Major Incidents or Breaches

  • Envoy Air, a subsidiary of American Airlines, confirmed a data compromise involving its Oracle E-Business Suite application. The Clop extortion gang has claimed responsibility.
  • Sotheby’s disclosed a data breach involving theft of sensitive personal information, including Social Security Numbers.
  • Prosper suffered a data breach impacting 17.6 million accounts, with exposed data including names, addresses, dates of birth, email addresses, Social Security numbers, government IDs, and other sensitive information.
  • Cybercriminals exploited lax authentication in Zendesk’s customer service platform to execute email bombing attacks, flooding targeted inboxes with abusive messages from legitimate Zendesk accounts.

Newly Discovered Vulnerabilities

  • A malicious npm package was identified delivering the AdaptixC2 post-exploitation agent, targeting Windows, Linux, and macOS platforms.
  • Researchers disclosed a critical vulnerability in WatchGuard Fireware’s VPN functionality, allowing unauthenticated remote code execution. The flaw has been patched.
  • ConnectWise issued a security update for its Automate product, addressing critical vulnerabilities that could allow adversary-in-the-middle (AiTM) update attacks and interception/modification of sensitive communications.
  • Microsoft patched CVE-2025-55315, an HTTP request smuggling vulnerability in ASP.NET Core with the highest-ever severity score for the platform. The flaw can lead to information leaks, file tampering, and server crashes.
  • Over 266,000 F5 BIG-IP instances remain exposed online following a recently disclosed security breach.
  • Gladinet patched an actively exploited CentreStack vulnerability, an unauthenticated local file inclusion bug enabling remote code execution via ViewState deserialization.
  • Vulnerabilities in Phoenix Contact UPS devices were disclosed, allowing attackers to trigger a permanent denial-of-service condition that prevents remote restoration.

Notable Threat Actor Activity

  • The Silver Fox threat group has expanded operations using the Winos 4.0 (ValleyRAT) malware, now targeting Japan and Malaysia with the HoldingHands RAT, in addition to previous campaigns in China and Taiwan.
  • North Korean threat actors associated with the Contagious Interview campaign have merged BeaverTail and OtterCookie malware into an advanced JavaScript-based strain, indicating ongoing tool development.
  • Microsoft disrupted a ransomware campaign abusing Azure certificates, revoking over 200 digital certificates used to sign malicious Teams binaries for Rhysida ransomware distribution.
  • Europol dismantled a SIM-box operation (SIMCARTEL) that facilitated over 3,200 fraud cases and caused losses exceeding €4.5 million by renting numbers for cybercrime.
  • TikTok videos are being used to promote malware installation, leveraging social engineering and new communication channels.

Trends, Tools, or Tactics of Interest

  • Phishing remains the leading initial access vector for cyberattacks across Europe, accounting for 60% of incidents between July 2024 and June 2025, per ENISA.
  • Microsoft reports increasing use of AI by Russian and Chinese threat actors to escalate cyberattacks, particularly targeting the United States.
  • Attackers are exploiting AI chat data as a rich source of sensitive enterprise information, raising concerns about privacy, accountability, and law enforcement access.
  • Shared responsibility models for securing AI agents and agentic services are becoming more prominent, with ongoing challenges in user and team awareness.
  • Social engineering tactics continue to evolve, with attackers leveraging platforms like TikTok and exploiting authentication weaknesses in SaaS products such as Zendesk.

Regulatory or Policy Developments Affecting the Security Industry

  • Capita has been fined £14 million in connection with a security incident.
  • The European Union Agency for Cybersecurity (ENISA) published statistics on initial access vectors, highlighting phishing as the predominant method in Europe.