Major Incidents or Breaches

  • A Florida correctional institution inadvertently leaked the names, email addresses, and telephone numbers of all facility visitors to every inmate.
  • North Korea-linked threat actor UNC4899 targeted two organizations to steal millions in cryptocurrency by luring employees via LinkedIn and Telegram, leveraging cloud account access and malware.
  • Financially motivated threat actor UNC2891 breached ATM networks using a 4G-equipped Raspberry Pi device and attempted to deploy the CAKETAP rootkit for fraudulent activity.

Newly Discovered Vulnerabilities

  • Multiple critical and high-severity vulnerabilities were patched in Honeywell Experion PKS, an industrial process control and automation product, which could have allowed manipulation of industrial processes.
  • Malicious connectors in Microsoft 365 were highlighted as a serious and growing email threat vector, potentially impacting hundreds of millions of users.

Notable Threat Actor Activity

  • The Russian state-affiliated group Secret Blizzard (also known as Turla) was observed using adversary-in-the-middle (AitM) attacks at the ISP level to deploy malware against foreign embassies in Moscow, leveraging local ISP access to intercept and manipulate web traffic.
  • Scattered Spider, a threat actor known for social engineering, continues to use techniques that mimic legitimate IT support to gain access to target networks, as noted in a recent CISA advisory update.
  • SentinelLabs reported links between Chinese state-sponsored hackers and Chinese companies developing intrusion tools used in offensive operations.

Trends, Tools, or Tactics of Interest

  • Researchers identified a multi-layer redirect phishing tactic targeting Microsoft 365 users, which abuses link wrapping services from Proofpoint and Intermedia to bypass security defenses and steal login credentials.
  • ClickFix and FileFix were profiled as social engineering attacks that start in the browser and use clipboard or File Explorer hijacking to deliver malware.
  • Analysis revealed that in approximately 80% of cases, spikes in malicious activity such as network reconnaissance and targeted scanning precede the public disclosure of new security vulnerabilities (CVEs).
  • LayerX demonstrated that browser extensions can be exploited to compromise generative AI tools via a technique dubbed ‘man-in-the-prompt’, posing a significant risk to sensitive data.
  • BrainDamage, a new payload generator and encrypted shell stager toolkit, was released for red team operations, focusing on stealth and remote command delivery.
  • Kali Linux is now supported in Apple containers on macOS Sequoia, expanding virtualization options for security professionals.
  • CISA released Thorium, an open-source platform for malware and forensic analysis, aimed at supporting containment and eviction during incident response.
  • The Gartner 2025 Magic Quadrant highlights increasing adoption of AI-driven solutions in endpoint security to address complex and growing threats.
  • Security Operations Centers are experiencing alert fatigue and data overload, with traditional SIEMs struggling to keep pace with increasing log volumes and complexity.
  • Proton launched a free, standalone, cross-platform two-factor authentication app, Proton Authenticator.

Regulatory or Policy Developments Affecting the Security Industry

  • Microsoft announced that, between October 2025 and July 2026, it will disable external workbook links to blocked file types by default in Excel.
  • Microsoft expanded its .NET and ASP.NET Core bug bounty program, offering rewards of up to $40,000 for eligible vulnerabilities.
  • Meta is sponsoring the Pwn2Own Ireland 2025 hacking competition, offering up to $1 million for a successful WhatsApp exploit.
  • The Trump Administration, in collaboration with 60 companies, is developing a plan for Americans to voluntarily upload their healthcare and medical data.
  • Significant funding rounds were announced: Noma Security raised $100 million for AI agent security solutions, Wallarm raised $55 million for API security, and Reach Security received $10 million for AI-driven exposure management solutions.