Major Incidents or Breaches

  • Google has suffered a data breach as part of an ongoing campaign targeting Salesforce CRM data, attributed to the ShinyHunters extortion group. Several major companies have been impacted by this wave of attacks.
  • DaVita has notified over 1 million individuals that their personal and health information was stolen in a ransomware attack.
  • WhatsApp has taken down 6.8 million accounts linked to criminal scam centres, with Meta attributing the activity to a scam centre in Cambodia.
  • A hacker, Chukwuemeka Victor Amachukwu, has been extradited from France to the US for spearphishing attacks on US tax preparers, resulting in the theft of $3.3 million from taxpayers.

Newly Discovered Vulnerabilities

  • Trend Micro has confirmed active exploitation of critical security flaws (including zero-days) in on-premise Apex One Management Console, with mitigations released. The vulnerabilities have reportedly been exploited by Chinese threat actors.
  • Researchers have uncovered multiple vulnerabilities in Dell’s ControlVault3 firmware (ReVault flaws), impacting over 100 laptop models. These flaws allow attackers to bypass Windows login and install persistent malware.
  • Amazon ECS is affected by a newly discovered “ECScape” flaw, enabling cross-task credential theft and lateral movement within container environments.
  • CyberArk Conjur contained multiple vulnerabilities that could be chained for unauthenticated remote code execution. Patches have been issued.
  • CISA has issued an alert regarding a vulnerability affecting Microsoft Exchange.
  • Security researchers have demonstrated that a single malicious document can exploit weaknesses in OpenAI’s Connectors to extract data from Google Drive without user interaction.
  • Multiple reports from Black Hat USA and DEFCON 2025 highlight that HTTP request smuggling vulnerabilities (notably in HTTP/1.1) remain prevalent and are evolving, with many defences proving inadequate.

Notable Threat Actor Activity

  • The ShinyHunters group is behind the recent wave of Salesforce data theft attacks, including the breach at Google.
  • VexTrio, an ad fraud and subscription scam group, has been distributing fake VPN and spam blocker apps on Apple and Google app stores.
  • The threat actor UAC-0099 is targeting Ukrainian government agencies, defence forces, and enterprises with C# malware delivered via HTA files using court summons lures.
  • Europol, led by French Police, has arrested a 38-year-old administrator of the Russian-language XSS cybercrime forum.

Trends, Tools, or Tactics of Interest

  • Social engineering attacks have surged, with incidents nearly tripling in the first half of 2025 compared to late 2024 (from 6% to 17% of all incidents), per LevelBlue.
  • Akira ransomware and other malware campaigns are abusing legitimate drivers (e.g., Intel CPU tuning/ThrottleStop) to disable antivirus and EDR processes, including Microsoft Defender.
  • A new C2 evasion technique, “Ghost Calls,” uses TURN servers from conferencing apps (Zoom, Microsoft Teams) to tunnel traffic through trusted infrastructure.
  • Security researchers have demonstrated that major enterprise AI assistants (ChatGPT, Copilot, Gemini, Salesforce Einstein) can be manipulated via crafted prompts to exfiltrate or manipulate data.
  • Splunk researchers have developed PLoB, a behavioural fingerprinting system using AI to detect subtle post-login intrusion signals.
  • AI tools are increasingly used to automate security operations: Microsoft launched Project Ire, an autonomous AI agent for malware classification, and Ox Security announced an AI agent that generates code to fix vulnerabilities.
  • AI is significantly reducing workloads for vCISOs (by 68%), with SMBs increasingly relying on virtual CISO services.
  • Sextortion scams remain persistent but are now considered background noise by security professionals.
  • Perplexity AI is reportedly ignoring robots.txt directives and crawling websites regardless of opt-out signals.

Regulatory or Policy Developments Affecting the Security Industry

  • Microsoft paid out a record $17 million in bug bounties over the past 12 months, rewarding 344 security researchers across 59 countries.
  • WhatsApp has introduced a new security feature to help users identify potential scams when added to group chats by unknown contacts.