July 31, 2025

CISA Announces Release of Thorium for Malware Analysis

The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with Sandia National Laboratories, released Thorium, an automated, scalable malware and forensic analysis platform that can integrate commercial, custom, and open-source analysis tools and enable cyber defenders to quickly assess malware threats and index forensic analysis results into a unified platform.Advanced persistent threats using malware continue to increase in volume and […]
July 10, 2025

Qilin Ransomware Dominates the Month

The Qilin ransomware group emerged as the most dominant player in the global ransomware landscape, consolidating its position as a formidable cyber extortion actor. The group was responsible for approximately 73 confirmed victims, accounting for nearly 17% of the 423 ransomware disclosures tracked worldwide during the month. This marks the third time in four months that Qilin has led in […]
June 20, 2025

WestJet Cyber Attack Causes Travel Disruption

WestJet confirmed it had been the target of a sophisticated cyberattack that caused significant disruption for customers. The incident was first detected on June 13, when suspicious activity was identified across the airline’s digital systems. Although flight operations and aircraft safety were not compromised, customers encountered service interruptions, particularly when attempting to access bookings through the airline’s website and mobile […]
June 18, 2025

Lee Enterprises says cybersecurity incident cost millions

Lee Enterprises, a major U.S. regional newspaper publisher, continued to grapple with the aftermath of a ransomware attack attributed to the Qilin gang that disrupted operations across more than 75 newspapers and exfiltrated nearly 350 GB of sensitive data. The breach compromised information of about 39,779 individuals, including names, Social Security numbers, driver’s license details, financial and medical records, and […]
June 17, 2025

Supply Chain Attack on NPM Packages

In June 2025, a significant supply chain attack on the NPM ecosystem was uncovered, primarily affecting multiple React-Native Aria packages that had been tampered with to distribute a Remote Access Trojan (RAT). The malicious code was embedded in seemingly routine updates, beginning with @react-native-aria/focus version 0.2.10 and quickly spreading across related packages, many of which collectively record hundreds of thousands […]
May 17, 2025

Peter Green Chilled Supply Chain Attack

UK-based logistics firm Peter Green Chilled, a key distributor of chilled, frozen, and ambient foods to major supermarkets including Tesco, Sainsbury’s, M&S, Aldi, Waitrose, Co-op, Asda, and Morrisons, suffered a significant ransomware attack. The incident began on the evening of 14 May, when malicious actors encrypted the company’s systems. By 15 – 16 May, order processing was fully disrupted, though […]
April 5, 2025

 Massive Cyber-Attack Halts Marks & Spencer Operations

Marks & Spencer experienced a massive cyberattack that completely halted its online operations, including website and app transaction processing. While customers could still browse products, all new orders were suspended as a precautionary measure stores remained open for in-person shopping.The breach, which began during the Easter weekend, also disrupted click-and-collect services, contactless payments, and other in-store functionalities. M&S relied on […]
March 30, 2025

Cyber Attack Disrupts Ukrainian Railway’s Online Services

Ukrainian state railway operator Ukrzaliznytsia was formally and definitively attacked by a large-scale, multi-layered cyberattack that disrupted its online services, particularly the mobile app and website used for ticket purchases. Despite this, train schedules remained unaffected, and all physical train operations continued uninterrupted. As a result of the attack, significant queues formed at Kyiv’s central railway station and other major […]
March 28, 2025

Massive Supply Chain Attack on GitHub Actions

A major supply chain attack targeted GitHub Actions, one of the most widely used automation platforms in modern software development. The incident involved the compromise of the popular open-source Action tj-actions/changed-files, which had been adopted in more than 23,000 repositories. Researchers discovered that malicious code had been injected into the Action, enabling the exfiltration of sensitive secrets such as API […]