Major Incidents or Breaches

  • Victoria’s Secret has delayed its Q1 2025 earnings release due to ongoing corporate system restoration efforts following a security incident on 24 May.
  • A data breach at Coinbase has been attributed to bribed customer support representatives at TaskUs in India, leading to data theft from the crypto exchange.

Newly Discovered Vulnerabilities

  • Hewlett Packard Enterprise (HPE) released security patches for eight vulnerabilities in StoreOnce, including a critical remote authentication bypass flaw.
  • A critical 10-year-old vulnerability in Roundcube webmail software allows authenticated users to execute malicious code.
  • Google patched a new Chrome zero-day vulnerability currently being exploited in the wild; this is the third Chrome zero-day exploited this year.
  • Two newly disclosed vBulletin vulnerabilities (CVE-2025-48827, CVE-2025-48828) are easily exploitable and present risks to bulletin board deployments.
  • CISA has issued a warning regarding active exploitation of a recently patched ConnectWise ScreenConnect vulnerability that allows remote code execution.

Notable Threat Actor Activity

  • Scattered Spider has been linked to high-profile attacks on UK retailers Marks & Spencer and Co-op, using tactics such as vishing, adversary-in-the-middle (AiTM) phishing, and exploiting multi-factor authentication gaps to hijack cloud accounts. The group operates as an identity-first threat model rather than a single entity.
  • Threat actors are using fake DocuSign and Gitcode websites to distribute the NetSupport RAT via multi-stage PowerShell attacks.
  • The Acreed infostealer has overtaken LummaC2 as the dominant credential theft malware on the Russian Market, reflecting a shift in the threat landscape.
  • Malicious RubyGems packages impersonating Fastlane CI/CD plugins have been found redirecting Telegram API requests to attacker-controlled servers to steal data.

Trends, Tools, or Tactics of Interest

  • The Crocodilus Android banking trojan has expanded its targeting from Turkey to eight countries across Europe and South America, now incorporating tactics such as adding fake contacts to victims’ devices to spoof trusted callers.
  • A new unrestricted AI chatbot, Venice[.]ai, has emerged, capable of generating phishing messages and malware code to assist cybercriminal activity.
  • Kaspersky research highlights the challenge of determining attack origins in environments lacking container visibility, emphasizing the importance of distinguishing between host-based and container-based threats.
  • Mozilla has introduced a new system to detect and block Firefox add-ons that function as cryptocurrency drainers.
  • LayerX has launched ExtensionPedia, and TXOne Networks introduced intelligent vulnerability mitigation capabilities, both reflecting ongoing innovation in endpoint and OT security.

Regulatory or Policy Developments Affecting the Security Industry

  • Google Chrome will distrust digital certificates issued by Chunghwa Telecom and Netlock due to compliance and conduct issues, effective from August.
  • Microsoft and CrowdStrike have launched a shared threat actor glossary to align their threat actor taxonomies and reduce attribution confusion.