Executive Summary Japan and Britain have announced a significant expansion of their cooperation in the fields of cybersecurity and critical minerals, responding to the growing influence of China and the increasing complexity of global supply chains and cyber threats. This report provides a detailed analysis of the technical, strategic, and operational aspects of this partnership, with a focus on the implications for technology, security, and compliance. The collaboration is d

Executive Summary A critical supply chain attack has been identified targeting the Open VSX Registry , a popular repository for Visual Studio Code (VSCode) extensions. Threat actors leveraged a compromised developer account to inject malicious code into legitimate extensions, distributing the advanced GlassWorm malware. This campaign demonstrates a new level of sophistication in software supply chain attacks, with the malware exhibiting self-propagation, credential theft, an

Executive Summary A critical security incident affecting the Notepad++ text editor was identified between June and December 2025, in which the official update mechanism was hijacked to deliver malware to select users. Attackers compromised the shared hosting infrastructure of the Notepad++ website, enabling them to intercept and redirect update requests from targeted users to malicious servers. This allowed the delivery of trojanized installers that could enumerate system a

Executive Summary On January 27, 2026, NationStates , a multiplayer browser-based government simulation game, experienced a confirmed data breach following the exploitation of a critical vulnerability in its application code. The incident was initiated by a long-standing community member and bug reporter who, while testing a newly reported flaw, exceeded authorized boundaries and achieved remote code execution (RCE) on the production server. This unauthorized access resulted

Executive Summary A newly identified Iran-linked threat actor, designated RedKitten , has launched a highly targeted cyber-espionage campaign against human rights NGOs and activists, particularly those involved in documenting or supporting protests and civil unrest in Iran. This campaign, active since late 2025, leverages advanced social engineering, AI-generated malicious macros, and multi-stage malware to infiltrate organizations, exfiltrate sensitive data, and conduct pers

Executive Summary On December 29 and 30, 2025, coordinated cyberattacks targeted over 30 wind and solar farms, a major combined heat and power ( CHP ) plant, and a manufacturing company in Poland. The attacks, detailed by CERT Polska and corroborated by multiple independent sources, were destructive in nature and aimed to disrupt communications and remote control of distributed energy resources ( DERs ). Attackers exploited exposed FortiGate VPN/firewall devices, reused cre

Executive Summary Mandiant , a leading threat intelligence provider under Google Cloud , has uncovered a sophisticated campaign leveraging ShinyHunters-style vishing attacks to compromise multi-factor authentication (MFA) and breach major SaaS platforms . This campaign, attributed to the financially motivated ShinyHunters group and related clusters ( UNC6661 , UNC6671 , and UNC6240 ), employs advanced social engineering, real-time credential harvesting, and MFA bypass techni

Executive Summary Two critical zero-day vulnerabilities have been discovered and are actively exploited in Ivanti Endpoint Manager Mobile (EPMM) , formerly known as MobileIron Core . These vulnerabilities, tracked as CVE-2023-35078 and CVE-2023-35081 , enable unauthenticated remote code execution (RCE) on affected appliances. Both flaws are being leveraged in the wild by threat actors to gain full control over vulnerable systems, with the potential for lateral movement and d

Executive Summary A sophisticated and large-scale Android malware campaign has been identified leveraging the trusted Hugging Face platform to distribute thousands of polymorphic Android malware variants. This campaign, first reported by Bitdefender and widely covered by security media, exploits the public dataset hosting capabilities of Hugging Face to deliver malicious APK payloads. The primary malware, masquerading as a fake security application named TrustBastion , is

Executive Summary A sophisticated supply chain attack has recently compromised the integrity of eScan Antivirus , a flagship product of MicroWorld Technologies . Threat actors successfully infiltrated a regional update server, leveraging it to distribute a maliciously modified version of the reload.exe component to unsuspecting customers. This attack demonstrates the evolving threat landscape, where even trusted security vendors can become unwitting vectors for advanced malw

Executive Summary A critical vulnerability has been identified in the StealC malware’s web-based control panel, specifically a cross-site scripting (XSS) flaw that allowed security researchers to compromise the infrastructure of threat actors operating the malware. By exploiting this bug, researchers were able to collect system fingerprints, monitor live operator sessions, and exfiltrate session cookies directly from the adversaries’ own management interface. This incident n

Executive Summary A critical vulnerability in Fortinet 's FortiSIEM platform, tracked as CVE-2024-23108 , has been actively exploited in the wild, posing a severe risk to organizations relying on this security information and event management solution. The flaw, an unauthenticated command injection in the phMonitor component, allows remote attackers to execute arbitrary commands as the root user, leading to full system compromise. Public proof-of-concept (PoC) exploit code

Executive Summary GootLoader is a highly adaptive malware loader that has recently advanced its evasion capabilities by distributing malicious payloads within 500–1,000 concatenated ZIP archives. This sophisticated technique is engineered to bypass modern security solutions and significantly hinder manual analysis, representing a critical threat to organizations across multiple sectors. The loader is primarily used as an initial access vector, often facilitating the deployme

Executive Summary A newly disclosed critical vulnerability, WhisperPair (CVE-2025-36911), exposes hundreds of millions of Bluetooth audio accessories to remote hijacking, eavesdropping, and location tracking. The flaw resides in the implementation of the Google Fast Pair protocol across a wide range of devices from leading vendors including Sony , Jabra , JBL , Marshall , Xiaomi , Nothing , OnePlus , Soundcore , Logitech , and Google itself. Attackers can exploit this vuln

Executive Summary A critical zero-day remote code execution (RCE) vulnerability in Cisco 's Secure Email Gateway and Secure Email and Web Manager appliances has been actively exploited by a China-linked advanced persistent threat (APT) group. The vulnerability, tracked as CVE-2024-20353 with a CVSS score of 10.0, allows unauthenticated attackers to execute arbitrary commands as root on affected systems. The exploitation campaign leverages the Spam Quarantine feature, whic

Executive Summary A critical security vulnerability has been identified in the WordPress Modular DS plugin, which is actively being exploited to gain unauthorized administrator access to WordPress sites. This flaw, tracked as CVE-2026-23550 with a maximum CVSS score of 10.0, affects all versions of the Modular DS plugin up to and including 2.5.1. The vulnerability allows unauthenticated remote attackers to bypass authentication controls and escalate privileges, resulting i

Executive Summary A highly targeted cyber-espionage campaign has been identified leveraging Venezuela-themed spear phishing to deliver the LOTUSLITE backdoor against U.S. government and policy-focused organizations. This operation, attributed with moderate confidence to the China-linked advanced persistent threat group Mustang Panda , utilizes DLL sideloading techniques and sophisticated social engineering to bypass traditional security controls. The campaign’s technical sop

Executive Summary The Canadian Investment Regulatory Organization ( CIRO ), the national self-regulatory body overseeing investment dealers, mutual fund dealers, and trading activity in Canada, experienced a significant data breach in August 2025. Following a sophisticated phishing attack, approximately 750,000 Canadian investors had their sensitive personal and financial information compromised. The breach was initially detected on August 11, 2025, with public disclosure on

Executive Summary Veeam has released critical security updates for its flagship Veeam Backup & Replication product, addressing a severe remote code execution (RCE) vulnerability tracked as CVE-2025-59470 . This flaw, assigned a CVSS v3.1 base score of 9.0, enables highly privileged users—specifically those with Backup Operator or Tape Operator roles—to execute arbitrary code as the postgres user on the backup server. The vulnerability is exploitable via network vectors a

Executive Summary Microsoft has issued a critical advisory highlighting a surge in sophisticated phishing campaigns that exploit misconfigured email routing and insufficient spoof protection within Microsoft 365 and hybrid Exchange environments. These attacks enable adversaries to send phishing emails that convincingly appear to originate from an organization’s own internal domain, thereby bypassing standard security controls and increasing the likelihood of successful cre