Threat Intelligence Blog

Contact our Experts Now

Subscribe to our Weekly Cyber Threat Intelligence Briefing

Black Arrow Admin 11/05/2025 Black Arrow Admin 11/05/2025

Black Arrow Cyber Threat Intelligence Briefing 09 May 2025

Black Arrow Cyber Threat Intelligence Briefing 09 May 2025:

-Email-Based Attacks Top Cyber Insurance Claims

-Hackers Pose as Staff in UK Retail Cyber Strikes

-High Profile UK Cyber Attacks Underscore the Case for Resilience over Reactivity

-Cyber Attacks Are Costing UK Firms Billions Every Year: Ransom Payments, Staff Overtime, and Lost Business Are Crippling Victims

-Don’t Plug Phones into Chinese Electric Cars, Defence Firms Warn

-94% of Leaked Passwords Are Not Unique

-Personal Data of Top Executives Easily Found Online

-The SMB Cyber Security Gap: High Awareness, Low Readiness

-How Cyber Criminals Exploit Psychological Triggers in Social Engineering Attacks

-Darcula Phishing as a Service Operation Snares 800,000+ Victims

-Cyber Criminals Hold Britain’s Boardrooms to Ransom

-UK at Risk of Russian Cyber and Physical Attacks as Ukraine Seeks Peace Deal

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

Our review of threat intelligence this week reports that business email compromise and funds transfer fraud now account for 60% of cyber insurance claims, and that social engineering now accounts for the majority of cyber threats faced by individuals. Attackers continue to exploit human factors, for example posing as staff to manipulate help desks to grant access to systems as seen in the recent wave of cyber attacks in the UK retail sector. These incidents reinforce the critical importance of layered identity verification, rigorous staff awareness and crisis planning across all sectors.

The growing scale and cost of cyber attacks, now exceeding £64 billion annually for UK firms, highlights a pressing need for resilience over reactivity as a high percentage of affected companies enter insolvency proceedings or file for bankruptcy. Ransomware, social engineering, and password reuse result in operational and reputational harm. Organisations need dedicated cyber leadership, and to avoid a compliance-led approach. Proactive governance and stronger board accountability must become standard practice.

From boardroom data exposure to state-sponsored espionage risks linked to Chinese electric vehicles, the threat landscape is increasingly complex. We continue to warn that both SMEs and large enterprises face escalating risks from persistent attackers, many leveraging phishing-as-a-service platforms or exploiting geopolitical tensions. Now more than ever, cyber security must be embedded in leadership thinking, supply chain oversight, and incident readiness.

Governance, Risk and Compliance

UK firms have ‘alarming gaps’ in cyber security readiness | The Standard

UK retail cyber-attacks underscore the case for resilience over reactivity

UK given cyber wake-up call as government looks to act

Government to unveil new cyber security measures after wave of attacks | The Standard

Are You Too Reliant on Third-Party Vendors for Cyber Security? - Security Boulevard

Personal data of top executives easily found online - Help Net Security

The SMB Cyber Security Gap: High Awareness, Low Readiness | MSSP Alert

Building a resilient mindset | The Independent

Cyber resilience is the strategy: Why business and security must align now | SC Media

How CISOs can talk cyber security so it makes sense to executives - Help Net Security

CIOs pay too much for not enough IT security | CIO Dive

CISO vs CFO: why are the conversations difficult? | CSO Online

CISOs Transform Into Business-Critical Digital Risk Leaders

Global cyber security readiness remains critically low - Help Net Security

81% of High-Uncertainty Middle-Market Firms Delay Tech Initiatives

Threats

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Cyber threats: Government defences have been outpaced by hostile states and criminals - Committees - UK Parliament

Cyber Warfare's Limitations: Lessons for Future Conflicts

41 Countries Taking Part in NATO's Locked Shields 2025 Cyber Defence Exercise - SecurityWeek

Cyber Warfare Funding Accelerates and Everyone is at Risk - Security Boulevard

Nuclear warheads and cyber attacks: How UK must react to Russia threat

Could striking first in cyber be new Pentagon policy? - Defense One

Countries Begin NATO's Locked Shields Cyber-Defence Exercise

Nation State Actors

Cyber threats: Government defences have been outpaced by hostile states and criminals - Committees - UK Parliament

Nation-State Actors Continue to Exploit Weak Passwords, MFA

Hostile nation states are ramping up cyber attacks on UK, warns GCHQ | This is Money

China

Don’t plug phones into Chinese electric cars, defence firms say

White House Warns China of Cyber Retaliation Over Infrastructure Hacks - Infosecurity Magazine

Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell

'CoGUI' Phishing Kit Helps Chinese Hackers Target Japan

China is now America's biggest cyber threat, more dangerous than Russia and North Korea | Cryptopolitan

Ireland's DPC fined TikTok €530M for sending EU user data to China

TikTok Fined €530 Million Over Chinese Access to EU Data

Trump promises protection for TikTok as sale deadline nears • The Register

Russia

UK at risk of Russian cyber and physical attacks as Ukraine seeks peace deal

Nuclear warheads and cyber attacks: How UK must react to Russia threat

Romania reportedly holds hard evidence of Russian interference in 2024 presidential elections | Romania Insider

Google identifies new malware linked to Russia-based hacking group | Reuters

Poland says Russia is trying to interfere in presidential election | Reuters

Security Researchers Warn a Widely Used Open Source Tool Poses a 'Persistent' Risk to the US | WIRED

Pro-Russian hackers claim to have targeted several UK websites | Cybercrime | The Guardian

Convicted Russian spies attended Brexit event in Parliament - BBC News

The number of attacks on the security sector increased by 82% in the second half of last year - State Special Communications Service | УНН

North Korea

North Korean hackers show telltale signs, researchers say | SC Media

How to spot and expose fraudulent North Korean IT workers | TechTarget

Tools and Controls

Email-Based Attacks Top Cyber Insurance Claims

UK retail cyber-attacks underscore the case for resilience over reactivity

Building a resilient mindset | The Independent

Cyber resilience is the strategy: Why business and security must align now | SC Media

Security Tools Alone Don't Protect You — Control Effectiveness Does

Microsoft has no plans to fix Windows RDP bug that lets you log in with old passwords | Tom's Hardware

Personal data of top executives easily found online - Help Net Security

Are You Too Reliant on Third-Party Vendors for Cyber Security? - Security Boulevard

Strengthening Software Security Under the EU Cyber Resilience Act: A High-Level Guide for Security Leaders and CISOs - Security Boulevard

41 Countries Taking Part in NATO's Locked Shields 2025 Cyber Defence Exercise - SecurityWeek

What Vibe Coding, MCP, and Slopsquatting Reveal About the Future of AI Development - Security Boulevard

Hacker Finds New Technique to Bypass SentinelOne EDR Solution - Infosecurity Magazine

How CISOs can talk cyber security so it makes sense to executives - Help Net Security

CIOs pay too much for not enough IT security | CIO Dive

CISO vs CFO: why are the conversations difficult? | CSO Online

What it really takes to build a resilient cyber program - Help Net Security

A guide to cyber liability insurance for a small business

How OSINT supports financial crime investigations - Help Net Security

Microsoft enforces strict rules for bulk emails on Outlook - gHacks Tech News

81% of High-Uncertainty Middle-Market Firms Delay Tech Initiatives

How to use PC sandbox apps to test dubious files safely | PCWorld

Your password manager is under attack, and this new threat makes it worse: How to defend yourself | ZDNET

Cisco's annual index sees little progress in cyber security readiness as threats rise - Mobile Europe

Countries Begin NATO's Locked Shields Cyber-Defence Exercise

ABA & Cyber Insurance: Essential IT Requirements for Small Law Firms - LexBlog

Reports Published in the Last Week

The CrowdStrike State of SMB Cybersecurity Survey

Download Now: 2025 Cyber Claims Report

Other News

Cyber attacks are costing UK firms billions every year – ransom payments, staff overtime, and lost business are crippling victims | IT Pro

UK businesses lost £64bn to cyber-attacks over a three-year period - UKTN

Hostile nation states are ramping up cyber attacks on UK, warns GCHQ | This is Money

The SMB Cyber Security Gap: High Awareness, Low Readiness | MSSP Alert

"Nationally Significant" Cyber-Attacks Have Doubled, UK’s NCSC Reports - Infosecurity Magazine

UK Cyber Insurance Claims Second Highest on Record - Infosecurity Magazine

Half of Irish firms have fallen victim to cyber crime in past five years

Delta Air Lines class action cleared for takeoff • The Register

US tells CNI orgs to stop connecting OT kit to the web | Computer Weekly

US government warns of "unsophisticated" hackers targeting oil and gas systems | TechRadar

Almost half of Flemish companies suffered cyber attack last year

Cyber Attacks Targeting US Increased by 136% | Security Magazine

Countries Begin NATO's Locked Shields Cyber-Defence Exercise

Cisco's annual index sees little progress in cyber security readiness as threats rise - Mobile Europe

SITA Report Reveals North American Airlines Prioritizing Cyber Security and AI as IT Investments Surge

Vulnerability Management

Why Android users should care more about monthly security updates

What a future without CVEs means for cyber defence - Help Net Security

Cut CISA & Everyone Pays for It

White House Proposal Slashes Half-Billion From CISA Budget - SecurityWeek

Life Without CVEs? It's Time to Act

Vulnerabilities

Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers

PoC Published for Exploited SonicWall Vulnerabilities - SecurityWeek

Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell

Microsoft has no plans to fix Windows RDP bug that lets you log in with old passwords | Tom's Hardware

Hackers Selling SS7 0-Day Vulnerability on Hacker Forums for $5000

Second Wave of Attacks Targets SAP NetWeaver | MSSP Alert

Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT

Cisco Patches 35 Vulnerabilities Across Several Products - SecurityWeek

Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819) - Help Net Security

FBI: End-of-life routers hacked for cyber crime proxy networks

Researcher Says Fixed Commvault Bug Still Exploitable

SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version

Improperly Patched Samsung MagicINFO Vulnerability Exploited by Botnet - SecurityWeek

Apache Parquet exploit tool detect servers vulnerable to critical flaw

Microsoft Warns of Attackers Exploiting Misconfigured Apache Pinot Installations - SecurityWeek

'Easily Exploitable' Langflow Flaw Requires Patching

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Admin 04/05/2025 Black Arrow Admin 04/05/2025

Black Arrow Cyber Threat Intelligence Briefing 02 May 2025

Black Arrow Cyber Threat Intelligence Briefing 02 May 2025:

-M&S ‘Had No Plan’ for Cyber Attacks, with Staff Sleeping in the Office Amid ‘Paranoia’ and ‘Chaos’

-More than 60% of Organisations Are Insufficiently Prepared to Address Urgent Geopolitical, Cyber Security, and Regulatory Risks

-Fake Payments, Receipts and Invoices on the Rise

-Account Takeovers: A Growing Threat to Your Business and Customers

-North Korean Operatives Have Infiltrated Hundreds of Fortune 500 Companies

-Phone Theft Is Turning into a Serious Cyber Security Risk

-Why Cyber Resilience Must be Part of Every Organisation’s DNA

-Compliance Management In 2025: Ensuring Your Security Strategy Meets Regulatory Demands

-Ransomware Attacks are Getting Smarter, Harder to Stop

-People Know Password Reuse Is Risky but Keep Doing It Anyway

-A Cyber Security Paradox: Even Resilient Organisations Are Blind to AI Threats

-Securing the Invisible: Supply Chain Security Trends

-Don’t Overlook the BISO Role When it Comes to Growth and Continuity

Exec Summary

Our review this week starts with the high-profile breach at UK retailer Marks & Spencer, which has severely impacted operations and employees for over a week, with reports that the organisation had not tested their cyber incident plan. Similar issues are evident across other sectors, with over 60% of firms globally reporting poor readiness for cyber, geopolitical, and AI-related threats.

Cyber resilience is a recurring theme in this week’s threat intelligence review. At Black Arrow Cyber, we recommend organisations test their response plan, such as through our simulation exercises where impartial experts help the leadership team to uncover and address misconceptions regarding IT provision or operational resilience. Such exercises are required by many cyber frameworks and regulations, including the UK’s Cyber Governance Code of Practice.

We also report on attack types including ransomware, account takeover, and AI-fuelled scams that produce fake receipts indistinguishable from the real thing. These developments strain traditional defences and expose critical gaps in resilience. The growing concern around insider risk, particularly the infiltration of major firms by North Korean operatives, reminds business leaders that threats are not always external.

Encouragingly, board-level awareness is growing, with more organisations recognising that cyber resilience must be embedded into company culture and governance. Black Arrow believes the growing prominence of roles like the Business Information Security Officer (BISO), which many of our services emulate, signals a necessary shift toward strategic, business-aligned security leadership and greater resilience against cyber incidents.

Governance, Risk and Compliance

You're Probably Not Taking Cyber Security Seriously Enough - Above the Law

Don’t overlook the BISO role when it comes to growth and continuity | TechRadar

No longer optional: Cyber risk oversight for boards | American Banker

Stronger Together: Why IT And Security Collaboration Is Business Critical

Compliance Management In 2025: Ensuring Your Security Strategy Meets Regulatory Demands

Gartner: enabling cyber security amid geopolitical rifts | TechRadar

CISOs Call for Streamlined Global Cyber Rules | MSSP Alert

What is a Risk Map (Risk Heat Map)? | Definition from TechTarget

How CISOs Can Leverage Threat Intelligence to Stay Proactive

The CISO’s Role In Ensuring Compliance Amid Evolving Cyber Threats

Half of CIOs lack access to appropriate cyber security tools for their business - Business Plus

The Expanding Role of CISOs in Tech and Corporate Governance

Why CISOs Are Key to Integrating ESG and Cyber Security - Cyber Security News

From compliance to culture: Making security part of our daily routines

How to survive as a CISO aka 'chief scapegoat officer' • The Register

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware attacks are getting smarter, harder to stop - Help Net Security

Ransomware Group Hacks Webcam to Evade Endpoint Defences

The 5 Emerging Cyber Attack Techniques Poised to Disrupt

The organisational structure of ransomware threat actor groups is evolving before our eyes - Security Boulevard

6 major supply chain cyber security risks in 2025| Cybernews

DragonForce expands ransomware model with white-label branding scheme

Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes - Infosecurity Magazine

Prolific RansomHub Operation Goes Dark

Emerging Threat Actor Hellcat Exemplifies Continued Innovation in Ransomware TPPs | MSSP Alert

The 5,365 Ransomware Attack Rampage — What You Need To Know

Ransomware Attacks on Critical Infrastructure Surge, Reports FBI | Tripwire

Ransomware Victims

Marks & Spencer breach linked to Scattered Spider ransomware attack

M&S market value falls £700m amid cyber attack

Some M&S stores left with empty shelves after cyber attack - BBC News

M&S report warned of cyber threats year before hack

How ‘native English’ Scattered Spider group linked to M&S attack operate | Cybercrime | The Guardian

Co-op hit by cyber attack as back-office systems disrupted

'After M&S cyber attack, these are the security questions retailers must ask themselves' | Retail Week

M&S stops hiring after systems taken offline due to cyber attack

Top security body urges retailers to act following Marks & Spencer cyber attack | Retail Week

M&S: WFH staff locked out of systems amid cyber attack fallout - Retail Gazette

Harrods is latest retailer to be hit by cyber-attack | Harrods | The Guardian

Co-op cyber attack: Staff told to keep cameras on in meetings - BBC News

M&S cyber attack: Retailer working 'day and night' to manage impact - BBC News

M&S and Co-op: UK retailers brace for cyber attacks

Retail cyber attacks sound alarm for food manufacturing supply chains

Warning hackers may ‘try their luck’ with other retailers as M&S issues update | The Independent

Almost a million patients hit by Frederick Health data breach | TechRadar

Phishing & Email Based Attacks

Low-tech phishing attacks are gaining ground - Help Net Security

Same Inbox, New Tricks: A Look At The Email Threat Landscape In Q1 2025

This Email Sounds Like It Came From Your Boss. But It Didn’t. | Symantec Enterprise Blogs

Phishers Take Advantage of Iberian Power Outage

Why MFA is getting easer to bypass and what to do about it - Ars Technica

Criminals are pretending to be Microsoft, Google, and Apple in phishing attacks | TechRadar

A large-scale phishing campaign targets WordPress WooCommerce users

Large-Scale Phishing Campaigns Target Russia and Ukraine - Infosecurity Magazine

Other Social Engineering

North Koreans Still Working Hard to Take Your IT Job: 'Any Organisation Is a Target' | PCMag

There's one question that stumps North Korean fake workers • The Register

Mobile security is a frontline risk. Are you ready? - Help Net Security

North Korean operatives have infiltrated hundreds of Fortune 500 companies | CyberScoop

Fraud, Scams and Financial Crime

Cyber security: fake payments, receipts and invoices on the rise | ICAEW

Government Set to Ban SIM Farms in European First - Infosecurity Magazine

WhatsApp, Signal scam leads to Microsoft account hacks [April 2025] | Mashable

PayPal Red Alert Issued After 600% Increase In Scams Recorded in 2025: What You Need To Know

Online fraud peaks as breaches rise - Help Net Security

Mystery Box Scams Deployed to Steal Credit Card Data - Infosecurity Magazine

Gig-Work Platforms at Risk for Data Breaches, Fraud, Account Takeovers

Third-party applications for online banking give fraudsters access to your money - Cyberpolice | УНН

Artificial Intelligence

The 5 Emerging Cyber Attack Techniques Poised to Disrupt

Enterprises Need to Beware of These 5 Threats

AI and automation shift the cyber security balance toward attackers - Help Net Security

Even Cyber Resilient Organisations Struggle to Comprehend AI Risks

AI, Automation & Dark Web Fuel Evolving Threat Landscape

The Next Two Years In AI Cyber Security For Business Leaders

4 lessons in the new era of AI-enabled cyber crime | TechTarget

Agentic AI Systems Pose Alarming API Security Risks

Ex-NSA cyber boss: AI will soon be a great exploit dev • The Register

Claude AI Exploited to Operate 100+ Fake Political Personas in Global Influence Campaign

Forthcoming NIST profile to address growing AI-cyber challenges - Nextgov/FCW

South Korea says DeepSeek transferred user data, prompts without consent | Reuters

Microsoft’s AI Starts Secretly Copying And Saving Your Messages

60% of AI agents are embedded in IT departments - here's what they're doing | ZDNET

End users can code with AI, but IT must be wary | TechTarget

Drones may strike targets with no human input, says minister

2FA/MFA

Why MFA is getting easer to bypass and what to do about it - Ars Technica

Malware

CEO of cyber security firm charged with installing malware on hospital systems

Infosec pro blabs about alleged malware mishap on LinkedIn • The Register

New WordPress Malware Masquerades as Plugin - Infosecurity Magazine

Novel Gremlin Stealer malware emerges | SC Media

WordPress plugin disguised as a security tool injects backdoor

Malware Steals 1.7 Billion Passwords — Publishes Them To Dark Web

Hackers abuse IPv6 networking feature to hijack software updates

DarkWatchman cyber crime malware returns on Russian networks | The Record from Recorded Future News

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Mobile

Mobile security is a frontline risk. Are you ready? - Help Net Security

Phone theft is turning into a serious cyber security risk - Help Net Security

Mobile Applications: A Cesspool of Security Issues

Government Set to Ban SIM Farms in European First - Infosecurity Magazine

Half of Mobile Devices Run Outdated Operating Systems - Infosecurity Magazine

iOS and Android juice jacking defences have been trivial to bypass for years - Ars Technica

Google’s Play Store lost nearly half its apps | The Verge

Denial of Service/DoS/DDoS

DDoS attacks jump 358% compared to last year - Help Net Security

DDoS attacks in 2025 have already surpassed the 2024 total | TechRadar

Pro-Russian hackers strike Dutch municipalities with coordinated DDoS attack | NL Times

Internet of Things – IoT

‘Source of data’: are electric cars vulnerable to cyber spies and hackers? | Electric, hybrid and low-emission cars | The Guardian

Vehicles Face 45% More Attacks, 4 Times More Hackers

UK unveils ‘smart ready’ heat pump regulations, new utility flexibility rules – pv magazine International

Data Breaches/Leaks

SAS names and ranks reportedly available online for a decade - BBC News

Malware Steals 1.7 Billion Passwords — Publishes Them To Dark Web

Signalgate: Security culture? America's screwed • The Register

27 million French electronics giant’s customer records leaked online | Cybernews

Commvault says recent breach didn't impact customer backup data

Ascension discloses second major cyber attack in a year • The Register

Gig-Work Platforms at Risk for Data Breaches, Fraud, Account Takeovers

African multinational telco giant MTN disclosed a data breach

Banking details of thousands of Aussies stolen by cyber criminals

ANY.RUN warns free-tier users of data exposure | Cybernews

Almost a million patients hit by Frederick Health data breach | TechRadar

Employee monitoring app exposes 21M work screens | Cybernews

Nova Scotia Power cyber attack impacts customer billing accounts | Cybernews

Organised Crime & Criminal Actors

Cyber criminals switch up their top initial access vectors of choice | CSO Online

Europol Creates “Violence-as-a-Service” Taskforce - Infosecurity Magazine

Cyber defenders need to remember their adversaries are human, says Trellix research head | IT Pro

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers

Solana DeFi protocol Loopscale hit with $5.8 million exploit two weeks after launch | The Block

Insider Risk and Insider Threats

People know password reuse is risky but keep doing it anyway - Help Net Security

Infosec pro blabs about alleged malware mishap on LinkedIn • The Register

Ex-Disney employee gets three years in prison for menu hacks • The Register

North Koreans Still Working Hard to Take Your IT Job: 'Any Organisation Is a Target' | PCMag

North Korean operatives have infiltrated hundreds of Fortune 500 companies | CyberScoop

Insurance

Reducing Cyber Insurance Costs - CISO Proactive Measures

How Organisations Can Leverage Cyber Insurance Effectively

Supply Chain and Third Parties

6 major supply chain cyber security risks in 2025| Cybernews

Half of red flags in third-party deals never reach compliance teams - Help Net Security

Securing the invisible: Supply chain security trends - Help Net Security

Cloud/SaaS

Over 90% of Cyber Security Leaders Worldwide Encountered Cyber Attacks Targeting Cloud Environments

JPMorgan CISO Warns of SaaS Security Risks - Infosecurity Magazine

Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers

Dropbox, OneDrive Abused In Massive Southeast Asia Cyber-Espionage Operation

Outages

Oracle engineers caused dayslong software outage at U.S. hospitals

Identity and Access Management

Identity and Access Management (IAM) - The CISO’s Core Focus in Modern Cyber Security

Encryption

Quantum computer threat spurring quiet overhaul of internet security | CyberScoop

Passwords, Credential Stuffing & Brute Force Attacks

People know password reuse is risky but keep doing it anyway - Help Net Security

Some of you still use these awful passwords today

Account Takeovers: A Growing Threat to Your Business and Customers - Security Boulevard

Law Enforcement Can Break 77% Of ‘Three Random Word’ Passwords

Malware Steals 1.7 Billion Passwords — Publishes Them To Dark Web

Microsoft Confirms Password Spraying Attack — What You Need To Know

46% of the most trusted US companies' employees reuse

CISOs should re-consider using Microsoft RDP due to password flaw, says expert | CSO Online

Cyber criminals have stolen almost 100 staff logins at Australia's Big Four banks, experts say | RNZ News

The state of intrusions: Stolen credentials and perimeter exploits on the rise, as phishing wanes | CSO Online

Regulations, Fines and Legislation

Government Set to Ban SIM Farms in European First - Infosecurity Magazine

Compliance Management In 2025: Ensuring Your Security Strategy Meets Regulatory Demands

CISOs Call for Streamlined Global Cyber Rules | MSSP Alert

The CISO’s Role In Ensuring Compliance Amid Evolving Cyber Threats

Tariffs could slow replacement of telecom networks, according to industry official | CyberScoop

UK and Canadian Regulators Demand Robust Data Protection Amid 23andMe - Infosecurity Magazine

Former CISA head slams Trump for 'dangerously degrading' US cyber defences | Cybernews

Signalgate: Security culture? America's screwed • The Register

What Trump’s tariff reversal (and escalation on China) means for the future of cyber security | Biometric Update

House passes bill to study routers’ national security risks | CyberScoop

FBI steps in amid rash of politically charged swattings • The Register

8 in 10 Brits support biometrics, personal data collection for national security | Biometric Update

The risks of standing down: Why halting US cyber ops against Russia erodes deterrence | CSO Online

CVE board 'kept in the dark' on funding, members say • The Register

UK unveils ‘smart ready’ heat pump regulations, new utility flexibility rules – pv magazine International

Models, Frameworks and Standards

Will UK Cyber Reforms Keep Step with NIS2? | DLA Piper - JDSupra

Forthcoming NIST profile to address growing AI-cyber challenges - Nextgov/FCW

MoD publishes Secure by Design problem book to bolster cyber resilience | UKAuthority

Backup and Recovery

Commvault says recent breach didn't impact customer backup data

Data Protection

UK and Canadian Regulators Demand Robust Data Protection Amid 23andMe - Infosecurity Magazine

Law Enforcement Action and Take Downs

Ex-Disney employee gets three years in prison for menu hacks • The Register

Europol Creates “Violence-as-a-Service” Taskforce - Infosecurity Magazine

Leaders of 764, global child sextortion group, arrested and charged | CyberScoop

Law Enforcement Can Break 77% Of ‘Three Random Word’ Passwords

Misinformation, Disinformation and Propaganda

Claude AI Exploited to Operate 100+ Fake Political Personas in Global Influence Campaign

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

China

China is America's No.1 cyber threat and the US must react • The Register

‘China has almost doubled their aggression in cyber’: Kevin Mandia and Nicole Perlroth warn organisations aren’t waking up to growing APT threats | IT Pro

House passes bill to study routers’ national security risks | CyberScoop

Chinese Hacking Competitions Fuel the Country’s Broad Cyber Ambitions - Bloomberg

China's Secret Weapon? How EV Batteries Could Be Weaponized to Disrupt America - SecurityWeek

Chinese APT's Adversary-in-the-Middle Tool Dissected - SecurityWeek

How Space Force Plans To Protect The US From Chinese & Russian Spy Satellites

Tariffs could slow replacement of telecom networks, according to industry official | CyberScoop

South Korea says DeepSeek transferred user data, prompts without consent | Reuters

Russia

Russia-linked group Nebulous Mantis targets NATO-related defence organisations

France ties Russian APT28 hackers to 12 cyber attacks on French orgs

Putin's Attacks on Ukraine Rise 70%, With Little Effect

Trump cuts US cyber aid to Ukraine, opening doors to Russian attacks | Cryptopolitan

How Space Force Plans To Protect The US From Chinese & Russian Spy Satellites

The risks of standing down: Why halting US cyber ops against Russia erodes deterrence | CSO Online

Pro-Russian hackers strike Dutch municipalities with coordinated DDoS attack | NL Times

Poland’s state registry temporarily blocked by cyber incident | The Record from Recorded Future News

Large-Scale Phishing Campaigns Target Russia and Ukraine - Infosecurity Magazine

DarkWatchman cyber crime malware returns on Russian networks | The Record from Recorded Future News

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Iran

Iran claims to have repelled 'one of the most extensive and complex' cyber attacks on infrastructure | The Times of Israel

North Korea

North Koreans Still Working Hard to Take Your IT Job: 'Any Organisation Is a Target' | PCMag

There's one question that stumps North Korean fake workers • The Register

North Korean operatives have infiltrated hundreds of Fortune 500 companies | CyberScoop

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Dropbox, OneDrive Abused In Massive Southeast Asia Cyber-Espionage Operation

Tools and Controls

No longer optional: Cyber risk oversight for boards | American Banker

Why cyber resilience must be part of every organisation's DNA - Help Net Security

Over 90% of Cyber Security Leaders Worldwide Encountered Cyber Attacks Targeting Cloud Environments

Identity and Access Management (IAM) - The CISO’s Core Focus in Modern Cyber Security

How Organisations Can Leverage Cyber Insurance Effectively

How the hybrid work boom reshapes corporate security | TechRadar

SentinelOne says security vendors are under attack | Cybernews

The CISO’s Guide to Managing Cyber Risk in Hybrid Workplaces

CISOs should re-consider using Microsoft RDP due to password flaw, says expert | CSO Online

CISOs Take Note: Is Needless Cyber Security Strangling Your Business?

What is a Risk Map (Risk Heat Map)? | Definition from TechTarget

How CISOs Can Leverage Threat Intelligence to Stay Proactive

Why CISOs Are Key to Integrating ESG and Cyber Security - Cyber Security News

Commvault says recent breach didn't impact customer backup data

The Hidden Risks of Over-Relying on AI in Cyber Security | MSSP Alert

21 million employee screenshots leaked in bossware breach blunder

Cloud Security Essentials - CISO Resource Toolkit

Employee monitoring app exposes 21M work screens | Cybernews

Amazon, CrowdStrike leaders say private threat intel can quickly bring cyber criminals to justice | CyberScoop

USAID decides not to collect former workers’ abandoned devices | The Verge

End users can code with AI, but IT must be wary | TechTarget

CIOs Say Security Systems Not Delivering Value For Money, Too Complex To Manage - IT Security Guru

MoD publishes Secure by Design problem book to bolster cyber resilience | UKAuthority

Reports Published in the Last Week

Cyber Security in the UK - House of Commons Library

Vulnerability Statistics Report in 2024 by Edgescan - Click to See vulnerability data and cyber security trends

Other News

Why SMEs can no longer afford to ignore cyber risk - Help Net Security

Enterprises Need to Beware of These 5 Threats

Cyber security vendors are themselves under attack by hackers, SentinelOne says | CyberScoop

You're Probably Not Taking Cyber Security Seriously Enough - Above the Law

Study: 90% of bankers see need to increase spending on cyber security

Cyber Security in the UK - House of Commons Library

The 3 biggest cyber security threats to small businesses | Malwarebytes

Cyber defenders need to remember their adversaries are human, says Trellix research head | IT Pro

European Council: No cyber attack in Spain-Portugal blackout - Shafaq News

Getting Physical with Cyber Security - Security Boulevard

7 network security myths that make you less secure

How working from home made Britain vulnerable to cyber attackers

It’s Time to Prioritize Cyber Security Education  - Security Boulevard

Cyber Threats Loom Large Over US Space Systems, Warns Pentagon Official - ClearanceJobs

Just 60 Seconds From Attacked To Hacked — The Speed Of Cyber Crime

How to Strengthen Cyber Security in Public Safety and Prevent Downtime

The threats to Britain’s food security can no longer be downplayed

A Windows security developer says this is the biggest threat to your PC | PCWorld

US Critical Infrastructure Still Struggles With OT Security

Vulnerability Management

Most critical vulnerabilities aren't worth your attention - Help Net Security

Hackers exploited 75 zero-days last year – Google | Cybernews

44% of the zero-days exploited in 2024 were in enterprise solutions - Help Net Security

Google: Governments are using zero-day hacks more than ever - Ars Technica

The Impact of Politics on Cyber Security: CVE’s and the Chris Krebs Executive Order - Security Boulevard

Vulnerability Statistics Report in 2024 by Edgescan - Click to See vulnerability data and cyber security trends

How Breaches Start: Breaking Down 5 Real Vulns

CVE board 'kept in the dark' on funding, members say • The Register

Solana DeFi protocol Loopscale hit with $5.8 million exploit two weeks after launch | The Block

CIOs Say Security Systems Not Delivering Value For Money, Too Complex To Manage - IT Security Guru

Vulnerabilities

Google Issues Emergency Chrome Security Update — Act Now

Experts forecast Ivanti VPN attacks as endpoint scans surge • The Register

SAP fixes suspected Netweaver zero-day exploited in attacks

Chrome 136, Firefox 138 Patch High-Severity Vulnerabilities - SecurityWeek

SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models

Airplay-enabled devices open to attack via "AirBorne" vulnerabilities - Help Net Security

CISOs should re-consider using Microsoft RDP due to password flaw, says expert | CSO Online

A worrying stealthy Linux security bug could put your systems at risk - here's what we know | TechRadar

Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised

Craft CMS RCE exploit chain used in zero-day attacks to steal data

Coinbase fixes 2FA log error making people think they were hacked

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 27/04/2025 Black Arrow Admin 27/04/2025

Black Arrow Cyber Threat Intelligence Briefing 25 April 2025

Black Arrow Cyber Threat Intelligence Briefing 25 April 2025:

-Cyber Security Is Now Critical for Business Growth, CEOs Say

-Cyber Threats Now a Daily Reality for One in Three Businesses

-66% of CISOs Are Worried Cyber Security Threats Surpass Their Defences

-M&S: Shares at FTSE 100 Retailer Fall as Cyber Attack Hits Customers

-Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks

-Cyber Attacks Surged in 2025, with Third Party Attacks Seeing a Huge Rise

-Nation-State Threats Put SMBs in Their Sights

-Global Firms Succumb to Ransomware: 86% Pay Up Despite Having Advanced Backup Tools

-Dutch Intelligence Report: Russia’s Sabotage in Europe Borders on State Terrorism

-Cyber Crime Syndicates Expand Beyond Southeast Asia, UN Warns of Global Threat

-159 Vulnerabilities Exploited in Q1 2025 — 28% Within 24 Hours of Disclosure

Exec Summary

Black Arrow Cyber’s review of specialist and general media has observed a significant shift in executive mindsets, with cyber security now seen as essential to business growth, not just a defensive measure. This includes reports of CEOs increasingly recognising the strategic value of robust security practices, particularly amid rising concerns over AI-driven threats. However, there remains a concerning gap between CISOs and the wider C-suite regarding the severity of risks, underlining the need for stronger alignment at leadership level.

This week’s reporting also highlights that cyber threats have become a daily operational reality, with small and medium-sized businesses bearing a disproportionate share of ransomware and nation-state attacks. Third-party vulnerabilities and supply chain compromises are escalating rapidly, exposing organisations to breaches through trusted partners. Black Arrow Cyber believes this growing complexity demands that businesses urgently reassess their resilience strategies and third-party risk management.

Finally, we note that ransomware attacks continue to overwhelm organisations, with high ransom payment rates despite advanced backup tools. Rapid exploitation of newly disclosed vulnerabilities, particularly in widely used systems, further compounds the threat landscape. Black Arrow believes that operational readiness, strong identity management, and swift vulnerability patching are now critical pillars for cyber resilience.

Cyber Security Is Now Critical for Business Growth, CEOs Say

A Gartner study has found that 85% of CEOs now view cyber security as critical to business growth in today’s digital and connected world. Three in five (61%) are concerned about cyber security threats, particularly with the rise of artificial intelligence influencing the threat landscape. The report highlights a shift in risk thresholds and underlines that cyber security has become a core business priority rather than simply a protective measure. CEOs are urged to champion the role of security leaders, while security leaders must demonstrate how effective cyber security strategies can safeguard assets and drive strategic growth.

Cyber Threats Now a Daily Reality for One in Three Businesses

FIS and Oxford Economics report that one in three businesses face daily cyber threats, 74% encounter critical incidents monthly and 88% of leaders cited cyber threats as a major disruption. Despite prioritising fraud risk management, over half of firms were dissatisfied with their fraud response plans, and nearly half do not regularly train employees on fraud and cyber awareness, leaving them exposed to greater risk.

66% of CISOs Are Worried Cyber Security Threats Surpass Their Defences

EY has found a growing disconnect between CISOs and the wider C-suite when it comes to cyber security threats. Two-thirds of CISOs fear threats now surpass their defences, compared to just over half of their C-suite peers. The report highlights that CISOs are more concerned than the rest of the C-suite about senior leaders at their organisation underestimating the dangers of cybersecurity threats (68% vs. 57%) and note a higher incidence of attacks from both cyber criminals and insider threats. Encouragingly, 75% of CISOs reported fewer incidents following investment in AI. C-suite leaders expect cyber security budgets to double next year, from 21% to 38% of total IT spend.

M&S: Shares at FTSE 100 Retailer Fall as Cyber Attack Hits Customers

Marks & Spencer (M&S) has confirmed it is managing a cyber attack that has disrupted contactless payments and forced the retailer to stop taking online orders amid a payments meltdown. As a result, shares have fallen by more than 4%. While stores remain open, M&S has temporarily moved some operations offline to protect customers and partners. Online orders have been suspended, but cash payments are still being accepted. The retailer is working with industry experts to restore full services and minimise further disruption.

Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks

Verizon’s latest Data Breach Investigations Report (DBIR) highlights that small businesses are bearing the brunt of ransomware attacks, with extortion malware found in 88% of breaches compared to 39% at larger firms. Ransomware was involved in 44% of all breaches, a 37% rise from the previous year with attack volumes increasing globally. State-sponsored actors are also increasingly deploying ransomware, with financial motives present in 28% of their incidents. Industries such as administration, wholesale trade, and transportation remain key targets for financially motivated cyber attacks.

Cyber Attacks Surged in 2025, with Third Party Attacks Seeing a Huge Rise

Verizon’s latest Data Breach Investigations Report also found that third-party involvement in cyber attacks has doubled, now featuring in 30% of cases. Based on over 22,000 security incidents and 12,195 confirmed data breaches, the research highlights a sharp rise in supply chain and partner ecosystem compromises. Cyber criminals increasingly target open-source code repositories to push malicious updates or impersonate legitimate software packages. The findings underline the growing risk third parties pose to organisations’ cyber security, with trust in external partners becoming a significant vulnerability.

Nation-State Threats Put SMBs in Their Sights

Nation-state cyber threat groups are increasingly targeting small and medium-sized businesses (SMBs), particularly those linked to larger organisations. Broadcom warns that most nation-state attacks now impact the private sector and midmarket firms, with identity providers among common targets. Many SMBs remain unaware of their role in the broader supply chain, making them attractive entry points. Nation-state actors are also seen moonlighting, switching between espionage and financially motivated cyber attacks. Experts stress that SMBs must strengthen their cyber defences, as they face the same sophisticated threats once reserved for larger enterprises.

Global Firms Succumb to Ransomware: 86% Pay Up Despite Having Advanced Backup Tools

Rubrik’s latest research shows that 86% of global organisations paid ransom demands last year, despite having access to advanced backup tools. The report highlights that 74% of firms experienced partial compromise of their backup systems, with 35% suffering complete compromise, often due to attackers disabling recovery infrastructure before encrypting data. Nearly 80% of breaches were driven by stolen identities, particularly exploiting legacy systems like Active Directory. Average ransom payments globally are around $479,000. The findings stress that true resilience requires not just technology, but operational readiness and leadership commitment to recovery preparedness.

Dutch Intelligence Report: Russia’s Sabotage in Europe Borders on State Terrorism

The Dutch Intelligence services (AIVD) have reported a sharp rise in Russian aggression across Europe in 2024, including espionage, cyber attacks, and disinformation campaigns described as bordering on state terrorism. A Dutch public facility was targeted by Russian hackers, and overall national threats increased, with 73 official reports issued - up from 56 in 2023. The report also flagged escalating extremist threats, including right-wing and jihadist violence, some involving very young individuals. China was identified as another major threat, targeting Dutch military research and supplying military goods to Russia. The AIVD warned that international conflicts are increasingly fuelling domestic instability.

Cyber Crime Syndicates Expand Beyond Southeast Asia, UN Warns of Global Threat

The United Nations has warned that cybercrime syndicates originating in Southeast Asia are now operating on a global scale, generating billions in scam profits each year. Despite law enforcement crackdowns, these groups have expanded into Africa, South America, and South Asia, moving operations to regions with weak governance. The UN reports that these networks use online platforms and cryptocurrency to scale operations, targeting victims in over 50 countries. In 2023 alone, the US reported losses of over $5.6 billion to cryptocurrency scams. Without international collaboration, the scale and impact of cyber fraud will continue to escalate.

159 Vulnerabilities Exploited in Q1 2025 — 28% Within 24 Hours of Disclosure

VulnCheck has reported that 159 vulnerabilities were exploited in the first quarter of 2025, with 28% targeted within just one day of disclosure. Most affected systems were content management platforms, network edge devices, and operating systems. Microsoft Windows, Broadcom VMware, and TOTOLINK routers were among the most impacted products. Verizon’s 2025 Data Breach Investigations Report noted a 34% rise in breaches initiated through vulnerability exploitation, now accounting for 20% of all incidents.

Sources:

https://www.techradar.com/pro/security/cybersecurity-is-now-critical-for-business-growth-ceos-say

https://www.helpnetsecurity.com/2025/04/21/businesses-fraud-consequence/

https://www.securitymagazine.com/articles/101557-66-of-cisos-are-worried-cybersecurity-threats-surpass-their-defenses

https://www.cityam.com/ms-shares-at-ftse-100-retailer-fall-as-cyber-attack-hits-customers/

https://www.infosecurity-magazine.com/news/verizon-dbir-smb-ransomware-attacks/

https://www.techradar.com/pro/security/cyberattacks-surged-in-2025-with-third-party-attacks-seeing-a-huge-rise

https://www.darkreading.com/threat-intelligence/nation-state-threats-smb

https://www.csoonline.com/article/3968299/global-firms-succumb-to-ransomware-86-pay-up-despite-having-advanced-backup-tools.html

https://nltimes.nl/2025/04/24/dutch-intelligence-report-russias-sabotage-europe-borders-state-terrorism

https://coinedition.com/cyber-crime-syndicates-expand-beyond-southeast-asia-un-warns-of-global-threat/

https://thehackernews.com/2025/04/159-cves-exploited-in-q1-2025-283.html

Governance, Risk and Compliance

66% of CISOs are worried cyber security threats surpass their defenses | Security Magazine

The Role of Threat Intelligence in Proactive Defense

Compliance weighs heavily on security and GRC teams - Help Net Security

Cyber threats now a daily reality for one in three businesses - Help Net Security

Cyber security is now critical for business growth, CEOs say | TechRadar

Cybersecurity Metrics That Matter for Board-Level Reporting

Cybersecurity Controls: What Do Regulators Expect Nowadays? | Alston & Bird - JDSupra

Why CISOs and CTOs Must Collaborate More Than Ever in Today’s Security Landscape

Nine of 10 global firms hit by cyber attacks – report | Insurance Business America

Exclusive: Small businesses under-prepared amid restructuring push

Businesses Failing to Prevent Cyber Attacks, Says Report

The C-suite gap that's putting your company at risk - Help Net Security

Veeam Report Finds Close to 70% of Organizations Still Under Cyber-Attack Despite Improved Defenses

Enterprises change how they manage cyber risk

From Reactive to Predictive - The Next Frontier for Security Leaders

Staying Ahead of Cyber Threats with Cyber Resilience | Dell USA

Beyond Compliance - How VPs of Security Drive Strategic Cybersecurity Initiatives

Not if, but when -- Why every organization needs a cyber resilience strategy

The Foundations of a Resilient Cyber Workforce

Threats

Ransomware, Extortion and Destructive Attacks

Verizon discovers spike in ransomware and exploited vulnerabilities | CyberScoop

Ransomware, espionage and data breaches? Yep – Verizon just dropped a 117-page thriller - PhoneArena

Over $16 billion in losses reported to FBI in 2024 tied to computer crime | The Record from Recorded Future News

Ransomware groups test new business models to hit more victims, increase profits | The Record from Recorded Future News

Ransomware attacks are rising — but quiet payouts could mean there's more than actually reported | IT Pro

Ransomware now plays a role in nearly half of all breaches, new research finds | The Record from Recorded Future News

Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks - Infosecurity Magazine

Could Ransomware Survive Without Cryptocurrency?

Ransomware Gangs Innovate With New Affiliate Models

Global firms succumb to ransomware: 86% pay up despite having advanced backup tools | CSO Online

The Ransomware Business Model: The State of Cyber Crime | Silicon UK Tech News

Ransomware activity trends | Professional Security Magazine

Interlock ransomware gang pushes fake IT tools in ClickFix attacks

Teach young people about ransomware risks before they enter work, expert urges | The Standard

Credential theft outpaces ransomware as cyber threat landscape evolves, report claims

Ransomware Gang Takes Page From Elon's 'What Did You Do This Week' DOGE Emails

Ransomware the most pervasive threat to US critical infrastructure in 2024, says FBI | CSO Online

Emulating the Hellish Helldown Ransomware - Security Boulevard

What is Ransomware? Definition and Complete Guide | Informa TechTarget

Ransomware Victims

Ransomware Gang Claims Attack On Manchester Credit Union

3 More Healthcare Orgs Hit by Ransomware Attacks

Interlock ransomware claims DaVita attack, leaks stolen data

M&S takes systems offline as 'cyber incident' lingers • The Register (unconfirmed)

Money blog: M&S forced to stop taking online orders amid payment meltdown | Money News | Sky News (unconfirmed)

Phishing & Email Based Attacks

Cyber crime set to rise as phishing-as-a-service could make hacking and identity theft go mainstream | TechRadar

Over $16 billion in losses reported to FBI in 2024 tied to computer crime | The Record from Recorded Future News

Emails delivering infostealers rose by 84% year-over-year | Security Magazine

The dark side of YouTube: Malicious links, phishing, and deepfakes - Help Net Security

Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals

Windows NTLM Hash Flaw Targeted in Global Phishing Attacks | MSSP Alert

Beware, hackers can apparently now send phishing emails from “no-reply@google.com” | TechRadar

Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows | Volexity

Pope Francis’ Passing Triggers Surge Of Phishing, SEO Poisoning, And Fake Images

A new kind of phishing attack is fooling Gmail’s security. Here’s how it works | Laptop Mag

DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack

Cover-Up Culture? 95% of Phishing Attacks Go Unreported in Healthcare, New Paubox Report Reveals

Who needs phishing when your login's already in the wild? • The Register

Business Email Compromise (BEC)/Email Account Compromise (EAC)

FBI: Cybercrime cost victims 'staggering' $16.6B last year • The Register

Over $16 billion in losses reported to FBI in 2024 tied to computer crime | The Record from Recorded Future News

Other Social Engineering

Cyber criminals blend AI and social engineering to bypass detection - Help Net Security

The dark side of YouTube: Malicious links, phishing, and deepfakes - Help Net Security

State-sponsored hackers embrace ClickFix social engineering tactic

'Elusive Comet' Attackers Use Zoom to Swindle Victims

Deepfake Impersonations: Your CEO’s Voice as a Threat Vector | MSSP Alert

State-sponsored actors spotted using ClickFix hacking tool developed by criminals | TechRadar

Pope Francis’ Passing Triggers Surge Of Phishing, SEO Poisoning, And Fake Images

North Korean Operatives Use Deepfakes in IT Job Interviews

Fraud, Scams and Financial Crime

FBI: Cyber Crime cost victims 'staggering' $16.6B last year • The Register

Deepfake Impersonations: Your CEO’s Voice as a Threat Vector | MSSP Alert

$40bn Southeast Asian Scam Sector Growing “Like a Cancer” - Infosecurity Magazine

Attackers, Defenders Lean on AI in Identity Fraud Battle

New payment-card scam involves a phone call, some malware and a personal tap | The Record from Recorded Future News

'Elusive Comet' Attackers Use Zoom to Swindle Victims

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms' sites

WordPress ad-fraud plugins generated 1.4 billion ad requests per day

“Scallywag” Scheme Monetizing Piracy Through Browser Extensions

Pope Francis’ Passing Triggers Surge Of Phishing, SEO Poisoning, And Fake Images

Microsoft warns users about AI-Driven scams that target Quick Assist - gHacks Tech News

This Android malware drains cards with a single tap | Cybernews

UK Romance Scams Spike 20% as Online Dating Grows - Infosecurity Magazine

The Evolution of Cyber Crime: How to Stay Safe from AI-Driven Fraud | StoneTurn - JDSupra

Microsoft warns of AI-powered scam surge

Billions of views weaponized: how cybercriminals use stolen YouTube and Instagram accounts and malicious sponsorships to launch mass-scale scams | TechRadar

The Cyber Criminals Who Organized a $243 Million Crypto Heist - The New York Times

Scammers Are Impersonating the FBI. Here's How To Spot Them - CNET

Artificial Intelligence

Cyber criminals blend AI and social engineering to bypass detection - Help Net Security

Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals

Bot Traffic Surpasses Humans Online—Driven by AI and Criminal Innovation - SecurityWeek

DeepSeek Breach Opens Floodgates to Dark Web

The AI market does not understand AI safety | TechTarget

Rethinking Resilience for the Age of AI-Driven Cyber Crime - Infosecurity Magazine

Attackers, Defenders Lean on AI in Identity Fraud Battle

Why CISOs are watching the GenAI supply chain shift closely - Help Net Security

Microsoft warns users about AI-Driven scams that target Quick Assist - gHacks Tech News

Identity is under siege as AI and cyber exploits evolve and outpace defenses | Biometric Update

The Evolution of Cyber Crime: How to Stay Safe from AI-Driven Fraud | StoneTurn - JDSupra

Microsoft warns of AI-powered scam surge

Slopsquatting: The worrying AI hallucination bug that could be spreading malware | Tom's Guide

The Shadow AI Surge: Study Finds 50% of Workers Use Unapproved AI Tools - SecurityWeek

Anthropic finds alarming 'emerging trends' in Claude misuse report | ZDNET

Microsoft Resumes Recall Feature Rollout After Privacy Backlash, Adds Security Functions | TechRepublic

2FA/MFA

'SessionShark' ToolKit Evades Microsoft Office 365 MFA

Malware

Emails delivering infostealers rose by 84% year-over-year | Security Magazine

Russian Bulletproof Hosting Provider Proton66 Linked To Global Cyber Attack Surge

Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery

Chinese APT Mustang Panda Debuts 4 New Attack Tools

Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader

The dark side of YouTube: Malicious links, phishing, and deepfakes - Help Net Security

The Zoom attack you didn't see coming - Help Net Security

Hackers are impersonating banks to infect your Android phone with credit card-stealing malware | Tom's Guide

'Elusive Comet' Attackers Use Zoom to Swindle Victims

Criminals are impersonating a popular online PDF converter service to trick users into downloading malware | TechRadar

Slopsquatting: The worrying AI hallucination bug that could be spreading malware | Tom's Guide

Rootkit bypasses most Linux security detection | Cybernews

Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools

Chinese hackers target Russian govt with upgraded RAT malware

Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign

Korean Telco Giant SK Telecom Hacked - SecurityWeek

Your cat’s microchip could carry malware | Cybernews

Bots/Botnets

Bot Traffic Surpasses Humans Online—Driven by AI and Criminal Innovation - SecurityWeek

Unmasking the Dead Internet: How bots and propaganda hijacked online discourse

Mobile

New Android malware steals your credit cards for NFC relay attacks

Leaking Apps: The Hidden Data Risks On Your Phone

Hackers are impersonating banks to infect your Android phone with credit card-stealing malware | Tom's Guide

New Android Warning — This TOAD Malware Attack Steals Cash From ATMs

Flexible working models fuel surge in device theft - Help Net Security

Russian army targeted by new Android malware hidden in mapping app

Denial of Service/DoS/DDoS

Dutch payment processor Adyen hit by three DDoS attacks | NL Times

Internet of Things – IoT

Opt out: how to protect your data and privacy if you own a Tesla | Tesla | The Guardian

Data Breaches/Leaks

Thousands of UK users of Vinted, Candy Crush and Tinder were hit in global hack

DeepSeek Breach Opens Floodgates to Dark Web

US Data Breach Victim Count Surges 26% Annually - Infosecurity Magazine

Data breach class action costs mount up | Computer Weekly

CISA Weighs In on Alleged Oracle Cloud Breach

Pete Hegseth shared Yemen attack details in second Signal chat – report | Trump administration | The Guardian

3 More Healthcare Orgs Hit by Ransomware Attacks

5.5 Million Patients Affected by Data Breach at Yale New Haven Health - SecurityWeek

Blue Shield shared 4.7M people's health info with Google Ads • The Register

Hackers claim TikTok breach, 927,000 passwords might hit the internet | Cybernews

Korean Telco Giant SK Telecom Hacked - SecurityWeek

Organised Crime & Criminal Actors

Russian Bulletproof Hosting Provider Proton66 Linked To Global Cyberattack Surge

Cyber Crime Syndicates Expand Globally From Southeast Asia: UN

Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery

$40bn Southeast Asian Scam Sector Growing “Like a Cancer” - Infosecurity Magazine

Russian Infrastructure Plays Crucial Role in North Korean Cyber Crime Operations | Trend Micro (US)

Hacking groups are now increasingly in it for the money, not the chaos | TechRadar

When confusion becomes a weapon: How cyber criminals exploit economic turmoil - Help Net Security

The Evolution of Cyber Crime: How to Stay Safe from AI-Driven Fraud | StoneTurn - JDSupra

Microsoft warns of AI-powered scam surge

Scattered Spider Hacking Suspect Extradited to US From Spain

'Cyber crime ranks as No 1 risk in SA, overtaking long-standing issues': expert

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

More Than a Quarter of Bybit's Hacked Crypto Is Now Untraceable

Could Ransomware Survive Without Cryptocurrency?

The Cybercriminals Who Organized a $243 Million Crypto Heist - The New York Times

DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack

Web3, cryptocurrency sectors targeted by North Korean hackers | SC Media

North Korean cyber spies created U.S. firms to dupe crypto developers | Reuters

Insider Risk and Insider Threats

Teach young people about ransomware risks before they enter work, expert urges | The Standard

The Foundations of a Resilient Cyber Workforce

Supply Chain and Third Parties

Cyber attacks surged in 2025, with third party attacks seeing a huge rise | TechRadar

Security snafus caused by third parties up from 15% to 30% • The Register

Why CISOs are watching the GenAI supply chain shift closely - Help Net Security

Cloud/SaaS

Microsoft Purges Millions of Cloud Tenants After Storm-0558

Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows | Volexity

Enterprises are facing a ‘cloud security crisis’ | IT Pro

Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts

'SessionShark' ToolKit Evades Microsoft Office 365 MFA

Widespread Microsoft Entra lockouts tied to new security feature rollout

CISA Weighs In on Alleged Oracle Cloud Breach

Outages

Widespread Microsoft Entra lockouts tied to new security feature rollout

Wait, how did a decentralized service like Bluesky go down? | TechCrunch

Identity and Access Management

Identity is under siege as AI and cyber exploits evolve and outpace defenses | Biometric Update

Widespread Microsoft Entra lockouts tied to new security feature rollout

Encryption

Hackers Weaponizing Certificates & Stolen Private Keys to Infiltrate Organizations

Hackers are impersonating banks to infect your Android phone with credit card-stealing malware | Tom's Guide

New Android Warning — This TOAD Malware Attack Steals Cash From ATMs

Perspectives on privacy, AI, and cybersecurity from the front lines of FinTech and Blockchain - A&O Shearman

Proposed Swiss encryption laws may have a severe impact on VPNs – what you need to know | Tom's Guide

Telegram vows to exit markets over encryption backdoor demands

Linux and Open Source

Open Source and Container Security Are Fundamentally Broken - The New Stack

Rootkit bypasses most Linux security detection | Cybernews

Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools

Passwords, Credential Stuffing & Brute Force Attacks

Credential theft outpaces ransomware as cyber threat landscape evolves, report claims

Vulnerability Exploitation and Credential Theft Now Top Initial Access - Infosecurity Magazine

Who needs phishing when your login's already in the wild? • The Register

7 Steps to Take After a Credential-Based cyberattack

Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials

Social Media

The dark side of YouTube: Malicious links, phishing, and deepfakes - Help Net Security

Billions of views weaponized: how cybercriminals use stolen YouTube and Instagram accounts and malicious sponsorships to launch mass-scale scams | TechRadar

Wait, how did a decentralized service like Bluesky go down? | TechCrunch

LinkedIn adds new verification tool to ensure security across the internet | TechRadar

Hackers claim TikTok breach, 927,000 passwords might hit the internet | Cybernews

Training, Education and Awareness

Teach young people about ransomware risks before they enter work, expert urges | The Standard

The Foundations of a Resilient Cyber Workforce

Regulations, Fines and Legislation

Compliance weighs heavily on security and GRC teams - Help Net Security

Ofcom takes world-leading action to crack down on exploitation of mobile networks by criminals - Ofcom

Cyber Security Controls: What Do Regulators Expect Nowadays? | Alston & Bird - JDSupra

Challenges persist as UK’s Cyber Security and Resilience Bill moves forward | Computer Weekly

Assessing The Impact Of The UK's Proposed Cyber Resilience Bill

EU Bolsters Cybersecurity With NIS2 Directive

Governance code of practice | Professional Security Magazine

The Wiretap: Trump’s Cyber Security Agency Avoided A Near Disaster

US cyber defences are being dismantled from the inside • The Register

Holyrood | Ofcom closes legal loophole that allowed criminals to track your location

Leasing of Global Titles banned | Professional Security Magazine

Why international alignment of cybersecurity regulations needs to be a priority  - Microsoft On the Issues

The splintering of a standard bug tracking system has begun • The Register

Why the MITRE CVE Database Scare Proves Multi-Source Vulnerability Intelligence Is Essential

Pete Hegseth shared Yemen attack details in second Signal chat – report | Trump administration | The Guardian

Proposed Swiss encryption laws may have a severe impact on VPNs – what you need to know | Tom's Guide

Bill introduced to extend the Cybersecurity Information Sharing Act | Security Magazine

Two top cyber officials resign from CISA | The Record from Recorded Future News

2025 State Cybersecurity Legislation Focuses on Financial Services | Alston & Bird - JDSupra

Zambia's Updated Cyber Laws Prompt Surveillance Warnings

Top intelligence lawmaker fears China may exploit DOGE’s changes to government - Nextgov/FCW

Telegram vows to exit markets over encryption backdoor demands

Models, Frameworks and Standards

Assessing The Impact Of The UK's Proposed Cyber Resilience Bill

EU Bolsters Cybersecurity With NIS2 Directive

Governance code of practice | Professional Security Magazine

Get ready for a new era in cyber security: what the UK's forthcoming cyber law means for you, Giles Pratt, Rhodri Thomas, Christine Simpson, Adam Gillert

MITRE Launches New D3FEND CAD Tool to Create Precise Cybersecurity Scenarios

Mapping The Cyber Kill Chain Using Correlated Security Logs And Timeline Tools

Careers, Working in Cyber and Information Security

Switching to Cyber Security: Advice for Midcareer Professionals

Two ways AI hype is worsening the cyber security skills crisis | CSO Online

Cyber ‘agony aunts’ launch guidebook for women in security | Computer Weekly

Law Enforcement Action and Take Downs

Scattered Spider Hacking Suspect Extradited to US From Spain

Misinformation, Disinformation and Propaganda

Unmasking the Dead Internet: How bots and propaganda hijacked online discourse

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Ransomware, espionage and data breaches? Yep – Verizon just dropped a 117-page thriller - PhoneArena

Dutch intelligence report: Russia’s sabotage in Europe borders on state terrorism | NL Times

Cyber threats target F-35 in new era of military defense risks

Senior Pentagon Official Says Cyber Warfare Poses Significant Threat to Joint Force > U.S. Department of Defense > Defense Department News

The state of cyberwar in Ukraine — and how CISOs can help | CSO Online

Countries shore up digital defenses as tensions raise the threat of cyberwarfare - ABC News

Nation State Actors

Nation-State Threats Put SMBs in Their Sights

State-sponsored actors spotted using ClickFix hacking tool developed by criminals | TechRadar

China

China “has completed its journey to cyber superpower” - and Google security expert explains why threats could get even worse in years to come | TechRadar

Chinese APT Mustang Panda Debuts 4 New Attack Tools

How Chinese hacking got so good

Chinese Ghost Hackers Hit Hospitals And Factories In America And U.K.

Microsoft Purges Millions of Cloud Tenants After Storm-0558

Chinese hackers target Russian govt with upgraded RAT malware

Earth Kurma APT Campaign Targets Southeast Asian Government Telecom Sectors | Trend Micro (US)

DeepSeek Breach Opens Floodgates to Dark Web

Top intelligence lawmaker fears China may exploit DOGE’s changes to government - Nextgov/FCW

Russia

Dutch intelligence report: Russia’s sabotage in Europe borders on state terrorism | NL Times

State-sponsored hackers embrace ClickFix social engineering tactic

Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations | Trend Micro (US)

Russia is ramping up hybrid attacks against Europe, Dutch intelligence says | Reuters

Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows | Volexity

Dutch Warn of “Whole of Society” Russian Cyber-Threat - Infosecurity Magazine

The state of cyberwar in Ukraine — and how CISOs can help | CSO Online

Russia’s Arming For Space War I, Targeting SpaceX Satellite Systems

Chinese hackers target Russian govt with upgraded RAT malware

Russian Bulletproof Hosting Provider Proton66 Linked To Global Cyberattack Surge

Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery

Trojanized Alpine Quest app geolocates Russian soldiers • The Register

Russian army targeted by new Android malware hidden in mapping app

Iran

Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign

Israel subjected to persistent targeting by Iranian hackers | SC Media

North Korea

Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations | Trend Micro (US)

North Korean Operatives Use Deepfakes in IT Job Interviews

Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

More Than a Quarter of Bybit's Hacked Crypto Is Now Untraceable

DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack

Web3, cryptocurrency sectors targeted by North Korean hackers | SC Media

Lazarus hackers breach six companies in watering hole attacks

Senior Pentagon Official Says Cyber Warfare Poses Significant Threat to Joint Force > U.S. Department of Defense > Defense Department News

North Korean cyber spies created U.S. firms to dupe crypto developers | Reuters

Tools and Controls

66% of CISOs are worried cyber security threats surpass their defenses | Security Magazine

The Role of Threat Intelligence in Proactive Defense

Cyber security Controls: What Do Regulators Expect Nowadays? | Alston & Bird - JDSupra

Cyber security Metrics That Matter for Board-Level Reporting

Enterprises change how they manage cyber risk

What is Risk Exposure in Business? | Definitions from TechTarget

Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials

Chinese APT Mustang Panda Debuts 4 New Attack Tools

Two ways AI hype is worsening the cyber security skills crisis | CSO Online

Rethinking Resilience for the Age of AI-Driven Cybercrime - Infosecurity Magazine

Open Source and Container Security Are Fundamentally Broken - The New Stack

Hackers Weaponizing Certificates & Stolen Private Keys to Infiltrate Organizations

Digital Forensics In 2025: How CSOs Can Lead Effective Investigations

Stronger Cloud Security in Five: How To Protect Your Cloud Workloads - Security Boulevard

Criminals target APIs as web attacks skyrocket globally | IT Pro

Widespread Microsoft Entra lockouts tied to new security feature rollout

7 Steps to Take After a Credential-Based cyberattack

The Foundations of a Resilient Cyber Workforce

From Reactive to Predictive - The Next Frontier for Security Leaders

5 Reasons Device Management Isn't Device Trust

Staying Ahead of Cyber Threats with Cyber Resilience | Dell USA

Not if, but when -- Why every organization needs a cyber resilience strategy

Traditional Networks Are Leaving Organizations Exposed

Coaching AI agents: Why your next security hire might be an algorithm - Help Net Security

Executives think AI can supercharge cyber security teams – analysts aren’t convinced | IT Pro

Exposure validation emerges as critical cyber defense component - Help Net Security

5 Major Concerns With Employees Using The Browser

Microsoft Claims Steady Progress Revamping Security Culture

Cyber Security Indicators: How IOCs, IOBs, and IOAs Empower Threat Detection and Prevention

Mapping The Cyber Kill Chain Using Correlated Security Logs And Timeline Tools

MITRE Launches New D3FEND CAD Tool to Create Precise Cybersecurity Scenarios

Reports Published in the Last Week

2025 Data Breach Investigations Report | Verizon

Other News

66% of CISOs are worried cybersecurity threats surpass their defenses | Security Magazine

Cyber threats now a daily reality for one in three businesses - Help Net Security

UK utility cyberattacks rose 586% from 2022 to 2023 | Security Magazine

Nine of 10 global firms hit by cyber attacks – report | Insurance Business America

M&S apologises after ‘cyber incident’ hits contactless payments and online orders | Marks & Spencer | The Guardian

Cyber in financial services study | Professional Security Magazine

The Biggest Security Risks With Public Wi-Fi | HuffPost Life

Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks - Infosecurity Magazine

A new era of cyber threats is approaching for the energy sector - Help Net Security

New KnowBe4 Report Exposes Critical Cyber Threats in European Energy Sector

Why cyber security matters for small and medium-sized businesses – Computerworld

Exclusive: Small businesses under-prepared amid restructuring push

Adversary-in-the-Middle Attacks Persist – Strategies to Lessen the Impact - Security Boulevard

Two-thirds of cops find NATO summit in The Hague irresponsible | NL Times

Cyber attack hits drinking water supplier in Spanish town near Barcelona | The Record from Recorded Future News

Cyber threats escalate against energy sector | SC Media

Understanding 2024 cyber attack trends - Help Net Security

Microsoft Claims Steady Progress Revamping Security Culture

5 Most Common Security Attack Methods in 2024: Mandiant’s M-Trends Report

Cyber attacks Soar 47% Globally – Attacks On Education Increase By 73%

Perspectives on privacy, AI, and cyber security from the front lines of FinTech and Blockchain - A&O Shearman

What school IT admins are up against, and how to help them win - Help Net Security

Cyber security in 2025- Real-World Threats and Lessons Learned

Is the automotive industry on the cusp of a cyber war? | Automotive World

Phishing Attacks Lead to Theft in the Shipping Industry | Manufacturing.net

Are maritime hackers pushing at an open door? - Ship Technology

Vulnerability Management

159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure

Enterprises change how they manage cyber risk

Microsoft Security Vulnerabilities Set Record High in 2024: BeyondTrust

Vulnerability Exploitation and Credential Theft Now Top Initial Access - Infosecurity Magazine

Attackers hit security device defects hard in 2024 | CyberScoop

Businesses Failing to Prevent Cyber Attacks, Says Report

Verizon's DBIR Reveals 34% Jump in Vulnerability Exploitation - Infosecurity Magazine

The Wiretap: Trump’s Cyber Security Agency Avoided A Near Disaster

Open Source and Container Security Are Fundamentally Broken - The New Stack

The splintering of a standard bug tracking system has begun • The Register

Exposed and unaware: The state of enterprise security in 2025 - Help Net Security

Why the MITRE CVE Database Scare Proves Multi-Source Vulnerability Intelligence Is Essential

Vulnerabilities

Cisco Webex bug lets hackers gain code execution via meeting links

SonicWall SMA VPN devices targeted in attacks since January

Windows NTLM Hash Flaw Targeted in Global Phishing Attacks | MSSP Alert

Eight days from patch to exploitation for Microsoft flaw • The Register

Apple Zero Days Under 'Sophisticated Attack,' but Details Lacking

Rootkit bypasses most Linux security detection | Cybernews

Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools

Zyxel RCE Vulnerability Allows Arbitrary Query Execution Without any Authentication

Highest-Risk Security Flaw Found in Commvault Backup Solutions - Infosecurity Magazine

Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) - Help Net Security

VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025 | CyberScoop

TP-Link Router Vulnerabilities Let Attackers Inject Malicious SQL Commands

Patch Now: NVIDIA Flaws Expose AI Models, Critical Infrastructure

ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware

Active! Mail RCE flaw exploited in attacks on Japanese orgs

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 20/04/2025 Black Arrow Admin 20/04/2025

Black Arrow Cyber Threat Intelligence Briefing 18 April 2025

Black Arrow Cyber Threat Intelligence Briefing 18 April 2025:

-Fraud in Your Inbox: Email Is Still the Weakest Link

-Firm Fined After Stolen Client Details Leaked onto Dark Web

-Financial Fraud, with a Third-Party Twist, Dominates Cyber Claims

-Cyber Risks in M&A: When Companies Merge, So Do Their Cyber Threats

-CISOs Turn to Cyber Risk Quantification to Bridge the Gap Between Security and Business

-UK Financial Services Under Pressure from Cyber Security Challenges and Mounting Regulatory Requirements

-Organisations Can’t Afford to Be Non-Compliant

-C-Suite Divides on Cyber Security Threats Pose Organisational Risks, Study Finds

-Cyber Security Threats and Geopolitical Risks Top Business Travel Concerns

-Rising Cyber Threats Fuel 12.2% Growth in Global Cyber Security Spending

-Understanding Credential Stuffing: A Growing Cyber Security Threat

-30% of Charities Experienced Cyber Security Breaches or Attacks Last Year

-The UK’s Phone Theft Crisis Is a Wake-Up Call for Digital Security

Exec Summary

Black Arrow’s look at threat intelligence from the last week highlights that email-based fraud is still rampant, accounting for 83% of financial fraud claims, highlighting how easily employees can be deceived by impersonation and AI-generated scams. Similarly, credential stuffing and phishing campaigns persistently exploit insufficient password practices and user behaviour, with financial and insurance firms reporting average losses of over $500,000 per incident.

We report on the reprimand and fine imposed by the UK’s information security authority, the ICO, on a law firm with Cyber Essentials that had failed to prevent a breach of its systems that resulted in significant data loss. Other insights include the risks posed by third parties, mergers, and even basic mobile device theft. These underscore the need for tighter internal controls, stronger governance, and proactive risk assessments.

That risk assessment should include Cyber Risk Quantification which, as we report, is increasingly used to align cyber priorities with financial goals. As regulatory pressures mount and geopolitical tensions rise, Black Arrow recommends embedding cyber risk assessment and management into board-level strategy to enable a justified investment in long-term cyber resilience to withstand the evolving threat landscape.

Governance, Risk and Compliance

Organisations can't afford to be non-compliant - Help Net Security

The UK's cyber blindspot lies with its SMBs

Bridewell research finds UK Financial Services under pressure from cyber security challenges and mounting regulatory requirements - IT Security Guru

The most dangerous time for enterprise security? One month after an acquisition | CSO Online

When companies merge, so do their cyber threats - Help Net Security

C-suite divides on cyber security threats pose organisational risks

Businesses to Increase Cyber Security Spending by 12.2%

Cyber Risk Quantification - Turning Security into Business Language

The Future of GRC - Integrating ESG, Cyber, and Regulatory Risk

Are We Prioritizing the Wrong Security Metrics?

Why 78% of Security Leaders Are Rethinking Their Entire Cyber Strategy in 2025

What boards want and don’t want to hear from cyber security leaders | CSO Online

Cyber Security Leadership in Crisis? CISO Resignations Spike After Major Breaches

Why Every CISO Needs a Crisis Communications Plan in 2025

CISOs Face 2025 Cyber Threats with Shrinking Budgets and High Demands

Cyber threats are inevitable - Is your board ready? - Businessday NG

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware crooks search for 'insurance' 'policy' right away • The Register

Unpacking IABs: The Middlemen Fuelling Ransomware Attacks

More Resilient Organisations Successfully Battled Ransomware in 2024: BakerHostetler

Black Basta-like Microsoft Teams phishing leads to novel backdoor | SC Media

HelloKitty Ransomware Resurafced Targeting Windows, Linux, & ESXi Environments

RansomHouse Ransomware: What You Need To Know | Fortra

The CISO's Guide to Managing Ransomware Threats in 2025

Medusa Ransomware: Inside the 2025 Resurgence of One of the Internet’s Most Aggressive Threats - Security Boulevard

Ransomware Reaches A Record High, But Payouts Are Dwindling | Tripwire

Ransomware Attacks Rose by 126% Attacking Consumer Goods & Services Companies

Coalition’s Cyber Threat Index 2025 Finds Most Ransomware Incidents Start with Compromised VPN Devices

Ransomware Victims

Cyber Attack Impacting Oregon Environmental Department

Ransomware attack cost IKEA operator in Eastern Europe $23 million

Kidney dialysis firm DaVita hit by weekend ransomware attack

Ransomware Group Claims Hacking of Oregon Regulator After Data Breach Denial - SecurityWeek

Airport retailer agrees to $6.9 million settlement over ransomware data breach | The Record from Recorded Future News

Ahold Delhaize confirms data theft after INC ransomware claims attack

Phishing & Email Based Attacks

Fraud in Your Inbox: Email Is Still the Weakest Link

Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft

Tycoon2FA phishing kit targets Microsoft 365 with new tricks

Black Basta-like Microsoft Teams phishing leads to novel backdoor | SC Media

Cozy Bear Strikes Again: Sophisticated Phishing Campaign Hits EU Foreign Ministries

AI Presentation Tool Leveraged in Phishing Attacks

Watch Out for This Sophisticated Phishing Email That Looks Like It's From Google

Other Social Engineering

Cozy Bear Strikes Again: Sophisticated Phishing Campaign Hits EU Foreign Ministries

Russian state hackers target European diplomats — with fake wine-tasting events – POLITICO

Minister’s hacked X account promotes ‘House of Commons cryptocurrency’ scam | The Standard

Fraud, Scams and Financial Crime

Financial Fraud, With a Third-Party Twist, Dominates Cyber Claims

Romance As A Weapon: The New Face Of Cyberattacks

Google blocked over 5 billion ads in 2024 amid rise in AI-powered scams

Microsoft Thwarts $4bn in Fraud Attempts - Infosecurity Magazine

Holyrood Article | UK minister's X account hacked to promote fake cryptocurrency

Man who helped scammers swindle at least £100m from victims is jailed | UK News | Sky News

The Most Dangerous Hackers You’ve Never Heard Of | WIRED

Artificial Intelligence

Artificial Intelligence Fuels Rise of Hard-to-Detect Bots That Now Make up More Than Half of Global Internet Traffic, According to the 2025 Imperva Bad Bot Report

The quiet data breach hiding in AI workflows - Help Net Security

"Slopsquatting" attacks are using AI-hallucinated names resembling popular libraries to spread malware | TechRadar

Google blocked over 5 billion ads in 2024 amid rise in AI-powered scams

AI Presentation Tool Leveraged in Phishing Attacks

Report: Cyber Security, Not AI, Is Top Concern for Businesses

Widely available AI tools signal new era of malicious bot activity - Help Net Security

CISOs Respond to Surge in AI-Powered Attacks with Advanced Defence Strategies

When AI agents go rogue, the fallout hits the enterprise - Help Net Security

House investigation into DeepSeek teases out funding, security realities around Chinese AI tool | CyberScoop

Organisations Found to Address Only 21% of GenAI-Related Flaws - Infosecurity Magazine

Comprehensive framework addresses AI cyber threats

10 Bugs Found in Perplexity AI's Chatbot Android App

Meta Resumes EU AI Training Using Public User Data After Regulator Approval

2FA/MFA

Don't just lock your door: MFA alone is not enough in today's cyber security climate | TechRadar

Tycoon2FA phishing kit targets Microsoft 365 with new tricks

Malware

European Companies Infected With New Chinese-Nexus Backdoor

"Slopsquatting" attacks are using AI-hallucinated names resembling popular libraries to spread malware | TechRadar

New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms

Cozy Bear Strikes Again: Sophisticated Phishing Campaign Hits EU Foreign Ministries

Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool

DPRK Hackers Exploit LinkedIn to Infect Developers with Infostealers - Infosecurity Magazine

Emulating the Stealthy StrelaStealer Malware - Security Boulevard

Over 16,000 Fortinet devices compromised with symlink backdoor

Midnight Blizzard deploys new GrapeLoader malware in embassy phishing

Researchers warn about ‘Goffee’ spilling onto Russian flash drives | The Record from Recorded Future News

Paper Werewolf Targets Flash Drives With New Malware

Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT

Bots/Botnets

Artificial Intelligence Fuels Rise of Hard-to-Detect Bots That Now Make up More Than Half of Global Internet Traffic, According to the 2025 Imperva Bad Bot Report

Widely available AI tools signal new era of malicious bot activity - Help Net Security

Mobile

The UK’s phone theft crisis is a wake-up call for digital security - Help Net Security

5 warning signs that your phone's been hacked - and how to fight back | ZDNET

Biometrics vs. passcodes: What lawyers recommend if you're worried about warrantless phone searches | ZDNET

Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users

35 countries use Chinese networks for transporting mobile user traffic, posing cyber risks | CyberScoop

‘China Is Everywhere’—Your iPhone, Android Phone Now At Risk

How This Simple Phone Security Boost From Google Could Be Good for Your Business

Building mobile security awareness training for end users | TechTarget

Google adds Android auto-reboot to block forensic data extractions

Your Android phone is getting a new security secret weapon - how it works | ZDNET

10 Bugs Found in Perplexity AI's Chatbot Android App

Internet of Things – IoT

The EU’s Cyber Resilience Act: New Cyber Security Requirements for Connected Products and Software | Pillsbury Winthrop Shaw Pittman LLP - JDSupra

Securing digital products under the Cyber Resilience Act - Help Net Security

Data Breaches/Leaks

From likes to leaks: How social media presence impacts corporate security - Help Net Security

Hacked law firm 'didn't think it was a data breach' – the ICO disagreed | IT Pro

The quiet data breach hiding in AI workflows - Help Net Security

Sector by sector: How data breaches are wrecking bottom lines - Help Net Security

1.6 million hit in massive insurance data breach — full names, addresses, SSNs and more exposed | Tom's Guide

Lessons from the cyber attacks on Brydens Lawyers, Aussie super funds - Lawyers Weekly

Hertz confirms customer info, drivers' licenses stolen in data breach

Govtech giant Conduent confirms client data stolen in January cyberattack

Hertz says personal, sensitive data stolen in Cleo attacks • The Register

Insurance Firm Lemonade Says API Glitch Exposed Some Driver’s License Numbers - SecurityWeek

Landmark Admin now says info on 1.6M people stolen from it • The Register

Western Sydney University discloses security breaches, data leak

Laboratory Services Cooperative data breach impacts 1.6M People

Entertainment venue management firm Legends International disclosed a data breach

Whistleblower org says DOGE may have caused 'significant cyber breach' at US labor watchdog | Reuters

Private Jet Hack Surfaces Guide to Serving Elon Musk on Flights

Airport retailer agrees to $6.9 million settlement over ransomware data breach | The Record from Recorded Future News

Organised Crime & Criminal Actors

Cyber criminal groups embrace corporate structures to scale, sustain operations - Help Net Security

The Most Dangerous Hackers You’ve Never Heard Of | WIRED

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users

TraderTraitor: The Kings of the Crypto Heist | WIRED

Holyrood Article | UK minister's X account hacked to promote fake cryptocurrency

The Most Dangerous Hackers You’ve Never Heard Of | WIRED

Binance Users Targeted by New Phishing SMS Scam

Insider Risk and Insider Threats

Cyber Security by Design: When Humans Meet Technology

Insurance

Ransomware crooks search for 'insurance' 'policy' right away • The Register

Financial Fraud, With a Third-Party Twist, Dominates Cyber Claims

What insurers should know about today’s cyber threats - Insurance Post

You’re always a target, so it pays to review your cyber security insurance | CSO Online

Supply Chain and Third Parties

Financial Fraud, With a Third-Party Twist, Dominates Cyber Claims

Building Cyber Resilience into Supply Chains | Manufacturing.net

From Third-Party Vendors to US Tariffs: The New Cyber Risks Facing Supply Chains

Govtech giant Conduent confirms client data stolen in January cyber attack

Landmark Admin now says info on 1.6M people stolen from it • The Register

Cloud/SaaS

Microsoft blocks ActiveX by default in Microsoft 365, Office 2024

Black Basta-like Microsoft Teams phishing leads to novel backdoor | SC Media

Identity and Access Management

Identity Attacks Now Comprise a Third of Intrusions - Infosecurity Magazine

Encryption

Why businesses must prepare for a post-quantum future | TechRadar

Government's privacy dispute with Apple 'really strange', expert says

Linux and Open Source

HelloKitty Ransomware Resurafced Targeting Windows, Linux, & ESXi Environments

Chinese espionage group leans on open-source tools to mask intrusions | CyberScoop

Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool

Passwords, Credential Stuffing & Brute Force Attacks

Credential theft escalates as threat actors use stealthier tactics

Understanding Credential Stuffing: A Growing Cyber Security Threat - Security Boulevard

Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft

Identity Attacks Now Comprise a Third of Intrusions - Infosecurity Magazine

Biometrics vs. passcodes: What lawyers recommend if you're worried about warrantless phone searches | ZDNET

Social Media

From likes to leaks: How social media presence impacts corporate security - Help Net Security

Holyrood Article | UK minister's X account hacked to promote fake cryptocurrency

Regulations, Fines and Legislation

Hacked law firm 'didn't think it was a data breach' – the ICO disagreed | IT Pro

ICO fines law firm £60,000 after dark web publishes client data - Legal Futures

Law biz appeals £60K ICO fine over 32 GB digital burglary • The Register

The EU’s Cyber Resilience Act: New Cyber Security Requirements for Connected Products and Software | Pillsbury Winthrop Shaw Pittman LLP - JDSupra

UK: Will UK Cyber Reforms Keep Step with NIS2? | DLA Piper - JDSupra

Whiplash: The (Brief and Tragic?) Life of the SEC’s Cyber Disclosure Rules | Woodruff Sawyer - JDSupra

CVE Program Funding Reinstated—What It Means And What To Do Next

Cutting NIST’s Workforce Threatens American Tech Innovation and Leadership

Pall Mall Process Progresses but Leads to More Questions

Cybersecurity act: European Commission prepares revision | Practical Law

The US almost let the CVE system die - the cyber security world's universal bug tracker | TechSpot

Chris Krebs resigns from SentinelOne to focus on fighting Trump’s executive order | CyberScoop

Zambian cyber-security law: US embassy issues alert - BBC News

CVE Foundation Launched to Ensure the Long-term Vulnerability Tracking

Will politicization of security clearances make US cyber security firms radioactive? | CSO Online

Meta Resumes EU AI Training Using Public User Data After Regulator Approval

Securing digital products under the Cyber Resilience Act - Help Net Security

Models, Frameworks and Standards

UK: Will UK Cyber Reforms Keep Step with NIS2? | DLA Piper - JDSupra

Top Security Frameworks Used by CISOs in 2025

NIST Updates Privacy Framework, Tying It to Recent Cyber Security Guidelines | NIST

Pall Mall Process Progresses but Leads to More Questions

Cyber Security act: European Commission prepares revision | Practical Law

Holyrood | Cutting Through the Framework Fog: Building Real Cyber Resilience in Scotland

Securing digital products under the Cyber Resilience Act - Help Net Security

Data Protection

Hacked law firm 'didn't think it was a data breach' – the ICO disagreed | IT Pro

Law firm fined after hackers leak client files on dark web following cyber attack | Law Gazette

Law biz appeals £60K ICO fine over 32 GB digital burglary • The Register

Careers, Working in Cyber and Information Security

Self-Motivation: The Key to Working in Cyber Security - Infosecurity Magazine

The cyber security job market is complicated: 3 key insights - Security Boulevard

From classrooms to command posts: The cyber education crisis | SC Media

CISOs rethink hiring to emphasize skills over degrees and experience | CSO Online

The Top Company Names for a Cyber Security Résumé - Business Insider

Veterans are an obvious fit for cyber security, but tailored support ensures they succeed | CSO Online

Law Enforcement Action and Take Downs

Man who helped scammers swindle at least £100m from victims is jailed | UK News | Sky News

Met brings leader of fraud platform to justice  | Metropolitan Police

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Cyber resilience key to UK defence says Minister

Are they really hacktivists or state-backed goons in masks? • The Register

Nation State Actors

China

China can flick EU 'kill switch' -- Europe mulls cyberattack risk - Nikkei Asia

China admits behind closed doors it was involved in Volt Typhoon attacks | TechRadar

European Companies Infected With New Chinese-Nexus Backdoor

Chinese APT Mustang Panda Updates, Expands Arsenal - SecurityWeek

Chinese APTs Exploit EDR 'Visibility Gap' for Cyber Espionage

Chinese espionage group leans on open-source tools to mask intrusions | CyberScoop

Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool

35 countries use Chinese networks for transporting mobile user traffic, posing cyber risks | CyberScoop

‘China Is Everywhere’—Your iPhone, Android Phone Now At Risk

Shadow War: US-China Cyber Tensions and the Taiwan Fault Line

House investigation into DeepSeek teases out funding, security realities around Chinese AI tool | CyberScoop

Man Helped Chinese Nationals Get Jobs Involving Sensitive US Government Projects - SecurityWeek

Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users

Ransomware gang 'CrazyHunter' Targets Taiwan Orgs

Russia

Cozy Bear Strikes Again: Sophisticated Phishing Campaign Hits EU Foreign Ministries

Possible Russian Hackers Targeted UK Ministry of Defence

Russian state hackers target European diplomats — with fake wine-tasting events – POLITICO

Hacking group Anonymous unleashes huge cyber attack on Russia - World News - LADbible

Gamaredon: The Turncoat Spies Relentlessly Hacking Ukraine | WIRED

Midnight Blizzard deploys new GrapeLoader malware in embassy phishing

Centre Party website under attack on Election Day; suspicions point toward Russia | Yle News | Yle

Paper Werewolf Targets Flash Drives With New Malware

Poland Says Russian Cyberattacks Intensify Ahead of Vote

Researchers warn about ‘Goffee’ spilling onto Russian flash drives | The Record from Recorded Future News

Iran

CyberAv3ngers: The Iranian Saboteurs Hacking Water and Gas Systems Worldwide | WIRED

North Korea

Are they really hacktivists or state-backed goons in masks? • The Register

TraderTraitor: The Kings of the Crypto Heist | WIRED

DPRK Hackers Exploit LinkedIn to Infect Developers with Infostealers - Infosecurity Magazine

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT

Cyber Threats Against Energy Sector Surge as Global Tensions Mount

Cyber security threats and geopolitical risks top business travel concerns | Travolution

Geopolitics Just Cranked Up Your Threat Model, Again. Here’s What Cyber Pros Need to Know - Security Boulevard

‘We’re coming for Elon Musk’: Hacker group reportedly plans cyberattacks on Tesla, SpaceX and more | Mint

Are they really hacktivists or state-backed goons in masks? • The Register

Hacking group Anonymous unleashes huge cyberattack on Russia - World News - LADbible

Tools and Controls

Global cyber security spending is set to rise 12% in 2025 – here are the industries ramping up investment | IT Pro

Cyber Risk Quantification - Turning Security into Business Language

Hackers Exploiting Windows .RDP Files For Rogue Remote Desktop Connections

Chinese APTs Exploit EDR 'Visibility Gap' for Cyber Espionage

Building Cyber Resilience into Supply Chains | Manufacturing.net

94% of firms say pentesting is essential, but few are doing it right - Help Net Security

Hackers are duping developers with malware-laden coding challenges | IT Pro

DPRK Hackers Exploit LinkedIn to Infect Developers with Infostealers - Infosecurity Magazine

Cyber Security by Design: When Humans Meet Technology

Network Edge Devices the Biggest Entry Point for Attacks on SMBs - Infosecurity Magazine

Active Directory Recovery Can't Be an Afterthought

Understanding and threat hunting for RMM software misuse | Intel 471

How This Simple Phone Security Boost From Google Could Be Good for Your Business

How Threat Intelligence Can Identify Chinks in the Armor

What is Vulnerability Exposure Management? - Security Boulevard

Demystifying Security Posture Management - SecurityWeek

Your Network Is Showing - Time to Go Stealth - Security Boulevard

Why 78% of Security Leaders Are Rethinking Their Entire Cyber Strategy in 2025

Why Every CISO Needs a Crisis Communications Plan in 2025

Why shorter SSL/TLS certificate lifespans matter - Help Net Security

Secure by design: what we can learn from the financial services sector | TechRadar

Organisations Lack Incident Response Plans, but Answers Are on the Way

AI in Cyber Security: Double-Edged Sword or Game-Changer? | Silicon UK Tech News

Cyber resilience key to UK defence says Minister

CISOs Face 2025 Cyber Threats with Shrinking Budgets and High Demands

You’re always a target, so it pays to review your cyber security insurance | CSO Online

Cyber threats are inevitable - Is your board ready? - Businessday NG

Reports Published in the Last Week

BakerHostetler Launches 2025 Data Security Incident Response Report

Other News

30% of charities experienced cyber security breaches or attacks last year, stats show

Bridewell research finds UK Financial Services under pressure from cyber security challenges and mounting regulatory requirements - IT Security Guru

Initial Access Brokers Shift Tactics, Selling More for Less

Cyber Threats Against Energy Sector Surge as Global Tensions Mount

That Action Figure Trend Could Be Putting Your Cyber Security At Risk – Here's What To Know | HuffPost UK Life

Public Officials Separate Workplace and Personal Online Lives. Hackers Don’t Care. - WSJ

Network Edge Devices the Biggest Entry Point for Attacks on SMBs - Infosecurity Magazine

Accounting Firms Can't Skimp on Cyber Security

Cyber Security in Business Ownership: What Your Start-Up Should Know | Mandelbaum Barrett PC - JDSupra

‘We’re coming for Elon Musk’: Hacker group reportedly plans cyberattacks on Tesla, SpaceX and more | Mint

Cyber resilience key to UK defence says Minister

UK Public Sector under fire: the battle against cyber crime | TechRadar

How Online Poker Platforms Stay a Step Ahead of Cyber Threats - IT Security Guru

The engineer's guide to staying ahead of cyber threats | TechRadar

Vulnerability Management

NVD Revamps Operations as Vulnerability Reporting Surges - Infosecurity Magazine

69% of Critical & High Severity Vulnerabilities Not Patched by Organisations

94% of firms say pentesting is essential, but few are doing it right - Help Net Security

Microsoft: Exchange 2016 and 2019 reach end of support in six months

CVE Program Funding Reinstated—What It Means And What To Do Next

What is Vulnerability Exposure Management? - Security Boulevard

Screw gov’t funding, we’re going nonprofit, CVE Board declares after database debacle | Cybernews

CVE Foundation Launched to Ensure the Long-term Vulnerability Tracking

TP-Link becomes a CVE Numbering Authority to improve cyber security

Vulnerabilities

Microsoft vulnerabilities: What's improved, what's at risk - Help Net Security

Microsoft: New Windows updates fix Active Directory policy issues

Hackers lurk in over 14K Fortinet devices | Cybernews

Fortinet Zero-Day Bug May Lead to Arbitrary Code Execution

Is Ivanti the problem or a symptom of a systemic issue with network devices? | CyberScoop

Attackers Maintaining Access to Fully Patched Fortinet Gear

New Windows Task Scheduler Bugs Let Attackers Bypass UAC and Tamper with Logs

Fresh Windows NTLM Vulnerability Exploited in Attacks - SecurityWeek

SonicWall Patches High-Severity Vulnerability in NetExtender - SecurityWeek

Palo Alto warns of brute-force login attempts on PAN-OS GlobalProtect gateways indicating possible upcoming attacks

Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle - SecurityWeek

Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks

Hackers Exploiting Windows .RDP Files For Rogue Remote Desktop Connections

Major WordPress Plugin Flaw Exploited in Under 4 Hours - Infosecurity Magazine

Chrome 136 fixes 20-year browser history privacy risk

CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices

Chrome 135, Firefox 137 Updates Patch Severe Vulnerabilities - SecurityWeek

Apple Quashes Two Zero-Days With iOS, MacOS Patches - SecurityWeek

Max Severity Bug in Apache Roller Enabled Persistent Access

Critical flaws fixed in Nagios Log Server - Help Net Security

Oracle Patches 180 Vulnerabilities With April 2025 CPU - SecurityWeek

Vulnerabilities Patched in Atlassian, Cisco Products - SecurityWeek

NVIDIA and Docker Flaws Raise Container Security Concerns | MSSP Alert

Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now

10 Bugs Found in Perplexity AI's Chatbot Android App

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 13/04/2025 Black Arrow Admin 13/04/2025

Black Arrow Cyber Threat Intelligence Briefing 11 April 2025

Black Arrow Cyber Threat Intelligence Briefing 11 April 2025:

-Why Organisations Are Doubling Down on Cyber Crisis Simulations

-UK SMEs Losing Over £3bn a Year to Cyber Incidents

-Over 40% of UK Businesses Faced Cyber Security Breaches in 2024

-Boards Urged to Follow New Cyber Code of Practice

-Two-Thirds of Financial Services Firms Hit by Cyber Breach in Past Year

-AI Is Now Better Than Humans at Phishing

-Europol Warns: AI Is Turbocharging Organised Crime

-Is HR Running Your Employee Security Training? Here’s Why That’s Not Always the Best Idea

-Precision-Validated Phishing Elevates Credential Theft Risks

-Why Remote Work Is a Security Minefield (and What You Can Do About It)

-Why Cyber Security Should Be a Top Priority in Fintech

-Half of Firms Stall Digital Projects as Cyber Warfare Risk Surges

Exec Summary

Black Arrow’s look at threat intelligence from the last week highlights that attackers are now leveraging artificial intelligence to craft highly convincing phishing scams and precision-targeted campaigns. Businesses must prioritise cyber awareness among employees and leadership teams to address this. Our experience shows that even well-resourced firms are at risk if cyber training is generic, outdated, or not led by informed security teams.

This week’s developments also reinforce the importance of engaging executive leadership in cyber resilience. The rise in cyber crisis simulations reflects a growing recognition that incident response is not just an IT issue but a board-level imperative. Black Arrow Cyber is seeing increased demand for tailored tabletop exercises and governance workshops that empower leadership teams to manage risk more effectively and demonstrate proportionate control. The UK government's new Cyber Governance Code and troubling statistics, such as 65% of financial services firms experiencing breaches, only strengthen the case for structured, executive-led cyber readiness.

Finally, the rapid adoption of AI in both legitimate operations and criminal activity signals a shifting threat landscape. From fintech to remote working environments, firms are now grappling with security challenges that extend beyond technical controls. In today’s environment, cyber resilience starts with people, not just technology.

Governance, Risk and Compliance

Business leaders supported to bolster online defences to safeguard growth - GOV.UK

Boards Urged to Follow New Cyber Code of Practice - Infosecurity Magazine

UK says company boards need to worry more about cyber security risks | News Brief | Compliance Week

Why CISOs are doubling down on cyber crisis simulations - Help Net Security

Security Theatre: Vanity Metrics Keep You Busy - and Exposed

UK businesses are still getting hacked, but they are becoming smarter | Cybernews

Key Cyber Security Challenges In 2025—Trends And Observations

Cyber insurance set to boom but so are the threats – Munich Re

Capacity is Critical in Riskier Threat Landscape | Trend Micro (US)

CISOs are taking on ever more responsibilities and functional roles – has it gone too far? | CSO Online

Is HR running your employee security training? Here’s why that’s not always the best idea | CSO Online

Many CIOs operate within a culture of fear | CIO

New cyber threats demand new model report warns

Cyber pros see trade war driving costs of tech gear | Cybernews

Cracking the Code on Cyber Security ROI

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Attacks Hit All-Time High as Payoffs Dwindle - Infosecurity Magazine

Ransomware 2025: gangs hunt for Fortune 500 companies | Cybernews

Ban ransomware payments? UK pitches new cyber rules

Ransomware Incidents On the Rise in the UK - DataBreachToday

Medusa Rides Momentum From Ransomware-as-a-Service Pivot

Ransomware Underground Faces Declining Relevance

Ransomware groups push negotiations to new levels of uncertainty - Help Net Security

Everest ransomware group’s Tor leak site offline after a defacement

Everest ransomware's dark web leak site defaced, now offline

US businesses are the top target for ransomware in 2025 so far | TechRadar

Ransomware Victims

Food giant WK Kellogg discloses data breach linked to Clop ransomware

Clop Ransomware Hack Of WK Kellogg Shows Growing Threat To Your Data

Beyond The Breach: The Ongoing Impact Of The Change Healthcare Attack

Port of Seattle says ransomware breach impacts 90,000 people

Medway Community Healthcare still recovering from 'cyber-attack' - BBC News

Ransomware Gang Claims Hack Of NASCAR

Phishing & Email Based Attacks

AI is now better than humans at phishing

Phishing kits now vet victims in real-time before stealing credentials

Precision-Validated Phishing Elevates Credential Theft Risks - Infosecurity Magazine

Why defensive AI alone is not enough: the crucial role of a strong security culture | TechRadar

How Cyber Criminals Are Exploiting QR Codes for Phishing Attacks - ClearanceJobs

Phishing, fraud, and the financial sector's crisis of trust - Help Net Security

Scattered Spider adds new phishing kit, malware to its web • The Register

Attackers Use 'Spam Bombing' to Hide Malicious Motives

iOS devices face twice the phishing attacks of Android - Help Net Security

New PoisonSeed Attacking CRM & Bulk Email Providers in Supply Chain Phishing Attack

Cyber security company alarmed by ease of scam creation with Lovable website builder | Cybernews

E-ZPass toll payment texts return in massive phishing wave

Over 100 million malicious emails blocked by HMRC | TechRadar

Other Social Engineering

Smishing Triad Fuels Surge in Toll Payment Scams in US, UK - Infosecurity Magazine

Someone is trying to recruit security researchers in bizarre hacking campaign | TechCrunch

Hackers are pretending to be drone companies and state agencies to spy on Ukrainian victims | The Record from Recorded Future News

Fraud, Scams and Financial Crime

Identity Fraud Costs Orgs Average of $7m Annually - IT Security Guru

Trump’s justice department to disband unit investigating crypto fraud | Trump administration | The Guardian

Phishing, fraud, and the financial sector's crisis of trust - Help Net Security

Smishing Triad Fuels Surge in Toll Payment Scams in US, UK - Infosecurity Magazine

Cyber criminals are trying to loot Australian pension accounts in new campaign | The Record from Recorded Future News

Australian pension funds hit by wave of credential stuffing attacks

This Is How Hackers Target Everyday People With AI Chatbots

SIM-swapper must repay $13.2M to 59 victims • The Register

Cyber security company alarmed by ease of scam creation with Lovable website builder | Cybernews

Artificial Intelligence

AI is now better than humans at phishing

Why defensive AI alone is not enough: the crucial role of a strong security culture | TechRadar

Europol Warns: AI Is Turbocharging Organised Crime

AI is Reshaping Cyber Threats: Here’s What CISOs Must Do Now - Security Boulevard

Key Cyber Security Challenges In 2025—Trends And Observations

The rise of compromised LLM attacks - Help Net Security

This Is How Hackers Target Everyday People With AI Chatbots

DDoS attacks added to cyberwarfare toolkit amid AI, botnet enhancements | SC Media

AI-Powered AkiraBot Evades CAPTCHA to Spam 80,000 Websites - Infosecurity Magazine

Cyber security company alarmed by ease of scam creation with Lovable website builder | Cybernews

How to find out if your AI vendor is a security risk - Help Net Security

Malware

Network-based malware detections increase 94 percent

Police detains Smokeloader malware customers, seizes servers

An APT group exploited ESET flaw to execute malware

Scattered Spider adds new phishing kit, malware to its web • The Register

North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages

Threat Actors Weaponize Windows Screensavers Files to Deliver Malware

PlayPraetor Reloaded: CTM360 Uncovers a Play Masquerading Party

Open Source Poisoned Patches Infect Local Software

Bots/Botnets

New Mirai botnet behind surge in TVT DVR exploitation

Europol Targets Customers of Smokeloader Pay-Per-Install Botnet - SecurityWeek

Russian bots hard at work spreading political unrest on Romania's internet

DDoS attacks added to cyberwarfare toolkit amid AI, botnet enhancements | SC Media

AI-Powered AkiraBot Evades CAPTCHA to Spam 80,000 Websites - Infosecurity Magazine

Mobile

Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities

iOS devices face twice the phishing attacks of Android - Help Net Security

Is your Android smartphone at risk? Here’s what you need to know - Talk Android

Call Records of Millions Exposed by Verizon App Vulnerability - SecurityWeek

iPhone vault app exposed passwords, photos | Cybernews

Denial of Service/DoS/DDoS

DDoS Attacks on the Rise, but How Can You Prevent One?

Fastly DDoS Attack Insights helps reveal and explain the unfolding of a DDoS attack - Help Net Security

DDoS attacks added to cyberwarfare toolkit amid AI, botnet enhancements | SC Media

Internet of Things – IoT

New Mirai botnet behind surge in TVT DVR exploitation

Will IoT Downtime Be the Biggest Risk of the Next Decade?

Study Identifies 20 Most Vulnerable Connected Devices of 2025 - SecurityWeek

'Cyber security likely to become key feature in next-gen connected vehicles' | Auto - Business Standard

Nissan Leaf Hacked for Remote Spying, Physical Takeover - SecurityWeek

Data Breaches/Leaks

Oracle tells customers its public cloud was compromised • The Register

Over 200 German politician email addresses appear on dark web | Proton

Food giant WK Kellogg discloses data breach linked to Clop ransomware

Beyond The Breach: The Ongoing Impact of the Change Healthcare Attack

The Reg translates Oracle's weak breach confession letter • The Register

Hackers accessed 150,000 emails of 100 US bank regulators at OCC | SC Media

Europcar GitLab breach exposes data of up to 200,000 customers

Signalgate solved? Reports claim accidental contact mix-up • The Register

Call Records of Millions Exposed by Verizon App Vulnerability - SecurityWeek

iPhone vault app exposed passwords, photos | Cybernews

Morocco's social security database breached by hackers in an unprecedented cyber attack - Washington Times

Organised Crime & Criminal Actors

Europol Warns: AI Is Turbocharging Organised Crime

EDR-as-a-Service makes the headlines in the cyber crime landscape

Operation Endgame Continues with Smokeloader Customer Arrests - Infosecurity Magazine

Europol Targets Customers of Smokeloader Pay-Per-Install Botnet - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Trump’s justice department to disband unit investigating crypto fraud | Trump administration | The Guardian

PoisonSeed phishing campaign behind emails with wallet seed phrases

New PoisonSeed Attacking CRM & Bulk Email Providers in Supply Chain Phishing Attack

Jack Dorsey's Block fined $40M for compliance failures

Insurance

Cyber insurance set to boom but so are the threats – Munich Re

The Big Question: Are we at the dawn of fundamental change in the cyber insurance market? - Emerging Risks Media Ltd

New cyber threats demand new model report warns

Supply Chain and Third Parties

PoisonSeed phishing campaign behind emails with wallet seed phrases

New PoisonSeed Attacking CRM & Bulk Email Providers in Supply Chain Phishing Attack

Cloud/SaaS

Oracle tells customers its public cloud was compromised • The Register

Hackers target SSRF flaws to steal AWS credentials | CSO Online

The Reg translates Oracle's weak breach confession letter • The Register

Oracle confirms the hack of two obsolete servers hacked. No Oracle Cloud systems or customer data were affected

Identity and Access Management

The shift to identity-first security and why it matters - Help Net Security

Encryption

Secure Communications Evolve Beyond End-to-End Encryption

UK Home Office loses attempt to keep legal battle with Apple secret | Home Office | The Guardian

Passwords, Credential Stuffing & Brute Force Attacks

Phishing kits now vet victims in real-time before stealing credentials

Sophisticated credential exfiltrating phishing kits with real-time validation emerge | SC Media

Hackers target SSRF flaws to steal AWS credentials | CSO Online

Social Media

Senate hears Meta dangled US data in bid to enter China • The Register

Training, Education and Awareness

Is HR running your employee security training? Here’s why that’s not always the best idea | CSO Online

Regulations, Fines and Legislation

Is the ICO Ready for the Resilience Bill's Requirements? | SC Media UK

DORA Compliance Part 2: Addressing Compliance Across Critical Operational Areas | Integreon - JDSupra

Boards Urged to Follow New Cyber Code of Practice - Infosecurity Magazine

UK says company boards need to worry more about cyber security risks | News Brief | Compliance Week

Ban ransomware payments? UK pitches new cyber rules

UK Court Rejects Government Secrecy in Apple's Fight Against Backdoor Request - MacRumors

The Cyber Resilience Act: Consultation on the Technical Description Opens

Rebranding of SEC Cyber Unit Reflects Shift in Enforcement Priorities | King & Spalding - JDSupra

CISA braces for more cuts, threat-intel efforts are doomed • The Register

Trump’s justice department to disband unit investigating crypto fraud | Trump administration | The Guardian

CISA reevaluating its critical infrastructure public-private partnership | Hogan Lovells - JDSupra

Trump orders DOJ to investigate pair who disputed his allegation of election fraud - SiliconANGLE

Cyber experts offer lukewarm praise for voluntary code governing use of commercial hacking tools | CyberScoop

Three key federal cyber regulations to watch under Trump

What You Don’t Disclose Can Hurt You: The Power of Proactive Risk Factor Disclosures | Woodruff Sawyer - JDSupra

Trump Fires NSA, Cyber Command Chief, Fuelling Security Fears

President Trump fired the head of U.S. Cyber Command and NSA

Cyber attacks to thrive amid Trump tariffs, says expert | SC Media

Jack Dorsey's Block fined $40M for compliance failures

Models, Frameworks and Standards

DORA Compliance Part 2: Addressing Compliance Across Critical Operational Areas | Integreon - JDSupra

Business leaders supported to bolster online defences to safeguard growth - GOV.UK

The Cyber Resilience Act: Consultation on the Technical Description Opens

Backup and Recovery

Do backups mean little when incident response dawdles? • The Register

How to work backups into your cyber hygiene routine

Data Protection

Malicious cyber actors using spyware to target individuals’ personal data | Cyber.gov.au

Why Data Privacy Isn't the Same as Data Security

Careers, Working in Cyber and Information Security

A continuous learning strategy | Professional Security Magazine

Neurodiversity in Cyber Security: A Strategic Advantage Beyond DEI | SC Media UK

Cyber Security Career Resilience: Certs + Experience =

CISA Releases NICE Workforce Framework Version 2.0.0 Released - What’s New

Law Enforcement Action and Take Downs

UK Home Office loses attempt to keep legal battle with Apple secret | Home Office | The Guardian

Trump’s justice department to disband unit investigating crypto fraud | Trump administration | The Guardian

Police detains Smokeloader malware customers, seizes servers

Operation Endgame Continues with Smokeloader Customer Arrests - Infosecurity Magazine

Europol Targets Customers of Smokeloader Pay-Per-Install Botnet - SecurityWeek

SIM-swapper must repay $13.2M to 59 victims • The Register

Misinformation, Disinformation and Propaganda

Russian bots hard at work spreading political unrest on Romania's internet

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

DDoS attacks added to cyberwarfare toolkit amid AI, botnet enhancements | SC Media

Half of Firms Stall Digital Projects as Cyber Warfare Risk Surges - Infosecurity Magazine

Nation State Actors

China

Google Cloud: China Achieves “Cyber Superpower” Status - Infosecurity Magazine

China unveils underwater ‘kill switch’ for the internet: How this tech could sever global connectivity - The Economic Times

Russia, China target SpaceX's Starlink in escalating space electronic warfare - SpaceNews

What Should the US Do About Salt Typhoon?

Chinese claimed behind closed doors, PRC played role in US cyber attacks: Report | Fox News

China Admits Conducting Cyber Attacks Against US | Newsmax.com

NCSC issues warning over Chinese Moonshine and BadBazaar spyware | Computer Weekly

An APT group exploited ESET flaw to execute malware

Security experts say US-China trade war could hit cyber space • The Register

Smishing Triad Fuels Surge in Toll Payment Scams in US, UK - Infosecurity Magazine

Someone is trying to recruit security researchers in bizarre hacking campaign | TechCrunch

Senate hears Meta dangled US data in bid to enter China • The Register

Russia

Weekly cyber attacks on UK by pro-Russian and pro-Palestinian hackers

Russia, China target SpaceX's Starlink in escalating space electronic warfare - SpaceNews

Germany suspects Russian cyber attack on research group – DW – 04/08/2025

Russian hackers attack Western military mission using malicious drive

Gamaredon targeted the military mission of a Western country based in Ukraine

Hackers are pretending to be drone companies and state agencies to spy on Ukrainian victims | The Record from Recorded Future News

Ukraine subjected to new cyberespionage campaign | SC Media

Germany links cyber attack on research group to Russian state-backed hackers | The Record from Recorded Future News

Russian bots hard at work spreading political unrest on Romania's internet

North Korea

North Korea Becomes The World's Third-largest Bitcoin Holder Thanks To The Activities Of The Hacker Group Lazarus - FinanceFeeds

North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

The need for collaborative global cyber diplomacy is growing - Nextgov/FCW

Capacity is Critical in Riskier Threat Landscape | Trend Micro (US)

Court document reveals locations of WhatsApp victims targeted by NSO spyware | TechCrunch

Tools and Controls

Why CISOs are doubling down on cyber crisis simulations - Help Net Security

Is HR running your employee security training? Here’s why that’s not always the best idea | CSO Online

Do backups mean little when incident response dawdles? • The Register

CISOs battle security platform fatigue - Help Net Security

Key Cyber Security Challenges In 2025—Trends And Observations

Tariff war has tech buyers wondering what's next. Here's what we know | ZDNET

Security Theater: Vanity Metrics Keep You Busy - and Exposed

What is DSPM? Understanding Data Security Posture Management - Security Boulevard

Why Data Privacy Isn't the Same as Data Security

DNS: The Secret Weapon CISOs May Be Overlooking in the Fight Against Cyber Attacks - SecurityWeek

Cyber pros see trade war driving costs of tech gear | Cybernews

Cracking the Code on Cyber Security ROI

Why remote work is a security minefield (and what you can do about it) - Help Net Security

Microsoft Boosts Email Sender Rules for Outlook

Cyber experts offer lukewarm praise for voluntary code governing use of commercial hacking tools | CyberScoop

How to find out if your AI vendor is a security risk - Help Net Security

Other News

Two-thirds of financial services firms hit by cyber breach in past year - report - TechCentral.ie

Why Cyber Security Should Be a Top Priority in Fintech: By Ruchi Rathor

Poor cyber security practices cost SMBs £3.4 billion a year – and 28% risk going out of business after a single attack | IT Pro

Over 40% of UK Businesses Faced Cyber Security Breaches in 2024 - Infosecurity Magazine

Tariff war has tech buyers wondering what's next. Here's what we know | ZDNET

Cyber attacks on water and power utilities threaten public safety - Help Net Security

Trustees should ‘double down’ on cyber risks in face of increasing threats - Pensions Age Magazine

Cyber attacks continue to blight almost all UK higher education - Research Professional News

Turbulence Ahead: Navigating the Challenges of Aviation Cyber Security

Why remote work is a security minefield (and what you can do about it) - Help Net Security

Cyber Criminals Are Exploiting Universities' Weakness In Document Management

Protecting maritime data: the next frontier for shipping cyber security

New KnowBe4 report exposes critical cyber threats in European energy sector | World Pipelines

Trojan Horses in Space: Cyber Threats Hidden in Satellite Networks | DefenceTalk

Jisc launches new line of defence to protect universities from cyber attacks | News | Chemistry World

Vulnerability Management

The Ultimate Guide to Vulnerability Assessment - Security Boulevard

10 best practices for vulnerability management according to CISOs | CSO Online

NIST Declares CVE Cutoff: Pre-2018 Vulnerabilities Now ‘Deferred’

It’s time to stop the victim-blaming and insist on safer software | Computer Weekly

Microsoft delays WSUS driver sync deprecation indefinitely

Vulnerabilities

Hackers are targeting Ivanti VPN users again – here’s what you need to know | IT Pro

Microsoft patches zero-day actively exploited in string of ransomware attacks | CyberScoop

Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability

Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities

WinRAR flaw bypasses Windows Mark of the Web security alerts

Chrome preps fix for browser history spying • The Register

Still using WinRAR? It has a worrying security flaw that could let hackers hijack your Windows device | TechRadar

ESET Vulnerability Exploited for Stealthy Malware Execution - SecurityWeek

Vulnerabilities Patched by Ivanti, VMware, Zoom - SecurityWeek

Critical FortiSwitch flaw lets hackers change admin passwords remotely

VMware Patches Multiple 47 Vulnerabilities VMware Tanzu Greenplum Backup & Components

SAP Patches Critical Code Injection Vulnerabilities - SecurityWeek

Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered

WhatsApp Flaw Exposes Users To Malicious Attacks

Juniper Networks Patches Dozens of Junos Vulnerabilities - SecurityWeek

Hackers exploit WordPress plugin auth bypass hours after disclosure

Zero-Day Vulnerability in CentreStack Exploited to Breach Enterprise File Servers | MSSP Alert

Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes

Call Records of Millions Exposed by Verizon App Vulnerability - SecurityWeek

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 09/04/2025 Black Arrow Admin 09/04/2025

Black Arrow Cyber Advisory 09 April 2025 – Key Security Updates from Microsoft, Fortinet, Adobe, Ivanti, and Google Chrome

Executive Summary

Microsoft’s Patch Tuesday for April 2025 delivered security updates addressing 134 vulnerabilities across its product line, including an actively exploited zero-day vulnerability (CVE-2025-29824) in the Windows Common Log File System Driver. This month, several other major software and hardware vendors also released critical security updates to address vulnerabilities that could be exploited by attackers.

Fortinet issued security advisories addressing multiple vulnerabilities across various products, including a critical flaw (CVE-2024-48887) in FortiSwitch that could allow unauthorised password changes.

Adobe released updates addressing 30 vulnerabilities across multiple products, including 11 critical issues in ColdFusion that could lead to arbitrary code execution and unauthorised file system access.

Ivanti disclosed a critical vulnerability (CVE-2025-22457) in its Connect Secure, Policy Secure, and ZTA gateways, which has been exploited in the wild, allowing remote code execution. Ivanti also released a security advisory addressing several medium and high vulnerabilities in Ivanti Endpoint Manager.

Google released a security update for Chrome, addressing a high-severity use-after-free vulnerability (CVE-2025-3066) in the Site Isolation component, which could allow remote code execution.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity, and availability of the affected applications and the organisation's data on the affected systems.

What can I do?

Black Arrow recommends applying the available security updates for all supported versions of products that have been impacted by the various vulnerabilities. The updates should be applied as soon as possible for actively exploited vulnerabilities and all other vulnerabilities that have critical or high severity ratings.

Microsoft

Further details on specific updates within this Microsoft patch Tuesday can be found here:

https://msrc.microsoft.com/update-guide/releaseNote/2025-Apr

Forinet, Adobe, Ivanti, Google

Further details of the vulnerabilities in affected Apple, Adobe, Fortinet and SAP:

https://helpx.adobe.com/security/security-bulletin.html

https://fortiguard.fortinet.com/psirt

https://www.ivanti.com/blog/april-security-update

https://www.ivanti.com/blog/security-update-pulse-connect-secure-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways

https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_8.html

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 06/04/2025 Black Arrow Admin 06/04/2025

Black Arrow Cyber Threat Intelligence Briefing 04 April 2025

Black Arrow Cyber Threat Intelligence Briefing 04 April 2025:

-Why Global Tensions Are a Cyber Security Problem for Every Business

-When Disaster Strikes, Proper Preparation Prevents Poor Performance

-GenAI Turning Employees into Unintentional Insider Threats

-Cyber Scams Cost Businesses $1.7 Million Per Year, Claims Report

-The Human Side of Insider Threats: People, Pressure, and Payback

-North Korean IT Worker Army Expands Operations in Europe

-The UK’s Cyber Security and Resilience Bill Will Boost Standards and Increase Costs

-Why Multi-Factor Authentication Is Still Absolutely Essential in 2025

-Bridging the Gap Between the CISO and the Board of Directors

-Enterprises Beef Up Cyber Security Plans to Mitigate AI Risks

-Prioritising an Enterprise-wide Cyber Culture in 2025

-Surge of Swatting Attacks Targets Corporate Executives and Board Members

Summary

Our review of threat intelligence this week looks at the increase in state-linked cyber attacks driven by geopolitical tensions, increasingly targeting sectors like energy, manufacturing, and healthcare. This includes reports of the North Korean Army posing as remote IT freelancers to infiltrate organisations in Europe. The UK Government is progressing its Cyber Security and Resilience Bill to improve security against these and other threats.

Also, research shows that the rise of generative AI apps has led to a significant increase in data sharing risks, despite policies being in place, while insider threats, potentially driven by personal stress and dissatisfaction, remain a critical concern. To mitigate these risks, organisations must enhance both technical controls and cultural improvements.

Businesses are reported to be struggling with disaster recovery, even those with incident response plans, highlighting the need for regular testing and secure backups. Regular testing, third-party involvement, and up-to-date network mapping are crucial for effective response. Backup systems often fail due to misconfiguration or lack of testing, and attackers increasingly target backups, making their security vital.

Black Arrow believes that resilient organisations will be those that treat cyber security not as an IT function, but as a strategic, people-led business priority.

Governance, Risk and Compliance

The UK’s Cyber Security and Resilience Bill will boost standards – and increase costs | CSO Online

Cyber Security and Resilience Bill Boosts ICO Powers, Protects Services and Impr... | SC Media UK

Surge of swatting attacks targets corporate executives and board members | CSO Online

Cyber Security’s Greatest Threat Isn’t AI—It’s Us

When disaster hits, preparation prevents poor performance • The Register

CISOs and CIOs forge vital partnerships for business success | CSO Online

Bridging the Gap Between the CISO & the Board of Directors

Prioritizing an enterprisewide cyber culture in 2025

How Cyber Risk Quantification Bridges Security-Board Gap

Navigating Cyber-Risks and New Defences in 2025

7 ways to get C-suite buy-in on that new cyber security tool - Help Net Security

When blaming the user for a security breach is unfair – or just wrong | CSO Online

Threats

Ransomware, Extortion and Destructive Attacks

Cyber Criminals exfiltrate data in just three days - Help Net Security

Hunters International shifts from ransomware to pure data extortion

Hunters International said ransomware now ‘too risky’ • The Register

Hunters International Overlaps Hive Ransomware Attacking Windows, Linux, and ESXi Systems

Why paying the ransom is not the answer | TechRadar

HellCat Ransomware: What You Need To Know | Tripwire

VanHelsing Ransomware: What You Need To Know | Tripwire

Ransomware crews add EDR killers to their arsenal • The Register

Hackers Used Weaponized Zoom Installer to Gain RDP Access & Deploy BlackSuit Ransomware

Resilience in the face of ransomware: A key to business survival

Prince Ransomware - An Open Source Ransomware Builder That Automatically Build Ransomware Freely Available in GitHub

New phishing scam outsmarts security codes to steal your info - CyberGuy

US, Australia, Canada warn of ‘fast flux’ scheme used by ransomware gangs | The Record from Recorded Future News

Ransomware Payments Ban: What it Means for Businesses | SC Media UK

Ransomware Victims

Malaysia PM Refuses to Pay $10M Ransomware Demand

Sam’s Club Investigates Alleged Cl0p Ransomware Breach

Retail giant Sam’s Club investigates Clop ransomware breach claims

Ransomware Group Takes Credit for National Presto Industries Attack - SecurityWeek

Phishing & Email Based Attacks

This new phishing campaign can tailor its messages to target you with your favourite businesses | TechRadar

11 ways cyber criminals are making phishing more potent than ever | CSO Online

KnowBe4 Report Finds Polymorphic Phishing Features Present In 76.4% Of Campaigns

How to Recognize and Defend Against 7 Specific Phishing Attacks - ClearanceJobs

New Phishing Attack Combines Vishing and DLL Sideloading Techniques - Infosecurity Magazine

Phishing-as-a-service operation uses DNS-over-HTTPS for evasion

Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks

Cyber Criminals Expand Use of Lookalike Domains in Email Attacks - Infosecurity Magazine

Only 1% of malicious emails that reach inboxes deliver malware - Help Net Security

Surge in Smishing Fuelled by Lucid PhaaS Platform

AI phishing hits its Skynet moment as agents outperform human red teams - SiliconANGLE

Watch out - those PDFs lurking in your inbox could be a major security risk | TechRadar

Phishing Emails Aren't as Obvious Anymore. Here's How to Spot Them - CNET

Help! I clicked on a phishing link - now what? | ZDNET

Over 500 Phishing Domains Emerge Following Bybit Heist - Infosecurity Magazine

Phishers are increasingly impersonating electronic toll collection companies - Help Net Security

New phishing scam outsmarts security codes to steal your info - CyberGuy

Other Social Engineering

North Korean IT worker army expands operations in Europe

New Phishing Attack Combines Vishing and DLL Sideloading Techniques - Infosecurity Magazine

Qakbot Resurfaces in Fresh Wave of ClickFix Attacks

Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks

Surge in Smishing Fueled by Lucid PhaaS Platform

Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware

Social Engineering Just Got Smarter

Artificial Intelligence

GenAI turning employees into unintentional insider threats - Help Net Security

Enterprises beef up cyber security plans to mitigate AI risks | CIO Dive

How to recognize and prevent deepfake scams - Help Net Security

How AI Is Opening New Doors for Hackers to Cause Chaos - Business Insider

What Cyber Security Guardrails Do CIOs and CISOs Want for AI?

Does AI leave security teams struggling? | TechRadar

Cyber Security’s Greatest Threat Isn’t AI—It’s Us

AI Giving Rise of the ‘Zero-Knowledge’ Threat Actor - SecurityWeek

Hackers Exploit Microsoft Teams in Multi-Stage AI Cyber Attack

What You Should Know About the UK's New Cyber Standard

UK public expresses strong support for AI regulation | Computer Weekly

Generative AI Is reshaping financial fraud. Can security keep up? - Help Net Security

AI phishing hits its Skynet moment as agents outperform human red teams - SiliconANGLE

Law enforcement needs to fight fire with fire on AI threats | ITPro

Gray Bots Surge as Generative AI Scraper Activity Increases - Infosecurity Magazine

2FA/MFA

Why multi-factor authentication is absolutely essential in 2025 | ZDNET

'Evilginx' Tool (Still) Bypasses MFA

Microsoft secretly stopped actors from snooping on your MFA codes | CSO Online

Malware

CoffeeLoader Malware Is Stacked With Vicious Evasion Tricks

Hackers Used Weaponized Zoom Installer to Gain RDP Access & Deploy BlackSuit Ransomware

Watch out - those PDFs lurking in your inbox could be a major security risk | TechRadar

Infostealer malware: What’s the threat to businesses? | ITPro

Rootkit, Backdoor and Tunneler: Ivanti Malware Does It All

Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe - SecurityWeek

9-Year-Old NPM Crypto Package Hijacked for Information Theft - SecurityWeek

These Hackers Use Your GPU To Load Password-Stealing Malware

RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features

Threats Actors Hide Malware in Wordpress Websites to Execute Code Remotely

Qakbot Resurfaces in Fresh Wave of ClickFix Attacks

We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain

Trojan.Arcanum — a new trojan targeting tarot experts, esotericists, and magicians | Kaspersky official blog

FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites

New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth

Only 1% of malicious emails that reach inboxes deliver malware - Help Net Security

'Evilginx' Tool (Still) Bypasses MFA

Ransomware crews add EDR killers to their arsenal • The Register

Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware

Beware fake AutoCAD, SketchUp sites dropping malware - Help Net Security

Open-source malware doubles, data exfiltration attacks dominate - Help Net Security

Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware

Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances - SecurityWeek

Suspected Chinese snoops hijacking buggy Ivanti gear — again • The Register

Amateur Hacker Leverages Bulletproof Hosting Server to Spread Malware - Infosecurity Magazine

Russia-linked Gamaredon targets Ukraine with Remcos RAT

Mobile

'Crocodilus' Android Banking Trojan Allows Device Takeover, Data Theft - SecurityWeek

An old Android RAT has returned with some new tricks - here is what to look out for | TechRadar

Russian authorities arrest three suspects behind Mamont Android banking trojan

Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices

Five VPN apps in the App Store had links to Chinese military - 9to5Mac

This sneaky Android spyware needs a password to uninstall. Here's how to remove it without one. | TechCrunch

Hacker Leaks Samsung Customer Data - SecurityWeek

Denial of Service/DoS/DDoS

DDoS attacks now a dominant means of waging political cyber-warfare

Vulnerabilities Expose Cisco Meraki and ECE Products to DoS Attacks - SecurityWeek

The Baby Rattlesnake of Cyber Attacks: Why Layer 7 DDoS Can Be More Dangerous Than Larger Threats - Security Boulevard

Millions of tunneling hosts are vulnerable to spoofing, DDoS attacks, say researchers | CSO Online

Surging DDoS attack rates show no sign of slowing down – here’s why | ITPro

Internet of Things – IoT

7 Tips to Keep Your Smart Home Safer and More Private, From a NIST Cyber Security Researcher | NIST

Connected cars drive into a cyber security crisis - Help Net Security

Dispersed responsibility, lack of asset inventory is causing gaps in medical device cyber security | CyberScoop

Hackers Could Unleash Chaos Through Backdoor in China-Made Robot Dogs - SecurityWeek

89% of Healthcare Organisations Use the Most Vulnerable IoT Devices - Infosecurity Magazine

Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware - SecurityWeek

Unpatched Manufacturing Camera Could Allow Industrial Spying

Data Breaches/Leaks

Cyber criminals exfiltrate data in just three days - Help Net Security

Top Trump Officials’ Passwords and Personal Phone Numbers Discovered Online | WIRED

Trump Officials Exposed by NatSec Advisor’s Unsecured Venmo Account | MSSP Alert

FBI investigating cyber attack at Oracle, Bloomberg News reports | Reuters

Britain Follows Signalgate With Its Own Jaw-Dropping Military Leak

Check Point confirms breach, but says crim posted old data • The Register

Oracle Reportedly Targeted in Two Distinct Cyber Attacks, Resulting in Two Possible Data Breaches | Console and Associates, P.C. - JDSupra

5 Companies That Have Suffered Data Breaches – & Paid the Price

Critical Cyber Security Lessons from the Recent Exposure of US Military Plans - Security Boulevard

Oracle tells clients of second recent hack, log-in data stolen, Bloomberg News reports | Reuters

Evolve Bank Reaches $11.8M Deal Over 2024 Data Breach - Law360

Customer info allegedly stolen from Royal Mail, Samsung • The Register

Pentagon launches investigation into Pete Hegseth’s use of Signal app after sensitive information leak | US national security | The Guardian

Oracle privately confirms Cloud breach to customers

Cyber Security Experts Slam Oracle's Handling of Big Breach

What the Signal Leak Revealed About Washington - The New York Times

Senior Trump officials ordered to preserve Signal group chat - BBC News

Using Signal to discuss war plans is even dumber than it sounds

Genetic Breach Fallout: 23andMe’s Collapse Raises Security Alarms - Security Boulevard

How Oracle took a security breach claim and made it worse • The Register

Hacker Leaks Samsung Customer Data - SecurityWeek

T-Mobile Bug Reveals Names, Images, and Locations of Random Children

Thousands Of Driver’s Licenses, Bank Records, And PII Exposed In Australian Fintech Data Leak

Former GCHQ intern admits top secret data breach risking national security – DataBreaches.Net

200 Million X User Records Released — 2.8 Billion Twitter IDs Leaked

The Ultimate Overshare: 1.5M Private Photos Left Exposed On Dating Apps

Intimate images from kink and LGBTQ+ dating apps left exposed online | Malwarebytes

39 Million Secrets Leaked on GitHub in 2024 - SecurityWeek

National Security Adviser Waltz now accused of using Gmail • The Register

Organised Crime & Criminal Actors

AI Giving Rise of the ‘Zero-Knowledge’ Threat Actor - SecurityWeek

NSA and partners Issue Guidance on Fast Flux as a National Security Threat > National Security Agency/Central Security Service > Press Release View

Amateur Hacker Leverages Bulletproof Hosting Server to Spread Malware - Infosecurity Magazine

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

New Crocodilus malware steals Android users’ crypto wallet keys

Over $1.5 billion of crypto was lost to scams or theft in just three months of 2025 | TechRadar

Over 500 Phishing Domains Emerge Following Bybit Heist - Infosecurity Magazine

Insider Risk and Insider Threats

GenAI turning employees into unintentional insider threats - Help Net Security

The human side of insider threats: People, pressure, and payback - Help Net Security

Cyber Security’s Greatest Threat Isn’t AI—It’s Us

Man charged over Network Rail terror message hack - BBC News

Insurance

Small Businesses Continue to Be Underserved by Cyber Insurers: CyberCube

Supply Chain and Third Parties

Evolve Bank Reaches $11.8M Deal Over 2024 Data Breach - Law360

Customer info allegedly stolen from Royal Mail, Samsung • The Register

Royal Mail probes possible breach after cyber criminal posts customer data

Cloud/SaaS

Hackers Exploit Microsoft Teams in Multi-Stage AI Cyber Attack

Oracle Cloud Users Urged to Take Action

SaaS Is Broken: Why Bring Your Own Cloud (BYOC) Is the Future - The New Stack

Independent tests show why orgs should use third-party cloud security services | CyberScoop

Amazon refuses Microsoft 365 deployment because of lax cyber security | CSO Online

Outages

ChatGPT is down worldwide with something went wrong error

Identity and Access Management

Identity lapses ensnared organisations at scale in 2024 | CyberScoop

Encryption

EU: These are scary times – let's backdoor encryption! • The Register

Apple devices are at ‘most risk’ in UK following government ‘backdoor’ order | Computer Weekly

Beyond encryption: Why quantum computing might be more of a science boom than a cyber security bust | VentureBeat

Linux and Open Source

New Ubuntu Linux security bypasses require manual mitigations

Qualys Finds Three Security Bypasses In Ubuntu's Unprivileged User Namespace Restrictions

Passwords, Credential Stuffing & Brute Force Attacks

These Hackers Use Your GPU To Load Password-Stealing Malware

Top 10 Most-Used RDP Passwords Are Not Complex Enough

Social Media

Qakbot Resurfaces in Fresh Wave of ClickFix Attacks

The Ultimate Overshare: 1.5M Private Photos Left Exposed On Dating Apps

Intimate images from kink and LGBTQ+ dating apps left exposed online | Malwarebytes

Training, Education and Awareness

When blaming the user for a security breach is unfair – or just wrong | CSO Online

Regulations, Fines and Legislation

UK sets out new cyber reporting requirements for critical infrastructure | The Record from Recorded Future News

UK threatens £100K-a-day fines under new cyber bill • The Register

UK GDPR Regulator Fines Data Processor After Ransomware Attack | Skadden, Arps, Slate, Meagher & Flom LLP - JDSupra

Cyber Security and Resilience Bill Will Apply to 1000 UK Firms - Infosecurity Magazine

What NIS2 implementation means for enterprises [Q&A]

Legal impact on cyber security in 2025: new developments and challenges in the EU | CSO Online

Anti-scam campaign groups urge UK police forces to get tougher on fraudsters | Scams | The Guardian

EU: These are scary times – let's backdoor encryption! • The Register

EU to invest $1.4 billion in artificial intelligence, cyber security and digital skills | Reuters

Apple devices are at ‘most risk’ in UK following government ‘backdoor’ order | Computer Weekly

Cyber attacks to remain a national emergency event in the US | SC Media

Russia formally declared national security threat to Britain

Europe Hits The Brakes On GDPR: Plans To Slash Red Tape In The Works

Trump CISA Cuts Threaten US Election Integrity, Experts Warn - Infosecurity Magazine

Trump’s ‘preparedness’ executive order would shift cyber defence burden where it doesn’t belong, experts say | CyberScoop

Top Trump Officials’ Passwords and Personal Phone Numbers Discovered Online | WIRED

Trump Officials Exposed by NatSec Advisor’s Unsecured Venmo Account | MSSP Alert

Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices

Japan Bolsters Cyber Safeguards, Passes Cyber Defense Bill

DOGE official at DOJ bragged about hacking, distributing pirated software - CNA

National Security Adviser Waltz now accused of using Gmail • The Register

Models, Frameworks and Standards

Legal impact on cyber security in 2025: new developments and challenges in the EU | CSO Online

The UK’s Cyber Security and Resilience Bill will boost standards – and increase costs | CSO Online

UK threatens £100K-a-day fines under new cyber bill • The Register

New cyber laws to safeguard UK economy and secure long-term growth - GOV.UK

Cyber Security and Resilience Bill Will Apply to 1000 UK Firms - Infosecurity Magazine

New ‘pivotal’ legislation to force businesses to boost cyber defences

UK GDPR Regulator Fines Data Processor After Ransomware Attack | Skadden, Arps, Slate, Meagher & Flom LLP - JDSupra

What NIS2 implementation means for enterprises [Q&A]

New bill requires IT firms to bolster safeguards amid rising cyber threats

Europe Hits The Brakes On GDPR: Plans To Slash Red Tape In The Works

New PCI DSS Rules Say Merchants on Hook for Compliance, Not Providers

ICO Apologizes After Data Protection Response Snafu - Infosecurity Magazine

Data Protection

Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices

Careers, Working in Cyber and Information Security

The Builder Strikes Back: How Security Teams Must Reclaim Their Engineering Edge - Security Boulevard

Cyber skills: How to become a digital detective

Why cyber security needs more neurodivergent thinkers and diverse talent | Capacity Media

Law Enforcement Action and Take Downs

Interpol-Led International Cyber Crime Operation Arrests 300

Europol Dismantles Kidflix With 72,000 CSAM Videos Seized in Major Operation

Major Online Platform for Child Exploitation Dismantled - Infosecurity Magazine

US Seizes $8.2m from Romance Baiting Scammers - Infosecurity Magazine

DoJ Seizes Over $8M From Sprawling Pig Butchering Scheme

Man charged over Network Rail terror message hack - BBC News

FBI raids home of prominent computer scientist who has gone incommunicado - Ars Technica

Indiana security prof and wife vanish after FBI raid • The Register

Former GCHQ intern admits top secret data breach risking national security – DataBreaches.Net

Student pleads guilty to smuggling software out of GCHQ • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

The Espionage Toolkit of Earth Alux A Closer Look at its Advanced Techniques | Trend Micro (US)

The War Room newsletter: How Chinese hackers hunt American secrets

Countering nation-state cyber espionage: A CISO field guide | Computer Weekly

DDoS attacks now a dominant means of waging political cyber-warfare

US and its allies are undergoing a digital Pearl Harbor attack - Asia Times

How Cyber Espionage Threatens Democracy in the Age of Trump (The Agenda) - The Citizen Lab

Why global tensions are a cyber security problem for every business - Help Net Security

Nation State Actors

Why no business is safe from state-sponsored cyber attacks | TechRadar

Countering nation-state cyber espionage: A CISO field guide | Computer Weekly

NSA and partners Issue Guidance on Fast Flux as a National Security Threat > National Security Agency/Central Security Service > Press Release View

China

Why no business is safe from state-sponsored cyber attacks | TechRadar

The War Room newsletter: How Chinese hackers hunt American secrets

US and its allies are undergoing a digital Pearl Harbor attack - Asia Times

Salt Typhoon may have upgraded backdoors for efficiency and evasion | CSO Online

The Espionage Toolkit of Earth Alux A Closer Look at its Advanced Techniques | Trend Micro (US)

Trump’s ‘preparedness’ executive order would shift cyber defence burden where it doesn’t belong, experts say | CyberScoop

NSA and partners Issue Guidance on Fast Flux as a National Security Threat > National Security Agency/Central Security Service > Press Release View

Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances - SecurityWeek

Suspected Chinese snoops hijacking buggy Ivanti gear — again • The Register

American cyber brass calls for retaliatory strikes against China, but is the US really ready? | TechRadar

Five VPN apps in the App Store had links to Chinese military - 9to5Mac

Cyber Security Professor Faced China-Funding Inquiry Before Disappearing, Sources Say | WIRED

Indiana security prof and wife vanish after FBI raid • The Register

China cracks down on personal information collection • The Register

Hackers Could Unleash Chaos Through Backdoor in China-Made Robot Dogs - SecurityWeek

Russia

Over 50 European Hybrid-Attacks Attributed to Russia, Journalists Find

US and its allies are undergoing a digital Pearl Harbor attack - Asia Times

A Deep Dive into Water Gamayun's Arsenal and Infrastructure | Trend Micro (US)

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp

Russia formally declared national security threat to Britain

Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia - SecurityWeek

Russia-linked Gamaredon targets Ukraine with Remcos RAT

'89 hours of non-stop work' — Ukrainian Railways' battle against a cyber attack by 'the enemy'

Ukraine Blames Russia for Railway Hack, Labels It “Act of Terrorism” - Infosecurity Magazine

Russian secret services' tactics used in cyber attack on Ukrainian Railways | Ukrainska Pravda

Russian Hackers Using Russia-Based Bulletproof Network to Switch Network Infrastructure

Why you should replace your Kaspersky antivirus | TechRadar

Russian authorities arrest three suspects behind Mamont Android banking trojan

Russia tightens cyber security measures as financial fraud hits record high | The Record from Recorded Future News

Amateur Hacker Leverages Bulletproof Hosting Server to Spread Malware - Infosecurity Magazine

North Korea

North Korean IT worker army expands operations in Europe

North Korean hackers adopt ClickFix attacks to target crypto firms

Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware

Over $1.5 billion of crypto was lost to scams or theft in just three months of 2025 | TechRadar

Tools and Controls

Top 10 Most-Used RDP Passwords Are Not Complex Enough

When disaster hits, preparation prevents poor performance • The Register

Resilience in the face of ransomware: A key to business survival

How Cyber Risk Quantification Bridges Security-Board Gap

Hackers Exploit Microsoft Teams in Multi-Stage AI Cyber Attack

SaaS Is Broken: Why Bring Your Own Cloud (BYOC) Is the Future - The New Stack

Independent tests show why orgs should use third-party cloud security services | CyberScoop

Ransomware crews add EDR killers to their arsenal • The Register

Identity lapses ensnared organisations at scale in 2024 | CyberScoop

Hackers Used Weaponized Zoom Installer to Gain RDP Access & Deploy BlackSuit Ransomware

The Reality Behind Security Control Failures—And How to Prevent Them

7 ways to get C-suite buy-in on that new cyber security tool - Help Net Security

Why you should replace your Kaspersky antivirus | TechRadar

Suspected Chinese snoops hijacking buggy Ivanti gear — again • The Register

Five VPN apps in the App Store had links to Chinese military - 9to5Mac

Visibility, Monitoring Key to Enterprise Endpoint Strategy

Law enforcement needs to fight fire with fire on AI threats | ITPro

How an Interdiction Mindset Can Help Win War on Cyber Attacks

Expert Insights: Strengthening Business Continuity And Disaster Recovery Strategies With AI

Agentic AI might take years to transform security, but cyber defenders must prepare now

Amazon refuses Microsoft 365 deployment because of lax cyber security | CSO Online

Google DeepMind Unveils Framework to Exploit AI's Cyber Weaknesses - SecurityWeek

Benefits from privacy investment are greater than the cost - Help Net Security

Other News

Why no small business is too small for hackers - and 8 security best practices for SMBs | ZDNET

CyberCube Releases New Report Highlighting Cyber Risk Exposure for Small Businesses

Why no business is too small for the cyber criminals – The Irish News

Small Businesses Continue to Be Underserved by Cyber Insurers: CyberCube

When it comes to security, public Wi-Fi could be a risky choice for commuters worldwide | TechRadar

As CISA Downsizes, Where Can Enterprises Get Support?

Cyber security report advocates an offence-driven approach ...

Over Half of Attacks on Electricity and Water Firms Are Destructive - Infosecurity Magazine

How an Interdiction Mindset Can Help Win War on Cyber Attacks

Almost 90% of Irish companies hit by disruption or financial loss due to cyber attacks – The Irish Times

Solar Power System Vulnerabilities Could Result in Blackouts - Infosecurity Magazine

Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA

Tradespeople warned to be vigilant against cyber-crime | Dorset Echo

The Cyber Security Confidence Paradox in Law Firms: Trends, Threats and Best Practices

Cyber attacks on utilities pose risk to public safety

The hidden cyber threats lurking in critical infrastructure

Safeguarding Student and Faculty Data: Cyber Security in Higher Education - Security Boulevard

63.5% Of Manufacturers Surveyed Rank Strengthening Cyber Security Posture as the Most Important Investment - Up 41 Percentage Points from 2024

Cyber criminals target auto industry with sophisticated hacks | SC Media

Vulnerability Management

Follow Patch Tuesday best practices for optimal results | TechTarget

How Linux Kernel Deals With Tracking CVE Security Issues - The New Stack

Why delaying software updates is a terrible idea | ZDNET

Cyber Security Leaders Share Three Challenges Exposure Management Helps Them Solve - Security Boulevard

What are business logic vulnerabilities? | ITPro

Vulnerabilities

Unknown scanners probing Juniper and Palo Alto products • The Register

Hackers Actively Targeting SonicWall, Zoho, F5 & Ivanti Systems to Exploit Vulnerabilities

Rootkit, Backdoor and Tunneler: Ivanti Malware Does It All

Vulnerabilities Expose Cisco Meraki and ECE Products to DoS Attacks - SecurityWeek

Suspected Chinese snoops hijacking buggy Ivanti gear — again • The Register

Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware

A Deep Dive into Water Gamayun's Arsenal and Infrastructure | Trend Micro (US)

Qualys Finds Three Security Bypasses In Ubuntu's Unprivileged User Namespace Restrictions

Don't wait to update: iOS 18.4 introduces key security fixes

RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features

Apple issues fixes for vulnerabilities in both old and new OS versions | CyberScoop

Spike in Palo Alto Networks scanner activity suggests imminent cyber threats

Hackers Scanning From 24,000 IP’s to Gain Access to Palo Alto Networks

Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439) - Help Net Security

Max severity RCE flaw discovered in widely used Apache Parquet

New Ubuntu Linux security bypasses require manual mitigations

VMware Workstation auto-updates broken after Broadcom URL redirect

Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia - SecurityWeek

Critical RCE flaws put Kubernetes clusters at risk of takeover | CSO Online

Microsoft warns of critical flaw in Canon printer drivers

Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities - SecurityWeek

Questions Remain Over Attacks Causing DrayTek Router Reboots - SecurityWeek

Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent

Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability - SecurityWeek

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 30/03/2025 Black Arrow Admin 30/03/2025

Black Arrow Cyber Threat Intelligence Briefing 28 March 2025

Black Arrow Cyber Threat Intelligence Briefing 28 March 2025:

-Third-Party Security Issues Could Be the Biggest Threat Facing Your Business

-New Morphing Meerkat Phishing Kit Mimics 114 Brands

-NCA Warns of Sadistic Online “Com” Networks

-Threat Actors Abuse Trust in Cloud Collaboration Platforms

-Report Reveals How Breaches Are Fuelling Hyper-Personalised Email Attacks

-No MFA? Expect Hefty Fines, UK’s ICO Warns

-Mobsters Now Overlap with Cyber Crime Gangs and Use AI for Evil, Europol Warns

-Ransomware Attacks Surge Despite Payments Being Down

-High-Severity Cloud Security Alerts Tripled in 2024

-If You Think You’re Immune to Phishing Attempts, You’re Wrong!

-UK Expanding Cyber Capabilities Amid US Pause

Summary

Our summary of threat intelligence this week highlights how attackers exploit your trust in third parties, well-known brands, or cloud collaboration platforms, including Dropbox, SharePoint and DocuSign, to gain access to your information or systems including in ransomware attacks. Criminals are innovating through new social engineering and phishing-as-a-service platforms, combined with voice-phishing and AI. Organisations can help reduce these risks through enhanced employee training and multi-factor-authentication (MFA), and stronger defences against ransomware.

Also this week, the UK’s Information Commissioner’s Office (ICO) imposed a fine of £3m on an IT provider who experienced a cyber incident because they did not have basic cyber security in place such as MFA and vulnerability management. The ICO has warned that it will impose higher fines for similar cases in future.

There has been a continued increase in cyber threats from both domestic and state-aligned actors, including criminal gangs now operating with the speed and sophistication of nation states. The UK government is expanding its cyber capabilities in response, but for organisations, the message is clear: the threat landscape is evolving faster than ever, and both vigilance and adaptability are essential.

Governance, Risk and Compliance

Half of firms have been hit by a cyber attack - Digital Journal

Cyber security spending set to jump 12.2% in 2025 - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

Massive Surge In Ransomware Attacks—AI And 2FA Bypass To Blame

Ransomware attacks surge despite payments being down

Ransomware Shifts Tactics as Payouts Drop: Critical Infrastructure in the Crosshairs - SecurityWeek

Half of firms have been hit by a cyber attack - Digital Journal

Albabat Ransomware Evolves to Target Linux and macOS - Infosecurity Magazine

One-third of CNI organisations admit to paying ransomware according to new report from Bridewell - IT Security Guru

Building ransomware resilience to avoid paying out | ITPro

Ransomware hackers are desperate lying liars | Cybernews

Russian Ransomware Gang Exploited Windows Zero-Day Before Patch - SecurityWeek

Ransomware Groups Increasingly Adopting EDR Killer Tools - SecurityWeek

Medusa Ransomware Uses Malicious Driver to Disable Security Tools - SecurityWeek

New VanHelsing ransomware targets Windows, ARM, ESXi systems

VMware Vulnerabilities Exploited Actively to Deploy Ransomware

RedCurl cyber spies create ransomware to encrypt Hyper-V servers

BlackLock Ransomware Targeted by Cyber Security Firm

Russian Espionage Group Using Ransomware in Attacks - SecurityWeek

VSCode extensions found downloading early-stage ransomware

Resecurity turns the table on BlackLock ransomware • The Register

Vampire Cosplay and Brand Revival: Ransomware in 2025

Winning the war on ransomware with multi-layer security | TechRadar

Ransomware Victims

One-third of CNI organisations admit to paying ransomware according to new report from Bridewell - IT Security Guru

UK fines software provider £3.07 million for 2022 ransomware breach

UK ICO fines Advanced Computer £3.07m after NHS data breach

WoW! A Ransomware Gang Just Took Over One Of America’s Largest ISPs

Ransomware Group Claims Attacks on Ascom, Jaguar Land Rover - SecurityWeek

Cloak ransomware group hacked the Virginia Attorney General’s Office

New Ransomware Group Claims Attack on US Telecom Firm WideOpenWest - SecurityWeek

Phishing & Email Based Attacks

Half of firms have been hit by a cyber attack - Digital Journal

If you think you're immune to phishing attempts, you're wrong! - Help Net Security

Microsoft Teams Phishing Attacks: What to Know and What to Do | MSSP Alert

Cloud collaboration platforms exploited in phishing attacks

Threat Actors Abuse Trust in Cloud Collaboration Platforms - Infosecurity Magazine

New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims' DNS Email Records

Fortra Report Reveals How Breaches Are Fuelling Hyper-Personalized Email Attacks

Intro to Deceptionology: Why Falling for Scams is Human Nature - Security Boulevard

The Rise of Mobile Phishing and How to Prevent Mobile Phishing - Security Boulevard

These phishing attacks are now targeting Mac browsers - how to protect yourself | ZDNET

Why are the young so vulnerable to phishing scams? Blame fomo | BusinessDesk

Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!

Famous Data Breaches & Phishing Attacks: What We Can Learn - Security Boulevard

New phishing campaign uses scareware to steal Apple credentials | CSO Online

'Lucid' Phishing Tool Exploits Faults in iMessage, RCS

Cyber Security Gaps Leave Doors Wide Open

Business Email Compromise (BEC)/Email Account Compromise (EAC)

DoJ Recovers $5M Lost in BEC Fraud Against Workers' Union

Other Social Engineering

Intro to Deceptionology: Why Falling for Scams is Human Nature - Security Boulevard

Teen Boys at Risk of Sextortion as 74% Lack Basic Awareness - Infosecurity Magazine

T-Mobile Coughed Up $33 Million in SIM Swap Lawsuit - SecurityWeek

New phishing campaign uses scareware to steal Apple credentials | CSO Online

Artificial Intelligence

Massive Surge In Ransomware Attacks—AI And 2FA Bypass To Blame

How AI, corruption and digital tools fuel Europe's criminal underworld - Help Net Security

Mobsters now overlap with cyber crime gangs, says Europol • The Register

Enterprises walk a tightrope between AI innovation and security - Help Net Security

89% of Enterprises GenAI Usage Is Untracked, Posing Security Risks - Security Boulevard

Dark Web Mentions of Malicious AI Tools Spike 200% - Infosecurity Magazine

3 in 4 Enterprise Users Upload Data to GenAI Including passwords and keys

NIST Warns of Significant Limitations in AI/ML Security Mitigations - Infosecurity Magazine

AI Agents Will Cut Account Exploitation Time By 50%

The Human Factor: Redefining Cyber Security In The Age Of AI

A CISO’s guide to securing AI models - Help Net Security

Overcoming Cyber Security Challenges In Agentic AI

AI vs. Cyber Criminals: Who Wins the Race in Next-Gen Threat Detection? - Security Boulevard

North Korea launches new unit with a focus on AI hacking, per report | TechCrunch

How governments can strengthen cyber security in the age of AI and hybrid threats - e-Estonia

WhatsApp's Meta AI is now rolling out in Europe, and it can't be turned off

Fake DeepSeek Ads Spread Malware to Google Users

2FA/MFA

Massive Surge In Ransomware Attacks—AI And 2FA Bypass To Blame

No MFA? Expect Hefty Fines, UK’s ICO Warns - Infosecurity Magazine

NCSC taps influencers to make 2FA go viral • The Register

Malware

Cyber Criminals Exploit CheckPoint Driver Flaws in Malicious Campaign - Infosecurity Magazine

How Businesses Can Protect Themselves Against Infostealers

Windows users targeted with CoffeeLoader | Cybernews

SpyX Breach Shows Apple Users Aren’t Invulnerable And Silence Is Deafening

New macOS Malware 'ReaderUpdate' Upgraded Arsenal With Nim and Rust Variants

Fake DeepSeek Ads Spread Malware to Google Users

CoffeeLoader Malware Loader Linked to SmokeLoader Operations - Infosecurity Magazine

Valve just pulled a malicious game demo spreading info-stealing malware from Steam | Tom's Guide

Malware strikes again. I'm starting to worry about Steam's lax security | PCWorld

New Linux Kernel Rust Module Unveiled to Detect Rootkits

Mobile

The Rise of Mobile Phishing and How to Prevent Mobile Phishing - Security Boulevard

Research: Rooting Tools Vs The Mobile Security Industry

Microsoft’s .NET MAUI Tool Leveraged for Android Malware Deployment | MSSP Alert

'Lucid' Phishing Tool Exploits Faults in iMessage, RCS

Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection

Android financial threats: What businesses need to know to protect themselves and their customers - Help Net Security

T-Mobile Coughed Up $33 Million in SIM Swap Lawsuit - SecurityWeek

Do you use Android? This secret Google technique could protect you - Talk Android

Denial of Service/DoS/DDoS

How to protect your site from DDoS attacks - before it's too late | ZDNET

Internet of Things – IoT

IoT Security Gaps Put Enterprises at Risk - DataBreachToday

Data Breaches/Leaks

Leak of US military plans on Signal is a classic case of ‘shadow IT’. It shows why security systems need to be easy to use

Inside the CIA's use of Signal and how America's enemies try to hack it - Washington Times

OPSEC Nightmare: Leaking US Military Plans to a Reporter

Here Are the Attack Plans That Trump’s Advisers Shared on Signal - The Atlantic

The Atlantic releases screenshots of timing, weapons used in Yemen war plans Signal chat - POLITICO

How does your data end up on the dark web? - Help Net Security

Famous Data Breaches & Phishing Attacks: What We Can Learn - Security Boulevard

Oracle’s Data Breach Denial Unravels As Leaked Info Checks Out

Coinbase was primary target of recent GitHub Actions breaches

23andMe files for bankruptcy protection • The Register

Three rules potentially broken by Trump team's Signal group chat leak - BBC News

Dark Web Intelligence: A Critical Layer in Modern Cyber Security Strategy | MSSP Alert

Widespread Keenetic Router Data Breach Uncovered | MSSP Alert

Organised Crime & Criminal Actors

2025 Risk Survey: Cyber Security, Fraud at the Forefront | Bank Director

How AI, corruption and digital tools fuel Europe's criminal underworld - Help Net Security

Mobsters now overlap with cyber crime gangs, says Europol • The Register

Ransomware hackers are desperate lying liars | Cybernews

INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cyber Crime Bust

How Scammers Launder Money and Get Away With It - The New York Times

New Cyber Crime Tool 'Atlantis AIO' Amps Up Credential Stuffing Attacks

NCA Warns of Sadistic Online “Com” Networks - Infosecurity Magazine

Alleged Snowflake hacker agrees to be extradited to the US | The Verge

Furry Hackers Fear Leader Raided by FBI

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

US Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe

Fewer than 500 people are responsible for $3.2 trillion of artificial crypto trading - Fast Company

Coinbase was primary target of recent GitHub Actions breaches

Insider Risk and Insider Threats

The Human Factor: Redefining Cyber Security In The Age Of AI

Cyber security Gaps Leave Doors Wide Open

Insurance

Threat of state-sponsored cyber attacks could make UK terror insurer ‘obsolete’

Cyber insurance isn't always what it seems - Help Net Security

Supply Chain and Third Parties

Third-party security issues could be the biggest threat facing your business | TechRadar

SecurityScorecard Observes Surge in Third-Party Breaches - Infosecurity Magazine

UK ICO fines Advanced Computer £3.07m after NHS data breach

Will your supply chain stand up to a nation-state hack? • The Register

SecurityScorecard 2025 Global Third-Party Breach Report Reveals Surge in Vendor-Driven Attacks

US defence contractor settles whistleblower suit for $4.6M • The Register

Defence contractor to pay $4.6 million over third-party provider’s security weakness | The Record from Recorded Future News

Coinbase was primary target of recent GitHub Actions breaches

Cloud/SaaS

String of defects in popular Kubernetes component puts 40% of cloud environments at risk | CyberScoop

Cloud providers aren’t delivering on security promises - Help Net Security

Microsoft Teams Phishing Attacks: What to Know and What to Do | MSSP Alert

Cloud collaboration platforms exploited in phishing attacks

Threat Actors Abuse Trust in Cloud Collaboration Platforms - Infosecurity Magazine

High-Severity Cloud Security Alerts Tripled in 2024

Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks

MailChimp Under Attack: How Cyber Criminals Are Exploiting Email Marketing Platforms - Security Boulevard

Hijacked Microsoft Stream classic domain "spams" SharePoint sites

Oracle Cloud denies claims of server intrusion • The Register

Outages

Lessons from CrowdStrike – a particular focus on financial services

Identity and Access Management

The rise of identity and access management: How IAM evolved to being the new perimeter of cyber security - Security Boulevard

Encryption

Prepping for post-quantum: a beginner’s guide to lattice cryptography

Ex-UK cyber chief says asking Apple to break encryption was 'naive' | New Scientist

A Win for Encryption: France Rejects Backdoor Mandate | Electronic Frontier Foundation

Linux and Open Source

Albabat Ransomware Evolves to Target Linux and macOS - Infosecurity Magazine

Cyber security and open-source software in products with digital elements

New Linux Kernel Rust Module Unveiled to Detect Rootkits

EU OS takes a 'layered' approach to its new Linux distro for the public sector | ZDNET

Passwords, Credential Stuffing & Brute Force Attacks

How to Balance Password Security Against User Experience

New Cyber Crime Tool 'Atlantis AIO' Amps Up Credential Stuffing Attacks

Google Account Hijackers Target Victims Via Semrush Ads - Infosecurity Magazine

New phishing campaign uses scareware to steal Apple credentials | CSO Online

Social Media

How to protect your phone and data privacy at the US border | US immigration | The Guardian

What travelers should know about their rights when entering the U.S. - The Washington Post

Travelers fear social media and photos may now trigger deportation

Malvertising

Google Account Hijackers Target Victims Via Semrush Ads - Infosecurity Magazine

Training, Education and Awareness

70% of South African businesses lack basic cyber security awareness

Regulations, Fines and Legislation

UK fines software provider £3.07 million for 2022 ransomware breach

UK ICO fines Advanced Computer £3.07m after NHS data breach

No MFA? Expect Hefty Fines, UK’s ICO Warns - Infosecurity Magazine

Analysis: ‘We’re Choosing to Blind Ourselves’ – US Backs Off Russian Threats, PART I

Analysis: Cyber Security as a Bargaining Chip in Ukraine Talks – US Backs Off Russian Threats, PART II

Ex-UK cyber chief says asking Apple to break encryption was 'naive' | New Scientist

EU Cyber Resilience Act: What You Need to Know - Security Boulevard

Monitoring preparedness and governance under EU cyber security legislation

The importance of cyber security compliance – an overview of the EU regulatory framework

Digital resilience and cyber security reporting requirements in the UK and EU

Our Leaders Don't Take Information Security Seriously | National Review

UK Government’s New Fraud Strategy to Focus on Tech-Enabled Threats - Infosecurity Magazine

Adapting the UK’s cyber ecosystem | TechRadar

Inside the CIA's use of Signal and how America's enemies try to hack it - Washington Times

OPSEC Nightmare: Leaking US Military Plans to a Reporter

Senators criticize Trump officials’ discussion of war plans over Signal, but administration answers don’t come easily | CyberScoop

Despite Rip-and-Replace Efforts, FCC Suspects Banned Chinese Telecom Providers Still Active in US - SecurityWeek

Here Are the Attack Plans That Trump’s Advisers Shared on Signal - The Atlantic

What CISA's Red Team Disarray Means for US Cyber Defences

Proof of Concept: Is the US Losing Its Cyber Grip?

Ex-NSA boss: Election security focus helped dissuade Russia • The Register

Cyber security and open-source software in products with digital elements

Lessons from CrowdStrike – a particular focus on financial services

Marco Rubio Says Someone in Signal Chat Made ‘Big Mistake’ in Adding Journalist - The New York Times

How DORA compliance future-proofs your organisation: By Steven Rackham

Leak of US military plans on Signal is a classic case of ‘shadow IT’. It shows why security systems need to be easy to use

The EU AI Act: A Critical Overview Of A Necessary Act?

Preparing for Cyber Security Disclosure as a Public Company | WilmerHale - JDSupra

US lifts sanctions on Tornado Cash cryptocurrency mixer • The Register

China poses biggest military threat to US: intel report - Digital Journal

US Cyber Security Weakness Benefits China – Foreign Policy

DOGE staffer calling himself 'big balls' provided tech support to cyber crime ring, records show - ABC News

A Win for Encryption: France Rejects Backdoor Mandate | Electronic Frontier Foundation

DORA Readiness: Skillcast Uncovers Deficiencies in Fintech Sector's Risk Management and Resilience | The Fintech Times

Models, Frameworks and Standards

EU Cyber Resilience Act: What You Need to Know - Security Boulevard

Monitoring preparedness and governance under EU cyber security legislation

The importance of cyber security compliance – an overview of the EU regulatory framework

Digital resilience and cyber security reporting requirements in the UK and EU

How DORA compliance future-proofs your organisation: By Steven Rackham

NIST 2.0 Demands Strategic Reset, Not a Compliance Patch

Backup and Recovery

Data Protection: Top Trends In Backup And Recovery

Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks

Careers, Working in Cyber and Information Security

60% of cyber security pros looking to change employers | CSO Online

Which Top Cyber Security Role of 2024 Was Featured in 64,000+ Job Postings? | TechRepublic

A closer look at The Ultimate Cyber Security Careers Guide - Help Net Security

11 hottest IT security certs for higher pay today | CSO Online

These cyber security specialists are the most sought-after, according to a report | Cybernews

Law Enforcement Action and Take Downs

INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cyber Crime Bust

Alleged Snowflake hacker agrees to be extradited to the US | The Verge

DoJ Recovers $5M Lost in BEC Fraud Against Workers' Union

Furry Hackers Fear Leader Raided by FBI

Misinformation, Disinformation and Propaganda

UK expanding cyber capabilities amid US pause

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

RedCurl cyber spies create ransomware to encrypt Hyper-V servers

'We are in a state of war': The UK needs to prepare for a future without Nato

Nation State Actors

Threat of state-sponsored cyber attacks could make UK terror insurer ‘obsolete’

Will your supply chain stand up to a nation-state hack? • The Register

China

Chinese hackers are getting bigger, better and stealthier

China, Beijing's ties with Russia main threats to US: intel report - Digital Journal

US Intelligence identifies China as top military, cyber threat

China's FamousSparrow flies back, breaches US org • The Register

Chinese APT Weaver Ant infiltrated a telco for over four years

Despite Rip-and-Replace Efforts, FCC Suspects Banned Chinese Telecom Providers Still Active in US - SecurityWeek

Cyber Threats Jeopardize US Military Mobility, Report Warns

Chinese Hacker Group Tracked Back to iSoon APT Operation

China poses biggest military threat to US: intel report - Digital Journal

US Cyber Security Weakness Benefits China – Foreign Policy

China bans facial recognition in hotels, bathrooms • The Register

Commerce limits 19 Chinese, Taiwanese companies from buying U.S. tech | CyberScoop

Chinese Hackers Exploit Unpatched Servers in Taiwan

Russia

UK expanding cyber capabilities amid US pause

Analysis: ‘We’re Choosing to Blind Ourselves’ – US Backs Off Russian Threats, PART I

Analysis: Cyber Security as a Bargaining Chip in Ukraine Talks – US Backs Off Russian Threats, PART II

Russian Espionage Group Using Ransomware in Attacks - SecurityWeek

China, Beijing's ties with Russia main threats to US: intel report - Digital Journal

US Intelligence identifies China as top military, cyber threat

Our Leaders Don't Take Information Security Seriously | National Review

What CISA's Red Team Disarray Means for US Cyber Defences

Proof of Concept: Is the US Losing Its Cyber Grip?

Ex-NSA boss: Election security focus helped dissuade Russia • The Register

Ukraine to establish national cyber attack response system

Ukrainian Railways Faced Massive Cyber Attack Over the Weekend

Top Trump aide in Signal chat was in Russia while the text stream was active—but denies he had personal or government-issued phone with him | Fortune

Russian hackers shut down major Belgian websites | Cybernews

Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers

Poland raises defences against cyber attacks before the vote | Stars and Stripes

Widespread Keenetic Router Data Breach Uncovered | MSSP Alert

Russia subjected to suspected joint Head Mare, Twelve attacks | SC Media

Iran

Iran's MOIS-Linked APT34 Spies on Allies Iraq & Yemen

North Korea

U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe

North Korea launches new unit with a focus on AI hacking, per report | TechCrunch

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Russia subjected to suspected joint Head Mare, Twelve attacks | SC Media

Furry Hackers Fear Leader Raided by FBI

Tools and Controls

Cloud providers aren’t delivering on security promises - Help Net Security

Cyber security spending set to jump 12.2% in 2025 - Help Net Security

Cyber criminals Exploit CheckPoint Driver Flaws in Malicious Campaign - Infosecurity Magazine

Prepping for post-quantum: a beginner’s guide to lattice cryptography

How to Balance Password Security Against User Experience

Data Protection: Top Trends In Backup And Recovery

Spring clean your security data: The case for cyber security data hygiene - Help Net Security

10 Critical Network Pentest Findings IT Teams Overlook

Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks

Ransomware Groups Increasingly Adopting EDR Killer Tools - SecurityWeek

What is Infrastructure Intelligence? - Security Boulevard

Threat Intelligence: Are UK Organisations Flying Blind? | SC Media UK

8 Expert Tips and Resources to Stay Ahead of Security Threats - DevX

How Cyber Security Pros Stay Ahead of the Curve – Insights from Experts - DevX

Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates

The hidden costs of security tool bloat and how to fix it - Help Net Security

53% of security teams lack continuous and up-to-date visibility - Help Net Security

The rise of identity and access management: How IAM evolved to being the new perimeter of cyber security - Security Boulevard

AI vs. Cyber Criminals: Who Wins the Race in Next-Gen Threat Detection? - Security Boulevard

Dark Web Intelligence: A Critical Layer in Modern Cyber Security Strategy | MSSP Alert

Russian zero-day seller is offering up to $4 million for Telegram exploits | TechCrunch

Cyber security specialists are drowning in a sea of software vulnerabilities. AI may be able to help | Fortune

Other News

UK CNI’s Overconfidence Puts National Security At Risk

Security experts warn of ‘contradictory confidence’ over critical infrastructure threats | ITPro

Estonia’s bold approach to cyber security: a holistic model for Europe - e-Estonia

Threat of war and disease means Europeans need 3 days’ supplies, Commission to warn – POLITICO

UK NCSC offers security guidance for domain and DNS registrars - Help Net Security

We take our energy security for granted. Our adversaries do not: Heather Exner Pirot and David McConkey in National Newswatch | Macdonald-Laurier Institute

UK says security ties with US are as strong as ever | Reuters

'We are in a state of war': The UK needs to prepare for a future without Nato

How governments can strengthen cyber security in the age of AI and hybrid threats - e-Estonia

Healthcare's alarming cyber security reality - Help Net Security

OT systems are strategic targets in global power struggles - Help Net Security

Single points of failure for our national infrastructure, like Heathrow, can no longer be tolerated

Dozens of solar inverter flaws could be exploited to attack power grids

Is the Middle East's Race to Digitize a Threat?

Cyber attack causes delays for South Africa’s largest chicken producer | The Record from Recorded Future News

Cyber attack threat not taken seriously by food and beverage

ENISA Probes Space Threat Landscape in New Report - Infosecurity Magazine

Vulnerability Management

Despite challenges, the CVE program is a public-private partnership that has shown resilience | CyberScoop

NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD - SecurityWeek

Cyber security Gaps Leave Doors Wide Open

Chinese Hackers Exploit Unpatched Servers in Taiwan

Cyber security specialists are drowning in a sea of software vulnerabilities. AI may be able to help | Fortune

Vulnerabilities

It's time to update Chrome ASAP - again! - to fix this critical flaw | ZDNET

Cyber Criminals Exploit CheckPoint Driver Flaws in Malicious Campaign - Infosecurity Magazine

Russian Ransomware Gang Exploited Windows Zero-Day Before Patch - SecurityWeek

VMware Vulnerabilities Exploited Actively to Deploy Ransomware

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) - Help Net Security

Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!

String of defects in popular Kubernetes component puts 40% of cloud environments at risk | CyberScoop

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) - Help Net Security

Public-facing Kubernetes clusters at risk of total takeover • The Register

Mozilla warns Windows users of critical Firefox sandbox escape flaw

VSCode extensions found downloading early-stage ransomware

Russian zero-day seller is offering up to $4 million for Telegram exploits | TechCrunch

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

E&OE

Black Arrow Admin 23/03/2025 Black Arrow Admin 23/03/2025

Black Arrow Cyber Threat Intelligence Briefing 21 March 2025

Black Arrow Cyber Threat Intelligence Briefing 21 March 2025:

-Why Cyber Security Needs More Business-Minded Leaders

-Cyberwashing Exposes Businesses and Consumers to Cyber Risks, Study Warns

-New KnowBe4 Report Reveals a Spike in Phishing Campaigns

-Over 400 million Unwanted and Malicious Emails Were Received by Businesses in 2024

-The Psychology of Scams: How Cyber Criminals Are Exploiting the Human Brain

-Many Workers Are Overconfident at Spotting Phishing Attacks

-Russia Using Criminal Networks to Drive Increase in Sabotage Acts, Says Europol

-AI Will Make Ransomware Even More Dangerous

-Third of UK Supply Chain Relies on ‘Chinese Military’ Companies

-How Economic Headwinds Influence the Ransomware Ecosystem

-Malicious Android ‘Vapor’ Apps on Google Play Installed 60 million Times

-Moving Beyond Checkbox Security for True Resilience

Summary

There is a clear trend this week that the human element in cyber attacks is being consistently underestimated. Many organisations are overlooking how psychological manipulation, poor user awareness, and leadership blind spots continue to drive successful attacks – even as technical defences evolve.

Reports reveal a concerning rise in phishing and social engineering, with AI now enabling convincing scams that bypass traditional detection. Despite employee confidence, over half of workers fall victim to these tactics. Malicious email campaigns are becoming more deceptive, targeting hiring processes and using compromised accounts to breach defences. Meanwhile, research highlights concerns that ‘cyberwashing’ (the overstating of security capabilities) is creating a false sense of safety, exposing organisations and consumers to avoidable risk.

From a leadership perspective, there’s a growing recognition that cyber security must be a business-wide priority, not just a technical one. Black Arrow Cyber believes that moving beyond checkbox compliance towards risk-led, strategic resilience is essential. Rising ransomware threats, politically motivated sabotage, and complex supply chain risks all demand a unified approach that integrates robust cyber governance with board-level engagement, independent oversight, and ongoing investment in both technology and human readiness.

Governance, Risk and Compliance

A strategic approach to security is key for cyber resilience | World Economic Forum

The Core Pillars of Cyber Resiliency

What Is Cyber Security Risk? A Guide to Protect Your Business - Security Boulevard

Moving beyond checkbox security for true resilience - Help Net Security

Not all cuts are equal: Security budget choices disproportionately impact risk | CSO Online

What If Prevention Was the Key to Cyber Security Success? | Entrepreneur

Advanced Cyber Security for the Modern Enterprise - Security Boulevard

Why Cyber Security Needs More Business-Minded Leaders

Security Neglect: Like an Unserviced Car, It’s Only a Matter of Time - Security Boulevard

Cyberwashing exposes businesses and consumers to cyber risks, study warns

Higher Profile and AI are Putting More Pressure on GRC Teams: Drata | MSSP Alert

Why 2025’s Cyber Security Landscape Demands a Complete Overhaul of Your IT Infrastructure

Most organisations change policies to reduce CISO liability risk - Help Net Security

Quantifying cyber risk strategies to resonate with CFOs and boards - Help Net Security

5 Mistakes Companies Will Make This Year With Cyber Security

Court Affirms Conviction of Ex-Uber Security Chief That Shook Cyber Security World

Lessons on Attack Attribution for CIOs and CISOs

How financial institutions can minimize their attack surface - Help Net Security

Breaches Often Start Where You Least Expect | Grip Security - Security Boulevard

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware is the top predicted threat for 2025

Now Ransomware Attackers Can Brute Force Your VPNs And Firewalls

How Economic Headwinds Affect Ransomware

Europol Warns of “Shadow Alliance” Between States and Criminals - Infosecurity Magazine

Fraudsters Impersonate Clop Ransomware to Extort Businesses - Infosecurity Magazine

Report: Ransomware attacks soared to new heights last month | SC Media

BlackLock Ransomware Hacked 40+ Organisation Within Two Months

Cyber Security Officials Warn Against Potentially Costly Medusa Ransomware Attacks

SANS Institute Warns of Novel Cloud-Native Ransomware Attacks

The state of ransomware: Fragmented but still potent despite takedowns | CSO Online

Fortinet Vulnerability Exploited in Ransomware Attack, CISA Warns - Infosecurity Magazine

Clop resurgence drives ransomware attacks in February | Computer Weekly

FBI: A Simple Email Could Make You a Target for Extortion

BlackLock Ransomware: What You Need To Know | Tripwire

AI will make ransomware even more dangerous - Help Net Security

Extortion crew to victim: Pay or we tell ... Edward Snowden? • The Register

Update: LockBit Ransomware | Intel 471

RansomHub affiliate leverages multi-function Betruger backdoor - Help Net Security

LockBit Developer Extradited to US

Suspected LockBit ransomware dev extradited to United States

Leaked Black Basta Chats Suggest Russian Officials Aided Leader's Escape from Armenia

Ransomware attacks are costing Government offices a month of downtime on average | TechRadar

One of the most powerful ransomware hacks around has been cracked using some serious GPU power | TechRadar

Phishing & Email Based Attacks

Many workers are overconfident at spotting phishing attacks | TechRadar

Over 400 million unwanted and malicious emails were received by businesses in 2024 | TechRadar

False confidence leaves businesses at risk of phishing scams

427.8 Million Dangerous Emails Confirmed—One Rule Can Protect You All

Achilles Email: Defending the Eternal Attack Surface - Infosecurity Magazine

Phishing: A Persistent Threat in the Age of AI - Security Boulevard

How to avoid and prevent social engineering attacks | TechTarget

What do watering holes, pharming and evil twins have in common?

New KnowBe4 Report Reveals a Spike in Phishing Campaigns - IT Security Guru

The psychology of scams: how cyber criminals are exploiting the human brain | TechRadar

Microsoft 365 Targeted in New Phishing, Account Takeover Attacks - SecurityWeek

Cyber criminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions

Mac users are now in danger of a well-known Windows phishing attack | Digital Trends

New Mac phishing attack causes fake freezes to nab your Apple ID password | Macworld

FBI: A Simple Email Could Make You a Target for Extortion

Targeted Microsoft 365 Tenants: Attackers Exploit Billing Emails For Phishing

Sneaky 2FA Joins Tycoon 2FA and EvilProxy in 2025 Phishing Surge - Infosecurity Magazine

Scareware Combined With Phishing in Attacks Targeting macOS Users - SecurityWeek

752,000 Browser Phishing Attacks Mark 140% Increase YoY - Infosecurity Magazine

Julius Caesar Linked To 890,000 New Phishing Attacks

How phishing attacks are hitting the supply chain – and how to fight back | TechRadar

Why No-Reply Emails Are a Cyber Security Hazard - Security Boulevard

Browser Security Under Siege: The Alarming Rise of AI-Powered Phishing - SecurityWeek

Malicious Android 'Vapor' apps on Google Play installed 60 million times

New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads

Mandatory Coinbase wallet migration? It's a phishing scam!

Other Social Engineering

How to avoid and prevent social engineering attacks | TechTarget

What do watering holes, pharming and evil twins have in common?

The psychology of scams: how cyber criminals are exploiting the human brain | TechRadar

£1M Lost as UK Social Media and Email Account Hacks Skyrocket - Infosecurity Magazine

Artificial Intelligence

AI Can Crack Your Passwords Fast—6 Tips To Stay Secure

AI Use in Cyber Attacks Raises Worker Cyber Security Concerns

Google Report Reveals How Threat Actors Are Currently Using Generative AI - InfoQ

Invisible C2 — thanks to AI-powered techniques - Security Boulevard

Tackling The Threat Of Cyber Risk During AI Adoption

AI will make ransomware even more dangerous - Help Net Security

How AI agents help hackers steal your confidential data - and what to do about it | ZDNET

Gartner Warns Agentic AI Will Accelerate Account Takeovers - Infosecurity Magazine

Hackers are turning to AI tools to reverse engineer millions of apps – and it’s causing havoc for security professionals | ITPro

Hackers target AI and crypto as software supply chain risks grow - Help Net Security

Browser Security Under Siege: The Alarming Rise of AI-Powered Phishing - SecurityWeek

Cyber criminals Taking Advantage Of AI, 'Shadow' Alliances

Higher Profile and AI are Putting More Pressure on GRC Teams: Drata | MSSP Alert

Security Researcher Proves GenAI Tools Can Develop Chrome Infostealers - Infosecurity Magazine

Rethinking vendor risk management in the age of AI and automation | TechRadar

How Schools Can Prepare for Artificial Intelligence-Backed Cyber Attacks | EdTech Magazine

3 types of deepfake detection technology and how they work | TechTarget

2FA/MFA

Forget MFA fatigue, attackers are exploiting ‘click tolerance’ to trick users into infecting themselves with malware | ITPro

Malware

ClickFix Widely Adopted by Cyber Criminals, APT Groups - SecurityWeek

Microsoft warns of a devious new RAT malware which can avoid detection with apparent ease | TechRadar

Forget MFA fatigue, attackers are exploiting ‘click tolerance’ to trick users into infecting themselves with malware | ITPro

Microsoft Uncovers New XCSSET MacOS Malware Variant Targeting Xcode Projects

Why Infostealer Malware Is My New Biggest Malware Worry

AsyncRAT Surges In Global Malware Rankings

Free file converter malware scam "rampant" claims FBI

Microsoft 365 accounts are under attack from new malware spoofing popular work apps | TechRadar

Invisible Windows Rootkit Hides Dangerous Files Using This Prefix

11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft - SecurityWeek

China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation

Malware Increasingly Spread By Fraudulent CAPTCHA Checks | MSSP Alert

Password Warning As 2.1 Billion Credentials Hit By Infostealer Attacks

Beware the coming Mac malware season – Computerworld

RansomHub affiliate leverages multi-function Betruger backdoor - Help Net Security

Malware campaign 'DollyWay' breached 20,000 WordPress sites

Security Researcher Proves GenAI Tools Can Develop Chrome Infostealers - Infosecurity Magazine

Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware | TechRadar

Be Careful What You Search For—New Attack Could Cost You Dearly

Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners

YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users

CERT-UA warns of cyber espionage against the Ukrainian defence industry using Dark Crystal RAT

100 Car Dealerships Hit by Supply Chain Attack - SecurityWeek

Mobile

Rooted Devices 250 Times More Vulnerable to Compromise - Infosecurity Magazine

New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads

Apple says EU interoperability requirements enable unfettered access to the iPhone, risks customer security and privacy - 9to5Mac

Protecting your iCloud data after Apple’s Advanced Data Protection removal in the UK - Help Net Security

Denial of Service/DoS/DDoS

Who was really behind the massive X cyber attack? Here’s what experts say about Elon Musk’s claims | TechRadar

European Cyber Report 2025: 137% more DDoS attacks than

Internet of Things – IoT

The Silent Infiltration: How Powerful CPS Devices Are Amplifying Cyber Risks for Businesses - Security Boulevard

All your Alexa recordings will go to the cloud soon, as Amazon sunsets Echo privacy | ZDNET

Data Breaches/Leaks

Over 16.8 Billion Records Exposed as Data Breaches Increase 6% - Infosecurity Magazine

How to calculate the cost of a data breach | TechTarget

Massive Cyber Attack in France: 12 Million Identities at Risk - Protect Yourself Now

GitHub supply chain attack spills secrets from 23K projects • The Register

Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts

Jaguar Land Rover Breach Highlights Growing Cyber Security Risks in Automotive Sector | HaystackID - JDSupra

Personal info feared stolen from sperm bank • The Register

Half a million people impacted by Pennsylvania State Education Association data breach | The Record from Recorded Future News

Top California sperm bank suffers embarrassing leak | TechRadar

Infosys to Pay $17.5 Million in Settlement Over 2023 Data Breach - SecurityWeek

Western Alliance Bank notifies 21,899 customers of data breach

Organised Crime & Criminal Actors

Why Cyber Crime Forum Collaboration Is Making Attacks More Efficient, And How To Stay Ahead

Russia using criminal networks to drive increase in sabotage acts, says Europol | Cybercrime | The Guardian

Russia Escalated Sabotage to Pressure U.S. and Allies on Ukraine, Study Says - The New York Times

Europol Warns of “Shadow Alliance” Between States and Criminals - Infosecurity Magazine

UK Police Arrest 422 in Major Fraud Crackdown - Infosecurity Magazine

20,000 Hacked WordPress Sites Used in Redirect Scheme

What Trump 2.0 Might Mean for Russian Cyber Crime - New Lines Magazine

Capital One hacker Paige Thompson got too light a sentence, appeals court rules | CyberScoop

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Blockchain gaming platform WEMIX hacked to steal $6.1 million

Widespread Coinbase phishing attack uncovered | SC Media

Hackers target AI and crypto as software supply chain risks grow - Help Net Security

Bybit: 89% of stolen $1.4B crypto still traceable post-hack

Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners

Mandatory Coinbase wallet migration? It's a phishing scam!

Insider Risk and Insider Threats

The psychology of scams: how cyber criminals are exploiting the human brain | TechRadar

43% of office workers say they could cause a cyber security breach this year

Many workers are overconfident at spotting phishing attacks | TechRadar

False confidence leaves businesses at risk of phishing scams

DoD engineer took home top-secret docs, booked a trip to MX • The Register

Supply Chain and Third Parties

Third of UK Supply Chain Relies on “Chinese Military” Companies - Infosecurity Magazine

Supply Chain Attack Exposes Enterprise Secrets: A Wake-Up Call for Enterprise Security Professionals

How phishing attacks are hitting the supply chain – and how to fight back | TechRadar

Hackers target AI and crypto as software supply chain risks grow - Help Net Security

Rethinking vendor risk management in the age of AI and automation | TechRadar

GitHub supply chain attack spills secrets from 23K projects • The Register

Infosys to Pay $17.5 Million in Settlement Over 2023 Data Breach - SecurityWeek

100 Car Dealerships Hit by Supply Chain Attack - SecurityWeek

Cloud/SaaS

UK Businesses Face Growing Cloud Security Crisis – Are You Prepared? | SC Media UK

SANS Institute Warns of Novel Cloud-Native Ransomware Attacks

Microsoft 365 Targeted in New Phishing, Account Takeover Attacks - SecurityWeek

Microsoft 365 accounts are under attack from new malware spoofing popular work apps | TechRadar

Hackers Use OAuth Apps to Steal Microsoft 365 Credentials

Targeted Microsoft 365 Tenants: Attackers Exploit Billing Emails For Phishing

The biggest security flaw of every cloud service that no one talks about -- until it's too late

How to Protect Your Business from Cyber Threats: Mastering the Shared Responsibility Model

Week-long Exchange Online outage causes email failures, delays

Outages

Week-long Exchange Online outage causes email failures, delays

Encryption

New Akira ransomware decryptor cracks encryptions keys using GPUs

US lawmakers urge public hearing on UK Apple encryption • The Register

A New Era of Attacks on Encryption Is Starting to Heat Up | WIRED

US Legislators Demand Transparency in Apple's UK Backdoor Court Fight - Infosecurity Magazine

NCSC Sets 2035 Deadline for Post-Quantum Cryptography Migration - Infosecurity Magazine

UK cyber security watchdog warns on future risk of quantum computer hacking

The UK’s Apple backdoor demand

Protecting your iCloud data after Apple’s Advanced Data Protection removal in the UK - Help Net Security

Filing: DOGE broke Treasury policy with unencrypted email • The Register

Linux and Open Source

Open source security in the spotlight as UK gov publishes fresh guidance | ITPro

Security issue in open source software leaves businesses concerned for systems | TechRadar

Passwords, Credential Stuffing & Brute Force Attacks

AI Can Crack Your Passwords Fast—6 Tips To Stay Secure

Now Ransomware Attackers Can Brute Force Your VPNs And Firewalls

Microsoft 365 Targeted in New Phishing, Account Takeover Attacks - SecurityWeek

New Mac phishing attack causes fake freezes to nab your Apple ID password | Macworld

The poor the bad and the terrible -- popular passwords around the world

Hackers Use OAuth Apps to Steal Microsoft 365 Credentials

Gartner Warns Agentic AI Will Accelerate Account Takeovers - Infosecurity Magazine

Password Warning As 2.1 Billion Credentials Hit By Infostealer Attacks

70% of leaked secrets remain active two years later - Help Net Security

Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts

"China's Amazon" JD.com passwords allegedly stolen | Cybernews

Social Media

Who was really behind the massive X cyber attack? Here’s what experts say about Elon Musk’s claims | TechRadar

£1M Lost as UK Social Media and Email Account Hacks Skyrocket - Infosecurity Magazine

Social media platforms face huge fines under UK’s new digital safety laws | Social media | The Guardian

UK’s Online Safety Act: Ofcom Can Now Issue Sanctions - Infosecurity Magazine

Stay safe from online hate with these five tips

YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users

Malvertising

Malvertising Explained: How To Spot And Steer Clear Of It

Why It's So Hard to Stop Rising Malicious TDS Traffic

Malicious Android 'Vapor' apps on Google Play installed 60 million times

New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads

Large-Scale Malicious App Campaign Bypassing Android Security - Infosecurity Magazine

Training, Education and Awareness

43% of office workers say they could cause a cyber security breach this year

Many workers are overconfident at spotting phishing attacks | TechRadar

False confidence leaves businesses at risk of phishing scams

Regulations, Fines and Legislation

UK ICO warns biometric tools may pose privacy, compliance risks | Biometric Update

A New Era of Attacks on Encryption Is Starting to Heat Up | WIRED

US Legislators Demand Transparency in Apple's UK Backdoor Court Fight - Infosecurity Magazine

MS-ISAC, EI-ISAC Funding Cuts Threaten National Security, Officials Say | MSSP Alert

Trump Administration Orders Federal Agencies To Avoid Cyber Staff Layoffs | MSSP Alert

US lawmakers urge public hearing on UK Apple encryption • The Register

Social media platforms face huge fines under UK’s new digital safety laws | Social media | The Guardian

UK’s Online Safety Act: Ofcom Can Now Issue Sanctions - Infosecurity Magazine

The UK’s Apple backdoor demand

NIST’s vulnerability database logjam is still growing despite attempts to clear it - Nextgov/FCW

Protecting your iCloud data after Apple’s Advanced Data Protection removal in the UK - Help Net Security

Open source security in the spotlight as UK gov publishes fresh guidance | ITPro

CISA works to contact probationary employees for reinstatement after court order - Nextgov/FCW

DOGE staffer violated security policies at Treasury Department, court filing shows | CyberScoop

Filing: DOGE broke Treasury policy with unencrypted email • The Register

What Trump 2.0 Might Mean for Russian Cyber Crime - New Lines Magazine

12 Hours or Else: Hong Kong’s Cyber Security Explained - Security Boulevard

Careers, Working in Cyber and Information Security

Wellbeing in the Cyber Security Sector: A Call for Participation - IT Security Guru

How to hack a career in cyber security through perseverance, mentorship, and learning on the job | Fortune

3 AI-Driven Roles in Cyber Security

Law Enforcement Action and Take Downs

The state of ransomware: Fragmented but still potent despite takedowns | CSO Online

UK Police Arrest 422 in Major Fraud Crackdown - Infosecurity Magazine

LockBit Developer Extradited to US

Telegram CEO leaves France temporarily as criminal probe continues

Suspected LockBit ransomware dev extradited to United States

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Denmark warns of increased state-sponsored campaigns targeting the European telcos

11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft - SecurityWeek

Windows shortcut exploit used as zero-day in global cyber espionage campaigns

How CISOs can counter the threat of nation state espionage | Computer Weekly

Nation State Actors

Europol Warns of “Shadow Alliance” Between States and Criminals - Infosecurity Magazine

Denmark warns of increased state-sponsored campaigns targeting the European telcos

What is an APT and how are they tracked? | ITPro

ClickFix Widely Adopted by Cyber Criminals, APT Groups - SecurityWeek

New Windows zero-day exploited by 11 state hacking groups since 2017

Microsoft isn't fixing 8-year-old zero day used for spying • The Register

How CISOs can counter the threat of nation state espionage | Computer Weekly

Cyber criminals Taking Advantage Of AI, 'Shadow' Alliances

China

Third of UK Supply Chain Relies on “Chinese Military” Companies - Infosecurity Magazine

China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation

Chinese Hacking Group MirrorFace Targeting Europe - SecurityWeek

Exploit Code for Apache Tomcat RCE Vulnerability Published on Chinese Forum - SecurityWeek

Emulating the Sophisticated Chinese Adversary Salt Typhoon - Security Boulevard

FishMonger APT Group Linked to I-SOON in Espionage Campaigns - Infosecurity Magazine

"China's Amazon" JD.com passwords allegedly stolen | Cybernews

12 Hours or Else: Hong Kong’s Cyber Security Explained - Security Boulevard

Russia

Russia using criminal networks to drive increase in sabotage acts, says Europol | Cybercrime | The Guardian

Russia Escalated Sabotage to Pressure U.S. and Allies on Ukraine, Study Says - The New York Times

BlackBasta Ransomware Ties to Russian Authorities Uncovered - Infosecurity Magazine

Europol Warns of “Shadow Alliance” Between States and Criminals - Infosecurity Magazine

UK under-prepared for catastrophic cyber attack

Three years after Russia’s invasion, a global online army is still fighting for Ukraine

Leaked Black Basta Chats Suggest Russian Officials Aided Leader's Escape from Armenia

Black Basta Leader in League With Russian Officials

What Trump 2.0 Might Mean for Russian Cyber Crime - New Lines Magazine

CERT-UA warns of cyber espionage against the Ukrainian defence industry using Dark Crystal RAT

YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users

North Korea

Bybit: 89% of stolen $1.4B crypto still traceable post-hack

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

The Citizen Lab’s director dissects spyware and the ‘proliferating’ market for it | The Record from Recorded Future News

Six additional countries identified as suspected Paragon spyware customers | CyberScoop

Tools and Controls

Now Ransomware Attackers Can Brute Force Your VPNs And Firewalls

Moving beyond checkbox security for true resilience - Help Net Security

Not all cuts are equal: Security budget choices disproportionately impact risk | CSO Online

A strategic approach to security is key for cyber resilience | World Economic Forum

The API Security Illusion: IT Leaders May Be Overconfident

Hackers Leveraging RMM Tools To Maintain Persistence To Infiltrate And Move Through Networks

What Is Cyber Security Risk? A Guide to Protect Your Business - Security Boulevard

Is it time to retire 'one-off' pen tests for continuous testing?

Why So Many Employee Phishing Training Initiatives Fall Short

What If Prevention Was the Key to Cyber Security Success? | Entrepreneur

Quantifying cyber risk strategies to resonate with CFOs and boards - Help Net Security

Choosing the Right Cloud Security Provider: Five Non-Negotiables for Protecting Your Cloud - Security Boulevard

43% of office workers say they could cause a cyber security breach this year

Leveraging AI in Security: What MSSPs Need to Know Before They Commit | MSSP Alert

Many workers are overconfident at spotting phishing attacks | TechRadar

Why Continuous Compliance Monitoring Is Essential For IT Managed Service Providers

55% of COOs Use GenAI to Improve Data Security

False confidence leaves businesses at risk of phishing scams

13 API security best practices to protect your business

3 types of deepfake detection technology and how they work | TechTarget

How financial institutions can minimize their attack surface - Help Net Security

Unifying Threat Operations: An Integrated Cyber Security Strategy

Reports Published in the Last Week

New KnowBe4 Report Reveals a Spike in Phishing Campaigns - IT Security Guru

Other News

1 in 10 people do nothing to stay secure and private on vacation | Malwarebytes

New KnowBe4 Report Finds Education Sector Unprepared for Escalating Cyber Attacks

Denmark warns of increased state-sponsored campaigns targeting the European telcos

CNI Security Leaders Express Cyber Confidence Despite 95% Breach Rate - Infosecurity Magazine

Cyber Security Challenges in the Telecom Sector: Protecting Data and Infrastructure - Security Boulevard

Cyber Industry Falls Short on Collaboration, Says Former GCHQ Director - Infosecurity Magazine

Cyber security in healthcare: getting the basics right as bigger threats loom - Medical Device Network

Hackers Leveraging RMM Tools To Maintain Persistence To Infiltrate And Move Through Networks

Government probes ‘national security risks’ of data brokers – PublicTechnology

Why 2025’s Cyber Security Landscape Demands a Complete Overhaul of Your IT Infrastructure

Breaches Often Start Where You Least Expect | Grip Security - Security Boulevard

Danish govt raises telecoms sector cyber risk assessment to 'high' - Telecompaper

UK under-prepared for catastrophic cyber attack

Global Education Report Says Some Schools Endure Over 2,500 Attempted Cyber Attacks A Day

Why betting on Mac security could put your organisation at risk | TechRadar

What is a buffer overflow? How do these types of attacks work?| Definition from TechTarget

What Would a Decentralized Internet Look Like? | HackerNoon

The DoD's Cyber Wake-Up Call: Why Playing It Safe Won't Keep Us Safe - ClearanceJobs

Cyber Security Concerns Arise After Announcement To Scrap NHS England

Five ways to protect university data from cyber security threats | EdScoop

Vulnerability Management

Cyber security vulnerabilities and their financial impact | CEPR

How Security Teams Should Respond To The Rise In Vulnerability Disclosures

NIST’s vulnerability database logjam is still growing despite attempts to clear it - Nextgov/FCW

The Microsoft patch management guide for admins | TechTarget

Vulnerabilities

Hackers Use OAuth Apps to Steal Microsoft 365 Credentials

A worrying critical security flaw in Apache Tomcat could let hackers take over servers with ease | TechRadar

Windows shortcut exploit used as zero-day in global cyber espionage campaigns

Veeam RCE bug lets domain users hack backup servers, patch now

Infoseccers flame Veeam over RCE bug, failing blacklist • The Register

Cisco IOS XR vulnerability lets attackers crash BGP on routers

8,000 New WordPress Vulnerabilities Reported in 2024 - SecurityWeek

Fortinet Vulnerability Exploited in Ransomware Attack, CISA Warns - Infosecurity Magazine

ChatGPT SSRF bug quickly becomes a favorite attack vector

Microsoft isn't fixing 8-year-old zero day used for spying • The Register

Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems

Critical Fortinet Vuln Draws Fresh Attention

Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems | TechCrunch

IBM urges quick patching of critical AIX bugs • The Register

WordPress security plugin WP Ghost vulnerable to remote code execution bug

Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility

iOS 18.3.2 patches gateway for ‘extremely sophisticated attack' - Tech Advisor

HellCat hackers go on a worldwide Jira hacking spree

Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners

CISA tags NAKIVO backup flaw as actively exploited in attacks

Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 and CVE-2024-20440 - SANS Internet Storm Center

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 16/03/2025 Black Arrow Admin 16/03/2025

Black Arrow Cyber Threat Intelligence Briefing 14 March 2025

Black Arrow Cyber Threat Intelligence Briefing 14 March 2025:

-95% of Data Breaches Tied to Human Error in 2024

-Hackers Using Advanced Social Engineering Techniques with Phishing Attacks

-Confidence Gap in Cyber Security Leaves Businesses at Risk

-Over Half of UK Organisations Experienced a Security Breach Resulting from Third-Party Access in the Past Year

-Ransomware Gang Encrypted Network from a Webcam to Bypass Security Controls

-Microsoft Reveals Over a Million PCs Hit by Malvertising Campaign

-How Cyber Attacks Affect Your Staff

-UK Government Officials: The UK Is Unprepared and Vulnerable to Russian Cyber Attacks.

-Navigating AI-Powered Cyber Threats in 2025: 4 Expert Security Tips for Businesses

-86% of Financial Firms are Still Not Fully Compliant With DORA

-The CISO as Business Resilience Architect

-Data Breach at Japanese Telecom Giant NTT Hits 18,000 Companies

Summary

Black Arrow Cyber’s review of threat intelligence this week highlights that human error and susceptibility to social engineering remain at the heart of cyber security failures. A new report reveals that 95% of data breaches in 2024 were due to human mistakes, with just 8% of employees responsible for 80% of incidents. Despite widespread training efforts, a confidence gap persists: 86% of employees believe they can detect phishing scams, yet many still fall victim. Meanwhile, cyber criminals are deploying more sophisticated pretexting techniques, such as fake job offers, to exploit trust before launching attacks. The financial impact of phishing-related breaches now averages $4.88 million per incident.

Third-party access and unmonitored IoT devices also present major risks, with over half of UK firms experiencing a breach due to supplier access. The Akira ransomware gang recently exploited an unsecured webcam to bypass endpoint defences, highlighting the need for a more layered approach to cyber security. Additionally, AI-driven threats are accelerating, enabling criminals to automate cyber attacks and create deepfake scams, such as one that resulted in a $25 million theft.

Looking ahead, regulatory compliance pressures are mounting, with 86% of financial firms still unprepared for the EU’s DORA framework. Meanwhile, UK government officials warn of national cyber security vulnerabilities due to outdated systems and staffing shortages. Black Arrow Cyber believes that businesses must take a proactive stance, adopting zero-trust security, strengthening third-party risk management, and ensuring human resilience against evolving cyber threats.

Governance, Risk and Compliance

Tech Complexity Puts UK Cyber Security at Risk - Infosecurity Magazine

The CISO as Business Resilience Architect

KnowBe4 Research Reveals a Confidence Gap in Cyber Security, Leaving Organisations at Risk

Why effective cyber security is a team effort | TechRadar

Why cyber security specialists should focus on minimizing damage caused by hackers rather than stopping all of their attacks | Fortune

The state of procurement: tackling inflation, supply chain disruptions, and cyber security risks | The Independent

Cyber Security Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware gang encrypted network from a webcam to bypass EDR

Travelers reports rise in ransomware activity in Q4'24 Cyber Threat Report - Reinsurance News

Medusa Ransomware: FBI and CISA Urge Organisations to Act Now to Mitigate Threat | Tripwire

Medusa ransomware infects 300+, uses 'triple extortion' • The Register

Microsoft: North Korean hackers join Qilin ransomware gang

FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations

Ransomware poseurs are trying to extort businesses through physical letters | CyberScoop

'Spearwing' RaaS Group Ruffles Cyber Threat Feathers

Ransomware Groups Favour Repeatable Access Over Mass Exploits - Infosecurity Magazine

Imposter Scam With A Twist

North Korea-linked APT Moonstone used Qilin ransomware in limited attacks

Ragnar Loader Toolkit Evolves Amid Increased Traction Among Threat Operations | MSSP Alert

New SuperBlack ransomware exploits Fortinet auth bypass flaws

Russian crypto exchange Garantex seized in international law enforcement operation | CyberScoop

Ransomware Victims

Many Schools Report Data Breach After Retirement Services Firm Hit by Ransomware - SecurityWeek

Two Rhysida healthcare attacks pwned 300K patients' data • The Register

82% of K-12 schools recently experienced a cyber incident | K-12 Dive

RansomHouse gang claims the hack of the Loretto Hospital in Chicago

More than 300,000 US healthcare patients impacted in suspected Rhysida cyber attacks | ITPro

Phishing & Email Based Attacks

Hackers Using Advanced Social Engineering Techniques With Phishing Attacks

Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails

Phishing campaign impersonating Booking.com targeting UK hospitality | The Standard

ICANN regains control of X account after phishing attack - Domain Name Wire | Domain Name News

US cities warn of wave of unpaid parking phishing texts

Other Social Engineering

Hackers Using Advanced Social Engineering Techniques With Phishing Attacks

Most AI voice cloning tools aren't safe from scammers, Consumer Reports finds | ZDNET

Consumer Reports calls out poor AI voice-cloning safeguards • The Register

AI-Powered Fraud: How Cyber Criminals Target Finance Teams—and How To Stop Them

How to spot and avoid AI-generated scams - Help Net Security

'Threat actor' has registered over 10k domains for smishing scams, cyber security firm says

How to Steer Clear of Smishing Scams | TIME

Trump Coins Used as Lure in Malware Campaign - SecurityWeek

Lazarus Group deceives developers with 6 new malicious npm packages | CyberScoop

US cities warn of wave of unpaid parking phishing texts

New YouTube Windows Attack Warning—Three Strikes And You’re Hacked

Artificial Intelligence

Majority of Orgs Hit by AI Cyber-Attacks as Detection Lags - Infosecurity Magazine

New Mimecast Research Reveals 55% of global organisations are not fully prepared with strategies to combat AI-driven threats

Most AI voice cloning tools aren't safe from scammers, Consumer Reports finds | ZDNET

The Invisible Battlefield Behind LLM Security Crisis - Security Boulevard

AI-Powered Fraud: How Cyber Criminals Target Finance Teams—and How To Stop Them

Beware of DeepSeek Hype: It’s a Breeding Ground for Scammers - SecurityWeek

4 expert security tips for navigating AI-powered cyber threats | ZDNET

How to spot and avoid AI-generated scams - Help Net Security

DeepSeek spits out malware code with a little persuasion • The Register

Worried about DeepSeek? Turns out, Gemini and other US AIs collect more user data | ZDNET

UK AI Research Under Threat From Nation-State Hackers - Infosecurity Magazine

Signal President Meredith Whittaker calls out agentic AI as having 'profound' security and privacy issues | TechCrunch

Even premium AI tools distort the news and fabricate links - these are the worst | ZDNET

Malware

A ‘significant increase’ in infostealer malware attacks left 3.9 billion credentials exposed to cyber criminals last year – and experts worry this is a ticking time bomb for enterprises | ITPro

Another huge new botnet is infecting thousands of webcams and video recorders for DDoS attacks | TechRadar

Update your Wi-Fi cameras, else malware could infect your network | PCWorld

Microsoft Says One Million Devices Impacted by Infostealer Campaign - SecurityWeek

Another top security camera maker is seeing devices hijacked into botnet | TechRadar

New threat uses fake CAPTCHA to infect systems with malware | TechSpot

New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions

Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices

Steganography Explained: How XWorm Hides Inside Images

Gone In 120 Seconds: TRUMP Coin Phishing Lure Delivers RAT

Binance Spoofers Compromise PCs in 'TRUMP' Crypto Scam

DeepSeek spits out malware code with a little persuasion • The Register

Lazarus Group deceives developers with 6 new malicious npm packages | CyberScoop

1,600 Victims Hit by South American APT's Malware - SecurityWeek

Bots/Botnets

Another huge new botnet is infecting thousands of webcams and video recorders for DDoS attacks | TechRadar

Another top security camera maker is seeing devices hijacked into botnet | TechRadar

Unpatched Edimax Camera Flaw Exploited Since at Least May 2024 - SecurityWeek

Update your Wi-Fi cameras, else malware could infect your network | PCWorld

Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices

Edimax Says No Patches Coming for Zero-Day Exploited by Botnets - SecurityWeek

Mobile

'Threat actor' has registered over 10k domains for smishing scams, cyber security firm says

How to Steer Clear of Smishing Scams | TIME

SIM Swapping Fraud Surges in the Middle East - Infosecurity Magazine

US cities warn of wave of unpaid parking phishing texts

Is your phone eavesdropping on you? Try NordVPN's simple test to find out | ZDNET

Denial of Service/DoS/DDoS

DNS DDoS: Downtime is just the tip of the iceberg | Total Telecom

Another huge new botnet is infecting thousands of webcams and video recorders for DDoS attacks | TechRadar

Another top security camera maker is seeing devices hijacked into botnet | TechRadar

How to Survive Fast-and-Furious DDoS Microbursts

Update your Wi-Fi cameras, else malware could infect your network | PCWorld

Musk blames Ukrainians for cyber attack on X. Experts aren’t convinced. – POLITICO

X’s Attackers Hit Servers Faulted for Lacking Key Protection

Cyber Attack on X Hit Insecure Servers

The Real Reason Twitter Went Down Actually Sounds Pretty Embarrassing

Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices

X hit by ‘massive cyber attack’ amid Dark Storm’s DDoS claims

What Really Happened With the DDoS Attacks That Took Down X | WIRED

X Outage Exposes Musk's Poor Digital Hygiene | HackerNoon

Elon Musk blaming Ukraine after Twitter cyber attack is ‘dangerous’, expert says | The Independent

Internet of Things – IoT

Hackers spotted using unsecured webcam to launch cyber attack | TechRadar

Another huge new botnet is infecting thousands of webcams and video recorders for DDoS attacks | TechRadar

Update your Wi-Fi cameras, else malware could infect your network | PCWorld

‘Ban These Chinese Routers NOW,’ Cries House Committee - Security Boulevard

Another top security camera maker is seeing devices hijacked into botnet | TechRadar

Unpatched Edimax Camera Flaw Exploited Since at Least May 2024 - SecurityWeek

Car Exploit Allows You to Spy on Drivers in Real Time

Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices

Edimax Says No Patches Coming for Zero-Day Exploited by Botnets - SecurityWeek

Cyber Security Vulnerabilities with Certain Patient Monitors from Contec and Epsimed: FDA Safety Communication | FDA

CISOs, are your medical devices secure? Attackers are watching closely - Help Net Security

Data Breaches/Leaks

95% of Data Breaches Tied to Human Error in 2024 - Infosecurity Magazine

Data breach at Japanese telecom giant NTT hits 18,000 companies

43% of Healthcare Email Breaches Tied to Microsoft 365—New Report Uncovers the Major Cyber Security Gaps | Business Wire

Over Half of UK Organisations Experienced a Security Breach Resulting from Third-Party Access in the Past Year, Imprivata Study Finds

Two Rhysida healthcare attacks pwned 300K patients' data • The Register

New York sues Allstate and subsidiaries for back-to-back data breaches | CyberScoop

'Uber for nurses' exposes 86K+ medical records, PII • The Register

Australian financial firm hit with lawsuit after massive data breach | CSO Online

Software bug meant NHS information was potentially “vulnerable to hackers” | TechRadar

More than 23.7 Million Hardcoded Secrets Publicly Exposed In GitHub Last Year | MSSP Alert

Does the NHS have a security culture problem? • The Register

Organised Crime & Criminal Actors

Cyber Crime's Cobalt Strike Use Plummets 80% Worldwide

Texas Developer Convicted After Kill Switch Sabotage Plot - Infosecurity Magazine

New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions

The Violent Rise of ‘No Lives Matter’ | WIRED

Russian crypto exchange Garantex seized in international law enforcement operation | CyberScoop

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Ripple CEO Chris Larsen lost $150M in XRP after LastPass hack

US seizes $23 million in crypto stolen via password manager breach

EU investigates OKX for its role in Lazarus' $1.5 billion Bybit hack | Cryptopolitan

North Korean hackers cash out hundreds of millions from $1.5bn ByBit hack - BBC News

Why CFOs Considering Stablecoins, Crypto Need Cyber Security

Russian crypto exchange Garantex seized in international law enforcement operation | CyberScoop

North Korean hackers cash out $300 million from ByBit heist

MassJacker malware uses 778,000 wallets to steal cryptocurrency

Gone In 120 Seconds: TRUMP Coin Phishing Lure Delivers RAT

Insider Risk and Insider Threats

95% of Data Breaches Tied to Human Error in 2024 - Infosecurity Magazine

Employee charged with stealing unreleased movies, sharing them online

Developer sabotaged ex-employer IT systems with kill switch • The Register

Developer Convicted for Hacking Former Employer's Systems - SecurityWeek

Man found guilty of planting infinite loop logic bomb on ex-employer's system

Insurance

Cyber insurance becoming a key safeguard for SMEs: Report | Insurance Business America

Supply Chain and Third Parties

Data breach at Japanese telecom giant NTT hits 18,000 companies

Over Half of UK Organisations Experienced a Security Breach Resulting from Third-Party Access in the Past Year, Imprivata Study Finds

Who’s in your digital house? The truth about third-party access - Help Net Security

The state of procurement: tackling inflation, supply chain disruptions, and cyber security risks | The Independent

Cyber criminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets | TechRadar

Cloud/SaaS

43% of Healthcare Email Breaches Tied to Microsoft 365—New Report Uncovers the Major Cyber Security Gaps | Business Wire

Cloud security gains overshadowed by soaring storage fees - Help Net Security

Hiding In Plain Sight: Cyber Criminals Take Advantage Of US Cloud Providers - Above the Law

'Uber for nurses' exposes 86K+ medical records, PII • The Register

Identity and Access Management

Machine Identities Outnumber Humans Increasing Risk Seven-Fold - Infosecurity Magazine

Encryption

UK quietly scrubs encryption advice from government websites | TechCrunch

France rejects controversial encryption backdoor provision | TechRadar

Legislative push for child online safety runs afoul of encryption advocates (again) | CyberScoop

Apple To Appeal Government Backdoor Order Friday | Silicon UK

Linux and Open Source

PoC Exploit Released for Actively Exploited Linux Kernel Write Vulnerability

UK Government Report Calls for Stronger Open Source Supply Chain Security Practices - SecurityWeek

Passwords, Credential Stuffing & Brute Force Attacks

A ‘significant increase’ in infostealer malware attacks left 3.9 billion credentials exposed to cyber criminals last year – and experts worry this is a ticking time bomb for enterprises | ITPro

Ripple CEO Chris Larsen lost $150M in XRP after LastPass hack

US seizes $23 million in crypto stolen via password manager breach

Social Media

Musk blames Ukrainians for cyber attack on X. Experts aren’t convinced. – POLITICO

X’s Attackers Hit Servers Faulted for Lacking Key Protection

The Real Reason Twitter Went Down Actually Sounds Pretty Embarrassing

X hit by ‘massive cyber attack’ amid Dark Storm’s DDoS claims

What Really Happened With the DDoS Attacks That Took Down X | WIRED

X Outage Exposes Musk's Poor Digital Hygiene | HackerNoon

ICANN regains control of X account after phishing attack - Domain Name Wire | Domain Name News

New YouTube Windows Attack Warning—Three Strikes And You’re Hacked

Malvertising

Microsoft reveals over a million PCs hit by malvertising campaign | TechRadar

GitHub-Hosted Malware Infects 1M Windows Users

Training, Education and Awareness

95% of Data Breaches Tied to Human Error in 2024 - Infosecurity Magazine

4 expert security tips for navigating AI-powered cyber threats | ZDNET

Regulations, Fines and Legislation

SEC cyber security disclosure rules, with checklist | TechTarget

UK quietly scrubs encryption advice from government websites | TechCrunch

Switzerland Mandates Cyber Reporting for Critical Infrastructure - Infosecurity Magazine

The risks of standing down: Why halting US cyber ops against Russia erodes deterrence | CSO Online

Balancing Cyber Security Accountability & Deregulation

‘Ban These Chinese Routers NOW,’ Cries House Committee - Security Boulevard

CISA completed its election security review. It won’t make the results public | CyberScoop

Ex-NSA vet slams reported halt to Russia cyber ops | Cybernews

Amid personnel turmoil at cyber agencies, a government shutdown could increase potential harm | CyberScoop

White House instructs agencies to avoid firing cyber security staff, email says | KELO-AM

Cyber Security Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies

MS-ISAC loses federal support | StateScoop

Legislative push for child online safety runs afoul of encryption advocates (again) | CyberScoop

Apple To Appeal Government Backdoor Order Friday | Silicon UK

Romanian cyber security authority publishes draft order for registration of entities under NIS2 Directive

Models, Frameworks and Standards

86% of Financial Firms are Still Not Fully Compliant With DORA: Clear Junction Highlights Hurdles | The Fintech Times

NIST Finalizes Differential Privacy Rules to Protect Data

Cyber Essentials April 2025 Update: What you Need to Know

Romanian cyber security authority publishes draft order for registration of entities under NIS2 Directive

Backup and Recovery

Lessons from the Field, Part III: Why Backups Alone Won’t Save You - Security Boulevard

Future-Proofing Business Continuity: BCDR Trends and Challenges for 2025

Data Protection

NIST Finalizes Differential Privacy Rules to Protect Data

Careers, Working in Cyber and Information Security

Cyber security workers aren't massively happy with their employers - but they are being paid pretty well | TechRadar

Strengthening the Human Firewall: Prioritising Mental Health in Cyber Security Teams - IT Security Guru

Understaffed but still delivering -- the reality of cyber security teams

How remote work strengthens cyber security teams - Help Net Security

Managing the emotional toll cyber security incidents can take on your team | CSO Online

The Legacy of the Cyber Security Challenge | SC Media UK

UK’s infosec chiefs must be paid more than PM, say officials • The Register

Law Enforcement Action and Take Downs

US seizes $23 million in crypto stolen via password manager breach

Employee charged with stealing unreleased movies, sharing them online

Developer sabotaged ex-employer IT systems with kill switch • The Register

Texas Developer Convicted After Kill Switch Sabotage Plot - Infosecurity Magazine

Developer Convicted for Hacking Former Employer's Systems - SecurityWeek

Russian crypto exchange Garantex seized in international law enforcement operation | CyberScoop

Cyber criminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets | TechRadar

Man found guilty of planting infinite loop logic bomb on ex-employer's system

Misinformation, Disinformation and Propaganda

Europe, Don't Forget the Information War - CEPA

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Europe, Don't Forget the Information War - CEPA

Nation State Actors

UK AI Research Under Threat From Nation-State Hackers - Infosecurity Magazine

China

Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits

Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers - SecurityWeek

Salt Typhoon: A Wake-up Call for Critical Infrastructure

China's Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days - SecurityWeek

‘Ban These Chinese Routers NOW,’ Cries House Committee - Security Boulevard

UK AI Research Under Threat From Nation-State Hackers - Infosecurity Magazine

Beware of DeepSeek Hype: It’s a Breeding Ground for Scammers - SecurityWeek

Russia

The UK is unprepared and vulnerable to Russian cyber attacks. Here's why

The risks of standing down: Why halting US cyber ops against Russia erodes deterrence | CSO Online

The Geopolitical Fallout of a Potential US Cyber Stand-Down – The Diplomat

Europe, Don't Forget the Information War - CEPA

Ex-NSA vet slams reported halt to Russia cyber ops | Cybernews

Ukraine loses Signal support for anti-Russian cyber threat efforts, says official | SC Media

North Korea

Microsoft: North Korean hackers join Qilin ransomware gang

EU investigates OKX for its role in Lazarus' $1.5 billion Bybit hack | Cryptopolitan

North Korean hackers cash out hundreds of millions from $1.5bn ByBit hack - BBC News

North Korean hackers spread spyware through Google Play disguised as utility apps | Engineering and Technology Magazine

Spyware in bogus Android apps is attributed to North Korean group | The Record from Recorded Future News

Lazarus Group deceives developers with 6 new malicious npm packages | CyberScoop

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa

1,600 Victims Hit by South American APT's Malware - SecurityWeek

Tools and Controls

Hackers spotted using unsecured webcam to launch cyber attack | TechRadar

95% of Data Breaches Tied to Human Error in 2024 - Infosecurity Magazine

How to safely dispose of old tech without leaving a security risk - Help Net Security

4 expert security tips for navigating AI-powered cyber threats | ZDNET

Lessons from the Field, Part III: Why Backups Alone Won’t Save You - Security Boulevard

Future-Proofing Business Continuity: BCDR Trends and Challenges for 2025

Threat Groups Using RMM Tools for Initial-Stage in Attacks | MSSP Alert

Defending against EDR bypass attacks - Help Net Security

Security operations centres are fundamental to cyber security — here’s how to build one | CSO Online

Other News

Tech Complexity Puts UK Cyber Security at Risk - Infosecurity Magazine

How Cyber Attacks Affect Your Staff

AI, 5G, and Fiber: The Telecom Infrastructure Boom No One’s Monitoring

Every Truth (And Lie) Told in Netflix's 'Zero Day,' Ranked | HackerNoon

Slow development of Irish maritime security strategy raises concerns

Zut Alors! Surge in Cyber Attacks Targeting France in 2024

Does the NHS have a security culture problem? • The Register

Vulnerability Management

Why Now is the Time to Adopt a Threat-Led Approach to Vulnerability Management

CISOs Connect Research Report on Cyber Security Debt Exposes Widespread Vulnerabilities

Balancing Cyber Security Accountability & Deregulation

Vulnerabilities

Thousands of Orgs Risk Zero-Day VM Escape Attacks

Microsoft Flags Six Active Zero-Days, Patches 57 Flaws: Patch Tuesday - SecurityWeek

Patch Tuesday: Critical Code Execution Bugs in Adobe Acrobat and Reader - SecurityWeek

Fortinet Patches 18 Vulnerabilities - SecurityWeek

Newly Patched Windows Zero-Day Exploited for Two Years - SecurityWeek

Google researchers uncover critical security flaw in all AMD Zen processors | TechSpot

Mass Exploitation of Critical PHP Vulnerability Begins - SecurityWeek

Top Bluetooth chip security flaw could put a billion devices at risk worldwide | TechRadar

SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver - SecurityWeek

CISA tags critical Ivanti EPM flaws as actively exploited in attacks

Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw - SecurityWeek

Critical PHP RCE vulnerability mass exploited in new attacks

Apple fixed the third actively exploited zero-day of 2025

Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits

Zoom Patches 4 High-Severity Vulnerabilities - SecurityWeek

PoC Exploit Released for Actively Exploited Linux Kernel Write Vulnerability

New SuperBlack ransomware exploits Fortinet auth bypass flaws

Cisco Patches 10 Vulnerabilities in IOS XR - SecurityWeek

Mozilla warns users to update Firefox before certificate expires

GitLab patches critical authentication bypass vulnerabilities

FreeType Zero-Day Being Exploited in the Wild - SecurityWeek

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 12/03/2025 Black Arrow Admin 12/03/2025

Black Arrow Cyber Advisory 12 March 2025 – Security Updates from Microsoft, Fortinet, Apple, Adobe, Zoom and SAP

Executive Summary

Microsoft’s Patch Tuesday for March 2025 delivered 57 security updates across its product line, including 6 actively exploited zero-day vulnerabilities. This month, several other major software and hardware vendors also released critical security updates to address vulnerabilities that could be exploited by attackers.

Fortinet issued 17 security advisories with updates addressing various high, medium, and low severity vulnerabilities across multiple product ranges, including FortiOS, FortiProxy, FortiPAM, FortiSRA, FortiAnalyzer, FortiManager, FortiAnalyzer-BigData, FortiSandbox, FortiNDR, FortiWeb, FortiSIEM, and FortiADC.

Apple released updates to address zero-day security issues across its iPhone, iPad, macOS, and visionOS product ranges, specifically targeting vulnerabilities in WebKit, the browser engine used within Safari and other Apple products.

Adobe provided updates addressing 35 vulnerabilities, including critical issues in various product lines such as Acrobat and Reader, InDesign, and Substance 3D Sampler.

Zoom patched five vulnerabilities in its applications, including four rated ‘high severity’, affecting Zoom Workplace, Rooms Controller, Rooms Client, and Meeting SDK products.

SAP also released 21 new security notes, covering high, medium, and low severity vulnerabilities addressed by security patches.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.

What can I do?

Microsoft

Further details on specific updates within this Microsoft patch Tuesday can be found here:

https://msrc.microsoft.com/update-guide/releaseNote/2025-Mar

Apple, Adobe, Fortinet, Zoom, SAP

Further details of the vulnerabilities in affected Apple, Adobe, Fortinet and SAP:

https://helpx.adobe.com/security/security-bulletin.html

https://support.apple.com/en-us/100100

https://fortiguard.fortinet.com/psirt

https://www.zoom.com/en/trust/security-bulletin/?cms_guid=false&lang=en-US

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2025.html

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 09/03/2025 Black Arrow Admin 09/03/2025

Black Arrow Cyber Threat Intelligence Briefing 07 March 2025

Black Arrow Cyber Threat Intelligence Briefing 07 March 2025:

-Cyber Security's Future Is All About Governance, Not More Tools

-'Cocktail of Cyber-Risk' Should Stir Concerns Among CISOs

-Why Cyber Drills are as Vital as Fire Drills

-Nonprofits Face Surge in Cyber-Attacks as Email Threats Rise 35%

-Rising Cyber Threats in Europe’s Financial Sector: An ENISA Overview

-Old Unpatched Vulnerabilities Among the Most Widely Exploited

-Chinese State Back Threat Actor ‘Silk Typhoon’ Shifted to Specifically Targeting Outsourced IT Providers

-Social Engineering and Stolen Credential Threats Continue to Dominate Cyber Attacks

-Security CEOs Warn Your Voicemail Greeting is the Latest Target for Cyber Criminals

-Would-be Extortionists Send “BianLian” Ransom Notes in the Mail

-Cyber Threat Highest It’s Ever Been, Ex-Five Eyes Leader Warns

-Trump Administration Retreats in Fight Against Russian Cyber Threats

Executive Summary

Our review this week includes the evolving shift in cyber security, where governance and proactive risk management is becoming more critical than tool proliferation as exemplified by the inclusion of the ‘Govern’ function in the NIST Cyber Security Framework. Businesses still face a cocktail of cyber risks as geopolitical tensions, misinformation, and AI-driven threats continue to evolve. Despite increased awareness, cyber risk integration remains insufficient at the executive level, leaving many organisations, particularly smaller businesses, exposed.

Vulnerability management remains a pressing concern. 40% of vulnerabilities leveraged in 2024 date back to 2020 or earlier, while ransomware and botnet expansion thrive on unpatched systems. Meanwhile, the financial sector continues to be a target for cyber attacks, with European regulators responding through stricter risk management frameworks like DORA. The rise of state-sponsored actors such as China-backed Silk Typhoon, which targets IT service providers, further underscores the importance of securing supply chains and third-party dependencies.

Our review this week also highlights the importance of rehearsing how to respond to a cyber incident, as well as the changing tactics of attackers such as the use of AI voice cloning from voicemail recordings to impersonate individuals, and false extortion demands. These, and other observations from our threat intelligence briefings, highlight the need for comprehensive security awareness. With cyber threats at an all-time high, organisations must adopt a strategic, governance-led approach to resilience, ensuring robust defences against both sophisticated adversaries and opportunistic cyber criminals.

Governance, Risk and Compliance

Cybersecurity’s Future Is All About Governance, Not More Tools

Why Employee Training Is A Critical Component Of Effective Business Cybersecurity - Minutehack

Why Cyber Drills Are As Vital As Fire Drills

'Cocktail of Cyber-Risk' Should Stir Concerns Among CISOs

SolarWinds CISO says security execs are ‘nervous’ about individual liability for data breaches | CyberScoop

Top security CEOs warn your voicemail greeting is the latest target for cyber criminals | Cybernews

Third-Party Attacks Drive Major Financial Losses in 2024 - Infosecurity Magazine

Third-Party Risk Top Cybersecurity Claims

Cyber risks see SME focus but big risks remain

Board Oversight of Cyber Security Incidents

How to create an effective incident response plan | CSO Online

CFOs’ Risk Outlook—The Economy, Cyber and Talent Are Top Concerns

What CISOs need from the board: Mutual respect on expectations | CSO Online

The evolving landscape of regulatory compliance in cybersecurity - Digital Journal

WTF? Why the cyber security sector is overrun with acronyms | CSO Online

The 5 stages of incident response grief - Help Net Security

A Shield of Defensibility Protecting CISOs and Their Companies

CISO Liability Risks Spur Policy Changes at 93% of Organisations - Infosecurity Magazine

Are cybersecurity chiefs focusing too much on legal liability—and not enough on fixing vulnerabilities? | Fortune

CISO vs. CIO: Where security and IT leadership clash (and how to fix it) - Help Net Security

Cyber Threats Are Evolving Faster Than Defences

Cyber threat highest it’s ever been, ex-Five Eyes leader warns - NZ Herald

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Evolution: From Encryption to Extortion

Mad, Bad, And Dangerous To Know: Cyber Criminals Are More Sophisticated Than Ever

Cyber criminals picked up the pace on attacks last year | CyberScoop

Ransomware 2025: Lessons from the Past Year and What Lies Ahead

Report: CISA Vulnerabilities Catalog Monitored By Ransomware Gangs | MSSP Alert

Ransomware activity surged last year, report finds | SC Media

Ransomware Attacks Appear to Keep Surging - InfoRiskToday

Inside the Minds of Cyber Criminals: A Deep Dive into Black Basta’s Leaked Chats  - Security Boulevard

Your New Car Could Be the Next Ransomware Target

Ransomware scum abusing Microsoft Windows-signed driver • The Register

VulnCheck Exposes CVEs From Black Bastas' Chats

Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates

Would-be Extortionists Send “BianLian” Ransom Notes in the Mail - Infosecurity Magazine

Cactus Ransomware: What You Need To Know | Tripwire

EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing

Emulating the Relentless RansomHub Ransomware - Security Boulevard

Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom

Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks

Ransomware: from REvil to Black Basta, what do we know about Tramp? | Computer Weekly

Schools Vs Ransomware: Lessons Learned From A Cyber Attack - TeachingTimes

Ransomware Victims

Hunters International ransomware claims attack on Tata Technologies

Qilin claims attacks on cancer, women's clinics • The Register

Ransomware crew threatens to leak 'stolen' Tata Tech data • The Register

‘My company thrived for 150 years — then Russian hackers brought it down in three months’

Ransomware Group Takes Credit for Lee Enterprises Attack - SecurityWeek

Qilin Ransomware gang claims the hack of the Ministry of Foreign Affairs of Ukraine

Phishing & Email Based Attacks

Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail

Phishing Campaign Uses Havoc Framework to Control Infected Systems - Infosecurity Magazine

EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing

Watch out - that LinkedIn email could be a fake, laden with malware | TechRadar

5,000 CAPTCHA Tests Used As Infostealer Gateways—Do Not Complete Them

Massive Phishing Campaign Spreads Lumma Stealer Via Bogus CAPTCHA PDFs | MSSP Alert

How a Manual Remediation for a Phishing URL Took Down Cloudflare R2 - InfoQ

Business Email Compromise (BEC)/Email Account Compromise (EAC)

From Event to Insight Unpacking a B2B Business Email Compromise BEC Scenario | Trend Micro (US)

Other Social Engineering

2025 CrowdStrike Global Threat Report: 442% Surge in Social Engineering and Credential Theft

How QR code attacks work and how to protect yourself - Help Net Security

Vishing attacks surged 442% last year - how to protect yourself | ZDNET

The Hidden Risks Of Job Hunting: Recruitment Fraud And Cybersecurity

What is vishing? Voice phishing is surging - expert tips on how to spot it and stop it | ZDNET

North Korea's Latest 'IT Worker' Scheme Seeks Nuclear Funds

Digital nomads and risk associated with the threat of infiltred employees

YouTube warns of AI-generated video of its CEO used in phishing attacks

Scammers take over social media - Help Net Security

Fake police call cryptocurrency investors to steal their funds

Artificial Intelligence

Top security CEOs warn your voicemail greeting is the latest target for cyber criminals | Cybernews

89% of enterprise AI usage is invisible to the organisation - Help Net Security

Deepfake cyber attacks proliferated in 2024, iProov claims • The Register

Nearly 12,000 API keys and passwords found in AI training dataset

The Urgent Need to Address Cyber Security in the GenAI Market

Web DDoS attacks see major surge as AI allows more powerful attacks | TechRadar

How New AI Agents Will Transform Credential Stuffing Attacks

YouTube warns of AI-generated video of its CEO used in phishing attacks

New Report Finds that 78% of Chief Information Security Officers Globally are Seeing a Significant Impact from AI-Powered Cyber Threats - up 5% from last year

Private 5G Networks Face Security Risks Amid AI Adoption - Infosecurity Magazine

Anorexia coaches, self-harm buddies and sexualized minors: How online communities are using AI chatbots for harmful behavior | CyberScoop

Police arrests suspects tied to AI-generated CSAM distribution ring

Innovation vs. security: Managing shadow AI risks - Help Net Security

Attackers distributing Trojans disguised as DeepSeek or Grok clients for Windows | Kaspersky official blog

Malware

Microsoft says malvertising campaign impacted 1 million PCs

Fake CAPTCHA PDFs Spread Lumma Stealer via Webflow, GoDaddy, and Other Domains

Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus

EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing

Watch out - that LinkedIn email could be a fake, laden with malware | TechRadar

Hackers Weaponizing PowerShell & Microsoft Legitimate Apps To Deploy Malware

Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems

Devs beware: fake Golang packages target Mac users | Cybernews

Polyglot files used to spread new backdoor | CSO Online

1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers | WIRED

5,000 CAPTCHA Tests Used As Infostealer Gateways—Do Not Complete Them

Typosquatted Go Packages Distribute Malware Loader Targeting Linux And MacOS

Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access

Badbox Android botnet disrupted through coordinated threat hunting | CSO Online

Massive Phishing Campaign Spreads Lumma Stealer Via Bogus CAPTCHA PDFs | MSSP Alert

26 Million Devices Hit By Infostealers—Bank Cards Leaked To Dark Web

1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers | WIRED

Massive botnet that appeared overnight is delivering record-size DDoSes - Ars Technica

Attackers distributing Trojans disguised as DeepSeek or Grok clients for Windows | Kaspersky official blog

Russian-Speaking Hackers Goad Users Into Installing Havoc

Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants

Bots/Botnets

Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet | TechRadar

Widespread network edge device targeting conducted by PolarEdge botnet | SC Media

Massive botnet that appeared overnight is delivering record-size DDoSes - Ars Technica

New Eleven11bot DDoS Botnet Powered by 80,000 Hacked Devices - SecurityWeek

Badbox Android botnet disrupted through coordinated threat hunting | CSO Online

Mobile

Over 500K Android, iOS, iPadOS, Devices Impacted By Spyzie Stalkerware | MSSP Alert

Governments can't seem to stop asking for secret backdoors • The Register

New Android RAT Dubbed “AndroRAT” Attacking to Steal Pattern, PIN & Passcodes

Do you really need to worry about spyware on your phone?

Google’s 'consent-less' Android tracking probed by academics • The Register

Google confirms mass app deletion on Play Store after ad fraud | Android Central

Denial of Service/DoS/DDoS

Massive botnet that appeared overnight is delivering record-size DDoSes - Ars Technica

Web DDoS attacks see major surge as AI allows more powerful attacks | TechRadar

New Eleven11bot DDoS Botnet Powered by 80,000 Hacked Devices - SecurityWeek

Internet of Things – IoT

Top risks produced by old wireless routers and smart home devices

8 ways to secure your smart home from hackers

Your New Car Could Be the Next Ransomware Target

BadBox Botnet Powered by 1 Million Android Devices Disrupted - SecurityWeek

How Can Your Smart Washer Pose A Threat To Your Privacy?

Badbox Android botnet disrupted through coordinated threat hunting | CSO Online

Goodbye Kia - this is the serious vulnerability that affects all vehicles registered after this date

Data Breaches/Leaks

Inside a cyber attack: How hackers steal data

Lost luggage data leak exposes nearly a million records | Cybernews

75% of US government websites experienced data breaches | Cybernews

Angel One Breach Compromises Client Data | MSSP Alert

Organised Crime & Criminal Actors

Mad, Bad, And Dangerous To Know: Cyber Criminals Are More Sophisticated Than Ever

Cyber criminals picked up the pace on attacks last year | CyberScoop

Cyber threat highest it’s ever been, ex-Five Eyes leader warns - NZ Herald

Online crime-as-a-service skyrockets with 24,000 users selling attack tools - Help Net Security

US Soldier Intends to Admit Hacking 15 Telecom Carriers

Investigator says differing names for hacker groups, hackers studying investigative methods hinders law enforcement | CyberScoop

Nigerian Accused of Hacking Tax Preparation Firms Extradited to US - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

How North Korea stole $1.5bn from Bybit – the biggest ever crypto theft - AML Intelligence

International cops seize Russian crypto exchange Garantex • The Register

Bybit hackers resume laundering activities, moving another 62,200 ETH

US recovers $31 million stolen in 2021 Uranium Finance hack

$51,300,000,000: Crypto Scams 2025 Report by Chainalysis is Out

Lazarus Group at it again - New victim suspected in $3.1M Tron hack | Cryptopolitan

North Korea’s $1.5 billion heist puts the crypto world on notice - The Japan Times

Shape-shifting Chrome extensions target wallets | Cybernews

Fake police call cryptocurrency investors to steal their funds

Insider Risk and Insider Threats

Digital nomads and risk associated with the threat of infiltred employees

Insurance

Third-Party Risk Top Cyber Security Claims

Supply Chain and Third Parties

Third-Party Attacks Drive Major Financial Losses in 2024 - Infosecurity Magazine

Third-Party Risk Top Cyber Security Claims

China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access

Why Vendor Risk Management Can't Be a One-Time Task | UpGuard

Ransomware crew threatens to leak 'stolen' Tata Tech data • The Register

Cloud/SaaS

How to plan your cloud migration with security in mind | SC Media

Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail

New Microsoft 365 outage impacts Teams, causes call failures

Microsoft Teams and other Windows tools hijacked to hack corporate networks | TechRadar

Attackers Leverage Microsoft Teams and Quick Assist for Access - Infosecurity Magazine

Apple begins legal battle to resist 'egregious' iCloud backdoor demand | Macworld

Outages

New Microsoft 365 outage impacts Teams, causes call failures

Barclays: bank to pay £12.5m compensation for online outage

Microsoft Blames Widespread Outage On “Problematic Code Change”

How a Manual Remediation for a Phishing URL Took Down Cloudflare R2 - InfoQ

Identity and Access Management

Misconfigured access management systems expose global enterprises to security risks | CSO Online

Identity: The New Cyber Security Battleground

Prioritising data and identity security in 2025 - Help Net Security

Encryption

The UK will neither confirm nor deny that it’s killing encryption | The Verge

Encryption Wars: Governments Want a Backdoor, but Hackers Are Watching | HackerNoon

"We will not walk back" – Signal would rather leave the UK and Sweden than remove encryption protections | TechRadar

France pushes for law enforcement access to Signal, WhatsApp and encrypted email | Computer Weekly

Governments can't seem to stop asking for secret backdoors • The Register

Apple begins legal battle to resist 'egregious' iCloud backdoor demand | Macworld

Why a push for encryption backdoors is a global security risk - Help Net Security

UK cyber security damaged by “clumsy Home Office political censorship” | Computer Weekly

Linux and Open Source

Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems

Typosquatted Go Packages Distribute Malware Loader Targeting Linux And MacOS

Open Source Security Risks Continue To Rise

Passwords, Credential Stuffing & Brute Force Attacks

2025 CrowdStrike Global Threat Report: 442% Surge in Social Engineering and Credential Theft

How New AI Agents Will Transform Credential Stuffing Attacks

‘My company thrived for 150 years — then Russian hackers brought it down in three months’

Social Media

UK probes TikTok, Reddit over child data privacy concerns • The Register

Watch out - that LinkedIn email could be a fake, laden with malware | TechRadar

YouTube warns of AI-generated video of its CEO used in phishing attacks

Scammers take over social media - Help Net Security

USCIS mulls policing social media of all would-be citizens • The Register

Malvertising

Microsoft says malvertising campaign impacted 1 million PCs

Training, Education and Awareness

Why Employee Training Is A Critical Component Of Effective Business Cyber Security - Minutehack

Regulations, Fines and Legislation

Former intelligence officials denounce job cuts to federal cyber roles - Nextgov/FCW

Cyber resilience under DORA – are you prepared for the challenge? | TechRadar

The Crime and Policing Bill Explained

Governments can't seem to stop asking for secret backdoors • The Register

Apple begins legal battle to resist 'egregious' iCloud backdoor demand | Macworld

Why a push for encryption backdoors is a global security risk - Help Net Security

What is the Digital Operational Resilience Act (DORA)? | Definition from TechTarget

The evolving landscape of regulatory compliance in cyber security - Digital Journal

Is Trump risking US national security to woo Putin? US no longer sees Russia as major cyber threat, tweaks foreign policy- The Week

CISA: No Change on Defending Against Russian Cyber Threats - SecurityWeek

UK security in shock as America signals end to cyber operations against Russia

The Wiretap: How Trump, Hegseth And DOGE Are Undermining Ukrainian Security

DoD, CISA Deny Reports of Pausing Cyber Operations Against Russia | MSSP Alert

Gadgets Used By American Presidents (And Why They Were A Security Nightmare)

National Security Threatened By Cyber Security Job Cuts, Experts Say | MSSP Alert

CISA Cuts: A Dangerous Gamble in a Dangerous World

Building cyber resilience in banking: Expert insights on strategy, risk, and regulation - Help Net Security

Trump's Staffing Overhauls Hit Nation's Cyber Defense Agency

Strengthening Telecommunications Security: A Call to Action for Cyber Resilience

Proactive Security: Navigating HIPAA’s Proposed Risk Analysis Updates - Security Boulevard

Google asks US government to drop breakup plan over national security fears | TechRadar

Models, Frameworks and Standards

Cyber resilience under DORA – are you prepared for the challenge? | TechRadar

What is the Digital Operational Resilience Act (DORA)? | Definition from TechTarget

Financial Organisations Urge CISA to Revise Proposed CIRCIA Implementation - SecurityWeek

Navigating NIS 2 compliance [Q&A]

Proactive Security: Navigating HIPAA’s Proposed Risk Analysis Updates - Security Boulevard

Careers, Working in Cyber and Information Security

New 2025 SANS Threat Hunting Survey Reveals 61% of Organisations Struggle with Staffing Shortages

The days of easy hiring in cyber security coming to an end • The Register

Stress and Burnout Impacting Vast Majority of IT Pros - Infosecurity Magazine

Cyber Security Job Satisfaction Plummets, Women Hit Hardest - Infosecurity Magazine

Why Cyber Security Jobs Are Hard to Find in a Worker Shortage

Will AI Start Taking Cyber Security Professionals' Jobs?

Law Enforcement Action and Take Downs

International cops seize Russian crypto exchange Garantex • The Register

US seizes domain of Garantex crypto exchange used by ransomware gangs

US Soldier Intends to Admit Hacking 15 Telecom Carriers

Police arrests suspects tied to AI-generated CSAM distribution ring

Investigator says differing names for hacker groups, hackers studying investigative methods hinders law enforcement | CyberScoop

Nigerian Accused of Hacking Tax Preparation Firms Extradited to US - SecurityWeek

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

China

Will Chinese cyberespionage be more aggressive in 2025? CrowdStrike thinks so | TechRadar

Silk Typhoon shifted to specifically targeting IT management companies | CyberScoop

In case we forgot, Typhoon attacks remind us of China’s cyber capability—and intent | The Strategist

Chinese cyber espionage growing across all industry sectors | CSO Online

Defence, not more assertive cyber activity, is the right response to Salt Typhoon | The Strategist

US Charges Members of Chinese Hacker-for-Hire Group i-Soon - Infosecurity Magazine

Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants

Russia

The Trump Administration Is Deprioritizing Russia as a Cyber Threat | WIRED

As Trump warms to Putin, U.S. halts offensive cyber operations against Moscow - The Washington Post

Finland's secret service says frequency of cable incidents is 'exceptional' | Reuters

France has ‘trouble understanding’ US halt on cyber operations against Russia – POLITICO

Is Trump risking US national security to woo Putin? US no longer sees Russia as major cyber threat, tweaks foreign policy- The Week

CISA: No Change on Defending Against Russian Cyber Threats - SecurityWeek

US Cyber Command Russia stand-down: Strategic diplomacy or security gamble? | SC Media

DHS says CISA won’t stop looking at Russian cyber threats | CyberScoop

UK security in shock as America signals end to cyber operations against Russia

National Security Threatened By Cyber Security Job Cuts, Experts Say | MSSP Alert

CISA Cuts: A Dangerous Gamble in a Dangerous World

Russian telecom Beeline facing outages after cyber attack | The Record from Recorded Future News

Russian-Speaking Hackers Goad Users Into Installing Havoc

International cops seize Russian crypto exchange Garantex • The Register

‘My company thrived for 150 years — then Russian hackers brought it down in three months’

Ukraine's intel service honors civilian hackers for the first time with military award | The Record from Recorded Future News

Qilin Ransomware gang claims the hack of the Ministry of Foreign Affairs of Ukraine

Iran

Large cyber attack emanated from Iran days after Trump sanctions - watchdogs | Iran International

Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector

Crafty Camel APT Targets Aviation, OT With Polygot Files

North Korea

How North Korea stole $1.5bn from Bybit – the biggest ever crypto theft - AML Intelligence

Bybit hackers resume laundering activities, moving another 62,200 ETH

North Korea's Latest 'IT Worker' Scheme Seeks Nuclear Funds

Digital nomads and risk associated with the threat of infiltred employees

Lazarus Group at it again - New victim suspected in $3.1M Tron hack | Cryptopolitan

The rise of Lazarus Group from Sony hacks to billion dollar crypto heists

Tools and Controls

Why Employee Training Is A Critical Component Of Effective Business Cyber Security - Minutehack

Why Cyber Drills Are As Vital As Fire Drills

Board Oversight of Cyber Security Incidents

How to create an effective incident response plan | CSO Online

How to plan your cloud migration with security in mind | SC Media

RDP: a Double-Edged Sword for IT Teams – Essential Yet Exploitable

British Tech Industry Backs UK Proposal on Software Security

Misconfigured access management systems expose global enterprises to security risks | CSO Online

'Cocktail of Cyber-Risk' Should Stir Concerns Among CISOs

Why Vendor Risk Management Can't Be a One-Time Task | UpGuard

EDR And Vendor Consolidation Are A Losing Approach To Cyber Security

Prioritising data and identity security in 2025 - Help Net Security

Will AI Start Taking Cyber Security Professionals' Jobs?

Other News

Rising Cyber Threats in Europe’s Financial Sector: An ENISA Overview | HaystackID - JDSupra

Nonprofits Face Surge in Cyber-Attacks as Email Threats Rise 35% - Infosecurity Magazine

Cyber risks see SME focus but big risks remain

Attackers could hack smart solar systems and cause serious damages

This Browser-Based Attack Can Dodge Security Protections to Take Over Your Account

What is cyber stalking and how to prevent it? | Definition from TechTarget

The More You Care, The More You Share: Information Sharing And Cyber Awareness

What is a Watering Hole Attack? | Definition from TechTarget

WTF? Why the cyber security sector is overrun with acronyms | CSO Online

If you want security, start with secure products – Computerworld

ICS/OT Security Budgets Increasing, but Critical Areas Underfunded: Report - SecurityWeek

Over Half of Organisations Report Serious OT Security Incidents - Infosecurity Magazine

Building cyber resilience in banking: Expert insights on strategy, risk, and regulation - Help Net Security

Finland's secret service says frequency of cable incidents is 'exceptional' | Reuters

Polish Space Agency offline as it recovers from cyber attack

Hackers breach military walls as funding falls short | Cybernews

Why Decommissioned Nuclear Sites Must Stay on the Security Agenda | SC Media UK

15 Percent of Healthcare PCs Fail Security Test, Increasing Risk of Ransomware, Breaches, and Compliance Violations | Business Wire

3 Cyber Security Steps Every Local Government Should Take

First EU “cyber” Council focusses on crisis management and critical infrastructure security – ministry - Delfi EN

Google asks US government to drop breakup plan over national security fears | TechRadar

Vulnerability Management

CISA's KEV list informs ransomware attacks, paper suggests • The Register

Old Vulnerabilities Among the Most Widely Exploited - Infosecurity Magazine

Report: CISA Vulnerabilities Catalog Monitored By Ransomware Gangs | MSSP Alert

VulnCheck Exposes CVEs From Black Bastas' Chats

Vulnerabilities

CISA tags Windows, Cisco vulnerabilities as actively exploited

Android security update contains 2 actively exploited vulnerabilities | CyberScoop

Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks - SecurityWeek

Cisco warns some Webex users of worrying security flaw, so patch now | TechRadar

Hackers can turn any Bluetooth device into an AirTag and track its location | Cybernews

Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities - SecurityWeek

Cisco warns of Webex for BroadWorks flaw exposing credentials

PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors

Vulnerabilities Patched in Qualcomm, Mediatek Chipsets - SecurityWeek

Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 02/03/2025 Black Arrow Admin 02/03/2025

Black Arrow Cyber Threat Intelligence Briefing 28 February 2025

Black Arrow Cyber Threat Intelligence Briefing 28 February 2025:

-Cyber Security's Biggest Blind Spot - Third-Party Risk

-Cyber Criminals Can Now Clone Any Legitimate Website, and It’s Pretty Terrifying

-Over 25 New Malware Variants Created Every Single Hour

-Understanding MFA Fatigue: Why Cyber Criminals Are Exploiting Human Behaviour

-Only a Fifth of Ransomware Attacks Now Encrypt Data

-Biggest Crypto Heist in History, Worth $1.5Bn, Linked to North Korea Hackers

-89% of Enterprise GenAI Usage is Invisible to Organisations, Exposing Critical Security Risks

-Combating Deepfakes in Financial Services: A Call to Action

-Threat Actors Are Increasingly Trying to Grind Business to a Halt

-With AI and Automation, Hackers are Stealing Data at Unprecedented Speeds

-Mobile Phishing Attacks on the Rise

-With Millions Upon Millions of Victims, Scale of Info-Stealer Malware Laid Bare

Executive Summary

The last week has identified several critical cyber security threats that demand immediate attention from business leaders. Third-party risk has become a major concern, with supply chain vulnerabilities now driving 31% of cyber insurance claims. Attackers are also leveraging new techniques, such as MFA fatigue and AI-powered phishing, to bypass traditional defences. The emergence of sophisticated phishing toolkits and deepfake fraud highlights the growing challenge of verifying digital identities, while mobile phishing (mishing) is increasingly targeting employees through personal devices.

The accelerating pace of cyber threats is evident, with 25 new malware variants created every hour and cyber criminals leveraging AI and automation to exfiltrate data at unprecedented speeds, sometimes within minutes. Meanwhile, ransomware actors are shifting strategies, focusing 80% of attacks on data theft rather than encryption, making traditional defences less effective. The surge in generative AI usage within enterprises, often without IT oversight, introduces further risks, including data leakage and code exposure.

Black Arrow Cyber believes that businesses must adopt a proactive, layered security approach. This includes real-time threat detection, robust vendor risk management, AI-driven fraud prevention, and enhanced employee training. With cyber extortion demands rising sharply and operational disruptions increasing, organisations that fail to adapt will face significant financial, operational, and reputational consequences.

Governance, Risk and Compliance

Speed of cyber-attacks increased in 2024 with lateral movement achieved in just 27 minutes: ReliaQuest Annual Threat Report | Business Wire

Threat actors are increasingly trying to grind business to a halt | CyberScoop

A pivotal year for geopolitical cyber attacks – how should businesses manage the risks? | Insurance Business America

Geopolitical Tension Fuels APT and Hacktivism Surge - Infosecurity Magazine

The Time to Speak to Employees About Insider Risk Is Now

Cyber attacks Become Increasingly Efficient | MSSP Alert

The CISO's dilemma of protecting the enterprise while driving innovation - Help Net Security

Insurers still concerned over cyber risk unknowns

2025 CrowdStrike Global Threat Report: Cyber Criminals Are Shifting Tactics – Are You Ready? - Security Boulevard

Data: Cyber threats skyrocket as attackers think like businesses | Capacity Media

The Future of Auditing: What to Look for in 2025 - Security Boulevard

Failure, Rinse, Repeat: Why do Both History and Security Seem Doomed to Repeat Themselves? - SecurityWeek

Cyber security professionals face expanding responsibilities, with 61% covering multiple domains

Threats

Ransomware, Extortion and Destructive Attacks

Only a Fifth of Ransomware Attacks Now Encrypt Data - Infosecurity Magazine

AI is helping hackers get access to systems quicker than ever before | TechRadar

FBI Has Warned About 'Ghost' Cyber Attacks. What You Need to Know. - Business Insider

Warning issued over prolific 'Ghost' ransomware group | ITPro

Arctic Wolf Threat Report: 96 Percent of Ransomware Cases Included Data Theft as Cyber Criminals Double Down on Extortion

New Anubis Ransomware Could Pose Major Threat to Organisations - SecurityWeek

EncryptHub breaches 618 orgs to deploy infostealers, ransomware

With AI and automation, hackers are stealing data at unprecedented speeds | Cybernews

23 Vulnerabilities in Black Basta's Chat Logs Exploited in Wild

CL0P Ransomware Attacking Telecommunications & Healthcare Sectors In Large Scale

Threat actors are increasingly trying to grind business to a halt | CyberScoop

Massive leak exposes the inner workings of top ransomware syndicate Black Basta | TechSpot

Black Basta ransomware leak sheds light on targets, tactics | TechTarget

NCC Group tracks alarming ransomware surge in January | TechTarget

A landscape forever altered? The LockBit takedown one year on | Computer Weekly

Should ransomware payments be illegal? | TechRadar

Black Basta Goes Dark Amid Infighting, Chat Leaks Show

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail | Malwarebytes

Targeted by Ransomware, Middle East Banks Shore Up Security

Dragos: Ransomware attacks against industrial orgs up 87% | TechTarget

Ransomware Victims

Ransomware attack on Southern Water cost £4.5 million – DataBreaches.Net

Hackers claim responsibility for NHS provider attack - BBC News

DISA took a year to disclose a breach affecting 3.3M+ people • The Register

DragonForce Ransomware Group is Targeting Saudi Arabia

British celebs warned their private details could be leaked online after cyber criminals hacked agency | Daily Mail Online

'Paddington' victim of Russian cyber attack

Ransomware Gang Publishes Stolen Genea IVF Patient Data - Infosecurity Magazine

LockBit taunts FBI Director Kash Patel with alleged “Classified” leak threat

Home Depot Refutes Clop Ransomware Attack Claims | MSSP Alert

‘Cyber incident’ shuts down Cleveland Municipal Court for third straight day | The Record from Recorded Future News

Phishing & Email Based Attacks

Cyber criminals can now clone any legitimate website, and it's pretty terrifying

Cyber Crooks Exploit URL Manipulation In Sophisticated Phishing Scam

Forget phishing, now "mishing" is the new security threat to worry about | TechRadar

Cyber Criminals Can Now Clone Any Brand's Site in Minutes Using Darcula PhaaS v3

Job Application Spear Phishing - Security Boulevard

Deceptive Signatures: Advanced Techniques in BEC Attacks

Beware: PayPal "New Address" feature abused to send phishing emails

FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services

Be careful! That legit PayPal email might be a phishing scam | PCWorld

How I Keep Myself Safe From Phishing When I Work From Home

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Deceptive Signatures: Advanced Techniques in BEC Attacks

Other Social Engineering

Understanding MFA Fatigue: Why Cyber Criminals Are Exploiting Human Behaviour - IT Security Guru

CrowdStrike Security Report: Generative AI Powers Social Engineering Attacks

One wrong SMS can wipe your savings, thanks to this Android Trojan | Cybernews

Pump.fun X account hacked to promote scam governance token

DeepSeek-Spoofing Leveraged For Crypto Exfiltration | MSSP Alert

Artificial Intelligence

Deep trouble: Deepfakes and their implications for cyber security - Verdict

4 Low-Cost Ways to Defend Your Organisation From Deepfakes

Combating Deepfakes in Financial Services: A Call to Action: By Adam Preis

AI is helping hackers get access to systems quicker than ever before | TechRadar

With AI and automation, hackers are stealing data at unprecedented speeds | Cybernews

CrowdStrike Security Report: Generative AI Powers Social Engineering Attacks

The truth about GenAI security: your business can't afford to “wait and see” | TechRadar

The First International AI Safety Report: A Call To Action

89% of Enterprise GenAI Usage Is Invisible to Organisations Exposing Critical Security Risks, New Report Reveals

Quarter of Brits Report Deepfake Phone Scams - Infosecurity Magazine

Microsoft names cyber criminals behind AI deepfake network

AI-Powered Deception is a Menace to Our Societies

Why AI deployment requires a new level of governance - Help Net Security

AI Is Everywhere Since October 7, From the Battlefield to the Cyber Arena - The Media Line

DeepSeek-Spoofing Leveraged For Crypto Exfiltration | MSSP Alert

OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns

Nearly a third of UK public sector IT professionals anxious about AI security risks

2FA/MFA

Understanding MFA Fatigue: Why Cyber Criminals Are Exploiting Human Behaviour - IT Security Guru

Chinese Botnet Bypasses MFA in Microsoft 365 Attacks - Infosecurity Magazine

Hackers are on a huge Microsoft 365 password spraying spree – here’s what you need to know | ITPro

Botnet looks for quiet ways to try stolen logins in Microsoft 365 environments | The Record from Recorded Future News

Why Gmail is replacing SMS codes with QR codes - and what it means for you | ZDNET

Malware

Scale of unstoppable info-stealer malware laid bare • The Register

Cyber criminals prefer remote tools over malware, says CrowdStrike | SC Media

Why ‘malware as a service’ is becoming a serious problem | ITPro

Over 25 new malware variants created every single hour as smart device cyber attacks more than double in 2024 | TechRadar

Have I Been Pwned adds 284M accounts stolen by infostealer malware

Is your email or password among the 240+ million compromised by infostealers? - Help Net Security

3.9 Billion Passwords Stolen—Infostealer Malware Blamed

EncryptHub breaches 618 orgs to deploy infostealers, ransomware

AI malware pioneers | Cybernews

New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer

5 Active Malware Campaigns in Q1 2025

2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT

GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets

New Linux Malware 'Auto-Color' Grants Hackers Full Remote Access to Compromised Systems

Hundreds of GitHub repos served up malware for years - Help Net Security

Mac malware masks as job interview to steal crypto | Cybernews

‘Auto-Color’ Linux Malware Uses Advanced Stealth Tactics To Evade Detection

Two new pieces of Mac malware in the wild – one being fixed this week

FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services

Vo1d malware botnet grows to 1.6 million Android TVs worldwide

Chinese-Backed Silver Fox Plants Backdoors in Healthcare Networks - Infosecurity Magazine

New malware disrupts critical industrial processes • The Register

Bots/Botnets

Massive botnet hits Microsoft 365 accounts - Help Net Security

Chinese Botnet Bypasses MFA in Microsoft 365 Attacks - Infosecurity Magazine

Hackers are on a huge Microsoft 365 password spraying spree – here’s what you need to know | ITPro

Botnet looks for quiet ways to try stolen logins in Microsoft 365 environments | The Record from Recorded Future News

Vo1d malware botnet grows to 1.6 million Android TVs worldwide

Mobile

Mobile phishing attacks on the rise | SC Media

Forget phishing, now "mishing" is the new security threat to worry about | TechRadar

SpyLend Android malware downloaded 100,000 times from Google Play

Apple currently only able to detect Pegasus spyware in half of infected iPhones

Pegasus Spyware Used Widely to Target Individuals in Private Industry & Finance Sectors

Flaw found in stalkerware apps, exposing millions of people. Here's how to find out if your phone is being spied upon

One wrong SMS can wipe your savings, thanks to this Android Trojan | Cybernews

Unmanaged Devices: The Overlooked Threat CISOs Must Confront

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail | Malwarebytes

New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades

Security flaw in popular stalkerware apps is exposing phone data of millions | TechRadar

Why this Android image-scanning feature is controversial - and how to get rid of it | ZDNET

A Major Security Flaw Has Been Discovered in Samsung's Secure Folder Feature | Extremetech

Denial of Service/DoS/DDoS

How DDoS Attacks Work and How You Can Protect Your Business From Them - Security Boulevard

Web DDoS attacks up over 500 percent

Radware’s Cyber Threat Report: Web DDoS Attacks Surge 550%

Internet of Things – IoT

Cyber Attacks On EV Chargers Pose A Growing Threat | The Truth About Cars

Vo1d malware botnet grows to 1.6 million Android TVs worldwide

Hackers Can Crack Into Car Cameras in Minutes Flat

Data Breaches/Leaks

Orange Group confirms breach after hacker leaks company documents

Cyber Security's Biggest Blind Spot: Third-Party Risk, New Resilience Analysis Finds

Third parties now dominant cyber-attack point

Background check, drug testing provider DISA suffers data breach - Help Net Security

Hacker Behind Over 90 Data Leaks Arrested in Thailand - SecurityWeek

DISA took a year to disclose a breach affecting 3.3M+ people • The Register

Top digital loan firm security slip-up puts data of 36 million users at risk | TechRadar

Organised Crime & Criminal Actors

B1ack’s Stash released 1 Million credit cards - Security Affairs

Thailand Targets Cyber Sweatshops to Free 1000s of Captives

Microsoft names cyber criminals behind AI deepfake network

INSIGHT: Fraud-as-a-Service: Creating a new breed of fraudsters - AML Intelligence

10 cyber security insights from ex hacker and FBI agent who arrested him

2025 CrowdStrike Global Threat Report: Cyber Criminals Are Shifting Tactics – Are You Ready? - Security Boulevard

Data: Cyber threats skyrocket as attackers think like businesses | Capacity Media

'Silver Fox' APT Skirts Windows Blocklist in BYOVD Attack

26 New Threat Groups Spotted in 2024: CrowdStrike - SecurityWeek

Army soldier linked to Snowflake attack spree allegedly tried to sell data to foreign spies | CyberScoop

Hacker Behind Over 90 Data Leaks Arrested in Thailand - SecurityWeek

Leader of cyber blackmail gang faces jail – Court News UK

The evolution of Russian cyber crime | Intel 471

Beware of Fake Cyber Security Audits: Cyber Criminals Use Scams to Breach Corporate Systems | Tripwire

How Anonymous Actually Works, According to a Founding Member - Business Insider

Criminal hacker known as ALTDOS, DESORDEN, GHOSTR and 0mid16B arrested – DataBreaches.Net

US Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” – Krebs on Security

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Biggest crypto heist in history, worth $1.5bn, linked to North Korea hackers | Science, Climate & Tech News | Sky News

Lazarus Group moves funds to multiple wallets as Bybit offers bounty

Lazarus Group launches ‘QinShihuang’ meme coin to launder $26M more from Bybit stash | Cryptopolitan

AI Tricksters Spin Up Fake DeepSeek Sites to Steal Crypto

Mac malware masks as job interview to steal crypto | Cybernews

Inside the Lazarus Group money laundering strategy

Fake CS2 tournament streams used to steal crypto, Steam accounts

Pump.fun X account hacked to promote scam governance token

DeepSeek-Spoofing Leveraged For Crypto Exfiltration | MSSP Alert

Argentina’s $4.6 Billion Crypto Scandal; Largest-Ever Crypto Theft

Insider Risk and Insider Threats

The Time to Speak to Employees About Insider Risk Is Now

US Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” – Krebs on Security

Insurance

Insurers still concerned over cyber risk unknowns

Supply Chain and Third Parties

Cyber Security's Biggest Blind Spot: Third-Party Risk, New Resilience Analysis Finds

Third parties now dominant cyber-attack point

Survey: Nearly Half of Data Breaches Involved Third-Party Remote Access - Security Boulevard

Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware

Russia warns financial sector organisations of IT service provider LANIT compromise

Cloud/SaaS

UK backdoor order forces Apple to disable cloud encryption | Digital Trends

Apple Pulls Advanced Data Protection for New UK Users Amid Backdoor Demand - SecurityWeek

Chinese Botnet Bypasses MFA in Microsoft 365 Attacks - Infosecurity Magazine

Botnet looks for quiet ways to try stolen logins in Microsoft 365 environments | The Record from Recorded Future News

Are False Positives Killing Your Cloud Security? Veriti Research Reveals - Security Boulevard

The Future of Auditing: What to Look for in 2025 - Security Boulevard

Encryption

Apple Pulls Encrypted iCloud Security Feature in UK Amid Government Backdoor Demands - MacRumors

Government has made UK user data ‘less secure’ with Apple row – experts - LBC

How end-to-end encryption will and won't change for Apple users in the UK | Tech News - Business Standard

Experts Slam Government After “Disastrous” Apple Encryption Move - Infosecurity Magazine

Public told to use Apple security tool Advanced Data Protection that Home Office tried to crack

Quantum Computing Has Arrived; We Need To Prepare For Its Impact

The encryption backdoor debate: Why are we still here?

The Case for Encryption | Open Rights Group

Google Says Its Encryption Has Not Changed—Does Android Now Beat iPhone?

FBI Warns iPhone, Android Users—We Want ‘Lawful Access’ To All Your Encrypted Data

UK blindsided US intelligence by asking for Apple backdoor, "a violation of American’s privacy and civil liberties" | TechRadar

Signal May Exit Sweden If Government Imposes Encryption Backdoor - Infosecurity Magazine

Privacy tech firms warn France’s encryption and VPN laws threaten privacy

Linux and Open Source

New Linux Malware 'Auto-Color' Grants Hackers Full Remote Access to Compromised Systems

‘Auto-Color’ Linux Malware Uses Advanced Stealth Tactics To Evade Detection

OpenSSF Releases Security Baseline for Open Source Projects - SecurityWeek

Passwords, Credential Stuffing & Brute Force Attacks

Scale of unstoppable info-stealer malware laid bare • The Register

Hackers stole this engineer's 1Password database. Could it happen to you? | ZDNET

Is your email or password among the 240+ million compromised by infostealers? - Help Net Security

3.9 Billion Passwords Stolen—Infostealer Malware Blamed

HaveIBeenPwned Adds 244 Million Passwords Stolen By Infostealers - Infosecurity Magazine

Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics - SecurityWeek

Social Media

As Meta gets rid of fact-checkers, misinformation is going viral | TechCrunch

How new Facebook policies incentivize spreading misinformation | ZDNET

Pump.fun X account hacked to promote scam governance token

Regulations, Fines and Legislation

Government has made UK user data ‘less secure’ with Apple row – experts - LBC

Former NSA, Cyber Command chief Paul Nakasone says U.S. falling behind its enemies in cyberspace | CyberScoop

Cyber security Needs to Stay Nonpartisan in the Age of DOGE

UK Home Office’s new vulnerability reporting mechanism leaves researchers open to prosecution | The Record from Recorded Future News

DOGE must halt all ‘negligent cyber security practices,’ House Democrats tell Trump | The Record from Recorded Future News

House Dems say DOGE is leaving publicly exposed entry points into government systems | CyberScoop

Firing of 130 CISA staff worries cyber security industry | CSO Online

Federal cyber security layoffs could leave U.S. vulnerable to hackers - CBS News

Why we need an expanded CISA to fight today’s cyber threats | SC Media

UK blindsided US intelligence by asking for Apple backdoor, "a violation of American’s privacy and civil liberties" | TechRadar

Gabbard Calls for Investigation of UK’s Apple Backdoor Request

The Future of Auditing: What to Look for in 2025 - Security Boulevard

Trump 2.0 Brings Cuts to Cyber, Consumer Protections – Krebs on Security

Fake video of Trump kissing Musk's toes beamed to federal computers

China compromised GOP emails ahead of Republican convention • The Register

NIST Purge Puts US Semiconductors, AI Safety At Risk

Models, Frameworks and Standards

We must all safeguard against cyber attacks

UK businesses should look to Ireland amid EU cyber security overhaul | Computer Weekly

How To Take Your Firm From Risk To Resilience In 8 DORA-compliant Steps

Careers, Working in Cyber and Information Security

The CISO's dilemma of protecting the enterprise while driving innovation - Help Net Security

The cyber security skills gap reality: We need to face the challenge of emerging tech | CSO Online

Many cyber security pros report low job satisfaction—all while trying to fend off increasing threats from hackers | Fortune

Cyber security professionals face expanding responsibilities, with 61% covering multiple domains

Law Enforcement Action and Take Downs

Microsoft names cyber criminals behind AI deepfake network

Hacker Behind Over 90 Data Leaks Arrested in Thailand - SecurityWeek

Leader of cyber blackmail gang faces jail – Court News UK

Criminal hacker known as ALTDOS, DESORDEN, GHOSTR and 0mid16B arrested – DataBreaches.Net

US Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” – Krebs on Security

Misinformation, Disinformation and Propaganda

As Meta gets rid of fact-checkers, misinformation is going viral | TechCrunch

How new Facebook policies incentivize spreading misinformation | ZDNET

AI-Powered Deception is a Menace to Our Societies

Data Leak Exposes TopSec's Role in China's Censorship-as-a-Service Operations

Opinion | The right-wing media machine hits a wall - The Washington Post

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Aggressive Tactics, Weaponization of AI-powered Deception Rises | Business Wire

The Growing Threat of Cyber Warfare from Nation-States - PaymentsJournal

Nation State Actors

A pivotal year for geopolitical cyber attacks – how should businesses manage the risks? | Insurance Business America

Geopolitical Tension Fuels APT and Hacktivism Surge - Infosecurity Magazine

How APT Naming Conventions Make Us Less Safe

China

It's not just Salt Typhoon: All China-backed attack groups are showcasing specialized offensive skills | CyberScoop

FBI Has Warned About 'Ghost' Cyber Attacks. What You Need to Know. - Business Insider

Chinese Botnet Bypasses MFA in Microsoft 365 Attacks - Infosecurity Magazine

A Tale of Two Typhoons: Properly Diagnosing Chinese Cyber Threats - War on the Rocks

2025 CrowdStrike Global Threat Report: China’s Cyber Espionage Surges 150% with Increasingly Aggressive Tactics, Weaponization of AI-powered Deception Rises | Business Wire

CrowdStrike: China hacking has reached 'inflection point' | TechTarget

Chinese APT Uses VPN Bug to Exploit Worldwide OT Orgs

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)'s staff emails

Data Leak Exposes TopSec's Role in China's Censorship-as-a-Service Operations

Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics - SecurityWeek

China compromised GOP emails ahead of Republican convention • The Register

Chinese-Backed Silver Fox Plants Backdoors in Healthcare Networks - Infosecurity Magazine

Russia

The evolution of Russian cyber crime | Intel 471

Ukrainian hackers claim breach of Russian loan company linked to Putin’s ex-wife | The Record from Recorded Future News

Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware

Russia warns financial sector organisations of IT service provider LANIT compromise

Cyber Attacks Hits Leading Russian IT Service Provider’s Subsidiaries | MSSP Alert

Russia warns financial sector of major IT service provider hack

Australia Bans Kaspersky Software Over National Security and Espionage Concerns

Apple Cuts Off Russian Developers from Enterprise Program Amid Ongoing Sanctions - gHacks Tech News

Sweden investigates suspected sabotage of undersea telecoms cable - BBC News

Germany takes the fight to Russia in undersea cable war

Drone-Equipped U.S. Marines Now Helping Protect Baltic Sea Submarine Cables

Putin’s secret weapon: The threat to the UK lurking on our sea beds - BBC News

North Korea

Biggest crypto heist in history, worth $1.5bn, linked to North Korea hackers | Science, Climate & Tech News | Sky News

Lazarus Group launches ‘QinShihuang’ meme coin to launder $26M more from Bybit stash | Cryptopolitan

FBI Confirms North Korea’s Lazarus Group as Bybyit Hackers - Infosecurity Magazine

Inside the Lazarus Group money laundering strategy

FBI fingers North Korea for $1.5B Bybit cryptocurrency heist • The Register

Lazarus Group moves funds to multiple wallets as Bybit offers bounty

EU sanctions North Korean tied to Lazarus group over involvement in Ukraine war | The Record from Recorded Future News

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Modern Approach to Attributing Hacktivist Groups - Check Point Research

How Anonymous Actually Works, According to a Founding Member - Business Insider

Tools and Controls

Cyber criminals prefer remote tools over malware, says CrowdStrike | SC Media

Chinese APT Uses VPN Bug to Exploit Worldwide OT Orgs

Why you can’t afford to botch staff onboarding processes | ITPro

Why Internal Audit Services Are Key to Risk Management in Today’s Business Landscape - Security Boulevard

99% of Organisations Report API-Related Security Issues - Infosecurity Magazine

Nations Open 'Data Embassies' to Protect Critical Info

Privacy tech firms warn France’s encryption and VPN laws threaten privacy

Reports Published in the Last Week

CrowdStrike 2025 Global Threat Report: Beware the Enterprising Adversary

Other News

Cyber Attacks Become Increasingly Efficient | MSSP Alert

26 New Threat Groups Spotted in 2024: CrowdStrike - SecurityWeek

SITA report reveals how aviation industry is doubling down on cyber security | Times Aerospace

Failure, Rinse, Repeat: Why do Both History and Security Seem Doomed to Repeat Themselves? - SecurityWeek

OpenSSF Releases Security Baseline for Open Source Projects - SecurityWeek

What Netflix's 'Zero Day' Got Right (and Wrong) About Cyber Attacks

Threat Actors Stealing Users Browser Fingerprints To Bypass Security Measures & Impersonate Users

Mounting Threats to Cyber-Physical Systems - Security Boulevard

Manufacturers told beware cyber-attacks as sector becoming rising target

Experts Warn of Maritime Industry’s Cyber Vulnerabilities | AFCEA International

Security and privacy concerns challenge public sector's efforts to modernize - Help Net Security

Nine Threat Groups Active in OT Operations in 2024: Dragos - SecurityWeek

Report: Health System Cyber Security Budgets Increasing, But Lack of AI Governance Threatens Security | HIMSS

New malware disrupts critical industrial processes • The Register

Vulnerability Management

23 Vulnerabilities in Black Basta's Chat Logs Exploited in Wild

Software Vulnerabilities Take Almost Nine Months to Patch - Infosecurity Magazine

UK Home Office’s new vulnerability reporting mechanism leaves researchers open to prosecution | The Record from Recorded Future News

61% of Hackers Use New Exploit Code Within 48 Hours of Attack - Infosecurity Magazine

Software security debt is spiralling out of control – remediation times have surged 47% in the last five years, and it’s pushing teams to breaking point | ITPro

What is VMaaS? Why You Should Consider Vulnerability-Management-as-a-Service

Misconfigured Access Systems Expose Hundreds Of Thousands Of Employees And Organisations

US Government Supercharges Security Vulnerabilities

Vulnerabilities

Atlassian fixed critical flaws in Confluence and Crowd

Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls - SecurityWeek

Huge cyber attack found hitting vulnerable Microsoft-signed legacy drivers to get past security | TechRadar

Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA

CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation

Cisco Patches Vulnerabilities in Nexus Switches - SecurityWeek

Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers - SecurityWeek

Mac security researchers expose two new exploits | Macworld

Max Severity RCE Vuln in All Versions of MITRE Caldera

Siemens Teamcenter vulnerability could allow account takeover (CVE-2025-23363) - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 23/02/2025 Black Arrow Admin 23/02/2025

Black Arrow Cyber Threat Intelligence Briefing 21 February 2025

Black Arrow Cyber Threat Intelligence Briefing 14 February 2025:

-Supply Chain Cyber Attacks Surge Over 400%, Expected to Continue Rising

-98% of Business Leaders Can't Spot a Phishing Scam

-Two-Thirds of UK Businesses Still Failing on Cyber Security

-44% of Middle-Market Firms Invest in Cyber Crime Protection

-A Deepfake Epidemic Is Coming: People Are Simply Not Good Enough at Identifying Fakes

-Cyber Security Gaps Exposed as 96% of S&P 500 Firms Hit by Data Breaches

-Cyber Criminals Shift Focus to Social Media as Attacks Reach Historic Highs

-Is a Lack of Supply Chain Visibility Undermining Board-Level Confidence in Cyber Security Programs?

-Ransomware Gangs Extort Victims 17 Hours After Intrusion on Average

-Over 330 million Credentials Compromised by Infostealers

-Mobile Phishing Attacks Surge, Accounting for 16% of Phishing Incidents

-Phishing-as-a-Service (PhaaS) Can Now Auto-Generate Phishing Kits for Any Brand

-This Open Text-to-Speech Model Needs Just Seconds of Audio to Clone Your Voice

Executive Summary

Black Arrow Cyber has identified a significant surge in cyber threats targeting organisations worldwide, with supply chain vulnerabilities, phishing scams, and ransomware tactics evolving at an alarming rate. Supply chain cyber attacks have increased by 431% in just two years, exposing weaknesses in third-party security oversight and operational dependencies. Simultaneously, phishing attacks remain a major risk, with 98% of senior business leaders unable to recognise key warning signs. The rapid rise of deepfake technology, infostealer malware, and mobile phishing further exacerbates these threats, with cyber criminals leveraging AI and automation to enhance their attack strategies.

Corporate cyber security measures remain insufficient, as evidenced by 96% of S&P 500 firms experiencing data breaches and 69% of UK businesses failing to implement basic network security protections. Ransomware gangs are accelerating their attacks, demanding ransoms within 17 hours of infiltration, while Phishing-as-a-Service platforms are making sophisticated attacks accessible to criminals with little technical knowledge. Social media has also become a prime target, with 2.55 billion threats blocked in a single quarter.

Black Arrow Cyber believes that urgent action is required. Businesses must prioritise proactive security strategies, including continuous supply chain monitoring, robust phishing awareness training, and advanced authentication measures to mitigate these growing risks. As cyber threats evolve, only a strong, multi-layered defence will ensure operational resilience and data security in an increasingly volatile digital landscape.

Governance, Risk and Compliance

Gartner: CISOs struggling to balance security, business objectives | Computer Weekly

Is a lack of supply chain visibility undermining board-level confidence in cyber security programs?

2024 a 'record year for cyber attacks on business' - Director of Finance Online

How Slashing the SAT Budget Is Appreciated By Hackers - Security Boulevard

Cyber security gaps exposed as 96% of S&P 500 firms hit by data breaches

Two-thirds of UK businesses still failing on cyber security | Total Telecom

Latest EY and IIF survey reveals cyber security as top risk for global CROs amid geopolitical tensions | EY - Global

IT spending will be driven by cybesecurity and AI

44% of Middle-Market Firms Invest in Cyber Crime Protection

New GRC and cyber risk strategies emphasize risk adaptability - Help Net Security

Cyber Security in 2025: AI, Attack Surfaces and the Shift to Cyber Resilience - Security Boulevard

Signs Your Organisation's Culture Is Hurting Your Cyber Security

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware gangs extort victims 17 hours after intrusion on average | CSO Online

Ransomware and reputation | Professional Security Magazine

Ransomware Detection: Attack Types & Latest Techniques in 2025 - Security Boulevard

BlackLock ransomware onslaught: What to expect and how to fight it - Help Net Security

Ransomware Spike Driven By RaaS Operations | MSSP Alert

The new ransomware groups worrying security researchers in 2025 | ITPro

Ransomware Attacks on Critical Infrastructure, AI Use to Grow in 2025 | MSSP Alert

Dozens of Orgs Claimed To Be Hacked by Cl0p Ransomware | MSSP Alert

Ending the Ransomware Scourge Requires Punishing Its Enablers

There’s a new ransomware player on the scene: the ‘BlackLock’ group has become one of the most prolific operators in the cyber crime industry – and researchers warn it’s only going to get worse for potential victims | ITPro

BlackLock On Track to Be 2025’s Most Prolific Ransomware Group - Infosecurity Magazine

The growing cyber threat: Ransomware, China, and state-sponsored attacks - GZERO Media

Feds warn Ghost ransomware crew remains active, potent • The Register

CISA and FBI: Ghost ransomware breached orgs in 70 countries

Inside A LockBit Ransomware Attack: A Firsthand Account Of Financial And Security Fallout

Updated Shadowpad Malware Leads to Ransomware Deployment | Trend Micro (US)

Darktrace Report Highlights The Growing Power Of MaaS, Sneaky Evasion Tactics

Black Basta ransomware gang's internal chat logs leak online

Acronis H2 2024 Cyber Threats Report Unveils Rise in

The complete story of the 2024 ransomware attack on UnitedHealth

Consultation launched to protect critical national infrastructure from ransomware | New Civil Engineer

Is Russia Reining In Ransomware-Wielding Criminals?

Ransomware losses tumble but threat remains: Chainalysis

NailaoLocker ransomware targets EU healthcare-related entities

Ransomware Victims

Dozens of Orgs Claimed To Be Hacked by Cl0p Ransomware | MSSP Alert

Lee Enterprises newspaper disruptions caused by ransomware attack

Cyber attack likely to have ‘material impact’ on media giant Lee Enterprises’ bottom line | The Record from Recorded Future News

Christie's Ransomware Hack Settlement Pact Wins Court's Approval

Army soldier linked to Snowflake extortion to plead guilty • The Register

The complete story of the 2024 ransomware attack on UnitedHealth

Medusa extortion gang demands $2M from UK's HCRG Care Group • The Register

NailaoLocker ransomware targets EU healthcare-related entities

Phishing & Email Based Attacks

Darcula PhaaS can now auto-generate phishing kits for any brand

Mobile Phishing Attacks Surge with 16% of Incidents in US - Infosecurity Magazine

98% of Business Leaders Can't Spot a Phishing Scam Tech.co Report Reveals | Business Wire

Russian Hackers Target Microsoft 365 Accounts with Device Code Attacks - Infosecurity Magazine

What is device code phishing, and why are Russian spies so successful at it? - Ars Technica

Suspected Russian spies caught spoofing Teams invites • The Register

Threat actors are using legitimate Microsoft feature to compromise M365 accounts - Help Net Security

Hackers are using this new phishing technique to bypass MFA | ITPro

What is barrel phishing? All you need to know | NordVPN

Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains

Phishing with AI is cyber security’s new hook

This New Email Attack Can Bypass Spam Filters: Here's How to Protect Against It

Amazon Phish Hunts for Security Answers and Payment Information - Security Boulevard

Phishing attack hides JavaScript using invisible Unicode trick

Russian phishing campaigns exploit Signal's device-linking feature

A Signal Update Fends Off a Phishing Technique Used in Russian Espionage | WIRED

200 businesses take part in first nationwide phishing test as part of Exercise SG Ready | The Straits Times

Spear Phishing vs Phishing: What Are the Main Differences?

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Mining Company NioCorp Loses $500,000 in BEC Hack - SecurityWeek

Other Social Engineering

Zypher's speech model can clone your voice with 5s of audio • The Register

Cyber criminals shift focus to social media as attacks reach historic highs - Help Net Security

Venture capital giant Insight Partners hit by cyber attack

Cyber Investor Insight Partners Suffers Security Breach - Infosecurity Magazine

Insight Partners, VC Giant, Falls to Social Engineering

A deepfake epidemic is coming as survey shows that people are simply not good enough at identifying fakes | TechRadar

Artificial Intelligence

Zypher's speech model can clone your voice with 5s of audio • The Register

The AI Hype Frenzy Is Fueling Cyber Security Risks

IT spending will be driven by cyber security and AI

The Hidden Cyber Security Crisis: How GenAI is Fueling the Growth of Unchecked Non-Human Identities - Security Boulevard

Cyber security pros are preparing for a new adversary: AI agents | Fortune

Ransomware Attacks on Critical Infrastructure, AI Use to Grow in 2025 | MSSP Alert

Why Regulating AI Is So Hard — And Necessary - The Good Men Project

The overlooked cyber security threat of AI

UK’s AI Safety Institute Rebrands Amid Government Strategy Shift - Infosecurity Magazine

The risks of autonomous AI in machine-to-machine interactions - Help Net Security

Sounding the alarm on AI-powered cyber security threats in 2025 | TechRadar

AI vs. Endpoint Attacks: What Security Leaders Need To Know | VentureBeat

Phishing with AI is cyber security’s new hook

A deepfake epidemic is coming as survey shows that people are simply not good enough at identifying fakes | TechRadar

Russia’s AI-Powered Cyber Attacks Threaten to Outpace Western Defences

The cyber insurance reckoning: Why AI-powered attacks are breaking coverage (and what comes next) | VentureBeat

South Korea Suspends DeepSeek AI Downloads Over Privacy Violations

UK’s AI Security Institute to protect against AI risks to national security

DarkMind: A new backdoor attack that leverages the reasoning capabilities of LLMs

Controlling Shadow AI: Protecting Knowledge Management From Cyber Threats

How to run DeepSeek AI locally to protect your privacy - 2 easy ways | ZDNET

US AI Safety Institute will be 'gutted,' Axios reports | ZDNET

Europe Mounts the Artificial-Intelligence Barricades - Bloomberg

Yikes: Jailbroken Grok 3 can be made to say and reveal just about anything | ZDNET

2FA/MFA

Hackers are using this new phishing technique to bypass MFA | ITPro

Malware

Microsoft Outlook targeted by new malware attacks allowing sneaky hijacking | TechRadar

New FinalDraft Malware Spotted in Espionage Campaign - SecurityWeek

ESentire Uncovers EarthKapre/RedCurl Attack Targeting Law Firms

Malware-as-a-Service accounts for 57 percent of all threats

300% increase in endpoint malware detections - Help Net Security

Why ‘malware as a service’ is becoming a serious problem | ITPro

Over 330 Million Credentials Compromised by Infostealers - Infosecurity Magazine

Beware of Fake BSOD Delivered by Malicious Python Script

PirateFi game on Steam caught installing password-stealing malware

Microsoft Detects New XCSSET MacOS Malware Variant - Infosecurity Magazine

Telegram Used as C2 Channel for New Golang Malware - Infosecurity Magazine

Russian malware discovered with Telegram hacks for C2 operations | CSO Online

Proofpoint Uncovers FrigidStealer, A New MacOS Infostealer - Infosecurity Magazine

Evolving Snake Keylogger Variant Targets Windows Users - Infosecurity Magazine

Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack

Hackers used free Steam game to steal passwords, Valve warns affected users | TechSpot

US military and defence contractors hit with Infostealer malware | TechRadar

Updated Shadowpad Malware Leads to Ransomware Deployment | Trend Micro (US)

Darktrace Report Highlights The Growing Power Of MaaS, Sneaky Evasion Tactics

Google Calendar Malware Is on the Rise. Here’s How to Stay Safe | WIRED

Hide and Seek in Memory: Outsmarting Sneaky Malware with Data Magic | HackerNoon

Phishing attack hides JavaScript using invisible Unicode trick

Chinese hackers use custom malware to spy on US telecom networks

Mobile

Mobile Phishing Attacks Surge with 16% of Incidents in US - Infosecurity Magazine

The 6 most notorious and dangerous Android malware of all time

Chrome for Android adds new protection against malicious apps | Digital Trends

Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls

Apple resists UK regulator demands to open up iOS browsers, citing security risks | TechSpot

Your Android phone could have stalkerware — here's how to remove it | TechCrunch

Denial of Service/DoS/DDoS

Qualys Identifies Critical Vulnerabilities That Enable DDoS, MITM Attacks

Pro-Russia collective NoName057(16) launched a new wave of DDoS attacks on Italian sites - Security Affairs

Pro-Russian hackers target Italy for the third consecutive day in retaliation for Mattarella’s remarks - Euractiv

Internet of Things – IoT

Massive Data Exposure At Mars Hydro Highlights IoT Security Risks

Connected vehicle hacking on the increase

Data Breaches/Leaks

Cyber security gaps exposed as 96% of S&P 500 firms hit by data breaches

N Ireland police charges suspected terrorists using FoI data • The Register

Insight Partners, VC Giant, Falls to Social Engineering

When Brand Loyalty Trumps Data Security

Massive data breach in France: Protect yourself from cyber attacks

Zacks Investment hit in data breach - 12 million users potentially at risk | TechRadar

Fintech giant Finastra notifies victims of October data breach

Massive Data Exposure At Mars Hydro Highlights IoT Security Risks

Zacks Investment Research Breach Hits 12 Million - Infosecurity Magazine

US Coast Guard paychecks delayed by cyber attack | TechRadar

Cyber attack compromises leading Australian IVF provider’s data | SC Media

Data breach risk confirmed - Bailiwick Express News Guernsey

Organised Crime & Criminal Actors

Malware-as-a-Service accounts for 57 percent of all threats

Why ‘malware as a service’ is becoming a serious problem | ITPro

127 Servers of Bulletproof Hosting Service Zservers Seized by Dutch Police - SecurityWeek

Black Basta ransomware gang's internal chat logs leak online

Thousands of trafficked scammers await return to Thailand • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack

Two arrested after pensioner scammed out of crypto nest egg • The Register

Insider Risk and Insider Threats

The Bourne Insecurity: When Defence Employees Unwittingly Help Attackers

Forrester Report: The Complexities Of Human-Element Breaches

Insurance

The cyber insurance reckoning: Why AI-powered attacks are breaking coverage (and what comes next) | VentureBeat

Supply Chain and Third Parties

Is a lack of supply chain visibility undermining board-level confidence in cyber security programs?

Supply chain cyber attacks surge over 400%, expected to continue rising – Cowbell report | Insurance Business America

Third party delegation risk - IT Security Guru

Cloud/SaaS

Hackers are using this new phishing technique to bypass MFA | ITPro

Russian Hackers Target Microsoft 365 Accounts with Device Code Attacks - Infosecurity Magazine

What is device code phishing, and why are Russian spies so successful at it? - Ars Technica

Suspected Russian spies caught spoofing Teams invites • The Register

Threat actors are using legitimate Microsoft feature to compromise M365 accounts - Help Net Security

ZEST Security's Cloud Risk Exposure Impact Report Reveals 62% of Incidents are Related to Risks Known to the Organisation

Trump admin sought to counter UK-ordered iCloud encryption backdoor | SC Media

New "whoAMI" Attack Exploits AWS AMI Name Confusion for Remote Code Execution

How CISOs can balance security and business agility in the cloud - Help Net Security

Identity and Access Management

The Hidden Cyber Security Crisis: How GenAI is Fueling the Growth of Unchecked Non-Human Identities - Security Boulevard

Identity is the Breaking Point—Get It Right or Zero Trust Fails | VentureBeat

Encryption

What is an encryption backdoor? | TechCrunch

Trump admin sought to counter UK-ordered iCloud encryption backdoor | SC Media

10 years on after Data and Goliath warned of data collection • The Register

Rethinking the Debate on Encryption Backdoors | SC Media UK

Quantum computing in cyber security: A double-edged sword | Computer Weekly

Passwords, Credential Stuffing & Brute Force Attacks

Over 330 Million Credentials Compromised by Infostealers - Infosecurity Magazine

PirateFi game on Steam caught installing password-stealing malware

The Bourne Insecurity: When Defence Employees Unwittingly Help Attackers

Hackers used free Steam game to steal passwords, Valve warns affected users | TechSpot

US military and defence contractors hit with Infostealer malware | TechRadar

Hundreds of US Military and Defence Credentials Stolen - Infosecurity Magazine

Credential Theft Becomes Cyber Criminals' Favorite Target

Social Media

Cyber criminals shift focus to social media as attacks reach historic highs - Help Net Security

Training, Education and Awareness

How Slashing the SAT Budget Is Appreciated By Hackers - Security Boulevard

Regulations, Fines and Legislation

Why Regulating AI Is So Hard — And Necessary - The Good Men Project

Trump admin sought to counter UK-ordered iCloud encryption backdoor | SC Media

UK’s AI Safety Institute Rebrands Amid Government Strategy Shift - Infosecurity Magazine

Insider threat: cyber security experts on giving Elon Musk and DOGE the keys to US government IT systems

UK’s AI Security Institute to protect against AI risks to national security

SEC creates Cyber and Emerging Technologies Unit

CIOs to the DORA test: how to speed up the process for compliance | CSO Online

Top US Election Security Watchdog Forced to Stop Election Security Work | WIRED

Elon Musk's DOGE launched its website. It was hacked within days | Fortune

Why dismantling the PCLOB and CSRB threatens privacy and national security

DoD's new CISO once had clearance revoked for data leak • The Register

DOGE Now Has Access to the Top US Cyber Security Agency | WIRED

DOGE access to Social Security, IRS data could create privacy and security risks, experts say | The Record from Recorded Future News

Consultation launched to protect critical national infrastructure from ransomware | New Civil Engineer

US AI Safety Institute will be 'gutted,' Axios reports | ZDNET

Europe Mounts the Artificial-Intelligence Barricades - Bloomberg

Models, Frameworks and Standards

CIOs to the DORA test: how to speed up the process for compliance | CSO Online

PCI DSS 4.0 Mandates DMARC By 31st March 2025

Careers, Working in Cyber and Information Security

Cyber security jobs are on the rise as digital threats continue to evolve - The Globe and Mail

Cyber security Salaries Stay Competitive, Retention Challenges Persist - Security Boulevard

Cyber security is tough: 4 steps leaders can take now to reduce team burnout | CSO Online

Q&A: Tackling the cyber skills gap — Financier Worldwide

Cyber security professionals not happy in their jobs

West Coast Cyber Security Salaries Outshine Rest of Country - Infosecurity Magazine

Law Enforcement Action and Take Downs

127 Servers of Bulletproof Hosting Service Zservers Seized by Dutch Police - SecurityWeek

US Army soldier pleads guilty to AT&T and Verizon hacks | TechCrunch

The Zservers takedown is another big win for law enforcement | ITPro

Two arrested after pensioner scammed out of crypto nest egg • The Register

Thousands of trafficked scammers await return to Thailand • The Register

Ending the Ransomware Scourge Requires Punishing Its Enablers

Is Russia Reining In Ransomware-Wielding Criminals?

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Banking sector wrestling with cyber concerns amid spectre of geopolitical impacts

ESentire Uncovers EarthKapre/RedCurl Attack Targeting Law Firms

Latest EY and IIF survey reveals cyber security as top risk for global CROs amid geopolitical tensions | EY - Global

Spies Eye AUKUS Nuclear Submarine Secrets - Infosecurity Magazine

Nation State Actors

China

Salt Typhoon telecom breach remarkable for its ‘indiscriminate’ targeting, FBI official says | CyberScoop

The growing cyber threat: Ransomware, China, and state-sponsored attacks - GZERO Media

China-Linked Threat Group Targets Japanese Orgs' Servers

South Korea Suspends DeepSeek AI Downloads Over Privacy Violations

Chinese hackers use custom malware to spy on US telecom networks

Salt Typhoon used custom malware JumbledPath to spy on US telecom providers

Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign

AI Could Help the US Evade a Crippling Cyber Attack on Its Satellites - Business Insider

How to run DeepSeek AI locally to protect your privacy - 2 easy ways | ZDNET

Russia

Hackers are using this new phishing technique to bypass MFA | ITPro

Russian Hackers Target Microsoft 365 Accounts with Device Code Attacks - Infosecurity Magazine

Suspected Russian spies caught spoofing Teams invites • The Register

Russian malware discovered with Telegram hacks for C2 operations | CSO Online

Russia’s AI-Powered Cyber Attacks Threaten to Outpace Western Defences

Russian Groups Target Signal Messenger in Spy Campaign

Pro-Russia collective NoName057(16) launched a new wave of DDoS attacks on Italian sites - Security Affairs

Ending the Ransomware Scourge Requires Punishing Its Enablers

Russian phishing campaigns exploit Signal's device-linking feature

Is Russia Reining In Ransomware-Wielding Criminals?

North Korea

North Korea's Kimsuky Attacks Rivals' Trusted Platforms

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

N Ireland police charges suspected terrorists using FoI data • The Register

Tools and Controls

How Slashing the SAT Budget Is Appreciated By Hackers - Security Boulevard

44% of Middle-Market Firms Invest in Cyber Crime Protection

IT spending will be driven by cyber security and AI

The Hidden Cyber Security Crisis: How GenAI is Fuelling the Growth of Unchecked Non-Human Identities - Security Boulevard

300% increase in endpoint malware detections - Help Net Security

CISO's Expert Guide To CTEM And Why It Matters

New GRC and cyber risk strategies emphasize risk adaptability - Help Net Security

Edge device vulnerabilities fueled attack sprees in 2024 | CyberScoop

Most impactful cyber attacks linked to vulnerable edge devices | SC Media

AI vs. Endpoint Attacks: What Security Leaders Need To Know | VentureBeat

API Security Matters: The Risks of Turning a Blind EyeWebinar.

Identity is the Breaking Point—Get It Right or Zero Trust Fails | VentureBeat

How CISOs can balance security and business agility in the cloud - Help Net Security

The Cyber Security Threat Lurking in Your Operational Efficiency Efforts: Remote Access Vulnerabilities

PCI DSS 4.0 Mandates DMARC By 31st March 2025

Other News

Two-thirds of UK businesses still failing on cyber security | Total Telecom

Robert De Niro Tries to Save America in Netflix’s High-Profile Mini-Series Zero Day | Vanity Fair

How to improve cyber security in healthcare | McKinsey

US Coast Guard paychecks delayed by cyber attack | TechRadar

Another Cyber Security Flaw: Automakers Still Risking Too Much

Securing E-Commerce in an Age of Relentless Cyber Threats

AI Could Help the US Evade a Crippling Cyber Attack on Its Satellites - Business Insider

4 Cyber Security Misconceptions to Leave Behind in 2025 - The New Stack

Five cyber security basics that stand the test of time | SC Media

Vulnerability Management

Cyber security experts defend CVSS amid criticism | SC Media

Edge device vulnerabilities fuelled attack sprees in 2024 | CyberScoop

Microsoft reminds admins to prepare for WSUS driver sync deprecation

Vulnerabilities

Hackers Exploit Palo Alto Firewall Vulnerability Day After Disclosure - SecurityWeek

SonicWall firewalls under attack. Patch now • The Register

Palo Alto Networks and SonicWall Firewalls Under Attack - Infosecurity Magazine

Microsoft is pushing a security update to Windows 11 that breaks File Explorer

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability

Ivanti endpoint manager can become endpoint ravager • The Register

Xerox Versalink Printer Vulnerabilities Enable Lateral Movement - SecurityWeek

Qualys Identifies Critical Vulnerabilities That Enable DDoS, MITM Attacks

Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication

Juniper Warns of Critical Authentication Bypass Vulnerability Affecting Multiple Products

OpenSSH bugs threaten enterprise security, uptime • The Register

Chrome 133, Firefox 135 Updates Patch High-Severity Vulnerabilities - SecurityWeek

Palo Alto warns firewalls flaws are under active attack • The Register

Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability

WordPress Plugin Vulnerability Exposes 90,000 Sites to Attack - Infosecurity Magazine

Firefox 135.0.1: important security update and bug fixes - gHacks Tech News

Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target US Telecom Networks

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 16/02/2025 Black Arrow Admin 16/02/2025

Black Arrow Cyber Threat Intelligence Briefing 14 February 2025

Black Arrow Cyber Threat Intelligence Briefing 14 February 2025:

-Russian State Threat Group Shifts Focus to US, UK Targets

-Majority of Businesses Expect a Cyber Breach in 2025

-The Hidden Cyber Threat Lurking in Your Supply Chain

-Cyber Resilience: A C-Suite Game Plan for Balancing Innovation, Compliance and Risk

-NIS2: the GDPR of Cyber Security

-Hackers Ramp Up Efficiency, Speed, and Scale in 2024, Targeting Business of All Sizes

-Number of Active Dark Web Ransomware Groups Up 38% in 2024

-Nation State Hackers Want in on the Ransomware Action – Ransomware Isn’t Always About the Money: Government Spies Have Objectives, Too

-Enterprises Under Growing Pressure to Demonstrate Readiness for Cyber Threats

-Cyber Criminals Exploit Valentine’s Day with Romance Scams, Phishing Attacks

-The UK’s Secret iCloud Backdoor Request Raises Concerns from Critics

Executive Summary

There has been a clear surge in cyber threats targeting UK and US organisations in recent weeks, particularly from state-backed and criminal ransomware groups. Russian state-affiliated actors are exploiting vulnerabilities in critical infrastructure sectors, while nation-state groups from China, Iran, and North Korea increasingly use ransomware for espionage and financial gain. The number of active ransomware groups rose by 38% in 2024, with attacks becoming more efficient through automation. The evolving threat landscape demands proactive cyber defence, including robust endpoint protection, threat intelligence, and rapid incident response.

Despite growing awareness, organisations remain vulnerable due to inadequate investment and outdated security strategies. Research shows that 60% of businesses expect a cyber breach in 2025, yet nearly half have not reviewed their security posture recently. Supply chain risks are particularly pressing, with financial services firms facing repeated third-party breaches. The EU’s NIS2 directive is set to impose stricter cyber security standards, with UK firms working with EU partners already required to comply. Leadership alignment is crucial, as gaps between CIOs, CTOs, and CISOs continue to hinder cyber resilience.

Regulatory pressure is mounting, with the UK government reportedly seeking backdoor access to encrypted data. Meanwhile, cyber criminals are exploiting seasonal events, such as Valentine’s Day, to launch sophisticated scams. As cyber threats intensify, Black Arrow Cyber advises organisations to adopt a ‘Resilient by Design’ approach, prioritising zero trust security models, continuous monitoring, and executive-level collaboration to mitigate risks and safeguard long-term business continuity.

Governance, Risk and Compliance

58% of UK financial firms targeted in supply chain cyber attacks, survey reveals

Third-Party Risk Management Failures Expose UK Finance Sector - Infosecurity Magazine

Majority Of Businesses Expect A Cyber Breach In 2025 | Silicon UK

Gartner: Most Security Leaders Cannot Balance Data Security, Business Goals

Enterprises under growing pressure to demonstrate readiness for cyber threats

Cyber resilience: A C-suite game plan for balancing innovation, compliance and risk | SC Media

From Reactive to Predictive: Building Cyber Resilience for 2025 - Security Boulevard

7 tips for improving cyber security ROI | CSO Online

Research Reveals Data Breaches On The Rise at UK Law Firms | Tripwire

Cyber Security, Enterprise Risk Management, and Meeting Effectiveness Are Top Priorities for Audit Committees, According to Deloitte, Center for Audit Quality Survey

Cyber Resilience: What’s in store for 2025? | SC Media UK

Human Risk Management Will Be the Hot Topic of 2025 | Mimecast

Inconsistent security strategies fuel third-party threats - Help Net Security

Business leaders see risks in economy, cyber threats and talent | Accounting Today

Why CFOs and CISOs Should Care About B2B Cyber Audits

New Cyber Attack Severity Classification Scale Unveiled By UK Org | MSSP Alert

Financial crime in the shadows of the dark web | Premium | Compliance Week

74% of Security Directors in Regulated Industries Say Detection Security Technologies Fall Short | Business Wire

Threats

Ransomware, Extortion and Destructive Attacks

2024 Breaks Records With Highest Ever Ransomware Attacks

Number of active dark web ransomware groups up 38 percent in 2024

Ransomware Gangs Increasingly Prioritize Speed and Volume in Attacks - Infosecurity Magazine

Ransomware attacks spiked in 2024—but they're nothing compared to what's coming this year, tech expert warns. 'I’m very afraid of the things we’re going to see in 2025' | Fortune

Hackers Ramp Up Efficiency, Speed, and Scale in 2024,

Cyber crime is helping fund rogue nations across the world - and it's only going to get worse, Google warns | TechRadar

Nation-state hackers want in on the ransomware action • The Register

Chinese Cyber Spy Possibly Launching Ransomware Attacks as Side Job - SecurityWeek

Triplestrength hits with ransomware, cloud crypto mining • The Register

Google says policymakers must stem upward cyber crime trend • The Register

US adversaries increasingly turning to cyber criminals and their malware for help | CyberScoop

Warning: Cyber Crime Services Underpin National Security Risk

‘We Don’t Negotiate with Terrorists’: Ransomware Strategy in Modern Cyber Security | MSSP Alert

Cyber attacks targeting medical organisations up 32% in 2024 | SC Media

US indicts 8Base ransomware operators for Phobos encryption attacks

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

Thai authorities detain four Europeans in ransomware crackdown | CyberScoop

Ransomware Victims

Label maker Avery says ransomware investigation also found credit-card scraper | The Record from Recorded Future News

Was Cisco Just Hit By Ransomware? What Happened And What To Do

Cisco Hacked – Ransomware Group Allegedly Breached & Gained AD Access

Cisco Says Ransomware Group's Leak Related to Old Hack - SecurityWeek

Cisco dispels Kraken data breach claims, insists stolen data came from old attack | ITPro

120K Compromised in Memorial Hospital Ransomware Attack

'Cyber event' delaying US newspaper prints enters 2nd week • The Register

Phishing & Email Based Attacks

SVG files are offering cyber criminals an easy way in with new phishing attacks | TechRadar

Cyber Criminals Weaponize Graphics Files in Phishing Attacks - Infosecurity Magazine

AI-Powered Social Engineering: Reinvented Threats

Cyber Criminals Exploit Valentine’s Day with Romance Scams, Phishing Attacks - Security Boulevard

Astaroth Phishing Kit Bypasses 2FA Using Reverse Proxy Techniques - Infosecurity Magazine

Google's DMARC Push Pays Off, but Challenges Remain

A new Facebook phishing campaign looks to trick you with emails sent from Salesforce | TechRadar

Cloudflare outage caused by botched blocking of phishing URL

Phishing Season 2025: The Latest Predictions Unveiled - Security Boulevard

Study: Workplace Phishing Tests Only Have a 2% Success Rate

Other Social Engineering

DPRK hackers dupe targets into typing PowerShell commands as admin

Windows, Mac And Linux Users Given New LinkedIn Security Warning

I'm a security expert and I almost fell for this IT job scam • The Register

Artificial Intelligence

Malicious AI Models on Hugging Face Exploit Novel Attack Technique - Infosecurity Magazine

DeepSeek App Transmits Sensitive User and Device Data Without Encryption

AI-Powered Social Engineering: Reinvented Threats

Bad Actors Target DeepSeek In LLMJacking Attacks

DeepSeek-R1: A Smorgasbord Of Security Risks

CISOs Brace for LLM-Powered Attacks: Key Strategies to Stay Ahead - Security Boulevard

How to Steer AI Adoption: A CISO Guide

AI-Driven Cyber Threats Require New Defence Strategies | MSSP Alert

Biz Beware: DeepSeek AI Fails Multiple Security Tests

AI chatbots distort the news, BBC finds - see what they get wrong | ZDNET

A review of the UK Government AI security guidance

How fake security reports are swamping open-source projects, thanks to AI | ZDNET

Rapid growth of AI poses ‘profound’ threat to privacy – The Irish Times

In Paris, US signals shift from AI safety to deregulation | CyberScoop

ChatGPT maker OpenAI taking claims of data breach ‘seriously’ | The Independent

20 million OpenAI users hacked? Here's how to stay safe | PCWorld

2FA/MFA

Astaroth Phishing Kit Bypasses 2FA Using Reverse Proxy Techniques - Infosecurity Magazine

Inside The Söze Syndicate: MFA Flaws, And The Battle For SMB Security

4 Ways to Keep MFA From Becoming too Much of a Good Thing

Malware

North Korean hackers are targeting LinkedIn jobseekers with new malware - here's how to stay safe | TechRadar

DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects

Millions of Mac owners urged to be on alert for info-stealing malware | Tom's Guide

Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks

US adversaries increasingly turning to cyber criminals and their malware for help | CyberScoop

Microsoft IIS servers targeted for malware deployment | SC Media

Hackers are targeting your password manager app | Mashable

Microsoft warns hackers have a new and devious way of distributing malware | TechRadar

Linux running in a PDF? This hack is as bizarre as it is brilliant | ZDNET

Bots/Botnets

Botnet Spotlight | Networks Hosting Botnet C&Cs: Same Players, Same Problems | Blog

Denial of Service/DoS/DDoS

DDoS Attack Volume and Magnitude Continues to Soar - Infosecurity Magazine

Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks

Internet of Things – IoT

Exclusive: Massive IoT Data Breach Exposes 2.7 Billion Records - Infosecurity Magazine

Data Breaches/Leaks

Research Reveals Data Breaches On The Rise at UK Law Firms | Tripwire

Exclusive: Massive IoT Data Breach Exposes 2.7 Billion Records - Infosecurity Magazine

Silent breaches are happening right now, most companies have no clue - Help Net Security

Over 3 million Fortune 500 employee accounts compromised since 2022 - Help Net Security

14 State AGs to Sue DOGE Over Payment System Access | MSSP Alert

Judge: DOGE made US Treasury ‘more vulnerable to hacking’ • The Register

Research Reveals Data Breaches On The Rise at UK Law Firms | Tripwire

20 million OpenAI users hacked? Here's how to stay safe | PCWorld

HPE notifies employees of data breach after Russian Office 365 hack

Over 882K Impacted By Hospital Sisters Health System Breach | MSSP Alert

Georgia Hospital Alerts 120,000 Individuals of Data Breach - Infosecurity Magazine

OpenAI Finds No Evidence of Breach After Hacker Offers to Sell 20 Million Credentials - SecurityWeek

Lexipol Data Leak: Hackers Drop Police Training Manuals

Cisco dispels Kraken data breach claims, insists stolen data came from old attack | ITPro

Additional Details on PowerSchool Breach Impact Emerge | MSSP Alert

120K Compromised in Memorial Hospital Ransomware Attack

Organised Crime & Criminal Actors

Cyber crime is helping fund rogue nations across the world - and it's only going to get worse, Google warns | TechRadar

Nation-state hackers want in on the ransomware action • The Register

Google says policymakers must stem upward cyber crime trend • The Register

US adversaries increasingly turning to cyber criminals and their malware for help | CyberScoop

Warning: Cyber Crime Services Underpin National Security Risk

Russian cyber criminal Alexander Vinnik is being released from US custody in exchange for Marc Fogel

Russia taps cyber criminals to keep military pressure on Ukraine – POLITICO

Botnet Spotlight | Networks Hosting Botnet C&Cs: Same Players, Same Problems | Blog

Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Triplestrength hits with ransomware, cloud crypto mining • The Register

US: Man Gets 20 Years for $37m Crypto Heist - Infosecurity Magazine

Insider Risk and Insider Threats

Human Risk Management Will Be the Hot Topic of 2025 | Mimecast

Behavioural Analytics in Cyber Security: Who Benefits Most?

Insurance

Tips for Maximizing Your Cyber Insurance Program | Goodwin - JDSupra

Supply Chain and Third Parties

Nearly half of organisations suffer third-party security incidents

58% of UK financial firms targeted in supply chain cyber attacks, survey reveals

Third-Party Risk Management Failures Expose UK Finance Sector - Infosecurity Magazine

The hidden cyber threat lurking in your supply chain - Accountancy Age

Inconsistent security strategies fuel third-party threats - Help Net Security

Should the UK Take Note of EU Digital Resilience Rules as Supply Chain Attacks Continue asks Orange | The Fintech Times

Protecting Your Software Supply Chain: Assessing the Risks Before Deployment

It's time to secure the extended digital supply chain - Help Net Security

Why CFOs and CISOs Should Care About B2B Cyber Audits

IT reliance leaves insurers open to attack

Cloud/SaaS

Triplestrength hits with ransomware, cloud crypto mining • The Register

Cyber criminals Are Moving into the Cloud and Making Your Active Directory Their New Home | Ankura - JDSupra

Labour's Demand to Spy on Apple Users Undermines the Security and Privacy of Us All – The Daily Sceptic

The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance - Help Net Security

Outages

PlayStation Network Outage: A Wake-Up Call For Cyber Security?

Cloudflare outage caused by botched blocking of phishing URL

Encryption

UK's secret Apple iCloud backdoor order is a global emergency, say critics | TechCrunch

Apple’s ‘Dangerous’ iPhone Update Is Much Worse Than You Think

Experts Dismayed at UK’s Apple Encryption Demands - Infosecurity Magazine

The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance - Help Net Security

The UK’s war on encryption affects all of us | The Verge

Europol Warns Financial Sector of “Imminent” Quantum Threat - Infosecurity Magazine

Passwords, Credential Stuffing & Brute Force Attacks

Over 3 million Fortune 500 employee accounts compromised since 2022 - Help Net Security

Security attacks on password managers have soared | TechRadar

Massive brute force attack uses 2.8 million IPs to target VPN devices

Huge cyber attack under way - 2.8 million IPs being used to target VPN devices | TechRadar

Social Media

North Korean hackers are targeting LinkedIn jobseekers with new malware - here's how to stay safe | TechRadar

Windows, Mac And Linux Users Given New LinkedIn Security Warning

What to do if your social media accounts are hacked | The Independent

Google fixes flaw that could unmask YouTube users' email addresses

A new Facebook phishing campaign looks to trick you with emails sent from Salesforce | TechRadar

Malvertising

Magecart Attackers Abuse Google Ad Tool to Steal Data

Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores

Chinese-Speaking Group Manipulates SEO with BadIIS | Trend Micro (US)

Regulations, Fines and Legislation

The UK’s war on encryption affects all of us | The Verge

CIOs to the DORA test: how to speed up the process for compliance | CSO Online

Apple ordered to open encrypted user accounts globally to UK spying | The Verge

NIS2: the GDPR of cyber security | TechRadar

The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance - Help Net Security

Most UK GDPR Enforcement Actions Targeted Public Sector in 2024 - Infosecurity Magazine

Treasury Curtails Musk-led DOGE’s Government Access | MSSP Alert

Musk’s DOGE teen was fired by cyber security firm for leaking company secrets

Judge: DOGE made US Treasury ‘more vulnerable to hacking’ • The Register

Should the UK Take Note of EU Digital Resilience Rules as Supply Chain Attacks Continue asks Orange | The Fintech Times

Elon Musk's DOGE Is a Cyber Security Nightmare

The Government’s Computing Experts Say They Are Terrified - The Atlantic

A review of the UK Government AI security guidance

Cyber security group sues DOGE over data access | Mashable

Trump White House Dismantles Key Data Security Safeguards

In Paris, US signals shift from AI safety to deregulation | CyberScoop

Coast Guard falls short on maritime cyber security, GAO says • The Register

Trump Order Grants DOGE Hiring Powers, Raising Cyber Fears

Models, Frameworks and Standards

CIOs to the DORA test: how to speed up the process for compliance | CSO Online

NIS2: the GDPR of cyber security | TechRadar

Should the UK Take Note of EU Digital Resilience Rules as Supply Chain Attacks Continue asks Orange | The Fintech Times

Data Protection

Most UK GDPR Enforcement Actions Targeted Public Sector in 2024 - Infosecurity Magazine

Careers, Working in Cyber and Information Security

Data reveals sharpest tech skills shortages in software engineering, data science and cyber security | theHRD

Tackling the UK's cyber security skills shortage | TechRadar

Cyber Security Challenge Announces Plans for Closure | SC Media UK

UK Military Fast-Tracks Cyber Security Recruitment - Infosecurity Magazine

Law Enforcement Action and Take Downs

US: Man Gets 20 Years for $37m Crypto Heist - Infosecurity Magazine

US indicts 8Base ransomware operators for Phobos encryption attacks

District of Maryland | Phobos Ransomware Affiliates Arrested in Coordinated International Disruption | United States Department of Justice

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster

US woman faces years in federal prison for running laptop farm for N Korean IT workers

Alabama Man Pleads Guilty to Hacking SEC's X Account - SecurityWeek

Misinformation, Disinformation and Propaganda

AI chatbots distort the news, BBC finds - see what they get wrong | ZDNET

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets

Nation State Actors

Nation-state hackers want in on the ransomware action • The Register

Cyber crime is helping fund rogue nations across the world - and it's only going to get worse, Google warns | TechRadar

Google says policymakers must stem upward cyber crime trend • The Register

US adversaries increasingly turning to cyber criminals and their malware for help | CyberScoop

Warning: Cyber Crime Services Underpin National Security Risk

China

Chinese Cyber Spy Possibly Launching Ransomware Attacks as Side Job - SecurityWeek

Chinese espionage tools deployed in RA World ransomware attack

Salt Typhoon strikes again - more US ISPs, universities and telecoms networks hit by Chinese hackers | TechRadar

DeepSeek App Transmits Sensitive User and Device Data Without Encryption

New Chinese Hacking Campaign Targets Manufacturing Firms to Steal IP - Infosecurity Magazine

China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers | WIRED

DeepSeek-R1: A Smorgasbord Of Security Risks

We’re In for a Rude Awakening on Cyber Security

Security Researchers Warn of New Risks in DeepSeek AI App

Chinese-Speaking Group Manipulates SEO with BadIIS | Trend Micro (US)

Russia

Russian Seashell Blizzard Hackers Gain, Maintain Access to High-Value Targets: Microsoft - SecurityWeek

A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks | WIRED

Russian state threat group shifts focus to US, UK targets | CyberScoop

Russia's intelligence recruits Ukrainians for terror attacks via messaging apps

Salt Typhoon's Impact on the US and Beyond

Russia taps cyber criminals to keep military pressure on Ukraine – POLITICO

23 Companies, 120 Servers Down: Ukraine’s Cyber Strike Shakes Russia’s Energy Sector | Defense Express

Russian military hackers deploy malicious Windows activators in Ukraine

US, UK and Australia Hit Bulletproof Hoster Zservers with Sanctions - Infosecurity Magazine

The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation | Microsoft Security Blog

HPE notifies employees of data breach after Russian Office 365 hack

Russian cyber criminal Alexander Vinnik is being released from US custody in exchange for Marc Fogel

Russia Says Baltic Sea Cable Damaged by ‘External Impact' - The Moscow Times

TeamViewer's CISO on Thriving After Russian Cyber-Attack - Infosecurity Magazine

North Korea

DPRK hackers dupe targets into typing PowerShell commands as admin

North Korean hackers are targeting LinkedIn jobseekers with new malware - here's how to stay safe | TechRadar

Researchers Unveiled Tactics, Techniques, and Procedures Used by North Korean Hackers

I'm a security expert and I almost fell for this IT job scam • The Register

US woman faces years in federal prison for running laptop farm for N Korean IT workers

Tools and Controls

Massive brute force attack uses 2.8 million IPs to target VPN devices

Security attacks on password managers have soared | TechRadar

Cyber resilience: A C-suite game plan for balancing innovation, compliance and risk | SC Media

From Reactive to Predictive: Building Cyber Resilience for 2025 - Security Boulevard

74% of Security Directors in Regulated Industries Say Detection Security Technologies Fall Short | Business Wire

Analyst Burnout Is an Advanced Persistent Threat

Huge cyber attack under way - 2.8 million IPs being used to target VPN devices | TechRadar

Google's DMARC Push Pays Off, but Challenges Remain

7 tips for improving cyber security ROI | CSO Online

New Cyber Attack Severity Classification Scale Unveiled By UK Org | MSSP Alert

4 Ways to Keep MFA From Becoming too Much of a Good Thing

Behavioural Analytics in Cyber Security: Who Benefits Most?

Transforming Cyber Security With Continuous Threat Exposure Management

How Deepseek’s security failures shape the future of cyber defence on AI | Cybernews

Other News

Why Attackers Heart SMBs— and How to Fight Back | Symantec Enterprise Blogs

What is Physical Security and How Does it Work? | Definition from TechTarget

London council hit by 20,000 cyber attacks every day | The Standard

Elon Musk's DOGE Is a Cyber Security Nightmare

Cyber attacks targeting medical organisations up 32% in 2024 | SC Media

Cyber security requires new approaches, where all stakeholders contribute | Healthcare IT News

IT reliance leaves insurers open to attack

Canada to spend almost $38 million on huge cyber security overhaul

Vehicle cyber security under scrutiny as major hacking attempts triple in 2024

Japan Goes on Offense With New 'Active Cyber Defense' Bill

Cyber security group sues DOGE over data access | Mashable

Coast Guard falls short on maritime cyber security, GAO says • The Register

Linux running in a PDF? This hack is as bizarre as it is brilliant | ZDNET

Vulnerability Management

XE Group shifts from credit card skimming to exploiting zero-days

How fake security reports are swamping open-source projects, thanks to AI | ZDNET

Vulnerabilities

Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws

Adobe Plugs 45 Software Security Holes, Warn of Code Execution Risks - SecurityWeek

SonicWall firewall exploit lets hackers hijack VPN sessions, patch now

Fortinet 0-Day in FortiOS & FortiProxy Let Attackers Hijack Firewall to Gain Super Admin Access

SAP Releases 21 Security Patches - SecurityWeek

PAN-OS 0-day Vulnerability Let Attackers Bypass Web Interface Authentication

High-Severity OpenSSL Vulnerability Found by Apple Allows MitM Attacks - SecurityWeek

Apple’s security patch highlights the growing security threat – Computerworld

Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now

Chipmaker Patch Tuesday: Intel, AMD, Nvidia Fix High-Severity Vulnerabilities - SecurityWeek

Additional Details on PowerSchool Breach Impact Emerge | MSSP Alert

Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers

Apple fixes iPhone and iPad bug actively exploited in ‘extremely sophisticated attacks’

Progress Software fixed multiple high-severity LoadMaster flaws

Intel Patched 374 Vulnerabilities in 2024 - SecurityWeek

Security Researchers Warn of New Risks in DeepSeek AI App

PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

Surge in attacks exploiting old ThinkPHP and ownCloud flaws

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 12/02/2025 Black Arrow Admin 12/02/2025

Black Arrow Cyber Advisory 12 February 2025 – Comprehensive Security Updates from Microsoft, Adobe, Apple, and More

Black Arrow Cyber Advisory 12 February 2025 – Microsoft, Adobe, Fortinet, Apple, Ivanti, OpenSSL, SAP, Zyxel, Intel, AMD & Nvidia Security Updates

Executive Summary

Microsoft’s Patch Tuesday for February 2025 included 63 security updates for its product line, including 2 actively exploited zero-day vulnerabilities. Several other major software and hardware vendors released critical security updates this month to address vulnerabilities that could be exploited by attackers.

Ivanti patched several critical flaws within its Connect Secure and Policy Secure products. Apple issued patches for its iOS and iPadOS devices to address a USB vulnerability that could allow for data exfiltration. Adobe provided updates addressing 45 vulnerabilities for several products, including InDesign, Commerce, Magento, Substance, Photoshop Elements, and Illustrator.

Fortinet published nine security advisories with updates addressing high, medium, and low severity security issues. They also updated a previous advisory from January with additional information and reference to CVE-2025-24472, which Arctic Wolf had previously highlighted in their breakdown of the attack pattern against Fortinet Fortigate Firewalls since November 2024.

OpenSSL released patches to address a vulnerability related to raw public keys, introduced with OpenSSL 3.2. Patches were released within versions 3.4.1, 3.3.2, and 3.2.4 to address the issue. As OpenSSL is utilised by many vendors, it may take some time for the updates to propagate to affected products.

SAP released 19 new security notes, including high, medium, and low vulnerabilities addressed by security patches. Zyxel recently released a security advisory on three reported vulnerabilities, informing customers to replace affected devices as they have reached end of life and are no longer supported.

Additionally, Intel, AMD, and Nvidia published new security advisories addressing high-severity vulnerabilities in their products. Intel released 34 security advisories across their product line, including a critical issue in their Server Board BMC Firmware. AMD released 11 security bulletins which included firmware patches for several high-severity vulnerabilities affecting their embedded processors. Nvidia issued four advisories for vulnerabilities within their Container, Triton, Jetson, and JPEG2000 products.

What’s the risk to me or my business?

What can I do?

Microsoft

Further details on specific updates within this Microsoft patch Tuesday can be found here:

https://msrc.microsoft.com/update-guide/releaseNote/2025-Feb

Ivanti, Apple, Adobe, Fortinet, OpenSSL, SAP, Zyxel, Intel, AMD & Nvidia

Further details of the vulnerabilities in affected Ivanti, Apple, Adobe, Fortinet, OpenSSL, SAP, Zyxel, Intel, AMD and Nvidia products can be found here:

https://www.ivanti.com/blog/february-security-update

https://support.apple.com/en-us/100100

https://helpx.adobe.com/security/security-bulletin.html

https://fortiguard.fortinet.com/psirt

https://openssl-library.org/news/secadv/20250211.txt

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/february-2025.html

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025

https://www.intel.com/content/www/us/en/security-center/default.html

https://www.amd.com/en/resources/product-security.html

https://www.nvidia.com/en-us/security/

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 09/02/2025 Black Arrow Admin 09/02/2025

Black Arrow Cyber Threat Intelligence Briefing 7 February 2025

Black Arrow Cyber Threat Intelligence Briefing 07 February 2025:

-Destructive Attacks on Financial Institutions Surge

-AI, Cyber Crime Perceived as Top Insurance Risks

-Ransomware Victims Increased by 26% in 2024

-Over 60 Percent of Enterprise Cyber Security Incidents Relate to Known Risks

-CISOs Drive the Intersection between Cyber Maturity and Business Continuity

-Cyber Criminals Entice Traitorous Insiders via Ransom Notes

-Phishing Up Almost 50% Since 2021 with AI Attacks on the Rise

-The Cyber-Driven Domino Effect: How Financial and Security Crises Bankrupt Businesses

-Board Directors Are Taking the Lead on Cyber Security Oversight

-Credential-Stealing Malware Surges in 2024

-How Agentic AI will be Weaponised for Social Engineering Attacks

-LinkedIn Has Become a Prime Hunting Ground for Cyber Criminals

Executive Summary

Black Arrow Cyber's review of threat intelligence identified further evidence of an alarming increase in cyber threats targeting financial institutions, insurers, and enterprises, and the consequences that can include financial ruin.

Destructive cyber attacks have risen by over 12%, often erasing evidence rather than merely disrupting operations. Ransomware attacks surged by 26% in 2024, while phishing attacks have grown by nearly 50% since 2021, with AI-driven threats becoming more sophisticated. Insider threats are also on the rise, with ransomware gangs recruiting employees to facilitate breaches. Business leaders need to be aware that over 60% of enterprise cyber incidents stem from previously identified but unresolved risks, highlighting the need for proactive risk management. These trends underscore the evolving threat landscape and the critical need for a cohesive security strategy that includes continuous monitoring, the timely remediation of vulnerabilities, and employee awareness programmes.

The financial sector faces dual challenges from AI and cyber crime, with insurers ranking cyber attacks as an immediate risk. The weaponisation of AI in cyber attacks is accelerating, enabling adaptive, multi-stage social engineering campaigns. Meanwhile, credential-stealing malware now accounts for 25% of all malware activity, making identity protection a top priority. Cyber security governance is evolving to address this, with CISOs increasingly influencing business strategy and board directors taking a more proactive role in oversight.

As cyber risks intensify, Black Arrow Cyber advises businesses to prioritise cyber resilience, integrate security into corporate strategy, and enhance threat detection to safeguard operations, reputation, and financial stability.

Governance, Risk and Compliance

AI, Cyber Ccrime Perceived as Top Insurance Risks: Kennedys

CISO stature gains traction as global cyber risk escalates | CIO Dive

CISOs drive the intersection between cyber maturity and business continuity

21% of CISOs Have Been Pressured Not to Report a Compliance Issue

Cyber Monitoring Centre Introduces ‘Richter Scale’ for Cyber-Attacks - Infosecurity Magazine

It pays to know how your cyber security stacks up | CSO Online

Infosec pros struggle under growing compliance - Help Net Security

The Cyber-Driven Domino Effect: How Financial and Security Crises Bankrupt Businesses | MSSP Alert

Boardroom cyber expertise comes under scrutiny

Board Directors Are Taking the Lead on Cyber Security Oversight

Critical Questions For Boards: Are You Prepared For Ransomware?

Study warns on "head-in-the-sand" approach to cyber security

Why cyber hygiene should be a priority for every business in 2025 - Digital Journal

Why Cyber Security Is Everyone’s Responsibility

What Is Acceptable Risk?

EMEA CISOs Plan 2025 Cloud Security Investment

Under Pressure: Why Companies Must Mitigate the Churn of Cyber Security Leaders - Security Boulevard

The CISO’s role in advancing innovation in cyber security | CSO Online

Over 60 percent of enterprise cyber security incidents relate to known risks

Security Teams Pay the Price: The Unfair Reality of Cyber Incidents - SecurityWeek

Overconfident execs are making their companies vulnerable to fraud - Help Net Security

Why Cyber Security Needs Probability — Not Predictions

Budgets and Awareness Up, Impersonation Attacks Still Prominent | SC Media UK

2024: The Year Data Security Took A Beating

Different Position, Different Challenge: AuditBoard Reveals Why Firms Struggle With Compliance | The Fintech Times

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware victims increased by 26 percent in 2024

2024 Breaks Records with Highest Ever Ransomware Attacks, as Cyber Criminals Target Critical Infrastructure

Ransomware Groups Weathered Raids, Profited in 2024

Ransomware and the Impact on Human Lives

Less than half of ransomware incidents end in payment - but you should still be on your guard | TechRadar

Critical Questions For Boards: Are You Prepared For Ransomware?

Cyber Criminals Court Traitorous Insiders via Ransom Notes

How to combat exfiltration-based extortion attacks | TechRadar

Top 3 Ransomware Threats Active in 2025

New AI "agents" could hold people for ransom in 2025 | Malwarebytes

Destructive Attacks on Financial Institutions Surge 13% - Infosecurity Magazine

Cyber Security Risks for Financial Services Firms: Proactive Strategies to Stay Ahead | BCLP - JDSupra

More destructive cyber attacks target financial institutions - Help Net Security

Ransomware recovery payments fell in 2024 • The Register

Ransomware Victims

Tata Technologies reports ransomware attack to Indian stock exchange | The Record from Recorded Future News

Indian tech giant Tata Technologies hit by ransomware attack

Tata Technologies confirms ransomware attack, says investigation still ongoing | TechRadar

Wirral NHS cyberattack leads to missed cancer care targets • The Register

Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden | WIRED

Data breach disclosed by Mizuno after BianLian claims | SC Media

Engineering group IMI latest UK firm to be hit by cyber attack

Phishing & Email Based Attacks

How Agentic AI will be Weaponized for Social Engineering Attacks - SecurityWeek

Phishing up almost 50 percent since 2021 with AI attacks on the rise

Sophisticated Phishing Attack Bypasses Microsoft ADFS MFA - Infosecurity Magazine

High-profile X Accounts Targeted in Phishing Campaign - Infosecurity Magazine

1-Click Phishing Campaign Targets High-Profile X Accounts

Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe | TechRadar

Cyberhaven: A Wake-Up Call for Consent Phishing Risks | Grip - Security Boulevard

Sophisticated Phishing Campaign Targets Ukraine’s Largest Bank - Infosecurity Magazine

Using the NIST Phish Scale Framework to Detect and Fight Phishing Attacks - Security Boulevard

Business Email Compromise (BEC)/Email Account Compromise (EAC)

US and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

Wembley Multi-Academy Trust Scammed Out of £385,000

Other Social Engineering

How Agentic AI will be Weaponized for Social Engineering Attacks - SecurityWeek

Top 5 AI-Powered Social Engineering Attacks

North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS

Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe | TechRadar

LinkedIn has become a prime hunting ground for cyber criminals – here’s what you need to look out for | ITPro

How to Protect Yourself from the Growing Threat of Spam Calls and Robocalls

Artificial Intelligence

How Agentic AI will be Weaponized for Social Engineering Attacks - SecurityWeek

Top 5 AI-Powered Social Engineering Attacks

AI, Cyber Crime Perceived as Top Insurance Risks: Kennedys

Why employees smuggle AI into work - BBC News

AI jailbreaking techniques prove highly effective against DeepSeek | Computer Weekly

DeepSeek’s Flagship AI Model Under Fire for Security Vulnerabilities - Infosecurity Magazine

Texas Governor Orders Ban on DeepSeek, RedNote for Government Devices - SecurityWeek

UK Announces “World-First” AI Security Standard - Infosecurity Magazine

DeepSeek R1 has taken the world by storm, but security experts claim it has 'critical safety flaws' that you need to know about | ITPro

Protect your data as cyber criminals use AI to target Mac in 2025

Risk Matters: Cyber Risk and AI – The Changing Landscape

Researchers Link DeepSeek’s Blockbuster Chatbot to Chinese Telecom Banned From Doing Business in US - SecurityWeek

Video Cyber Security expert discovers DeepSeek using ‘digital fingerprinting technology’ - ABC News

Qualys Report Raises Red Flags In DeepSeek-RI Security

New AI "agents" could hold people for ransom in 2025 | Malwarebytes

How Are Threat Actors Using Adversarial GenAI?

Invisible Threats: The Rise of AI-Powered Steganography Attacks - Security Boulevard

AI Rise: Can We Still Trust What We See? - InfoRiskToday

You Could Get 5 Years In Prison For Possessing These AI Tools

Cyber Threat Defence Code of Practice Announced by UK Government | SC Media UK

Can AI & the Cyber Trust Mark Rebuild Endpoint Confidence?

Scotland at risk of major AI hack, expert warns

Charges mount in former ex-Googler's AI theft case • The Register

2FA/MFA

Sophisticated Phishing Attack Bypasses Microsoft ADFS MFA - Infosecurity Magazine

Malware

Credential-stealing Malware Surges In 2024

Macs targeted by almost two dozen newly emergent payloads last year | SC Media

Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware

Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions

Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware

DaggerFly-Linked Linux Malware Targets Network Appliances - Infosecurity Magazine

Threefold Increase in Malware Targeting Credential Stores - Infosecurity Magazine

Mac Users Warned As “Fully Undetectable” Security Backdoor Confirmed

Surge in Infostealer Attacks Threatens EMEA Organisations - Infosecurity Magazine

AI Malware Dressed Up as DeepSeek Lurks in PyPi

Protect your data as cyber criminals use AI to target Mac in 2025

North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS

22 New Mac Malware Families Seen in 2024 - SecurityWeek

New Microsoft script updates Windows media with bootkit malware fixes

Lazarus APT targets crypto wallets using cross-platform JavaScript stealer

Microsoft says attackers use exposed ASP.NET keys to deploy malware

North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials

The RAT Pack Returns: ValleyRAT's Devious Delivery Methods

Chinese cyber spies use new SSH backdoor in network device hacks

SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images

Russian cyber research companies post alerts about infostealer, industrial threats | The Record from Recorded Future News

Bots/Botnets

Akamai warns of active attacks from new Mirai variant | SC Media

Mobile

Screenshot-reading malware cracks iPhone security for the first time | Digital Trends

Malware With Screen Reading Code Found in iOS Apps for the First Time - MacRumors

Google Bans 158,000 Malicious Android App Developer Accounts in 2024

Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe | TechRadar

Security and Privacy on Your Android Phone: Features You Should Know About - CNET

Why rebooting your phone daily is your best defence against zero-click hackers | ZDNET

Gravy Analytics soaks up another sueball over data breach • The Register

Wiping your iPhone? Here's the easiest way to erase all personal data | ZDNET

Denial of Service/DoS/DDoS

Akamai warns of active attacks from new Mirai variant | SC Media

Internet of Things – IoT

Akamai warns of active attacks from new Mirai variant | SC Media

Backdoor uncovered in China-made patient monitors — Contec CMS8000 raises questions about healthcare device security | Tom's Hardware

Can AI & the Cyber Trust Mark Rebuild Endpoint Confidence?

Data Breaches/Leaks

Credential Theft Becomes Cyber Criminals' Favourite Target

Gravy Analytics soaks up another sueball over data breach • The Register

OpenAI Data Breach: Threat Actor Allegedly Claims 20 Million Logins for Sale

International Civil Aviation Organisation (ICAO) and ACAO Breached: Cyberespionage Groups Targeting Aviation Safety Specialists

Mizuno USA says hackers stayed in its network for two months

NorthBay Health Data Breach Impacts 569,000 Individuals - SecurityWeek

Globe Life data breach may impact an additional 850,000 clients

US healthcare provider data breach impacts 1 million patients

Cover-up Follow-up: Westend Dental starts notifying patients of October 2020 ransomware attack – DataBreaches.Net

1 Million Impacted by Data Breach at Connecticut Healthcare Provider - SecurityWeek

Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden | WIRED

Data breach disclosed by Mizuno after BianLian claims | SC Media

Data Purportedly Stolen From Trump Hotels In Cyberattack | MSSP Alert

Taliban deny cyber security breach, claim leaked documents were not confidential | Amu TV

Organised Crime & Criminal Actors

US and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

DOJ: Over 17M Americans Impacted By Seized Cyber Crime Forums | MSSP Alert

From credit card fraud to zero-day exploits: Xe Group expanding cyber criminal efforts | CyberScoop

Crazy Evil gang runs over 10 highly specialized social media scams

Police dismantles HeartSender cyber crime marketplace network

2 Arrested in Takedown of Nulled, Cracked Hacking Forums - SecurityWeek

Two of the world's largest cyber crime forums knocked offline | ITPro

FBI, Europol shut down hacking sites selling personal info, tools for cyber criminals | News Brief | Compliance Week

California man steals $50 million using fake investment sites, gets 7 years

US accuses Canadian math prodigy of $65M crypto scheme • The Register

LinkedIn has become a prime hunting ground for cyber criminals – here’s what you need to look out for | ITPro

Dangerous hacker responsible for more than 40 cyberattacks on strategic organisations arrested – DataBreaches.Net

Man Sentenced to 7 Years in Prison for Role in $50M Internet Scam | Tripwire

Charges mount in former ex-Googler's AI theft case • The Register

Fraud factories, cyber criminals and corruption: The Economist's new podcast, "Scam Inc", uncovers a new, global, underground economy worth more than illicit drug trade

Thailand cuts power and internet to areas of Myanmar to disrupt scam gangs

Nigeria Touts Cyber Success as African Cyber Crime Rises

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images

Even the US government can fall victim to cryptojacking | FedScoop

Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware

US accuses Canadian math prodigy of $65M crypto scheme • The Register

Lazarus APT targets crypto wallets using cross-platform JavaScript stealer

Insider Risk and Insider Threats

Why employees smuggle AI into work - BBC News

Cyber Criminals Court Traitorous Insiders via Ransom Notes

Charges mount in former ex-Googler's AI theft case • The Register

What you can do to prevent workforce fraud - Help Net Security

How to Root Out Malicious Employees - Security Boulevard

Human error an overlooked cyber risk for SMEs

Insurance

AI, Cyber Crime Perceived as Top Insurance Risks: Kennedys

Cyber Monitoring Centre Introduces ‘Richter Scale’ for Cyber-Attacks - Infosecurity Magazine

UK’s Cyber Monitoring Centre begins incident classification work | Computer Weekly

Supply Chain and Third Parties

Over a dozen firms compromised in BeyondTrust breach | SC Media

Tata Technologies confirms ransomware attack, says investigation still ongoing | TechRadar

Cyberhaven: A Wake-Up Call for Consent Phishing Risks | Grip - Security Boulevard

How to create a third-party risk management policy | TechTarget

Cloud/SaaS

EMEA CISOs Plan 2025 Cloud Security Investment

Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform

Watch Out For These 8 Cloud Security Shifts in 2025

Here’s all the ways an abandoned cloud instance can cause security issues | CyberScoop

Only 3% of organisations have a dedicated budget for SaaS security - Help Net Security

Chinese 'Infrastructure Laundering' Abuses AWS, Microsoft Cloud

Abandoned AWS Cloud Storage: A Major Cyberattack Vector

Outages

Familiar failings as Barclays outage delays transactions | Today's Conveyancer

Encryption

Cyber Insights 2025: Quantum and the Threat to Encryption - SecurityWeek

If you're not working on quantum-safe encryption now, it's already too late | ZDNET

Linux and Open Source

Linux Foundation Europe and OpenSSF launch initiative for EU Cyber Resilience Act compliance - Tech.eu

DaggerFly-Linked Linux Malware Targets Network Appliances - Infosecurity Magazine

Linux Security: Scan Your Servers for Rootkits With Ease - The New Stack

Passwords, Credential Stuffing & Brute Force Attacks

Credential Theft Becomes Cyber Criminals' Favorite Target

Millions Of Password Manager Users On Red Alert—Act Now To Stay Safe

Threefold Increase in Malware Targeting Credential Stores - Infosecurity Magazine

Cyber Criminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts

Stop saving your email login info in your password manager | PCWorld

Social Media

These Are the Accounts Most Targeted By Hackers: Here's How to Secure Them

High-profile X Accounts Targeted in Phishing Campaign - Infosecurity Magazine

1-Click Phishing Campaign Targets High-Profile X Accounts

LinkedIn has become a prime hunting ground for cyber criminals – here’s what you need to look out for | ITPro

Malvertising

Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts

Fraudulent Google ads seek to breach Microsoft advertisers’ credentials | SC Media

Regulations, Fines and Legislation

“Vámonos!” Declares DORA, But 43% Of UK Financial Services Say “No”

Infosec pros struggle under growing compliance - Help Net Security

UK Announces “World-First” AI Security Standard - Infosecurity Magazine

It's Time to Consolidate Cyber Security Regulations

Critical Questions For Boards: Are You Prepared For Ransomware?

Is DOGE a cyber security threat? A security expert explains the dangers of violating protocols and regulations that protect government computer systems

Musk' DOGE leashed by court after digging up Treasury data • The Register

Protecting the US from hackers apparently isn't in Trump's budget

Ireland responds to EU infringement notice on cyber security directive | Business Post

21% of CISOs Have Been Pressured Not to Report a Compliance Issue

Resolutions for Healthcare Providers: Part 1 of 2 – Cyber Security, Privacy and HIPAA Compliance | Bodman - JDSupra

Recent US Executive Order Calls for Encrypting DNS - ISC

Different Position, Different Challenge: AuditBoard Reveals Why Firms Struggle With Compliance | The Fintech Times

Trump’s anti-DEI efforts damage national security, former officials say - Nextgov/FCW

DORA Compliance Must be a Top Priority for US Financial Institutions - Security Boulevard

House Democrats demand answers over DOGE OPM server • The Register

Musk, DOGE Move into Treasury Systems Raises Security, Privacy Concerns | MSSP Alert

The biggest breach of US government data is under way | TechCrunch

Cyber Threat Defence Code of Practice Announced by UK Government | SC Media UK

Talks begin to move National Cyber Security Centre to Department of Justice

Can AI & the Cyber Trust Mark Rebuild Endpoint Confidence?

DeepSeek users could face million-dollar fine and prison time under new law | The Independent

USCG Final Rule on Cyber Security in Marine Transportation

Models, Frameworks and Standards

“Vámonos!” Declares DORA, But 43% Of UK Financial Services Say “No”

Linux Foundation Europe and OpenSSF launch initiative for EU Cyber Resilience Act compliance - Tech.eu

Ireland responds to EU infringement notice on cyber security directive | Business Post

DORA Compliance Must be a Top Priority for US Financial Institutions - Security Boulevard

Using the NIST Phish Scale Framework to Detect and Fight Phishing Attacks - Security Boulevard

Resolutions for Healthcare Providers: Part 1 of 2 – Cyber Security, Privacy and HIPAA Compliance | Bodman - JDSupra

Careers, Working in Cyber and Information Security

The cyber security skills gap reality: We need to face the challenge of emerging tech | CSO Online

Shaping The Next Generation Of Cyber Security Professionals

The Cyber Security Crisis: Companies Can’t Fill Roles, Workers Shut Out

Under Pressure: Why Companies Must Mitigate the Churn of Cyber Security Leaders - Security Boulevard

Government must address cyber security staffing shortage, NAO warns

Why Diversity Should not be Removed from Cyber in 2025 | SC Media UK

Public sector pay gap threatens UK cyber resilience

The hidden dangers of a toxic cyber security workplace - Help Net Security

Law Enforcement Action and Take Downs

Ransomware Groups Weathered Raids, Profited in 2024

US and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

DOJ: Over 17M Americans Impacted By Seized Cyber Crime Forums | MSSP Alert

Police dismantles HeartSender cyber crime marketplace network

2 Arrested in Takedown of Nulled, Cracked Hacking Forums - SecurityWeek

FBI, Europol shut down hacking sites selling personal info, tools for cyber criminals | News Brief | Compliance Week

California man steals $50 million using fake investment sites, gets 7 years

Identity thief whose deception led to his victim’s incarceration gets a 12-year prison term | AP News

US accuses Canadian math prodigy of $65M crypto scheme • The Register

Dangerous hacker responsible for more than 40 cyberattacks on strategic organisations arrested – DataBreaches.Net

Man Sentenced to 7 Years in Prison for Role in $50M Internet Scam | Tripwire

Charges mount in former ex-Googler's AI theft case • The Register

Europol Cracks Down on Global Child Abuse Network “The Com” - Infosecurity Magazine

Thailand cuts power and internet to areas of Myanmar to disrupt scam gangs

Nigeria Touts Cyber Success as African Cyber Crime Rises

Misinformation, Disinformation and Propaganda

Mis/Disinformation: The Skew of Information and Its Impacts on You | AFCEA International

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Britain to boost cyber warfare capabilities

Exploring The Cyber Security Battlefield Of 2025

The Weaponization of Operational Technology

International Civil Aviation Organisation (ICAO) and ACAO Breached: Cyberespionage Groups Targeting Aviation Safety Specialists

Nation State Actors

China

Is DeepSeek a national security threat? New research highlights ties with Chinese telecom raising data security concerns | Mint

Researchers Link DeepSeek’s Blockbuster Chatbot to Chinese Telecom Banned From Doing Business in US - SecurityWeek

Video Cyber Security expert discovers DeepSeek using ‘digital fingerprinting technology’ - ABC News

Qualys Report Raises Red Flags In DeepSeek-RI Security

Chinese 'Infrastructure Laundering' Abuses AWS, Microsoft Cloud

Chinese cyber spies use new SSH backdoor in network device hacks

Backdoor uncovered in China-made patient monitors — Contec CMS8000 raises questions about healthcare device security | Tom's Hardware

DeepSeek Jailbreak Reveals Its Entire System Prompt

AI jailbreaking techniques prove highly effective against DeepSeek | Computer Weekly

DeepSeek’s Safety Guardrails Failed Every Test Researchers Threw at Its AI Chatbot | WIRED

Texas Governor Orders Ban on DeepSeek, RedNote for Government Devices - SecurityWeek

DeepSeek R1 has taken the world by storm, but security experts claim it has 'critical safety flaws' that you need to know about | ITPro

Australia bans DeepSeek over security... - Mobile World Live

Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks

Russia

Sophisticated Phishing Campaign Targets Ukraine’s Largest Bank - Infosecurity Magazine

CVE-2025-0411: Ukrainian Organisations Targeted in Zero-Day Campaign and Homoglyph Attacks | Trend Micro (US)

British PM scrapped ‘dangerously obvious’ email after Russian hacking | Cybernews

7-Zip MotW bypass exploited in zero-day attacks against Ukraine

British PM Keir Starmer’s Personal Email Allegedly Hacked by Russian Operatives

Russian cyber research companies post alerts about infostealer, industrial threats | The Record from Recorded Future News

North Korea

North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials

North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS

Lazarus APT targets crypto wallets using cross-platform JavaScript stealer

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

WhatsApp claims that 100 journalists and activists were the targets of Israeli-made spyware

Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists

WhatsApp: Global spyware campaign conducted by Israeli firm | SC Media

Tools and Controls

Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware

Risk Matters: Cyber Risk and AI – The Changing Landscape

Enterprises invest heavily in AI-powered solutions - Help Net Security

What Is Acceptable Risk?

EMEA CISOs Plan 2025 Cloud Security Investment

Watch Out For These 8 Cloud Security Shifts in 2025

Here’s all the ways an abandoned cloud instance can cause security issues | CyberScoop

Future of Cyber Security: Will XDR Absorb SIEM & SOAR? | Trend Micro (US)

How AI-driven SOC co-pilots will change security center operations

Only 3% of organisations have a dedicated budget for SaaS security - Help Net Security

The API security crisis and why businesses are at risk - Help Net Security

Beware cyber security tech that’s past its prime — 5 areas to check or retire | CSO Online

Recent US Executive Order Calls for Encrypting DNS - ISC

Financial services to increase AI spending with cyber security a top priority, finds Nvidia report - FStech

How to build an effective purple team playbook | TechTarget

Security Teams Pay the Price: The Unfair Reality of Cyber Incidents - SecurityWeek

One breach to rule them all: The security perils of digital consolidation | SC Media

Budgets and Awareness Up, Impersonation Attacks Still Prominent | SC Media UK

Why streamlining cyber security is essential for success - Verdict

How to create a third-party risk management policy | TechTarget

Is Your Antivirus Spying on You? Yes, and Some Are Worse Than Others

What does it mean to build in security from the ground up? • The Register

Why honeypots deserve a spot in your cyber security arsenal | CSO Online

Other News

Cyber Monitoring Centre Introduces ‘Richter Scale’ for Cyber-Attacks - Infosecurity Magazine

The Weaponisation of Operational Technology

Financial sector faces increased cyber security threats

Destructive Attacks on Financial Institutions Surge 13% - Infosecurity Magazine

Cyber security Risks for Financial Services Firms: Proactive Strategies to Stay Ahead | BCLP - JDSupra

DNSFilter's Annual Security Report Reveals Worrisome Spike in Malicious DNS Requests

How safe is coffee shop WiFi? | BCS

Build a vulnerability management program with internet exposure in mind | SC Media

One breach to rule them all: The security perils of digital consolidation | SC Media

Threat Actors Target Public-Facing Apps for Initial Access - Infosecurity Magazine

More destructive cyber attacks target financial institutions - Help Net Security

NCSC Issues Guidance to Protect UK Research and Innovation - Infosecurity Magazine

2024: The Year Data Security Took A Beating

NAO warns of severe cyber threat to the UK

Cyber security, government experts are aghast at security failures in DOGE takeover | CyberScoop

Introduce cyber security in schools, experts warn

Financial advisers neglecting cyber security at their own risk

Government must address cyber security staffing shortage, NAO warns

Booking.com’s CISO on Strengthening Security in Travel Sector - Infosecurity Magazine

Elon Musk Access to Key Data Systems Sparks Cyber Alarms

USCG Final Rule on Cyber Security in Marine Transportation

Vulnerability Management

Navigating the Future: Key IT Vulnerability Management Trends

Transforming Vulnerability Management with Threat Intelligence: A Vision for MSSPs | MSSP Alert

768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023

Over 60 percent of enterprise cyber security incidents relate to known risks

Managing Software Risk in a World of Vulnerabilities

Infosec pros: We need CVSS, warts and all | CyberScoop

From credit card fraud to zero-day exploits: Xe Group expanding cyber criminal efforts | CyberScoop

Vulnerabilities

New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack

A worrying security flaw could have left Microsoft SharePoint users open to attack | TechRadar

Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

Chrome 133, Firefox 135 Patch High-Severity Vulnerabilities - SecurityWeek

Google warns Android users of a kernel flaw under attack • The Register

Critical RCE bug in Microsoft Outlook now exploited in attacks

Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware

Zyxel won’t patch newly exploited flaws in end-of-life routers

Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers | TechCrunch

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25

Hackers Exploiting A Six-Year-Old IIS Vulnerability To Gain Remote Access

Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc

AMD patches high severity security flaw affecting Zen chips | TechRadar

Microsoft Patches Critical Azure AI Face Security Bug | MSSP Alert

New Microsoft script updates Windows media with bootkit malware fixes

CISA orders agencies to patch Linux kernel bug exploited in attacks

Cisco Patches Critical Vulnerabilities in Enterprise Security Product - SecurityWeek

BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API Key

7-Zip MotW bypass exploited in zero-day attacks against Ukraine

Netgear warns users to patch critical WiFi router vulnerabilities

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 02/02/2025 Black Arrow Admin 02/02/2025

Black Arrow Cyber Threat Intelligence Briefing 31 January 2025

Black Arrow Cyber Threat Intelligence Briefing 31 January 2025:

-More Than Half of UK Workplaces Faced Cyber Attacks Last Year

-Cyber Security Responsibilities Across the C-Suite: A Breakdown for Every Executive

-Hackers Use Generative AI to Attack More Frequently and Effectively

-74% of Organisations are Increasing Crisis Simulation Budgets

-Only 13% of Organisations Fully Recover Data After a Ransomware Attack

-Cyber Security Threats Hit Mid-Market Firms Where It Hurts: The Bottom Line

-GhostGPT Can Write Malicious Code, Create Malware, and Create Convincing Phishing Emails for Just $50/Week

-New Phishing Campaign Targets Mobile Devices with Malicious PDFs

-The Clock is Ticking: Hackers Can Take You Down in 48 Minutes

-Security Threats Top Concerns for UK SMEs

-SaaS (Cloud) Breaches Skyrocket 300% as Traditional Defences Fall Short

-Rise of AI is Causing Many Firms to Worry About Their Cyber Security

Executive Summary

Looking at open source reporting this week, and indeed from our own work, it is clear that UK businesses are facing an alarming rise in cyber attacks, with over half experiencing an incident in 2024. Despite this, only a minority have structured risk assessments or incident response plans in place. AI-driven phishing attacks have surged by over 4,000%, yet just 17% of organisations invest in cyber security training. Meanwhile, the rapid adoption of generative AI is both strengthening defences and empowering attackers. Tools like GhostGPT, available for as little as $50 per week, are automating malware development and phishing campaigns, reducing the technical barrier for cyber criminals. The time from initial breach to full compromise has shrunk to just 48 minutes, highlighting the need for faster response times and automated defences.

Cyber security is no longer just a technical challenge but a critical business issue requiring C-suite engagement. CEOs must integrate security into corporate strategy, particularly for mid-market firms where breaches threaten growth and innovation. The escalating ransomware crisis has led to 58% of victims shutting down operations, yet only 13% fully recover their data, exposing gaps in resilience. The surge in SaaS breaches, up 300% in the past year, further underscores the importance of identity protection and continuous monitoring to mitigate risk.

As cyber threats intensify, Black Arrow Cyber advises organisations to prioritise crisis simulations, proactive investment, and cross-functional collaboration. With 74% of CISOs increasing crisis simulation budgets and AI reshaping the threat landscape, businesses must act now to build resilience. Strengthening mobile security, enforcing least privilege access, and rapidly addressing vulnerabilities are crucial to preventing financial and reputational harm. The cyber security clock is ticking, and businesses must move swiftly to stay ahead of evolving threats.

Governance, Risk and Compliance

CISOs boost board presence by 77% over two years | Computer Weekly

Cyber Security Responsibilities Across the C-Suite: A Breakdown for Every Executive - Security Boulevard

CISOs are gaining more influence in the boardroom, and it’s about time | ITPro

74% of CISOs are increasing crisis simulation budgets - Help Net Security

Rise of AI is causing many firms to worry about their cyber security | TechRadar

Hackers Are Getting Faster—48 Minutes And You’re Cooked

Cyber security crisis in numbers - Help Net Security

Cyber security Threats Hit Mid-Market Firms in the Bottom Line

CISOs Are Gaining C-Suite Swagger

88% of High-Uncertainty Firms Report Cyber Security Risks

UK Organisations Boosting Cyber Security Budgets - Infosecurity Magazine

UK's small businesses underestimating risk of cyber attacks

Security threats top concerns for UK SMEs – PCR

It’s time to catch up with cyber attackers | TechRadar

More than half of UK workplaces faced cyber attacks last year | theHRD

How to improve cyber resilience across your workforce | theHRD

Cyber Resilience: Sorry Vendors, It’s About Leadership, Not Tech

Crisis Simulation: The New Frontier for CISOs in 2025

How CISOs can forge the best relationships for cyber security investment | CSO Online

Old Ways of Vendor Risk Management Are No Longer Enough

We're losing the battle against complexity, and AI may or may not help | ZDNET

Revealed – top emerging threats for banks and insurers | Insurance Business America

Acronis Data Privacy Survey Reveals 64% of Global Consumers

Cyber trends set to influence business strategies - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

TRIPLESTRENGTH Operation Targets Major Cloud Platforms | MSSP Alert

Don't count on ransomware insurance to save you - Tech Monitor

Survey Surfaces Extent of Financial Damage Caused by Ransomware Scourge - Security Boulevard

58% of Ransomware Victims Forced to Shut Down Operations - Infosecurity Magazine

Illumio Research Reveals 58% of Companies Hit With

Only 13% of organisations fully recover data after a ransomware attack - Help Net Security

Another banner year for ransomware gangs • The Register

Ransomware Gangs Linked by Shared Code and Ransom Notes - Infosecurity Magazine

The rising tide of ransomware and what it means for small and medium-sized businesses [Q&A]

Lynx Ransomware Infrastructure To Attack Windows, Linux, ESXi & Affiliate Panel Uncovered

Baguettes bandits strike again with ransomware, humiliation • The Register

New Hellcat Ransomware Gang Employs Humiliation Tactics - Infosecurity Magazine

Revealed – top emerging threats for banks and insurers | Insurance Business America

New report warns of sophisticated techniques being used by ransomware group Arcus Media - SiliconANGLE

How Interlock Ransomware Infects Healthcare Organisations

What we know about the AI-powered ransomware group, FunkSec - Raconteur

UK: Consultation on Ransomware payments | DLA Piper - JDSupra

Lynx ransomware infiltration reveals affiliate panel details | SC Media

Ransomware gang uses SSH tunnels for stealthy VMware ESXi access

Ransomware Victims

MGM to pay $45m to data breach and ransomware victims

Let’s Secure Insurance failed to secure their own data storage. Now they have a breach. – DataBreaches.Net

152,000 Impacted by Data Breach at Berman & Rabin - SecurityWeek

'A poignant reminder of the devastating impact': The steps to take to safeguard your business against ransomware attack - Business MK

Healthcare Sector Charts 2 More Ransomware Attacks

Ransomware Attack Disrupts Blood Donation Services in US - Infosecurity Magazine

Smiths Group Scrambling to Restore Systems Following Cyber Attack - SecurityWeek

Phishing & Email Based Attacks

New Phishing Campaign Targets Mobile Devices with Malicious PDFs - Infosecurity Magazine

Google forced to step up phishing defences following ‘most sophisticated attack’ it has ever seen | TechRadar

The top 10 brands exploited in phishing attacks - and how to protect yourself | ZDNET

Hidden Text Salting Disrupts Brand Name Detection Systems - Infosecurity Magazine

Hidden in Plain Sight: PDF Mishing Attack - Security Boulevard

Threat Actors Exploit Government Websites for Phishing - Infosecurity Magazine

Phishing Campaign Baits Hook With Malicious Amazon PDFs

Nine out of ten emails are spam - Help Net Security

Other Social Engineering

New Phishing Campaign Targets Mobile Devices with Malicious PDFs - Infosecurity Magazine

Scammers Are Creating Fake News Videos to Blackmail Victims | WIRED

DoJ Busts Up Another Multinational DPRK IT Worker Scam

Don't Fall For These Reddit Scam Pages Waiting to Install Malware On Your Computer

Reddit, WeTransfer pages spoofed in Lumma Stealer campaign | SC Media

British Vishing-as-a-Service Trio Sentenced - Infosecurity Magazine

Artificial Intelligence

Prompt Injection Tricks AI Into Downloading And Executing Malware | Hackaday

Hackers use GenAI to attack more frequently and effectively | TechRadar

Hackers are using a new AI chatbot to wage attacks: GhostGPT lets users write malicious code, create malware, and curate phishing emails – and it costs just $50 to use | ITPro

Rise of AI is causing many firms to worry about their cyber security | TechRadar

Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

89% of IT Leaders Worry GenAI Flaws Could Negatively Impact Their Organisation’s Cyber Security Strategies, Sophos Survey Finds

AI-powered Chrome extensions are watching you…

AI security posture management will be needed before agentic AI takes hold - Help Net Security

DeepSeek Blames Disruption on Cyber Attack as Vulnerabilities Emerge - SecurityWeek

The Wiretap: DeepSeek Turned Into Evil Malware Maker, Researchers Find

Nation-State Hackers Abuse Gemini AI Tool - Infosecurity Magazine

What we know about the AI-powered ransomware group, FunkSec - Raconteur

The 10 worst software disasters of 2024: cyber attacks, malicious AI, and silent threats | TechRadar

DeepSeek database left open, exposing sensitive info • The Register

Hackers Are Using Google's AI Chatbot to Make Attacks More Efficient - Business Insider

Time Bandit ChatGPT jailbreak bypasses safeguards on sensitive topics

Risk Matters: Cyber Risk and AI – The Changing Landscape | Newswise

Preparing financial institutions for the next generation of cyber threats - Help Net Security

Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks

Former OpenAI safety researcher brands pace of AI development ‘terrifying’ | Artificial intelligence (AI) | The Guardian

2FA/MFA

How hackers bypass MFA – and what to do about it | ITPro

Malware

Over a billion credentials stolen were stolen in malware attacks in 2024 | TechRadar

Prompt Injection Tricks AI Into Downloading And Executing Malware | Hackaday

Hacker infects 18,000 "script kiddies" with fake malware builder

Russian Scammers Target Crypto Influencers with Infostealers - Infosecurity Magazine

MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks

Phishing Campaign Baits Hook With Malicious Amazon PDFs

Don't Fall For These Reddit Scam Pages Waiting to Install Malware On Your Computer

Reddit, WeTransfer pages spoofed in Lumma Stealer campaign | SC Media

18,459 Devices Compromised Worldwide Via XWorm RAT Builder | MSSP Alert

Cyber Insights 2025: Malware Directions - SecurityWeek

Secondary payloads delivered via MintsLoader attacks | SC Media

The Wiretap: DeepSeek Turned Into Evil Malware Maker, Researchers Find

Over 10,000 WordPress sites found showing fake Google browser update pages to spread malware | TechRadar

PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyber Attacks

Phishing campaign in Poland and Germany deploys TorNet backdoor | SC Media

What Happens When Students Bring Malware to Campus? | EdTech Magazine

Bots/Botnets

Aquabot Botnet Targeting Vulnerable Mitel Phones - SecurityWeek

Mobile

New Phishing Campaign Targets Mobile Devices with Malicious PDFs - Infosecurity Magazine

Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More

Google Play security teams used AI in 92% of app reviews in 2024 - Android Authority

Google blocked 2.36 million risky Android apps from Play Store in 2024

Denial of Service/DoS/DDoS

The Undercurrent Behind the Rise of DeepSeek: DDoS Attacks in the Global AI Technology Game - Security Boulevard

Internet of Things – IoT

Cyber Security Threats To Modern Cars: How Hackers Are Taking Control

Data Breaches/Leaks

MGM to pay $45m to data breach and ransomware victims

TalkTalk confirms data breach involving a third-party platform

UK telco TalkTalk launches probe into alleged data grab • The Register

1 in 2 Americans affected by UnitedHealth cyber attack, new disclosure shows | Rock Hill Herald

UnitedHealth estimates 190M people impacted by Change Healthcare cyber attack – DataBreaches.Net

Mega Data Breaches Push US Victim Count to 1.7 Billion - Infosecurity Magazine

Millions of airline customers possibly affected by OAuth security flaw | TechRadar

DeepSeek database left open, exposing sensitive info • The Register

312% Surge in Breach Notices That Could Have Been Prevented

PowerSchool starts notifying victims of massive data breach

Reporting a Breach? Make Sure Your Lawyer's on Call

152,000 Impacted by Data Breach at Berman & Rabin - SecurityWeek

Cyber security Event at Benefits Management Group Results in Data Breach | Console and Associates, P.C. - JDSupra

Organised Crime & Criminal Actors

Cyber security crisis in numbers - Help Net Security

Hackers Are Getting Faster—48 Minutes And You’re Cooked

Man arrested after climate activists cut UK insurance firms’ fibre optic cables | UK news | The Guardian

FBI nominee Kash Patel gets questions on cyber crime investigations, Silk Road founder, surveillance powers | CyberScoop

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

TRIPLESTRENGTH Operation Targets Major Cloud Platforms | MSSP Alert

At least $69 million stolen from crypto platform Phemex in suspected cyber attack | The Record from Recorded Future News

Russian Scammers Target Crypto Influencers with Infostealers - Infosecurity Magazine

What's Yours is Mine: Is Your Business Ready for Cryptojacking Attacks?

Insider Risk and Insider Threats

How to improve cyber resilience across your workforce | theHRD

British Museum says ex-contractor 'shut down' IT systems • The Register

HR Magazine - Former employee shuts down British Museum IT systems

CrowdStrike Highlights Magnitude of Insider Risk

Insurance

Don't count on ransomware insurance to save you - Tech Monitor

Cyber Insights 2025: Cyberinsurance – The Debate Continues - SecurityWeek

Supply Chain and Third Parties

TalkTalk confirms data breach involving a third-party platform

Revealed – top emerging threats for banks and insurers | Insurance Business America

How Lazarus Group built a cyber espionage empire - Help Net Security

Third-Party Vendors Are the Supply Chain’s Ignored Vulnerability | HackerNoon

Building Resilience Against Zero-Day Threats In Third-Party Risk Management

Old Ways of Vendor Risk Management Are No Longer Enough

Companies told to enhance third party cyber security efforts

GoDaddy’s Cyber Security Called Into Question

Cloud/SaaS

TRIPLESTRENGTH Operation Targets Major Cloud Platforms | MSSP Alert

SaaS Breaches Skyrocket 300% as Traditional Defences Fall Short - Infosecurity Magazine

MITRE's Latest ATT&CK Simulations Tackles Cloud Defences

Microsoft investigates Microsoft 365 outage affecting users, admins

Outages

Man arrested after climate activists cut UK insurance firms’ fibre optic cables | UK news | The Guardian

Microsoft investigates Microsoft 365 outage affecting users, admins

Identity and Access Management

Hackers use Windows RID hijacking to create hidden admin account

Staying Ahead with Enhanced IAM Protocols - Security Boulevard

Microsoft Details Key Strategies for Proactive Identity Management

Encryption

"Anonymity is not a fundamental right": experts disagree with Europol chief's request for encryption back door | TechRadar

Linux and Open Source

Lynx Ransomware Infrastructure To Attack Windows, Linux, ESXi & Affiliate Panel Uncovered

Lazarus Group's latest heist hits hundreds globally • The Register

Facebook flags Linux topics as 'cyber security threats' — posts and users being blocked | Tom's Hardware

Passwords, Credential Stuffing & Brute Force Attacks

Over a billion credentials stolen were stolen in malware attacks in 2024 | TechRadar

Multiple Git flaws led to credentials compromise

Social Media

Is TikTok a national security threat – or is the ban a smokescreen for superpower rivalry? | TikTok | The Guardian

Microsoft Eyes TikTok’s US Operations Amid National Security Concerns - gHacks Tech News

facebook flags Linux topics as threats

Facebook flags Linux topics as 'cyber security threats' — posts and users being blocked | Tom's Hardware

Trump’s bigger China cyber threat isn’t TikTok - The Japan Times

Malvertising

Security Bite: How hackers are still using Google Ads to spread malware - 9to5Mac

Training, Education and Awareness

How to improve cyber resilience across your workforce | theHRD

Regulations, Fines and Legislation

National security risks in routers, modems targeted in bipartisan Senate bill | CyberScoop

SEC and FCA fines: Issues jump - Help Net Security

312% Surge in Breach Notices That Could Have Been Prevented

UK: Consultation on Ransomware payments | DLA Piper - JDSupra

Strengthening National Security in the AI Era

FBI nominee Kash Patel gets questions on cyber crime investigations, Silk Road founder, surveillance powers | CyberScoop

Trump Administration Faces Security Balancing Act in Borderless Cyber Landscape - SecurityWeek

Gutting US cyber advisory boards 'foolish' • The Register

Models, Frameworks and Standards

MITRE's Latest ATT&CK Simulations Tackles Cloud Defences

Careers, Working in Cyber and Information Security

Hackers allegedly stole $69M from cryptocurrency platform Phemex

Nine human-centric strategies that strengthen security teams | SC Media

How to make sure you’ve got the cyber security people you need

Law Enforcement Action and Take Downs

Another banner year for ransomware gangs • The Register

British Vishing-as-a-Service Trio Sentenced - Infosecurity Magazine

Brit fraudsters sentenced over account takeover operation • The Register

Authorities Seize Domains of Popular Hacking Forums in Major Cyber Crime Crackdown

Nulled, Other Cyber Crime Websites Seized by Law Enforcement - SecurityWeek

FBI seizes Cracked.io, Nulled.to hacking forums in Operation Talent

Law enforcement continues efforts to disrupt cyber crime forums and services – DataBreaches.Net

Misinformation, Disinformation and Propaganda

AI, disinformation and cyber security - POST

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

The Private Sector on the Front Line | Foreign Affairs

Nation State Actors

China

MPs and peers start inquiry into Russian and Chinese sabotage threats to subsea internet cables | Computer Weekly

As Russian Spy Ship Yantar Enters British Waters, the Deep-Sea Battle Over Undersea Cables Heats Up - WSJ

Vessel seized on suspicion of cutting Baltic internet cable

Latvia: Undersea cable likely damaged by external influence – DW – 01/27/2025

One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years | TechRadar

Inside China's 'hacking capital' that has ignited global cyber security alarms | ITV News

Is TikTok a national security threat – or is the ban a smokescreen for superpower rivalry? | TikTok | The Guardian

Are We Serious About Chinese Spying? - SMERCONISH

DeepSeek Blames Disruption on Cyber Attack as Vulnerabilities Emerge - SecurityWeek

National security risks in routers, modems targeted in bipartisan Senate bill | CyberScoop

The Wiretap: DeepSeek Turned Into Evil Malware Maker, Researchers Find

Hackers Are Using Google's AI Chatbot to Make Attacks More Efficient - Business Insider

Baltic undersea pipes and cables keep getting damaged. What’s going on? | CNN Business

Trump’s bigger China cyber threat isn’t TikTok - The Japan Times

UK launches inquiry into threats to subsea cable systems

Sweden seizes vessel after another undersea cable damaged • The Register

Gutting US cyber advisory boards 'foolish' • The Register

Microsoft Eyes TikTok’s US Operations Amid National Security Concerns - gHacks Tech News

Russia

MPs and peers start inquiry into Russian and Chinese sabotage threats to subsea internet cables | Computer Weekly

As Russian Spy Ship Yantar Enters British Waters, the Deep-Sea Battle Over Undersea Cables Heats Up - WSJ

Vessel seized on suspicion of cutting Baltic internet cable

Latvia: Undersea cable likely damaged by external influence – DW – 01/27/2025

Cross-Party Inquiry Examines Threats to Undersea UK Internet Cables - ISPreview UK

Nation-State Hackers Abuse Gemini AI Tool - Infosecurity Magazine

Baltic undersea pipes and cables keep getting damaged. What’s going on? | CNN Business

UK launches inquiry into threats to subsea cable systems

Sweden seizes vessel after another undersea cable damaged • The Register

Exclusive: Baltic Sea shipping tax could pay for undersea cable protection, says Estonian minister | Reuters

Russian Scammers Target Crypto Influencers with Infostealers - Infosecurity Magazine

European Union Sanctions Russian Nationals for Hacking Estonia - SecurityWeek

GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities

Iran

Google details nefarious Gemini use by Iranian spies • The Register

North Korea

How Lazarus Group built a cyber espionage empire - Help Net Security

DoJ Busts Up Another Multinational DPRK IT Worker Scam

Lazarus Group's latest heist hits hundreds globally • The Register

Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks

Tools and Controls

74% of CISOs are increasing crisis simulation budgets - Help Net Security

Crisis Simulations: A Top 2025 Concern for CISOs

CISOs Boost Crisis Simulation Budgets Amid High-Profile Cyber-Attacks - Infosecurity Magazine

Crisis Simulation: The New Frontier for CISOs in 2025

How to improve cyber resilience across your workforce | theHRD

Attackers exploit SimpleHelp RMM Software flaws for initial access

Building Resilience Against Zero-Day Threats In Third-Party Risk Management

Hackers exploiting flaws in SimpleHelp RMM to breach networks

Risk Matters: Cyber Risk and AI – The Changing Landscape | Newswise

UK Organisations Boosting Cyber Security Budgets - Infosecurity Magazine

PrintNightmare Aftermath: Windows Print Spooler is Better. What's Next?

Old Ways of Vendor Risk Management Are No Longer Enough

Cyber Resilience: Sorry Vendors, It’s About Leadership, Not Tech

How CISOs can forge the best relationships for cyber security investment | CSO Online

Prepare to be breached: the radical cyber-security strategy that might save your business | The Independent

Microsoft Teams phishing attack alerts coming to everyone next month

Man arrested after climate activists cut UK insurance firms’ fibre optic cables | UK news | The Guardian

How to Choose the Right Cyber Security Software: A Comprehensive Guide - Security Boulevard

Remote Monitoring and Management (RMM) Abuse | Intel 471

Staying Ahead with Enhanced IAM Protocols - Security Boulevard

We're losing the battle against complexity, and AI may or may not help | ZDNET

WFH with privacy? 85% of Brit bosses are snooping on staff • The Register

Fragmented cyber security is costing businesses billions, and putting them at risk | TechRadar

Nine out of ten emails are spam - Help Net Security

Other News

World Economic Forum 2025: Navigating Cyber Security in an Era of Complexity

Vulnerabilities in Telecom Networks Let Hackers Gain Access to 3,000 Companies

Cross-Party Inquiry Examines Threats to Undersea UK Internet Cables - ISPreview UK

Cyber security crisis in numbers - Help Net Security

The 10 worst software disasters of 2024: cyber attacks, malicious AI, and silent threats | TechRadar

UK government is facing a “severe” cyber threat, report

NAO blasts UK gov over litany of cyber resilience failures • The Register

It’s time to catch up with cyber attackers | TechRadar

UK launches inquiry into threats to subsea cable systems

Sweden seizes vessel after another undersea cable damaged • The Register

SMEs to ramp up tech investments in 2025 | Mortgage Professional Australia

Remote Monitoring and Management (RMM) Abuse | Intel 471

GoDaddy’s Cyber Security Called Into Question

Strengthening cyber security for fintech SMEs: A call for compliance, investment, collaboration - SME News | The Financial Express

Vulnerability Management

Building Resilience Against Zero-Day Threats In Third-Party Risk Management

NCSC Calls on Vendors to Eradicate “Unforgivable” Vulnerabilities - Infosecurity Magazine

Microsoft to deprecate WSUS driver synchronization in 90 days

The 10 worst software disasters of 2024: cyber attacks, malicious AI, and silent threats | TechRadar

UK’s NCSC Proposes New Vulnerability Classification System | MSSP Alert

Vulnerabilities

Fortinet Zero-Day Gives Attackers Super-Admin Privileges

TeamViewer Patches High-Severity Vulnerability in Windows Applications - SecurityWeek

RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations

Palo Alto Networks firewalls have UEFI flaws, Secure Boot bypasses | CSO Online

One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years | TechRadar

LTE, 5G Vulnerabilities Could Cut Entire Cities From Cellular Connectivity - SecurityWeek

Vulnerabilities in Telecom Networks Let Hackers Gain Access to 3,000 Companies

Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More

SonicWall says hackers are exploiting a new zero-day bug to breach customer networks | TechCrunch

Aquabot Botnet Targeting Vulnerable Mitel Phones - SecurityWeek

Multiple Git flaws led to credentials compromise

Apple Silicon flaws could make your private data vulnerable

Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer

Apple's in-house chips have security flaws that could expose your Gmail inbox to attackers

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

VMware plugs credential-leaking bugs in Cloud Foundation • The Register

TeamViewer fixed a bug in Windows client and host applications

Hackers exploiting flaws in SimpleHelp RMM to breach networks

Millions of airline customers possibly affected by OAuth security flaw | TechRadar

Critical remote code execution bug found in Cacti framework

Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 31/01/2025 Black Arrow Admin 31/01/2025

Black Arrow’s Key Cyber Predictions for 2025

Black Arrow’s Key Cyber Predictions for 2025

At Black Arrow, we see significant cyber risks escalating in 2025 as attackers’ technology and tactics develop, and geopolitical tensions increase. Our cyber threat intelligence, including our weekly briefing for our newsletter subscribers, shows a sharp rise in attacks during 2024, which continues into 2025. This includes increasingly sinister phishing and other AI-enabled attacks as part of ransomware and extortion, which in some cases lead to the collapse of the victim organisation.

Phishing in 2025, Powered by AI

In 2025, we see phishing continuing its alarming rise. Attackers are using AI to amplify the dangers of phishing, not just in emails but also in Teams and other messaging platforms. AI-generated messages adapt to bypass existing controls, with greater success in landing in employees' inboxes. Gone are the days of spotting phishing through bad spelling and grammar; AI will generate perfect communications tailored to specific sectors and will flex to penetrate victims' security.

Deepfake: A Growing Threat in 2025

Deepfake audio and video calls form part of a modern attack scenario, no longer limited to sophisticated attackers. The deepfake video attack on Arup last year, which resulted in USD 25 million in fraudulent bank payments, was a trailblazing example. With the rapid development of AI, we predict that deepfake attacks will affect small and medium-sized businesses as much as large organisations. The technology and kits for such attacks are set to become cheaper and more accessible in 2025.

Supply Chain Risks: No Company is an Island

Organisations heavily rely on other companies to manage key activities or systems, including outsourced payroll, IT, accounting, legal services, and marketing. This trend will continue to grow in 2025, along with substantial cyber security risks. Attackers will increasingly focus on supply chains as an easy way to access data for ransom or payment fraud. An example of the most popular attack we see would be where an attacker gains access to your third party’s email account (known as business email compromise, or BEC), and then interacts with you from that trusted email account to make changes to bank account details for upcoming payments. BEC and other attacks often start with phishing emails which we see will be enhanced by AI and deepfake in 2025.

Quantum Computing: On the Horizon

With many organisations developing quantum computing, we expect advances in 2025 and beyond that will present opportunities for both organisations and attackers. Quantum computers have the potential to solve highly complex problems at high speed, but this capability could also be used by attackers to break encryption. We see 2025 as the year when many organisations start to reexamine their security approaches to withstand the malicious use of quantum computing.

Constant Innovation: The Need for Threat Intelligence

The sudden appearance of DeepSeek AI in late January 2025, which sent shockwaves through the global technology sector, reminds us that all businesses need to stay abreast of technological developments and understand their cyber security implications. We encourage you to subscribe to our free weekly threat intelligence briefing, sent by email every Monday, to help keep up to date.

Visit our website at www.blackarrowcyber.com/subscribe for more information.

Black Arrow Admin 26/01/2025 Black Arrow Admin 26/01/2025

Black Arrow Cyber Threat Intelligence Briefing 24 January 2025

Black Arrow Cyber Threat Intelligence Briefing 24 January 2025:

-Russian Ransomware Groups Deploy Email Bombing and Teams Vishing

-Cyber Security Breaches Are Increasing Business Insolvency Risks

-Companies Seek Specialised Expertise to Combat Artificial Intelligence (AI) Cyber Threats

-When Risk Becomes Habit: Employee Behaviour and Organisational Security

-New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing

-Global Cyber Attacks Jumped 44% Last Year

-Phishing Campaigns Became a Lot More Sinister in 2024

-CISOs Dramatically Increase Boardroom Influence but Many Still Lack Soft Skills

-Bad News - Businesses Who Pay Ransomware Attackers Aren’t Very Likely to Get Their Data Back

-Deepfakes Force a New Era in Fraud Detection, Identity Verification

-Misinformation Is No. 1 Global Risk, Cyber Espionage in Top 5

-Educate, Prepare, and Mitigate: The Keys to Unlocking Cyber Resilience

-What is ‘Security Theatre’ and How Can Firms Move Beyond It?

-SMEs Face Rising Cyber Threats Amid AI and Training Concerns

Executive Summary

This week, our cyber threat intelligence reports on new and evolving tactics of attackers and the devastating impact of attacks, as well as how organisations should act to improve their security including rehearsing how they will react when they experience an incident.

Recent reports highlight a surge in attacks whereby the attacker overwhelms their victim with emails and then contacts them on Teams posing as IT support to gain access to the victim’s systems. These attacks underscore the need for organisations to restrict external communications, limit remote access, and enhance employee awareness to prevent breaches. Furthermore, the growing use of artificial intelligence (AI) by cyber criminals has necessitated a focus on specialised expertise, with companies investing in both internal training and external cyber security support to counter AI-driven threats.

Behind the stories of attacks and data breaches, there are the real lives of individuals and organisations who suffer the heart-breaking catastrophic impact, including organisations that have closed or filled for insolvency. Studies indicate that the average cost of a breach is now nearly $5 million, while paying ransom demands often fails to recover data, leading to further losses. The increasing sophistication of phishing campaigns and deepfake technology is further complicating fraud detection and identity verification processes. To mitigate these risks, firms must adopt a proactive approach that includes robust incident response plans, enhanced employee training, and the adoption of zero-trust security frameworks.

Organisations must move beyond 'security theatre' by focusing on practical, risk-based strategies that address core vulnerabilities rather than relying on superficial measures. The rise in nation-state cyber espionage, misinformation, and AI-enabled threats highlights the importance of collaboration between public and private sectors to enhance resilience. As cyber security gains greater prominence at the boardroom level, business leaders must ensure they are equipped with the necessary knowledge and strategic vision to navigate this rapidly changing threat landscape effectively.