In this week’s Threat Report, Blue Shield of California disclosed a healthcare data exposure involving misconfigured Google Analytics, while Verizon’s 2025 Data Breach Investigations Report revealed a surge in ransomware attacks and third-party breaches. Marks & Spencer faced major operational disruptions following a suspected ransomware attack during the busy Easter period and more.
Blue Shield of California has notified members of a potential breach after discovering that a misconfigured Google Analytics setup inadvertently shared protected health information (PHI) with Google Ads between April 2021 and January 2024. No evidence suggests malicious use beyond advertising.
Impact:
Exposure of insurance plan details, member IDs, service dates, and search activities. No financial or Social Security information was involved.
Recommendations:
Review healthcare accounts and remain vigilant against suspicious activities.
Monitor credit reports.
Be cautious of targeted health-related advertisements.
Verizon’s 2025 DBIR analysed over 22,000 incidents across 139 countries, highlighting a sharp rise in breaches from edge devices, third-party vendors, and credential theft. Ransomware remains a significant threat.
Impact:
44% of breaches involved ransomware.
Third-party breaches have doubled.
Nation-state cyberespionage efforts are growing.
Recommendations:
Secure edge and cloud environments proactively.
Conduct third-party risk assessments.
Implement stronger phishing protections and credential management.
Marks & Spencer confirmed a cyberattack during the Easter trading period. The incident disrupted contactless payment systems, Click and Collect services, and digital vouchers. Ransomware is suspected.
Impact:
Offline payments at peak times.
Delays in order fulfilments and returns.
Recommendations:
Strengthen ransomware defences.
Test incident response procedures.
Implement robust backup solutions.
Tenable researchers uncovered a privilege escalation flaw within Google Cloud Composer, enabling attackers to gain wide project access through malicious PyPI packages. Google has since patched the vulnerability.
Impact:
Project-wide GCP access possible.
Automation pipelines exposed.
Recommendations:
Patch all Composer environments.
Review cloud service permissions.
Monitor PyPI package installations.
Ivanti’s Connect Secure gateways are under attack due to a new zero-day allowing remote code execution without authentication. Ivanti released patches urgently.
Impact:
Full device compromise.
Risk of ransomware and espionage activities.
Recommendations:
Apply Ivanti patches immediately.
Use Ivanti's Integrity Checker Tool.
Stay ahead of emerging cyber threats with insights from Periculo’s Weekly Threat Feed. Our updates provide you with information on the latest vulnerabilities, attacks, and security trends—all designed to help you protect your business and make informed decisions.
Your first line of defence starts with staying informed.