Major Incidents or Breaches

  • UNC1549, an Iran-linked cyber espionage group, successfully infiltrated 34 devices across 11 European telecommunications organisations using LinkedIn job lures and the MINIBIKE malware.
  • Russian threat groups Gamaredon and Turla collaborated in a campaign targeting Ukrainian entities, with Turla malware deployed on systems previously compromised by Gamaredon.
  • Over 600,000 individuals were impacted by recent healthcare sector breaches; ShinyHunters was identified as responsible for major attacks.
  • The FBI issued a warning about cybercriminals creating fake FBI Internet Crime Complaint Center (IC3) portals for malicious activity.
  • The REM Proxy botnet, powered by SystemBC malware, currently controls approximately 1,500 VPS victims daily via 80 C2 servers.
  • A surge in phishing-as-a-service (PhaaS) operations, notably Lighthouse and Lucid, has resulted in over 17,500 phishing domains targeting 316 brands in 74 countries.

Newly Discovered Vulnerabilities

  • Fortra disclosed and patched a critical vulnerability (CVE-2025-10035, CVSS 10.0) in GoAnywhere Managed File Transfer (MFT), allowing remote command injection via the License Servlet.
  • A zero-click vulnerability in OpenAI ChatGPT’s Deep Research agent enabled attackers to exfiltrate Gmail inbox data through a crafted email. OpenAI has since patched the issue.
  • Novakon Human-Machine Interfaces (HMIs) were found to have unpatched remote code execution and information exposure vulnerabilities.
  • A critical flaw in Microsoft Azure Entra ID was disclosed and fixed; it could have enabled catastrophic identity and access management attacks.
  • CISA released an analysis of malware kits used in attacks exploiting Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities, where attackers chained two flaws to collect system information, dump credentials, and execute malware.

Notable Threat Actor Activity

  • Iranian APT group UNC1549 targeted European telecom and satellite companies with highly bespoke attacks, leveraging LinkedIn lures and custom malware.
  • Russian APTs Gamaredon and Turla collaborated to compromise Ukrainian organisations, with evidence of sequential deployment of their respective malware.
  • Scattered Spider group members were arrested in the UK and charged in the US for attacks on critical infrastructure organisations.

Trends, Tools, or Tactics of Interest

  • Researchers identified the earliest known malware (MalTerminal) embedding GPT-4-powered LLM capabilities, enabling autonomous creation of ransomware and reverse shells.
  • ChatGPT was demonstrated as capable of solving CAPTCHAs and mimicking human cursor movement, highlighting ongoing risks of AI-driven automation in bypassing security controls.
  • Ransomware continues to evade defences, with latest data showing only 62% prevention rates and data exfiltration prevention dropping to 3%.
  • Synthetic identity fraud in the finance and lending sector is rising post-pandemic, with estimated damages reaching $3.3 billion from new accounts.
  • The Tines platform released over 1,000 pre-built AI-driven security automation workflows, facilitating automated alert triage and response using AI agents and Confluence SOPs.
  • Industrial automation systems remain a high-value target, with Kaspersky reporting a broad range of malicious objects detected on ICS computers in Q2 2025.

Regulatory or Policy Developments Affecting the Security Industry

  • Netskope completed a successful IPO, raising over $908 million and achieving a valuation of $8.6 billion.
  • Valve announced that Steam will end support for 32-bit Windows systems in January 2026, impacting legacy software environments.