Major Incidents or Breaches

  • Plex has disclosed a data breach affecting emails, usernames, password hashes, and authentication data stored in a database. Users have been urged to reset their passwords.
  • Wayne Memorial Hospital suffered a breach in May 2024, with hackers stealing names, Social Security numbers, financial information, and protected health information of approximately 160,000 individuals.
  • Qantas reduced executive pay following a data breach earlier this year in which threat actors compromised a third-party platform and accessed customer personal information.

Newly Discovered Vulnerabilities

  • Adobe patched a critical vulnerability (CVE-2025-54236, also called SessionReaper) in its Commerce and Magento Open Source platforms, which allows attackers to take over customer accounts. This is described as one of the most severe flaws in the platform’s history. Adobe also released fixes for critical vulnerabilities in ColdFusion.
  • SAP released updates for 21 vulnerabilities, including three critical issues in NetWeaver (CVSS up to 10.0) that could enable remote code execution and privilege escalation, as well as high-severity flaws in S/4HANA.
  • Microsoft’s September 2025 Patch Tuesday addressed 81–86 vulnerabilities (depending on source), including two publicly disclosed zero-day flaws and numerous escalation of privilege bugs. No vulnerabilities were reported as actively exploited prior to release.
  • Researchers disclosed “catastrophic” vulnerabilities in the platforms operated by Restaurant Brands International (RBI) for Burger King, Tim Hortons, and Popeyes.
  • Microsoft released Windows 10 (KB5065429) and Windows 11 (KB5065426, KB5065431) cumulative updates, addressing security vulnerabilities and system issues.
  • Microsoft is investigating an anti-spam bug causing Exchange Online and Teams to mistakenly block URLs and quarantine emails.

Notable Threat Actor Activity

  • A TOR-based cryptojacking campaign is expanding, targeting exposed Docker APIs. Attackers mount host filesystems in new containers, fetch malicious scripts via TOR, and block Docker API access. Tooling updates suggest efforts to build a complex botnet.
  • A Kosovo national pleaded guilty to running BlackDB.cc, a cybercrime marketplace active since 2018.
  • The U.S. charged a Ukrainian national for administering the LockerGoga, MegaCortex, and Nefilim ransomware operations.
  • A threat actor has been identified as connected to Play, RansomHub, and DragonForce ransomware, deploying multiple malware families, backdoors, a proxy tunneller, and reconnaissance tools.
  • A large NPM supply chain attack involved phishing the Qix NPM account and publishing malicious versions of 18 popular open source packages, collectively receiving over 2 billion weekly downloads.

Trends, Tools, or Tactics of Interest

  • Axios HTTP client abuse and Salty 2FA phishing kits are being combined with Microsoft’s Direct Send feature in advanced Microsoft 365 phishing campaigns, creating highly efficient attack pipelines.
  • The Salty2FA phishing kit is being used at an enterprise level, with adversaries employing advanced strategy and planning.
  • RatOn Android malware has evolved from conducting NFC relay attacks to a sophisticated remote access trojan with Automated Transfer System (ATS) banking fraud capabilities.
  • Recent phishing campaigns are delivering MostereRAT, a banking malware now functioning as a remote access trojan, using a variety of evasion and delivery techniques.
  • Ransomware losses are increasing, with trends including triple extortion and more sophisticated social engineering, as reported in midyear insurance claims analysis.
  • The browser is increasingly viewed as a critical endpoint, with rising usage prompting calls for improved browser-focused security controls.
  • Shadow AI agents are proliferating within enterprise environments, raising risks related to detection and control.
  • External Attack Surface Management (EASM) is highlighted as a key approach for identifying and prioritizing remediation of unknown internet-facing assets.
  • Microsoft is testing new AI-powered features in Windows 11 File Explorer to improve file handling capabilities.

Regulatory or Policy Developments Affecting the Security Industry

  • The U.S. Department of the Treasury imposed sanctions on networks of cyber scam operations in Southeast Asia, responsible for stealing over $10 billion from Americans in the past year. Firms in Burma and Cambodia cooperating with these cybercrime syndicates are also facing enforcement actions.
  • A court ordered Google to pay $425 million in a class action lawsuit for misleading users about their online privacy.
  • Mitsubishi Electric announced the acquisition of industrial cybersecurity firm Nozomi Networks for nearly $1 billion.
  • The Public Service Alliance launched a new platform offering privacy and threat monitoring tools to public servants.
  • Attaullah Baig, former WhatsApp security chief, filed a lawsuit against Meta, alleging retaliation over critical cybersecurity failures.