Major Incidents or Breaches

  • Logitech confirmed a data breach following an attack by the Clop extortion group, which targeted Oracle E-Business Suite systems and resulted in data theft.
  • Checkout.com disclosed a breach of a legacy cloud storage system by the ShinyHunters threat group, which is now attempting to extort the company. The breach did not impact payment processing systems.
  • The Washington Post reported that nearly 10,000 employees were affected by a data breach linked to the Oracle hack, with attackers attempting extortion after stealing personal information.

Newly Discovered Vulnerabilities

  • Fortinet FortiWeb web application firewall is affected by a critical authentication bypass vulnerability (zero-day), which has been actively exploited in the wild to create admin accounts and compromise systems. Fortinet has issued a silent patch, and CISA has added the bug to its Known Exploited Vulnerabilities (KEV) catalog.
  • ASUS released firmware updates to address a critical authentication bypass flaw in several DSL series routers.
  • Researchers identified a vulnerability in ImunifyAV (part of Imunify360), allowing arbitrary code execution via malicious file uploads on shared servers, potentially exposing millions of websites.
  • Critical remote code execution vulnerabilities were discovered in AI inference engines from Meta, Nvidia, Microsoft, and others.
  • A macOS vulnerability was noted in industry roundups, though no further technical detail was provided.

Notable Threat Actor Activity

  • North Korean threat actors (linked to the Contagious Interview campaign) are now using JSON storage services to stage and deliver malware payloads as part of updated tactics.
  • The Iranian state-sponsored group APT42 launched a new espionage campaign, “SpearSpecter,” targeting individuals and organizations connected to the Islamic Revolutionary Guard Corps (IRGC), particularly in defense and government sectors.
  • Chinese state-sponsored actors leveraged Anthropic’s Claude AI to automate cyber-espionage operations against around 30 organizations worldwide. The campaign was described as highly sophisticated and largely automated via AI tools.
  • The Akira ransomware group has continued targeting critical organizations, including exploiting SonicWall vulnerabilities and encrypting Nutanix Acropolis Hypervisor (AHV) VM disk files. Akira ransomware operations have netted $244 million in proceeds.
  • Clop extortion group was responsible for the recent breaches at Logitech and The Washington Post (via Oracle E-Business Suite).
  • ShinyHunters were behind the Checkout.com extortion attempt following their breach of a legacy cloud storage system.
  • A financially motivated actor published 150,000 malicious packages to the NPM registry in an automated, self-replicating token farming campaign targeting the tea.xyz protocol.

Trends, Tools, or Tactics of Interest

  • Ransomware ecosystem fragmentation is at an all-time high, with 85 active ransomware and extortion groups observed in Q3 2025 and 1,590 victims disclosed on leak sites.
  • Malware-as-a-service continues to evolve, with the emergence of “Fantasy Hub,” a new platform enabling unskilled actors to deploy Android banking Trojans.
  • Increased use of AI by both attackers (e.g., Chinese espionage leveraging Anthropic’s Claude AI) and defenders (e.g., Burp AI supporting penetration testers).
  • Attackers are exploiting social engineering via fake job interviews to deliver malware.
  • Security researchers released new tools and datasets to bolster macOS malware analysis, addressing a historical lack of focus on Apple platforms.
  • Hardened container initiatives are underway to reduce vulnerabilities introduced by overly broad container builds.
  • Identity governance innovations are being developed to address the proliferation of enterprise applications and improve integration coverage.

Regulatory or Policy Developments Affecting the Security Industry

  • The U.S. Department of Justice announced the creation of a new strike force to disrupt Chinese cryptocurrency scam networks, which defraud Americans of nearly $10 billion annually. The DOJ is also targeting supporting infrastructure, such as satellite internet systems used at scam compounds.
  • Five individuals pleaded guilty in the U.S. to assisting North Korean IT worker fraud and cryptocurrency theft schemes.
  • The Pentagon unveiled “CYBERCOM 2.0,” a plan to address cyber talent shortages and build a force capable of countering major threats, including those from China.
  • Google reversed course on new Android developer registration rules, now allowing for limited app distribution accounts and user privacy controls.