Major Incidents or Breaches

  • The U.S. Congressional Budget Office confirmed it was hacked, with potential exposure of sensitive government data.
  • Multiple Russian state-sponsored groups expanded destructive cyberattacks against Ukrainian entities, now targeting the grain sector and associated European organisations.
  • 18 individuals were arrested in connection with international credit card fraud rings, responsible for defrauding 4.3 million cardholders in 193 countries of approximately €300 million between 2016 and 2021.

Newly Discovered Vulnerabilities

  • QNAP patched seven zero-day vulnerabilities in its NAS devices, which were exploited during the Pwn2Own Ireland 2025 competition.
  • Samsung Galaxy Android devices were affected by a now-patched zero-day vulnerability (CVE-2025-21042) in the image processing library, exploited via malicious WhatsApp images to deliver the LANDFALL spyware.
  • Cisco reported that two previously exploited zero-day vulnerabilities in ASA and FTD firewalls are now being actively abused to trigger denial-of-service (reboot loop) conditions.
  • Google released Chrome 142, addressing a high-severity out-of-bounds write vulnerability in WebGPU (CVE-2025-12725) that could permit remote code execution.
  • The Keras deep learning tool was found to contain a data exposure vulnerability (CVE-2025-12058), allowing arbitrary file loading and server-side request forgery (SSRF) attacks.
  • Security researchers identified vulnerabilities in AI infrastructure products Ollama and Nvidia, including one that enables remote code execution.

Notable Threat Actor Activity

  • A China-linked threat actor targeted a U.S. non-profit using legacy vulnerabilities such as Log4j and IIS for long-term espionage and persistence, as part of broader campaigns against U.S. entities.
  • The LANDFALL Android spyware was deployed in targeted attacks against Samsung Galaxy users in the Middle East, exploiting a zero-day to access device cameras, microphones, location, and data.
  • Russian state-sponsored groups escalated cyber operations against Ukraine and its European partners, focusing on destructive attacks in the grain sector.
  • AI-fueled phishing attacks are surging in Africa, with Microsoft and Group-IB reporting increased sophistication and volume.
  • Malicious apps impersonating AI tools like ChatGPT and DALL-E are being distributed to deliver malware on mobile devices.
  • A phishing campaign is using invisible hyphens and other invisible Unicode characters in emails to evade security filters.
  • The Gootloader malware campaign has resurfaced, continuing to target organisations globally.

Trends, Tools, or Tactics of Interest

  • Malicious NuGet packages were discovered with hidden logic bombs set to detonate in 2027 and 2028, designed to sabotage databases and Siemens S7 industrial control systems via time-delayed payloads.
  • Visual Studio Code extensions with ransomware-like features, including data encryption and exfiltration, were published openly, with evidence of AI-generated code.
  • ClickFix phishing campaigns are evolving, now including embedded tutorial videos and tailored prompts for macOS users to increase infection success rates.
  • Fake CAPTCHA sites are using instructional videos to guide victims through malware installation.
  • ID verification laws are driving organisations to store large volumes of sensitive data, increasing the risk and impact of breaches.
  • AI security agents and synthetic personas are being introduced for security operations centres, raising new governance and risk considerations.
  • AI agents are being mismanaged due to the misapplication of human identity frameworks, potentially leading to high-speed automated incidents.

Regulatory or Policy Developments Affecting the Security Industry

  • Google’s $32 billion acquisition of Wiz has cleared DOJ antitrust review, pending further regulatory approvals.
  • Google launched a new feature on Google Maps allowing businesses to report extortion attempts involving fake negative reviews.
  • Germany is taking measures against the use of Huawei technology in critical national infrastructure, with additional operational technology security guidance following an F5 hack.
  • Microsoft announced a partnership with UAE-based G42 to build a 5-gigawatt AI campus, prompting security concerns regarding data handling and geopolitical implications.