Major Incidents or Breaches

  • A hacker has claimed responsibility for breaching the University of Pennsylvania, stating that data on 1.2 million donors was exposed. The breach was more extensive than initially reported and follows a prior incident where the university sent out a “We got hacked” email.

Newly Discovered Vulnerabilities

  • Check Point Research identified three security vulnerabilities in the Windows Graphics Device Interface (GDI) that could lead to remote code execution and memory exposure. These issues were reported to Microsoft and have been addressed.
  • Increased scanning activity has been observed on TCP ports 8530 and 8531, which is likely related to the recently disclosed WSUS vulnerability CVE-2025-59287.

Notable Threat Actor Activity

  • Open VSX registry access tokens were accidentally leaked in public repositories, enabling threat actors to publish malicious extensions as part of a supply-chain attack. The registry rotated the affected tokens in response.
  • A Ukrainian national, alleged to be the coder “MrICQ” behind Jabber Zeus, has been arrested in Italy and is now in U.S. custody. He was previously indicted for conspiring with a hacking group responsible for stealing tens of millions of dollars from U.S. businesses.

Trends, Tools, or Tactics of Interest

  • The supply-chain attack on Open VSX demonstrates ongoing threat actor interest in exploiting development infrastructure and public repositories to distribute malicious code.
  • The observed scanning for WSUS-related ports indicates active reconnaissance for exploitation opportunities following the disclosure of CVE-2025-59287.