Major Incidents or Breaches

  • Red Hat suffered a data breach, with the ShinyHunters extortion group leaking samples of stolen customer engagement reports (CERs) and threatening further exposure.
  • Discord disclosed that user information, including names, usernames, email addresses, contact details, IP addresses, and billing information, was compromised via a third-party data breach.
  • Doctors Imaging Group notified approximately 171,000 individuals of a cybersecurity incident that occurred nearly a year ago.
  • Beer giant Asahi reported a ransomware attack resulting in data theft and disruption to operations at its Japanese subsidiaries, forcing a shift to manual order processing and shipment.
  • Salesforce faced extortion attempts after data from dozens of customers was stolen; Salesforce stated these relate to past or unsubstantiated incidents, not new intrusions.

Newly Discovered Vulnerabilities

  • Oracle E-Business Suite: A critical remote code execution vulnerability (CVE-2025-61882) has been exploited in the wild by the Cl0p ransomware group. Oracle has released an emergency patch.
  • GoAnywhere MFT: Microsoft reported that Storm-1175 has been exploiting a maximum severity vulnerability in GoAnywhere MFT for Medusa ransomware attacks for nearly a month.
  • Redis: The Redis security team released patches for a maximum-severity vulnerability that could allow remote code execution on thousands of exposed instances.
  • Unity Game Engine: A code execution vulnerability in the Unity engine could enable attackers to gain code execution on Android and privilege escalation on Windows. Microsoft and Steam have issued warnings and are taking action.
  • Zimbra: Attackers exploited a zero-day vulnerability in Zimbra via ICS files, targeting Brazilian military entities.
  • BitLocker Bypass and VMScape vulnerabilities were also highlighted in recent security roundups.

Notable Threat Actor Activity

  • Cl0p ransomware group exploited Oracle E-Business Suite zero-day (CVE-2025-61882) for data theft and extortion attacks.
  • ShinyHunters is actively extorting Red Hat following their data breach.
  • Storm-1175 exploited GoAnywhere MFT vulnerabilities in Medusa ransomware campaigns.
  • Chinese-speaking cybercrime group UAT-8099 is running a global SEO fraud operation using compromised IIS servers, stealing high-value credentials.
  • XWorm malware resurfaced with a ransomware module and over 35 plugins, distributed via phishing campaigns.
  • Water Saci campaign deployed self-propagating malware (Sorvepotel) via WhatsApp in Brazil, targeting financial institutions.
  • Phishing campaigns are targeting 1Password users with convincing fake breach alert emails.
  • A threat actor impersonating the Libyan Navy’s Office of Protocol targeted Brazil’s military using Zimbra zero-day exploits.

Trends, Tools, or Tactics of Interest

  • AI-driven phishing and social engineering attacks are cited as a top concern by nearly 40% of surveyed security leaders.
  • Machine learning models for detecting DLL hijacking have been developed and integrated into Kaspersky SIEM, enabling early incident detection.
  • Increased use of AI in cybersecurity, including open-source XDR/SIEM platforms like Waziuh and the risk of insecure AI-generated code (“vibe coding”).
  • XWorm’s modular architecture and plugin system highlight evolving malware sophistication.
  • High-profile phishing and social engineering attacks continue to leverage realistic lures and automation.
  • Self-propagating malware targeting messaging platforms (e.g., WhatsApp) is being used for credential theft and financial fraud.
  • The launch of the Zeroday.Cloud hacking competition offers $4.5 million in bounties for exploits targeting open-source cloud and AI tools.

Notable Threat Actor Attribution

  • CrowdStrike attributes recent Oracle EBS exploitation to Graceful Spider (aka Cl0p).
  • Chinese research firms BIETA and CIII have been linked to the Ministry of State Security (MSS) and assessed as fronts for PRC cyber operations.
  • Reports highlight Chinese government fronts collaborating with Western organisations to acquire cyber technologies for state intelligence purposes.

Regulatory or Policy Developments Affecting the Security Industry

  • LinkedIn has filed a lawsuit against ProAPIs Inc. and its founder for scraping user data via over one million fake accounts, addressing large-scale data harvesting.
  • Compliance training updates and frameworks (e.g., KnowBe4’s Compliance Plus and the DEEP Matrix for unified defence) are being promoted to address evolving human risk management and regulatory requirements.