Top news stories this week
- Shown the Singa-door. Singapore confirms espionage campaign against telecom sector.
- Third-wheeling. Volvo and Flickr disclose recent third-party data breaches.
- I see EU. Ivanti Mobile Management vulnerability used to breach European government entities.
- Identity jackpot. Cyber criminals use stolen identities to defraud online gambling platforms.
- Trust, but verify. Threat actors abuse legitimate accounts on GitHub and LinkedIn.
- Patch race. Patch Tuesday released along with several patches from other major vendors.
1. Singapore confirms espionage campaign against telecom sector
Singapore disclosed details of an eleven month-long campaign by an allegedly China-linked threat actor group against its four major telecom operators. Described as deliberate, targeted and well-planned, this campaign exploited zero-day vulnerabilities in widely-used edge devices to establish long-term persistence.
So what?
Edge devices like firewalls are often a blind spot for traditional security tooling. Organisations should adopt a defense-in-depth strategy with compensating security controls.
[Researcher: Lester Lim]
2. Volvo and Flickr disclose recent third-party data breaches
Flickr and Volvo have both disclosed earlier this week that they have data breaches due to cyberattacks on third-parties. While Flickr has not yet reported on the number of affected customers, Volvo’s breach has affected over 16,000 employees. Flickr has issued a warning to their customers about an increased risk in phishing campaigns.
So what?
Supply chain risks are a significant part of a company's threat exposure and highlight the importance of third-party risk management and consideration of external dependencies in business continuity plans.
[Researcher: Jenny Eysert]
3. Ivanti Endpoint Mobile Management Vulnerability under active exploitation
Multiple high-profile European entities including the European Commission, the Dutch government and Finland's government ICT provider Valtori have now confirmed breaches caused by vulnerabilities in Ivanti EPMM software. Two critical vulnerabilities (CVE-2026-1281 and CVE-2026-1340, both CVSS 9.8) allow unauthenticated remote code execution and were initially exploited as zero-days. Security researchers have linked much of the activity to a single IP address.
So what?
Organisations running Ivanti EPMM should patch immediately. To mitigate similar risks, organisations should define processes for responding to emergency zero‑day vulnerabilities when publicised.
[Researcher: Jack Woods]
4. Cyber criminals use stolen identities to defraud online gambling platforms
Two Connecticut men face charges for defrauding FanDuel and other gambling platforms of USD 3 million. They were indicted for purchasing the stolen identities of roughly 3,000 individuals through darknet markets and Telegram, which they then used to create fraudulent accounts on the gambling sites and exploit promotional bonuses.
SO WHAT?
Personal information exposed in data breaches becomes a valuable resource for criminals, who can use it for identity theft and fraud. Organizations should promptly notify affected individuals so they can take timely steps to protect their identities.
[Researcher: Milda Petraityte]
5. Threat actors using stolen identifies on GitHub and LinkedIn to win trust
Threat actors are using hijacked accounts on Github to deliver backdoor malware to IT admins and OSINT researchers. Separately, Democratic People's Republic of Korea (DPRK) operatives are applying for remote roles with stolen, verified LinkedIn profiles, passing routine screening and gaining insider access under trusted identities.
So What?
This highlights a growing trend of threat actors using trust signals such as verification accounts on GitHub and LinkedIn. Users should exercise caution when interacting with content even from seemingly trusted sources.
[Researcher: Tlhalefo Dikolomela]
6. Patch Tuesday released with several patches from other major vendors.
Microsoft patched 59 vulnerabilities this month, six of which are zero days under active exploitation. Among the most notable is CVE-2026-21510 in the Windows Shell, which enables one-click code execution via a SmartScreen bypass on malicious links.
Separately, several vendors issued high impact patches this week, with SAP fixing two critical vulnerabilities and Adobe patching multiple creative apps.
SO WHAT?
With multiple patches released at once, organisations should prioritise reviewing and addressing the most critical vulnerabilities relevant to their specific technology stack.
[Researcher: Aditya Ganjam Mahesh]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
