Major Incidents or Breaches

  • Renault and Dacia UK notified customers of a data breach affecting sensitive information, resulting from a compromise at a third-party provider.
  • Japanese beer company Asahi confirmed a ransomware attack that caused IT disruptions and factory shutdowns.
  • ShinyHunters launched a new data leak site to extort 39 victims impacted by recent Salesforce breaches, leaking samples of stolen data. The Scattered Lapsus$ Hunters group also resurfaced with threats to publish Salesforce customer data if extortion demands are unmet.
  • Jaguar Land Rover experienced repeat cyberattacks, reportedly due to incomplete remediation from a previous breach, highlighting ongoing operational and financial impacts.
  • Hackers who targeted Kido nurseries with ransom demands and posted children’s data online have reportedly removed the data following public backlash.
  • Dutch authorities arrested two teenagers for alleged pro-Russian espionage, noted as part of a broader Russian hybrid attack campaign in Europe.

Newly Discovered Vulnerabilities

  • CISA added CVE-2025-4008, a high-severity flaw in Smartbedded Meteobridge, to its Known Exploited Vulnerabilities catalog. The vulnerability allows remote unauthenticated attackers to execute arbitrary commands with root privileges; it was patched in mid-May but is being actively exploited.
  • An unauthenticated remote code execution (RCE) vulnerability affecting DrayTek routers was patched. The flaw could be exploited via crafted HTTP/S requests to the device’s web interface.
  • Chrome 141 and Firefox 143 released patches for high-severity vulnerabilities. Chrome addressed issues in WebGPU and Video components, while Firefox fixed flaws in Graphics and JavaScript Engine components.
  • A new attack, ‘CometJacking,’ exploits URL parameters in Perplexity’s Comet AI browser to access sensitive user data, such as emails and calendars, from connected services.

Notable Threat Actor Activity

  • The North Korean group “DeceptiveDevelopment” is using social engineering tactics to target job seekers, according to ESET.
  • The Detour Dog threat actor has been identified as operating DNS-powered malware campaigns distributing Strela Stealer, an information-stealing malware.
  • The Rhadamanthys Stealer threat actor has updated their stealer to include device fingerprinting and payloads concealed via PNG steganography. They are also advertising additional tools, Elysium Proxy Bot and Crypt Service.
  • A new self-propagating malware campaign, SORVEPOTEL, is targeting Brazilian WhatsApp users, spreading via trusted contacts on the messaging platform.
  • The “Cavalry Werewolf” threat actor, with links to YoroTrooper, has targeted Russian public sector entities using the FoalShell and StallionRAT malware families.
  • UAT-8099, a Chinese-language threat actor, is hijacking reputable websites for SEO fraud and data theft, infecting servers, poisoning sites with SEO spam, and stealing organizational data.
  • Oracle linked ongoing Clop ransomware extortion attacks to E-Business Suite vulnerabilities patched in July 2025, indicating exploitation of known flaws.
  • Cybercriminals reportedly offered money to a BBC journalist for cooperation, highlighting ongoing targeting of media professionals.

Trends, Tools, or Tactics of Interest

  • A Gartner survey found that 62% of organizations experienced a deepfake attack in the past 12 months, indicating a significant increase in the use of deepfakes in cyberattacks.
  • Signal introduced Sparse Post-Quantum Ratchet (SPQR), a cryptographic protocol designed to protect against quantum computing threats.
  • Gmail business users can now send end-to-end encrypted emails to recipients on any platform.
  • Microsoft’s “Windows Speak for Me” voice cloning technology has been identified as a potential vector for attacks, enabling creation of convincing voice replicas for use in SaaS platforms and communications.
  • Brain-computer interface (BCI) technology is being highlighted for its potential cybersecurity risks as adoption increases.
  • A free template was released to help CISOs present AI adoption, risks, and controls to boards, reflecting growing governance concerns around GenAI.
  • MokN, a French cybersecurity startup, introduced a “phish-back” solution that tricks attackers into revealing stolen credentials.
  • Passwork 7 was released as an on-premises platform for enterprise password and secrets management, addressing credential storage and sharing complexity.

Regulatory or Policy Developments Affecting the Security Industry

  • ICE (U.S. Immigration and Customs Enforcement) plans to build a 24/7 social media surveillance team, hiring contractors to monitor platforms such as X, Facebook, and TikTok for enforcement purposes.
  • LinkedIn user data will be used to train AI systems, raising privacy and data protection considerations.
  • Oneleet and MokN, cybersecurity startups, raised significant funding to expand operations and AI capabilities, indicating continued investment in compliance and anti-phishing technologies.