacting over 1.2 million individuals, attributed to the Medusa ransomware group, which claims to have exfiltrated 200GB of sensitive data.
• Harvard University is investigating a breach potentially linked to exploitation of an Oracle E-Business Suite zero-day vulnerability, with the Clop ransomware group listing the institution on its leak site.
• An extortion group has leaked millions of records allegedly obtained via Salesforce hacks, affecting organizations including Albertsons, Engie Resources, Fujifilm, GAP, Qantas, and Vietnam Airlines.
• Unity’s SpeedTree website suffered a supply chain attack, with malicious code skimming customer information from hundreds of users.
• A large-scale botnet is targeting Remote Desktop Protocol (RDP) services in the US, leveraging more than 100,000 IP addresses.
• Over 100 SonicWall SSL VPN accounts across more than a dozen entities were compromised in a widespread campaign using stolen credentials.
• Microsoft 365 experienced an outage impacting customer access to applications.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Oracle has issued a security alert for a newly discovered vulnerability in its E-Business Suite, which could allow attackers to access sensitive data without authentication.

Newly Discovered Vulnerabilities

• A security flaw affecting Oracle E-Business Suite has been identified, permitting unauthorized data access. Oracle has published a security alert regarding this issue.

Notable Threat Actor Activity

• Researchers have identified a new Rust-based malware dubbed “ChaosBot.” The malware leverages Discord channels for command and control, enabling threat actors to conduct reconnaissance and execute arbitrary commands on infected systems.
• A smishing campaign is targeting New York residents with fraudulent “Inflation Refund” text messages, impersonating the Department of Taxation and Finance to harvest personal information.

Trends, Tools, or Tactics of Interest

Major Incidents or Breaches

• SonicWall SSL VPN devices: Huntress reported a widespread compromise of SonicWall SSL VPN devices, with threat actors authenticating into over 100 customer environments to access internal systems.
• Gladinet CentreStack and TrioFox: Active exploitation of a zero-day vulnerability (CVE-2025-11371) in Gladinet CentreStack and TrioFox products has been observed, allowing unauthenticated local file access and potential escalation to remote code execution. The flaw remains unpatched.
• BreachForums Takedown: The FBI seized all domains of the BreachForums hacking forum operated by the ShinyHunters group, which was used for leaking data from ransomware and extortion attacks, including recent Salesforce-related incidents.
• AI Companion Apps Data Leak: Two AI “girlfriend” apps exposed millions of private chat logs belonging to over 400,000 users.
• Oracle EBS Zero-Day Attacks: Sophisticated malware was deployed in attacks exploiting a zero-day in Oracle E-Business Suite (EBS), affecting dozens of organizations since at least 10 July.
• Discord Age-Verification Data Exposure: A hack exposed sensitive age-verification data of Discord users.
• Manufacturing Sector Ransomware: Reports highlight continued ransomware attacks targeting the manufacturing industry, with attackers exploiting unpatched vulnerabilities.
• US Universities Payroll Attacks: US universities were targeted by attackers hijacking HR SaaS accounts to divert payroll payments, attributed to the Storm-2657 threat actor.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• The FBI has seized all domains associated with BreachForums, operated by the ShinyHunters group, which was used as a portal for leaking corporate data obtained through ransomware and extortion attacks, including recent Salesforce-related incidents. Despite the takedown, ShinyHunters continues to issue extortion threats against Salesforce victims.
• Two AI companion applications exposed millions of private chat records from over 400,000 users due to inadequate security controls.
• A critical zero-day vulnerability (CVE-2025-11371) in Gladinet CentreStack and TrioFox file sharing products is being actively exploited in the wild, allowing unauthenticated local attackers to access system files.
• Sophisticated malware has been deployed in Oracle E-Business Suite (EBS) zero-day attacks, with exploitation believed to have started as early as July 10 and affecting dozens of organizations.
• A large-scale DDoS attack was launched by the Aisuru botnet, leveraging compromised IoT devices hosted on major US ISPs.
• Microsoft has observed a threat actor, Storm-2657, hijacking HR SaaS accounts to divert employee salary payments to attacker-controlled accounts; US universities have been specifically targeted in these payroll diversion attacks.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• SonicWall Cloud Backup Breach: SonicWall confirmed that all customers using its cloud backup service had their firewall configuration backup files accessed by an unauthorized party. The files included encrypted credentials and other sensitive configuration data.
• Oracle E-Business Suite Exploitation: A zero-day vulnerability in Oracle’s E-Business Suite has been exploited since August 2025 by threat actors linked to the CL0P ransomware group, impacting dozens of organizations.
• Discord Data Breach: Discord disclosed that 70,000 users had government-issued IDs exposed in a recent data breach, with attackers claiming theft of over 2 million ID photos submitted for age verification.
• Law Firm Williams & Connolly Breach: Chinese threat actors exploited a zero-day vulnerability to breach the US law firm Williams & Connolly. The firm reports no evidence of client data theft.
• Microsoft Azure Outage: An outage affecting Azure Front Door CDN disrupted access to Microsoft 365 services and admin portals.
• University Payroll Hijacking: The cybercrime group Storm-2657 has been targeting US university HR employees since March 2025 in “payroll pirate” attacks, rerouting salary payments.
• Fake Android Apps and Banking Trojan: Malware campaigns using fake VPN and streaming apps (e.g., Mobdro Pro IP TV + VPN) are distributing the Klopatra Android trojan, which steals banking credentials.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Discord has confirmed a breach of its Zendesk support system, with threat actors claiming to have exfiltrated data on 5.5 million users, including government IDs and email addresses.
• The Qilin ransomware group has claimed responsibility for an attack on Asahi brewery, leaking 27GB of data comprising contracts, employee information, and financial documents.
• The Crimson Collective threat group has targeted AWS cloud environments for data theft and extortion, and is also reported to have breached the GitLab instance of Red Hat Consulting in collaboration with the Scattered Lapsus$ group.
• The UK Metropolitan Police arrested two individuals in connection with a ransomware attack on a chain of London nurseries, which resulted in the doxing of children online.
• Microsoft 365 services, including Teams and Exchange Online, experienced an outage, preventing user access.
• DraftKings has alerted users to a credential stuffing attack leading to unauthorised access to user accounts and exposure of personal information.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Salesforce has confirmed a widespread data theft attack affecting its customers, stating it will not pay ransom to the threat actors. The ShinyHunters group is linked to the exfiltration of over a billion records from Salesforce customers and has launched a data leak site to extort victims.
• Electronics distributor Avnet disclosed a data breach, noting that stolen data is unreadable without proprietary tools.
• BK Technologies, a public safety communications firm, reported an IT intrusion and subsequent data theft.
• CPAP Medical suffered a data breach exposing personal and health information of over 90,000 military patients, troops, veterans, and their families.
• Discord has warned users of a third-party breach resulting in the theft of names, emails, limited billing information, and some government-ID images.
• DraftKings notified customers of account breaches following a credential stuffing attack.
• North Korean hackers have reportedly stolen over $2 billion in cryptocurrency assets in 2025, the largest annual total recorded.
• Asahi brewery in Japan experienced a ransomware attack that disrupted domestic operations and led to a beer shortage.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Red Hat suffered a data breach, with the ShinyHunters extortion group leaking samples of stolen customer engagement reports (CERs) and threatening further exposure.
• Discord disclosed that user information, including names, usernames, email addresses, contact details, IP addresses, and billing information, was compromised via a third-party data breach.
• Doctors Imaging Group notified approximately 171,000 individuals of a cybersecurity incident that occurred nearly a year ago.
• Beer giant Asahi reported a ransomware attack resulting in data theft and disruption to operations at its Japanese subsidiaries, forcing a shift to manual order processing and shipment.
• Salesforce faced extortion attempts after data from dozens of customers was stolen; Salesforce stated these relate to past or unsubstantiated incidents, not new intrusions.

Newly Discovered Vulnerabilities