Major Incidents or Breaches

  • Dentsu Data Breach: Japanese advertising giant Dentsu disclosed a cybersecurity incident at its U.S. subsidiary Merkle, resulting in the exposure of staff and client data.
  • Oracle EBS Attacks: Numerous organizations, including Schneider Electric and Emerson, have been identified as victims of attacks exploiting Oracle E-Business Suite zero-day CVE-2025-61882. Data stolen from these companies has been made available on the Cl0p ransomware leak site.
  • Swedish Power Grid Incident: Hackers targeted a Swedish power grid operator, stealing information from a file transfer solution. The country’s power supply was not affected.
  • 183 Million Credentials Traded: Cybercriminals are trading 183 million stolen credentials on Telegram and dark web forums, with 16.4 million email addresses not previously seen in data breaches.

Newly Discovered Vulnerabilities

  • TEE.Fail Side-Channel Attack: Academic researchers disclosed TEE.Fail, a side-channel attack enabling extraction of secrets from trusted execution environments in Intel, AMD, and NVIDIA CPUs, undermining confidential computing.
  • QNAP NetBak PC Agent Vulnerability: The software is affected by a recent critical ASP.NET Core flaw that allows HTTP request smuggling, data access, server file modification, or denial-of-service.
  • Dassault Systèmes DELMIA Apriso: CISA warned of two actively exploited vulnerabilities in this manufacturing operations management platform.
  • Chrome Zero-Day: A now-patched Chrome zero-day was exploited to deliver Memento Labs’ LeetAgent spyware.
  • BiDi Swap Phishing Technique: Attackers are abusing bidirectional text to craft fake URLs that appear legitimate, reviving a browser flaw for phishing.
  • Atroposia Malware: A new malware-as-a-service platform, Atroposia, includes a built-in local vulnerability scanner for post-compromise exploitation.

Notable Threat Actor Activity

  • BlueNoroff (North Korea): The BlueNoroff APT group is running twin campaigns (GhostCall and GhostHire) targeting Web3 and blockchain sectors with cross-platform malware, using fake business collaboration and job recruitment lures.
  • Qilin Ransomware: The Qilin operation is abusing Windows Subsystem for Linux (WSL) to run Linux encryptors on Windows systems, evading traditional security tools.
  • Herodotus Android Trojan: A new banking trojan, Herodotus, is targeting Italy and Brazil, using random delay injection to mimic human typing and bypass anti-fraud and security detection mechanisms.
  • Aisuru Botnet: The Aisuru botnet, previously responsible for massive Mirai-class DDoS attacks exceeding 20 Tbps, has shifted to operating as a residential proxy network for more sustainable monetization.
  • YouTube Ghost Network: This malware operation leverages compromised YouTube accounts and botnets to distribute infostealers, with activity tripling in 2025.

Trends, Tools, or Tactics of Interest

  • AI-Powered Attacks in Africa: Cybersecurity firms report a surge in AI-driven phishing, deepfakes, and impersonation attacks across Africa, with adversaries testing new techniques on government and enterprise targets.
  • Deepfake-as-a-Service: The emergence of voice cloning and synthetic media fraud services is impacting enterprise security, with documented cases of business compromise and evolving detection tactics.
  • Invisible Characters in Phishing: Attackers are using invisible characters in email subject lines to bypass detection and trick recipients.
  • Grok Abuse for Phishing: Attackers are exploiting the Grok platform to distribute phishing links.
  • Surge in Credential Theft: Large-scale credential theft and trading continues unabated, with significant numbers of newly compromised emails.
  • Chrome HTTP Warnings: Google Chrome will begin warning users before connecting to insecure HTTP sites starting with version 154 in October 2026.

Regulatory or Policy Developments

  • UN Cybercrime Convention: Around 70 countries have signed a new UN cybercrime convention, though concerns have been raised about expanded surveillance and potential criminalization of security research.
  • Python Software Foundation Grant Rejection: The PSF withdrew a $1.5 million U.S. National Science Foundation grant proposal due to terms that conflicted with its diversity and inclusion commitments.
  • Microsoft Copilot Lawsuit: The Australian Competition and Consumer Commission (ACCC) has filed suit against Microsoft, alleging the company misled 2.7 million Australians into subscribing to Copilot M365.
  • Windows 11 Security Update: Microsoft released the KB5067036 preview update, introducing the Administrator Protection cybersecurity feature for Windows 11 24H2 and 25H2.