Cyber Risk Incidents in the World

Part A - Active cyber exploitation (attacks)

📌 Active exploitation: SolarWinds Web Help Desk (CVE-2025-40551)
What happened: CISA added this SolarWinds Web Help Desk vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and set a near-term patch deadline for federal agencies, indicating exploitation in the wild.
Client question: Identify any clients running SolarWinds WHD, upgrade to the fixed release, and review exposure (internet-facing instances, privileged accounts, remote access paths).

📌 Russia-linked activity: exploitation of a newly disclosed Microsoft Office vulnerability (CVE-2026-21509)
What happened: CERT-UA and multiple researchers reported in-the-wild exploitation shortly after Microsoft’s out-of-band fix; activity has been attributed to APT28 (Russia-linked), leveraging malicious Office/RTF files in targeted campaigns.
Action: Apply Microsoft patches/mitigations, harden Office/RTF handling at email gateway + endpoint, and validate detection/monitoring for exploitation attempts.

📌 Substack confirms breach of user contact data (email/phone/metadata) - relevant for subscriber-based platforms (media/newsletters/creator businesses)

Action: Treat as a phishing/smishing catalyst -warn users, reinforce MFA, and tighten verification for support/payment requests referencing “newsletter” accounts.

Part B - Cyber risk signals (not an “attack”, but material for exposure)

📌 CISA directive: remove end-of-support edge devices (12-month deadline)
Broker prompt: Ask clients to

(1) inventory internet-facing edge assets (FW/VPN/routers/switches/IoT),

(2) flag any end-of-support items, and

(3) decommission/replace on a defined timeline; unsupported edge kit is repeatedly used for initial access,

Unsupported edge kit is repeatedly used for initial access.

📌 UK investigates first suspected breach of cyber sanctions

Action: Tighten sanctions screening and approvals for any cyber-related counterparties/payments and ensure decision logs are retained.

📌 France raids X’s Paris offices amid EU Digital Services Act scrutiny

Action: For clients dependent on social platforms, review governance, escalation, and incident response around platform/content risk (regulatory exposure is rising alongside cyber exposure).

📌 Poland detains defense ministry employee on suspicion of spying for Russia

Broker prompt: Use this as a prompt for insider-risk basics: privileged access review, monitoring for high-risk roles, and tighter controls around sensitive data and credentials.

📌 Regulatory watch (digital/online safety - not an attack)

1. Netherlands explores restricting social media access for children

2. Spain announces plan to ban social media for under-16s and mandate age verification

Broker prompt: For digital businesses, expect increasing pressure around age verification, privacy/data protection, and platform governance (with third-party implications).

Broker action points- this week, prioritize

(1) Patch SolarWinds WHD where present

(2) Validate Office/RTF controls + mitigation status

(3) Re-check sanctions screening/documentation for any cyber-related counterparties or payments

(4) Inventory internet-facing edge devices and flag/retire any end-of-support equipment (or set a replacement plan).