Major Incidents or Breaches

  • The University of Sydney suffered a data breach after attackers accessed an online coding repository, resulting in the theft of files containing personal information of staff and students.
  • The Richmond Behavioral Health Authority (Virginia, US) experienced a ransomware attack, with threat actors stealing names, Social Security numbers, and financial and health information of 113,000 individuals.
  • French authorities arrested two crew members from an Italian passenger ferry for allegedly installing malware enabling remote control of the vessel. France’s counterespionage agency is investigating the incident as suspected foreign interference.
  • The US Department of Justice seized the E-Note cryptocurrency exchange, which was allegedly used to launder over $70 million in ransomware payments.

Newly Discovered Vulnerabilities

  • Hewlett Packard Enterprise (HPE) patched a critical vulnerability (CVE-2025-37164, CVSS 10.0) in OneView software allowing unauthenticated remote code execution.
  • SonicWall SMA1000 devices were found to be vulnerable to a zero-day flaw that has been exploited in the wild. Attackers chained this with a previously disclosed critical vulnerability to achieve remote code execution. SonicWall has released a patch.
  • A UEFI vulnerability affecting ASRock, Asus, Gigabyte, and MSI motherboards allows early-boot DMA attacks, exposing systems to compromise before the operating system loads.
  • CISA issued a warning regarding CVE-2025-59374, a supply chain backdoor in Asus Live Update, which has been exploited in the wild.
  • Microsoft confirmed that recent Windows updates have caused issues with Azure Virtual Desktop RemoteApp sessions and broke Message Queuing (MSMQ) functionality in Windows 11 and 10.
  • Automated password spraying attacks are targeting Cisco SSL VPN and Palo Alto Networks GlobalProtect VPN gateways.
  • A Chrome extension marketed for privacy was found to collect and exfiltrate users’ AI chat data after installation.

Notable Threat Actor Activity

  • The China-aligned APT group LongNosedGoblin was identified targeting governmental entities in Southeast Asia and Japan, using Windows Group Policy to deploy espionage malware across networks.
  • North Korea-linked threat actors, including Kimsuky, were responsible for at least $2.02 billion in global cryptocurrency theft in 2025. Kimsuky has also been observed distributing a new Android malware variant, DocSwap, via QR phishing campaigns impersonating Seoul-based delivery apps.
  • The Clop ransomware group is targeting Gladinet CentreStack file servers exposed to the internet, conducting data theft and extortion operations.
  • The Iranian APT group “Prince of Persia,” previously considered dormant, has been confirmed active, employing advanced operational security and cryptographic C2 communications to spy on dissidents.
  • WhatsApp account hijacking attacks using “GhostPairing” are ongoing, where attackers trick users into linking their accounts to attacker-controlled browsers via fake login prompts.
  • WeChat phishing attacks are increasing outside China, leveraging the platform’s wide functionality for social engineering.

Trends, Tools, or Tactics of Interest

  • AI-powered deepfake technologies are increasingly accessible, enabling realistic impersonation in video and audio, which is being leveraged for fraud and social engineering.
  • Ultra-realistic AI face-swapping platforms, such as “Haotian”, are being used to facilitate romance scams, with live video face swaps making detection difficult.
  • Attackers are refining credential-based attacks, evidenced by new password spraying campaigns against major VPN gateways.
  • There is a trend of exploiting supply chain vulnerabilities, as seen with the Asus Live Update backdoor.
  • The adoption of AI copilots and agents in SaaS applications is rising, increasing the attack surface and driving demand for dynamic AI-SaaS security measures.

Regulatory or Policy Developments Affecting the Security Industry

  • NIS2 compliance is placing increased emphasis on strong identity and access controls, with weak passwords and inadequate multi-factor authentication now considered compliance risks.
  • The US Immigration and Customs Enforcement (ICE) agency is seeking to expand its cybersecurity capabilities for enhanced internal monitoring and investigation of employees, reflecting a broader trend of increased internal surveillance in government agencies.