Major Incidents or Breaches

  • UK retailer Co-op confirmed the theft of personal data belonging to 6.5 million members following a major cyberattack in April, which also disrupted operations and caused food shortages.
  • Louis Vuitton disclosed that customer data breaches in the UK, South Korea, and Turkey are linked to a single security incident, reportedly associated with the ShinyHunters group.
  • United Natural Foods, Inc. (UNFI) projected up to $400 million in sales impact and $50–$60 million in net income loss due to a June cyberattack that disrupted operations, with insurance expected to cover most losses.
  • Compumedics, a medical technology company, suffered a ransomware attack by the VanHelsing group, resulting in the theft of files affecting 318,000 individuals.
  • An adoption agency left 1.1 million sensitive records of children and parents exposed on the open web due to a data misconfiguration.
  • A former US Army colonel leaked national secrets via a foreign dating app after being targeted by a scammer.
  • Amazon warned 200 million Prime customers about an ongoing phishing campaign targeting their login credentials.

Newly Discovered Vulnerabilities

  • Cisco disclosed a critical vulnerability in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that allows unauthenticated attackers to execute code as root.
  • Google released a critical Chrome update addressing six vulnerabilities, including CVE-2025-6558, a high-severity sandbox escape zero-day exploited in the wild.
  • Researchers identified a critical design flaw in delegated Managed Service Accounts (dMSAs) in Windows Server 2025, enabling cross-domain attacks and persistent access.
  • Oracle patched a critical bug in its Cloud Code Editor that could allow attackers to compromise the full suite of developer tools in Oracle Cloud Infrastructure.
  • Public exploits for a recently patched remote code execution vulnerability in Fortinet FortiWeb are suspected to be linked to ongoing attacks involving web shells on exposed instances.
  • Google’s AI-driven “Big Sleep” framework discovered and blocked exploitation of a critical SQLite vulnerability before it was weaponised.

Notable Threat Actor Activity

  • Threat cluster UNC6148 is exploiting a likely zero-day vulnerability to deploy the OVERSTEP backdoor and rootkit on fully patched, end-of-life SonicWall SMA 100 series appliances. The campaign is financially motivated and has suspected ties to the Abyss ransomware group.
  • The pro-Russian hacktivist group NoName057(16), responsible for DDoS attacks on European and NATO-related targets, had its infrastructure disrupted in an international law enforcement operation coordinated by Europol (Operation Eastwood).
  • The VanHelsing ransomware group was identified as responsible for the Compumedics breach.
  • Chinese APT group Salt Typhoon (aka APT41) compromised a US National Guard unit’s network, accessing internal and inter-unit communications.
  • A former US Army soldier pleaded guilty to hacking and extorting at least ten US tech and telecom companies, including AT&T and Verizon.
  • Matanbuchus 3.0, a new variant of the malware loader, is being distributed via Microsoft Teams and features enhanced evasion techniques, including EDR detection and DNS-based C2 communication.

Trends, Tools, or Tactics of Interest

  • Manufacturing remains a prime target for cyberattacks in Europe due to increased digital connectivity and automation.
  • Attackers are engineering phishing campaigns to bypass secure email gateways, using advanced tactics to evade perimeter detection.
  • AI-driven social engineering attacks are increasing in sophistication, leveraging deepfakes, fake recruiters, and cloned executive personas for targeted campaigns.
  • The new Konfety Android malware variant uses APK manipulation and dynamic code loading, combined with the evil twin Wi-Fi technique, to evade detection and commit ad fraud.
  • Free file sharing services continue to be abused for data exfiltration, as evidenced by recent malicious samples using platforms like catbox.moe.
  • Organizations are rapidly integrating AI into security workflows, but concerns remain over AI agents’ elevated privileges and the need for identity-first security controls.
  • Matanbuchus 3.0’s use of advanced stealth features and delivery via collaboration platforms highlights an ongoing trend of leveraging trusted business tools for initial access.
  • There is a growing emphasis on aligning cybersecurity budgets with measurable risk reduction and financial impact.

Regulatory or Policy Developments Affecting the Security Industry

  • Europol’s Operation Eastwood demonstrates continued international cooperation in disrupting cybercriminal infrastructure, particularly pro-Russian hacktivist operations targeting critical infrastructure and NATO-aligned entities.
  • Cambodia conducted a major anti-cybercrime operation, arresting more than 1,000 suspects in coordinated raids across multiple provinces.
  • The US Department of Homeland Security faces renewed scrutiny over the collection and retention of DNA from approximately 133,000 migrant children, raising privacy and civil liberties concerns.