Major Incidents or Breaches

  • SimonMed Imaging disclosed a data breach impacting over 1.2 million individuals, attributed to the Medusa ransomware group, which claims to have exfiltrated 200GB of sensitive data.
  • Harvard University is investigating a breach potentially linked to exploitation of an Oracle E-Business Suite zero-day vulnerability, with the Clop ransomware group listing the institution on its leak site.
  • An extortion group has leaked millions of records allegedly obtained via Salesforce hacks, affecting organizations including Albertsons, Engie Resources, Fujifilm, GAP, Qantas, and Vietnam Airlines.
  • Unity’s SpeedTree website suffered a supply chain attack, with malicious code skimming customer information from hundreds of users.
  • A large-scale botnet is targeting Remote Desktop Protocol (RDP) services in the US, leveraging more than 100,000 IP addresses.
  • Over 100 SonicWall SSL VPN accounts across more than a dozen entities were compromised in a widespread campaign using stolen credentials.
  • Microsoft 365 experienced an outage impacting customer access to applications.

Newly Discovered Vulnerabilities

  • Oracle released an emergency security patch for a new remotely exploitable E-Business Suite (EBS) vulnerability. The flaw allows unauthenticated access to sensitive data and is linked to active exploitation.
  • Microsoft has restricted Internet Explorer (IE) mode in Edge after reports of zero-day attacks abusing the Chakra JavaScript engine, with attackers leveraging the legacy feature as a backdoor.
  • Multiple malicious packages were discovered in npm, PyPI, and RubyGems ecosystems, exfiltrating developer data to Discord channels used as C2 infrastructure.
  • Researchers identified a possible XSS vulnerability in the ESAFENET CDG electronic document security management system, adding to a series of previously reported flaws.
  • The RondoDox botnet is actively exploiting over 50 vulnerabilities across more than 30 vendors in ongoing malware campaigns.
  • Unmonitored JavaScript on websites is highlighted as a significant risk, allowing attackers to steal payment data undetected by WAF and IDS solutions.

Notable Threat Actor Activity

  • TA585, a previously undocumented threat actor, has been observed distributing MonsterV2 malware via phishing campaigns.
  • The RondoDox botnet has expanded its exploitation operations, targeting a wide range of vulnerabilities across multiple vendors.
  • Threat actors used automation to create and distribute over 175 malicious npm packages targeting more than 135 industrial and electronics organizations.
  • The Medusa ransomware group claimed responsibility for the SimonMed Imaging breach.
  • The Clop ransomware gang is suspected in the Harvard University breach via Oracle EBS zero-day.
  • Spanish authorities dismantled the GXC Team crime-as-a-service operation, arresting its administrator “GoogleXcoder,” who provided phishing kits and Android malware.
  • Researchers broke recently released OpenAI guardrails designed to protect its AI models, demonstrating ongoing challenges in AI security.
  • Extortion groups continue to leak data obtained from Salesforce compromises, affecting multiple major organizations.

Trends, Tools, or Tactics of Interest

  • There is a significant surge in SMS phishing (smishing) scams targeting individuals aged 18-29 in the US.
  • Job-related scams increased by over 1000% between May and July 2025.
  • Deepfakes are increasingly used in social engineering attacks against organizations and individuals.
  • AI-generated phishing and social engineering attacks are outpacing traditional email defenses; new solutions such as Varonis Interceptor leverage multimodal AI to detect advanced threats.
  • Cybercriminals are abusing Discord as a C2 channel for exfiltrating data from compromised developer environments.
  • Large-scale RDP brute-force attacks are being conducted by botnets leveraging vast distributed infrastructures.
  • Unmonitored “back-office” data in critical infrastructure organizations is an increasing target for nation-state actors.
  • Satellite communications are leaking unencrypted sensitive data, including calls, texts, and military communications, accessible with basic hardware.
  • Scams exploiting government programs, such as New York’s inflation refund, are being distributed via phishing SMS campaigns.
  • Generation AI: The rise of AI in security is reducing entry-level opportunities for graduates, shifting the skills landscape in the industry.

Regulatory or Policy Developments Affecting the Security Industry

  • JPMorgan announced plans to invest up to $10 billion in US companies with critical ties to national security, focusing on artificial intelligence, cybersecurity, and quantum computing.
  • Financial and other industries are being urged to prepare for the eventual impact of quantum computers on public-key cryptography, with a timeline for potential threat estimated at one to two decades.