Major Incidents and Breaches

  • APT29 Targeting European Diplomats

    • Russian state-sponsored group APT29 has launched a phishing campaign against European diplomatic entities.
    • The campaign uses wine-tasting themed lures and deploys a new variant of WINELOADER, named GRAPELOADER, to gain initial access and maintain persistence.

  • Malicious npm Packages Planting SSH Backdoors

    • Three rogue npm packages, mimicking a popular Telegram bot API library, were discovered to contain SSH backdoors and data exfiltration capabilities.
    • These packages target Linux systems and could facilitate broader supply chain attacks.

  • Microsoft Entra ID Account Lockouts

    • A new “leaked credentials” detection feature in Microsoft Entra ID has caused widespread account lockouts across multiple organizations due to false positives.
    • The incident has impacted Windows administrators and disrupted user access.

Newly Discovered Vulnerabilities

  • ASUS AiCloud Routers Critical Flaw

    • ASUS confirmed a critical vulnerability affecting routers with AiCloud enabled, allowing remote attackers to execute unauthorized functions.
    • Users are urged to update firmware immediately to mitigate risk.

  • Erlang/OTP SSH Remote Code Execution (CVE-2025-32433)

    • Public exploits have been released for a critical SSH vulnerability in Erlang/OTP, enabling unauthenticated remote code execution.
    • Immediate patching is advised for all affected systems.

Notable Threat Actor Activity

  • APT29 (Russian State-Sponsored)
    • Continued focus on diplomatic targets in Europe, leveraging themed phishing lures and evolving custom malware (GRAPELOADER).

Trends, Tools, or Tactics of Interest

  • Android Malware-as-a-Service: SuperCard X

    • Emergence of ‘SuperCard X’, an Android MaaS platform facilitating NFC relay attacks.
    • The malware enables attackers to use stolen credit card data for unauthorized point-of-sale and ATM transactions via compromised Android devices.

  • Supply Chain Attacks via Open Source Repositories

    • Ongoing trend of threat actors leveraging open source package repositories (npm) for initial access and persistent backdoors.

Regulatory or Policy Developments

  • No significant UK or EU regulatory changes reported in the current cycle. Notable international developments include a US judicial ruling limiting police use of mobile phone tower dumps and ongoing geopolitical cyber attribution activity, but no direct impact on UK industry policy at this time.