The digital landscape is a battlefield, and this week has been no exception. A relentless barrage of cyberattacks has targeted organizations of all sizes, from critical infrastructure providers to small businesses. The first and most crucial step in defending your organization is understanding your vulnerabilities. A professional Cyber Penetration Test is the only way to gain a clear picture of your security risks and build a resilient defense.
This weekly threat report from Cyber Grants Alliance breaks down the top 10 most significant cybersecurity incidents from the past week to help you stay informed and protected.
A critical remote code execution (RCE) vulnerability in the Windows Server Update Service (WSUS) has been actively exploited by attackers. This flaw, identified as CVE-2025-59287, allows an unauthenticated attacker to execute arbitrary code with system privileges on affected servers. The vulnerability impacts a wide range of Windows Server versions, including 2012, 2016, 2019, 2022, and 2025. Microsoft has released an out-of-band emergency patch to address this critical issue, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added it to its Known Exploited Vulnerabilities (KEV) catalog, urging organizations to patch their systems immediately.
Any organization that uses Windows Servers with the WSUS role enabled is at risk. This includes a vast array of industries, from small businesses to large enterprises, as WSUS is a common tool for managing updates across a network. However, organizations with large, complex IT environments and a heavy reliance on Windows infrastructure, such as those in the government, healthcare, and financial services sectors, are particularly vulnerable due to the potential for widespread disruption and data breaches.
The e-commerce world was put on high alert with the active exploitation of a critical vulnerability in Adobe Commerce (formerly Magento), dubbed “SessionReaper” (CVE-2025-54236). This improper input validation flaw allows attackers to take over customer accounts without any user interaction, posing a severe threat to online stores. Security researchers have described it as one of the most severe bugs in Magento’s history. Despite a patch being available for six weeks, an estimated 62% of Magento stores remain unpatched and vulnerable to this attack, which has already seen hundreds of exploitation attempts.
The retail and e-commerce industry is the most vulnerable to this threat. Any business that uses an Adobe Commerce or Magento platform for their online store is at direct risk. A successful exploit could lead to customer data theft, fraudulent purchases, and significant reputational damage, making it a top priority for all online retailers to patch their systems immediately.
The Qilin ransomware group has been particularly active this week, claiming responsibility for a series of attacks against various U.S. organizations. Notable victims include the City of Sugar Land in Texas, the Essential Cabinetry Group, and the law firm Kaufman & Stigger. These attacks demonstrate the group’s broad targeting strategy, hitting municipalities, manufacturers, and professional services firms alike. The Qilin group’s continued activity highlights the persistent and indiscriminate nature of ransomware attacks.
The diverse range of victims indicates that no single industry is safe from the Qilin ransomware group. However, their recent targets suggest a focus on organizations that are perceived as having a low tolerance for downtime and a high likelihood of paying a ransom. This includes municipal governments, manufacturing companies, and legal firms. These sectors often hold sensitive data and provide essential services, making them attractive targets for ransomware gangs.
The Pwn2Own hacking competition in Ireland saw security researchers successfully demonstrate 73 unique zero-day vulnerabilities in a range of popular software products. A total of $1,024,750 was awarded for these discoveries, which affect products from major vendors. While the specific details of all the vulnerabilities have not been made public to allow vendors time to patch, this event serves as a stark reminder of the inherent vulnerabilities that exist in even the most widely used software.
Because the vulnerabilities were found in a wide range of software, virtually every industry is affected. However, businesses that are slow to patch and update their software are most at risk. This is particularly true for organizations with limited IT resources, such as small and medium-sized businesses (SMBs), which may not have dedicated security teams to manage and apply patches in a timely manner.
A new and sophisticated phishing technique, dubbed “CoPhish,” has emerged, which weaponizes Microsoft Copilot Studio agents to steal OAuth tokens. This attack leverages the trust associated with legitimate Microsoft domains to deliver fraudulent OAuth consent requests. By tricking users into granting permissions to a malicious application, attackers can gain access to their accounts and data. This novel attack vector highlights the evolving nature of phishing attacks and the need for constant vigilance.
This attack can affect any organization that uses Microsoft 365 and other services that rely on OAuth for authentication. However, businesses that have embraced cloud services and have a large number of employees using these platforms are particularly vulnerable. This includes the technology, consulting, and professional services industries, where the use of collaborative cloud-based tools is widespread.
Users of the popular password manager LastPass are being targeted by a phishing campaign that uses social engineering to try and gain access to their password vaults. The attackers send emails with fake access requests, often claiming to be part of a legacy inheritance process, to trick users into revealing their master passwords. This campaign underscores the importance of user education and awareness in preventing social engineering attacks, as even the most secure tools can be compromised if users are not careful.
This phishing campaign can target any individual or organization that uses LastPass. However, businesses that have standardized on LastPass for their password management are at a higher risk of a widespread breach if multiple employees fall for the scam. This is particularly true for organizations in the technology and financial sectors, where the value of the data stored in password managers is extremely high.
While the ransomware attack on Jaguar Land Rover occurred some time ago, a recent report has revealed its staggering economic impact, estimated at $2.8 billion in the UK. This figure, which rivals the impact of the Change Healthcare attack in the United States, serves as a powerful reminder of the far-reaching consequences of a major cyberattack. The incident highlights not only the direct costs of a breach, such as ransom payments and recovery efforts, but also the indirect costs, including production downtime, supply chain disruptions, and long-term reputational damage.
The automotive and manufacturing industries are particularly vulnerable to the types of disruptions caused by a major ransomware attack. The interconnected nature of modern supply chains means that an attack on a single manufacturer can have a ripple effect across the entire industry. This case study should serve as a wake-up call for all manufacturing companies to bolster their cybersecurity defenses.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a critical vulnerability in Motex’s Lanscope Endpoint Manager that is being actively exploited by hackers. Endpoint management tools are a prime target for attackers, as they provide a centralized point of access to a large number of devices within a network. A successful exploit could allow attackers to deploy malware, steal data, and move laterally across the network.
Any organization that uses Lanscope Endpoint Manager is at direct risk. However, businesses with a large number of endpoints, such as those in the healthcare, education, and retail sectors, are particularly vulnerable. These industries often have a diverse and geographically dispersed network of devices, making centralized endpoint management a necessity, but also a potential single point of failure if not properly secured.
The notorious North Korean hacking group, Lazarus, has been linked to a new espionage campaign targeting European defense companies. The attackers are using fake job offers as a lure to trick employees into downloading malware, which is then used to steal sensitive information related to drone technology and other defense systems. This campaign is a clear example of state-sponsored cyber espionage and highlights the ongoing threat posed by nation-state actors.
The defense and aerospace industry is the primary target of this campaign. Any company involved in the development of advanced military technology is a high-value target for state-sponsored hackers. This incident should serve as a reminder to all defense contractors to be vigilant against social engineering attacks and to have robust security measures in place to protect their intellectual property.
The popular data breach notification service, Have I Been Pwned, has added over 180 million stolen credentials to its database. This massive influx of data comes from various sources and highlights the ongoing epidemic of credential theft. Stolen credentials are a valuable commodity on the dark web and are often used to carry out a wide range of attacks, from account takeovers to large-scale identity theft.
This threat affects every industry and every individual who has an online account. However, businesses that do not enforce strong password policies and multi-factor authentication (MFA) are at a much higher risk of being compromised. This is particularly true for organizations in the financial services and healthcare sectors, where the consequences of a data breach can be particularly severe.
👉 Visit our website and apply for a grant today to strengthen your defenses.
Don’t wait until it’s too late. Take the first step towards a more secure future by running a Cyber Penetration Test and exploring the grant opportunities available through the Cyber Grants Alliance.
