Major Incidents or Breaches

  • Over 250 Magento and Adobe Commerce stores were compromised overnight through active exploitation of the critical “SessionReaper” vulnerability (CVE-2025-54236), with hundreds of attack attempts recorded.
  • FinWise suffered a data breach attributed to insider threat activity, exposing sensitive data.
  • Jewett-Cameron, a fencing and pet company, was hit by ransomware, with attackers exfiltrating sensitive information and threatening to release it unless a ransom is paid.
  • More than 100 Chrome extensions were found to be abusing WhatsApp Web for bulk messaging, violating both Chrome and WhatsApp anti-spam policies.
  • Ukraine war relief organizations and regional government entities were targeted in a spear-phishing campaign (“PhantomCaptcha”) delivering remote access malware via weaponized PDFs and fake Zoom meeting invitations.
  • Home Depot customers were targeted by a phishing campaign using fake Halloween giveaways, leveraging tracking pixels and compromised websites.
  • A fake Nethereum NuGet package using homoglyph attacks was discovered stealing cryptocurrency wallet keys via a supply chain attack.
  • The North Korean Lazarus Group is conducting cyber-espionage campaigns targeting European drone manufacturing data.
  • The Iranian MuddyWater APT group targeted over 100 global government and private organizations with the Phoenix backdoor, leveraging compromised mailboxes and phishing with macro-enabled documents.

Newly Discovered Vulnerabilities

  • Critical “SessionReaper” vulnerability (CVE-2025-54236) in Adobe Commerce and Magento Open Source is being actively exploited for unauthorized access and session hijacking.
  • A high-severity remote code execution vulnerability (“TARmageddon”) was identified in the abandoned async-tar Rust library and its forks, potentially affecting any dependent software.
  • Critical vulnerabilities in TP-Link’s Omada Gateways were patched, including a flaw allowing remote unauthenticated arbitrary command execution.
  • Zero-click Dolby audio bug (CVE-2025-54957) allows code execution via audio files on Android and Windows devices.
  • Motex Lanscope Endpoint Manager has a critical security flaw now listed in CISA’s Known Exploited Vulnerabilities catalog, confirmed to be under active attack.
  • Oracle released its October 2025 Critical Patch Update addressing 374 vulnerabilities across its product suite.
  • Microsoft SharePoint’s ToolShell vulnerability (CVE-2025-53770) is being exploited by Chinese threat actors even after public disclosure and patch release.

Notable Threat Actor Activity

  • Iranian APT MuddyWater used the Phoenix backdoor in a global espionage campaign, targeting government, financial, and industrial organizations, primarily in the Middle East and Africa.
  • Chinese threat actors associated with the ToolShell campaign exploited a SharePoint vulnerability to compromise organizations across government, telecom, and education sectors on four continents.
  • Russian APT Star Blizzard shifted to new backdoors (NoRobot/BaitSwitch and MaybeRobot/SimpleFix) after their previous malware, LostKeys, was exposed by researchers.
  • Lazarus Group (North Korea) is actively seeking sensitive data from European drone manufacturers.
  • APT group PassiveNeuron, identified by Kaspersky, is targeting government, financial, and industrial entities in Asia, Africa, and Latin America using custom malware (Neursite, NeuralExecutor).

Trends, Tools, or Tactics of Interest

  • Attackers are abusing X’s generative AI bot Grok to spread phishing links by manipulating the AI into responding with malicious URLs.
  • Threat actors are exploiting public cloud outages (e.g., AWS) to launch themed phishing attacks against affected users.
  • Researchers demonstrated that poisoning large language models (LLMs) can be achieved with as few as 250 documents, significantly lowering the barrier for AI model manipulation.
  • Data sprawl and the prevalence of hardcoded credentials, access tokens, and API keys are increasing the risk of data breaches due to over-privileged secrets.
  • Burp Suite’s new agentic Burp AI capabilities were tested for automated vulnerability discovery, showing notable effectiveness in identifying web application flaws.
  • Meta introduced new anti-scam tools for WhatsApp and Messenger to enhance user protection against scams.
  • Over 100 Chrome extensions are circumventing anti-spam controls on WhatsApp Web, indicating ongoing abuse of browser platforms for message automation.
  • Supply chain attacks continue to target package managers, as evidenced by the malicious Nethereum NuGet package.
  • Pwn2Own Ireland 2025 saw researchers exploit 90 previously unknown vulnerabilities across two days, earning over $1.3 million in rewards, highlighting the ongoing discovery of zero-days in widely used devices and platforms.

Regulatory or Policy Developments

  • Canada fined Cryptomus, a digital payments platform, $176 million for facilitating transactions with Russian cryptocurrency exchanges and cybercrime-linked websites.
  • WhatsApp secured a permanent ban on NSO Group after a six-year legal battle, with NSO ordered to pay $4 million in damages and prohibited from reverse-engineering WhatsApp or creating new accounts.
  • Russia is increasing enforcement actions against domestic hackers, reassessing its approach to providing safe haven in response to Western law enforcement pressure.