Major Incidents or Breaches

  • Satellite communications provider Viasat was breached by China’s Salt Typhoon cyber-espionage group, which has previously targeted multiple telecom providers in the United States and abroad.
  • Krispy Kreme confirmed that personal information of over 160,000 individuals was stolen in a cyberattack that occurred in November 2024.
  • Paragon’s commercial spyware “Graphite” was used to target at least two prominent European journalists, attributed to an unnamed customer.

Notable Threat Actor Activity

  • The Russian state-linked group APT29 has been observed exploiting Google account application-specific passwords to bypass two-factor authentication in targeted phishing campaigns.
  • BlueNoroff, a North Korea-aligned threat actor, targeted a Web3 sector employee using deepfaked Zoom calls impersonating company executives to deliver a macOS backdoor malware.
  • China’s Salt Typhoon group was responsible for the breach at Viasat, continuing their focus on telecom sector cyber-espionage.

Newly Discovered Vulnerabilities

  • Researchers have detailed a surge in Android malware, notably the AntiDot campaign, which compromised over 3,775 devices across 273 campaigns using overlays, virtualization fraud, and NFC theft.
  • A new version of the Godfather Android malware now uses virtualization to create isolated environments on mobile devices, enabling it to hijack legitimate banking apps and steal account data and transactions.

Trends, Tools, or Tactics of Interest

  • “Living Off Trusted Sites” (LOTS) attacks are increasingly common, with threat actors leveraging trusted tools and websites to evade detection and execute attacks.
  • Scammers are increasingly injecting false support information into legitimate websites via search parameter manipulation, tricking users into contacting fraudulent support channels.
  • DuckDuckGo has expanded its Scam Blocker to protect users from a wider array of online scams, including fake e-commerce stores, cryptocurrency exchanges, and scareware.
  • AI-generated code, referred to as “vibe coding,” is introducing new risks, including “silent knowledge gaps,” as natural language is used to create software.
  • There is a continued trend of credential theft being a primary vector for network breaches, as highlighted by recent webinars and the Verizon 2025 DBIR.
  • Reports confirm that the widely publicized “16 billion credentials leak” is not a new breach, but rather a compilation of previously leaked credentials.
  • Commercial spyware continues to be deployed against high-profile targets, such as journalists, raising concerns about surveillance and privacy.

Regulatory or Policy Developments Affecting the Security Industry

  • Microsoft announced new security defaults for Windows 365 Cloud PCs, set to take effect in the second half of 2025 for newly provisioned and reprovisioned Cloud PCs.
  • The U.S. Department of Justice seized over $225 million in cryptocurrency linked to investment fraud and money laundering operations, marking the largest crypto seizure in the history of the U.S. Secret Service.
  • Facebook is preparing to introduce passkey support, enabling passwordless authentication for users, which could have implications for account security and user authentication practices.