Black Arrow Cyber Threat Intelligence Briefing 01 August 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Our review of specialist and general media continues to show that cyber security relies on, and affects, people, especially employees. Groups such as Scattered Spider exploit workplace platforms like Teams to deceive employees, and Gen Z are twice as likely to fall for attacks. QR code-based scams (Quishing) are also increasing, and research shows over 80% of data breaches involve HR documents.
Ransomware remains a serious threat, often enabled by employee actions or insecure systems. Around 40% of incidents include threats of physical harm, and a new ransomware group is targeting multiple countries using techniques including voice phishing. Other attacks continue to cause disruption; for example, Seychelles Commercial Bank suspended internet banking following a cyber incident that led to leaked data.
Technology remains essential. A report highlights the importance of keeping systems updated and maintaining strong detection and response capabilities. Many exploited vulnerabilities are old, yet a third are exploited within a day of disclosure. Looking ahead, AI and quantum computing present emerging risks that must be addressed now.
Our guidance remains unchanged. Awareness and strong controls across people, operations and technology are essential. Employees must be recognised as central to both your cyber risk and resilience.
Top Cyber Stories of the Last Week
HR Documents Appear in 82% of All Data Breaches
New research by Lab 1 has found that HR documents are present in 82% of all data breaches, second only to finance. These files often contain personal information such as addresses and employment history, making them attractive to cyber criminals. Such data can be misused to create synthetic identities or convincing phishing attacks. As cyber threats grow more sophisticated, HR teams are urged to treat employee data protection as a shared responsibility alongside IT. One-off training is not enough; building security requires continuous action and closer collaboration between HR and security leaders.
The Scattered Spider Ransomware Group Is Infiltrating Slack and Microsoft Teams to Target Vulnerable Employees
Scattered Spider, a well-known cyber crime group, has escalated its activities by infiltrating workplace platforms such as Slack and Microsoft Teams to target employees. The group uses convincing impersonation tactics, often posing as internal staff to trick IT teams into resetting passwords or bypassing multifactor authentication. It has also joined internal calls to gather intelligence and adapt its methods in real time. UK and US firms have been hit hardest, with sectors from retail to aviation impacted. Authorities urge firms to adopt phishing-resistant authentication, monitor suspicious logins and keep offline backups to reduce exposure to data theft and operational disruption.
Gen Z Falls for Scams 2x More Than Older Generations
Recent studies reveal that Gen Z is twice as likely to fall for online scams compared to older generations, posing a growing cyber security risk to employers. Their high digital fluency often leads to risky behaviours such as password reuse, multitasking across multiple jobs, and using personal devices for work. As they increasingly rely on freelance and remote roles, attackers exploit this blend of work and personal activity through phishing emails and impersonation scams. Poor credential hygiene and unapproved software use further widen the risk to businesses, especially where bring-your-own-device and remote access are common.
https://www.darkreading.com/cyber-risk/gen-z-scams-2x-more-older-generations
Millions Hit in Quishing Attacks as Malicious QR Codes Surge; How to Stay Safe
Quishing, a form of phishing using malicious QR codes, is on the rise, with over 26 million people reportedly directed to fake websites that harvest passwords, payment details or install harmful software. These codes are often placed in public spaces like posters or parking meters and are difficult to visually distinguish from legitimate ones. A recent study found that over a quarter of all malicious links are now delivered via QR codes, reflecting a shift away from traditional email scams. As QR codes were never designed with security in mind, extra caution is essential when scanning unfamiliar ones.
Ransomware Attacks Escalate to Physical Threats Against Executives
Ransomware attacks are becoming increasingly aggressive, with a recent report from Semperis showing 40% of incidents now involving threats of physical harm to executives and nearly half involving threats to report the victim to regulators. In the US, 81% of affected firms paid a ransom, over half of those paid more than once, and 15% received no usable decryption key. Victims often face repeated attacks, with 73% suffering multiple incidents. Disruption from ransomware continues to impact operations, causing job losses, data breaches and cancelled insurance. Despite growing resistance to extortion, the majority of targeted organisations still paid, highlighting the need to invest in cyber resilience.
https://www.infosecurity-magazine.com/news/ransomware-attacks-escalate/
Ransomware Up 179%, Credential Theft Up 800%: 2025’s Cyber Threat Landscape Intensifies
Flashpoint’s midyear report paints a stark picture of the cyber threat landscape in 2025, with ransomware incidents up 179% and credential theft soaring by 800%. The first six months saw 1.8 billion credentials stolen and over 9 billion records exposed, largely due to unauthorised access. Manufacturing, technology and legal sectors were particularly affected. Vulnerability disclosures also rose sharply, with 35% of known flaws already exploited. A significant backlog in vulnerability analysis has left many organisations exposed. The report stresses the need for faster patching and better threat intelligence to help firms stay ahead in a rapidly evolving risk environment.
New Chaos Ransomware Emerges, Launches Wave of Attacks
A new ransomware group known as Chaos has launched a wave of opportunistic cyber attacks, affecting organisations across the US, UK, New Zealand and India. First emerging in early 2025, Chaos employs a combination of voice phishing, remote access tools and file encryption to extract data and demand ransoms, typically in the hundreds of thousands of dollars. The group’s tactics include offering 'incentives' for payment and threatening further disruption such as denial-of-service attacks if demands are refused. Researchers believe the gang may have ties to previous threat actors, citing similarities in methods and communication style.
https://www.infosecurity-magazine.com/news/chaos-ransomware-wave-attacks/
Seychelles Commercial Bank Reported Cyber Security Incident
Seychelles Commercial Bank has confirmed a recent cyber security incident that led to a temporary suspension of internet banking services. Although no financial losses were reported, personal data of online banking customers was exposed, including names, contact details, account types and balances. External researchers who analysed the leaked data noted that some affected accounts were labelled as government-related. The bank has advised customers to use ATMs or visit branches while services are restored. The incident has been formally acknowledged by the Central Bank of Seychelles and may draw wider attention due to the country’s role in offshore financial services.
Third of Exploited Vulnerabilities Weaponised Within a Day of Disclosure
VulnCheck’s latest data shows that nearly a third of known exploited software vulnerabilities in 2025 were weaponised within 24 hours of disclosure, up from around a quarter in 2024. Microsoft and Cisco were the most targeted vendors, with content management systems, network devices and server software making up the bulk of affected categories. Russian and Iranian threat actors significantly increased their activity, while Chinese and North Korean groups saw declines. Of the 181 unique vulnerabilities used by recognised threat actors, most had already been exploited before 2025, reinforcing the need for prompt patching and ongoing vigilance.
https://www.infosecurity-magazine.com/news/third-kev-exploited/
Sam Altman Warns That AI Is About to Cause a Massive "Fraud Crisis" in Which Anyone Can Perfectly Imitate Anyone Else
OpenAI’s CEO has warned of an imminent fraud crisis driven by artificial intelligence, where scammers will be able to convincingly mimic voices and even video likenesses to impersonate individuals. Speaking to the US Federal Reserve, he raised concerns about financial institutions still relying on voice authentication, which AI tools can now easily defeat. Real-world cases already show AI being used to trick employees and impersonate officials. While OpenAI claims it is not developing impersonation tools, Altman cautioned that others will, and that organisations must urgently update their authentication methods to avoid being exposed to this growing threat.
https://futurism.com/sam-altman-ai-fraud-crisis-imitate
Getting a Cyber Security Vibe Check on Vibe Coding
Vibe coding, where natural language prompts are used to generate code via AI, is gaining traction but poses clear security risks. A recent study found AI tools made insecure coding choices nearly half the time, with Java faring worst at a 71% failure rate. Common issues include outdated software components, flawed access controls, and unpredictable behaviours like data exposure or deletion. Experts stress that while AI coding tools may speed up prototyping, they remain immature for secure production use. Human code review, vulnerability scanning, and clear development guardrails remain essential to safely benefit from this fast-evolving technology.
https://www.darkreading.com/application-security/cybersecurity-vibe-check-vibe-coding
The Growing Impact of AI and Quantum on Cyber Security
Artificial intelligence and quantum computing are reshaping the digital landscape, offering major efficiency gains but introducing serious cyber security risks. AI-driven cyber attacks are becoming more frequent and harder to detect, with one in four CISOs reporting AI-based threats in the past year. At the same time, quantum computing threatens to undermine current encryption standards, raising urgent concerns about future data protection. Despite these risks, few organisations have a clear plan to adapt. To stay resilient, firms must invest in proactive cyber security, improve workforce skills, and prepare for a post-quantum future before today’s safeguards become obsolete.
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware up 179%, credential theft up 800%: 2025’s cyber onslaught intensifies | CSO Online
After BlackSuit is taken down, new ransomware group Chaos emerges - Ars Technica
New Chaos Ransomware Emerges, Launches Wave of Attacks - Infosecurity Magazine
Ransomware will thrive until we change our strategy - Help Net Security
Ransomware is on the rise, thanks in part to GenAI - Verdict
Ransomware Attacks Escalate to Physical Threats Against Executives - Infosecurity Magazine
'I am afraid of what's next,' ex-ransomware negotiator says • The Register
Scattered Spider is running a VMware ESXi hacking spree
Scattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security Pressure
The State of Ransomware – Q2 2025 - Check Point Research
Qilin Ransomware Gain Traction Following Legal Assistance Option for Ransomware Affiliates
Ransomware Payment Bans: Prevention Strategy or Misguided Policy? - IT Security Guru
New UK ransomware rules could affect payments firms
Ransomware upstart Gunra goes cross-platform with encryption upgrades | CSO Online
Cyber criminals ‘Spooked’ After Scattered Spider Arrests - Infosecurity Magazine
Ransomware groups are blurring the line between cybercrime and ‘hacktivism’ - The Economic Times
Ransomware attacks in education jump 23% year over year | Higher Ed Dive
Ransomware ban won't save councils or NHS without urgent cyber investment
FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant
Ransomware Victims
NHS provider nears collapse a year after cyberattack • The Register
NASCAR Confirms Personal Information Stolen in Ransomware Attack - SecurityWeek
SafePay ransomware threatens to leak 3.5TB of Ingram Micro data
Why is the National Guard deployed for Minnesota cyberattack? | Stars and Stripes
RTÉ investigating potential cyber security incident – The Irish Times
Minnesota activates National Guard after St. Paul cyberattack
Phishing & Email Based Attacks
Millions hit in quishing attacks as malicious QR codes surge — how to stay safe | Tom's Guide
Attackers Exploit M365 for Internal Phishing | Proofpoint US
Gen Z Falls for Scams 2x More Than Older Generations
Got a suspicious Amazon refund text? Don't click the link - it's a scam | ZDNET
Email Payment Scams: Assume the Worst | Williams Mullen - JDSupra
Cyber attacks target email accounts of senior journalists - Press Gazette
Phishing Scams Hit Aviation Execs, Causing Six-Figure BEC Losses
How attackers are still phishing "phishing-resistant" authentication
2025 Email Threats: AI Phishing Demands Multi-Layered Defences
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Email Payment Scams: Assume the Worst | Williams Mullen - JDSupra
Phishing Scams Hit Aviation Execs, Causing Six-Figure BEC Losses
Other Social Engineering
Millions hit in quishing attacks as malicious QR codes surge — how to stay safe | Tom's Guide
Gen Z Falls for Scams 2x More Than Older Generations
Inside a Real Clickfix Attack: How This Social Engineering Hack Unfolds
QR Code Quishing Scams Surge 50%: Tips to Protect Your Data
N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto
Top spy laments LinkedIn profiles that reveal defence work • The Register
Fraud, Scams and Financial Crime
Gen Z Falls for Scams 2x More Than Older Generations
Email Payment Scams: Assume the Worst | Williams Mullen - JDSupra
Got a suspicious Amazon refund text? Don't click the link - it's a scam | ZDNET
11,500 UK companies struck off Companies House register after crackdown - National Crime Agency
Scammers Now Using Google Forms To Hunt Crypto Victims
Who’s Really Behind the Mask? Combatting Identity Fraud - SecurityWeek
Even Scammers Are Turning To AI To Negotiate With Victims
Thai-Cambodian conflict partly provoked by cyber-scams • The Register
Pew: Three quarters of Americans targeted weekly in online scams - UPI.com
Russian soldiers scammed and robbed of war cash on return from Ukraine - BBC News
Artificial Intelligence
Ransomware is on the rise, thanks in part to GenAI - Verdict
Getting a Cyber Security Vibe Check on Vibe Coding
Even Scammers Are Turning To AI To Negotiate With Victims
Overcoming Risks from Chinese GenAI Tool Usage
From Ex Machina to Exfiltration: When AI Gets Too Curious - SecurityWeek
AI is here, security still isn’t - Help Net Security
Azure AI Speech needs seconds of audio to clone voices • The Register
The Growing Impact Of AI And Quantum On Cyber Security
Microsoft Copilot Rooted to Gain Unauthorized Root Access to its Backend System
Microsoft wants you to chat with its browser now - but can you trust this Copilot? | ZDNET
Browser Extensions Pose Serious Threat to Gen-AI Tools Handling Sensitive Data - SecurityWeek
Not just YouTube: Google is using AI to guess your age based on your activity - everywhere | ZDNET
AI-Generated Linux Miner 'Koske' Beats Human Malware
OWASP Launches Agentic AI Security Guidance - Infosecurity Magazine
British 999 caller's voice cloned by Russian network using AI - BBC News
2FA/MFA
Malware
Sophisticated Shuyal Stealer Targets 19 Browsers
AI-Generated Linux Miner 'Koske' Beats Human Malware
Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware
Russian Intelligence blamed for malware tool
Over 200 Malicious Open Source Packages Traced to Lazarus Campaign - Infosecurity Magazine
Report Links Chinese Companies to Tools Used by State-Sponsored Hackers - SecurityWeek
Hafnium Tied to Advanced Chinese Surveillance Tools - Infosecurity Magazine
N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto
Hackers Breach Toptal GitHub, Publish 10 Malicious npm Packages With 5,000 Downloads
Do Macs Get Viruses? How to Scan for a Mac Virus - CNET
Bots/Botnets
Secrets are leaking everywhere, and bots are to blame - Help Net Security
Mobile
ToxicPanda Android Banking Malware Infected 4500+ Devices to Steal Banking Credentials
Android Malware Targets Banking Users Through Discord Channels - Infosecurity Magazine
Denial of Service/DoS/DDoS
DDoS-protection crisis looms as attacks grow – Computerworld
Internet of Things – IoT
Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access
Data Breaches/Leaks
Allianz Life: Insurance giant says most US customer data stolen in cyber-attack - BBC News
Seychelles Commercial Bank Reported Cybersecurity Incident
HR documents appear in 82% of all data breaches, finds Lab 1 | UNLEASH
French telecom giant Orange discloses cyber attack
IR35 advisor Qdos confirms a data leak to techie clients • The Register
French defence firm Naval Group investigates cyber leak
How Military Devices are Slipping Through the Cracks
Hackers Allegedly Breach Nokia’s Internal Network – DataBreaches.Net
Tea Dating Advice app spills sensitive data • Graham Cluley
NASCAR Confirms Personal Information Stolen in Ransomware Attack - SecurityWeek
Lovense sex toy app flaw leaks private user email addresses
Organised Crime & Criminal Actors
The Young & the Restless: Cybercriminals Raise Concerns
Thai-Cambodian conflict partly provoked by cyber-scams • The Register
Hackers plant 4G Raspberry Pi on bank network in failed ATM heist
US Now Top Target for Dark Web Cyberthreats
A US cybercrime group is targeting banks and credit unions | American Banker
FBI opens first office in New Zealand ‘to counter China and cybercrime’ | FBI | The Guardian
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Scammers Now Using Google Forms To Hunt Crypto Victims
AI-Generated Linux Miner 'Koske' Beats Human Malware
N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto
Insider Risk and Insider Threats
What the Coinbase Breach Says About Insider Risk
Insurance
Supply Chain and Third Parties
Your supply chain security strategy might be missing the biggest risk - Help Net Security
Hackers Allegedly Breach Nokia’s Internal Network – DataBreaches.Net
Cloud/SaaS
Attackers Exploit M365 for Internal Phishing | Proofpoint US
Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials
Microsoft exec admits it 'cannot guarantee' data sovereignty • The Register
UK to rein in Microsoft, AWS with 'strategic market status' • The Register
N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto
Microsoft investigates outage affecting Microsoft 365 admin center
Outages
Microsoft investigates outage affecting Microsoft 365 admin center
Global Starlink outage disrupts Ukrainian front lines
Starlink Faces Another Brief Outage | PCMag
Why did the air traffic control outage cause so much havoc? - BBC News
Encryption
The Growing Impact Of AI And Quantum On Cybersecurity
Google says UK government has not demanded an encryption backdoor for its users' data | TechCrunch
A UK Government Order Threatens the Privacy and Security of All Internet Users - Internet Society
Linux and Open Source
Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware
Passwords, Credential Stuffing & Brute Force Attacks
Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials
Ransomware up 179%, credential theft up 800%: 2025’s cyber onslaught intensifies | CSO Online
Why stolen credentials remain cyber criminals’ tool of choice - Help Net Security
ToxicPanda Android Banking Malware Infected 4500+ Devices to Steal Banking Credentials
Social Media
Top spy laments LinkedIn profiles that reveal defence work • The Register
Malvertising
Regulations, Fines and Legislation
The top 3 cybersecurity risks posed by the Online Safety Act and age verification | Tom's Guide
UK to rein in Microsoft, AWS with 'strategic market status' • The Register
VPNs can get around the UK's age verification laws – but is it necessary? | Tom's Guide
UK Online Safety Act Triggers 1400% VPN Surge Amid Ban Fears
Internet age verification begins rollout, and it's as bad as you'd expect
A UK Government Order Threatens the Privacy and Security of All Internet Users - Internet Society
Ransomware ban won't save councils or NHS without urgent cyber investment
UK web surfers warned of cyber security risks following new Online Safety Act - Stoke-on-Trent Live
New UK ransomware rules could affect payments firms
A Court Ruling on Bug Bounties Just Made the Internet Less Safe - Infosecurity Magazine
Banning VPNs to protect kids? Good luck with that • The Register
Government layoffs are making us less safe in cyberspace, experts fear - Nextgov/FCW
Models, Frameworks and Standards
OWASP Launches Agentic AI Security Guidance - Infosecurity Magazine
CISA Unveils Eviction Strategies Tool to Aid Incident Response - Infosecurity Magazine
Careers, Working in Cyber and Information Security
Double Whammy: When Insecure Code Meets Burned-Out Cybersecurity Teams - The Daily Upside
Cyber security professionals facing burnout as threats mount - CIR Magazine
Law Enforcement Action and Take Downs
Scattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security Pressure
Cyber criminals ‘Spooked’ After Scattered Spider Arrests - Infosecurity Magazine
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Top spy laments LinkedIn profiles that reveal defence work • The Register
'Fire Ant' Cyber Spies Compromise Siloed VMware Systems
Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor
Kremlin goons caught abusing local ISPs to spy on diplomats • The Register
Russia's Secret Blizzard APT Gains Embassy Access
Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats | Microsoft Security Blog
US Army Building Global IT Warfighting Platform To Prepare for Cyber Warfare | AFCEA International
Nation State Actors
Microsoft’s software licensing playbook is a national security risk | CyberScoop
China
Microsoft’s software licensing playbook is a national security risk | CyberScoop
Top spy laments LinkedIn profiles that reveal defence work • The Register
Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments
'Fire Ant' Cyber Spies Compromise Siloed VMware Systems
Report Links Chinese Companies to Tools Used by State-Sponsored Hackers - SecurityWeek
Hafnium Tied to Advanced Chinese Surveillance Tools - Infosecurity Magazine
Overcoming Risks from Chinese GenAI Tool Usage
Chinese Hackers Weaponizes Software Vulnerabilities to Compromise Their Targets
CISA to Release Salt Typhoon Report on Telecom Security
FBI opens first office in New Zealand ‘to counter China and cybercrime’ | FBI | The Guardian
Scoop: US intelligence intervened with DOJ to push HPE-Juniper merger
Chinese Researchers Suggest Lasers and Sabotage to Counter Musk’s Starlink Satellites - SecurityWeek
Russia
Top spy laments LinkedIn profiles that reveal defence work • The Register
Kremlin goons caught abusing local ISPs to spy on diplomats • The Register
Russia's Secret Blizzard APT Gains Embassy Access
Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats | Microsoft Security Blog
Russian Intelligence blamed for malware tool
Global Starlink outage disrupts Ukrainian front lines
British 999 caller's voice cloned by Russian network using AI - BBC News
Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor
Russian soldiers scammed and robbed of war cash on return from Ukraine - BBC News
Pro-Ukraine Hacktivists Ground Dozens of Aeroflot Flights - Infosecurity Magazine
Who is Silent Crow? Pro-Ukraine hackers take down Russian airline Aeroflot | The Independent
Iran
North Korea
Over 200 Malicious Open Source Packages Traced to Lazarus Campaign - Infosecurity Magazine
N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Ransomware groups are blurring the line between cybercrime and ‘hacktivism’ - The Economic Times
Who is Silent Crow? Pro-Ukraine hackers take down Russian airline Aeroflot | The Independent
Tools and Controls
The top 3 cyber security risks posed by the Online Safety Act and age verification | Tom's Guide
How the Browser Became the Main Cyber Battleground
Microsoft’s software licensing playbook is a national security risk | CyberScoop
VPNs can get around the UK's age verification laws – but is it necessary? | Tom's Guide
A Court Ruling on Bug Bounties Just Made the Internet Less Safe - Infosecurity Magazine
DDoS-protection crisis looms as attacks grow – Computerworld
Getting a Cyber Security Vibe Check on Vibe Coding
Security pros drowning in threat-intel data • The Register
How to discover and manage shadow APIs | TechTarget
Another top vibe coding platform has some worrying security flaws - here's what we know | TechRadar
OWASP Launches Agentic AI Security Guidance - Infosecurity Magazine
UK web surfers warned of cyber security risks following new Online Safety Act - Stoke-on-Trent Live
Alert Fatigue, Data Overload, and the Fall of Traditional SIEMs
Double Whammy: When Insecure Code Meets Burned-Out Cybersecurity Teams - The Daily Upside
CISA Unveils Eviction Strategies Tool to Aid Incident Response - Infosecurity Magazine
Banning VPNs to protect kids? Good luck with that • The Register
Other News
How the Browser Became the Main Cyber Battleground
The food supply chain has a cybersecurity problem - Help Net Security
Minnesota activates National Guard after St. Paul cyberattack
Is retail a sitting duck for cybercriminals? | Retail Week
Intelligence sharing: The boost for businesses | IT Pro
World told cyber threats must be tackled
The legal minefield of hacking back - Help Net Security
The final frontier of cybersecurity is now in space - Help Net Security
Service Levels for MSSPs: Elevating Security-Specific Services | MSSP Alert
Vulnerability Management
Third of Exploited Flaws Weaponized Within a Day of Disclosure - Infosecurity Magazine
Chinese Hackers Weaponizes Software Vulnerabilities to Compromise Their Targets
Double Whammy: When Insecure Code Meets Burned-Out Cybersecurity Teams - The Daily Upside
Spikes in malicious activity precede new security flaws in 80% of cases
Vulnerabilities
Exploit available for critical Cisco ISE bug exploited in attacks
Another top vibe coding platform has some worrying security flaws - here's what we know | TechRadar
Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments
Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware
Scattered Spider is running a VMware ESXi hacking spree
Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data
Apple fixed a zero-day exploited in attacks against Google Chrome users
Google Patches Vulnerability That Let Anyone Hide Search Results
Critical Flaws in WordPress Plugin Leave 10,000 Sites Vulnerable - Infosecurity Magazine
CISA flags PaperCut RCE bug as exploited in attacks, patch now
New Lenovo UEFI firmware updates fix Secure Boot bypass flaws
Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install
Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.