Major Incidents or Breaches

  • Steel producer Nucor confirmed that data was stolen during a cyberattack first disclosed in May. Systems were taken offline to investigate and contain malicious activity.
  • AT&T is settling a data breach affecting millions of customers, offering compensation to those impacted.
  • Trezor warned users of a phishing campaign abusing its official support platform to send deceptive emails aimed at stealing cryptocurrency.
  • Threat actors have distributed a trojanized version of SonicWall’s NetExtender SSL VPN client, designed to steal VPN credentials.
  • Over 70 Microsoft Exchange servers were targeted by unidentified threat actors who injected malicious code into login pages to harvest credentials.

Newly Discovered Vulnerabilities

  • Misconfigured Docker APIs are being exploited in an active campaign, leveraging the Tor network to mine cryptocurrency on vulnerable environments.
  • Researchers detailed two new methods to disrupt cryptocurrency mining botnets by exploiting weaknesses in mining topologies, specifically using bad shares and the XMRogue technique.
  • A new attack method, FileFix, weaponizes Windows File Explorer’s address bar to trick users into executing stealthy PowerShell commands via social engineering.

Notable Threat Actor Activity

  • Russia-linked APT28 (UAC-0001) is conducting a campaign in Ukraine using Signal chat messages to deliver BEARDSHELL malware and COVENANT.
  • Chinese state-sponsored actor Salt Typhoon targeted a Canadian telecommunications company in February via a Cisco vulnerability, as part of a wider campaign against global telecoms.
  • The China-nexus “LapDogs” network is operating a large-scale cyber-espionage infrastructure using backdoored SOHO devices in the US and Southeast Asia.

Trends, Tools, or Tactics of Interest

  • Continuous Penetration Testing (CPT) is highlighted as an emerging model, providing ongoing security assessments that better mimic real-world attacker behavior compared to legacy, periodic pentests.
  • Botnets continue to evolve brute-force techniques for SSH and telnet, as evidenced by new username patterns observed in honeypot data.
  • Online scams, ransomware, business email compromise, and digital sextortion are surging in East and West Africa, now accounting for over 30% of all reported crime in those regions.

Regulatory or Policy Developments Affecting the Security Industry

  • The U.S. House of Representatives has banned the use of WhatsApp on official devices for congressional staff, citing concerns over data security and encryption practices.
  • Microsoft has extended Windows 10 Extended Security Updates (ESU) for an additional year, allowing users to enroll for $30, via cloud sync, or by redeeming Microsoft Rewards points.
  • The United States Embassy in India now requires F, M, and J visa applicants to set their social media accounts to public for verification purposes.