Major Incidents or Breaches

  • Ahold Delhaize, a global food retail chain, disclosed that a ransomware attack in November resulted in a data breach affecting 2.2 million individuals, compromising personal, financial, and health information.
  • Cloudflare successfully mitigated the largest recorded DDoS attack to date.
  • Russian ISPs began throttling access to websites and services protected by Cloudflare as of 9 June 2025, causing widespread inaccessibility.

Newly Discovered Vulnerabilities

  • A critical vulnerability in NetScaler ADC and Gateway, dubbed “Citrix Bleed 2” (CVE-2025-5777), is now believed to be actively exploited. This flaw allows attackers to maintain undetected access for extended periods.
  • Researchers identified security weaknesses in aftermarket smart tractor steering systems, allowing potential full takeover and surveillance of connected tractors.

Notable Threat Actor Activity

  • Over 1,000 SOHO devices have been compromised in China-linked “LapDogs” cyber espionage operations.
  • Mustang Panda, a China-based threat actor, conducted a targeted cyber espionage campaign against the Tibetan community using spear-phishing and custom malware (PUBLOAD and Pubshell).
  • The Chinese group “Silver Fox” has been observed using fake websites mimicking popular software to distribute Sainbox RAT and the Hidden rootkit, targeting users in China and Japan.
  • Scattered Spider hackers have shifted their targeting to aviation and transportation sectors after previously attacking insurance and retail. In a recent incident, they accessed CyberArk vaults, extracted over 1,400 secrets, and compromised Azure, VMware, and Snowflake environments.
  • Increased scanning activity targeting Progress MOVEit Transfer systems has been detected since 27 May 2025, indicating preparation for further exploitation of known CVEs.

Trends, Tools, or Tactics of Interest

  • 64% of US C-suite executives in cybersecurity or data center roles cite data breaches and ransomware as the top threats for the next decade.
  • Threat actors are increasingly leveraging fake websites and spear-phishing with regionally relevant topics to deliver custom malware in espionage campaigns.
  • Security operations centers are under pressure due to increasingly complex threats and stagnant budgets, prompting interest in agentic AI SOC analysts.
  • There is a noted increase in the scale and sophistication of DDoS attacks.
  • The US is reported to be lagging behind China in exploit production capabilities.
  • Researchers allege that VPN apps from Apple and Google app stores may be enabling surveillance by Chinese authorities.

Regulatory or Policy Developments Affecting the Security Industry

  • The US Supreme Court upheld the constitutionality of Texas’ age verification law for explicit websites, setting a precedent for similar regulatory measures.