Executive Summary A critical vulnerability has been identified and patched in the OpenAI Codex CLI , a widely adopted command-line interface that enables developers to automate coding tasks using artificial intelligence. This flaw, discovered by Check Point Research and remediated in version 0.23.0, allowed adversaries to execute arbitrary code on developer endpoints by manipulating project-specific configuration files. The vulnerability, classified as command injection via

Executive Summary A coordinated campaign, identified as Operation RedDirection , has compromised over 2.3 million users through 18 malicious browser extensions distributed via the official Google Chrome and Microsoft Edge web stores. These extensions, initially benign and widely trusted due to positive reviews and verified badges, were later weaponized through malicious updates. Once activated, the extensions tracked users’ browsing activity, communicated with attacker-cont

Executive Summary The December 2025 Android security update, released by Google , addresses a total of 107 vulnerabilities, among which two critical zero-day flaws— CVE-2025-48633 and CVE-2025-48572 —stand out due to their confirmed exploitation in the wild. These vulnerabilities impact the Android Framework on versions 13, 14, 15, and 16, and have been leveraged in highly targeted surveillance and espionage campaigns. The exploitation of these flaws is consistent with the

Executive Summary The University of Pennsylvania has confirmed a significant data breach following the exploitation of a zero-day vulnerability in the Oracle E-Business Suite (EBS) , in conjunction with a sophisticated social engineering attack. The incident, discovered on October 31, 2025, resulted in unauthorized access to systems related to the university’s development and alumni activities. Attackers obtained sensitive personal information, including names and other perso

Executive Summary On September 29, 2025, Asahi Group Holdings , a leading Japanese beverage manufacturer, detected a significant ransomware attack that disrupted its data center operations. The incident, attributed to the Qilin ransomware group , resulted in the compromise of personal information belonging to over 1.5 million individuals, including customers, employees, and external contacts. The attack caused widespread operational disruption, including the suspension of aut

Executive Summary On November 28, 2025, the French Soccer Federation (FFF) publicly disclosed a cyberattack that resulted in the unauthorized access and theft of member data from its club administrative management software. The breach was executed using a compromised account, allowing attackers to exfiltrate personal information including names, gender, nationality, postal addresses, and email addresses of federation members. No financial data, passwords, or identification d

Executive Summary North Korean state-sponsored threat actors, specifically those associated with the Contagious Interview campaign, have executed a sophisticated supply chain attack by publishing 197 malicious packages to the npm registry. These packages are engineered to deliver an updated variant of the OtterCookie malware, which incorporates advanced features from both the original OtterCookie and the BeaverTail malware strains. The campaign leverages a combination of

Executive Summary Between August and October 2025, the Qilin ransomware group executed a large-scale, coordinated supply chain attack against South Korea’s financial sector, resulting in the compromise of at least 28 organizations, primarily asset management and financial services firms. The attackers leveraged a single domestic Managed Service Provider ( MSP ) as the initial access vector, enabling rapid, parallel deployment of ransomware across multiple victims. Over 1 mil

Overview On 27 November 2025 , organizations began reporting a security incident involving Mixpanel, a widely used analytics and user-behavior tracking platform. The attacker reportedly used elevated privileges to export datasets containing user profile information, including names, email addresses, and approximate location metadata. Although no passwords, payment information, or sensitive authentication credentials were reported as exposed, the incident highlights a signifi

Executive Summary On November 27, 2025, OpenAI confirmed a security incident involving its third-party web analytics provider, Mixpanel . The breach occurred within Mixpanel ’s systems and resulted in unauthorized access to and export of a dataset containing limited identifiable information of some OpenAI API users. The incident did not impact OpenAI ’s core infrastructure, ChatGPT , or other products, and no passwords, API keys, payment data, or sensitive content were comp

Executive Summary Microsoft has recently announced a comprehensive suite of security enhancements targeting identity, defense, and compliance within its cloud and enterprise ecosystems. These advancements are designed to address the evolving threat landscape, streamline compliance management, and empower organizations to better protect their digital assets. This report provides an in-depth analysis of the technical and practical implications of these updates, explores their

Executive Summary The Pennsylvania Attorney General’s Office has confirmed a data breach following a ransomware attack. The incident resulted in unauthorized access to sensitive data held by the office. The breach has been publicly acknowledged by the office, and initial investigations indicate that the attack was part of a broader trend of ransomware campaigns targeting government entities. The office has initiated incident response protocols and is cooperating with law enf

Executive Summary Recent intelligence has surfaced regarding the activities of the Iran-nexus threat actor UNC1549 , which has been observed targeting the global aerospace sector. This actor, believed to be operating with strategic objectives aligned with Iranian state interests, has demonstrated a sophisticated operational playbook, leveraging advanced malware, custom toolsets, and multi-stage intrusion techniques. The campaign is characterized by a focus on espionage, intel

Executive Summary Recent claims by Anthropic regarding the potential for its Claude AI model to automate cyberattacks have sparked significant debate within the cybersecurity community. While Anthropic has highlighted the risks of advanced language models being used for malicious purposes, many experts have expressed skepticism about the immediacy and practicality of such threats. This report examines the technical and practical aspects of these claims, analyzes the broade

Executive Summary The emergence of the Akira Ransomware-as-a-Service (RaaS) operation has introduced a significant threat to organizations leveraging Nutanix Virtual Machines (VMs) . Recent intelligence indicates that the Akira threat group has expanded its targeting scope to include Nutanix environments, exploiting virtualization infrastructure to maximize operational disruption and ransom leverage. This campaign is particularly concerning for critical infrastructure, hea

Executive Summary Recent intelligence has revealed that North Korean state-sponsored threat actors are leveraging legitimate JSON-based web services as covert channels for malware delivery and command-and-control (C2) operations. This innovative tactic exploits the ubiquity and trust associated with JSON data formats and cloud-based APIs, enabling adversaries to bypass traditional security controls and evade detection. The campaign demonstrates a significant evolution in th

Executive Summary Logitech has confirmed a data breach following an extortion attack attributed to the Clop ransomware group. The incident involved unauthorized access to certain company data, with the attackers leveraging vulnerabilities to exfiltrate sensitive information. Logitech has stated that the breach did not impact its core business operations or compromise customer payment data. The company is actively investigating the scope of the breach and has engaged with r

Executive Summary Recent intelligence has surfaced regarding a sophisticated cyber-espionage campaign attributed to Iranian threat actors, codenamed SpearSpecter . This operation is characterized by highly targeted spear-phishing attacks and the deployment of advanced custom malware, with a primary focus on defense and government entities. The campaign leverages a combination of social engineering, zero-day vulnerabilities, and multi-stage payloads to establish persistent acc

Executive Summary Recent intelligence has surfaced indicating that Chinese state-sponsored threat actors are leveraging advanced generative AI models, specifically Anthropic's AI , to orchestrate highly automated and scalable cyber espionage campaigns. This marks a significant evolution in the threat landscape, as adversaries are now integrating large language models (LLMs) into their attack chains to enhance reconnaissance, automate phishing, and accelerate malware developme

Executive Summary A recent cyber threat campaign has been identified in which Russian-affiliated threat actors created approximately 4,300 fraudulent travel and hotel booking websites. The primary objective of this campaign was to harvest payment card data and personal information from unsuspecting hotel guests. These fake sites closely mimicked legitimate hotel and travel booking platforms, leveraging sophisticated social engineering and web spoofing techniques to deceive us