Major Incidents and Breaches

  • Co-op Data Theft Confirmed: Co-op has verified that significant data was stolen in a recent cyberattack, following claims by the DragonForce ransomware group. The breach impacts a substantial number of current and former customers.
  • Magento Supply Chain Attack: Between 500 and 1,000 e-commerce stores, including a $40 billion multinational, were compromised through 21 backdoored Magento extensions in a widespread supply chain attack.
  • UK Retail Sector Under Attack: Multiple major British retailers, including Harrods, have been targeted by likely ransomware attacks in recent weeks. The UK NCSC has characterised these incidents as a “wake-up call” for the sector, urging improved cyber resilience.
  • Ransomware Surge in Food and Agriculture: Ransomware attacks targeting the food and agriculture sector have doubled in 2025, with the increase attributed largely to Clop’s exploitation of a popular file-sharing service.

Notable Threat Actor Activity

  • DragonForce Ransomware: Claimed responsibility for the Co-op breach, confirming ongoing ransomware activity against UK retailers.
  • Black Kingdom Ransomware: US authorities indicted a Yemeni national believed to be the developer and main operator behind Black Kingdom, which conducted approximately 1,500 attacks on Microsoft Exchange servers.
  • Scattered Spider: Despite recent law enforcement arrests, the group continues to conduct high-profile cyberattacks, underscoring its resilience and operational capability.
  • MintsLoader and GhostWeaver: The MintsLoader malware loader is being used to deliver the PowerShell-based remote access trojan GhostWeaver via phishing campaigns. The attacks leverage domain generation algorithms (DGA) and TLS encryption for stealth.

Newly Discovered Vulnerabilities and Exploits

  • Magento Extensions Backdoors: The compromised Magento extensions represent a significant supply chain vulnerability, affecting hundreds of e-commerce sites.
  • Developer Secrets Targeting: Threat actors are increasingly scanning for exposed secrets in configuration and repository files, highlighting the ongoing risk of credential leakage in software development pipelines.

Trends, Tools, and Tactics

  • Passwordless Authentication: Microsoft has made all new accounts passwordless by default, aiming to reduce risks from phishing, brute-force, and credential-stuffing attacks.
  • Automated Vulnerability Response: The Tines platform is promoting community-driven, pre-built workflows to automate CVE and vulnerability advisory responses, supporting more rapid and consistent remediation.
  • Stealth Malware Delivery: Recent campaigns (e.g., MintsLoader/GhostWeaver) demonstrate advanced use of multi-stage infection chains, obfuscation, DGA, and TLS for evasion.
  • Retail Sector Targeting: The ongoing wave of ransomware and cyberattacks against UK retailers signals a trend of increased targeting of the retail sector, likely due to its data-rich environment and operational impact.

Regulatory and Policy Developments

  • TikTok Fined for GDPR Breach: The Irish Data Protection Commission fined TikTok €530 million ($601 million) for illegally transferring personal data of EEA users to China, in violation of GDPR. This is among the largest fines issued under GDPR, reinforcing regulatory scrutiny of cross-border data transfers.
  • NCSC Advanced Cryptography Guidance: The UK NCSC has published a white paper on “Advanced Cryptography,” defining and providing guidance on cryptographic techniques for processing encrypted data and enhancing privacy and security.
  • US Regulatory Actions: The US Treasury is moving to cut off Huione Group, which is accused of laundering funds from North Korean cybercrime and investment scams. Separately, new security rules from the New York Department of Financial Services require finance firms to implement stronger protections against unauthorised access to information systems.

Other Industry Notes

  • Microsoft Exchange Online Issue Resolved: Microsoft fixed a bug in Exchange Online that was incorrectly flagging Gmail emails as spam due to a machine learning model error.
  • Privacy Concerns with Consumer Devices: Ongoing media coverage highlights persistent privacy risks associated with smart TVs and streaming devices collecting user data.