Major Incidents or Breaches

  • Red Hat has confirmed a breach of its private GitLab repositories, with a threat actor claiming compromise of 28,000 repositories, including data related to major clients. Red Hat has initiated remediation.
  • WestJet disclosed that 1.2 million individuals were impacted by a data breach resulting from a June cyberattack. Analysis of stolen information has been completed.
  • Dealership software provider Motility suffered a ransomware attack on August 19, impacting 766,000 individuals. Stolen data includes names, contact details, Social Security numbers, and driver’s license numbers.
  • Allianz Life reported a data breach in July affecting 1.5 million individuals, with hackers stealing files containing names, addresses, dates of birth, and Social Security numbers from a cloud-based CRM.
  • Cybercriminals have launched an extortion campaign targeting Oracle E-Business Suite customers, with executives receiving threats alleging theft of sensitive data. The campaign is possibly linked to Cl0p and FIN11 ransomware groups.

Newly Discovered Vulnerabilities

  • DrayTek issued an advisory for a remote code execution vulnerability affecting several Vigor router models. The flaw allows remote, unauthenticated attackers to execute arbitrary code.
  • A critical vulnerability, dubbed “WireTap,” has been disclosed in Intel SGX. The attack leverages a passive interposer to extract the DCAP attestation key, undermining the enclave’s security mechanism.
  • A malicious Python Package Index (PyPI) package named “soopsocks” was found to have infected 2,653 systems before removal. The package masqueraded as a SOCKS5 proxy tool while stealing sensitive information.
  • Microsoft announced that Outlook for Web and the new Outlook for Windows will stop displaying inline SVG images to mitigate attacks exploiting this feature.
  • Microsoft Defender for Endpoint has a bug causing erroneous BIOS update alerts, incorrectly tagging some devices’ firmware as outdated.

Notable Threat Actor Activity

  • The Confucius APT group has been linked to new phishing campaigns targeting Pakistan, deploying WooperStealer and Anondoor malware. The group’s tactics have evolved to include Python-based surveillance tools.
  • Google Mandiant and Google Threat Intelligence Group are tracking a new extortion wave targeting Oracle E-Business Suite customers, potentially linked to the Cl0p ransomware group.
  • Android spyware campaigns (“ProSpy” and “ToSpy”) have been discovered targeting users in the UAE, impersonating Signal and ToTok apps to steal sensitive data.
  • Scam Facebook groups are distributing malicious Android malware to senior users via fake community and travel groups.

Trends, Tools, or Tactics of Interest

  • ENISA’s 2025 Threat Landscape report highlights a significant number of attacks targeting operational technology (OT) systems within the EU.
  • Attackers are increasingly scanning for critical vulnerabilities in firewalls and exploiting unpatched systems, as well as employing BYOVD (Bring Your Own Vulnerable Driver) and SQL C2 (Command and Control) attack techniques.
  • There is a documented shift in phishing tactics from email to mobile channels, including SMS, voice, and QR-code phishing.
  • The “.well-known” directory continues to be exploited for hiding webshells and malicious files.
  • Service desks are being actively targeted for social engineering attacks, prompting recommendations for NIST-aligned, role- and points-based user verification workflows.
  • Automation of penetration testing delivery is highlighted as a key workflow for continuous security validation.
  • The bug bounty platform HackerOne reported $81 million in payouts to security researchers over the past year, reflecting sustained engagement in vulnerability disclosure.

Regulatory or Policy Developments Affecting the Security Industry

  • The US Federal Trade Commission (FTC) has accused the Sendit app and its CEO of illegally signing up minors, misusing their data, and engaging in deceptive practices including fake messages and hidden fees.
  • Meta announced it will use user interactions with its generative AI to serve targeted ads, raising privacy and data usage concerns.
  • Despite a record number of CVEs projected for 2025, cyber insurers are reportedly not adjusting policy terms or requirements in response to the increased vulnerability disclosures.