Major Incidents or Breaches

  • ShinyHunters claims to have stolen over 1.5 billion Salesforce records from 760 companies via compromised Salesloft Drift OAuth tokens.
  • Insight Partners, a venture capital and private equity firm, has confirmed a ransomware breach impacting over 12,000 individuals, with personal information stolen.
  • SonicWall has warned customers to reset credentials following a breach that exposed firewall configuration backup files related to MySonicWall accounts.
  • A supply chain attack dubbed “Shai-Hulud” compromised over 180 NPM packages, injecting malicious code to harvest secrets, exfiltrate them to public repositories, and make private repositories public.
  • 224 malicious apps were removed from the Google Play Store after researchers uncovered a large-scale ad fraud campaign.
  • Airline data broker is selling at least five billion passenger records to US government agencies through a searchable database.

Newly Discovered Vulnerabilities

  • Google released emergency updates for Chrome to patch four vulnerabilities, including CVE-2025-10585, a zero-day in the V8 JavaScript engine exploited in the wild. This is the sixth Chrome zero-day exploited this year.
  • NetRise identified that 20 device models from six vendors remain vulnerable to the decade-old Pixie Dust Wi-Fi attack, which allows attackers to recover WPS PINs and gain unauthorized network access.

Notable Threat Actor Activity

  • TA558 is conducting attacks targeting hotels in Brazil and Spanish-speaking markets, deploying Venom RAT and other remote access trojans using AI-generated scripts.
  • Chinese state-aligned TA415 has been linked to spear-phishing campaigns targeting US government, think tanks, and academic organizations focused on US-China economic and policy matters, leveraging VS Code Remote Tunnels for persistence and espionage.
  • Scattered Spider has resurfaced with new cyber attacks targeting the financial sector, contradicting previous claims of ceasing operations.
  • RaccoonO365, a large-scale phishing-as-a-service operation, was disrupted by Microsoft and Cloudflare. The service had enabled cybercriminals to steal thousands of Microsoft 365 credentials.
  • ClickFix threat actor has evolved tactics to distribute MetaStealer, using fake CAPTCHAs, File Explorer deception, and MSI lures.
  • Raven Stealer, a lightweight infostealer distributed via underground forums and cracked software, now targets Chromium-based browser data and exfiltrates it via Telegram.

Trends, Tools, or Tactics of Interest

  • AI-generated scripts are increasingly being used by threat actors (e.g., TA558) to automate and enhance malware deployment.
  • There is a rise in AI-powered sign-up fraud, with attackers exploiting enterprise sign-up funnels using advanced automation.
  • The use of phishing-as-a-service (PhaaS) kits, exemplified by RaccoonO365, continues to lower the barrier for cybercriminals to launch credential theft campaigns.
  • Supply chain attacks targeting open-source repositories (e.g., NPM) are ongoing, with attackers injecting worms to steal secrets and compromise private codebases.
  • Commodity infostealers are evolving in stealth and distribution, with examples like Raven Stealer using encrypted messaging platforms for exfiltration.
  • Security researchers are observing increased use of fake CAPTCHAs and system interface tricks in malware delivery.

Regulatory or Policy Developments Affecting the Security Industry

  • Microsoft reminded customers that Office 2016 and Office 2019 will reach end of extended support on 14 October 2025, impacting security patch availability.
  • Multiple security startups (Irregular, RegScale, Scalekit) have raised significant funding for AI security testing, GRC platforms, and AI agent authentication, reflecting increased industry focus on AI and regulatory compliance.