Major Incidents and Breaches

  • Marks & Spencer Ransomware Attack
    • Marks & Spencer experienced significant operational disruption, including outages and warehouse worker furloughs, due to a ransomware attack attributed to the “Scattered Spider” group.
  • Hitachi Vantara Ransomware Incident
    • Hitachi Vantara took servers offline to contain an Akira ransomware attack, impacting business operations.
  • VeriSource Data Breach
    • Employee benefits firm VeriSource confirmed that a February breach exposed personal information of 4 million individuals.
  • Urban One Data Breach
    • Urban One, a major media company, disclosed a data breach following claims by a ransomware group.
  • World Uyghur Congress Targeted by Malware
    • Senior members of the World Uyghur Congress were targeted in a sophisticated malware campaign via a trojanized UyghurEdit++ tool, indicating ongoing cyber-espionage efforts against exiled Uyghur groups.

Newly Discovered and Actively Exploited Vulnerabilities

  • SAP NetWeaver Visual Composer (CVE-2025-31324)
    • Over 1,200 internet-facing SAP NetWeaver servers remain vulnerable to an actively exploited unauthenticated file upload flaw, allowing server hijacking. Attacks began before SAP released a patch.
  • Craft CMS Zero-Day Flaws
    • Two newly disclosed critical vulnerabilities in Craft CMS are being exploited in the wild, with hundreds of servers likely compromised.
  • Broadcom Brocade Fabric OS and Commvault Web Server
    • CISA added high-severity vulnerabilities in Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities (KEV) database, indicating active exploitation.
  • Pymatgen 2024.1 Remote Code Execution
    • A high-risk remote code execution vulnerability has been disclosed in Pymatgen 2024.1.
  • WooCommerce Phishing Campaign
    • Attackers are distributing fake security patches to WooCommerce users, installing backdoors under the guise of critical updates.

Notable Threat Actor Activity

  • Earth Kurma APT
    • Newly identified APT group “Earth Kurma” has targeted government and telecom sectors in Southeast Asia since June 2023, using rootkits and cloud-based data theft tools.
  • Scattered Spider
    • Linked to the ransomware attack on Marks & Spencer, demonstrating continued targeting of UK-based large enterprises.
  • AI-Powered Phishing and Commodity Tools
    • Increased use of AI-powered phishing kits and automated attack tools is lowering the barrier to entry for less skilled threat actors.

Trends, Tools, and Tactics

  • AI and Automation in Threat Landscape
    • Attackers are leveraging AI, automation, and dark web resources to accelerate attack sophistication and frequency.
  • Record DDoS Attack Volumes
    • Cloudflare reported a 358% year-over-year increase in DDoS attacks, highlighting a surge in volumetric and application-layer attacks.
  • Supply Chain and Update Risks
    • Kali Linux users were warned of update failures due to a lost repository signing key, underscoring the importance of secure software supply chains.
  • Surveillance Risks in Connected Vehicles
    • Law enforcement agencies are increasingly exploiting data from internet-connected vehicle features for surveillance purposes.

Regulatory and Policy Developments

  • CISA KEV Updates
    • The U.S. CISA’s addition of new vulnerabilities to its KEV database may prompt UK organisations to review their own exposure and patch management processes.
  • US DoJ Data Security Program
    • New compliance rules from the US Department of Justice will require organisations to reassess data sharing practices, with potential implications for multinational firms operating in or with the US.
  • Windscribe Legal Precedent
    • Windscribe VPN was acquitted on charges regarding user data collection, reinforcing the legal standing of privacy-first service providers.

Other Notable Developments

  • Operational Disruptions
    • Ukrainian state and banking services were temporarily disrupted due to a data centre power outage, affecting government and corporate customers.
  • Security Tooling
    • Malwarebytes highlighted as a tool for combating online scams, reflecting ongoing emphasis on endpoint protection and anti-fraud solutions.

Summary of Key Risks

  • Ransomware remains a significant threat to large enterprises, with notable UK impact.
  • Actively exploited vulnerabilities in widely used enterprise software (SAP, Craft CMS, Broadcom, Commvault) require urgent attention.
  • AI-driven attack automation and phishing are reshaping the threat landscape, enabling more actors to launch sophisticated campaigns.
  • Regulatory changes and legal rulings are influencing data security and privacy practices globally.