Major Incidents or Breaches

  • A coordinated hacking campaign has targeted major UK retail companies, resulting in data breaches and operational disruptions. The incident underscores ongoing risks to the retail sector from cybercriminal activity.
  • An Iranian state-sponsored threat group maintained persistent, covert access to a Middle East critical national infrastructure (CNI) organisation for nearly two years. The intrusion leveraged VPN vulnerabilities and custom malware, highlighting the long-term threat posed by advanced persistent threat (APT) actors to CNI environments.

Newly Discovered Vulnerabilities

  • Three malicious Go modules have been identified delivering disk-wiping Linux malware via the software supply chain. The modules contain obfuscated code that downloads payloads capable of irreversibly overwriting a Linux system’s primary disk. This represents a significant escalation in supply chain attack sophistication, targeting developer ecosystems.
  • A critical remote code execution (RCE) vulnerability has been disclosed in Apache Commons Text version 1.10.0 (CVE details pending). The flaw, similar in nature to “Text4Shell,” can be exploited via POST requests, posing a high risk to applications using the affected library.

Notable Threat Actor Activity

  • Iranian APT actors demonstrated advanced persistence techniques, maintaining undetected access to Middle Eastern CNI by exploiting VPN weaknesses and deploying tailored malware. Their activity included lateral movement and data exfiltration over an extended period.
  • France has officially attributed a recent wave of cyberattacks to Russian state-backed actors, reflecting ongoing nation-state cyber operations targeting European critical infrastructure and government entities.

Trends, Tools, or Tactics of Interest

  • Supply chain attacks are increasingly leveraging open-source ecosystems, with attackers embedding destructive payloads in widely used programming language modules (e.g., Go modules targeting Linux environments).
  • The use of steganography in cyber operations remains an area of interest, with new tools and challenges being developed to detect and counteract hidden data exfiltration techniques.

Regulatory or Policy Developments

  • Microsoft will discontinue password storage and autofill features in its Authenticator app starting July 2025, directing users to Edge’s password manager. This move further signals the industry’s shift toward passwordless authentication and integrated browser-based credential management.
  • The US is initiating measures to curb the so-called “gray market” for cyber tools, which are often exploited by scammers, indicating increased regulatory scrutiny over cybersecurity product distribution and use.