Major Incidents and Breaches

  • Healthcare Sector Data Breaches

    • Frederick Health Medical Group suffered a ransomware attack in January, exposing data of nearly one million patients.
    • Yale New Haven Health (YNHHS) disclosed a breach affecting 5.5 million patients, with threat actors stealing personal data.
    • The Interlock ransomware gang claimed responsibility for an attack on DaVita, a kidney dialysis firm, and has leaked stolen data.
    • The 2023 cyberattack on Long Beach, California, has been confirmed to have leaked data of nearly 500,000 individuals.

  • Lazarus Group Espionage Campaign

    • North Korea-linked Lazarus Group targeted at least six South Korean organizations across software, IT, finance, and telecommunications sectors.
    • Attackers exploited flaws in Cross EX and Innorix software, deploying ThreatNeedle malware in watering hole attacks.

  • Microsoft 365 Account Hijacking

    • Russian threat actors exploited OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts, targeting organizations related to Ukraine and human rights.

Newly Discovered Vulnerabilities

  • Commvault Command Center Critical Flaw

    • CVE-2025-34028: A critical vulnerability in Commvault Command Center allows remote code execution with highly privileged access. The flaw has been patched but poses substantial risk to sensitive data and backups.

  • Linux io_uring Rootkit

    • Researchers demonstrated a proof-of-concept rootkit (“Curing”) leveraging Linux’s io_uring interface to bypass system call-based threat detection, creating a significant security blindspot for Linux environments.

  • KiviCare Clinic & Patient Management System

    • Version 3.6.4 is vulnerable to unauthenticated SQL injection, posing a medium risk to healthcare organizations using this EHR platform.

Notable Threat Actor Activity

  • Darcula Phishing-as-a-Service Platform

    • The Darcula PhaaS platform has integrated generative AI features, lowering the technical barrier for cybercriminals to craft convincing phishing campaigns.

  • North Korean IT Worker Recruitment Scams

    • North Korean IT workers are increasingly using generative AI tools to fraudulently secure employment at US and European tech companies.

  • Interlock Ransomware

    • The group continues to publicly leak data from high-profile healthcare sector victims, increasing extortion pressure.

  • SessionShark Toolkit

    • A new toolkit is circulating that enables bypassing Microsoft Office 365 MFA by stealing session tokens, despite being marketed as an educational resource.

  • Android NFC Malware

    • “SuperCard X” malware exploits the NFC reader on victims’ Android devices to instantly steal credit card funds, highlighting evolving mobile malware tactics.

Trends, Tools, and Tactics

  • Rapid Vulnerability Exploitation

    • In Q1 2025, 159 CVEs were exploited in the wild, with 28.3% targeted within 24 hours of disclosure, underscoring the need for accelerated patching cycles.

  • Email Security Deficiencies

    • 50% of organizations lack effective protection against email spoofing, leaving them vulnerable to phishing and business email compromise.

  • Zero Trust Automation in Healthcare

    • Adoption of automated zero trust approaches, including dynamic policy enforcement and risk scoring, is increasing in healthcare without requiring network redesign.

  • Phishing and Ransomware Prevalence

    • FBI reports cybercrime losses rose to $16.6B in 2024, with phishing as the most reported crime and ransomware as the leading threat to critical infrastructure.
    • Ransomware is now implicated in nearly half of all data breaches, though most victims (64%) do not pay ransoms.

  • Encrypted Email Risks

    • Gmail’s rollout of end-to-end encryption for business customers may inadvertently facilitate phishing attacks, especially targeting non-Gmail users.

Regulatory and Policy Developments

  • UK Sanctions on Russia

    • The UK has expanded sanctions, including a ban on exporting video game controllers to Russia, aiming to disrupt equipment supply chains for attack drone operations.

  • AI Security and Compliance

    • Microsoft increased bug bounty payments up to $30,000 for AI vulnerabilities in Dynamics 365 and Power Platform, reflecting a growing focus on AI security.
    • Regulatory guidance highlights the need for organizations to proactively address encryption, AI security, and platform consolidation to manage compliance and risk.

Other Noteworthy Updates

  • Microsoft Exchange Online Spam Filtering

    • Microsoft resolved a machine learning bug that incorrectly flagged Adobe emails as spam.

  • Teltonika Networks SMS Gateway Attacks

    • Ongoing exploitation of SMS gateways is contributing to large-scale SMS spam campaigns.