Black Arrow Cyber Threat Intelligence Briefing 29 August 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Our review of threat intelligence this week reinforces that cyber attackers target employees to get into the organisation’s systems: attacks via Microsoft Teams have come to the fore again, alongside more classic email phishing. We also look at how the C-Suite is addressing the challenge of cyber security, bringing the subject to the Board as a strategic enabler; this includes strengthening the leadership team’s ability to respond to a cyber incident. While many organisations look to their insurance policy as a safety net during an incident, we report on how insurers may limit their payments if they find that the organisation has not maintained sufficient security.
The second half of our review includes details of emerging and developing attacks, from Android banking applications to PDFs and information stealers. Ransomware continues to surge, driven by new attacker groups that formed after others were shut down by law enforcement; recent victims include multiple state agencies in the USA, while we also report that Chinese state-backed attackers are embedding themselves into the critical national infrastructure of countries across the world.
We remain clear that the way to improve your resilience against a cyber incident is to implement a cyber strategy based on an impartial assessment of your specific cyber risks, and to confirm how you will respond to an incident through a rehearsal exercise facilitated by an unbiased independent expert who will help you uncover and address misconceptions. All of this must be underpinned by proportionate governance aligned to a recognised framework or standard. Contact us for a no-obligation discussion on how this can work in your organisation.
Top Cyber Stories of the Last Week
Fake IT Support Attacks Hit Microsoft Teams
Researchers have uncovered a new phishing campaign exploiting Microsoft Teams, where attackers pose as IT support staff to trick employees into downloading remote access tools. Once installed, these tools give criminals full control of a system, allowing them to steal login details and install malicious software. The activity has been linked to a financially motivated group known as EncryptHub. The use of Teams highlights a shift away from traditional email-based attacks, embedding threats directly into everyday business communication. Organisations are advised to monitor Teams traffic closely, particularly for suspicious external contacts.
https://www.infosecurity-magazine.com/news/fake-support-attacks-hit-microsoft/
KnowBe4 Report Reveals Global Financial Sector Faces Unprecedented Cyber Threat Surge
Financial institutions now face cyber attacks at a scale far beyond other industries, experiencing up to 300 times more incidents annually, with intrusions rising 25% last year. Almost all major banks suffered supplier-related breaches, underlining the weakness of third-party ecosystems. The most worrying factor is people: the report found that nearly half of employees in large banks were vulnerable to phishing tests, though this can be reduced to below 5% with proper awareness training. Attackers are increasingly using stolen credentials, making detection harder and highlighting the urgent need to address human risk as part of a cyber security strategy.
Cyber Moves from Back Office to Boardroom, and Investors Are Paying Attention
Boardrooms are now treating cyber security as a core strategic priority, with 72% of UK firms and almost all large businesses rating it as high importance. High profile breaches at major retailers have highlighted that strong defences protect not only operations but also brand value and investor confidence. Regulation is also reshaping the agenda and investors are responding, with private equity driving a surge in acquisitions of specialist firms. Increasingly, boards are favouring tailored, advisory-led solutions over generic products, embedding cyber resilience into long-term strategy.
CISOs Evolve from Guardians to Strategic Business Architects
The role of the Chief Information Security Officer (CISO) is shifting from a technical defender to a strategic business leader. Increasingly, CISOs are expected to embed cyber security into core decision-making, influence board discussions, and translate complex risks into clear business impacts. This change is driven by advances in artificial intelligence, stricter regulations, and more sophisticated cyber threats. While challenges remain around credibility and alignment with other executives, CISOs who position security as a business enabler can strengthen resilience, support growth, and ensure that security strategy contributes directly to long-term success.
https://www.webpronews.com/cisos-evolve-from-guardians-to-strategic-business-architects/
Incident Response Planning Emerges as a Key Cyber Security Control in Reducing Risk: Marsh McLennan
A new report from Marsh McLennan highlights that cyber incident response planning is one of the most effective ways to reduce the likelihood of a breach-related claim. Organisations that run regular response exercises are 13% less likely to suffer a significant cyber event compared with those that do not. The research shows response planning ranks as the fourth most effective control, after threat detection, monitoring, and staff awareness training. The findings stress that security tools such as detection systems and multi-factor authentication must not only be deployed but also actively managed to strengthen resilience.
Insurers May Limit Payments in Cases of Unpatched Vulnerabilities
Some cyber insurers are exploring limits on payouts where firms have not fixed known security flaws quickly enough, a move referred to as CVE exclusions. This approach could see claims reduced if attackers exploit older weaknesses, though it is not yet widely adopted. With more than 46,000 software vulnerabilities expected in 2025, around a third rated high or critical, many firms struggle to keep pace due to operational and legacy system constraints. Critics argue exclusions undermine the purpose of cyber insurance as a financial safeguard, and senior leaders should ensure they understand and challenge policy terms before committing.
https://www.darkreading.com/cyber-risk/cyber-insurers-may-limit-payments-breaches-unpatched-cve
Anatsa Android Banking Trojan Now Targeting 830 Financial Apps with 19m Downloads
The Anatsa Android banking trojan has grown significantly, now targeting over 830 financial and cryptocurrency applications worldwide. Previously active mainly in Europe, it has expanded into Germany and South Korea, with over 150 new applications added to its list. Criminals distribute the malware through fake apps on Google Play, some apps have been downloaded more than 50,000 times, with a combined total of 19 million installs across all apps, which then secretly install malicious updates. Once active, Anatsa can steal login details, intercept messages and perform fraudulent transactions. Google has since removed the identified apps, but the threat underlines the continuing risks of mobile banking and cryptocurrency platforms.
https://www.securityweek.com/anatsa-android-banking-trojan-now-targeting-830-financial-institutions/
The Hidden Threat in Enterprise Security: Why It’s Time to Rethink PDFs
PDFs remain a largely overlooked cyber security risk, despite being central to contracts, invoices, and compliance records. Many organisations still treat them as static files, yet attackers increasingly exploit them to deliver malicious software, with over 560,000 new malware variants emerging daily. Poor document governance can also create legal liabilities under GDPR and other regulations. As AI-powered attacks accelerate breaches, unsecured PDFs present a growing weakness. Security must be embedded throughout the document lifecycle with encryption, permissions, and secure collaboration to reduce risk while supporting compliance and resilience.
https://www.techradar.com/pro/the-hidden-threat-in-enterprise-security-why-its-time-to-rethink-pdfs
Infostealers: The Silent Smash-and-Grab Driving Modern Cyber Crime
Infostealers have rapidly become one of the most damaging tools in modern cyber crime, operating as silent data theft mechanisms that can compromise systems in minutes. Once requiring specialist skills, these tools are now widely available for purchase, driving a surge in attacks by less technical criminals. Stolen information, ranging from passwords and corporate VPN access to cloud credentials, is sold at scale on criminal marketplaces and has enabled major breaches such as the 2024 Snowflake incident, which affected more than 160 organisations. Their speed, stealth, and accessibility make them a growing risk for businesses worldwide.
https://www.securityweek.com/infostealers-the-silent-smash-and-grab-driving-modern-cybercrime/
New Cyber Threats Emerge as Old Ransomware Groups Collapse
Ransomware attacks have risen by 179% since mid-2024, fuelled by new criminal groups stepping in as law enforcement disrupts older gangs. Some now focus solely on extortion by stealing data rather than locking systems, while others recycle leaked code or rebrand under fresh names. At the same time, state-linked actors are targeting government, legal, and technology sectors, often exploiting weaknesses in cloud services and third-party providers to reach wider victims. The use of artificial intelligence and advanced malware highlights that while well-known groups may collapse, the overall threat to organisations remains undiminished and increasingly sophisticated.
https://techinformed.com/new-cyber-threats-emerge-as-old-ransomware-groups-collapse/
Ransomware Cyber Attack Virtually Shuts Down Entire US State
A major ransomware cyber attack has disrupted multiple state agencies in Nevada, including the Department of Motor Vehicles and the Gaming Control Board which oversees operations on the Las Vegas Strip. The incident has forced some police departments to revert to manual record-keeping and disrupted public benefit services. While officials first reported no loss of personal data, evidence has since confirmed that some information was stolen. The Governor’s office continues to monitor the situation, but the scale of the breach and recovery timeline remain uncertain, with the FBI now leading investigations and warning citizens to be alert to related scams.
https://www.independent.co.uk/bulletin/news/nevada-cyber-attack-hacking-ransomware-b2816108.html
Chinese Threat Actor Salt Typhoon Cyber Spies Breached 80+ Nations, FBI Warns
The FBI, alongside security agencies from more than a dozen nations including the UK’s NCSC, have warned that a Chinese state-sponsored group known as Salt Typhoon has breached critical infrastructure in over 80 countries, including more than 200 organisations in the US alone. Active since 2019, the group has targeted sectors ranging from telecommunications and transport to defence and government, using stealthy methods to infiltrate routers, surveillance systems, and even lawful intercept tools. Authorities say Salt Typhoon remains active, with hidden re-entry points making removal difficult, and urge organisations to strengthen defences and adopt continuous monitoring practices.
https://www.techrepublic.com/article/news-salt-typhoon-cyber-spies-breach/
Governance, Risk and Compliance
Boards should bear ultimate responsibility for cybersecurity - BetaNews
Cyber moves from back office to boardroom – and investors are paying attention | TechRadar
Financial sector faces surge in cyber threats - BetaNews
Tabletop drills cut cyber event likelihood by 13% – report - CIR Magazine
Cyber Insurers May Limit Payouts for Breaches via Flaws
Personal Liability, Security Big Issues for CISOs
Human risk and Gen AI-driven data loss top CISO concerns - BetaNews
CISOs Evolve from Guardians to Strategic Business Architects
Cyber pros say the buck stops with the board when it comes to security failings | IT Pro
Concealing cyberattacks risks penalties and harms trust - BetaNews
Cyber security response rising up the agenda
How Boards Can Prepare for Increasing Nation-State Cyber Threats
Building Human Firewalls: Key to Combating Cyber Threats
The evolving CISO role: bridging the gap between security and strategy | TechRadar
CIISec: Most Security Professionals Want Stricter Regulations - Infosecurity Magazine
Regulatory compliance: Act now | TechRadar
Cyber Outlook Report Finds Gaps, Outlines Holistic Approach to Protections
5 Practices to Ensure Your Ecosystem Is Cyber-Secure
How CISOs are balancing risk, pressure and board expectations - Help Net Security
Finding connection and resilience as a CISO - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware attack volumes up nearly three times on 2024 | Computer Weekly
New cyber threats emerge as old ransomware groups collapse
Storm-0501 attacked Azure, demanded payment via Teams • The Register
AI Boosts Ransomware Attacks 70%, Fueling Cybersecurity Arms Race
Cybersecurity company ESET warns AI now being used in ransomware attacks - Business Plus
Criminals Are Vibe Hacking With AI To Carry Out Ransoms At Scale: Anthropic
Ransomware Actor Deletes Data and Backups Post-Exfiltration on Azure - Infosecurity Magazine
Organized and Criminal, Ransomware Gangs Run Up Profits - Security Boulevard
First AI-powered ransomware PoC spotted • The Register
ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners
Hook Android Trojan Delivers Ransomware-Style Attacks
Underground Ransomware Gang With New Tactics Against Organizations Worldwide
Cephalus ransomware: What you need to know | Fortra
Emulating the Expedited Warlock Ransomware - Security Boulevard
Experimental PromptLock ransomware uses AI to encrypt, steal data
Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model
‘Vibe-hacking’ is now a top AI threat | The Verge
When ransomware hits home: putting your people first | TechRadar
Akira, Cl0p Top "5 Most Active Ransomware Groups" List
AI Meets Ransomware, The New Cyber Threat | Scoop News
Ransomware Gangs Are Bleeding the Healthcare Supply Chain | MSSP Alert
Ransomware Victims
Ransomware cyber attack virtually shuts down US state | The Independent
When One Hospital Gets Ransomware, Others Feel the Pain
Qilin Ransomware Hits Nissan: 4TB of Vehicle Designs Stolen
Electronics manufacturer Data I/O took offline operational systems following a ransomware attack
Data I/O ransomware attack ‘temporarily impacted’ operations • The Register
Phishing & Email Based Attacks
'ZipLine' Phishers Flip Script as Victims Email First
Fake IT Support Attacks Hit Microsoft Teams - Infosecurity Magazine
Microsoft urges to limit CLI tools as phishing rages | Cybernews
Fast-Spreading, Complex Phishing Campaign Installs RATs
Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads
Off-the-shelf tools make life easier for phishing attackers - BetaNews
New Phishing Campaign Abuses ConnectWise ScreenConnect to Take Over De - Infosecurity Magazine
Hackers Exploit Linux RAR Flaws in Phishing to Deploy VShell Backdoor
Compromised at the Core: Why Identity Remains Cyber’s Biggest Flaw | SC Media UK
Google Breach Exposes 2.5 Billion Gmail Accounts to Phishing Attacks
Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing
What small businesses must do now to stay ahead of phishing | SC Media
Other Social Engineering
Fake IT Support Attacks Hit Microsoft Teams - Infosecurity Magazine
Fake CAPTCHA tests trick users into running malware • The Register
How social engineering is the weakest link in cyber defence
New Attack Tricks AI Summaries Into Pushing Malware
Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads
Fake Apple Support Sites Spread Malware Evading macOS Defenses
What is SIM swap attack (SIM intercept attack)? | Definition from TechTarget
Attackers exploit Zoom and Teams impersonations to deliver ScreenConnect malware - SiliconANGLE
Treasury sanctions North Korea IT worker scheme facilitators and front organizations | CyberScoop
Can We Really Eliminate Human Error in Cybersecurity? - Security Boulevard
ScreenConnect admins targeted with spoofed login alerts - Help Net Security
Crooks are getting ready for FIFA World Cup 2026 | Cybernews
Fraud, Scams and Financial Crime
Operation Serengeti 2.0: INTERPOL nabs 1,209 cybercriminals in Africa, seizes $97M
iPhone Users 20% More Likely to Fall for Scams Than Android, Study Shows
ScamAgent shows how AI could power the next wave of scam calls - Help Net Security
Anatsa Android Banking Trojan Now Targeting 830 Financial Apps - SecurityWeek
Crypto Companies Freeze $47m in Romance Baiting Funds - Infosecurity Magazine
Crooks are getting ready for FIFA World Cup 2026 | Cybernews
FCC removes 1,200 voice providers from telephone networks in major robocall crackdown | CyberScoop
69% of Consumers Believe AI Fraud Is the Biggest Identity Threat | Security Magazine
Artificial Intelligence
New Attack Tricks AI Summaries Into Pushing Malware
AI Boosts Ransomware Attacks 70%, Fueling Cybersecurity Arms Race
Criminals Are Vibe Hacking With AI To Carry Out Ransoms At Scale: Anthropic
Human risk and Gen AI-driven data loss top CISO concerns - BetaNews
ScamAgent shows how AI could power the next wave of scam calls - Help Net Security
Cybersecurity company ESET warns AI now being used in ransomware attacks - Business Plus
Experimental PromptLock ransomware uses AI to encrypt, steal data
‘Vibe-hacking’ is now a top AI threat | The Verge
Rowhammer attack can backdoor AI models with one devastating bit flip | CSO Online
AI Security Map: Linking AI vulnerabilities to real-world impact - Help Net Security
Anthropic Warns of ‘Sophisticated’ Cybercrime Via Claude LLM
LLMs Face Persistent Prompt Injection Vulnerabilities
We Are Still Unable to Secure LLMs from Malicious Inputs - Security Boulevard
Detecting and countering misuse of AI: August 2025 \ Anthropic
1,000+ Devs Lose Their Secrets to an AI-Powered Stealer
69% of Consumers Believe AI Fraud Is the Biggest Identity Threat | Security Magazine
The 5 Golden Rules of Safe AI Adoption
The do’s and don’ts of vibe coding - Fast Company
Researchers warn of security flaws in AI-powered browsers | TechSpot
Anthropic thwarts hacker attempts to misuse Claude AI for cybercrime | Reuters
OpenAI increases ChatGPT user protections following wrongful death lawsuit | ZDNET
Malware
New Attack Tricks AI Summaries Into Pushing Malware
Fake CAPTCHA tests trick users into running malware • The Register
Infostealers: The Silent Smash-and-Grab Driving Modern Cybercrime - SecurityWeek
Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads
Fake Apple Support Sites Spread Malware Evading macOS Defenses
Attackers exploit Zoom and Teams impersonations to deliver ScreenConnect malware - SiliconANGLE
Fast-Spreading, Complex Phishing Campaign Installs RATs
ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners
Over 300 entities hit by a variant of Atomic macOS Stealer in recent campaign
Macs under attack from dangerous new info-stealing malware — how to stay safe | Tom's Guide
Fake macOS Help Sites Seek to Spread Infostealer in Targeted Campaign - Infosecurity Magazine
Chinese Developer Jailed for Deploying Malicious Code at US Company - Infosecurity Magazine
The hidden threat in enterprise security: why it’s time to rethink PDFs | TechRadar
TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookies
Hackers Exploit Linux RAR Flaws in Phishing to Deploy VShell Backdoor
Bots/Botnets
GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets
IoT under siege: The return of the Mirai-based Gayfemboy Botnet
Mobile
New Android Trojan Variant Expands with Ransomware Tactics - Infosecurity Magazine
iPhone Users 20% More Likely to Fall for Scams Than Android, Study Shows
Anatsa Android Banking Trojan Now Targeting 830 Financial Apps - SecurityWeek
Hook Android Trojan Delivers Ransomware-Style Attacks
Google Deletes Millions of Android Apps After Malware Discovery
Threat Actors Adapting Android Droppers Even to Deploy Simple Malware to Stay Future-Proof
Google to Verify All Android Developers in 4 Countries to Block Malicious Apps
Android.Backdoor.916.origin malware targets Russian business executives
New Android malware poses as antivirus from Russian intelligence agency
Denial of Service/DoS/DDoS
Global DDoS attacks exceed 8M amid geopolitical tensions
Telco DDoS threat on the rise amid geopolitical unrest | TelecomTV
Arch Linux remains under attack as DDoS enters week 2 - here's a workaround | ZDNET
Internet of Things – IoT
IoT under siege: The return of the Mirai-based Gayfemboy Botnet
Camera Hacking — America’s Cyber Defense Agency Issues Warning
Cyberterrorism and the Connected Car: The Growing Threat To Automotive Security | SC Media UK
IoT security challenges, issues and best practices - Security Boulevard
The Risk of Consumer Devices in the Hybrid Workforce
Security researcher maps hundreds of TeslaMate servers spilling Tesla vehicle data | TechCrunch
Data Breaches/Leaks
Human risk and Gen AI-driven data loss top CISO concerns - BetaNews
Google Breach Exposes 2.5 Billion Gmail Accounts to Phishing Attacks
Data Breach Strikes Criminal Records Service Firm APCS | SC Media UK
74% of companies admit insecure code caused a security breach | IT Pro
Google warns Salesloft breach impacted some Workspace accounts
1,000+ Devs Lose Their Secrets to an AI-Powered Stealer
89 Million Steam Accounts Compromised: Change Your Password Now - Security Boulevard
Farmers Insurance data breach impacts 1.1M people after Salesforce attack
Auchan retailer data breach impacts hundreds of thousands of customers
Tencent Cloud leaves critical data open for months | Cybernews
IT system supplier cyberattack impacts 200 municipalities in Sweden
MoD staff were warned not to share hidden data before Afghan leak - BBC News
TransUnion says hackers stole 4.4 million customers' personal information | TechCrunch
Nissan confirms design studio data breach claimed by Qilin ransomware
iiNet Data Breach Exposes 280,000 Customers' Emails and Addresses
Church of England abuse victims exposed by lawyer's email • The Register
90K exposed after sleep therapy provider data breach | Cybernews
Security researcher maps hundreds of TeslaMate servers spilling Tesla vehicle data | TechCrunch
Organised Crime & Criminal Actors
Dark Reading Confidential: Guided Tour of the Dark Web
FBI, Dutch cops seize fake ID marketplace, servers • The Register
A hacker used AI to automate an ‘unprecedented’ cybercrime spree, Anthropic says – DataBreaches.Net
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners
Crypto Companies Freeze $47m in Romance Baiting Funds - Infosecurity Magazine
Insider Risk and Insider Threats
Human risk and Gen AI-driven data loss top CISO concerns - BetaNews
How social engineering is the weakest link in cyber defence
Chinese Developer Jailed for Deploying Malicious Code at US Company - Infosecurity Magazine
Treasury sanctions North Korea IT worker scheme facilitators and front organizations | CyberScoop
Can We Really Eliminate Human Error in Cybersecurity? - Security Boulevard
When ransomware hits home: putting your people first | TechRadar
Building Human Firewalls: Key to Combating Cyber Threats
Another US Navy Sailor Was Just Busted Spying for China - The National Interest
Insurance
Cyber Insurers May Limit Payouts for Breaches via Flaws
Cyber Outlook Report Finds Gaps, Outlines Holistic Approach to Protections
Cyber insurance still has a problem with modelling - Tech Monitor
Supply Chain and Third Parties
Murky Panda hackers exploit cloud trust to hack downstream customers
5 Practices to Ensure Your Ecosystem Is Cyber-Secure
IT system supplier cyberattack impacts 200 municipalities in Sweden
Ransomware Gangs Are Bleeding the Healthcare Supply Chain | MSSP Alert
When Partners Become Cybersecurity Risks
Cloud/SaaS
Murky Panda hackers exploit cloud trust to hack downstream customers
Ransomware Actor Deletes Data and Backups Post-Exfiltration on Azure - Infosecurity Magazine
Silk Typhoon Attacks North American Orgs in the Cloud
Tencent Cloud leaves critical data open for months | Cybernews
Fake IT Support Attacks Hit Microsoft Teams - Infosecurity Magazine
Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage
Attackers Abuse Virtual Private Servers to Compromise SaaS Accounts - Infosecurity Magazine
Rising Cloud Security Threats: Exploits, Breaches, and Defenses
ScreenConnect admins targeted with spoofed login alerts - Help Net Security
AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure - SecurityWeek
Online PDF Editors Safe to Use? Detailed Analysis of Security Risks Associated With It
Outages
Microsoft working on fix for ongoing Outlook email issues
Identity and Access Management
Compromised at the Core: Why Identity Remains Cyber’s Biggest Flaw | SC Media UK
Report declares 'identity crisis' amid rising login attacks • The Register
Identity Security Silos: An Attacker's Best Ally
Encryption
Quantum Computing Threatens Encryption: Shift to Post-Quantum Crypto
Linux and Open Source
Arch Linux remains under attack as DDoS enters week 2 - here's a workaround | ZDNET
Passwords, Credential Stuffing & Brute Force Attacks
Compromised at the Core: Why Identity Remains Cyber’s Biggest Flaw | SC Media UK
Hackers Can Exfiltrate Windows Secrets and Credentials Silently by Evading EDR Detection
Report declares 'identity crisis' amid rising login attacks • The Register
Billions of Gmail users advised to change passwords | The Independent
Enterprise passwords becoming even easier to steal and abuse | CSO Online
Everyone should know which passwords suck. Do you? | PCWorld
89 Million Steam Accounts Compromised: Change Your Password Now - Security Boulevard
Password managers vulnerable: 40 million users at risk of stolen data | PCWorld
Social Media
Meta might be secretly scanning your phone's camera roll - how to check and turn it off | ZDNET
Social media apps that aggressively harvest user data - Help Net Security
Regulations, Fines and Legislation
CIISec: Most Security Professionals Want Stricter Regulations - Infosecurity Magazine
Cybersecurity Obligations Under EU NIS 2 Directive
Regulatory compliance: Act now | TechRadar
FCC Bars China from Undersea Cables to Combat Espionage Risks
ENISA to manage €36M EU Cybersecurity Reserve ...
4chan will refuse to pay daily UK fines, its lawyer tells BBC
Gaps in California Privacy Law: Brokers Ignore Requests
Apple warns UK against introducing tougher tech regulation - BBC News
Non-Compliance with CMMC Could Put Your DoD Contracts at Risk | Offit Kurman - JDSupra
Models, Frameworks and Standards
Cybersecurity Obligations Under EU NIS 2 Directive
ENISA to manage €36M EU Cybersecurity Reserve ...
NIST Releases Control Overlays to Manage Cybersecurity Risks in Use and Developments of AI Systems
Regulatory compliance: Act now | TechRadar
Hungary extends cybersecurity registration obligations for entities falling under NIS2
ENISA to Coordinate €36m EU-Wide Incident Response Scheme - Infosecurity Magazine
Beyond GDPR security training: Turning regulation into opportunity
Non-Compliance with CMMC Could Put Your DoD Contracts at Risk | Offit Kurman - JDSupra
Data Protection
Gaps in California Privacy Law: Brokers Ignore Requests
Careers, Working in Cyber and Information Security
83% of CISOs say staff shortage is major issue for defense | CSO Online
The Career Delta: Navigating AI, Cybersecurity and Change
Cybersecurity Workforce Trends in 2025 - Skills Gap, Diversity and SOC Readiness
Law Enforcement Action and Take Downs
Interpol cybercrime crackdown in Africa leads to the arrest of over 1,200 suspects - ABC News
Operation Serengeti 2.0: INTERPOL nabs 1,209 cybercriminals in Africa, seizes $97M
FCC removes 1,200 voice providers from telephone networks in major robocall crackdown | CyberScoop
FBI, Dutch cops seize fake ID marketplace, servers • The Register
Yemen Cyber Army hacker jailed after stealing millions of people’s data • Graham Cluley
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
FCC Bars China from Undersea Cables to Combat Espionage Risks
Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage
Nation State Actors
How Boards Can Prepare for Increasing Nation-State Cyber Threats
China
Murky Panda hackers exploit cloud trust to hack downstream customers
Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage
Silk Typhoon Attacks North American Orgs in the Cloud
UK and 12 allies issue warning over Chinese cyber attacks on ‘critical sectors’ | The Standard
Global Salt Typhoon hacking campaigns linked to Chinese tech firms
Global DDoS attacks exceed 8M amid geopolitical tensions
Telco DDoS threat on the rise amid geopolitical unrest | TelecomTV
Chinese Telecom Hackers Strike Worldwide - GovInfoSecurity
Salt Typhoon Exploits Cisco, Ivanti, Palo Alto Flaws to Breach 600 Organizations Worldwide
Another US Navy Sailor Was Just Busted Spying for China - The National Interest
Silk Typhoon hackers hijack network captive portals in diplomat attacks
Chinese Developer Jailed for Deploying Malicious Code at US Company - Infosecurity Magazine
FCC Bars China from Undersea Cables to Combat Espionage Risks
Russia
Putin’s New Cyber Empire | Foreign Affairs
US DoD reportedly relies on utility written by Russian • The Register
New Android malware poses as antivirus from Russian intelligence agency
Android.Backdoor.916.origin malware targets Russian business executives
North Korea
Treasury sanctions North Korea IT worker scheme facilitators and front organizations | CyberScoop
Tools and Controls
Tabletop drills cut cyber event likelihood by 13% – report - CIR Magazine
Compromised at the Core: Why Identity Remains Cyber’s Biggest Flaw | SC Media UK
Hackers Can Exfiltrate Windows Secrets and Credentials Silently by Evading EDR Detection
Ransomware Actor Deletes Data and Backups Post-Exfiltration on Azure - Infosecurity Magazine
Cyber Insurers May Limit Payouts for Breaches via Flaws
Cyber insurance still has a problem with modelling - Tech Monitor
74% of companies admit insecure code caused a security breach | IT Pro
Cyber security response rising up the agenda
Public sector cyber leaders are tired of clunky, outdated tools | IT Pro
Surge in coordinated scans targets Microsoft RDP auth servers
ENISA to Coordinate €36m EU-Wide Incident Response Scheme - Infosecurity Magazine
Report declares 'identity crisis' amid rising login attacks • The Register
Attackers Abuse Virtual Private Servers to Compromise SaaS Accounts - Infosecurity Magazine
The do’s and don’ts of vibe coding - Fast Company
10 common file-sharing security risks and how to prevent them | TechTarget
Identity Security Silos: An Attacker's Best Ally
AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure - SecurityWeek
1,000+ Devs Lose Their Secrets to an AI-Powered Stealer
Why SIEM Rules Fail and How to Fix Them: Insights from 160 Million Attack Simulations
How Bug Bounty Programs Can Help Combat Ransomware Attacks - The Daily Upside
Password managers vulnerable: 40 million users at risk of stolen data | PCWorld
Other News
Nevada state offices close after wide-ranging 'network security incident' | Reuters
Public sector cyber leaders are tired of clunky, outdated tools | IT Pro
Mastercard: How cybersecurity is changing everything
Surge in coordinated scans targets Microsoft RDP auth servers
Why satellite cybersecurity threats matter to everyone - Help Net Security
Space assets are under silent siege. Cybersecurity can’t be an afterthought - SpaceNews
The energy sector has no time to wait for the next cyberattack - Help Net Security
Maritime cybersecurity is the iceberg no one sees coming - Help Net Security
Vulnerability Management
Cyber Insurers May Limit Payouts for Breaches via Flaws
74% of companies admit insecure code caused a security breach | IT Pro
AI Security Map: Linking AI vulnerabilities to real-world impact - Help Net Security
Microsoft Delays Windows 10 Extended Security Updates Rollout
How Bug Bounty Programs Can Help Combat Ransomware Attacks - The Daily Upside
Vulnerabilities
Over 28,000 Citrix instances remain exposed to critical RCE flaw CVE-2025-7775
Salt Typhoon Exploits Cisco, Ivanti, Palo Alto Flaws to Breach 600 Organizations Worldwide
ReVault Flaw Exposed Millions of Dell Laptops
CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git
Docker Desktop on Windows contains a critical flaw | Cybernews
Microsoft Delays Windows 10 Extended Security Updates Rollout
Docker fixes critical Desktop flaw allowing container escapes
Organizations Warned of Exploited Git Vulnerability - SecurityWeek
Researchers warn of security flaws in AI-powered browsers | TechSpot
300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.