Black Arrow Cyber Threat Intelligence Briefing 15 August 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
We begin with two calls to action for stronger cyber security: ensure your systems are patched to fix vulnerabilities, in this case Microsoft Exchange servers, and ensure your team uses strong passwords. We also report on the ongoing rise in cyber attacks including the increase in ransomware, the use of physical violence in cryptocurrency-related incidents, and changes within the attacker community such as a further shift towards the financial services sector.
To address these and other threats, it is essential to have a clear and objective understanding of your risks, and to counter them through a strategy that encompasses people, operations and technology.
The UK Cyber Governance Code of Practice is a valuable reference, even for organisations outside the UK. It includes two key principles: build strong defences through your employees, and rehearse how your leadership team will respond to an incident. It is also strongly recommended to commission assessments from an attacker’s perspective, to identify and resolve vulnerabilities before they are exploited.
Contact us for impartial specialist advice and support to implement the above in a proportionate and effective manner.
Top Cyber Stories of the Last Week
Over 29,000 Exchange Servers Still Unpatched Against High-Severity Flaw
Over 29,000 Microsoft Exchange servers remain unpatched against a serious flaw that could allow attackers to gain full control of both cloud and on-premises systems in hybrid environments. The vulnerability affects Exchange 2016, 2019 and Subscription Edition, and can be exploited to bypass detection by forging trusted credentials. Despite a fix released in April 2025, scans show large numbers of exposed systems worldwide. US federal agencies have been ordered to apply patches immediately, and all organisations are strongly advised to follow suit to prevent potential domain compromise.
Nearly Half of Enterprises Tested Had Easily Cracked Passwords
Picus Security’s 2025 Blue Report found that nearly half of enterprises tested had at least one easily cracked password, with attacks using valid credentials succeeding 98% of the time. Overall, the ability to block an attack dropped from 69% in 2024 to 62%, while the ability to stop data theft fell to just 3%. Detection weaknesses persisted, with only 14% of simulated attacks triggering alerts. The report urges stronger password policies, improved monitoring for data loss, and testing for ransomware scenarios to strengthen resilience.
Leaked Credentials Up 160% - What Attackers Are Doing With Them
Leaked credentials are a growing driver of cyber breaches, accounting for 22% of incidents in 2024, according to Verizon. Cyberint reports a 160% rise in such leaks in 2025, with many remaining active and exploitable for months. Attackers increasingly use automated tools, infostealer malware, and AI-driven phishing to obtain usernames and passwords, which are then sold or reused for account takeovers, credential stuffing, and fraud. Even with strong password policies and multi-factor authentication, rapid detection is vital. Proactively identifying exposures before they are exploited is a key differentiator in reducing long-term business risk.
https://thehackernews.com/2025/08/leaked-credentials-up-160-what.html
Ransomware Attacks Up by 41% Globally
Global cyber attacks rose sharply in July, with ransomware incidents up 41% year-on-year to 487 cases. North America accounted for over half of these, followed by Europe. Business services, healthcare, and manufacturing were among the most affected sectors, while education faced the highest weekly attack rate at over 4,200 per organisation. North America saw the largest percentage increase. Notable ransomware groups Qilin, Akira, and Play drove much of the activity, with Qilin alone linked to 17% of known cases, reflecting the growing scale and sophistication of financially motivated threats.
https://betanews.com/2025/08/11/ransomware-attacks-up-by-41-percent-globally/
Physical Threats to Crypto Owners Hit Record Highs
Criminals are increasingly targeting cryptocurrency holders through both physical violence and complex online scams. Experts warn that “wrench attacks”, where victims are coerced into handing over their digital assets under threat of harm, have risen sharply, sometimes for amounts as low as $6,000. Leaks of over 80 million user identities, including 2.2 million with home addresses, have made it easier for attackers to locate victims. At the same time, the “GreedyBear” group has stolen more than $1 million through malicious browser extensions, malware, and fake websites, highlighting the growing sophistication and scale of threats in the crypto sector.
https://coinpaper.com/10443/physical-threats-to-crypto-owners-hit-record-highs
The UK Cyber Governance Code of Practice: Beyond Basic Protections to Culture, Leadership and Training
Sectors including financial services, retail and government are facing millions of sophisticated cyber attacks each month. The UK Government’s Cyber Governance Code of Practice urges boards to strengthen cyber risk management by fostering a security-focused culture, improving leadership cyber literacy, and delivering tailored, ongoing training for all staff. In 2024, global ransomware payments reached $813.55 million, underlining the stakes. Technology alone is insufficient; a vigilant, well-trained workforce operating within a Zero Trust framework can significantly enhance defences against today’s fast-evolving digital threats.
https://www.techradar.com/pro/dont-stop-at-basic-protections-make-ongoing-training-a-priority
The Human Firewall: Building a Cyber-Aware Workforce
The UK government’s latest survey shows that half of all businesses, and nearly three quarters of large firms, experienced a cyber security breach in the past year, with the average cost of a UK data breach reaching £3.58 million. As human error is linked to up to 95% of incidents, the focus is shifting from one-off awareness sessions to role-specific training and cultural change. Gamification, real-time feedback, and positive reinforcement are helping organisations turn staff from potential vulnerabilities into proactive defenders, reducing successful attacks, cutting incident response costs, and strengthening compliance.
https://www.telecomstechnews.com/news/the-human-firewall-building-a-cyber-aware-workforce/
Microsoft Warns Organisations Without a Rehearsed Response Plan Are Hit Harder by a Security Incident
Microsoft has warned that organisations without a well-rehearsed incident response plan face longer and more damaging cyber attacks. Only one in four organisations have such a plan and have practised it. Those that regularly test their procedures, run exercises and assess vulnerabilities recover in days rather than months. Experts stressed the need for strong security fundamentals, including keeping software updated, enabling logging and applying proper configurations. Attackers increasingly move quickly, often exploiting basic weaknesses before using advanced techniques, making preparation and early detection critical for limiting business impact. Contact us for details of how Black Arrow can help your leadership team to prepare and rehearse managing the business impact of a cyber security incident.
https://cyberscoop.com/microsoft-threat-intel-response-tips/
Attack Yourself First: the Logic Behind Offensive Security
Recent high-profile cyber attacks on UK retailers have highlighted the speed and sophistication of modern threats, fuelled by automation and AI. Traditional defences such as firewalls and periodic checks are no longer enough, as attackers exploit weaknesses almost instantly. Offensive security, which proactively tests systems through simulated attacks, helps organisations find and fix critical vulnerabilities before criminals can exploit them. Leadership engagement is essential, ensuring cyber security is embedded into business strategy and transformation plans. The strongest organisations will be those that continuously validate their defences rather than relying on assumptions of security.
https://www.techradar.com/pro/attack-yourself-first-the-logic-behind-offensive-security
These Two Ransomware Groups Are Ramping Up Attacks and Have Claimed Hundreds of Victims
Research by Acronis warns that the Akira and Lynx ransomware groups are intensifying attacks on small and medium-sized businesses, particularly managed service providers (MSPs). Akira has claimed over 220 victims and Lynx around 145, often gaining access through stolen credentials, VPN weaknesses, or phishing emails. Both disable security software, steal data, and encrypt systems to extort payment. MSPs are prime targets as they can provide access to multiple customers. Experts advise organisations to strengthen multi-factor authentication, keep external systems patched, and maintain robust, tested backups to reduce the risk of disruption and financial loss.
Financial Services Could Be Next in Line for ShinyHunters
Threat intelligence suggests financially motivated cyber groups are shifting focus towards banks, insurers and financial services, with a 12% rise in targeted domain registrations since July 2025, while targeting of technology firms fell by 5%. Around 700 such domains have been registered this year, some mimicking login portals of major providers. Evidence points to overlap between ShinyHunters and Scattered Spider, both linked to an English-speaking youth movement involved in a range of cyber and physical crimes. Experts advise security leaders to focus on attacker tactics and behaviours rather than group names, to better anticipate and defend against evolving threats.
https://www.infosecurity-magazine.com/news/financial-services-next-line/
Three Notorious Cybercrime Gangs, Scattered Spider, ShinyHunters and Lapsus$, Appear to Be Collaborating
Three well-known cyber crime groups, Scattered Spider, ShinyHunters and Lapsus$, appear to be working together under a loose collective known as The Com. Recent activity suggests Scattered Spider is providing initial access to high-value targets, enabling ShinyHunters to carry out large-scale data theft and extortion. The groups have been linked to coordinated attacks on global retail, insurance, and aviation brands, often exploiting trusted enterprise tools like Salesforce and Okta through social engineering. Experts warn their methods are well-documented but highly effective, with weak helpdesk identity checks and poor multi-factor authentication enforcement remaining key vulnerabilities.
https://www.theregister.com/2025/08/12/scattered_spidershinyhunterslapsus_cybercrime_collab/
Nation State Actor Groups are Getting Personal, Going After Executives in Their Personal Lives
Threat groups linked to nation states are increasingly targeting executives through their personal lives, exploiting less secure home networks, private devices and family connections. Remote working, personal cloud use and active social media profiles provide openings for attackers to gather information and launch phishing or malware campaigns. Experts recommend organisations support executives with secure home network configurations, enterprise-grade device protections, credential monitoring, and training for both the individual and their family. This approach helps reduce the risk of personal-targeted cyber attacks while respecting privacy and avoiding intrusive monitoring.
https://www.helpnetsecurity.com/2025/08/12/apt-executive-cybersecurity-threats/
Governance, Risk and Compliance
Redefining the Role: What Makes a CISO Great
CISOs face a complex tangle of tools, threats, and AI uncertainty - Help Net Security
APT groups are getting personal, and CISOs should be concerned - Help Net Security
The UK’s ‘chronic shortage of cyber professionals’ is putting the country at risk | IT Pro
The human firewall: Building a cyber-aware workforce
Don't stop at basic protections; make ongoing training a priority | TechRadar
How to implement a blameless approach to cybersecurity | Kaspersky official blog
Mastering control of sovereign digital resilience | Computer Weekly
Navigating the Cybersecurity Budget Tug-of-War
What Is the Three Lines Model and What Is Its Purpose? | Definition From TechTarget
Professional services firms stuck in network security IT doom loop | Computer Weekly
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware attacks up by 41 percent globally - BetaNews
ShinyHunters Tactics Now Mirror Scattered Spider
Financial Services Could Be Next in Line for ShinyHunters - Infosecurity Magazine
Cybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on Businesses
Three notorious cybercrime gangs appear to be collaborating • The Register
Help Desk at Risk: Scattered Spider Shines Light on Overlook Threat Vector - SecurityWeek
Ransomware crews don't care about your EDR • The Register
When Theft Replaces Encryption: Blue Report 2025 on Ransomware & Infostealers
Embargo Ransomware Gang Amasses $34.2m in Attack Proceeds - Infosecurity Magazine
Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics
New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises | Trend Micro (US)
Crypto24 ransomware hits large orgs with custom EDR evasion tool
Akira Ransomware Exploits SonicWall Zero-Day with BYOVD Evasion
MedusaLocker ransomware group is looking for pentesters
Embargo Ransomware nets $34.2M in crypto since April 2024
MuddyWater’s DarkBit ransomware cracked for free data recovery
Ransomware crew dumps 43GB Saint Paul files, no ransom paid • The Register
North Korea Attacks South Koreans With Ransomware
Intel gathered following HSE attack leads to dismantling of ransomware gang – The Irish Times
US govt seizes $1 million in crypto from BlackSuit ransomware gang
Researchers cracked the encryption used by DarkBit ransomware
UK firms turn to back-ups over ransom payments - CIR Magazine
Law Enforcement Disrupts BlackSuit Ransomware Gang
Ransomware Victims
Google suffers a serious data breach at the hands of a ransomware group - PhoneArena
Google Confirms Data Breach - Notifying Users Affected By the Cyberattack
M&S still struggling with IT issues following cyberattack - Retail Gazette
Australian Regulator Sues Optus Over 2022 Data Breach - Infosecurity Magazine
What happened when cybercriminals hit a recruitment firm
M&S click and collect finally returns months after cyberattack | The Independent
Boeing, US Navy supplier Jamco Aerospace claimed in ransomware attack | Cybernews
Manpower franchise discloses data breach • The Register
Phishing & Email Based Attacks
The Rise of Native Phishing: Microsoft 365 Apps Abused in Attacks
Threat Actors Personalize Phishing Attacks With Advanced Tactics for Malware Delivery
Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom
WinRAR zero-day exploited to plant malware on archive extraction
Booking.com phishing campaign uses sneaky 'ん' character to trick you
Hackers Using Dedicated Phishlet to Launch FIDO Authentication Downgrade Attacks
For $40, you can buy stolen police and government email accounts - Help Net Security
Other Social Engineering
Help Desk at Risk: Scattered Spider Shines Light on Overlook Threat Vector - SecurityWeek
Google confirms data breach exposed potential Google Ads customers' info
Fraud, Scams and Financial Crime
FTC: older adults lost record $700 million to scammers in 2024
WhatsApp Bans 6.8M Scam Accounts in Southeast Asia with AI Tools
Deepfake detectors are coming of age, at a time of dire need • The Register
'Chairmen' of $100 million scam operation extradited to US
Over $300 million in cybercrime crypto seized in anti-fraud effort
Artificial Intelligence
MITRE: Russian APT28's LameHug, a Pilot for Future AI Cyber-Attacks - Infosecurity Magazine
CISOs face a complex tangle of tools, threats, and AI uncertainty - Help Net Security
Red Teams Jailbreak GPT-5 With Ease, Warn It's ‘Nearly Unusable’ for Enterprise - SecurityWeek
Prompt injection vuln found in Google Gemini apps • The Register
Don't fall for AI-powered disinformation attacks online - here's how to stay sharp | ZDNET
Black Hat 2025: ChatGPT, Copilot, DeepSeek now create malware | VentureBeat
Guess what else GPT-5 is bad at? Security | CyberScoop
Leading AI Agents Like ChatGPT Are Vulnerable to Hacking, Security Firm Finds
New Report Warns of Looming Security Crisis as AI Agents Proliferate
62% of People Believe AI Agents Are Easier To Deceive Than Humans - IT Security Guru
Deepfake detectors are coming of age, at a time of dire need • The Register
Research reveals possible privacy gaps in Apple Intelligence’s data handling | CyberScoop
Echo Chamber, Prompts Used to Jailbreak GPT-5 in 24 Hours
From Lab to Deployment: AI-Powered Agents in Action
Google Cloud Warns of AI-Driven Ransomware Threats and Key Defenses
Employees race to build custom AI apps despite security risks - Help Net Security
Chinese biz using AI to influence US politicians • The Register
2FA/MFA
Hackers Using Dedicated Phishlet to Launch FIDO Authentication Downgrade Attacks
FIDO authentication undermined | CSO Online
Malware
Threat Actors Personalize Phishing Attacks With Advanced Tactics for Malware Delivery
When Theft Replaces Encryption: Blue Report 2025 on Ransomware & Infostealers
Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom
WinRAR zero-day exploited to plant malware on archive extraction
BadCam: Linux-based Lenovo webcam bugs enable BadUSB attacks
Adult sites are stashing exploit code inside racy .svg files - Ars Technica
Russia's RomCom among those exploiting a WinRAR 0-day • The Register
This new malware really goes the extra mile when it comes to infecting your devices | TechRadar
Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon's Reach to Linux and macOS
Malvertising Campaign Deploys Modular PowerShell Malware PS1Bot - Infosecurity Magazine
Popular Apps Are Vessels for Malware—Here’s How To Protect Yourself
Mobile
Hackers Could Gain Full Control of Your Rooted Android Devices by Exploiting One Vulnerability
4 ways I spot and avoid phishing scams on my iPhone
KernelSU v0.5.7 Flaw Lets Android Apps Gain Root Access - Infosecurity Magazine
Denial of Service/DoS/DDoS
How to prevent DoS attacks and what to do if they happen | TechTarget
New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP
Critical internet flaw lets attackers crash servers | Cybernews
'MadeYouReset' HTTP2 Vulnerability Enables Massive DDoS Attacks - SecurityWeek
Internet of Things – IoT
BadCam: Linux-based Lenovo webcam bugs enable BadUSB attacks
Hackers Can Take Over Your Security Cameras—and It’s Easier Than You Think
Hyundai UK charging customers for luxury of secure car locks • The Register
Hackers Went Looking for a Backdoor in High-Security Safes—and Now Can Open Them in Seconds | WIRED
Hackers love these 7 smart home devices — here’s how to keep them secure | Tom's Guide
Smart Buses flaws expose vehicles to tracking, control, and spying
Data Breaches/Leaks
Leaked Credentials Up 160%: What Attackers Are Doing With Them
Google suffers a serious data breach at the hands of a ransomware group - PhoneArena
The US Court Records System Has Been Hacked | WIRED
New Active Directory Lateral Movement Techniques that Bypasses Authentication and Exfiltrate Data
Australian Regulator Sues Optus Over 2022 Data Breach - Infosecurity Magazine
The inside story of the Telemessage saga • The Register
North Korean Kimsuky hackers exposed in alleged data breach
Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach
Cancer care provider breach exposes 113K+ patients | Cybernews
Connex Credit Union data breach impacts 172,000 members
Italian hotels breached en masse since June, gov confirms • The Register
ICE Accidentally Adds Wrong Person to Sensitive Group Chat About Manhunt
Organised Crime & Criminal Actors
Three notorious cybercrime gangs appear to be collaborating • The Register
Researchers identify Chinese cybercriminal working for North Korean threat group | NK News
6 ways hackers hide their tracks | CSO Online
Dark web websites: 10 things you should know | CSO Online
Cybercriminals Exploit Low-Cost Initial Access Broker Market - Infosecurity Magazine
Threat actors move to smaller more persistent attacks - BetaNews
How money mules powered cyber cons’ ‘operating system’ | Lucknow News - Times of India
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Attackers Target the Foundations of Crypto: Smart Contracts
Physical Threats to Crypto Owners Hit Record Highs
The rise of real-world cyber threats | Opinion
Over $300 million in cybercrime crypto seized in anti-fraud effort
Embargo Ransomware nets $34.2M in crypto since April 2024
Insurance
Cyber insurance market shows early signs of maturity - Help Net Security
How Insurers Use Threat Intelligence to Reduce Losses
Cloud/SaaS
Google Cloud Warns of AI-Driven Ransomware Threats and Key Defenses
Outages
Major outage at Pennsylvania OAG blamed on 'cyber incident' • The Register
Identity and Access Management
New Active Directory Lateral Movement Techniques that Bypasses Authentication and Exfiltrate Data
Encryption
BitUnlocker - Multiple 0-days to Bypass BitLocker and Extract All Protected Data
New TETRA Radio Encryption Flaws Expose Law Enforcement Communications
White House could stymie the UK’s anti-encryption plans? • The Register
Linux and Open Source
BadCam: Linux-based Lenovo webcam bugs enable BadUSB attacks
Passwords, Credential Stuffing & Brute Force Attacks
46% of Enterprise Passwords Can Be Cracked | Security Magazine
Leaked Credentials Up 160%: What Attackers Are Doing With Them
Nearly half of enterprises tested had passwords cracked in Picus Security report - SiliconANGLE
Malvertising
Malvertising Campaign Deploys Modular PowerShell Malware PS1Bot - Infosecurity Magazine
Training, Education and Awareness
The human firewall: Building a cyber-aware workforce
Don't stop at basic protections; make ongoing training a priority | TechRadar
Regulations, Fines and Legislation
UK proxy traffic surges as users consider VPN alternatives • The Register
FCC tightens rules on foreign firms building undersea cables, citing security | CyberScoop
Government expands police use of live facial recognition vans - BBC News
Porn site traffic plummets as UK age verification rules enforced - BBC News
Australian Regulator Sues Optus Over 2022 Data Breach - Infosecurity Magazine
UK passport database images used in facial recognition scans • The Register
Home Office explores biometric enrolment via smartphone – PublicTechnology
Eight Countries Face EU Action Over NIS2 Deadline Failings - Infosecurity Magazine
White House could stymie the UK’s anti-encryption plans? • The Register
Campaigners Slam Expansion of Police Facial Recognition Schemes in UK - Infosecurity Magazine
The overlooked changes that two Trump executive orders could bring to cybersecurity | CyberScoop
EU law to protect journalists from spyware takes effect | The Record from Recorded Future News
Trump's unusual Nvidia deal raises new corporate and national security risks - The Economic Times
Models, Frameworks and Standards
EU Targets Nations Lagging on NIS2 Cyber Rules | SC Media UK
Eight Countries Face EU Action Over NIS2 Deadline Failings - Infosecurity Magazine
Careers, Working in Cyber and Information Security
The UK’s ‘chronic shortage of cyber professionals’ is putting the country at risk | IT Pro
Top Cybersecurity Certifications Drive $150K+ Salaries Amid US Shortage
How military leadership prepares veterans for cybersecurity success - Help Net Security
Law Enforcement Action and Take Downs
Dark web websites: 10 things you should know | CSO Online
Over $300 million in cybercrime crypto seized in anti-fraud effort
'Chairmen' of $100 million scam operation extradited to US
US govt seizes $1 million in crypto from BlackSuit ransomware gang
Law Enforcement Disrupts BlackSuit Ransomware Gang
Intel gathered following HSE attack leads to dismantling of ransomware gang – The Irish Times
Misinformation, Disinformation and Propaganda
Don't fall for AI-powered disinformation attacks online - here's how to stay sharp | ZDNET
Your Internet, their rules: How DNS blocking shapes what we see online
Chinese biz using AI to influence US politicians • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Commander of Polish Cyberspace Defense Forces: we are in our conflict phase
China Is Winning the Cyberwar | Foreign Affairs
Nation State Actors
APT groups are getting personal, and CISOs should be concerned - Help Net Security
China
China Is Winning the Cyberwar | Foreign Affairs
APT groups are getting personal, and CISOs should be concerned - Help Net Security
Silicon under siege: Nation-state hackers target semiconductor supply chains | CSO Online
Trump's unusual Nvidia deal raises new corporate and national security risks - The Economic Times
Researchers identify Chinese cybercriminal working for North Korean threat group | NK News
Chinese biz using AI to influence US politicians • The Register
Russia
MITRE: Russian APT28's LameHug, a Pilot for Future AI Cyber-Attacks - Infosecurity Magazine
Commander of Polish Cyberspace Defense Forces: we are in our conflict phase
Russia's RomCom among those exploiting a WinRAR 0-day • The Register
Finland charges tanker crew members with sabotage of undersea cables | Finland | The Guardian
REvil Actor Accuses Russia of Planning 2021 Kaseya Attack
Russia said to be behind US Federal Court systems hack | Cybernews
Norway spy chief blames Russian hackers for dam sabotage in April | Reuters
North Korea
North Korean Kimsuky hackers exposed in alleged data breach
Hackers breach and expose a major North Korean spying operation | TechCrunch
Researchers identify Chinese cybercriminal working for North Korean threat group | NK News
North Korean network breached, hackers claim - Washington Times
North Korea Attacks South Koreans With Ransomware
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
EU law to protect journalists from spyware takes effect | The Record from Recorded Future News
Tools and Controls
CISOs face a complex tangle of tools, threats, and AI uncertainty - Help Net Security
The human firewall: Building a cyber-aware workforce
Don't stop at basic protections; make ongoing training a priority | TechRadar
Ransomware crews don't care about your EDR • The Register
Pentesting is now central to CISO strategy - Help Net Security
UK proxy traffic surges as users consider VPN alternatives • The Register
Cyber insurance market shows early signs of maturity - Help Net Security
Crypto24 ransomware hits large orgs with custom EDR evasion tool
Navigating the Cybersecurity Budget Tug-of-War
Black Hat/DEF CON: AI more useful for defense than hacking • The Register
Why DNS threats should be on every CISO's radar in 2025 - Help Net Security
Attack yourself first: the logic behind offensive security | TechRadar
How Insurers Use Threat Intelligence to Reduce Losses
FIDO authentication undermined | CSO Online
Deepfake detectors are coming of age, at a time of dire need • The Register
WhatsApp Bans 6.8M Scam Accounts in Southeast Asia with AI Tools
What Is the Three Lines Model and What Is Its Purpose? | Definition From TechTarget
UK Red Teamers “Deeply Skeptical” of AI - Infosecurity Magazine
Your Internet, their rules: How DNS blocking shapes what we see online
Porn site traffic plummets as UK age verification rules enforced - BBC News
UK traffic to popular porn sites slumps after age checks introduced | Internet safety | The Guardian
Professional services firms stuck in network security IT doom loop | Computer Weekly
The rising need for offensive security strategy and skill | SC Media
Reports Published in the Last Week
When Theft Replaces Encryption: Blue Report 2025 on Ransomware & Infostealers
Other News
6 ways hackers hide their tracks | CSO Online
Threat actors move to smaller more persistent attacks - BetaNews
Mastering control of sovereign digital resilience | Computer Weekly
What happens when cyber attacks break more than just networks? | Insurance Business America
Everything You Should Know About Wi-Fi Jammers and Your Home Security - CNET
Ex-NSA Chief Paul Nakasone Has a Warning for the Tech World | WIRED
South Korea’s Yes24 ticketing platform hit by cyber attack - TheTicketingBusiness News
Vulnerability Management
Microsoft Sued For Killing Windows 10—All Users Must Act Now
Windows 11 23H2 Home and Pro reach end of support in November
Vulnerabilities
Russia's RomCom among those exploiting a WinRAR 0-day • The Register
Over 29,000 Exchange servers unpatched against high-severity flaw
Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws
Over 3,000 NetScaler devices left unpatched against CitrixBleed 2 bug
Zoom patches critical Windows flaw allowing privilege escalation
Active attacks target Office vuln patched 8 years ago • The Register
Spike in Fortinet VPN brute-force attacks raises zero-day concerns
Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution
FortiWeb Authentication Bypass Vulnerability Let Attackers Log in As Any Existing User
Windows Remote Desktop Services Vulnerability Let Attacker Deny Services Over Network
BitUnlocker - Multiple 0-days to Bypass BitLocker and Extract All Protected Data
New Active Directory Lateral Movement Techniques that Bypasses Authentication and Exfiltrate Data
New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP
'MadeYouReset' HTTP2 Vulnerability Enables Massive DDoS Attacks - SecurityWeek
Red Teams Jailbreak GPT-5 With Ease, Warn It's ‘Nearly Unusable’ for Enterprise - SecurityWeek
Prompt injection vuln found in Google Gemini apps • The Register
Akira Ransomware Exploits SonicWall Zero-Day with BYOVD Evasion
Windows Hello for Business Flaw Could Allow Unauthorized Access
WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately
Microsoft Entra OAuth Flaw Exposed Internal Apps to Unauthorized Access
SonicWall pins firewall attack spree on year-old vulnerability | CyberScoop
Netherlands: Citrix Netscaler flaw CVE-2025-6543 exploited to breach orgs
Fortinet, Ivanti Release August 2025 Security Patches - SecurityWeek
Critical FortiSIEM Vulnerability Let Attackers to Execute Malicious Commands - PoC Found in Wild
Fortinet SSL VPNs Hit by Global Brute-Force Wave Before Attackers Shift to FortiManager
New Linux Kernel Vulnerability Directly Exploited from Chrome Renderer Sandbox
7-Zip Arbitrary File Write Vulnerability Let Attackers Execute Arbitrary Code
Trend Micro reports two critical CVEs under active exploit • The Register
Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia - SecurityWeek
Vulnerabilities in Xerox Print Orchestration Product Allow Remote Code Execution - SecurityWeek
Hackers Could Gain Full Control of Your Rooted Android Devices by Exploiting One Vulnerability
SAP fixed 26 flaws in August 2025 Update, including 4 Critical
Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks
Flaws in a pair of Grafana plugins could hand over DevOps control | CSO Online
New TETRA Radio Encryption Flaws Expose Law Enforcement Communications
KernelSU v0.5.7 Flaw Lets Android Apps Gain Root Access - Infosecurity Magazine
Matrix admits 'high severity' flaws need breaking fixes • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.