Major Incidents or Breaches

  • Apple has issued a fourth round of spyware attack notifications to users in France in 2025, confirmed by CERT-FR. These alerts relate to targeted campaigns using sophisticated spyware, with at least four notification waves sent this year.
  • The U.S. FBI has issued a flash alert regarding cybercriminal groups UNC6040 and UNC6395, which have conducted data theft attacks targeting Salesforce platforms. Indicators of compromise have been released to assist in detection and response.
  • A critical remote code execution vulnerability (CVE-2025-5086) in Dassault Systèmes DELMIA Apriso Manufacturing Operations Management software is being actively exploited. The vulnerability arises from deserialization of untrusted data, allowing attackers to achieve RCE. CISA has issued a warning regarding ongoing exploitation.
  • A payment system vendor, KioSoft, took over a year to patch a serious NFC card vulnerability that allowed infinite card top-ups, despite being notified in 2023. The patch has only recently been released.

Newly Discovered Vulnerabilities

  • Samsung has patched a critical zero-day vulnerability (CVE-2025-21043) affecting its Android devices, which was being actively exploited in the wild. The flaw enabled remote code execution and was initially reported via WhatsApp.
  • Researchers have identified a new ransomware strain, HybridPetya, which mimics Petya/NotPetya and exploits CVE-2024-7344 to bypass UEFI Secure Boot protections. The malware installs a malicious application on the EFI System Partition.
  • Academics have disclosed VMScape, a new variant of the Spectre attack that breaks cloud isolation by exploiting incomplete mitigations in the branch predictor state, enabling leakage of arbitrary memory between virtual machines.

Notable Threat Actor Activity

  • The ransomware group Yurei, first observed on 5 September 2025, has been identified as a new actor leveraging open-source ransomware. The group has begun listing victims on its leak site.
  • AI-powered phishing and social engineering attacks are being leveraged by threat actors to increase the success rate of ransomware campaigns, as highlighted in a report from Resilience.

Trends, Tools, or Tactics of Interest

  • AI-driven phishing campaigns are demonstrating higher success rates than traditional methods, fueling increased ransomware losses.
  • HybridPetya represents an evolution in ransomware tactics by targeting UEFI Secure Boot, indicating a shift toward lower-level system attacks.
  • Cloud-native security is increasingly focused on runtime visibility due to the widespread adoption of containers, Kubernetes, and serverless technologies.
  • Security researchers are combining tools like Burp Suite Professional with bug bounty platforms such as HackerOne to efficiently identify and report high-impact vulnerabilities.
  • The emergence of agentic and AI browsers is being discussed, with attention to their safety and implications for the future of web browsing.

Regulatory or Policy Developments Affecting the Security Industry

  • CISA has announced that the CVE Program will focus on enhancing the quality, trust, and responsiveness of vulnerability data.
  • Microsoft has reminded users that Windows 11 23H2 Home and Pro editions will reach end of support in 60 days, after which they will no longer receive security updates.
  • F5 has announced the acquisition of CalypsoAI for $180 million, aiming to integrate adaptive AI inference security solutions into its Application Delivery and Security Platform.