Major Incidents or Breaches

  • Motility Software Solutions suffered a ransomware attack exposing sensitive data of 766,000 dealership software clients.
  • WestJet confirmed that a cyberattack compromised personal information, including passport and ID documents, of 1.2 million customers.
  • Allianz Life announced that a July data breach impacted nearly 1.5 million individuals.
  • Adobe disclosed an ingestion bug in its Analytics platform that resulted in customer tracking data being exposed to other tenants for approximately one day.
  • Executives at multiple companies received extortion emails from the Clop ransomware group, claiming theft of sensitive data from Oracle E-Business Suite systems.
  • Unknown threat actors have exploited Milesight industrial cellular routers since at least February 2022 to send smishing SMS messages targeting European users.

Newly Discovered Vulnerabilities

  • A critical vulnerability in Red Hat OpenShift AI could allow attackers to escalate privileges and gain full control over hybrid cloud infrastructure under specific conditions.
  • A high-severity flaw in One Identity OneLogin IAM allowed attackers to use API keys to steal OpenID Connect (OIDC) secrets and impersonate applications.
  • OpenSSL patched three vulnerabilities that could allow private key recovery, code execution, and denial-of-service attacks.
  • Google’s Gemini AI suite contained vulnerabilities permitting attackers to embed malicious instructions in user web activity.
  • A bug in classic Outlook causes the client to crash on launch, with resolution only available via Microsoft Exchange Online support.
  • A newly demonstrated attack, dubbed “WireTap” or “Battering RAM,” enables attackers with physical access to extract Intel SGX ECDSA keys and break confidential computing protections on Intel and AMD processors via DDR4 memory-bus interposers.
  • Broadcom failed to disclose zero-day exploitation of a VMware vulnerability affecting Aria Operations and VMware Tools, which could allow privilege escalation on virtual machines.

Notable Threat Actor Activity

  • The Clop ransomware group is conducting a new extortion campaign targeting Oracle E-Business Suite users.
  • A previously undocumented Android banking trojan, “Klopatra,” has infected over 3,000 devices, mainly in Spain and Italy, using hidden VNC for remote control.
  • Chinese APT “Phantom Taurus” is targeting organisations with the Net-Star malware, focusing on espionage and using infrastructure linked to other Chinese APTs but employing distinct TTPs.
  • Threat group UNC6040 (ShinyHunters) has been observed using advanced social engineering tactics to breach Salesforce environments.
  • The Rhadamanthys malware, a complex multi-modular stealer sold on underground markets since 2022, has received notable updates.

Trends, Tools, or Tactics of Interest

  • Bitdefender’s 2025 Cybersecurity Assessment Report highlights increased pressure to conceal breaches, expanding attack surfaces, and rising misperceptions around AI security.
  • Attackers are leveraging industrial IoT devices (Milesight routers) to conduct large-scale smishing campaigns.
  • The Klopatra Android malware uses hidden VNC for hands-on device control, indicating a trend towards more interactive mobile banking attacks.
  • Research demonstrates that confidential computing protections (Intel SGX, AMD SEV) can be bypassed with low-cost hardware if physical access is obtained.
  • “Burp AI” is being adopted by security professionals for automated vulnerability scanning in bug bounty workflows.
  • Google Drive for desktop is rolling out AI-powered ransomware detection that pauses file syncing upon detecting an attack.
  • AmCache forensic artifact analysis is highlighted as valuable for incident investigations, with new command-line tools available for data extraction.
  • Undead (unsupported) operating systems, especially with Windows 10 reaching end-of-life, are set to significantly increase the vulnerable attack surface in enterprise environments.

Regulatory or Policy Developments Affecting the Security Industry

  • KnowBe4 is pursuing ISO 42001 certification for AI governance as it integrates more AI into its human risk management platform.
  • F-Droid project warns it may cease operations due to Google’s new developer identity verification requirements.
  • NIST published Special Publication 1334, offering guidance on mitigating USB-borne threats in industrial control system (ICS) and OT environments.
  • CISA reiterates that microsegmentation is foundational, not optional, for zero trust architectures, and highlights modern, automated approaches to implementation.
  • Microsoft will begin automatic installation of Microsoft 365 companion apps on Windows 11 devices with existing Microsoft 365 desktop clients later this month.