Major Incidents or Breaches

  • Discord has confirmed a breach of its Zendesk support system, with threat actors claiming to have exfiltrated data on 5.5 million users, including government IDs and email addresses.
  • The Qilin ransomware group has claimed responsibility for an attack on Asahi brewery, leaking 27GB of data comprising contracts, employee information, and financial documents.
  • The Crimson Collective threat group has targeted AWS cloud environments for data theft and extortion, and is also reported to have breached the GitLab instance of Red Hat Consulting in collaboration with the Scattered Lapsus$ group.
  • The UK Metropolitan Police arrested two individuals in connection with a ransomware attack on a chain of London nurseries, which resulted in the doxing of children online.
  • Microsoft 365 services, including Teams and Exchange Online, experienced an outage, preventing user access.
  • DraftKings has alerted users to a credential stuffing attack leading to unauthorised access to user accounts and exposure of personal information.

Newly Discovered Vulnerabilities

  • A critical authentication bypass vulnerability in the Service Finder WordPress theme is under active exploitation, enabling attackers to gain administrator-level access to affected sites.
  • A severe vulnerability (CVE-2025-53967) in the Figma-developer-MCP Model Context Protocol server, now patched, allowed remote code execution, exposing organisations to potential agentic AI compromise.
  • A new variant of the FileFix social engineering attack leverages cache smuggling to covertly deliver malicious ZIP files and evade security controls.
  • Researchers have demonstrated a technique (“Mic-E-Mouse”) to turn computer mice into covert audio surveillance devices.
  • Hundreds of Oracle E-Business Suite instances remain vulnerable to a zero-day exploit that was actively targeted two months prior to the official patch release.

Notable Threat Actor Activity

  • LockBit, Qilin, and DragonForce ransomware groups have announced a strategic alliance to share attack resources and intelligence, forming a ransomware “cartel” and inviting other e-crime actors to join.
  • Suspected China-nexus threat actors are weaponising the open-source Nezha monitoring tool to deploy Gh0st RAT malware in new attack campaigns.
  • The BatShadow group, operating from Vietnam, is running a campaign using Vampire Bot malware to target job seekers.
  • Cybercriminals are exploiting compromised WordPress sites to inject malicious JavaScript for next-generation ClickFix phishing attacks.
  • North Korean threat actors are reported to have stolen $2 billion in cryptocurrency in 2025, contributing to over $6 billion in total thefts for the regime.

Trends, Tools, or Tactics of Interest

  • Increased use of artificial intelligence by both attackers and defenders is reshaping the threat landscape, with AI-powered tools being leveraged for both attack automation and defensive noise reduction.
  • Attackers are increasingly targeting third-party integrations (e.g., OAuth in Google Workspace) rather than core platforms.
  • Social engineering campaigns are evolving, including job-themed phishing targeting influencers and job seekers, and modeling scams targeting older adults on social media.
  • Polymorphic Python remote access trojans (RATs) and self-modifying malware are being observed in the wild.
  • Fake gaming pages (e.g., on itch.io) are being used to distribute malware via stealthy stagers.
  • Cache smuggling and other advanced evasion techniques are being adopted to bypass traditional security controls.

Regulatory or Policy Developments

  • Google has expanded its bug bounty programme to cover AI-specific abuse and security issues, offering up to $20,000 per submission.
  • Microsoft is enabling threshold-based auto-archiving by default in Exchange Online to address mailbox overflow and ensure email continuity.