Major Incidents or Breaches

  • DaVita, a kidney dialysis provider, confirmed a ransomware attack resulted in the theft of personal and health information for nearly 2.7 million individuals.
  • CPAP Medical Supplies and Services disclosed a data breach stemming from a December 2024 intrusion, impacting approximately 90,000 people.
  • Over 300 entities were targeted between June and August in a new campaign using the Atomic macOS Stealer, delivered via malvertising.
  • A clickjacking attack capable of stealing credentials from browser-integrated password managers was disclosed.
  • Grok AI chat logs intended to be private were indexed by Google Search, exposing user conversations to the public web.

Newly Discovered Vulnerabilities

  • Apple released a patch for a zero-day vulnerability (CVE-2025-43300) exploited in targeted attacks, likely linked to spyware or nation-state actors.
  • A vulnerability in Dell laptops’ ReVault control board allowed attackers to gain access down to the device firmware.
  • AWS addressed a flaw in Trusted Advisor that allowed unprotected S3 buckets to be incorrectly reported as secure.
  • Microsoft confirmed that August 2025 Windows updates are causing severe lag and stuttering issues with NDI streaming software on Windows 10 and 11.
  • MITRE updated its list of Most Important Hardware Weaknesses to reflect current hardware security risks.

Notable Threat Actor Activity

  • Chinese APT group Murky Panda (Silk Typhoon) exploited trusted relationships in cloud environments to gain access to downstream customer networks and data, targeting North American organisations and leveraging both n-day and zero-day vulnerabilities for initial access.
  • Pakistani APT36 group was observed using malicious Linux .desktop files to install malware in attacks against Indian government and defence entities.
  • New Linux malware infection chain employing phishing emails to deliver the open-source VShell backdoor was documented, using malicious RAR filenames to evade antivirus detection.
  • Mac users were targeted by the new ‘Shamos’ infostealer, distributed via fake troubleshooting guides and fixes (ClickFix attacks).
  • Cybercriminals are increasingly leveraging generative AI tools to automate the creation of convincing phishing websites.
  • Survey scam phishing campaigns have become more technically sophisticated, evading detection and stealing financial data through fake offers of free gifts.

Trends, Tools, or Tactics of Interest

  • Automation is transforming penetration testing delivery, with increased focus on efficient result reporting and remediation tracking.
  • The proliferation of AI agents, chatbots, and machine identities is introducing complex security management challenges, as these non-human entities now outnumber human users in many environments.
  • ChromeAlone, a new red team tool, turns the Chromium browser into a stealthy command-and-control implant with credential capture and persistence capabilities.
  • Modern vehicle cybersecurity is facing evolving threats, including increased attack surfaces in electric and connected vehicles, with a focus on supply chain, telematics, and over-the-air update security.
  • AI-assisted website generators are being abused by threat actors to rapidly create phishing sites.
  • Clickjacking remains a viable attack vector for compromising browser-based password managers.

Regulatory or Policy Developments

  • CISA issued a draft Software Bill of Materials (SBOM) guide for public comment, aiming to standardise SBOM practices across industries.
  • Some cyber insurers are moving to limit payouts for breaches where organisations have failed to remediate serious vulnerabilities in a timely manner.
  • Ongoing concerns over personal liability for CISOs persist, with increased scrutiny over liability protections and targeting by threat actors due to their privileged access.