Major Incidents or Breaches

  • WineLab, the largest alcohol retailer in Russia, has closed stores following a ransomware attack that disrupted operations and customer purchases.
  • Radiology Associates of Richmond disclosed a data breach impacting 1.4 million individuals’ protected health and personal information.
  • Anne Arundel Dermatology reported a data breach affecting 1.9 million people, with hackers having access to systems for three months and potentially exfiltrating personal and health information.
  • Thousands of spoofed news sites (over 17,000) are being used to push investment fraud scams, per CTM360.
  • Arch Linux removed three malicious AUR packages that installed the CHAOS RAT on Linux devices.
  • A powerful US law firm was reportedly hacked by Chinese threat actors.
  • CitrixBleed 2 vulnerability in NetScaler has led to compromises at 100 organizations, with thousands of instances still vulnerable even after patching.
  • Veeam users have been targeted by a phishing campaign using voicemail-themed emails with malicious .wav file attachments.
  • Meta executives settled an $8 billion shareholder lawsuit over alleged disregard for privacy regulations.

Newly Discovered Vulnerabilities

  • A zero-day vulnerability (CVE-2025-54309) in CrushFTP is being actively exploited to hijack servers by gaining administrative access via the web interface.
  • A critical privilege escalation vulnerability in the NVIDIA Container Toolkit (NVIDIAScape) allows container escape and full host control, posing a risk to AI cloud services.
  • Fortinet FortiWeb is being exploited in the wild after a proof-of-concept for a recent critical vulnerability was published.
  • A vulnerability in the TeleMessage Signal clone app (CVE-2025-48927) is under active exploitation, allowing attackers to retrieve usernames, passwords, and sensitive data.
  • Symantec product flaw disclosed, though details are limited in the initial report.

Notable Threat Actor Activity

  • The UK National Cyber Security Centre (NCSC) formally attributed the ‘Authentic Antics’ credential-stealing malware targeting Microsoft 365 users to APT28 (Fancy Bear), linked to Russia’s GRU.
  • CERT-UA reported a phishing campaign delivering LAMEHUG malware, attributed to APT28, notable for using large language models (LLMs) to craft phishing content.
  • UNG0002 (Unknown Group 0002) conducted cyber espionage campaigns targeting multiple sectors in China, Hong Kong, and Pakistan, using LNK files and remote access trojans (RATs).
  • Google has filed suit against 25 Chinese entities for allegedly operating the BADBOX 2.0 botnet, which infected over 10 million Android devices and established a large-scale residential proxy network.
  • Hackers are actively scanning for and exploiting vulnerabilities in the TeleMessage SGNL app.
  • Chinese law enforcement is reportedly using the Massistant mobile forensics tool to extract SMS, GPS data, and images from confiscated phones.
  • Cryptocurrency thieves are reportedly bypassing FIDO keys in attacks.

Trends, Tools, or Tactics of Interest

  • Fraud-as-a-service operations are being accelerated by generative AI, enabling large-scale, more sophisticated fraud campaigns.
  • Investment scams are being distributed via large-scale spoofed news sites, indicating increased use of fake media infrastructure.
  • Phishing campaigns leveraging voicemail-themed emails and malicious attachments remain prevalent.
  • Ransomware attacks continue to disrupt business operations and public services, as seen in the WineLab and healthcare sector incidents.
  • IT leaders are shifting focus from traditional backup to broader cyber resilience strategies in response to escalating ransomware threats.
  • Free decryptors for Phobos and 8base ransomware have been released by Japanese police, enabling victims to recover files without paying ransoms.
  • AI-native email security solutions are emerging, with StrongestLayer launching from stealth with $5.2 million in seed funding.

Regulatory or Policy Developments Affecting the Security Industry

  • The US Federal Trade Commission (FTC) issued an advisory warning about job scams impersonating well-known companies.
  • Meta has agreed to pay $8 billion to settle a shareholder lawsuit over alleged privacy regulation violations.
  • Google’s legal action in New York federal court targets operators of the BADBOX 2.0 botnet, seeking to disrupt large-scale Android malware distribution.