Major Incidents or Breaches

  • PowerSchool Data Breach: Texas Attorney General filed a lawsuit against PowerSchool following a December breach that exposed the personal information of 62 million students, including 880,000 Texans.
  • Chess.com Data Breach: Chess.com disclosed a breach after threat actors accessed a third-party file transfer application, compromising user data.
  • Bridgestone Cyberattack: Bridgestone confirmed a cyberattack affecting manufacturing operations in North America; details of the attack vector remain under investigation.
  • Wytec Website Hack: Wytec’s website was defaced twice by unknown actors and remains offline, with the company anticipating significant financial losses.
  • Salesloft Drift Supply Chain Attack: Multiple high-profile customers reported data breaches linked to a recent supply chain attack involving Salesloft Drift, though the full impact is still unclear.

Newly Discovered Vulnerabilities

  • Sitecore Zero-Day: Threat actors exploited a zero-day vulnerability in legacy Sitecore deployments, using exposed ASP.NET machine keys for ViewState deserialization attacks and deployment of WeepSteel malware.
  • TP-Link Router Flaws: CISA added CVE-2023-50224 and CVE-2025-9377, affecting TP-Link routers, to its Known Exploited Vulnerabilities catalog; TP-Link also confirmed a new unpatched zero-day impacting several router models.
  • Android Vulnerabilities: Two exploited vulnerabilities in Android—CVE-2025-48543 (Android Runtime) and CVE-2025-38352 (Linux kernel)—were patched after being leveraged in targeted attacks.

Notable Threat Actor Activity

  • GhostRedirector Campaign: ESET and other researchers identified a new threat actor, GhostRedirector, compromising at least 65 Windows servers (primarily in Brazil) via a passive C++ backdoor and a malicious IIS module (Gamshen), manipulating Google search results and boosting gambling sites.
  • APT28/NotDoor Backdoor: Russian state-sponsored group APT28 deployed a new Microsoft Outlook backdoor, NotDoor, targeting multiple companies in NATO countries.
  • Quad7 Botnet: The Quad7 botnet is exploiting end-of-life TP-Link routers to steal Microsoft 365 accounts.
  • SVG-Based Phishing: A global phishing campaign is leveraging undetected SVG files to deploy Base64-encoded phishing pages, including impersonation of the Colombian judicial system.
  • Phishing-as-a-Service: Researchers uncovered a long-running phishing-as-a-service operation using cloud infrastructure (Google, Cloudflare) and cloaking techniques to evade detection.
  • X (Twitter) Grok AI Abuse: Cybercriminals are exploiting X’s Grok AI to bypass ad protections and distribute malware via malicious links.
  • Model Namespace Reuse: Demonstrated AI supply chain attack method allows attackers to deploy malicious models and achieve code execution in Google and Microsoft environments.
  • US Rewards for Russian Hackers: The US government offered $10 million for three Russian hackers accused of targeting critical infrastructure and energy firms worldwide.

Trends, Tools, or Tactics of Interest

  • AI-Driven Attack Chains: Reports indicate AI tools can now automate entire attack chains, increasing operational efficiency for threat actors.
  • AI-Enhanced Phishing: Healthcare organisations are being warned about an anticipated surge in AI-powered phishing attacks.
  • Vishing Scams: Continued prevalence of vishing scams, with attackers impersonating law enforcement to issue fake arrest warrants.
  • Browser-Based Attacks: Security teams are advised to prepare for increasing browser-based threats, including phishing kits, malicious OAuth apps, and browser extensions.
  • BlockEDRTraffic Tool: Release of BlockEDRTraffic, a tool for EDR-evasive lateral movement, which uses Windows Firewall or Filtering Platform to block telemetry and create stealth windows.
  • VPN Security Concerns: Popular Android VPN apps found to have security flaws and undisclosed links to China, raising concerns over data privacy and exposure.
  • Supply Chain Security & SBOMs: US and allied nations are promoting Software Bill of Materials (SBOM) adoption to enhance supply chain transparency and reduce risk.
  • Incident Response Skills Gap: ISC2 launched a Threat Handling Foundations Certificate to address the digital forensics and incident response (DFIR) skills gap.

Regulatory or Policy Developments

  • French Data Protection Fines: The French data protection authority fined Google €325 million ($379 million) and Shein €150 million ($175 million) for violating cookie consent rules and displaying unauthorised ads.
  • Czech Cybersecurity Warning: Czech agency NÚKIB issued a warning regarding the use of products that transmit user data to China, highlighting national security risks.
  • Roblox Age Verification: Roblox introduced age estimation requirements for access to communication features, aiming to protect minors from sexual predators.