A concise roundup of notable incidents and high-risk exposures.
Top attacks and breaches
Canada — ICS tampering at water and energy sites
The Canadian Centre for Cyber Security reported hacktivists tampered with a municipal water facility’s pressure valves and triggered false alarms at an oil and gas firm via automated tank gauges.
Source: www.securityweek.com/canada-sa…
Software supply chain — 136 malicious npm packages
Researchers identified 136 npm packages delivering information-stealers, downloaded roughly 100,000 times since July/August.
Source: www.securityweek.com/136-npm-p…
Vulnerabilities and patches
CVE-2025-55680 — Windows Cloud Files Mini-Filter Driver (Microsoft)
A TOCTOU race condition in the Cloud Files Mini-Filter driver allows a local attacker to elevate privileges. High severity.
NVD: nvd.nist.gov/vuln/deta…
Write-up: cybersecuritynews.com/windows-c…
Mobile-device attacks trending up
Verizon’s 2025 Mobile Security Index reports rising mobile compromise driven by AI-powered threats and user error.
Sources:
www.securityweek.com/mobile-se…
cybermagazine.com/news/veri…
Data breaches
LG Uplus (South Korea) — breach confirmed
Telecom operator confirmed a cybersecurity incident and notified KISA; investigation continues.
Source: cybernews.com/security/…
Michael R. Schwartz, MD (California) — healthcare breach notice
The practice disclosed a security incident involving patient data; notifications are underway.
Source: www.hipaajournal.com/george-e-…
Northern Montana Health Care (U.S.) — third-party billing vendor incident
NMHC stated that its collections vendor Wakefield & Associates issued breach notifications.
Source: hilinetoday.com/nmhc-noti…
