Harrods breach tied to supplier compromise leaks 430,000 records
U.K. retail giant Harrods disclosed a cybersecurity incident after hackers compromised a third-party supplier, leading to the exposure of 430,000 customer records containing sensitive e-commerce information. The stolen data includes customer names, email addresses and potentially purchase history, which could be used in targeted phishing campaigns or identity theft attempts.
Harrods confirmed that the breach was limited to the supplier’s system and that no direct intrusion into Harrods’ internal systems was detected. However, customers are advised to remain vigilant for suspicious emails or contacts.
The incident underscores the risks associated with third-party vendors and supply-chain security, highlighting the importance of continuous monitoring and endpoint protection.
Critical Linux sudo vulnerability exploited for root access
The Cybersecurity and Infrastructure Security Agency (CISA) warned of a critical vulnerability in the Linux sudo package (CVE-2025-32463) that allows attackers to execute commands with root-level privileges, even if not listed in the sudoers file.
The vulnerability has a CVSS score of 9.3, indicating its critical nature. Exploitation of this flaw can lead to unauthorized root access, potentially compromising the entire system.
Systems running vulnerable versions of the sudo package are at risk. Administrators are urged to identify and patch affected systems promptly. CISA recommends updating to sudo version 1.9.17p1 or later to mitigate the risk associated with this vulnerability.
MatrixPDF toolkit weaponizes PDFs for phishing and malware delivery
A newly observed toolkit named MatrixPDF enables attackers to weaponize ordinary PDF files — turning them into convincing phishing lures that deliver malware or harvest credentials.
The toolkit helps create PDF content that appears legitimate (branding, form fields, fake invoices / notifications), while embedding or linking to malicious payloads (e.g., downloader stagers, fake login forms or links to weaponized archives). Attackers can use social engineering inside the PDF (urgent billing, account lockouts) to trick users into enabling macros, visiting malicious URLs or entering credentials.
Malicious PDFs are pushed via phishing emails, malvertising landing pages and compromised websites — often tailored to specific industries or targets. The payload stage commonly leads to loaders, RATs, or credential harvesters.
GoAnywhere zero-day exploited in active attacks on MFT servers
A critical zero-day in the GoAnywhere managed file transfer (MFT) product is being actively exploited in the wild. Successful exploitation allows attackers to execute arbitrary code on vulnerable servers with high privileges.
GoAnywhere MFT is used to move and manage files (often sensitive financial, HR, or operational data) across organizations. A remotely exploitable RCE in MFT software gives attackers direct access to exfiltrate, tamper with or deploy ransomware on systems that handle high-value data. The severity is rated at the top of the scale due to both ease of exploitation and the sensitive nature of systems involved.
Attackers are scanning for exposed GoAnywhere instances and sending crafted requests that trigger the flaw, achieving remote code execution. Evidence shows real-world compromise attempts and follow-on activity (data theft, lateral movement). Because MFT servers often have elevated network access and privileged credentials to downstream systems, successful exploitation can lead to widespread compromise.
Red Hat investigates breach after hackers leak GitHub data
A group calling itself Crimson Collective claims to have breached Red Hat’s private GitHub repositories, exfiltrating nearly 570GB of compressed data across 28,000 internal projects.
The attack allegedly targeted internal Red Hat source code, potentially exposing proprietary software and intellectual property.
Red Hat has confirmed an incident and says they are investigating to assess the scope and possible impact. The breach raises concerns about supply-chain risk, since Red Hat components are widely used in enterprise Linux distributions and cloud stacks.
