Major Incidents or Breaches

  • Nevada State Government: A cyberattack has disrupted Nevada state IT systems, forcing the closure of all state offices and impacting government websites, phone systems, and online platforms.
  • Farmers Insurance: Data breach affecting 1 million customers; details of the compromised data have not been publicly disclosed.
  • Nissan Japan: Confirmed a data breach at subsidiary Creative Box Inc. (CBI), with Qilin ransomware claiming responsibility.
  • Healthcare Services Group: Data breach impacted 624,000 individuals, with theft of personal information.
  • Auchan: Data breach resulted in theft of personal information from hundreds of thousands of customers.
  • Data I/O: Ransomware attack caused operational outages; the full scope of the breach is not yet known.
  • Salesloft: Breach led to theft of OAuth and refresh tokens via its Drift chat agent integration, enabling attackers to access Salesforce customer environments and exfiltrate data.

Newly Discovered Vulnerabilities

  • Citrix NetScaler: Three vulnerabilities patched in NetScaler ADC and NetScaler Gateway, including CVE-2025-7775, a critical remote code execution flaw actively exploited as a zero-day.
  • Git: CISA warns of an actively exploited arbitrary code execution vulnerability, urging immediate patching to prevent remote code execution.
  • Docker Desktop: Critical vulnerability enables attackers to modify the filesystem of Windows hosts and escalate privileges to administrator.
  • 5G Mobile Networks: Researchers disclosed the “Sni5Gect” attack, which can crash phones and downgrade 5G connections to 4G without a rogue base station.
  • AI Systems: New research demonstrates that prompt injection attacks can be performed via malicious instructions hidden in images, exploiting image scaling processes.

Notable Threat Actor Activity

  • Silk Typhoon (Mustang Panda): State-sponsored group hijacked network captive portals to redirect diplomats’ web traffic to malware-serving sites.
  • Qilin Ransomware: Claimed responsibility for the Nissan Japan design studio breach.
  • MixShell Malware: Sophisticated social engineering campaign targeting U.S. supply chain manufacturing firms via contact forms, delivering in-memory malware.
  • ShadowCaptcha Campaign: Large-scale exploitation of over 100 compromised WordPress sites to redirect users to fake CAPTCHA pages, distributing ransomware, information stealers, and crypto miners.
  • HOOK Android Trojan: Newly identified variant adds ransomware-style overlay screens and supports 107 remote commands; now being distributed via GitHub.
  • ZipLine Phishing Campaign: Persistent and sophisticated phishing attacks targeting U.S. companies, leveraging advanced social engineering tactics.

Trends, Tools, or Tactics of Interest

  • Endpoint Security: AI-driven detection and response capabilities highlighted as key trends in the 2025 Gartner Magic Quadrant, reflecting the increasing sophistication and volume of endpoint threats, especially ransomware.
  • Remote Desktop Services: Surge in coordinated malicious scanning of Microsoft RDP services, potentially indicating a new or undisclosed vulnerability.
  • Legal Botnets: Discussion of DSLRoot proxies and the emergence of “legal botnets” that exploit residential IP addresses for proxy services.
  • Phishing Tactics: Ongoing campaigns using urgent payroll update alerts and contact form submissions as initial vectors.
  • Social Engineering: Increased use of fake CAPTCHA verification pages (ClickFix tactic) and sophisticated phishing lures.
  • Supply Chain Security: CISA released a new tool to support secure software procurement, aiming to strengthen supply chain resilience.
  • Hybrid Workforce Risks: Continued exploitation of consumer devices and unmanaged endpoints in hybrid work environments.
  • Shellcode Execution: New techniques for shellcode loading and execution in memory observed in recent attack scenarios.

Regulatory or Policy Developments

  • Google Android Developer Verification: Google will require all Android developers to undergo verification to block malware from sideloaded apps and strengthen the Play Store ecosystem.
  • CISA Guidance: Issued urgent advisories for patching critical vulnerabilities in Git and released a new tool to improve software supply chain security procurement.
  • FTC Statement: The U.S. Federal Trade Commission called on technology companies to resist foreign government demands to weaken encryption and undermine security and privacy protections.
  • GDPR and Security Training: Emphasis on leveraging GDPR compliance to build stronger security cultures and competitive advantage.