Major Incidents or Breaches

  • The ShinyHunters extortion group has been linked to data breaches at Qantas, Allianz Life, LVMH, and Adidas, using voice phishing attacks to steal data from Salesforce environments.
  • SafePay ransomware group claims to have stolen 3.5TB of data from Ingram Micro and is threatening to leak the data.
  • Telecom provider Orange suffered a cyberattack resulting in service disruptions for both corporate and individual customers.
  • The UNC2891 (LightBasin) threat group attempted a physical intrusion by planting a 4G-equipped Raspberry Pi on a bank’s network during a failed ATM heist.
  • The City of Saint Paul, Minnesota, called in the National Guard to respond to a cyberattack.
  • The National Treasury of South Africa and several other organisations were compromised in mass exploits of on-premises Microsoft SharePoint servers.
  • A U.S.-based chemicals company was breached via exploitation of a SAP NetWeaver vulnerability, leading to deployment of the Auto-Color backdoor.
  • The Python Software Foundation warned that attackers are using a fake PyPI website to phish for developer credentials.
  • Over 250 fake mobile apps targeting Koreans have been used to deploy spyware and conduct blackmail campaigns.
  • Discord and other social platforms are being flooded with fraudulent online gaming and wagering sites, which lure users and steal funds.

Newly Discovered Vulnerabilities

  • Apple released security updates for iOS, iPadOS, and Safari, patching 29 vulnerabilities, including a WebKit flaw that was exploited as a zero-day in Google Chrome.
  • Lenovo issued UEFI firmware updates to address high-severity BIOS flaws enabling Secure Boot bypass in certain desktop models.
  • Critical, now-patched vulnerabilities in Dahua smart camera firmware could allow remote hijacking via ONVIF and file upload exploits.
  • Researchers disclosed a critical authentication bypass in the Vibe coding platform Base44, which exposed private enterprise applications; Wix patched the issue.
  • A critical unauthenticated arbitrary file upload vulnerability in the WordPress ‘Alone’ theme is being actively exploited for remote code execution and full site takeovers.

Notable Threat Actor Activity

  • Cobalt Strike Beacon is being delivered via social media, Microsoft Learn Challenge, Quora, and GitHub in a campaign targeting Russian entities.
  • Hackers are distributing JSCEAL malware through Facebook ads promoting fake cryptocurrency trading apps, using compiled V8 JavaScript to capture sensitive data.
  • Chinese state-sponsored group Silk Typhoon (Hafnium) is linked to over 15 technology patents for cyber espionage tools, highlighting PRC-backed contractor involvement.
  • Scattered Spider’s activity has decreased following recent arrests, but their social engineering and backup targeting tactics are being adopted by other financially motivated actors.

Trends, Tools, or Tactics of Interest

  • Device Bound Session Credentials (DBSC) launched in open beta in Google Chrome to protect against session cookie theft.
  • A new attack vector allows threat actors to use malicious browser extensions to inject prompts into popular generative AI tools, including ChatGPT and Gemini (“Man in the Prompt” attack).
  • AI adoption in vCISO services is rapidly increasing, with a reported 68% reduction in workload and tripling of adoption rates among MSPs and MSSPs.
  • VPN usage in the UK is rising sharply in response to age verification controls mandated by the Online Safety Act.
  • Security awareness training and tools, such as KnowBe4’s Phish Alert Button, can significantly increase employee phishing reporting rates, as evidenced by a 50-fold increase in a large retail organisation.
  • Fraudsters are exploiting Discord and social media to promote sophisticated scam gaming sites.
  • Mass exploitation of on-premises Microsoft SharePoint servers continues to impact organisations, particularly in Africa.
  • Threat actors are using phishing with fake PyPI sites to target software developers and steal credentials.

Regulatory or Policy Developments

  • The US Senate Committee has advanced the nomination of Sean Plankey to lead the Cybersecurity and Infrastructure Security Agency (CISA).
  • The UK’s Online Safety Act, which mandates age verification on adult sites, is directly influencing a surge in VPN adoption across the region.

Industry Developments

  • Palo Alto Networks announced the acquisition of CyberArk for $25 billion, marking a significant move into the identity security market.
  • BlinkOps raised $50 million for its agentic security automation platform, bringing total funding to $90 million.
  • Legion emerged from stealth with $38 million in funding for its browser-native AI Security Operations Center (SOC) platform.
  • Cyata, an Israeli startup focused on AI agent monitoring and control, raised $8.5 million in funding.
  • The average cost of a data breach in the US has risen to $10.22 million, while the global average has decreased slightly to $4.44 million, according to IBM.