Major Incidents or Breaches

  • Output Messenger Zero-Day Exploited in Espionage

    • A Türkiye-backed threat actor exploited a zero-day vulnerability in Output Messenger, an Indian enterprise communication platform, to deploy Golang-based backdoors on Kurdish servers. The campaign, ongoing since April 2025, targeted Kurdish military operations in Iraq as part of a cyber espionage effort.

  • Airline Confirms Cyberattack

    • An airline involved in deportation flights for the US government disclosed a cybersecurity incident to the SEC, confirming reports of a cyberattack.

  • DoppelPaymer Ransomware Arrest

    • Moldovan authorities arrested a suspect linked to DoppelPaymer ransomware attacks against Dutch organisations in 2021.

  • Global Botnet Operation Disrupted

    • Four hackers were arrested for operating a global botnet that infected outdated wireless routers with Anyproxy and 5socks malware, allowing covert reconfiguration and use for malicious activities.

Newly Discovered Vulnerabilities

  • ASUS DriverHub Remote Code Execution Flaws

    • ASUS patched two critical vulnerabilities in its DriverHub utility. Exploitation could allow remote code execution via HTTP requests or maliciously crafted .ini files, enabling malicious sites to execute commands with administrative privileges.

  • Apple Patches 65 Vulnerabilities

    • Apple released updates across all operating systems, addressing 65 vulnerabilities, several of which affect multiple platforms.

  • Output Messenger Zero-Day

    • The Output Messenger vulnerability exploited by Turkish threat actors remains a notable zero-day. Details on the flaw are not yet public.

Notable Threat Actor Activity

  • Telegram Bots in Phishing Campaigns

    • KnowBe4 ThreatLabs identified a sophisticated phishing campaign using Telegram bots as the primary exfiltration channel for stolen credentials, demonstrating increased adoption of encrypted messaging platforms for data theft.

  • Fake AI Tools Distribute Noodlophile Malware

    • Threat actors are leveraging fake generative AI tools, promoted via Facebook lures, to distribute the Noodlophile information-stealing malware. Over 62,000 users have been targeted.

  • ClickFix Attacks Targeting Linux and Windows

    • New campaigns are using ClickFix attacks, with infection instructions crafted to compromise both Windows and Linux systems, indicating a trend towards cross-platform attack methodologies.

  • Russian and Turkish State-Linked Espionage

    • In addition to the Turkish espionage campaign, six Bulgarian operatives of a Russian spy ring were sentenced in the UK for conducting intelligence operations on behalf of Russian agencies.

Trends, Tools, or Tactics of Interest

  • Browser Extensions as a Security Risk

    • A new report indicates that over half of browser extensions used in enterprises have high-risk permissions, significantly increasing the attack surface for data exposure and credential theft.

  • Old Routers and IoT Devices Remain Vulnerable

    • Continued exploitation of outdated routers and IoT devices, often with default passwords or unpatched vulnerabilities, remains a significant threat vector. The FBI has issued renewed warnings about risks associated with unsupported hardware.

  • Credential Exposure Remains Persistent

    • Research from GitGuardian highlights that while detection of leaked credentials is improving, remediation remains slow, leaving organisations exposed for extended periods.

  • AI-Powered Scams and Deepfakes

    • There is a marked increase in AI-driven fraud, including deepfakes and social engineering scams, contributing to heightened online paranoia and challenging verification processes.

  • Agentic AI and Vulnerability Detection

    • Startups focusing on agentic AI for vulnerability detection are emerging, aiming to reduce the window for zero-day exploitation, but the same technology is expected to accelerate offensive cyber operations.

Regulatory or Policy Developments

  • Google Settles Texas Privacy Lawsuit

    • Google agreed to a $1.375 billion settlement with Texas over allegations of improper collection and use of biometric data, the largest state-level privacy settlement to date.

  • Florida Encryption Backdoor Bill Fails

    • Proposed legislation in Florida that would have mandated encryption backdoors failed to pass, preserving the use of strong encryption in the state.

  • 23andMe Data Breach Settlement

    • Victims of the 23andMe data breach are eligible to join a class-action suit, with potential compensation of up to $10,000 per claimant.

  • Singapore Consensus on Trustworthy AI

    • Over 100 AI scientists have released the Singapore Consensus, outlining a roadmap for developing secure, trustworthy, and reliable AI systems amidst growing concerns about generative AI transparency and security.

Other Noteworthy Developments

  • Windows 11 Upgrade Block Lifted
    • Microsoft removed a compatibility block that had prevented Safe Exam Browser users from installing the Windows 11 2024 Update following a fix for previously identified issues.