Major Incidents or Breaches

  • The threat actor group Scattered Spider has been conducting a campaign targeting VMware ESXi hypervisors, focusing on organisations in the retail, airline, transportation, and insurance sectors in North America. The group has been observed deploying ransomware on critical infrastructure by compromising virtualized environments.

Newly Discovered Vulnerabilities

  • Researchers have identified over a dozen security vulnerabilities in Tridium’s Niagara Framework. These flaws could allow an attacker present on the same network to compromise smart building and industrial systems globally.
  • A critical vulnerability has been found in the Post SMTP email delivery WordPress plugin, which has approximately 400,000 installations. The flaw enables website takeover, and around half of the affected websites remain unpatched.

Notable Threat Actor Activity

  • Scattered Spider has escalated its focus on VMware ESXi environments, utilising direct attacks on hypervisors to facilitate ransomware deployment across multiple sectors in the US.

Trends, Tools, or Tactics of Interest

  • Increased distribution of free, high-value resources and whitepapers on AI security practices, including prompt engineering and agent frameworks, is being observed from leading industry organisations.