The February hack of Bybit, a Dubai-based cryptocurrency exchange, saw approximately 400,000 Ethereum tokens—worth some $1.5 billion—stolen when attackers manipulated what appeared to be a routine transfer from a cold wallet to a warm wallet. The U. S. Federal Bureau of Investigation attributed the breach to North Korean-linked hackers dubbed “TraderTraitor”, believed to be part of the Lazarus group. Bybit’s CEO assured users that the platform retained sufficient reserves to cover losses.
Around April, SAP disclosed a zero-day vulnerability in its NetWeaver Visual Composer component, enabling unauthenticated attackers to upload arbitrary files and execute remote code via the metadata uploader interface. The flaw carries the highest severity score. Incident responders, including Rapid7 and Onapsis, reported widespread exploitation of the vulnerability, with web shells deployed to enable persistence. Over 580 global organisations were affected, many in critical sectors including public infrastructure, manufacturing and utilities. SAP released emergency patches and issued guidance urging customers to apply fixes without delay.
In the UK, Marks & Spencer suffered a ransomware attack during the Easter period that halted its online, click-and-collect and contactless payment services. Losses are estimated at around £300 million in operating profit. The disruption exposed vulnerabilities in third-party contractor access and vendor oversight. Authorities made arrests in connection with that attack and similar incidents affecting Co-op and Harrods; four people aged between 17 and 20 were charged with offences including computer misuse and money laundering. M\&S has partially restored affected services, with online sales resuming earlier and click-and-collect restored by August.
Additional major attacks include the Bank Sepah breach in Iran, in which a hacker collective named Codebreakers claimed access to over 42 million customer records, including banking and military-affiliated personal data. There has been no full confirmation from bank authorities, but the incident caused public alarm over state-level cybersecurity risks.
Also of concern is a metadata leak from TeleMessage, a messaging app used by U. S. agencies. Hackers accessed metadata of more than 60 officials—including phone numbers, group chat names, timestamps—though message contents were not compromised. The incident emphasises how metadata itself can yield sensitive operational intelligence.
Key trends emerging include: state-linked threat actors gaining greater technical sophistication; attackers exploiting both zero-day vulnerabilities and social engineering; vendor or contractor access as a common weak point; and regulatory bodies increasingly scrutinising cyber insurance, disclosure obligations and incident response transparency.
Several countries are moving to tighten cyber regulations. In the UK, concerns about underinvestment in IT across retail and essential services have become a focus in Parliament. Industry bodies are calling for more robust cyber hygiene, especially for supply chains and for organisations that are not typically seen as high risk.
Topics
Technology