Major Incidents or Breaches

  • The Pennsylvania Attorney General’s office confirmed a data breach following a ransomware attack by the Inc Ransom group, which claims to have stolen several terabytes of data.
  • Princeton University disclosed a data breach affecting alumni, donors, faculty, students, and parents, with hackers accessing a database containing personal information.
  • Eurofiber France suffered a breach where a threat actor exploited a vulnerability, exfiltrated data, and attempted extortion.
  • French social security agency Pajemploi reported a data breach potentially exposing the personal information of 1.2 million individuals.
  • DoorDash disclosed a data breach involving theft of customer names and addresses.
  • A simple flaw in WhatsApp’s contact discovery tool exposed up to 3.5 billion phone numbers, along with profile photos and other data, by allowing mass enumeration.
  • Cloudflare experienced a global outage affecting multiple major online services, though it was confirmed not to be caused by a cyberattack.

Newly Discovered Vulnerabilities

  • Fortinet released patches for a new FortiWeb zero-day vulnerability (CVE-2025-58034, CVSS 6.7) that is being actively exploited in the wild.
  • Google released an emergency update to address a new Chrome zero-day vulnerability under active exploitation, marking the seventh Chrome zero-day exploited this year.
  • Researchers identified that exposed Ray clusters are being hijacked via an old code execution flaw in a campaign dubbed ShadowRay 2.0, converting them into a cryptomining botnet.
  • IoT devices remain susceptible to takeover via gaps in cloud management interfaces for firewalls and routers, even if protected by security software or not directly online.

Notable Threat Actor Activity

  • Iranian-linked threat actors, including UNC1549, have been observed targeting aerospace and defense sectors in the US, Israel, UAE, Qatar, Spain, and Saudi Arabia, deploying backdoors such as TWOSTROKE and DEEPROOT.
  • The Inc Ransom group claimed responsibility for the ransomware attack and data breach at the Pennsylvania Attorney General’s office.
  • A new phishing kit is impersonating the Italian IT provider Aruba, targeting Italian entities to steal credentials.
  • MI5 warned UK lawmakers that Chinese intelligence operatives are using LinkedIn for large-scale outreach and espionage efforts.
  • Seven malicious npm packages were discovered using Adspect cloaking to differentiate between security researchers and real victims, redirecting the latter to cryptocurrency scam pages.

Trends, Tools, or Tactics of Interest

  • Phishing-as-a-Service (PhaaS) kit Sneaky 2FA has added Browser-in-the-Browser (BitB) pop-up functionality to better mimic legitimate login processes and bypass 2FA.
  • The Tycoon 2FA phishing platform has enabled real-time MFA relays, supporting over 64,000 attacks this year, highlighting the ongoing collapse of legacy MFA when targeted by advanced phishing kits.
  • Tuoni C2, a nascent command-and-control and red teaming framework, was used in a recent attempted cyber intrusion targeting a major US real-estate company.
  • Microsoft mitigated a record-breaking 15.72 Tbps DDoS attack against an endpoint in Australia, attributed to the AISURU botnet.
  • Enterprises are increasingly leveraging dark web search engines for credential leak monitoring, impersonation detection, and supply chain exposure analysis using APIs and IOC hunting.
  • Bug bounty programs continue to rise as a key strategic security solution, with Meta alone paying out $4 million in 2025 and launching new tools to support security research on WhatsApp.
  • Microsoft announced native integration of Sysmon into Windows 11 and Server 2025, eliminating the need for standalone deployment.
  • New Windows 11 features, Cloud Rebuild and Point-in-Time Restore, aim to streamline system recovery and reduce downtime.
  • Microsoft Teams will soon allow users to report messages incorrectly flagged as threats, refining threat detection accuracy.
  • Thunderbird 145 now supports native connectivity to Microsoft Exchange via EWS protocol.

Regulatory or Policy Developments Affecting the Security Industry

  • MI5 issued a formal warning to UK lawmakers regarding ongoing Chinese espionage campaigns leveraging professional networking platforms.