Major Incidents and Breaches

  • M&S Cyberattack: Marks & Spencer (M&S), a major UK retailer, experienced a cyberattack that disrupted warehouse operations, resulting in approximately 20% of logistics workers being told not to report to work. The incident highlights ongoing threats to supply chain and logistics infrastructure.
  • Ukrainian Service Outage: A Ukrainian cloud provider restored state and banking services following a data centre power outage that impacted government agencies and major companies.
  • WooCommerce Phishing Campaign: A large-scale phishing campaign is targeting WooCommerce users with fake security alerts, tricking them into installing backdoors under the guise of a “critical patch.”
  • Craft CMS Zero-Day Exploits: Attackers are actively exploiting two newly disclosed critical vulnerabilities in Craft CMS, compromising hundreds of servers to gain unauthorized access.
  • SAP NetWeaver Exploitation: Over 1,200 internet-facing SAP NetWeaver servers remain vulnerable to a maximum severity, unauthenticated file upload flaw that is being actively exploited to hijack servers.

Notable Threat Actor Activity

  • Earth Kurma APT Campaign: A newly identified APT group, Earth Kurma, has been conducting sophisticated attacks against government and telecommunications sectors in Southeast Asia since June 2023. Tactics include rootkit deployment and cloud-based data theft tools.
  • Uyghur Cyber-Espionage: Researchers identified a highly targeted spearphishing campaign deploying custom malware against senior members of the exiled World Uyghur Congress, indicative of ongoing cyber-espionage activities against dissident groups.
  • Iran Infrastructure Attack Claims: Iranian officials reported repelling “widespread and complex” cyberattacks targeting national infrastructure, though details remain unspecified.

Newly Discovered Vulnerabilities

  • Craft CMS: Two critical, newly disclosed vulnerabilities are being exploited in the wild in Craft CMS installations, enabling attackers to breach servers.
  • SAP NetWeaver: An unauthenticated file upload vulnerability (maximum severity) is under active exploitation, affecting over 1,200 exposed SAP NetWeaver instances.
  • Vulnerability Chaining: Analysis of five real-world vulnerabilities demonstrates that even lower-risk flaws can be chained or escalated by advanced threat actors to achieve significant breaches.

Trends, Tools, and Tactics

  • AI-Powered Phishing & Automation: Attackers are increasingly leveraging AI-driven phishing kits and automation, lowering the technical barrier to launching sophisticated attacks and exploiting commodity tools and credentials available on the dark web.
  • DDoS Attack Surge: Cloudflare reported a record number of DDoS attacks in 2024, with a 358% year-over-year increase, reflecting a significant escalation in volumetric and application-layer attack activity.
  • Forensic Tooling: Release of DataSurgeon, an open-source Linux tool for fast data extraction and transformation, enhances forensic investigation capabilities.
  • SRUM-DUMP v3: Updated forensic tools like SRUM-DUMP v3 are being used to uncover malware activity through advanced system resource usage monitoring.
  • Security Tooling: Ongoing development of anti-scam and anti-phishing features in security products such as Malwarebytes to counter evolving online fraud methods.

Regulatory and Policy Developments

  • US DoJ Data Security Program: The US Department of Justice announced new compliance rules for its Data Security Program, requiring organisations to reassess data sharing practices and business relationships.
  • Connected Vehicle Surveillance Risks: Reports indicate increased law enforcement interest in exploiting data generated by internet-connected vehicle features, raising privacy and surveillance concerns.

Operational and Platform Updates

  • Kali Linux Repository Signing Key: Offensive Security warned Kali Linux users to manually update their repository signing key to prevent update failures, following the loss of the previous key.
  • Microsoft Outlook & SharePoint Online: Microsoft is addressing ongoing issues with Outlook on the web and SharePoint Online, where users have experienced search delays and failures.
  • Coinbase 2FA Log Bug: Coinbase resolved an error in its 2FA activity logs that caused users to mistakenly believe their accounts had been compromised.