Cybersecurity Insights series: February 2026 – this month in cybersecurity

Welcome to our Cybersecurity Insights blog, where we break down the most impactful cyber events shaping today’s threat landscape. February 2026 delivered several high-profile breaches across hospitality, sports, and education – each illustrating the diverse motivations and methods driving today’s cybercriminal operations.

Craig Lusher examines three major incidents that captured attention this month.

Wynn Resorts: Employee data breach tied to ShinyHunters extortion campaign

Luxury Las-Vegas based hospitality operator Wynn Resorts confirmed a data breach after its name appeared – and was later removed – from the ShinyHunters leak site. It is believed that an unauthorized third party accessed over 800,000 employee records, including personally identifiable information such as Social Security numbers.

The ShinyHunters group claimed responsibility, threatening to publish the data unless Wynn made contact before February 24, 2026, and reportedly demanded a ransom.

Reports suggest that the ransom demand was roughly $1.5 million.

Although Wynn has not confirmed payment, the attackers later stated the stolen data had been deleted – an assertion security researchers note often implies a completed negotiation.

Wynn reports that operations and guest services were unaffected, and the company is offering credit monitoring and identity protection services to impacted employees.

The active ShinyHunters group is believed to have targeted more than 100 organizations across its campaigns, utilizing vishing and compromised SSO credentials.

C8 Secure perspective

The ShinyHunters group is well documented for using vishing (voice phishing) and compromised SSO credentials as their primary entry points. Defending against these techniques requires a combination of people, process, and technology working together.

On the human side, regular security awareness training combined with realistic phishing and vishing simulations helps staff recognize social engineering attempts before credentials are handed over. C8 Secure’s SafeBait managed service delivers exactly this, providing customized vishing, phishing, smishing, and quishing simulations tailored to an organization’s specific language, culture, and operational procedures, alongside interactive training modules that build long-term behavioral change.

From a technical standpoint, 24/7 monitoring is essential for detecting compromised credential usage. C8 Secure’s M-SOC service provides continuous monitoring across identity systems, endpoints, and network activity, using behavioral analysis and threat intelligence to flag anomalous access patterns such as unusual login locations, privilege escalation, or bulk data access that might indicate stolen credentials being put to use. When combined with our EDR/MDR solution, which prevents both known and unknown threats at the endpoint using machine learning and behavioral analysis, organizations gain the ability to detect and contain threats before large-scale data exfiltration occurs.

The scale of this breach, over 800,000 employee records including Social Security numbers, also reinforces the need for organizations to understand where their sensitive data resides and who has access to it. Regular security assessments, including VAPT exercises, help identify weaknesses in access controls and data handling before attackers find them.

Olympique Marseille: Cyberattack exposes supporter and staff data

French Ligue 1 football club Olympique de Marseille (OM) confirmed it was the target of a cyber attack after a threat actor leaked a sample of stolen data online. The attacker claims to have accessed a database of approximately 400,000 individuals, including names, addresses, emails, phone numbers, and order information, as well as over 2,050 Drupal CMS accounts.

OM stated that no banking information or passwords were compromised and that systems were quickly secured thanks to rapid mobilization of internal teams and specialist providers. The club has notified the French data protection authority (CNIL), filed a complaint, and urged supporters to remain vigilant against phishing attempts.

C8 Secure perspective

The compromise of over 2,050 Drupal CMS accounts alongside a database of approximately 400,000 individuals points to weaknesses in web application security, a common and often underestimated attack surface. Content management systems like Drupal are frequent targets because they are internet-facing, regularly contain known vulnerabilities, and are often left unpatched or misconfigured.

C8 Secure’s Cloud WAAP (Web Application and API Protection) is designed to address precisely this risk. Powered by Fortinet and deployed across our global network, it protects web applications against the OWASP Top 10, zero-day exploits, SQL injection, cross-site scripting, and malicious bot activity. AI-based machine learning self-tunes to the specific application being protected, meaning it adapts to the organization’s environment rather than relying solely on generic rule sets. For organizations running public-facing platforms, particularly those handling customer data at scale, this kind of protection should be considered a baseline rather than an optional extra.

Beyond real-time protection, regular Vulnerability Assessment and Penetration Testing (VAPT) would help identify weaknesses in CMS configurations, authentication mechanisms, and data access controls before they can be exploited. C8 Secure’s VAPT services combine manual and automated testing across web applications, APIs, and infrastructure, with findings mapped to a risk register and prioritized remediation guidance provided to both technical and executive stakeholders.

OM stated that no banking information or passwords were compromised, which is positive, but the volume of personal data exposed, names, addresses, emails, phone numbers, and order information, is more than sufficient for targeted phishing campaigns against affected supporters. Organizations holding this type of data should also consider how 24/7 SOC monitoring could detect unusual database queries or bulk data exfiltration in progress, providing the opportunity to contain a breach before its full impact is realized.

La Sapienza University, Rome: Major outage following suspected ransomware attack

One of Europe’s largest universities, La Sapienza University of Rome, was knocked offline for several days after an apparent ransomware attack. The university shut down its systems as a precaution, reporting disrupted access to email, workstations, student portals, and core academic services.

Italian outlet Il Corriere della Sera reported that the attack was carried out by a previously unknown group called “Femwar02,” allegedly using BabLock (Rorschach) ransomware. The attackers reportedly delivered a ransom demand containing a 72-hour countdown timer triggered upon opening a provided link.

Despite the disruption, exams continued with manual workarounds, and the university began restoration efforts using unaffected backups. As of reporting, the university website and several services remained down while national authorities investigated the incident.

C8 Secure perspective

The use of BabLock (also known as Rorschach) ransomware is notable here. It is recognized for its unusually fast encryption speed, which means the window between initial execution and full impact is extremely narrow. This makes prevention and early detection far more important than relying on response alone.

C8 Secure’s EDR/MDR solution addresses this directly. Unlike traditional antivirus that relies solely on signature-based detection, our endpoint protection uses machine learning, behavioral analysis, and external threat intelligence to prevent both known and unknown threats, including ransomware. Behavior-based ransomware prevention is specifically designed to block encryption activity before it can spread across a disk or network share. Our managed detection and response team works around the clock as an extension of the customer’s own team, continuously monitoring endpoints and responding to threats following customer-defined playbooks.

Sitting alongside endpoint protection, C8 Secure’s M-SOC service provides the broader visibility needed to detect the precursors to a ransomware attack, such as lateral movement, privilege escalation, or command-and-control communications, often days before the ransomware payload is deployed. Our SIEM platform correlates events across endpoints, network devices, and cloud environments in real time, with automated SOAR workflows enabling rapid containment actions such as isolating compromised devices and blocking malicious traffic.

It is worth noting that La Sapienza was able to restore services using unaffected backups, which is a positive outcome and a reminder that tested, verified backup strategies remain one of the most effective defenses against ransomware. However, backups are a last resort, not a strategy in themselves. Regular security audits and VAPT exercises help identify the gaps that ransomware operators look for during initial access and lateral movement, while ongoing vulnerability scanning ensures that known weaknesses are addressed promptly. The goal should be to stop the attack before encryption begins, and that requires layered defenses working together across prevention, detection, and response.

Final thoughts

February’s incidents share a common thread: in each case, the attackers exploited gaps that existing security measures either missed or couldn’t respond to quickly enough. Stolen SSO credentials at Wynn, an exposed CMS platform at Olympique Marseille, and rapid-encryption ransomware at La Sapienza each represent a different attack vector, but all three were preventable with the right combination of technology, monitoring, and testing in place.

Organizations must invest in:

• Layered defenses across identity, endpoints, and networks
• Continuous monitoring and rapid incident response
• Resilient operational planning and tested backup strategies
• Security awareness programs tailored to staff, fans, students, and frontline personnel

Cybersecurity solutions for a safer tomorrow

For more information on how C8 Secure can support your cybersecurity initiatives, email info@c8secure.com or fill out our Contact Us page.

Let’s Get Started

Cybersecurity Insights series: January 2026 – this month in cybersecurity

Welcome back to our Cybersecurity Insights blog, where we break down the most impactful cyber events shaping today’s threat landscape. January 2026 began with significant turbulence across the digital ecosystem, highlighting once again how cybercriminals continue to exploit trust, technology, and operational dependencies across industries.

Craig Lusher examines three major incidents that captured attention this month.

Crunchbase breach: ShinyHunters exfiltrate over 2 million records

Market intelligence platform Crunchbase confirmed a substantial data breach after the ShinyHunters cybercrime group published a 400MB archive of compressed files and stolen data online. The attackers claim to have accessed over 2 million personal and corporate records, including PII, contracts, and internal documentation. The intrusion was part of a broader campaign that has also impacted platforms such as SoundCloud and Betterment.

Crunchbase reported that while business operations were not disrupted, a threat actor had exfiltrated “certain documents” from the corporate network and published them following a failed extortion attempt. The organisation is now working with federal authorities and cybersecurity experts to assess the scope of exposure.

C8 Secure perspective

Breaches of this nature almost always trace back to credential compromise or social engineering, and cloud-based SaaS platforms are particularly exposed when single sign-on environments are misconfigured or lack phishing-resistant MFA. The exfiltration of over 2 million records also suggests the attackers had sustained access before being detected, which points to gaps in monitoring for unusual data movement patterns. This is exactly the kind of activity that a well-tuned SIEM with behavioral analytics should catch, correlating authentication anomalies with abnormal data transfers before they reach this scale.

Our own M-SOC service integrates with over 800 external threat feeds for this reason, and our Cyber Threat Exchange gives customers in regulated industries early visibility into credential dumps and dark web activity that often precedes these campaigns. The voice-based social engineering element is also worth noting. Groups like ShinyHunters increasingly use vishing to bypass technical controls entirely, which is why we run tailored vishing and phishing simulations through our SafeBait program. Technology alone won’t solve this if staff aren’t prepared for the call that sounds entirely legitimate.

AZ Monica Hospital, Belgium: Ransomware disruption halts operations

Belgium’s AZ Monica Hospital suffered a severe cyber attack that forced the shutdown of all IT systems across its Antwerp and Deurne campuses. The incident caused widespread operational disruption, including the cancellation of scheduled surgeries, a halt to electronic patient records, and the transfer of critical-care patients to nearby hospitals with Red Cross support.

The hospital proactively shut down servers to contain the attack, resulting in reduced emergency department capacity and a temporary shift to manual processes for patient registration. Local reports suggest ransomware may be involved, though this has not been officially confirmed.

C8 Secure perspective

When an organization is forced to cancel surgeries and redirect patients, it is a reminder that ransomware is not just an IT problem but an operational and safety issue. The pattern here is familiar: attackers gain access, move laterally, and deploy encryption across production systems before anyone intervenes. The time between initial access and deployment is where defenders have the best opportunity to act, but only if monitoring is continuous and response is fast enough.

Our approach through the M-SOC combines 24/7 analyst coverage with automated containment through our SOAR platform, which can isolate compromised endpoints within seconds rather than waiting for manual escalation. At the endpoint level, behavioral detection is what matters most against ransomware, catching the encryption behavior itself rather than relying on known signatures. That said, detection is only half the picture. Many organizations discover during an incident that their network segmentation is inadequate, or their backup restoration process has never been properly tested. Regular security assessments and penetration testing help identify these weaknesses before an attacker does. Healthcare may have been the target here, but any organisation dependent on real-time system access faces the same risk profile.

Microsoft Office Zero-Day: Emergency patch issued amid active exploitation

Microsoft released an out-of-band emergency patch to address CVE-2026-21509, a high-severity zero-day vulnerability actively exploited in the wild. The flaw enables attackers to bypass critical COM/OLE security controls in Microsoft Office and Microsoft 365, allowing malicious documents to execute code once opened by a user.

Attackers must convince a victim to open a specially crafted Office file – typically delivered via highly targeted phishing or social engineering. While Office 2021 and later versions benefit from automatic server-side protections, users of Office 2016 and 2019 must apply patches manually or implement registry-based mitigations. The vulnerability has been added to CISA’s Known Exploited Vulnerabilities catalogue, with federal agencies required to patch by February 16, 2026.

C8 Secure perspective

Document-based attacks remain effective because they exploit something no patch can fully fix: the fact that people open Office attachments as part of their daily work. The attacker’s challenge is simply making the email convincing enough, and targeted social engineering has become very good at that. From a defensive standpoint, there are two things that matter here. First, endpoint protection needs to catch malicious macros and embedded payloads before they execute, not after. Machine learning-based detection that analyses document behavior pre-execution is more reliable than signature-based approaches for zero-day exploits like this one. Second, patching speed makes a real difference.

Organizations still running Office 2016 or 2019 face a manual patching burden that creates extended exposure windows, and our SOC analysts actively monitor for exploitation indicators tied to newly disclosed CVEs so that detection rules can be updated quickly. On the human side, regular simulation exercises that train staff to spot coercive or urgent email tactics reduce the likelihood of someone opening the malicious document in the first place. None of these measures work in isolation but taken together they significantly narrow the window of opportunity for this type of attack.

Final thoughts

January 2026 reinforces a familiar truth: cyber threats continue to evolve rapidly, targeting the intersection of human trust, critical infrastructure, and ubiquitous enterprise software. Whether it’s high-volume data exfiltration, operational disruption in life-critical environments, or targeted exploitation of widely deployed productivity tools, organisations must adopt layered defences, rapid detection and response capabilities, and resilient operational planning.

Cybersecurity solutions for a safer tomorrow

For more information on how C8 Secure can support your cybersecurity initiatives, email info@c8secure.com or fill out our Contact Us page.

Let’s Get Started

Cybersecurity forecast for iGaming in 2026

Introduction: Trust at the core of iGaming

In the iGaming industry, trust is everything – not just for players, but for the entire ecosystem of operators, suppliers, and technology providers. Players expect seamless experiences, secure transactions, and confidence that their personal data is protected. At the same time, suppliers and platform partners demand robust cybersecurity standards and transparent risk management to safeguard their own systems and reputations. Yet, as the sector grows – driven by new markets, mobile-first platforms, and real-time betting – the attack surface expands exponentially. Cybercriminals have noticed. From ransomware groups to phishing campaigns, the industry is now a prime target for sophisticated attacks that exploit both technology and human behavior.

The state of play: Rising threats and escalating Costs

Recent analysis shows a 400% surge in cyber incidents impacting casino operators and gambling businesses since early 2025. The cost of downtime during a major sporting event can exceed $6,000 per minute, and phishing attacks have grown by 180% since 2023. These numbers underscore a stark reality: the iGaming ecosystem is under siege.

The past year has been a wake-up call for the industry. In July 2025, Flutter Entertainment, owner of Paddy Power and Betfair, confirmed a breach affecting up to 800,000 users, exposing personal data such as IP addresses and betting activity. In March, Merkur Group, a major European casino operator, suffered a catastrophic incident that compromised sensitive data across multiple platforms, including payment details, identity verification documents, and over 70,000 ID scans, all due to misconfigured back-end interfaces. Beyond data theft, account takeover attacks surged by 42% in Q1 2025, with one European betting platform losing €1.7 million in just 48 hours before detection. These examples illustrate a clear trend: attackers are exploiting both technical vulnerabilities and human factors, and the financial and reputational stakes have never been higher.

Why is the industry a target? Because it offers two things that attackers value most – money and data. Every payment gateway, affiliate integration, and game studio aggregation introduces new vulnerabilities. Add to this the complexity of real-time transaction engines, regulatory reporting systems, and third-party content providers, and you have an environment where a single weak link can compromise the entire chain.

Now that I have set the scene, here’s what I believe will shape cybersecurity in iGaming in 2026.

Prediction 1: AI will reshape both attack and defense

Artificial Intelligence is the double-edged sword of cybersecurity. In 2026, expect AI-driven attacks – deepfakes, automated intrusions, and identity-centric exploits – to become mainstream.

On the defensive side, AI will power advanced threat hunting, anomaly detection, and predictive analytics. Operators will deploy machine learning models to identify fraudulent transactions in real time and detect behavioral anomalies before they escalate. But securing AI itself will be critical as attackers are already targeting AI systems to turn them into insider threats.

Prediction 2: Cybersecurity becomes a core business metric

Cybersecurity will move from being a compliance checkbox to a strategic KPI. This is a welcome shift for the industry. Regulators are demanding real-time, machine-readable compliance data, while players increasingly view security as part of the user experience. Seamless onboarding, frictionless withdrawals, and transparent data handling will become loyalty drivers.

Prediction 3: Collective defense through intelligence sharing

The complexity of today’s threat landscape means no single operator can fight alone. Intelligence sharing will become the cornerstone of industry-wide defense. This is where Continent 8’s Threat Exchange sets a new benchmark.

Launched in late 2025, Threat Exchange is the industry’s first dedicated cyber threat intelligence (CTI) platform, engineered specifically for iGaming and online sports betting. It processes billions of signals daily, delivering real-time, actionable insights to operators, platform providers, and regulators.

Key capabilities include:

• Gaming-specific indicators of compromise (IOCs): Detect threats missed by general CTI platforms (over 70% of gaming attack patterns are unique).
• Automated investigations: Reduce alert fatigue and prioritize high-risk threats.
• Threat actor profiling: Understand behaviors, tactics, and attack vectors.
• Collective defense: Seamless sharing of intelligence across the global gaming ecosystem.
• Expert-curated reports: High-value assessments to strengthen security posture.

As I often say, “Threat Exchange is changing the game.” By leveraging our position as the industry’s trusted cybersecurity and hosting partner, we transform vast datasets into clear, actionable intelligence. This isn’t just about detecting threats – it’s about anticipating them and enabling proactive resilience.

Prediction 4: Regulation tightens, compliance automates

Jurisdictions from Brazil to Finland are introducing competitive licensing models, while established markets like the UK are tightening advertising and security requirements. Compliance will increasingly rely on API-driven automation, enabling operators to feed regulators real-time data on transactions, safer gambling measures, and incident response.

To thrive in this environment, operators should:

1. Invest in intelligence: Join platforms like Threat Exchange to gain real-time visibility.
2. Embed AI responsibly: Use AI for defense, but secure AI systems against exploitation.
3. Adopt zero trust principles: Assume breach, verify continuously.
4. Automate compliance: Integrate regulatory APIs for real-time reporting.
5. Prioritize player trust: Make security seamless and transparent.

Conclusion: From reactive to proactive

Cybersecurity in iGaming is no longer about reacting to incidents – it’s about anticipating them. Those who harness intelligence, embrace collaboration, and embed security into every layer of their operations will not only survive but lead.

For more information on how C8 Secure can support your cybersecurity initiatives, email info@c8secure.com or fill out our Contact Us page.

Let’s Get Started

Cyber Insights series: October 2025 – this month in cybersecurity

Welcome back to our monthly Cybersecurity Insights blog series, where we break down the most impactful cyber events shaping the global threat landscape. October 2025 saw a wave of targeted attacks across education, aviation, and iGaming – highlighting the evolving tactics of threat actors and the critical need for sector-specific resilience.

Craig Lusher, Product Principal of Secure Solutions, dives into three major incidents that dominated headlines during the month.

Harvard University: Zero-day exploit hits academic giant

Harvard University is investigating a breach linked to the cybercrime campaign targeting customers of Oracle’s E-Business Suite (EBS) solution. The ransomware group is believed to be Clop.

The breach was listed on a data leak website on October 12 with over 1 Tb of information allegedly stolen. The attackers targeting Oracle’s customers are linked to the exploitation of known and zero-day vulnerabilities, as well as the deployment of sophisticated malware.

Harvard confirmed that the vulnerability exploited by the hackers has now been patched.

C8 Secure perspective: This incident is a stark reminder of how unpatched systems and legacy software can become entry points for sophisticated attacks. It also shows the increased risk posed by software supply chain vulnerabilities.

WestJet: 1.2 million passengers affected in data breach

While the data breach took place earlier in the year, Canada’s second-largest airline, WestJet, recently disclosed a breach affecting 1.2 million passengers. The airline found that a range of customers’ personal information was accessed by the third party, including names, contact details and information provided when making reservations for travel.

The airline has notified affected individuals and launched a forensic investigation in collaboration with federal authorities. But details on how the attack was carried out were not shared.

C8 Secure perspective: There have been several high-profile cyber incidents in aviation and the travel industry in recent months. Generally, we are seeing cybercriminals target data theft rather than operational disruption.

Fast Track: Isolated attack on iGaming CRM platform

Fast Track, a leading CRM provider for the iGaming industry, reported an isolated cyber attack targeting its infrastructure, specifically targeting two clients operating on its platform. The company confirmed that no customer data was compromised and that the incident was contained swiftly.

C8 Secure perspective: Fast Track’s response demonstrates the value of preparedness and rapid containment. In high-velocity industries like iGaming, where uptime and trust are paramount, proactive defense and transparent communication are key to maintaining customer confidence.

Key takeaways

• Patch management is non-negotiable: Harvard’s breach shows how delays in applying security updates can have serious consequences.
• Third-party risk is growing: Many incidents we are seeing underscore the importance of vendor oversight.
• Preparedness pays off: Fast Track’s swift containment highlights the benefits of layered security and incident response planning.

Cybersecurity solutions for a safer tomorrow

As we approach year-end, organizations must double down on cyber hygiene, vendor risk management, and threat detection capabilities. The threat landscape is evolving – so must our defenses.

For more information on how C8 Secure can support your cybersecurity initiatives, email info@c8secure.com or fill out our Contact Us page.

Let’s Get Started

Cyber Insights series: September 2025 – this month in cybersecurity

Welcome back to our monthly Cybersecurity Insights blog series, where we break down the most impactful cyber events shaping the global threat landscape. September 2025 was a stark reminder of how cyber attacks can ripple across industries – from healthcare and automotive to national infrastructure – causing disruption and financial loss.

Craig Lusher, Product Principal of Secure Solutions dives into three major incidents that dominated headlines during the month.

FinWise insider breach: 689,000 customers exposed

In a stark reminder of the risks posed by insider threats, FinWise Bank disclosed a breach affecting 689,000 customers of American First Finance (AFF). A former employee accessed sensitive customer data – including names, Social Security numbers, and financial account details.

The breach, discovered in June 2025, originated from residual access privileges left in an archived service account. The insider used direct SQL queries and unmonitored API endpoints to exfiltrate data from AFF’s production database.

Affected individuals have been offered 12 months of complimentary identity theft protection and credit monitoring. But multiple class action lawsuits have already been filed against FinWise. The company has since implemented stricter access controls, forensic monitoring, and quarterly security audits to prevent future incidents.

C8 Secure perspective: The FinWise breach is a textbook example of how residual access, unmonitored endpoints, and insufficient offboarding protocols can lead to massive data exposure. Insider threats – whether malicious or accidental – are among the most difficult to detect and prevent, especially in financial services where data sensitivity is high and regulatory scrutiny is intense.

Jaguar Land Rover: A billion-dollar shutdown

On September 1, Jaguar Land Rover (JLR) was forced to halt production across its UK facilities following a sophisticated cyber attack attributed to the hacker collective “Scattered Spider,” also known as LAPSUS$ and ShinyHunters.

The attack disrupted over 800 systems, impacting manufacturing, retail operations, and supply chains. Production losses are estimated at $6.6 million per day, with total damages potentially exceeding $2.67 billion. The UK government stepped in with a £1.5 billion loan guarantee to stabilize the supply chain and support affected suppliers.

C8 Secure perspective: While JLR has begun a phased restart of operations, the incident serves as a wake-up call for the automotive industry. As vehicles become more connected and reliant on digital infrastructure, robust cybersecurity measures are no longer optional – they’re essential.

Heathrow airport cyber attack: Aviation disrupted across Europe

On the night of September 19, a cyber attack on Collins Aerospace’s Muse platform – a cloud-based check-in and boarding system – crippled operations at Heathrow, Brussels, and Berlin airports. The incident forced airlines to revert to manual check-in procedures, resulting in hundreds of delays, dozens of cancellations, and frustrated passengers across Europe.

While aviation safety and air traffic control were unaffected, the disruption exposed the fragility of legacy systems still in use at many airports. Heathrow reported that 90% of flights experienced delays, with an average wait time of 34 minutes.

C8 Secure perspective: Though no data breach was reported, the attack has raised concerns about third-party vulnerabilities and the need for modernized, resilient infrastructure in aviation. Speculation about state-sponsored involvement remains unconfirmed, but the incident has prompted calls for greater transparency and investment in cybersecurity across the sector.

Key takeaways

• Supply chain resilience is critical: JLR’s shutdown impacted thousands of jobs and suppliers.
• Transportation infrastructure is vulnerable to third–party failures.
• Insider threats are often overlooked, but the FinWise breach shows how damaging they can be – especially when access controls are not rigorously enforced.

Cybersecurity solutions for a safer tomorrow

As we move into Q4, organizations must prioritize proactive cybersecurity strategies, invest in resilient infrastructure, and ensure incident response plans are tested and ready. The stakes have never been higher.

For more information on how C8 Secure can support your cybersecurity initiatives, email info@c8secure.com or fill out our Contact Us page.

Let’s Get Started

Cyber Insights series: August 2025 – this month in cybersecurity

In this Cybersecurity Insights blog series, Craig Lusher, Product Principal of Secure Solutions at C8 Secure, explores the latest cybersecurity developments, threat trends and actionable strategies to mitigate emerging risks.

Craig provides an assessment of significant cybersecurity developments in August, highlighting critical incidents such as the ongoing cyber attacks by the threat actor ShinyHunters, the devastating impact of targeted phishing campaigns, the occurrence of cyber threats beyond enterprise boundaries and instances involving repeat cyber attack victims.

ShinyHunters’ sustained attack activity

In the previous Cyber Insights blog, we reported ShinyHunters as being responsible for a series of attacks against a number of global luxury and retail brands. These instances are now understood to be part of a coordinated social engineering campaign targeting Salesforce CRM environments. The tactic: attackers pose as IT support staff, instructing employees to enter a provided code into Salesforce’s “Connect an App / enter code” interface and grant them access to CRM records via the Salesforce API.

These sophisticated social engineering tactics have resulted in further breaches in August, most notably at Google (August 5) and Workday (August 6) – the latter a leading provider of enterprise cloud applications for finance, HR and workforce management. Google disclosed that the affected data was “basic and largely publicly available business (contact) information,” while Workday reported that only “commonly available business contact information” was exposed. This incident follows a growing roster of high-profile victims, including Adidas, Allianz, Cisco, Dior, LifePandora, Louis Vuitton, Qantas and Tiffany.

C8 Secure perspective: The human element continues to be the most significant vulnerability in cybersecurity defense. To address this risk, we recommend employee training programs focused on recognizing and responding to phishing tactics, conducting frequent phishing simulations to identify potential weaknesses, deploying advanced mobile endpoint protection, enforcing robust multi-factor authentication (MFA) and maintaining vigilant monitoring of account activities for anomalous or unauthorized behavior.

New York-based luxury property firm defrauded in $19M phishing incident

Milford Entities/Management Company, a prominent NYC firm managing luxury properties, reportedly lost nearly $19 million as a result of a single phishing email received in early July. The phishing message led to the inadvertent transfer of the enormous sum to a fraudulent bank account under the name of Battery Park City Authority. The Department of Homeland Security has since launched a multi-agency investigation into the attack.

C8 Secure perspective: This incident illustrates the effectiveness and potentially catastrophic impact of phishing attacks – with profound financial, operational and reputational consequences. Enterprises and organizations must continue to prioritize the development of a robust ‘human firewall’ by deploying the strategic measures as outlined in the aforementioned ShinyHunters case.

University breach locks out staff and students

During the weekend of August 9, the University of Western Australia (UWA) – a leading Australian academic institution – experienced a data breach that compromised password credentials for thousands of staff and students. In response, all accounts were immediately locked and passwords reset. The school has reported that there is currently no evidence that additional data was accessed, and academic activities continued as scheduled.

C8 Secure perspective: UWA’s Chief Information Officer, Fiona Bishop, stated that the university is intensifying its cybersecurity posture in the face of escalating sector-wide threats. In addition to these efforts, we recommend UWA adopting a proactive cybersecurity model, which includes regular vulnerability assessment and penetration testing (VAPT), continuous network monitoring for anomalous behavior and automated incident response to isolate compromised systems and mitigate risks in real time.

French retailer Auchan experiences another data breach

On August 21, French retailer Auchan was subjected to a cyber attack resulting in the exposure of loyalty account information for several hundred thousand customers. While names, email addresses, phone numbers and loyalty card numbers were compromised, sensitive information such as bank details, loyalty card PINs and rewards points remain secure. The company acted swiftly to notify impacted customers. Notably, this is Auchan’s second major breach involving customer loyalty data within a year, with a similar incident in November 2024.

C8 Secure perspective: Auchan has responded with a series of immediate security enhancements, including the expedited rollout of MFA for internal systems, improved network monitoring and mandatory cybersecurity training for all personnel. While these steps are commendable, we also recommend instituting ongoing security audits, thorough internal and external assessments and scheduled pen testing to proactively identify and remediate security gaps. Leveraging a 24/7 Security Operations Center (SOC) with advanced threat detection and SIEM capabilities would also help facilitate early threat identification and comprehensive incident mitigation, helping to prevent future attacks.

Cybersecurity solutions for a safer tomorrow

C8 Secure provides comprehensive, multi-layered threat prevention, detection and response solutions to secure your organization’s digital assets in the face of evolving cyber threats.

For more information on how C8 Secure can support your cybersecurity initiatives, email info@c8secure.com or fill out our Contact Us page.

Let’s Get Started

Cyber Insights series: July 2025 – this month in cybersecurity

In this Cybersecurity Insights blog series, Craig Lusher, Product Principal of Secure Solutions at C8 Secure, explores the latest cybersecurity developments, threat trends and actionable strategies to mitigate emerging risks.

Craig provides an in-depth analysis of key cybersecurity developments in July, covering critical incidents such as a high-impact Microsoft SharePoint vulnerability, an emerging PDF-based QR code phishing campaign, a major ransomware event targeting a leading global technology distributor and a significant data breach involving a prominent luxury retail brand.

Hundreds of organizations impacted by zero-day Microsoft SharePoint vulnerability

On 21 July, it was reported that an unconfirmed threat actor exploited a zero-day vulnerability in Microsoft’s SharePoint collaboration platform, compromising at least 400 organizations – including the National Nuclear Security Administration (NNSA), the US federal agency responsible for the nation’s nuclear stockpile.

The vulnerability, designated CVE-2025-53770, affects self-hosted SharePoint deployments. Successful exploitation enables remote code execution, granting unauthorized access to stored files and potentially to systems across the affected company’s network.

C8 Secure perspective: The zero-day incident – a vulnerability that was actively exploited before Microsoft had the opportunity to release patches – has since been mitigated with security updates for all affected SharePoint versions, and ongoing, automated patch management remains essential to closing gaps as soon as they are discovered. We also recommend a proactive cybersecurity strategy that includes actively searching for vulnerabilities within your environment, continuously monitoring network activity for anomalies, and leveraging automated response mechanisms to isolate compromised devices, block malicious traffic and implement immediate countermeasures.

PDF-based QR code attacks bypass detection, harvest credentials

Researchers have recently identified a sophisticated wave of QR code phishing attacks, also referred to as “quishing,” in an active campaign known as “Scanception.” This threat leverages carefully crafted emails containing PDF attachments that emulate legitimate enterprise communications. Recipients are prompted to scan embedded QR codes, which redirect to credential-harvesting websites designed to compromise sensitive information. Over the past three months, the researchers have detected more than 600 unique phishing PDFs and correlated email campaigns, highlighting a sustained and evolving risk to enterprise environments.

C8 Secure perspective: The human element continues to be an organization’s weakest link when it comes to cybersecurity. To strengthen this soft spot, we advise conducting employee training to recognize and respond to phishing attempts, implementing regular phishing simulations to identify vulnerabilities, applying mobile endpoint protection against evolving threats, adopting multi-factor authentication to enhance account security and monitoring account activity for unusual or unauthorized behavior.

SafePay ransomware hits Ingram Micro, disrupting operations

On July 5, global technology distributor Ingram Micro confirmed a ransomware attack impacting its internal systems. Subsequent disclosures on July 30 indicated that the group known as SafePay claimed responsibility, asserting the exfiltration of approximately 3.5 terabytes of company data and threatening disclosure within a three-day timeframe.

C8 Secure Perspective: Protecting operations against sophisticated cyber threats requires a rigorous, multi-layered cybersecurity strategy encompassing both advanced technologies and organizational best practices. Core components of an effective framework include:

• Conducting regular security audits, comprehensive internal/external assessments and scheduled VAPTs
• Utilizing a 24/7 Security Operations Center (SOC) equipped with robust threat detection, security information and event management (SIEM) and efficient alert triage
• Developing and maintaining documented incident detection, response and recovery protocols
• Delivering ongoing cybersecurity training and awareness initiatives to all stakeholders
• Training personnel to identify phishing, social engineering and other common threat vectors
• Enforcing strong cyber hygiene, including routine software updates, proactive patch management and implementation of multi-factor authentication (MFA)
• Strengthening supply chain security through comprehensive third-party risk assessment and continuous monitoring
• Ensuring adherence to applicable cybersecurity regulations and industry standards

Louis Vuitton targeted in multi-country customer data breach

On July 2, Louis Vuitton confirmed a cyber attack that led to the exposure of customer data across several countries. The ShinyHunters cybercrime group is alleged to be responsible, with affected customers in Italy, South Korea, Sweden, Turkey, and the United Kingdom. While details regarding any ransom demand remain unknown, Louis Vuitton has advised vigilance regarding suspicious communications and is undertaking an internal review. This attack forms part of a wider campaign targeting luxury and retail brands, with other LVMH (Moët Hennessy Louis Vuitton) brands such as Dior and Tiffany, and major retailers including Adidas and Victoria’s Secret, also recently impacted.

C8 Secure perspective: The luxury giant responded that it had “implemented technical measures to contain the incident and terminate the threat actor’s access.” To further fortify breach prevention and incident response, we recommend organizations conduct comprehensive security assessments – including cybersecurity audits, Vulnerability Assessment and Penetration Testing (VAPT) and ongoing vulnerability scans (V-Scans) – to identify and remediate risks, maintain regulatory compliance and support long-term cyber resilience.

Cybersecurity solutions for a safer tomorrow

C8 Secure provides comprehensive, multi-layered threat prevention, detection and response solutions to secure your organization’s digital assets in the face of evolving cyber threats.

For more information on how C8 Secure can support your cybersecurity initiatives, email info@c8secure.com or fill out our Contact Us page.

Let’s Get Started