Executive Summary A new wave of Android-targeted cyberattacks has been detected in Uzbekistan, with thousands of users falling victim to advanced SMS stealer malware. The primary threat, identified as Wonderland (formerly known as WretchedCat ), is being distributed through a sophisticated affiliate model orchestrated by the cybercriminal group TrickyWonders . This campaign leverages social engineering, Telegram-based distribution, and highly obfuscated droppers to compromis

Executive Summary A critical zero-day vulnerability in WatchGuard Firebox devices, tracked as CVE-2025-14733 , is being actively exploited by threat actors in the wild. This flaw, an out-of-bounds write in the Fireware OS iked process, enables remote, unauthenticated attackers to execute arbitrary code on affected appliances via the IKEv2 VPN service. The vulnerability impacts a broad spectrum of WatchGuard Firebox models and Fireware OS versions, including both mobile us

Executive Summary SoundCloud, a leading audio streaming platform, has confirmed a security breach that resulted in the theft of member data and significant disruption to VPN access. The incident, which began in mid-December 2025, was traced to unauthorized access via an ancillary service dashboard. Approximately 20% of SoundCloud users—estimated at 28 million accounts—were affected, with compromised data limited to email addresses and information already visible on public pro

Executive Summary Askul Corporation, a major Japanese e-commerce and logistics provider, has confirmed the theft of approximately 740,000 customer records following a ransomware attack attributed to the RansomHouse group. The incident, first detected on October 19, 2025, resulted in significant operational disruption, including the suspension of order processing and shipping for both business and individual customers, as well as major partners such as Muji . The compromised

Executive Summary On November 8, 2025, the third-party analytics provider Mixpanel suffered a security breach following a targeted SMS phishing (smishing) attack. This incident resulted in unauthorized access to historical analytics data, including sensitive user activity records from former PornHub Premium members. The threat actor group ShinyHunters subsequently initiated an extortion campaign, claiming to have exfiltrated 94GB of data containing over 200 million records

Executive Summary The 700Credit data breach, discovered on October 25, 2025, has impacted approximately 5.6 to 5.8 million individuals and nearly 18,000 dealerships across the United States. The breach involved unauthorized access to the 700Dealer.com web application, resulting in the exfiltration of unencrypted personally identifiable information (PII), specifically names, addresses, and Social Security numbers. The incident occurred between May and October 2025 and was li

Executive Summary A critical vulnerability has been identified and patched in the OpenAI Codex CLI , a widely adopted command-line interface that enables developers to automate coding tasks using artificial intelligence. This flaw, discovered by Check Point Research and remediated in version 0.23.0, allowed adversaries to execute arbitrary code on developer endpoints by manipulating project-specific configuration files. The vulnerability, classified as command injection via

Executive Summary A coordinated campaign, identified as Operation RedDirection , has compromised over 2.3 million users through 18 malicious browser extensions distributed via the official Google Chrome and Microsoft Edge web stores. These extensions, initially benign and widely trusted due to positive reviews and verified badges, were later weaponized through malicious updates. Once activated, the extensions tracked users’ browsing activity, communicated with attacker-cont

Executive Summary The December 2025 Android security update, released by Google , addresses a total of 107 vulnerabilities, among which two critical zero-day flaws— CVE-2025-48633 and CVE-2025-48572 —stand out due to their confirmed exploitation in the wild. These vulnerabilities impact the Android Framework on versions 13, 14, 15, and 16, and have been leveraged in highly targeted surveillance and espionage campaigns. The exploitation of these flaws is consistent with the

Executive Summary The University of Pennsylvania has confirmed a significant data breach following the exploitation of a zero-day vulnerability in the Oracle E-Business Suite (EBS) , in conjunction with a sophisticated social engineering attack. The incident, discovered on October 31, 2025, resulted in unauthorized access to systems related to the university’s development and alumni activities. Attackers obtained sensitive personal information, including names and other perso

Executive Summary On September 29, 2025, Asahi Group Holdings , a leading Japanese beverage manufacturer, detected a significant ransomware attack that disrupted its data center operations. The incident, attributed to the Qilin ransomware group , resulted in the compromise of personal information belonging to over 1.5 million individuals, including customers, employees, and external contacts. The attack caused widespread operational disruption, including the suspension of aut

Executive Summary On November 28, 2025, the French Soccer Federation (FFF) publicly disclosed a cyberattack that resulted in the unauthorized access and theft of member data from its club administrative management software. The breach was executed using a compromised account, allowing attackers to exfiltrate personal information including names, gender, nationality, postal addresses, and email addresses of federation members. No financial data, passwords, or identification d

Executive Summary North Korean state-sponsored threat actors, specifically those associated with the Contagious Interview campaign, have executed a sophisticated supply chain attack by publishing 197 malicious packages to the npm registry. These packages are engineered to deliver an updated variant of the OtterCookie malware, which incorporates advanced features from both the original OtterCookie and the BeaverTail malware strains. The campaign leverages a combination of

Executive Summary Between August and October 2025, the Qilin ransomware group executed a large-scale, coordinated supply chain attack against South Korea’s financial sector, resulting in the compromise of at least 28 organizations, primarily asset management and financial services firms. The attackers leveraged a single domestic Managed Service Provider ( MSP ) as the initial access vector, enabling rapid, parallel deployment of ransomware across multiple victims. Over 1 mil

Overview On 27 November 2025 , organizations began reporting a security incident involving Mixpanel, a widely used analytics and user-behavior tracking platform. The attacker reportedly used elevated privileges to export datasets containing user profile information, including names, email addresses, and approximate location metadata. Although no passwords, payment information, or sensitive authentication credentials were reported as exposed, the incident highlights a signifi

Executive Summary On November 27, 2025, OpenAI confirmed a security incident involving its third-party web analytics provider, Mixpanel . The breach occurred within Mixpanel ’s systems and resulted in unauthorized access to and export of a dataset containing limited identifiable information of some OpenAI API users. The incident did not impact OpenAI ’s core infrastructure, ChatGPT , or other products, and no passwords, API keys, payment data, or sensitive content were comp

Executive Summary Microsoft has recently announced a comprehensive suite of security enhancements targeting identity, defense, and compliance within its cloud and enterprise ecosystems. These advancements are designed to address the evolving threat landscape, streamline compliance management, and empower organizations to better protect their digital assets. This report provides an in-depth analysis of the technical and practical implications of these updates, explores their

Executive Summary The Pennsylvania Attorney General’s Office has confirmed a data breach following a ransomware attack. The incident resulted in unauthorized access to sensitive data held by the office. The breach has been publicly acknowledged by the office, and initial investigations indicate that the attack was part of a broader trend of ransomware campaigns targeting government entities. The office has initiated incident response protocols and is cooperating with law enf

Executive Summary Recent intelligence has surfaced regarding the activities of the Iran-nexus threat actor UNC1549 , which has been observed targeting the global aerospace sector. This actor, believed to be operating with strategic objectives aligned with Iranian state interests, has demonstrated a sophisticated operational playbook, leveraging advanced malware, custom toolsets, and multi-stage intrusion techniques. The campaign is characterized by a focus on espionage, intel

Executive Summary Recent claims by Anthropic regarding the potential for its Claude AI model to automate cyberattacks have sparked significant debate within the cybersecurity community. While Anthropic has highlighted the risks of advanced language models being used for malicious purposes, many experts have expressed skepticism about the immediacy and practicality of such threats. This report examines the technical and practical aspects of these claims, analyzes the broade