Top news stories this week
- Regional Downtime. The conflict in the Middle East disrupts business operations.
- Banking on chaos. Attackers impersonate law enforcement for SIM-swap attacks.
- Verdict in. FulcrumSec exploits unpatched flaw to breach LexisNexis AWS environment.
- Qilin Not Chillin. Ransomware group breaches major French suppliers.
- Mind the disclosure gap. TfL revises breach figures to 7 million following 2024 breach.
- Crackdown. Europol cracks down on The Com cybercrime network.
1. The conflict in the Middle East disrupts business operations
Amazon data centers in the Middle East experienced power failures and structural damage, prompting emergency teams to shut down affected facilities and causing prolonged outages across multiple availability zones. To minimise business disruption, Amazon advised customers to back up critical data or temporarily shift workloads to other AWS regions.
Separately, the National Cyber Security Centre (NCSC) warned that the ongoing conflict in the Middle East could lead to collateral cyber impacts in the UK and urged organisations to assess their exposure and strengthen their cyber‑security posture accordingly.
So what?
Organisations should evaluate the risks and impacts of any geopolitical events to their cybersecurity posture and subsequently their business operations. There should also be a review of business continuity and disaster recovery plans to strengthen business resilience.
[Researcher: Milda Petraityte]
2. Attackers impersonate law enforcement for SIM-swap attacks
Financially motivated cybercriminals began contacting citizens, hours after missiles struck the city, impersonating a fictitious department of the Dubai Police. This is in attempt to gather information that could be used in SIM-swap attacks. The threat actors gather details on individuals in order to socially engineer mobile network operators into switching control of SIMs, in order to gain access to their bank accounts.
So what?
The activity demonstrates how cybercriminals rapidly adapt to real‑world crises, using them as cover to harvest personal data at scale.
[Researcher: Tlhalefo Dikolomela]
3. LexisNexis confirms breach as Fulcrumsec leaks government and law firm data
Cybercriminal group FulcrumSec exploited an unpatched React2Shell vulnerability to breach LexisNexis's AWS environment, compromising hundreds of database tables, AWS Secrets Manager secrets, and millions of records, including account data belonging to federal judges, DoJ attorneys, and SEC staff. The hackers found a production database password of "Lexis1234," publicly shamed the company on BreachForums after LexisNexis declined to engage.
So what?
Unpatched vulnerabilities and weak credentials remain the most preventable entry points in modern breaches, and organisations holding sensitive government and legal data should enforce strict management policies of both.
[Researcher: Lawrence Copson]
4. Ransomware group breaches major French suppliers
The Qilin threat actor group has reportedly exfiltrated 15.8 million medical records in France by compromising Cegedim Santé’s MonLogicielMedical (MLM) software, a platform used by the French Health Ministry to store patient medical data.
In a separate incident, Qilin is confirmed to have breached the aerospace division of LISI Group, which supplies industrial components to major manufacturers including Airbus and Boeing, allegedly stealing contractual documents and employee information.
SO WHAT?
Organisations should conduct thorough due diligence on key suppliers and assess the security maturity of third‑party software. Following a breach, impacted organisations should leverage dark web monitoring to identify exposed data early and reduce the risk of downstream litigation from affected partners or clients.
[Researcher: Jack Woods]
5. TfL confirms millions caught in 2024 breach as initial disclosure unravels
Transport for London's 2024 breach reached over 7 million customers, a figure TfL itself has now confirmed, dwarfing the 5,000 initially communicated to the public. TfL clarified that the 5,000 figure covered only customers facing direct financial exposure through Oyster card refund data, while attackers accessed names, email addresses, and home addresses across a vastly larger population.
So What?
Organisations should communicate the full scope of customer exposure from the outset, seeking external legal counsel is crucial in this step.
[Researcher: Lawrence Copson]
6. Europol crackdown on cybercrime network
Europol’s year-long Project Compass operation has disrupted The Com, a decentralised, English-speaking cybercrime network. The joint effort across 28 countries resulted in 30 arrests and the identification of 179 suspects. Authorities say the group targeted and recruited young people for extortion, violence, and the production of child sexual exploitation material (CSAM).
SO WHAT?
Cyber crime networks that actively recruit young people as participants, not just victims, signal an evolution in how these groups sustain and expand their operations over time.
[Researcher: Aditya Ganjam Mahesh]
