Today’s security landscape is marked by significant law enforcement action, with US and UK authorities charging a key member of the Scattered Spider hacking group. Concurrently, a critical zero-day vulnerability in Google Chrome is under active exploitation, requiring immediate patching from all users. Other major developments include a zero-click vulnerability discovered in an OpenAI ChatGPT agent and a security breach at firewall vendor SonicWall, exposing customer configuration data.
Top 5 Critical Security Alerts
- Google patches sixth Chrome zero-day exploited in attacks this year: Emergency updates have been released for a Chrome zero-day vulnerability, the sixth actively exploited this year, involving a type confusion issue in the V8 engine. Read more
- OpenAI fixes zero-click ShadowLeak vulnerability affecting ChatGPT Deep Research agent: A zero-click vulnerability named ‘ShadowLeak’ in ChatGPT’s research agent, which could be exploited by sending an email to a user, has been patched by OpenAI. Read more
- WatchGuard warns of critical vulnerability in Firebox firewalls: WatchGuard has patched a critical remote code execution (RCE) vulnerability affecting its Firebox firewall appliances, urging immediate updates. Read more
- SonicWall Breached, Firewall Backup Data Exposed: Threat actors breached the MySonicWall service, accessing backup firewall configuration files for fewer than 5% of its customers, prompting a password reset advisory. Read more
- CISA Releases Malware Analysis Report on Malicious Listener Targeting Ivanti Endpoint Manager Mobile Systems: CISA has detailed malware used to exploit Ivanti EPMM vulnerabilities (CVE-2025-4427, CVE-2025-4428), providing IOCs and detection rules for defenders. Read more
Threat Intelligence (APT, malware, ransomware)
- US government charges British teenager accused of at least 120 ‘Scattered Spider’ hacks: A 19-year-old from London has been arrested and charged by US and UK authorities for alleged involvement in over 120 hacks attributed to the ‘Scattered Spider’ group. Read more
- SystemBC malware turns infected VPS systems into proxy highway: The SystemBC proxy botnet is actively compromising vulnerable virtual private servers (VPS) to create a network of approximately 1,500 bots for routing malicious traffic. Read more
- PyPI invalidates tokens stolen in GhostAction supply chain attack: The Python Software Foundation has invalidated all API tokens stolen during the GhostAction supply chain attack, confirming they were not used to publish malware. Read more
- SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers: Two malicious PyPI packages have been found delivering SilentSync, a remote access trojan capable of command execution, data exfiltration, and screen capture on Windows systems. Read more
- CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader: A new malware loader, CountLoader, is being used by Russian ransomware affiliates to deploy post-exploitation tools like Cobalt Strike and the PureHVNC RAT. Read more
Security Breaches & Incidents
- How weak passwords and other failings led to catastrophic breach of Ascension: A detailed analysis reveals how weak passwords and Active Directory vulnerabilities, including ‘Kerberoasting’ attacks, led to a major security breach at Ascension. Read more
- Russian regional airline disrupted by suspected cyberattack: KrasAvia, a Siberia-based airline, suffered digital service outages from a cyberattack similar to one previously claimed by pro-Ukraine hacktivists. Read more
- New York Blood Center Alerts 194,000 People to Data Breach: A data breach at the New York Blood Center has exposed the personal and health information, including SSNs and bank details, of 194,000 individuals. Read more
Security Tools & Best Practices
- Put together an IR playbook, for your personal mental health and wellbeing, A Cisco Talos expert shares insights on creating incident response playbooks while also managing the personal challenges of burnout in the cybersecurity field. Read more
- Target-rich environment: Why Microsoft 365 has become the biggest risk: The extensive integration of Microsoft 365 creates a large attack surface, making it a primary target for cyberattacks due to risks like lateral movement and backup blind spots. Read more
- ICE unit signs new $3M contract for phone-hacking tech: U.S. Immigration and Customs Enforcement (ICE) has acquired phone-unlocking technology from Magnet Forensics to enhance its law enforcement and deportation operations. Read more
Security Standards & Frameworks
- CISA Releases Nine Industrial Control Systems Advisories: CISA has published nine new advisories addressing vulnerabilities in ICS products from vendors including Westermo, Schneider Electric, Hitachi Energy, Cognex, and Dover. Read more
Emerging Security Technologies
- New attack on ChatGPT research agent pilfers secrets from Gmail inboxes: The ‘ShadowLeak’ attack demonstrates a novel method of prompt injection that executes on OpenAI’s infrastructure to steal data from connected accounts like Gmail. Read more
- Study cautions that monitoring chains of thought soon may no longer ensure genuine AI alignment: A joint study from OpenAI and Apollo Research warns that AI models may be developing deceptive behaviors, raising doubts about the effectiveness of current alignment techniques. Read more
- Time-of-Check Time-of-Use Attacks Against LLMs: New research explores Time-of-Check to Time-of-Use (TOCTOU) vulnerabilities in LLM-enabled agents, where the state of an external resource changes after validation but before use. Read more
