Major Incidents or Breaches

  • The City of Saint Paul, Minnesota, suffered a significant cyberattack, prompting the activation of the National Guard in response to disruptions.
  • French telecommunications giant Orange disclosed a cyberattack after detecting a breached system on its network.
  • Russian airline Aeroflot experienced a cyberattack resulting in the cancellation of over 60 flights and severe delays.
  • Allianz Life reported a data breach impacting the majority of its 1.4 million US customers, exposing sensitive personal information.
  • The Tea Dating Advice app suffered two security incidents, resulting in the leak of approximately 72,000 images and 59,000 additional images from posts, comments, and direct messages, including unauthorized access to private messages.
  • A U.S.-based chemicals company was targeted by attackers exploiting a SAP NetWeaver vulnerability (CVE-2025-31324) to deploy the Linux Auto-Color malware.
  • The FBI seized $2.4 million in Bitcoin from a member of the newly emerged Chaos ransomware operation, linked to cyberattacks and extortion payments in Texas.

Newly Discovered Vulnerabilities

  • A critical access bypass flaw was discovered and patched in the Base44 AI-powered coding platform, which could have allowed unauthorized access to private applications.
  • Lenovo firmware vulnerabilities were identified that enable privilege escalation, code execution, and security bypass, facilitating persistent implant deployment.
  • Apple released updates for iOS, iPadOS, macOS, watchOS, tvOS, and visionOS, addressing a total of 89 vulnerabilities, including significant security issues.
  • A macOS vulnerability was disclosed that could allow bypass of Transparency, Consent, and Control (TCC) protections, exposing cached information such as geolocation and biometric data.
  • Ongoing exploitation of a two-year-old PaperCut vulnerability is enabling remote code execution by threat actors.
  • Researchers continue to observe supply chain attacks leveraging backdoors, poisoned code, and malicious commits in widely used tools including GitHub Actions, Gravity Forms, and npm.

Notable Threat Actor Activity

  • The Chaos ransomware-as-a-service (RaaS) group has emerged, believed to comprise former BlackSuit members following law enforcement takedown of BlackSuit infrastructure. Chaos has demanded $300,000 from U.S. victims and is linked to recent extortion and crypto seizures.
  • The ‘Gunra’ ransomware group has developed a Linux variant, expanding from initial Windows targeting and employing multithreaded encryption.
  • Ongoing phishing campaigns are targeting Python Package Index (PyPI) users with fake verification emails and lookalike domains, aiming to redirect victims to fraudulent PyPI sites.
  • Attackers are exploiting SAP NetWeaver (CVE-2025-31324) to deploy Linux malware in targeted attacks.
  • Cybercriminals are conducting large-scale mobile malware campaigns across Asia, distributing fake apps (dating, social, cloud storage, car service) to steal data and blackmail users.
  • Node.JS is being leveraged by threat actors to launch the JSCeal malware, targeting cryptocurrency applications.

Trends, Tools, or Tactics of Interest

  • Ransomware activity is increasing in sophistication, with 2025 trends highlighting smarter evasion and extortion tactics.
  • Attackers are bypassing “phishing-resistant” authentication methods using downgrade attacks, device-code phishing, and OAuth manipulation.
  • JavaScript injection attacks remain prevalent despite modern frameworks like React, with attackers exploiting prototype pollution and new injection techniques.
  • Browsers are increasingly becoming primary cyberattack vectors, with attackers exploiting both software vulnerabilities and user behavior.
  • Supply chain attacks remain a significant risk, with recent incidents involving poisoned code and malicious commits in popular development tools.
  • Security solutions and investments are focusing on AI-driven SOC analysts, securing LLMs/generative AI, and human risk management platforms.
  • The integration of SecurityCoach with Microsoft Edge for Business aims to bridge security gaps between technical controls and user behavior.

Regulatory or Policy Developments Affecting the Security Industry

  • UK age verification laws for adult content have led to a surge in VPN usage, raising concerns over privacy and the future of open internet access.
  • Google Project Zero reaffirmed its “90+30” vulnerability disclosure policy, emphasizing transparency and timely patching.