Black Arrow Cyber Threat Intelligence Briefing 14 November 2025
Executive Summary
We start this week with alerts on emerging attacks for business leaders and employees to act on. A new feature in Microsoft Teams gives attackers an easier route into organisations, while a leading developer of advanced AI systems has found hostile actors using its AI model to conduct real attacks. We also report how LinkedIn is used to bypass corporate email defences through direct, trusted-looking messages.
Once in, whether through these channels or others, attackers continue to deploy ransomware. Small and medium sized organisations are particularly targeted, and we highlight how incidents affect victims both financially and at a human level.
New cyber legislation is being introduced in the UK, while other countries warn of evolving nation-state threats. We also note the unintended consequences of regulatory requirements, where online age-verification data has created valuable targets for attackers. Finally, we flag malware risks in mobile phone applications found even in approved online stores.
Organisations need to understand developments in cyber security and take steps to strengthen resilience. Contact us to discuss how to do this proportionately and pragmatically.
Top Cyber Stories of the Last Week
Microsoft Teams’ New “Chat With Anyone” Feature Exposes Users To Phishing and Malware Attacks
A new feature in Microsoft Teams lets anyone initiate chats using only an email address, expanding opportunities for phishing and malicious file sharing. Commentators warn that attackers may bypass email defences and impersonate legitimate contacts. Administrators can disable the capability, and the piece recommends pairing configuration changes with training and MFA.
Source: https://cybersecuritynews.com/microsoft-teams-chat-with-anyone-feature/
Chinese Spies Told Claude To Break Into About 30 Critical Orgs. Some Attacks Succeeded
Anthropic identified a Chinese state linked group using its AI model Claude to support intrusions into around 30 high value organisations. Human operators directed strategy, while AI assisted with reconnaissance and coding tasks. The case shows growing attempts to blend human oversight with automated tools to streamline intrusions.
Source: https://www.theregister.com/2025/11/13/chinese_spies_claude_attacks/
5 Reasons Why Attackers Are Phishing Over LinkedIn
LinkedIn phishing is rising as attackers exploit direct messaging to bypass email defences. Compromised accounts from infostealer logs are used to impersonate real professionals, especially in finance and tech. The platform enables easy reconnaissance of roles and access levels. Commentators recommend better browser controls and monitoring of non email channels.
Source: https://www.bleepingcomputer.com/news/security/5-reasons-why-attackers-are-phishing-over-linkedin/
Cyber Insurers Paid Out Over Twice as Much for UK Ransomware Attacks Last Year
A steep rise in ransomware events has driven cyber insurance payouts up by 230%. Insurers report more destructive attacks and increased scrutiny of controls such as patching, backups and incident response before granting cover. While insurance supports recovery, it cannot replace core cyber security hygiene or resilience measures.
Source: https://www.theregister.com/2025/11/11/ransomware_surge_fuels_230_increase/
Large Organisations Aren’t Paying Ransomware Threats Anymore: SMBs Are
Proton, a privacy and security technology provider, reports a shift in attacker focus towards SMBs as large enterprises become less willing to pay. Median ransom payments dropped sharply, while unpatched vulnerabilities remained a leading cause of compromise. SMBs face rising exposure and should prioritise staff awareness, backups and segmentation to limit attacker movement and reduce impact.
Source: https://proton.me/blog/ransomware-threats-smbs
FBI: Akira Gang Has Received Nearly $250 Million in Ransoms
The Akira ransomware group has collected an estimated $244 million since 2023, mainly targeting small and medium sized organisations across multiple sectors. Attackers often exploit weak VPNs, stolen credentials and password spraying, then remove security tools and steal data rapidly. Authorities warn that Akira’s speed and use of legitimate remote access tools demand tighter monitoring and faster patching.
Source: https://therecord.media/akira-gang-received-million
Companies Forced to Make Financial Changes After a Cyberattack
A survey of firms hit by cyberattacks found that 70% of publicly traded companies adjusted earnings or guidance afterwards and 68% saw their stock price affected. Among privately held businesses, 73% diverted budgets away from innovation and growth. Additionally, 92% reported legal, regulatory or compliance consequences such as fines or lawsuits. The research emphasises that recovery from an attack involves far more than restoring systems; it demands financial and strategic overhaul.
Source: https://betanews.com/2025/11/10/companies-forced-to-make-financial-changes-after-a-cyberattack/
Cyberattack Impact on Employees May Be as Serious as Technical Fallout
A survey of 500 Irish businesses found 40% suffered an attack in the past year, with many reporting burnout, stress and increased sick leave. Some saw improved loyalty, but most faced financial harm and ransomware pressures. The report also found that AI related vulnerabilities are rising, yet firms still see AI as beneficial overall.
UK’s New Cyber Security and Resilience Bill Targets Weak Links in Critical Services
Proposed cyber security legislation in the UK will expand existing regulations to include MSPs, data centres and other essential suppliers. It introduces stricter security duties, 24 hour incident reporting and tougher enforcement powers. Operators of critical services would be required to notify impacted customers quickly and maintain stronger controls across supply chains.
Source: https://www.helpnetsecurity.com/2025/11/12/uk-cyber-security-and-resilience-bill/
Spy Boss Says Authoritarian Nations Ready to Commit ‘High Impact Sabotage’
Australia’s domestic intelligence and national security agency, ASIO, warns that hostile states are preparing for cyber sabotage targeting critical infrastructure. Officials cite recent probes by groups such as Volt Typhoon and Salt Typhoon. The director general urges boards to understand their operational dependencies and prepare for scenarios involving communications, power or water disruptions.
Source: https://www.theregister.com/2025/11/12/asio_cyber_sabotage_warnings/
Online Age Checking Is Creating a Treasure Trove of Data for Hackers
Age verification systems increasingly require photo IDs, selfies and credit card checks, creating sensitive data stores attractive to criminals. Breaches at Discord and the Tea app exposed large volumes of imagery and identity data despite policies stating minimal retention. The article argues that regulators lack sufficient power to enforce deletion, especially when third parties are offshore.
Google Play Store Hosted 239 Malicious Apps That Were Downloaded 40 Million Times
Researchers found 239 malicious Android apps on Play, totalling around 42 million downloads. Threats included spyware, banking trojans and adware, with detections rising 67% year on year. Google is tightening developer checks, but observers argue that serious malware continues to slip through, leaving users exposed.
Android Malware Steals Your Card Details and PIN to Make Instant ATM Withdrawals
A malware strain known as NGate records NFC payment data and PINs, allowing criminals to emulate victims’ cards at cash machines. It spreads through phishing and fake banking apps. Users are advised to avoid unsolicited downloads, use trusted app stores and deploy mobile security tools to reduce risk.
Governance, Risk and Compliance
The quiet revolution: How regulation is forcing cybersecurity accountability | CyberScoop
Nearly £200 million paid in cyber claims to help UK businesses recover | ABI
Cyberattack impact on employees may be as serious as technical fallout
Three quarters of SMEs unprotected against everyday risks - CIR Magazine
Companies forced to make financial changes after a cyberattack - BetaNews
The changing language of cyber: communicating with the board | IT Pro
Why Cybersecurity Must Shift To Continuous Incident Response
The Professionalised World of Cybercrime and the New Arms Race - Security Boulevard
Cyberattacks forcing businesses to correct financial outlooks - CIR Magazine
AI is forcing boards to rethink how they govern security - Help Net Security
Cyber Execs Get Insurance, Legal Counsel Perks Amid Higher Risks
CISOs: More Pressure from Internal Expectations than External Threats | MSSP Alert
CISOs are cracking under pressure - Help Net Security
To get funding, CISOs are mastering the language of money - Help Net Security
Reducing the risk of major cyber incidents in the UK through digital resilience | UKAuthority
Threats
Ransomware, Extortion and Destructive Attacks
Qilin Ransomware Activity Surges as Attacks Target Small Businesses - Infosecurity Magazine
Are SMBs facing increasing ransomware threats? | Proton
Ransomware fuels 230% increase in UK cyber insurance payouts • The Register
Threat Actors Leverage RMM Tools to Deploy Medusa & DragonForce Ransomware
Cyberattacks 'costing the UK economy £14.7 billion' a year
Kraken ransomware benchmarks systems for optimal encryption choice
FBI: Akira gang has received nearly $250 million in ransoms | The Record from Recorded Future News
FBI calls Akira ‘top five’ ransomware variant out of 130 targeting US businesses | CyberScoop
'Ransomvibing' Infests Visual Studio Extension Market
Yanluowang initial access broker pleaded guilty to ransomware attacks
How a CPU spike led to uncovering a RansomHub ransomware attack
Russian Hacking Group Sandworm Deploys New Wiper Malware in Ukraine - Infosecurity Magazine
APT37 hackers abuse Google Find Hub in Android data-wiping attacks
The ransomware payment ban: what’s the potential impact for UK businesses? | TechRadar
Russian pleads guilty, staring at 53 years and $9.2M penalty - Cryptopolitan
Ransomware Victims
Allianz UK confirms Oracle EBS compromise • The Register
Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site - SecurityWeek
Synnovis Finally Issues Breach Notification After 2024 Ransomware Atta - Infosecurity Magazine
Hackers claim to leak Collins Aerospace data | Cybernews
UK economic growth slows due to cyberattack at Jaguar Land Rover
UK NHS Named in Clop Gang's Exploits of Oracle Zero-Days
Bank of England says JLR's cyberattack damaged UK GDP growth • The Register
Washington Post data breach impacts nearly 10K employees, contractors
Government not handing ‘free money’ to JLR after cyber attack, minister insists | Insider Media
GlobalLogic Becomes Latest Cl0p Victim After Oracle EBS Attack - Infosecurity Magazine
Ransomed CTO falls on sword, refuses to pay extortion demand • The Register
DoorDash hit by new data breach in October exposing user information
Phishing & Email Based Attacks
Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks
5 reasons why attackers are phishing over LinkedIn
AI and phishing: a toxic pair | Professional Security Magazine
Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware
New Phishing Attack Leverages Popular Brands to Harvest Login Credentials - Cyber Security News
Google Looks to Dim 'Lighthouse' Phishing Kit
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Cyberattacks 'costing the UK economy £14.7 billion' a year
Other Social Engineering
Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks
Attackers upgrade ClickFix with tricks used by online stores - Help Net Security
ClickFix Attacks Against macOS Users Evolving - SecurityWeek
What is FileFix — a ClickFix variation? | Kaspersky official blog
ClickFix may be the biggest security threat your family has never heard of - Ars Technica
5 reasons why attackers are phishing over LinkedIn
Phishers target 5K Facebook advertisers with fake biz pages • The Register
Beware the 'Hi, how are you?' text. It's a scam - here's how it works | ZDNET
This Is the Platform Google Claims Is Behind a 'Staggering’ Scam Text Operation | WIRED
Wanna bet? Scammers are playing the odds better than you are - Help Net Security
Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware
Google goes after massive phishing enterprise behind those spammy USPS messages - Neowin
Fraud, Scams and Financial Crime
Cyberattacks 'costing the UK economy £14.7 billion' a year
Beware the 'Hi, how are you?' text. It's a scam - here's how it works | ZDNET
This Is the Platform Google Claims Is Behind a 'Staggering’ Scam Text Operation | WIRED
Wanna bet? Scammers are playing the odds better than you are - Help Net Security
$7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK
"Vibescamming" is the new online scam everyone’s falling for
Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data
Google goes after massive phishing enterprise behind those spammy USPS messages - Neowin
Google Looks to Dim 'Lighthouse' Phishing Kit
New NCA Campaign Warns Men Off Crypto Investment Scams - Infosecurity Magazine
'Dodgy' Amazon Fire TV sticks are leaving users open to financial fraud | News Tech | Metro News
Improve Collaboration to Hit Back At Rising Fraud, Says techUK - Infosecurity Magazine
Lost iPhone? Don’t fall for phishing texts saying it was found
How Elder Fraud Reveals Gaps in Human-Centric Security
Artificial Intelligence
Survey Surfaces Sharp Rise in Cybersecurity Incidents Involving AI - Security Boulevard
"Vibescamming" is the new online scam everyone’s falling for
AI and phishing: a toxic pair | Professional Security Magazine
Cybercriminals Are Now Using AI to Create Shape-Shifting Malware, Google Warns
AI Agents Are Going Rogue: Here's How to Rein Them In
65% of Leading AI Companies Found With Verified Secrets Leaks - Infosecurity Magazine
Advocacy group calls on OpenAI to address Sora 2’s deepfake risks | CyberScoop
Los Alamos researchers warn AI may upend national security - Help Net Security
EU’s leaked GDPR, AI reforms slated by privacy activists • The Register
AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack
Military experts warn security hole in most AI chatbots can sow chaos
Execs Say AI Use is Making Companies Vulnerable to Attacks: Survey | MSSP Alert
Many Forbes AI 50 Companies Leak Secrets on GitHub - SecurityWeek
Shadow AI risk: Navigating the growing threat of ungoverned AI adoption - Help Net Security
Legal Reputations at Risk: How AI is Reshaping Cyber Threats in Law – Artificial Lawyer
'Ransomvibing' Infests Visual Studio Extension Market
Autonomous AI could challenge how we define criminal behavior - Help Net Security
Oddest ChatGPT leaks yet: Cringey chat logs found in Google analytics tool - Ars Technica
Malware
Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks
Hackers Exploiting RMM Tools LogMeIn and PDQ Connect to Deploy Malware as a Normal Program
Cybercriminals Are Now Using AI to Create Shape-Shifting Malware, Google Warns
Threat Actors Leverage RMM Tools to Deploy Medusa & DragonForce Ransomware
Infostealers are making this old security practice new again | PCWorld
Hackers Exploit OneDrive.exe Through DLL Sideloading to Execute Arbitrary Code
Hackers Weaponizing Calendar Files as a New Attack Vector Bypassing Traditional Email Defenses
Threat Actors Attacking Outlook and Google Bypassing Traditional Email Defenses
DanaBot malware is back to infecting Windows after 6-month break
Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack
GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites
Rhadamanthys infostealer disrupted as cybercriminals lose server access
Ferocious Kitten APT Deploying MarkiRAT to Capture Keystroke and Clipboard Logging
1,000+ Servers Hit in Law Enforcement Takedown of Rhadamanthys, VenomRAT, Elysium - SecurityWeek
Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware
Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation
Hackers abuse Triofox antivirus feature to deploy remote access tools
Bots/Botnets
A new round of Europol’s Operation Endgame dismantled Rhadamanthys, Venom RAT, and Elysium botnet
Mobile
Beware the 'Hi, how are you?' text. It's a scam - here's how it works | ZDNET
APT37 hackers abuse Google Find Hub in Android data-wiping attacks
Google Play Store hosted 239 malicious apps that were downloaded 40 million times - gHacks Tech News
Warning! Don't open these WhatsApp images, else you'll get hacked | PCWorld
New Android Malware ‘Fantasy Hub’ Intercepts SMS Messages, Contacts and Call Logs
Android malware steals your card details and PIN to make instant ATM withdrawals | Malwarebytes
Android Devices Targeted by KONNI APT in Find Hub Exploitation - Infosecurity Magazine
Popular Android-based photo frames download malware on boot
Lost iPhone? Don’t fall for phishing texts saying it was found
Denial of Service/DoS/DDoS
Cisco: Actively exploited firewall flaws now abused for DoS attacks
Multiple Django Vulnerabilities Enable SQL injection and DoS Attack
Cyberattack hits Danish government and defence companies | European Pravda
Internet of Things – IoT
UK.gov probes security risks of Chinese electric buses • The Register
Data Breaches/Leaks
Allianz UK confirms Oracle EBS compromise • The Register
Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site - SecurityWeek
65% of Leading AI Companies Found With Verified Secrets Leaks - Infosecurity Magazine
Synnovis Finally Issues Breach Notification After 2024 Ransomware Atta - Infosecurity Magazine
Hackers claim to leak Collins Aerospace data | Cybernews
UK NHS Named in Clop Gang's Exploits of Oracle Zero-Days
AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack
Military experts warn security hole in most AI chatbots can sow chaos
Execs Say AI Use is Making Companies Vulnerable to Attacks: Survey | MSSP Alert
Many Forbes AI 50 Companies Leak Secrets on GitHub - SecurityWeek
Legal Reputations at Risk: How AI is Reshaping Cyber Threats in Law – Artificial Lawyer
Washington Post data breach impacts nearly 10K employees, contractors
Website Security Breaches: 13 Lessons Learned from Small Businesses - DevX
Whisper Leak: A novel side-channel attack on remote language models | Microsoft Security Blog
GlobalLogic Becomes Latest Cl0p Victim After Oracle EBS Attack - Infosecurity Magazine
New IT woe at Legal Aid Agency | Law Gazette
Oddest ChatGPT leaks yet: Cringey chat logs found in Google analytics tool - Ars Technica
Organised Crime & Criminal Actors
The Professionalised World of Cybercrime and the New Arms Race - Security Boulevard
This Is the Platform Google Claims Is Behind a 'Staggering’ Scam Text Operation | WIRED
Yanluowang initial access broker pleaded guilty to ransomware attacks
Autonomous AI could challenge how we define criminal behavior - Help Net Security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
$7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK
New NCA Campaign Warns Men Off Crypto Investment Scams - Infosecurity Magazine
Insider Risk and Insider Threats
Cyberattack impact on employees may be as serious as technical fallout
Insurance
Ransomware fuels 230% increase in UK cyber insurance payouts • The Register
Cyber insurance pay-outs triple | Professional Security Magazine
Nearly £200 million paid in cyber claims to help UK businesses recover | ABI
Cyber Execs Get Insurance, Legal Counsel Perks Amid Higher Risks
Supply Chain and Third Parties
Allianz UK confirms Oracle EBS compromise • The Register
Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site - SecurityWeek
Synnovis notifies of data breach after 2024 ransomware attack
Synnovis Finally Issues Breach Notification After 2024 Ransomware Atta - Infosecurity Magazine
GlobalLogic Becomes Latest Cl0p Victim After Oracle EBS Attack - Infosecurity Magazine
Cloud/SaaS
Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks
Microsoft's data sovereignty: Now with extra sovereignty! • The Register
Identity and Access Management
Active Directory Under Siege: Why Critical Infrastructure Needs Stronger Security
Encryption
Are we ready for the post-quantum era? | TechRadar
Linux and Open Source
CISA warns of Akira ransomware Linux encryptor targeting Nutanix VMs
Passwords, Credential Stuffing & Brute Force Attacks
New Phishing Attack Leverages Popular Brands to Harvest Login Credentials - Cyber Security News
Enterprise Credentials at Risk – Same Old, Same Old?
Social Media
5 reasons why attackers are phishing over LinkedIn
Phishers target 5K Facebook advertisers with fake biz pages • The Register
The common social media security measure that creates a treasure trove for hackers | The Independent
Online age checking is creating a treasure trove of data for hackers
New Age Verification Bills Could Ban VPNs, Jeopardize the Privacy of Millions - CNET
Regulations, Fines and Legislation
ID verification laws are fueling the next wave of breaches
New Age Verification Bills Could Ban VPNs, Jeopardize the Privacy of Millions - CNET
EU’s leaked GDPR, AI reforms slated by privacy activists • The Register
Cyber bill offers 'no guarantee of security', tech lawyer says - UKTN
Exclusive: Ofcom is monitoring VPNs following Online Safety Act. Here's how | TechRadar
The Government Shutdown Is a Ticking Cybersecurity Time Bomb | WIRED
China amends its Cybersecurity Law
America’s cybersecurity defenses are cracking | The Verge
Cyber information sharing law would get extension under shutdown deal bill | CyberScoop
CISA, FCEA funding set to resume as shutdown nears its end • The Register
Age verification lands in Italy − here’s how it affects VPN users | TechRadar
Models, Frameworks and Standards
A guide to the UK Cyber Security and Resilience Bill (CSRB) | Professional Security Magazine
EU’s leaked GDPR, AI reforms slated by privacy activists • The Register
Broken access control still tops list of app sec top 10 • The Register
Data Protection
EU’s leaked GDPR, AI reforms slated by privacy activists • The Register
Careers, Working in Cyber and Information Security
CISOs are cracking under pressure - Help Net Security
CISO Pay Packages Grow as Overall Security Spending Slows: IANS | MSSP Alert
From Forensics to AI: New bulletin maps out Cyber Security careers | Department for the Economy
Why We Need More Veterans in Intelligence, Cybersecurity, and STEM - ClearanceJobs
Resilience for resilience: Managing burnout among cyber leaders | Computer Weekly
The New Battlefield: 3 Veterans Discuss Their Transition to Cybersecurity | Security Magazine
Cyber Execs Get Insurance, Legal Counsel Perks Amid Higher Risks
Law Enforcement Action and Take Downs
$7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK
1,000+ Servers Hit in Law Enforcement Takedown of Rhadamanthys, VenomRAT, Elysium - SecurityWeek
New NCA Campaign Warns Men Off Crypto Investment Scams - Infosecurity Magazine
Yanluowang initial access broker pleaded guilty to ransomware attacks
Russian hacker admits helping Yanluowang ransomware infect companies
Russian pleads guilty, staring at 53 years and $9.2M penalty - Cryptopolitan
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Spy boss says authoritarian nations poised for sabotage • The Register
Los Alamos researchers warn AI may upend national security - Help Net Security
From Log4j to IIS, China's Hackers Turn Legacy Bugs into Global Espionage Tools
Data breach at Chinese infosec firm reveals weapons arsenal • The Register
Russia's suspected 'hybrid war' puts European air defences to the test | The Straits Times
War continues in cyberspace: Final cybersecurity education session concludes in Kyiv
TP-Link Routers Could Soon Be Banned. Here's What Cybersecurity Experts Say About the Risk - CNET
The threat of space terrorism is no longer science fiction, but we’re ill-prepared to combat it
Nation State Actors
China
Spy boss says authoritarian nations poised for sabotage • The Register
Anthropic Says Claude AI Powered 90% of Chinese Espionage Campaign - SecurityWeek
Chinese spies used Claude to break into critical orgs • The Register
From Log4j to IIS, China's Hackers Turn Legacy Bugs into Global Espionage Tools
Data breach at Chinese infosec firm reveals weapons arsenal • The Register
UK.gov probes security risks of Chinese electric buses • The Register
Denmark and Norway investigate Yutong bus security flaw amid rising tech fears
TP-Link Routers Could Soon Be Banned. Here's What Cybersecurity Experts Say About the Risk - CNET
China amends its Cybersecurity Law
This Is the Platform Google Claims Is Behind a 'Staggering’ Scam Text Operation | WIRED
Palantir CEO Says a Surveillance State Is Preferable to China Winning the AI Race
Russia
Russia's suspected 'hybrid war' puts European air defences to the test | The Straits Times
War continues in cyberspace: Final cybersecurity education session concludes in Kyiv
Russian Hacking Group Sandworm Deploys New Wiper Malware in Ukraine - Infosecurity Magazine
Russian pleads guilty, staring at 53 years and $9.2M penalty - Cryptopolitan
Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data
Belgian military intelligence service websites attacked by Russian hackers | VRT NWS: news
Russian hacker admits helping Yanluowang ransomware infect companies
Iran
Ferocious Kitten APT Deploying MarkiRAT to Capture Keystroke and Clipboard Logging
North Korea
APT37 hackers abuse Google Find Hub in Android data-wiping attacks
Android Devices Targeted by KONNI APT in Find Hub Exploitation - Infosecurity Magazine
[Editorial] The silent war - The Korea Herald
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Emulating the Espionage-Oriented Group SideWinder - Security Boulevard
Tools and Controls
Hackers Exploiting RMM Tools LogMeIn and PDQ Connect to Deploy Malware as a Normal Program
Threat Actors Leverage RMM Tools to Deploy Medusa & DragonForce Ransomware
Why Cybersecurity Must Shift To Continuous Incident Response
Online age checking is creating a treasure trove of data for hackers
New Age Verification Bills Could Ban VPNs, Jeopardize the Privacy of Millions - CNET
Ransomware fuels 230% increase in UK cyber insurance payouts • The Register
Cisco: Actively exploited firewall flaws now abused for DoS attacks
AI is forcing boards to rethink how they govern security - Help Net Security
ISO - Threat intelligence and why it matters for cybersecurity
Controversy Brews: US Government Targets Banning Top Wi-Fi Router - CNET
Broken access control still tops list of app sec top 10 • The Register
Exclusive: Ofcom is monitoring VPNs following Online Safety Act. Here's how | TechRadar
Resilience and AI risk | Professional Security Magazine
Automation can't fix broken security basics - Help Net Security
The browser is eating your security stack - Help Net Security
CISA warns of Akira ransomware Linux encryptor targeting Nutanix VMs
Active Directory Under Siege: Why Critical Infrastructure Needs Stronger Security
Age verification lands in Italy − here’s how it affects VPN users | TechRadar
To get funding, CISOs are mastering the language of money - Help Net Security
Reducing the risk of major cyber incidents in the UK through digital resilience | UKAuthority
NCSC Set to Retire Web Check and Mail Check Tools - Infosecurity Magazine
Other News
Who Owns the Cybersecurity of Space? - DataBreachToday
Europe Must Close the Space Gap by Anders Fogh Rasmussen - Project Syndicate
Logistics companies are increasingly targeted by cybercriminals | CargoForwarder Global
Telecoms Cyber Chiefs Adopt Financial Sector’s Model of Collective Defense - WSJ
Vulnerability Management
When Attacks Come Faster Than Patches: Why 2026 Will be the Year of Machine-Speed Security
Microsoft: Windows 11 23H2 Home and Pro reach end of support
Vulnerabilities
Cisco: Actively exploited firewall flaws now abused for DoS attacks
Hackers Exploit OneDrive.exe Through DLL Sideloading to Execute Arbitrary Code
Cisco fixes critical UCCX flaw allowing Root command execution
SAP fixed a maximum severity flaw in SQL Anywhere Monitor
Zoom Workplace for Windows Vulnerability Allow Users to Escalate Privilege
Chipmaker Patch Tuesday: Over 60 Vulnerabilities Patched by Intel - SecurityWeek
High-Severity Vulnerabilities Patched by Ivanti and Zoom - SecurityWeek
Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases - SecurityWeek
CitrixBleed 2, Cisco Flaw Wreak Havoc as Zero-Day Bugs
CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks
Microsoft Exchange 'Under Imminent Threat', Act Now
Fortinet FortiWeb flaw with public PoC exploited to create admin users
Palo Alto PAN-OS Firewall Vulnerability Let Attackers Reboot Firewall by Sending Malicious Packet
Android Devices Targeted by KONNI APT in Find Hub Exploitation - Infosecurity Magazine
Multiple Django Vulnerabilities Enable SQL injection and DoS Attack
Dangerous runC flaws could allow hackers to escape Docker containers
Adobe Patches 29 Vulnerabilities - SecurityWeek
Hackers abuse Triofox antivirus feature to deploy remote access tools
QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own
Critical Triofox Vulnerability Exploited in the Wild - SecurityWeek
RCE flaw in ImunifyAV puts millions of Linux-hosted sites at risk
ChatGPT Vulnerability Exposed Underlying Cloud Infrastructure - SecurityWeek
Synology fixes BeeStation zero-days demoed at Pwn2Own Ireland
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.