Major Incidents or Breaches

  • Wealthsimple, a Canadian online investment management service, disclosed a data breach involving the theft of personal data from an undisclosed number of customers.
  • Multiple cybersecurity firms, including Proofpoint, SpyCloud, Tanium, and Tenable, were affected by a breach involving their Salesforce instances, with attackers accessing stored information.
  • Nexar’s dashcam video database was compromised, exposing video recordings from vehicle-mounted cameras.
  • The City of Baltimore was reported to have sent $1.5 million to a scammer in a cyber fraud incident.

Newly Discovered Vulnerabilities

  • A critical command injection vulnerability in SAP S/4HANA (CVE-2025-42957) is under active exploitation. This flaw allows attackers to achieve full system compromise with minimal effort.
  • A critical Sitecore vulnerability has been identified and is being actively exploited. CISA has ordered immediate patching of affected Sitecore instances by federal agencies.
  • A max-severity Argo CD API flaw allows users with low-level project permissions to access API endpoints and retrieve all repository credentials for a project.
  • Academics have developed an AI-powered framework (A2) for discovering and validating vulnerabilities in Android applications.

Notable Threat Actor Activity

  • TAG-150, a threat actor group operating a malware-as-a-service (MaaS) framework known as CastleLoader, has developed a new remote access trojan called CastleRAT, available in both Python and C variants.
  • North Korean hackers have targeted hundreds of individuals using fake job interview lures. The group actively monitors cyber threat intelligence to rebuild exposed infrastructure.
  • Scammers are abusing the Grok AI platform to distribute malicious links on X (formerly Twitter), bypassing restrictions on links in promoted posts.
  • A smishing campaign is targeting California taxpayers with fraudulent refund offers, as warned by the California Franchise Tax Board.
  • A wave of spear phishing attacks is targeting C-suite executives and senior leadership across multiple industries.

Trends, Tools, or Tactics of Interest

  • Q2 2025 threat reports indicate continued high volumes of mobile malware, adware, and unwanted software targeting Android, as well as persistent threats to Windows, macOS, and IoT platforms, including ransomware and cryptominers.
  • Automation is increasingly being adopted in penetration testing, with AI-powered offensive security platforms such as FireCompass receiving significant investment.
  • The use of agentic AI introduces new vulnerabilities at integration points with enterprise systems.
  • There is a trend towards using AI-driven tools for vulnerability discovery and validation in software development.
  • Smishing, spear phishing, and the abuse of AI platforms for phishing and malware distribution are prominent tactics.
  • Improvements in IoT security have been noted over the past five years, though significant gaps remain.

Regulatory or Policy Developments Affecting the Security Industry

  • CISA has mandated immediate patching of the critical Sitecore vulnerability for federal agencies.
  • Microsoft has enforced multifactor authentication (MFA) for Azure Portal sign-ins across all tenants since March 2025.
  • The European Commission fined Google €2.95 billion ($3.5 billion) for anti-competitive practices in the digital advertising market.
  • Federal budget cuts in the US are impacting cybersecurity funding for local and state agencies, increasing their exposure to cyber risk.