Major Incidents or Breaches

  • Scania, a major automotive manufacturer, confirmed a cybersecurity incident involving the compromise of insurance claim documents through stolen credentials. The breach was linked to an extortion attempt.
  • Cock.li, an email hosting provider, disclosed a data breach impacting over one million user records. Attackers exploited vulnerabilities in the now-retired Roundcube webmail platform to access the data.
  • Indian car-sharing firm Zoomcar reported a breach affecting more than 8 million users. Exposed data included names, phone numbers, car registration numbers, addresses, and emails.
  • 23andMe was fined £2.31 million by the UK ICO for a data breach exposing genetic data, attributed to serious security failings.
  • WestJet Airlines warned customers and employees to be cautious with personal information following a cyber incident affecting its app and website, though core operations continued.
  • Paddle.com and its U.S. subsidiary settled with the U.S. FTC for $5 million over allegations of facilitating tech-support scams that harmed consumers.

Newly Discovered Vulnerabilities

  • Veeam released patches for a critical remote code execution (RCE) vulnerability (CVE-2025-23121, CVSS 9.9) in its Backup & Replication software. The flaw could allow domain users to compromise backup servers.
  • Researchers disclosed a chain of three vulnerabilities in Sitecore Experience Platform (XP), including a hard-coded password (“b”), allowing unauthenticated RCE on enterprise deployments.
  • Google Chrome addressed a zero-day vulnerability (CVE-2025-2783) exploited by the threat actor “TaxOff” to deploy the Trinper backdoor. The flaw was actively exploited in March 2025.
  • A critical RCE vulnerability in LangChain’s LangSmith platform was patched after researchers demonstrated it could expose OpenAI API keys and user data via malicious agents.
  • A critical security flaw in Langflow, a Python-based AI workflow tool, is under active exploitation to deploy the Flodrix botnet, enabling DDoS attacks and potential system compromise.
  • TP-Link router vulnerability CVE-2023-33538 is under active exploitation. CISA added the flaw to its Known Exploited Vulnerabilities catalog and issued an immediate alert.

Notable Threat Actor Activity

  • The Silver Fox APT group is conducting a sophisticated phishing campaign targeting Taiwanese organizations, deploying Gh0stCringe and HoldingHands RAT malware for information theft and persistent access.
  • The Scattered Spider (UNC3944) cybercrime group is targeting IT support teams at major U.S. insurance firms, expanding from previous attacks on U.K. and U.S. retailers.
  • The “TaxOff” threat actor exploited a Chrome zero-day to deliver the Trinper backdoor.
  • Attackers are exploiting the Langflow AI server RCE flaw to distribute the Flodrix botnet, primarily for DDoS operations.
  • Instagram ads leveraging AI deepfakes are impersonating Canadian banks (BMO and EQ Bank) to conduct phishing and investment fraud campaigns.

Trends, Tools, or Tactics of Interest

  • Ransomware campaigns are increasingly targeting backup infrastructure as an initial attack vector, with attackers focusing on compromising backup solutions to maximize impact.
  • Forgotten or unmanaged Active Directory service accounts are highlighted as a persistent risk, often remaining active with elevated privileges and lacking oversight.
  • Use of hard-coded credentials in enterprise software (e.g., Sitecore XP) continues to pose significant RCE risks.
  • Phishing campaigns are leveraging AI-generated deepfakes to enhance credibility and effectiveness, as seen in the Instagram banking scams.
  • There is increased exploitation of vulnerabilities in AI and workflow automation platforms (LangSmith, Langflow), indicating attackers are targeting emerging tech stacks.
  • SMS-based two-factor authentication is identified as insecure, with risks highlighted from third-party interception of codes.

Regulatory or Policy Developments Affecting the Security Industry

  • The UK ICO imposed a £2.31 million fine on 23andMe for inadequate security practices resulting in a major data breach affecting genetic data.
  • Paddle.com agreed to a $5 million settlement with the U.S. FTC for facilitating tech-support scams, reinforcing regulatory scrutiny on payment processors involved in fraudulent activities.
  • Iran has implemented internet throttling to disrupt potential cyber operations by foreign adversaries, specifically in response to recent escalations with Israel.