Major Incidents or Breaches

  • Harrods experienced a data breach via a compromised third-party supplier, resulting in the theft of 430,000 customer records containing sensitive e-commerce information.
  • Jaguar Land Rover (JLR) halted production following a catastrophic cyberattack impacting its supply chain; the UK government has provided a £1.5 billion loan guarantee to support recovery.
  • Asahi Group Holdings, Japan’s largest brewer, suspended operations due to a cyberattack disrupting multiple business functions.
  • RemoteCOM spyware breach exposed sensitive personal details of suspects (including sex offenders, terrorists, and drug dealers) and law enforcement personnel.
  • Stellantis, the automotive group owning Citroën, Fiat, and Peugeot, was among the organizations targeted in recent attacks, according to Check Point’s latest threat intelligence bulletin.

Newly Discovered Vulnerabilities

  • CISA added a critical vulnerability in the Sudo command-line utility for Linux and Unix-like systems to its Known Exploited Vulnerabilities Catalog; the flaw is being actively exploited.
  • Apple released a security update addressing CVE-2025-43400, a vulnerability in its latest operating system.
  • Increased scanning activity detected for Palo Alto Networks GlobalProtect vulnerability (CVE-2024-3400).
  • Akira ransomware actors are exploiting a SonicWall firewall vulnerability discovered in 2024, targeting customers who have not patched affected devices.
  • Researchers identified the first malicious Model Context Protocol (MCP) server, which exfiltrates secrets via BCC in automated email workflows, raising new software supply chain risks.
  • Researchers found that Tile tracking tags broadcast unencrypted data, making users vulnerable to location tracking by malicious actors.

Notable Threat Actor Activity

  • Akira ransomware continues a broad campaign targeting SonicWall VPNs, using the Datto RMM utility and other legitimate tools for lateral movement and evasion.
  • The Medusa ransomware gang attempted to recruit a BBC correspondent as an insider to facilitate an attack on a media organization.
  • Trend Micro reported the “EvilAI” malware campaign, in which threat actors disguise malicious payloads as legitimate AI tools to infiltrate global organizations.
  • Ukrainian law enforcement was impersonated in fileless phishing campaigns targeting Kyiv, delivering Amatera Stealer and PureMiner via malicious SVG files.
  • Dutch authorities arrested two teenagers accused of assisting Russian hackers, with one reportedly using a Wi-Fi sniffer near government and embassy offices.

Trends, Tools, or Tactics of Interest

  • Microsoft observed phishing campaigns leveraging large language models (LLMs) to generate obfuscated SVG file payloads, bypassing email security.
  • AI-powered voice cloning frameworks have been demonstrated as a tool for vishing, enabling real-time simulated conversations to extract sensitive information.
  • Security leaders are increasingly integrating AI into SOC operations for triage, detection engineering, and threat hunting, as reported in a study of 282 organizations.
  • AI-generated code is being used to automate vulnerability checks, but research indicates human oversight remains essential to ensure accuracy.
  • Increased attacks on IoT devices reported, with US government initiatives to improve IoT security currently stalled.
  • Supply chain attacks are on the rise, exemplified by the malicious MCP server and the Harrods breach via a third-party supplier.

Regulatory or Policy Developments Affecting the Security Industry

  • The Cybersecurity Information Sharing Act (CISA) is set to expire on 30 September 2025, raising concerns about the future of threat intelligence sharing in the US.
  • The UK government’s intervention in the JLR cyberattack demonstrates a willingness to provide significant financial support to critical industries affected by cyber incidents.
  • Amazon agreed to a $2.5 billion settlement over deceptive practices related to Prime subscriptions, highlighting regulatory scrutiny of consumer protection in digital services.