Major Incidents and Breaches

• SK Telecom Data Breach: South Korean telecom provider SK Telecom is offering free SIM replacements to 25 million customers after a USIM data breach, though only 6 million cards are currently available.
• Ukraine Retail Cyberattack: Epicentr, Ukraine’s largest home improvement retailer, suffered a cyberattack that disrupted key IT systems.
• Targeted Attacks on French Organizations: The French government attributed 12 cyberattacks on domestic entities over four years to Russian state-backed APT28 (GRU).
• Uyghur Community Targeted: Chinese threat actors delivered Trojanized word-processing software via spear-phishing to members of the World Uyghur Congress.
• Outlaw Botnet Activity: Kaspersky identified an SSH-based mining botnet operated by the Outlaw cybergang, targeting organisations globally.
• Reconnaissance on SentinelOne: SentinelOne reported that the China-linked “PurpleHaze” threat cluster attempted reconnaissance against its infrastructure and clients.
• Proton Mail Blocked in India: An Indian high court ordered the nationwide blocking of Proton Mail due to allegations of its use in AI deepfake scams.

Newly Discovered Vulnerabilities

Major Incidents and Breaches

• Marks & Spencer Ransomware Attack
  • Marks & Spencer experienced significant operational disruption, including outages and warehouse worker furloughs, due to a ransomware attack attributed to the “Scattered Spider” group.
• Hitachi Vantara Ransomware Incident
  • Hitachi Vantara took servers offline to contain an Akira ransomware attack, impacting business operations.
• VeriSource Data Breach
  • Employee benefits firm VeriSource confirmed that a February breach exposed personal information of 4 million individuals.
• Urban One Data Breach
  • Urban One, a major media company, disclosed a data breach following claims by a ransomware group.
• World Uyghur Congress Targeted by Malware
  • Senior members of the World Uyghur Congress were targeted in a sophisticated malware campaign via a trojanized UyghurEdit++ tool, indicating ongoing cyber-espionage efforts against exiled Uyghur groups.

Newly Discovered and Actively Exploited Vulnerabilities

Major Incidents and Breaches

• M&S Cyberattack: Marks & Spencer (M&S), a major UK retailer, experienced a cyberattack that disrupted warehouse operations, resulting in approximately 20% of logistics workers being told not to report to work. The incident highlights ongoing threats to supply chain and logistics infrastructure.
• Ukrainian Service Outage: A Ukrainian cloud provider restored state and banking services following a data centre power outage that impacted government agencies and major companies.
• WooCommerce Phishing Campaign: A large-scale phishing campaign is targeting WooCommerce users with fake security alerts, tricking them into installing backdoors under the guise of a “critical patch.”
• Craft CMS Zero-Day Exploits: Attackers are actively exploiting two newly disclosed critical vulnerabilities in Craft CMS, compromising hundreds of servers to gain unauthorized access.
• SAP NetWeaver Exploitation: Over 1,200 internet-facing SAP NetWeaver servers remain vulnerable to a maximum severity, unauthenticated file upload flaw that is being actively exploited to hijack servers.

Notable Threat Actor Activity

Major Incidents or Breaches

• Microsoft has disclosed ongoing attacks by the threat actor Storm-1977, targeting cloud tenants in the education sector. The group has used password spraying techniques to compromise accounts and has deployed over 200 crypto mining containers within affected environments.

Notable Threat Actor Activity

• Storm-1977 continues to focus on education sector cloud environments, utilising automated password spraying and deploying crypto mining infrastructure post-compromise, indicating a trend towards monetisation via illicit resource use.

Trends, Tools, or Tactics of Interest

Major Incidents and Breaches

• Marks & Spencer Cyberattack

  • Marks & Spencer, a major UK retailer, has suspended online orders following a cyberattack. Recovery efforts are ongoing, with continued disruption to online shopping services.

• MTN Group Data Breach

  • African telecom giant MTN disclosed a cybersecurity incident resulting in unauthorised access to personal information of subscribers in certain countries. The breach is attributed to an unknown third party.

• Baltimore City Public Schools Data Breach

Major Incidents and Breaches

• Healthcare Sector Data Breaches

  • Frederick Health Medical Group suffered a ransomware attack in January, exposing data of nearly one million patients.
  • Yale New Haven Health (YNHHS) disclosed a breach affecting 5.5 million patients, with threat actors stealing personal data.
  • The Interlock ransomware gang claimed responsibility for an attack on DaVita, a kidney dialysis firm, and has leaked stolen data.
  • The 2023 cyberattack on Long Beach, California, has been confirmed to have leaked data of nearly 500,000 individuals.

• Lazarus Group Espionage Campaign

Major Incidents and Breaches

• Blue Shield of California Data Breach: The health data of 4.7 million members was exposed to Google’s analytics and ad platforms due to a misconfiguration, affecting sensitive personal and medical information. Additional healthcare sector breaches have been reported to regulators, indicating a concerning trend.
• National Labor Relations Board (NLRB) Data Exfiltration: A whistleblower alleges that significant volumes of sensitive agency data were siphoned by individuals associated with the Department of Government Efficiency (DOGE).
• Marks & Spencer Cyber Incident: Marks & Spencer is investigating a cyber incident that has impacted some customer operations.
• FBI Cybercrime Losses: The FBI reported $16.6 billion in cybercrime-related losses in 2024, a 33% increase year-over-year, marking the highest annual losses recorded.

Newly Discovered Vulnerabilities

Major Incidents and Breaches

• Marks & Spencer Cyberattack: The UK retailer confirmed a cyberattack affecting operations, including delayed Click and Collect orders. The company implemented temporary operational changes and is responding to the incident.
• DeepSeek Breach: An AI-focused organisation suffered a significant breach, with sensitive data appearing on dark web forums, highlighting ongoing risks to AI platforms.
• SK Telecom Data Exposure: South Korea’s largest mobile operator disclosed a malware attack that exposed sensitive USIM-related customer data.
• Healthcare Ransomware Attacks: Three additional healthcare organisations—DaVita, Bell Ambulance, and Alabama Ophthalmology Associates—were impacted by ransomware, continuing the trend of targeting healthcare.
• Baltimore Public Schools Data Breach: A February ransomware attack resulted in the theft of personal information belonging to thousands of students, teachers, and administrators.
• City of Abilene Cyberattack: The Texas municipality went offline following a cyberattack, with incident response and investigation ongoing.

Newly Discovered Vulnerabilities

Major Incidents and Breaches

• NLRB Data Exfiltration by DOGE: A whistleblower alleges that employees from Elon Musk’s Department of Government Efficiency (DOGE) siphoned gigabytes of sensitive case data from the US National Labor Relations Board (NLRB).
• City of Abilene Cyberattack: The city of Abilene, Texas, took systems offline following a detected cyber incident.
• Japan Brokerage Account Breaches: Japanese regulators issued an urgent warning after hundreds of millions of dollars in unauthorized trades were made from hacked brokerage accounts.
• Microsoft Entra Account Lockouts: Microsoft confirmed that recent Entra account lockouts were caused by a mishap involving the logging of short-lived user refresh tokens.
• ‘Fog’ Ransomware Campaign: The ‘Fog’ ransomware group, known for trolling victims with DOGE-themed ransom notes, has compromised over 100 victims since January.
• WordPress Ad Fraud Operation ‘Scallywag’: A large-scale ad fraud operation using malicious WordPress plugins generated approximately 1.4 billion fraudulent ad requests daily, primarily monetizing pirating and URL shortening sites.

Newly Discovered Vulnerabilities

Major Incidents and Breaches

• Japanese regulators issued an urgent warning regarding hundreds of millions of dollars in unauthorized trades from hacked brokerage accounts, indicating a significant financial sector breach.
• A large-scale ad fraud operation, ‘Scallywag’, was uncovered, leveraging malicious WordPress plugins to generate up to 1.4 billion fraudulent ad requests per day, primarily targeting pirating and URL shortening sites.

Newly Discovered Vulnerabilities

• ASUS urged immediate patching of a critical vulnerability (CVSS 9.2) in its AiCloud router series, which can be exploited via crafted requests, posing significant risk to affected users.
• Researchers highlighted ongoing exploitation of NTLM and iOS zero-day vulnerabilities, as referenced in weekly threat recaps.

Notable Threat Actor Activity