Major Incidents or Breaches

  • Cartier disclosed a data breach after its systems were compromised, exposing customers’ personal information.
  • The North Face warned customers of a credential stuffing attack in April that resulted in theft of personal information from its website.
  • SentinelOne experienced a seven-hour outage due to a software flaw.
  • A significant phishing campaign is targeting users in France, using leaked personal data to craft convincing emails.
  • The “Russian Market” cybercrime marketplace has become a major platform for trading credentials stolen by information stealer malware.

Newly Discovered Vulnerabilities

  • Google released an emergency out-of-band patch for Chrome to address three security issues, including a high-severity zero-day vulnerability under active exploitation.
  • Qualcomm issued security updates for three zero-day vulnerabilities in its Adreno GPU driver, which have been exploited in targeted attacks.
  • Three vulnerabilities in preinstalled Android apps on Ulefone and Krüger&Matz smartphones could allow any installed app to reset devices or steal PINs.
  • New details have emerged about a critical Cisco IOS XE vulnerability, increasing the risk of exploitation by attackers.
  • Unpatched vulnerabilities in Consilium Safety’s CS5000 Fire Panel could allow takeover of the OT/ICS platform, creating serious safety risks.

Notable Threat Actor Activity

  • Researchers identified a cryptojacking campaign targeting publicly accessible DevOps web servers (including Docker, Gitea, and HashiCorp Consul), using off-the-shelf tools from GitHub.
  • An anonymous whistleblower leaked substantial data connected to the alleged operator behind Trickbot and Conti ransomware operations.
  • Ongoing APT intrusions, AI-powered malware, and zero-click exploits were highlighted in recent threat activity recaps.

Trends, Tools, or Tactics of Interest

  • Threat actors are increasingly leveraging leaked personal data to enhance the effectiveness of phishing campaigns.
  • Living-off-the-land techniques and the use of easily accessible tools continue to feature in sophisticated cyber attacks.
  • The value of all data types is being emphasised in the context of data breaches, not just financial or credential data.
  • There is a notable trend towards credential theft and resale, as evidenced by the rise of platforms like Russian Market.
  • Organizations are being encouraged to move from perimeter-based security to data-centric protection strategies.

Regulatory or Policy Developments Affecting the Security Industry

  • Google Chrome will distrust root CA certificates from Chunghwa Telecom and Netlock in August 2025 due to compliance failures.
  • Australia has introduced new ransomware payment disclosure rules, requiring certain organizations to report ransomware payments and related communications within 72 hours or face civil penalties.
  • Microsoft and CrowdStrike have partnered to align hacking group aliases, improving clarity while not standardizing nomenclature.
  • The Emergency Management and Response – Information Sharing and Analysis Center (EMR-ISAC) has shut down, impacting information sharing for the emergency services sector.