Major Incidents and Breaches

  • Marks & Spencer confirmed customer data was stolen in a recent cyberattack. While no account passwords were compromised, customers are being required to reset passwords as a precaution.
  • Dior disclosed a cybersecurity incident resulting in the exposure of customer information.
  • Nucor Corporation, a major steel producer, experienced network disruptions due to a cyberattack, forcing parts of its systems offline for containment.
  • The Australian Human Rights Commission suffered a data breach in which private documents were leaked online and indexed by search engines.
  • Xinbi Guarantee, a Chinese-language Telegram marketplace, has been linked to $8.4 billion in illicit transactions, including crypto crime, romance scams, and North Korean money laundering.
  • North Korean IT worker scams are being exposed at scale, with researchers publishing 1,000 email addresses and photos linked to infiltration of Western companies.
  • Kosovo extradited the admin of BlackDB, an online cybercrime marketplace, to the US to face charges.

Newly Discovered Vulnerabilities and Exploits

  • Microsoft Patch Tuesday (May 2025): Microsoft released fixes for 78 vulnerabilities, including five zero-days under active exploitation. Notably, a CVSS 10 vulnerability impacts Azure DevOps Server.
  • Samsung patched CVE-2025-4632 in MagicINFO 9 Server, a critical flaw (CVSS 9.8) exploited to deploy Mirai botnet malware.
  • Fortinet addressed CVE-2025-32756, a zero-day RCE flaw in FortiVoice enterprise phone systems, confirmed as exploited in the wild.
  • Ivanti released updates for two vulnerabilities in Endpoint Manager Mobile (EPMM) that have been chained for remote code execution in limited attacks.
  • SAP NetWeaver vulnerability is being actively exploited by multiple ransomware groups, including BianLian and RansomExx, to deploy malware such as PipeMagic Trojan.
  • Google Chrome is rolling out a security change to prevent browser launches with admin privileges on Windows, reducing attack surface.
  • Open redirect vulnerabilities in trusted domains (e.g., google.com) continue to be abused in phishing campaigns.
  • Focused phishing attacks are leveraging trusted domains, real CAPTCHAs, and server-side validation for more targeted credential theft.

Notable Threat Actor Activity

  • Earth Ammit, a cyber espionage group, was linked to supply chain breaches in the drone sector via ERP systems in the VENOM and TIDRONE campaigns targeting Taiwan and South Korea.
  • Scattered Spider (aka UNC3944) tactics, previously used against UK retail chains, are now being deployed against US retailers.
  • Ransomware gangs are increasingly exploiting SAP NetWeaver vulnerabilities for initial access and malware deployment.
  • Meta Mirage, a global phishing campaign, is targeting Meta Business Suite users to hijack high-value business accounts.
  • Horabot malware is being distributed through invoice-themed phishing emails, targeting Windows users across six Latin American countries.

Trends, Tools, and Tactics of Interest

  • Phishing campaigns are becoming more sophisticated, with increased use of trusted domains, CAPTCHAs, and real-time validation to evade detection and improve targeting.
  • Telegram-based black markets remain a significant vector for cybercrime, with recent enforcement actions leading to shutdowns and exposure of major illicit marketplaces.
  • Shadow SaaS and AI usage is an emerging risk, with new tools (e.g., LastPass SaaS monitoring) being developed to detect unauthorised employee use of unsanctioned cloud and AI services.
  • Supply chain attacks via ERP systems and targeting of high-value sectors (e.g., drones, retail) remain prevalent.
  • AI agent security: Research indicates that AI agents can be manipulated by implanting fake “memories,” raising concerns about the integrity of autonomous systems.
  • Device hygiene: Daily phone reboots are recommended as a practical defense against persistent zero-click mobile exploits.

Regulatory and Policy Developments

  • Consumer Financial Protection Bureau (CFPB) in the US has canceled plans for tighter regulation of data brokers, potentially impacting privacy and data protection standards.
  • Telegram enforcement: Following media inquiries, Telegram banned thousands of accounts tied to crypto scam money laundering, disrupting several major illicit marketplaces.