Major Incidents or Breaches

  • The Washington Post disclosed a cyberattack in which email accounts of several journalists, including those covering national security, economic policy, and China, were compromised. The attack is believed to have been conducted by a foreign government and involved breaches of Microsoft accounts.
  • Zoomcar Holdings reported a data breach impacting 8.4 million users, as disclosed in a filing with the U.S. Securities and Exchange Commission.
  • Law enforcement agencies from six countries seized the Archetyp Market darknet drug marketplace and arrested its administrator. Archetyp Market had been operating since May 2020.

Newly Discovered Vulnerabilities

  • A high-severity vulnerability in ASUS Armoury Crate software was disclosed, allowing local attackers to escalate privileges to SYSTEM level on Windows machines.
  • Microsoft acknowledged that June 2025 Windows Server security updates are causing DHCP service freezes on some systems.
  • Microsoft also published a workaround for a known issue causing classic Outlook to crash when opening or composing messages.

Notable Threat Actor Activity

  • Google and external threat intelligence researchers reported that the Scattered Spider threat group has shifted focus to targeting U.S. insurance companies, employing previously observed tactics.
  • The U.S. Department of Justice seized $7.74 million in cryptocurrency, NFTs, and other assets tied to North Korea’s global fake IT worker network, which is used to funnel illicit funds to the regime.
  • An emerging threat group, dubbed “Water Curse,” is targeting cybersecurity professionals by distributing weaponized GitHub repositories masquerading as legitimate penetration testing tools, facilitating supply chain attacks.
  • Malicious Python packages, notably the “Chimera” tool, have been identified on PyPI. Unlike traditional malware, Chimera targets data specific to corporate and cloud infrastructures to facilitate supply chain attacks.

Trends, Tools, or Tactics of Interest

  • Google’s Mandiant published research on increasingly sophisticated vishing (voice phishing) attacks, which are being used as initial access vectors in recent ransomware campaigns.
  • Google reported a rise in travel-themed scams, with attackers leveraging the summer holiday period to target consumers.
  • The Anubis ransomware-as-a-service kit has added data wiper functionality, enabling affiliates to both encrypt and permanently erase files, making recovery impossible even after ransom payment.
  • Researchers observed the use of steganography, specifically malicious payloads hidden within JPEG images, as a technique for evading detection.
  • Kali Linux 2025.2 was released, introducing 13 new tools and expanding its car hacking toolkit, enhancing capabilities for penetration testing and automotive security assessments.
  • The ongoing increase in third-party and supply chain risks was highlighted, with recommendations for continuous monitoring of partner vulnerabilities.

Regulatory or Policy Developments

  • The U.S. National Institute of Standards and Technology (NIST) released SP 1800-35, providing 19 real-world examples for implementing zero-trust architecture using commercial technologies.
  • Meta announced the introduction of advertising on WhatsApp, stating that the ads are designed with privacy considerations.