Major Incidents or Breaches

• Ingram Micro, a major IT distributor, experienced a ransomware attack causing widespread outages and disruption to customer ordering and services. The company is working to restore systems; details on data theft remain undisclosed.
• Qantas confirmed it is being extorted by threat actors following a cyberattack that potentially exposed the data of 6 million customers.
• Hackers stole nearly $140 million from six Brazilian banks by using credentials purchased from a C&M employee for $920.
• The International Criminal Court (ICC) disclosed a sophisticated cyberattack in its latest threat intelligence report.
• The PC version of Call of Duty: WWII was taken offline after reports of gamers being hacked.
• Several Russian industrial enterprises were targeted in a phishing campaign delivering the newly discovered Batavia spyware, which exfiltrates sensitive data from corporate devices.

Newly Discovered Vulnerabilities

Notable Threat Actor Activity

• TAG-140, a threat group linked to Pakistan, has been observed targeting Indian government, defence, and rail sectors using a modified version of the DRAT remote access trojan (DRAT V2). The campaign involves spear-phishing and the deployment of the new RAT variant for persistent access and data exfiltration.

Trends, Tools, or Tactics of Interest

• The Caracal rootkit, written in Rust and leveraging eBPF, has been released for stealthy post-exploitation. Caracal enables the hiding of BPF programs, maps, and processes on compromised systems, enhancing evasion capabilities for attackers and red teamers.
• Analysis of SSH and Telnet honeypot data has revealed attackers experimenting with new and varied usernames in brute-force attempts, indicating ongoing evolution in credential-stuffing tactics.
• The Flipper Zero device continues to demonstrate a wide range of offensive security capabilities, including RFID/NFC cloning, signal replay attacks, and wireless protocol analysis, maintaining its popularity among both security professionals and hobbyists.

Major Incidents or Breaches

• Ingram Micro, a major IT distributor, is experiencing an ongoing outage attributed to a SafePay ransomware attack. Internal systems have been shut down as a result of the incident.

Newly Discovered Vulnerabilities

• Exposed Java Debug Wire Protocol (JDWP) interfaces are being actively exploited by threat actors to gain remote code execution and deploy cryptocurrency miners on compromised systems.

Notable Threat Actor Activity

• Attackers are leveraging exposed JDWP interfaces for illicit crypto mining operations.
• Hpingbot malware is targeting SSH services to facilitate Distributed Denial of Service (DDoS) attacks.
• Iran-linked hackers have threatened to release emails related to the Trump campaign.
• Chinese state-linked threat actors reportedly maintain persistent access within US telecommunications networks.

Trends, Tools, or Tactics of Interest

Major Incidents or Breaches

• Ingram Micro has suffered a global outage affecting its websites and internal systems. Customers have expressed concern that this may be the result of a cyberattack, although the company has not issued an official statement regarding the cause.
• A hacker has claimed to have stolen and leaked 106GB of data from Spanish telecommunications provider Telefónica. The company has not confirmed the breach.

Newly Discovered Vulnerabilities

• Two critical vulnerabilities have been disclosed in the Sudo command-line utility for Linux and Unix-like operating systems. These flaws allow local attackers to escalate privileges to root. The vulnerabilities impact major Linux distributions.

Notable Threat Actor Activity

Major Incidents or Breaches

• Spanish police dismantled an investment fraud ring responsible for over €10 million in losses, targeting victims through fraudulent investment schemes.
• IdeaLab confirmed data was stolen during a ransomware attack in October 2024, with notifications being sent to affected individuals.
• Microsoft is investigating ongoing intermittent access issues affecting SharePoint Online users.
• Over 40 malicious Firefox browser extensions targeting cryptocurrency wallets have been discovered, designed to steal wallet secrets and user assets.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Qantas Airlines suffered a data breach impacting 6 million customers. Personal information was accessed via a third-party call center platform; passport and credit card data were not included.
• Spanish authorities arrested two individuals in Las Palmas for cybercriminal activity, including data theft from government entities, politicians, and journalists.

Newly Discovered Vulnerabilities

• Cisco disclosed and patched a critical vulnerability in Unified Communications Manager (Unified CM) and Session Management Edition, involving hardcoded root SSH credentials that allowed remote root access. The backdoor account has now been removed.
• The Forminator WordPress plugin is vulnerable to an unauthenticated arbitrary file deletion flaw, enabling potential full site takeover attacks.
• Google Chrome was updated to address a serious security flaw that has been exploited in the wild.
• Citrix issued a warning that patching recent authentication bypass vulnerabilities in NetScaler ADC and Gateway may cause login page failures.
• Multiple fake cryptocurrency wallet extensions were discovered in the Firefox add-ons store, designed to steal wallet credentials and sensitive data.

Notable Threat Actor Activity

Major Incidents or Breaches

• Qantas disclosed a cyberattack involving unauthorised access to a third-party platform containing customer data.
• Kelly Benefits reported a 2024 data breach impacting 550,000 customers’ personal information.
• Esse Health notified over 263,000 patients of a breach in April that compromised personal and health information.
• Johnson Controls began notifying individuals affected by a 2023 ransomware attack that impacted global operations.
• The International Criminal Court is investigating a new “sophisticated” cyberattack on its systems.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Switzerland’s government reported that sensitive data from multiple federal offices was compromised following a ransomware attack on the third-party provider Radix.
• Europol, in coordination with Spanish authorities, dismantled a cryptocurrency investment fraud ring responsible for laundering approximately $540 million (€460 million) from over 5,000 victims. Five suspects were arrested.
• Over 1,200 Citrix NetScaler ADC and NetScaler Gateway servers remain unpatched against a critical authentication bypass vulnerability, which is reportedly being actively exploited.
• The hacker collective Scattered Spider continues its campaign targeting the airline sector, with Microsoft designating the group as a significant cyber threat.
• The FBI disclosed that cybercriminals are impersonating health fraud investigators to steal sensitive health information from US citizens.
• The US Justice Department revealed that the identities of more than 80 Americans were stolen to facilitate North Korean IT worker scams, with action taken against associated “laptop farms.”
• A government report indicated that a hacker was hired by the Sinaloa drug cartel to identify and target individuals connected to the FBI’s investigation, leading to fatal outcomes.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Hawaiian Airlines has confirmed a cyber incident linked to the cybercrime group Scattered Spider, which has expanded operations to target airlines following high-profile breaches at WestJet and insurers.

• Over 27% of UK businesses experienced cyber incidents in the past year, a significant increase from 16%. Vulnerable smart buildings and IoT systems pose significant risk factors, with 73% of leaders anticipating further disruptions.

• Nearly 16 billion login credentials have been leaked online, highlighting ongoing issues with password hygiene and the reuse of credentials.

Major Incidents or Breaches

• The FBI has reported that the cybercrime group Scattered Spider is expanding its attacks to target the airline sector, primarily using social engineering tactics.
• Hackers reportedly opened a valve at a Norwegian dam, indicating unauthorised access and potential risk to critical infrastructure.

Notable Threat Actor Activity

• Scattered Spider has broadened its targeting to include airlines, employing social engineering to gain access.
• The GIFTEDCROOK malware, operated by an unnamed threat actor, has evolved from a browser data stealer into a more advanced intelligence-gathering tool, with recent campaigns demonstrating enhanced data exfiltration capabilities.

Trends, Tools, or Tactics of Interest