Major Incidents or Breaches

  • Cryptocurrency exchange BigONE suffered a security breach resulting in the theft of digital assets valued at $27 million.
  • An adoption agency leaked over 1.1 million records, including names and sensitive information of children, birth parents, and adoptive parents.
  • Chinese state-sponsored group Salt Typhoon breached a U.S. Army National Guard network for nine months in 2024, exfiltrating network configuration files and credentials.
  • Security researchers revealed that poor password practices at Paradox.ai led to the exposure of personal information belonging to millions of job applicants.
  • A vulnerability in Meta AI (now fixed) could have allowed unauthorized access to private chatbot conversations.

Newly Discovered Vulnerabilities

  • Cisco disclosed and patched a critical pre-authentication vulnerability (CVE-2025-20337, CVSS 10) in Identity Services Engine (ISE) and ISE-PIC, allowing unauthenticated remote code execution and file storage.
  • Citrix NetScaler vulnerability “CitrixBleed 2” (CVE-2025-5777) was actively exploited weeks before public proof-of-concept exploits were released.
  • Oracle’s July 2025 Critical Patch Update addressed approximately 200 unique CVEs, with 309 security patches issued.
  • Google released a Chrome update patching six vulnerabilities, including one zero-day.
  • VMware patched four zero-day vulnerabilities in ESXi, Workstation, Fusion, and Tools, which were exploited at Pwn2Own Berlin 2025.
  • A known Apache HTTP Server vulnerability is being exploited to deploy the Linuxsys cryptocurrency miner.

Notable Threat Actor Activity

  • Kaspersky identified “GhostContainer,” a new backdoor targeting Microsoft Exchange servers of high-value organizations in Asia, based on open-source tools.
  • Three previously undocumented Chinese state-sponsored threat actors, as well as a fourth group, targeted Taiwan’s semiconductor sector with spear-phishing, Cobalt Strike, and custom backdoors.
  • Threat actors are distributing Amadey malware and data stealers via malicious payloads hosted on public GitHub repositories to bypass security filters.
  • The Matanbuchus malware loader is being delivered through social engineering over Microsoft Teams voice calls, with attackers impersonating IT helpdesk staff.
  • LameHug malware uses large language models (LLMs) to generate Windows data-theft commands in real time.
  • Europol coordinated an international operation disrupting the infrastructure of the pro-Russian hacktivist group NoName057(16), known for DDoS attacks against Ukraine.
  • Research highlights increased use of DNS records to hide malicious code and conduct prompt injection attacks against chatbots.

Trends, Tools, or Tactics of Interest

  • PsMapExec, a new PowerShell-based tool, has been released for enumeration and lateral movement, supporting WinRM and SMB operations.
  • Security gaps in printer firmware and endpoint vetting are being increasingly targeted by attackers.
  • There is a rise in browser-based AI agent attacks, with security vendors emphasizing AI-first protection strategies.
  • AI-driven malware, such as LameHug, and the exploitation of AI tools for malicious purposes are emerging trends.
  • Cloud attack surface management and continuous threat exposure management (CTEM) are being discussed as alternatives to traditional vulnerability management.
  • Massistant, a mobile forensics tool used by Chinese law enforcement, is capable of collecting user information, files, and location data from confiscated devices.

Regulatory or Policy Developments Affecting the Security Industry

  • Google has filed a lawsuit against operators of the BadBox 2.0 Android malware botnet, which infected 10 million devices and ran a global ad fraud scheme.
  • A settlement was reached in the class action lawsuit against Meta over the Cambridge Analytica incident; details remain undisclosed.
  • WeTransfer has retracted a clause that would have allowed the company to train AI models on user-uploaded files, following user backlash.
  • An Armenian national was extradited to the US and faces charges related to the Ryuk ransomware operation.