Kirsten Doyle

The recent breach at Marks & Spencer (M&S) went undetected for up to 52 hours, a lapse insiders have called a “colossal mistake” caused by human error.   The attackers infiltrated M&S’s IT systems through a contractor and were then able to lurk undetected in the systems for more than two days before the alarm was sounded. Once discovered, emergency teams worked relentlessly over a five-day period to contain the attack and protect the retailer, which serves around 9.4 million active customers. Despite these efforts, the online shop remains offline weeks after the incident, and staff have been working around the…

The Qualys TRU has discovered a new PowerShell-based shellcode loader, designed to load and execute a variant of Remcos RAT.   The attack begins with malicious .LNK files embedded in ZIP archives, often disguised as Office documents. When opened, these shortcuts trigger mshta.exe to execute an obfuscated HTA file. This file contains VBScript that bypasses Windows Defender, downloads additional payloads (including a PowerShell script), and configures the system for persistence by modifying registry keys and setting PowerShell execution policies to bypass mode. Payloads are saved in the C:/Users/Public/ directory and are designed to run silently at system startup. Stealth, Evasion Capabilities …

Coinbase has uncovered a targeted insider attack involving rogue overseas support agents bribed by malicious actors to steal customer data to extort the company. While a small subset of users was impacted, no passwords, private keys, or funds were compromised. Coinbase Prime accounts were also unaffected. The malefactors demanded a $20 million ransom, which Coinbase refused to pay. Instead, the company has created a $20 million reward fund for information leading to the arrest and conviction of those responsible. What Happened A group of attackers bribed a small number of third-party support agents outside the U.S. to access internal tools…

Google has warned that the bad actors linked to the recent cyberattack on British retailer Marks & Spencer (M&S) is now setting its sights on U.S. retail companies. The group, known as “Scattered Spider,” is described by cybersecurity analysts as a loosely connected network of hackers with varying levels of sophistication. Despite their decentralized structure, the group has proven highly effective at executing disruptive cyberattacks against major corporations. John Hultquist, Chief Analyst at Google Threat Intelligence Group, told BleepingComputer, that the US retail sector is currently in the crosshairs of ransomware and extortion operations that Google suspects are linked to…

SafetyDetectives’ cybersecurity team has discovered a forum post on the clear web where a threat actor claimed to be selling a database connected to The Epoch Times. The dataset reportedly includes 32 million records. The Epoch Times is a multilingual media company founded in 2000. It was launched to provide uncensored news, particularly for readers in China, where access to independent media has long been restricted. Its first English-language edition appeared in 2003. Today, the publication is accessible in 35 countries, though it remains blocked in mainland China. The data was advertised on a well-known, clear web forum that hosts…

Two serious security vulnerabilities have been discovered in TheGem, a premium WordPress theme used by more than 82,000 websites worldwide. Researchers warn that when exploited together, these flaws can lead to remote code execution (RCE), potentially giving attackers full control over affected websites.  Security researchers at Wordfence identified the vulnerabilities in versions 5.10.3 and earlier of the TheGem theme. While each flaw poses a risk on its own, their combined use creates a dangerous attack chain. According to Wordfence, the downloaded file is copied to the WordPress uploads folder, which is publicly accessible by default. Bad actors could combine the…

Luxury fashion brand Dior has alerted customers to a data breach involving its Chinese customer database. The company revealed that an unauthorised external party had gained access to sensitive customer information, though financial data was not affected.  The breach came to light after Dior sent an internal memo to affected consumers on 13 May. According to multiple Chinese media outlets, including Global Times, the memo stated that the company discovered the breach on 7 May. The compromised data includes customer names, gender, phone numbers, email addresses, mailing addresses, purchase histories, shopping preferences, and other user-related information collected by Dior. In…

Zoom Video Communications has disclosed several security vulnerabilities in its Workplace Apps for Windows, macOS, Linux, iOS, and Android platforms. These flaws, which range from medium to high severity, could lead to issues like unauthorized access, denial-of-service (DoS), or remote code execution if exploited. One of the more serious vulnerabilities (CVE-2025-30663) is a time-of-check to time-of-use (TOCTOU) issue caused by a race condition in the app. With a CVSS 4.0 score of 5.9, this flaw could let a local attacker exploit timing gaps to access sensitive data or increase their system privileges. Although it requires access to the affected device…

Marks & Spencer (M&S) has fessed up that personal customer data was stolen in the recent cyber-attack, and that it could include contact details and dates of birth. The company’s chief executive Stuart Machin said: “As we continue to manage the current cyber incident, we have written to customers to let them know that unfortunately some personal information has been taken.” He stressed that there is no reason to believe that the information has been shared and it does not include any useable card or payment details, or account passwords. “There is no need for customers to take any action.” …

The European Union Agency for Cybersecurity (ENISA) has officially launched the European Vulnerability Database (EUVD) to enhance cyber resilience. Developed in accordance with the NIS2 Directive, the platform is now live and will be maintained by ENISA. The EUVD is designed to provide aggregated, reliable, and actionable information about cybersecurity vulnerabilities affecting ICT (Information and Communication Technology) products and services. It includes details such as mitigation measures, exploitation status, and affected versions of ICT products. “The EU Vulnerability Database is a major step towards reinforcing Europe’s security and resilience,” said Henna Virkkunen, European Commission Executive Vice-President for Tech Sovereignty, Security…