Skip to content
Contact Us
All posts

28.07.25 Threat Report

By  Craig Pepper  ·  2 minute read

In this week’s threat report, a breach at IR35 advisor Qdos exposing contractor data, a sophisticated phishing campaign spoofing Facebook login pages, a malware campaign distributed via YouTube and Discord, and a critical Chrome vulnerability actively exploited in the wild.

1. Qdos IR35 Advisor Confirms Data Breach Affecting Contractors

Qdos, a leading IR35 compliance and contractor insurance provider, has confirmed a significant data breach involving personal information of past and current customers.

Breach Details:

  • Affects individuals who held policies between 2014 and 2024.

  • Stolen data includes names, email addresses, phone numbers, and possibly financial records.

  • External sources alerted Qdos to the breach; forensic teams are now investigating.

  • The incident is under review by the Information Commissioner’s Office (ICO) and law enforcement.

Potential Impact:

  • Risk of spear phishing, identity theft, and targeted scams.

  • Contractors and freelancers are potentially exposed to fraudulent activity.

  • Regulatory scrutiny and reputational damage for Qdos.

Recommendation:

  • Notify any team members or contractors who may be affected.

  • Monitor for phishing attempts and financial fraud.

  • Engage identity monitoring if necessary.

  • Review third-party vendor risk assessment processes.

 

2. Sophisticated Phishing Scam Mimics Facebook Login to Steal Credentials

Cybercriminals are deploying a convincing phishing campaign that replicates the Facebook login experience to harvest user credentials.

Phishing Mechanics:

  • Victims are lured via social media, emails, or redirected URLs.

  • Fake login pages use CAPTCHA to appear legitimate and avoid detection.

  • Stolen credentials are immediately sent to attacker-controlled infrastructure.

Potential Impact:

  • Account takeovers and impersonation attacks.

  • Compromise of corporate Facebook accounts.

  • Broader social engineering campaigns targeting users and employees.

Recommendation:

  • Educate employees on how to spot fake login pages.

  • Enforce multi-factor authentication (MFA) on social media accounts.

  • Block known phishing domains and use anti-phishing browser tools.

  • Conduct internal phishing simulations to improve detection readiness.

3. New Malware Delivered via YouTube Channels and Discord Servers

Threat actors are leveraging popular platforms like YouTube and Discord to distribute stealer malware, targeting individuals seeking cracked software or gaming mods.

Attack Details:

  • Infected content is promoted via compromised YouTube accounts.

  • Download links are hosted on Discord servers, evading traditional detection.

  • Malware exfiltrates credentials, cookies, and crypto wallet data.

  • Linked to cybercriminal networks offering “malware-as-a-service”.

Potential Impact:

  • Exposure of sensitive credentials and financial data.

  • Use of compromised accounts to spread further infections.

  • Escalation of risk via legitimate platforms being weaponised.

Recommendation:

  • Restrict access to Discord and non-work-related YouTube content.

  • Use endpoint protection to detect stealer malware behaviour.

  • Educate staff on software download risks and channel spoofing.

  • Block suspicious domains and inspect DNS activity.

4. Chrome Type Confusion Vulnerability Exploited in the Wild (CVE-2025-2345)

Google has patched a high-severity “type confusion” vulnerability in its V8 JavaScript engine, actively exploited in the wild. Identified as CVE-2025-2345, the flaw could allow remote code execution through crafted websites.

Exploit Details:

  • The vulnerability results from improper handling of JavaScript variables.

  • Exploitation allows attackers to execute code on user devices via drive-by attacks.

  • Google issued an emergency fix in Chrome version 125.0.6422.141.

Potential Impact:

  • Remote code execution on affected systems.

  • Threat actors are gaining initial access through casual browsing.

  • Chaining with other exploits to escalate privileges or deploy malware.

Recommendation:

  • Ensure all systems have been updated to the latest version of Chrome.

  • Enable auto-update for browsers across the organisation.

  • Consider browser sandboxing for high-risk roles.

  • Use threat monitoring to identify unusual outbound activity.

 

Threat Intelligence 

Find out more about our Threat Intelligence services...