Major Incidents or Breaches

  • Asahi Group Holdings, Japan’s largest beer producer, has confirmed that a September cyberattack resulted in a data breach affecting up to 1.9 million individuals. The breach exposed personal information, including names, addresses, phone numbers, and email addresses.

Newly Discovered Vulnerabilities

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2021-26829, a cross-site scripting (XSS) vulnerability in OpenPLC ScadaBR, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw is being actively exploited.

Notable Threat Actor Activity

  • The threat actor Tomiris has shifted tactics in recent campaigns targeting foreign ministries, intergovernmental organizations, and government entities in Russia. Tomiris is now leveraging public-service implants to establish stealthier command-and-control (C2) channels and maintain persistent remote access.