Black Arrow Cyber Threat Intelligence Briefing 11 July 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
We start this week’s review by looking at the employees in your organisation. A report reveals that two out of five UK office workers would not alert their employer to a suspected cyber attack, mainly in fear of being blamed, while a separate report shows that 90% of employees are entering data into unauthorised AI tools without approval. The consequences of insufficient security through employees and third parties are highlighted by the attack on a supplier of Quantas that resulted in the loss of personal data of up to 6 million customers, and observations of poor security in the majority of third party suppliers in the financial sector.
In a further update on the attacks on UK retailers including M&S, four suspects of up to 20 years of age have been arrested, while the Chairman of M&S has called for all organisations to be obliged to disclose when they have been attacked. We also report on the real need for organisations to be prepared for how they will respond to cyber security incidents.
We report on the risks of Generative AI, mobile malware, malicious applications imitating trusted names such as Zoom, and attacks on individuals. We also report on how geopolitical tensions are increasing the risks of cyber attacks on organisations, highlighting the need for an objective leadership-driven risk assessment and cyber security strategy.
We know that while many organisations look to their IT team or service provider to manage their cyber security, the attacker instead looks to the employee as one of the easiest ways to break into the systems. Cyber security can only work if it is embraced by an upskilled leadership team that takes command of its risk management and maintenance of controls across people, operations and technology including the organisation’s culture.
Top Cyber Stories of the Last Week
‘The Worst Thing an Employee Could Do’: Workers Are Covering Up Cyber Attacks for Fear of Reprisal – Here’s Why That’s a Huge Problem
A recent study has revealed that 39% of UK office workers would not report a suspected cyber attack to their employer, largely due to fear of blame or disciplinary action. This silence persists despite relatively high awareness, with 79% of employees confident they could recognise a threat and 43% able to define ransomware. The findings suggest a culture problem, where fear of repercussions discourages openness and transparency. Past incidents show some staff have been punished or even dismissed after cyber attacks, reinforcing this reluctance. Building a blame-free reporting culture and improving cyber security training are critical steps forward.
Employees Are Quietly Bringing AI to Work and Leaving Security Behind
Despite growing efforts by IT departments to implement controls around artificial intelligence (AI), employees are increasingly using unapproved AI tools without oversight. Nearly three quarters of IT leaders have detected such unauthorised use, with over 90% of employees admitting to entering data into these tools without approval. This “shadow AI” poses a significant risk to organisations, particularly around data leakage and loss of visibility. Yet many staff see the benefits as outweighing the risks. The challenge for leadership is to close the gap between employee behaviour and governance, through clear policies, practical training, and integrating approved AI into daily workflows.
https://www.helpnetsecurity.com/2025/07/11/organizations-shadow-ai-risk/
Qantas Attack Reveals One Phone Call Can Crack Cyber Security’s Weakest Link: Humans
The Qantas data breach has highlighted how human error remains a critical weakness in cyber security. Attackers gained access to personal data for up to 6 million customers by exploiting an offshore IT support provider using social engineering, a method where criminals deceive staff into granting access. This incident follows a series of high-profile breaches across Australia’s healthcare, financial and telecommunications sectors. Experts warn that the growing use of third-party systems and tools like voice-cloning artificial intelligence are increasing the risks. Regulators are urging organisations to improve operational resilience, particularly by strengthening multi-factor authentication and scrutinising third-party cyber security controls.
Financial Firms Are Locking the Front Door but Leaving the Back Open
Financial institutions are improving their own cyber security defences, but many remain vulnerable through third-party suppliers. A recent study found that 92% of vendors serving the financial sector scored poorly in managing sensitive data, and 65% were not keeping systems updated against known risks. While direct cyber attacks on banks and insurers have declined, attackers are increasingly targeting vendors as a way in. These findings highlight that strong internal protections are not enough. Senior leaders should ensure third-party risk is actively monitored, assessed regularly, and addressed through procurement, contracts, and ongoing oversight.
https://www.helpnetsecurity.com/2025/07/11/financial-firms-third-party-cyber-risk/
Teens Arrested by NCA over Cyber Attacks on M&S, Harrods and Co-Op
The UK’s National Crime Agency has arrested four individuals, aged between 17 and 20, in connection with cyber attacks on major UK retailers including M&S, Harrods and Co-op. The suspects were detained on suspicion of offences such as computer misuse, blackmail and money laundering. Electronic evidence was seized and the investigation remains ongoing. The NCA has stressed the importance of businesses working closely with law enforcement when incidents occur, highlighting that early engagement can support more effective responses to serious cyber threats.
https://techinformed.com/teens-arrested-over-cyber-attacks-on-ms/
Should UK Companies Be Required to Disclose Major Cyber Attacks? M&S CEO Archie Norman Thinks So
Marks & Spencer’s Chairman has called for mandatory reporting of serious cyber attacks to the UK’s National Cyber Security Centre, highlighting that major incidents often go unreported. Following a recent attack on the retailer by a group posing as contractors, key systems including contactless payments and click-and-collect were disrupted. While stores stayed open, online clothing orders were only resumed after 46 days. The CEO estimated the cost of the incident at £300 million. The NCSC described the attack as a wake-up call, warning that other organisations remain at risk unless reporting and response practices improve.
https://cybernews.com/security/should-uk-companies-be-required-to-disclose-major-cyberattacks/
The Cost of Unpreparedness: Why Many Businesses Lack a Continuity Strategy
Many businesses remain vulnerable to disruption due to a lack of formal continuity planning. With growing risks from cyber attacks, supply chain issues, and global instability, resilience is now a strategic necessity, not a back-office function. Despite rapid digital transformation, many organisations have yet to embed risk management into everyday operations, leaving them exposed to operational delays and reputational damage. Continuity today is about endurance, not just recovery. Firms that integrate scenario planning, agile governance, and proactive risk oversight are better placed to absorb shocks, maintain customer trust, and adapt quickly in a volatile market.
Experts Warn This Top GenAI Tool Is Being Used to Build Phishing Websites
Okta has identified that cyber criminals are using generative AI tools like v0.dev to rapidly create convincing phishing websites that mimic legitimate login pages. These sites are often hosted on trusted infrastructure, increasing the risk of users being deceived. The accessibility of AI tools has significantly lowered the skill required to launch such attacks, and open-source guides are further enabling this trend. Okta advises that traditional training alone is no longer sufficient, and organisations should adopt stronger controls such as multi-factor authentication and domain-based protections to defend against these evolving threats.
The Rising Threat of Mobile Malware: How to Protect Your Device in 2025
The rapid growth in smartphone use, expected to reach 7.2 billion users by 2025, has created an expanding target for cyber criminals. Mobile malware is rising sharply, with over 12 million attacks blocked in the first half of 2025 alone. The most common threats include trojans, spyware, adware, and ransomware, often disguised as legitimate apps or delivered via phishing messages. Official app stores are not immune, with some malicious apps reaching over 60 million downloads. Senior leaders should ensure mobile security policies are enforced across their organisations, including app vetting, operating system updates, and user awareness to reduce risk exposure.
https://cybernews.com/security/the-rising-threat-of-mobile-malware/
Nearly 8,500 Small and Medium Businesses Faced Cyber Attacks Through Fake Downloads and Mimic AI Tools in 2025
Kaspersky has reported that nearly 8,500 small and medium-sized businesses have faced cyber attacks in 2025 through fake downloads of widely used tools like Zoom, Microsoft Office, and newer AI platforms such as ChatGPT and DeepSeek. Attackers are increasingly disguising malicious software as popular apps, exploiting the rise in remote work and interest in artificial intelligence. Notably, files mimicking Zoom alone accounted for 41 percent of all cases observed. These threats often aim to steal login credentials or deliver malware through phishing emails and fake websites. Kaspersky advises SMBs to adopt robust cyber security practices, including verified software downloads, clear usage policies, and regular data backups.
https://www.dawn.com/news/1921871
Whole of Society Must Respond to Threats Bringing ‘War to the Doorstep’, MPs Say
UK MPs have warned that hostile states are increasingly using “grey zone” tactics such as cyber attacks, disinformation, sabotage and espionage to destabilise the UK without triggering formal conflict. A parliamentary report calls for a “whole of society” response, involving schools, businesses and communities alongside government. The Defence Committee stressed that these threats affect everyday life and target national infrastructure and digital systems. To address this, MPs are urging greater investment in cyber skills, public awareness, and infrastructure protection, as well as a new homeland security minister to coordinate efforts across sectors and strengthen national resilience.
https://uk.news.yahoo.com/whole-society-must-respond-threats-230100347.html
Businesses at Greater Risk of Cyber Attack Due to Geopolitical Tensions
Geopolitical tensions are driving a marked increase in cyber attacks from state-backed groups, terrorists, and politically motivated actors. A recent GlobalData report warns that organisations, particularly those involved in critical national infrastructure, are facing heightened risks from espionage and disruption campaigns. Nearly 60% of businesses now shape their cyber security response around geopolitical developments. Complex global supply chains further compound this risk, with suppliers often lacking robust cyber defences. Supply chain attacks are becoming more frequent and harder to contain, taking over 300 days on average to identify and resolve, significantly longer than other types of data breaches.
https://www.verdict.co.uk/businesses-at-greater-risk-of-cyberattack-due-to-geopolitical-tensions/
Governance, Risk and Compliance
Many workers wouldn't tell their bosses if they'd been hit by a cyber attack | TechRadar
Businesses at greater risk of cyber attack due to geopolitical tensions - Verdict
The Cost of Unpreparedness: Why Many Businesses Lack a Continuity Strategy | Entrepreneur
Comms Business - MSPs relied on more than ever for cyber security, finds report
MSPs Under More Scrutiny From Customers on Cyber Than Ever - IT Security Guru
Pressure mounts on MSPs as enterprises flock to managed cyber security services | ChannelPro
Technology outpaces security adaptation, says Bitdefender
Get ahead of third-party risk or wave goodbye to your cyber resilience | TechRadar
Many companies are still failing to budget for cyber security | TechRadar
Cyber insurance confronts the age of intelligent threats | Insurance Business America
SMEs warned of 'serious consequences' if not prepared for cyber attacks | Insurance Times
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Attacks Spike Despite Gang Closure - IT Security Guru
‘No honour among thieves’: M&S hacking group starts turf war
Should UK companies be required to disclose major cyber attacks? | Cybernews
Ransomware Groups Multiply as Attack Surface Rapidly Expands, GuidePoint Security Finds
Hunters International Ransomware Is Not Shutting Down, It’s Rebranding - Infosecurity Magazine
Iranian ransomware crew promises big bucks for US attacks • The Register
Over 500 Scattered Spider Phishing Domains Poised to Target Multiple I - Infosecurity Magazine
AiLock ransomware: What you need to know | Fortra
Unmasking the SafePay Ransomware Group - Infosecurity Magazine
SafePay Ransomware Surge Tend to Target Key Sectors
Short-lived ransomware group SatanLock to close down and leak data - BetaNews
New Bert Ransomware Group Strikes Globally with Multiple Variants - Infosecurity Magazine
Ransomware Victims
M&S shares sink lower after failing to recover from cyber attack
Cyber attack on M&S involved 'sophisticated impersonation', chairman says | Money News | Sky News
Should UK companies be required to disclose major cyber attacks? | Cybernews
Qantas data breach shows compliance doesn’t always mean protection and resilience | The Strategist
M&S boss says two big UK firms hit by unreported cyber-attacks | Retail industry | The Guardian
UK companies should have to disclose major cyber attacks, M&S says | Reuters
Four arrested in connection with M&S and Co-op cyber attacks - BBC News
Venture capital giant IdeaLab confirms breach, says private data was stolen in attack | TechRadar
Suspected Scattered Spider domains target multiple sectors • The Register
Over 500 Scattered Spider Phishing Domains Poised to Target Multiple I - Infosecurity Magazine
How M&S responds to its cyber-attack could have a serious impact on its future – and its customers
M&S chair refuses to discuss paying off cyber attackers | The Grocer
Hacker leaks Telefónica data allegedly stolen in a new breach
Qantas is being extorted in recent data-theft cyber attack
Ingram Micro Suffers Huge Ransomware Attack
IT Giant Ingram Micro Reveals Ransomware Breach - Infosecurity Magazine
Louis Vuitton says customer data was leaked following cyber attack | TechRadar
How cyber insurers are stepping up after M&S attack - Insurance Post
Qantas confirms data breach impacts 5.7 million customers
Ingram Micro Up and Running After Ransomware Attack
Customer, Employee Data Exposed in Nippon Steel Breach
Temporary measures introduced after Glasgow City Council hit by cyber attack | STV News
Phishing & Email Based Attacks
Experts warn this top GenAI tool is being used to build phishing websites | TechRadar
New Phishing Attack Impersonates as DWP Attacking Users to Steal Credit Card Data
Cyber crooks jump on .es domain for credential phishing trip • The Register
Phishing Scams Can Deceive Large Language Models | Security Magazine
Identity attacks surge 156% as phishermen get craftier • The Register
Experts flag a huge amount of cyber attacks coming from this unexpected domain | TechRadar
A Clever Russian Phishing Attack Using Fake State Department Employees
Human rights body hooked by phishing scam - Newsroom
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Other Social Engineering
M&S boss says two big UK firms hit by unreported cyber-attacks | Retail industry | The Guardian
M&S turned to FBI for help after ‘traumatic’ cyber attack
Browser Exploits Wane as Users Become the Attack Surface
DOJ Disrupts North Korean IT Worker Schemes Targeting U.S
Fraud, Scams and Financial Crime
Cyber crime and real-world crime are converging in a dangerous new way – here’s how to stay safe
Hundreds of Malicious Domains Registered Ahead of Prime Day - Infosecurity Magazine
BaitTrap: Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally
SIM Swap Fraud Is Surging — and That's a Good Thing
eSIM Hack Allows for Cloning, Spying - SecurityWeek
How to protect your cell phone number from SIM swap attacks | TechCrunch
New Phishing Attack Impersonates as DWP Attacking Users to Steal Credit Card Data
Hackers siphon $140M in Central Bank of Brazil attack, converting $40M to crypto | Cryptopolitan
Visa's 24/7 war room takes on global cyber criminals
Human rights body hooked by phishing scam - Newsroom
PayPal's AI-powered scam alert system might intercept your transactions now - here's why | ZDNET
Artificial Intelligence
Experts warn this top GenAI tool is being used to build phishing websites | TechRadar
Employees are quietly bringing AI to work and leaving security behind - Help Net Security
Phishing Scams Can Deceive Large Language Models | Security Magazine
The Wild West of Agentic AI - An Attack Surface CISOs Can’t Afford to Ignore - SecurityWeek
Security practices must evolve to battle growing deepfake sophistication - SiliconANGLE
AI Security Institute targets cyber crime in hiring push - UKTN
The four-phase security approach to keep in mind for your AI transformation | TechRadar
It’s time to give AI security its own playbook and the people to run it - Help Net Security
Leveraging cyber security to establish trade secret protection in the age of AI - IAM
What Can Businesses Do About Ethical Dilemmas Posed by AI? - SecurityWeek
What Security Leaders Need to Know About AI Governance for SaaS
What CISOs Need to Know About AI Governance Frameworks | TechTarget
AI Accelerates Security Risks in Broken Data Environments
AI built it, but can you trust it? - Help Net Security
SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools
Gemini can access your Android phone's other apps, unless you stop it - here's how | ZDNET
McDonald’s AI Hiring Bot With Password ‘123456’ Leaks Millions of Job-Seekers Data
Google Cloud keeps AI data in UK, but not the support • The Register
2FA/MFA
The MFA You Trust Is Lying to You – and Here's How Attackers Exploit It
Malware
SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools
Weaponized Versions of PuTTY and WinSCP Attacking IT Admins Via Search Results
Malicious Open Source Packages Surge 188% Annually - Infosecurity Magazine
Atomic macOS infostealer adds backdoor for persistent attacks
Chrome Store Features Extension Poisoned With Sophisticated Spyware
Hackers abuse leaked Shellter red team tool to deploy infostealers
Chrome, Edge users infected by 18 malicious extensions | Cybernews
Browser hijacking campaign infects 2.3M Chrome, Edge users • The Register
Russia-linked macOS malware adds dangerous backdoor| Cybernews
200+ browser extensions make a web-scraping botnet | PCWorld
Open source has a malware problem, and it's getting worse - Help Net Security
Bots/Botnets
200+ browser extensions make a web-scraping botnet | PCWorld
Hundreds of DVRs and routers are being hijacked to form another major botnet | TechRadar
Mobile
eSIM Hack Allows for Cloning, Spying - SecurityWeek
How to protect your cell phone number from SIM swap attacks | TechCrunch
The rising threat of mobile malware | Cybernews
Invisible UI flaw gives hackers full Android access | Cybernews
5 critical reasons why keeping your android security updates current is more important than ever
How to detect and fix a jailbroken iPhone | TechTarget
Gemini can access your Android phone's other apps, unless you stop it - here's how | ZDNET
Denial of Service/DoS/DDoS
The DDoS smoke screen: why restoring uptime may be your first mistake | TechRadar
Multiple Apache Tomcat Vulnerabilities Let Attackers Trigger DoS Attacks
Internet of Things – IoT
Hundreds of DVRs and routers are being hijacked to form another major botnet | TechRadar
Millions of Cars Exposed to Remote Hacking via PerfektBlue Attack - SecurityWeek
PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda
Chinese Video Surveillance Vendor Hikvision to Fight Canadian Ban - Infosecurity Magazine
Data Breaches/Leaks
Know Your Enemy: Understanding Dark Market Dynamics
McDonald’s AI Hiring Bot With Password ‘123456’ Leaks Millions of Job-Seekers Data
Hacker leaks Telefónica data allegedly stolen in a new breach
Temporary measures introduced after Glasgow City Council hit by cyber attack | STV News
Bitcoin Depot breach exposes data of nearly 27,000 crypto users
Cyber criminals stealing more data; Privacy watchdog concerned | NL Times
Louis Vuitton says customer data was leaked following cyber attack | TechRadar
Qantas confirms data breach impacts 5.7 million customers
Customer, Employee Data Exposed in Nippon Steel Breach
South Korea Imposes Penalties on SK Telecom for Breach
How Worried Should Consumers Really Be After a Data Breach? - Infosecurity Magazine
Your data privacy is slipping away – here’s why, and what you can do about it
Organised Crime & Criminal Actors
Cyber crime and real-world crime are converging in a dangerous new way – here’s how to stay safe
‘No honour among thieves’: M&S hacking group starts turf war
Know Your Enemy: Understanding Dark Market Dynamics
Cyber criminals stealing more data; Privacy watchdog concerned | NL Times
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
US Secret Service unmasks $400M crypto scam network
Hackers siphon $140M in Central Bank of Brazil attack, converting $40M to crypto | Cryptopolitan
Bitcoin Depot breach exposes data of nearly 27,000 crypto users
Insider Risk and Insider Threats
DOJ Disrupts North Korean IT Worker Schemes Targeting U.S
IT Worker arrested for selling access in $100M PIX cyber heist
Ex-ASML engineer who stole chip tech for Russia gets 3 years • The Register
US airman admits leaking secrets on dating app • The Register
IT worker spared prison for anti-Islam cyber attack on WiFi at UK train stations | The Standard
Insurance
How cyber insurers are stepping up after M&S attack - Insurance Post
Cyber insurance confronts the age of intelligent threats | Insurance Business America
Supply Chain and Third Parties
Financial firms are locking the front door but leaving the back open - Help Net Security
Get ahead of third-party risk or wave goodbye to your cyber resilience | TechRadar
Global software supply chain visibility remains critically low - Help Net Security
MSPs Under More Scrutiny From Customers on Cyber Than Ever - IT Security Guru
Pressure mounts on MSPs as enterprises flock to managed cyber security services | ChannelPro
Cloud/SaaS
What Security Leaders Need to Know About AI Governance for SaaS
Google Cloud keeps AI data in UK, but not the support • The Register
Cloud security maintains its position as top spending priority - Help Net Security
Outages
Microsoft Outlook goes down around the world - here's what we know | ZDNET
Identity and Access Management
Identity attacks surge 156% as phishermen get craftier • The Register
Identity-related cyber incidents surge, report finds | SC Media
Is the UK falling behind Europe on digital identity security? | Biometric Update
Encryption
EU Launches Plan to Implement Quantum-Secure Infrastructure - Infosecurity Magazine
Linux and Open Source
Malicious Open Source Packages Surge 188% Annually - Infosecurity Magazine
Open source has a malware problem, and it's getting worse - Help Net Security
New Linux Security Flaw Can Bypass Disk Encryption - OMG! Ubuntu
SUSE launches new European digital sovereignty support service to meet surging demand | ZDNET
Passwords, Credential Stuffing & Brute Force Attacks
McDonald’s AI Hiring Bot With Password ‘123456’ Leaks Millions of Job-Seekers Data
How passkeys work: Do your favorite sites even support passkeys? | ZDNET
How passkeys work: The complete guide to your inevitable passwordless future | ZDNET
Social Media
TikTok’s Handling of EU User Data in China Comes Under Scrutiny Again - Infosecurity Magazine
Tribunal Ruling Brings ICO’s £12.7m TikTok Fine Closer - Infosecurity Magazine
Regulations, Fines and Legislation
NIS2 Explained: An EU Directive For Secure Networked Systems - EE Times
NIS 2: Strengthening Europe’s Cyber Defences | Morrison & Foerster LLP - JDSupra
Czech Republic in Finale of NIS 2 Transposition
EU Launches Plan to Implement Quantum-Secure Infrastructure - Infosecurity Magazine
South Korea Imposes Penalties on SK Telecom for Breach
What CISOs Need to Know About AI Governance Frameworks | TechTarget
CISOs urged to fix API risk before regulation forces their hand - Help Net Security
US Cyber Security at Risk Without Congressional Action
Trump seeks unprecedented $1.23 billion cut to federal cyber budget | CSO Online
Models, Frameworks and Standards
NIS2 Explained: An EU Directive For Secure Networked Systems - EE Times
NIS 2: Strengthening Europe’s Cyber Defences | Morrison & Foerster LLP - JDSupra
Czech Republic in Finale of NIS 2 Transposition
Why law firms should get LOCS:23 certified - Legal Futures
Data Protection
TikTok’s Handling of EU User Data in China Comes Under Scrutiny Again - Infosecurity Magazine
Tribunal Ruling Brings ICO’s £12.7m TikTok Fine Closer - Infosecurity Magazine
Your data privacy is slipping away – here’s why, and what you can do about it
Careers, Working in Cyber and Information Security
Cyber security’s mental health reckoning - Tech Monitor
Why your security team feels stuck - Help Net Security
Will AI Gut the Cyber Security Talent Pipeline?
Hiring trends report | Professional Security Magazine
How to Get a Job in Cyber Security | The Global Recruiter
Law Enforcement Action and Take Downs
Four arrested in connection with M&S and Co-op cyber attacks - BBC News
Teens arrested by NCA over cyber attacks on M&S, Harrods and Co-op
US Secret Service unmasks $400M crypto scam network
Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage
Suspected Hacker Linked to Silk Typhoon Arrested in Milan
Ex-ASML engineer who stole chip tech for Russia gets 3 years • The Register
US airman admits leaking secrets on dating app • The Register
French cops cuff Russian hoopster for alleged ransomware • The Register
Is This Russian Basketball Player Part of a Ransomware Gang?
IT worker spared prison for anti-Islam cyber attack on WiFi at UK train stations | The Standard
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Alleged Chinese hacker tied to Silk Typhoon arrested for cyber espionage
Businesses at greater risk of cyber attack due to geopolitical tensions - Verdict
UK and France unite against increasing cyber threats
Even children can help counter threats bringing ‘war to our doorstep’, MPs say | The Independent
Grey zone attacks are bringing conflict to Britain’s doorstep — it’s time we woke up to... - LBC
Whole of society must respond to threats bringing ‘war to the doorstep’, MPs say
Teach children how to catch Russian spies online, MPs told
Hostile activities bring war to the doorstep of each and every one of us, new report warns
Nation State Actors
China
Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage
Suspected Hacker Linked to Silk Typhoon Arrested in Milan
North American APT Uses Exchange Zero-Day to Attack China
TikTok’s Handling of EU User Data in China Comes Under Scrutiny Again - Infosecurity Magazine
Tribunal Ruling Brings ICO’s £12.7m TikTok Fine Closer - Infosecurity Magazine
Chinese Video Surveillance Vendor Hikvision to Fight Canadian Ban - Infosecurity Magazine
Taiwan Flags Chinese Apps Over Data Security Violations - Infosecurity Magazine
Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties
Chinese State-Sponsored Hacker Charged Over COVID-19 Research Theft - Infosecurity Magazine
NightEagle APT Exploits Microsoft Exchange Flaw to Target China's Military and Tech Sectors
Russia
Even children can help counter threats bringing ‘war to our doorstep’, MPs say | The Independent
Teach children how to catch Russian spies online, MPs told
Russia-linked macOS malware adds dangerous backdoor| Cybernews
Russia Launches Spy Ship to Target NATO Undersea Cables — UNITED24 Media
Survey: war, cyber attacks top security concerns; support for European cooperation grows | NL Times
Ex-ASML engineer who stole chip tech for Russia gets 3 years • The Register
US airman admits leaking secrets on dating app • The Register
French cops cuff Russian hoopster for alleged ransomware • The Register
A Clever Russian Phishing Attack Using Fake State Department Employees
Looking Tough: Russia Trumpets Pro-Ukraine Hacker Arrests
Russia rejects ethical hacking bill • The Register
Spyware Campaign Hits Russian Industrial Firms
Russian airports crippled as 171 Moscow flights canceled
Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms
Iran
UK faces rising and unpredictable threat from Iran, report warns
Rising threat of assassination and kidnap attempts by Iran in UK – Channel 4 News
Iranian ransomware crew promises big bucks for US attacks • The Register
Iranian ransomware crew promises big bucks for US attacks • The Register
Missiles go silent but Iran-Israel cyber war is just ramping up | Iran International
The Iran-Israel War Returns to the Shadows, for Now
North Korea
DOJ Disrupts North Korean IT Worker Schemes Targeting U.S
US sanctions alleged North Korean IT sweatshop leader • The Register
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
DoNot APT is expanding scope targeting European foreign ministries
TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defence, and Rail Sectors
Tools and Controls
FBI Warns Hackers Are Exploiting Remote Desktop Protocol (RDP)
The Cost of Unpreparedness: Why Many Businesses Lack a Continuity Strategy | Entrepreneur
The MFA You Trust Is Lying to You – and Here's How Attackers Exploit It
Technology outpaces security adaptation, says Bitdefender
Many companies are still failing to budget for cyber security | TechRadar
LLMs Fall Short in Vulnerability Discovery and Exploitation - Infosecurity Magazine
Vibe Hacking Not Yet Possible - InfoRiskToday
CISOs urged to fix API risk before regulation forces their hand - Help Net Security
MSPs Under More Scrutiny From Customers on Cyber Than Ever - IT Security Guru
Hackers abuse leaked Shellter red team tool to deploy infostealers
AI built it, but can you trust it? - Help Net Security
Will AI Gut the Cyber Security Talent Pipeline?
How passkeys work: The complete guide to your inevitable passwordless future | ZDNET
Cloud security maintains its position as top spending priority - Help Net Security
Cyber insurance confronts the age of intelligent threats | Insurance Business America
PayPal's AI-powered scam alert system might intercept your transactions now - here's why | ZDNET
Other News
Data sovereignty is now a cyber security imperative - Tech Monitor
FBI Warns Hackers Are Exploiting Remote Desktop Protocol (RDP)
Technology outpaces security adaptation, says Bitdefender
Survey: war, cyber attacks top security concerns; support for European cooperation grows | NL Times
SMEs warned of 'serious consequences' if not prepared for cyber attacks | Insurance Times
Cyber attacks could exploit home solar panels to disrupt power grids | New Scientist
Vulnerability Management
LLMs Fall Short in Vulnerability Discovery and Exploitation - Infosecurity Magazine
Vibe Hacking Not Yet Possible - InfoRiskToday
End of life for Microsoft Office puts malicious macros in the security spotlight | CSO Online
5 critical reasons why keeping your android security updates current is more important than ever
Vulnerabilities
Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server
End of life for Microsoft Office puts malicious macros in the security spotlight | CSO Online
Invisible UI flaw gives hackers full Android access | Cybernews
Ivanti, Fortinet, Splunk Release Security Updates - SecurityWeek
AMD warns of new Meltdown, Spectre-like bugs affecting CPUs • The Register
New Linux Security Flaw Can Bypass Disk Encryption - OMG! Ubuntu
Multiple Apache Tomcat Vulnerabilities Let Attackers Trigger DoS Attacks
CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation
ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs
Millions of Cars Exposed to Remote Hacking via PerfektBlue Attack - SecurityWeek
Microsoft Confirms Windows 11 Update Causes Security Firewall Error
Unpatched Ruckus Vulnerabilities Allow Wireless Environment Hacking - SecurityWeek
Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.