Cyberattacks Surge: Marks & Spencer Breach Highlights Growing Threats
Cyberattacks Surge: Marks & Spencer Breach Highlights Growing Threats
On May 25, 2025, Marks & Spencer, a prominent British retailer, fell victim to a significant cyberattack attributed to the hacking group DragonForce. The breach resulted in the theft of both customer and employee data, leading to an estimated profit loss of £300 million. This incident is part of a disturbing trend, affecting multiple UK retailers including Co-op and Harrods, indicating a coordinated offensive that underscores the vulnerability of the retail sector to sophisticated cyber threats.
In addition, Coinbase faced a ransomware incident where attackers, leveraging bribed customer support staff, gained unauthorized access to user data. The company's CEO has taken a strong stance against paying the ransom, instead offering a reward for information leading to the perpetrators.
The US CISA has also issued alerts regarding critical vulnerabilities in SolarWinds and Ivanti products that could enable remote code execution, stressing the urgency for organizations to apply patches. Meanwhile, a severe flaw in Windows Server 2025 raises alarms with no patch currently available, leaving users exposed to potential domain control risks.
Also In Security Today
- Coinbase Ransomware Incident: Coinbase's recent ransomware attack involved bribed customer support staff gaining access to user data. The company's refusal to pay the ransom reinforces the need to address insider threats. VeriTech Consulting
- Critical Vulnerabilities Alert: CISA has flagged critical vulnerabilities in SolarWinds and Ivanti products, which could lead to unauthorized access and remote code execution. Organizations are urged to patch immediately. The Hacker News
- Windows Server Vulnerability: A severe flaw in Windows Server 2025 could allow unauthorized domain control. The lack of an available patch raises significant security concerns for organizations. Cybersecurity Newsletter