The past week revealed several significant security incidents and developments. Law enforcement agencies struck a major blow against the Lumma Stealer malware network, responsible for compromising an estimated 10 million systems.

Meanwhile, ransomware attacks disrupted operations at a major frozen food supplier, and Cumberland Council disclosed that a recent cyberattack resulted in limited personal data exposure.

On the technology front, Mozilla issued emergency patches for two zero-day vulnerabilities in Firefox actively exploited at Pwn2Own Berlin. Amazon Web Services (AWS) came under scrutiny after researchers discovered default IAM roles that could be abused for lateral movement.

Finally, the UK’s Legal Aid Agency reported a major data breach affecting over two million individuals.

Global Operation Disrupts Lumma Stealer Malware Network Linked to 10 Million Infections

An international coalition comprising the FBI, Europol, Microsoft’s Digital Crimes Unit, and cybersecurity firms such as ESET and Cloudflare has successfully dismantled the infrastructure supporting the Lumma Stealer malware, also known as LummaC2. This operation resulted in the seizure of approximately 2,300 domains that served as command-and-control servers for the malware, which has been active since late 2022.

Lumma Stealer, operating under a malware-as-a-service model, facilitated the theft of sensitive information—including login credentials, browser data, and cryptocurrency wallet details—from millions of victims worldwide.

The malware’s developer, identified by the alias “Shamel” and based in Russia, marketed various service tiers via Telegram and other platforms, enabling cybercriminals to customise and deploy the stealer.

This coordinated takedown significantly disrupts the operations of one of the most pervasive information-stealing threats to date.

Frozen Food Supplier Targeted in Ransomware Attack

A prominent frozen food supplier, Peter Green Chilled, has fallen victim to a ransomware attack, leading to significant operational disruptions. The cyberattack has impacted the company’s ability to process orders and maintain supply chain continuity, raising concerns about potential delays in product deliveries.

While specific details about the attackers and the extent of the breach remain undisclosed, the incident underscores the growing threat ransomware poses to the food industry and critical supply chains.

Authorities and cybersecurity experts are investigating the breach, and the company is working diligently to restore its systems and resume normal operations.

Cumberland Council Reports Limited Personal Data Compromised in Cyberattack

Cumberland Council has disclosed that a recent cyberattack resulted in the theft of a small percentage of personal data.

While the majority of the council’s data remains secure, the breach has prompted an internal investigation to assess the extent of the compromised information. The council is working closely with cybersecurity experts to enhance its security measures and prevent future incidents.

Affected individuals are being notified and advised on steps to protect their personal information.

Mozilla Patches Two Firefox Zero-Day Vulnerabilities Exploited at Pwn2Own Berlin

Mozilla has released security updates for Firefox to address two critical zero-day vulnerabilities noted as CVE 2025-4918 and CVE 2025-4919, both exploited during the Pwn2Own Berlin 2025 hacking competition.

These flaws involve out-of-bounds access issues in JavaScript handling, potentially allowing attackers to read or write arbitrary memory, leading to sensitive data exposure or code execution.

The vulnerabilities affect versions prior to Firefox 138.0.4 and ESR versions before 128.10.1 and 115.23.1. Mozilla advises all users to update their browsers promptly to mitigate potential risks.

AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation

Cybersecurity researchers have identified that default Identity and Access Management (IAM) roles in Amazon Web Services (AWS) can be exploited by attackers to escalate privileges and move laterally across services within the same AWS account.

These roles, often automatically created by services like SageMaker, Glue, EMR, and Lightsail, are assigned overly broad permissions, such as AmazonS3FullAccess. This excessive access allows threat actors to manipulate resources across various services, potentially leading to full account compromise. For instance, an attacker could upload a malicious machine learning model to SageMaker, execute arbitrary code, and then access or modify resources in Glue or CloudFormation.

In response, AWS has updated the permissions associated with these default roles to mitigate the risk.

Legal Aid Agency Suffers Major Data Breach

The UK’s Legal Aid Agency experienced a significant cyberattack in April, resulting in the theft of over two million records dating back to 2010.

The compromised data includes sensitive information such as addresses, dates of birth, national ID numbers, criminal histories, and financial details of individuals involved in domestic abuse cases, family law matters, and criminal prosecutions.

While the breach was initially detected in April, it was only recently understood to be more extensive than first thought. The Ministry of Justice is collaborating with the National Crime Agency and the National Cyber Security Centre to investigate the incident.

Affected individuals are advised to remain vigilant for suspicious activities and to update any potentially exposed passwords.

If you’re ready to learn how we can help protect your business from cyber threats, contact us using the form below 👇.