Black Arrow Cyber Threat Intelligence Briefing 03 October 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
We report this week how organisations are attacked through their IT provider, highlighting that business leaders need to understand their third-party and outsourcing risks. Business leaders are seeing various attacks growing in frequency and impact; the solutions are relatively simple but require the leadership to take ownership of security and also prepare how to manage an incident.
We see several stories this week about phishing, which is still a favourite attack route and is made more impactful through AI. We also include a report on organisations that pay ransoms and how this leads to further demands from the attackers.
Our message remains constant and clear: to be more secure and resilient against attacks, business leaders need to upskill on cyber fundamentals and govern cyber risks akin to other risks by working with control providers across technology, operations and people. In our view, the risks grow when cyber security is considered an operational IT topic. Contact us to find out the key risks and how to improve security and resilience in a pragmatic and proportionate manner.
Top Cyber Stories of the Last Week
IT Provider Probed as Possible Entry Point in JLR and M&S Breaches
A report explores whether IT helpdesks run by a major outsourcer became an easy route for attackers during recent UK retail and automotive incidents. Politicians have requested clarity on the outsourcer’s role, and prior NCSC guidance warned that password reset teams are prime targets. The piece underlines the importance of boards correctly understanding their third party and outsourcing risks.
Source: https://www.telegraph.co.uk/business/2025/09/26/suspected-weak-link-in-jaguar-land-rover-ms-hacks/
Security Leaders See Attacks Growing in Frequency and Impact
A survey highlights that executives report more frequent attacks and bigger consequences year on year. Many fear nation state activity will expand beyond government into commercial sectors, while AI is seen as both an accelerator for attackers and a tool for defenders. The findings point to greater attention on supply chain security, incident reporting to executives, and the need for leaders to ensure they can correctly respond to an incident.
Source: https://www.helpnetsecurity.com/2025/09/29/cyberattacks-frequency-impact-growth/
Expert Says Basic Security Lapses Still Drive High Profile Breaches
Recent attacks on well known brands highlight that simple mistakes remain common. The analysis stresses credential hygiene, stronger authentication and supplier dependency management, noting how outages ripple through manufacturing ecosystems and put smaller partners at risk.
Source: https://www.rte.ie/news/business/2025/0930/1536021-cyber-security-data/
Russian Vessel Suspected of Mapping Europe’s Undersea Cables
Satellite data revealed a Russian ship operating near critical energy and telecoms cables in European waters. Experts warn this activity aligns with Moscow’s strategy to prepare covert disruption options in case of conflict. The vessel can intercept communications and potentially plant explosives, raising concerns about resilience of subsea infrastructure vital to energy and data flows.
Hiscox: 80% Of Victims Paid Ransoms and Many Faced Extra Demands
An insurer’s study finds most SME victims that paid ransoms did not fully recover data and a sizeable share received follow on demands. The wider dataset shows more firms reporting attacks and citing AI exposure, underlining the business case for recovery readiness and governance over whether to pay ransoms.
Source: https://news.sky.com/story/cyber-attacks-80-of-ransomware-victims-pay-up-insurer-says-13441131
Allianz: Ransomware Still Drives Large Claims as Criminals Focus on Data Theft
In H1 2025 ransomware represented about 60% of €1m plus claims. Attackers increasingly exfiltrate data to force payment, and SMEs are being hit harder while large firms’ resilience improves. Social engineering and compromised credentials remain common entry points.
Source: https://www.helpnetsecurity.com/2025/10/01/insurance-claims-ransomware-h1-2025/
How Criminals Use AI To Supercharge Phishing and Scams
Threat actors use generative AI to clone voices and faces, craft believable messages, and spin up fraudulent websites at speed. The post outlines how romance and investment scams are scaled by chatbots, and why cross channel verification and layered controls are needed to counter deepfakes and synthetic identities.
Source: https://www.kaspersky.co.uk/blog/ai-phishing-and-scams/29518/
Proofpoint: Phishing Remains the Leading Breach Path as AI Raises the Stakes
At its annual event, Proofpoint highlighted email as the dominant route to compromise and detailed how AI is being used by both attackers and defenders. The firm shared telemetry on scanning billions of messages and noted widespread risky user behaviour, reinforcing the need for controls that assume fallible humans.
Source: https://www.techrepublic.com/article/news-proofpoint-conference-ai-email-security-phishing/
ENISA: Phishing Dominated EU Intrusions Over the Past Year
The European Union Agency for Cyber Security (ENISA) assessment finds phishing accounted for 60% of observed initial access, ahead of vulnerability exploitation. DDoS featured in a high number of incidents, and hacktivists were using social media and other routes to promote their activity. The report stresses the interdependency risks in European supply chains and the growing use of AI to scale social engineering.
Source: https://www.infosecurity-magazine.com/news/phishing-dominates-euwide/
Phishing Is Shifting to Mobile Channels and Security Must Follow
Analysis argues attackers increasingly bypass email to reach users via SMS, voice and QR codes, often evading enterprise controls. Organisations are urged to extend protection to mobile and collaboration apps and to focus on human layer detection and response.
Source: https://www.darkreading.com/cyber-risk/phishing-moving-email-mobile-is-your-security
Survey Finds Most Workers Cannot Spot AI-Written Phishing Emails
Research shows 54% of respondents failed to identify phishing emails crafted by AI, with younger staff most vulnerable. Nearly 40% have never received cyber security training, and MFA adoption remains below 50%. The findings underline the urgency for awareness programmes and layered defences as AI makes social engineering harder to detect.
Researchers Demonstrate Real-Time Voice Cloning for Vishing Attacks
Security experts successfully used AI to clone voices in real time during simulated attacks, convincing targets to perform sensitive actions such as password resets. The technique bypasses traditional safeguards and exploits trust in familiar caller IDs. Businesses are urged to strengthen verification processes for voice-based requests.
Okta Warns of North Korean Fake IT Workers Targeting More Sectors
Okta’s research tracks thousands of fraudulent job interviews by DPRK linked actors posing as remote developers. Targets now include healthcare, finance and AI companies, not just big tech. The activity aims to generate revenue and enable access for further abuses, reinforcing the need for stronger hiring verification and endpoint controls.
Source: https://www.theregister.com/2025/09/30/north_korean_it_workers_okta/
Governance, Risk and Compliance
Cybersecurity leaders underreport cyber incidents to executives - Help Net Security
Companies are facing more cyberattacks than ever before - and many just can't cope | TechRadar
Budgets, Staffing and Skills Fail to Keep Pace With Rising Cyber Threats, Finds New ISACA Research
Security risks leave 84 percent of IT pros feeling stressed at work - BetaNews
SMEs to step up cyber defences as over half experience cyber attack in past year - Insurance Age
High profile cyber attacks often down to basic errors
Why is everything being hacked? - New Statesman
CIISec Members Say Budgets Are Falling Behind Threats - Infosecurity Magazine
The warning signs are clear: We’re heading toward a digital crisis
Why burnout is a growing problem in cybersecurity - BBC News
Two-Thirds of Organizations Have Unfilled Cybersecurity Positions - Infosecurity Magazine
Threats
Ransomware, Extortion and Destructive Attacks
High profile cyber attacks often down to basic errors
New LockBit Ransomware Variant Emerges as Most Dangerous Yet - Infosecurity Magazine
Akira ransomware: From SonicWall VPN login to encryption in under four hours - Help Net Security
Scattered Spider, ShinyHunters Restructure - New Attacks Underway
Cyber attacks: '80%' of ransomware victims pay up, insurer says | Money News | Sky News
Ransomware remains the leading cause of costly cyber claims - Help Net Security
Organisations struggle to recognise lingering effects of ransomware - TechCentral.ie
Third of cyber security professionals feel guilt over ransomware attacks - TechCentral.ie
Ransomware gang sought BBC reporter’s help in hacking media giant
Attackers Use AI to Build Ransomware at Rapid Scale
Google Sheds Light on ShinyHunters' Salesforce Tactics
Why The US Just Put An $11M Dollar Bounty On This Ukranian Hacker
Ransomware is becoming a psy-ops assault on healthcare executives | SC Media
Ransomware Victims
The suspected weak link in the Jaguar Land Rover and M&S hacks
UK giants hit by cyberattacks: how Co-op, M&S, JLR disruption expose vulnerabilities | Invezz
UK Has Suffered at Least 26 Major Cyberattacks in Last Five Years – Guido Fawkes
Over three-quarters of West Midlands firms feel impact of JLR cyber-attack - The Stratford Observer
Red Hat confirms security incident after hackers claim GitHub breach
Japan's beer giant Asahi Group cannot resume production after cyberattack | Reuters
Hackers say they have deleted children's pictures and data after nursery attack backlash - BBC News
Google warns of Cl0p extortion campaign against Oracle E-Business users
Data breach at dealership software provider impacts 766k clients
Hackers claim theft of Boeing supplier documents | Cybernews
Phishing & Email Based Attacks
Phishing Is Moving to Mobile. Is Your Security?
UK IT Leaders Warn That Email Is the Front Door for Cyber Risk - and It’s Still Wide Open
Proofpoint Exec: 'Phishing is the Leading Cause of Breaches Globally'
How attackers poison AI tools and defenses - Help Net Security
Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security
Phishing Dominates EU-Wide Intrusions, says ENISA - Infosecurity Magazine
Foreign states ramp up cyber attacks on EU with AI-driven phishing and DDoS campaigns | IT Pro
New MatrixPDF toolkit turns PDFs into phishing and malware lures
Ukrainian Cops Spoofed in Fileless Phishing on Kyiv
Business Email Compromise (BEC)/Email Account Compromise (EAC)
AI-Powered Voice Cloning Raises Vishing Risks
North Korea’s fake IT workers targeting healthcare, finance • The Register
Real-Time AI Voice Cloning Powers Convincing Vishing Attacks
Your Service Desk is the New Attack Vector—Here's How to Defend It.
Cyber criminals from Russia and Iran target MoD staff with fake LinkedIn job ads
That annoying SMS phish you just got may have come from a box like this - Ars Technica
Other Social Engineering
AI-Powered Voice Cloning Raises Vishing Risks
North Korea’s fake IT workers targeting healthcare, finance • The Register
Your Service Desk is the New Attack Vector—Here's How to Defend It.
Cyber criminals from Russia and Iran target MoD staff with fake LinkedIn job ads
That annoying SMS phish you just got may have come from a box like this - Ars Technica
Fraud, Scams and Financial Crime
Brits warned as illegal robo-callers fined £550,000 • The Register
Interpol sting operation across Africa sees 260 arrested for sextortion and romance scams - BBC News
Artificial Intelligence
AI-Powered Voice Cloning Raises Vishing Risks
Proofpoint Exec: 'Phishing is the Leading Cause of Breaches Globally'
Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security
Foreign states ramp up cyber attacks on EU with AI-driven phishing and DDoS campaigns | IT Pro
Attackers Use AI to Build Ransomware at Rapid Scale
LLM-Based LAMEHUG Malware Dynamically Generate Commands for Reconnaissance and Data Theft
UN seeks to build consensus on ‘safe, secure and trustworthy’ AI | CyberScoop
EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations
Beware! Threat Actors Distributing Malicious AI Tools as Chrome Extensions - Cyber Security News
Dark side of the boom: How hackers are vibing with AI - The Economic Times
The hidden cyber risks of deploying generative AI
Google Gemini Vulnerabilities Let Attackers Exfiltrate User’s Saved Data and Location
Google Patches Gemini AI Hacks Involving Poisoned Logs, Search Results - SecurityWeek
New Android Trojan "Datzbro" Tricking Elderly with AI-Generated Facebook Travel Events
2FA/MFA
Gone in 60 Minutes: Akira Defeats MFA for SonicWall SSL VPNs
Losing your phone on a trip? Brutal. Not doing these 3 things first? Security nightmare | PCWorld
Malware
LLM-Based LAMEHUG Malware Dynamically Generate Commands for Reconnaissance and Data Theft
EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations
Beware! Threat Actors Distributing Malicious AI Tools as Chrome Extensions - Cyber Security News
New MatrixPDF toolkit turns PDFs into phishing and malware lures
Weaponized Malwarebytes, LastPass, Citibank, SentinelOne, and Others on GitHub Deliver Malware
Hackers Injecting Exploiting WordPress Websites With Silent Malware to Gain Admin Access
Fake Microsoft Teams installers push Oyster malware via malvertising
Security Bite: Mac users are finally taking malware seriously, per new report - 9to5Mac
Fake Postmark MCP npm package stole emails with one-liner • The Register
Microsoft leaves Mac users exposed to GitHub Mac malware
Confucius Shifts from Document Stealers to Python Backdoors - Infosecurity Magazine
Researchers Expose SVG and PureRAT Phishing Threats Targeting Ukraine and Vietnam
Microsoft uncovers new variant of XCSSET macOS malware in targeted attacks
China-linked APT Phantom Taurus uses Net-Star malware in espionage campaigns against key sectors
New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks
Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPs
Mobile
Phishing Is Moving to Mobile. Is Your Security?
Losing your phone on a trip? Brutal. Not doing these 3 things first? Security nightmare | PCWorld
Brits warned as illegal robo-callers fined £550,000 • The Register
That annoying SMS phish you just got may have come from a box like this - Ars Technica
New Android RAT Klopatra Targets Financial Data - Infosecurity Magazine
Android malware uses VNC to give attackers hands-on access
How Android 16 Will Detect Fake Cell Towers To Help Keep You Safe
Apple Updates iOS and macOS to Prevent Malicious Font Attacks - SecurityWeek
New Android Trojan "Datzbro" Tricking Elderly with AI-Generated Facebook Travel Events
Smishing Campaigns Exploit Cellular Routers to Target Belgium - Infosecurity Magazine
Denial of Service/DoS/DDoS
Foreign states ramp up cyber attacks on EU with AI-driven phishing and DDoS campaigns | IT Pro
Council website down as group claims Suffolk and Essex cyber-attacks - BBC News
Internet of Things – IoT
Tile security flaws can let stalkers track your location, and more
Data Breaches/Leaks
LLM-Based LAMEHUG Malware Dynamically Generate Commands for Reconnaissance and Data Theft
Red Hat breach might affect major organizations | Cybernews
Unofficial Postmark MCP npm silently stole users' emails
Oracle customers being bombarded with emails claiming widespread data theft | CyberScoop
Salesforce faces class action after Salesloft breach • The Register
Harrods hit by second cyber attack in six months | Computer Weekly
1.5 Million Impacted by Allianz Life Data Breach - SecurityWeek
Latest Airline Security Breach Leaks Passports, IDs, Other Info
WestJet confirms cyberattack exposed IDs, passports in June incident
Data breach at dealership software provider impacts 766k clients
Hackers claim theft of Boeing supplier documents | Cybernews
Air Force admits SharePoint privacy issue; reports of breach • The Register
Sex offenders, terrorists, drug dealers, exposed in spyware breach | Malwarebytes
Organised Crime & Criminal Actors
UK convicts "Bitcoin Queen" in world’s largest cryptocurrency seizure
Inside Dark Web Exploit Markets in 2025: Pricing, Access & Active Sellers
UK Police Just Seized £5.5 Billion in Bitcoin — The World's Largest Crypto Bust
Why The US Just Put An $11M Dollar Bounty On This Ukranian Hacker
Interpol sting operation across Africa sees 260 arrested for sextortion and romance scams - BBC News
Beijing-backed burglars target government web servers • The Register
UK Government Wants to Keep $7 Billion in Stolen Bitcoin It Has Seized - Decrypt
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
£5.5B Bitcoin fraudster pleads guilty after years on the run • The Register
UK Police Just Seized £5.5 Billion in Bitcoin — The World's Largest Crypto Bust
UK Government Wants to Keep $7 Billion in Stolen Bitcoin It Has Seized - Decrypt
Insider Risk and Insider Threats
North Korea’s fake IT workers targeting healthcare, finance • The Register
Ransomware gang sought BBC reporter’s help in hacking media giant
'You'll never need to work again': Criminals offer reporter money to hack BBC - BBC News
Insurance
Ransomware remains the leading cause of costly cyber claims - Help Net Security
Cyber attacks: '80%' of ransomware victims pay up, insurer says | Money News | Sky News
Cyber insurance claims steady, but risk environment remains complex | Insurance Business America
More CVEs, But Cyber Insurers Aren't Altering Policies
Calls for mandatory reporting as 59% of SMEs hit by cyber attacks | Insurance Times
Zurich urges national cybersecurity metrics adoption | Insurance Business America
Supply Chain and Third Parties
The suspected weak link in the Jaguar Land Rover and M&S hacks
Over three-quarters of West Midlands firms feel impact of JLR cyber-attack - The Stratford Observer
Hackers claim theft of Boeing supplier documents | Cybernews
Software Supply Chain
Fake Postmark MCP npm package stole emails with one-liner • The Register
Cloud/SaaS
Fake Microsoft Teams installers push Oyster malware via malvertising
$50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections
Critical WD My Cloud bug allows remote command injection
Air Force admits SharePoint privacy issue; reports of breach • The Register
Outages
Afghanistan hit by communications blackout after Taliban shuts internet | Afghanistan | The Guardian
Encryption
UK once again demands backdoor to Apple’s encrypted cloud storage - Ars Technica
Linux and Open Source
Linux Kernel ksmbd Vulnerability Allows Remote Attackers to Execute Arbitrary Code
The hidden risks inside open-source code - Help Net Security
Organizations Warned of Exploited Sudo Vulnerability - SecurityWeek
Passwords, Credential Stuffing & Brute Force Attacks
Losing your phone on a trip? Brutal. Not doing these 3 things first? Security nightmare | PCWorld
NIST’s new password rules | Cybernews
Social Media
Imgur blocks UK users after data watchdog signals possible fine
New Android Trojan "Datzbro" Tricking Elderly with AI-Generated Facebook Travel Events
UK minister suggests government could leave Elon Musk's X • The Register
Cyber criminals from Russia and Iran target MoD staff with fake LinkedIn job ads
Malvertising
Fake Microsoft Teams installers push Oyster malware via malvertising
Regulations, Fines and Legislation
Imgur blocks UK users after data watchdog signals possible fine
NIS2 and DORA explained: What Every Business Leader Needs to Know - Infosecurity Magazine
Brits warned as illegal robo-callers fined £550,000 • The Register
Shutdown Threat Puts Federal Cyber on Edge - InfoRiskToday
Cyber threat-sharing law set to lapse as govt shutdown looms • The Register
CISA kills agreement with nonprofit that runs MS-ISAC • The Register
UK once again demands backdoor to Apple’s encrypted cloud storage - Ars Technica
UK to roll out digital ID for right to work by 2029 • The Register
Six-month reporting obligation for cyberattacks on critical infrastructures
Department of War Launches New Cybersecurity Framework
Models, Frameworks and Standards
NIS2 and DORA explained: What Every Business Leader Needs to Know - Infosecurity Magazine
NIST’s new password rules | Cybernews
Careers, Working in Cyber and Information Security
Budgets, Staffing and Skills Fail to Keep Pace With Rising Cyber Threats, Finds New ISACA Research
Security risks leave 84 percent of IT pros feeling stressed at work - BetaNews
Why burnout is a growing problem in cybersecurity - BBC News
Two-Thirds of Organizations Have Unfilled Cybersecurity Positions - Infosecurity Magazine
Law Enforcement Action and Take Downs
UK convicts "Bitcoin Queen" in world’s largest cryptocurrency seizure
UK Police Just Seized £5.5 Billion in Bitcoin — The World's Largest Crypto Bust
Interpol sting operation across Africa sees 260 arrested for sextortion and romance scams - BBC News
UK Government Wants to Keep $7 Billion in Stolen Bitcoin It Has Seized - Decrypt
Why The US Just Put An $11M Dollar Bounty On This Ukranian Hacker
Dutch teens arrested for trying to spy on Europol for Russia
Misinformation, Disinformation and Propaganda
Despite Russian Influence, Moldova Votes Pro-EU, Highlighting Future Election Risks
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Britain may already be at war with Russia, former head of MI5 says | Defence policy | The Guardian
Germany “not at war, but no longer at peace”: Merz - Euromaidan Press
Investigation finds Russian surveillance, sabotage ship near European undersea cables, FT reports
Macron warns of 'secret army' of Russian bots destroying Western democracies from within | УНН
NATO’s Article 4 Alert: The Path to Disentanglement - The National Interest
Western Countries In Cyber ‘Arms Race,' Ex-UK Cyber Chief Warns | Miami Herald
Danish PM calls for strong answer from EU leaders to Russia's hybrid attacks - BBC News
Nation State Actors
Western Countries In Cyber ‘Arms Race,' Ex-UK Cyber Chief Warns | Miami Herald
Submarine cable security is all at sea • The Register
Met warns that hostile states are recruiting youths for crime - BBC News
China
New China APT Strikes With Precision and Persistence
The China Threat to UK Firms | SC Media UK
Western Countries In Cyber ‘Arms Race,' Ex-UK Cyber Chief Warns | Miami Herald
Russia, Chinese Hacking Buffets Europe - GovInfoSecurity
Chinese hackers exploiting VMware zero-day since October 2024
German infrastructure hit by drones, cybercrime, arson – DW – 09/30/2025
China-linked APT Phantom Taurus uses Net-Star malware in espionage campaigns against key sectors
Beijing-backed burglars target government web servers • The Register
Russia
Britain may already be at war with Russia, former head of MI5 says | Defence policy | The Guardian
Western Countries In Cyber ‘Arms Race,' Ex-UK Cyber Chief Warns | Miami Herald
Russia, Chinese Hacking Buffets Europe - GovInfoSecurity
Investigation finds Russian surveillance, sabotage ship near European undersea cables, FT reports
The Russian spy ship stalking Europe’s subsea cables
Macron warns of 'secret army' of Russian bots destroying Western democracies from within | УНН
NATO’s Article 4 Alert: The Path to Disentanglement - The National Interest
German infrastructure hit by drones, cybercrime, arson – DW – 09/30/2025
Danish PM calls for strong answer from EU leaders to Russia's hybrid attacks - BBC News
Cyber criminals from Russia and Iran target MoD staff with fake LinkedIn job ads
Dutch teens arrested for trying to spy on Europol for Russia
Despite Russian Influence, Moldova Votes Pro-EU, Highlighting Future Election Risks
New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks
Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPs
Ukrainian Cops Spoofed in Fileless Phishing on Kyiv
Iran
Western Countries In Cyber ‘Arms Race,' Ex-UK Cyber Chief Warns | Miami Herald
Cyber criminals from Russia and Iran target MoD staff with fake LinkedIn job ads
Met warns that hostile states are recruiting youths for crime - BBC News
North Korea
North Korea’s fake IT workers targeting healthcare, finance • The Register
Western Countries In Cyber ‘Arms Race,' Ex-UK Cyber Chief Warns | Miami Herald
Tools and Controls
How attackers poison AI tools and defenses - Help Net Security
Budgets, Staffing and Skills Fail to Keep Pace With Rising Cyber Threats, Finds New ISACA Research
Ransomware remains the leading cause of costly cyber claims - Help Net Security
Cyber attacks: '80%' of ransomware victims pay up, insurer says | Money News | Sky News
CIISec Members Say Budgets Are Falling Behind Threats - Infosecurity Magazine
Apple strengthens storage flexibility with new disk image formats - Help Net Security
Datacenter fire downs 647 South Korean government services • The Register
NIST’s new password rules | Cybernews
The hidden cyber risks of deploying generative AI
Cybersecurity professionals under pressure turn to AI amid rising threats | Fortune
What to know about 5G security threats in the enterprise | TechTarget
Microsoft Edge will soon protect against risky sideloaded extensions | PCWorld
Agentic AI in IT security: Where expectations meet reality | CSO Online
AI Tops Cybersecurity Investment Priorities, PwC Finds - Infosecurity Magazine
Microsoft Outlook stops displaying inline SVG images used in attacks
Pentagon relaxes military cybersecurity training • The Register
Cyber risk quantification helps CISOs secure executive support - Help Net Security
Other News
SMEs to step up cyber defences as over half experience cyber attack in past year - Insurance Age
Calls for mandatory reporting as 59% of SMEs hit by cyber attacks | Insurance Times
Datacenter fire downs 647 South Korean government services • The Register
90 percent of organizations face attacks involving lateral movement - BetaNews
UK at risk of 'cyber 9/11' wiping out internet for days
Many Attacks Aimed at EU Targeted OT, Says Cybersecurity Agency - SecurityWeek
Securing the Journey: Cybersecurity Challenges in the Tourism Industry - Security Boulevard
A breach every month raises doubts about South Korea's digital defenses | TechCrunch
Why Airlines & Airports Must Do More To Defend Against Cyberattacks
Pentagon relaxes military cybersecurity training • The Register
Vulnerability Management
CISOs advised to rethink vulnerability management as exploits sharply rise | CSO Online
More CVEs, But Cyber Insurers Aren't Altering Policies
UK and US urge Cisco users to ditch end-of-life security appliances | Computer Weekly
The hidden risks inside open-source code - Help Net Security
Vulnerabilities
Gone in 60 Minutes: Akira Defeats MFA for SonicWall SSL VPNs
Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws
High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter - SecurityWeek
UK and US urge Cisco users to ditch end-of-life security appliances | Computer Weekly
Chinese hackers exploiting VMware zero-day since October 2024
Linux Kernel ksmbd Vulnerability Allows Remote Attackers to Execute Arbitrary Code
Apple Updates iOS and macOS to Prevent Malicious Font Attacks - SecurityWeek
Google Gemini Vulnerabilities Let Attackers Exfiltrate User’s Saved Data and Location
Hackers Actively Scanning to Exploit Palo Alto Networks PAN-OS Global Protect Vulnerability
OpenSSL Vulnerabilities Let Attackers Execute Malicious Code and Recover Private Key Remotely
Adobe Analytics bug leaked customer tracking data to other tenants
'Delightful' Red Hat OpenShift AI bug allows full takeover • The Register
Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability - SecurityWeek
Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities - SecurityWeek
CISA warns of critical Linux Sudo flaw exploited in attacks
New bug in classic Outlook can only be fixed via Microsoft support
WD patches NAS security flaw which could have allowed full takeover | TechRadar
Hackers exploit Fortra GoAnywhere flaw before public alert
Notepad++ DLL Hijacking Vulnerability Let Attackers Execute Malicious Code
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.