Black Arrow Cyber Threat Intelligence Briefing 17 October 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week the UK government has given strong and clear instructions for all business leaders to plan for a cyber attack. In particular, businesses are urged to prepare for a total failure of their IT, and the CEO of UK retailer Co-op has shared her personal experience to reinforce the message, while the UK security agency reports a sharp rise in attacks.
The fallout of recent attacks is also in the media, including for users of SonicWall and Salesforce, and the continued effects of ransomware and other attacks including by nation states as well as by criminal gangs.
These themes highlight the need for cyber resilience as well as cyber security. Contact us to discuss how to achieve this in a proportionate way, including through our impartial incident response exercise simulations that are tailored to help you better manage an incident with your chosen IT and other control providers.
Top Cyber Stories of the Last Week
CISOs Urged to Rethink Tabletop Exercises as Most Incidents Are Unrehearsed
A new report reveals that 57% of major cyber incidents involved scenarios that organisations had never rehearsed. Experts argue that tabletop exercises often focus on dramatic breaches rather than realistic, subtle attack methods like lateral movement or quiet data exfiltration. Analysts recommend tailoring exercises to the organisation’s threat profile and ensuring practical readiness, such as verifying contact lists and backup communication tools. The findings highlight the need for continuous, realistic simulations that build muscle memory and align security teams with business operations.
Co-op CEO: Cyber Responsibility Lies with Senior Leaders
Following a major breach affecting 6.5 million members, the CEO of UK retailer the Co-operative has called on business leaders to take direct responsibility for cyber resilience. The attack disrupted payments and operations across the group’s businesses. In a letter published in the NCSC’s annual report, she emphasised that drills are essential and urged others to plan for continuity.
UK Government: Businesses Must Prepare for Total IT Failure
The UK National Cyber Security Centre’s annual review warns that the UK now faces four nationally significant cyber attacks per week, a 129% increase from last year. The agency urges organisations to prepare for scenarios where all IT systems are offline, including email and cloud services. Businesses should ensure their crisis plans are available in printed form, and have offline communication methods available. The report distinguishes between backups and resilience, stressing that continuity planning must assume IT failure.
Source: https://www.fortra.com/blog/ncsc-warns-companies-prepare-screens-dark
UK Security Agency Reports Sharp Rise in Cyber Attacks
The UK’s national cyber agency has reported a significant increase in cyber attacks over the past year. Threats include ransomware and state-linked espionage. The report urges organisations to improve basic cyber hygiene and prepare for incidents that may disrupt operations.
Attackers Use Valid Credentials to Breach SonicWall VPNs
Threat actors are actively exploiting SonicWall Secure Mobile Access (SMA) appliances by using valid credentials to gain unauthorised access. Once inside, they deploy malware and establish persistence. The campaign has affected organisations across multiple sectors and demonstrates the risks of credential-based access and MFA bypass.
F5 Networks Confirms Long-Term Breach by Government Hackers
Cyber security firm F5 Networks disclosed that government-backed hackers had persistent access to its systems, stealing source code and customer configuration data. The attackers infiltrated development environments and knowledge systems, exposing undisclosed vulnerabilities. Although no software was modified, the stolen data could help attackers exploit customer systems. The US Department of Justice allowed F5 to delay public disclosure due to national security concerns. The UK’s NCSC and US CISA have urged immediate patching of affected systems.
Extortion Group Publishes Data from Salesforce Customer Breaches
An extortion group known as Scattered LAPSUS$ Hunters, has leaked millions of records allegedly stolen from organisations using Salesforce services. The attackers claimed to have targeted 39 Salesforce customers, but only published data from six, including Qantas, Vietnam Airlines, and GAP. The leaked information includes names, email addresses, phone numbers, dates of birth, and loyalty program details. In one case, attackers accessed data via a third-party contact centre platform. Salesforce denied involvement, stating the incident relates to past or unsubstantiated events.
Source: https://www.securityweek.com/extortion-group-leaks-millions-of-records-from-salesforce-hacks/
Microsoft: Over Half of Cyber Attacks Driven by Extortion or Ransomware
Microsoft’s latest Digital Defence Report finds that 52% of cyber attacks with known motives were financially driven, primarily through extortion and ransomware. The report highlights the growing use of AI by attackers to automate phishing, scale social engineering and develop adaptive malware. Nation-state threats remain persistent, with China, Iran, Russia and North Korea expanding their targets. Microsoft urges leaders to treat cyber security as a strategic priority and adopt phishing-resistant MFA, which can block over 99% of identity-based attacks.
Source: https://blogs.microsoft.com/on-the-issues/2025/10/16/mddr-2025/
Ransomware Attacks Surge 36% in Q3
New data shows a 36% year-on-year rise in ransomware attacks during Q3, with 270 publicly disclosed incidents. The emergence of 18 new ransomware groups, including DEVMAN, signals growing threat diversity. Attackers are increasingly targeting sensitive data, including children’s records, and demanding record ransoms. Experts stress the need for data protection to reduce extortion leverage and discourage repeat attacks.
Source: https://betanews.com/2025/10/16/q3-ransomware-attacks-up-36-percent-year-on-year/
North Korean Attackers Use Blockchain to Evade Detection
Researchers from Cisco Talos and Google have uncovered new malware techniques used by North Korean threat actors, including EtherHiding, which leverages public blockchains for command and control. The campaign involves fake job interviews and technical assessments that trick victims into downloading malware. The malware includes keylogging and screenshot modules, enabling persistent access and data theft. These evasive methods make takedown efforts more difficult and signal a shift in nation-state tactics.
Source: https://cyberscoop.com/north-korea-attackers-evasive-techniques-malware/
Russian Cyber Attacks Against NATO States Rise by 25%
An analysis has found a 25% year-on-year increase in Russian cyber activity targeting NATO countries. The surge includes espionage, disruption campaigns, and attacks on smaller firms seen as entry points to larger organisations. The findings suggest that Russian state actors are expanding their operations beyond Ukraine, using cybercriminal infrastructure to mask attribution and increase reach.
US Authorities Seize $15 Billion in Bitcoin from Crypto Scam Network
Law enforcement agencies in the US have seized around $15 billion in Bitcoin linked to the Prince Group, a criminal organisation accused of running a vast crypto fraud and human trafficking operation. The group allegedly laundered funds via gambling/crypto-mining businesses and complex crypto transfers from forced labour and fake investment schemes. The investigation, led by the Department of Justice, uncovered a global network of illicit financial activity. This is one of the largest crypto-related seizures to date and underscores the growing use of digital assets in organised crime.
Source: https://www.helpnetsecurity.com/2025/10/15/prince-group-crypto-scam-15-billion-in-bitcoin-seized/
Governance, Risk and Compliance
Warning to UK following spike in online attacks | The Independent
China and Russia posing ‘significant threat’ to UK in cyberspace, NCSC warns | The Standard
China poses 'highly sophisticated' cyber threat to UK, NCSC warns | UK News | Sky News
Ministers urge businesses to take cyber-attacks seriously - UKTN
Cyber-attacks rise by 50% in past year, UK security agency says | Cybercrime | The Guardian
UK security services step up work with business to fight cyber threats
Company bosses warned cyber attacks are 'not a question of if but when' | ITV News
UK Cyber Incidents Rise for Third Straight Year
Have plans on paper in case of cyber-attack, firms told - BBC News
Senior Execs Falling Short on Cyber-Attack Preparedness, NCSC Warns - Infosecurity Magazine
Move to hybrid working creates cyber risks – study
CISOs must rethink the tabletop, as 57% of incidents have never been rehearsed | CSO Online
Government urges businesses to keep paper back-ups for cyber-attack recovery | AccountingWEB
Threats
Ransomware, Extortion and Destructive Attacks
Q3 ransomware attacks up 36 percent year-on-year - BetaNews
Salesforce bandits run into hiding amid arrests, seizures • The Register
Extortion and ransomware drive over half of cyberattacks - Microsoft On the Issues
LockBit, Qilin, DragonForce form ransomware cartel | Cybernews
Third time lucky? The FBI just took down BreachForums, again | IT Pro
Scattered Lapsus$ Hunters extortion site goes dark: What’s next? | CSO Online
Qilin Ransomware announced new victims
Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign
Microsoft disrupts ransomware attacks targeting Teams users
Ransomware Victims
Co-op CEO: ‘The buck for cyber stops with us as senior leaders’ – PublicTechnology
Extortion Group Leaks Millions of Records From Salesforce Hacks - SecurityWeek
Third time lucky? The FBI just took down BreachForums, again | IT Pro
Russian hackers target software used by Treasury and NHS
Russia may have been behind Jaguar Land Rover cyber attack
Qilin Ransomware announced new victims
Qantas says customer data released by cyber criminals months after cyber breach | Reuters
Clop Ransomware group claims the hack of Harvard University
Phishing & Email Based Attacks
ClickFix attacks are surging, and Microsoft says you are the only defense | ZDNET
Phishing kit YYlaiyu impersonates 97 brands for fraud • The Register
Fresh Phishing Kit Innovation: Automated ClickFix Attacks
Microsoft remains the most imitated brand in phishing scams - BetaNews
KnowBe4 warns of new PayPal invoice phishing scam - IT Security Guru
Cyberattackers Target LastPass, Top Password Managers
LastPass Warns Customers It Has Not Been Hacked Amid Phishing Emails - Infosecurity Magazine
Other Social Engineering
ClickFix attacks are surging, and Microsoft says you are the only defense | ZDNET
Victims of romance fraud tricked out of £106m last year - BBC News
Fraud, Scams and Financial Crime
U.S. seizes $15 billion in Bitcoin linked to massive forced-labor crypto scam - Help Net Security
UK, US Sanction Southeast Asia-Based Online Scam Network - Infosecurity Magazine
Scam texts net over $1 billion for cyber gangs - how to avoid their traps | ZDNET
Phishing kit YYlaiyu impersonates 97 brands for fraud • The Register
The UK Dealer With Prosthetic Hands Brought Down by the World’s Biggest Dark Web Bust
Operation Heracles strikes blow against massive network of fraudulent crypto trading sites
UK telcos step up efforts to combat ‘epidemic’ of handset fraud
Artificial Intelligence
Rise in ‘Shadow AI’ tools raising security concerns for UK
Microsoft warns of the dangers of Shadow AI • The Register
Ukraine sees surge in AI-Powered cyberattacks by Russia-linked Threat Actors
Your browser is an AI-enabled OS, so secure it like one | TechTarget
Researchers Warn of Security Gaps in AI Browsers - Infosecurity Magazine
Everyone wants AI, but few are ready to defend it - Help Net Security
UK Firms Lose Average of £2.9m to AI Risk - Infosecurity Magazine
AI Attacks Surge as Microsoft Process 100 Trillion Signals Daily - Infosecurity Magazine
Security risks of vibe coding and LLM assistants for developers
Teenager allegedly incriminates himself via conversation with AI chat bot | The Independent
CISOs brace for an “AI vs. AI” fight | CSO Online
2FA/MFA
Hackers can steal 2FA codes and private messages from Android phones - Ars Technica
New 'Pixnapping' attack lets hackers steal Android chats, 2FA codes in seconds | Mashable
Malware
New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims' PCs
Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns
New Stealit Malware Campaign Spreads via VPN and Game Installer Apps - Infosecurity Magazine
Massive multi-country botnet targets RDP services in the US
What a new mega-worm says about open source cybersecurity - Tech Monitor
Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in 'Zero Disco' Attacks
LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets
Nation-state hackers deliver malware from “bulletproof” blockchains - Ars Technica
China's Flax Typhoon Turns Geo-Mapping into Backdoor
Bots/Botnets
New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims' PCs
Massive multi-country botnet targets RDP services in the US
RondoDox Botnet targets 56 flaws across 30+ device types worldwide
New Chaosbot Leveraging CiscoVPN and Active Directory Passwords to Execute Network Commands
Mobile
Hackers can steal 2FA codes and private messages from Android phones - Ars Technica
New 'Pixnapping' attack lets hackers steal Android chats, 2FA codes in seconds | Mashable
Popular VPN app can empty bank accounts, security experts warn | The Independent
You Only Need $750 of Equipment to Pilfer Data From Satellites, Researchers Say
Researchers find a startlingly cheap way to steal your secrets from space | CyberScoop
Denial of Service/DoS/DDoS
Man Launches "World's First Waymo DDoS" by Ordering 50 Robotaxis to Dead End Street
Internet of Things – IoT
RondoDox Botnet targets 56 flaws across 30+ device types worldwide
Man Launches "World's First Waymo DDoS" by Ordering 50 Robotaxis to Dead End Street
Humanoid robot found vulnerable to Bluetooth hack, data leaks to China - Help Net Security
Data Breaches/Leaks
US Warns of ‘Catastrophic’ Hacks After Cyber Firm F5 Breach - Bloomberg
China Accessed Classified UK Systems for a Decade, Officials Say - Bloomberg
Third time lucky? The FBI just took down BreachForums, again | IT Pro
Attackers exploit valid logins in SonicWall SSL VPN compromise
Prospect union tells members their data was breached in June • The Register
Capita fined £14M after 58-hour delay exposed 6.6M records • The Register
The company Discord blamed for its recent breach says it wasn't hacked
Over 23 Million Victims Hit by Data Breaches in Q3 - Infosecurity Magazine
How Cybercriminal Organizations Weaponize Exposed Secrets - Security Boulevard
Spanish fashion retailer MANGO disclosed a data breach
Auction giant Sotheby’s says data breach exposed financial information
Cabinet Office rejects Cummings' claim that China breached high-level systems - BBC News
8 Auto Insurance Providers to Pay New York $19M Over Data Breaches
They were victims of a massive data breach in 2009. Their employer denied it for a decade | CBC News
Have I Been Pwned: Prosper data breach impacts 17.6 million accounts
Organised Crime & Criminal Actors
U.S. seizes $15 billion in Bitcoin linked to massive forced-labor crypto scam - Help Net Security
UK, US Sanction Southeast Asia-Based Online Scam Network - Infosecurity Magazine
Scam texts net over $1 billion for cyber gangs - how to avoid their traps | ZDNET
The UK Dealer With Prosthetic Hands Brought Down by the World’s Biggest Dark Web Bust
UK and US impose sanctions on alleged Cambodian ‘cyber-scam’ network
Cybercrime ring GXC Team dismantled in Spain, 25-year-old leader detained
PowerSchool hacker sentenced to 4 years in prison | CyberScoop
Attackers don’t linger, they strike and move on - Help Net Security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
U.S. seizes $15 billion in Bitcoin linked to massive forced-labor crypto scam - Help Net Security
UK, US Sanction Southeast Asia-Based Online Scam Network - Infosecurity Magazine
Scam texts net over $1 billion for cyber gangs - how to avoid their traps | ZDNET
Operation Heracles strikes blow against massive network of fraudulent crypto trading sites
Insurance
Ransomware costs soar as cyber claims decline - Insurance Post
How Ransomware’s Data Theft Evolution is Rewriting Cyber Insurance Risk Models - Security Boulevard
Supply Chain and Third Parties
Capita fined £14M after 58-hour delay exposed 6.6M records • The Register
Russian hackers target software used by Treasury and NHS
Russia may have been behind Jaguar Land Rover cyber attack
Supply Chain Risks Lurking in VS Code Marketplaces
The company Discord blamed for its recent breach says it wasn't hacked
Why vendor risk management can’t be an afterthought
Software Supply Chain
Supply Chain Risks Lurking in VS Code Marketplaces
Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns
Cloud/SaaS
LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets
Fresh Phishing Kit Innovation: Automated ClickFix Attacks
Microsoft investigates outage affecting Microsoft 365 apps
Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign
Microsoft disrupts ransomware attacks targeting Teams users
Outages
Microsoft investigates outage affecting Microsoft 365 apps
Identity and Access Management
The password problem we keep pretending to fix - Help Net Security
Linux and Open Source
LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets
What a new mega-worm says about open source cybersecurity - Tech Monitor
Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in 'Zero Disco' Attacks
New Rootkit Campaign Exploits Cisco SNMP Flaw to Gain Persistence - Infosecurity Magazine
German state replaces Microsoft Exchange and Outlook with open-source email | ZDNET
Passwords, Credential Stuffing & Brute Force Attacks
SonicWall VPN accounts breached using stolen creds in widespread attacks
The password problem we keep pretending to fix - Help Net Security
New Chaosbot Leveraging CiscoVPN and Active Directory Passwords to Execute Network Commands
Cyberattackers Target LastPass, Top Password Managers
LastPass Warns Customers It Has Not Been Hacked Amid Phishing Emails - Infosecurity Magazine
Legacy Windows Protocols Still Expose Networks to Credential Theft - Infosecurity Magazine
Social Media
How to secure corporate social media accounts before they become a breach vector | SC Media
Regulations, Fines and Legislation
Capita fined £14M after 58-hour delay exposed 6.6M records • The Register
Banks failing to curb rise in romance fraud, says UK watchdog
Victims of romance fraud tricked out of £106m last year - BBC News
Ofcom fines 4chan £20K for Online Safety Act failings • The Register
Cyber Resilience Act: The Clock is Ticking for Compliance | White & Case LLP - JDSupra
Cisco faces Senate scrutiny over firewall flaws • The Register
8 Auto Insurance Providers to Pay New York $19M Over Data Breaches
The Things that Bedevil U.S. Cyber Power
The End of Cybersecurity | Foreign Affairs
Models, Frameworks and Standards
Cyber Resilience Act: The Clock is Ticking for Compliance | White & Case LLP - JDSupra
Law Enforcement Action and Take Downs
U.S. seizes $15 billion in Bitcoin linked to massive forced-labor crypto scam - Help Net Security
UK, US Sanction Southeast Asia-Based Online Scam Network - Infosecurity Magazine
Operation Heracles strikes blow against massive network of fraudulent crypto trading sites
The UK Dealer With Prosthetic Hands Brought Down by the World’s Biggest Dark Web Bust
Cybercrime ring GXC Team dismantled in Spain, 25-year-old leader detained
PowerSchool hacker sentenced to 4 years in prison | CyberScoop
Third time lucky? The FBI just took down BreachForums, again | IT Pro
BreachForums seized, but hackers say they will still leak Salesforce data
Teenager allegedly incriminates himself via conversation with AI chat bot | The Independent
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Russian cyber-attacks against Nato states up by 25% in a year, analysis finds | Nato | The Guardian
Nation State Actors
Ministers urge businesses to take cyber-attacks seriously - UKTN
Ministerial letter on cyber security to leading UK companies - GOV.UK
NCSC demands action amid 50% surge in major UK cyberattacks • The Register
UK security services step up work with business to fight cyber threats
US Warns of ‘Catastrophic’ Hacks After Cyber Firm F5 Breach - Bloomberg
F5 Says Nation-State Hackers Stole Source Code and Vulnerability Data - SecurityWeek
Thousands of customers imperiled after nation-state ransacks F5’s network - Ars Technica
Nation-state hackers deliver malware from “bulletproof” blockchains - Ars Technica
China
China and Russia posing ‘significant threat’ to UK cyberspace, experts warn | The Independent
China poses 'highly sophisticated' cyber threat to UK, NCSC warns | UK News | Sky News
Cyber-attacks rise by 50% in past year, UK security agency says | Cybercrime | The Guardian
Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year
Netherlands seizes Chinese-owned microchip maker to protect national security
China Accessed Classified UK Systems for a Decade, Officials Say - Bloomberg
Cabinet Office rejects Cummings' claim that China breached high-level systems - BBC News
China's Flax Typhoon Turns Geo-Mapping into Backdoor
The controversy over the collapsed China spy case explained - BBC News
Badenoch demands PM address 'unanswered' China spy case questions - BBC News
Taiwan faces 2.8 million Chinese cyberattacks a day | Taiwan News | Oct. 14, 2025 10:05
Humanoid robot found vulnerable to Bluetooth hack, data leaks to China - Help Net Security
Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months
Phishing kit YYlaiyu impersonates 97 brands for fraud • The Register
Russia
China and Russia posing ‘significant threat’ to UK cyberspace, experts warn | The Independent
China poses 'highly sophisticated' cyber threat to UK, NCSC warns | UK News | Sky News
Cyber-attacks rise by 50% in past year, UK security agency says | Cybercrime | The Guardian
Russian cyber-attacks against Nato states up by 25% in a year, analysis finds | Nato | The Guardian
Russian hackers target software used by Treasury and NHS
Russia may have been behind Jaguar Land Rover cyber attack
Ukraine sees surge in AI-Powered cyberattacks by Russia-linked Threat Actors
Chinese cyberspies compromised Russian tech provider • The Register
Hacktivists deactivate after falling into researchers' trap • The Register
Iran
Iran is not initiating cyberattacks against any country - Mehr News Agency
North Korea
Tools and Controls
Your browser is an AI-enabled OS, so secure it like one | TechTarget
CISOs must rethink the tabletop, as 57% of incidents have never been rehearsed | CSO Online
The password problem we keep pretending to fix - Help Net Security
Why vendor risk management can’t be an afterthought
Massive multi-country botnet targets RDP services in the US
Researchers Warn of Security Gaps in AI Browsers - Infosecurity Magazine
Everyone’s adopting AI, few are managing the risk - Help Net Security
Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks
Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign - SecurityWeek
Inside the CISO Mind: How Security Leaders Choose Solutions - Security Boulevard
Legacy Windows Protocols Still Expose Networks to Credential Theft - Infosecurity Magazine
Popular VPN app can empty bank accounts, security experts warn | The Independent
Security risks of vibe coding and LLM assistants for developers
How Ransomware’s Data Theft Evolution is Rewriting Cyber Insurance Risk Models - Security Boulevard
3 firmware security failures that show how little motherboard manufacturers care
Other News
Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data | WIRED
Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign - SecurityWeek
Critical infrastructure CISOs Can't Ignore Office Data
Why the web-hosting industry needs a trust seal | CyberScoop
Dull but dangerous: A guide to 15 overlooked cybersecurity blind spots | CSO Online
The power grid is getting old, and so is the cybersecurity protecting it - Help Net Security
EU's biometric border system suffers teething problems • The Register
Leak From the Sky: It Turns Out a Lot of Satellite Data Is Unencrypted | PCMag
Legacy Windows Protocols Still Expose Networks to Credential Theft - Infosecurity Magazine
The solar power boom opened a backdoor for cybercriminals - Help Net Security
Focus on cyber security essential, says Taoiseach
How This Overlooked Risk Can Collapse Your Startup Overnight
Vulnerability Management
Final Windows 10 Patch Tuesday update rolls out as support ends
Windows 10 Still on Over 40% of Devices as It Reaches End of Support - SecurityWeek
Microsoft: Exchange 2016 and 2019 have reached end of support
CVE, CVSS scores need overhauling, argues Codific CEO • The Register
Security firms dispute credit for overlapping CVE reports
Vulnerabilities
F5 releases BIG-IP patches for stolen security vulnerabilities
Cisco faces Senate scrutiny over firewall flaws • The Register
Attackers exploit valid logins in SonicWall SSL VPN compromise
Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts
New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login
Microsoft frightful Patch Tuesday: 175+ CVEs, 3 under attack • The Register
Critical Veeam Backup RCE Vulnerabilities Let Attackers Execute Malicious Code Remotely
Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign - SecurityWeek
Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in 'Zero Disco' Attacks
ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities - SecurityWeek
High-Severity Vulnerabilities Patched by Fortinet and Ivanti - SecurityWeek
Adobe Patches Critical Vulnerability in Connect Collaboration Suite - SecurityWeek
CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack
Microsoft patches ASP.NET Core bug rated highly critical • The Register
Juniper patched nine critical flaws in Junos Space
SAP Patches Critical Vulnerabilities in NetWeaver, Print Service, SRM - SecurityWeek
Gladinet Patches Exploited CentreStack Vulnerability - SecurityWeek
Final Windows 10 Patch Tuesday update rolls out as support ends
Windows 10 Still on Over 40% of Devices as It Reaches End of Support - SecurityWeek
Oracle rushes out another emergency E-Business Suite patch • The Register
Secure Boot bypass risk threatens nearly 200,000 Linux Framework laptops
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.