Major Incidents or Breaches

  • Ransomware attacks increased by 63% year-over-year in Q2 2025, with 276 publicly disclosed incidents reported.
  • A hacker compromised Amazon’s Q Developer Extension for Visual Studio Code, injecting data-wiping commands into the AI-powered coding agent.
  • Louis Vuitton experienced a data breach impacting customers in multiple countries.
  • Steam’s game publishing platform was abused to distribute info-stealing malware via a pre-release version of a game.
  • UK national Ollie Holman was sentenced to prison for selling over 1,000 phishing kits, causing losses exceeding $134 million.
  • Instagram users are being targeted in a novel phishing campaign leveraging legitimate-looking emails to steal credentials.

Newly Discovered Vulnerabilities

  • Mitel patched a critical authentication bypass vulnerability in its MiVoice MX-ONE enterprise communication platform, which could allow attackers to access user or admin accounts.
  • LG Innotek LNV5110R security cameras are affected by an unauthenticated remote code execution vulnerability; no patch is currently available.
  • A Google Cloud Build vulnerability was disclosed, earning a $30,000 bug bounty.
  • Microsoft removed a compatibility hold blocking Windows 11 2024 Update installations for users of Easy Anti-Cheat, following resolution of a blue screen issue.

Notable Threat Actor Activity

  • The North Korean IT worker scheme remains active; the US sanctioned a North Korean front company and three nationals for fraudulent remote IT work, and an Arizona woman was sentenced to prison for operating a laptop farm enabling North Korean infiltration of over 300 US firms.
  • The Patchwork threat actor is conducting spear-phishing campaigns targeting Turkish defense firms using malicious LNK files to collect strategic intelligence.
  • A cyber espionage campaign dubbed “Operation Caramel” targeted Russian aerospace and defense sectors with the EAGLET backdoor for data exfiltration.
  • The Chinese-nexus group “Fire Ant” targeted virtual environments, exploiting networking and virtualization flaws to breach isolated network segments.
  • Two malware campaigns, Soco404 and Koske, targeted cloud services with cross-platform cryptomining attacks exploiting vulnerabilities and misconfigurations.
  • AI-generated malware, specifically the Koske Linux miner, is being actively deployed, demonstrating advanced features such as persistence and adaptive payload development.

Trends, Tools, or Tactics of Interest

  • Use of generative AI tools developed in China is widespread among employees in the US and UK, often without security team oversight.
  • AI is increasingly being used to develop sophisticated malware, as seen with the Koske Linux miner, which rivals or exceeds traditional human-developed malware.
  • Attackers are leveraging vulnerabilities and misconfigurations in cloud environments for cryptomining operations.
  • Security nudges are being adopted as behavioural interventions but face challenges related to overuse.
  • There is a growing trend of young individuals being recruited into cybercriminal groups, motivated by community, financial gain, and perceived low risk of prosecution.
  • Organisations’ attack surfaces are expanding, increasing exposure to threats.

Regulatory or Policy Developments Affecting the Security Industry

  • The US Department of the Treasury’s OFAC sanctioned a North Korean front company and three nationals for involvement in fraudulent IT worker schemes.
  • The US Department of Justice sentenced an Arizona woman to over eight years in prison for aiding North Korean IT worker infiltration of US companies.
  • The US announced a $15 million reward for information leading to the disruption of North Korea’s illicit IT worker operations.