This week in cybersecurity reveals the dual reality of the digital world, escalating state sponsored threats and the persistent danger of systemic failure.
Our top stories detail the aggressive expansion of Espionage and Targeted APTs, with the notorious Lazarus Group focusing its sights on the sensitive UAV and drone sector. We cover major law enforcement success in Counter Cybercrime and Fraud Takedowns as Europol dismantles a massive network enabling 49 million fake accounts and the “Jingle Thief” fraud ring targets Microsoft 365.
Meanwhile, critical attention is needed for Urgent Patching & Vulnerabilities, highlighted by the exploitation of 34 new zero-day flaws at Pwn2Own Ireland and mandatory patches for TP-Link Omada Gateways. We also examine the pervasive threat to Cloud, Supply Chain & Systemic Risk, driven by the crippling AWS outage and a severe misconfiguration flaw in Zendesk.
Finally, we provide a Regulatory & Resilience Update on the EU’s push for mandatory resilience standards to secure the digital future.
Espionage and Targeted APTs
Lazarus Group Targets Global UAV and Drone Sector
Cybersecurity firm ESET Research has disclosed a new espionage campaign linked to the Lazarus Group (a North Korean state sponsored threat actor) that is specifically targeting companies within the Unmanned Aerial Vehicle (UAV) and drone technology sector.
This campaign marks a strategic focus on military and advanced industrial sectors, likely aimed at stealing intellectual property, design plans and classified defence data related to drone capabilities.
Organisations operating in the aerospace and defence supply chain are urged to be highly vigilant against tailored social engineering and intrusion attempts by this advanced persistent threat (APT) group.
View SourceCounter Cybercrime and Fraud Takedowns
Europol Dismantles Network Enabling 49 Million Fake Accounts
In a major European law enforcement action dubbed Operation SIMCARTEL, Europol, along with authorities from Latvia, Austria, Estonia and Finland, successfully dismantled a vast cybercrime as a service network. The operation resulted in the arrest of seven suspects and the seizure of 1,200 SIM box devices operating 40,000 active SIM cards.
This highly sophisticated infrastructure was used to provide criminals across 80 countries with anonymous phone numbers, enabling the creation of over 49 million fake online accounts. These accounts were leveraged for widespread phishing, investment fraud, and various telecommunications related cybercrimes, with financial losses exceeding €5 million in just Austria and Latvia.
View Source“Jingle Thief” Hackers Exploit Microsoft 365 Cloud Infrastructure to Steal Millions in Gift Cards
Cybersecurity researchers have detailed the activities of the “Jingle Thief” cybercriminal group that specialises in large scale gift card fraud. This financially motivated group targets organisations in the retail and consumer services sectors by exploiting their cloud infrastructure, primarily Microsoft 365.
The attackers first use phishing and smishing to steal user credentials, then perform extensive reconnaissance within the victim’s SharePoint and OneDrive to map out gift card issuance workflows.
They often register rogue authenticator apps to bypass Multi Factor Authentication (MFA), timing their high value attacks to coincide with holiday seasons.
View SourceUrgent Patching and Vulnerabilities
TP-Link Urges Immediate Updates Following Discovery of Critical RCE Flaws
TP-Link issued two security advisories this week, warning users of four critical flaws impacting its Omada gateway devices across the ER, G, and FR series.
The most severe vulnerability, tracked as CVE 2025 6542 (CVSS score 9.3), is a critical arbitrary OS command execution flaw that may be exploited by a remote unauthenticated attacker.
Users must install the latest firmware updates immediately, restrict access to the device’s management interface, and change default or weak passwords.
View SourcePwn2Own Ireland 2025: Ethical Hackers Exploit 34 Zero-Day Flaws
The Pwn2Own Ireland 2025 hacking competition, a key European venue for vulnerability research, saw ethical hackers earn over $522,500 on the first day by exploiting 34 unique zero day vulnerabilities. Researchers successfully demonstrated flaws in widely used consumer and enterprise devices across the Smart Home, Printer and Network Attached Storage (NAS) categories, including products from QNAP, Synology and Canon.
The immediate disclosure of these flaws forces vendors to issue urgent patches, directly improving the security of common IoT and network infrastructure globally.
View SourceCloud, Supply Chain and Systemic Risk
Major AWS Cloud Outage Cripples Global Digital Services, Exposing Fragility of Web-Dependent Society
A significant outage at Amazon Web Services (AWS) crippled substantial portions of the internet for several hours on Monday, profoundly inconveniencing users globally.
The incident, while not a cyberattack, starkly underlines the fragility of our tech dependent society and the immense risk associated with reliance on a few centralised cloud providers. Because thousands of businesses from major platforms like Reddit and Snapchat down to small retailers—rely on AWS, the outage demonstrated how a single point of failure can instantly disrupt banking, travel and public life.
View SourceLax Authentication in Zendesk Exploited by Criminals to Launch Distributed Email Bomb Attacks
Cybercriminals are abusing a dangerous misconfiguration within the Zendesk customer service platform to launch massive, distributed “email bomb” attacks.
The exploitation targets corporate Zendesk customers who allow anonymous users to submit support requests. By submitting thousands of fake tickets using the victim’s email address, the attackers trigger automated response notifications from hundreds of different legitimate corporate domains (like CapCom, NordVPN, and The Washington Post) simultaneously, overwhelming the target’s inbox.
All Zendesk clients are advised to immediately enforce a security best practice and permit only verified users to submit tickets.
View SourceRegulatory and Resilience Update
EU Certification Authorities Advance Mandatory Cyber Resilience Standards
The European Cybersecurity Certification Committee (ECCG) is preparing to convene its 11th meeting (October 28, 2025), focusing on the strategic implementation of the EU Cybersecurity Act and the Cyber Resilience Act (CRA).
This ongoing regulatory work establishes a standardised, mandatory framework for securing digital products sold across the European Union. The goal is to enforce “security by design” from development to deployment for all ICT products, ensuring a high common level of cybersecurity and preparing the European market for the final application of these critical laws.
View SourceAdapting to the Pace of the Threat
This week’s intelligence highlights the need for agile defence strategies in the face of rapid digital evolution. The exploitation of new vulnerabilities at Pwn2Own Ireland and the systemic failure of AWS show that attackers are constantly finding ways to weaponise both hardware flaws and modern dependencies (Zendesk). With the threat landscape expanding daily, effective defence is about more than minimum requirements.
It demands that leaders continuously adapt their security posture, actively testing resilience and maintaining clear continuity plans to counter the pace of modern cyber threats.
Don’t get caught off guard. Get in touch with our team today to learn how our services can help you navigate these complex threats and secure your digital future. You can contact us directly using the form below. ⬇️