Major Incidents or Breaches

  • The Co-operative Group (UK) reported a loss of £80 million ($107 million) in operating profit due to a cyberattack attributed to the Scattered Spider threat group.
  • RTX (Raytheon Technologies) confirmed a ransomware attack affecting its airport services division.
  • Volvo Group disclosed that employee data was stolen in a ransomware attack linked to the Miljödata breach, impacting multiple Swedish organizations and municipalities.
  • An unofficial npm package mimicking ‘postmark-mcp’ was found to exfiltrate users’ email communications.
  • Over 500 npm packages were infected by the Shai-Hulud worm in a supply-chain attack, impacting packages with millions of downloads.
  • Two malicious Rust crates (fast_tlog and fast_log) on crates.io were found stealing Solana and Ethereum wallet keys from developers, with 8,424 downloads confirmed.

Newly Discovered Vulnerabilities

  • Cisco disclosed multiple zero-day vulnerabilities in its ASA firewalls and IOS devices, several of which have been actively exploited in the wild, including by nation-state actors (notably the “ArcaneDoor” campaign). Exploits have resulted in remote code execution and privilege escalation.
  • Salesforce patched a critical vulnerability (“ForcedLeak”) in the Agentforce AI platform that allowed prompt injection attacks, potentially exposing CRM data via AI agent manipulation and expired domain abuse.
  • Cisco patched a zero-day flaw affecting routers and switches, enabling remote attackers with admin privileges to execute arbitrary code as root.

Notable Threat Actor Activity

  • The China-linked APT group UNC5221 deployed new versions of the “Brickstorm” backdoor on edge devices, targeting appliances that cannot run traditional EDR agents. Campaigns persisted undetected for nearly 400 days, with evidence of analysis of stolen code to weaponize additional zero-day vulnerabilities.
  • North Korean actors behind the “Contagious Interview” campaign have been linked to a new backdoor dubbed AkdoorTea, along with tools TsunamiKit and ExistentialKit, targeting global cryptocurrency developers.
  • The threat actor “Vane Viper” was identified as operating a large-scale ad fraud and malware network, generating over 1 trillion DNS queries and using shell companies to obfuscate operations.
  • Chinese APT “RedNovember” targeted US defense contractors, government, aerospace, and legal organizations in a recent espionage campaign.
  • Microsoft reported a new variant of the XCSSET macOS malware targeting Xcode developers, with enhanced browser targeting and credential theft features.

Trends, Tools, or Tactics of Interest

  • A new AI-driven phishing platform, “SpamGPT”, was observed automating attack campaigns by leveraging generative AI and integrated email campaign tools.
  • Attackers are using AI-powered development platforms (Lovable, Netlify, Vercel) to rapidly create and host convincing fake CAPTCHA pages for phishing.
  • A fresh phishing campaign is targeting PyPI users by impersonating administrators and directing victims to credential-harvesting sites.
  • SVG-based phishing campaigns continue, with recent attacks using malicious SVG files disguised as recipes to deliver malware.
  • Webshells are increasingly being hidden in “.well-known” directories to evade detection.
  • Gcore Radar reported that the technology sector has overtaken gaming as the top target for DDoS attacks, with a 41% year-on-year increase and attack peaks reaching 2.2 Tbps.
  • Cloud Security Alliance introduced a SaaS Security Controls Framework to help customers manage shared responsibility in SaaS environments.

Regulatory or Policy Developments Affecting the Security Industry

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive mandating federal agencies to identify, mitigate, and patch Cisco zero-day vulnerabilities exploited in active attacks.
  • Microsoft announced it will offer free extended security updates for Windows 10 users in the European Economic Area (EEA), including all EU member states, Iceland, Liechtenstein, and Norway.
  • LinkedIn will use user data for AI training by default unless users opt out.
  • Canadian privacy commissioners accused TikTok of improperly collecting data from hundreds of thousands of children on its platform.