Major Incidents or Breaches

  • Toys ‘R’ Us Canada experienced a data breach resulting in customer information, including names, addresses, phone numbers, and email addresses, being leaked and published on the dark web.
  • A major AWS outage occurred this week due to a significant DNS failure, impacting multiple websites and online services.
  • A large-scale malicious network on YouTube has been identified, with over 3,000 videos used as malware delivery traps, leveraging trusted platforms for distribution.
  • Multiple fraudulent domains and fake applications have targeted users of the newly launched Perplexity Comet browser.
  • LastPass customers are being targeted by a phishing campaign involving fake death claims to illicitly access password vaults via legacy inheritance processes.

Newly Discovered Vulnerabilities

  • Microsoft released out-of-band patches for a critical Windows Server Update Services (WSUS) vulnerability (CVE-2025-59287). This flaw allows remote, unauthenticated code execution and is under active exploitation, with public proof-of-concept exploit code available.
  • WordPress websites using outdated GutenKit and Hunk Companion plugins are being targeted in a mass exploitation campaign, with attackers leveraging old, critical vulnerabilities to achieve remote code execution.

Notable Threat Actor Activity

  • The Smishing Triad group has been linked to over 194,000 malicious domains used in a global smishing campaign since January 2024, targeting a wide range of services.
  • APT36, a Pakistan-linked threat actor, has been observed targeting Indian government entities using spear-phishing emails to deliver Golang-based DeskRAT malware.
  • North Korean Lazarus Group has targeted European drone technology companies using fake job offers in order to steal sensitive information.
  • The Everest group has claimed responsibility for a cyberattack on Collins Aerospace.
  • Gamers are being targeted with red teaming tools and remote access trojans (RATs) in ongoing campaigns.

Trends, Tools, or Tactics of Interest

  • Phishing campaigns are increasingly impersonating trusted brands and services, including Google Careers recruiters and LastPass, to target job seekers and password management users.
  • Large-scale abuse of trusted platforms such as YouTube is being used for widespread malware distribution.
  • Attackers are rapidly exploiting newly disclosed vulnerabilities, particularly in widely used software such as Microsoft WSUS and WordPress plugins.
  • There is a reported increase in cyberattacks against financially constrained US government agencies during periods of shutdown and resource reduction.
  • Microsoft has disabled downloaded file previews in Windows to prevent NTLM hash leaks via HTML tags referencing external paths.
  • Shadow Escape and other red teaming tools are being used in active campaigns targeting specific user groups, including gamers.

Regulatory or Policy Developments Affecting the Security Industry

  • Mozilla will require, starting next month, that Firefox extension developers disclose whether their add-ons collect or share user data with third parties.
  • CISA layoffs in the US are reducing federal cybersecurity resources, prompting calls for enterprises to strengthen their own cyber defences.
  • The US Department of Homeland Security is soliciting proposals for AI-powered surveillance trucks to enhance border monitoring capabilities.