Major Incidents or Breaches

  • Workday disclosed a data breach resulting from attackers gaining access to a third-party CRM platform, reportedly linked to a wider wave of Salesforce-related attacks targeting multiple organizations.
  • The Canadian House of Commons suffered a data breach, as reported in the latest threat intelligence bulletin.
  • A UK individual was sentenced to 20 months in prison for hacking approximately 3,000 websites.
  • Over 800 N-able N-central servers remain unpatched and exposed to two critical vulnerabilities (CVE-2025-8875 and CVE-2025-8876) that have been actively exploited.
  • US authorities seized $2.8 million in cryptocurrency from a Zeppelin ransomware operator following an indictment.

Newly Discovered Vulnerabilities

  • A new vulnerability (CVE-2025-29824) has been linked to the evolution of the PipeMagic backdoor, with exploitation observed in attacks in Brazil and Saudi Arabia.
  • An internet-wide vulnerability affecting a significant proportion of websites has enabled large-scale DDoS attacks, considered the most significant since 2023.
  • Researchers disclosed a novel 5G attack technique (“Sni5Gect”) that allows attackers to sniff traffic and disrupt services without requiring a malicious base station.

Notable Threat Actor Activity

  • Chinese APT group UAT-7237 has been targeting web hosting firms in Taiwan to gain long-term access to high-value targets.
  • Zeppelin ransomware operator Ianis Antropenko has been indicted in the US, with cryptocurrency assets seized.
  • Malicious packages were discovered in the PyPI and npm repositories, introducing supply chain risks via dependencies that enable persistent access.

Trends, Tools, or Tactics of Interest

  • The PipeMagic backdoor has evolved in its tactics, techniques, and procedures (TTPs) since the RansomExx incident, now leveraging new vulnerabilities for access.
  • Evolving remote access trojans (RATs) are increasingly redefining enterprise security threats, with a focus on unified and behavior-aware detection approaches.
  • A surge in MFA-bombing attacks has been noted, where attackers repeatedly send MFA prompts to users in an attempt to cause confusion and gain unauthorized access.
  • The dual-use tool “LostMyPassword” has been highlighted for its capability to recover account passwords and serve as a rapid credential dumping utility during post-exploitation.
  • Organizations are struggling with security across multi-cloud environments, creating openings for attackers due to inconsistent monitoring and controls.
  • Security researchers have observed NFC-based fraud and Docker backdoors as part of emerging attack vectors.

Regulatory or Policy Developments Affecting the Security Industry

  • A recent ruling by Germany’s Federal Supreme Court has revived the legal debate over browser-based ad blockers, raising concerns that ad blockers could be declared illegal in Germany.
  • The European Union has ongoing cybersecurity funding initiatives aimed at supporting small- and medium-sized enterprises (SMEs) to address evolving threats and compliance requirements.