Cyberattacks are escalating in scale and frequency, with recent incidents underscoring how vulnerable critical systems remain across retail, tech, and industrial sectors. In this roundup, we cover the breach affecting Co-op customers, Harrods becoming the third UK retailer hit in a widening attack wave, and a ransomware strike on German brewer Oettinger ransomware strike on German brewer Oettinger. Meanwhile, Microsoft’s Entra ID endures over 600 million daily attacks Microsoft’s Entra ID endures over 600 million daily attacks, and the company faced a record number of vulnerabilities in 2024. On the CMS front, a fake WordPress plugin grants hackers admin access, and a critical flaw in Samsung’s MagicINFO is being actively exploited.

Co-op Retailer Customer Data Compromised in Cyberattack

The Co-operative Group has taken parts of its IT infrastructure offline in response to a sophisticated cyberattack that compromised the personal data of its members. The breach affected names, contact details, and dates of birth of a significant portion of Co-op’s 6.2 million members and past members, though passwords and financial information were not accessed.

As a precaution, Co-op suspended certain systems, including back-office and call centre operations, to contain the threat. While most of it’s 2,300 stores continue to operate, some have experienced disruptions, such as temporary cash-only transactions and stock shortages, particularly in remote areas.

CEO Shirine Khoury-Haq has apologised for the incident, describing it as “extremely distressing,” and emphasised that the company is working with cybersecurity experts and authorities to investigate and mitigate the breach.

Customers are advised to change their passwords, enable two-factor authentication, and remain vigilant against phishing scams.

This attack follows similar cyber incidents targeting other major UK retailers, including Marks & Spencer and Harrods.

RansomHouse Ransomware Gang Targets German Brewer

German brewery Oettinger Brauerei has confirmed a cyberattack attributed to the RansomHouse ransomware group.

The attackers claim to have breached the company’s systems on April 19, 2025, encrypting and exfiltrating sensitive data, including internal documents related to logistics, fleet management, warehouse operations, quality assurance, and employee information.

RansomHouse has posted samples of the stolen data on its dark web leak site and issued a direct message to Oettinger’s management, urging them to make contact to prevent further data exposure.

Oettinger has stated that production and logistics operations remain unaffected and that they are collaborating with IT forensic experts, data protection authorities, and cybercrime specialists to investigate the incident.

This attack is part of a broader trend of ransomware groups targeting critical infrastructure and manufacturing sectors.

Harrods Becomes Third UK Retailer Targeted in Cyberattack Wave

Luxury department store Harrods has confirmed it was targeted by a cyberattack, marking the third high-profile UK retailer affected in recent weeks, following similar incidents at Marks & Spencer and the Co-op Group.

The attack, believed to be part of a coordinated campaign by the DragonForce ransomware group, prompted Harrods to restrict internet access across its operations as a precautionary measure. While Harrods reports that customer data remains uncompromised and stores continue to operate, the incident underscores the escalating threat to the UK’s retail sector.

The National Cyber Security Centre (NCSC) is assisting affected retailers and has urged all organisations to bolster their cybersecurity defenses in light of these events.

Microsoft Entra ID Faces Over 600 Million Daily Attacks

Microsoft Entra ID (formerly Azure Active Directory) is experiencing an unprecedented volume of cyberattacks, with over 600 million incidents reported daily.

These attacks include phishing, credential stuffing, and ransomware campaigns that exploit vulnerabilities in identity systems. As Entra ID serves as a critical control plane for authentication and access management across cloud and on-premises environments, its compromise can lead to significant operational disruptions.

Experts emphasise that while Entra ID offers robust native security features, organisations should implement additional safeguards, such as comprehensive backup strategies, to ensure resilience against these evolving threats.

Malicious WordPress Plugin Grants Hackers Remote Admin Access

Cybersecurity researchers have uncovered a malicious campaign targeting WordPress sites through a fake security plugin named “WP-antymalwary-bot.php.”

Disguised as a legitimate security tool, this plugin provides attackers with administrator access, hides itself from the admin dashboard, and enables remote code execution by injecting malicious PHP code into theme files. It also communicates with a command-and-control server, spreads malware to other directories, and injects JavaScript to serve unauthorised ads.

Variants of the plugin, such as “addons.php” and “wpconsole.php,” have been identified. A malicious “wp-cron.php” file ensures the malware reinstalls itself if removed.

Site administrators are advised to audit their plugins, remove any unauthorised files, and implement robust security measures to protect against such threats.

Critical Samsung MagicINFO Vulnerability Exploited

A critical vulnerability in Samsung’s MagicINFO 9 Server (CVE-2024-7399) is being actively exploited by threat actors to deploy the Mirai botnet. This unauthenticated remote code execution flaw allows attackers to upload malicious files, leading to full system compromise.

The vulnerability, stemming from improper path validation, was disclosed in August 2024 and patched in version 21.1050. However, following the publication of a proof-of-concept exploit on April 30, 2025, attackers began leveraging the flaw to install Mirai malware on vulnerable systems.

Security researchers have observed that even fully patched systems remain susceptible, indicating potential shortcomings in the original fix. Organisations using MagicINFO are urged to apply the latest updates and implement additional security measures to mitigate this threat.

Microsoft Vulnerabilities Reach Record High in 2024

The 2025 BeyondTrust Microsoft Vulnerabilities Report reveals a record 1,360 vulnerabilities disclosed in 2024, marking an 11% increase from the previous peak in 2022. Despite this surge, critical vulnerabilities—those posing the highest risk—have decreased to 78, the lowest in over a decade.

This decline suggests improvements in Microsoft’s development practices and security measures. However, the report emphasises that attackers are increasingly exploiting identity-based vulnerabilities, such as credential theft and privilege escalation, highlighting the need for organisations to prioritise identity security alongside traditional patch management.

The findings underscore the importance of timely patch deployment and robust identity protection strategies to mitigate evolving cyber threats.

If you’re ready to chat about how we can help protect your business from cyber threats, contact us using the form below 👇.