Originally reported by Security Affairs, The Record, Palo Alto Unit 42
TL;DR
Iranian threat actors are actively targeting Middle East energy infrastructure while QNAP addressed critical SD-WAN vulnerabilities demonstrated at Pwn2Own Ireland 2025. A major DeFi platform breach resulted in $24.5 million stolen, and education company Kaplan disclosed a breach affecting over 230,000 individuals.
Iran-linked APT group actively targeting critical energy infrastructure in the Gulf region, combined with critical vulnerabilities in QNAP infrastructure devices and a $24.5 million DeFi breach, represent significant threats to critical systems.
Resecurity has identified a new Iran-associated threat group dubbed Nasir Security actively targeting energy organizations across the Middle East. The group's focus on critical energy infrastructure aligns with broader Iranian cyber operations targeting regional adversaries amid ongoing geopolitical tensions.
The energy sector remains a primary target for nation-state actors due to its strategic importance and potential for significant economic and operational disruption. Resecurity's tracking indicates this represents an escalation in Iranian cyber activities against Gulf states.
QNAP has patched four critical vulnerabilities (CVE-2025-62843 through CVE-2025-62846) in its SD-WAN router products after Team DDOS successfully demonstrated exploitation chains at Pwn2Own Ireland 2025. The researchers chained multiple bugs to achieve root access on QNAP devices.
These vulnerabilities could enable remote code execution, unauthorized data access, and system disruption on enterprise network infrastructure. Organizations using QNAP SD-WAN solutions should prioritize immediate patching to prevent potential compromise by threat actors who may weaponize these publicly demonstrated techniques.
An attacker successfully compromised the Resolv DeFi platform, stealing $24.5 million in Ethereum through an exploit of the platform's smart contract mechanisms. Resolv attempted to negotiate with the attacker via blockchain messaging, offering a 10% bounty for return of the remaining funds.
This breach highlights ongoing vulnerabilities in decentralized finance protocols and the substantial financial risks posed to cryptocurrency platforms. The incident demonstrates how smart contract vulnerabilities can result in immediate, irreversible financial losses.
Educational services company Kaplan reported a cybersecurity incident affecting over 230,000 individuals, with exposed data including Social Security numbers and driver's license information. The breach occurred in fall 2025 but was only recently disclosed to state regulators.
The incident underscores the persistent threat to educational institutions, which often maintain extensive databases of sensitive personal information spanning students, employees, and contractors. The delayed disclosure timeline raises questions about detection capabilities and incident response procedures.
California-based semiconductor testing company Trio Tech reported a ransomware attack against its Singapore subsidiary to the SEC. The incident affects a company operating in the critical semiconductor supply chain, highlighting ongoing threats to technology manufacturing infrastructure.
The attack demonstrates how ransomware groups continue targeting specialized industrial sectors, potentially disrupting global supply chains for critical technology components.
James Junior Aliyu, 31, received a 90-month federal prison sentence for orchestrating a $6 million business email compromise (BEC) scheme involving wire fraud and money laundering. The case was prosecuted by U.S. Immigration and Customs Enforcement.
This sentencing reflects continued law enforcement focus on international cybercrime networks, particularly BEC operations that have cost organizations billions annually through social engineering and email account compromise techniques.
Palo Alto Networks Unit 42 published detailed research into Google Authenticator's passwordless authentication mechanisms, examining the security architecture of synced passkey systems. The analysis provides insights into key management and secure communication protocols in modern passwordless authentication systems.
The research offers valuable technical details for security professionals implementing or evaluating passwordless authentication solutions in enterprise environments.
Originally reported by Security Affairs, The Record, Palo Alto Unit 42