Major Incidents or Breaches

  • Ingram Micro has suffered a global outage affecting its websites and internal systems. Customers have expressed concern that this may be the result of a cyberattack, although the company has not issued an official statement regarding the cause.
  • A hacker has claimed to have stolen and leaked 106GB of data from Spanish telecommunications provider Telefónica. The company has not confirmed the breach.

Newly Discovered Vulnerabilities

  • Two critical vulnerabilities have been disclosed in the Sudo command-line utility for Linux and Unix-like operating systems. These flaws allow local attackers to escalate privileges to root. The vulnerabilities impact major Linux distributions.

Notable Threat Actor Activity

  • Threat actors are exploiting exposed Java Debug Wire Protocol (JDWP) interfaces to execute code remotely and deploy cryptocurrency miners on compromised systems. Additionally, Hpingbot malware is targeting SSH services to launch DDoS attacks.
  • A previously undocumented threat actor, NightEagle (also known as APT-Q-95), has been observed exploiting a Microsoft Exchange zero-day vulnerability to target China’s military and technology sectors.

Trends, Tools, or Tactics of Interest

  • There is increased threat activity leveraging exposed development and debugging interfaces (such as JDWP) for initial access and subsequent crypto mining payload deployment.
  • AI agents and custom generative AI workflows are emerging as potential sources of sensitive data leakage, introducing new risks for enterprises.

Regulatory or Policy Developments Affecting the Security Industry

  • A U.S. court has ordered Google to pay $314 million for misusing Android users’ cellular data by passively transmitting information while devices were idle, without user permission.
  • Taiwan’s National Security Bureau (NSB) has issued a public warning about the security risks associated with Chinese-developed applications including TikTok, Weibo, RedNote (Xiaohongshu), WeChat, and Baidu Cloud, citing concerns over excessive data collection and ties to China.