Major Incidents or Breaches

  • SonicWall suffered a breach of its MySonicWall cloud backup service, exposing firewall configuration backup files for fewer than 5% of customers. Impacted customers have been instructed to reset their passwords and import new configuration files.
  • Tiffany & Co. disclosed a data breach affecting thousands of customers in the US and Canada, with attackers accessing information related to gift cards.
  • Medical Associates of Brevard reported a data breach impacting nearly 250,000 individuals, attributed to the BianLian ransomware group.
  • ChatGPT was targeted in a server-side data theft attack using a zero-click method called ShadowLeak, which has since been fixed by OpenAI.
  • The Python Package Index (PyPI) invalidated all tokens stolen in the GhostAction supply chain attack and confirmed that threat actors did not use the stolen tokens to publish malicious packages.

Newly Discovered Vulnerabilities

  • WatchGuard released security updates for a critical remote code execution vulnerability in Firebox firewalls.
  • Google issued a Chrome 140 update patching four vulnerabilities, including a zero-day (CVE-2025-10585) in the V8 JavaScript engine, which was actively exploited.
  • Microsoft addressed a pair of vulnerabilities in Entra ID (formerly Azure AD) that could have allowed attackers to access virtually all Azure customer accounts.
  • CISA published details of two malware strains exploiting Ivanti EPMM vulnerabilities (CVE-2025-4427 and CVE-2025-4428) in a recent incident.

Notable Threat Actor Activity

  • Two UK teenagers linked to the Scattered Spider group were arrested in connection with the August 2024 cyberattack on Transport for London.
  • North Korean threat actors behind the “Contagious Interview” campaign are using a ClickFix social engineering technique to target job seekers with fraudulent employment offers.
  • Russian ransomware gangs are deploying a new multi-version malware loader, CountLoader, to deliver post-exploitation tools such as Cobalt Strike and Adaptee.
  • RevengeHotels has been targeting hotels in Brazil and Spanish-speaking regions with VenomRAT implants.
  • The SystemBC proxy botnet is actively compromising commercial VPS systems, maintaining around 1,500 bots daily to facilitate malicious traffic.
  • Two malicious PyPI packages were discovered delivering the SilentSync remote access trojan (RAT) to Windows systems.
  • Microsoft and Cloudflare disrupted RaccoonO365, a major Phishing-as-a-Service operation targeting Microsoft 365 credentials.
  • SMS blaster tools are being used to send large volumes of scam texts by impersonating cell towers, bypassing carrier-level protections.

Trends, Tools, or Tactics of Interest

  • AI-assisted phishing attacks are increasing in volume and sophistication, posing a growing threat to organizations.
  • Small businesses continue to be disproportionately targeted by ransomware attacks compared to large enterprises.
  • Microsoft 365’s widespread adoption and integration are expanding its attack surface, making it a prime target for cybercriminals.
  • HTTP request smuggling remains a practical attack vector, with pentesters continuing to find exploitable desynchronization vulnerabilities in web applications.
  • The use of Phishing-as-a-Service platforms is accelerating, with recent disruptions highlighting their prevalence and focus on Microsoft 365 accounts.
  • Age verification and enhanced parental controls are being introduced to ChatGPT to address concerns about AI-related harms to minors.

Regulatory or Policy Developments Affecting the Security Industry

  • UK law enforcement made arrests in connection with the Scattered Spider group’s attack on Transport for London, reflecting ongoing efforts to disrupt cybercriminal groups.
  • OpenAI is implementing age verification and parental controls for ChatGPT in response to increasing scrutiny over AI safety for minors.