Major Incidents or Breaches

  • Gainsight has expanded its list of impacted customers following a recent security alert from Salesforce, indicating the breach affected more customers than initially disclosed.
  • Multiple London councils, including the Royal Borough of Kensington and Chelsea and Westminster City Council, have experienced IT service disruptions due to a cyberattack.
  • Comcast will pay a $1.5 million fine after a vendor data breach in February 2024 exposed the personal information of nearly 275,000 customers.
  • Dartmouth College confirmed a data breach resulting from an Oracle hack, with over 226 GB of files stolen and leaked.
  • The OnSolve CodeRED emergency alert platform in the US was disrupted by a ransomware attack from the Inc Ransom group, resulting in operational impact and data breach.
  • Thousands of secrets, including credentials and private keys, were leaked by users of JSONFormatter and CodeBeautify code formatting platforms.
  • A major sportswear company was targeted by a high-volume phishing campaign between 29 and 30 October 2025, as detected by KnowBe4 analysts.

Newly Discovered Vulnerabilities

  • ASUS released firmware updates to address nine security vulnerabilities in AiCloud routers, including a critical authentication bypass flaw.
  • The ’node-forge’ JavaScript cryptography library patched a vulnerability that allowed attackers to bypass signature verification with specially crafted data.
  • A new malicious Chrome extension was discovered that injects hidden Solana transfer fees into Raydium swaps, diverting funds to attacker-controlled wallets.
  • Microsoft warned that FIDO2 security keys may prompt users for a PIN after recent Windows updates since September 2025.
  • Microsoft announced plans to secure Entra ID sign-ins from external script injection attacks, with implementation set for mid-to-late October 2026.

Notable Threat Actor Activity

  • The Shai-Hulud v2 supply chain attack has spread from npm to Maven, compromising over 830 npm packages and exposing thousands of secrets.
  • Qilin ransomware was deployed in a sophisticated supply chain attack targeting a South Korean managed service provider, resulting in data theft from 28 financial sector victims.
  • The RomCom threat group used SocGholish fake update attacks to deliver Mythic Agent malware to a US-based civil engineering company.
  • A new Mirai-based botnet, ShadowV2, has been observed exploiting known vulnerabilities in IoT devices from D-Link, TP-Link, and others, using the recent AWS outage as a test event.
  • Scammers are using fake LinkedIn job postings and video updates to distribute Flexible Ferret malware to Mac users, enabling multi-stage data theft and long-term access.
  • The “Scattered LAPSUS$ Hunters” group continued data theft and mass extortion campaigns against major corporations.
  • Cybercriminals have increasingly targeted financial institutions and individuals with account takeover fraud, causing $262 million in losses in 2025, according to the FBI.

Trends, Tools, or Tactics of Interest

  • NTLM relay and credential forwarding attacks continue to be exploited, with new vulnerabilities and abuse techniques identified in 2025.
  • The EMEA finance and banking sector faces escalating cybersecurity challenges, with increased targeting and advanced threats.
  • Advanced digital fraud attacks surged 180% in 2025, with generative AI used for creating deepfakes, synthetic IDs, and autonomous bots.
  • Attackers are integrating large language models (LLMs) into malware to evade detection and augment code in real time.
  • “Dark LLMs” are facilitating more competent attacks by low-level cybercriminals, though with limited technical sophistication.
  • Prompt injection vulnerabilities are a growing concern for agentic AI-enabled browsers, such as ChatGPT’s Atlas Browser.
  • Over half of surveyed enterprises are uncertain about their ability to secure non-human identities (NHIs), highlighting a gap in identity security controls.
  • Increased use of community-maintained tools (e.g., Chocolatey, Winget) for patching and updates presents both opportunities and risks for IT teams.

Regulatory or Policy Developments Affecting the Security Industry

  • The UK government has introduced a new Cyber Security and Resilience Bill, setting out enhanced requirements for critical infrastructure organisations.