Major Incidents or Breaches

  • A ransomware attack against a third-party provider disrupted check-in and boarding systems at multiple major European airports, including Heathrow, causing widespread delays and flight cancellations. Collins Aerospace is reportedly facing recovery challenges following the incident.
  • Stellantis, a major automotive manufacturer, confirmed a data breach involving the compromise of North American customer data after attackers accessed a third-party service provider’s Salesforce environment.
  • A vulnerability in the American Archive of Public Broadcasting’s website allowed unauthorized downloading of protected and private media for several years before being patched this month.
  • The FBI issued a warning about a spoofed IC3 (Internet Crime Complaint Center) website being used by threat actors for personal information theft and fraudulent activities.
  • A verified Steam game, BlockBlasters, was used to steal $32,000 in cryptocurrency donations intended for a streamer’s cancer treatment.

Newly Discovered Vulnerabilities

  • Fortra released a patch for a critical deserialization vulnerability (CVE-2025-10035, CVSS 10) in GoAnywhere MFT, which could allow command injection.
  • Researchers demonstrated a new “L1TF Reloaded” exploit combining L1TF and half-Spectre hardware flaws, enabling data leakage from public cloud environments by bypassing existing software mitigations.
  • A new proof-of-concept tool, EDR-Freeze, leverages Microsoft’s Windows Error Reporting (WER) system to suspend endpoint security software from user mode, allowing attackers to evade detection.
  • A Chrome 0-day vulnerability was highlighted in recent security recaps, with attackers rapidly adopting new exploitation techniques.
  • Microsoft resolved a Windows 11 face detection bug that had blocked updates to version 24H2 on affected devices.
  • Microsoft acknowledged recent updates causing DRM video playback issues in some applications.

Notable Threat Actor Activity

  • The previously undocumented group “ComicForm,” along with SectorJ149, has been conducting phishing campaigns deploying Formbook malware against organizations in Belarus, Kazakhstan, and Russia since at least April 2025.
  • Iran-linked threat actor “Nimbus Manticore” (UNC1549/Smoke Sandstorm) has deployed improved malware variants in campaigns targeting European organizations, expanding beyond its typical focus region.
  • Widespread infostealer campaigns are targeting macOS users—especially LastPass customers—via malicious GitHub repositories, delivering Atomic infostealer through SEO poisoning and fake pages.
  • Attackers are increasingly using multi-channel phishing tactics, moving beyond email to social media, chat applications, and malicious ads to steal credentials.
  • Zelle transfer scams continue to be active, with ongoing reports of fraudulent activity.

Trends, Tools, or Tactics of Interest

  • Security researchers demonstrated that ChatGPT can be manipulated into solving CAPTCHAs by framing them as non-security-related tasks.
  • The rise of autonomous AI agents in security operations is evidenced by funding announcements for new platforms such as Mycroft and HoundBytes, both leveraging AI to automate security and compliance tasks.
  • The “EDR-Freeze” tool exemplifies a trend in attackers exploiting legitimate system features (Windows WER) to evade endpoint detection and response (EDR) products.
  • Zero trust remains a prominent strategy in response to AI-driven attacks, quantum computing threats, and the proliferation of connected devices.
  • Mozilla introduced a rollback feature for Firefox extension developers, enabling rapid mitigation of faulty or malicious add-on updates.

Regulatory or Policy Developments

  • No significant regulatory or policy developments were identified in the provided headlines.