Black Arrow Cyber Threat Intelligence Briefing 19 September 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week’s review highlights the growing complexity of cyber threats and the leadership response required.
Ransomware and phishing remain dominant, with major disruptions at Jaguar Land Rover and Transport for London. Criminal groups such as Scattered Spider are evolving, using AI-driven social engineering, while open-source ransomware and hybrid malware lower the barrier for attackers.
AI is both a defensive tool and a risk factor: financial services leaders warn of deepfake-enabled fraud, while unapproved AI use within organisations is driving compliance breaches and supply chain exposure. Internal weaknesses amplify these risks: research shows poor incident coordination and skills shortages create more disruption than attackers, while identity fraud in hiring and the psychological toll on staff add long-term challenges. Geopolitical tensions further complicate the landscape, with Russia escalating hybrid tactics across Europe.
Clear Board-level ownership and governance, a proactive investment in a security culture, and regular rehearsals of cyber incident management are essential to resilience. Contact us for impartial and objective leadership guidance on strengthening your organisation’s defences.
Top Cyber Stories of the Last Week
Jaguar Land Rover Extends Shutdown After Cyber Attack by Another Week
Jaguar Land Rover has extended its production shutdown for another week following a major cyber attack that disrupted its global operations. The company, which employs around 39,000 staff and generates annual revenue exceeding £29 billion, confirmed that attackers stole company data and forced a halt to manufacturing. A group of criminals linked to well-known extortion gangs has claimed responsibility, citing the use of stolen credentials and ransomware. JLR stated it is still investigating the incident and carefully planning a phased restart, underlining the severe operational and reputational risks posed by targeted cyber attacks on organisations.
Two Scattered Spider Teens Charged over Attack on London’s Transport Network
Two young men have been charged in connection with last year’s cyber attack on Transport for London, which disrupted services, exposed customer data, and cost the organisation tens of millions. Authorities allege the pair are linked to a wider criminal group and note that one also faces charges relating to US healthcare systems. The National Crime Agency stressed the attack demonstrated the serious risks posed to critical national infrastructure, highlighting the need for sustained disruption of such groups. Transport for London has since strengthened its security measures and continues to support the investigation.
https://www.theregister.com/2025/09/18/two_teens_charged_in_tfl_case/
Scattered Spider Resurfaces with Financial Sector Attacks Despite Retirement Claims
Scattered Spider, the cyber crime group linked with attacks including Jaguar Land Rover and retailer Marks and Spencer, and which recently claimed to have disbanded, has resurfaced with fresh attacks on the financial sector. Researchers report the group gained access by tricking an executive into resetting their password, then moved deeper into systems to steal sensitive data and bypass security controls. Evidence suggests overlap with other groups such as ShinyHunters, which are now exploiting artificial intelligence to run highly convincing voice scams at scale. The group’s apparent retirement may have been a smokescreen to evade law enforcement, and organisations are urged to remain vigilant as such actors often regroup under new identities.
https://thehackernews.com/2025/09/scattered-spider-resurfaces-with.html
It Doesn’t Take a Genius to Be a Cybercriminal, and Open Source Ransomware Is Making It Easier than Ever
A recent study has highlighted that open-source ransomware is lowering the barrier for criminals, enabling even those with limited technical ability to launch attacks. One group, named Yurei, successfully targeted a food manufacturer by slightly modifying an existing ransomware tool. Their approach combined data theft with encryption, demanding payment both to restore access and to prevent data being leaked or sold. Although flaws in the reused code allow for some recovery, the research found that low-effort attacks can still succeed. With around 80% of ransomware now using artificial intelligence, the risk to organisations continues to rise.
New Android Malware Steals Your Money Then Installs Ransomware
Security researchers have identified a new Android malware, named RatOn, that merges banking fraud with ransomware in a single attack. The malware can autonomously steal personal identification numbers, drain bank accounts and crypto wallets, then lock the device and demand payment to restore access. This evolution highlights how criminals are adapting to stronger banking security by combining multiple methods of extortion. Distribution often occurs through fake apps that mimic trusted platforms such as TikTok, underlining the need for vigilance when downloading apps and ensuring protective features like Google Play Protect remain enabled.
Disrupted Phishing Service Was After Microsoft 365 Credentials
Microsoft and Cloudflare have taken down a large-scale phishing service called RaccoonO365, which sold ready-made kits to steal Microsoft 365 login details. Since July 2024 the operation compromised at least 5,000 accounts across 94 countries, with criminals then able to access company files, emails, and cloud storage for fraud, extortion, or wider attacks. The service was sold for about $355 a month and could send up to 9,000 fraudulent emails daily. Authorities shut down 338 associated websites and arrested a key suspect, significantly disrupting the operation and raising costs for its criminal users.
AI Threats Top Focus at London Financial Services Summit
The London Financial Services Cyber Security Summit underlined that resilience has become a regulatory and strategic imperative for the sector. Senior leaders warned that artificial intelligence is being used both to strengthen defences and to fuel more sophisticated cyber attacks such as deepfake-enabled fraud. Insider threats and weak oversight of staff with financial authority remain a major risk. Regulators emphasised that compliance should be seen not only as a legal duty but also as a competitive advantage. Across the summit, the message was clear: collaboration, cultural change and proactive investment are critical to safeguarding long-term stability.
https://www.inforisktoday.com/ai-threats-top-focus-at-london-financial-services-summit-a-29474
Shadow AI Is Breaking Corporate Security from Within
The latest State of Information Security Report from IO shows that organisations face mounting risks from artificial intelligence, compliance demands, and supply chain vulnerabilities. Nearly eight in ten firms adopted AI last year, yet more than a third of employees are using tools without approval, raising the risk of data leaks and regulatory breaches. Data breaches and compliance pressures are prevalent, with 71% of firms fined in the past year and nearly a third paying penalties above £250,000. Meanwhile, 61% reported supply chain incidents, driving increased investment in oversight, although smaller suppliers remain a persistent weak link.
https://www.helpnetsecurity.com/2025/09/18/ai-attack-surface-risks/
Global Hiring Risks: Identity Fraud and Screening Trends
HireRight’s 2025 Global Benchmark Report highlights rising risks of identity fraud in hiring, with one in six companies reporting confirmed cases yet less than 80% including identity verification in their standard screening. Most organisations use the same approach regardless of whether the employee will work remotely, which is particularly significant given the prevalence of North Koreans infiltrating organisations as remote IT workers. Discrepancies in candidate histories remain common, with over three-quarters of businesses finding issues in the past year. These trends underline the need for closer collaboration between HR, compliance, and cyber security leaders to reduce fraud and reputational risks.
https://www.helpnetsecurity.com/2025/09/18/global-hiring-risks-2025/
Cyber Skills Shortage Forces 64% of EMEA Organisations into Risky Security Shortcuts
New research shows that 64% of organisations across Europe, the Middle East and Africa are forced to take risky shortcuts due to a shortage of cyber security skills. In the UK, two thirds of organisations report gaps, with more than half describing the impact as severe. Only a quarter of IT leaders believe they have the right expertise in-house, leading to delays in projects and difficulties meeting compliance rules. The shortage spans technical, operational and leadership roles, with high hiring costs and limited candidates deepening the challenge and creating both immediate and long-term risks to resilience and growth.
70% of Security Leaders Say Internal Misalignment Creates More Chaos Than Threat Actors
Cytactic’s 2025 report highlights that internal breakdowns, not external attackers, are the greatest barrier to effective cyber attack response. 70% of leaders said poor coordination created more disruption than the breach itself, with many citing unclear authority and strained CEO-CISO relations. Over half faced incidents they had never rehearsed, despite most recognising the value of simulations. Boards were also seen as underestimating the urgency of response. The report stresses the need for clearer leadership roles, better cross-team communication, and investment in AI and rehearsal exercises to strengthen resilience when breaches occur.
The Secret Psychological Cost of Cyber Attacks
Recent research shows that two in five UK small and medium businesses have lost money to fraud, with phishing being one of the most common forms of attack. While financial loss often takes the spotlight, the hidden impact on staff can be just as damaging. Employees caught in these scams may experience guilt, fear and a loss of confidence, which can harm both performance and wellbeing. A culture of blame makes matters worse by discouraging prompt reporting. By fostering openness, empathy and practical training, leaders can strengthen resilience and reduce both the financial and psychological cost of attacks.
Russia’s Hybrid Tactics Raise Alarm in EU
Russian hybrid tactics are escalating, combining cyber attacks, disinformation, and physical incursions, such as the recent drone violations of Polish airspace. In response, Poland has pressed for stronger air defence, increased allied presence, and tougher sanctions. The EU is supporting these efforts through its €150 billion SAFE programme, with €43.7 billion allocated to Poland for military strengthening. With large-scale Russian and Belarusian military exercises planned, Poland has temporarily closed its border with Belarus, warning of destabilisation attempts. Leaders stress that resilience, investment, and unity are vital to counter these threats and maintain regional security.
https://wbj.pl/russias-hybrid-tactics-raise-alarm-in-eu/post/147240
Governance, Risk and Compliance
The Evolving Role of the CISO: From Security Experts to Strategic Comm - Infosecurity Magazine
Cyber Resilience Confidence vs. Capability Gap: Are Organizations Prepared? | Dell
Geopolitics Reshapes Security Budgets in Financial Services
Security Execs Say Internal Mayhem Makes Cyber Attacks Worse
5 trends reshaping IT security strategies today | CSO Online
Cyber leaders must make better use of risk experts | Computer Weekly
The secret psychological cost of cyberattacks
Cyber professionals are losing sleep over late night attacks | IT Pro
Creating a compliance strategy that works across borders - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Beware! New Android malware steals your money then installs ransomware | PCWorld
Scattered Spider hackers return to hit more victims - despite retirement claims | TechRadar
Did Scattered Spider Scatter? Cyber Experts Are Skeptical | Security Magazine
Scattered LAPSUS$ Hunters Announces Closure - GovInfoSecurity
What Are The Takeaways from The Scattered Lapsus $Hunters Statement?
HybridPetya ransomware dodges UEFI Secure Boot • The Register
Hackers behind Jaguar Land Rover announce their 'retirement' – should we believe them? | IT Pro
Open-Source Ransomware Tools on GitHub Fuel AI-Driven Cybercrime Surge
How ransomware is changing to target businesses in 2025 | IT Pro
Ransomware crims broke in, found recovery codes in plaintext • The Register
UK arrests 'Scattered Spider' teens linked to Transport for London hack
Ransomware TMZ: More Than a Year of Leaks, Lies and Betrayals | MSSP Alert
Ransomware Victims
Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims
Scattered Spider gang feigns retirement, breaks into bank • The Register
Jaguar Land Rover suppliers 'face bankruptcy' due to hack crisis - BBC News
Cyber attack could be costing JLR £5 million a day | Autocar
JLR extends production shutdown to next week amid cyber attack chaos | TheBusinessDesk.com
JLR still unable to restart production as MPs call for government help | Autocar
JLR supply chain staff told to apply for universal credit, union says - BBC News
VC giant Insight Partners warns thousands after ransomware breach
ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks
FBI Issues Salesforce Instance Warning Over 'ShinyHunters' Data Theft | Salesforce Ben
UK arrests 'Scattered Spider' teens linked to Transport for London hack
INC ransom group claimed the breach of Panama’s Ministry of Economy and Finance
Tiffany Data Breach Impacts Thousands of Customers - SecurityWeek
UK telco Colt’s cyberattack recovery seeps into November • The Register
ShinyHunters Attack National Credit Information Center of Vietnam
KillSec Ransomware Hits Brazil's Healthcare Sector
Qilin ransomware gang claims attack on Orleans Parish Sheriff's Office
Survival Flight reports second cybersecurity incident in less than a year – DataBreaches.Net
Phishing & Email Based Attacks
Scary results as study shows AI chatbots excel at phishing tactics - Cryptopolitan
Disrupted phishing service was after Microsoft 365 credentials | Malwarebytes
Threat Actors Leverage Several RMM Tools in Phishing Attack to Maintain Remote Access
Attackers Up Their Game with Ultra-Realistic PDF Invoice Lures, HP Finds | WebWire
Beware Email Scams Seeking Feedback on the UK's Emergency Alerts Test - ISPreview UK
This North Korean Phishing Attack Used ChatGPT's Image Generation
Phishing campaign targets Rust developers - Help Net Security
RaccoonO365 Phishing Network Dismantled as Microsoft, Cloudflare Take Down 338 Domains
Other Social Engineering
Why You Should Never Scan A QR Code To Pay For Parking
Password1: how scammers exploit variations of your logins | Money | The Guardian
Cybercriminals Have a Weird New Way to Target You With Scam Texts | WIRED
Fraud, Scams and Financial Crime
Why You Should Never Scan A QR Code To Pay For Parking
Cybercriminals Have a Weird New Way to Target You With Scam Texts | WIRED
Google nukes 224 Android malware apps behind massive ad fraud campaign
AI made crypto scams far more dangerous - Help Net Security
Beware Email Scams Seeking Feedback on the UK's Emergency Alerts Test - ISPreview UK
AI-Powered Sign-up Fraud Is Scaling Fast
Cybersecurity in Ukraine: new fraud schemes and how to protect yourself | УНН
Google confirms fraudulent account created in law enforcement portal
Artificial Intelligence
Scary results as study shows AI chatbots excel at phishing tactics - Cryptopolitan
Shadow AI is breaking corporate security from within - Help Net Security
AI Threats Top Focus at London Financial Services Summit
AI made crypto scams far more dangerous - Help Net Security
AI-Powered Sign-up Fraud Is Scaling Fast
Open-Source Ransomware Tools on GitHub Fuel AI-Driven Cybercrime Surge
5 trends reshaping IT security strategies today | CSO Online
Hacker Exploits Claude AI to Automate Cyberattacks on 17 Companies
Rising DNS Cyber Attacks: AI-Driven Threats Demand Zero-Trust Defenses
Most enterprise AI use is invisible to security teams - Help Net Security
AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns
Democratizing AI: Balancing Innovation, Risks in ChatGPT Era
Opinion | AI and drone warfare is here. The U.S. isn’t ready. - The Washington Post
A Quarter of UK and US Firms Suffer Data Poisoning Attacks - Infosecurity Magazine
This North Korean Phishing Attack Used ChatGPT's Image Generation
AI-Forged Military IDs Used in North Korean Phishing Attack - Infosecurity Magazine
New attack on ChatGPT research agent pilfers secrets from Gmail inboxes - Ars Technica
LinkedIn now uses your data for AI by default, opt out now! - Help Net Security
How CISOs Can Drive Effective AI Governance
AI video surveillance could end privacy as we know it - Help Net Security
Cloudflare CEO’s 'Frighteningly Likely' Forecast for How AI Will Ruin the Internet
Malware
CrowdStrike Infested With "Self-Replicating Worms"
Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack
Old file types, new tricks: Attackers turn everyday files into weapons - Help Net Security
Attackers Adopting Novel LOTL Techniques to Evade Detection - Infosecurity Magazine
The unseen side of malware and how to find it - Help Net Security
HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks
China-linked Mustang Panda deploys advanced SnakeDisk USB worm
Linux Security Tools Bypassed by io_uring Rootkit Technique, ARMO Research Reveals - InfoQ
HybridPetya: A Petya/NotPetya copycat comes with a twist
SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers
CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader
Bitdefender discovers China-linked malware - APDR
SEO Poisoning Targets Chinese Users with Fake Software Sites - Infosecurity Magazine
Sophisticated Cyber Campaign Deploys RATs via SEO-Poisoned GitHub Sites
Threat Actor Infests Hotels With New RAT - SecurityWeek
Mobile
Beware! New Android malware steals your money then installs ransomware | PCWorld
Cybercriminals Have a Weird New Way to Target You With Scam Texts | WIRED
Google nukes 224 Android malware apps behind massive ad fraud campaign
Google has made a huge change to the monthly Android Security Bulletin - PhoneArena
Apple backports zero-day patches to older iPhones and iPads
Google may shift to risk-based Android security patch rollouts - what that means for you | ZDNET
1 in 3 Android Apps Leak Sensitive Data - Infosecurity Magazine
Samsung patches actively exploited zero-day reported by WhatsApp
Make Sure Your Android Phone Has This Security Feature Enabled (And Here's Why)
CERT-FR: Take Apple spyware alerts seriously | Cybernews
Denial of Service/DoS/DDoS
Cloudflare DDoSed itself with React useEffect hook blunder • The Register
Internet of Things – IoT
Dutch University Washing Machines Hacked, Disrupting Laundry for 1,200 Students
Smart Home Security Tips to Prevent Hacking
Data Breaches/Leaks
ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks
FBI Issues Salesforce Instance Warning Over 'ShinyHunters' Data Theft | Salesforce Ben
SonicWall Discloses Compromise of Cloud Backup Service - Infosecurity Magazine
Attack on SonicWall’s cloud portal exposes customers’ firewall configurations | CyberScoop
SonicWall warns customers to reset credentials after breach
1 in 3 Android Apps Leak Sensitive Data - Infosecurity Magazine
British rail passengers urged to stay on guard after hack signals failure
Tiffany Data Breach Impacts Thousands of Customers - SecurityWeek
Gucci, Balenciaga and Alexander McQueen targeted in cyber-attack
Hackers steal millions of Gucci, Balenciaga, and Alexander McQueen customer records
Millions of HNW clients at risk as Gucci hacked | Insurance Business America
Insider breach at FinWise Bank exposes data of 689,000 AFF customers
Cybercriminals pwn 850k+ Americans' healthcare data • The Register
New York Blood Center Alerts 194,000 People to Data Breach - Infosecurity Magazine
Vietnam data breach: whole population exposed | Cybernews
2 Eye Care Practice Hacks Affect 260,000 Patients, Staff
Bracknell and Wokingham college hit with cyber attack | Bracknell News
Organised Crime & Criminal Actors
Cyber professionals are losing sleep over late night attacks | IT Pro
Cybercriminals Evolve Tactics: New HP Report Reveals Sophisticated Threats
Open-Source Ransomware Tools on GitHub Fuel AI-Driven Cybercrime Surge
Cyber-scam camp operators shifting to vulnerable countries • The Register
DOJ Resentences BreachForums Founder to 3 Years for Cybercrime and Possession of CSAM
NCA Singles Out “The Com” as it Chairs Five Eyes Group - Infosecurity Magazine
The Feds Destroyed an Internet Weapon, but Criminals Picked Up the Pieces - WSJ
15 ransomware gangs ‘go dark’ to enjoy 'golden parachutes' • The Register
"Pompompurin" resentenced: BreachForums creator heads back behind bars
Fifteen Ransomware Gangs “Retire,” Future Unclear - Infosecurity Magazine
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
AI made crypto scams far more dangerous - Help Net Security
Insider Risk and Insider Threats
The secret psychological cost of cyberattacks
Insider breach at FinWise Bank exposes data of 689,000 AFF customers
Engineer Who Tried To Pass Secrets To Russia Gets 10½ Years - Law360
Supply Chain and Third Parties
CrowdStrike Infested With "Self-Replicating Worms"
Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack
New supply chain attack hits npm registry, compromising 40+ packages
Mitigating supply chain vulnerabilities | TechRadar
Cloud/SaaS
Attack on SonicWall’s cloud portal exposes customers’ firewall configurations | CyberScoop
Disrupted phishing service was after Microsoft 365 credentials | Malwarebytes
Microsoft scores win against Office 365 credential thieves | Computer Weekly
The Cloud Edge Is the New Attack Surface
The unseen risk in Microsoft 365: disaster recovery | IT Pro
Target-rich environment: Why Microsoft 365 has become the biggest risk
Outages
Starlink outage knocks tens of thousands offline worldwide • The Register
Linux and Open Source
Linux Security Tools Bypassed by io_uring Rootkit Technique, ARMO Research Reveals - InfoQ
UEFI Secure Boot for Linux Arm64 – where do we stand? • The Register
Passwords, Credential Stuffing & Brute Force Attacks
Disrupted phishing service was after Microsoft 365 credentials | Malwarebytes
Microsoft scores win against Office 365 credential thieves | Computer Weekly
SonicWall Discloses Compromise of Cloud Backup Service - Infosecurity Magazine
SonicWall warns customers to reset credentials after breach
Password1: how scammers exploit variations of your logins | Money | The Guardian
Social Media
TikTok Deal Won't End Enterprise Risks
Facebook's settlement payments are on the way - here's how much you can expect | ZDNET
LinkedIn now uses your data for AI by default, opt out now! - Help Net Security
Australia to let Big Tech choose kids social media ban tech • The Register
Regulations, Fines and Legislation
EU’s NIS2 directive brings tougher cybersecurity rules - The Recycler
UK ministers probe 'child-protection' Online Safety tweaks • The Register
China: 1-hour deadline on serious cyber incident reporting • The Register
Creating a compliance strategy that works across borders - Help Net Security
A Deeper Dive: The SEC Cybersecurity Rule Enforcement Landscape | BakerHostetler - JDSupra
Australia to let Big Tech choose kids social media ban tech • The Register
The CMMC Rule is Here: What Contractors Need to Know | Akin Gump Strauss Hauer & Feld LLP - JDSupra
CISA misspent millions in cyber skill retention funds: audit • The Register
CISA attempts to assert control over CVE in vision outline • The Register
Without Federal Help, Cyber Defense Is Up to Us
The Next Cyber Breach Will Not Wait: Why Congress Must Reauthorize CISA 2015
CISA blasted by US watchdog for wasting funds and retaining the wrong employees | TechRadar
The Quality Era: How CISA’s Roadmap Reflects Urgency for Modern Cybersecurity - Security Boulevard
Agencies increasingly dive into AI for cyber defense, acting federal CISO says | CyberScoop
Models, Frameworks and Standards
EU’s NIS2 directive brings tougher cybersecurity rules - The Recycler
NCSC updates Cyber Assessment Framework (2) | UKAuthority
The CMMC Rule is Here: What Contractors Need to Know | Akin Gump Strauss Hauer & Feld LLP - JDSupra
Careers, Working in Cyber and Information Security
Cyber Skills Shortage Forces 64% of EMEA Organisations into Risky Security Shortcuts
Organisations still struggling to close cybersecurity skills gap
Cybersecurity: The job that comes with a daily dose of ‘impending doom’
Cyber hiring trends | Professional Security Magazine
Microsoft Principal Security Engineer on How to Get Into Cybersecurity - Business Insider
Law Enforcement Action and Take Downs
DOJ Resentences BreachForums Founder to 3 Years for Cybercrime and Possession of CSAM
NCA Singles Out “The Com” as it Chairs Five Eyes Group - Infosecurity Magazine
Hackers behind Jaguar Land Rover announce their 'retirement' – should we believe them? | IT Pro
"Pompompurin" resentenced: BreachForums creator heads back behind bars
Engineer Who Tried To Pass Secrets To Russia Gets 10½ Years - Law360
Man gets over 4 years in prison for selling unreleased movies
RaccoonO365 Phishing Network Dismantled as Microsoft, Cloudflare Take Down 338 Domains
Misinformation, Disinformation and Propaganda
Opinion | AI and drone warfare is here. The U.S. isn’t ready. - The Washington Post
Russian fake-news network back in action with 200+ new sites • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Russia’s Hybrid Tactics Raise Alarm in EU
Opinion | AI and drone warfare is here. The U.S. isn’t ready. - The Washington Post
Geopolitics Reshapes Security Budgets in Financial Services
Bitdefender discovers China-linked malware - APDR
Nation State Actors
Opinion | AI and drone warfare is here. The U.S. isn’t ready. - The Washington Post
Geopolitics Reshapes Security Budgets in Financial Services
China
China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy
China: 1-hour deadline on serious cyber incident reporting • The Register
HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks
China-linked Mustang Panda deploys advanced SnakeDisk USB worm
TikTok Deal Won't End Enterprise Risks
Chinese cyber skirmishes in the Indo-Pacific show emerging patterns of conflict | The Strategist
Bitdefender discovers China-linked malware - APDR
SEO Poisoning Targets Chinese Users with Fake Software Sites - Infosecurity Magazine
Sophisticated Cyber Campaign Deploys RATs via SEO-Poisoned GitHub Sites
Costs of Russian, Chinese cyberattacks on German firms on rise: report
Russia
Russia’s Hybrid Tactics Raise Alarm in EU
Opinion | AI and drone warfare is here. The U.S. isn’t ready. - The Washington Post
MI6 launches dark web portal to attract spies in Russia - BBC News
Researchers believe Gamaredon and Turla threat groups are collaborating - Help Net Security
Russian fake-news network back in action with 200+ new sites • The Register
Ukrainian Cyberattack Paralyzes Russia’s Sham Election in Occupied Crimea
Engineer Who Tried To Pass Secrets To Russia Gets 10½ Years - Law360
CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader
Russian regional airline disrupted by suspected cyberattack | The Record from Recorded Future News
Iran
What's Old Is New Again as Iranian Hackers Exploit Macros
North Korea
This North Korean Phishing Attack Used ChatGPT's Image Generation
AI-Forged Military IDs Used in North Korean Phishing Attack - Infosecurity Magazine
Proton Mail Suspended Journalist Accounts at Request of Cybersecurity Agency
Tools and Controls
Geopolitics Reshapes Security Budgets in Financial Services
SonicWall Discloses Compromise of Cloud Backup Service - Infosecurity Magazine
Attack on SonicWall’s cloud portal exposes customers’ firewall configurations | CyberScoop
The Cloud Edge Is the New Attack Surface
The unseen risk in Microsoft 365: disaster recovery | IT Pro
Rising DNS Cyber Attacks: AI-Driven Threats Demand Zero-Trust Defenses
AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns
Threat Actors Leverage Several RMM Tools in Phishing Attack to Maintain Remote Access
Security Execs Say Internal Mayhem Makes Cyber Attacks Worse
Cyber leaders must make better use of risk experts | Computer Weekly
Zero Trust Is 15 Years Old — Why Full Adoption Is Worth the Struggle - SecurityWeek
CISOs grapple with the realities of applying AI to security functions | CSO Online
Many networking devices are still vulnerable to pixie dust attack - Help Net Security
Elon Musk Urges Heightened Security After Charlie Kirk Assassination
SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers
Phishing campaign targets Rust developers - Help Net Security
3 reasons VPN use is set to explode worldwide - and that might apply to you | ZDNET
More tools lead to greater risk of security issues and burnout - BetaNews
Digital twins give cyber defenders a predictive edge - SiliconANGLE
UEFI Secure Boot for Linux Arm64 – where do we stand? • The Register
How CISOs Can Drive Effective AI Governance
What is Mobile Threat Defense (MTD)? | Definition from TechTarget
Other News
3 reasons VPN use is set to explode worldwide - and that might apply to you | ZDNET
Europe needs to wake up to its internet network vulnerability
Kids hacking for kicks are causing security headaches at schools | IT Pro
Cyber resilience must be engineered into the UK’s infrastructure future | New Civil Engineer
Vulnerability Management
Google has made a huge change to the monthly Android Security Bulletin - PhoneArena
Microsoft reminds of Windows 10 support ending in 30 days
Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm - SecurityWeek
Microsoft: Exchange 2016 and 2019 reach end of support in 30 days
Microsoft Warns 200 Million Windows Users—Do Not Update Your PC
Consumer Reports calls Microsoft 'hypocritical' for stranding millions of Windows 10 PCs | ZDNET
CISA attempts to assert control over CVE in vision outline • The Register
Exploring Open Source and Compliance in Vulnerability Management - Security Boulevard
Vulnerabilities
Google patches another worrying Chrome security flaw - so update now, or be at risk | TechRadar
Many networking devices are still vulnerable to pixie dust attack - Help Net Security
Apple backports zero-day patches to older iPhones and iPads
Ransomware crims broke in, found recovery codes in plaintext • The Register
Cisco fixes high-severity IOS XR flaws enabling image bypass and DoS
Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds
Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions
Update your Samsung phone ASAP to patch this zero-day flaw exploited in the wild | ZDNET
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428
Samsung patches actively exploited zero-day reported by WhatsApp
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.