Major Incidents or Breaches

  • Inotiv, a pharmaceutical company, confirmed a ransomware attack that resulted in the compromise and encryption of internal systems, with business operations impacted.
  • Vulnerabilities in a Workhorse Software application used by hundreds of municipalities exposed sensitive data; CERT/CC disclosed details following the release of patches.
  • Vulnerable internal services at Intel exposed information of 270,000 employees, as reported by a security researcher.
  • Microsoft is investigating an outage affecting Copilot and Office.com, impacting user access across North America.
  • Six major password managers are currently vulnerable to unpatched clickjacking flaws, potentially exposing user credentials, two-factor authentication codes, and credit card information.
  • McDonald’s staff and partner portals were found to have exposed APIs, sensitive data, and corporate documents due to security flaws.
  • Hackers are using legitimate ADFS redirects via office.com links to steal Microsoft 365 login credentials through phishing attacks.
  • The RapperBot DDoS-for-hire botnet was disrupted, and the alleged developer and administrator has been charged by the US Department of Justice.
  • A member of the “Scattered Spider” cybercrime group was sentenced to 10 years in prison and ordered to pay $13 million in restitution for SIM-swapping and related cyber offences.
  • Europol has clarified that a purported $50,000 reward for Qilin ransomware group members is a scam.

Newly Discovered Vulnerabilities

  • Apple released emergency security updates for iOS, iPadOS, and macOS, patching CVE-2025-43300, an out-of-bounds write zero-day vulnerability actively exploited in targeted attacks.
  • Google and Mozilla issued patches for multiple high-severity vulnerabilities in Chrome and Firefox browsers.
  • DOM-based clickjacking vulnerabilities affecting major password manager browser extensions could allow attackers to steal credentials and sensitive data.
  • A vulnerability in GPT-5’s routing mechanism can redirect user queries to older, less secure models, risking exposure to jailbreaks and unsafe outputs.
  • Researchers identified prompt injection vulnerabilities in AI browsers, such as Perplexity’s Comet, allowing malicious prompts to trigger unintended actions, including fraudulent purchases.
  • Vulnerabilities in McDonald’s internal portals exposed sensitive APIs and corporate documents.
  • CERT/CC disclosed information exposure vulnerabilities in Workhorse Software, used by local governments, after patch release.

Notable Threat Actor Activity

  • The Russian state-sponsored group “Static Tundra” (aka Energetic Bear) is exploiting a seven-year-old flaw in Cisco IOS/IOS XE software, targeting unpatched, end-of-life devices for cyber espionage against enterprises and critical infrastructure.
  • North Korean threat actors have conducted a coordinated cyber espionage campaign against diplomatic missions in South Korea, leveraging GitHub for command and control and deploying spear-phishing tactics.
  • Detailed spear-phishing attacks targeting European government entities in Seoul have been attributed to North Korea, China, or both.
  • Cybercriminals are increasingly abusing the AI-powered Lovable website builder to generate phishing pages, malware delivery sites, and fraudulent portals.
  • Low-skill attackers are leveraging LLM-generated scripts and services like Lovable to rapidly create convincing malicious websites.
  • Increased scanning activity targeting Airtell routers and web servers has been observed via honeypots.

Trends, Tools, or Tactics of Interest

  • HR-themed phishing attacks have surged by 120% in Q1 2025, with attackers impersonating internal HR communications to increase success rates.
  • The use of legitimate infrastructure (e.g., office.com, ADFS) in phishing campaigns is on the rise, enabling more convincing credential theft schemes.
  • AI browsers and agentic tools are being actively researched for vulnerabilities, with prompt injection and clickjacking emerging as significant risks.
  • The “Warlock” ransomware group is specifically targeting vulnerable on-premises SharePoint servers using sophisticated attack methods.
  • There is a notable increase in the abuse of AI-driven website builders (e.g., Lovable, Vibe) to lower barriers for cybercriminals, enabling rapid deployment of malicious sites.
  • The disruption of the RapperBot botnet and law enforcement action against its administrator highlight ongoing efforts to combat DDoS-for-hire operations.
  • Increased focus on shadow AI agents within enterprises, with concerns that unmonitored deployments could introduce significant security risks.

Regulatory or Policy Developments Affecting the Security Industry

  • Microsoft announced its Quantum-Safe Program, aiming to ensure all products and services are secured against quantum-based attacks by 2033.
  • Incode has acquired AuthenticID to enhance AI-driven identity verification, combining AI models with large-scale, regulated identity programme experience.
  • Europol issued a warning about fraudulent reward offers targeting ransomware group members, clarifying that a recently publicised Qilin reward is a scam.