Vulnerabilities
-
UK Cyberattacks on Retail Sector Highlight Security Vulnerabilities
The NCSC has raised concerns over a recent flurry of cyberattacks on UK retailers, urging businesses to strengthen their cybersecurity practices. The incidents have prompted investigations and discussions at the governmental level, as executives from affected companies face inquiries about support from national agencies.
-
NIST Seeks Public Feedback on High-Performance Computing Security Guidelines
NIST has released a draft for public comment on high-performance computing security guidelines aimed at enhancing data protection and securing AI models, with comments accepted until July 3, 2025.
-
Harrods Confirms Cyberattack as UK Retailers Face Rising Threats
Harrods has confirmed an attempted cyberattack, becoming the third major UK retailer to face such incidents in recent weeks, as cybersecurity concerns escalate in the retail sector.
-
High-Risk Vulnerability Discovered in Tesla Model 3’s Tire Pressure Monitoring System
A severe security flaw discovered in Tesla’s Model 3 vehicles at the 2025 Pwn2Own competition could allow attackers to remotely control critical vehicle functions via the Tire Pressure Monitoring System. The flaw underscores the urgent need for robust automotive cybersecurity measures.
-
Commvault Reports Cyber Breach Linked to Nation-State Actor, Confirms No Unauthorized Data Access
Commvault has confirmed a breach in its Microsoft Azure environment by a nation-state actor exploiting CVE-2025-3928. The company, however, reassured clients that there has been no unauthorized access to backup data and has taken steps to enhance security.
-
China-Aligned Threat Actor Exploits IPv6 to Hijack Software Updates
TheWizards, a China-aligned APT group, has been exploiting IPv6 protocol vulnerabilities to hijack software updates, deploying malicious tools that facilitate ongoing access to infected systems.
-
EU’s NIS2 Directive Toughens Cybersecurity Standards Across Member States
The EU’s NIS2 Directive, which took effect on 17 October 2024, imposes stricter cybersecurity requirements on essential and important organizations across various sectors, aiming to enhance overall security in the region.
-
Cybercriminals Target Email Systems with Evolving Phishing Tactics in 2025
In 2025, cybercriminals are increasingly using low-tech and human-centric tactics to penetrate email security systems, with the rise of callback phishing and phishing attacks featuring malicious SVG file attachments. This trend highlights the need for businesses to reassess their email security strategies.
-
Rising Threats in Supply Chain Security Demand Increased Vigilance and Strategy
As cyber adversaries infiltrate software and hardware supply chains, organizations must enhance their cybersecurity strategies, focusing on continuous monitoring and the use of advanced tools like Software Bill of Materials and artificial intelligence to combat emerging threats.
-
China Emerges as Major Cyber Threat to US, Experts Warn
At the RSA Conference, retired Rear Admiral Mark Montgomery warned that China has eclipsed Russia as the leading cyber threat to the US, exemplified by the Volt Typhoon attacks targeting critical infrastructure. The former national security official emphasized the urgent need for enhanced cybersecurity measures and military recruitment to counter this sophisticated adversary.
