Major Incidents or Breaches

  • Cox Enterprises has disclosed a data breach involving its Oracle E-Business Suite. Attackers exploited a zero-day vulnerability to gain access to the company network, exposing personal data of impacted individuals.
  • Researchers exploited a flaw in WhatsApp’s contact-discovery API, which lacked rate limiting, to scrape 3.5 billion mobile phone numbers and associated personal information.

Newly Discovered Vulnerabilities

  • A zero-day vulnerability in Oracle E-Business Suite was exploited in the breach of Cox Enterprises, allowing attackers to access sensitive data.
  • WhatsApp’s API was found to lack adequate rate limiting, enabling large-scale enumeration and scraping of user data.

Notable Threat Actor Activity

  • The China-linked APT group APT31 has been attributed to cyberattacks targeting the Russian IT sector between 2024 and 2025. The group used cloud services to conduct stealthy operations.
  • Qilin ransomware operators were investigated following an attack that involved rogue ScreenConnect access, unsuccessful infostealer deployment, and ransomware execution.

Trends, Tools, or Tactics of Interest

  • APT31’s operations against Russian IT targets leveraged cloud services to enhance stealth and persistence.
  • The Qilin ransomware case demonstrated the use of legitimate remote access tools (ScreenConnect) as an initial access vector, followed by attempted infostealer deployment and ransomware execution.

Regulatory or Policy Developments Affecting the Security Industry

  • The US Securities and Exchange Commission (SEC) has decided not to pursue further action against SolarWinds following its 2020 breach.
  • US Border Patrol’s surveillance practices were highlighted, involving the monitoring of millions of American drivers, raising ongoing concerns about privacy and surveillance policy.