Black Arrow Cyber Threat Intelligence Briefing 05 September 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week’s review shows attackers continuing to disrupt operations through ransomware and large-scale attacks, with Jaguar Land Rover’s shutdown illustrating the ripple effect of a single breach. DDoS attacks are increasingly weaponised for political influence, amplified by AI-driven automation. At the same time, attackers continue to exploit human weaknesses: smarter phishing kits, fake Teams and Zoom invites, and AI-powered impersonation scams are targeting employees, while credential theft and poor offboarding practices remain major risks.
AI is also reshaping the threat landscape, enabling automated ransomware campaigns and deepfake-enabled fraud, while introducing new compliance challenges through AI-driven development. Boards are being urged to embed security into innovation and financial processes, and nation-state actors continue to exploit vulnerabilities in critical infrastructure.
These trends highlight the need for strong governance, technical and identity controls, and a culture of security awareness. Contact us to discuss proportionate ways to achieve this in your organisation.
Top Cyber Stories of the Last Week
Workers Told to Stay Home as Jaguar Land Rover Grapples with Attack: Manufacturing Shut Down, Sales Halted
Jaguar Land Rover has been forced to suspend production after a cyber attack disrupted its global IT systems, leaving thousands of factory workers at home. The incident has halted operations at key UK plants and prevented dealers from ordering parts or processing sales through normal channels, hitting the business during the peak registration period. Although there is currently no evidence that customer data has been stolen, the attack has severely impacted manufacturing, sales, and aftercare services, underlining how a single disruption can cascade across an entire organisation.
AI-Powered Cyber Crime Raises Worldwide Alarm Bells
A report from Anthropic has revealed how a hacker exploited its AI tools to automate an entire ransomware operation, targeting 17 organisations across healthcare, government, emergency services, and religious institutions. The AI system not only identified weaknesses but also created malicious software, drafted extortion emails, and calculated ransom demands ranging from $75,000 to over $500,000. Experts warn this case signals a turning point where criminals can weaponise AI to scale attacks quickly and cheaply. The incident highlights the urgent need for stronger governance, robust processes, and investment in AI-driven defence capabilities.
https://www.itsecurityguru.org/2025/08/29/ai-powered-cyber-crime-raises-worldwide-alarm-bells/
DDoS Attacks Serve as Instruments of Political Influence and Disruption
In the first half of 2025, more than 8 million distributed denial of service (DDoS) attacks were recorded worldwide with Europe, the Middle East and Africa experiencing 3.2 million of these incidents. Once mainly disruptive, such attacks are increasingly used as political tools, with spikes during events like the World Economic Forum and conflicts involving India, Pakistan, Iran and Israel. Attack durations and intensity are rising, fuelled by easy access to attack-for-hire services and automation powered by artificial intelligence. Traditional defences are struggling to cope, highlighting the need for organisations to adopt more advanced, intelligence-led protections.
https://www.helpnetsecurity.com/2025/09/04/ddos-attacks-worldwide-2025/
Phishing Emails Are Getting Smarter and Using Some New Tricks to Snare Victims
Barracuda researchers warn that Tycoon, a widely used phishing toolkit behind many email attacks, has been upgraded with new techniques that make malicious links harder to detect. These include disguising web addresses with hidden characters, fake security checks such as CAPTCHAs, and misleading domain names that appear linked to trusted companies. Such tactics are designed to bypass traditional email filters and trick recipients into clicking harmful links. Barracuda advises that organisations adopt multi-layered security measures, including advanced monitoring tools and regular staff awareness training, to better protect against these increasingly sophisticated threats.
If You’re Using Microsoft Teams or Zoom, Beware: Hackers Could Be Targeting Your Company
A new wave of cyber attacks is targeting companies through fake Microsoft Teams and Zoom invitations, exploiting the fact these platforms are used daily by billions of people. Researchers report over 900 organisations across the US, UK, Canada, and Australia have already been affected, with financial services and healthcare among the most targeted sectors. Once clicked, the fraudulent links install legitimate remote access software, giving attackers deep control of systems to steal data, take over accounts, or launch further attacks. Experts warn that stronger email defences and refreshed staff awareness training are critical safeguards.
AI Impersonation Scams Are Sky-Rocketing in 2025 – Here’s How to Stay Safe
AI impersonation scams have surged by 148% in 2025, with criminals using voice cloning and deepfake video to convincingly mimic trusted colleagues, friends or executives. These scams often exploit urgency to trick victims into making payments or disclosing sensitive information, with one case leading to a $25 million transfer. Experts warn that even professionals can be deceived, as nearly half of AI-generated scams bypass current security checks. The strongest defences are slowing down before reacting, verifying identities through trusted channels, and using multi-factor authentication to reduce the risk of account compromise.
Warning as 60% of Financial Attacks Start with Stolen Credentials
The UAE Cyber Security Council has warned that 60% of financial cyber attacks begin with stolen login details, making them a primary entry point for fraudsters. The Council stressed that simple protective steps, such as using multi factor authentication, biometric logins, and instant transaction alerts, can cut the risk of breaches by up to 40%. With over 12,000 incidents linked to unsecured public Wi-Fi this year, the Council highlighted how criminals exploit weak points in digital banking. It also cautioned that artificial intelligence is fuelling more complex and harder to detect online fraud schemes.
Security Experts Call for Better ‘Offboarding’ Practices amid Spate of Insider Attacks by Outgoing Staff
Experts warn that poor staff offboarding processes are leaving firms exposed to insider threats, with several recent cases showing how departing employees can steal sensitive data or sabotage systems. Examples include an Intel engineer fined for taking trade secrets and a former IT worker jailed for deleting 180 servers. With hybrid working giving wider access to company systems, the risk is growing. Security leaders stress that organisations must revoke access immediately when staff leave and strengthen collaboration between HR and IT. Automated identity management and monitoring tools are recommended to reduce the chance of serious damage.
Boards Are Being Told to Rethink Their Role in Cyber Security
A new report from Google Cloud stresses that boards must take a more active role in cyber security as it is now central to business resilience. It highlights three priorities: the rise of ransomware targeting identity systems and help desks, the rapid growth of cyber-enabled fraud such as email and payment scams, and the need to embed security into innovation. Boards are advised to back stronger identity protections, oversee fraud prevention in financial processes, and ensure security is considered early in new projects to build trust, protect growth, and maintain regulatory confidence.
https://www.helpnetsecurity.com/2025/09/01/google-board-cybersecurity-oversight/
Vibe Coding Creates Great Apps with Lax Security. But There Are Ways Around That.
Vibe coding, the use of plain text prompts in AI tools to generate software, offers speed and flexibility but introduces significant security and compliance risks. AI-generated code is often prone to errors and vulnerabilities, making regular reviews and monitoring essential. Experts advise restricting such projects to smaller, non-critical systems, using trusted platforms, and maintaining strict oversight to meet data protection rules such as GDPR. Transparency, documentation and human checks are vital to prevent regulatory breaches. Businesses that balance innovation with security controls will gain efficiency without exposing themselves to unnecessary legal or reputational risk.
https://www.techmonitor.ai/comment-2/vibe-coding-lax-security
State-Sponsored Hackers Behind Majority of Vulnerability Exploits
A new report has found that more than half of vulnerability exploits in early 2025 were carried out by state-sponsored groups, mainly linked to China, with aims such as espionage and surveillance. These campaigns focused on critical infrastructure and enterprise systems, while financially motivated groups accounted for the remaining 47%. Microsoft was the most targeted vendor, with its products linked to 17% of attacks. Alarmingly, most exploited flaws required no login details and nearly half could be launched remotely. The report also highlighted the rise of new social engineering tricks like ClickFix, which manipulates users into infecting themselves.
https://www.infosecurity-magazine.com/news/state-hackers-majority/
Governance, Risk and Compliance
Cybercrime increasingly moving beyond financial gains | CSO Online
How Firms Can Keep Cybersecurity Top of Mind | SC Media UK
Boards are being told to rethink their role in cybersecurity - Help Net Security
Software is 40% of security budgets as CISOs shift to AI defense | VentureBeat
Threats
Ransomware, Extortion and Destructive Attacks
JLR attack: How ransomware gangs have changed from cartels to cliques
Hackers Exploit Microsoft Teams to Taunt Victims and Demand Ransoms
How insurer strategies are evolving in response to the ransomware surge
Salesforce attackers threaten Google, FBI | Cybernews
What are ShinyHunters, the hackers that attacked Google? Should we all be worried?
Hacker Impatience Can Be a Good Thing
When Browsers Become the Attack Surface: Rethinking Security for Scattered Spider
New Dire Wolf Ransomware Attack Windows Systems, Deletes Event Logs and Backup-Related Data
Ransomware payments are banned in the public sector: should businesses still pay? | IT Pro
Hackers Exploit Third-Party SonicWall SSL VPNs to Deploy Sinobi Ransomware: By Parminder Saini
Here's how ransomware crims are abusing AI tools • The Register
Ransomware Victims
JLR attack: How ransomware gangs have changed from cartels to cliques
M&S hackers claim responsibility for Jaguar Land Rover attack
Sweden scrambles after ransomware attack puts sensitive worker data at risk
Nevada Confirms Ransomware Attack Behind Statewide Service Disruptions - SecurityWeek
M&S hackers suspects in Legal Aid Agency cyber-attack - Retail Gazette
Jaguar Land Rover says cyberattack ‘severely disrupted’ production
Dealerships unable to sell Range Rovers after JLR cyber attack
Ransomware attack shuts down Nevada Insurance Division website | Insurance Business America
Ransomware Attack on Pennsylvania’s AG Office Disrupts Court Cases - Infosecurity Magazine
Tire giant Bridgestone confirms cyberattack impacts manufacturing
Fired ChangeNOW worker wants hackers to pay| Cybernews
Phishing & Email Based Attacks
Phishing emails are getting smarter - and using some new tricks to snare victims | TechRadar
The Rise of BEC Attacks Targeting Government Agencies | Proofpoint US
The Old Ways Are Still the Best for Most Cybercriminals
New Phishing Attack Via OneDrive Attacking C-level Employs for Corporate Credentials
Tycoon Phishing Kit Utilizes New Capabilities to Hide Malicious Links - Infosecurity Magazine
Cybersecurity experts issue urgent warning amid surge in Stealerium malware attacks | IT Pro
Phishing Empire Runs Undetected on Google, Cloudflare
North Korean Hackers Exploit Threat Intel Platforms For Phishing - Infosecurity Magazine
DocuSign and Apple Pay Phishing Scam Steals User Credentials
North Korean Hackers Weaponize Seoul Intelligence Files - Infosecurity Magazine
VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages
What to do if your email has been hacked | Tom's Guide
Venus Protocol Recovers $13.5M in Phishing Attack
Business Email Compromise (BEC)/Email Account Compromise (EAC)
The Rise of BEC Attacks Targeting Government Agencies | Proofpoint US
Fraudster stole over $1.5 million from city of Baltimore
Other Social Engineering
If You're Using Microsoft Teams, Beware: Hackers Could Be Targeting Your Company
The Old Ways Are Still the Best for Most Cybercriminals
Scammers Will Try to Trick You Into Filling Out Google Forms. Don’t Fall for It | WIRED
A quick look at sextortion at scale: 1,900 messages and 205 Bitcoin addresses spanning four years
US Sanctions Russian National, Chinese Firm Aiding North Korean IT Workers - SecurityWeek
Children at risk of identity theft and fraud from 'sharenting' - BBC News
LinkedIn's new tools just made it tougher to pad your resume | ZDNET
Fraud, Scams and Financial Crime
Scammers Will Try to Trick You Into Filling Out Google Forms. Don’t Fall for It | WIRED
LinkedIn's new tools just made it tougher to pad your resume | ZDNET
The Rise of BEC Attacks Targeting Government Agencies | Proofpoint US
Fraudster stole over $1.5 million from city of Baltimore
Boards Partner with CISOs to Fight AI Cyber Fraud: Google Report
Hackers breach fintech firm in attempted $130M bank heist
Bitcoin’s record highs spark a surge in crypto scams | TechRadar
New threat group uses custom tools to hijack search results - Help Net Security
How to reclaim control over your online shopping data - Help Net Security
At Singapore’s anti-fraud convention, even the experts get scammed
Chinese Hackers Game Google to Boost Gambling Sites
New China-aligned crew poisons Windows servers for SEO fraud • The Register
FBI warns seniors are being targeted in three-phase Phantom Hacker scams | Fortra
Artificial Intelligence
AI-Powered Cyber Crime Raises Worldwide Alarm Bells. - IT Security Guru
AI Is Making Cybercrime Easier For Unsophisticated Criminals
Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure
AI brain Hexstrike runs cyberattacks on its own | Cybernews
Hackers are using AI to dissect threat intelligence reports and ‘vibe code’ malware | IT Pro
Cybercriminals Exploit X's Grok AI to Bypass Ad Protections and Spread Malware to Millions
Vibe coding creates brilliant, insecure apps. There are ways around that.
AI can't stop the sprint to adopt hot tech without security • The Register
Agentic AI: A CISO’s security nightmare in the making? | CSO Online
Exposed LLM Servers Expose Ollama Risks - InfoRiskToday
Here's how ransomware crims are abusing AI tools • The Register
Shadow AI Is Already in Your Stack – and It’s a Growing Threat for MSSPs | MSSP Alert
Winning the AI Arms Race in Financial Services Cybersecurity - Infosecurity Magazine
UAE Cybersecurity Council warns 60 per cent of financial attacks start with stolen credentials
Adversarial AI is coming for your applications | TechRadar
AI-Powered Cybercrime Is Here: Massive Breaches & Dark Web Dumps - Security Boulevard
Is artificial intelligence a friend, foe or frenemy? NIST wants to find out - Nextgov/FCW
AI code assistants improve production of security problems • The Register
File security risks rise as insiders, malware, and AI challenges converge - Help Net Security
New LinkedIn study reveals the secret that a third of professionals are hiding at work | ZDNET
Warner Bros. Discovery sues Midjourney AI for copying its characters | The Verge
Malware
Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE
Cybersecurity experts issue urgent warning amid surge in Stealerium malware attacks | IT Pro
Fake PDF tools spread malware, warns NCSC | Cybernews
TamperedChef infostealer delivered through fraudulent PDF Editor
Cybercriminals Use Fake SEO Sites to Spread TamperedChef Malware via Bogus PDF Editor
Silver Fox Exploits Signed Drivers to Deploy ValleyRAT Backdoor - Infosecurity Magazine
Attackers Are Abusing Malicious PDFs: Here's How to Spot Them Early
Russian APT28 Deploys "NotDoor" Outlook Backdoor Against Companies in NATO Countries
File security risks rise as insiders, malware, and AI challenges converge - Help Net Security
Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets
Unknown miscreants snooping around Sitecore via sample keys • The Register
VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages
Bots/Botnets
TP-Link warns of botnet infecting routers and targeting Microsoft 365 accounts | Malwarebytes
Mobile
Android drops 120 flaw fixes, two exploited in the wild • The Register
Over 20 Popular Android VPN Apps Share The Same Security Flaws - See If You're Affected
What Android security threats should IT know about? | TechTarget
Apple Reportedly Still Under Pressure to Give UK Government Backdoor iCloud Access - CNET
UK's demand for Apple backdoor may have been broader than previously thought
Google is killing a defining feature for Android phones soon - and there's one reason why | ZDNET
Brokewell Android malware delivered through fake TradingView ads
Denial of Service/DoS/DDoS
Cloudflare blocks largest recorded DDoS attack peaking at 11.5 Tbps
DDoS attacks serve as instruments of political influence and disruption - Help Net Security
DDoSing is big and getting bigger – let's kill it off • The Register
Internet of Things – IoT
Severe Hikvision HikCentral product flaws: What You Need to Know
Connected cars are smart, convenient, and open to cyberattacks - Help Net Security
Cyber Trust Mark certification and how IoT devices will qualify | TechTarget
This Company Turns Dashcams into ‘Virtual CCTV Cameras.’ Then Hackers Got In
Tesla denied having fatal crash data until a hacker found it - Ars Technica
Data Breaches/Leaks
UK government dragged for incomplete security reforms • The Register
Warning issued to Salesforce customers after hackers stole Salesloft Drift data | IT Pro
Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations
Zscaler, Palo Alto Networks Hacked via Salesloft Drift
JSON Config File Leaks Azure AD Credentials
Security Firms Hit by Salesforce–Salesloft Drift Breach - SecurityWeek
Attackers are turning Salesforce trust into their biggest weapon - Help Net Security
Salesloft Drift attack affects Google Workspace security | Proton
Air France Sued Over ‘Hub-and-Spoke’ Salesforce Cyberattack
Blast Radius of Salesloft Drift Attacks Remains Unclear
Sweden scrambles after ransomware attack puts sensitive worker data at risk
Gmail users warned as hackers gain access to private information
Government needs to go ‘further and faster’ on information security improvements – PublicTechnology
Social Security whistleblower who claims DOGE mishandled Americans' sensitive data resigns from post
'2.5 billion Gmail users at risk'? Entirely false, says Google | ZDNET
Chess.com discloses recent data breach via file transfer app
Texas sues PowerSchool over breach exposing 62M students, 880k Texans
Organised Crime & Criminal Actors
AI Is Making Cybercrime Easier For Unsophisticated Criminals
How to reclaim control over your online shopping data - Help Net Security
The Old Ways Are Still the Best for Most Cybercriminals
Hacker Impatience Can Be a Good Thing
Chinese Hackers Game Google to Boost Gambling Sites
New China-aligned crew poisons Windows servers for SEO fraud • The Register
Call for UK to lead on organised crime | Professional Security Magazine
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Bitcoin’s record highs spark a surge in crypto scams | TechRadar
A quick look at sextortion at scale: 1,900 messages and 205 Bitcoin addresses spanning four years
Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets
Venus Protocol Recovers $13.5M in Phishing Attack
Fired ChangeNOW worker wants hackers to pay| Cybernews
Insider Risk and Insider Threats
File security risks rise as insiders, malware, and AI challenges converge - Help Net Security
LinkedIn's new tools just made it tougher to pad your resume | ZDNET
US Sanctions Russian National, Chinese Firm Aiding North Korean IT Workers - SecurityWeek
Insurance
How insurer strategies are evolving in response to the ransomware surge
Cyber insurance faces rate deterioration and reduced organic growth: Swiss Re - Reinsurance News
Supply Chain and Third Parties
Warning issued to Salesforce customers after hackers stole Salesloft Drift data | IT Pro
Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info
Security Firms Hit by Salesforce–Salesloft Drift Breach - SecurityWeek
Attackers are turning Salesforce trust into their biggest weapon - Help Net Security
Salesloft Drift attack affects Google Workspace security | Proton
Air France Sued Over ‘Hub-and-Spoke’ Salesforce Cyberattack
Blast Radius of Salesloft Drift Attacks Remains Unclear
16 Billion Records Exposed in Supply-Chain Data Breach on Gmail, Apple, Facebook
Cloud/SaaS
If You're Using Microsoft Teams, Beware: Hackers Could Be Targeting Your Company
JSON Config File Leaks Azure AD Credentials
TP-Link warns of botnet infecting routers and targeting Microsoft 365 accounts | Malwarebytes
Phishing Empire Runs Undetected on Google, Cloudflare
Hackers Exploit Microsoft Teams to Taunt Victims and Demand Ransoms
AWS nails Russia's Cozy Bear trying to nick Microsoft creds • The Register
Amazon Dismantles Russian APT 29 Infrastructure Used to Attack Users
Amazon Stops Russian APT29 Watering Hole Attack - Infosecurity Magazine
Encryption
Apple Reportedly Still Under Pressure to Give UK Government Backdoor iCloud Access - CNET
UK's demand for Apple backdoor may have been broader than previously thought
What Q Day means for your business and how to prepare | TechRadar
UK's Broader Demand for Apple iCloud Backdoor Sparks Encryption Clash
Court documents shed new light on UK-Apple row over user data - BBC News
Linux and Open Source
Linux UDisks daemon Vulnerability Let Attackers Gaining Access to Files Owned by Privileged Users
Passwords, Credential Stuffing & Brute Force Attacks
UAE Cybersecurity Council warns 60 per cent of financial attacks start with stolen credentials
TP-Link warns of botnet infecting routers and targeting Microsoft 365 accounts | Malwarebytes
The Old Ways Are Still the Best for Most Cybercriminals
DocuSign Phishing Scam Mimics Apple Pay Disputes to Steal Data
DocuSign and Apple Pay Phishing Scam Steals User Credentials
'2.5 billion Gmail users at risk'? Entirely false, says Google | ZDNET
No, Google did not warn 2.5 billion Gmail users to reset passwords
Google says Gmail security is “strong and effective” as it denies major breach - Ars Technica
Social Media
LinkedIn's new tools just made it tougher to pad your resume | ZDNET
Children at risk of identity theft and fraud from 'sharenting' - BBC News
Disney to pay $10M to settle claims it collected kids’ data on YouTube
Regulations, Fines and Legislation
UK's Broader Demand for Apple iCloud Backdoor Sparks Encryption Clash
Court documents shed new light on UK-Apple row over user data - BBC News
Security experts weigh in on UK's proposed VPN crackdown - Raconteur
Big Tech Companies in the US Have Been Told Not to Apply the Digital Services Act | WIRED
The House | The cyber security bill must go further to truly protect the UK economy
Why are so many organizations dragging their feet on NIS2 compliance? | TechRadar
Apple Reportedly Still Under Pressure to Give UK Government Backdoor iCloud Access - CNET
UK's demand for Apple backdoor may have been broader than previously thought
Ransomware payments are banned in the public sector: should businesses still pay? | IT Pro
Google Fined $379 Million by French Regulator for Cookie Consent Violations
Google told to pay $425m in privacy lawsuit - BBC News
France fines Google, SHEIN, for undercooked Cookie policies • The Register
UK human rights regulator to argue against police use of live facial recognition | Biometric Update
Cyber Trust Mark certification and how IoT devices will qualify | TechTarget
Congress tosses lifeline to cyber intel sharing, grants • The Register
Models, Frameworks and Standards
The House | The cyber security bill must go further to truly protect the UK economy
Big Tech Companies in the US Have Been Told Not to Apply the Digital Services Act | WIRED
Why are so many organizations dragging their feet on NIS2 compliance? | TechRadar
Cyber Trust Mark certification and how IoT devices will qualify | TechTarget
Is artificial intelligence a friend, foe or frenemy? NIST wants to find out - Nextgov/FCW
NIST revision of SP 800-53 highlights rising stakes in patch, update security | Biometric Update
NIST Enhances Security Controls for Improved Patching
Careers, Working in Cyber and Information Security
How gaming experience can help with a cybersecurity career - Help Net Security
Fintech CISO on How AI is Changing Cybersecurity Skillsets - Infosecurity Magazine
Law Enforcement Action and Take Downs
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
A Playbook for Winning the Cyber War: Part 1: Executive Summary
A Playbook for Winning the Cyber War: Part 2: Evaluating Russia’s Cyber Strategy
A Playbook for Winning the Cyber War: Part 3: Evaluating China’s Cyber Strategy
A Playbook for Winning the Cyber War: Part 4: Evaluating Iran’s Cyber Strategy
A Playbook for Winning the Cyber War: Part 5: Evaluating U.S. Cyber Strategy
A Playbook for Winning the Cyber War: Part 7: How the United States Can Win
Nation State Actors
State-Sponsored Hackers Behind Majority of Vulnerability Exploits - Infosecurity Magazine
China
A Playbook for Winning the Cyber War: Part 1: Executive Summary
A Playbook for Winning the Cyber War: Part 3: Evaluating China’s Cyber Strategy
State-Sponsored Hackers Behind Majority of Vulnerability Exploits - Infosecurity Magazine
Chinese APT Hackers Exploit Router Vulnerabilities to Infiltrate Enterprise Environments
Salt Typhoon APT techniques revealed in new report | CSO Online
US Sanctions Russian National, Chinese Firm Aiding North Korean IT Workers - SecurityWeek
Czech Republic warns of Chinese solar inverter threat - PV Tech
Trump and JD Vance among targets of major Chinese cyberattack, investigators say | Euronews
Chinese Hackers Game Google to Boost Gambling Sites
New China-aligned crew poisons Windows servers for SEO fraud • The Register
US sues robot toy maker for exposing children's data to Chinese devs
Russia
A Playbook for Winning the Cyber War: Part 1: Executive Summary
A Playbook for Winning the Cyber War: Part 2: Evaluating Russia’s Cyber Strategy
State-Sponsored Hackers Behind Majority of Vulnerability Exploits - Infosecurity Magazine
Amazon Dismantles Russian APT 29 Infrastructure Used to Attack Users
APT28 Targets Microsoft Outlook With 'NotDoor' Malware
Russian APT28 Deploys "NotDoor" Outlook Backdoor Against Companies in NATO Countries
NATO takes aim at Russia’s GPS hacking after EU leader’s plane jammed
Sweden says Russia behind surge in GPS jamming over Baltic Sea - BBC News
US Sanctions Russian National, Chinese Firm Aiding North Korean IT Workers - SecurityWeek
AWS nails Russia's Cozy Bear trying to nick Microsoft creds • The Register
Amazon Stops Russian APT29 Watering Hole Attack - Infosecurity Magazine
EU blames Russia as GPS jamming disrupts president’s plane • The Register
US puts $10M bounty on Russians accused of infra attacks • The Register
Iran
A Playbook for Winning the Cyber War: Part 1: Executive Summary
A Playbook for Winning the Cyber War: Part 4: Evaluating Iran’s Cyber Strategy
Iran MOIS Phishes 50+ Embassies, Ministries, Int'l Orgs
North Korea
State-Sponsored Hackers Behind Majority of Vulnerability Exploits - Infosecurity Magazine
Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE
US Sanctions Russian National, Chinese Firm Aiding North Korean IT Workers - SecurityWeek
North Korean Hackers Exploit Threat Intel Platforms For Phishing - Infosecurity Magazine
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Internet mapping service Censys reveals state-based abuse • The Register
ICE Revives Contract With Controversial Spyware Firm Paragon
Commercial surveillanceware shrugs off sanctions, regulation • The Register
Tools and Controls
New Dire Wolf Ransomware Attack Windows Systems, Deletes Event Logs and Backup-Related Data
Security experts weigh in on UK's proposed VPN crackdown - Raconteur
How insurer strategies are evolving in response to the ransomware surge
When Browsers Become the Attack Surface: Rethinking Security for Scattered Spider
Software is 40% of security budgets as CISOs shift to AI defense | VentureBeat
Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling
BruteForceAI: Free AI-powered login brute force tool - Help Net Security
Security tool bloat Is the new breach vector | TechRadar
Why you should delete your browser extensions right now - or do this to stay safe | ZDNET
Please stop using your ISP's DNS
A spy among us: rethinking cybersecurity in a hybrid world | TechRadar
6 browser-based attacks all security teams should be ready for in 2025
North Korean Hackers Exploit Threat Intel Platforms For Phishing - Infosecurity Magazine
Cyber insurance faces rate deterioration and reduced organic growth: Swiss Re - Reinsurance News
Vibe coding creates brilliant, insecure apps. There are ways around that.
Winning the AI Arms Race in Financial Services Cybersecurity - Infosecurity Magazine
Why one-time security assessments are no longer sufficient [Q&A] - BetaNews
US, Allies Push for SBOMs to Bolster Cybersecurity - SecurityWeek
Threat Hunting Should Be Part of Every Security Program
AI code assistants improve production of security problems • The Register
These 4 antivirus apps are actually worse than malware
Fewer than half of Irish companies automatically back up data, survey shows – The Irish Times
Other News
Security tool bloat Is the new breach vector | TechRadar
Gen Z has a cyber hygiene problem | IT Pro
Traffic to government domains often crosses national borders • The Register
They know where you are: Cybersecurity and the shadow world of geolocation
Fewer than half of Irish companies automatically back up data, survey shows – The Irish Times
Is retail a sitting duck for cybercriminals? | Retail Week
Why resilience in automotive cybersecurity must stretch beyond data protection - Tech Monitor
Vulnerability Management
State-Sponsored Hackers Behind Majority of Vulnerability Exploits - Infosecurity Magazine
Why cyber risks lurk in legacy technology | CIO Dive
NIST revision of SP 800-53 highlights rising stakes in patch, update security | Biometric Update
PoC Code in 15 Minutes? AI Turbocharges Exploitation
Enterprises staying on Windows 10 could shell out billions • The Register
Hacked Routers Linger on the Internet for Years
Windows 11 security updates are now unskippable during setup | PCWorld
Cutting through CVE noise with real-world threat signals - Help Net Security
Healthcare Sector Takes 58 Days to Resolve Serious Vulnerabilities - Infosecurity Magazine
AI can help track an ever-growing body of vulnerabilities, CISA official says | CyberScoop
Vulnerabilities
Critical Citrix 0-Day Vulnerability Exploited Since May, Leaving Global Entities Exposed
Hackers Exploit Third-Party SonicWall SSL VPNs to Deploy Sinobi Ransomware: By Parminder Saini
WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices
CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation
macOS vulnerability allowed Keychain and iOS app decryption without a password - Help Net Security
Linux UDisks daemon Vulnerability Let Attackers Gaining Access to Files Owned by Privileged Users
Silver Fox Exploits Signed Drivers to Deploy ValleyRAT Backdoor - Infosecurity Magazine
High-Risk SQLi Flaw Exposes WordPress Memberships Plugin Users - Infosecurity Magazine
WordPress Theme Vulnerability Exposes 70K Sites to CSRF, SQL Attacks
WordPress Woes Continue Amid ClickFix, TDS Threats
Paid WordPress users beware - worrying security flaw puts accounts and info at risk | TechRadar
CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation
Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Servers - SecurityWeek
Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) - Help Net Security
Microsoft says recent Windows updates cause app install issues
Severe Hikvision HikCentral product flaws: What You Need to Know
Enterprise password crew Passwordstate patches auth vuln • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.