Major Incidents or Breaches

  • The U.S. Department of Justice, in coordination with international law enforcement, seized four domains that provided crypting services to cybercriminals. These services enabled threat actors to obfuscate malware and evade detection by security tools.

Newly Discovered Vulnerabilities

  • Two information disclosure vulnerabilities have been identified in the core dump handlers apport and systemd-coredump, impacting Ubuntu, Red Hat Enterprise Linux, and Fedora. The flaws could allow attackers to extract password hashes from core dumps.
  • Exploit details have been published for a maximum-severity vulnerability (CVE-2025-20188) in Cisco IOS XE Wireless LAN Controller (WLC) software. The flaw allows arbitrary file upload, increasing the risk of exploitation.

Notable Threat Actor Activity

  • The dismantled crypting service domains were used by cybercrime syndicates to facilitate malware distribution and evasion, supporting a range of threat actor operations globally.

Trends, Tools, or Tactics of Interest

  • The public release of exploit details for the Cisco IOS XE vulnerability may accelerate weaponisation and exploitation in the wild.
  • Law enforcement continues to target cybercrime infrastructure, specifically services that enable malware obfuscation and distribution.