Major Incidents or Breaches

  • Boyd Gaming reported a data breach affecting employees and other individuals, as disclosed to the SEC.
  • A US Federal Civilian Executive Branch (FCEB) agency was breached via exploitation of a critical GeoServer vulnerability (CVE-2024-36401); attackers deployed China Chopper and remote access scripts and remained undetected for three weeks.
  • European airports experienced widespread disruptions due to a ransomware attack linked to the RTX group; the UK National Crime Agency arrested a suspect in connection with the incident. The attack on Collins Aerospace is believed to have involved HardBit ransomware.
  • Interpol-led law enforcement seized over $439 million in cash and cryptocurrency from cybercrime rings worldwide during a five-month joint operation.
  • A record-breaking DDoS attack peaked at 22 Tbps and 10 billion packets per second (Bpps), targeting a European network infrastructure company and linked to the Aisuru botnet.
  • The Python Package Index (PyPI) urged users to reset credentials following a new wave of phishing attacks using a fake PyPI website.
  • GitHub users were targeted in a large-scale phishing campaign impersonating Y Combinator via GitHub notifications, delivering cryptocurrency drainers.
  • KNP Logistics Group, a 158-year-old business, collapsed following a cyber incident attributed to poor password security.

Newly Discovered Vulnerabilities

  • Cisco disclosed a high-severity, actively exploited SNMP vulnerability in IOS and IOS XE Software allowing remote code execution or denial-of-service; patches have been released.
  • Two critical vulnerabilities were identified in Wondershare RepairIt, exposing private user data and enabling potential tampering with AI models.
  • Supermicro hardware was found to have two firmware vulnerabilities in its Baseboard Management Controller (BMC), which could allow attackers to create persistent backdoors by updating systems with malicious images.
  • A flaw in multiple OnePlus OxygenOS versions allows installed apps to access SMS data and metadata without permissions or user interaction; the issue remains unpatched.
  • Ongoing exploit attempts have been observed against an older Hikvision camera vulnerability.
  • SonicWall SMA devices were targeted with the ‘OVERSTEP’ backdoor; SonicWall released updates for SMA 100 appliances to remove the malware and improve file checks.

Notable Threat Actor Activity

  • Suspected Chinese threat actors (RedNovember) have been targeting global government and private sector organizations using Pantegana and Cobalt Strike.
  • UNC5221, believed to be China-nexus, used the BRICKSTORM backdoor to infiltrate US legal, SaaS, BPO, and technology sectors; Google reports the malware has been used for over a year for data theft and persistent espionage.
  • UNC6148 deployed the OVERSTEP backdoor in ongoing attacks against SonicWall SMA devices, enabling system control, credential theft, and evasion.
  • A new malware family, YiBackdoor, was discovered with significant code overlap with IcedID and Latrodectus, suggesting shared development or tool reuse.
  • A new ransomware variant, Obscura, was observed spreading from a victim’s domain controller.
  • Scattered Spider: A core member surrendered to authorities amid claims of the group’s shutdown; US prosecutors charged a UK national, linking the group to $115 million in ransomware payments.
  • Russian threat actors conducted a disinformation campaign targeting the upcoming Moldovan elections, linked to previous 2022 operations.
  • An npm package was found to use steganography (QR codes) to hide a credential-stealing malware, posing a supply chain risk.

Trends, Tools, or Tactics of Interest

  • Attackers are exploiting payment iframe security weaknesses to deploy malicious overlays on checkout pages, facilitating credit card data theft.
  • Burp Suite introduced Burp AI, providing on-demand AI assistance for penetration testing workflows.
  • AI pentesting is emerging, with new agentic capabilities being integrated into security tools.
  • Kali Linux 2025.3 was released, featuring ten new tools, Nexmon support, and NetHunter improvements.
  • OpenAI is internally testing a new GPT-5-based AI agent, “GPT-Alpha”.
  • Police forces are increasingly using drones equipped with license plate recognition technology.
  • GitHub is implementing enhanced security measures for npm supply chain protection, including mandatory 2FA, short-lived granular tokens, and trusted publishing workflows.

Regulatory or Policy Developments Affecting the Security Industry

  • GitHub announced new security requirements for npm package publishing, including mandatory two-factor authentication, expiring granular tokens, and trusted publishing, in response to recent supply chain attacks.