Top news stories this week
- Retail resistance. Co-op and Harrods repulse hacker attempts .
- Fowl play. Malicious insider activity underlines the need to stay vigilant.
- Divide and conquer. DragonForce announces new ransomware business model
- Coming in hot. Microsoft introduces a fee for its new security implementation.
- Private processing paradox. WhatsApp unleashes AI.
- Pyongyang pretenders. North Korean hacking group scam crypto developers.
1. Third major UK retailer targeted in recent surge in cyber incidents
Following last week’s cyber attack on M&S, the fellow British supermarket chain Co-op took measures this week to protect its business by shutting down parts of its IT systems after discovering an attempted unauthorised access to some of its systems.
Separately, luxury department store Harrods released a statement on Thursday indicating that they had repulsed a hacking attempt to gain access to their systems.
So what?
Organisations should ensure they have appropriate incident response and escalation plans which enable them to take early proactive measures for a timely response to an ongoing incident.
[Researcher: Milda Petraityte]
2. Malicious insider activity underlines the need to stay vigilant
An individual has been indicted for accessing his former employer’s network to alter the chemical distribution levels in a poultry plant. Despite surrendering his devices, keys, and other equipment, he maintained access to certain network login capabilities, which allowed him to change settings at multiple stages of the poultry processing.
Separately, the CEO of a boutique cyber security firm was arrested for allegedly installing malware on hospital computers. Security cameras caught him attempting to access several offices before installing malware on two employee computers, which captured screenshots every 20 minutes and transmitted them to an external IP address.
So what?
Prompt offboarding and timely updating of access privileges and controls are key to maintaining an environment where a breach by malicious insiders could pose significant risk to human health.
[Researcher: Lester Lim]
3. DragonForce announces new ransomware business model
Last month, DragonForce ransomware group rebranded into “DragonForce ransomware cartel” and advertised a distributed affiliate model, where other ransomware-as-a-service (RaaS) operators could use their infrastructure, tools, and the Dragon Force encryptor while maintaining their own branding. The group, claiming purely financial motives, stated they would ask for a 20 percent cut from any ransom paid.
So what?
DragonForce’s disruption of Ransomhub and Mamona ransomware group’s infrastructure, combined with their recent rebrand, signals a strategic move to expand operations and consolidate control in the wake of 2024’s threat actor fragmentation, as S-RM explored in our 2025 Cyber Insights Report.
[Researcher: Denisa Greconici]
4. Microsoft's hotpatching enables updates without reboots, but includes a USD 1.50 fee
Microsoft is introducing a monthly USD 1.50 subscription per CPU core for Windows Server 2025 hotpatching from 1 July 2025, allowing administrators to apply security updates without rebooting systems. The aim is to reduce the time systems are vulnerable by deploying smaller, quicker patches in the background.
SO WHAT?
While the service offers enhanced security and reduction in downtime for patching Windows Server 2025, organisations with large server environments must weigh these benefits against cumulative subscription expenses.
[Researcher: Lena Krummeich]
5. New WhatsApp AI feature "Private Processing" set to launch.
WhatsApp is introducing an AI-powered message creation and summarisation features to its ~3 billion users, known as Private Processing. The feature hides user IPs from WhatsApp and Meta via a third-party relay. Despite a strong defence-in-depth strategy, risks from insider threats and attacks on cloud data centres and the supply chain persist.
So What?
Recent leaks of classified messages on Signal in the US, along with broader public concerns about how companies handle user data in AI platforms, will continue to raise questions about the balance between usability and privacy in messaging apps.
[Researcher: Jack Woods]
6. North Korean hackers create counterfeit companies to compromise crypto
North Korean hackers have set up fraudulent companies in the US, “Blocknovas” and “Softglide”, using false names and addresses to infect cryptocurrency developers with malware. The group intended to infect the computer systems of prospective job applicants, utilising malware strains linked to North Korean cyber operations.
SO WHAT?
While the FBI recently seized the website of Blocknovas, potential job applicants should remain hyper vigilant to avoid scams during the application process.
[Researcher: Stephen Ross]
