Major Incidents or Breaches

  • China’s Ministry of State Security (MSS) has accused the US National Security Agency (NSA) of conducting a multi-stage cyberattack against the National Time Service Center (NTSC) in Beijing. The MSS claims the NSA used 42 different cyber tools and exploited vulnerabilities in the messaging services of a foreign mobile phone brand to steal sensitive information.
  • Experian Netherlands has been fined €2.7 million ($3.2 million) for violations of the General Data Protection Regulation (GDPR) related to the mass collection of personal data.

Notable Threat Actor Activity

  • Cybercriminals are leveraging TikTok videos disguised as free activation guides for popular software (including Windows, Spotify, and Netflix) to distribute information-stealing malware as part of ongoing ClickFix attacks.

Trends, Tools, or Tactics of Interest

  • Recent malware samples have demonstrated the use of direct syscall() invocation for obfuscation and fileless activity, bypassing traditional detection mechanisms by avoiding standard API calls and making analysis more difficult.

Regulatory or Policy Developments

  • The €2.7 million GDPR fine against Experian Netherlands highlights ongoing regulatory enforcement actions against improper data collection practices within the EU.