Black Arrow Cyber Threat Intelligence Briefing 26 September 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Cyber risk continues to dominate the business agenda, with incidents showing the scale of disruption and loss. A recurring insight this week is that attackers often remain undetected for long periods, exploiting MFA weaknesses and third-party flaws; supply chain risks are also prominent. The threat landscape is evolving: phishing is spreading beyond email, stolen credentials fuel cybercrime, and generative AI introduces deepfakes and malicious prompts.
To address these challenges, business leaders need an objective view of their risks and should establish their cyber strategy across people, operations and technology. Independent testing of response plans and governance over suppliers and AI systems are essential; cyber resilience must be led from the top, not delegated to IT.
Top Cyber Stories of the Last Week
Finance Professionals Rank Cyber as The Top Risk for 2026
Cyber security has emerged as the most significant threat to businesses, with over eight in ten chief internal auditors naming it their primary concern. Recent incidents targeting major UK firms and critical infrastructure have exposed severe financial and operational impacts, with some organisations facing losses in the hundreds of millions and prolonged supply chain disruption. The Chartered Institute of Internal Auditors cautions that attacks are becoming increasingly common and advanced, often fuelled by developments in artificial intelligence.
UK Co-operative Group Counts a £200m Sales Hit from Its April Cyber Incident
The Co-operative Group has disclosed widespread disruption and financial impact following a cyber attack in April. The incident affected multiple business units, including funeral services, and led to a substantial drop in sales, reportedly exceeding £200 million. Member data was compromised, and the organisation posted a significant pre-tax loss for the first half of the year. Senior executives acknowledged the event exposed both operational strengths and areas requiring improvement, with further consequences anticipated in the months ahead.
Tata Motors Shares Drop 5% after JLR Cyber Attack
Jaguar Land Rover continues to grapple with a serious cyber incident that has halted production at UK facilities and affected tens of thousands of employees. The company has extended its operational pause while investigations proceed, and analysts suggest the financial impact could be considerable. Reports indicate the firm lacked cyber insurance coverage for this event, and the disruption is believed to be costing millions each week, posing reputational and financial challenges for both JLR and its parent company.
Airport Outages Expose Fragile Links in Aviation Supply Chains
Recent cyber attacks at major European airports disrupted check-in and boarding after hackers targeted Collins Aerospace’s Muse software, which manages shared airport systems. The incident highlighted the vulnerabilities linked to third-party dependencies, with operational and reputational consequences spreading rapidly across multiple countries. The case emphasises the importance of robust supply chain governance, ongoing monitoring, and well-tested recovery strategies, as weaknesses in external vendors can be just as damaging as breaches within an organisation’s own systems.
Attackers Focus on MFA Bypass and Supply Chain Routes
Attackers are increasingly exploiting weaknesses in identity and access controls, with Ontinue’s mid-2025 report highlighting a sharp rise in supply chain incidents, which now account for nearly a third of cyber cases. Almost 40% of cloud intrusions involved multiple hidden access methods, enabling attackers to remain undetected for weeks, while 20% used token replay to bypass multi-factor authentication. Phishing campaigns using image-based email attachments grew by 70%, and USB-based attacks surged by more than a quarter. The report stresses the need for stronger identity safeguards, closer supplier oversight and tighter control of overlooked entry points.
Insurer Reclaiming Costs from Technology Providers
ACE American Insurance, part of Chubb, is pursuing legal action against two technology vendors after reimbursing ransomware-related losses for staffing firm CoWorx. The insurer claims the cloud provider failed to implement adequate security controls, including strong authentication, while the monitoring firm did not respond effectively to early warning signs. These alleged lapses enabled attackers to encrypt systems and demand payment. ACE is seeking compensation through claims of negligence and breach of contract.
https://www.claimsjournal.com/news/national/2025/09/22/333061.htm
Ransomware Crews Multiply and Focus on Data Theft
Ransomware activity continues to surge, with more than 3,700 victims in the first half of 2025; a 20% increase on late 2024 and 67% higher year-on-year. The growth is fuelled by a rental model where criminals lease tools to affiliates, enabling more attacks with less effort. Nearly 90 groups were active, including 35 new entrants, making threats harder to track. North America and Europe remain prime targets, with NATO members accounting for 65% of cases. Increasingly, attackers focus on stealing and threatening to release data, highlighting the need for stronger early detection.
https://www.helpnetsecurity.com/2025/09/26/report-2025-ransomware-attack-trends/
Phishing Surges as The Top Doorway for Ransomware In 2025
Phishing has emerged as the leading method for ransomware delivery, with a marked increase in incidents compared to the previous year. A recent report shows that nearly nine in ten organisations experienced ransomware-related events, and many faced repeated attacks. The proliferation of phishing-as-a-service tools has lowered the barrier for entry, enabling less sophisticated actors to launch damaging campaigns. Despite confidence in existing defences, many firms lack robust procedures to manage identity exposure and investigate breaches
https://betanews.com/2025/09/23/phishing-is-now-the-main-entry-point-for-ransomware/
Phishing Campaigns Spread Beyond Email as Criminals Exploit New Channels
Phishing is no longer confined to email. Attackers are increasingly leveraging social media, messaging apps, and malicious ads to distribute fraudulent links. This trend exploits the fact that employees often access personal apps on work devices, creating new entry points for attackers. Reports highlight that more than 60% of stolen login details now come from social media sites, making them a prime target. Once an account is compromised, attackers can gain access to critical business systems and data, with the potential for widespread breaches. Traditional email-focused defences are no longer sufficient to address this risk.
Generative AI Attacks Accelerate With Deepfakes and Malicious Prompts
Threats linked to generative AI are rising sharply, with a growing number of organisations reporting incidents involving deepfakes and prompt manipulation. Fake audio is increasingly used to deceive staff and bypass controls, while AI assistants are being targeted through crafted inputs. Gartner advises that existing security frameworks must evolve to address these risks, and anticipates that proactive AI protection will represent a significant share of security budgets by the end of the decade.
https://www.itpro.com/security/generative-ai-attacks-are-accelerating-at-an-alarming-rate
Stolen Credentials Fuel a Thriving Cybercrime Marketplace
An expanding underground economy is centred around stolen digital identities, with login credentials traded as valuable assets. Financial institutions are particularly exposed, facing substantial losses per breach. Attackers often exploit weak identity governance and gaps in AI system security. Despite the scale of the threat, identity protection remains under-prioritised, prompting calls for stronger oversight and executive-level commitment to reduce financial and reputational exposure.
https://www.helpnetsecurity.com/2025/09/26/stolen-identity-cybercrime-economy/
China Linked Attackers Embedded in Many Enterprises
Google warns that suspected China-linked threat actors have compromised multiple organisations since March, often remaining undetected for over a year. Attackers gained access by exploiting flaws in widely used software, installing hidden tools that bypass standard monitoring. Targets have included law firms, technology providers and outsourcing firms, with intruders seeking valuable data and email access from key staff. Google noted the attackers are adapting quickly and scaling their operations, which means more companies are likely to uncover historic or ongoing breaches in the coming years.
https://www.theregister.com/2025/09/24/google_china_spy_report/
Law Firms Face Mounting Raids on Sensitive Client Files
Cyber criminals are increasingly targeting law firms to gain access to confidential client information. Both small practices and large legal organisations are at risk due to outdated systems, insufficient staff training and poor cyber hygiene. One in five firms experienced an attack last year, and nearly 40 percent of those incidents led to data compromise. Some breaches have forced legal bodies offline or resulted in costly settlements. With nation-state actors also involved and emerging threats such as deepfakes, clients are placing greater importance on firms that demonstrate strong and proactive cyber security measures.
https://www.helpnetsecurity.com/2025/09/23/law-firms-cyberthreats/
Governance, Risk and Compliance
Cyber security biggest risk as businesses reel from major attacks | ICAEW
The culture of silence on data breaches has gone too far - Tech Monitor
Cyber attacks cost Europe €300bn in five years, warns Howden | Global Reinsurance
Cyber attacks cost European businesses over €300bn as insurance uptake lags
Cyber Threats Remain a Top Business Concern in Travelers Risk Index
CIO Watercooler Talk: C-Suite Advisors Amid Disruption
What Is Regulatory Compliance? | Definition From TechTarget
48% of Cybersecurity Bosses Failed to Report a Breach This Year
Gartner: Preemptive cybersecurity to dominate 50% of security spend by 2030 - Help Net Security
Hackers target supply chains’ weak links in growing threat to companies
Why IT/Security alignment is the key to efficient operations – Computerworld
Perspective: Why Politics in the Workplace is a Cybersecurity Risk - SecurityWeek
Threats
Ransomware, Extortion and Destructive Attacks
Phishing is now the main entry point for ransomware - BetaNews
How One Bad Password Ended a 158-Year-Old Business
Insurer Says Tech Services Firms Should Pay for Insured’s Ransomware Damages
Known. Emerging. Unstoppable? Ransomware Attacks Still Evade Defenses
Organizations Must Update Defenses to Scattered Spider Tactics, Expert - Infosecurity Magazine
Ransomware groups are multiplying, raising the stakes for defenders - Help Net Security
WarLock ransomware group attack surge | Cybernews
BlackLock Ransomware Attacking Windows, Linux, and VMware ESXi Environments
Scattered Spider Targets Financial Sector After Alleged Retirement | Security Magazine
UK chancellor blames cyberattacks on Russia despite evidence • The Register
GOLD SALEM Compromise Networks and Bypass Security Solutions to Deploy Warlock Ransomware
Suspect arrested in cyberattack on Collins Aerospace check-in software | SC Media
Scattered Spider Member Surrenders Amid Shutdown Claims
Teen arrested in UK was a core figure in Scattered Spider’s operations | CyberScoop
Ransomware Payments vs Rising Incident Counts in 2025 - What’s Changing in RaaS Economics
Another alleged Scattered Spider member arrested • The Register
Vegas cops book teen allegedly involved in casino hacks • The Register
Obscura, an obscure new ransomware variant
INC ransomware: what you need to know | Fortra
Will banning ransom payments help protect UK businesses? - Raconteur
Ransomware Victims
Insurer Says Tech Services Firms Should Pay for Insured’s Ransomware Damages
Jaguar Land Rover to bear full cost of cyber attack due to lack of insurance cover
How One Bad Password Ended a 158-Year-Old Business
Co-op suffers £200m revenue hit as it counts cost of April's cyber attack
Which UK retailers have been hit by cyber attacks in 2025? - Raconteur
A cyberattack on Collins Aerospace disrupted operations at major European airports
Collins Aerospace ‘cyber attack’ latest in series of incidents at UK airports | The Standard
Airlines seen as vulnerable as ransomware confirmed in weekend cyberattack
Jaguar Land Rover Says Shutdown Will Continue Until at Least Oct 1 After Cyberattack - SecurityWeek
Cyber Attack On JLR Should Be A ‘Wake-Up Call’ For British Industry - Minister - PM Today
‘Like a bomb threat’ – Co-op looks forward as it grapples with cyber attack fallout | Retail Week
Volvo Group Employee Data Stolen in Ransomware Attack - SecurityWeek
Scattered Spider Targets Financial Sector After Alleged Retirement | Security Magazine
Was the chancellor right to accuse Russia of being behind recent UK cyber attacks? | ITV News
Phishing & Email Based Attacks
Phishing is now the main entry point for ransomware - BetaNews
17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge
Why attackers are moving beyond email-based phishing attacks
How to Spot and Stop Phishing Attacks Before They Happen - DevX
Microsoft spots LLM-obfuscated phishing attack - Help Net Security
AI vs. AI: Detecting an AI-obfuscated phishing campaign | Microsoft Security Blog
Threat Actors Attacking ICS Computers With Malicious Scripts and Phishing Pages
Phishing Campaign Evolves into PureRAT Deployment - Infosecurity Magazine
Other Social Engineering
What to do if your company discovers a North Korean worker in its ranks | CyberScoop
DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams
How hiring fraud has become a cybersecurity threat vector | Biometric Update
Criminals are driving fake cell towers through cities to blast out scam texts | TechSpot
US employees 'unprepared' for cybersecurity threats - New Study
North Korean IT workers use fake profiles to steal crypto - Help Net Security
Threat Actor’s Using Copyright Takedown Claims to Deploy Malware
Lazarus RAT code resurfaces in North Korean IT-worker scams • The Register
Fraud, Scams and Financial Crime
Criminals are driving fake cell towers through cities to blast out scam texts | TechSpot
FBI Warns of Spoofed IC3 Website - SecurityWeek
Scammers are now faking the FBI's own website - here's how to stay safe | ZDNET
Eurojust Arrests 5 in €100M Cryptocurrency Investment Fraud Spanning 23 Countries
Artificial Intelligence
ChatGPT 'ShadowLeak' Allows Hackers to Steal Emails
Deepfake Attacks Hit Two-Thirds of Businesses - Infosecurity Magazine
Microsoft spots LLM-obfuscated phishing attack - Help Net Security
Hackers are using GPT-4 to build a virtual assistant - here's what we know | TechRadar
‘Harvest Now, Decrypt Later’ Attacks in the Post-Quantum, AI Era - EE Times Europe
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks | Trend Micro (US)
Critical Security Flaws Grow with AI Use, New Report Shows - Infosecurity Magazine
GenAI is exposing sensitive data at scale - Help Net Security
AI is rewriting the rules of cyber defense - Help Net Security
Generative AI attacks are accelerating at an alarming rate | IT Pro
AI needs ethics to avoid real-world harm - Help Net Security
Kaspersky: RevengeHotels returns with AI-coded malware • The Register
Why AI systems may never be secure, and what to do about it
Google's latest AI safety report explores AI beyond human control | ZDNET
2FA/MFA
Threat actors turning to MFA bypass, USB malware and supply chain attacks | SC Media
Malware
Threat actors turning to MFA bypass, USB malware and supply chain attacks | SC Media
DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams
Threat Actor’s Using Copyright Takedown Claims to Deploy Malware
Beware: GitHub repos distributing Atomic Infostealer on macOS
SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers
LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer
Nimbus Manticore Deploys New Malware Targeting Europe - Check Point Research
Iran-Linked Hackers Target Europe With New Malware
Hacker Deploys 'OVERSTEP' Backdoor in SonicWall Attack
Google: Brickstorm malware used to steal U.S. orgs' data for over a year
BRICKSTORM malware is new Chinese espionage threat | Cybernews
Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs
Lazarus RAT code resurfaces in North Korean IT-worker scams • The Register
New EDR-Freeze tool uses Windows WER to suspend security software
Artifical Intellegence Trained to Attack Hotel Guests
Kaspersky: RevengeHotels returns with AI-coded malware • The Register
Threat Actors Attacking ICS Computers With Malicious Scripts and Phishing Pages
North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers
Phishing Campaign Evolves into PureRAT Deployment - Infosecurity Magazine
Bots/Botnets
SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers
Double the Power: New DDoS From 'Aisuru' Botnet Easily Shatters Record
Cloudflare mitigates largest-ever DDoS attack at 22.2 Tbps
New Botnet Leverages DNS Misconfiguration to Launch Massive Cyber Attack
ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service
Mobile
Criminals are driving fake cell towers through cities to blast out scam texts | TechSpot
Unpatched flaw in OnePlus phones lets rogue apps text messages
Denial of Service/DoS/DDoS
Double the Power: New DDoS From 'Aisuru' Botnet Easily Shatters Record
Cloudflare mitigates largest-ever DDoS attack at 22.2 Tbps
ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service
Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds
Predicting DDoS attacks: How deep learning could give defenders an early warning - Help Net Security
Internet of Things – IoT
EV charging biz zaps customers with data leak scare • The Register
Hackers Exploiting Hikvision Camera Vulnerability to Access Sensitive Information
Data Breaches/Leaks
ChatGPT 'ShadowLeak' Allows Hackers to Steal Emails
‘Harvest Now, Decrypt Later’ Attacks in the Post-Quantum, AI Era - EE Times Europe
Car Giant Stellantis Confims Third-Party Breach - Infosecurity Magazine
The culture of silence on data breaches has gone too far - Tech Monitor
Vastaamo psychotherapy hack: US citizen charged in latest twist of notorious data breach
Stellantis Data Breach Affects Millions of Car Buyers: Report | Entrepreneur
Cybercriminals are going after law firms' sensitive client data - Help Net Security
EV charging biz zaps customers with data leak scare • The Register
Volvo Group Employee Data Stolen in Ransomware Attack - SecurityWeek
‘Our worst day’: The untold story of the Electoral Commission cyber attack | Computer Weekly
Children's names, pictures and addresses stolen in nursery hack - BBC News
Boyd Gaming discloses data breach after suffering a cyberattack
Organised Crime & Criminal Actors
UK chancellor blames cyberattacks on Russia despite evidence • The Register
Scattered Spider Member Surrenders Amid Shutdown Claims
Teen arrested in UK was a core figure in Scattered Spider’s operations | CyberScoop
Attacker Breakout Time Falls to 18 Minutes - Infosecurity Magazine
Inside the economy built on stolen credentials - Help Net Security
Eurojust Arrests 5 in €100M Cryptocurrency Investment Fraud Spanning 23 Countries
Canada dismantles TradeOgre exchange, seizes $40 million in crypto
$439 million recovered in global financial crime crackdown - Help Net Security
€100M crypto scam busted: Five arrested in Europe-wide operation - Help Net Security
‘I Was a Weird Kid’: Jailhouse Confessions of a Teen Hacker – DataBreaches.Net
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
€100M crypto scam busted: Five arrested in Europe-wide operation - Help Net Security
DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams
North Korean IT workers use fake profiles to steal crypto - Help Net Security
Canada dismantles TradeOgre exchange, seizes $40 million in crypto
North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers
Malware 'Game' On Steam Stole $32K From Cancer-Stricken Streamer
Insider Risk and Insider Threats
What to do if your company discovers a North Korean worker in its ranks | CyberScoop
How hiring fraud has become a cybersecurity threat vector | Biometric Update
US employees 'unprepared' for cybersecurity threats - New Study
Lazarus RAT code resurfaces in North Korean IT-worker scams • The Register
Insurance
Cyber attacks cost Europe €300bn in five years, warns Howden | Global Reinsurance
Cyber reinsurers reconsider appetite as market softens :: Insurance Day
Supply Chain and Third Parties
Threat actors turning to MFA bypass, USB malware and supply chain attacks | SC Media
Experts Warn of Global Breach Risk from Indian Suppliers - Infosecurity Magazine
Stellantis Data Breach Affects Millions of Car Buyers: Report | Entrepreneur
UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors
Airport Chaos Shows Human Impact of 3rd-Party Attacks
Jaguar Land Rover Extends Production Pause Again - Infosecurity Magazine
Airport cyber attacks highlight growing supply chain risk :: Insurance Day
Airport Chaos Shows Human Impact of 3rd-Party Attacks
Survey assesses impact of JLR cyber attack on supply chain - BBC News
Hackers target supply chains’ weak links in growing threat to companies
Tata-owned Jaguar Land Rover pushes to pay struggling suppliers after hack - The Economic Times
Software Supply Chain
5 ways to spot software supply chain attacks and stop worms - before it's too late | ZDNET
Encryption
‘Harvest Now, Decrypt Later’ Attacks in the Post-Quantum, AI Era - EE Times Europe
Linux and Open Source
BlackLock Ransomware Attacking Windows, Linux, and VMware ESXi Environments
Passwords, Credential Stuffing & Brute Force Attacks
How One Bad Password Ended a 158-Year-Old Business
Inside the economy built on stolen credentials - Help Net Security
The Credential Cracking Crisis: Why Role-Based Training Is No Longer Optional | MSSP Alert
Social Media
Trump says Michael Dell is part of the team buying TikTok • The Register
Regulations, Fines and Legislation
What Is Regulatory Compliance? | Definition From TechTarget
Will banning ransom payments help protect UK businesses? - Raconteur
Cyber threat information law hurtles toward expiration, with poor prospects for renewal | CyberScoop
Banks Brace for Cyber Fight as CISA Faces Expiration
FBI Pushes Back Against Scrutiny Over Cyber Cuts, Vacancies
NIS2 in the Baltics: How Lithuania, Latvia, and Estonia Differ
DoD issues replacement for risk management framework - Breaking Defense
Models, Frameworks and Standards
Has the UK’s Cyber Essentials scheme failed? - Tech Monitor
DoD issues replacement for risk management framework - Breaking Defense
NIS2 in the Baltics: How Lithuania, Latvia, and Estonia Differ
Careers, Working in Cyber and Information Security
Cyber Team Burnout Rivals Healthcare, Expert Says
AI is altering entry-level cyber hiring — and the nature of the skills gap | CSO Online
FBI to CISO: Unconventional Paths to Cyber Success
Law Enforcement Action and Take Downs
Teen arrested in UK was a core figure in Scattered Spider’s operations | CyberScoop
Was the chancellor right to accuse Russia of being behind recent UK cyber attacks? | ITV News
UK chancellor blames cyberattacks on Russia despite evidence • The Register
Scattered Spider Member Surrenders Amid Shutdown Claims
Vastaamo psychotherapy hack: US citizen charged in latest twist of notorious data breach
Suspect arrested in cyberattack on Collins Aerospace check-in software | SC Media
€100M crypto scam busted: Five arrested in Europe-wide operation - Help Net Security
Canada dismantles TradeOgre exchange, seizes $40 million in crypto
Eurojust Arrests 5 in €100M Cryptocurrency Investment Fraud Spanning 23 Countries
$439 million recovered in global financial crime crackdown - Help Net Security
Judge orders release of teen accused in 2023 casino cyberattacks – DataBreaches.Net
Another alleged Scattered Spider member arrested • The Register
Las Vegas police arrest minor accused of high-profile 2023 casino attacks | CyberScoop
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
UK needs better defences to protect undersea internet cables from Russian sabotage | Computer Weekly
New Chinese Espionage Hacking Group Uncovered
Suspected Chinese spies broke into 'numerous' enterprises • The Register
Nation State Actors
China
Suspected Chinese spies broke into 'numerous' enterprises • The Register
New Chinese Espionage Hacking Group Uncovered
‘Most Prevalent’ Chinese Hacking Group Targets Tech, Law Firms
Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike
Telecom exec: Salt Typhoon inspiring other hackers to use unconventional techniques | CyberScoop
SEO Poisoning Campaign Tied to Chinese Actor
Trump says Michael Dell is part of the team buying TikTok • The Register
Dropping China spying charges leaves Commons open to espionage, says Speaker - BBC News
Chinese Cyberspies Hacked US Defense Contractors - SecurityWeek
Russia
UK needs better defences to protect undersea internet cables from Russian sabotage | Computer Weekly
Was the chancellor right to accuse Russia of being behind recent UK cyber attacks? | ITV News
UK chancellor blames cyberattacks on Russia despite evidence • The Register
Turla and Gamaredon Working Together in Fresh Ukrainian Intrusions - SecurityWeek
Russian State Hackers Collaborate in Attacks Against Ukraine - Infosecurity Magazine
Russia Targets Moldovan Election in Disinformation Play
Spanish military jet carrying defence minister hit with 'cyber attack' near Russia - JOE.co.uk
Researchers say media outlet targeting Moldova is a Russian cutout | CyberScoop
Iran
Nimbus Manticore Deploys New Malware Targeting Europe - Check Point Research
Iran-Linked Hackers Target Europe With New Malware
Iranian State APT Blitzes Telcos & Satellite Companies
Flushable wipes and Iran: Water treatment facility adds cyberattacks to worry list : NPR
North Korea
What to do if your company discovers a North Korean worker in its ranks | CyberScoop
How hiring fraud has become a cybersecurity threat vector | Biometric Update
Lazarus RAT code resurfaces in North Korean IT-worker scams • The Register
DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams
North Korean IT workers use fake profiles to steal crypto - Help Net Security
Calls grow for cybersecurity control tower - The Korea Times
North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Hate Groups Seize on Trump’s Antifa Order With Online Threats
Tools and Controls
AI is altering entry-level cyber hiring — and the nature of the skills gap | CSO Online
New EDR-Freeze tool uses Windows WER to suspend security software
Gartner: Preemptive cybersecurity to dominate 50% of security spend by 2030 - Help Net Security
Gartner: CISOs must master agentic AI and turn hype into strategy
Cyber Threat Detection Vendors Pull Out of MITRE Evaluations Test - Infosecurity Magazine
Lean Teams, Higher Stakes: Why CISOs Must Rethink Incident Remediation
5 ways to spot software supply chain attacks and stop worms - before it's too late | ZDNET
10 Common Network Vulnerabilities That Could Put Your Business At Risk - Security Boulevard
North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers
Predicting DDoS attacks: How deep learning could give defenders an early warning - Help Net Security
How AI augmentation is revolutionizing penetration testing in cybersecurity | TechRadar
Beware Falling Into the Technology-First Resilience Trap
Anything but safe: Using VPN can bear immense risks – DW – 09/20/2025
DoD issues replacement for risk management framework - Breaking Defense
Brit banking group insists security priority in AI rollout • The Register
Other News
UK needs better defences to protect undersea internet cables from Russian sabotage | Computer Weekly
Why hackers are targeting the world's shipping - BBC News
Cyber attacks impacting trust in online retail - survey
Three in four European companies are hooked on US tech • The Register
The diplomacy of emerging tech and cross–border data sharing
As Incidents Rise, Japan's Cybersecurity Falls Short
Retail at risk: How one alert uncovered a persistent cyberthreat | Microsoft Security Blog
Austria military ditches Microsoft for open-source LibreOffice - here's why | ZDNET
Avoiding service desk exploitation: deconstructing the modern retail attack | TechRadar
Vulnerability Management
Critical Security Flaws Grow with AI Use, New Report Shows - Infosecurity Magazine
10 Common Network Vulnerabilities That Could Put Your Business At Risk - Security Boulevard
How to get free Windows 10 security updates through October 2026 | ZDNET
Microsoft pressured to extend free Windows 10 security updates in most of Europe
Microsoft Accepts to Make Windows 10 Extended Security Updates Free for EU Consumers
Vulnerabilities
Azure Entra ID Flaw Highlights Microsoft IAM Issues
SolarWinds fixes critical Web Help Desk RCE vulnerability (CVE-2025-26399) - Help Net Security
Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks - SecurityWeek
Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive
Cisco's Wave of Zero-Day Bugs Targets Firewalls, IOS
Hacker Deploys 'OVERSTEP' Backdoor in SonicWall Attack
Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants
SonicWall Updates SMA 100 Appliances to Remove Overstep Malware - SecurityWeek
Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security
Microsoft finally squashed this major Windows 11 24H2 bug - one year later | ZDNET
Critical Vulnerability in Salesforce AgentForce Exposed - Infosecurity Magazine
Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection
Fortra Patches Critical GoAnywhere MFT Vulnerability - SecurityWeek
Final Chrome 140 update fixes more security vulnerabilities | PCWorld
Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials
Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models
Unpatched flaw in OnePlus phones lets rogue apps text messages
CISA says hackers breached federal agency using GeoServer exploit
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.