Major Incidents and Breaches

  • Marks & Spencer Cyberattack

    • Marks & Spencer, a major UK retailer, has suspended online orders following a cyberattack. Recovery efforts are ongoing, with continued disruption to online shopping services.

  • MTN Group Data Breach

    • African telecom giant MTN disclosed a cybersecurity incident resulting in unauthorised access to personal information of subscribers in certain countries. The breach is attributed to an unknown third party.

  • Baltimore City Public Schools Data Breach

    • Over 31,000 individuals have been notified of a data breach after attackers compromised the network in February, exposing employee and student information.

  • Craft CMS Zero-Day Exploitation

    • Ongoing zero-day attacks are targeting Craft CMS servers via a chained remote code execution exploit, resulting in data theft. CERT Orange Cyberdefense reports active exploitation.

  • Physical Cryptocurrency Theft

    • A recent case highlights the physical risks associated with cryptocurrency, involving a $250 million theft that escalated to kidnapping.

Newly Discovered Vulnerabilities

  • SAP NetWeaver Zero-Day (RCE)

    • A critical remote code execution vulnerability in SAP NetWeaver has been actively exploited to upload JSP web shells and deploy post-exploitation frameworks (e.g., Brute Ratel). SAP has issued out-of-band emergency patches.

  • Ivanti Connect Secure (ICS) Zero-Day (CVE-2025-0282)

    • Attackers exploited a now-patched zero-day in Ivanti Connect Secure to deploy DslogdRAT malware in Japan, enabling remote access and data exfiltration.

  • Rack Ruby Web Server Interface Flaws

    • Three vulnerabilities in the Rack Ruby server interface could allow unauthorised file access, code injection, and potential data breaches on affected Ruby servers.

  • Craft CMS RCE Vulnerabilities

    • Two vulnerabilities in Craft CMS are being chained in active zero-day attacks to breach servers and steal sensitive data.

  • Windows ‘inetpub’ Security Fix Abuse

    • A recent Windows security update creates an ‘inetpub’ folder, which can be abused by attackers to block future updates, potentially hindering patch management.

Notable Threat Actor Activity

  • Triada Trojan Resurgence

    • A new version of the Triada Trojan has been identified, featuring custom modules targeting popular applications such as Telegram, WhatsApp, and TikTok.

  • North Korean Threat Actors (Contagious Interview)

    • North Korea-linked groups are distributing malware via fake cryptocurrency firms and fraudulent job interview processes, leveraging front companies to compromise targets.

  • Chinese Salt Typhoon Group

    • The FBI is seeking assistance in identifying Salt Typhoon, a Chinese threat actor group linked to widespread breaches of telecommunications providers globally.

Trends, Tools, and Tactics

  • Phishing Kit Darcula – AI Upgrade

    • The Darcula phishing-as-a-service platform has integrated advanced AI capabilities, lowering the technical barrier for launching sophisticated phishing attacks.

  • Social Engineering via Zoom

    • Attackers are exploiting Zoom’s remote control feature in social engineering campaigns to gain control over victim machines and install malware.

  • Steganography for Payload Delivery

    • Recent research demonstrates the use of steganography to conceal malicious payloads, making detection by traditional security tools more challenging.

  • Mobile Application Security Concerns

    • Analysis of over 500,000 mobile apps reveals widespread encryption flaws, privacy issues, and vulnerabilities in third-party code, underscoring the persistent risks in the mobile ecosystem.

  • Surge in Vehicle Cyberattacks

    • Data indicates a 45% increase in attacks targeting vehicles, with ransomware against OEMs and compromised electric vehicle chargers as prominent attack vectors.

Regulatory and Policy Developments

  • FTC COPPA Rule Update

    • The US Federal Trade Commission has published updates to the Children’s Online Privacy Protection Act (COPPA) rule, effective 23 June, clarifying privacy obligations for online services handling children’s data.

  • Industry Leadership and Policy

    • Former CISA Director Jen Easterly has called for unity within the cybersecurity sector to resist the politicisation of the industry and to support mission-driven leadership.

Other Noteworthy Developments

  • Microsoft Windows 11 Updates

    • Windows 11 Recall AI is rolling out on Copilot+ PCs, and KB5055627 introduces multiple new features and bug fixes. However, a known issue with the ‘inetpub’ folder could introduce security concerns.

  • Security Education Initiatives

    • KnowBe4 has launched the KnowBe4 Academy, a new platform aimed at enhancing human risk management skills among security professionals and administrators.