UK now third most targeted nation for malware says new report

The UK has become the world’s third most targeted country for malware, facing over 100 million cyber attacks in just three months, according to NordVPN. Only the US and Canada recorded more activity, with the UK seeing a 7% increase in threats between Q1 and Q2 2025. Attackers are targeting everyday users through phishing emails, fake texts, malicious websites, and malware-laced attachments.

NordVPN’s CTO warns that today’s malware can steal login credentials, hijack webcams, and encrypt files within seconds, often without users realising. The UK’s highly digital economy and high average income make its citizens prime targets.

Attackers are increasingly impersonating major companies like Amazon and Google, as well as government bodies like HMRC, to harvest personal data. Meanwhile, ransomware and identity fraud cases have hit record highs, with some victims losing hundreds of thousands of pounds and organisations suffering thousands of weekly cyber attacks.

Chanel and Pandora hit by customer data breaches

Luxury brands Chanel and Pandora are the latest retailers to suffer cyber attacks resulting in customer data breaches. Chanel confirmed that the breach, identified on 25 July, affected customers in the US, although details remain limited. Pandora also notified customers of a cybersecurity incident on the same day, revealing that attackers accessed names and email addresses via a third-party platform.

While Pandora assured that no passwords or financial data were compromised, security experts have warned that exposed email addresses can still be used for phishing attempts or credential stuffing attacks. Christoph Cemper of AIPRM cautioned that recipients of phishing emails are now at higher risk of being tricked into handing over more sensitive information.

These incidents follow high-profile cyber attacks on Marks & Spencer and Co-op earlier this year. The April breach at M&S forced a seven-week online shutdown and disrupted stock systems, resulting in an estimated £300 million profit loss.

SonicWall VPN flaw likely exploited in ransomware attacks

SonicWall has issued an urgent warning to customers to disable SSL VPN services on Gen 7 firewalls, following reports that ransomware gangs are potentially exploiting an unknown zero-day vulnerability. Researchers first raised the alarm, linking the suspected flaw to a string of Akira ransomware attacks observed since 15 July.

While initial access methods haven’t been confirmed, researchers believe a zero-day exploit is highly plausible. Credential-based attacks have not been ruled out. Security firm Huntress also confirmed that attackers are bypassing MFA and moving swiftly to compromise domain controllers, urging administrators to either disable VPN services or restrict access through IP allow-listing.

SonicWall has responded by recommending several mitigations: disabling SSL VPN where possible, enabling threat detection features, enforcing MFA, and removing unused accounts.

The warning follows a separate advisory to patch SonicWall SMA 100 devices, which are being targeted in attacks attempting to deploy the OVERSTEP rootkit using compromised credentials.

Read our threat advisory here - https://insights.integrity360.com/threat-advisories/sonicwall-zero-day-vulnerability-being-exploited-in-the-wild-apply-advised-mitigations-now

Cisco user data stolen in vishing-based CRM breach

Cisco has confirmed a data breach following a voice phishing (vishing) attack that tricked an employee and led to unauthorised access to a third-party cloud-based CRM system. The attacker stole basic profile information of users registered on Cisco.com, including names, email addresses, phone numbers, user IDs, and organisation details.

The company said no sensitive data, passwords, or confidential customer information was compromised, and its products and services remain unaffected. Cisco immediately terminated the attacker's access and launched an investigation, notifying data protection authorities and affected users where legally required.

The breach appears linked to a wider wave of social engineering attacks on Salesforce CRM users, potentially involving the ShinyHunters group. Other major brands including Adidas, Qantas, Dior, and Chanel have also reportedly been affected.

This marks the second recent security incident for Cisco, which also had to shut down its DevHub portal in October after a misconfiguration exposed non-public customer files.

South Africa named phishing capital, as ClickFix threat surges globally

South Africa has emerged as the global hotspot for phishing attacks, with a new threat report revealing that phishing accounts for 52% of all cyber threats in the country – far above the global average of 28%. The rise is being fuelled by scams impersonating the South African Revenue Service (SARS), with cyber criminals exploiting the 2025 tax season to target citizens through fake audits, refund offers, and legal threats.

Researchers warn that South Africa’s rapid digital transformation has outpaced its cyber defences, making phishing a low-effort, high-reward tactic for threat actors. With digital dependence growing, he stresses the need for widespread cyber awareness training to counter social engineering threats.

The report also highlights the dramatic rise of ClickFix – a deceptive attack technique that grew by 517% globally in just six months. Though less prevalent in South Africa (3%), it is quickly becoming a major threat by tricking users into pasting malicious PowerShell commands disguised as fixes.

Cyberattacks disrupt government services across the Dutch Caribbean

A wave of cyberattacks has hit multiple Dutch Caribbean nations, disrupting critical government operations in Curaçao, Aruba, and Sint Maarten. The incidents began on 24 July, when Curaçao’s Tax Office was struck by ransomware, crippling services including motor vehicle tax processing and customer support systems for weeks. Dutch cybersecurity experts were flown in to assist with recovery.

Soon after, the Joint Court of Justice—responsible for courts across six Dutch Caribbean territories—also reported a major outage, stating it may have missed emails between 23 and 28 July. Meanwhile, Aruba’s Parliament warned the public that its email account was hacked, with phishing messages being circulated.

These attacks follow warnings in the Netherlands about vulnerabilities in Citrix NetScaler, a system widely used in government infrastructure. The region has seen a sharp rise in ransomware activity, prompting Sint Maarten's telecom regulator to urge businesses to boost defences as cyber threats across the Caribbean continue to escalate.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.