Major Incidents and Breaches

  • Marks & Spencer Cyberattack: The UK retailer confirmed a cyberattack affecting operations, including delayed Click and Collect orders. The company implemented temporary operational changes and is responding to the incident.
  • DeepSeek Breach: An AI-focused organisation suffered a significant breach, with sensitive data appearing on dark web forums, highlighting ongoing risks to AI platforms.
  • SK Telecom Data Exposure: South Korea’s largest mobile operator disclosed a malware attack that exposed sensitive USIM-related customer data.
  • Healthcare Ransomware Attacks: Three additional healthcare organisations—DaVita, Bell Ambulance, and Alabama Ophthalmology Associates—were impacted by ransomware, continuing the trend of targeting healthcare.
  • Baltimore Public Schools Data Breach: A February ransomware attack resulted in the theft of personal information belonging to thousands of students, teachers, and administrators.
  • City of Abilene Cyberattack: The Texas municipality went offline following a cyberattack, with incident response and investigation ongoing.

Newly Discovered Vulnerabilities

  • GCP Cloud Composer Privilege Escalation: A now-patched vulnerability in Google Cloud Platform’s Cloud Composer could have allowed attackers to escalate privileges via malicious PyPI packages.
  • Active! Mail RCE Zero-Day: A remote code execution vulnerability in Active! Mail is being actively exploited in attacks against large Japanese organisations.
  • Ripple’s xrpl.js Library Compromised: The widely used Ripple cryptocurrency JavaScript library “xrpl.js” was compromised, enabling theft of XRP wallet seeds and private keys.
  • Cookie-Bite Attack PoC: A proof-of-concept demonstrates how a malicious Chrome extension can steal Azure Entra ID session tokens, bypassing MFA and maintaining access to Microsoft 365 services.
  • Docker Malware Targeting Teneo Web3 Node: A new malware campaign exploits Docker environments using a previously undocumented technique to mine cryptocurrency by faking heartbeat signals.

Notable Threat Actor Activity

  • Russian Organisations Targeted by Sophisticated Backdoor: A new backdoor, disguised as secure networking software updates, is being used to target Russian entities.
  • China-Linked Billbug Group: The Billbug APT (aka Lotus Panda/Blossom, Bronze Elgin) breached multiple organisations in a Southeast Asian country, continuing its targeting of government and telecom sectors.
  • Russia-Linked Phishing on NGOs: Russian threat actors are conducting phishing campaigns against NGOs connected to Ukraine, using video call lures to compromise Microsoft 365 accounts.
  • Russian Sabotage Against Dutch Critical Infrastructure: Dutch intelligence reported Kremlin-backed attempts to sabotage critical infrastructure, underlining ongoing state-sponsored cyber risk.
  • Elusive Comet Hacking Group: This group is exploiting Zoom’s remote control feature in social engineering attacks to steal cryptocurrency from users.

Trends, Tools, and Tactics

  • Increasing Abuse of AI in Cybercrime: Threat actors are leveraging AI tools to assist in social engineering, phishing, and scam campaigns, as highlighted in Microsoft’s latest Cyber Signals report.
  • Phishing via Google Sites and DKIM Replay: Sophisticated phishing attacks are abusing Google Sites and DKIM replay to send signed emails that redirect to credential harvesting pages.
  • Browser Security Concerns: The browser is increasingly the primary endpoint in cloud-native workplaces, yet remains largely unmonitored, presenting a growing attack surface.
  • Microsoft Secure Future Initiative: In response to the Storm-0558 breach, Microsoft has migrated MSA signing services to Azure confidential VMs and is purging millions of legacy cloud tenants, as part of broader security enhancements.
  • Android and Chrome Security Updates: Android will introduce auto-reboot after three days of inactivity, and Chrome is dropping third-party cookie prompts while adding IP protection in Incognito mode.
  • Sensitive Content Protection: Google Messages is rolling out a feature to warn users about potentially explicit images and allow easy blocking, improving user safety.

Regulatory and Policy Developments

  • Zambia’s New Cyber Laws: Recently signed cyber security and cyber crime acts in Zambia have raised concerns among international observers regarding increased surveillance and potential suppression of dissent.

Other Notable Observations

  • Edge Vulnerabilities and SMB Threats: Verizon’s report notes a surge in edge-related vulnerabilities, persistent ransomware threats, and ongoing challenges for small and medium businesses (SMBs).
  • Legal Debates on Device Search Protections: Ongoing discussions about the comparative legal protections of biometrics vs. passcodes for device searches, relevant for privacy and compliance considerations.