Major Incidents or Breaches

  • The April 2025 cyberattacks on UK retailers Marks & Spencer and Co-op have been attributed to the threat group Scattered Spider. The incidents have been classified as a “single combined cyber event,” with estimated damages reaching up to $592 million.
  • The UK Information Commissioner’s Office (ICO) has imposed a significant fine on 23andMe following its 2023 data breach.

Notable Threat Actor Activity

  • Scattered Spider has been identified as the group behind the coordinated attacks on Marks & Spencer and Co-op.
  • Israeli authorities have accused Iranian state-linked actors of hacking security cameras in Israel for espionage purposes.
  • Ukrainian hackers have reportedly disrupted a major Russian internet provider.
  • China’s Salt Typhoon threat group has claimed responsibility for another cyberattack, details of which were not specified.

Trends, Tools, or Tactics of Interest

  • Alternate Data Streams (ADS) are being highlighted as a method for adversary defense evasion, with recent discussions focusing on detection techniques using Python tools.

Regulatory or Policy Developments

  • The UK has levied a substantial fine against 23andMe in response to its 2023 data breach, indicating ongoing regulatory scrutiny of data protection practices.