Black Arrow Cyber Threat Intelligence Briefing 25 July 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Our review of cyber security intelligence from specialist and public media this week starts with details of three recently disclosed attacks, including an attack causing the collapse of a firm that was almost 160 years old. The attacks were attributed to weak passwords and verification controls, and in one case it was the exploit of a vulnerability in on-premises SharePoint. We share details of a warning of increased attacks during the summer travel season, and the high percentage of organisations suffering data leakage when employees use AI tools often in an unauthorised manner.
We report on a survey that found almost half of IT managed service providers have funds allocated for paying ransoms, while the UK government has banned public sector and critical national infrastructure organisations from paying ransoms. We include reports of increased attacks in the airline sector, and more widely across Europe as a result of the geopolitical landscape. We also include news of successful legal action against cyber attackers including a student who sold phishing kits, and a US citizen who was helping North Koreans to infiltrate organisations as fake IT workers, as well as UK government sanctions against attackers in the Russian military.
Top Cyber Stories of the Last Week
158-Year-Old UK Logistics Firm KNP Collapses After Ransomware Attack Exploits Employee’s Weak Password
The collapse of a 158-year-old company in the UK, KNP Logistics, highlights how even a single weak password can devastate an entire business. Hackers exploited poor password hygiene to deploy ransomware, halting operations and forcing the firm into administration. The attack exposed wider issues: outdated systems, lack of multi-factor authentication, and insufficient user training, all of which allowed cyber criminals to move freely within the network. With over 700 jobs lost and supply chains disrupted, KNP’s fate is a stark warning: even well-established companies are at risk when basic cyber security measures are overlooked. Strong credentials and proactive defence are not optional; they are business-critical.
Hackers Fooled Cognizant Help Desk, Says Clorox in $380M Cyber Attack Lawsuit
US manufacturer Clorox has filed a $380 million lawsuit against IT provider Cognizant, alleging gross negligence in a cyber attack that severely disrupted its operations. The claim centres on a help desk agent who reset credentials without verifying identity, allowing criminals to access Clorox’s systems. This led to halted manufacturing, product shortages and a lengthy recovery effort. Clorox says the attackers repeated the tactic to gain deeper access, including into IT security accounts. It further accuses Cognizant of failing to follow agreed procedures and compounding the damage through a poor incident response, with underqualified support and delayed containment efforts. Cognizant have refuted Clorox’s version of events.
US Nuclear Weapons Agency ‘Among 400 Organisations Breached by Chinese Hackers’ Exploiting Microsoft SharePoint Vulnerability
Microsoft has confirmed that several China-linked hacking groups have exploited security flaws in its on-premises SharePoint servers, resulting in breaches at over 400 organisations, including US government agencies. The National Nuclear Security Administration was reportedly among those affected. Microsoft has issued security updates and is urging all users to apply them, warning that attacks are likely to continue. SharePoint remains widely used by large organisations for document collaboration, making the scale of the threat particularly concerning for those operating older systems.
Europe Sees Cyber Attacks Surge Amid Geopolitical Tensions
Check Point has reported a sharp global rise in cyber attacks, with weekly incidents reaching nearly 2,000 per organisation; a 143% increase over four years. Europe saw the steepest annual growth, up 22%, driven by geopolitical tensions and fragmented regulation. Sectors under sustained pressure include education, government, and telecommunications, with education alone facing over 4,300 weekly attacks. One in four ransomware attacks now affect European firms, with business services and manufacturing the most targeted. The report warns that a reactive stance is no longer viable and urges a prevention-first approach with layered defences and clear visibility of threats.
https://cybernews.com/security/cyberattacks-surge-in-north-america-and-europe/
68% of Organisations Experienced Data Leakage from Employee AI Usage
A recent survey has found that 68% of organisations have experienced data leakage incidents linked to staff sharing sensitive information with AI tools. This comes despite 90% of respondents expressing confidence in their existing cyber security controls. Only 23% of organisations have implemented dedicated AI security policies. Looking ahead, 80% of respondents said that building a strong internal security culture remains their biggest challenge. As AI adoption accelerates, many security leaders are shifting their focus from traditional operations to strengthening infrastructure and staff awareness, particularly in light of rising ransomware threats and risks tied to third-party AI suppliers.
Zimperium Warns of Rising Mobile Cyber Threats Amid Summer Travel Surge
Mobile security provider Zimperium has warned of a sharp rise in mobile-related cyber threats during the busy summer travel season. Over 5 million unsecured public Wi-Fi networks have been identified globally in 2025, with a third of users still connecting to them. Mobile devices, now a key access point for corporate data, are increasingly exposed to risks such as phishing disguised as travel updates, malicious apps, and data theft via public Wi-Fi. The threat is particularly high in Southeast Asia and across major cities. Organisations are urged to strengthen mobile defences and ensure employee devices remain protected while travelling.
Cyber Turbulence Ahead as Airlines Strap In for a Security Crisis
Cyber threats targeting the aviation sector are increasing in both frequency and severity, driven by greater system connectivity and heightened geopolitical tensions. Recent attacks have disrupted flights, exposed sensitive passenger data, and caused significant financial losses. Ransomware activity alone has risen by 600% over the past year. Regulatory bodies across the US, EU and globally are strengthening cyber security standards, with mandatory requirements due by 2025. However, fragmented compliance obligations, ageing technology, and widespread reliance on social engineering tactics continue to expose the industry. Despite higher-than-average cyber security investment, effective staff training and better supply chain oversight remain critical.
https://www.helpnetsecurity.com/2025/07/21/aviation-industry-cybersecurity-crisis/
Nearly Half of Managed Service Providers (MSPs) Have Dedicated Kitty for Ransomware Incidents
A multinational survey reports that nearly half of managed service providers (MSPs) have set aside funds specifically for ransomware payments, despite growing pressure from insurers and governments to avoid doing so. The survey found that 45% had a dedicated budget for this, while 36% rely on cyber insurance. However, 11% had no financial safeguards in place at all. Concerns are now shifting toward artificial intelligence, with 67% of MSPs reporting AI-driven attacks last year. As AI threats escalate in scale and sophistication, 84% of MSP clients now expect their providers to manage cyber security as part of their core services, underscoring the need for proactive defences.
UK Confirms Ransomware Payment Ban for Public Sector and CNI
The UK government will ban public sector and critical national infrastructure organisations from paying ransomware demands, following strong support during a public consultation. The aim is to deter attackers by removing financial incentives and better protect essential services like healthcare, education and transport. Alongside this, a new mandatory reporting regime will be introduced to help law enforcement gather intelligence and disrupt criminal networks. However, some experts have raised concerns that these measures could lead to underreporting, misuse of third parties, or increased pressure on private sector firms still permitted to pay, potentially creating a two-tier risk landscape.
https://www.infosecurity-magazine.com/news/uk-ransomware-payment-ban-public/
University Student Who Sold More than a Thousand Phishing Kits to Fraudsters is Jailed
A 21-year-old university student has been jailed for seven years after selling over 1,000 phishing kits that enabled criminals to impersonate legitimate organisations and steal personal and financial information. The kits, distributed via encrypted platforms, targeted 69 institutions across 24 countries, contributing to an estimated £100 million in global losses. Authorities described the operation as highly organised, with the individual offering ongoing technical support to other fraudsters. This case underscores how cyber criminals are monetising phishing tools at scale and highlights the growing need for organisations to protect against deceptive online tactics designed to exploit customers and brand trust.
$15M Reward Offered as American Woman Jailed in North Korea IT Worker Scam
An American woman has been sentenced to over eight years in prison for helping North Korean IT workers pose as US-based staff and secure jobs at over 300 companies, generating more than $17 million in illicit income. The scheme involved shipping corporate laptops abroad, forging payroll documents and using stolen identities. North Korea is believed to operate up to 4,000 such IT workers worldwide, generating as much as $600 million annually to fund state objectives. In response, the US has offered rewards of up to $15 million for information leading to the arrest of individuals involved in these activities.
UK Announces Sanctions Against Russian Cyber Units Over Threats to Europe
The UK has imposed sanctions on over 20 Russian individuals and entities linked to cyber attacks across Europe. Those named include officers from Russia’s military intelligence agency accused of targeting democratic institutions, media, energy networks and communications infrastructure. The sanctions follow broader efforts to disrupt Russian disinformation campaigns and respond to operations by groups such as NoName057(16), which has targeted political events across the EU. UK officials described these activities as part of a deliberate campaign to destabilise Europe and undermine both Ukrainian sovereignty and British security interests.
Governance, Risk and Compliance
Most cyber risks driven by few employees, study shows | SC Media
Threats
Ransomware, Extortion and Destructive Attacks
UK Confirms Ransomware Payment Ban for Public Sector and CNI - Infosecurity Magazine
Marks & Spencer’s cyber attack isn’t an exception - it’s a warning | TechRadar
Nearly Half of MSPs Have Dedicated Kitty For Ransomware Incidents - IT Security Guru
SharePoint victim count hits 400+ orgs in ongoing attacks • The Register
Hackers fooled Cognizant help desk, says Clorox in $380M cyber attack lawsuit
UK facing ‘very significant’ volume of cyber attacks, security minister warns | The Independent
UK’s Ransomware Payment Ban: Bold Strategy or Dangerous Gamble? - SecurityWeek
Retail Becomes New Target as Healthcare Ransomware Attacks Slow - Infosecurity Magazine
AI-Generated Lcryx Ransomware Discovered in Cryptomining Botnet - Infosecurity Magazine
Ransomware gang attacking NAS devices taken down in major police operation | TechRadar
CISA and FBI warn of escalating Interlock ransomware attacks
Ransomware Group Uses AI Chatbot to Intensify Pressure on Victims - Infosecurity Magazine
Storm-2603 spotted deploying ransomware on exploited SharePoint servers - Help Net Security
Worry about the basics of ransomware, not the AI threat - Tech Monitor
BlackSuit ransomware extortion sites seized in Operation Checkmate
New Phobos and 8base ransomware decryptor recover files for free
Wartime cyber attack wiped data from two major Iranian banks, expert says | Iran International
Ransomware Victims
Hackers fooled Cognizant help desk, says Clorox in $380M cyber attack lawsuit
Marks & Spencer’s cyber attack isn’t an exception - it’s a warning | TechRadar
Retail Becomes New Target as Healthcare Ransomware Attacks Slow - Infosecurity Magazine
The password that sank a 158-year-old business - IT Security Guru
Major European healthcare network discloses security breach
Two more entities have folded after ransomware attacks – DataBreaches.Net
Russian alcohol retailer WineLab closes stores after ransomware attack
Phishing & Email Based Attacks
Phishers have found a way to downgrade—not bypass—FIDO MFA - Ars Technica
'PoisonSeed' Attacker Skates Around FIDO Keys
UK ties GRU to stealthy Microsoft 365 credential-stealing malware
Russia Linked to New Malware Targeting Email Accounts for Espionage - Infosecurity Magazine
That “credit card security” email might be a trap | Cybernews
Rise in Phishing Activity Using Spoofed SharePoint Domains With Sneaky2FA Techniques
Beware: Hackers are using fake credit card emails to steal all your passwords | Tom's Guide
Other Social Engineering
Hackers fooled Cognizant help desk, says Clorox in $380M cyber attack lawsuit
Beware: Hackers are using fake credit card emails to steal all your passwords | Tom's Guide
Accounting Firm Targeted by Malware Campaign Using New Crypter - Infosecurity Magazine
Threat Actors Leverage Zoho WorkDrive Folder to Deliver Obfuscated PureRAT Malware
Dark Web Hackers Moonlight as Travel Agents
Former #1 Movie Piracy Site "Strongly Linked" to Global Infostealer Activity * TorrentFreak
Fraud, Scams and Financial Crime
Beware: Hackers are using fake credit card emails to steal all your passwords | Tom's Guide
Researchers Found Nearly 600 Incidents of AI Fraud | Security Magazine
UK and Romania Crack Down on ATM Fraudster Network - Infosecurity Magazine
Coyote malware abuses Microsoft UIA to hunt banking creds • The Register
Fake Receipt Generators Fuel Rise in Online Fraud - Infosecurity Magazine
Return Fraud Is Rampant Thanks to Free Shipping, Customer Behavior - Business Insider
The fraud trends shaping 2025: Pressure builds on online retailers - Help Net Security
Head of AI company warns of AI fraud | The Independent
'Explosive growth' in number of Channel Island fraud complaints - Island FM
$17 Million Is Lost in ATM Scam That Spread on TikTok, Officials Say - The New York Times
Artificial Intelligence
68% of Organisations Experienced Data Leakage From Employee AI Usage | Security Magazine
AI-Generated Lcryx Ransomware Discovered in Cryptomining Botnet - Infosecurity Magazine
Ransomware Group Uses AI Chatbot to Intensify Pressure on Victims - Infosecurity Magazine
How AI is changing the GRC strategy | CSO Online
People don't trust AI but they're increasingly using it anyway | ZDNET
Image watermarks meet their Waterloo with UnMarker • The Register
Researchers Found Nearly 600 Incidents of AI Fraud | Security Magazine
3 Ways Security Teams Can Minimize Agentic AI Chaos
How the EU Is Fighting Back Against Deepfakes - IT Security Guru
Nearly 2,000 MCP Servers Possess No Security Whatsoever
Hackers are using AI and panda images to infect Linux machines - here's how - BetaNews
Worry about the basics of ransomware, not the AI threat - Tech Monitor
WeTransfer ToS adding 'machine learning' caused freakout • The Register
2FA/MFA
Phishers have found a way to downgrade—not bypass—FIDO MFA - Ars Technica
'PoisonSeed' Attacker Skates Around FIDO Keys
Rise in Phishing Activity Using Spoofed SharePoint Domains With Sneaky2FA Techniques
Veeam Recovery Orchestrator users locked out after MFA rollout
Malware
Russia Linked to New Malware Targeting Email Accounts for Espionage - Infosecurity Magazine
UK, NATO accuse Russia's GRU over malware created to 'destablise' Europe - Breaking Defense
UK sanctions 20+ Russian hackers and agents for cyber attacks on Europe / The New Voice of Ukraine
CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign
Lumma Stealer Malware Returns After Takedown Attempt - SecurityWeek
Hackers are using AI and panda images to infect Linux machines - here's how - BetaNews
Coyote malware abuses Microsoft UIA to hunt banking creds • The Register
Accounting Firm Targeted by Malware Campaign Using New Crypter - Infosecurity Magazine
Threat Actors Leverage Zoho WorkDrive Folder to Deliver Obfuscated PureRAT Malware
A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors
NCSC: Russian malware controls emails | Cybernews
Hackers breach Toptal GitHub account, publish malicious npm packages
npm phishing attack laces popular packages with malware • The Register
Stealth backdoor found in WordPress mu-Plugins folder
Cyber criminals are Targeting US Businesses with Malicious USB Drives: By Robert Siciliano
Former #1 Movie Piracy Site "Strongly Linked" to Global Infostealer Activity * TorrentFreak
Arch Linux pulls AUR packages that installed Chaos RAT malware
Warning: Hacker Might Be Prepping This Steam Game to Spread Malware
Threat Actors Weaponizing .hwp Files to Deliver RokRAT Malware
Bots/Botnets
AI-Generated Lcryx Ransomware Discovered in Cryptomining Botnet - Infosecurity Magazine
Mobile
Zimperium Warns of Rising Mobile Cyber Threats Amid Summer Travel Surge
Here's What Phone Thieves Do to Prevent You From Tracking Your Device
5M Public, Unsecured Wi-Fi Networks Found Exposed | Security Magazine
This attack could give criminals control of your mobile or desktop browser - PhoneArena
Surveillance Firm Bypasses SS7 Protections to Retrieve User Location - SecurityWeek
MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict
China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones
Internet of Things – IoT
Your office printer could be the easiest backdoor into company networks - so update now | TechRadar
Is your Ring camera showing strange logins? Here's what's going on | ZDNET
Ring tries to explain 'May 28' bug, but users aren't buying it - Android Authority
Enterprise printer security fails at every stage - Help Net Security
Update your printer! Over 700 models actively being attacked by hackers | PCWorld
When Your Power Meter Becomes a Tool of Mass Surveillance | Electronic Frontier Foundation
Data Breaches/Leaks
Startup takes personal data stolen by malware and sells it on to other companies | Malwarebytes
Most data breaches have unknown causes as transparency continues to fall - Help Net Security
A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors
68% of Organisations Experienced Data Leakage From Employee AI Usage | Security Magazine
Holyrood | No evidence of data loss in Glasgow City Council cyber-attack, experts say
Inquiry after SAS identities leaked in new breach
Regulator Claims 9,000+ Clients' Data Hit Dark Web in Security Breach
Risika Data Breach Exposes 100M Swedish Records to Fraud Risks
France: New Data Breach Could Affect 340,000 Jobseekers - Infosecurity Magazine
People are getting over $4,000 from the T-Mobile data breach settlement
Dior begins sending data breach notifications to US customers
Dell scoffs at breach, says miscreants stole ‘fake data' • The Register
750,000 Impacted by Data Breach at The Alcohol & Drug Testing Service - SecurityWeek
Marketing, Law Firms Say Data Breaches Impact Over 200,000 People - SecurityWeek
Data breach feared after cyber attack on AMEOS hospitals in Germany – DataBreaches.Net
Major German media group falls victim to hacker attack – DW – 07/22/2025
1.4 Million Affected by Data Breach at Virginia Radiology Practice - SecurityWeek
Organised Crime & Criminal Actors
Dark Web Hackers Moonlight as Travel Agents
Europol Sting Leaves Russian 'NoName057(16)' Group Fractured
Europol Arrests XSS Forum Admin in Kyiv After 12-Year Run Operating Cyber Crime Marketplace
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
AI-Generated Lcryx Ransomware Discovered in Cryptomining Botnet - Infosecurity Magazine
New Wave of Crypto-Hijacking Infects 3,500+ Websites
3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics
Insider Risk and Insider Threats
Most cyber risks driven by few employees, study shows | SC Media
Supply Chain and Third Parties
Hackers fooled Cognizant help desk, says Clorox in $380M cyber attack lawsuit
Firmware Vulnerabilities Continue to Plague Supply Chain
Clorox accuses IT provider in lawsuit of giving hackers employee passwords - CNA
Sean Plankey vows to boot China from US supply chain, advocate for CISA budget
Cloud/SaaS
Russia Linked to New Malware Targeting Email Accounts for Espionage - Infosecurity Magazine
UK Sanctions 3 Russian Military Cyber Units - InfoRiskToday
UK blames Russia’s infamous ‘Fancy Bear’ group for Microsoft cloud hacks | CSO Online
Outages
Phone networks down: EE, BT, Three, and Vodafone all not working in mass outage | The Independent
Alaska’s system-wide ground stop ‘not a cyber security event’ | News | Flight Global
Has the media industry learned from the Crowdstrike outage? - TVBEurope
Encryption
UK May Backtrack on Controversial Demand for Backdoor to Encrypted Apple User Data - MacRumors
Linux and Open Source
Hackers are using AI and panda images to infect Linux machines - here's how - BetaNews
How unvalidated code is putting UK national security at risk - Tech Monitor
Digital sovereignty becomes a matter of resilience for Europe - Help Net Security
Arch Linux pulls AUR packages that installed Chaos RAT malware
Passwords, Credential Stuffing & Brute Force Attacks
158-Year-Old UK Logistics Firm KNP Collapses After Ransomware Attack Exploits Weak Password
UK ties GRU to stealthy Microsoft 365 credential-stealing malware
The password that sank a 158-year-old business - IT Security Guru
Hard-Coded Credentials Found in HPE Instant On Devices Allow Admin Access
New QR Code Attack Via PDFs Evades Detection Systems and Harvest Credentials
Clorox accuses IT provider in lawsuit of giving hackers employee passwords - CNA
Hackers scanning for TeleMessage Signal clone flaw exposing passwords
Regulations, Fines and Legislation
UK Confirms Ransomware Payment Ban for Public Sector and CNI - Infosecurity Magazine
UK facing ‘very significant’ volume of cyber attacks, security minister warns | The Independent
UK’s Ransomware Payment Ban: Bold Strategy or Dangerous Gamble? - SecurityWeek
Monzo’s £21m fine highlights banks’ cyber security failures | Computer Weekly
Six months into DORA, most financial firms are still not ready - Help Net Security
UK May Backtrack on Controversial Demand for Backdoor to Encrypted Apple User Data - MacRumors
ENISA Turns to Experts to Steer EU Cyber Regulations
Over 80% solar inverters Chinese-made, India moves to shield power grid from cyber risks
UK Sanctions 3 Russian Military Cyber Units - InfoRiskToday
Sean Plankey vows to boot China from US supply chain, advocate for CISA budget
Government responds to feedback on ransomware consultation | Practical Law
After website hack, Arizona election officials unload on Trump’s CISA | CyberScoop
Models, Frameworks and Standards
Six months into DORA, most financial firms are still not ready - Help Net Security
Careers, Working in Cyber and Information Security
AI is here, but you still need juniors, say cyber security pros | Cybernews
How to Advance from SOC Manager to CISO?
How to Build a Cyber Security Team to Maximize Business Impact
How to land your first job in cyber security - Help Net Security
Law Enforcement Action and Take Downs
Lumma Stealer Malware Returns After Takedown Attempt - SecurityWeek
Europol targets Kremlin-backed cyber crime gang NoName057(16)
Europol Arrests XSS Forum Admin in Kyiv After 12-Year Run Operating Cyber Crime Marketplace
UK and Romania Crack Down on ATM Fraudster Network - Infosecurity Magazine
Ransomware gang attacking NAS devices taken down in major police operation | TechRadar
Operator of Jetflicks illegal streaming service gets 7 years in prison
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Russia Linked to New Malware Targeting Email Accounts for Espionage - Infosecurity Magazine
NATO Condemns Russian Malicious Cyber Activities – Statement – Eurasia Review
UK sanctions 20+ Russian hackers and agents for cyber attacks on Europe / The New Voice of Ukraine
NATO countries to employ full range of capabilities to counter cyber threats from Russia – Rutte
Russian sabotage attacks surged across Europe in 2024
Russian trawlers threaten vital undersea cables in Atlantic
Europe cyber attacks surge amid geopolitical tensions | Cybernews
UK sanctions Russian cyber spies accused of facilitating murders – DataBreaches.Net
UK uncovers novel Microsoft snooping malware, blames GRU • The Register
NCSC: Russian malware controls emails | Cybernews
Why it's time for the US to go on offense in cyber space | CyberScoop
Recovery IS strength: The test of American cyber power | SC Media
China-Backed APT41 Attack Surfaces in Africa
China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure
Opinion | To fight cyberwar, the US must establish a tech academy - The Washington Post
Nation State Actors
Europe cyber attacks surge amid geopolitical tensions | Cybernews
How Can Companies Guard Against Rising Nation-State Cyber Threats? | Phelps Dunbar - JDSupra
China
3 China Nation-State Actors Target SharePoint Bugs
Over 80% solar inverters Chinese-made, India moves to shield power grid from cyber risks
Sean Plankey vows to boot China from US supply chain, advocate for CISA budget
China-Backed APT41 Attack Surfaces in Africa
China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure
China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones
Singapore warns China-linked group UNC3886 targets its critical infrastructure
China warns of backdoored devices, on land and under the sea • The Register
Russia
NATO Condemns Russian Malicious Cyber Activities – Statement – Eurasia Review
UK sanctions 20+ Russian hackers and agents for cyber attacks on Europe / The New Voice of Ukraine
NATO countries to employ full range of capabilities to counter cyber threats from Russia – Rutte
British institutions to be banned from paying ransoms to Russian hackers – POLITICO
UK, NATO accuse Russia's GRU over malware created to 'destablise' Europe - Breaking Defense
Russia Linked to New Malware Targeting Email Accounts for Espionage - Infosecurity Magazine
Russian sabotage attacks surged across Europe in 2024
Russian trawlers threaten vital undersea cables in Atlantic
Europol Sting Leaves Russian 'NoName057(16)' Group Fractured
UK Sanctions 3 Russian Military Cyber Units - InfoRiskToday
UK ties GRU to stealthy Microsoft 365 credential-stealing malware
CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign
UK sanctions Russian cyber spies accused of facilitating murders – DataBreaches.Net
Europol Arrests XSS Forum Admin in Kyiv After 12-Year Run Operating Cyber Crime Marketplace
Operation CargoTalon Attacking Russian Aerospace & Defence to Deploy EAGLET Implant
Russian alcohol retailer WineLab closes stores after ransomware attack
Iran
MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict
Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents
Iranian Hackers Deploy New Android Spyware Version - Infosecurity Magazine
Will An Iran Cyber Attack Panic Usher In A New Patriot Act? – OpEd – Eurasia Review
Ex-IDF cyber chief talks Iran, Scattered Spider with The Reg • The Register
Wartime cyber attack wiped data from two major Iranian banks, expert says | Iran International
North Korea
Europe cyber attacks surge amid geopolitical tensions | Cybernews
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
From Missiles to Malware: India-Pakistan Cyber Rivalry and Lessons for Taiwan – Taiwan Insight
Tools and Controls
Ransomware gang attacking NAS devices taken down in major police operation | TechRadar
AI is here, but you still need juniors, say cyber security pros | Cybernews
As AI tools take hold in cyber security, entry-level jobs could shrink - Help Net Security
Firmware Vulnerabilities Continue to Plague Supply Chain
Your office printer could be the easiest backdoor into company networks - so update now | TechRadar
Enterprise printer security fails at every stage - Help Net Security
Update your printer! Over 700 models actively being attacked by hackers | PCWorld
Majority of CISOs Lack Full Visibility Over APIs - IT Security Guru
How to harden your Active Directory against Kerberoasting
What Makes Great Threat Intelligence?
How to Use Threat Intelligence to Enhance Cyber Security Operations
DNS security is important but is DNSSEC a failed experiment? • The Register
Veeam Recovery Orchestrator users locked out after MFA rollout
3 Ways Security Teams Can Minimize Agentic AI Chaos
Reclaiming Control: How Enterprises Can Fix Broken Security Operations - SecurityWeek
Your app is under attack every 3 minutes - Help Net Security
China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones
Other News
What To Know About Dangerous Airport And Airline Cyber Attacks, And Why They're On The Rise
Retail Becomes New Target as Healthcare Ransomware Attacks Slow - Infosecurity Magazine
Summer habits could increase cyber risk to enterprise data - Data Centre & Network News
From beaches to breaches: Summer work habits put enterprise data at risk - Digital Journal
NATO warns ports vulnerable to 'unprecedented' cyber threats - FreightWaves
Meta and Google are laying a fast-growing web of mega subsea cables
Ports are getting smarter and more hackable - Help Net Security
Coast Guard Issues Cyber Rule for Maritime Transport Safety
World Health Organisation CISO on securing global health emergencies - Help Net Security
Loaf and order: Belgian police launch bread-based cyber security campaign • Graham Cluley
Basic cyber security lapses are leaving US infrastructure exposed, top experts warn - Nextgov/FCW
How did Stuxnet impact cyber operations? The US House aims to find out | SC Media
Vulnerability Management
Microsoft Put Older Versions of SharePoint on Life Support. Hackers Are Taking Advantage | WIRED
Update your printer! Over 700 models actively being attacked by hackers | PCWorld
How quickly do we patch? A quick look from the global viewpoint - SANS Internet Storm Center
VMware portal prevents some users from downloading patches • The Register
Vulnerabilities
Microsoft Put Older Versions of SharePoint on Life Support. Hackers Are Taking Advantage | WIRED
SharePoint victim count hits 400+ orgs in ongoing attacks • The Register
Microsoft says some SharePoint hackers now using ransomware | Reuters
CitrixBleed 2: 100 Organisations Hacked, Thousands of Instances Still Vulnerable - SecurityWeek
Microsoft fixes two SharePoint zero-days under attack, but it's not over - how to patch | ZDNET
Cisco confirms active exploitation of ISE and ISE-PIC flaws
Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices
Critical Vulnerabilities Patched in Sophos Firewall - SecurityWeek
SonicWall Patches Critical SMA 100 Vulnerability, Warns of Recent Malware Attack - SecurityWeek
Rise in Phishing Activity Using Spoofed SharePoint Domains With Sneaky2FA Techniques
Microsoft mistakenly tags Windows Firewall error log bug as fixed
New 7-Zip Vulnerability Enables Malicious RAR5 File to Crash Your System
Another massive security snafu hits Microsoft • The Register
High-Severity Flaws Patched in Chrome, Firefox - SecurityWeek
High-Severity Flaws Patched in Chrome, Firefox - SecurityWeek
Critical Mitel Flaw Lets Hackers Bypass Login, Gain Full Access to MiVoice MX-ONE Systems
Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services
Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers
VMware portal prevents some users from downloading patches • The Register
CISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.