Ticker feed

Cybercriminals are targeting Ukrainian government entities with fake emails pretending to be from the National Police of Ukraine. The attacks use malicious SVG files that look like official legal notices, warning recipients of potential legal action if ignored.

When victims open the attachment, they're redirected to download a password-protected file that installs two dangerous programs: Amatera Stealer, which harvests passwords and cryptocurrency wallets from browsers and apps like Telegram, and PureMiner, which secretly mines cryptocurrency using the victim's computer.

Fortiguard Labs researchers discovered this "fileless" attack chain, which avoids detection by loading malware directly into memory rather than saving files to disk. The campaign represents another wave of cyberattacks targeting Ukraine since Russia's 2022 invasion.

Source: Dark Reading

A new report from insurer Hiscox reveals that 80% of companies hit by ransomware attacks pay the ransom, but only 60% successfully recover their data. The study surveyed 5,750 small and medium businesses, finding 27% were targeted in the past year.

Recent high-profile victims include Marks and Spencer, Co-op, and Jaguar Land Rover. JLR received a £1.5bn government loan guarantee after a month-long factory shutdown, with production losses estimated at £200m. M&S faces at least £300m in damages from an April attack.

Nearly a third of companies that paid ransoms faced additional demands for more money. The cyber insurance market, worth £521m last year, is expected to reach £2.4bn by 2033 as businesses seek protection.

Source: Sky News

Luxury London retailer Harrods disclosed that hackers accessed personal information of up to 430,000 online customers through a third-party provider breach. The stolen data includes names and contact details but excludes passwords and payment information.

The company refused to engage with the threat actors who contacted them about the breach. This incident is separate from a May cyberattack that targeted Harrods' systems directly.

The breach highlights ongoing supply chain vulnerabilities plaguing UK retailers. Earlier this year, M&S lost £300 million and Co-op lost £206 million from similar attacks linked to the Scattered Spider group. Recent studies show 97% of FTSE 100 companies experienced third-party breaches in the past year.

Source: Infosecurity Magazine

Chinese state-sponsored hackers have actively exploited CVE-2025-20333, a devastating zero-day vulnerability in Cisco ASA firewalls with a 9.9 severity score. The flaw allows remote code execution with root privileges when chained with another vulnerability that bypasses authentication.

The UAT4356 threat group deployed sophisticated malware called RayInitiator and LINE VIPER on compromised Cisco ASA 5500-X Series devices. RayInitiator persists at the firmware level, surviving reboots and updates, while LINE VIPER provides command and control capabilities through encrypted communications.

CISA issued Emergency Directive ED-25-03 requiring federal agencies to patch within 24 hours or disconnect affected devices. This represents a major evolution of the ArcaneDoor campaign, targeting critical network perimeter defenses worldwide.

Source: Cybersecurity News

BitSight's latest research reveals a troubling reversal in cybersecurity progress: internet exposure of industrial control systems (ICS) and operational technology (OT) jumped 12% in 2024, reaching over 180,000 visible devices monthly. The firm expects this number to approach 200,000 in 2025.

These aren't just forgotten legacy systems. New ICS/OT devices are going online with outdated protocols, minimal authentication, and poor network segmentation. The problem spans all studied protocols, from Modbus to BACnet, affecting energy grids, water treatment facilities, and building automation systems.

Making matters worse, vulnerabilities in these devices continue climbing. Many carry critical security flaws with CVSS scores of 10.0 and trivial exploit paths. The U.S. leads global exposure, particularly in manufacturing and utilities.

Attribution remains a major challenge—most devices trace only to ISPs, making it nearly impossible to notify operators of vulnerabilities.

Source: Industrial Cyber

Cybercriminals are exploiting SonicWall firewalls to deploy Akira ransomware, moving from initial breach to full encryption in as little as 55 minutes. Arctic Wolf Labs detected this ongoing campaign that began in late July 2025, targeting organizations across multiple sectors.

The attackers gain access through stolen SSL VPN credentials linked to CVE-2024-40766, a vulnerability from 2024. Even devices with multi-factor authentication and current patches are being compromised because hackers are using previously harvested credentials.

Once inside, attackers quickly scan networks, create admin accounts, disable security software, steal data, and deploy ransomware. Arctic Wolf urges organizations to immediately reset all SSL VPN credentials and monitor for suspicious logins from hosting providers.

Source: Cybersecurity News

Harrods has warned customers that personal data including names and contact details was stolen from a third-party provider's system. The luxury London department store emphasized that passwords and payment information weren't compromised in what the provider called an "isolated incident."

This breach is separate from earlier cyberattacks targeting Harrods this year. In May, the store restricted internet access as a precaution after attempted break-ins. Four people were arrested in July for suspected involvement in cyber-attacks against Harrods, Marks & Spencer, and the Co-op.

Harrods has notified authorities and affected customers, working with the third-party provider to address the security incident.

Source: The Guardian

The Cybersecurity and Infrastructure Security Agency issued an emergency directive Thursday after discovering attackers have been exploiting Cisco firewall vulnerabilities since at least November 2024. The attacks began with reconnaissance activity and escalated to memory modification on hundreds of federal government firewalls.

Cisco launched its investigation in May but waited four months to disclose the vulnerabilities and release patches. CISA's Chris Butera said the delay was necessary for proper investigation and patch development. Federal agencies must take immediate action by Friday's deadline.

While officials won't confirm attribution, outside researchers link the espionage campaign to Chinese state-sponsored groups. CISA warns attackers may accelerate or shift tactics now that the vulnerabilities are public.

Source: CyberScoop

CISA issued an emergency directive after discovering state-sponsored hackers are actively exploiting multiple zero-day vulnerabilities in Cisco firewalls and networking equipment. The campaign targets millions of devices, including ASA 5500-X series firewalls and IOS systems.

Three critical flaws allow remote code execution and privilege escalation: CVE-2025-20333 (CVSS 9.9), CVE-2025-20363 (CVSS 9.0), and CVE-2025-20362 (CVSS 6.5). A separate zero-day, CVE-2025-20352, affects SNMP systems in Cisco IOS software.

The attacks appear connected to the ArcaneDoor espionage campaign from spring 2024. Federal agencies must disconnect unsupported devices and upgrade others by September 26. Many affected devices are end-of-life, making immediate patching or replacement critical for organizations worldwide.

Source: Dark Reading

Cybercriminals have stolen names, pictures, and addresses of around 8,000 children from Kido nursery chain, which operates 18 sites across London plus locations in the US, India, and China. The hackers are demanding ransom and claim to possess information about parents and carers, plus safeguarding notes. They've even contacted some families by phone as part of their extortion tactics.

The Metropolitan Police confirmed receiving a ransomware attack report Thursday, with investigations ongoing through their cyber crime unit. The Information Commissioner's Office is also assessing the incident. This attack adds to a growing list of recent cyber-attacks on major companies, including Co-op's £80m profit hit and JLR's factory shutdowns.

Source: The Guardian