Major Incidents or Breaches

  • A subsidiary of Japanese marketing and PR giant Dentsu (Merkle) experienced a data breach resulting in the theft of sensitive employee, client, and supplier data by unidentified threat actors.
  • The Canadian Centre for Cyber Security reported that hacktivists breached multiple water and energy facilities, gaining access to and modifying industrial controls across Canada.
  • A data leak exposed information about students attending Iran’s Ministry of Intelligence and Security (MOIS) training academy.
  • Microsoft experienced a global DNS outage affecting Azure and Microsoft 365 services, preventing customer logins and access.
  • No evidence was found of a Gmail breach; recent panic was due to circulation of old stolen credentials on the dark web.

Newly Discovered Vulnerabilities

  • The Anti-Malware Security and Brute-Force Firewall WordPress plugin (100,000+ installs) contains a vulnerability allowing site subscribers to read any file on the server, exposing private data.
  • Multiple security flaws in Dassault Systèmes DELMIA Apriso and XWiki are under active exploitation. In DELMIA Apriso, two vulnerabilities can be chained to gain privileged access and execute arbitrary code remotely. XWiki vulnerabilities are being used in cryptocurrency mining operations.
  • A new attack method, TEE.fail, targets DDR5 memory to steal cryptographic keys from Intel and AMD Trusted Execution Environments (TEEs), with both vendors issuing advisories.
  • OpenAI’s Atlas browser and similar agentic web browsers are exposed to context poisoning and prompt injection attacks, enabling attackers to manipulate AI model outputs and privacy.

Notable Threat Actor Activity

  • Russian-origin threat actors targeted Ukrainian organizations using living-off-the-land (LotL) tactics to exfiltrate data and maintain persistent access.
  • The “PhantomRaven” campaign published over 120 malicious npm packages, stealing developer credentials, authentication tokens, CI/CD secrets, and GitHub credentials from Windows, Linux, and macOS systems. Over 86,000 downloads were recorded.
  • Various botnets, including Mirai, Gafgyt, and Mozi, have increased automated attacks against PHP servers, IoT devices, and cloud gateways, exploiting vulnerabilities and misconfigurations to expand their control over internet-connected assets.

Trends, Tools, or Tactics of Interest

  • 76% of organizations report struggling to keep pace with AI-powered attacks, with adversaries increasing sophistication and speed in ransomware and other threats.
  • New AI-targeted cloaking attacks are tricking AI crawlers (e.g., Perplexity, Atlas, ChatGPT) into indexing and citing fabricated information as facts, highlighting susceptibility of AI systems to context poisoning.
  • MITRE released ATT&CK v18, updating detection, mobile, and ICS (Industrial Control Systems) matrices with new defensive techniques and threat mappings.
  • BeyondTrust predicts a rise in attacks leveraging ghost identities, poisoned accounts, and autonomous AI agents, with traditional defenses proving less effective against emerging vectors.
  • Increased use of “invisible” dependencies and multi-layered obfuscation in malicious npm packages to evade detection.
  • Security experts note a sharp increase in cloud-focused attacks by botnets exploiting web-exposed and misconfigured assets.

Regulatory or Policy Developments Affecting the Security Industry

  • Google Chrome will default to HTTPS for public sites starting October 2026, prompting users before allowing access to non-secure connections.
  • Microsoft introduced a security-focused change for Azure VMs, but provided a temporary reprieve after concerns it could disrupt apps requiring public internet access.