Major Incidents or Breaches

  • Toys “R” Us Canada has notified customers of a data breach involving leaked customer records previously stolen from its systems.
  • Collin’s Aerospace suffered a cyberattack impacting check-in and passenger systems at several European airports in late September 2025, resulting in significant delays and flight cancellations.
  • The Universe Browser, downloaded millions of times, has been identified as behaving like malware, with links to Asian cybercrime and illegal gambling networks.
  • Jingle Thief, a cybercriminal group, has been observed exploiting cloud infrastructure in the retail and consumer services sectors to steal millions in gift cards.
  • WIRED reported that hacked Deckmate 2 card shufflers enabled a mob-related poker scam that resulted in millions of dollars in losses.

Newly Discovered Vulnerabilities

  • Microsoft released emergency out-of-band patches for a critical Windows Server Update Service (WSUS) remote code execution flaw, which has publicly available proof-of-concept exploit code.
  • CISA and researchers reported active exploitation of a critical zero-day vulnerability in Motex Lanscope Endpoint Manager, prompting inclusion in CISA’s Known Exploited Vulnerabilities (KEV) catalog.
  • A critical vulnerability (CVE-2025-54236, “SessionReaper”) in Adobe Commerce (Magento) is being actively exploited to hijack user sessions on e-commerce platforms, affecting thousands of online stores.
  • BIND released security updates addressing high-severity cache poisoning vulnerabilities, which could allow attackers to predict source ports and query IDs and inject forged DNS records.
  • Microsoft has disabled File Explorer’s preview pane for downloaded files to mitigate NTLM credential theft attacks via malicious documents.
  • OpenAI’s Atlas and Perplexity’s Comet browsers are vulnerable to sidebar spoofing attacks, allowing malicious extensions to impersonate AI sidebar interfaces and mislead users.

Notable Threat Actor Activity

  • North Korean Lazarus Group targeted at least three European defense companies with Operation DreamJob, leveraging fake job offers to compromise systems and steal drone-related intellectual property.
  • Russian government involvement with cybercrime groups has shifted from passive tolerance to active management, according to recent security firm analysis.
  • The “Smishing Triad,” a Chinese cybercriminal group, has shifted tactics to lower-frequency, higher-impact government impersonation SMS phishing attacks.
  • Researchers identified a new infostealer targeting Android devices, as part of an ongoing expansion in the infostealer threat landscape.
  • YouTube continues to be leveraged by threat actors as a malware distribution network, with evolving tactics for wider reach.

Trends, Tools, or Tactics of Interest

  • A phishing campaign is impersonating password managers (LastPass and Bitwarden) with fake breach notifications to steal credentials.
  • Phishing emails targeting cloud accounts, often in French and English, have been observed, warning recipients about purported payment issues to lure credentials.
  • Enterprises are increasingly abandoning static secrets in favour of managed identities to address risks associated with machine identities in cloud environments.
  • The Verizon 2025 Mobile Security Index reports that 85% of organizations believe mobile device attacks are increasing, with AI-powered threats raising particular concern.
  • AI sidebar spoofing, where browser extensions imitate trusted AI interfaces, is an emerging attack vector against users of AI-enabled browsers.
  • Zero Trust models are facing challenges in governing AI agents, with new blind spots emerging as AI agents gain broader access and autonomy.
  • Security researchers at Pwn2Own Ireland 2025 exploited 73 zero-day vulnerabilities, earning over $1 million in rewards, highlighting the ongoing prevalence of unknown flaws in widely used software.
  • Meta has enhanced scam protection features on WhatsApp and Messenger, as part of efforts to combat impersonation and fraud, following the removal of over 21,000 fake customer support pages from Facebook.
  • AI coding tools are introducing security risks by generating functional but flawed code, prompting calls for embedding security checks directly into AI development workflows.

Regulatory or Policy Developments Affecting the Security Industry

  • The UK Competition and Markets Authority (CMA) is considering measures that may require Apple to allow rival app stores on iPhones, challenging its current “walled garden” approach.
  • A $14 billion cryptocurrency seizure by US authorities signals increased regulatory scrutiny on the use of cryptocurrencies by cybercrime syndicates.
  • HP withdrew a software update for Windows 11 AI PCs after it caused the deletion of Microsoft certificates necessary for Entra ID authentication, disrupting organizational access.