Major Incidents or Breaches

  • Bouygues Telecom confirmed a data breach affecting 6.4 million customers, exposing personal information.
  • Air France and KLM disclosed a breach via a third-party customer service platform, compromising customer names, email addresses, phone numbers, and other non-financial data.
  • Chanel notified clients of a third-party breach impacting customer data, joining other luxury brands affected by similar incidents.
  • Google, Adidas, and other organisations suffered breaches after employees were tricked via phone calls into granting access to Salesforce data, attributed to ShinyHunters.
  • Mozilla’s Firefox add-on store was targeted by the “GreedyBear” campaign, which uploaded 150 malicious extensions that drained cryptocurrency wallets, stealing an estimated $1 million.
  • TeaOnHer, a dating advice app, was found leaking user personal data.
  • Recent ransomware attacks against SonicWall Gen 7 firewalls with SSL VPN enabled were linked to exploitation of an older, patched vulnerability, not a zero-day.

Newly Discovered Vulnerabilities

  • Microsoft disclosed CVE-2025-53786, a high-severity privilege escalation flaw in on-premise Exchange Server hybrid deployments, allowing attackers to gain elevated privileges in Exchange Online. Both Microsoft and CISA have issued advisories; CISA mandated emergency patching for US federal agencies.
  • Security flaws were reported in Axis Communications video surveillance products, exposing over 6,500 servers to potential remote takeover.
  • Researchers discovered a privilege escalation issue in Amazon ECS, allowing IAM hijacking and cross-resource access via an undocumented protocol.
  • New HTTP request smuggling/desync attacks exploiting HTTP/1.1 vulnerabilities impacted major CDNs and millions of websites.
  • Two malicious npm packages masquerading as WhatsApp developer tools were discovered, containing destructive data-wiping code targeting developer systems.
  • Researchers found that encryption algorithms used in law enforcement and military radios may be easily cracked, potentially allowing eavesdropping.

Notable Threat Actor Activity

  • SocGholish malware operators are utilising Traffic Distribution Systems (Parrot TDS, Keitaro TDS) to redirect users to malicious content, delivering access to ransomware groups including LockBit and Evil Corp.
  • ShinyHunters resurfaced, conducting low-tech social engineering attacks to breach Salesforce data at major corporations.
  • The Silver Fox APT group demonstrated operations blending espionage and cybercrime, attributed to Chinese threat actors.
  • North Korean IT scammers’ operational details were leaked, revealing structured targeting and internal surveillance.
  • Eight ransomware groups, including RansomHub, have adopted a new EDR killer tool, an evolution of EDRKillShifter, to disable endpoint detection and response solutions during attacks.
  • Akira ransomware attacks targeting SonicWall firewalls exploited a known vulnerability, not a zero-day.

Trends, Tools, or Tactics of Interest

  • The FBI warned of attackers sending physical packages containing malicious QR codes (“quishing”) to initiate phishing campaigns via postal mail.
  • Surge in vishing scams, where attackers impersonate service providers offering discounts in exchange for upfront fees.
  • Rise in Python and Go supply chain attacks, with malicious packages discovered that deliver cross-platform malware and trigger remote data wipes.
  • Increased use of AI in both offensive and defensive cloud security operations, with AI now central to evolving attack and defence strategies.
  • 150+ malicious Firefox extensions highlight the ongoing risk in browser extension ecosystems.
  • Clickjacking campaigns on adult sites are being used to manipulate Facebook user engagement.
  • EDR killer tools are being actively distributed across multiple ransomware operations for disabling security controls.

Regulatory or Policy Developments Affecting the Security Industry

  • CISA issued an emergency directive requiring all US Federal Civilian Executive Branch agencies to patch Microsoft Exchange Server CVE-2025-53786 by Monday.
  • The founders of Samourai Wallet pleaded guilty to laundering over $200 million for cybercriminals and agreed to forfeit the proceeds.
  • A court found Meta accessed sensitive health data from the Flo app without user consent.
  • The Alliance for Creativity and Entertainment (ACE) took offline Rare Breed TV, a major illegal IPTV service, following a financial settlement.