Major Incidents or Breaches

  • UK law enforcement seized £5.5 billion (~$7.39 billion) in Bitcoin from a Chinese national convicted for involvement in a fraudulent cryptocurrency scheme, marking the world’s largest crypto asset seizure to date.
  • Canadian airline WestJet confirmed that a recent cyberattack compromised sensitive customer information, including passports and ID documents.
  • Beer producer Asahi suffered a cyberattack that disrupted production, order processing, shipments, and call centre operations in Japan.
  • Imgur has blocked UK users from accessing its platform after the UK data protection authority signalled a possible monetary penalty for non-compliance.
  • Interpol arrested 260 individuals involved in romance scams and sextortion, identifying 1,463 victims and $2.8 million in losses.

Newly Discovered Vulnerabilities

  • A critical vulnerability (CVE-2025-32463) in the Linux sudo package is being actively exploited, allowing attackers to execute commands with root privileges.
  • Western Digital patched a critical remote command injection vulnerability in multiple My Cloud NAS models.
  • Apple released updates for iOS and macOS to address a critical font processing vulnerability (CVE-2025-43400) that could enable denial-of-service or memory corruption.
  • Nearly 50,000 Cisco ASA and FTD firewalls exposed on the public internet remain vulnerable to two actively exploited flaws.
  • Broadcom released security updates for high-severity vulnerabilities in VMware Aria Operations, NSX, and vCenter, including privilege escalation and username enumeration flaws.
  • Academics disclosed the “Battering RAM” vulnerability affecting Intel and AMD cloud processors, capable of bypassing the latest hardware security defences.
  • Security researchers disclosed and Google patched three vulnerabilities in Google Gemini AI, including prompt injection and cloud exploitation methods.
  • Researchers highlighted multiple security issues in Life360’s Tile trackers, primarily due to lack of encryption.

Notable Threat Actor Activity

  • A previously undocumented China-linked APT group, “Phantom Taurus,” targeted government and telecommunications entities across Africa, the Middle East, and Asia using stealthy, fileless malware such as IIServerCore.
  • The China-linked threat actor UNC5174 exploited a VMware zero-day (privilege escalation in VMware Tools and Aria Operations) since October 2024 in active attacks.
  • A new Android banking trojan, “Datzbro,” is using AI-generated Facebook travel events to target elderly users, enabling device takeover and fraudulent transactions.
  • The “Klopatra” banking trojan has infected thousands of victims in Italy and Spain, capable of conducting automated bank transfers while users are inactive.

Trends, Tools, or Tactics of Interest

  • Attackers are leveraging the new MatrixPDF toolkit to weaponise PDF files for phishing and malware campaigns, enabling interactive lures that bypass email security and facilitate credential theft.
  • The proliferation of “shadow AI” risks is increasing as organisations adopt agentic AI and embedded LLMs, with associated security challenges highlighted in both enterprise and SaaS environments.
  • Dark web exploit markets continue to thrive, with evolving pricing models, access methods, and a growing arsenal for sale to threat actors.
  • Security operations centres (SOCs) are challenged by alert fatigue and the need for contextual incident response, with legacy systems contributing to inefficiency.
  • Weak default passwords in IoT and web applications remain a common entry point for attackers, as highlighted in recent honeypot and password research.

Regulatory or Policy Developments Affecting the Security Industry

  • China introduced a regulation mandating that major cyber incidents must be reported within one hour, signalling an increased focus on internal cybersecurity posture.
  • California enacted the Transparency in Frontier Artificial Intelligence Act (TFAIA), requiring AI companies to implement and publicly disclose safety protocols for advanced models.
  • New international guidance urges operators of operational technology (OT) environments to maintain continually updated system inventories for improved security and resilience.
  • The UK data watchdog’s enforcement against Imgur demonstrates increasing regulatory scrutiny and penalties for non-compliance with data protection requirements.
  • The US Federal Trade Commission (FTC) filed suit against Sendit for illegally collecting data from underage users and deceptive subscription practices.