M&S confirmed that a sophisticated impersonation attack led to a ransomware breach of their network, attributed to the DragonForce ransomware operation. The attackers tricked a third-party IT support company into resetting an employee's password, allowing access to M&S systems, which resulted in data theft and system shutdowns. M&S has not disclosed whether a ransom was paid or not, citing public interest concerns.

Scattered Spider hackers have been targeting VMware ESXi hypervisors in U.S. companies across various sectors through sophisticated social engineering techniques, rather than exploiting software vulnerabilities. Their attack methodology enables them to gain significant control over virtualized environments, leading to data exfiltration and ransomware deployment. Google Threat Intelligence Group has outlined protective measures organizations can take to defend against these attacks.

Muddled Libra, a cybercrime group, has adapted its tactics in 2025, focusing on social engineering techniques such as vishing to gain access to organizations. Their operations have intensified, especially in sectors like government and retail, leveraging ransomware-as-a-service partnerships for extortion. Effective countermeasures include implementing conditional access policies and user awareness training to mitigate their impact.

Cybercriminals are impersonating job seekers to deliver ransomware through malicious resumes. By establishing trust on platforms like LinkedIn and using phishing tactics, they manipulate recruiters into opening harmful files. Security experts advise organizations to implement stricter measures to protect against these sophisticated social engineering attacks.