Major Incidents or Breaches

  • M&S confirmed a significant ransomware attack by DragonForce, initiated via a sophisticated social engineering/impersonation attack.
  • Qantas experienced a data breach resulting in an extortion demand after customer data was stolen from a contact centre.
  • South Korean telecommunications provider SK Telecom suffered a breach exposing 27 million records; the government imposed a monetary penalty and new regulatory requirements.
  • Over 17,000 fake news websites were uncovered globally as part of a large-scale investment fraud campaign (“BaitTrap”).
  • More than 1.7 million installations of malicious Chrome extensions were identified, capable of tracking users, stealing browser activity, and redirecting to unsafe sites.
  • The Anatsa Android banking trojan was distributed via a fake PDF viewer app on Google Play, impacting over 90,000 users, primarily targeting US banks.
  • Russian organisations were targeted by a new Windows spyware dubbed Batavia, used in ongoing espionage campaigns.
  • A supply chain attack compromised the Ethcode Visual Studio Code extension, exposing over 6,000 developers to malicious pull requests.
  • The RondoDox botnet exploited vulnerabilities in TBK DVRs and Four-Faith routers to conscript devices for DDoS attacks.

Newly Discovered Vulnerabilities

  • Microsoft’s July 2025 Patch Tuesday addressed 130–137 vulnerabilities, including a publicly disclosed zero-day in SQL Server. Seventeen bugs are considered high risk, including multiple remote code execution vulnerabilities in Office and SharePoint.
  • Adobe released patches for critical code execution vulnerabilities affecting several products, including After Effects, Audition, Illustrator, and others.
  • SAP patched critical insecure deserialization vulnerabilities in NetWeaver, which could allow remote code execution and full system takeover.
  • Technical details and exploit code for CitrixBleed2 (CVE-2025-5777) in Citrix NetScaler have been released, increasing the risk of exploitation.
  • A new Android “TapTrap” attack was disclosed, using invisible UI tricks to bypass permission systems and trick users into granting sensitive access.

Notable Threat Actor Activity

  • Threat actors repurposed the legitimate Shellter red teaming tool to distribute Lumma Stealer, SectopRAT, Arechclient2, and Rhadamanthys malware, leveraging its AV/EDR evasion features.
  • A suspected Chinese state-sponsored hacker linked to Silk Typhoon (Hafnium) was arrested in Milan, facing charges including wire fraud and unauthorized computer access.
  • Russian organisations faced an ongoing campaign involving the newly identified Batavia Windows spyware.
  • A large-scale operation using Baiting News Sites (BNS) was uncovered, leveraging fake news for investment fraud.
  • RondoDox botnet activity increased, exploiting IoT device vulnerabilities for DDoS.

Trends, Tools, or Tactics of Interest

  • Malicious open source packages increased by 188% year-over-year, with data exfiltration as the most common malware function.
  • Threat actors continue to exploit legitimate security and pen-testing tools (e.g., Shellter) for malware delivery and AV/EDR evasion.
  • Supply chain attacks targeting development environments (e.g., VS Code extensions) remain a significant threat vector.
  • Identity-based attacks in the retail sector are exploiting overprivileged admin roles and neglected vendor tokens.
  • Agentic AI is emerging as a growing attack surface, with increased risk from invisible threats and novel vectors.
  • Human risk management and measurement in security awareness programs remain a focus area for evaluating organisational resilience.

Regulatory or Policy Developments Affecting the Security Industry

  • South Korea imposed regulatory requirements on SK Telecom following a major data breach, in addition to a monetary penalty.
  • SSL/TLS certificate lifespan reduction to 47 days by 2029 is prompting organisations to prepare for operational changes in certificate management.
  • Samsung announced major security and privacy enhancements for its upcoming One UI 8 release on Galaxy smartphones.
  • Microsoft clarified options for extended Windows 10 security updates through October 2026, including free alternatives with certain conditions.