Major Incidents or Breaches

  • Google patched a vulnerability that allowed malicious Google Calendar invites to hijack Gemini agents on target devices, enabling attackers to leak sensitive user data.
  • Researchers reported that attackers are leveraging Google paid ads to promote fake Tesla websites, potentially leading to credential theft and other fraudulent activities.

Newly Discovered Vulnerabilities

  • WinRAR maintainers released an update addressing an actively exploited zero-day vulnerability (CVE-2025-8088, CVSS 8.8).
  • New attack techniques have been identified that exploit flaws in Windows domain controllers, allowing attackers to leverage public DCs via RPC and LDAP to create DDoS botnets.
  • Researchers disclosed a now-patched Windows Remote Procedure Call (RPC) Endpoint Mapper (EPM) poisoning vulnerability that could be exploited to escalate privileges within a Windows domain.

Notable Threat Actor Activity

  • Threat actors have been observed exploiting the WinRAR zero-day (CVE-2025-8088) in the wild.
  • Malicious actors are using Google paid advertisements to direct users to phishing sites impersonating Tesla.

Trends, Tools, or Tactics of Interest

  • xsshunter-express, a self-hosted tool for capturing and analyzing blind XSS payloads, has been released, offering features such as screenshot capture, DOM dumps, and full attack context.
  • Attackers are increasingly targeting public infrastructure, such as domain controllers, to amplify DDoS attacks.
  • POS (Point-of-Sale) scams involving portable devices remain a concern, with continued reports of theft and fraud using these tools.