Major Incidents or Breaches

  • Century Support Services, a Pennsylvania-based debt settlement firm, disclosed a data breach impacting 160,000 individuals after its systems were compromised in November 2024.
  • US department store chain Belk was targeted by the DragonForce ransomware group, which claims to have stolen over 150GB of data during a May 2025 attack.
  • Abacus Market, a major Western darknet drug marketplace, has gone offline in a suspected exit scam, shutting down its public infrastructure.
  • McDonald’s hiring platform inadvertently exposed data of approximately 64 million job applicants due to the use of default credentials.
  • Several companies in Italy’s Lombardy region suffered business disruption after a Romanian ransomware group known as ‘Diskstation’ attacked NAS devices. The group was dismantled by international law enforcement.

Newly Discovered Vulnerabilities

  • Google released a security update for Chrome version 138, patching its fifth zero-day vulnerability of 2025.
  • Microsoft issued emergency update KB5064489 to address an issue preventing Azure virtual machines from launching when Trusted Launch is disabled and Virtualization-Based Security is enabled.

Notable Threat Actor Activity

  • North Korean threat actors associated with the “Contagious Interview” campaign published 67 malicious packages to the npm registry, delivering the XORIndex malware loader to developer systems.
  • A state-backed group is targeting Southeast Asian government organizations with the novel HazyBeacon Windows backdoor, utilizing AWS Lambda for command-and-control and data exfiltration.
  • Attackers leveraged over 600 domains to distribute a trojanized Telegram Android app, stealing data from Chinese-speaking users, particularly those on older Android versions.
  • A new variant of the Android malware Konfety uses malformed APKs and obfuscation techniques to evade detection and analysis.
  • Threat actors are embedding obfuscated JavaScript in SVG files to enable browser-native redirection to malicious sites.

Trends, Tools, or Tactics of Interest

  • AsyncRAT, an open-source remote access trojan first released in 2019, has proliferated into a complex ecosystem of forks and variants, fueling global cybercrime and democratizing access to malware capabilities.
  • GLOBAL GROUP, a newly emerged ransomware-as-a-service (RaaS) operation, is expanding its activities across Australia, Brazil, Europe, and the United States, employing AI-driven negotiation tools to enhance extortion processes.
  • Cloudflare reported mitigation of 7.3 million DDoS attacks in Q2 2025, with hyper-volumetric attacks reaching a record 7.3 Tbps. The company noted that the total number of DDoS attacks blocked in 2025 has already exceeded the total for 2024.
  • Criminal networks continue to exploit insider vulnerabilities within organizations, adapting rapidly to bypass traditional security measures.
  • Alternate Data Streams (ADS) in NTFS are being used by keylogger malware to hide captured data, providing stealth persistence.
  • AI prompt attacks and the security of agentic AI systems are highlighted as emerging concerns, with risks associated with high-privilege authentication and invisible identity access in automated workflows.

Regulatory or Policy Developments Affecting the Security Industry

  • MITRE launched the AADAPT framework, designed to complement the ATT&CK framework, focusing on detection and response to cyberattacks targeting cryptocurrency assets and financial systems. The framework provides documentation for identifying, investigating, and mitigating weaknesses in digital asset payments.