CyberWatch Weekly: Latest Global Cyber Attacks, Breaches & Security Warnings

From phishing kits stealing multi-factor authentication tokens to state-sponsored breaches targeting critical infrastructure, the cybersecurity landscape is witnessing an alarming escalation in both sophistication and scale. This week’s reports highlight how evolving Phishing-as-a-Service tools, geopolitical cyber operations, and software supply-chain vulnerabilities are testing organizational resilience worldwide. As governments issue urgent advisories and experts call for stronger defense strategies, the growing overlap between criminal innovation and state-backed cyberwarfare continues to redefine digital risk. Here’s a look at this week’s top cybersecurity headlines shaping global security discussions.

Whisper 2FA Phishing Kit Steals Microsoft 365 Credentials and MFA Tokens in Nearly One Million Attacks Since July

A surge in phishing attacks targeting Microsoft 365 users has been traced to Whisper 2FA, a rapidly evolving Phishing as a Service (PhaaS) tool. Researchers at Barracuda report the kit steals both login credentials and multi-factor authentication (MFA) tokens while evading detection with complex obfuscation and real-time validation. Attackers exploit AJAX-enabled web flows to intercept sessions seamlessly, often disguising emails as trusted brands like DocuSign and Adobe. Since July 2025, Whisper 2FA has powered almost one million attacks. The tool’s sophistication lies in its anti-debugging, multi-layer encoding, and MFA exfiltration logic, making static analysis and conventional defenses largely ineffective. Users are lured by convincing login flows and urgent pretexts, while the kit validates stolen tokens through command-and-control systems in real time.

To counteract these threats, experts recommend implementing phishing-resistant MFA, continuous monitoring of accounts, user awareness training, and sharing threat intelligence across organizations. Proactive strategies, including layered security measures and anomaly detection, are essential to mitigate evolving phishing campaigns like Whisper 2FA.

Source: IT Pro 

UK Warned of Rising Chinese-Linked Cyber Threats as Ministers Urge Businesses to Strengthen Security Measures

The UK’s National Cyber Security Centre (NCSC) has confirmed that cyber attacks linked to China are increasing, targeting businesses and critical infrastructure across the country. Nation-state hackers are using sophisticated techniques, including AI-assisted tools, to exfiltrate data, exploit vulnerabilities, and conduct social engineering. Recent incidents include attempts to infiltrate telecom networks and large-scale botnets. Officials warn that ransomware continues to be the most acute threat, affecting organisations from schools to major retailers. Government ministers have written to business leaders urging concrete action to bolster cyber resilience.

Experts advise organisations to adopt layered security measures, implement timely reporting protocols, conduct regular vulnerability assessments, and increase board-level awareness. Strengthening defenses, monitoring networks, and collaborating across sectors are essential to mitigate escalating cyber threats and reduce operational and reputational risks.

Source: Computer Weekly

US Issues Emergency Alert After F5 Breach Exposes BIG-IP Source Code, Warns of ‘Catastrophic’ Risks to Federal and Global Networks

The U.S. has issued an emergency cyber warning after security firm F5 confirmed a nation-state hack that exposed portions of its BIG-IP source code and customer configuration data. The attackers, suspected to be state-sponsored, gained long-term access to F5’s internal systems, stealing information on product vulnerabilities and development tools. The breach occurred because hackers exploited weaknesses in F5’s network defenses before the company detected the intrusion. F5’s BIG-IP software, which manages access controls and firewalls for critical infrastructure, makes it an attractive target. U.S. and U.K. cybersecurity agencies warned that stolen vulnerability data could be weaponized to breach federal and enterprise networks, potentially causing large-scale disruptions.

To prevent escalation, authorities ordered immediate patching of F5 systems and urged organizations to review VPN configurations, implement zero-trust frameworks, and deploy advanced threat monitoring. Experts said the incident highlights how supply-chain security gaps and exposed codebases can enable adversaries to compromise trusted technology ecosystems.

Source: Claims Journal

Conclusion

The surge in complex, large-scale cyberattacks underscores the urgent need for global collaboration, proactive defense strategies, and stronger digital awareness. Whether through advanced phishing kits or state-backed campaigns, cyber threats are evolving faster than ever, demanding continuous vigilance, innovation, and coordination to safeguard both organizations and critical infrastructure worldwide.

Stay vigilant and informed, tune in next week for more updates in InfosecTrain’s CyberWatch Weekly!