Today’s threat landscape is highlighted by a detailed Mandiant report on the sophisticated espionage tactics of the Iran-nexus group UNC1549 targeting the aerospace sector. This is coupled with a record-breaking 15 Tbps DDoS attack that targeted Microsoft’s Azure infrastructure, demonstrating a massive escalation in botnet capabilities. We are also tracking several significant data breaches, including incidents at Logitech, DoorDash, and the Pennsylvania Attorney General’s office, alongside actively exploited vulnerabilities in Fortinet and XWiki.
Top 5 Critical Security Alerts
- Frontline Intelligence: Analysis of UNC1549 TTPs, Custom Tools, and Malware Targeting the Aerospace and Defense Ecosystem : Mandiant provides a deep-dive analysis of the sophisticated TTPs used by Iran-nexus threat group UNC1549, including custom backdoors and exploiting trusted relationships to target the aerospace and defense industries. Read more
- Microsoft: Azure hit by 15 Tbps DDoS attack using 500,000 IP addresses : Microsoft reports its Azure cloud platform was targeted by a massive 15.72 Tbps DDoS attack from the Aisuru botnet, which leveraged over 500,000 IP addresses. Read more
- Critical Fortinet FortiWeb WAF Bug Exploited in the Wild — A critical vulnerability in Fortinet’s FortiWeb Web Application Firewall (WAF) is being actively exploited, potentially allowing unauthenticated attackers to execute remote administrative commands. Read more
- RondoDox botnet malware now hacks servers using XWiki flaw — The RondoDox botnet is now exploiting a critical remote code execution (RCE) vulnerability in the XWiki Platform, tracked as CVE-2025-24893, to compromise servers. Read more
- Pennsylvania attorney general says SSNs stolen during August ransomware attack : Officials in Pennsylvania confirmed that a ransomware attack in August on the attorney general’s office resulted in the theft of sensitive data, including Social Security numbers and medical information. Read more
Threat Intelligence
- 5 plead guilty to laptop farm and ID theft scheme to land North Koreans US IT jobs — Five individuals admitted to running a sophisticated fraud scheme that used stolen US identities and ‘laptop farms’ to help North Korean IT workers secure remote jobs at American companies. Read more
Security Breaches & Incidents
- Logitech discloses data breach after Clop claims : Following a claim by the Clop cybercrime group, Logitech has disclosed a data breach, which reportedly stemmed from a zero-day vulnerability in Oracle’s E-Business Suite tool. Read more
- DoorDash confirms data breach impacting users’ phone numbers and physical addresses : The delivery service DoorDash announced a data breach that exposed customer, delivery worker, and merchant phone numbers and physical addresses. Read more
- Princeton University discloses data breach affecting donors, alumni : Princeton University has revealed a cyberattack on a database containing the personal information of its alumni, donors, faculty, and students. Read more
- Surveillance tech provider Protei was hacked, its data stolen, and its website defaced : Russian surveillance tech company Protei, which sells web intercept and surveillance products, was hacked, leading to data theft and a website defacement. Read more
- Eurofiber France warns of breach after hacker tries to sell customer data : Eurofiber France has disclosed a data breach after an attacker exploited a vulnerability in its ticket management system and attempted to sell the exfiltrated customer data. Read more
Security Tools & Best Practices
- Malicious NPM packages abuse Adspect redirects to evade security : Researchers have identified seven malicious packages on the npm registry that use the Adspect cloaking service to hide their malicious nature from security tools and researchers. Read more
- Dutch police seizes 250 servers used by “bulletproof hosting” service : In a major blow to cybercrime infrastructure, Dutch police have seized around 250 servers from a ‘bulletproof hosting’ service that provided anonymous infrastructure for criminal operations. Read more
- DoorDash email spoofing vulnerability sparks messy disclosure dispute : A now-patched vulnerability in DoorDash’s systems could have allowed attackers to send phishing emails from the company’s official servers, with a dispute arising over the disclosure process. Read more
Emerging Security Technologies
- MCP AI agent security startup Runlayer launches with 8 unicorns, $11M from Khosla’s Keith Rabois and Felicis : New startup Runlayer has launched with $11 million in funding to address the growing need for securing AI agents used within business environments. Read more
- The State of AI: How war will be changed forever : A collaborative piece from the Financial Times and MIT Technology Review explores the profound impact of generative AI on the future of warfare and global power dynamics. Read more
