Major Incidents or Breaches

  • The PassiveNeuron cyber-espionage campaign has been reported targeting high-profile servers in government, industrial, and financial sectors across Asia, Africa, and Latin America. Attackers are deploying custom Neursite and NeuralExecutor APT implants alongside Cobalt Strike to maintain persistence and exfiltrate data.
  • CISA has confirmed active exploitation of an Oracle E-Business Suite SSRF vulnerability (CVE-2025-61884) and has added it to its Known Exploited Vulnerabilities catalog.
  • Over 73,000 WatchGuard Firebox devices are impacted by a critical flaw in the Fireware OS iked process, allowing unauthenticated remote code execution.
  • Myanmar military authorities have shut down a major cybercrime centre, detaining over 2,000 individuals involved in global cyberscam operations.

Newly Discovered Vulnerabilities

  • TP-Link Omada gateway devices are affected by four newly disclosed vulnerabilities, including two critical flaws enabling remote code execution and a critical pre-auth OS command injection. Security updates have been released.
  • Cursor and Windsurf IDEs have been found to contain over 94 n-day vulnerabilities inherited from outdated Chromium and V8 JavaScript engine components.
  • CISA has issued warnings about exploited vulnerabilities in Apple, Kentico, and Microsoft products, involving code execution, authentication bypass, and privilege escalation.
  • A supply chain attack has been identified targeting VS Code extensions with ‘GlassWorm’ malware, which leverages invisible Unicode characters for obfuscation and uses blockchain-based infrastructure for resilience.

Notable Threat Actor Activity

  • The PolarEdge botnet is actively targeting Cisco, ASUS, QNAP, and Synology routers in an expanding campaign, as documented by researchers.
  • Russian state-backed group Star Blizzard has increased deployment of evolving malware families (NoRobot, MaybeRobot), using complex delivery chains that begin with compromised “I am not a robot” CAPTCHA pages.
  • Fraud campaigns targeting streaming platforms are increasingly using generative AI and bots to create and promote fake content.

Trends, Tools, or Tactics of Interest

  • Email phishing campaigns in 2025 are leveraging PDF attachments with QR codes, password-protected PDFs, calendar phishing, and advanced phishing sites capable of validating email addresses.
  • Vidar Stealer 2.0 has been released, featuring multi-threaded data theft and enhanced evasion capabilities, reinforcing its position as a leading malware-as-a-service operation.
  • Hackers exploited 34 zero-day vulnerabilities on the first day of Pwn2Own Ireland 2025, demonstrating continued interest and success in vulnerability research.
  • Social engineering attacks are targeting Salesforce accounts via fake support calls.
  • Research from Anthropic indicates that poisoning AI models can be achieved with as few as 250 malicious documents, highlighting the susceptibility of AI systems to data poisoning.
  • Streaming fraudsters are increasingly using AI tools and bots for large-scale manipulation.
  • Electronic warfare and GPS interference are affecting a wide range of commercial sectors beyond aviation, including shipping, agriculture, and finance.

Regulatory or Policy Developments Affecting the Security Industry

  • CISA has updated its Known Exploited Vulnerabilities list to include recent vulnerabilities affecting Oracle, Apple, Kentico, and Microsoft products.
  • Meta has introduced new tools and warnings on WhatsApp and Messenger to help protect users from scams.
  • Allan Friedman, a leading figure in Software Bill of Materials (SBOM) advocacy, has joined NetRise as a strategic advisor to advance supply chain visibility.
  • Veeam has announced the acquisition of Securiti AI for $1.7 billion, aiming to unify data resilience with data security, privacy, and governance.
  • Dataminr is set to acquire ThreatConnect for $290 million to combine data signal analysis with internal threat intelligence capabilities.