Major Incidents and Breaches

  • Ahold Delhaize Data Breach: Food retail giant Ahold Delhaize confirmed data theft from its U.S. business systems during a November 2024 cyberattack, attributed to the INC ransomware group. The breach impacted operations at several of its 2,000 U.S. stores.
  • Legends International Breach: Entertainment venue management firm Legends International disclosed a data breach from November 2024 affecting both employees and venue visitors.
  • Airport Retailer Ransomware Settlement: An airport retailer agreed to a $6.9 million settlement after a ransomware attack exfiltrated personal data (including names and Social Security numbers) of approximately 76,000 current and former employees.
  • Surge in SMS Phishing Scams: CTM360 reported a global spike in SMS-based reward and toll scams, notably PointyPhish and TollShark, operating via the Darcula Phishing-as-a-Service (PhaaS) platform. Over 5,000 domains are implicated in payment information theft.
  • Real Cash Scam in the U.S.: A widespread scam is tricking individuals into withdrawing and transferring large sums of cash to fraudsters, resulting in significant financial losses.

Newly Discovered Vulnerabilities

  • CVE-2025-32433 (Erlang/OTP SSH): A critical pre-auth remote code execution vulnerability in Erlang/OTP SSH was disclosed. The flaw is easily exploitable and requires immediate patching.
  • CVE-2025-24054 (Microsoft Windows): Actively exploited vulnerability allows NTLM credential theft via file downloads (notably .library-ms files). The flaw is being leveraged in phishing campaigns targeting government and private sector entities.
  • Chrome Extensions with Hidden Tracking: 57 Chrome extensions (6 million installs) were found to contain hidden tracking code, with capabilities to monitor browsing, access cookies, and potentially execute remote code.

Notable Threat Actor Activity

  • Mustang Panda: The China-linked Mustang Panda group targeted a Myanmar organization using new tooling, including StarProxy, EDR bypass techniques, and updated TONESHELL malware, demonstrating ongoing innovation.
  • XorDDoS Malware Expansion: Researchers identified a new XorDDoS controller and expanded infrastructure. The malware now targets Docker, Linux, and IoT environments, with 71% of attacks observed between Nov 2023–Feb 2024.
  • State-Sponsored ClickFix Campaigns: State-backed actors from Iran, North Korea, and Russia are actively using the ClickFix social engineering technique in targeted malware campaigns over the past three months.
  • Android Pre-Downloaded Malware: Threat actors are pre-installing malware on Android devices to steal cryptocurrency by covertly swapping wallet addresses.

Trends, Tools, and Tactics

  • Abuse of Legitimate Platforms: There is a continued increase in the abuse of legitimate domains (e.g., Google Drive, QuickBooks, Microsoft) for phishing attacks, with predictions that this trend will escalate in 2025.
  • AI in SaaS and Data Exposure: Employees are increasingly using AI-enabled tools (e.g., ChatGPT, SaaS integrations), inadvertently risking sensitive data exposure.
  • Security Awareness as a Top Challenge: A CyberEdge Group survey found that lack of security awareness among employees remains the primary obstacle to effective cyber defense.
  • Phishing-as-a-Service (PhaaS): Platforms like Darcula are enabling large-scale, sophisticated SMS phishing operations globally.

Regulatory and Policy Developments

  • CVE Program Funding Uncertainty: CISA extended MITRE’s CVE program contract by 11 months after initial cuts threatened continuity. The program’s long-term future remains uncertain, raising sector-wide concerns.
  • Cybersecurity Information Sharing Act Renewal: U.S. senators proposed a 10-year extension of the Cybersecurity Information Sharing Act of 2015 to facilitate continued information sharing between businesses and federal agencies.
  • Microsoft Office 2016/2019 End-of-Support: Microsoft reminded customers that Office 2016 and 2019 will reach end of extended support on October 14, 2025, impacting security update availability.
  • Discord Facing Legal and Regulatory Scrutiny: New Jersey filed suit against Discord for alleged failures in protecting children online. Discord is also piloting age verification via facial scans to enhance age-gating.
  • Leadership Change at SentinelOne: Chris Krebs resigned from SentinelOne after his security clearance was revoked by the Trump administration, reflecting ongoing political tensions impacting cybersecurity leadership.

AI Security

  • PromptArmor Platform Launch: PromptArmor, a new AI security startup, launched to help organizations assess and monitor third-party AI risks, following notable AI-related vulnerability discoveries.

Other Notable Developments

  • Security Usability Concerns: Reports highlight that complex security tools lead users to seek workarounds, undermining cyber defense efforts.