Major Incidents and Breaches

  • Episource, a healthcare SaaS provider, disclosed a data breach affecting 5.4 million patients in the United States, with health information stolen during a January cyberattack.
  • Asana reported a flaw in its Model Context Protocol (MCP) AI feature, which exposed customer data from some instances to other organisations.
  • Over 1,500 Minecraft players were infected by a multi-stage Java-based malware campaign, distributed via malicious game mods and cheats on GitHub, aiming to steal credentials and authentication tokens.
  • Pro-Israel hacking group Predatory Sparrow claimed responsibility for stealing and destroying over $90 million in cryptocurrency from Iran’s Nobitex exchange in a politically motivated attack.
  • Water Curse, a newly identified threat actor, was found to have hijacked 76 GitHub accounts to deliver multi-stage malware with data exfiltration and remote control capabilities.

Newly Discovered Vulnerabilities

  • Two local privilege escalation (LPE) vulnerabilities were discovered in major Linux distributions, affecting the PAM and Udisks components, allowing attackers to gain root privileges. Exploitation in the wild has been reported, and CISA has issued an alert regarding the OverlayFS subsystem flaw.
  • BeyondTrust released patches for a high-severity pre-authentication remote code execution vulnerability in its Remote Support (RS) and Privileged Remote Access (PRA) solutions, which could allow unauthenticated attackers to execute code remotely.

Notable Threat Actor Activity

  • North Korean APT BlueNoroff (Sapphire Sleet/TA444) used deepfake company executives in Zoom calls to trick employees into installing custom Mac malware.
  • Ryuk ransomware’s initial access specialist was extradited to the United States, highlighting ongoing law enforcement action against ransomware operators.
  • The Stargazers Ghost Network operated a distribution-as-a-service (DaaS) campaign targeting Minecraft users with infostealers via fake mods on GitHub.
  • An unidentified threat actor used Cloudflare Tunnel subdomains to host and deliver remote access trojans (RATs) through phishing emails in a campaign dubbed Serpentine#Cloud, leveraging .lnk shortcut files, in-memory code execution, and living-off-the-land tactics.
  • ChainLink phishing campaigns exploited trusted domains such as Google Drive and Dropbox to bypass security filters and conduct credential theft.

Trends, Tools, or Tactics of Interest

  • AI-generated voice deepfakes are improving in quality and present an increasing threat to organisations, with researchers noting their use in social engineering attacks.
  • Phishing campaigns are leveraging legitimate platforms (e.g., EUSurvey, Google Drive, Dropbox) to increase credibility and evade detection, as observed in recent sophisticated credential harvesting attacks.
  • The GodFather Android banking trojan has adopted virtualization tactics to take over banking and crypto apps by running them in isolated environments on compromised devices.
  • Varonis released the Jitter-Trap tool to detect beacons used by attackers for command-and-control communications, addressing evolving evasion techniques.
  • SMS-based two-factor authentication (2FA) remains vulnerable, as demonstrated by incidents where codes were intercepted by third-party companies, highlighting the ongoing risks with SMS 2FA.

Regulatory or Policy Developments

  • Microsoft announced that Microsoft 365 will soon block access to SharePoint, OneDrive, and Office files via legacy authentication protocols by default, affecting all tenants.
  • Meta added passkey login support to Facebook for Android and iOS, moving towards passwordless authentication standards.
  • OpenAI was awarded a $200 million contract to support the US Department of Defense with artificial intelligence for administrative process improvement.
  • Iran implemented internet blackouts amid ongoing conflict, driving citizens to less secure domestic apps and restricting access to external information.
  • Guidance for CISOs on AI governance and compliance with evolving regulations was highlighted, reflecting increased scrutiny of AI adoption and data protection requirements.