Major Incidents or Breaches

  • Chanel has suffered a data breach as part of a broader wave of attacks targeting Salesforce data, joining other organisations affected by this campaign.
  • Northwest Radiologists disclosed a data breach impacting 350,000 individuals, with personal information stolen in an incident dating back to January 2025.
  • Russia’s largest airline, Aeroflot, was reportedly attacked, according to Check Point’s latest threat intelligence report.

Newly Discovered Vulnerabilities

  • SonicWall is investigating a potential zero-day vulnerability in its SSL VPN devices after a surge in targeted attacks, notably by the Akira ransomware group.
  • NVIDIA patched multiple critical vulnerabilities in its Triton Inference Server for Windows and Linux. These flaws could allow unauthenticated remote code execution, model theft, data leaks, and response manipulation on AI servers.
  • A previously undocumented Linux backdoor, dubbed “Plague,” was discovered. The malware, implemented as a malicious PAM module, enables persistent SSH access, bypasses authentication, and removes traces of SSH sessions. It is reported to have evaded detection for over a year.
  • Proton fixed a vulnerability in its Authenticator iOS app where TOTP secrets were logged in plaintext, potentially exposing multi-factor authentication codes.
  • Several vulnerabilities were patched in the AI code editor Cursor, which previously allowed attackers to modify sensitive MCP files and execute arbitrary code without user approval.

Notable Threat Actor Activity

  • Vietnamese threat actors are distributing a Python-based information stealer known as PXA Stealer. The campaign has compromised over 4,000 IP addresses and stolen 200,000 passwords globally.
  • Akira ransomware operators have escalated attacks using SonicWall SSL VPN devices, leveraging a suspected zero-day for initial access.
  • Ransomware gangs are exploiting a Microsoft SharePoint vulnerability chain, resulting in breaches of at least 148 organisations.
  • North Korean IT workers continue to seek fraudulent employment at Western companies, as highlighted in a new FBI advisory.
  • The “ClickTok” campaign is targeting TikTok Shop users with phishing and trojanised apps, leading to crypto wallet theft and spyware infections.
  • Mozilla warned of an ongoing phishing campaign targeting add-on developers via its official AMO repository.

Trends, Tools, or Tactics of Interest

  • Attackers are leveraging Microsoft Teams calls for social engineering, convincing users to install the Matanbuchus malware loader, which is often a precursor to ransomware deployment.
  • Threat actors are increasingly utilising generative AI tools to enhance offensive cyber operations, including social engineering and malware development.
  • Recent malware campaigns are adopting advanced evasion techniques, such as blending into legitimate developer workflows and documenting themselves to appear benign.
  • The proliferation of shadow IT remains a concern, with employees installing unauthorised plugins and tools, increasing organisational risk.
  • Cisco demonstrated that AI guardrails can be bypassed, allowing sensitive data to be extracted from chatbots trained on proprietary content.

Regulatory or Policy Developments Affecting the Security Industry

  • CISA and FEMA announced over $100 million in grants to help US states, tribes, and localities enhance cybersecurity resilience.
  • Illumina agreed to a $9.8 million settlement over allegations that its gene sequencing products supplied to the US government contained cybersecurity vulnerabilities.
  • Sean Cairncross has been confirmed by the US Senate as National Cyber Director.
  • Darktrace has acquired Mira Security, contributing to ongoing consolidation in the cybersecurity sector, with 44 M&A deals announced in July 2025.