Ransomware Topples 158-Year-Old Company, Nuclear Agency Hacked, and Breaches Expose Millions

Ransomware Topples 158-Year-Old Company, Nuclear Agency Hacked, and Breaches Expose Millions – Cybersecurity Roundup (July 21–28, 2025)

by Marcin Frąckiewicz
in Cybersecurity, Data Breaches, Ransomware
on 28 July 2025

UK Co-op Confirms Data Breach of 6.5 Million Members – (July 21, 2025) One of the UK’s largest consumer co-ops confirmed that personal data of all 6.5 million members was stolen in an April cyberattack that caused IT outages and food shortages bleepingcomputer.com bleepingcomputer.com. Co-op CEO Shirine Khoury-Haq apologized on BBC, saying “their data was copied, and the criminals did have access to it… That is the awful part” bleepingcomputer.com. No financial data was taken, but names, addresses, phone numbers, emails, and membership details were exposed. The breach began via a social engineering password reset on April 22, letting attackers grab an Active Directory database and later deploy DragonForce ransomware bleepingcomputer.com bleepingcomputer.com. Scattered Spider, a hacking group linked to attacks on retailers Marks & Spencer and Harrods, is suspected of involvement cybersecuritynews.com bleepingcomputer.com. Four suspects (aged 17–20) were arrested in the UK last week in connection with the Co-op and related attacks bleepingcomputer.com.

Louis Vuitton Discloses Global Customer Data Breaches Tied to One Attack – (Updated July 17, 2025) Luxury fashion house Louis Vuitton revealed that data breaches across multiple countries stem from a single cyberattack by the ShinyHunters extortion group bleepingcomputer.com. Starting in early July, customers in South Korea, Turkey, the UK, Italy, and Sweden received notice that their personal information (names, contact details, birthdates, addresses, purchase history) was accessed by an intruder. “Despite all security measures in place, on July 2, 2025, we became aware of a personal data breach… following an unauthorized access to our system,” reads Louis Vuitton’s official notification to UK customers bleepingcomputer.com. The company said no payment data was compromised and that its cybersecurity teams “immediately… contained the incident… blocking the unauthorized access” while cooperating with authorities including the UK ICO bleepingcomputer.com. Louis Vuitton is working with experts to investigate and has begun notifying regulators and affected clients bleepingcomputer.com.

Allianz Life Insurance Breach Hits 1.4 Million Customers – (July 26, 2025) U.S.-based insurer Allianz Life confirmed that a data breach exposed personal information for the “majority” of its 1.4 million customers bleepingcomputer.com. The attack occurred on July 16 when hackers gained access to a third-party cloud CRM system via social engineering bleepingcomputer.com. “The threat actor was able to obtain personally identifiable data… related to the majority of Allianz Life’s customers, financial professionals, and select employees,” an Allianz spokesperson said, adding that “we took immediate action to contain and mitigate the issue and notified the FBI” bleepingcomputer.com. Allianz stated there’s no evidence its internal networks or policy systems were accessed bleepingcomputer.com. Impacted individuals are being contacted and offered support. BleepingComputer reports the ShinyHunters group is suspected in this attack as well bleepingcomputer.com, suggesting an ongoing extortion campaign targeting large enterprises.

Ransomware Destroys 158‑Year‑Old UK Company, 730 Jobs Lost – (July 21, 2025) KNP Logistics, a British transport firm founded in 1865, was forced into administration after a ransomware attack paralyzed operations cybersecuritynews.com cybersecuritynews.com. The Akira ransomware gang breached KNP in June 2024 by guessing a single employee’s weak password, encrypting critical data and blocking access to financial records cybersecuritynews.com. Unable to recover or secure new funding, the 158-year-old company collapsed, terminating 730 jobs cybersecuritynews.com. A KNP director admitted he hasn’t told the staffer whose compromised password likely led to the downfall: “Would you want to know if it was you?” he said, highlighting the human toll cybersecuritynews.com. The case underscores how one weak credential can annihilate a business. “We need organisations to take steps to secure their systems, to secure their businesses,” urged UK National Cyber Security Centre leadership, stressing basic defenses like strong passwords and multi-factor authentication cybersecuritynews.com. The attack on KNP is part of a wave hitting UK firms – Marks & Spencer, Co-op, Harrods and others have suffered major ransomware incidents in recent months cybersecuritynews.com.

Russian Retailer Shutters 2,000 Stores After Ransomware Attack – (July 18, 2025) WineLab, a leading alcohol retail chain in Russia, closed over 2,000 stores nationwide following a large-scale ransomware attack on July 14 that crippled its IT systems magedata.ai bleepingcomputer.com. Parent company Novabev Group reported the “unprecedented cyberattack” disrupted point-of-sale systems, online services, and its mobile app, halting most operations bleepingcomputer.com. The hackers demanded a ransom, but Novabev refused to pay and “won’t comply with the demands” bleepingcomputer.com. So far there’s no evidence customer data was stolen, but the incident is costing an estimated $2.6–$3.8 million in lost revenue per day while systems remain down magedata.ai. The attack is notable because Russian ransomware gangs typically avoid domestic targets, yet this Russian firm was severely hit. Novabev’s IT teams and outside experts are working 24/7 to restore services and reinforce security magedata.ai, but as of this week the WineLab website was still offline and sales were impacted bleepingcomputer.com.

Microsoft SharePoint Zero‑Day Exploited, U.S. Nuclear Agency Breached – (July 23, 2025) A critical zero-day in Microsoft SharePoint (CVE-2025-53770, CVSS 9.8) has fueled a mass hacking campaign compromising at least 400 organizations worldwide techcrunch.com. The flaw, which allows unauthenticated remote code execution on on-premise SharePoint servers, was actively exploited as early as July 7 techcrunch.com by both state-backed groups and ransomware gangs. Victims include universities, banks, multiple government agencies, and even the U.S. National Nuclear Security Administration (NNSA) techcrunch.com. A Department of Energy spokesperson confirmed NNSA was “minimally impacted” with only a “very small number of systems” breached techcrunch.com and no classified data stolen reuters.com reuters.com. Microsoft rushed out emergency patches on July 20th thehackernews.com, and U.S. CISA added the bug to its Known Exploited Vulnerabilities catalog, requiring federal agencies to apply fixes by July 21 thehackernews.com. The hacking toolchain, dubbed “ToolShell,” chained multiple SharePoint bugs to deploy malware and encrypt data with “Warlock” ransomware in some attacks cybersecuritynews.com. Google and Microsoft warned that China-backed hackers are among those exploiting the bug techcrunch.com. Administrators worldwide have been urged to patch SharePoint servers immediately and rotate credentials, as the campaign is still unfolding.

Patch Alert – Critical Flaws in Cisco, Chrome, Firefox, and SonicWall – (Week of July 21, 2025) Security agencies and vendors warned of several high-impact vulnerabilities uncovered this week, urging prompt patching:

Cisco ISE Under Attack: Cisco confirmed active exploitation of critical RCE bugs in its Identity Services Engine (CVE-2025-20281, -20282, -20337). Unauthenticated attackers could execute code as root, hijacking network access control systems cybersecuritynews.com. Patches for ISE 3.3/3.4 are available, and admins should update immediately to stop ongoing attacks.
Google Chrome 0‑Day: Google issued an update to fix a type confusion flaw in Chrome’s V8 engine (CVE-2024-12053) that was being exploited in the wild cybersecuritynews.com. Visiting a malicious webpage could let attackers execute code on a device. Users are advised to upgrade to Chrome v131.0.6778.108 or later to block this drive-by exploit cybersecuritynews.com.
Mozilla Firefox: Mozilla released Firefox 141, addressing 18 vulnerabilities including memory safety bugs and JavaScript flaws that could lead to code execution or sandbox escapes cybersecuritynews.com. Notable fixes include CVE-2025-8027/8028 – users should update their browsers to stay secure.
SonicWall SMA 100: SonicWall patched a critical RCE in SMA 100 series VPN appliances (CVE-2025-40599) cybersecuritynews.com. The flaw – an administrative interface file upload bug – could let attackers with credentials run malicious code on the appliance. While no in-the-wild exploits are reported yet, admins should upgrade to the fixed firmware (v10.2.1.0-17sv or later) given similar VPN devices have been targeted by attackers cybersecuritynews.com.

Top-Secret UK Afghan Data Leak Revealed After Superinjunction – (July 16, 2025) In an astonishing government scandal, it emerged that the UK Ministry of Defence had accidentally leaked personal details of ~18,700 Afghan interpreters and allies back in 2022 – a breach kept secret under a court “superinjunction” for nearly 600 days theguardian.com theguardian.com. The data, contained in an email spreadsheet, exposed names and contacts of Afghans who applied for resettlement after the Taliban takeover theguardian.com theguardian.com. Fearing Taliban reprisals, officials launched a covert relocation scheme (costing up to £2 billion) to bring thousands of those at risk to the UK theguardian.com. A judge finally lifted the gag order this week, revealing that about 6,900 Afghans were quietly airlifted to safety under the secret program theguardian.com theguardian.com. Prime Minister Keir Starmer told Parliament that “ministers… have serious questions to answer about how this was ever allowed to happen” and welcomed an inquiry into the fiasco theguardian.com. Former officials defended the secrecy as necessary to protect lives, but a new review found the leaked data likely did not significantly increase Taliban targeting theguardian.com. The incident raises debate over government transparency versus national security in cyber incidents.

Ukrainian Police Arrest Admin of Major Cybercrime Forum – (July 22, 2025) A joint operation by Ukraine and Europol took down the alleged administrator of XSS.is, one of the largest Russian-language hacking forums. The suspect was arrested in Kyiv and is accused of running XSS for years, a site with over 50,000 users trading stolen data, exploits, and ransomware services reuters.com reuters.com. Europol said the unnamed admin profited ~€7 million by facilitating cybercrime on the forum reuters.com. “The forum’s administrator… played a central role in enabling criminal activity,” Europol noted, acting as a trusted middleman who arbitrated disputes between cybercriminals and even ran a secure messaging service for them reuters.com. XSS.is had been a key marketplace for illegal hacking tools and breached data. The takedown, coordinated by French cybercrime units, is a significant blow to the underground economy. (Notably, BreachForums, another notorious hacking marketplace, briefly resurfaced this week despite a recent FBI seizure – its operators reclaimed control of seized domains, illustrating the cat-and-mouse nature of these crackdowns cybersecuritynews.com.)

US Sentences “Laptop Farm” Operator Aiding North Korea – (July 28, 2025) One of the largest state-sponsored employment frauds in recent memory led to a hefty prison term. An Arizona woman was sentenced to 8½ years in federal prison for helping North Korean IT workers infiltrate 300+ U.S. companies under false identities cybersecuritynews.com cybersecuritynews.com. Christina Chapman, 50, ran a “laptop farm” scheme that provided North Korean operatives with remote access to company-issued computers, enabling them to pose as U.S.-based teleworkers cybersecuritynews.com. Over several years, the scheme funneled millions in wages to the DPRK regime – more than $17 million in illicit revenue, according to investigators cybersecuritynews.com. Chapman pleaded guilty to charges including wire fraud and money laundering. An official described the operation as having “exploited more than 300 American companies and government agencies” while funding North Korea cybersecuritynews.com. The case exposed critical gaps in remote hiring verification; in its wake, Fortune 500 firms have tightened identity checks and the U.S. government issued new guidance to spot foreign IT contractors using fronts cybersecuritynews.com cybersecuritynews.com. The successful prosecution underscores law enforcement’s focus on North Korean cybercrime schemes, which range from IT worker scams to cryptocurrency theft.

Security Tools Updates: Wireshark and Kali Linux – (July 25, 2025) Wireshark 4.4.8 was released, bringing stability fixes to the popular network analyzer. The update fixed bugs that caused crashes (e.g. with Bluetooth packets and fuzz testing) and improved protocol support cybersecuritynews.com. It follows Wireshark 4.4’s earlier enhancements like automatic profile switching and better display filters. Meanwhile, Offensive Security’s Kali Linux 2025.1 introduced new support for wireless hacking on the Raspberry Pi. Kali now includes the Nexmon framework drivers, enabling monitor mode and packet injection on the Pi’s built-in Broadcom Wi-Fi chip cybersecuritynews.com. This lets penetration testers use a Pi (including the new Pi 5) for Wi-Fi sniffing and attacks without external adapters, a boon for portable red-team setups cybersecuritynews.com. Users can install the brcmfmac-nexmon modules and firmware to get these capabilities out-of-the-box on Kali. Both updates – Wireshark and Kali – aim to equip cybersecurity professionals with more robust and convenient tools.

AI Tool Uses Wi‑Fi Signals to Identify Humans, Raising Privacy Fears – (July 27, 2025) Researchers unveiled “WhoFi,” an experimental AI system that can track and identify individuals through Wi-Fi signals alone. The system analyzes the subtle distortions in Wi-Fi channel state information (CSI) caused by a person’s body moving through a space cybersecuritynews.com. In testing, WhoFi distinguished specific people with up to 95.5% accuracy, essentially creating a unique “Wi-Fi fingerprint” for each individual cybersecuritynews.com. It can even detect certain gestures or movements – all without any camera or wearable device. The researchers compare the CSI-based signatures to biometrics like facial recognition or fingerprints, and note that walls or darkness do not prevent detection. This innovation, while potentially useful for smart home sensing or security, raises serious privacy and surveillance concerns. Being identified and monitored via ambient Wi-Fi could erode anonymity in one’s home or public spaces. Experts warn that safeguards and policies will be needed as such through-the-wall sensing technologies advance, to prevent misuse by authoritarian regimes or invasive marketers. (No immediate real-world deployment of WhoFi is expected, but it highlights the growing intersection of AI and physical-world surveillance.) cybersecuritynews.com

Sources: This report references cybersecurity news and analysis from BleepingComputer, Reuters, The Guardian, TechCrunch, CyberSecurity News, and other reputable outlets from July 21–28, 2025, including statements from official sources and experts as cited above. All linked content was accessed to verify facts and obtain direct quotes.

Tags: Cybersecurity, Data Breach, Ransomware