Major Incidents or Breaches

  • Workday disclosed a data breach after attackers accessed a third-party CRM platform via social engineering, likely linked to the broader Salesforce attacks attributed to the ShinyHunters group. Exposed data was limited to “commonly available” business contact information, with no customer data compromised.
  • The Canadian House of Commons experienced a data breach, as noted in recent threat intelligence reporting.
  • Over 800 N-able N-central servers remain unpatched against two critical vulnerabilities (CVE-2025-8875 and CVE-2025-8876) that have been actively exploited. More than 870 instances are affected globally.
  • Multiple web hosting firms in Taiwan were targeted by Chinese APT group UAT-7237, aiming for long-term access to high-value targets.
  • The US Department of Justice seized $2.8 million in cryptocurrency from a Zeppelin ransomware operator, following an indictment.

Newly Discovered Vulnerabilities

  • A critical Microsoft Windows vulnerability (CVE-2025-29824) was exploited to deploy the PipeMagic backdoor in RansomExx ransomware attacks, with observed activity in Brazil and Saudi Arabia.
  • Researchers disclosed a major internet-wide vulnerability enabling large-scale DDoS attacks, affecting a significant portion of websites since 2023.
  • A novel 5G attack, Sni5Gect, allows attackers to sniff traffic and disrupt networks without requiring a malicious base station.

Notable Threat Actor Activity

  • The Noodlophile malware campaign expanded its global reach, targeting enterprises with spear-phishing emails using copyright complaint lures to deliver information-stealing malware.
  • The source code for ERMAC v3 Android banking trojan was leaked online, exposing details of its malware-as-a-service infrastructure.
  • Chinese APT group UAT-7237 targeted Taiwanese web infrastructure for persistent access to high-value entities.
  • MFA-bombing attacks continue to be reported, with attackers sending repeated multi-factor authentication prompts to coerce user approval.

Trends, Tools, or Tactics of Interest

  • Malicious packages were discovered in both PyPI and npm repositories, leveraging dependencies for supply chain attacks and establishing persistence.
  • The evolution of the PipeMagic backdoor demonstrates ongoing adaptation of TTPs by its operators, with recent exploitation linked to a patched Microsoft Windows vulnerability.
  • Increasing sophistication of RATs (Remote Access Trojans) is prompting calls for more unified, behavior-aware detection approaches.
  • Attackers are leveraging weaknesses in multi-cloud environments due to inconsistent security monitoring and controls.
  • Ongoing phishing campaigns are using fake Gmail security alerts to trick users into account compromise.

Regulatory or Policy Developments Affecting the Security Industry

  • The European Union has made cybersecurity funding available for SMEs, with guidance published on how to access these resources.
  • Mozilla has raised concerns that a recent German Federal Supreme Court ruling could lead to browser-based ad blockers being declared illegal in Germany, potentially impacting privacy and security tools.
  • Wazuh has been highlighted as a tool for regulatory compliance, supporting organizations in meeting data protection and privacy obligations.
  • In the UK, a hacker responsible for compromising 3,000 websites was sentenced to 20 months in prison.