Major Incidents or Breaches

  • UNC1549, an Iran-nexus cyber espionage group, compromised 34 devices across 11 European telecommunications firms using LinkedIn job lures and the MINIBIKE malware.
  • Over 600,000 individuals were impacted by healthcare data breaches in the past day, with additional major intrusions attributed to the ShinyHunters group.
  • The Royal Canadian Mounted Police dismantled the TradeOgre cryptocurrency exchange, seizing over $40 million linked to criminal activity.
  • FBI issued an alert regarding cybercriminals impersonating the FBI’s Internet Crime Complaint Center (IC3) via fake reporting portals for malicious purposes.

Newly Discovered Vulnerabilities

  • Fortra released a critical patch for a command injection vulnerability (CVE-2025-10035, CVSS 10.0) in GoAnywhere Managed File Transfer (MFT) software, specifically in its License Servlet. Exploitation enables arbitrary command execution.
  • OpenAI’s ChatGPT Deep Research agent was found vulnerable to a zero-click flaw, allowing attackers to exfiltrate Gmail inbox data via a single crafted email. The vulnerability has since been patched.
  • Novakon HMIs were reported to have unpatched remote code execution and information exposure vulnerabilities, exposing industrial control systems to remote attacks.
  • A critical vulnerability was disclosed and fixed in Microsoft Azure Entra ID that could have enabled catastrophic identity and access management attacks if exploited.

Notable Threat Actor Activity

  • Russian APT groups Turla and Gamaredon, both linked to the FSB, were observed collaborating to compromise high-profile Ukrainian targets. Turla deployed malware on systems previously accessed by Gamaredon, including the Kazuar backdoor.
  • The Iranian APT group, including a Charming Kitten subgroup, conducted sophisticated cyberattacks targeting telecommunications and satellite companies, using bespoke targeting techniques.
  • The Scattered Spider group had two suspected members arrested in the UK, with one charged in the US for hacking critical infrastructure.
  • SystemBC malware is powering the REM Proxy botnet, leveraging approximately 1,500 daily VPS victims and 80 C2 servers to provide proxy services to threat actors.

Trends, Tools, or Tactics of Interest

  • A phishing-as-a-service (PhaaS) surge was observed, with Lighthouse and Lucid platforms linked to over 17,500 phishing domains targeting 316 brands across 74 countries.
  • Atomic Infostealer is being distributed to macOS users via fake GitHub repositories, with campaigns targeting LastPass users.
  • Researchers identified the earliest known malware, codenamed MalTerminal, embedding GPT-4 LLM capabilities for automated ransomware creation and reverse shell generation.
  • CISA published an analysis of malware kits deployed in attacks exploiting Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities, detailing tactics such as system information collection, credential dumping, and arbitrary code execution.
  • Ransomware attacks continue to evade defenses, with prevention rates dropping to 62% and data exfiltration prevention at only 3%, per the Picus Blue Report 2025.
  • Synthetic identity fraud is resurging in the finance and lending sector, with estimated damages reaching $3.3 billion from new accounts.
  • ChatGPT was demonstrated to be capable of solving CAPTCHAs and mimicking human cursor behaviour, highlighting risks in automated abuse of AI agents.

Regulatory or Policy Developments Affecting the Security Industry

  • Netskope completed a successful IPO, raising over $908 million and reaching a valuation of $8.6 billion.
  • Valve announced Steam will end support for 32-bit Windows in January 2026, affecting software compatibility and potentially security posture for legacy systems.