Major Incidents or Breaches

  • Hackers leaked data stolen from Allianz Life in ongoing Salesforce data theft campaigns, exposing 2.8 million records containing sensitive information on business partners and customers.
  • Over 275 million patient records were breached in the healthcare sector in 2024, primarily due to weak or stolen passwords.
  • Researchers identified Docker images on Docker Hub still containing the XZ Utils backdoor, more than a year after its public disclosure. At least 35 Linux images remain affected, posing ongoing supply chain risks.
  • The U.S. Department of Justice seized approximately $1 million in cryptocurrency from the BlackSuit ransomware gang.
  • Over 3,300 Citrix NetScaler devices remain unpatched against the actively exploited “CitrixBleed 2” vulnerability, leaving organisations at risk of authentication bypass attacks.

Newly Discovered Vulnerabilities

  • Microsoft’s August 2025 Patch Tuesday addressed 107–111 vulnerabilities, including 13–17 rated as critical. One publicly disclosed zero-day vulnerability in Windows Kerberos was patched, alongside several elevation-of-privilege flaws.
  • Adobe released security updates fixing over 60 vulnerabilities across 13 products, including Commerce, Substance, InDesign, FrameMaker, and Dimension.
  • SAP patched a critical vulnerability in S/4HANA as part of its August 2025 security notes.
  • Major industrial control system (ICS) vendors (Siemens, Schneider, Aveva, Honeywell, ABB, Phoenix Contact) issued advisories for code execution vulnerabilities.
  • Citrix NetScaler ADC products are being actively exploited via CVE-2025-6543, a critical security flaw confirmed by the Dutch National Cyber Security Centre (NCSC-NL).
  • A vulnerability in Erlang/OTP (CVE-2025-32433) has been widely exploited in operational technology (OT) networks since early May.
  • A now-patched WinRAR vulnerability has been exploited by at least two separate threat groups.

Notable Threat Actor Activity

  • The Charon ransomware family, employing APT-level evasion tactics, has been deployed in targeted attacks against public sector and aviation organisations in the Middle East. The campaign may be linked to China’s state-sponsored Earth Baxia group.
  • Cybercrime groups ShinyHunters and Scattered Spider have joined forces in data extortion campaigns, initially targeting Salesforce customers, with indications of expansion towards financial services and technology providers. ShinyHunters’ tactics now mirror those of Scattered Spider.
  • The newly identified Curly COMrades APT group has targeted government entities in Georgia and Moldova using custom backdoor malware and NGEN COM hijacking for persistent access.
  • Fortinet SSL VPN devices experienced a significant spike in brute-force attacks globally, with attackers later shifting focus to FortiManager.
  • Researchers report ongoing exploitation of Microsoft Teams in social engineering attacks to facilitate credential theft and malware delivery.

Trends, Tools, or Tactics of Interest

  • Supply chain risks persist as malicious Docker images with the XZ Utils backdoor remain available on Docker Hub.
  • Threat actors continue to abuse business logic flaws and leverage dark web marketplaces to sell enterprise network access, streamlining cybercrime operations.
  • Social engineering remains a prominent attack vector, with attackers exploiting communication platforms (e.g., Microsoft Teams) and using tactics such as tax office or Amazon recall impersonation scams.
  • APT actors are leveraging advanced persistence techniques, such as NGEN COM hijacking and scheduled tasks, to maintain long-term access in targeted environments.
  • The debate between enterprise browsers and secure browser extensions is highlighted as a key consideration for mitigating browser-based risks.
  • Elevation-of-privilege vulnerabilities dominated Microsoft’s August 2025 Patch Tuesday, reflecting ongoing attacker interest in privilege escalation.

Regulatory or Policy Developments Affecting the Security Industry

  • Microsoft announced end-of-support for Windows 11 23H2 Home and Pro editions in November 2025.
  • Android’s protected Kernel-based Virtual Machine (pKVM) achieved SESIP Level 5 security certification, the highest level for IoT and mobile platforms.
  • The Dutch NCSC issued an alert regarding active exploitation of Citrix NetScaler CVE-2025-6543 in critical sectors.
  • Chinese authorities have publicly questioned the security of AI chips from Nvidia and AMD, citing concerns about potential backdoors.