Major Incidents or Breaches

• Ascension Healthcare Breach: Ascension, a major US healthcare provider, disclosed a data breach affecting over 430,000 patients, exposing personal and healthcare information.
• Insight Partners Data Breach: Ongoing investigation reveals the impact of the breach at venture capital firm Insight Partners is larger than initially anticipated, with affected customers being notified incrementally.
• Japanese Financial Account Compromise: Hackers breached nearly 5,000 Japanese financial accounts in April, conducting almost $2 billion in fraudulent trades across nine securities firms.
• LockBit Ransomware Gang Breach: LockBit’s affiliate panel was compromised, leaking sensitive operational data including Bitcoin addresses, private victim chats, and user credentials.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Pearson Data Breach: Education giant Pearson suffered a cyberattack resulting in the theft of corporate and customer data.
• Insight Partners Breach: Venture capital firm Insight Partners confirmed sensitive employee and investor data was stolen in a January 2025 cyberattack.
• Toronto School District Ransomware: Toronto’s school district paid a ransom believing stolen data would be deleted; however, the data was not removed as promised.
• Supply Chain Attacks on Open Source Packages:
  • The npm package ‘rand-user-agent’ (45,000 weekly downloads) was compromised to deliver a remote access trojan (RAT).
  • A malicious PyPI package targeting Discord developers was found to be distributing RAT malware since 2022.
• Kickidler Software Abused: Ransomware operators are leveraging legitimate Kickidler employee monitoring software for post-compromise reconnaissance and credential harvesting.

Newly Discovered Vulnerabilities

Major Incidents and Breaches

• LockBit Ransomware Gang Breach: The LockBit ransomware group suffered a significant breach, with its dark web affiliate panels defaced and victim negotiation data exposed via a leaked MySQL database. This incident may disrupt ongoing operations and expose sensitive data related to victims and affiliates.

• PowerSchool Extortion Escalates: Following a December cyberattack, the PowerSchool hacker is now directly extorting individual school districts, threatening to release stolen student and teacher data if ransoms are not paid.

Major Incidents or Breaches

• UK Legal Aid Agency (LAA) Incident: The LAA, part of the UK’s Ministry of Justice, is investigating a cybersecurity incident that may have exposed law firm data. The agency has warned impacted firms of potential data access by attackers.
• T-Mobile Data Breach Settlement: Payments to victims of T-Mobile’s 2021 data breach (which exposed data of 76 million customers) have begun distribution after previous delays.
• Langflow AI App Servers Compromised: A critical remote code execution (RCE) vulnerability in Langflow has been exploited in the wild, with CISA urging immediate patching.
• Samsung MagicINFO 9 Server Exploits: Active exploitation of an unauthenticated RCE flaw in Samsung MagicINFO 9 Server has been observed, leading to device hijacking and malware deployment.
• GeoVision IoT Devices Used in Mirai Botnet: Threat actors are exploiting vulnerabilities in end-of-life GeoVision IoT devices to conscript them into Mirai botnets for DDoS attacks.
• Commvault Vulnerability Still Exploitable: Despite prior patches, CVE-2025-34028 affecting Commvault remains exploitable and is under active attack.
• SonicWall SMA Devices Under Attack: Two vulnerabilities in SonicWall’s Secure Mobile Access (SMA) devices are being actively exploited by threat actors.
• Linux Supply Chain Attack: Malicious Go modules uploaded to GitHub have been used to deliver disk-wiping malware targeting Linux servers.

Newly Discovered or Actively Exploited Vulnerabilities

Major Incidents or Breaches

• UK Retail Sector Attacks: The UK’s National Cyber Security Centre (NCSC) issued new security guidance following three significant cyberattacks targeting major UK retailers.
• TeleMessage Breach: TeleMessage, an unofficial Signal message archiving tool used by US government officials, suspended all services after a reported hack.
• Educational Sector Disruptions (US): Multiple school districts in Georgia and a university in New Mexico experienced disruptive cyberattacks as the academic year ends.
• Darcula Phishing Campaign: The Darcula phishing-as-a-service (PhaaS) platform stole 884,000 credit cards globally via malicious SMS campaigns.
• Disney Data Leak: An individual pleaded guilty to stealing sensitive Disney data and falsely claiming to be a Russian hacktivist.
• Peru Ransomware Claim: The Rhysida ransomware group claimed responsibility for an attack on the Peruvian government’s domain, though the government denies the incident.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Three major UK retailers have suffered high-profile cyberattacks. In response, the National Cyber Security Centre (NCSC) has issued updated security guidance for all UK companies, highlighting the ongoing threat to the retail sector.
• Azerbaijan has publicly attributed a February cyberattack on local media outlets to Russian state-backed group APT29, amid broader efforts to reduce Russian influence in the country.
• Romanian state websites were targeted by DDoS attacks from a Russian-linked hacktivist group during national elections, demonstrating continued politically motivated cyber activity in Eastern Europe.

Notable Threat Actor Activity

Major Incidents or Breaches

• A coordinated hacking campaign has targeted major UK retail companies, resulting in data breaches and operational disruptions. The incident underscores ongoing risks to the retail sector from cybercriminal activity.
• An Iranian state-sponsored threat group maintained persistent, covert access to a Middle East critical national infrastructure (CNI) organisation for nearly two years. The intrusion leveraged VPN vulnerabilities and custom malware, highlighting the long-term threat posed by advanced persistent threat (APT) actors to CNI environments.

Newly Discovered Vulnerabilities

Major Incidents and Breaches

• Co-op Data Theft Confirmed: Co-op has verified that significant data was stolen in a recent cyberattack, following claims by the DragonForce ransomware group. The breach impacts a substantial number of current and former customers.
• Magento Supply Chain Attack: Between 500 and 1,000 e-commerce stores, including a $40 billion multinational, were compromised through 21 backdoored Magento extensions in a widespread supply chain attack.
• UK Retail Sector Under Attack: Multiple major British retailers, including Harrods, have been targeted by likely ransomware attacks in recent weeks. The UK NCSC has characterised these incidents as a “wake-up call” for the sector, urging improved cyber resilience.
• Ransomware Surge in Food and Agriculture: Ransomware attacks targeting the food and agriculture sector have doubled in 2025, with the increase attributed largely to Clop’s exploitation of a popular file-sharing service.

Notable Threat Actor Activity

Major Incidents and Breaches

• Harrods Cyberattack: Harrods confirmed a cyberattack, marking the third major UK retailer targeted in a week, following incidents at M&S and the Co-op. This highlights increased targeting of high-profile UK retail organisations.
• Ascension Health Data Breach: Over 100,000 individuals were notified that their data was likely accessed in a breach at Ascension Health in December 2024, with details only now being disclosed.
• Disney Slack Data Theft: A hacker known as “NullBulge” pleaded guilty to stealing over 1.1TB of internal data from Disney’s Slack channels.
• Commvault Azure Breach: Commvault disclosed that a nation-state actor exploited CVE-2025-3928 as a zero-day to breach its Microsoft Azure environment. No evidence of customer data compromise was found.
• Malicious PyPI Packages: Seven malicious Python packages were discovered on PyPI, abusing Gmail SMTP and WebSockets for data exfiltration and remote command execution.
• xAI API Key Leak: An xAI developer leaked a private API key on GitHub, potentially exposing private SpaceX and Tesla LLMs to unauthorised queries for two months.

Newly Discovered Vulnerabilities

Major Incidents and Breaches

• SonicWall SMA100 Exploitation

  • SonicWall has confirmed active exploitation of two now-patched vulnerabilities in its SMA100 Secure Mobile Access appliances. Attackers are targeting unpatched systems in the wild.

• UK Retailer Co-op Cyberattack

  • Co-op Food, a major UK supermarket chain, experienced limited operational disruption after a cyberattack, prompting the shutdown of some IT systems.

• Ascension Healthcare Data Breach

  • Ascension, a large US healthcare provider, is notifying patients of a data breach stemming from a December 2024 third-party hacking incident, with personal and health information stolen.

• Commvault Azure Breach