Black Arrow Cyber Threat Intelligence Briefing 22 August 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week we start with a look at how organisations react to cyber incidents: studies show that most organisations prioritise their security after they have been attacked, and one in four CISOs lose their job after a ransomware attack even when the incident stems from factors outside their direct control. We discuss emerging attacks, including those focused on CFOs and Regulators, and where English language speakers are hired to help in social engineering attacks. We also spotlight attacks using remote access trojans, and the risks of complacency when using AI while AI itself continues to boost attackers.
Looking ahead, Gartner warns that by 2028 up to one in four job candidates could be artificially generated with associated security risks. Focusing on solutions to address cyber risks, we look at the impact of the EU’s DORA law that aims to build better resilience in the financial services sector. Finally, on the basis that the majority of cyber attacks involve people, including the social engineering attacks referred to earlier, we look at how a security culture is critical to helping to protect your organisation.
Top Cyber Stories of the Last Week
85% of Organisations Approach Cyber Security Reactively
Unisys has found that 85% of organisations still approach cyber security reactively, responding only after an incident has occurred. While 62% have adopted or plan to adopt zero trust models, fewer than half use artificial intelligence to strengthen defences. Most acknowledge they are not prepared for future threats such as quantum-enabled attacks. The consequences are costly, with nearly half estimating downtime expenses of at least $500,000 per hour. The findings highlight the urgent need for a proactive and layered security strategy that combines advanced technology with strong human oversight.
25% of Security Leaders Replaced After Ransomware Attack
A new Sophos report has revealed that one in four security leaders lose their role following a ransomware attack, regardless of whether they were directly at fault. The findings highlight growing board-level frustration when security measures fail, even if breaches stem from business decisions outside the CISO’s authority. The study found that email-based attacks (malicious and phishing) were the leading cause of 37% of incidents, while exploited system weaknesses were the leading cause in 32% of cases, followed by stolen passwords in 23%. The report warns that many incidents arise from known gaps that were left unaddressed, making leadership accountability a critical issue.
Iranian Threat Actor Group ‘MuddyWater’ Targeting CFOs Worldwide
A new cyber espionage campaign linked to the group known as MuddyWater is targeting Chief Financial Officers and finance leaders worldwide. The attackers use highly convincing phishing emails that mimic recruitment messages, tricking victims into completing fake verification challenges before delivering malicious files. Once inside, they install legitimate tools such as OpenSSH and NetBird to create hidden backdoors, enable remote access, and even set up secret administrator accounts. This approach gives the attackers long term access while avoiding detection, highlighting the increasing sophistication of threats aimed directly at senior financial executives.
https://cybersecuritynews.com/apt-muddywater-attacking-cfos/
Canadian Financial Regulator Hacked, Exposing Personal Data from Member Organisations
The Canadian Investment Regulatory Organisation (CIRO) has disclosed a cyber security breach that exposed personal data from some member firms and their employees. The regulator detected the attack on 11 August and temporarily shut down systems to protect operations while an investigation was launched with external experts and law enforcement. Although investor funds were not affected, the incident raises concern given CIRO’s role in overseeing Canada’s investment and trading firms. CIRO has committed to notifying affected individuals, offering risk mitigation services, and warning members to be alert to fraudulent calls or emails pretending to be the regulator.
https://www.infosecurity-magazine.com/news/canadian-financial-regulator-hacked/
‘Impersonation as a Service’ the Next Big Thing in Cybercrime
Criminal groups are increasingly offering “impersonation as a service,” where skilled English-speaking fraudsters are hired to trick employees into handing over access to company systems. Reports show such roles being advertised on underground forums have more than doubled since 2024, signalling that targeted social engineering attacks are set to rise. Recent incidents have seen attackers exploit trust through convincing phone calls to breach major firms including Google, Dior, and Allianz. Combined with advances in artificial intelligence and collaboration between criminal groups, this trend represents a growing and highly professionalised threat to businesses worldwide.
https://www.theregister.com/2025/08/21/impersonation_as_a_service/
URL-Based Threats Become a Go-To Tactic for Cybercriminals
Proofpoint has reported that cyber criminals are increasingly favouring malicious links over attachments, with URL-based threats now four times more common than file-based attacks. In the first half of 2025 alone, more than 3.7 billion attempts were made to steal user logins through phishing, and QR code scams exceeded 4.2 million cases. Smishing, or text-based phishing, has surged by more than 2,500%, showing a clear shift towards targeting mobile devices. These campaigns often mimic trusted brands or government services, making them difficult for people to recognise and highlighting the need for stronger human-focused cyber security measures.
https://www.helpnetsecurity.com/2025/08/21/phishing-url-based-threats/
How Evolving Remote Access Trojans (RATs) Are Redefining Enterprise Security Threats
Remote access trojans or RATs (malware that gives attackers full control of a victim’s computer) are becoming more sophisticated, using everyday tools and file formats to avoid detection while maintaining long-term access to systems. Recent attacks have shown how criminals use phishing emails, built-in Windows functions, and even artificial intelligence to launch stealthy campaigns that can quietly steal sensitive data for weeks. Traditional security approaches that rely on signatures or isolated defences are proving inadequate. Experts recommend a shift to behaviour-based monitoring that links endpoint, network, and identity activity, helping organisations detect unusual patterns earlier and limit the damage caused by these evolving threats.
How GenAI Complacency is Becoming Cyber Security’s Silent Crisis
Organisations are increasingly adopting Generative AI tools such as ChatGPT, Gemini and Copilot, with 42% already deploying them and a further 40% experimenting. While these tools drive efficiency, they have also created a culture of complacency that masks significant security risks. By 2027, over 40% of data breaches are expected to stem from improper AI use, often linked to employees unintentionally exposing sensitive data. The report highlights that without clear policies, training and continuous monitoring, firms risk leaving blind spots open to exploitation. Leadership must act now to balance AI innovation with robust security governance.
https://www.techradar.com/pro/how-genai-complacency-is-becoming-cybersecuritys-silent-crisis
Fake Employees Pose Real Security Risks
Gartner warns that by 2028 up to one in four job candidates could be artificially generated, posing major risks for organisations. Fake employees, often linked to fraudsters or hostile states, have already cost companies millions and in some cases enabled the theft of digital assets worth hundreds of thousands of dollars. The threat is most severe when these individuals gain IT roles with privileged access, giving them control over critical systems. Experts stress that prevention requires a mix of recruiter training, stronger access governance, and automated monitoring to detect suspicious behaviour before damage is done.
https://www.darkreading.com/cyberattacks-data-breaches/fake-employees-pose-real-security-risks
AI Gives Ransomware Gangs a Deadly Upgrade
Ransomware remains the leading cyber threat to businesses, with attacks rising 70% in early 2025 compared to previous years. Criminal groups are increasingly using artificial intelligence to automate attacks, launch convincing phishing campaigns, and even create deepfake impersonations of executives. While some attack volumes slowed in the second quarter due to law enforcement action and stronger defences, industries such as manufacturing, retail, and technology remain heavily targeted. Managed service providers are also under sustained attack, with phishing now accounting for over half of incidents. AI tools are making advanced attack methods widely available, lowering barriers for criminals.
https://www.helpnetsecurity.com/2025/08/22/ransomware-gangs-ai/
DORA: Six Months into a Resilience Revolution
Six months after its introduction, the EU’s Digital Operational Resilience Act (DORA) has already reshaped the financial sector, requiring firms to embed stronger controls across technology, risk, and third-party management. Nearly half of firms reported costs exceeding one million euros, while stress and workload have increased significantly for senior leaders and staff. Organisations have focused on improving risk management, reporting incidents quickly, and carrying out resilience testing that simulates real-world cyber attacks. Vendor oversight has also become a central priority, with firms demanding more assurance from suppliers. Although costly, these efforts are seen as investments to protect reputation, continuity, and long-term resilience.
https://www.techradar.com/pro/dora-six-months-into-a-resilience-revolution
Why Your Security Culture is Critical to Mitigating Cyber Risk
Research shows that nearly 60% of breaches in 2024 involved a human element, underlining that people, not just technology, are the main target for attackers. The problem is not that employees do not care about security, but that security measures are often overly complex, poorly designed, or disconnected from daily work. A strong security culture, shaped by leadership, supportive security teams, clear policies, and relevant training, is essential. Without embedding security into the way people work, even the most advanced technical defences will continue to be undermined.
https://thehackernews.com/2025/08/why-your-security-culture-is-critical.html
Governance, Risk and Compliance
25% of security leaders replaced after ransomware attack | CSO Online
Weak alerting and slipping prevention raise risk levels for CISOs - Help Net Security
Why Your Security Culture is Critical to Mitigating Cyber Risk
UK firms at risk of more cyber incidents - here's how to stay protected | TechRadar
85% of Organizations Approach Cybersecurity Reactively | Security Magazine
C-Suite Lessons From Joe Sullivan And The Uber Data Breach
Employee distraction is a bigger risk than attack sophistication - BetaNews
UK cyber leaders feel impact of Trump cutbacks | Computer Weekly
Threats
Ransomware, Extortion and Destructive Attacks
25% of security leaders replaced after ransomware attack | CSO Online
Ransomware is on the rise: Global cybercrime hits new highs - Digital Journal
February ransomware attacks hit record high as ThreatDown reports 25% annual surge - SiliconANGLE
Teen hackers aren't the problem. They're the wake-up call | Computer Weekly
AI gives ransomware gangs a deadly upgrade - Help Net Security
Can cyber group takedowns last? | IT Pro
Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware
Warlock: From SharePoint Vulnerability Exploit to Enterprise Ransomware | Trend Micro (US)
Insurers face challenges with UK ransomware ban
Europol Says Qilin Ransomware Reward Fake - SecurityWeek
Europe's Ransomware Surge Is a Warning Shot for US Defenders
U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions
U.S. seizes $2.8 million in crypto from Zeppelin ransomware operator
Ransomware Victims
Warlock claims ransomware attack on network services firm Colt | Computer Weekly
Colt Telecom attack claimed by WarLock ransomware, data up for sale
Accounting Firm Pays Feds $175K for HIPAA Ransomware Breach
Ransomware attack at DaVita impacted 2.7 million people, US health dept website shows - CNA
Phishing & Email Based Attacks
Phishing Campaign Exploits Microsoft ADFS to Evade Security
APT MuddyWater Attacking CFOs Leveraging OpenSSH, Enables RDP, and Scheduled Task
Hackers steal Microsoft logins using legitimate ADFS redirects
2.5 billion Gmail users at risk after Google's databases were hacked | PCWorld
URL-based threats become a go-to tactic for cybercriminals - Help Net Security
Study: Phishing always works, despite cyber training | Cybernews
Nearly half of Americans still reuse passwords despite phishing risks - BetaNews
Warning: Watch Out for This Japanese Character in Your Booking.com Email
Cybercriminals Attack VPS to Access Business Email Systems | Security Magazine
Scam Emails Are Getting Smarter—Would You Fall for These Ones?
Other Social Engineering
North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms
Fake Employees Pose Real Security Risks
Zero-day Clickjacking exploit impacts several password managers - gHacks Tech News
Fake It Til You Make It: The New Age of Employment Fraud | MSSP Alert
URL-based threats become a go-to tactic for cybercriminals - Help Net Security
Hackers Weaponize QR Codes in New ‘Quishing’ Attacks - Infosecurity Magazine
Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages
Beyond romance fraud: The rising threat of social media scams | TechRadar
'Impersonation as a service' next big thing in cybercrime • The Register
Workday Confirms Social Engineering Cyberattack Exposing Contact Data
Workday Breach Linked to ShinyHunters Salesforce Attacks
Massive Allianz Life data breach impacts 1.1 million people
Workday Discloses Data Breach Following CRM-Targeted Social Engineering Attack - IT Security Guru
Scam Emails Are Getting Smarter—Would You Fall for These Ones?
Scammers Are Now Impersonating Cyber Crime Agents
Fraud, Scams and Financial Crime
Fake It Til You Make It: The New Age of Employment Fraud | MSSP Alert
Beyond romance fraud: The rising threat of social media scams | TechRadar
Authorized Push Payment Fraud a National Security Risk to UK - Infosecurity Magazine
Scam Emails Are Getting Smarter—Would You Fall for These Ones?
WhatsApp Privacy Myths: Encryption Flaws, Scams, and Signal Alternatives
Scammers Are Now Impersonating Cyber Crime Agents
Experts Warn Athletes Against Public Venmo Accounts
Artificial Intelligence
How GenAI complacency is becoming cybersecurity’s silent crisis | TechRadar
Fake It Til You Make It: The New Age of Employment Fraud | MSSP Alert
Fake Employees Pose Real Security Risks
AI gives ransomware gangs a deadly upgrade - Help Net Security
4 in 5 CISOs say DeepSeek must be regulated - Data Centre & Network News
URL-based threats become a go-to tactic for cybercriminals - Help Net Security
Man-in-the-Prompt: The invisible attack threatening ChatGPT and other AI systems
This Authentication Method Is Horribly Insecure—AI Just Made It Worse
The era of AI hacking has arrived
CISOs need to think about risks before rushing into AI - Help Net Security
Hackers Abuse Vibe Coding Service to Build Malicious Sites
Easy ChatGPT Downgrade Attack Undermines GPT-5 Security
New NIST guide explains how to detect morphed images - Help Net Security
Scammers are sneaking into Google's AI summaries to steal from you - how to spot them | ZDNET
How web scraping actually works - and why AI changes everything | ZDNET
Microsoft mum about M365 Copilot on-demand security bypass • The Register
Claude can now stop conversations - for its own protection, not yours | ZDNET
Hundreds of thousands of Grok chats exposed in Google results - BBC News
Perplexity's Comet AI browser could expose your data to attackers - here's how | ZDNET
Agentic AI’s security risks are challenging, but the solutions are surprisingly simple | TechRadar
The invisible battlefield: Good AI vs Bad AI in the evolving cybersecurity landscape | TechRadar
Malware
How Evolving RATs Are Redefining Enterprise Security Threats
Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages
Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware
Budget Mac.c Infostealer Rivals AMOS Amid 101% macOS Threat Surge
New FireWood Malware Attacking Linux Systems to Execute Commands and Exfiltrate Sensitive Data
XenoRAT malware campaign hits multiple embassies in South Korea
USB Malware Campaign Spreads Cryptominer Worldwide - Infosecurity Magazine
Popular npm Package Compromised in Phishing Attack - Infosecurity Magazine
Legitimate Chrome VPN Extension Turns to Browser Spyware - Infosecurity Magazine
New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code
Hundreds Targeted in New Atomic macOS Stealer Campaign - SecurityWeek
Developer jailed for malware that took out his employer • The Register
“Rapper Bot” malware seized, alleged developer identified and charged
Solana malware targeting Russian crypto developers • The Register
Mobile
UK backs down in Apple privacy row, US says - BBC News
Android VPN apps used by millions are covertly connected AND insecure - Help Net Security
Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks
Apple addressed the seventh actively exploited zero-day
Novel 5G Attack Bypasses Need for Malicious Base Station - SecurityWeek
ERMAC Android malware source code leak exposes banking trojan infrastructure
How To Find And Remove Spyware From Your Android Phone
Denial of Service/DoS/DDoS
Internet-wide Vulnerability Enables Giant DDoS Attacks
“Rapper Bot” malware seized, alleged developer identified and charged
'Rapper Bot' hit the Pentagon in at least 3 cyberattacks | DefenseScoop
Internet of Things – IoT
Hackers can abuse IPv6 to hijack networks | Cybernews
System Shocks? EV Smart Charging Tech Poses Cyber-Risks
Your smart home device just got a performance and security boost for free | ZDNET
Data Breaches/Leaks
2.5 billion Gmail users at risk after Google's databases were hacked | PCWorld
Over 190 million hit in UnitedHealth data breach — confirmed largest in history | Tom's Guide
Hacker Offers to Sell 15.8 Million Plain-Text PayPal Credentials On Dark Web Forum
Canadian Financial Regulator Hacked, Exposing Personal Data from Membe - Infosecurity Magazine
Workday Confirms Social Engineering Cyberattack Exposing Contact Data
Air France and KLM warn customers of new data breach | Fox News
4 cyberattacks that rocked global telecoms | Capacity Media
Dozens more Afghan relocation data breaches uncovered by BBC - BBC News
Colt Telecom attack claimed by WarLock ransomware, data up for sale
Millions Allegedly Affected in Allianz Insurance Breach
Orange Belgium's 850K mega-breach raises fraud fears • The Register
Elon Musk’s xAI Published Hundreds Of Thousands Of Grok Chatbot Conversations
Intel Employee Data Exposed by Vulnerabilities - SecurityWeek
Australian ISP iiNet Suffers Breach of 280,000+ Records - Infosecurity Magazine
TPG Telecom estimates 280K affected by subsidiary breach • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
USB Malware Campaign Spreads Cryptominer Worldwide - Infosecurity Magazine
Lazarus strikes again? $23m theft topples crypto platform
Lykke Exchange Shuts Down After $23M Lazarus Group Hack
US seizes $2.8 million in crypto from Zeppelin ransomware operator
Nebraska man gets 1 year in prison for $3.5M cryptojacking scheme
Solana malware targeting Russian crypto developers • The Register
Insider Risk and Insider Threats
Fake It Til You Make It: The New Age of Employment Fraud | MSSP Alert
Fake Employees Pose Real Security Risks
North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms
Study: Phishing always works, despite cyber training | Cybernews
Developer jailed for malware that took out his employer • The Register
Soldier admits handing over sensitive information to person he thought was foreign agent | RNZ News
Insurance
Insurers face challenges with UK ransomware ban
Is personal cyber insurance at an inflection point? - Insurance Post
Cloud/SaaS
Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems
Microsoft investigates outage impacting Copilot, Office.com
Outages
Microsoft investigates outage impacting Copilot, Office.com
Colt Customers Face Prolonged Outages After Major Cyber Incident - Infosecurity Magazine
Identity and Access Management
Phishing Campaign Exploits Microsoft ADFS to Evade Security
Hackers steal Microsoft logins using legitimate ADFS redirects
Encryption
UK Backs Down On Apple Encryption Backdoor—But The Secret Deal Raises New Questions | Techdirt
US spy chief Gabbard says UK agreed to drop 'backdoor' mandate for Apple | Reuters
An explanation of quantum key distribution | TechTarget
Trump admin says it convinced UK to drop demand for Apple backdoor - Ars Technica
UK Drops Demand for iCloud Backdoor for American Users' Data
FTC warns US Big Tech: Don’t bend to foreign censors • The Register
WhatsApp Privacy Myths: Encryption Flaws, Scams, and Signal Alternatives
Russia Is Cracking Down on End-to-End Encrypted Calls | WIRED
Linux and Open Source
Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems
New FireWood Malware Attacking Linux Systems to Execute Commands and Exfiltrate Sensitive Data
Passwords, Credential Stuffing & Brute Force Attacks
Nearly half of Americans still reuse passwords despite phishing risks - BetaNews
Zero-day Clickjacking exploit impacts several password managers - gHacks Tech News
Password Managers Vulnerable to Data Theft via Clickjacking - SecurityWeek
Social Media
Beyond romance fraud: The rising threat of social media scams | TechRadar
Training, Education and Awareness
Study: Phishing always works, despite cyber training | Cybernews
Employee distraction is a bigger risk than attack sophistication - BetaNews
Almost all banks mandate cyber security training - Risk.net
Regulations, Fines and Legislation
US spy chief Gabbard says UK agreed to drop 'backdoor' mandate for Apple | Reuters
The UK Online Safety Act could kill the internet as we know it.
DORA: six months into a resilience revolution | TechRadar
Trump admin says it convinced UK to drop demand for Apple backdoor - Ars Technica
FTC warns US Big Tech: Don’t bend to foreign censors • The Register
UK Backs Down On Apple Encryption Backdoor—But The Secret Deal Raises New Questions | Techdirt
Insurers face challenges with UK ransomware ban
EU: ENISA Guidelines on Compliance with NIS 2 Directive Published | DLA Piper - JDSupra
EU’s Cyber Resilience Act: As Deadline Looms, Are You Ready For It? - EE Times
How VPNs are helping people evade increased censorship - and much more | ZDNET
UK cyber leaders feel impact of Trump cutbacks | Computer Weekly
The EU NIS2 Directive and intra-group IT services | Hogan Lovells - JDSupra
UK cyber leaders feel impact of Trump cutbacks | Computer Weekly
Mozilla warns Germany could soon declare ad blockers illegal
Regulator rebukes Nova Scotia Power's request for secrecy in cybersecurity inquiry | CBC News
Election workers fear 2026 threats without feds' support • The Register
By gutting its cyber staff, State Department ignores congressional directives | CyberScoop
Bill would give hackers letters of marque against US enemies • The Register
Models, Frameworks and Standards
DORA: six months into a resilience revolution | TechRadar
EU’s Cyber Resilience Act: As Deadline Looms, Are You Ready For It? - EE Times
The EU NIS2 Directive and intra-group IT services | Hogan Lovells - JDSupra
New NIST guide explains how to detect morphed images - Help Net Security
Accounting Firm Pays Feds $175K for HIPAA Ransomware Breach
Careers, Working in Cyber and Information Security
Would you hire a hacker? | Computer Weekly
Building a New Generation of Security Talent Amid an Escalating Cyber - Infosecurity Magazine
Cyber teams are struggling to keep up with a torrent of security alerts | IT Pro
Law Enforcement Action and Take Downs
Developer jailed for malware that took out his employer • The Register
US seizes $2.8 million in crypto from Zeppelin ransomware operator
Can cyber group takedowns last? | IT Pro
Nebraska man gets 1 year in prison for $3.5M cryptojacking scheme
US cops seize mega DDoS-for-hire racket RapperBot • The Register
A hacker tied to Yemen Cyber Army gets 20 months in prison
'Rapper Bot' hit the Pentagon in at least 3 cyberattacks | DefenseScoop
Serial hacker who defaced official websites is sentenced - National Crime Agency
Israeli government official arrested in Nevada sex crimes operation | The Independent
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
APT MuddyWater Attacking CFOs Leveraging OpenSSH, Enables RDP, and Scheduled Task
Russia-linked gang using Cisco devices for spying | Cybernews
FBI, Cisco Warn of Russian Attacks on 7-Year Flaw
FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage
Nation State Actors
Swap Around and Find Out: The New Rules of International Digital Economic Warfare – War on the Rocks
China
CrowdStrike warns of uptick in Silk Typhoon attacks this summer | CyberScoop
4 in 5 CISOs say DeepSeek must be regulated - Data Centre & Network News
Microsoft scales back Chinese access to cyber early warning system
China labels US as 'surveillance empire' over chip tracking • The Register
Chinese hackers are targeting web hosting firms - here's what we know | TechRadar
Microsoft restricts Chinese firms over hacking fears | Windows Central
Chinese APT Group Targets Web Hosting Services in Taiwan - Infosecurity Magazine
China cut itself off from the global internet on Wednesday • The Register
DPRK, China Suspected in South Korean Embassy Attacks
Russia
Russia-linked gang using Cisco devices for spying | Cybernews
Russia Is Cracking Down on End-to-End Encrypted Calls | WIRED
Russian Hacktivists Take Aim at Polish Power Plant, Again
Solana malware targeting Russian crypto developers • The Register
Russian hackers lurked in US courts for years and took sealed files | Stars and Stripes
Russia-linked European attacks renew concerns over water cybersecurity | CSO Online
Russian Hackers Hitting Critical Infrastructure, FBI Warns
Iran
APT MuddyWater Attacking CFOs Leveraging OpenSSH, Enables RDP, and Scheduled Task
Hackers disrupt communications of dozens of Iranian oil and cargo ships | Iran International
North Korea
North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms
North Korea's IT worker fraud has fooled nearly every Fortune 500 firm
Lazarus strikes again? $23m theft topples crypto platform
Hackers who exposed North Korean government hacker explain why they did it | TechCrunch
Tools and Controls
Study: Phishing always works, despite cyber training | Cybernews
Cybercriminals Attack VPS to Access Business Email Systems | Security Magazine
Hackers Weaponizing Cisco's Secure Links to Evade Link Scanning and By-Pass Network Filters
Zero-day Clickjacking exploit impacts several password managers - gHacks Tech News
Password Managers Vulnerable to Data Theft via Clickjacking - SecurityWeek
Scans From Hacked Cisco Small Business Routers, Linksys and Araknis are at the Raise
Hackers can abuse IPv6 to hijack networks | Cybernews
McDonald's not lovin' it when hacker exposes rotten security • The Register
Cyber teams are struggling to keep up with a torrent of security alerts | IT Pro
The EU NIS2 Directive and intra-group IT services | Hogan Lovells - JDSupra
Insurers face challenges with UK ransomware ban
Employee distraction is a bigger risk than attack sophistication - BetaNews
Android VPN apps used by millions are covertly connected AND insecure - Help Net Security
This Authentication Method Is Horribly Insecure—AI Just Made It Worse
CISOs need to think about risks before rushing into AI - Help Net Security
Hackers Abuse Vibe Coding Service to Build Malicious Sites
BYOD Evolution: Essential for Hybrid Work Productivity and Security
How VPNs are helping people evade increased censorship - and much more | ZDNET
The Security Vulnerabilities to Watch for When You’re Vibe Coding
The invisible battlefield: Good AI vs Bad AI in the evolving cybersecurity landscape | TechRadar
How to Vibe Code With Security in Mind
Attackers Start Outside: Why MSSPs Should Prioritize External Threat Intelligence | MSSP Alert
Perplexity's Comet AI browser could expose your data to attackers - here's how | ZDNET
Elastic rejects claims of a zero-day RCE flaw in Defend EDR
Is personal cyber insurance at an inflection point? - Insurance Post
Making Pen Testing a Year-Round Cybersecurity Strength | SC Media UK
Solana malware targeting Russian crypto developers • The Register
Other News
Should Europe wean itself off US tech? - BBC News
Hackers can abuse IPv6 to hijack networks | Cybernews
Teen hackers aren't the problem. They're the wake-up call | Computer Weekly
UK firms at risk of more cyber incidents - here's how to stay protected | TechRadar
Aviation Tech Failures Expose Aging Systems and Cyber Risks
Dutch prosecution service attack keeps speed cameras offline • The Register
McDonald's not lovin' it when hacker exposes rotten security • The Register
Teen hacker’s journey: From curiosity to revenge | Cybernews
From medieval stronghold to cyber fortress: shielding Europe’s digital future | Cyprus Mail
Local governments struggle to defend critical infrastructure as threats grow - Help Net Security
How your solar rooftop became a national security issue | TechCrunch
How Outer Space Became the Next Big Attack Surface
UK cyber leaders feel impact of Trump cutbacks | Computer Weekly
Casino outfit Bragg says personal data untouched in attack • The Register
Train Maker Sues Hackers For Exposing Dodgy Efforts To Make Train Repairs More Difficult | Techdirt
What makes airport and airline systems so vulnerable to attack? - Help Net Security
Vulnerability Management
Majority of Organizations Ship Vulnerable Code, Study Finds - Infosecurity Magazine
Attacker “Patches” Vulnerability Post Exploitation to Lock Out Competi - Infosecurity Magazine
Majority of Organizations Ship Vulnerable Code, Study Finds - Infosecurity Magazine
Vulnerabilities
Zero-day Clickjacking exploit impacts several password managers - gHacks Tech News
Researcher to release exploit for full auth bypass on FortiWeb
Microsoft releases emergency updates to fix Windows recovery
FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage
Internet-wide Vulnerability Enables Giant DDoS Attacks
Apple discloses actively exploited zero-day affecting iOS, iPadOS and macOS | CyberScoop
Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware
Warlock: From SharePoint Vulnerability Exploit to Enterprise Ransomware | Trend Micro (US)
Multiple Chrome High-Severity Vulnerabilities Let Attackers Execute Arbitrary Code
U.S. CISA adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog
Over 800 N-able servers left unpatched against critical flaws
Scans From Hacked Cisco Small Business Routers, Linksys and Araknis are at the Raise
Easy ChatGPT Downgrade Attack Undermines GPT-5 Security
Xerox fixed path traversal and XXE bugs in FreeFlow Core
High-Severity Vulnerabilities Patched in Chrome, Firefox - SecurityWeek
Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution
Commvault plugs holes in backup suite that allow remote code execution - Help Net Security
Perplexity's Comet AI browser could expose your data to attackers - here's how | ZDNET
Elastic rejects claims of a zero-day RCE flaw in Defend EDR
Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems
Microsoft Windows 11 24H2 Update May Cause SSD Failures | TechPowerUp
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.