{
	"id": "8eacdaff-6a74-4b65-af30-3ea86dc92bc7",
	"created_at": "2026-04-29T02:22:01.469754Z",
	"updated_at": "2026-04-29T08:22:40.033585Z",
	"deleted_at": null,
	"sha1_hash": "b2750bfdbbf436e9b048e4c5879b633bcef591ba",
	"title": "Recent Cyber Attacks: Major Incidents \u0026 Key Trends | Fortinet",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 37771,
	"plain_text": "Recent Cyber Attacks: Major Incidents \u0026 Key Trends | Fortinet\r\nArchived: 2026-04-29 02:10:24 UTC\r\nRecent cyberattacks reflect that threat actors are no longer relying on isolated exploits. They are combining\r\nseveral tactics, like automation and social engineering, to achieve maximum impact. Here are a few cybersecurity\r\ntrends that define how cyber risk has evolved in 2025.\r\nThird-party and supply-chain compromise is a primary attack vector\r\nMany of 2025’s most damaging incidents began with compromised vendors or shared platforms. For instance,\r\nattacks on UNFI, the U.S. Treasury, Snowflake customers, and the UK Ministry of Defence all highlight how\r\nthird-party vulnerabilities can lead to disruptions.\r\nCredential-based attacks are replacing complex malware\r\nThreat groups increasingly conduct phishing and credential stuffing over complex malware. Campaigns targeting\r\nM\u0026S, Ukrainian government users, retailers, and SaaS platforms show how stolen credentials enable rapid access\r\nwithout triggering alarms. This trend highlights the critical role of MFA, identity monitoring, and user awareness.\r\nZero-day and unpatched software exploitation is accelerating\r\nToday, attackers are actively scanning for vulnerable enterprise software and weaponizing flaws within days. The\r\nSAP NetWeaver zero-day and Microsoft SharePoint exploits reveal how a single unpatched flaw can expose\r\nhundreds of organizations at once. Patch management delays now directly translate into systemic risk.\r\nCyber incidents are causing real-world operational disruption\r\nIncidents in 2025 increasingly disrupted food supply chains, healthcare services, airports, and government\r\noperations. Ransomware attacks forced hospital diversions, grounded flights, and manual airport operations.\r\nCybersecurity has become a public safety and economic stability concern.\r\nState-linked cyber operations are blending espionage and cybercrime\r\nAttacks related to China, Russia, Iran, and North Korea reflect a growing overlap between espionage and political\r\ninfluence. From election interference to crypto theft funding weapons programs, cyber operations are now\r\nstrategic tools of national power. Attribution may remain unclear, but the geopolitical consequences are not.\r\nThese evolving threats and cyber attacks require faster detection and automated response. Fortinet’s SIEM and\r\nSOAR solutions, including FortiSIEM and FortiSOAR, can help organizations detect advanced attacks. These\r\nsolutions can help correlate signals across IT and OT environments and enable teams to respond proactively.\r\nBacked by FortiGuard threat intelligence, Fortinet enables security teams to stay ahead of high-impact cyber risks.\r\nWhen major data breaches and fast-moving cyber threats outpace defenses, every delayed detection increases risk\r\n— the right intelligence can make the difference. Discover FortiGuard Services. \r\nhttps://www.fortinet.com/uk/resources/cyberglossary/recent-cyber-attacks\r\nPage 1 of 2\n\nSource: https://www.fortinet.com/uk/resources/cyberglossary/recent-cyber-attacks\r\nhttps://www.fortinet.com/uk/resources/cyberglossary/recent-cyber-attacks\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.fortinet.com/uk/resources/cyberglossary/recent-cyber-attacks"
	],
	"report_names": [
		"recent-cyber-attacks"
	],
	"threat_actors": [
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-29T06:58:57.977922Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1777429321,
	"ts_updated_at": 1777450960,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b2750bfdbbf436e9b048e4c5879b633bcef591ba.pdf",
		"text": "https://archive.orkl.eu/b2750bfdbbf436e9b048e4c5879b633bcef591ba.txt",
		"img": "https://archive.orkl.eu/b2750bfdbbf436e9b048e4c5879b633bcef591ba.jpg"
	}
}