Cyber Attack Chaos Hits UK Retail Giant

Good morning, cybersecurity enthusiasts! Today’s roundup brings a mixed bag of high-severity vulnerabilities, emerging zero-day threats, and headline-grabbing attacks that remind us of the ever-evolving digital battleground. As the threat landscape continues to shift, staying informed and compliant is more crucial than ever—something that organisations across Yorkshire, and indeed the UK, can relate to. At Synergos Consultancy, we understand the challenges modern businesses face and are here to help you navigate these turbulent waters with expert ISO and compliance advice.

Emerging Zero-Day Threats in Japan

A particularly concerning development comes from Japan where Chinese threat actors have been observed exploiting the Ivanti ICS zero-day, identified as CVE-2025-0282, to deploy the DslogdRAT malware. This stealthy piece of software is making its way into industrial control systems and has coincided with a spike in 9X ICS scans. Essentially, this means systems that were once thought to be secure are now becoming prime targets. For companies relying on robust ICS environments, extra caution and prompt patching are advised.

Critical Security Vulnerabilities Under the Microscope

The cybersecurity community is buzzing with alerts on several high-risk vulnerabilities:

Commvault’s Command Center Bug

Security researchers have raised alarms over a serious bug in certain versions of Commvault’s Command Center. This flaw, left unpatched in some installations, allows unauthenticated access, potentially exposing critical company data. Given the sensitive nature of backup and recovery solutions, organisations need to ensure their systems are secure to avoid any data breaches.

Quantum StorNext API Risks

The Quantum StorNext Web GUI API, affected in versions prior to 7.2.4, is another headline maker. With a potential for arbitrary remote code execution (CVE-2025-46616), this vulnerability can let an attacker execute malicious code remotely. Administrators using StorNext RYO, Xcellis Workflow Director, or ActiveScale Cold Storage should update immediately to avoid a potentially catastrophic breach.

WordPress and Beyond

For the WordPress community, the Vikinger theme (up to version 1.9.30) suffers from a privilege escalation vulnerability (CVE-2025-2238), enabling attackers to gain administrator-level access from a mere subscriber account. Meanwhile, React Router has faced an HTTP header injection issue (CVE-2025-43865) that could let attackers tweak pre-rendered HTML contents if left unpatched.

Other Notable Software Vulnerabilities

From Spring Security exposing valid usernames (CVE-2025-22234) to a series of alarming vulnerabilities in platforms such as SAP NetWeaver and even YouTubeDLSharp on Windows, the range of critical issues is wide. These include command injection vulnerabilities in D-Link routers (CVE-2025-46272) and unauthorized administrator account creation in Fortinet FortiSwitch devices (CVE-2025-46275). Each issue, with severity ratings well into the high and critical categories, underscores how attackers are relentlessly probing for the weakest link.

Global Cyber Attack Trends

It’s not all about software bugs—there are also waves of cyber attacks making headlines worldwide. In Germany, pro-Russian hacking group NoName has been busy launching DDoS assaults against banks and government websites. Such distributed denial-of-service attacks aim to overwhelm and disrupt vital services, demonstrating that even nations with robust cybersecurity measures aren’t immune.

Not far behind are the actions of the notorious Lazarus Group. Recently, this North Korean threat actor breached six South Korean firms via watering hole attacks using tools like ThreatNeedle. The targeting of diverse sectors—from software and finance to telecommunications—highlights the sophisticated tactics adversaries are deploying to gain critical access.

Hardware and Network Vulnerabilities

Hardware and network equipment are in the crosshairs, too. For example, the ALBEDO Telecom Net.Time software (Serial No. NBC0081P) has a PTP/NTP clock authentication bypass vulnerability (CVE-2025-2185) that might allow password interception over unencrypted connections. Worse still, UNI-NMS-Lite has been identified with multiple authentication bypass issues (CVE-2025-46274, CVE-2025-46273, and CVE-2025-46271) that could let unauthorised administrators not only read but also manipulate vital device data.

In a reality where even the smallest overlooked vulnerability can lead to a major breach, these issues serve as a timely reminder for network administrators to conduct regular reviews and updates of device firmware and configurations.

Other Noteworthy Incidents

Some lighter—if still concerning—mentions include an Apache h11 chunked-coding request smuggling vulnerability (CVE-2025-43859) and a Windows command injection flaw in YouTubeDLSharp (CVE-2025-43858). These vulnerabilities emphasise the ongoing need for secure coding practices and vigilant maintenance of even the less glamorous components of our digital infrastructures.

Meanwhile, a curious slice of modern cyber lore has emerged. One post on a darker humour forum even mused on “hacking crosswalks” and “attacking boilers,” hinting at the bizarre creativity of some modern exploits. While it’s easy to chuckle at such unusual musings, the reality remains that adversaries are constantly innovating—sometimes with unintended and unpredictable consequences.

Cyber Attacks Hit the High Streets

Closer to home, one of the UK’s flagship retailers, Marks & Spencer, faced a notable cyber attack that disrupted click-and-collect orders and payment systems. When giants like M&S come under siege, it serves as a stark reminder that no business is too big—nor too small—to be an attractive target for cybercriminals.

In parallel, the Cybersecurity and Infrastructure Security Agency (CISA) has reinforced its commitment to the Common Vulnerabilities and Exposures (CVE) Programme. Despite rumours of potential funding issues, the message is loud and clear: vigilance and a robust vulnerability database are essential to prevent widescale disruption from emerging threats.

It’s a lot to take in, but every day’s news reaffirms a single fact: cyber threats are evolving in both number and sophistication. Whether it’s zero-day exploits targeting industrial control systems, critical bugs in high-profile software, or orchestrated DDoS attacks, organisations must stay on their toes. And while the details may seem technical, these updates have tangible consequences for everyday operations.

For businesses across the UK, particularly those in regulated sectors or undergoing certification processes, staying compliant and vigilant is not just a best practice—it’s a necessity. At Synergos Consultancy, we’re passionate about helping companies navigate these challenges by providing tailored support, from ISO certifications to GDPR compliance. A proactive approach today can prevent tomorrow’s disruptions.

Whatever your business size or industry, a little extra care goes a long way in keeping the digital doors secure. Stay updated, patch promptly, and keep those systems robust—because in the world of cybersecurity, you never know when the next headline will leap off the screen.