Major Incidents or Breaches

  • Toptal suffered a breach of its GitHub organization account, which was used to publish 10 malicious npm packages. These packages were downloaded approximately 5,000 times, constituting a significant software supply chain attack.
  • France’s state-owned defense firm Naval Group is investigating a cyberattack after 1TB of allegedly stolen data was leaked on a hacking forum.
  • Allianz Life confirmed a data breach impacting the majority of its 1.4 million US customers, including compromised information of customers, financial professionals, and employees.
  • NASCAR disclosed that personal information, including names and Social Security numbers, was stolen in an April 2025 ransomware attack.
  • The Tea app breach expanded, with a second database leak exposing 1.1 million private user messages and data being circulated on hacking forums.
  • Lovense’s connected sex toy app is vulnerable to a flaw that exposes user email addresses, putting users at risk of doxxing.
  • Endgame Gear’s OP1w 4k v2 mouse configuration tool was infected with malware and distributed via the official website between June 26 and July 9, 2025.
  • The US Energy Department, including its National Nuclear Security Administration, was listed among recent high-profile attacks according to threat intelligence bulletins.

Newly Discovered Vulnerabilities

  • A critical unauthenticated remote code execution vulnerability (CVE-2025-20281) in Cisco Identity Services Engine (ISE) has a complete public exploit chain and is being actively exploited.
  • Multiple vulnerabilities in PaperCut NG/MF print management software, including a remote code execution vulnerability via cross-site request forgery (CSRF), have been added to CISA’s Known Exploited Vulnerabilities catalog amid active exploitation.
  • A vulnerability in Google’s Gemini CLI AI coding assistant allowed silent execution of malicious code and data exfiltration via allowlisted programs.
  • Microsoft disclosed a macOS vulnerability (“Sploitlight”) that could bypass Transparency, Consent, and Control (TCC) checks, exposing sensitive user data, including Apple Intelligence cache.
  • The Post SMTP WordPress plugin (400,000+ installations) is affected by a critical flaw allowing website takeover; approximately half of affected sites remain unpatched.

Notable Threat Actor Activity

  • The BlackSuit ransomware group has been disrupted by law enforcement, with former members forming a new double-extortion group under the name Chaos ransomware.
  • Scattered Spider, a financially motivated threat actor, is shifting tactics to target VMware vSphere environments directly, deploying ransomware from the hypervisor rather than through Active Directory.
  • Ukrainian and Belarusian hacker groups claimed responsibility for a cyberattack on Russian airline Aeroflot, resulting in the cancellation of over 100 flights.
  • A new infostealer malware, Shuyal Stealer, is targeting credentials and system data from 19 different browsers, including privacy-focused options, and demonstrates advanced evasion techniques.

Trends, Tools, or Tactics of Interest

  • Software supply chain attacks remain prevalent, as demonstrated by the Toptal npm incident and malware distribution via legitimate software tools (Endgame Gear).
  • Exposed API documentation continues to be a significant risk; the free Autoswagger tool was released to help identify and remediate API endpoint flaws.
  • Agentic AI and deepfake creation are rapidly advancing, increasing risks for identity fraud, disinformation, and targeted attacks.
  • The use of ransomware from virtualisation platforms (VMware vSphere) is an emerging tactic among financially motivated groups.
  • A trend of exploiting vulnerabilities in widely used plugins and platforms (WordPress, PaperCut, SharePoint) is ongoing, with rapid exploitation following disclosure.
  • The prevalence of data breaches involving large user databases highlights ongoing risks associated with third-party applications and cloud-based services.

Regulatory or Policy Developments

  • CISA updated its Known Exploited Vulnerabilities catalog to include actively exploited flaws in PaperCut NG/MF.
  • Microsoft announced end of support for Windows 11 22H2 editions effective 14 October 2025.
  • The Internet Archive has become an official US federal depository library, expanding public access to government documents.
  • Adobe appointed Aanchal Gupta as Chief Security Officer.