Commission Documents Exposed, Intel Flaws Exposed, Operations Disrupted Cyberattack – Cybersecurity News [May 12, 2025]

This week’s cybersecurity roundup brings a mix of arrests, warnings, and active threats. Intel chips face a newly discovered vulnerability affecting years of hardware. Dior is dealing with a customer data breach, and Nucor’s operations took a hit from an attack. Meanwhile, a messaging app flaw is being used in espionage campaigns across the Middle East. Here’s the full breakdown.

Human Rights Commission Exposes Documents Through Search Engines

The Australian Human Rights Commission (AHRC) has suffered a data breach that led to hundreds of private documents being leaked online and picked up by search engines. These documents contained personal and sensitive details of individuals who had submitted them through various AHRC channels.

The leaked documents included names, contact information, health and education details, religious beliefs, employment records, and photographs. AHRC, which is an independent body set up by the Australian Government to protect and promote human rights, handles public complaints and works on human rights projects. Though it cannot make legal rulings, it tries to settle disputes through conciliation and refers unresolved ones to federal courts.

According to AHRC’s announcement, the breach affected several submission types, including a complaint form active between March 24 and April 10, 2025, the ‘Speaking from Experience’ project from March to September 2024, and inputs to the National Anti-Racism Framework between October 2021 and February 2022. A total of 670 documents were exposed online and were accessed between April 3 and May 5, 2025.

Currently, the AHRC has taken down all web forms and asked search engines to remove the exposed documents. A taskforce is investigating the issue, and the OAIC has been notified.

Intel CPUs Affected by New Flaws That Expose Sensitive Memory Data

A newly discovered flaw in Intel processors lets attackers sneak a peek at sensitive data, even if it’s stored in protected areas like the operating system’s memory.

The bug (Branch Privilege Injection) affects almost all Intel CPUs made since 2018 and can bypass long-standing defenses designed to stop this kind of behavior. Researchers from ETH Zurich found that the flaw abuses a hardware feature called the branch predictor. Basically, there’s a tool inside the CPU that tries to guess the next step in a program to keep things fast. The problem is, these predictions aren’t always made at the right time. If the CPU switches from user mode to kernel mode at the wrong moment, it can accidentally mix up who should be allowed to see what.

That gives attackers a small window to get privileged data. Using this, the team managed to read hashed passwords from a protected file on Ubuntu 24.04, with impressive accuracy and speed. The flaw exists at the hardware level, so it could potentially affect Windows systems, too.

Intel has released microcode updates to patch the issue. Users are advised to install all firmware and OS updates. While the threat to everyday users is low, it’s better to stay patched and protected.

Cyberattack Disrupts Operations at Marks & Spencer

Marks & Spencer (M&S) has been impacted by a cyberattack, resulting in the theft of some personal customer data.

The organization detected unauthorized access to its IT systems and promptly responded by suspending online ordering services to protect customer data and ensure security. They have notified customers via email and engaged cybersecurity experts to monitor the situation closely and strengthen email security measures while working to restore normal operations.

The stolen data may include telephone numbers, home addresses, dates of birth, and online order histories. However, M&S confirmed that payment card details and account passwords were not compromised. The company is prompting customers to reset their passwords as a precautionary measure.

The incident is causing significant disruption, with estimated weekly sales losses of approximately £43 million. M&S has reported the matter to the relevant authorities but has not disclosed the number of affected customers. The retailer has around 9.4 million active online customers based on its most recent annual report.

M&S is working continuously to resume full services. Similar cyber incidents have also affected other retailers, such as the Co-op, which is expected to restore its online ordering services shortly.

Cyberattack Disrupts Operations at Nucor Corporation

Nucor Corporation has been hit by a cybersecurity incident that disrupted its operations.

The organization detected unauthorized access to some of its IT systems and acted quickly by shutting down parts of its network, kicking off its incident response plan, and bringing in outside cybersecurity experts. It also temporarily paused production at several sites, though it hasn’t shared how much this has impacted business.

Nucor supplies critical materials for roads, bridges, and buildings and has over 32,000 employees and operations in the U.S., Canada, and Mexico. They recently posted $7.83 billion in revenue for Q1 as well. The incident came to light through a filing with the U.S. Securities and Exchange Commission, which also confirmed that law enforcement has been notified. No group has yet claimed responsibility, and it’s unclear if data was stolen or systems were encrypted.

Currently, Nucor is gradually bringing systems back online. The threat actors are still unknown, but keeping systems updated and practicing good cyber hygiene are key to staying protected.

Threat Actors Exploiting Output Messenger Flaw in Espionage Attacks

A state-backed hacker group has been using a serious software flaw to spy on certain users of Output Messenger.

Microsoft uncovered the issue, which allowed attackers to break into systems and plant malware. The bug, tracked as CVE-2025-27920, affects Output Messenger’s LAN messaging app. It’s a directory traversal vulnerability that lets authenticated users sneak into sensitive folders outside what they’re normally allowed to access Post. If exploited, it could lead to data theft or even remote control of the server.

Although the developer, Srimax, patched the bug in version 2.0.63 last December, many users hadn’t updated. That’s when the group (Marbled Dust/ Sea Turtle/ UNC1326) struck. They installed malware via the Output Messenger Server Manager, stole user data, impersonated users, and accessed internal systems. Infected systems were also used to send data to a hacker-controlled domain. Microsoft believes the hackers used DNS hijacking or typo-squatted domains to steal login details. Their targets span Europe and the Middle East, mostly in telecom, IT, and government sectors.

Right now, patched systems are safe, but unpatched ones remain vulnerable. Users should update Output Messenger immediately and be cautious of unusual domains and login prompts.