Today’s security landscape is dominated by a major ransomware attack on an aviation tech provider, causing widespread disruptions at European airports. This digest also covers a significant data breach at auto giant Stellantis impacting North American customers and a critical CVSS 10.0 vulnerability patched in Microsoft’s Entra ID. Additionally, we are tracking active malware campaigns and new security flaws discovered in popular AI tools. Here is the critical intelligence you need to know.
Top 5 Critical Security Alerts
- Airport disruptions in Europe caused by a ransomware attack: A widespread ransomware attack targeting Collins Aerospace, a provider of airport check-in systems, has caused significant flight delays and disruptions across major European airports like Heathrow. Read more
- Automaker giant Stellantis says customers’ personal data stolen during breach: Stellantis confirmed a significant data breach affecting North American customers after a third-party vendor, reportedly Salesforce, was compromised, potentially exposing millions of records. Read more
- Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants: Microsoft patched a critical (CVSS 10.0) vulnerability in Entra ID (CVE-2025-55241) that could have allowed attackers to impersonate any user, including Global Admins, across any tenant. Read more
- SonicWall Releases Advisory for Customers after Security Incident: Following a brute-force attack on its MySonicWall portal, the company has issued an advisory for customers to check if their cloud backup files were exposed, which could lead to firewall compromise. Read more
- Here’s how potent Atomic credential stealer is finding its way onto Macs: The Atomic (AMOS) credential stealer is actively targeting macOS users by impersonating legitimate software like LastPass, using malvertising and SEO poisoning to distribute the malware. Read more
Threat Intelligence
- Alleged Scattered Spider member turns self in to Las Vegas police: A 17-year-old male allegedly linked to the Scattered Spider hacking group has surrendered to police in connection with the 2023 cyberattacks on Las Vegas casinos. Read more
- Iran-Linked Hackers Target Europe With New Malware: The threat group known as “Nimbus Manticore” has been observed targeting European organizations with improved variants of its flagship malware. Read more
- Russia steps up disinformation efforts to sway Moldova’s parliamentary vote: Russia is reportedly escalating covert influence operations to interfere with Moldova’s upcoming election in an attempt to prevent its alignment with the European Union. Read more
- ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks: A newly identified group, ComicForm, is targeting industrial and financial sectors in Belarus, Kazakhstan, and Russia with the Formbook infostealer malware. Read more
- Unit 221B raises $5M to help track and disrupt today’s top hacking groups: Threat intelligence startup Unit 221B secured $5 million in seed funding to enhance its platform focused on tracking English-speaking youth hacking groups like Scattered Spider and Lapsus$. Read more
Security Breaches & Incidents
- Verified Steam game steals streamer’s cancer treatment donations: A malicious game on Steam called BlockBlasters, which was verified by the platform, was used to deploy a crypto-draining malware, stealing over $150,000 from players. Read more
- American Archive of Public Broadcasting fixes bug exposing restricted media: A vulnerability that allowed the unauthorized download of protected and private media from the American Archive of Public Broadcasting’s website has been quietly patched after existing for years. Read more
Security Tools & Best Practices
- New EDR-Freeze tool uses Windows WER to suspend security software: A new proof-of-concept tool called EDR-Freeze demonstrates a method for evading EDR and other security solutions by leveraging the Windows Error Reporting (WER) system. Read more
- What happens when a cybersecurity company gets phished?: Sophos provides a transparent look at its internal response and defense-in-depth strategy after one of its own employees fell victim to a phishing attack. Read more
- Why attackers are moving beyond email-based phishing attacks: Phishing campaigns are increasingly using social media, chat apps, and malicious ads to steal credentials, shifting the defense focus from email gateways to the browser. Read more
- 15 Years of Zero Trust: Why It Matters More Than Ever: The zero trust security framework continues to be a foundational strategy for modern security operations, especially with the rise of AI-driven attacks and hyperconnectivity. Read more
Security Standards & Frameworks
- Major Cyber Threat Detection Vendors Pull Out of MITRE Evaluations Test: Key vendors including Microsoft, SentinelOne, and Palo Alto have withdrawn from the 2025 MITRE ATT&CK Evaluations, citing concerns over the testing methodology and value. Read more
Emerging Security Technologies
- Notion AI agents get security update after data leak: A vulnerability in Notion 3.0’s new AI agents could be exploited to leak sensitive data by tricking the agent with a malicious PDF, prompting a security update. Read more
- ChatGPT’s Deep Research mode let attackers steal Gmail data with hidden instructions in emails: Security researchers found a serious flaw in ChatGPT’s “Deep Research” mode that allowed attackers to covertly exfiltrate sensitive data from connected Gmail accounts. Read more
- How to Gain Control of AI Agents and Non-Human Identities: This article outlines the growing security challenge of managing and securing thousands of non-human identities, such as service accounts and AI agents, within enterprises. Read more
