Threat Briefing: October 31, 2025

Cyber threats are becoming more sophisticated and damaging, with nation-state and ransomware attacks disrupting operations and trust, as seen in incidents like F5’s breach and Marks & Spencer’s £300 million projected loss. New AI-driven vulnerabilities, including Microsoft 365 Copilot’s prompt-injection flaw, are widening the attack surface.

In response, international collaboration is increasing through efforts such as the White House’s Counter-Ransomware Initiative, which focuses on supply-chain integrity. However, the weaponization of open-source tools like AdaptixC2 underscores the dual-use dilemma and the urgent demand for resilient, proactive cybersecurity strategies.

• F5 Confirms Minor Customer Impact After Cyberattack –F5 reported minimal customer impact from its recent nation-state breach. Active since August, the intrusion led to BIG-IP patches and limited data exposure. Third-party reviews found no critical compromises. F5 quickly supported remediation and is strengthening defenses with bug bounties, CrowdStrike EDR, and AI-powered testing. CyberScoop
• M&S Cyberattack Expected to Cut £300M in Profit – Marks & Spencer says an April cyberattack could reduce annual operating profit by £300 million before mitigation and insurance. The incident disrupted online services, emptied store shelves, and prompted an insurance claim of up to £100 million. While customer data may have been affected, no financial credentials were exposed. The ransomware group DragonForce claimed responsibility, and M&S plans to accelerate technology and infrastructure upgrades. The Record
• Microsoft 365 Copilot Flaw Enabled Email Exfiltration via AI Prompt Injection – A patched vulnerability in Microsoft 365 Copilot allowed attackers to exfiltrate enterprise emails through hidden instructions in Office documents using Mermaid diagrams. The flaw exploited indirect prompt injection, causing Copilot to fetch and encode emails in clickable diagram links pointing to an attacker-controlled server. Microsoft mitigated the risk by disabling interactive hyperlinks in Mermaid outputs, highlighting emerging threats from AI-generated content and the growing attack surface of AI integrations. CSO Online
• White House Expands Counter-Ransomware Effort to Supply Chains – The White House’s Counter-Ransomware Initiative, now joined by 68 nations, is broadening its focus to include software supply-chain security. National Cyber Director Harry Coker noted that ransomware incidents have doubled, underscoring the need for secure software development to strengthen resilience. The initiative promotes global “digital solidarity,” urging nations to deny safe havens to cybercriminals and collaborate on tracking, decrypting, and disrupting ransomware networks. The Record
• Russian Ransomware Gangs Exploit AdaptixC2 Tool – Russian-linked ransomware groups, including Fog and Akira affiliates, are abusing the open-source AdaptixC2 framework to run encrypted, modular attacks. The tool’s red-team features—credential theft, screenshots, and remote control—make it ideal for stealth operations, highlighting the rising weaponization of open-source security tools. The Hacker News