Major Incidents or Breaches

  • Allianz Life confirmed a data breach impacting the majority of its 1.4 million customers, exposing personal information.
  • Steam platform was abused to distribute malware via a pre-release version of a game, leading to infostealer infections.
  • Instagram users are being targeted in a novel phishing campaign using convincing emails to steal credentials.

Newly Discovered Vulnerabilities

  • Over 200,000 WordPress sites are exposed to hijacking attacks due to a vulnerability in the Post SMTP plugin, allowing attackers to take control of administrator accounts.
  • Mitel patched a critical authentication bypass vulnerability in its MiVoice MX-ONE enterprise communication platform, which could allow attackers to access user or admin accounts.
  • LG Innotek LNV5110R security cameras are vulnerable to unauthenticated remote code execution; no patch is available.
  • A Google Cloud Build vulnerability was disclosed, earning a $30,000 bug bounty.
  • ToolShell bugs in Microsoft SharePoint are being actively exploited by cybercriminals and APT groups worldwide.

Notable Threat Actor Activity

  • The North Korean IT worker scheme continues, with the US sanctioning a front company and three individuals involved in fraudulent remote IT work. An Arizona woman was sentenced to over 8 years in prison for running a “laptop farm” that helped North Korean operatives infiltrate over 300 US firms.
  • Patchwork, an APT group, is targeting Turkish defense contractors with spear-phishing campaigns using malicious LNK files to gather strategic intelligence.
  • Chinese cyberespionage group “Fire Ant” is targeting virtualization and networking infrastructure, including VMware environments, to breach isolated network segments.
  • A cyber espionage campaign dubbed “Operation Carpet” is targeting Russian aerospace and defense sectors, deploying the EAGLET backdoor for data exfiltration.
  • Soco404 and Koske malware campaigns are targeting cloud services by exploiting vulnerabilities and misconfigurations to deploy cryptocurrency miners.
  • Koske Linux malware, developed with AI assistance, demonstrates advanced features in payload development, persistence, and adaptability.

Trends, Tools, or Tactics of Interest

  • Ransomware attacks surged by 63% year-over-year in Q2 2025, with 276 publicly disclosed incidents.
  • Increased use of generative AI tools developed in China has been observed among employees in the US and UK, frequently without security team oversight.
  • AI-generated malware, such as Koske, is reaching sophistication levels comparable to or exceeding traditional human-developed malware.
  • Security “nudges” are being increasingly adopted to influence user behavior, though concerns exist about their overuse.
  • Young individuals are being recruited into cybercriminal groups, attracted by community, financial incentives, and a perception of low prosecution risk.
  • Modern phishing kit distribution remains active, with a UK student sentenced for selling over 1,000 kits responsible for over $134 million in losses.
  • Steam games and popular platforms remain a vector for malware delivery, with attackers leveraging pre-release software for distribution.

Regulatory or Policy Developments Affecting the Security Industry

  • The US Department of the Treasury’s OFAC imposed sanctions on a North Korean front company and three individuals for involvement in fraudulent IT worker schemes.
  • The US government announced up to $15 million in rewards for information leading to the disruption of North Korea’s illicit IT operations.
  • Legal actions continue against individuals facilitating North Korean cyber operations, with significant prison sentences handed down.