Major Incidents or Breaches

  • Colt Technology Services, a UK-based telecommunications provider, experienced a cyberattack attributed to the WarLock ransomware group. The incident resulted in a multi-day outage affecting hosting and porting services, with stolen data now being offered for sale.
  • Italian hotels suffered a breach in which tens of thousands of scanned guest IDs were stolen and subsequently listed for sale on underground forums, according to CERT-AGID.
  • Web infrastructure entities in Taiwan were compromised by the Chinese-speaking APT group UAT-7237. The attackers used customized open-source tools to establish persistent access.
  • National Public Data, a service previously involved in a significant Social Security Number leak, has resumed operations under new ownership, raising concerns about the continued exposure and handling of leaked personal data.
  • The Canadian House of Commons was reportedly hacked, and the Pennsylvania Attorney General was targeted in a cyberattack. Russia was identified as being behind a separate attack on a court system.

Newly Discovered Vulnerabilities

  • Cisco disclosed and patched a critical remote code execution vulnerability in the RADIUS subsystem of its Secure Firewall Management Center (FMC) software. The flaw is rated maximum severity.
  • Plex issued an urgent advisory for users to patch a recently discovered security vulnerability affecting its media servers.
  • Rockwell Automation released advisories for critical and high-severity vulnerabilities in its FactoryTalk, Micro800, and ControlLogix products.
  • A critical vulnerability was identified and patched in Zoom, details of which are referenced in industry news roundups.

Notable Threat Actor Activity

  • The Russian threat group EncryptHub continues to exploit a now-patched Microsoft Windows vulnerability (MSC EvilTwin) to deliver the Fickle Stealer malware.
  • WarLock ransomware claimed responsibility for the attack on Colt Technology Services and is selling exfiltrated data.
  • UAT-7237, a Chinese-speaking APT, targeted Taiwanese web servers with customized open-source hacking tools for long-term persistence.
  • Cybercriminals are leveraging sophisticated phishing kits to target brokerage account holders in a “ramp and dump” cashout scheme, converting stolen card data into mobile wallets.

Trends, Tools, or Tactics of Interest

  • Tech support scammers are targeting high-profile employees and influencers with fake podcast invitations as part of a new social engineering tactic, as reported by the Better Business Bureau.
  • There is an observed resurgence in traditional postal mail-based scams, with criminals exploiting physical mail systems to steal money.
  • Organizations are increasingly adopting AI-driven cybersecurity solutions to address staffing shortages and budget constraints.
  • Cybercriminals are shifting tactics to target brokerage accounts using mobile phishing and advanced cashout schemes.
  • The use of customized open-source tools by APT actors, such as UAT-7237, highlights a trend toward tailored toolsets for persistent access.

Regulatory or Policy Developments Affecting the Security Industry

  • The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) renewed sanctions against the Russian cryptocurrency exchange Garantex and imposed new sanctions on Grinex, its successor, for facilitating ransomware-linked illicit crypto transactions exceeding $100 million.
  • Microsoft reiterated that Windows 10 support will end in October 2025, affecting all editions of version 22H2.
  • Google announced that Android pKVM has achieved SESIP Level 5 certification, denoting resistance to highly skilled and well-funded attackers.