Executive Summary

This month’s updates span Microsoft’s regular Patch Tuesday release, SAP’s Security Patch Day, large batches from Fortinet across network and endpoint products, targeted fixes from Ivanti for enterprise mobility/secure access, and a standalone Oracle Security Alert for E-Business Suite issued on 11 October. Prioritise actively exploited Windows issues (where present), SAP high and critical security notes, Fortinet gateway/endpoint components, Ivanti EPM/EPMM/Neurons platforms, and Oracle E-Business Suite where exposure is internet-facing.

Vulnerabilities by Vendor

• Microsoft: 173 vulnerabilities including five critical-severity security defects and two flaws that have been exploited in the wild.Vulnerabilies affecting Windows (client/server), Office/SharePoint, .NET/Visual Studio, Azure services, and Microsoft Edge (Chromium). Prioritise patches addressing any actively exploited items and Critical RCE/EoP paths in Windows and server components.

• SAP: 16 new and updated patches as part of its monthly rollout, across on-prem and cloud product families (e.g., NetWeaver, S/4HANA, Business Objects). Prioritise High/Critical security notes and authentication/authorisation weaknesses.

• Fortinet: 29 advisories across FortiOS/FortiProxy, FortiDLP, FortiClient, FortiIsolator, FortiPAM, FortiManager/Analyzer, FortiADC/FortiWeb and others. Prioritise High/Critical items on perimeter firewalls, proxies and endpoint agents; review PSIRT entries for products you operate.

• Ivanti: Several updates across Endpoint Manager (EPM), End Point Manager Mobile (EPMM) and Neurons. Prioritise High/Critical updates for EPM and EPMM; apply latest EPM/EPMM and Neurons updates if not yet deployed.

• Oracle (E-Business Suite only): 1 vulnerability (Security Alert CVE-2025-61884, released 11 October 2025), affecting E-Business Suite 12.2.3–12.2.14. Vulnerability is remotely exploitable without authentication; prioritise immediate patching on any externally accessible instances.

What’s the risk to me or my business?

The presence of actively exploited zero-days and critical RCE/privilege escalation vulnerabilities across major enterprise platforms significantly elevates the risk of data breaches, lateral movement, malware deployment, and full system compromise.

What can I do?

Black Arrow recommends promptly applying the available security updates for all affected products. Prioritise patches for vulnerabilities that are actively exploited or rated as critical or high severity. Regularly review and update your organisation's security policies and ensure that all systems are running supported and up-to-date software versions.

Sources:
1 Microsoft — https://msrc.microsoft.com/update-guide
2 SAP — https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html
3 Fortinet — https://www.fortiguard.com/psirt
4 Ivanti — https://www.ivanti.com/blog/october-2025-security-update
5 Oracle — (E-Business Suite Security Alert CVE-2025-61884) — https://www.oracle.com/security-alerts/alert-cve-2025-61884.html

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

Our review of business and cyber security media this week highlights that cyber risk is escalating across finance, education and supply chains, with attacks growing in scale and sophistication. AI-driven threats and deepfake-enabled fraud are eroding traditional defences, while SaaS misconfigurations and legacy systems widen exposure.

Surveys reveal persistent gaps in budgets, skills and governance, leaving many organisations underprepared. Ransomware recovery rates are falling, and digital fraud now consumes a significant share of revenue.

Boards are under pressure to strengthen oversight and link leadership incentives to cyber performance, yet complacency remains a critical risk. In our work with business leaders across countries and sectors, we see the value of leaders taking command by understanding their risks and governing their resilience across people, operations and controls. Contact us to discuss how we can support your leadership through focused upskilling and governance support.

Top Cyber Stories of the Last Week

CFOs Put Cyber at the Top of the Risk Agenda

New research of UK finance leaders finds 99% experienced payments‑related cyber incidents in the past two years and 94% plan to raise cyber spend, with over half preparing a significant uplift. Accounts Payable automation is the top priority, yet 47% cite integration with existing systems as the main barrier and only 64% feel confident they have real‑time oversight. The findings underline the exposure created by legacy platforms and fragmented processes and the need for tighter controls, better visibility and stronger governance across finance operations.

Source: https://www.businesswire.com/news/home/20251008745273/en/Cybersecurity-Tops-CFOs-Risk-Agenda-With-99-Reporting-Incidents-and-94-Planning-to-Increase-Spend

SonicWall Cloud Backup Breach Exposes Firewall Configurations

SonicWall confirmed that an attacker accessed firewall configuration backup files for all customers who used its cloud backup service. While credentials in the files are encrypted, possession of configurations raises the risk of targeted exploitation. SonicWall, working with Mandiant, issued remediation guidance including comprehensive credential resets and prioritisation of internet‑facing devices.

Source: https://cyberscoop.com/sonicwall-customer-firewall-configurations-exposed/

Budgets and Skills Lag Behind Rising Attacks

ISACA’s latest survey reports 39% of European organisations are facing more attacks than a year ago, while only 38% are completely confident in detection and response. Despite incremental improvements, 58% remain understaffed and 54% say budgets are still insufficient. Stress and burnout persist, with 68% saying the job is more stressful than five years ago and 22% of organisations taking no action to address it. The data points to structural capability gaps that leadership must close to improve resilience.

Source: https://www.itsecurityguru.org/2025/10/08/research-finds-budgets-staffing-and-skills-fail-to-keep-pace-with-rising-cyber-threats/

SMBs Remain Exposed to AI‑Driven Threats and Ransomware Complacency

A new report highlights how AI is supercharging social engineering and malware while a complacency gap persists in smaller firms. Automated, highly personalised campaigns are raising the success rate of phishing and voice scams, and the financial fallout now stretches far beyond the ransom to business‑ending costs. The analysis argues that many SMBs still underestimate their exposure and need proactive, specialised security and clearer accountability for risk.

Source: https://betanews.com/2025/10/09/smbs-vulnerable-to-ai-powered-cyberattacks-and-complacent-about-ransomware/

Digital Fraud Now Costs Firms an Average 7.7% of Revenue

TransUnion’s H2 2025 update estimates global businesses lost $534bn over the past year to digital fraud, with US firms averaging 9.8% of revenue. Account takeover has surged and is now the top driver of losses in the US at 31%, with smishing, phishing and vishing widespread. The findings reinforce the need for stronger identity assurance, layered controls and active monitoring of customer interactions across channels.

Source: https://www.infosecurity-magazine.com/news/digital-fraud-costs-companies/

Survey Finds Attacks Hit 91% of UK Universities and 43% of Businesses

A recent UK survey reveals that 91% of universities and 43% of businesses experienced cyberattacks in the past year, affecting over 600,000 businesses and 61,000 charities. The findings highlight widespread vulnerabilities across sectors, with education institutions particularly exposed due to legacy systems and limited cyber budgets. Despite the scale of attacks, many organisations remain underprepared, lacking robust incident response plans and adequate cyber insurance. Experts warn that complacency and outdated security practices are leaving critical data and operations at risk, urging leadership to prioritise cyber resilience and invest in modern defences.

Source: https://www.tomshardware.com/tech-industry/cyber-security/cyberattacks-hit-91-percent-of-universities-and-43-percent-of-businesses-in-last-12-months-in-the-uk-survey-suggests-more-than-600-000-businesses-61-000-charities-affected

Insurer Forecasts 40% Rise in Named Ransomware Victims by 2026

QBE warns leak‑site victims could exceed 7,000 by 2026, a 40% jump on 2024, with criminals exploiting cloud platforms and AI. Between 2023 and 2025 the UK accounted for 10% of significant incidents. Deepfakes featured in nearly 10% of cases in 2024 with wide‑ranging losses. The report stresses supply chain dependencies and the need for stronger oversight of third parties and recovery planning.

Source: https://www.reinsurancene.ws/ransomware-attacks-to-surge-40-by-2026-amid-ai-and-cloud-vulnerabilities-qbe/

Paying Ransoms Increasingly Fails to Restore Data

A Veeam study finds only 32% of organisations that paid ransoms in 2024 recovered their data, down from 54% in 2023. 63% lack alternative infrastructure for site‑wide recovery. The report highlights data theft‑only tactics and the case for tested backups, segmented recovery and rehearsed decision‑making.

Source: https://www.techradar.com/pro/security/many-businesses-paying-a-ransomware-demand-dont-get-their-data-back

SaaS Incidents Surge Despite High Confidence

AppOmni’s 2025 study shows 75% of organisations suffered a SaaS incident in the past year while 91% felt confident in their posture. Incidents are often driven by permissions issues and misconfigurations, and accountability is fragmented across business units. The report calls for continuous oversight and independent validation of SaaS controls.

Source: https://securityboulevard.com/2025/10/75-of-orgs-had-a-saas-security-incident-despite-high-confidence-in-their-security-heres-why/

AI Supercharges Phishing and Stretches Defences

A Comcast report analysed 34.6 billion events, showing attackers scale noisy campaigns while running quiet intrusions in parallel. Generative AI makes it easier to craft realistic phishing attempts and malware, while shadow AI and non‑human identities widen exposure. Human fatigue and proxy abuse further erode traditional detection methods, strengthening the case for layered, behaviour‑based controls.

Source: https://www.helpnetsecurity.com/2025/10/06/phishing-ai-enterprise-resilience-security/

Deepfake Voice Risks Highlight Identity Verification Gaps

Microsoft halted its Speak for Me voice cloning test after concerns it could enable fraud through highly convincing impersonations. This highlights the dangers of implementing voice cloning without strong security and verification controls.

Source: https://www.darkreading.com/application-security/microsoft-voice-clone-scary-unsalvageable

Insurers and Asset Managers Expand Cybersecurity Oversight

Moody’s survey of 102 insurers and asset managers shows cyber security remains a top board-level priority. Budgets are rising, firms plan to hire specialists, and advanced defence strategies are being adopted. Oversight is strengthening, with 40% now linking CEO pay to cyber performance goals, up from 24% in 2023. Regional gaps persist in third-party risk management, AI governance, and cyber insurance coverage. Most respondents maintain vendor risk programmes, and over 80% have AI policies. Cyber insurance adoption is highest in the Americas, and 21% plan to increase coverage limits in 2025.

Source: https://www.reinsurancene.ws/insurers-and-asset-managers-strengthen-cybersecurity-oversight-and-expand-budgets-moodys/

Governance, Risk and Compliance

Cybersecurity Tops CFO’s Risk Agenda With 99% Reporting Incidents and 94% Planning to Increase Spend

Research Finds Budgets, Staffing and Skills Fail to Keep Pace with Rising Cyber Threats - IT Security Guru

Insurers and asset managers strengthen cybersecurity oversight and expand budgets: Moody’s - Reinsurance News

Cyberattacks hit 91% of universities and 43% of businesses in last 12 months in the UK — survey suggests more than 600,000 businesses, 61,000 charities affected | Tom's Hardware

The cost of cyber hacking on UK business is greater than it seems - BBC News

Overconfidence major cyber risk for business – report

Six metrics policymakers need to track cyber resilience - Help Net Security

The Evolving Role of the CSO: From Technical Guardian to Business Strategist   - Security Boulevard

NCSC: Observability and Threat Hunting Must Improve - Infosecurity Magazine

Cyber Risks Can Be Legal Risks: How to Protect the Organization | Security Magazine

Threats

Ransomware, Extortion and Destructive Attacks

Paying ransoms fails to guarantee recovery as cyber criminals demand more while firms burn cash and struggle with rising losses | TechRadar

Many businesses paying a ransomware demand don't get their data back | TechRadar

Ransomware Group “Trinity of Chaos” Launches Data Leak Site - Infosecurity Magazine

'Cops and robbers': Top 5 ransomware groups behind nearly half of all attacks | Insurance Business America

Ransomware attacks to surge 40% by 2026 amid AI and cloud vulnerabilities: QBE - Reinsurance News

29% of businesses that paid cyber attack ransoms still had their data leaked

Active Ransomware Groups Reach an All-Time High, GuidePoint Security Finds

SMBs vulnerable to AI-powered cyberattacks and complacent about ransomware - BetaNews

Hackers launch data leak site to extort 39 victims, or Salesforce - Help Net Security

Salesloft hackers outsourcing ransom negotiations for $10 • The Register

LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem

Ransomware Attacks Skyrocket, Forcing Companies to Confront a Vexing Question | Law.com

Cybersecurity Needs A Supply Chain Perspective: JLR attack Shows Why

Google says 'likely over 100' affected by Oracle-linked hacking campaign | Reuters

BBC journalist lured with promises of millions in ransom before hackers unleashed chaotic phone attacks in chilling twist | TechRadar

Oracle links Clop extortion attacks to July 2025 vulnerabilities

Oracle tells Clop-targeted EBS users to apply July patch • The Register

Microsoft: Critical GoAnywhere bug exploited in ransomware attacks

Red Hat data breach escalates as ShinyHunters joins extortion

Hackers claim to have stolen over a billion Salesforce records - and are demanding nearly $1 billion not to leak them | TechRadar

Salesforce refuses to pay ransom over widespread data theft attacks

Inside the 'Trinity of Chaos' group of young hackers targeting major companies - ABC News

Ransomware Gangs Leverage Remote Access Tools to Gain Persistence and Evade Defenses

XWorm malware resurfaces with ransomware module, over 35 plugins

Teens arrested in London preschool ransomware attack • The Register

Chaos Ransomware Upgrades With Aggressive New Variant

Hackers now use Velociraptor DFIR tool in ransomware attacks

Ransomware Victims

Hackers hold 1 billion customer records to ransom | The Independent

The cost of cyber hacking on UK business is greater than it seems - BBC News

Salesforce refuses to pay ransomware crims' extortion demand • The Register

Jaguar Land Rover Shows Cyberattacks Mean Business

Japan’s Asahi ships beer manually after ransomware attack | The Straits Times

Jaguar Land Rover expected to restart some production after cyber-attack - BBC News

The Guardian view on the Jaguar Land Rover cyber-attack: ministers must pay more attention to this growing risk | Editorial | The Guardian

Aston Martin warns of disruption in wake of JLR cyber attack

JLR counts cost of cyber hack with UK retail sales down 32% | Manufacturer News

Co-op set to reveal financial toll caused by cyberattack | The Independent

Teens arrested in London preschool ransomware attack • The Register

Phishing & Email Based Attacks

Yubico survey exposes cybersecurity gap as organizations lag on training while phishing scams evolve faster than most defenses can adapt | TechRadar

SpamGPT - When Phishing Gets a Marketing Degree - Security Boulevard

Phishing Is Only the Tip of Cybersecurity’s AI Arms Race | MSSP Alert

Phishing is old, but AI just gave it new life - Help Net Security

New ‘point-and-click’ phishing kit simplifies malicious attachment creation | SC Media

How Phishing Kits Are Evading Detection & Ways to Beat Them | MSSP Alert

APT Hackers Exploit ChatGPT to Create Sophisticated Malware and Phishing Emails

From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine

Why Brand Impersonation Is A Marketing Crisis, Not Just A Cybersecurity Problem

Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks

Other Social Engineering

North Korean agents pretending to be IT guys have funneled up to $1 billion into Kim Jong Un's nuclear program | Fortune

North Korean hackers stealing record sums, researchers say - BBC News

New FileFix attack uses cache smuggling to evade security software

Microsoft Warns of Hackers Abuse Teams Features and Capabilities to Deliver Malware

BatShadow Group Uses New Go-Based 'Vampire Bot' Malware to Hunt Job Seekers

Fraud, Scams and Financial Crime

Digital Fraud Costs Companies Worldwide 7.7% of Annual Revenue - Infosecurity Magazine

More than a third of Brits would give up online shopping over fears of identity theft - InternetRetailing

Brazilian scammers, raking in millions, used Gisele Bundchen deepfakes on Instagram ads | Reuters

Former Tory council leader on trial over alleged romance fraud - BBC News

Risks of cyber fraud allegations remain high for companies subject to government requirements - Nextgov/FCW

Artificial Intelligence

SMBs vulnerable to AI-powered cyberattacks and complacent about ransomware - BetaNews

SpamGPT - When Phishing Gets a Marketing Degree - Security Boulevard

Phishing Is Only the Tip of Cybersecurity’s AI Arms Race | MSSP Alert

Phishing is old, but AI just gave it new life - Help Net Security

APT Hackers Exploit ChatGPT to Create Sophisticated Malware and Phishing Emails

Ransomware attacks to surge 40% by 2026 amid AI and cloud vulnerabilities: QBE - Reinsurance News

Microsoft's Voice Clone Becomes Scary & Unsalvageable

FraudGPT and WormGPT, are now available on dark net forums for as low as $100 - The420.in

AI is making cybercriminal workflows more efficient too, OpenAI finds | ZDNET

Two-thirds of bank staff using unapproved AI tools - survey

From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine

Cybersecurity’s next test: AI, quantum, and geopolitics - Help Net Security

Employees regularly paste company secrets into ChatGPT • The Register

How Your AI Chatbot Can Become a Backdoor | Trend Micro (US)

OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks

What CISOs should know about DeepSeek cybersecurity risks | TechTarget

Brazilian scammers, raking in millions, used Gisele Bundchen deepfakes on Instagram ads | Reuters

Take Note: Cyber-Risks With AI Notetakers

CometJacking: One Click Can Turn Perplexity's Comet AI Browser Into a Data Thief

ICO’s £7.5m Clearview AI Fine a Step Closer After Legal Victory - Infosecurity Magazine

Malware

APT Hackers Exploit ChatGPT to Create Sophisticated Malware and Phishing Emails

Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks - SecurityWeek

From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine

New FileFix attack uses cache smuggling to evade security software

Microsoft Warns of Hackers Abuse Teams Features and Capabilities to Deliver Malware

Hackers Exploit RMM Tools to Deploy Malware - InfoRiskToday

From infostealer to full RAT: dissecting the PureRAT attack chain

BatShadow Group Uses New Go-Based 'Vampire Bot' Malware to Hunt Job Seekers

XWorm malware resurfaces with ransomware module, over 35 plugins

Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer

New "Cavalry Werewolf" Attack Hits Russian Agencies with FoalShell and StallionRAT

Self-Propagating Malware Hits WhatsApp Users in Brazil

Bots/Botnets

RondoDox botnet fires 'exploit shotgun' at edge devices • The Register

The architecture of lies: Bot farms are running the disinformation war - Help Net Security

Mobile

Google Pixel October security patch continues to fix haunting display problems | Android Central

New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps

Android spyware pretends to be Signal or ToTok update to fool victims - here's how to stay safe | TechRadar

Self-Propagating Malware Hits WhatsApp Users in Brazil

Denial of Service/DoS/DDoS

Critical networks face unprecedented threat as DDoS attacks are getting shorter and more intense | IT Pro

Telco biz ICUK restores services after two-day DDoS pelting • The Register

Internet of Things – IoT

Connected devices in the workplace: innovation or a gateway for cyberattacks?

Building owners face up to growing cyber threat

How to protect your car from hacking | Kaspersky official blog

Data Breaches/Leaks

Red Hat Breach Exposes 5000+ High Profile Enterprise Customers at Risk

SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal | CyberScoop

Google says 'likely over 100' affected by Oracle-linked hacking campaign | Reuters

CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw

Hackers claim to have stolen over a billion Salesforce records - and are demanding nearly $1 billion not to leak them | TechRadar

Discord discloses data breach after hackers steal support tickets

Hackers claim Discord breach exposed data of 5.5 million users

Renault warns UK customers after cyberattack exposes data

Military radio maker BK Technologies cops to cyber break-in • The Register

Electronics giant Avnet confirms breach, says stolen data unreadable

Dutch travel company refuses compensation after cyberattack exposes customer data | NL Times

Data Breach at Doctors Imaging Group Impacts 171,000 People - SecurityWeek

Huawei Under Fire Again: Alleged Data Breach and Espionage Claims Stir Controversy - Cybersecurity Insiders

Sunweb confirms data breach, warns customers to be on their guard | TechRadar

DraftKings warns of account breaches in credential stuffing attacks

Boyd Gaming sued by employee over data breach​ | Cybernews

Organised Crime & Criminal Actors

Europol Calls for Stronger Data Laws to Combat Cybercrime - Infosecurity Magazine

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

North Korean hackers stole $2 billion in crypto this year: report - UPI.com

Kremlin-backed crypto coin moves $6bn despite US sanctions

Politics Home Article | UK Faces Diplomatic Battle Over £5.5bn Bitcoin Claim

Insider Risk and Insider Threats

North Korean agents pretending to be IT guys have funneled up to $1 billion into Kim Jong Un's nuclear program | Fortune

Employees regularly paste company secrets into ChatGPT • The Register

BBC journalist lured with promises of millions in ransom before hackers unleashed chaotic phone attacks in chilling twist | TechRadar

Insurance

Cyber cover concerns remain for risk managers – FERMA

Cyber insurance should complement, not replace, cybersecurity: FERMA - Reinsurance News

Impacts of Cyber Threat Landscape on Insurers and Policyholders | Gray Reed - JDSupra

Why cyber-security insurance matters for charities | Third Sector

Supply Chain and Third Parties

75% of Orgs. Had a SaaS Security Incident Despite High Confidence in Their Security. Here’s Why. - Security Boulevard

Cybersecurity Needs A Supply Chain Perspective: JLR attack Shows Why

Nearly a third of bosses report increase in cyber-attacks on their supply chains | Business | The Guardian

The cost of cyber hacking on UK business is greater than it seems - BBC News

Discord says sensitive info stolen during cyberattack on customer service provider | The Record from Recorded Future News

Cyber-Attack Contributes to Huge Sales Drop at JLR - Infosecurity Magazine

Cloud/SaaS

Nearly a third of bosses report increase in cyber-attacks on their supply chains | Business | The Guardian

Ransomware attacks to surge 40% by 2026 amid AI and cloud vulnerabilities: QBE - Reinsurance News

Hackers claim Discord breach exposed data of 5.5 million users

Discord Says 70,000 Users Had IDs Exposed in Recent Data Breach - SecurityWeek

Microsoft Warns of Hackers Abuse Teams Features and Capabilities to Deliver Malware

Microsoft 365 outage blocks access to Teams, Exchange Online

Outages

Microsoft 365 outage blocks access to Teams, Exchange Online

Azure outage blocks access to Microsoft 365 services, admin portals

Encryption

Cybersecurity’s next test: AI, quantum, and geopolitics - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

GreyNoise detects 500% surge in scans targeting Palo Alto Networks portals

Massive surge in scans targeting Palo Alto Networks login portals

DraftKings warns of account breaches in credential stuffing attacks

Social Media

Brazilian scammers, raking in millions, used Gisele Bundchen deepfakes on Instagram ads | Reuters

LinkedIn sues ProAPIs for using 1M fake accounts to scrape user data

Malvertising

Brazilian scammers, raking in millions, used Gisele Bundchen deepfakes on Instagram ads | Reuters

Regulations, Fines and Legislation

Europol Calls for Stronger Data Laws to Combat Cybercrime - Infosecurity Magazine

Invite us to your cyber war games, Finra urges members - Risk.net

German government says it will oppose EU mass-scanning proposal | CyberScoop

ICO’s £7.5m Clearview AI Fine a Step Closer After Legal Victory - Infosecurity Magazine

Federal judiciary touts cybersecurity work in wake of latest major breach | CyberScoop

State Cyber Teams Brace for Impact of US Government Shutdown

Federal shutdown deals blow to already hobbled cybersecurity agency

UK government says digital ID won't be compulsory – honest • The Register

Careers, Working in Cyber and Information Security

Research Finds Budgets, Staffing and Skills Fail to Keep Pace with Rising Cyber Threats - IT Security Guru

How to succeed at cybersecurity job interviews - Help Net Security

Law Enforcement Action and Take Downs

Teens arrested in London preschool ransomware attack • The Register

Arrests Underscore Fears of Teen Cyberespionage Recruitment

Politics Home Article | UK Faces Diplomatic Battle Over £5.5bn Bitcoin Claim

Former Tory council leader on trial over alleged romance fraud - BBC News

Misinformation, Disinformation and Propaganda

The architecture of lies: Bot farms are running the disinformation war - Help Net Security

Lessons in Resilience: Moldova’s Response to Russia’s Hybrid Interference | German Marshall Fund of the United States

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

China Is Joining Russia’s Shadow War on Europe - Bloomberg

Russia: already at war with Europe? | The Week

"We are already in the middle of a cyber war” - NATO expert warns - 08.10.2025 | BURSA.RO

Russia waging ‘grey-zone campaign’ and Europe must meet challenge, says EU chief

Nation State Actors

Cybersecurity’s next test: AI, quantum, and geopolitics - Help Net Security

China

China Is Joining Russia’s Shadow War on Europe - Bloomberg

Security Firm Exposes Role of Beijing Research Institute in China's Cyber Operations - SecurityWeek

OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks

China-linked hacking fears over Cisco devices in offices

PRC Gov't Fronts Trick the West to Obtain Cyber Tech

What CISOs should know about DeepSeek cybersecurity risks | TechTarget

Law firm representing big-name politicians hit with major hack from China: report - Raw Story

Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers

Most telcos have been hit by Salt Typhoon-style attacks

Huawei Under Fire Again: Alleged Data Breach and Espionage Claims Stir Controversy - Cybersecurity Insiders

No 10 denies government involved in collapse of China spying case - BBC News

Russia

Russia: already at war with Europe? | The Week

"We are already in the middle of a cyber war” - NATO expert warns - 08.10.2025 | BURSA.RO

OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks

Russia waging ‘grey-zone campaign’ and Europe must meet challenge, says EU chief

From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine

Lessons in Resilience: Moldova’s Response to Russia’s Hybrid Interference | German Marshall Fund of the United States

China Is Joining Russia’s Shadow War on Europe - Bloomberg

Arrests Underscore Fears of Teen Cyberespionage Recruitment

Kremlin-backed crypto coin moves $6bn despite US sanctions

Cooper’s £4m plan to turn tables on Russian hackers

New "Cavalry Werewolf" Attack Hits Russian Agencies with FoalShell and StallionRAT 

North Korea

North Korean hackers stole $2 billion in crypto this year: report - UPI.com

North Korean agents pretending to be IT guys have funneled up to $1 billion into Kim Jong Un's nuclear program | Fortune

OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks

Tools and Controls

Insurers and asset managers strengthen cybersecurity oversight and expand budgets: Moody’s - Reinsurance News

Cyber cover concerns remain for risk managers – FERMA

Cyber insurance should complement, not replace, cybersecurity: FERMA - Reinsurance News

SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal | CyberScoop

Research Finds Budgets, Staffing and Skills Fail to Keep Pace with Rising Cyber Threats - IT Security Guru

Invite us to your cyber war games, Finra urges members - Risk.net

GreyNoise detects 500% surge in scans targeting Palo Alto Networks portals

Hackers Exploit RMM Tools to Deploy Malware - InfoRiskToday

Why Brand Impersonation Is A Marketing Crisis, Not Just A Cybersecurity Problem

Cybersecurity Tops CFO’s Risk Agenda With 99% Reporting Incidents and 94% Planning to Increase Spend

Six metrics policymakers need to track cyber resilience - Help Net Security

NCSC: Observability and Threat Hunting Must Improve - Infosecurity Magazine

Hundreds of free VPNs offer 'no real privacy at all,' researchers warn - does yours? | ZDNET

Are VPNs Under Attack? An Anti-Censorship Group Speaks Out - CNET

How CISOs can get out of security debt and why it matters | TechTarget

Ransomware Gangs Leverage Remote Access Tools to Gain Persistence and Evade Defenses

Take Note: Cyber-Risks With AI Notetakers

Edge device security: The frontline of your network - Security Boulevard

Google's New AI Doesn't Just Find Vulnerabilities — It Rewrites Code to Patch Them

Reports Published in the Last Week

Comcast Business Releases 2025 Cybersecurity Threat Report Analyzing 34.6 Billion Events

Reading the ENISA Threat Landscape 2025 report

Other News

Cybersecurity concerns on the rise for consumers

Nearly half of Brits now talk cybersecurity over the kitchen table, research by Mastercard finds

Invite us to your cyber war games, Finra urges members - Risk.net

How CISOs can get out of security debt and why it matters | TechTarget

Six out of 10 UK secondary schools hit by cyber-attack or breach in past year | Cybercrime | The Guardian

Experts Warn The Internet Will Go Down In A Big Way — And You'd Better Be Ready

Microsoft: Hackers target universities in “payroll pirate” attacks

ING's CISO on How Emerging Tech and Regulations are Reshaping Cybersec - Infosecurity Magazine

Stop trusting your ISP's router blindly

Hacktivists target critical infrastructure, hit decoy plant

Securing the final frontier: the new legal urgency of cyber security in space

Vulnerability Management

Vulnerabilities

SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal | CyberScoop

Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks

CISA Warns of Windows Privilege Escalation Vulnerability Exploited in Attacks

Microsoft: Critical GoAnywhere bug exploited in ransomware attacks

Zimbra users targeted in zero-day exploit using iCalendar attachments

Google Pixel October security patch continues to fix haunting display problems | Android Central

Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks

Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation - SecurityWeek

Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme

7-Zip Vulnerabilities Let Attackers Execute Arbitrary Code Remotely

Google won’t fix new ASCII smuggling attack in Gemini

CometJacking: One Click Can Turn Perplexity's Comet AI Browser Into a Data Thief

CVE-2025-5947: WordPress Plugin flaw lets hackers access Admin accounts

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

We report this week how organisations are attacked through their IT provider, highlighting that business leaders need to understand their third-party and outsourcing risks. Business leaders are seeing various attacks growing in frequency and impact; the solutions are relatively simple but require the leadership to take ownership of security and also prepare how to manage an incident.

We see several stories this week about phishing, which is still a favourite attack route and is made more impactful through AI. We also include a report on organisations that pay ransoms and how this leads to further demands from the attackers.

Our message remains constant and clear: to be more secure and resilient against attacks, business leaders need to upskill on cyber fundamentals and govern cyber risks akin to other risks by working with control providers across technology, operations and people. In our view, the risks grow when cyber security is considered an operational IT topic. Contact us to find out the key risks and how to improve security and resilience in a pragmatic and proportionate manner.

Top Cyber Stories of the Last Week

IT Provider Probed as Possible Entry Point in JLR and M&S Breaches

A report explores whether IT helpdesks run by a major outsourcer became an easy route for attackers during recent UK retail and automotive incidents. Politicians have requested clarity on the outsourcer’s role, and prior NCSC guidance warned that password reset teams are prime targets. The piece underlines the importance of boards correctly understanding their third party and outsourcing risks.

Source: https://www.telegraph.co.uk/business/2025/09/26/suspected-weak-link-in-jaguar-land-rover-ms-hacks/

Security Leaders See Attacks Growing in Frequency and Impact

A survey highlights that executives report more frequent attacks and bigger consequences year on year. Many fear nation state activity will expand beyond government into commercial sectors, while AI is seen as both an accelerator for attackers and a tool for defenders. The findings point to greater attention on supply chain security, incident reporting to executives, and the need for leaders to ensure they can correctly respond to an incident.

Source: https://www.helpnetsecurity.com/2025/09/29/cyberattacks-frequency-impact-growth/

Expert Says Basic Security Lapses Still Drive High Profile Breaches

Recent attacks on well known brands highlight that simple mistakes remain common. The analysis stresses credential hygiene, stronger authentication and supplier dependency management, noting how outages ripple through manufacturing ecosystems and put smaller partners at risk.

Source: https://www.rte.ie/news/business/2025/0930/1536021-cyber-security-data/

Russian Vessel Suspected of Mapping Europe’s Undersea Cables

Satellite data revealed a Russian ship operating near critical energy and telecoms cables in European waters. Experts warn this activity aligns with Moscow’s strategy to prepare covert disruption options in case of conflict. The vessel can intercept communications and potentially plant explosives, raising concerns about resilience of subsea infrastructure vital to energy and data flows.

Source: https://kyivindependent.com/investigation-finds-russian-sabotage-ship-near-european-undersea-cables-ft-reports/

Hiscox: 80% Of Victims Paid Ransoms and Many Faced Extra Demands

An insurer’s study finds most SME victims that paid ransoms did not fully recover data and a sizeable share received follow on demands. The wider dataset shows more firms reporting attacks and citing AI exposure, underlining the business case for recovery readiness and governance over whether to pay ransoms.

Source: https://news.sky.com/story/cyber-attacks-80-of-ransomware-victims-pay-up-insurer-says-13441131

Allianz: Ransomware Still Drives Large Claims as Criminals Focus on Data Theft

In H1 2025 ransomware represented about 60% of €1m plus claims. Attackers increasingly exfiltrate data to force payment, and SMEs are being hit harder while large firms’ resilience improves. Social engineering and compromised credentials remain common entry points.

Source: https://www.helpnetsecurity.com/2025/10/01/insurance-claims-ransomware-h1-2025/

How Criminals Use AI To Supercharge Phishing and Scams

Threat actors use generative AI to clone voices and faces, craft believable messages, and spin up fraudulent websites at speed. The post outlines how romance and investment scams are scaled by chatbots, and why cross channel verification and layered controls are needed to counter deepfakes and synthetic identities.

Source: https://www.kaspersky.co.uk/blog/ai-phishing-and-scams/29518/

Proofpoint: Phishing Remains the Leading Breach Path as AI Raises the Stakes

At its annual event, Proofpoint highlighted email as the dominant route to compromise and detailed how AI is being used by both attackers and defenders. The firm shared telemetry on scanning billions of messages and noted widespread risky user behaviour, reinforcing the need for controls that assume fallible humans.

Source: https://www.techrepublic.com/article/news-proofpoint-conference-ai-email-security-phishing/

ENISA: Phishing Dominated EU Intrusions Over the Past Year

The European Union Agency for Cyber Security (ENISA) assessment finds phishing accounted for 60% of observed initial access, ahead of vulnerability exploitation. DDoS featured in a high number of incidents, and hacktivists were using social media and other routes to promote their activity. The report stresses the interdependency risks in European supply chains and the growing use of AI to scale social engineering.

Source: https://www.infosecurity-magazine.com/news/phishing-dominates-euwide/

Phishing Is Shifting to Mobile Channels and Security Must Follow

Analysis argues attackers increasingly bypass email to reach users via SMS, voice and QR codes, often evading enterprise controls. Organisations are urged to extend protection to mobile and collaboration apps and to focus on human layer detection and response.

Source: https://www.darkreading.com/cyber-risk/phishing-moving-email-mobile-is-your-security

Survey Finds Most Workers Cannot Spot AI-Written Phishing Emails

Research shows 54% of respondents failed to identify phishing emails crafted by AI, with younger staff most vulnerable. Nearly 40% have never received cyber security training, and MFA adoption remains below 50%. The findings underline the urgency for awareness programmes and layered defences as AI makes social engineering harder to detect.

Source: https://www.techradar.com/pro/security/most-people-still-cant-identify-a-phishing-attack-written-by-ai-and-thats-a-huge-problem-survey-warns

Researchers Demonstrate Real-Time Voice Cloning for Vishing Attacks

Security experts successfully used AI to clone voices in real time during simulated attacks, convincing targets to perform sensitive actions such as password resets. The technique bypasses traditional safeguards and exploits trust in familiar caller IDs. Businesses are urged to strengthen verification processes for voice-based requests.

Source: https://www.technewsworld.com/story/researchers-mount-vishing-attacks-with-real-time-voice-cloning-179945.html

Okta Warns of North Korean Fake IT Workers Targeting More Sectors

Okta’s research tracks thousands of fraudulent job interviews by DPRK linked actors posing as remote developers. Targets now include healthcare, finance and AI companies, not just big tech. The activity aims to generate revenue and enable access for further abuses, reinforcing the need for stronger hiring verification and endpoint controls.

Source: https://www.theregister.com/2025/09/30/north_korean_it_workers_okta/

Governance, Risk and Compliance

Cybersecurity leaders underreport cyber incidents to executives - Help Net Security

Companies are facing more cyberattacks than ever before - and many just can't cope | TechRadar

Budgets, Staffing and Skills Fail to Keep Pace With Rising Cyber Threats, Finds New ISACA Research

Security risks leave 84 percent of IT pros feeling stressed at work - BetaNews

SMEs to step up cyber defences as over half experience cyber attack in past year - Insurance Age

High profile cyber attacks often down to basic errors

Why is everything being hacked? - New Statesman

CIISec Members Say Budgets Are Falling Behind Threats - Infosecurity Magazine

The warning signs are clear: We’re heading toward a digital crisis

Why burnout is a growing problem in cybersecurity - BBC News

Two-Thirds of Organizations Have Unfilled Cybersecurity Positions - Infosecurity Magazine

Cybersecurity 2025: Key stats on risk and resilience

Threats

Ransomware, Extortion and Destructive Attacks

High profile cyber attacks often down to basic errors

New LockBit Ransomware Variant Emerges as Most Dangerous Yet - Infosecurity Magazine

Akira ransomware: From SonicWall VPN login to encryption in under four hours - Help Net Security

Scattered Spider, ShinyHunters Restructure - New Attacks Underway 

Cyber attacks: '80%' of ransomware victims pay up, insurer says | Money News | Sky News

Ransomware remains the leading cause of costly cyber claims - Help Net Security

Organisations struggle to recognise lingering effects of ransomware - TechCentral.ie

Third of cyber security professionals feel guilt over ransomware attacks - TechCentral.ie

Ransomware gang sought BBC reporter’s help in hacking media giant

Attackers Use AI to Build Ransomware at Rapid Scale

Google Sheds Light on ShinyHunters' Salesforce Tactics

Why The US Just Put An $11M Dollar Bounty On This Ukranian Hacker

Ransomware is becoming a psy-ops assault on healthcare executives | SC Media

Ransomware Victims

The suspected weak link in the Jaguar Land Rover and M&S hacks

UK giants hit by cyberattacks: how Co-op, M&S, JLR disruption expose vulnerabilities | Invezz

UK Has Suffered at Least 26 Major Cyberattacks in Last Five Years – Guido Fawkes

Jaguar Land Rover rescued with £1.5bn government-backed loan after crippling cyber attack | UK News | Sky News

Over three-quarters of West Midlands firms feel impact of JLR cyber-attack - The Stratford Observer

Tata Motors shares slip 1% as Moody’s downgrades outlook after JLR cyber incident - The Economic Times

Red Hat confirms security incident after hackers claim GitHub breach

Japan's beer giant Asahi Group cannot resume production after cyberattack | Reuters

Hackers say they have deleted children's pictures and data after nursery attack backlash - BBC News

Google warns of Cl0p extortion campaign against Oracle E-Business users

Data breach at dealership software provider impacts 766k clients

Hackers claim theft of Boeing supplier documents | Cybernews

Phishing & Email Based Attacks

Phishing Is Moving to Mobile. Is Your Security?

UK IT Leaders Warn That Email Is the Front Door for Cyber Risk - and It’s Still Wide Open

How scammers have mastered AI: deepfakes, fake websites, and phishing emails | Kaspersky official blog

Proofpoint Exec: 'Phishing is the Leading Cause of Breaches Globally'

How attackers poison AI tools and defenses - Help Net Security

Most people still can’t identify a phishing attack written by AI - and that's a huge problem, survey warns | TechRadar

Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security

Phishing Dominates EU-Wide Intrusions, says ENISA - Infosecurity Magazine

Foreign states ramp up cyber attacks on EU with AI-driven phishing and DDoS campaigns | IT Pro

New MatrixPDF toolkit turns PDFs into phishing and malware lures

Ukrainian Cops Spoofed in Fileless Phishing on Kyiv

Business Email Compromise (BEC)/Email Account Compromise (EAC)

How scammers have mastered AI: deepfakes, fake websites, and phishing emails | Kaspersky official blog

AI-Powered Voice Cloning Raises Vishing Risks

North Korea’s fake IT workers targeting healthcare, finance • The Register

Real-Time AI Voice Cloning Powers Convincing Vishing Attacks

Your Service Desk is the New Attack Vector—Here's How to Defend It.

Cyber criminals from Russia and Iran target MoD staff with fake LinkedIn job ads

That annoying SMS phish you just got may have come from a box like this - Ars Technica

Other Social Engineering

How scammers have mastered AI: deepfakes, fake websites, and phishing emails | Kaspersky official blog

AI-Powered Voice Cloning Raises Vishing Risks

North Korea’s fake IT workers targeting healthcare, finance • The Register

Your Service Desk is the New Attack Vector—Here's How to Defend It.

Cyber criminals from Russia and Iran target MoD staff with fake LinkedIn job ads

That annoying SMS phish you just got may have come from a box like this - Ars Technica

Fraud, Scams and Financial Crime

Brits warned as illegal robo-callers fined £550,000 • The Register

Interpol sting operation across Africa sees 260 arrested for sextortion and romance scams - BBC News

China court sentences 11 people to death over alleged role in family-run Myanmar scam operations | China | The Guardian

Artificial Intelligence

How scammers have mastered AI: deepfakes, fake websites, and phishing emails | Kaspersky official blog

AI-Powered Voice Cloning Raises Vishing Risks

Proofpoint Exec: 'Phishing is the Leading Cause of Breaches Globally'

Most people still can’t identify a phishing attack written by AI - and that's a huge problem, survey warns | TechRadar

Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security

Foreign states ramp up cyber attacks on EU with AI-driven phishing and DDoS campaigns | IT Pro

43% of workers say they've shared sensitive info with AI - including financial and client data | ZDNET

Attackers Use AI to Build Ransomware at Rapid Scale

LLM-Based LAMEHUG Malware Dynamically Generate Commands for Reconnaissance and Data Theft

UN seeks to build consensus on ‘safe, secure and trustworthy’ AI | CyberScoop

EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations

Beware! Threat Actors Distributing Malicious AI Tools as Chrome Extensions - Cyber Security News

Dark side of the boom: How hackers are vibing with AI - The Economic Times

The hidden cyber risks of deploying generative AI

Google Gemini Vulnerabilities Let Attackers Exfiltrate User’s Saved Data and Location

Microsoft Reduces Israel's Access to Cloud and AI Products Over Reports of Mass Surveillance in Gaza - SecurityWeek

Google Patches Gemini AI Hacks Involving Poisoned Logs, Search Results - SecurityWeek

New Android Trojan "Datzbro" Tricking Elderly with AI-Generated Facebook Travel Events

2FA/MFA

Gone in 60 Minutes: Akira Defeats MFA for SonicWall SSL VPNs

Losing your phone on a trip? Brutal. Not doing these 3 things first? Security nightmare | PCWorld

Malware

LLM-Based LAMEHUG Malware Dynamically Generate Commands for Reconnaissance and Data Theft

EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations

Beware! Threat Actors Distributing Malicious AI Tools as Chrome Extensions - Cyber Security News

New MatrixPDF toolkit turns PDFs into phishing and malware lures

This devious malware has jumped from Meta over to Google Ads and YouTube to spread - here's how to stay safe | TechRadar

Weaponized Malwarebytes, LastPass, Citibank, SentinelOne, and Others on GitHub Deliver Malware

Hackers Injecting Exploiting WordPress Websites With Silent Malware to Gain Admin Access

Fake Microsoft Teams installers push Oyster malware via malvertising

Security Bite: Mac users are finally taking malware seriously, per new report - 9to5Mac

Fake Postmark MCP npm package stole emails with one-liner • The Register

Microsoft leaves Mac users exposed to GitHub Mac malware

Confucius Shifts from Document Stealers to Python Backdoors - Infosecurity Magazine

Researchers Expose SVG and PureRAT Phishing Threats Targeting Ukraine and Vietnam

Microsoft uncovers new variant of XCSSET macOS malware in targeted attacks

China-linked APT Phantom Taurus uses Net-Star malware in espionage campaigns against key sectors

New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks

Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPs

Mobile

Phishing Is Moving to Mobile. Is Your Security?

Losing your phone on a trip? Brutal. Not doing these 3 things first? Security nightmare | PCWorld

Brits warned as illegal robo-callers fined £550,000 • The Register

That annoying SMS phish you just got may have come from a box like this - Ars Technica

New Android RAT Klopatra Targets Financial Data - Infosecurity Magazine

Android malware uses VNC to give attackers hands-on access

How Android 16 Will Detect Fake Cell Towers To Help Keep You Safe

Apple Updates iOS and macOS to Prevent Malicious Font Attacks - SecurityWeek

New Android Trojan "Datzbro" Tricking Elderly with AI-Generated Facebook Travel Events

Smishing Campaigns Exploit Cellular Routers to Target Belgium - Infosecurity Magazine

Denial of Service/DoS/DDoS

Foreign states ramp up cyber attacks on EU with AI-driven phishing and DDoS campaigns | IT Pro

Council website down as group claims Suffolk and Essex cyber-attacks - BBC News

Internet of Things – IoT

Tile security flaws can let stalkers track your location, and more

Army says it's mitigated 'critical' cybersecurity deficiencies in early NGC2 prototype - Breaking Defense

Data Breaches/Leaks

LLM-Based LAMEHUG Malware Dynamically Generate Commands for Reconnaissance and Data Theft

Red Hat breach might affect major organizations | Cybernews

Unofficial Postmark MCP npm silently stole users' emails

Oracle customers being bombarded with emails claiming widespread data theft | CyberScoop

Hackers 'behind nursery cyber attack' tell Sky News they are releasing more data on dozens of children | UK News | Sky News

Salesforce faces class action after Salesloft breach • The Register

Harrods hit by second cyber attack in six months | Computer Weekly

1.5 Million Impacted by Allianz Life Data Breach - SecurityWeek

Latest Airline Security Breach Leaks Passports, IDs, Other Info

WestJet confirms cyberattack exposed IDs, passports in June incident

Renault and Dacia cyber attack: customer phone numbers and addresses stolen from third party | Auto Express

Data breach at dealership software provider impacts 766k clients

Hackers claim theft of Boeing supplier documents | Cybernews

Air Force admits SharePoint privacy issue; reports of breach • The Register

Sex offenders, terrorists, drug dealers, exposed in spyware breach | Malwarebytes

Organised Crime & Criminal Actors

UK convicts "Bitcoin Queen" in world’s largest cryptocurrency seizure

Inside Dark Web Exploit Markets in 2025: Pricing, Access & Active Sellers

UK Police Just Seized £5.5 Billion in Bitcoin — The World's Largest Crypto Bust

Why The US Just Put An $11M Dollar Bounty On This Ukranian Hacker

Interpol sting operation across Africa sees 260 arrested for sextortion and romance scams - BBC News

Beijing-backed burglars target government web servers • The Register

UK Government Wants to Keep $7 Billion in Stolen Bitcoin It Has Seized - Decrypt

The cybercrime arms race

China court sentences 11 people to death over alleged role in family-run Myanmar scam operations | China | The Guardian

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

£5.5B Bitcoin fraudster pleads guilty after years on the run • The Register

UK Police Just Seized £5.5 Billion in Bitcoin — The World's Largest Crypto Bust

UK Government Wants to Keep $7 Billion in Stolen Bitcoin It Has Seized - Decrypt

Insider Risk and Insider Threats

North Korea’s fake IT workers targeting healthcare, finance • The Register

Ransomware gang sought BBC reporter’s help in hacking media giant

'You'll never need to work again': Criminals offer reporter money to hack BBC - BBC News

Insurance

Ransomware remains the leading cause of costly cyber claims - Help Net Security

Cyber attacks: '80%' of ransomware victims pay up, insurer says | Money News | Sky News

Cyber insurance claims steady, but risk environment remains complex | Insurance Business America

More CVEs, But Cyber Insurers Aren't Altering Policies

Calls for mandatory reporting as 59% of SMEs hit by cyber attacks | Insurance Times

Zurich urges national cybersecurity metrics adoption | Insurance Business America

Supply Chain and Third Parties

The suspected weak link in the Jaguar Land Rover and M&S hacks

Jaguar Land Rover rescued with £1.5bn government-backed loan after crippling cyber attack | UK News | Sky News

Over three-quarters of West Midlands firms feel impact of JLR cyber-attack - The Stratford Observer

Tata Motors shares slip 1% as Moody’s downgrades outlook after JLR cyber incident - The Economic Times

Renault and Dacia cyber attack: customer phone numbers and addresses stolen from third party | Auto Express

Hackers claim theft of Boeing supplier documents​ | Cybernews

Software Supply Chain

Fake Postmark MCP npm package stole emails with one-liner • The Register

Cloud/SaaS

Fake Microsoft Teams installers push Oyster malware via malvertising

$50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections

Critical WD My Cloud bug allows remote command injection

Microsoft Reduces Israel's Access to Cloud and AI Products Over Reports of Mass Surveillance in Gaza - SecurityWeek

Air Force admits SharePoint privacy issue; reports of breach • The Register

Outages

Afghanistan hit by communications blackout after Taliban shuts internet | Afghanistan | The Guardian

Encryption

UK once again demands backdoor to Apple’s encrypted cloud storage - Ars Technica

Linux and Open Source

Linux Kernel ksmbd Vulnerability Allows Remote Attackers to Execute Arbitrary Code

The hidden risks inside open-source code - Help Net Security

Organizations Warned of Exploited Sudo Vulnerability - SecurityWeek

Passwords, Credential Stuffing & Brute Force Attacks

Losing your phone on a trip? Brutal. Not doing these 3 things first? Security nightmare | PCWorld

NIST’s new password rules | Cybernews

Social Media

Imgur blocks UK users after data watchdog signals possible fine

New Android Trojan "Datzbro" Tricking Elderly with AI-Generated Facebook Travel Events

UK minister suggests government could leave Elon Musk's X • The Register

Cyber criminals from Russia and Iran target MoD staff with fake LinkedIn job ads

Malvertising

Fake Microsoft Teams installers push Oyster malware via malvertising

This devious malware has jumped from Meta over to Google Ads and YouTube to spread - here's how to stay safe | TechRadar

Regulations, Fines and Legislation

Imgur blocks UK users after data watchdog signals possible fine

NIS2 and DORA explained: What Every Business Leader Needs to Know - Infosecurity Magazine

Brits warned as illegal robo-callers fined £550,000 • The Register

Shutdown Threat Puts Federal Cyber on Edge - InfoRiskToday

Cyber threat-sharing law set to lapse as govt shutdown looms • The Register

CISA kills agreement with nonprofit that runs MS-ISAC • The Register

UK once again demands backdoor to Apple’s encrypted cloud storage - Ars Technica

UK to roll out digital ID for right to work by 2029 • The Register

Six-month reporting obligation for cyberattacks on critical infrastructures

Department of War Launches New Cybersecurity Framework

Models, Frameworks and Standards

NIS2 and DORA explained: What Every Business Leader Needs to Know - Infosecurity Magazine

NIST’s new password rules | Cybernews

Careers, Working in Cyber and Information Security

Budgets, Staffing and Skills Fail to Keep Pace With Rising Cyber Threats, Finds New ISACA Research

Security risks leave 84 percent of IT pros feeling stressed at work - BetaNews

Why burnout is a growing problem in cybersecurity - BBC News

Two-Thirds of Organizations Have Unfilled Cybersecurity Positions - Infosecurity Magazine

Law Enforcement Action and Take Downs

UK convicts "Bitcoin Queen" in world’s largest cryptocurrency seizure

UK Police Just Seized £5.5 Billion in Bitcoin — The World's Largest Crypto Bust

Internet fraud in Africa: Interpol arrest over 200 cybercrime scammers across Africa for Operation Contender 3.0 - BBC News Pidgin

Interpol sting operation across Africa sees 260 arrested for sextortion and romance scams - BBC News

UK Government Wants to Keep $7 Billion in Stolen Bitcoin It Has Seized - Decrypt

Why The US Just Put An $11M Dollar Bounty On This Ukranian Hacker

Dutch teens arrested for trying to spy on Europol for Russia

China court sentences 11 people to death over alleged role in family-run Myanmar scam operations | China | The Guardian

Misinformation, Disinformation and Propaganda

Despite Russian Influence, Moldova Votes Pro-EU, Highlighting Future Election Risks

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Britain may already be at war with Russia, former head of MI5 says | Defence policy | The Guardian

Germany “not at war, but no longer at peace”: Merz - Euromaidan Press

Investigation finds Russian surveillance, sabotage ship near European undersea cables, FT reports

Macron warns of 'secret army' of Russian bots destroying Western democracies from within | УНН

NATO’s Article 4 Alert: The Path to Disentanglement - The National Interest

Western Countries In Cyber ‘Arms Race,' Ex-UK Cyber Chief Warns | Miami Herald

Danish PM calls for strong answer from EU leaders to Russia's hybrid attacks - BBC News

Nation State Actors

Western Countries In Cyber ‘Arms Race,' Ex-UK Cyber Chief Warns | Miami Herald

Submarine cable security is all at sea • The Register

Development of Cyber Forces in NATO Countries [Tytuł alternatywny: From Tallinn to DC: NATO’s Cyber Frontline]

Met warns that hostile states are recruiting youths for crime - BBC News

China

New China APT Strikes With Precision and Persistence

The China Threat to UK Firms | SC Media UK

Western Countries In Cyber ‘Arms Race,' Ex-UK Cyber Chief Warns | Miami Herald

Russia, Chinese Hacking Buffets Europe - GovInfoSecurity

Chinese hackers exploiting VMware zero-day since October 2024

German infrastructure hit by drones, cybercrime, arson – DW – 09/30/2025

China-linked APT Phantom Taurus uses Net-Star malware in espionage campaigns against key sectors

Cybersecurity Experts Say These Humanoid Robots Secretly Send Data to China and Let Hackers Take Over Your Network

China court sentences 11 people to death over alleged role in family-run Myanmar scam operations | China | The Guardian

Beijing-backed burglars target government web servers • The Register

Judge rules that drone maker DJI is affiliated with China’s defense industry — company to stay on Pentagon’s list of Chinese military companies | Tom's Hardware

Russia

Britain may already be at war with Russia, former head of MI5 says | Defence policy | The Guardian

Western Countries In Cyber ‘Arms Race,' Ex-UK Cyber Chief Warns | Miami Herald

Russia, Chinese Hacking Buffets Europe - GovInfoSecurity

Investigation finds Russian surveillance, sabotage ship near European undersea cables, FT reports

The Russian spy ship stalking Europe’s subsea cables

Macron warns of 'secret army' of Russian bots destroying Western democracies from within | УНН

NATO’s Article 4 Alert: The Path to Disentanglement - The National Interest

Ukraine war briefing: Europe ‘no longer at peace’ with Russia, says German chancellor | Ukraine | The Guardian

German infrastructure hit by drones, cybercrime, arson – DW – 09/30/2025

Danish PM calls for strong answer from EU leaders to Russia's hybrid attacks - BBC News

Cyber criminals from Russia and Iran target MoD staff with fake LinkedIn job ads

Dutch teens arrested for trying to spy on Europol for Russia

Despite Russian Influence, Moldova Votes Pro-EU, Highlighting Future Election Risks

New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks

Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPs

Ukrainian Cops Spoofed in Fileless Phishing on Kyiv

Iran

Western Countries In Cyber ‘Arms Race,' Ex-UK Cyber Chief Warns | Miami Herald

Cyber criminals from Russia and Iran target MoD staff with fake LinkedIn job ads

Met warns that hostile states are recruiting youths for crime - BBC News

North Korea

North Korea’s fake IT workers targeting healthcare, finance • The Register

Western Countries In Cyber ‘Arms Race,' Ex-UK Cyber Chief Warns | Miami Herald

Tools and Controls

How attackers poison AI tools and defenses - Help Net Security

Budgets, Staffing and Skills Fail to Keep Pace With Rising Cyber Threats, Finds New ISACA Research

Ransomware remains the leading cause of costly cyber claims - Help Net Security

Cyber attacks: '80%' of ransomware victims pay up, insurer says | Money News | Sky News

CIISec Members Say Budgets Are Falling Behind Threats - Infosecurity Magazine

Apple strengthens storage flexibility with new disk image formats - Help Net Security

Datacenter fire downs 647 South Korean government services • The Register

NIST’s new password rules | Cybernews

The hidden cyber risks of deploying generative AI

Cybersecurity professionals under pressure turn to AI amid rising threats | Fortune

What to know about 5G security threats in the enterprise | TechTarget

Microsoft Edge will soon protect against risky sideloaded extensions | PCWorld

Agentic AI in IT security: Where expectations meet reality | CSO Online

AI Tops Cybersecurity Investment Priorities, PwC Finds - Infosecurity Magazine

Microsoft Outlook stops displaying inline SVG images used in attacks

Pentagon relaxes military cybersecurity training • The Register

Cyber risk quantification helps CISOs secure executive support - Help Net Security

Other News

SMEs to step up cyber defences as over half experience cyber attack in past year - Insurance Age

2025 Cybersecurity Reality Check: Breaches Hidden, Attack Surfaces Growing, and AI Misperceptions Rising

Calls for mandatory reporting as 59% of SMEs hit by cyber attacks | Insurance Times

Datacenter fire downs 647 South Korean government services • The Register

90 percent of organizations face attacks involving lateral movement - BetaNews

UK at risk of 'cyber 9/11' wiping out internet for days

Many Attacks Aimed at EU Targeted OT, Says Cybersecurity Agency - SecurityWeek

Securing the Journey: Cybersecurity Challenges in the Tourism Industry - Security Boulevard

A breach every month raises doubts about South Korea's digital defenses | TechCrunch

Why Airlines & Airports Must Do More To Defend Against Cyberattacks

Pentagon relaxes military cybersecurity training • The Register

Humanoid Robots are Walking Trojan Horses — And They're Already in the Workplace - Security Boulevard

Vulnerability Management

CISOs advised to rethink vulnerability management as exploits sharply rise | CSO Online

More CVEs, But Cyber Insurers Aren't Altering Policies

UK and US urge Cisco users to ditch end-of-life security appliances | Computer Weekly

"Almost all" businesses being weighed down by Microsoft technical debt ahead of Windows 10 End Of Life | TechRadar

The hidden risks inside open-source code - Help Net Security

Vulnerabilities

Gone in 60 Minutes: Akira Defeats MFA for SonicWall SSL VPNs

Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws

High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter  - SecurityWeek

UK and US urge Cisco users to ditch end-of-life security appliances | Computer Weekly

Chinese hackers exploiting VMware zero-day since October 2024

Linux Kernel ksmbd Vulnerability Allows Remote Attackers to Execute Arbitrary Code

Apple Updates iOS and macOS to Prevent Malicious Font Attacks - SecurityWeek

Google Gemini Vulnerabilities Let Attackers Exfiltrate User’s Saved Data and Location

Hackers Actively Scanning to Exploit Palo Alto Networks PAN-OS Global Protect Vulnerability

OpenSSL Vulnerabilities Let Attackers Execute Malicious Code and Recover Private Key Remotely

Adobe Analytics bug leaked customer tracking data to other tenants

'Delightful' Red Hat OpenShift AI bug allows full takeover • The Register

Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability - SecurityWeek

Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities - SecurityWeek

CISA warns of critical Linux Sudo flaw exploited in attacks

New bug in classic Outlook can only be fixed via Microsoft support

WD patches NAS security flaw which could have allowed full takeover | TechRadar

Hackers exploit Fortra GoAnywhere flaw before public alert

Notepad++ DLL Hijacking Vulnerability Let Attackers Execute Malicious Code

DrayTek warns of remote code execution bug in Vigor routers

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

Cyber risk continues to dominate the business agenda, with incidents showing the scale of disruption and loss. A recurring insight this week is that attackers often remain undetected for long periods, exploiting MFA weaknesses and third-party flaws; supply chain risks are also prominent. The threat landscape is evolving: phishing is spreading beyond email, stolen credentials fuel cybercrime, and generative AI introduces deepfakes and malicious prompts.

To address these challenges, business leaders need an objective view of their risks and should establish their cyber strategy across people, operations and technology. Independent testing of response plans and governance over suppliers and AI systems are essential; cyber resilience must be led from the top, not delegated to IT.

Top Cyber Stories of the Last Week

Finance Professionals Rank Cyber as The Top Risk for 2026

Cyber security has emerged as the most significant threat to businesses, with over eight in ten chief internal auditors naming it their primary concern. Recent incidents targeting major UK firms and critical infrastructure have exposed severe financial and operational impacts, with some organisations facing losses in the hundreds of millions and prolonged supply chain disruption. The Chartered Institute of Internal Auditors cautions that attacks are becoming increasingly common and advanced, often fuelled by developments in artificial intelligence.

https://www.icaew.com/insights/viewpoints-on-the-news/2025/sep-2025/cyber-security-biggest-risk-as-businesses-reel-from-major-attacks

UK Co-operative Group Counts a £200m Sales Hit from Its April Cyber Incident

The Co-operative Group has disclosed widespread disruption and financial impact following a cyber attack in April. The incident affected multiple business units, including funeral services, and led to a substantial drop in sales, reportedly exceeding £200 million. Member data was compromised, and the organisation posted a significant pre-tax loss for the first half of the year. Senior executives acknowledged the event exposed both operational strengths and areas requiring improvement, with further consequences anticipated in the months ahead.

https://www.proactiveinvestors.co.uk/companies/news/1079144/co-op-suffers-200m-revenue-hit-as-it-counts-cost-of-april-s-cyber-attack-1079144.html

Tata Motors Shares Drop 5% after JLR Cyber Attack

Jaguar Land Rover continues to grapple with a serious cyber incident that has halted production at UK facilities and affected tens of thousands of employees. The company has extended its operational pause while investigations proceed, and analysts suggest the financial impact could be considerable. Reports indicate the firm lacked cyber insurance coverage for this event, and the disruption is believed to be costing millions each week, posing reputational and financial challenges for both JLR and its parent company.

https://www.business-standard.com/markets/news/tata-motors-share-price-today-fall-on-2-billion-euro-jlr-cyberattck-news-production-halt-125092500303_1.html

Airport Outages Expose Fragile Links in Aviation Supply Chains

Recent cyber attacks at major European airports disrupted check-in and boarding after hackers targeted Collins Aerospace’s Muse software, which manages shared airport systems. The incident highlighted the vulnerabilities linked to third-party dependencies, with operational and reputational consequences spreading rapidly across multiple countries. The case emphasises the importance of robust supply chain governance, ongoing monitoring, and well-tested recovery strategies, as weaknesses in external vendors can be just as damaging as breaches within an organisation’s own systems.

https://www.digitaljournal.com/tech-science/airport-cyberattacks-calls-for-stronger-supply-chain-security-and-business-resilience/article

Attackers Focus on MFA Bypass and Supply Chain Routes

Attackers are increasingly exploiting weaknesses in identity and access controls, with Ontinue’s mid-2025 report highlighting a sharp rise in supply chain incidents, which now account for nearly a third of cyber cases. Almost 40% of cloud intrusions involved multiple hidden access methods, enabling attackers to remain undetected for weeks, while 20% used token replay to bypass multi-factor authentication. Phishing campaigns using image-based email attachments grew by 70%, and USB-based attacks surged by more than a quarter. The report stresses the need for stronger identity safeguards, closer supplier oversight and tighter control of overlooked entry points.

https://www.scworld.com/news/threat-actors-turning-to-mfa-bypass-usb-malware-and-supply-chain-attacks

Insurer Reclaiming Costs from Technology Providers

ACE American Insurance, part of Chubb, is pursuing legal action against two technology vendors after reimbursing ransomware-related losses for staffing firm CoWorx. The insurer claims the cloud provider failed to implement adequate security controls, including strong authentication, while the monitoring firm did not respond effectively to early warning signs. These alleged lapses enabled attackers to encrypt systems and demand payment. ACE is seeking compensation through claims of negligence and breach of contract.

https://www.claimsjournal.com/news/national/2025/09/22/333061.htm

Ransomware Crews Multiply and Focus on Data Theft

Ransomware activity continues to surge, with more than 3,700 victims in the first half of 2025; a 20% increase on late 2024 and 67% higher year-on-year. The growth is fuelled by a rental model where criminals lease tools to affiliates, enabling more attacks with less effort. Nearly 90 groups were active, including 35 new entrants, making threats harder to track. North America and Europe remain prime targets, with NATO members accounting for 65% of cases. Increasingly, attackers focus on stealing and threatening to release data, highlighting the need for stronger early detection.

https://www.helpnetsecurity.com/2025/09/26/report-2025-ransomware-attack-trends/

Phishing Surges as The Top Doorway for Ransomware In 2025

Phishing has emerged as the leading method for ransomware delivery, with a marked increase in incidents compared to the previous year. A recent report shows that nearly nine in ten organisations experienced ransomware-related events, and many faced repeated attacks. The proliferation of phishing-as-a-service tools has lowered the barrier for entry, enabling less sophisticated actors to launch damaging campaigns. Despite confidence in existing defences, many firms lack robust procedures to manage identity exposure and investigate breaches

https://betanews.com/2025/09/23/phishing-is-now-the-main-entry-point-for-ransomware/

Phishing Campaigns Spread Beyond Email as Criminals Exploit New Channels

Phishing is no longer confined to email. Attackers are increasingly leveraging social media, messaging apps, and malicious ads to distribute fraudulent links. This trend exploits the fact that employees often access personal apps on work devices, creating new entry points for attackers. Reports highlight that more than 60% of stolen login details now come from social media sites, making them a prime target. Once an account is compromised, attackers can gain access to critical business systems and data, with the potential for widespread breaches. Traditional email-focused defences are no longer sufficient to address this risk.

https://www.bleepingcomputer.com/news/security/why-attackers-are-moving-beyond-email-based-phishing-attacks/

Generative AI Attacks Accelerate With Deepfakes and Malicious Prompts

Threats linked to generative AI are rising sharply, with a growing number of organisations reporting incidents involving deepfakes and prompt manipulation. Fake audio is increasingly used to deceive staff and bypass controls, while AI assistants are being targeted through crafted inputs. Gartner advises that existing security frameworks must evolve to address these risks, and anticipates that proactive AI protection will represent a significant share of security budgets by the end of the decade.

https://www.itpro.com/security/generative-ai-attacks-are-accelerating-at-an-alarming-rate

Stolen Credentials Fuel a Thriving Cybercrime Marketplace

An expanding underground economy is centred around stolen digital identities, with login credentials traded as valuable assets. Financial institutions are particularly exposed, facing substantial losses per breach. Attackers often exploit weak identity governance and gaps in AI system security. Despite the scale of the threat, identity protection remains under-prioritised, prompting calls for stronger oversight and executive-level commitment to reduce financial and reputational exposure.

https://www.helpnetsecurity.com/2025/09/26/stolen-identity-cybercrime-economy/

China Linked Attackers Embedded in Many Enterprises

Google warns that suspected China-linked threat actors have compromised multiple organisations since March, often remaining undetected for over a year. Attackers gained access by exploiting flaws in widely used software, installing hidden tools that bypass standard monitoring. Targets have included law firms, technology providers and outsourcing firms, with intruders seeking valuable data and email access from key staff. Google noted the attackers are adapting quickly and scaling their operations, which means more companies are likely to uncover historic or ongoing breaches in the coming years.

https://www.theregister.com/2025/09/24/google_china_spy_report/

Law Firms Face Mounting Raids on Sensitive Client Files

Cyber criminals are increasingly targeting law firms to gain access to confidential client information. Both small practices and large legal organisations are at risk due to outdated systems, insufficient staff training and poor cyber hygiene. One in five firms experienced an attack last year, and nearly 40 percent of those incidents led to data compromise. Some breaches have forced legal bodies offline or resulted in costly settlements. With nation-state actors also involved and emerging threats such as deepfakes, clients are placing greater importance on firms that demonstrate strong and proactive cyber security measures.

https://www.helpnetsecurity.com/2025/09/23/law-firms-cyberthreats/

Governance, Risk and Compliance

Cyber security biggest risk as businesses reel from major attacks | ICAEW

The culture of silence on data breaches has gone too far  - Tech Monitor

Cyber attacks cost Europe €300bn in five years, warns Howden | Global Reinsurance

Enterprise Security and Digital Transformation in 2025 Navigating Risks and Opportunities - Security Boulevard

Cyber attacks cost European businesses over €300bn as insurance uptake lags

Cyber Threats Remain a Top Business Concern in Travelers Risk Index

CIO Watercooler Talk: C-Suite Advisors Amid Disruption

What Is Regulatory Compliance? | Definition From TechTarget

48% of Cybersecurity Bosses Failed to Report a Breach This Year

Gartner: Preemptive cybersecurity to dominate 50% of security spend by 2030 - Help Net Security

Third-party cyber risks among most significant threats to operational resilience: Acrisure - Reinsurance News

Sky News Daily podcast asks if Britain's suffering a cyber attack 'epidemic' and who could be targeted next | News UK Video News | Sky News

Hackers target supply chains’ weak links in growing threat to companies

Why IT/Security alignment is the key to efficient operations – Computerworld

Perspective: Why Politics in the Workplace is a Cybersecurity Risk - SecurityWeek

Threats

Ransomware, Extortion and Destructive Attacks

Phishing is now the main entry point for ransomware - BetaNews

How One Bad Password Ended a 158-Year-Old Business

Insurer Says Tech Services Firms Should Pay for Insured’s Ransomware Damages

Known. Emerging. Unstoppable? Ransomware Attacks Still Evade Defenses

Organizations Must Update Defenses to Scattered Spider Tactics, Expert - Infosecurity Magazine

Ransomware groups are multiplying, raising the stakes for defenders - Help Net Security

WarLock ransomware group attack surge | Cybernews

BlackLock Ransomware Attacking Windows, Linux, and VMware ESXi Environments

Scattered Spider Targets Financial Sector After Alleged Retirement | Security Magazine

UK chancellor blames cyberattacks on Russia despite evidence • The Register

GOLD SALEM Compromise Networks and Bypass Security Solutions to Deploy Warlock Ransomware

Suspect arrested in cyberattack on Collins Aerospace check-in software | SC Media

Scattered Spider Member Surrenders Amid Shutdown Claims

Teen arrested in UK was a core figure in Scattered Spider’s operations | CyberScoop

Ransomware Payments vs Rising Incident Counts in 2025 - What’s Changing in RaaS Economics

Another alleged Scattered Spider member arrested • The Register

$115 million ransomware hacker arrested over extortion attacks — Scattered Spider alumnus allegedly involved in over 120 computer network intrusions targeting 47 U.S. entities | Tom's Hardware

Vegas cops book teen allegedly involved in casino hacks • The Register

Alleged Scattered Spider member turns self in to Las Vegas police | The Record from Recorded Future News

Obscura, an obscure new ransomware variant

INC ransomware: what you need to know | Fortra

Will banning ransom payments help protect UK businesses? - Raconteur

U.K. to introduce mandatory ransomware reporting, raising risk of ‘box-ticking’ compliance | Article | Compliance Week

Ransomware Victims

Insurer Says Tech Services Firms Should Pay for Insured’s Ransomware Damages

Jaguar Land Rover to bear full cost of cyber attack due to lack of insurance cover

How One Bad Password Ended a 158-Year-Old Business

Co-op suffers £200m revenue hit as it counts cost of April's cyber attack

Which UK retailers have been hit by cyber attacks in 2025? - Raconteur

All the major cyber attacks in the UK this year: Are they on the rise and what can be done? | The Standard

A cyberattack on Collins Aerospace disrupted operations at major European airports

Collins Aerospace ‘cyber attack’ latest in series of incidents at UK airports | The Standard

Airlines seen as vulnerable as ransomware confirmed in weekend cyberattack

Airport operations recovering following ransomware attack on Collins checking in software - Aviation Business News

Jaguar Land Rover Says Shutdown Will Continue Until at Least Oct 1 After Cyberattack - SecurityWeek

Tata Motors slides after reports of extended JLR shutdowns due to cyberattack | Capital Market News - Business Standard

Jaguar suppliers 'facing collapse': Ministers urged to act as car giant extends shutdowns into next month following devastating cyber attack | This is Money

Cyber Attack On JLR Should Be A ‘Wake-Up Call’ For British Industry - Minister - PM Today

Jaguar Land Rover restarts some IT systems as suppliers call for urgent support | Jaguar Land Rover | The Guardian

‘Like a bomb threat’ – Co-op looks forward as it grapples with cyber attack fallout | Retail Week

Volvo Group Employee Data Stolen in Ransomware Attack - SecurityWeek

Hackers claim to have stolen pictures, names and addresses of children in nursery firm cyber attack | UK News | Sky News

Scattered Spider Targets Financial Sector After Alleged Retirement | Security Magazine

Was the chancellor right to accuse Russia of being behind recent UK cyber attacks? | ITV News

Phishing & Email Based Attacks

Phishing is now the main entry point for ransomware - BetaNews

Hackers are now using deepfakes in phishing scams to fool banking apps and steal your money - how to stay safe | Tom's Guide

17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge

Why attackers are moving beyond email-based phishing attacks

How to Spot and Stop Phishing Attacks Before They Happen - DevX

Microsoft spots LLM-obfuscated phishing attack - Help Net Security

AI vs. AI: Detecting an AI-obfuscated phishing campaign | Microsoft Security Blog

Threat Actors Attacking ICS Computers With Malicious Scripts and Phishing Pages

Phishing Campaign Evolves into PureRAT Deployment - Infosecurity Magazine

Other Social Engineering

What to do if your company discovers a North Korean worker in its ranks | CyberScoop

DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams

How hiring fraud has become a cybersecurity threat vector | Biometric Update

Criminals are driving fake cell towers through cities to blast out scam texts | TechSpot

US employees 'unprepared' for cybersecurity threats - New Study

North Korean IT workers use fake profiles to steal crypto - Help Net Security

Threat Actor’s Using Copyright Takedown Claims to Deploy Malware

Lazarus RAT code resurfaces in North Korean IT-worker scams • The Register

Fraud, Scams and Financial Crime

Criminals are driving fake cell towers through cities to blast out scam texts | TechSpot

FBI Warns of Spoofed IC3 Website - SecurityWeek

Scammers are now faking the FBI's own website - here's how to stay safe | ZDNET

Google just took down 224 malicious apps with 38 million installs in massive SlopAds fraud campaign — how to stay safe | Tom's Guide

Eurojust Arrests 5 in €100M Cryptocurrency Investment Fraud Spanning 23 Countries

Artificial Intelligence

Hackers are now using deepfakes in phishing scams to fool banking apps and steal your money - how to stay safe | Tom's Guide

ChatGPT 'ShadowLeak' Allows Hackers to Steal Emails

Deepfake Attacks Hit Two-Thirds of Businesses - Infosecurity Magazine

Microsoft spots LLM-obfuscated phishing attack - Help Net Security

Hackers are using GPT-4 to build a virtual assistant - here's what we know | TechRadar

‘Harvest Now, Decrypt Later’ Attacks in the Post-Quantum, AI Era - EE Times Europe

AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks | Trend Micro (US)

Critical Security Flaws Grow with AI Use, New Report Shows - Infosecurity Magazine

GenAI is exposing sensitive data at scale - Help Net Security

AI is rewriting the rules of cyber defense - Help Net Security

Generative AI attacks are accelerating at an alarming rate | IT Pro

AI needs ethics to avoid real-world harm - Help Net Security

Kaspersky: RevengeHotels returns with AI-coded malware • The Register

Why AI systems may never be secure, and what to do about it

Google's latest AI safety report explores AI beyond human control | ZDNET

2FA/MFA

Threat actors turning to MFA bypass, USB malware and supply chain attacks | SC Media

Malware

Threat actors turning to MFA bypass, USB malware and supply chain attacks | SC Media

Small business security warning - new malware is spoofing tools such as ChatGPT, Microsoft Office and Google Drive, so be on your guard | TechRadar

DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams

Threat Actor’s Using Copyright Takedown Claims to Deploy Malware

Beware: GitHub repos distributing Atomic Infostealer on macOS

SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers

LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer

Nimbus Manticore Deploys New Malware Targeting Europe - Check Point Research

Iran-Linked Hackers Target Europe With New Malware

Hacker Deploys 'OVERSTEP' Backdoor in SonicWall Attack

Google: Brickstorm malware used to steal U.S. orgs' data for over a year

BRICKSTORM malware is new Chinese espionage threat | Cybernews

Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs

Lazarus RAT code resurfaces in North Korean IT-worker scams • The Register

RedNovember Hackers Attacking Government and Technology Organizations to Deploy Backdoor - Cyber Security News

New EDR-Freeze tool uses Windows WER to suspend security software

Artifical Intellegence Trained to Attack Hotel Guests

Kaspersky: RevengeHotels returns with AI-coded malware • The Register

Threat Actors Attacking ICS Computers With Malicious Scripts and Phishing Pages

North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers

Phishing Campaign Evolves into PureRAT Deployment - Infosecurity Magazine

Bots/Botnets

SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers

Double the Power: New DDoS From 'Aisuru' Botnet Easily Shatters Record

Cloudflare mitigates largest-ever DDoS attack at 22.2 Tbps

New Botnet Leverages DNS Misconfiguration to Launch Massive Cyber Attack

ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service

Mobile

Criminals are driving fake cell towers through cities to blast out scam texts | TechSpot

Google just took down 224 malicious apps with 38 million installs in massive SlopAds fraud campaign — how to stay safe | Tom's Guide

Numerous Applications Using Google's Firebase Platform Leaking Highly Sensitive Data - Cyber Security News

Unpatched flaw in OnePlus phones lets rogue apps text messages

Denial of Service/DoS/DDoS

Double the Power: New DDoS From 'Aisuru' Botnet Easily Shatters Record

Cloudflare mitigates largest-ever DDoS attack at 22.2 Tbps

ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service

Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds

Predicting DDoS attacks: How deep learning could give defenders an early warning - Help Net Security

Internet of Things – IoT

EV charging biz zaps customers with data leak scare • The Register

Hackers Exploiting Hikvision Camera Vulnerability to Access Sensitive Information

Data Breaches/Leaks

ChatGPT 'ShadowLeak' Allows Hackers to Steal Emails

‘Harvest Now, Decrypt Later’ Attacks in the Post-Quantum, AI Era - EE Times Europe

Car Giant Stellantis Confims Third-Party Breach - Infosecurity Magazine

The culture of silence on data breaches has gone too far  - Tech Monitor

Vastaamo psychotherapy hack: US citizen charged in latest twist of notorious data breach

Stellantis Data Breach Affects Millions of Car Buyers: Report | Entrepreneur

Cybercriminals are going after law firms' sensitive client data - Help Net Security

EV charging biz zaps customers with data leak scare • The Register

Numerous Applications Using Google's Firebase Platform Leaking Highly Sensitive Data - Cyber Security News

Volvo Group Employee Data Stolen in Ransomware Attack - SecurityWeek

‘Our worst day’: The untold story of the Electoral Commission cyber attack | Computer Weekly

Children's names, pictures and addresses stolen in nursery hack - BBC News

Boyd Gaming discloses data breach after suffering a cyberattack

Organised Crime & Criminal Actors

UK chancellor blames cyberattacks on Russia despite evidence • The Register

Scattered Spider Member Surrenders Amid Shutdown Claims

Teen arrested in UK was a core figure in Scattered Spider’s operations | CyberScoop

Attacker Breakout Time Falls to 18 Minutes - Infosecurity Magazine

Inside the economy built on stolen credentials - Help Net Security

Eurojust Arrests 5 in €100M Cryptocurrency Investment Fraud Spanning 23 Countries

Canada dismantles TradeOgre exchange, seizes $40 million in crypto

$439 million recovered in global financial crime crackdown - Help Net Security

€100M crypto scam busted: Five arrested in Europe-wide operation - Help Net Security

‘I Was a Weird Kid’: Jailhouse Confessions of a Teen Hacker – DataBreaches.Net

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

€100M crypto scam busted: Five arrested in Europe-wide operation - Help Net Security

DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams

North Korean IT workers use fake profiles to steal crypto - Help Net Security

Canada dismantles TradeOgre exchange, seizes $40 million in crypto

North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers

Malware 'Game' On Steam Stole $32K From Cancer-Stricken Streamer

Insider Risk and Insider Threats

What to do if your company discovers a North Korean worker in its ranks | CyberScoop

How hiring fraud has become a cybersecurity threat vector | Biometric Update

US employees 'unprepared' for cybersecurity threats - New Study

Lazarus RAT code resurfaces in North Korean IT-worker scams • The Register

Insurance

Cyber attacks cost Europe €300bn in five years, warns Howden | Global Reinsurance

Cyber reinsurers reconsider appetite as market softens :: Insurance Day

When calling for help isn't a claim: A new era for small biz cyber support | Insurance Business America

Supply Chain and Third Parties

Threat actors turning to MFA bypass, USB malware and supply chain attacks | SC Media

Experts Warn of Global Breach Risk from Indian Suppliers - Infosecurity Magazine

Stellantis Data Breach Affects Millions of Car Buyers: Report | Entrepreneur

UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors

Airport operations recovering following ransomware attack on Collins checking in software - Aviation Business News

Airport Chaos Shows Human Impact of 3rd-Party Attacks

Jaguar Land Rover Extends Production Pause Again - Infosecurity Magazine

Companies must be better prepared for cyber attacks after Jaguar hack exposes weaknesses | This is Money

Airport cyberattacks: Calls for stronger supply chain security and business resilience - Digital Journal

Airport cyber attacks highlight growing supply chain risk :: Insurance Day

Airport Chaos Shows Human Impact of 3rd-Party Attacks

JLR refuses to comment on reports it was uninsured against cyber attack that has forced shutdown | ITV News Central

Survey assesses impact of JLR cyber attack on supply chain - BBC News

Third-party cyber risks among most significant threats to operational resilience: Acrisure - Reinsurance News

Hackers target supply chains’ weak links in growing threat to companies

Tata-owned Jaguar Land Rover pushes to pay struggling suppliers after hack - The Economic Times

Software Supply Chain

5 ways to spot software supply chain attacks and stop worms - before it's too late | ZDNET

CISA urges orgs to review software after ‘Shai-Hulud’ supply chain compromise | The Record from Recorded Future News

Encryption

‘Harvest Now, Decrypt Later’ Attacks in the Post-Quantum, AI Era - EE Times Europe

Linux and Open Source

BlackLock Ransomware Attacking Windows, Linux, and VMware ESXi Environments

Passwords, Credential Stuffing & Brute Force Attacks

How One Bad Password Ended a 158-Year-Old Business

Inside the economy built on stolen credentials - Help Net Security

The Credential Cracking Crisis: Why Role-Based Training Is No Longer Optional | MSSP Alert

Social Media

Trump says Michael Dell is part of the team buying TikTok • The Register

Regulations, Fines and Legislation

What Is Regulatory Compliance? | Definition From TechTarget

Will banning ransom payments help protect UK businesses? - Raconteur

U.K. to introduce mandatory ransomware reporting, raising risk of ‘box-ticking’ compliance | Article | Compliance Week

Cyber threat information law hurtles toward expiration, with poor prospects for renewal | CyberScoop

Banks Brace for Cyber Fight as CISA Faces Expiration

FBI Pushes Back Against Scrutiny Over Cyber Cuts, Vacancies

NIS2 in the Baltics: How Lithuania, Latvia, and Estonia Differ

DoD issues replacement for risk management framework - Breaking Defense

Models, Frameworks and Standards

Has the UK’s Cyber Essentials scheme failed? - Tech Monitor

DoD issues replacement for risk management framework - Breaking Defense

NIS2 in the Baltics: How Lithuania, Latvia, and Estonia Differ

Careers, Working in Cyber and Information Security

Cyber Team Burnout Rivals Healthcare, Expert Says

AI is altering entry-level cyber hiring — and the nature of the skills gap | CSO Online

FBI to CISO: Unconventional Paths to Cyber Success

Law Enforcement Action and Take Downs

Teen arrested in UK was a core figure in Scattered Spider’s operations | CyberScoop

Was the chancellor right to accuse Russia of being behind recent UK cyber attacks? | ITV News

UK chancellor blames cyberattacks on Russia despite evidence • The Register

Scattered Spider Member Surrenders Amid Shutdown Claims

Vastaamo psychotherapy hack: US citizen charged in latest twist of notorious data breach

Suspect arrested in cyberattack on Collins Aerospace check-in software | SC Media

A Massive Telecom Threat Was Stopped Right As World Leaders Gathered at UN Headquarters in New York - SecurityWeek

€100M crypto scam busted: Five arrested in Europe-wide operation - Help Net Security

Canada dismantles TradeOgre exchange, seizes $40 million in crypto

Eurojust Arrests 5 in €100M Cryptocurrency Investment Fraud Spanning 23 Countries

$439 million recovered in global financial crime crackdown - Help Net Security

Judge orders release of teen accused in 2023 casino cyberattacks – DataBreaches.Net

Another alleged Scattered Spider member arrested • The Register

$115 million ransomware hacker arrested over extortion attacks — Scattered Spider alumnus allegedly involved in over 120 computer network intrusions targeting 47 U.S. entities | Tom's Hardware

Las Vegas police arrest minor accused of high-profile 2023 casino attacks | CyberScoop

Alleged Scattered Spider member turns self in to Las Vegas police | The Record from Recorded Future News

Misinformation, Disinformation and Propaganda

Russia Targets Moldovan Election in Disinformation Play

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

RedNovember Hackers Attacking Government and Technology Organizations to Deploy Backdoor - Cyber Security News

Cables no thicker than a hose, our perilous internet could be brought down in a snip | The Independent

UK needs better defences to protect undersea internet cables from Russian sabotage | Computer Weekly

New Chinese Espionage Hacking Group Uncovered

Suspected Chinese spies broke into 'numerous' enterprises • The Register

Nation State Actors

China

Suspected Chinese spies broke into 'numerous' enterprises • The Register

Japan to subsidize undersea cable vessels over 'very serious' national security concerns — will front up to half the cost for $300 million vessels bought by NEC | Tom's Hardware

New Chinese Espionage Hacking Group Uncovered

‘Most Prevalent’ Chinese Hacking Group Targets Tech, Law Firms

Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike

Telecom exec: Salt Typhoon inspiring other hackers to use unconventional techniques | CyberScoop

SEO Poisoning Campaign Tied to Chinese Actor

China’s plans for supersize embassy spark surveillance, hacking fears in London - The Washington Post

Trump says Michael Dell is part of the team buying TikTok • The Register

Dropping China spying charges leaves Commons open to espionage, says Speaker - BBC News

Chinese Cyberspies Hacked US Defense Contractors - SecurityWeek

Russia

Cables no thicker than a hose, our perilous internet could be brought down in a snip | The Independent

UK needs better defences to protect undersea internet cables from Russian sabotage | Computer Weekly

Was the chancellor right to accuse Russia of being behind recent UK cyber attacks? | ITV News

UK chancellor blames cyberattacks on Russia despite evidence • The Register

Turla and Gamaredon Working Together in Fresh Ukrainian Intrusions - SecurityWeek

Russian State Hackers Collaborate in Attacks Against Ukraine - Infosecurity Magazine

Russia Targets Moldovan Election in Disinformation Play

Spanish military jet carrying defence minister hit with 'cyber attack' near Russia - JOE.co.uk

Russia's main airport in St. Petersburg says its website was hacked | The Record from Recorded Future News

Researchers say media outlet targeting Moldova is a Russian cutout | CyberScoop

Iran

Nimbus Manticore Deploys New Malware Targeting Europe - Check Point Research

Iran-Linked Hackers Target Europe With New Malware

Iranian State APT Blitzes Telcos & Satellite Companies

Flushable wipes and Iran: Water treatment facility adds cyberattacks to worry list : NPR

North Korea

What to do if your company discovers a North Korean worker in its ranks | CyberScoop

How hiring fraud has become a cybersecurity threat vector | Biometric Update

Lazarus RAT code resurfaces in North Korean IT-worker scams • The Register

DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams

North Korean IT workers use fake profiles to steal crypto - Help Net Security

Calls grow for cybersecurity control tower - The Korea Times

North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Hate Groups Seize on Trump’s Antifa Order With Online Threats

Tools and Controls

AI is altering entry-level cyber hiring — and the nature of the skills gap | CSO Online

New EDR-Freeze tool uses Windows WER to suspend security software

Gartner: Preemptive cybersecurity to dominate 50% of security spend by 2030 - Help Net Security

Gartner: CISOs must master agentic AI and turn hype into strategy

Cyber Threat Detection Vendors Pull Out of MITRE Evaluations Test - Infosecurity Magazine

Lean Teams, Higher Stakes: Why CISOs Must Rethink Incident Remediation

5 ways to spot software supply chain attacks and stop worms - before it's too late | ZDNET

10 Common Network Vulnerabilities That Could Put Your Business At Risk - Security Boulevard

North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers

Predicting DDoS attacks: How deep learning could give defenders an early warning - Help Net Security

How AI augmentation is revolutionizing penetration testing in cybersecurity | TechRadar

Beware Falling Into the Technology-First Resilience Trap

Anything but safe: Using VPN can bear immense risks – DW – 09/20/2025

DoD issues replacement for risk management framework - Breaking Defense

When calling for help isn't a claim: A new era for small biz cyber support | Insurance Business America

Brit banking group insists security priority in AI rollout • The Register

Other News

Cables no thicker than a hose, our perilous internet could be brought down in a snip | The Independent

UK needs better defences to protect undersea internet cables from Russian sabotage | Computer Weekly

Sky News Daily podcast asks if Britain's suffering a cyber attack 'epidemic' and who could be targeted next | News UK Video News | Sky News

Japan to subsidize undersea cable vessels over 'very serious' national security concerns — will front up to half the cost for $300 million vessels bought by NEC | Tom's Hardware

Why hackers are targeting the world's shipping - BBC News

Cyber attacks impacting trust in online retail - survey

Three in four European companies are hooked on US tech • The Register

The diplomacy of emerging tech and cross–border data sharing

As Incidents Rise, Japan's Cybersecurity Falls Short

Retail at risk: How one alert uncovered a persistent cyberthreat | Microsoft Security Blog

Austria military ditches Microsoft for open-source LibreOffice - here's why | ZDNET

Avoiding service desk exploitation: deconstructing the modern retail attack | TechRadar

Vulnerability Management

Critical Security Flaws Grow with AI Use, New Report Shows - Infosecurity Magazine

10 Common Network Vulnerabilities That Could Put Your Business At Risk - Security Boulevard

How to get free Windows 10 security updates through October 2026 | ZDNET

Microsoft pressured to extend free Windows 10 security updates in most of Europe

Microsoft Accepts to Make Windows 10 Extended Security Updates Free for EU Consumers

Vulnerabilities

Azure Entra ID Flaw Highlights Microsoft IAM Issues

SolarWinds fixes critical Web Help Desk RCE vulnerability (CVE-2025-26399) - Help Net Security

Federal agencies given one day to patch exploited Cisco firewall bugs | The Record from Recorded Future News

Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks - SecurityWeek

Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive

Cisco's Wave of Zero-Day Bugs Targets Firewalls, IOS

Hacker Deploys 'OVERSTEP' Backdoor in SonicWall Attack

Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants

SonicWall Updates SMA 100 Appliances to Remove Overstep Malware - SecurityWeek

Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security

Microsoft finally squashed this major Windows 11 24H2 bug - one year later | ZDNET

Critical Vulnerability in Salesforce AgentForce Exposed - Infosecurity Magazine

Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection

Battered by cyberattacks, Salesforce faces a trust problem - and a potential class action lawsuit | ZDNET

Fortra Patches Critical GoAnywhere MFT Vulnerability - SecurityWeek

Final Chrome 140 update fixes more security vulnerabilities | PCWorld

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models

Unpatched flaw in OnePlus phones lets rogue apps text messages

CISA says hackers breached federal agency using GeoServer exploit

Nation-State hackers exploit Libraesva Email Gateway flaw

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

This week’s review highlights the growing complexity of cyber threats and the leadership response required.

Ransomware and phishing remain dominant, with major disruptions at Jaguar Land Rover and Transport for London. Criminal groups such as Scattered Spider are evolving, using AI-driven social engineering, while open-source ransomware and hybrid malware lower the barrier for attackers.

AI is both a defensive tool and a risk factor: financial services leaders warn of deepfake-enabled fraud, while unapproved AI use within organisations is driving compliance breaches and supply chain exposure. Internal weaknesses amplify these risks: research shows poor incident coordination and skills shortages create more disruption than attackers, while identity fraud in hiring and the psychological toll on staff add long-term challenges. Geopolitical tensions further complicate the landscape, with Russia escalating hybrid tactics across Europe.

Clear Board-level ownership and governance, a proactive investment in a security culture, and regular rehearsals of cyber incident management are essential to resilience. Contact us for impartial and objective leadership guidance on strengthening your organisation’s defences.

Top Cyber Stories of the Last Week

Jaguar Land Rover Extends Shutdown After Cyber Attack by Another Week

Jaguar Land Rover has extended its production shutdown for another week following a major cyber attack that disrupted its global operations. The company, which employs around 39,000 staff and generates annual revenue exceeding £29 billion, confirmed that attackers stole company data and forced a halt to manufacturing. A group of criminals linked to well-known extortion gangs has claimed responsibility, citing the use of stolen credentials and ransomware. JLR stated it is still investigating the incident and carefully planning a phased restart, underlining the severe operational and reputational risks posed by targeted cyber attacks on organisations.

https://www.bleepingcomputer.com/news/security/jaguar-land-rover-extends-shutdown-after-cyberattack-by-another-week/

Two Scattered Spider Teens Charged over Attack on London’s Transport Network

Two young men have been charged in connection with last year’s cyber attack on Transport for London, which disrupted services, exposed customer data, and cost the organisation tens of millions. Authorities allege the pair are linked to a wider criminal group and note that one also faces charges relating to US healthcare systems. The National Crime Agency stressed the attack demonstrated the serious risks posed to critical national infrastructure, highlighting the need for sustained disruption of such groups. Transport for London has since strengthened its security measures and continues to support the investigation.

https://www.theregister.com/2025/09/18/two_teens_charged_in_tfl_case/

Scattered Spider Resurfaces with Financial Sector Attacks Despite Retirement Claims

Scattered Spider, the cyber crime group linked with attacks including Jaguar Land Rover and retailer Marks and Spencer, and which recently claimed to have disbanded, has resurfaced with fresh attacks on the financial sector. Researchers report the group gained access by tricking an executive into resetting their password, then moved deeper into systems to steal sensitive data and bypass security controls. Evidence suggests overlap with other groups such as ShinyHunters, which are now exploiting artificial intelligence to run highly convincing voice scams at scale. The group’s apparent retirement may have been a smokescreen to evade law enforcement, and organisations are urged to remain vigilant as such actors often regroup under new identities.

https://thehackernews.com/2025/09/scattered-spider-resurfaces-with.html

It Doesn’t Take a Genius to Be a Cybercriminal, and Open Source Ransomware Is Making It Easier than Ever

A recent study has highlighted that open-source ransomware is lowering the barrier for criminals, enabling even those with limited technical ability to launch attacks. One group, named Yurei, successfully targeted a food manufacturer by slightly modifying an existing ransomware tool. Their approach combined data theft with encryption, demanding payment both to restore access and to prevent data being leaked or sold. Although flaws in the reused code allow for some recovery, the research found that low-effort attacks can still succeed. With around 80% of ransomware now using artificial intelligence, the risk to organisations continues to rise.

https://www.techradar.com/pro/security/it-doesnt-take-a-genius-to-be-a-cybercriminal-and-open-source-ransomware-is-making-it-easier-than-ever

New Android Malware Steals Your Money Then Installs Ransomware

Security researchers have identified a new Android malware, named RatOn, that merges banking fraud with ransomware in a single attack. The malware can autonomously steal personal identification numbers, drain bank accounts and crypto wallets, then lock the device and demand payment to restore access. This evolution highlights how criminals are adapting to stronger banking security by combining multiple methods of extortion. Distribution often occurs through fake apps that mimic trusted platforms such as TikTok, underlining the need for vigilance when downloading apps and ensuring protective features like Google Play Protect remain enabled.

https://www.pcworld.com/article/2907681/beware-new-android-malware-steals-your-money-then-installs-ransomware.html

Disrupted Phishing Service Was After Microsoft 365 Credentials

Microsoft and Cloudflare have taken down a large-scale phishing service called RaccoonO365, which sold ready-made kits to steal Microsoft 365 login details. Since July 2024 the operation compromised at least 5,000 accounts across 94 countries, with criminals then able to access company files, emails, and cloud storage for fraud, extortion, or wider attacks. The service was sold for about $355 a month and could send up to 9,000 fraudulent emails daily. Authorities shut down 338 associated websites and arrested a key suspect, significantly disrupting the operation and raising costs for its criminal users.

https://www.malwarebytes.com/blog/news/2025/09/disrupted-phishing-service-was-after-microsoft-365-credentials

AI Threats Top Focus at London Financial Services Summit

The London Financial Services Cyber Security Summit underlined that resilience has become a regulatory and strategic imperative for the sector. Senior leaders warned that artificial intelligence is being used both to strengthen defences and to fuel more sophisticated cyber attacks such as deepfake-enabled fraud. Insider threats and weak oversight of staff with financial authority remain a major risk. Regulators emphasised that compliance should be seen not only as a legal duty but also as a competitive advantage. Across the summit, the message was clear: collaboration, cultural change and proactive investment are critical to safeguarding long-term stability.

https://www.inforisktoday.com/ai-threats-top-focus-at-london-financial-services-summit-a-29474

Shadow AI Is Breaking Corporate Security from Within

The latest State of Information Security Report from IO shows that organisations face mounting risks from artificial intelligence, compliance demands, and supply chain vulnerabilities. Nearly eight in ten firms adopted AI last year, yet more than a third of employees are using tools without approval, raising the risk of data leaks and regulatory breaches. Data breaches and compliance pressures are prevalent, with 71% of firms fined in the past year and nearly a third paying penalties above £250,000. Meanwhile, 61% reported supply chain incidents, driving increased investment in oversight, although smaller suppliers remain a persistent weak link.

https://www.helpnetsecurity.com/2025/09/18/ai-attack-surface-risks/

Global Hiring Risks: Identity Fraud and Screening Trends

HireRight’s 2025 Global Benchmark Report highlights rising risks of identity fraud in hiring, with one in six companies reporting confirmed cases yet less than 80% including identity verification in their standard screening. Most organisations use the same approach regardless of whether the employee will work remotely, which is particularly significant given the prevalence of North Koreans infiltrating organisations as remote IT workers. Discrepancies in candidate histories remain common, with over three-quarters of businesses finding issues in the past year. These trends underline the need for closer collaboration between HR, compliance, and cyber security leaders to reduce fraud and reputational risks.

https://www.helpnetsecurity.com/2025/09/18/global-hiring-risks-2025/

Cyber Skills Shortage Forces 64% of EMEA Organisations into Risky Security Shortcuts

New research shows that 64% of organisations across Europe, the Middle East and Africa are forced to take risky shortcuts due to a shortage of cyber security skills. In the UK, two thirds of organisations report gaps, with more than half describing the impact as severe. Only a quarter of IT leaders believe they have the right expertise in-house, leading to delays in projects and difficulties meeting compliance rules. The shortage spans technical, operational and leadership roles, with high hiring costs and limited candidates deepening the challenge and creating both immediate and long-term risks to resilience and growth.

https://www.businesswire.com/news/home/20250915261659/en/Cyber-Skills-Shortage-Forces-64-of-EMEA-Organisations-into-Risky-Security-Shortcuts

70% of Security Leaders Say Internal Misalignment Creates More Chaos Than Threat Actors

Cytactic’s 2025 report highlights that internal breakdowns, not external attackers, are the greatest barrier to effective cyber attack response. 70% of leaders said poor coordination created more disruption than the breach itself, with many citing unclear authority and strained CEO-CISO relations. Over half faced incidents they had never rehearsed, despite most recognising the value of simulations. Boards were also seen as underestimating the urgency of response. The report stresses the need for clearer leadership roles, better cross-team communication, and investment in AI and rehearsal exercises to strengthen resilience when breaches occur.

https://www.prnewswire.com/news-releases/70-of-security-leaders-say-internal-misalignment-creates-more-chaos-than-threat-actors-cytactics-2025-state-of-cybersecurity-incident-response-management-cirm-report-302560507.html

The Secret Psychological Cost of Cyber Attacks

Recent research shows that two in five UK small and medium businesses have lost money to fraud, with phishing being one of the most common forms of attack. While financial loss often takes the spotlight, the hidden impact on staff can be just as damaging. Employees caught in these scams may experience guilt, fear and a loss of confidence, which can harm both performance and wellbeing. A culture of blame makes matters worse by discouraging prompt reporting. By fostering openness, empathy and practical training, leaders can strengthen resilience and reduce both the financial and psychological cost of attacks.

https://www.siliconrepublic.com/enterprise/cyberattacks-money-data-psychology-shame-victim-scam-support

Russia’s Hybrid Tactics Raise Alarm in EU

Russian hybrid tactics are escalating, combining cyber attacks, disinformation, and physical incursions, such as the recent drone violations of Polish airspace. In response, Poland has pressed for stronger air defence, increased allied presence, and tougher sanctions. The EU is supporting these efforts through its €150 billion SAFE programme, with €43.7 billion allocated to Poland for military strengthening. With large-scale Russian and Belarusian military exercises planned, Poland has temporarily closed its border with Belarus, warning of destabilisation attempts. Leaders stress that resilience, investment, and unity are vital to counter these threats and maintain regional security.

https://wbj.pl/russias-hybrid-tactics-raise-alarm-in-eu/post/147240

Governance, Risk and Compliance

The Evolving Role of the CISO: From Security Experts to Strategic Comm - Infosecurity Magazine

Cyber Resilience Confidence vs. Capability Gap: Are Organizations Prepared? | Dell

Geopolitics Reshapes Security Budgets in Financial Services

Security Execs Say Internal Mayhem Makes Cyber Attacks Worse

70% of Security Leaders Say Internal Misalignment Creates More Chaos Than Threat Actors: Cytactic's 2025 State of Cybersecurity Incident Response Management (CIRM) Report

5 trends reshaping IT security strategies today | CSO Online

Cyber leaders must make better use of risk experts | Computer Weekly

The secret psychological cost of cyberattacks

Cyber professionals are losing sleep over late night attacks | IT Pro

Creating a compliance strategy that works across borders - Help Net Security

How CISOs Can Drive Effective AI Governance

Threats

Ransomware, Extortion and Destructive Attacks

Beware! New Android malware steals your money then installs ransomware | PCWorld

Scattered Spider hackers return to hit more victims - despite retirement claims | TechRadar

Did Scattered Spider Scatter? Cyber Experts Are Skeptical | Security Magazine

Scattered LAPSUS$ Hunters Announces Closure - GovInfoSecurity

What Are The Takeaways from The Scattered Lapsus $Hunters Statement?

HybridPetya ransomware dodges UEFI Secure Boot • The Register

Hackers behind Jaguar Land Rover announce their 'retirement' – should we believe them? | IT Pro

It doesn't take a genius to be a cybercriminal - and open source ransomware is making it easier than ever | TechRadar

Open-Source Ransomware Tools on GitHub Fuel AI-Driven Cybercrime Surge

How ransomware is changing to target businesses in 2025 | IT Pro

Ransomware crims broke in, found recovery codes in plaintext • The Register

Ransomware attackers used incorrectly stored recovery codes to disable EDR agents - Help Net Security

Ransomware and the UK’s proposed ban on payments: a measured legal response or risk amplifier? | TechRadar

UK arrests 'Scattered Spider' teens linked to Transport for London hack

Ransomware TMZ: More Than a Year of Leaks, Lies and Betrayals | MSSP Alert

Ransomware Victims

Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims

Scattered Spider gang feigns retirement, breaks into bank • The Register

Jaguar Land Rover suppliers 'face bankruptcy' due to hack crisis - BBC News

Cyber attack could be costing JLR £5 million a day | Autocar

JLR extends production shutdown to next week amid cyber attack chaos | TheBusinessDesk.com

JLR still unable to restart production as MPs call for government help | Autocar

VC firm Insight Partners says thousands of staff and limited partners had personal data stolen in a ransomware attack | TechCrunch

JLR ‘cyber shockwave ripping through UK industry’ as supplier share price plummets by 55% – DataBreaches.Net

JLR supply chain staff told to apply for universal credit, union says - BBC News

VC giant Insight Partners warns thousands after ransomware breach

ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks

FBI Issues Salesforce Instance Warning Over 'ShinyHunters' Data Theft | Salesforce Ben

BMW claimed by Everest ransomware group​BMW claimed by Everest gang: Have luxury brands become the latest ransomware trend? | Cybernews

UK arrests 'Scattered Spider' teens linked to Transport for London hack

INC ransom group claimed the breach of Panama’s Ministry of Economy and Finance

Tiffany Data Breach Impacts Thousands of Customers - SecurityWeek

UK telco Colt’s cyberattack recovery seeps into November • The Register

ShinyHunters Attack National Credit Information Center of Vietnam

KillSec Ransomware Hits Brazil's Healthcare Sector

Qilin ransomware gang claims attack on Orleans Parish Sheriff's Office

Survival Flight reports second cybersecurity incident in less than a year – DataBreaches.Net

Phishing & Email Based Attacks

Scary results as study shows AI chatbots excel at phishing tactics - Cryptopolitan

Disrupted phishing service was after Microsoft 365 credentials | Malwarebytes

Threat Actors Leverage Several RMM Tools in Phishing Attack to Maintain Remote Access

Attackers Up Their Game with Ultra-Realistic PDF Invoice Lures, HP Finds | WebWire

Beware Email Scams Seeking Feedback on the UK's Emergency Alerts Test - ISPreview UK

This North Korean Phishing Attack Used ChatGPT's Image Generation

Phishing campaign targets Rust developers - Help Net Security

RaccoonO365 Phishing Network Dismantled as Microsoft, Cloudflare Take Down 338 Domains

Other Social Engineering

Why You Should Never Scan A QR Code To Pay For Parking

Password1: how scammers exploit variations of your logins | Money | The Guardian

Cybercriminals Have a Weird New Way to Target You With Scam Texts | WIRED

Fraud, Scams and Financial Crime

Why You Should Never Scan A QR Code To Pay For Parking

Cybercriminals Have a Weird New Way to Target You With Scam Texts | WIRED

Google nukes 224 Android malware apps behind massive ad fraud campaign

AI made crypto scams far more dangerous - Help Net Security

Beware Email Scams Seeking Feedback on the UK's Emergency Alerts Test - ISPreview UK

The Boots Bandits: How 'points thieves' are stealing loyalty card rewards from British shoppers in £300million black market | Daily Mail Online

AI-Powered Sign-up Fraud Is Scaling Fast

Cybersecurity in Ukraine: new fraud schemes and how to protect yourself | УНН

Google confirms fraudulent account created in law enforcement portal

Artificial Intelligence

Scary results as study shows AI chatbots excel at phishing tactics - Cryptopolitan

Shadow AI is breaking corporate security from within - Help Net Security

AI Threats Top Focus at London Financial Services Summit

AI made crypto scams far more dangerous - Help Net Security

AI-Powered Sign-up Fraud Is Scaling Fast

Open-Source Ransomware Tools on GitHub Fuel AI-Driven Cybercrime Surge

5 trends reshaping IT security strategies today | CSO Online

Hacker Exploits Claude AI to Automate Cyberattacks on 17 Companies

Rising DNS Cyber Attacks: AI-Driven Threats Demand Zero-Trust Defenses

Most enterprise AI use is invisible to security teams - Help Net Security

AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns

Democratizing AI: Balancing Innovation, Risks in ChatGPT Era

Opinion | AI and drone warfare is here. The U.S. isn’t ready. - The Washington Post

A Quarter of UK and US Firms Suffer Data Poisoning Attacks - Infosecurity Magazine

This North Korean Phishing Attack Used ChatGPT's Image Generation

AI-Forged Military IDs Used in North Korean Phishing Attack - Infosecurity Magazine

New attack on ChatGPT research agent pilfers secrets from Gmail inboxes - Ars Technica

LinkedIn now uses your data for AI by default, opt out now! - Help Net Security

How CISOs Can Drive Effective AI Governance

AI video surveillance could end privacy as we know it - Help Net Security

Cloudflare CEO’s 'Frighteningly Likely' Forecast for How AI Will Ruin the Internet

Malware

CrowdStrike Infested With "Self-Replicating Worms"

Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

Old file types, new tricks: Attackers turn everyday files into weapons - Help Net Security

Attackers Adopting Novel LOTL Techniques to Evade Detection - Infosecurity Magazine

The unseen side of malware and how to find it - Help Net Security

HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks

China-linked Mustang Panda deploys advanced SnakeDisk USB worm

Linux Security Tools Bypassed by io_uring Rootkit Technique, ARMO Research Reveals - InfoQ

HybridPetya: A Petya/NotPetya copycat comes with a twist

SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader

Bitdefender discovers China-linked malware - APDR

SEO Poisoning Targets Chinese Users with Fake Software Sites - Infosecurity Magazine

Sophisticated Cyber Campaign Deploys RATs via SEO-Poisoned GitHub Sites

Threat Actor Infests Hotels With New RAT - SecurityWeek

Mobile

Beware! New Android malware steals your money then installs ransomware | PCWorld

Cybercriminals Have a Weird New Way to Target You With Scam Texts | WIRED

Google nukes 224 Android malware apps behind massive ad fraud campaign

Google has made a huge change to the monthly Android Security Bulletin - PhoneArena

Apple addresses dozens of vulnerabilities in latest software for iPhones, iPads and Macs | CyberScoop

Apple backports zero-day patches to older iPhones and iPads

Google may shift to risk-based Android security patch rollouts - what that means for you | ZDNET

1 in 3 Android Apps Leak Sensitive Data - Infosecurity Magazine

Ex-WhatsApp cybersecurity executive says Meta endangered billions of users in new suit – DataBreaches.Net

Samsung patches actively exploited zero-day reported by WhatsApp

Make Sure Your Android Phone Has This Security Feature Enabled (And Here's Why)

CERT-FR: Take Apple spyware alerts seriously | Cybernews

Denial of Service/DoS/DDoS

Cloudflare DDoSed itself with React useEffect hook blunder • The Register

Internet of Things – IoT

Dutch University Washing Machines Hacked, Disrupting Laundry for 1,200 Students

Smart Home Security Tips to Prevent Hacking

Data Breaches/Leaks

VC firm Insight Partners says thousands of staff and limited partners had personal data stolen in a ransomware attack | TechCrunch

ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks

FBI Issues Salesforce Instance Warning Over 'ShinyHunters' Data Theft | Salesforce Ben

SonicWall Discloses Compromise of Cloud Backup Service - Infosecurity Magazine

Attack on SonicWall’s cloud portal exposes customers’ firewall configurations | CyberScoop

SonicWall warns customers to reset credentials after breach

1 in 3 Android Apps Leak Sensitive Data - Infosecurity Magazine

British rail passengers urged to stay on guard after hack signals failure

Tiffany Data Breach Impacts Thousands of Customers - SecurityWeek

Gucci, Balenciaga and Alexander McQueen targeted in cyber-attack

Hackers steal millions of Gucci, Balenciaga, and Alexander McQueen customer records

Millions of HNW clients at risk as Gucci hacked | Insurance Business America

Insider breach at FinWise Bank exposes data of 689,000 AFF customers

Cybercriminals pwn 850k+ Americans' healthcare data • The Register

New York Blood Center Alerts 194,000 People to Data Breach - Infosecurity Magazine

Vietnam data breach: whole population exposed | Cybernews

2 Eye Care Practice Hacks Affect 260,000 Patients, Staff

Bracknell and Wokingham college hit with cyber attack | Bracknell News

Organised Crime & Criminal Actors

Cyber professionals are losing sleep over late night attacks | IT Pro

Cybercriminals Evolve Tactics: New HP Report Reveals Sophisticated Threats

Open-Source Ransomware Tools on GitHub Fuel AI-Driven Cybercrime Surge

It doesn't take a genius to be a cybercriminal - and open source ransomware is making it easier than ever | TechRadar

Cyber-scam camp operators shifting to vulnerable countries • The Register

DOJ Resentences BreachForums Founder to 3 Years for Cybercrime and Possession of CSAM

NCA Singles Out “The Com” as it Chairs Five Eyes Group - Infosecurity Magazine

The Feds Destroyed an Internet Weapon, but Criminals Picked Up the Pieces - WSJ

The Boots Bandits: How 'points thieves' are stealing loyalty card rewards from British shoppers in £300million black market | Daily Mail Online

15 ransomware gangs ‘go dark’ to enjoy 'golden parachutes' • The Register

"Pompompurin" resentenced: BreachForums creator heads back behind bars

Fifteen Ransomware Gangs “Retire,” Future Unclear - Infosecurity Magazine

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

AI made crypto scams far more dangerous - Help Net Security

Suspect in Coinbase hack kept data for more than 10,000 customers on her phone, court filing alleges | Fortune Crypto

Insider Risk and Insider Threats

The secret psychological cost of cyberattacks

Insider breach at FinWise Bank exposes data of 689,000 AFF customers

Engineer Who Tried To Pass Secrets To Russia Gets 10½ Years - Law360

Man convicted for attempting to give classified information on US Air Force systems to Russia - ABC News

Supply Chain and Third Parties

CrowdStrike Infested With "Self-Replicating Worms"

Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

New supply chain attack hits npm registry, compromising 40+ packages

Mitigating supply chain vulnerabilities | TechRadar

Cloud/SaaS

Attack on SonicWall’s cloud portal exposes customers’ firewall configurations | CyberScoop

Disrupted phishing service was after Microsoft 365 credentials | Malwarebytes

Microsoft scores win against Office 365 credential thieves | Computer Weekly

The Cloud Edge Is the New Attack Surface

The unseen risk in Microsoft 365: disaster recovery | IT Pro

Target-rich environment: Why Microsoft 365 has become the biggest risk

Outages

Starlink outage knocks tens of thousands offline worldwide • The Register

Linux and Open Source

Linux Security Tools Bypassed by io_uring Rootkit Technique, ARMO Research Reveals - InfoQ

UEFI Secure Boot for Linux Arm64 – where do we stand? • The Register

Passwords, Credential Stuffing & Brute Force Attacks

Disrupted phishing service was after Microsoft 365 credentials | Malwarebytes

Microsoft scores win against Office 365 credential thieves | Computer Weekly

SonicWall Discloses Compromise of Cloud Backup Service - Infosecurity Magazine

SonicWall warns customers to reset credentials after breach

Password1: how scammers exploit variations of your logins | Money | The Guardian

Social Media

TikTok Deal Won't End Enterprise Risks

Facebook's settlement payments are on the way - here's how much you can expect | ZDNET

LinkedIn now uses your data for AI by default, opt out now! - Help Net Security

Australia to let Big Tech choose kids social media ban tech • The Register

Regulations, Fines and Legislation

Ransomware and the UK’s proposed ban on payments: a measured legal response or risk amplifier? | TechRadar

EU’s NIS2 directive brings tougher cybersecurity rules - The Recycler

UK ministers probe 'child-protection' Online Safety tweaks • The Register

China: 1-hour deadline on serious cyber incident reporting • The Register

Creating a compliance strategy that works across borders - Help Net Security

A Deeper Dive: The SEC Cybersecurity Rule Enforcement Landscape | BakerHostetler - JDSupra

Australia to let Big Tech choose kids social media ban tech • The Register

The CMMC Rule is Here: What Contractors Need to Know | Akin Gump Strauss Hauer & Feld LLP - JDSupra

CISA misspent millions in cyber skill retention funds: audit • The Register

CISA attempts to assert control over CVE in vision outline • The Register

Without Federal Help, Cyber Defense Is Up to Us

The Next Cyber Breach Will Not Wait: Why Congress Must Reauthorize CISA 2015

CISA blasted by US watchdog for wasting funds and retaining the wrong employees | TechRadar

The Quality Era: How CISA’s Roadmap Reflects Urgency for Modern Cybersecurity  - Security Boulevard

Agencies increasingly dive into AI for cyber defense, acting federal CISO says | CyberScoop

Models, Frameworks and Standards

EU’s NIS2 directive brings tougher cybersecurity rules - The Recycler

NCSC updates Cyber Assessment Framework (2) | UKAuthority

The CMMC Rule is Here: What Contractors Need to Know | Akin Gump Strauss Hauer & Feld LLP - JDSupra

Department of Defense Finalizes Long-Awaited Cybersecurity Rule | Morrison & Foerster LLP - Government Contracts Insights - JDSupra

Careers, Working in Cyber and Information Security

Cyber Skills Shortage Forces 64% of EMEA Organisations into Risky Security Shortcuts

Organisations still struggling to close cybersecurity skills gap

Cybersecurity: The job that comes with a daily dose of ‘impending doom’

Cyber hiring trends | Professional Security Magazine

Microsoft Principal Security Engineer on How to Get Into Cybersecurity - Business Insider

Law Enforcement Action and Take Downs

DOJ Resentences BreachForums Founder to 3 Years for Cybercrime and Possession of CSAM

NCA Singles Out “The Com” as it Chairs Five Eyes Group - Infosecurity Magazine

Hackers behind Jaguar Land Rover announce their 'retirement' – should we believe them? | IT Pro

UK arrests two teens accused of heavy involvement in yearslong Scattered Spider attack spree | CyberScoop

"Pompompurin" resentenced: BreachForums creator heads back behind bars

Engineer Who Tried To Pass Secrets To Russia Gets 10½ Years - Law360

Man convicted for attempting to give classified information on US Air Force systems to Russia - ABC News

Suspect in Coinbase hack kept data for more than 10,000 customers on her phone, court filing alleges | Fortune Crypto

Man gets over 4 years in prison for selling unreleased movies

Europol adds Spanish academic suspected of aiding pro-Russian hackers to most wanted list | The Record from Recorded Future News

RaccoonO365 Phishing Network Dismantled as Microsoft, Cloudflare Take Down 338 Domains

Misinformation, Disinformation and Propaganda

Opinion | AI and drone warfare is here. The U.S. isn’t ready. - The Washington Post

Russian fake-news network back in action with 200+ new sites • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Russia’s Hybrid Tactics Raise Alarm in EU

Opinion | AI and drone warfare is here. The U.S. isn’t ready. - The Washington Post

Geopolitics Reshapes Security Budgets in Financial Services

Bitdefender discovers China-linked malware - APDR

Nation State Actors

Opinion | AI and drone warfare is here. The U.S. isn’t ready. - The Washington Post

Geopolitics Reshapes Security Budgets in Financial Services

China

China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy

China: 1-hour deadline on serious cyber incident reporting • The Register

HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks

China-linked Mustang Panda deploys advanced SnakeDisk USB worm

TikTok Deal Won't End Enterprise Risks

Chinese cyber skirmishes in the Indo-Pacific show emerging patterns of conflict | The Strategist

Bitdefender discovers China-linked malware - APDR

The countdown is on - Chinese firms now have just an hour to report cybersecurity incidents | TechRadar

SEO Poisoning Targets Chinese Users with Fake Software Sites - Infosecurity Magazine

Sophisticated Cyber Campaign Deploys RATs via SEO-Poisoned GitHub Sites

Costs of Russian, Chinese cyberattacks on German firms on rise: report

Russia

Russia’s Hybrid Tactics Raise Alarm in EU

Opinion | AI and drone warfare is here. The U.S. isn’t ready. - The Washington Post

MI6 launches dark web portal to attract spies in Russia - BBC News

Researchers believe Gamaredon and Turla threat groups are collaborating - Help Net Security

Russian fake-news network back in action with 200+ new sites • The Register

Europol adds Spanish academic suspected of aiding pro-Russian hackers to most wanted list | The Record from Recorded Future News

Ukrainian Cyberattack Paralyzes Russia’s Sham Election in Occupied Crimea

Engineer Who Tried To Pass Secrets To Russia Gets 10½ Years - Law360

Man convicted for attempting to give classified information on US Air Force systems to Russia - ABC News

CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader

Russian regional airline disrupted by suspected cyberattack | The Record from Recorded Future News

Iran

What's Old Is New Again as Iranian Hackers Exploit Macros

North Korea

This North Korean Phishing Attack Used ChatGPT's Image Generation

AI-Forged Military IDs Used in North Korean Phishing Attack - Infosecurity Magazine

Proton Mail Suspended Journalist Accounts at Request of Cybersecurity Agency

Tools and Controls

Geopolitics Reshapes Security Budgets in Financial Services

SonicWall Discloses Compromise of Cloud Backup Service - Infosecurity Magazine

Attack on SonicWall’s cloud portal exposes customers’ firewall configurations | CyberScoop

The Cloud Edge Is the New Attack Surface

The unseen risk in Microsoft 365: disaster recovery | IT Pro

Rising DNS Cyber Attacks: AI-Driven Threats Demand Zero-Trust Defenses

AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns

Threat Actors Leverage Several RMM Tools in Phishing Attack to Maintain Remote Access

Ransomware attackers used incorrectly stored recovery codes to disable EDR agents - Help Net Security

Security Execs Say Internal Mayhem Makes Cyber Attacks Worse

70% of Security Leaders Say Internal Misalignment Creates More Chaos Than Threat Actors: Cytactic's 2025 State of Cybersecurity Incident Response Management (CIRM) Report

Cyber leaders must make better use of risk experts | Computer Weekly

Zero Trust Is 15 Years Old — Why Full Adoption Is Worth the Struggle - SecurityWeek

CISOs grapple with the realities of applying AI to security functions | CSO Online

Many networking devices are still vulnerable to pixie dust attack - Help Net Security

News alert: Palo Alto flags threats that evade Secure Web Gateways — echoing SquareX research - Security Boulevard

Elon Musk Urges Heightened Security After Charlie Kirk Assassination

SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

Phishing campaign targets Rust developers - Help Net Security

3 reasons VPN use is set to explode worldwide - and that might apply to you | ZDNET

More tools lead to greater risk of security issues and burnout - BetaNews

How Top CISOs Approach Exposure Management in the Context of Managing Cyber Risk - Security Boulevard

Digital twins give cyber defenders a predictive edge - SiliconANGLE

UEFI Secure Boot for Linux Arm64 – where do we stand? • The Register

How CISOs Can Drive Effective AI Governance

What is Mobile Threat Defense (MTD)? | Definition from TechTarget

A third of UK firms using ‘bossware’ to monitor workers’ activity, survey reveals | Privacy | The Guardian

Other News

News alert: Palo Alto flags threats that evade Secure Web Gateways — echoing SquareX research - Security Boulevard

3 reasons VPN use is set to explode worldwide - and that might apply to you | ZDNET

Europe needs to wake up to its internet network vulnerability

Kids hacking for kicks are causing security headaches at schools | IT Pro

Cyber resilience must be engineered into the UK’s infrastructure future | New Civil Engineer

What is Hardware Security? | Definition from TechTarget

Vulnerability Management

Google has made a huge change to the monthly Android Security Bulletin - PhoneArena

Microsoft reminds of Windows 10 support ending in 30 days

Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm - SecurityWeek

Microsoft: Exchange 2016 and 2019 reach end of support in 30 days

Microsoft Warns 200 Million Windows Users—Do Not Update Your PC

Consumer Reports calls Microsoft 'hypocritical' for stranding millions of Windows 10 PCs | ZDNET

CISA attempts to assert control over CVE in vision outline • The Register

Exploring Open Source and Compliance in Vulnerability Management - Security Boulevard

Vulnerabilities

Google patches another worrying Chrome security flaw - so update now, or be at risk | TechRadar

Ransomware attackers used incorrectly stored recovery codes to disable EDR agents - Help Net Security

Many networking devices are still vulnerable to pixie dust attack - Help Net Security

Apple addresses dozens of vulnerabilities in latest software for iPhones, iPads and Macs | CyberScoop

Apple backports zero-day patches to older iPhones and iPads

Ransomware crims broke in, found recovery codes in plaintext • The Register

Cisco fixes high-severity IOS XR flaws enabling image bypass and DoS

Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds

Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions

Update your Samsung phone ASAP to patch this zero-day flaw exploited in the wild | ZDNET

CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

Samsung patches actively exploited zero-day reported by WhatsApp

CISA warns of actively exploited Dassault RCE vulnerability

Microsoft says Windows September updates break SMBv1 shares

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

This week’s review highlights the growing personal and organisational consequences of cyber attacks. Qantas cut executive bonuses after a major breach, reflecting increased leadership accountability. CISOs report pressure to conceal incidents, despite legal obligations. Boards are urged to adopt risk-based approaches that prioritise critical exposures.

Threats increasingly target individuals, with executives impersonated using AI and insider breaches causing costly damage. Phishing and ransomware attacks are becoming more sophisticated, using AI, mimicking multi-factor authentication and automating extortion.

These developments reinforce the need for stronger governance, clear accountability and a culture of security awareness. Contact us for guidance on how to achieve this in your organisation.

Top Cyber Stories of the Last Week

Qantas Penalises Executives for July Cyber Attack

Qantas has penalised its executive team by reducing annual bonuses by 15% after a July cyber attack exposed data belonging to 5.7 million people. The airline, which reported a profit of $1.5 billion, confirmed the breach did not involve credit card or passport data but did affect customer details such as names, emails and frequent flyer numbers, with some records also including addresses or dates of birth. The company has updated its risk management framework in response, stressing lessons learned and shared accountability among senior leaders. A forensic investigation into the incident remains ongoing.

https://therecord.media/qantas-airline-reduces-bonuses-executives-data-breach

Three Critical Facts About Cyber Risk Management

Organisations are being urged to shift from reactive cyber security to proactive risk management, as breaches continue to rise and cause severe business impact. A recent study highlighted three critical practices. First, firms must view their digital footprint the way attackers do, since exposure goes beyond what is listed in internal systems. Second, with limited resources, not every vulnerability can be fixed, so leaders must focus on the risks that matter most by weighing likelihood against impact. Finally, adopting proactive measures, supported by automation and AI, allows organisations to anticipate threats and reduce response times significantly.

https://www.trendmicro.com/en_us/research/25/i/cyber-risk-management-facts.html

Pressure on CISOs to Stay Silent About Security Incidents Growing

A recent survey has revealed that 69% of Chief Information Security Officers (CISOs) have been pressured by their employers to keep security incidents quiet, compared with 42% two years ago. This rise reflects growing tensions between regulatory obligations and corporate concerns about reputation. Experts note that attackers now often steal data quietly rather than disrupt operations, making breaches less visible but still serious. Regulators, including those enforcing GDPR and DORA, require timely disclosure, yet many CISOs report pressure to downplay or conceal incidents. Failure to disclose risks heavy penalties, loss of trust, and personal liability for senior leaders.

https://www.csoonline.com/article/4050232/pressure-on-cisos-to-stay-silent-about-security-incidents-growing.html

Why Security Teams Are Turning to the Dark Web to Protect Executives

A recent study found that nearly three quarters of US executives have been directly targeted by cyber criminals, with attacks against leaders continuing to rise. The dark web has become a marketplace where stolen credentials and personal details of corporate leaders are traded, enabling criminals to infiltrate company networks, commit fraud, or even endanger executives’ physical safety. Experts warn that once this information is leaked it cannot be removed, making prevention and monitoring critical. Organisations are being urged to strengthen access controls, improve executive cyber awareness, and integrate physical and cyber security measures into their protection plans.

https://www.digitaljournal.com/business/why-security-teams-are-turning-to-the-dark-web-to-protect-executives/article

You Should Be Aware of These Latest Social Engineering Trends

Social engineering attacks are becoming increasingly sophisticated as criminals exploit human behaviour rather than technical flaws. A recent case saw an asset management firm lose one million euros after an executive was deceived by AI-cloned voices and a fake contract. Tactics now include overwhelming victims with thousands of emails, impersonating IT helpdesks, and using legitimate tools like Microsoft Teams and Quick Assist to gain access. These methods highlight that people remain the weakest link in security. Firms are advised to strengthen access controls, limit external communications, and invest in employee awareness to reduce exposure.

https://www.csoonline.com/article/4051570/you-should-be-aware-of-these-latest-social-engineering-trends.html

Insider Breaches Are a Bigger Security Threat than Ever Before. Here’s How Your Business Can Stay Safe

New research shows insider threats, whether from careless mistakes or disgruntled employees, are now seen as a risk comparable to external cyber attacks. Nearly two thirds of organisations reported data breaches linked to insiders in the past two years, with average costs of $2.7 million. Almost half ranked data leakage from insiders as their top concern, yet only 27% use tools such as Data Loss Prevention to help manage this risk. Experts stress that while such tools are useful, businesses need layered defences and stronger oversight of how sensitive files are accessed, shared, and stored.

https://www.techradar.com/pro/security/insider-breaches-are-a-bigger-security-threat-than-ever-before-heres-how-your-business-can-stay-safe

Are Cybercriminals Hacking Your Systems or Just Logging in?

Verizon reports that stolen passwords and login details were used in nearly a third of all data breaches last year, with more than 3.2 billion credentials stolen globally, a 33% rise on the previous year. Criminals are bypassing security controls by logging in as legitimate users, often using stolen passwords, session tokens or multi factor authentication codes. This approach has already fuelled major cyber attacks such as those against Change Healthcare and Snowflake. Organisations are urged to strengthen password protection, adopt zero trust principles, train staff against scams, and monitor for suspicious activity.

https://www.welivesecurity.com/en/business-security/cybercriminals-hacking-systems-logging-in/

New Automated Extortion Software Is So Devious You Won't Believe It

Researchers have warned of a new form of malware, known as Stealerium, that takes sextortion scams to a new level. The tool can capture login details, financial data and private messages, but more alarmingly it can detect when users access adult material, take a screenshot and activate the webcam to photograph them. Criminals are distributing it through fake emails posing as charities or banks, and it has already been seen in tens of thousands of cases. Victims are often in sectors such as hospitality, education and finance, making individuals rather than companies the main targets.

https://futurism.com/automated-extortion-software-devious

Phishing Kit Unveils New Level of Sophistication

Researchers have uncovered a new phishing campaign using the Salty2FA kit, which highlights how cyber crime operations are becoming increasingly professional. The campaign uses trusted platforms, company-branded login pages and advanced tools to bypass security controls, making attacks harder to spot and investigate. Targeted sectors include healthcare, finance, energy and technology. Crucially, the attackers even mimic multi factor authentication, reducing the effectiveness of traditional safeguards. This shows that phishing has evolved beyond basic scams, requiring organisations to update defences and strengthen staff awareness to guard against increasingly convincing cyber attacks.

https://www.infosecurity-magazine.com/news/salty2fa-phishing-kit/

New Malware Campaigns Highlight Rising AI and Phishing Risks

Researchers have uncovered new phishing campaigns that show how attackers are combining advanced malware with social engineering to bypass security. One campaign uses fake business emails to deliver MostereRAT, a tool that can take full control of a victim’s computer, disable built-in protections, and install remote access software. Another campaign uses fake download sites and “fix” prompts to trick users into installing data stealing software. In parallel, attackers are experimenting with ways to manipulate AI-powered tools, using hidden instructions to insert malicious steps into automated summaries, highlighting the growing overlap between AI risks and cyber crime.

https://thehackernews.com/2025/09/from-mostererat-to-clickfix-new-malware.html

Ransomware Kits Built with AI Are Behind a 70% Surge in Attacks

A new report warns that ransomware attacks rose by 70% in the first half of 2025, fuelled by criminals using artificial intelligence to scale operations. Attackers are packaging phishing emails, extortion notes and other pressure tactics into ready-made kits that can be sold and reused, making attacks easier to launch. While cryptocurrency remains the preferred payment method, total ransom payments fell by 35% in 2024 due to stronger law enforcement action and sanctions. The findings highlight how AI is shifting ransomware from purely technical exploits to broader campaigns targeting human behaviour.

https://crypto.news/ransomware-kits-built-with-ai-are-behind-a-70-surge-in-attacks/

Ransomware Losses Climb as AI Pushes Phishing to New Heights

Resilience’s 2025 midyear report highlights a sharp rise in ransomware and phishing attacks, both increasingly driven by artificial intelligence. Vendor-related risks have declined from 22% to 15% of losses, but remain costly when they occur. Ransomware insurance claims rose by 17% year on year, with criminals moving to triple extortion, adding threats of data leaks and service disruption to increase pressure. Phishing has become the most common entry point, now responsible for 42% of claims and nearly 9 in 10 of total losses. AI has made these attacks more convincing, with synthetic voice and other tools boosting success rates.

https://www.securityweek.com/ransomware-losses-climb-as-ai-pushes-phishing-to-new-heights/

Governance, Risk and Compliance

Pressure on CISOs to stay silent about security incidents growing | CSO Online

Why security teams are turning to the dark web to protect executives - Digital Journal

71% of CISOs hit with third-party security incident this year | CSO Online

6 hot cybersecurity trends | CSO Online

Lack of visibility creates "cascade" of security risk, says Kiteworks | IT Pro

Three Critical Facts About Cyber Risk Management | Trend Micro (US)

CISOs, stop chasing vulnerabilities and start managing human risk - Help Net Security

Mitigating supply chain vulnerabilities | TechRadar

What’s Your Cybersecurity Maturity? | Trend Micro (US)

CISOs Master Persuasion to Secure Cybersecurity Funding with Data and AI

How Leading CISOs are Getting Budget Approval

Creating a cyber-first culture through strategic governance | TechRadar

Threats

Ransomware, Extortion and Destructive Attacks

Remote Access Abuse Biggest Pre-Ransomware Indicator - Infosecurity Magazine

Report: Ransomware Attacks Costlier as Threat Actors Become More Systemic

Ransomware kits built with AI are behind a 70% surge in attacks

Ransomware, vendor outages, and AI attacks are hitting harder in 2025 - Help Net Security

New Automated Extortion Software Is So Devious You Won't Believe It

Unmasking The Gentlemen Ransomware: Tactics, Techniques, and Procedures Revealed | Trend Micro (US)

Akira ransomware crims abusing trifecta of SonicWall flaws • The Register

The crazy, true story behind the first AI-powered ransomware • The Register

New fugitive uploaded to EU Most Wanted list for major ransomware attacks - A reward of up to USD 10 million is being offered for any information leading to his arrest | Europol

Ransomware attacks fewer but costlier - report | Insurance Business America

Most pandemic-era ransomware raids conducted by two gangs - iTnews

Ransomware Victims

Jaguar Land Rover 'working around the clock' to restore IT systems following Sunday's cyber attack | This is Money

Disruption to Jaguar Land Rover after cyber-attack may last until October | Jaguar Land Rover | The Guardian

Cyberattack on Jaguar Land Rover threatens to hit British economic growth | The Record from Recorded Future News

Jaguar Land Rover in 'truly horrible position' following cyber attack - CoventryLive

Concerns over impact of JLR cyber attack - BBC News

LunaLock Ransomware threatens victims by feeding stolen data to AI models

DZ Bank’s subsidiary says hackers lied about stolen data | Cybernews

Jaguar Land Rover Admits Data Breach Caused by Recent Cyberattack - SecurityWeek

Tata Motors shares in focus after JLR faces cybersecurity breach - The Economic Times

JLR Got Hacked So Bad They’re Still Registering Cars With Pen And Paper | Carscoops

Nevada's sex offender, restraining order databases hit in cyberattack, hobbling law enforcement - The Nevada Independent

Car part supplier's fears over Jaguar Land Rover cyber-attack - BBC News

Legal Aid Agency to begin restoring digital services in coming days, minister says – PublicTechnology

M&S tech chief leaves months after cyber attack cost it £300m | Money News | Sky News

Ransomware attack at blood center: Org tells users their data's been stolen | Malwarebytes

Lovesac warns customers their data was breached after suspected RansomHub attack six months ago

100,000 Impacted by Cornwell Quality Tools Data Breach  - SecurityWeek

Panama Ministry of Economy discloses breach claimed by INC ransomware

Phishing & Email Based Attacks

Salty2FA Phishing Kit Unveils New Level of Sophistication - Infosecurity Magazine

Emerging Phishing Threats: MostereRAT, ClickFix, and State-Sponsored Risks

From MostereRAT to ClickFix: New Malware Campaigns Highlight Rising AI and Phishing Risks

Critical 0-Click Vulnerability Enables Attackers to Takeover Email Access Using Punycode

You Didn't Get Phished — You Onboarded the Attacker

iCloud Calendar abused to send phishing emails from Apple’s servers

AI-Powered Phishing Attack Targets Microsoft 365 Accounts, Experts Warn | Ubergizmo

Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Jeremy Clarkson reveals hackers stole £27,000 from his Cotswolds pub | The Standard

Other Social Engineering

You Didn't Get Phished — You Onboarded the Attacker

Ransomware, vendor outages, and AI attacks are hitting harder in 2025 - Help Net Security

New Automated Extortion Software Is So Devious You Won't Believe It

Exclusive: How North Korean hackers are using fake job offers to steal cryptocurrency | Reuters

You should be aware of these latest social engineering trends | CSO Online

Salesloft Drift Cyberattack Ups Social Engineering Attack Concerns

What is SIM-swapping fraud and what are the signs? - BBC News

Fake employers from North Korea hack hundreds | Cybernews

Beware the QR code: How a new scam is costing consumers £10,000 per day | The Independent

Fraud, Scams and Financial Crime

Exclusive: How North Korean hackers are using fake job offers to steal cryptocurrency | Reuters

Fake employers from North Korea hack hundreds | Cybernews

US sanctions companies and individuals behind Southeast Asian scam centers | Crime News | Al Jazeera

Working with partners to tackle cyber crime and fraud - GOV.UK

Artificial Intelligence

Ransomware, vendor outages, and AI attacks are hitting harder in 2025 - Help Net Security

Ransomware kits built with AI are behind a 70% surge in attacks

LunaLock Ransomware threatens victims by feeding stolen data to AI models

Employees keep feeding AI tools secrets they can't take back - Help Net Security

How AI Puts Company Data at Risk | Kiplinger

AI agents are here, now comes the hard part for CISOs - Help Net Security

CISOs brace for a new kind of AI chaos - Help Net Security

AI-Powered Phishing Attack Targets Microsoft 365 Accounts, Experts Warn | Ubergizmo

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

Securing AI Models Against Adversarial Attacks in Financial Applications - Security Boulevard

Stealthy attack serves poisoned web pages only to AI agents - Help Net Security

Threat Actor Accidentally Exposes AI-Powered Operations - Infosecurity Magazine

Identity management was hard, AI made it harder - Help Net Security

Deepfakes are rewriting the rules of geopolitics - Help Net Security

AI is everywhere, but scaling it is another story - Help Net Security

The crazy, true story behind the first AI-powered ransomware • The Register

Anthropic Bans Chinese Entities from Claude AI Over Security Risks

2FA/MFA

Salty2FA Phishing Kit Unveils New Level of Sophistication - Infosecurity Magazine

6 ways to identify fake 2FA prompts and protect your accounts

Azure mandatory multifactor authentication: Phase 2 starting in October 2025 | Microsoft Azure Blog

Malware

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi - Infosecurity Magazine

Secretive MaaS Group Spreads Novel 'CastleRAT'

Malicious npm Packages Steal Ethereum Keys in Typosquatting Attack

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers - Help Net Security

Atomic Stealer Disguised as Cracked Software Attacking macOS Users

'MostereRAT' Blends In, Blocks Security Tools

AsyncRAT Exploits ConnectWise ScreenConnect to Steal Credentials and Crypto

Hackers left empty-handed after massive NPM supply-chain attack

Vidar Infostealer Back With a Vengeance

Fileless Malware Deploys Advanced RAT via Legitimate Tools - Infosecurity Magazine

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

Russian Threat Group Targets Microsoft Outlook With Malware | Security Magazine

Chinese APT Actor Compromises Military Firm with Novel Fileless Malware - Infosecurity Magazine

Bots/Botnets

Exposed Docker APIs Likely Exploited to Build Botnet - SecurityWeek

Mobile

New Android RAT uses Near Field Communication to automatically steal money from devices | TechRadar

What is SIM-swapping fraud and what are the signs? - BBC News

New RatOn Android Malware Targets Banking Apps and Crypto Wallets via NFC Attacks

Apple Warns Of Series Mercenary Spyware Attacks Targeting Users Devices

Is WhatsApp Still Safe? Security Experts Weigh In After Zero-Day - ClearanceJobs

Ex-WhatsApp security boss sues Meta, alleging it ignored privacy flaws - The Washington Post

Is your phone actually listening in on you? The answer is complicated

Russia targets WhatsApp and pushes new 'super-app' as internet blackouts grow - BBC News

Traveling soon? 5 simple ways I thwart phone thieves - and you can too | ZDNET

Apple’s new Memory Integrity Enforcement system deals a huge blow to spyware developers | CyberScoop

Denial of Service/DoS/DDoS

DDoS scrubbing service ironic target of massive attack it was built to prevent — hit with 1.5 billion packets per second from more than 11,000 distributed networks | Tom's Hardware

Internet of Things – IoT

How Has IoT Security Changed Over the Past 5 Years?

70% of smart home devices vulnerable to cyberattacks: Cyber Security Council

Connected cars are racing ahead, but security is stuck in neutral - Help Net Security

7 Vulnerable IoT Devices: Hacking Risks and Security Tips

Hacking driverless vehicles: Researchers prepare for the worst while embracing autonomous cars | The National

Data Breaches/Leaks

Qantas penalizes executives for July cyberattack | The Record from Recorded Future News

61% of US Companies Hit by Insider Data Breaches - Infosecurity Magazine

Insider breaches are a bigger security threat than ever before - here's how your business can stay safe | TechRadar

Salesloft Drift Cyberattack Ups Social Engineering Attack Concerns

More Cybersecurity Firms Hit by Salesforce-Salesloft Drift Breach - SecurityWeek

Salesloft GitHub Account Compromised Months Before Salesforce Attack - SecurityWeek

UK Electoral Commission finally recovered from China hack after three years and £250,000 grant | TechRadar

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers - Help Net Security

Financial services firm Wealthsimple discloses data breach

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack - SecurityWeek

Qualys Confirms Data Breach - Hackers Accessed Salesforce Data in Supply Chain Attack

Tenable Confirms Data Breach - Hackers Accessed Customers Contact Details

France: Three Regional Healthcare Agencies Targeted by Cyber-Attacks - Infosecurity Magazine

VC giant Insight Partners notifies staff and limited partners after data breach | TechCrunch

Pentagon left livestream keys exposed, hijack risk included • The Register

Call audio from gym members, employees in open database • The Register

Everything we know about the Plex data breach so far | IT Pro

LNER urges customers to be vigilant after passenger details accessed in cyber-attack | Rail industry | The Guardian

Irish League of Credit Unions is 'enhancing cybersecurity' after attack

100,000 Impacted by Cornwell Quality Tools Data Breach  - SecurityWeek

Panama Ministry of Economy discloses breach claimed by INC ransomware

Plex tells users to reset passwords after new data breach

PSNI 'cannot afford' to pay staff compensation over data breach - BBC News

Organised Crime & Criminal Actors

US sanctions companies and individuals behind Southeast Asian scam centers | Crime News | Al Jazeera

Threat Actor Accidentally Exposes AI-Powered Operations - Infosecurity Magazine

Kosovo hacker pleads guilty to running BlackDB cybercrime marketplace

Bulletproof Host Stark Industries Evades EU Sanctions – Krebs on Security

Huntress's attacker surveillance splits infosec community • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Exclusive: How North Korean hackers are using fake job offers to steal cryptocurrency | Reuters

New Android RAT uses Near Field Communication to automatically steal money from devices | TechRadar

New RatOn Android Malware Targets Banking Apps and Crypto Wallets via NFC Attacks

Malicious npm Packages Steal Ethereum Keys in Typosquatting Attack

Hackers left empty-handed after massive NPM supply-chain attack

Hackers abuse TOR network and misconfigured Docker APIs to steal crypto - so keep an eye on your wallet | TechRadar

Insider Risk and Insider Threats

Exclusive: How North Korean hackers are using fake job offers to steal cryptocurrency | Reuters

61% of US Companies Hit by Insider Data Breaches - Infosecurity Magazine

Insider breaches are a bigger security threat than ever before - here's how your business can stay safe | TechRadar

You Didn't Get Phished — You Onboarded the Attacker

Fake employers from North Korea hack hundreds | Cybernews

CISOs, stop chasing vulnerabilities and start managing human risk - Help Net Security

Students Pose Inside Threat to Education Sector

Supply Chain and Third Parties

71% of CISOs hit with third-party security incident this year | CSO Online

Hackers left empty-handed after massive NPM supply-chain attack

Mitigating supply chain vulnerabilities | TechRadar

Supply Chain Challenges and Solutions Outlined in Capgemini Report

Salesloft Breached via GitHub Account Compromise

Salesloft GitHub Account Compromised Months Before Salesforce Attack - SecurityWeek

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers - Help Net Security

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack - SecurityWeek

Qualys Confirms Data Breach - Hackers Accessed Salesforce Data in Supply Chain Attack

Tenable Confirms Data Breach - Hackers Accessed Customers Contact Details

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

Cloud/SaaS

Microsoft now enforces MFA on Azure Portal sign-ins for all tenants

Azure mandatory multifactor authentication: Phase 2 starting in October 2025 | Microsoft Azure Blog

AI-Powered Phishing Attack Targets Microsoft 365 Accounts, Experts Warn | Ubergizmo

Microsoft's China cloud condundrum - Tech Monitor

Outages

Ransomware, vendor outages, and AI attacks are hitting harder in 2025 - Help Net Security

Microsoft fixes Exchange Online outage affecting users worldwide

Identity and Access Management

Are cybercriminals hacking your systems – or just logging in?

Identity management was hard, AI made it harder - Help Net Security

Encryption

Nearly 500 researchers urge EU to rethink controversial CSAM scanning proposal - Help Net Security

The New Math of Quantum Cryptography | WIRED

Brussels faces privacy crossroads over encryption backdoors • The Register

Passwords, Credential Stuffing & Brute Force Attacks

Are cybercriminals hacking your systems – or just logging in?

Beware of Malicious Facebook Ads With Meta Verified Steals User Account Details

When typing becomes tracking: Study reveals widespread silent keystroke interception - Help Net Security

Everything we know about the Plex data breach so far | IT Pro

Plex tells users to reset passwords after new data breach

Social Media

Beware of Malicious Facebook Ads With Meta Verified Steals User Account Details

Malvertising

Beware of Malicious Facebook Ads With Meta Verified Steals User Account Details

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers - Help Net Security

Regulations, Fines and Legislation

UK toughens Online Safety Act with ban on self-harm content • The Register

False Claims Act Expands to Cybersecurity Settlements

The Expanding Scope of FCA-Cybersecurity Liability | Sheppard Mullin Richter & Hampton LLP - JDSupra

CISA pushes final cyber incident reporting rule to May 2026 | CyberScoop

Experts poke holes in UK online safety regs • The Register

Brussels faces privacy crossroads over encryption backdoors • The Register

US politicians ponder Wimwig cyber intel sharing law | Computer Weekly

Banks warn of risks as critical cyber law nears expiration | American Banker

UK delays introducing new cybersecurity legislation, again | The Record from Recorded Future News

Trump Cuts Imperil Private Sector Cybersecurity Cooperation

Nearly 500 researchers urge EU to rethink controversial CSAM scanning proposal - Help Net Security

Patchy cyber workforce efforts face uncertain future under Trump

US government lacks clarity into its infosec workforce • The Register

White House cyber office calls for ‘whole of nation’ effort to deter nation-state hackers - Nextgov/FCW

CISA work not ‘degraded’ by Trump administration cuts, top agency official says | CyberScoop

Your Internet Access Is at Risk. We’re Speaking Up - Internet Society

The Newly Named Department Of War Goes To War On Cyber With 48 CFR Rule

Department of War Announces the Final Defense Federal Acquisition Regulation Supplement Rule Implementing the Cybersecurity Maturity Model Certification Program > U.S. Department of War > Release

Models, Frameworks and Standards

The Expanding Scope of FCA-Cybersecurity Liability | Sheppard Mullin Richter & Hampton LLP - JDSupra

CISA pushes final cyber incident reporting rule to May 2026 | CyberScoop

Careers, Working in Cyber and Information Security

CSO hiring on the rise: How to land a top security exec role | CSO Online

Law Enforcement Action and Take Downs

Kosovo hacker pleads guilty to running BlackDB cybercrime marketplace

Misinformation, Disinformation and Propaganda

Deepfakes are rewriting the rules of geopolitics - Help Net Security

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Chinese APT Actor Compromises Military Firm with Novel Fileless Malwar - Infosecurity Magazine

China went to 'EggStreme' lengths to attack Philippines • The Register

China

Elections watchdog admits 'painful lessons learned' after Chinese hack - BBC News

AI-powered penetration tool downloaded 10K times • The Register

Chinese APT Actor Compromises Military Firm with Novel Fileless Malwar - Infosecurity Magazine

Microsoft's China cloud condundrum - Tech Monitor

Chinese Spies Impersonated US Lawmaker to Deliver Malware to Trade Groups: Report  - SecurityWeek

45 New Domains Linked to Salt Typhoon, UNC4841

'We have to act' on China, says Trump cybersecurity adviser | The National

American Security Systems are Compromised by China | RealClearDefense

China’s ‘Typhoons’ changing the way FBI hunts sophisticated threats | CyberScoop

China went to 'EggStreme' lengths to attack Philippines • The Register

Anthropic Bans Chinese Entities from Claude AI Over Security Risks

Czech cyber agency NUKIB flags Chinese espionage risks to critical infrastructure

NASA bars Chinese citizens from its facilities, networks • The Register

US tech firms ‘enabled China’s surveillance state’

Chinese companies and bosses to face major fines over cybersecurity incidents | The Record from Recorded Future News

Russia

Russian Offensive Cyber Operations: Analyzing Putin’s Foreign Policy Actions | Security Magazine

Russian Threat Group Targets Microsoft Outlook With Malware | Security Magazine

Russia targets WhatsApp and pushes new 'super-app' as internet blackouts grow - BBC News

Bulgaria U-turns on claim Moscow jammed GPS of von der Leyen's plane | Euronews

North Korea

Exclusive: How North Korean hackers are using fake job offers to steal cryptocurrency | Reuters

You Didn't Get Phished — You Onboarded the Attacker

Fake employers from North Korea hack hundreds | Cybernews

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

The US is now the largest investor in commercial spyware - Ars Technica

Tools and Controls

Critical 0-Click Vulnerability Enables Attackers to Takeover Email Access Using Punycode

Remote Access Abuse Biggest Pre-Ransomware Indicator - Infosecurity Magazine

Why security teams are turning to the dark web to protect executives - Digital Journal

Windows Defender Vulnerability Allows Service Hijacking and Disablement via Symbolic Link Attack

Cyber resilience matters as much as cyber defence - NCSC.GOV.UK

CISOs, stop chasing vulnerabilities and start managing human risk - Help Net Security

'Gentlemen' Ransomware Abuses Vulnerable Driver

Three Critical Facts About Cyber Risk Management | Trend Micro (US)

A CISO’s guide to monitoring the dark web | CSO Online

CISO's guide to security vendor consolidation | TechTarget

Microsoft Warns of Active Directory Domain Services Vulnerability, Let Attackers Escalate Privileges

AI-powered penetration tool downloaded 10K times • The Register

Identity management was hard, AI made it harder - Help Net Security

How attackers weaponize communications networks - Help Net Security

How CIOs can steer legacy tech overhauls | CIO Dive

How Leading CISOs are Getting Budget Approval

Reports Published in the Last Week

Cyber resilience of UK digital infrastructure - POST

Other News

Working with partners to tackle cyber crime and fraud - GOV.UK

MeetC2 - A serverless C2 framework that leverages Google Calendar APIs as a communication channel

Multiple undersea cable cuts in the Red Sea, hampering internet performance — international cables connecting Europe, Asia, and the Middle East are compromised | Tom's Hardware

Firmware is the weak link in your PC's security. Here's how to stay safe | PCWorld

'Solid as a paper Whopper wrapper in the rain': Hackers reported 'catastrophic' cybersecurity flaws at Burger King before the fast food giant nuked their criticism off the 'net via DMCA | PC Gamer

PayPal hacked? Here's how to regain control | PCWorld

Surge in networks scans targeting Cisco ASA devices raise concerns

Staff want compensation after summer cyber-attack

Cyberattacks against schools driven by a rise in student hackers, ICO warns | The Record from Recorded Future News

Attackers test the limits of railway cybersecurity - Help Net Security

Attackers are coming for drug formulas and patient data - Help Net Security

Vulnerability Management

Windows 10 losing security support in October – 6 ways to solve the problem - Which?

The Critical Failure in Vulnerability Management

Microsoft gives Windows 10 its penultimate update - but saves the best for Windows 11 | ZDNET

Vulnerabilities

Microsoft Patch Tuesday security updates for September 2025 fixed two zero-day flaws

Critical 0-Click Vulnerability Enables Attackers to Takeover Email Access Using Punycode

Windows Defender Vulnerability Allows Service Hijacking and Disablement via Symbolic Link Attack

Microsoft Warns of Active Directory Domain Services Vulnerability, Let Attackers Escalate Privileges

Akira ransomware crims abusing trifecta of SonicWall flaws • The Register

Critical SAP S/4HANA vulnerability now exploited in attacks

Top CMS Sitecore patches critical zero-day flaw being hit by hackers | TechRadar

Adobe Patches Critical ColdFusion and Commerce Vulnerabilities - SecurityWeek

Fortinet, Ivanti, Nvidia Release Security Updates - SecurityWeek

Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday - Help Net Security

Cisco Patches High-Severity IOS XR Vulnerabilities - SecurityWeek

Windows 10 losing security support in October – 6 ways to solve the problem - Which?

'Gentlemen' Ransomware Abuses Vulnerable Driver

SAP Patches Critical NetWeaver (CVSS Up to 10.0) and High-Severity S/4HANA Flaws

Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday - Help Net Security

Microsoft: Anti-spam bug blocks links in Exchange Online, Teams

Microsoft gives Windows 10 its penultimate update - but saves the best for Windows 11 | ZDNET

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive Summary

September’s security updates address a wide spectrum of enterprise risks. Microsoft patched critical flaws across Windows, Office, and Azure, while Adobe issued nine product advisories. SAP released 21 new notes, including several high impact NetWeaver and S/4HANA issues. NVIDIA fixed firmware flaws in DGX/HGX platforms. Fortinet disclosed two medium severity vulnerabilities in FortiDDoS F and FortiWeb. Ivanti published 13 vulnerabilities, 11 affecting Connect Secure, Policy Secure, ZTA and Neurons gateways, and 2 in Endpoint Manager, underscoring the importance of promptly securing VPN appliances and management servers. Collectively, these updates emphasise timely patching of Internet facing and business critical systems.

Vulnerabilities by Vendor

• Microsoft[¹]: 86 vulnerabilities on the official September 2025 Security Update Guide release page, affecting Windows, Microsoft Edge (Chromium-based), Office, .NET/Developer Tools, and Azure components. Prioritise any items rated Critical, privilege escalation chains, and entries marked by Microsoft as “Exploited.”

• Adobe[²]: 9 updates released to address vulnerabilities published on September 9 bulletins (Acrobat Reader, After Effects, Premiere Pro, Commerce, Substance 3D Viewer/Modeler, Experience Manager, Dreamweaver, ColdFusion). Prioritise server- or Internet-facing workloads (Commerce, ColdFusion) and high-impact desktop estates (Acrobat Reader).

• Ivanti[³]: 13 vulnerabilities, comprising 11 in Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access (five high, six medium) and 2 in Endpoint Manager (EPM 2024 SU3 / 2022 SU8) (both high-severity remote code execution requiring user interaction). No exploitation is reported. Prioritise patching Internet-facing gateway appliances and centralised EPM servers; also follow Ivanti’s guidance to avoid exposing admin portals to the Internet.

• SAP[⁴]: 21 vulnerabilities in Security Notes on 9 September, affecting core platforms including NetWeaver, S/4HANA, Business One, LT Replication Server, Fiori, and BusinessObjects, among others. Prioritise Critical NetWeaver issues and high severity input validation and authentication weaknesses in S/4HANA and LT.

• Fortinet[⁵]: 2 vulnerabilities, affecting FortiDDoS-F (OS command injection, CVSS 6.5) and FortiWeb (path traversal, CVSS 4.7). Both are medium-severity but exploitable by privileged or authenticated users. Prioritise updates for Internet-facing FortiWeb deployments and ensure FortiDDoS-F appliances are upgraded to fixed releases.

• NVIDIA[⁶]: 2 vulnerabilities in HGX/DGX vBIOS and LS10 components (CVE-2025-23301, CVE-2025-23302). Prioritise firmware updates in AI/accelerator infrastructure (DGX/HGX), especially shared or multi-tenant environments.

What’s the risk to me or my business?

The presence of actively exploited zero-days and critical RCE/privilege escalation vulnerabilities across major enterprise platforms significantly elevates the risk of data breaches, lateral movement, malware deployment, and full system compromise.

What can I do?

Black Arrow recommends promptly applying the available security updates for all affected products. Prioritise patches for vulnerabilities that are actively exploited or rated as critical or high severity. Regularly review and update your organisation's security policies and ensure that all systems are running supported and up-to-date software versions.

Footnotes:
¹ Microsoft Security Update Guide (September 2025 release): https://msrc.microsoft.com/update-guide/releaseNote/2025-Sep
² Adobe Security Bulletins and Advisories: https://helpx.adobe.com/security/security-bulletin.html
³ Ivanti September 2025 Security Update: https://www.ivanti.com/blog/september-2025-security-update
⁴ SAP Security Patch Day September 2025: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2025.html
⁵ Fortinet PSIRT Advisories: https://www.fortiguard.com/psirt/FG-IR-25-512 ; https://www.fortiguard.com/psirt/FG-IR-24-344
⁶ NVIDIA Security Bulletin: NVIDIA HGX and DGX VBIOS and LS10 – September 2025: https://nvidia.custhelp.com/app/answers/detail/a_id/5674/~/security-bulletin%3A-nvidia-hgx-and-dgx-vbios-and-ls10---september-2025

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

This week’s review shows attackers continuing to disrupt operations through ransomware and large-scale attacks, with Jaguar Land Rover’s shutdown illustrating the ripple effect of a single breach. DDoS attacks are increasingly weaponised for political influence, amplified by AI-driven automation. At the same time, attackers continue to exploit human weaknesses: smarter phishing kits, fake Teams and Zoom invites, and AI-powered impersonation scams are targeting employees, while credential theft and poor offboarding practices remain major risks.

AI is also reshaping the threat landscape, enabling automated ransomware campaigns and deepfake-enabled fraud, while introducing new compliance challenges through AI-driven development. Boards are being urged to embed security into innovation and financial processes, and nation-state actors continue to exploit vulnerabilities in critical infrastructure.

These trends highlight the need for strong governance, technical and identity controls, and a culture of security awareness. Contact us to discuss proportionate ways to achieve this in your organisation.

Top Cyber Stories of the Last Week

Workers Told to Stay Home as Jaguar Land Rover Grapples with Attack: Manufacturing Shut Down, Sales Halted

Jaguar Land Rover has been forced to suspend production after a cyber attack disrupted its global IT systems, leaving thousands of factory workers at home. The incident has halted operations at key UK plants and prevented dealers from ordering parts or processing sales through normal channels, hitting the business during the peak registration period. Although there is currently no evidence that customer data has been stolen, the attack has severely impacted manufacturing, sales, and aftercare services, underlining how a single disruption can cascade across an entire organisation.

https://www.thisismoney.co.uk/money/cars/article-15068603/Jaguar-Land-Rover-factory-workers-told-stay-home-Tuesday-car-maker-grapples-cyber-attack.html

AI-Powered Cyber Crime Raises Worldwide Alarm Bells

A report from Anthropic has revealed how a hacker exploited its AI tools to automate an entire ransomware operation, targeting 17 organisations across healthcare, government, emergency services, and religious institutions. The AI system not only identified weaknesses but also created malicious software, drafted extortion emails, and calculated ransom demands ranging from $75,000 to over $500,000. Experts warn this case signals a turning point where criminals can weaponise AI to scale attacks quickly and cheaply. The incident highlights the urgent need for stronger governance, robust processes, and investment in AI-driven defence capabilities.

https://www.itsecurityguru.org/2025/08/29/ai-powered-cyber-crime-raises-worldwide-alarm-bells/

DDoS Attacks Serve as Instruments of Political Influence and Disruption

In the first half of 2025, more than 8 million distributed denial of service (DDoS) attacks were recorded worldwide with Europe, the Middle East and Africa experiencing 3.2 million of these incidents. Once mainly disruptive, such attacks are increasingly used as political tools, with spikes during events like the World Economic Forum and conflicts involving India, Pakistan, Iran and Israel. Attack durations and intensity are rising, fuelled by easy access to attack-for-hire services and automation powered by artificial intelligence. Traditional defences are struggling to cope, highlighting the need for organisations to adopt more advanced, intelligence-led protections.

https://www.helpnetsecurity.com/2025/09/04/ddos-attacks-worldwide-2025/

Phishing Emails Are Getting Smarter and Using Some New Tricks to Snare Victims

Barracuda researchers warn that Tycoon, a widely used phishing toolkit behind many email attacks, has been upgraded with new techniques that make malicious links harder to detect. These include disguising web addresses with hidden characters, fake security checks such as CAPTCHAs, and misleading domain names that appear linked to trusted companies. Such tactics are designed to bypass traditional email filters and trick recipients into clicking harmful links. Barracuda advises that organisations adopt multi-layered security measures, including advanced monitoring tools and regular staff awareness training, to better protect against these increasingly sophisticated threats.

https://www.techradar.com/pro/security/phishing-emails-are-getting-smarter-and-using-some-new-tricks-to-snare-victims

If You’re Using Microsoft Teams or Zoom, Beware: Hackers Could Be Targeting Your Company

A new wave of cyber attacks is targeting companies through fake Microsoft Teams and Zoom invitations, exploiting the fact these platforms are used daily by billions of people. Researchers report over 900 organisations across the US, UK, Canada, and Australia have already been affected, with financial services and healthcare among the most targeted sectors. Once clicked, the fraudulent links install legitimate remote access software, giving attackers deep control of systems to steal data, take over accounts, or launch further attacks. Experts warn that stronger email defences and refreshed staff awareness training are critical safeguards.

https://www.inc.com/kit-eaton/if-youre-using-microsoft-teams-beware-hackers-could-be-targeting-your-company/91235615

AI Impersonation Scams Are Sky-Rocketing in 2025 – Here’s How to Stay Safe

AI impersonation scams have surged by 148% in 2025, with criminals using voice cloning and deepfake video to convincingly mimic trusted colleagues, friends or executives. These scams often exploit urgency to trick victims into making payments or disclosing sensitive information, with one case leading to a $25 million transfer. Experts warn that even professionals can be deceived, as nearly half of AI-generated scams bypass current security checks. The strongest defences are slowing down before reacting, verifying identities through trusted channels, and using multi-factor authentication to reduce the risk of account compromise.

https://www.techradar.com/computing/cyber-security/ai-impersonation-scams-are-sky-rocketing-in-2025-security-experts-warn-heres-how-to-stay-safe

Warning as 60% of Financial Attacks Start with Stolen Credentials

The UAE Cyber Security Council has warned that 60% of financial cyber attacks begin with stolen login details, making them a primary entry point for fraudsters. The Council stressed that simple protective steps, such as using multi factor authentication, biometric logins, and instant transaction alerts, can cut the risk of breaches by up to 40%. With over 12,000 incidents linked to unsecured public Wi-Fi this year, the Council highlighted how criminals exploit weak points in digital banking. It also cautioned that artificial intelligence is fuelling more complex and harder to detect online fraud schemes.

https://gulfnews.com/uae/crime/uae-cybersecurity-council-warns-60-per-cent-of-financial-attacks-start-with-stolen-credentials-1.500251371

Security Experts Call for Better ‘Offboarding’ Practices amid Spate of Insider Attacks by Outgoing Staff

Experts warn that poor staff offboarding processes are leaving firms exposed to insider threats, with several recent cases showing how departing employees can steal sensitive data or sabotage systems. Examples include an Intel engineer fined for taking trade secrets and a former IT worker jailed for deleting 180 servers. With hybrid working giving wider access to company systems, the risk is growing. Security leaders stress that organisations must revoke access immediately when staff leave and strengthen collaboration between HR and IT. Automated identity management and monitoring tools are recommended to reduce the chance of serious damage.

https://www.itpro.com/security/security-experts-weigh-in-on-offboarding-practices-after-former-intel-worker-stole-documents-before-changing-jobs

Boards Are Being Told to Rethink Their Role in Cyber Security

A new report from Google Cloud stresses that boards must take a more active role in cyber security as it is now central to business resilience. It highlights three priorities: the rise of ransomware targeting identity systems and help desks, the rapid growth of cyber-enabled fraud such as email and payment scams, and the need to embed security into innovation. Boards are advised to back stronger identity protections, oversee fraud prevention in financial processes, and ensure security is considered early in new projects to build trust, protect growth, and maintain regulatory confidence.

https://www.helpnetsecurity.com/2025/09/01/google-board-cybersecurity-oversight/

Vibe Coding Creates Great Apps with Lax Security. But There Are Ways Around That.

Vibe coding, the use of plain text prompts in AI tools to generate software, offers speed and flexibility but introduces significant security and compliance risks. AI-generated code is often prone to errors and vulnerabilities, making regular reviews and monitoring essential. Experts advise restricting such projects to smaller, non-critical systems, using trusted platforms, and maintaining strict oversight to meet data protection rules such as GDPR. Transparency, documentation and human checks are vital to prevent regulatory breaches. Businesses that balance innovation with security controls will gain efficiency without exposing themselves to unnecessary legal or reputational risk.

https://www.techmonitor.ai/comment-2/vibe-coding-lax-security

State-Sponsored Hackers Behind Majority of Vulnerability Exploits

A new report has found that more than half of vulnerability exploits in early 2025 were carried out by state-sponsored groups, mainly linked to China, with aims such as espionage and surveillance. These campaigns focused on critical infrastructure and enterprise systems, while financially motivated groups accounted for the remaining 47%. Microsoft was the most targeted vendor, with its products linked to 17% of attacks. Alarmingly, most exploited flaws required no login details and nearly half could be launched remotely. The report also highlighted the rise of new social engineering tricks like ClickFix, which manipulates users into infecting themselves.

https://www.infosecurity-magazine.com/news/state-hackers-majority/

Governance, Risk and Compliance

Security experts call for better 'offboarding' practices amid spate of insider attacks by outgoing staff | IT Pro

Cybercrime increasingly moving beyond financial gains | CSO Online

How Firms Can Keep Cybersecurity Top of Mind | SC Media UK

Boards are being told to rethink their role in cybersecurity - Help Net Security

Software is 40% of security budgets as CISOs shift to AI defense | VentureBeat

Gen Z has a cyber hygiene problem | IT Pro

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks - SecurityWeek

Ransomware gang takedowns causing explosion of new, smaller groups | The Record from Recorded Future News

Hackers claim responsibility for cyber-attack on Jaguar Land Rover, as new research shows the cost of security breaches to online retailers - InternetRetailing

JLR attack: How ransomware gangs have changed from cartels to cliques

Hackers Exploit Microsoft Teams to Taunt Victims and Demand Ransoms

How insurer strategies are evolving in response to the ransomware surge

Salesforce attackers threaten Google, FBI | Cybernews

What are ShinyHunters, the hackers that attacked Google? Should we all be worried?

Hacker Impatience Can Be a Good Thing

When Browsers Become the Attack Surface: Rethinking Security for Scattered Spider

New Dire Wolf Ransomware Attack Windows Systems, Deletes Event Logs and Backup-Related Data

Hook v3 unleashes a shocking arsenal of ransomware overlays, fake banking prompts, spyware functions, and real-time device monitoring | TechRadar

Ransomware payments are banned in the public sector: should businesses still pay? | IT Pro

Hackers Exploit Third-Party SonicWall SSL VPNs to Deploy Sinobi Ransomware: By Parminder Saini

Here's how ransomware crims are abusing AI tools • The Register

Prolific Russian ransomware operator living in California enjoys rare leniency awaiting trial | CyberScoop

Ransomware Victims

JLR attack: How ransomware gangs have changed from cartels to cliques

M&S hackers claim responsibility for Jaguar Land Rover attack

Jaguar Land Rover factory workers told to stay home until at least Tuesday as car maker grapples with cyber attack | This is Money

Sweden scrambles after ransomware attack puts sensitive worker data at risk

Nevada Confirms Ransomware Attack Behind Statewide Service Disruptions - SecurityWeek

M&S hackers suspects in Legal Aid Agency cyber-attack - Retail Gazette

Jaguar Land Rover says cyberattack ‘severely disrupted’ production

Dealerships unable to sell Range Rovers after JLR cyber attack

Ransomware attack shuts down Nevada Insurance Division website | Insurance Business America

Ransomware Attack on Pennsylvania’s AG Office Disrupts Court Cases - Infosecurity Magazine

Tire giant Bridgestone confirms cyberattack impacts manufacturing

Fired ChangeNOW worker wants hackers to pay| Cybernews

Phishing & Email Based Attacks

Phishing emails are getting smarter - and using some new tricks to snare victims | TechRadar

The Rise of BEC Attacks Targeting Government Agencies | Proofpoint US

The Old Ways Are Still the Best for Most Cybercriminals

New Phishing Attack Via OneDrive Attacking C-level Employs for Corporate Credentials

Tycoon Phishing Kit Utilizes New Capabilities to Hide Malicious Links - Infosecurity Magazine

Cybersecurity experts issue urgent warning amid surge in Stealerium malware attacks | IT Pro

Phishing Empire Runs Undetected on Google, Cloudflare

North Korean Hackers Exploit Threat Intel Platforms For Phishing - Infosecurity Magazine

DocuSign and Apple Pay Phishing Scam Steals User Credentials

North Korean Hackers Weaponize Seoul Intelligence Files - Infosecurity Magazine

VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages

What to do if your email has been hacked | Tom's Guide

Venus Protocol Recovers $13.5M in Phishing Attack

Business Email Compromise (BEC)/Email Account Compromise (EAC)

The Rise of BEC Attacks Targeting Government Agencies | Proofpoint US

Fraudster stole over $1.5 million from city of Baltimore

Other Social Engineering

If You're Using Microsoft Teams, Beware: Hackers Could Be Targeting Your Company

The Old Ways Are Still the Best for Most Cybercriminals

Scammers Will Try to Trick You Into Filling Out Google Forms. Don’t Fall for It | WIRED

A quick look at sextortion at scale: 1,900 messages and 205 Bitcoin addresses spanning four years

US Sanctions Russian National, Chinese Firm Aiding North Korean IT Workers - SecurityWeek

Children at risk of identity theft and fraud from 'sharenting' - BBC News

LinkedIn's new tools just made it tougher to pad your resume | ZDNET

Fraud, Scams and Financial Crime

Scammers Will Try to Trick You Into Filling Out Google Forms. Don’t Fall for It | WIRED

LinkedIn's new tools just made it tougher to pad your resume | ZDNET

The Rise of BEC Attacks Targeting Government Agencies | Proofpoint US

Fraudster stole over $1.5 million from city of Baltimore

Boards Partner with CISOs to Fight AI Cyber Fraud: Google Report

AI impersonation scams are sky-rocketing in 2025, security experts warn – here’s how to stay safe | TechRadar

Hackers breach fintech firm in attempted $130M bank heist

Bitcoin’s record highs spark a surge in crypto scams | TechRadar

New threat group uses custom tools to hijack search results - Help Net Security

LinkedIn expands company verification, mandates workplace checks for certain roles - Help Net Security

How to reclaim control over your online shopping data - Help Net Security

At Singapore’s anti-fraud convention, even the experts get scammed

Chinese Hackers Game Google to Boost Gambling Sites

New China-aligned crew poisons Windows servers for SEO fraud • The Register

FBI warns seniors are being targeted in three-phase Phantom Hacker scams | Fortra

Artificial Intelligence

AI-Powered Cyber Crime Raises Worldwide Alarm Bells. - IT Security Guru

AI Is Making Cybercrime Easier For Unsophisticated Criminals

Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure

AI brain Hexstrike runs cyberattacks on its own | Cybernews

Hackers are using AI to dissect threat intelligence reports and ‘vibe code’ malware | IT Pro

Cybercriminals Exploit X's Grok AI to Bypass Ad Protections and Spread Malware to Millions

AI impersonation scams are sky-rocketing in 2025, security experts warn – here’s how to stay safe | TechRadar

Vibe coding creates brilliant, insecure apps. There are ways around that.

AI can't stop the sprint to adopt hot tech without security • The Register

Agentic AI: A CISO’s security nightmare in the making? | CSO Online

Exposed LLM Servers Expose Ollama Risks - InfoRiskToday

Here's how ransomware crims are abusing AI tools • The Register

Shadow AI Is Already in Your Stack – and It’s a Growing Threat for MSSPs | MSSP Alert

Winning the AI Arms Race in Financial Services Cybersecurity - Infosecurity Magazine

UAE Cybersecurity Council warns 60 per cent of financial attacks start with stolen credentials

Adversarial AI is coming for your applications | TechRadar

AI-Powered Cybercrime Is Here: Massive Breaches & Dark Web Dumps - Security Boulevard

Is artificial intelligence a friend, foe or frenemy? NIST wants to find out - Nextgov/FCW

AI code assistants improve production of security problems • The Register

File security risks rise as insiders, malware, and AI challenges converge - Help Net Security

'AI shame' is running rampant in the corporate sector—and C-suite leaders are most worried about getting caught, survey says | Fortune

New LinkedIn study reveals the secret that a third of professionals are hiding at work | ZDNET

Warner Bros. Discovery sues Midjourney AI for copying its characters | The Verge

Malware

Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE

Cybersecurity experts issue urgent warning amid surge in Stealerium malware attacks | IT Pro

Hook v3 unleashes a shocking arsenal of ransomware overlays, fake banking prompts, spyware functions, and real-time device monitoring | TechRadar

Fake PDF tools spread malware, warns NCSC​ | Cybernews

TamperedChef infostealer delivered through fraudulent PDF Editor

Cybercriminals Use Fake SEO Sites to Spread TamperedChef Malware via Bogus PDF Editor

Hackers are using fake Zoom or Microsoft Teams invites to spy on all your workplace activity | TechRadar

Silver Fox Exploits Signed Drivers to Deploy ValleyRAT Backdoor - Infosecurity Magazine

Attackers Are Abusing Malicious PDFs: Here's How to Spot Them Early

Russian APT28 Deploys "NotDoor" Outlook Backdoor Against Companies in NATO Countries

File security risks rise as insiders, malware, and AI challenges converge - Help Net Security

Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets

Unknown miscreants snooping around Sitecore via sample keys • The Register

VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages

Bots/Botnets

TP-Link warns of botnet infecting routers and targeting Microsoft 365 accounts | Malwarebytes

Mobile

Hook v3 unleashes a shocking arsenal of ransomware overlays, fake banking prompts, spyware functions, and real-time device monitoring | TechRadar

Android drops 120 flaw fixes, two exploited in the wild • The Register

Over 20 Popular Android VPN Apps Share The Same Security Flaws - See If You're Affected

What Android security threats should IT know about? | TechTarget

Apple Reportedly Still Under Pressure to Give UK Government Backdoor iCloud Access - CNET

UK's demand for Apple backdoor may have been broader than previously thought

Hackers can now crash phones and downgrade 5G to 4G networks with a toolkit exploiting unencrypted pre-authentication messages | TechRadar

Google is killing a defining feature for Android phones soon - and there's one reason why | ZDNET

Brokewell Android malware delivered through fake TradingView ads

Denial of Service/DoS/DDoS

Cloudflare blocks largest recorded DDoS attack peaking at 11.5 Tbps

DDoS attacks serve as instruments of political influence and disruption - Help Net Security

DDoSing is big and getting bigger – let's kill it off • The Register

Internet of Things – IoT

Severe Hikvision HikCentral product flaws: What You Need to Know

Connected cars are smart, convenient, and open to cyberattacks - Help Net Security

Cyber Trust Mark certification and how IoT devices will qualify | TechTarget

This Company Turns Dashcams into ‘Virtual CCTV Cameras.’ Then Hackers Got In

Tesla denied having fatal crash data until a hacker found it - Ars Technica

Data Breaches/Leaks

UK government dragged for incomplete security reforms • The Register

Warning issued to Salesforce customers after hackers stole Salesloft Drift data | IT Pro

Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations

Zscaler, Palo Alto Networks Hacked via Salesloft Drift

JSON Config File Leaks Azure AD Credentials

Security Firms Hit by Salesforce–Salesloft Drift Breach - SecurityWeek

Attackers are turning Salesforce trust into their biggest weapon - Help Net Security

Salesloft Drift attack affects Google Workspace security | Proton

Air France Sued Over ‘Hub-and-Spoke’ Salesforce Cyberattack

Blast Radius of Salesloft Drift Attacks Remains Unclear

Sweden scrambles after ransomware attack puts sensitive worker data at risk

Gmail users warned as hackers gain access to private information

Government needs to go ‘further and faster’ on information security improvements – PublicTechnology

Social Security whistleblower who claims DOGE mishandled Americans' sensitive data resigns from post

'2.5 billion Gmail users at risk'? Entirely false, says Google | ZDNET

Major US delivery company hit in data breach with full names, SSNs and medical info of thousands exposed online | Tom's Guide

Chess.com discloses recent data breach via file transfer app

Texas sues PowerSchool over breach exposing 62M students, 880k Texans

Organised Crime & Criminal Actors

AI Is Making Cybercrime Easier For Unsophisticated Criminals

How to reclaim control over your online shopping data - Help Net Security

The Old Ways Are Still the Best for Most Cybercriminals

Hacker Impatience Can Be a Good Thing

Chinese Hackers Game Google to Boost Gambling Sites

New China-aligned crew poisons Windows servers for SEO fraud • The Register

Call for UK to lead on organised crime | Professional Security Magazine

Microsoft deploys a custom Azure Integrated HSM chip across all servers to combat the $10.2 trillion cybercrime pandemic | TechRadar

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Bitcoin’s record highs spark a surge in crypto scams | TechRadar

A quick look at sextortion at scale: 1,900 messages and 205 Bitcoin addresses spanning four years

Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets

Venus Protocol Recovers $13.5M in Phishing Attack

Fired ChangeNOW worker wants hackers to pay| Cybernews

Insider Risk and Insider Threats

File security risks rise as insiders, malware, and AI challenges converge - Help Net Security

LinkedIn's new tools just made it tougher to pad your resume | ZDNET

LinkedIn expands company verification, mandates workplace checks for certain roles - Help Net Security

US Sanctions Russian National, Chinese Firm Aiding North Korean IT Workers - SecurityWeek

Insurance

How insurer strategies are evolving in response to the ransomware surge

Cyber insurance faces rate deterioration and reduced organic growth: Swiss Re - Reinsurance News

Supply Chain and Third Parties

Warning issued to Salesforce customers after hackers stole Salesloft Drift data | IT Pro

Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info

Security Firms Hit by Salesforce–Salesloft Drift Breach - SecurityWeek

Attackers are turning Salesforce trust into their biggest weapon - Help Net Security

Salesloft Drift attack affects Google Workspace security | Proton

Air France Sued Over ‘Hub-and-Spoke’ Salesforce Cyberattack

Blast Radius of Salesloft Drift Attacks Remains Unclear

16 Billion Records Exposed in Supply-Chain Data Breach on Gmail, Apple, Facebook

Cloud/SaaS

If You're Using Microsoft Teams, Beware: Hackers Could Be Targeting Your Company

JSON Config File Leaks Azure AD Credentials

TP-Link warns of botnet infecting routers and targeting Microsoft 365 accounts | Malwarebytes

Phishing Empire Runs Undetected on Google, Cloudflare

Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks - SecurityWeek

Hackers Exploit Microsoft Teams to Taunt Victims and Demand Ransoms

AWS nails Russia's Cozy Bear trying to nick Microsoft creds • The Register

Amazon Dismantles Russian APT 29 Infrastructure Used to Attack Users

Amazon Stops Russian APT29 Watering Hole Attack - Infosecurity Magazine

Microsoft deploys a custom Azure Integrated HSM chip across all servers to combat the $10.2 trillion cybercrime pandemic | TechRadar

Encryption

Apple Reportedly Still Under Pressure to Give UK Government Backdoor iCloud Access - CNET

UK's demand for Apple backdoor may have been broader than previously thought

What Q Day means for your business and how to prepare | TechRadar

UK's Broader Demand for Apple iCloud Backdoor Sparks Encryption Clash

Court documents shed new light on UK-Apple row over user data - BBC News

Linux and Open Source

Linux UDisks daemon Vulnerability Let Attackers Gaining Access to Files Owned by Privileged Users

Passwords, Credential Stuffing & Brute Force Attacks

UAE Cybersecurity Council warns 60 per cent of financial attacks start with stolen credentials

TP-Link warns of botnet infecting routers and targeting Microsoft 365 accounts | Malwarebytes

The Old Ways Are Still the Best for Most Cybercriminals

DocuSign Phishing Scam Mimics Apple Pay Disputes to Steal Data

DocuSign and Apple Pay Phishing Scam Steals User Credentials

'2.5 billion Gmail users at risk'? Entirely false, says Google | ZDNET

No, Google did not warn 2.5 billion Gmail users to reset passwords

Google says Gmail security is “strong and effective” as it denies major breach - Ars Technica

Social Media

LinkedIn expands company verification, mandates workplace checks for certain roles - Help Net Security

LinkedIn's new tools just made it tougher to pad your resume | ZDNET

Children at risk of identity theft and fraud from 'sharenting' - BBC News

Disney to pay $10M to settle claims it collected kids’ data on YouTube

Regulations, Fines and Legislation

UK's Broader Demand for Apple iCloud Backdoor Sparks Encryption Clash

Court documents shed new light on UK-Apple row over user data - BBC News

Security experts weigh in on UK's proposed VPN crackdown - Raconteur

Big Tech Companies in the US Have Been Told Not to Apply the Digital Services Act | WIRED

The House | The cyber security bill must go further to truly protect the UK economy

Why are so many organizations dragging their feet on NIS2 compliance? | TechRadar

Apple Reportedly Still Under Pressure to Give UK Government Backdoor iCloud Access - CNET

UK's demand for Apple backdoor may have been broader than previously thought

Ransomware payments are banned in the public sector: should businesses still pay? | IT Pro

Google Fined $379 Million by French Regulator for Cookie Consent Violations

Google told to pay $425m in privacy lawsuit - BBC News

France fines Google, SHEIN, for undercooked Cookie policies • The Register

UK human rights regulator to argue against police use of live facial recognition | Biometric Update

Cyber Trust Mark certification and how IoT devices will qualify | TechTarget

Congress tosses lifeline to cyber intel sharing, grants • The Register

Models, Frameworks and Standards

The House | The cyber security bill must go further to truly protect the UK economy

Big Tech Companies in the US Have Been Told Not to Apply the Digital Services Act | WIRED

Why are so many organizations dragging their feet on NIS2 compliance? | TechRadar

Cyber Trust Mark certification and how IoT devices will qualify | TechTarget

Is artificial intelligence a friend, foe or frenemy? NIST wants to find out - Nextgov/FCW

NIST revision of SP 800-53 highlights rising stakes in patch, update security | Biometric Update

NIST Enhances Security Controls for Improved Patching

Careers, Working in Cyber and Information Security

How gaming experience can help with a cybersecurity career - Help Net Security

Fintech CISO on How AI is Changing Cybersecurity Skillsets - Infosecurity Magazine

Law Enforcement Action and Take Downs

Ransomware gang takedowns causing explosion of new, smaller groups | The Record from Recorded Future News

Prolific Russian ransomware operator living in California enjoys rare leniency awaiting trial | CyberScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

A Playbook for Winning the Cyber War: Part 1: Executive Summary

A Playbook for Winning the Cyber War: Part 2: Evaluating Russia’s Cyber Strategy

A Playbook for Winning the Cyber War: Part 3: Evaluating China’s Cyber Strategy

A Playbook for Winning the Cyber War: Part 4: Evaluating Iran’s Cyber Strategy

A Playbook for Winning the Cyber War: Part 5: Evaluating U.S. Cyber Strategy

A Playbook for Winning the Cyber War: Part 6: Testing U.S. Policy Responses to Destructive Cyberattacks with Wargames

A Playbook for Winning the Cyber War: Part 7: How the United States Can Win

Nation State Actors

State-Sponsored Hackers Behind Majority of Vulnerability Exploits - Infosecurity Magazine

China

A Playbook for Winning the Cyber War: Part 1: Executive Summary

A Playbook for Winning the Cyber War: Part 3: Evaluating China’s Cyber Strategy

State-Sponsored Hackers Behind Majority of Vulnerability Exploits - Infosecurity Magazine

Chinese APT Hackers Exploit Router Vulnerabilities to Infiltrate Enterprise Environments

‘Unrestrained’ Chinese Cyberattackers May Have Stolen Data From Almost Every American - The New York Times

Salt Typhoon APT techniques revealed in new report | CSO Online

US Sanctions Russian National, Chinese Firm Aiding North Korean IT Workers - SecurityWeek

Czech Republic warns of Chinese solar inverter threat - PV Tech

Trump and JD Vance among targets of major Chinese cyberattack, investigators say | Euronews

Chinese Hackers Game Google to Boost Gambling Sites

New China-aligned crew poisons Windows servers for SEO fraud • The Register

US sues robot toy maker for exposing children's data to Chinese devs

Russia

A Playbook for Winning the Cyber War: Part 1: Executive Summary

A Playbook for Winning the Cyber War: Part 2: Evaluating Russia’s Cyber Strategy

State-Sponsored Hackers Behind Majority of Vulnerability Exploits - Infosecurity Magazine

Amazon Dismantles Russian APT 29 Infrastructure Used to Attack Users

APT28 Targets Microsoft Outlook With 'NotDoor' Malware

Russian APT28 Deploys "NotDoor" Outlook Backdoor Against Companies in NATO Countries

NATO takes aim at Russia’s GPS hacking after EU leader’s plane jammed

Sweden says Russia behind surge in GPS jamming over Baltic Sea - BBC News

US Sanctions Russian National, Chinese Firm Aiding North Korean IT Workers - SecurityWeek

AWS nails Russia's Cozy Bear trying to nick Microsoft creds • The Register

Amazon Stops Russian APT29 Watering Hole Attack - Infosecurity Magazine

EU blames Russia as GPS jamming disrupts president’s plane • The Register

US puts $10M bounty on Russians accused of infra attacks • The Register

"Cybersecurity is a common cause": IT Meets in Kyiv discussed how businesses can protect data and reputation | УНН

Iran

A Playbook for Winning the Cyber War: Part 1: Executive Summary

A Playbook for Winning the Cyber War: Part 4: Evaluating Iran’s Cyber Strategy

Iran MOIS Phishes 50+ Embassies, Ministries, Int'l Orgs

North Korea

State-Sponsored Hackers Behind Majority of Vulnerability Exploits - Infosecurity Magazine

Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE

US Sanctions Russian National, Chinese Firm Aiding North Korean IT Workers - SecurityWeek

North Korean Hackers Exploit Threat Intel Platforms For Phishing - Infosecurity Magazine

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Internet mapping service Censys reveals state-based abuse • The Register

ICE Revives Contract With Controversial Spyware Firm Paragon

Commercial surveillanceware shrugs off sanctions, regulation • The Register

Tools and Controls

New Dire Wolf Ransomware Attack Windows Systems, Deletes Event Logs and Backup-Related Data

Security experts call for better 'offboarding' practices amid spate of insider attacks by outgoing staff | IT Pro

Security experts weigh in on UK's proposed VPN crackdown - Raconteur

Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks - SecurityWeek

How insurer strategies are evolving in response to the ransomware surge

When Browsers Become the Attack Surface: Rethinking Security for Scattered Spider

Software is 40% of security budgets as CISOs shift to AI defense | VentureBeat

Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling

BruteForceAI: Free AI-powered login brute force tool - Help Net Security

Security tool bloat Is the new breach vector | TechRadar

Why you should delete your browser extensions right now - or do this to stay safe | ZDNET

Please stop using your ISP's DNS

A spy among us: rethinking cybersecurity in a hybrid world | TechRadar

6 browser-based attacks all security teams should be ready for in 2025

North Korean Hackers Exploit Threat Intel Platforms For Phishing - Infosecurity Magazine

Cyber insurance faces rate deterioration and reduced organic growth: Swiss Re - Reinsurance News

Vibe coding creates brilliant, insecure apps. There are ways around that.

Winning the AI Arms Race in Financial Services Cybersecurity - Infosecurity Magazine

Why one-time security assessments are no longer sufficient [Q&A] - BetaNews

US, Allies Push for SBOMs to Bolster Cybersecurity - SecurityWeek

Threat Hunting Should Be Part of Every Security Program

AI code assistants improve production of security problems • The Register

These 4 antivirus apps are actually worse than malware

Fewer than half of Irish companies automatically back up data, survey shows – The Irish Times

Other News

Security tool bloat Is the new breach vector | TechRadar

Gen Z has a cyber hygiene problem | IT Pro

Traffic to government domains often crosses national borders • The Register

They know where you are: Cybersecurity and the shadow world of geolocation

Fewer than half of Irish companies automatically back up data, survey shows – The Irish Times

"Cybersecurity is a common cause": IT Meets in Kyiv discussed how businesses can protect data and reputation | УНН

Is retail a sitting duck for cybercriminals? | Retail Week

Hackers are also going back to school - major campaign hijacks Google Classroom to hit targets | TechRadar

Why resilience in automotive cybersecurity must stretch beyond data protection - Tech Monitor

Sky Under Siege: Digital Attacks Forcing a New Era in Avionics Cybersecurity - Avionics International

Vulnerability Management

State-Sponsored Hackers Behind Majority of Vulnerability Exploits - Infosecurity Magazine

Why cyber risks lurk in legacy technology | CIO Dive

NIST revision of SP 800-53 highlights rising stakes in patch, update security | Biometric Update

PoC Code in 15 Minutes? AI Turbocharges Exploitation

Enterprises staying on Windows 10 could shell out billions • The Register

Hacked Routers Linger on the Internet for Years

Windows 11 security updates are now unskippable during setup | PCWorld

Cutting through CVE noise with real-world threat signals - Help Net Security

Healthcare Sector Takes 58 Days to Resolve Serious Vulnerabilities - Infosecurity Magazine

AI can help track an ever-growing body of vulnerabilities, CISA official says | CyberScoop

Vulnerabilities

Critical Citrix 0-Day Vulnerability Exploited Since May, Leaving Global Entities Exposed

Hackers Exploit Third-Party SonicWall SSL VPNs to Deploy Sinobi Ransomware: By Parminder Saini

WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation

macOS vulnerability allowed Keychain and iOS app decryption without a password - Help Net Security

Linux UDisks daemon Vulnerability Let Attackers Gaining Access to Files Owned by Privileged Users

Silver Fox Exploits Signed Drivers to Deploy ValleyRAT Backdoor - Infosecurity Magazine

High-Risk SQLi Flaw Exposes WordPress Memberships Plugin Users - Infosecurity Magazine

WordPress Theme Vulnerability Exposes 70K Sites to CSRF, SQL Attacks

WordPress Woes Continue Amid ClickFix, TDS Threats

Paid WordPress users beware - worrying security flaw puts accounts and info at risk | TechRadar

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation

Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Servers - SecurityWeek

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) - Help Net Security

Microsoft says recent Windows updates cause app install issues

Severe Hikvision HikCentral product flaws: What You Need to Know

Enterprise password crew Passwordstate patches auth vuln • The Register

Experts warn of actively exploited FreePBX zero-day

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

 Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

Our review of threat intelligence this week reinforces that cyber attackers target employees to get into the organisation’s systems: attacks via Microsoft Teams have come to the fore again, alongside more classic email phishing. We also look at how the C-Suite is addressing the challenge of cyber security, bringing the subject to the Board as a strategic enabler; this includes strengthening the leadership team’s ability to respond to a cyber incident. While many organisations look to their insurance policy as a safety net during an incident, we report on how insurers may limit their payments if they find that the organisation has not maintained sufficient security.

The second half of our review includes details of emerging and developing attacks, from Android banking applications to PDFs and information stealers. Ransomware continues to surge, driven by new attacker groups that formed after others were shut down by law enforcement; recent victims include multiple state agencies in the USA, while we also report that Chinese state-backed attackers are embedding themselves into the critical national infrastructure of countries across the world.

We remain clear that the way to improve your resilience against a cyber incident is to implement a cyber strategy based on an impartial assessment of your specific cyber risks, and to confirm how you will respond to an incident through a rehearsal exercise facilitated by an unbiased independent expert who will help you uncover and address misconceptions. All of this must be underpinned by proportionate governance aligned to a recognised framework or standard. Contact us for a  no-obligation discussion on how this can work in your organisation.

Top Cyber Stories of the Last Week

Fake IT Support Attacks Hit Microsoft Teams

Researchers have uncovered a new phishing campaign exploiting Microsoft Teams, where attackers pose as IT support staff to trick employees into downloading remote access tools. Once installed, these tools give criminals full control of a system, allowing them to steal login details and install malicious software. The activity has been linked to a financially motivated group known as EncryptHub. The use of Teams highlights a shift away from traditional email-based attacks, embedding threats directly into everyday business communication. Organisations are advised to monitor Teams traffic closely, particularly for suspicious external contacts.

https://www.infosecurity-magazine.com/news/fake-support-attacks-hit-microsoft/

KnowBe4 Report Reveals Global Financial Sector Faces Unprecedented Cyber Threat Surge

Financial institutions now face cyber attacks at a scale far beyond other industries, experiencing up to 300 times more incidents annually, with intrusions rising 25% last year. Almost all major banks suffered supplier-related breaches, underlining the weakness of third-party ecosystems. The most worrying factor is people: the report found that nearly half of employees in large banks were vulnerable to phishing tests, though this can be reduced to below 5% with proper awareness training. Attackers are increasingly using stolen credentials, making detection harder and highlighting the urgent need to address human risk as part of a cyber security strategy.

https://www.itsecurityguru.org/2025/08/27/knowbe4-report-reveals-global-financial-sector-faces-unprecedented-cyber-threat-surge/

Cyber Moves from Back Office to Boardroom, and Investors Are Paying Attention

Boardrooms are now treating cyber security as a core strategic priority, with 72% of UK firms and almost all large businesses rating it as high importance. High profile breaches at major retailers have highlighted that strong defences protect not only operations but also brand value and investor confidence. Regulation is also reshaping the agenda and investors are responding, with private equity driving a surge in acquisitions of specialist firms. Increasingly, boards are favouring tailored, advisory-led solutions over generic products, embedding cyber resilience into long-term strategy.

https://www.techradar.com/pro/cyber-moves-from-back-office-to-boardroom-and-investors-are-paying-attention

CISOs Evolve from Guardians to Strategic Business Architects

The role of the Chief Information Security Officer (CISO) is shifting from a technical defender to a strategic business leader. Increasingly, CISOs are expected to embed cyber security into core decision-making, influence board discussions, and translate complex risks into clear business impacts. This change is driven by advances in artificial intelligence, stricter regulations, and more sophisticated cyber threats. While challenges remain around credibility and alignment with other executives, CISOs who position security as a business enabler can strengthen resilience, support growth, and ensure that security strategy contributes directly to long-term success.

https://www.webpronews.com/cisos-evolve-from-guardians-to-strategic-business-architects/

Incident Response Planning Emerges as a Key Cyber Security Control in Reducing Risk: Marsh McLennan

A new report from Marsh McLennan highlights that cyber incident response planning is one of the most effective ways to reduce the likelihood of a breach-related claim. Organisations that run regular response exercises are 13% less likely to suffer a significant cyber event compared with those that do not. The research shows response planning ranks as the fourth most effective control, after threat detection, monitoring, and staff awareness training. The findings stress that security tools such as detection systems and multi-factor authentication must not only be deployed but also actively managed to strengthen resilience.

https://www.businesswire.com/news/home/20250827843982/en/Incident-response-planning-emerges-as-a-key-cybersecurity-control-in-reducing-cyber-risk-Marsh-McLennan-Cyber-Risk-Intelligence-Center-report

Insurers May Limit Payments in Cases of Unpatched Vulnerabilities

Some cyber insurers are exploring limits on payouts where firms have not fixed known security flaws quickly enough, a move referred to as CVE exclusions. This approach could see claims reduced if attackers exploit older weaknesses, though it is not yet widely adopted. With more than 46,000 software vulnerabilities expected in 2025, around a third rated high or critical, many firms struggle to keep pace due to operational and legacy system constraints. Critics argue exclusions undermine the purpose of cyber insurance as a financial safeguard, and senior leaders should ensure they understand and challenge policy terms before committing.

https://www.darkreading.com/cyber-risk/cyber-insurers-may-limit-payments-breaches-unpatched-cve

Anatsa Android Banking Trojan Now Targeting 830 Financial Apps with 19m Downloads

The Anatsa Android banking trojan has grown significantly, now targeting over 830 financial and cryptocurrency applications worldwide. Previously active mainly in Europe, it has expanded into Germany and South Korea, with over 150 new applications added to its list. Criminals distribute the malware through fake apps on Google Play, some apps have been downloaded more than 50,000 times, with a combined total of 19 million installs across all apps, which then secretly install malicious updates. Once active, Anatsa can steal login details, intercept messages and perform fraudulent transactions. Google has since removed the identified apps, but the threat underlines the continuing risks of mobile banking and cryptocurrency platforms.

https://www.securityweek.com/anatsa-android-banking-trojan-now-targeting-830-financial-institutions/

The Hidden Threat in Enterprise Security: Why It’s Time to Rethink PDFs

PDFs remain a largely overlooked cyber security risk, despite being central to contracts, invoices, and compliance records. Many organisations still treat them as static files, yet attackers increasingly exploit them to deliver malicious software, with over 560,000 new malware variants emerging daily. Poor document governance can also create legal liabilities under GDPR and other regulations. As AI-powered attacks accelerate breaches, unsecured PDFs present a growing weakness. Security must be embedded throughout the document lifecycle with encryption, permissions, and secure collaboration to reduce risk while supporting compliance and resilience.

https://www.techradar.com/pro/the-hidden-threat-in-enterprise-security-why-its-time-to-rethink-pdfs

Infostealers: The Silent Smash-and-Grab Driving Modern Cyber Crime

Infostealers have rapidly become one of the most damaging tools in modern cyber crime, operating as silent data theft mechanisms that can compromise systems in minutes. Once requiring specialist skills, these tools are now widely available for purchase, driving a surge in attacks by less technical criminals. Stolen information, ranging from passwords and corporate VPN access to cloud credentials, is sold at scale on criminal marketplaces and has enabled major breaches such as the 2024 Snowflake incident, which affected more than 160 organisations. Their speed, stealth, and accessibility make them a growing risk for businesses worldwide.

https://www.securityweek.com/infostealers-the-silent-smash-and-grab-driving-modern-cybercrime/

New Cyber Threats Emerge as Old Ransomware Groups Collapse

Ransomware attacks have risen by 179% since mid-2024, fuelled by new criminal groups stepping in as law enforcement disrupts older gangs. Some now focus solely on extortion by stealing data rather than locking systems, while others recycle leaked code or rebrand under fresh names. At the same time, state-linked actors are targeting government, legal, and technology sectors, often exploiting weaknesses in cloud services and third-party providers to reach wider victims. The use of artificial intelligence and advanced malware highlights that while well-known groups may collapse, the overall threat to organisations remains undiminished and increasingly sophisticated.

https://techinformed.com/new-cyber-threats-emerge-as-old-ransomware-groups-collapse/

Ransomware Cyber Attack Virtually Shuts Down Entire US State

A major ransomware cyber attack has disrupted multiple state agencies in Nevada, including the Department of Motor Vehicles and the Gaming Control Board which oversees operations on the Las Vegas Strip. The incident has forced some police departments to revert to manual record-keeping and disrupted public benefit services. While officials first reported no loss of personal data, evidence has since confirmed that some information was stolen. The Governor’s office continues to monitor the situation, but the scale of the breach and recovery timeline remain uncertain, with the FBI now leading investigations and warning citizens to be alert to related scams.

https://www.independent.co.uk/bulletin/news/nevada-cyber-attack-hacking-ransomware-b2816108.html

Chinese Threat Actor Salt Typhoon Cyber Spies Breached 80+ Nations, FBI Warns

The FBI, alongside security agencies from more than a dozen nations including the UK’s NCSC, have warned that a Chinese state-sponsored group known as Salt Typhoon has breached critical infrastructure in over 80 countries, including more than 200 organisations in the US alone. Active since 2019, the group has targeted sectors ranging from telecommunications and transport to defence and government, using stealthy methods to infiltrate routers, surveillance systems, and even lawful intercept tools. Authorities say Salt Typhoon remains active, with hidden re-entry points making removal difficult, and urge organisations to strengthen defences and adopt continuous monitoring practices.

https://www.techrepublic.com/article/news-salt-typhoon-cyber-spies-breach/

Governance, Risk and Compliance

Boards should bear ultimate responsibility for cybersecurity - BetaNews

Cyber moves from back office to boardroom – and investors are paying attention | TechRadar

Financial sector faces surge in cyber threats - BetaNews

Incident response planning emerges as a key cybersecurity control in reducing cyber risk: Marsh McLennan Cyber Risk Intelligence Center report

Tabletop drills cut cyber event likelihood by 13% – report - CIR Magazine

KnowBe4 Report Reveals Global Financial Sector Faces Unprecedented Cyber Threat Surge - IT Security Guru

Cyber Insurers May Limit Payouts for Breaches via Flaws

Personal Liability, Security Big Issues for CISOs

Human risk and Gen AI-driven data loss top CISO concerns - BetaNews

CISOs Evolve from Guardians to Strategic Business Architects

Cyber pros say the buck stops with the board when it comes to security failings | IT Pro

Concealing cyberattacks risks penalties and harms trust - BetaNews

The Biggest Technology Risk to Organizations is Failing to Plan for Cybersecurity Chaos - Security Boulevard

Cyber security response rising up the agenda

How Boards Can Prepare for Increasing Nation-State Cyber Threats

Building Human Firewalls: Key to Combating Cyber Threats

The evolving CISO role: bridging the gap between security and strategy | TechRadar

CIISec: Most Security Professionals Want Stricter Regulations - Infosecurity Magazine

Regulatory compliance: Act now | TechRadar

Cyber Outlook Report Finds Gaps, Outlines Holistic Approach to Protections

5 Practices to Ensure Your Ecosystem Is Cyber-Secure

How CISOs are balancing risk, pressure and board expectations - Help Net Security

Finding connection and resilience as a CISO - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware attack volumes up nearly three times on 2024 | Computer Weekly

New cyber threats emerge as old ransomware groups collapse

Storm-0501 attacked Azure, demanded payment via Teams • The Register

AI Boosts Ransomware Attacks 70%, Fueling Cybersecurity Arms Race

Cybersecurity company ESET warns AI now being used in ransomware attacks - Business Plus

Criminals Are Vibe Hacking With AI To Carry Out Ransoms At Scale: Anthropic

Ransomware Actor Deletes Data and Backups Post-Exfiltration on Azure - Infosecurity Magazine

Organized and Criminal, Ransomware Gangs Run Up Profits  - Security Boulevard

Blue Locker ransomware hits critical infrastructure – is your organisation ready? - Exponential-e Blog

First AI-powered ransomware PoC spotted • The Register

ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners

Hook Android Trojan Delivers Ransomware-Style Attacks

Underground Ransomware Gang With New Tactics Against Organizations Worldwide

Cephalus ransomware: What you need to know | Fortra

Emulating the Expedited Warlock Ransomware - Security Boulevard

Experimental PromptLock ransomware uses AI to encrypt, steal data

Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model

‘Vibe-hacking’ is now a top AI threat | The Verge

When ransomware hits home: putting your people first | TechRadar

Akira, Cl0p Top "5 Most Active Ransomware Groups" List

AI Meets Ransomware, The New Cyber Threat | Scoop News

Ransomware Gangs Are Bleeding the Healthcare Supply Chain | MSSP Alert

Ransomware Victims

Ransomware cyber attack virtually shuts down US state | The Independent

When One Hospital Gets Ransomware, Others Feel the Pain

Qilin Ransomware Hits Nissan: 4TB of Vehicle Designs Stolen

Electronics manufacturer Data I/O took offline operational systems following a ransomware attack

Data I/O ransomware attack ‘temporarily impacted’ operations • The Register

Phishing & Email Based Attacks

'ZipLine' Phishers Flip Script as Victims Email First

Fake IT Support Attacks Hit Microsoft Teams - Infosecurity Magazine

Microsoft urges to limit CLI tools as phishing rages | Cybernews

Fast-Spreading, Complex Phishing Campaign Installs RATs

Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads

Off-the-shelf tools make life easier for phishing attackers - BetaNews

New Phishing Campaign Abuses ConnectWise ScreenConnect to Take Over De - Infosecurity Magazine

Hackers Exploit Linux RAR Flaws in Phishing to Deploy VShell Backdoor

Compromised at the Core: Why Identity Remains Cyber’s Biggest Flaw | SC Media UK

Google Breach Exposes 2.5 Billion Gmail Accounts to Phishing Attacks

Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing

What small businesses must do now to stay ahead of phishing | SC Media

Other Social Engineering

Fake IT Support Attacks Hit Microsoft Teams - Infosecurity Magazine

Fake CAPTCHA tests trick users into running malware • The Register

How social engineering is the weakest link in cyber defence

New Attack Tricks AI Summaries Into Pushing Malware

Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads

Fake Apple Support Sites Spread Malware Evading macOS Defenses

What is SIM swap attack (SIM intercept attack)? | Definition from TechTarget

Attackers exploit Zoom and Teams impersonations to deliver ScreenConnect malware - SiliconANGLE

Treasury sanctions North Korea IT worker scheme facilitators and front organizations | CyberScoop

Can We Really Eliminate Human Error in Cybersecurity?  - Security Boulevard

ScreenConnect admins targeted with spoofed login alerts - Help Net Security

Crooks are getting ready for FIFA World Cup 2026 | Cybernews

Fraud, Scams and Financial Crime

Operation Serengeti 2.0: INTERPOL nabs 1,209 cybercriminals in Africa, seizes $97M

iPhone Users 20% More Likely to Fall for Scams Than Android, Study Shows

ScamAgent shows how AI could power the next wave of scam calls - Help Net Security

bne IntelliNews - Cyber criminals steal $339mn from thousands of victims in Zambia, Angola and Ivory Coast

Dangerous Android banking trojan found lurking in malicious apps with 19 million installs — don’t fall for this | Tom's Guide

Anatsa Android Banking Trojan Now Targeting 830 Financial Apps - SecurityWeek

Crypto Companies Freeze $47m in Romance Baiting Funds - Infosecurity Magazine

Crooks are getting ready for FIFA World Cup 2026 | Cybernews

FCC removes 1,200 voice providers from telephone networks in major robocall crackdown | CyberScoop

69% of Consumers Believe AI Fraud Is the Biggest Identity Threat | Security Magazine

Artificial Intelligence

New Attack Tricks AI Summaries Into Pushing Malware

AI Boosts Ransomware Attacks 70%, Fueling Cybersecurity Arms Race

Criminals Are Vibe Hacking With AI To Carry Out Ransoms At Scale: Anthropic

Human risk and Gen AI-driven data loss top CISO concerns - BetaNews

New research finds AI agents exploiting valid credentials to bypass traditional security controls in enterprises | TechRadar

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations - Help Net Security

ScamAgent shows how AI could power the next wave of scam calls - Help Net Security

Cybersecurity company ESET warns AI now being used in ransomware attacks - Business Plus

Experimental PromptLock ransomware uses AI to encrypt, steal data

‘Vibe-hacking’ is now a top AI threat | The Verge

Rowhammer attack can backdoor AI models with one devastating bit flip | CSO Online

AI Security Map: Linking AI vulnerabilities to real-world impact - Help Net Security

Anthropic Warns of ‘Sophisticated’ Cybercrime Via Claude LLM

LLMs Face Persistent Prompt Injection Vulnerabilities

We Are Still Unable to Secure LLMs from Malicious Inputs - Security Boulevard

Detecting and countering misuse of AI: August 2025 \ Anthropic

Hundreds of Salesforce customers impacted by attack spree linked to third-party AI agent | CyberScoop

1,000+ Devs Lose Their Secrets to an AI-Powered Stealer

69% of Consumers Believe AI Fraud Is the Biggest Identity Threat | Security Magazine

The 5 Golden Rules of Safe AI Adoption

The do’s and don’ts of vibe coding - Fast Company

Researchers warn of security flaws in AI-powered browsers | TechSpot

Anthropic thwarts hacker attempts to misuse Claude AI for cybercrime | Reuters

OpenAI increases ChatGPT user protections following wrongful death lawsuit | ZDNET

Malware

New Attack Tricks AI Summaries Into Pushing Malware

Fake CAPTCHA tests trick users into running malware • The Register

Infostealers: The Silent Smash-and-Grab Driving Modern Cybercrime - SecurityWeek

Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads

Fake Apple Support Sites Spread Malware Evading macOS Defenses

Attackers exploit Zoom and Teams impersonations to deliver ScreenConnect malware - SiliconANGLE

Fast-Spreading, Complex Phishing Campaign Installs RATs

ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners

Over 300 entities hit by a variant of Atomic macOS Stealer in recent campaign

Macs under attack from dangerous new info-stealing malware — how to stay safe | Tom's Guide

Fake macOS Help Sites Seek to Spread Infostealer in Targeted Campaign - Infosecurity Magazine

Chinese Developer Jailed for Deploying Malicious Code at US Company - Infosecurity Magazine

The hidden threat in enterprise security: why it’s time to rethink PDFs | TechRadar

TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookies

Hackers Exploit Linux RAR Flaws in Phishing to Deploy VShell Backdoor

Bots/Botnets

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets

IoT under siege: The return of the Mirai-based Gayfemboy Botnet

Mobile

New Android Trojan Variant Expands with Ransomware Tactics - Infosecurity Magazine

iPhone Users 20% More Likely to Fall for Scams Than Android, Study Shows

Anatsa Android Banking Trojan Now Targeting 830 Financial Apps - SecurityWeek

Hook Android Trojan Delivers Ransomware-Style Attacks

Google Deletes Millions of Android Apps After Malware Discovery

Free VPN apps found to have ties with Russia and China – and they're hiding in Google and Apple’s app stores | TechRadar

Threat Actors Adapting Android Droppers Even to Deploy Simple Malware to Stay Future-Proof

Google to Verify All Android Developers in 4 Countries to Block Malicious Apps

Russia orders state-backed MAX messenger app, a WhatsApp rival, pre-installed on phones and tablets | Reuters

Android.Backdoor.916.origin malware targets Russian business executives

New Android malware poses as antivirus from Russian intelligence agency

Denial of Service/DoS/DDoS

Global DDoS attacks exceed 8M amid geopolitical tensions

Telco DDoS threat on the rise amid geopolitical unrest | TelecomTV

Arch Linux remains under attack as DDoS enters week 2 - here's a workaround | ZDNET

Internet of Things – IoT

IoT under siege: The return of the Mirai-based Gayfemboy Botnet

Camera Hacking — America’s Cyber Defense Agency Issues Warning

Cyberterrorism and the Connected Car: The Growing Threat To Automotive Security | SC Media UK

IoT security challenges, issues and best practices - Security Boulevard

The Risk of Consumer Devices in the Hybrid Workforce

Your car could be at risk – new Flipper Zero craze sees car thieves use cheap hacking device, and there's no easy fix | TechRadar

Security researcher maps hundreds of TeslaMate servers spilling Tesla vehicle data | TechCrunch

Data Breaches/Leaks

Human risk and Gen AI-driven data loss top CISO concerns - BetaNews

Hundreds of Salesforce customers impacted by attack spree linked to third-party AI agent | CyberScoop

Google Breach Exposes 2.5 Billion Gmail Accounts to Phishing Attacks

User data posted on the dark web after massive telecom hack in Europe, should you worry? - PhoneArena

Hackers claim millions of PayPal accounts leaked while experts say the data looks suspiciously cheap and possibly stolen from old infostealer logs | TechRadar

DOGE employees uploaded Social Security database to ‘vulnerable’ cloud, agency whistleblower says | FedScoop

Data Breach Strikes Criminal Records Service Firm APCS | SC Media UK

74% of companies admit insecure code caused a security breach | IT Pro

Google warns Salesloft breach impacted some Workspace accounts

1,000+ Devs Lose Their Secrets to an AI-Powered Stealer

89 Million Steam Accounts Compromised: Change Your Password Now - Security Boulevard

Farmers Insurance data breach impacts 1.1M people after Salesforce attack

Auchan retailer data breach impacts hundreds of thousands of customers

Leaked Intel database reveals how a simple login flaw exposed 270,000 employees and shattered confidence in corporate digital defenses | TechRadar

Tencent Cloud leaves critical data open for months | Cybernews

IT system supplier cyberattack impacts 200 municipalities in Sweden

MoD staff were warned not to share hidden data before Afghan leak - BBC News

TransUnion says hackers stole 4.4 million customers' personal information | TechCrunch

Discord hackers claim to have leaked billions of messages as millions of users targeted - here's what we know | TechRadar

Government faces questions after review of 11 major UK data breaches | Data protection | The Guardian

Nissan confirms design studio data breach claimed by Qilin ransomware

iiNet Data Breach Exposes 280,000 Customers' Emails and Addresses

Church of England abuse victims exposed by lawyer's email • The Register

90K exposed after sleep therapy provider data breach | Cybernews

Security researcher maps hundreds of TeslaMate servers spilling Tesla vehicle data | TechCrunch

Organised Crime & Criminal Actors

Dark Reading Confidential: Guided Tour of the Dark Web

bne IntelliNews - Cyber criminals steal $339mn from thousands of victims in Zambia, Angola and Ivory Coast

FBI, Dutch cops seize fake ID marketplace, servers • The Register

A hacker used AI to automate an ‘unprecedented’ cybercrime spree, Anthropic says – DataBreaches.Net

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners

Crypto Companies Freeze $47m in Romance Baiting Funds - Infosecurity Magazine

Insider Risk and Insider Threats

Human risk and Gen AI-driven data loss top CISO concerns - BetaNews

How social engineering is the weakest link in cyber defence

A disgruntled worker built his own kill-switch malware to take down his former employer - and it didn't pay off | TechRadar

Chinese Developer Jailed for Deploying Malicious Code at US Company - Infosecurity Magazine

Treasury sanctions North Korea IT worker scheme facilitators and front organizations | CyberScoop

Can We Really Eliminate Human Error in Cybersecurity?  - Security Boulevard

When ransomware hits home: putting your people first | TechRadar

Building Human Firewalls: Key to Combating Cyber Threats

Another US Navy Sailor Was Just Busted Spying for China - The National Interest

Insurance

Cyber Insurers May Limit Payouts for Breaches via Flaws

Cyber Outlook Report Finds Gaps, Outlines Holistic Approach to Protections

Cyber insurance still has a problem with modelling - Tech Monitor

Supply Chain and Third Parties

Hundreds of Salesforce customers impacted by attack spree linked to third-party AI agent | CyberScoop

Murky Panda hackers exploit cloud trust to hack downstream customers

5 Practices to Ensure Your Ecosystem Is Cyber-Secure

IT system supplier cyberattack impacts 200 municipalities in Sweden

Ransomware Gangs Are Bleeding the Healthcare Supply Chain | MSSP Alert

When Partners Become Cybersecurity Risks

Cloud/SaaS

Murky Panda hackers exploit cloud trust to hack downstream customers

Ransomware Actor Deletes Data and Backups Post-Exfiltration on Azure - Infosecurity Magazine

Silk Typhoon Attacks North American Orgs in the Cloud

DOGE employees uploaded Social Security database to ‘vulnerable’ cloud, agency whistleblower says | FedScoop

Tencent Cloud leaves critical data open for months | Cybernews

Fake IT Support Attacks Hit Microsoft Teams - Infosecurity Magazine

Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage

Attackers Abuse Virtual Private Servers to Compromise SaaS Accounts - Infosecurity Magazine

How much do you trust your cloud? Hackers exploit weakness to target customers - here's what we know | TechRadar

Rising Cloud Security Threats: Exploits, Breaches, and Defenses

ScreenConnect admins targeted with spoofed login alerts - Help Net Security

AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure - SecurityWeek

Online PDF Editors Safe to Use? Detailed Analysis of Security Risks Associated With It

Outages

Microsoft working on fix for ongoing Outlook email issues

Identity and Access Management

Compromised at the Core: Why Identity Remains Cyber’s Biggest Flaw | SC Media UK

Report declares 'identity crisis' amid rising login attacks • The Register

Identity Security Silos: An Attacker's Best Ally

Encryption

Quantum Computing Threatens Encryption: Shift to Post-Quantum Crypto

Linux and Open Source

Arch Linux remains under attack as DDoS enters week 2 - here's a workaround | ZDNET

Passwords, Credential Stuffing & Brute Force Attacks

Compromised at the Core: Why Identity Remains Cyber’s Biggest Flaw | SC Media UK

Hackers Can Exfiltrate Windows Secrets and Credentials Silently by Evading EDR Detection

Report declares 'identity crisis' amid rising login attacks • The Register

Billions of Gmail users advised to change passwords | The Independent

New research finds AI agents exploiting valid credentials to bypass traditional security controls in enterprises | TechRadar

Enterprise passwords becoming even easier to steal and abuse | CSO Online

Everyone should know which passwords suck. Do you? | PCWorld

Hackers are looking to steal Microsoft logins using some devious new tricks - here's how to stay safe | TechRadar

89 Million Steam Accounts Compromised: Change Your Password Now - Security Boulevard

Password managers vulnerable: 40 million users at risk of stolen data | PCWorld

Social Media

Meta might be secretly scanning your phone's camera roll - how to check and turn it off | ZDNET

Social media apps that aggressively harvest user data - Help Net Security

Regulations, Fines and Legislation

CIISec: Most Security Professionals Want Stricter Regulations - Infosecurity Magazine

Cybersecurity Obligations Under EU NIS 2 Directive

Regulatory compliance: Act now | TechRadar

Attacks on VPNs are unjustified and dangerous – and it's not how we achieve online safety | Tom's Guide

FCC Bars China from Undersea Cables to Combat Espionage Risks

ENISA to manage €36M EU Cybersecurity Reserve ...

4chan will refuse to pay daily UK fines, its lawyer tells BBC

Gaps in California Privacy Law: Brokers Ignore Requests

Apple warns UK against introducing tougher tech regulation - BBC News

Non-Compliance with CMMC Could Put Your DoD Contracts at Risk | Offit Kurman - JDSupra

Models, Frameworks and Standards

Cybersecurity Obligations Under EU NIS 2 Directive

ENISA to manage €36M EU Cybersecurity Reserve ...

NIST Releases Control Overlays to Manage Cybersecurity Risks in Use and Developments of AI Systems

Regulatory compliance: Act now | TechRadar

Hungary extends cybersecurity registration obligations for entities falling under NIS2

ENISA to Coordinate €36m EU-Wide Incident Response Scheme - Infosecurity Magazine

Beyond GDPR security training: Turning regulation into opportunity

Non-Compliance with CMMC Could Put Your DoD Contracts at Risk | Offit Kurman - JDSupra

Data Protection

Gaps in California Privacy Law: Brokers Ignore Requests

Careers, Working in Cyber and Information Security

83% of CISOs say staff shortage is major issue for defense | CSO Online

The Career Delta: Navigating AI, Cybersecurity and Change

Cybersecurity Workforce Trends in 2025 - Skills Gap, Diversity and SOC Readiness

Law Enforcement Action and Take Downs

A disgruntled worker built his own kill-switch malware to take down his former employer - and it didn't pay off | TechRadar

Interpol cybercrime crackdown in Africa leads to the arrest of over 1,200 suspects - ABC News

Interpol-led crackdown disrupts cybercrime networks in Africa that caused $485 million in losses | CyberScoop

Operation Serengeti 2.0: INTERPOL nabs 1,209 cybercriminals in Africa, seizes $97M

FCC removes 1,200 voice providers from telephone networks in major robocall crackdown | CyberScoop

FBI, Dutch cops seize fake ID marketplace, servers • The Register

Yemen Cyber Army hacker jailed after stealing millions of people’s data • Graham Cluley

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

FCC Bars China from Undersea Cables to Combat Espionage Risks

Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage

Nation State Actors

How Boards Can Prepare for Increasing Nation-State Cyber Threats

China

Murky Panda hackers exploit cloud trust to hack downstream customers

Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage

Silk Typhoon Attacks North American Orgs in the Cloud

Free VPN apps found to have ties with Russia and China – and they're hiding in Google and Apple’s app stores | TechRadar

UK and 12 allies issue warning over Chinese cyber attacks on ‘critical sectors’ | The Standard

Global Salt Typhoon hacking campaigns linked to Chinese tech firms

Global DDoS attacks exceed 8M amid geopolitical tensions

Telco DDoS threat on the rise amid geopolitical unrest | TelecomTV

Chinese Telecom Hackers Strike Worldwide - GovInfoSecurity

Salt Typhoon Exploits Cisco, Ivanti, Palo Alto Flaws to Breach 600 Organizations Worldwide

Another US Navy Sailor Was Just Busted Spying for China - The National Interest

Silk Typhoon hackers hijack network captive portals in diplomat attacks

Chinese Developer Jailed for Deploying Malicious Code at US Company - Infosecurity Magazine

FCC Bars China from Undersea Cables to Combat Espionage Risks

Russia

Putin’s New Cyber Empire | Foreign Affairs

Free VPN apps found to have ties with Russia and China – and they're hiding in Google and Apple’s app stores | TechRadar

US DoD reportedly relies on utility written by Russian • The Register

Russia orders state-backed MAX messenger app, a WhatsApp rival, pre-installed on phones and tablets | Reuters

New Android malware poses as antivirus from Russian intelligence agency

Android.Backdoor.916.origin malware targets Russian business executives

North Korea

Treasury sanctions North Korea IT worker scheme facilitators and front organizations | CyberScoop

Tools and Controls

Incident response planning emerges as a key cybersecurity control in reducing cyber risk: Marsh McLennan Cyber Risk Intelligence Center report

Tabletop drills cut cyber event likelihood by 13% – report - CIR Magazine

Compromised at the Core: Why Identity Remains Cyber’s Biggest Flaw | SC Media UK

Hackers Can Exfiltrate Windows Secrets and Credentials Silently by Evading EDR Detection

Ransomware Actor Deletes Data and Backups Post-Exfiltration on Azure - Infosecurity Magazine

Cyber Insurers May Limit Payouts for Breaches via Flaws

Cyber insurance still has a problem with modelling - Tech Monitor

74% of companies admit insecure code caused a security breach | IT Pro

Cyber security response rising up the agenda

Public sector cyber leaders are tired of clunky, outdated tools | IT Pro

Surge in coordinated scans targets Microsoft RDP auth servers

ENISA to Coordinate €36m EU-Wide Incident Response Scheme - Infosecurity Magazine

Report declares 'identity crisis' amid rising login attacks • The Register

Attackers Abuse Virtual Private Servers to Compromise SaaS Accounts - Infosecurity Magazine

The do’s and don’ts of vibe coding - Fast Company

The perils of vibe coding

The Biggest Technology Risk to Organizations is Failing to Plan for Cybersecurity Chaos - Security Boulevard

10 common file-sharing security risks and how to prevent them | TechTarget

Free VPN apps found to have ties with Russia and China – and they're hiding in Google and Apple’s app stores | TechRadar

Attacks on VPNs are unjustified and dangerous – and it's not how we achieve online safety | Tom's Guide

Identity Security Silos: An Attacker's Best Ally

AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure - SecurityWeek

1,000+ Devs Lose Their Secrets to an AI-Powered Stealer

Why SIEM Rules Fail and How to Fix Them: Insights from 160 Million Attack Simulations

How Bug Bounty Programs Can Help Combat Ransomware Attacks - The Daily Upside

Google previews cyber ‘disruption unit’ as US government, industry weigh going heavier on offense | CyberScoop

Google is getting ready to 'hack back' as US considers shifting from cyber defense to offense — new 'Scam Farms' bill opens up new retaliatory hacking actions | Tom's Hardware

Password managers vulnerable: 40 million users at risk of stolen data | PCWorld

The 5 Golden Rules of Safe AI Adoption

Other News

KnowBe4 Report Reveals Global Financial Sector Faces Unprecedented Cyber Threat Surge - IT Security Guru

Hackers are looking to steal Microsoft logins using some devious new tricks - here's how to stay safe | TechRadar

Nevada state offices close after wide-ranging 'network security incident' | Reuters

Blistering Wyden letter seeks review of federal court cybersecurity, citing ‘incompetence,’ ‘negligence’ | CyberScoop

Public sector cyber leaders are tired of clunky, outdated tools | IT Pro

Mastercard: How cybersecurity is changing everything

Surge in coordinated scans targets Microsoft RDP auth servers

Threat Actors Weaponizing Windows Scheduled Tasks to Establish Persistence Without Requiring Extra Tools

Why satellite cybersecurity threats matter to everyone - Help Net Security

Space assets are under silent siege. Cybersecurity can’t be an afterthought - SpaceNews

The energy sector has no time to wait for the next cyberattack - Help Net Security

Maritime cybersecurity is the iceberg no one sees coming - Help Net Security

Vulnerability Management

Cyber Insurers May Limit Payouts for Breaches via Flaws

74% of companies admit insecure code caused a security breach | IT Pro

AI Security Map: Linking AI vulnerabilities to real-world impact - Help Net Security

The Vulnerability Management Lifecycle Explained: A Step-by-Step Guide for Security Teams - ActiveState

Microsoft Delays Windows 10 Extended Security Updates Rollout

How Bug Bounty Programs Can Help Combat Ransomware Attacks - The Daily Upside

Vulnerabilities

Citrix NetScaler customers hit by third actively exploited zero-day vulnerability since June | CyberScoop

Over 28,000 Citrix instances remain exposed to critical RCE flaw CVE-2025-7775

Salt Typhoon Exploits Cisco, Ivanti, Palo Alto Flaws to Breach 600 Organizations Worldwide

ReVault Flaw Exposed Millions of Dell Laptops

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

Docker Desktop on Windows contains a critical flaw | Cybernews

Microsoft Delays Windows 10 Extended Security Updates Rollout

Docker fixes critical Desktop flaw allowing container escapes

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) - Help Net Security

Organizations Warned of Exploited Git Vulnerability - SecurityWeek

Researchers warn of security flaws in AI-powered browsers | TechSpot

300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

This week we start with a look at how organisations react to cyber incidents: studies show that most organisations prioritise their security after they have been attacked, and one in four CISOs lose their job after a ransomware attack even when the incident stems from factors outside their direct control. We discuss emerging attacks, including those focused on CFOs and Regulators, and where English language speakers are hired to help in social engineering attacks. We also spotlight attacks using remote access trojans, and the risks of complacency when using AI while AI itself continues to boost attackers.

Looking ahead, Gartner warns that by 2028 up to one in four job candidates could be artificially generated with associated security risks. Focusing on solutions to address cyber risks, we look at the impact of the EU’s DORA law that aims to build better resilience in the financial services sector. Finally, on the basis that the majority of cyber attacks involve people, including the social engineering attacks referred to earlier, we look at how a security culture is critical to helping to protect your organisation.

Top Cyber Stories of the Last Week

85% of Organisations Approach Cyber Security Reactively

Unisys has found that 85% of organisations still approach cyber security reactively, responding only after an incident has occurred. While 62% have adopted or plan to adopt zero trust models, fewer than half use artificial intelligence to strengthen defences. Most acknowledge they are not prepared for future threats such as quantum-enabled attacks. The consequences are costly, with nearly half estimating downtime expenses of at least $500,000 per hour. The findings highlight the urgent need for a proactive and layered security strategy that combines advanced technology with strong human oversight.

https://www.securitymagazine.com/articles/101842-85-of-organizations-approach-cybersecurity-reactively

25% of Security Leaders Replaced After Ransomware Attack

A new Sophos report has revealed that one in four security leaders lose their role following a ransomware attack, regardless of whether they were directly at fault. The findings highlight growing board-level frustration when security measures fail, even if breaches stem from business decisions outside the CISO’s authority. The study found that email-based attacks (malicious and phishing) were the leading cause of 37% of incidents, while exploited system weaknesses were the leading cause in 32% of cases, followed by stolen passwords in 23%. The report warns that many incidents arise from known gaps that were left unaddressed, making leadership accountability a critical issue.

https://www.csoonline.com/article/4040156/25-of-security-leaders-replaced-after-ransomware-attack.html

Iranian Threat Actor Group ‘MuddyWater’ Targeting CFOs Worldwide

A new cyber espionage campaign linked to the group known as MuddyWater is targeting Chief Financial Officers and finance leaders worldwide. The attackers use highly convincing phishing emails that mimic recruitment messages, tricking victims into completing fake verification challenges before delivering malicious files. Once inside, they install legitimate tools such as OpenSSH and NetBird to create hidden backdoors, enable remote access, and even set up secret administrator accounts. This approach gives the attackers long term access while avoiding detection, highlighting the increasing sophistication of threats aimed directly at senior financial executives.

https://cybersecuritynews.com/apt-muddywater-attacking-cfos/

Canadian Financial Regulator Hacked, Exposing Personal Data from Member Organisations

The Canadian Investment Regulatory Organisation (CIRO) has disclosed a cyber security breach that exposed personal data from some member firms and their employees. The regulator detected the attack on 11 August and temporarily shut down systems to protect operations while an investigation was launched with external experts and law enforcement. Although investor funds were not affected, the incident raises concern given CIRO’s role in overseeing Canada’s investment and trading firms. CIRO has committed to notifying affected individuals, offering risk mitigation services, and warning members to be alert to fraudulent calls or emails pretending to be the regulator.

https://www.infosecurity-magazine.com/news/canadian-financial-regulator-hacked/

‘Impersonation as a Service’ the Next Big Thing in Cybercrime

Criminal groups are increasingly offering “impersonation as a service,” where skilled English-speaking fraudsters are hired to trick employees into handing over access to company systems. Reports show such roles being advertised on underground forums have more than doubled since 2024, signalling that targeted social engineering attacks are set to rise. Recent incidents have seen attackers exploit trust through convincing phone calls to breach major firms including Google, Dior, and Allianz. Combined with advances in artificial intelligence and collaboration between criminal groups, this trend represents a growing and highly professionalised threat to businesses worldwide.

https://www.theregister.com/2025/08/21/impersonation_as_a_service/

URL-Based Threats Become a Go-To Tactic for Cybercriminals

Proofpoint has reported that cyber criminals are increasingly favouring malicious links over attachments, with URL-based threats now four times more common than file-based attacks. In the first half of 2025 alone, more than 3.7 billion attempts were made to steal user logins through phishing, and QR code scams exceeded 4.2 million cases. Smishing, or text-based phishing, has surged by more than 2,500%, showing a clear shift towards targeting mobile devices. These campaigns often mimic trusted brands or government services, making them difficult for people to recognise and highlighting the need for stronger human-focused cyber security measures.

https://www.helpnetsecurity.com/2025/08/21/phishing-url-based-threats/

How Evolving Remote Access Trojans (RATs) Are Redefining Enterprise Security Threats

Remote access trojans or RATs (malware that gives attackers full control of a victim’s computer) are becoming more sophisticated, using everyday tools and file formats to avoid detection while maintaining long-term access to systems. Recent attacks have shown how criminals use phishing emails, built-in Windows functions, and even artificial intelligence to launch stealthy campaigns that can quietly steal sensitive data for weeks. Traditional security approaches that rely on signatures or isolated defences are proving inadequate. Experts recommend a shift to behaviour-based monitoring that links endpoint, network, and identity activity, helping organisations detect unusual patterns earlier and limit the damage caused by these evolving threats.

https://www.darkreading.com/cyberattacks-data-breaches/evolving-rats-redefine-enterprise-security-threats

How GenAI Complacency is Becoming Cyber Security’s Silent Crisis

Organisations are increasingly adopting Generative AI tools such as ChatGPT, Gemini and Copilot, with 42% already deploying them and a further 40% experimenting. While these tools drive efficiency, they have also created a culture of complacency that masks significant security risks. By 2027, over 40% of data breaches are expected to stem from improper AI use, often linked to employees unintentionally exposing sensitive data. The report highlights that without clear policies, training and continuous monitoring, firms risk leaving blind spots open to exploitation. Leadership must act now to balance AI innovation with robust security governance.

https://www.techradar.com/pro/how-genai-complacency-is-becoming-cybersecuritys-silent-crisis

Fake Employees Pose Real Security Risks

Gartner warns that by 2028 up to one in four job candidates could be artificially generated, posing major risks for organisations. Fake employees, often linked to fraudsters or hostile states, have already cost companies millions and in some cases enabled the theft of digital assets worth hundreds of thousands of dollars. The threat is most severe when these individuals gain IT roles with privileged access, giving them control over critical systems. Experts stress that prevention requires a mix of recruiter training, stronger access governance, and automated monitoring to detect suspicious behaviour before damage is done.

https://www.darkreading.com/cyberattacks-data-breaches/fake-employees-pose-real-security-risks

AI Gives Ransomware Gangs a Deadly Upgrade

Ransomware remains the leading cyber threat to businesses, with attacks rising 70% in early 2025 compared to previous years. Criminal groups are increasingly using artificial intelligence to automate attacks, launch convincing phishing campaigns, and even create deepfake impersonations of executives. While some attack volumes slowed in the second quarter due to law enforcement action and stronger defences, industries such as manufacturing, retail, and technology remain heavily targeted. Managed service providers are also under sustained attack, with phishing now accounting for over half of incidents. AI tools are making advanced attack methods widely available, lowering barriers for criminals.

https://www.helpnetsecurity.com/2025/08/22/ransomware-gangs-ai/

DORA: Six Months into a Resilience Revolution

Six months after its introduction, the EU’s Digital Operational Resilience Act (DORA) has already reshaped the financial sector, requiring firms to embed stronger controls across technology, risk, and third-party management. Nearly half of firms reported costs exceeding one million euros, while stress and workload have increased significantly for senior leaders and staff. Organisations have focused on improving risk management, reporting incidents quickly, and carrying out resilience testing that simulates real-world cyber attacks. Vendor oversight has also become a central priority, with firms demanding more assurance from suppliers. Although costly, these efforts are seen as investments to protect reputation, continuity, and long-term resilience.

https://www.techradar.com/pro/dora-six-months-into-a-resilience-revolution

Why Your Security Culture is Critical to Mitigating Cyber Risk

Research shows that nearly 60% of breaches in 2024 involved a human element, underlining that people, not just technology, are the main target for attackers. The problem is not that employees do not care about security, but that security measures are often overly complex, poorly designed, or disconnected from daily work. A strong security culture, shaped by leadership, supportive security teams, clear policies, and relevant training, is essential. Without embedding security into the way people work, even the most advanced technical defences will continue to be undermined.

https://thehackernews.com/2025/08/why-your-security-culture-is-critical.html

Governance, Risk and Compliance

25% of security leaders replaced after ransomware attack | CSO Online

Weak alerting and slipping prevention raise risk levels for CISOs - Help Net Security

Why Your Security Culture is Critical to Mitigating Cyber Risk

UK firms at risk of more cyber incidents - here's how to stay protected | TechRadar

85% of Organizations Approach Cybersecurity Reactively | Security Magazine

C-Suite Lessons From Joe Sullivan And The Uber Data Breach

Employee distraction is a bigger risk than attack sophistication - BetaNews

UK cyber leaders feel impact of Trump cutbacks | Computer Weekly

Threats

Ransomware, Extortion and Destructive Attacks

25% of security leaders replaced after ransomware attack | CSO Online

Ransomware is on the rise: Global cybercrime hits new highs - Digital Journal

February ransomware attacks hit record high as ThreatDown reports 25% annual surge - SiliconANGLE

Teen hackers aren't the problem. They're the wake-up call | Computer Weekly

AI gives ransomware gangs a deadly upgrade - Help Net Security

Can cyber group takedowns last? | IT Pro

Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware

Ransomware gang masking PipeMagic backdoor as ChatGPT desktop app: Microsoft | The Record from Recorded Future News

Warlock: From SharePoint Vulnerability Exploit to Enterprise Ransomware | Trend Micro (US)

Insurers face challenges with UK ransomware ban

Scattered Spider affiliate given 10 year sentence, ordered to pay $13 million in restitution | The Record from Recorded Future News

Europol Says Qilin Ransomware Reward Fake - SecurityWeek

Europe's Ransomware Surge Is a Warning Shot for US Defenders

U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions

U.S. seizes $2.8 million in crypto from Zeppelin ransomware operator

Ransomware Victims

UK telecom provider Colt says outages were due to cyber incident | The Record from Recorded Future News

Warlock claims ransomware attack on network services firm Colt | Computer Weekly

Colt Telecom attack claimed by WarLock ransomware, data up for sale

Accounting Firm Pays Feds $175K for HIPAA Ransomware Breach

Drug development company Inotiv reports ransomware attack to SEC | The Record from Recorded Future News

Ransomware attack at DaVita impacted 2.7 million people, US health dept website shows - CNA

Phishing & Email Based Attacks

Phishing Campaign Exploits Microsoft ADFS to Evade Security

APT MuddyWater Attacking CFOs Leveraging OpenSSH, Enables RDP, and Scheduled Task

Hackers steal Microsoft logins using legitimate ADFS redirects

2.5 billion Gmail users at risk after Google's databases were hacked | PCWorld

URL-based threats become a go-to tactic for cybercriminals - Help Net Security

Study: Phishing always works, despite cyber training​ | Cybernews

Nearly half of Americans still reuse passwords despite phishing risks - BetaNews

Warning: Watch Out for This Japanese Character in Your Booking.com Email

Cybercriminals Attack VPS to Access Business Email Systems | Security Magazine

Scam Emails Are Getting Smarter—Would You Fall for These Ones?

Other Social Engineering

North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms

Fake Employees Pose Real Security Risks

Zero-day Clickjacking exploit impacts several password managers - gHacks Tech News

Fake It Til You Make It: The New Age of Employment Fraud | MSSP Alert

URL-based threats become a go-to tactic for cybercriminals - Help Net Security

Hackers Weaponize QR Codes in New ‘Quishing’ Attacks - Infosecurity Magazine

Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages

Beyond romance fraud: The rising threat of social media scams | TechRadar

Think before you Click(Fix): Analyzing the ClickFix social engineering technique | Microsoft Security Blog

'Impersonation as a service' next big thing in cybercrime • The Register

Workday Confirms Social Engineering Cyberattack Exposing Contact Data

Workday Breach Linked to ShinyHunters Salesforce Attacks

Massive Allianz Life data breach impacts 1.1 million people

Workday Discloses Data Breach Following CRM-Targeted Social Engineering Attack - IT Security Guru

Scam Emails Are Getting Smarter—Would You Fall for These Ones?

Scammers Are Now Impersonating Cyber Crime Agents

Fraud, Scams and Financial Crime

Fake It Til You Make It: The New Age of Employment Fraud | MSSP Alert

Beyond romance fraud: The rising threat of social media scams | TechRadar

Authorized Push Payment Fraud a National Security Risk to UK - Infosecurity Magazine

How employees are using AI to fudge receipts for business expenses - and how to spot them | Daily Mail Online

Scam Emails Are Getting Smarter—Would You Fall for These Ones?

WhatsApp Privacy Myths: Encryption Flaws, Scams, and Signal Alternatives

Scammers Are Now Impersonating Cyber Crime Agents

Experts Warn Athletes Against Public Venmo Accounts

Artificial Intelligence

How GenAI complacency is becoming cybersecurity’s silent crisis | TechRadar

Fake It Til You Make It: The New Age of Employment Fraud | MSSP Alert

Fake Employees Pose Real Security Risks

AI gives ransomware gangs a deadly upgrade - Help Net Security

4 in 5 CISOs say DeepSeek must be regulated - Data Centre & Network News

URL-based threats become a go-to tactic for cybercriminals - Help Net Security

Man-in-the-Prompt: The invisible attack threatening ChatGPT and other AI systems

This Authentication Method Is Horribly Insecure—AI Just Made It Worse

78% of Businesses Are Investing in GenAI -- but Just 36% have the Infrastructure to Support It, New Unisys Study Finds

The era of AI hacking has arrived

The 'shadow AI economy' is booming: Workers at 90% of companies say they use chatbots, but most of them are hiding it from IT | Fortune

CISOs need to think about risks before rushing into AI - Help Net Security

Hackers Abuse Vibe Coding Service to Build Malicious Sites

Easy ChatGPT Downgrade Attack Undermines GPT-5 Security

New NIST guide explains how to detect morphed images - Help Net Security

Flaw in Lenovo’s customer service AI chatbot could let hackers run malicious code, breach networks | IT Pro

Scammers are sneaking into Google's AI summaries to steal from you - how to spot them | ZDNET

How web scraping actually works - and why AI changes everything | ZDNET

Microsoft mum about M365 Copilot on-demand security bypass • The Register

Claude can now stop conversations - for its own protection, not yours | ZDNET

Hundreds of thousands of Grok chats exposed in Google results - BBC News

Perplexity's Comet AI browser could expose your data to attackers - here's how | ZDNET

How employees are using AI to fudge receipts for business expenses - and how to spot them | Daily Mail Online

Agentic AI’s security risks are challenging, but the solutions are surprisingly simple | TechRadar

The invisible battlefield: Good AI vs Bad AI in the evolving cybersecurity landscape | TechRadar

Malware

How Evolving RATs Are Redefining Enterprise Security Threats

Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages

Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware

Ransomware gang masking PipeMagic backdoor as ChatGPT desktop app: Microsoft | The Record from Recorded Future News

Budget Mac.c Infostealer Rivals AMOS Amid 101% macOS Threat Surge

New FireWood Malware Attacking Linux Systems to Execute Commands and Exfiltrate Sensitive Data

XenoRAT malware campaign hits multiple embassies in South Korea

USB Malware Campaign Spreads Cryptominer Worldwide - Infosecurity Magazine

Popular npm Package Compromised in Phishing Attack - Infosecurity Magazine

Legitimate Chrome VPN Extension Turns to Browser Spyware - Infosecurity Magazine

New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code

Hundreds Targeted in New Atomic macOS Stealer Campaign - SecurityWeek

Developer jailed for malware that took out his employer • The Register

“Rapper Bot” malware seized, alleged developer identified and charged

Solana malware targeting Russian crypto developers • The Register

Mobile

UK backs down in Apple privacy row, US says - BBC News

Android VPN apps used by millions are covertly connected AND insecure - Help Net Security

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

Apple addressed the seventh actively exploited zero-day

Novel 5G Attack Bypasses Need for Malicious Base Station - SecurityWeek

ERMAC Android malware source code leak exposes banking trojan infrastructure

How To Find And Remove Spyware From Your Android Phone

Denial of Service/DoS/DDoS

Internet-wide Vulnerability Enables Giant DDoS Attacks

“Rapper Bot” malware seized, alleged developer identified and charged

'Rapper Bot' hit the Pentagon in at least 3 cyberattacks | DefenseScoop

Internet of Things – IoT

Hackers can abuse IPv6 to hijack networks | Cybernews

System Shocks? EV Smart Charging Tech Poses Cyber-Risks

Your smart home device just got a performance and security boost for free | ZDNET

Data Breaches/Leaks

2.5 billion Gmail users at risk after Google's databases were hacked | PCWorld

Over 190 million hit in UnitedHealth data breach — confirmed largest in history | Tom's Guide

Hacker Offers to Sell 15.8 Million Plain-Text PayPal Credentials On Dark Web Forum

Canadian Financial Regulator Hacked, Exposing Personal Data from Membe - Infosecurity Magazine

Workday Confirms Social Engineering Cyberattack Exposing Contact Data

Thousands of guests at Italian hotels hit in wide-ranging cyberattack - here's what we know | TechRadar

Air France and KLM warn customers of new data breach | Fox News

4 cyberattacks that rocked global telecoms | Capacity Media

Dozens more Afghan relocation data breaches uncovered by BBC - BBC News

Colt Telecom attack claimed by WarLock ransomware, data up for sale

Millions Allegedly Affected in Allianz Insurance Breach

Orange Belgium's 850K mega-breach raises fraud fears • The Register

Elon Musk’s xAI Published Hundreds Of Thousands Of Grok Chatbot Conversations

Intel Employee Data Exposed by Vulnerabilities - SecurityWeek

Australian ISP iiNet Suffers Breach of 280,000+ Records - Infosecurity Magazine

TPG Telecom estimates 280K affected by subsidiary breach • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

USB Malware Campaign Spreads Cryptominer Worldwide - Infosecurity Magazine

Lazarus strikes again? $23m theft topples crypto platform

Lykke Exchange Shuts Down After $23M Lazarus Group Hack

US seizes $2.8 million in crypto from Zeppelin ransomware operator

Nebraska man gets 1 year in prison for $3.5M cryptojacking scheme

Solana malware targeting Russian crypto developers • The Register

Insider Risk and Insider Threats

Fake It Til You Make It: The New Age of Employment Fraud | MSSP Alert

Fake Employees Pose Real Security Risks

North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms

Study: Phishing always works, despite cyber training​ | Cybernews

Developer jailed for malware that took out his employer • The Register

KnowBe4 Finds Top Cybersecurity Risk is Employee Distraction, Not Threat Sophistication - IT Security Guru

How employees are using AI to fudge receipts for business expenses - and how to spot them | Daily Mail Online

Soldier admits handing over sensitive information to person he thought was foreign agent | RNZ News

Insurance

Insurers face challenges with UK ransomware ban

Is personal cyber insurance at an inflection point? - Insurance Post

Logistics giant's UK arm returns to profit - helped by insurance settlement after cybersecurity incident | Insider Media

Cloud/SaaS

Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems

Microsoft investigates outage impacting Copilot, Office.com

Outages

Microsoft investigates outage impacting Copilot, Office.com

Colt Customers Face Prolonged Outages After Major Cyber Incident - Infosecurity Magazine

Identity and Access Management

Phishing Campaign Exploits Microsoft ADFS to Evade Security

Hackers steal Microsoft logins using legitimate ADFS redirects

Encryption

UK Backs Down On Apple Encryption Backdoor—But The Secret Deal Raises New Questions | Techdirt

US spy chief Gabbard says UK agreed to drop 'backdoor' mandate for Apple | Reuters

The Online Safety Act isn't just about age verification – end-to-end encryption is also at risk | TechRadar

An explanation of quantum key distribution | TechTarget

Trump admin says it convinced UK to drop demand for Apple backdoor - Ars Technica

UK Drops Demand for iCloud Backdoor for American Users' Data 

FTC warns US Big Tech: Don’t bend to foreign censors • The Register

WhatsApp Privacy Myths: Encryption Flaws, Scams, and Signal Alternatives

Russia Is Cracking Down on End-to-End Encrypted Calls | WIRED

Linux and Open Source

Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems

New FireWood Malware Attacking Linux Systems to Execute Commands and Exfiltrate Sensitive Data

Passwords, Credential Stuffing & Brute Force Attacks

Nearly half of Americans still reuse passwords despite phishing risks - BetaNews

Password Party’s Over: Nearly 50% of Americans Continue to Re-use Passwrds Despite Phishing Attacks on the Rise

Zero-day Clickjacking exploit impacts several password managers - gHacks Tech News

Password Managers Vulnerable to Data Theft via Clickjacking - SecurityWeek

Social Media

Beyond romance fraud: The rising threat of social media scams | TechRadar

Training, Education and Awareness

Study: Phishing always works, despite cyber training​ | Cybernews

Employee distraction is a bigger risk than attack sophistication - BetaNews

KnowBe4 Finds Top Cybersecurity Risk is Employee Distraction, Not Threat Sophistication - IT Security Guru

Almost all banks mandate cyber security training - Risk.net

Regulations, Fines and Legislation

US spy chief Gabbard says UK agreed to drop 'backdoor' mandate for Apple | Reuters

The UK Online Safety Act could kill the internet as we know it.

Children’s exposure to porn higher than before 2023 Online Safety Act, poll finds | Pornography | The Guardian

DORA: six months into a resilience revolution | TechRadar

The Online Safety Act isn't just about age verification – end-to-end encryption is also at risk | TechRadar

US Director of National Intelligence Claims U.K. Has Retreated from iCloud Backdoor Demands – Pixel Envy

Trump admin says it convinced UK to drop demand for Apple backdoor - Ars Technica

FTC warns US Big Tech: Don’t bend to foreign censors • The Register

UK Backs Down On Apple Encryption Backdoor—But The Secret Deal Raises New Questions | Techdirt

Insurers face challenges with UK ransomware ban

Britons back Online Safety Act’s age checks, but are sceptical of effectiveness and unwilling to share ID | Ipsos

EU: ENISA Guidelines on Compliance with NIS 2 Directive Published | DLA Piper - JDSupra

EU’s Cyber Resilience Act: As Deadline Looms, Are You Ready For It? - EE Times

How VPNs are helping people evade increased censorship - and much more | ZDNET

UK cyber leaders feel impact of Trump cutbacks | Computer Weekly

The EU NIS2 Directive and intra-group IT services | Hogan Lovells - JDSupra

UK cyber leaders feel impact of Trump cutbacks | Computer Weekly

Mozilla warns Germany could soon declare ad blockers illegal

Regulator rebukes Nova Scotia Power's request for secrecy in cybersecurity inquiry | CBC News

Election workers fear 2026 threats without feds' support • The Register

By gutting its cyber staff, State Department ignores congressional directives | CyberScoop

Bill would give hackers letters of marque against US enemies • The Register

Models, Frameworks and Standards

DORA: six months into a resilience revolution | TechRadar

NIS2 Update: EU Cyber Authority Sets Out Compliance Expectations, but Implementation Is a Work in Progress | Skadden, Arps, Slate, Meagher & Flom LLP - JDSupra

EU’s Cyber Resilience Act: As Deadline Looms, Are You Ready For It? - EE Times

The EU NIS2 Directive and intra-group IT services | Hogan Lovells - JDSupra

New NIST guide explains how to detect morphed images - Help Net Security

Accounting Firm Pays Feds $175K for HIPAA Ransomware Breach

Careers, Working in Cyber and Information Security

Would you hire a hacker? | Computer Weekly

Building a New Generation of Security Talent Amid an Escalating Cyber - Infosecurity Magazine

Cyber teams are struggling to keep up with a torrent of security alerts | IT Pro

Law Enforcement Action and Take Downs

Developer jailed for malware that took out his employer • The Register

US seizes $2.8 million in crypto from Zeppelin ransomware operator

Can cyber group takedowns last? | IT Pro

Scattered Spider affiliate given 10 year sentence, ordered to pay $13 million in restitution | The Record from Recorded Future News

Nebraska man gets 1 year in prison for $3.5M cryptojacking scheme

US cops seize mega DDoS-for-hire racket RapperBot • The Register

A hacker tied to Yemen Cyber Army gets 20 months in prison

'Rapper Bot' hit the Pentagon in at least 3 cyberattacks | DefenseScoop

Serial hacker who defaced official websites is sentenced - National Crime Agency

Israeli government official arrested in Nevada sex crimes operation | The Independent

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

APT MuddyWater Attacking CFOs Leveraging OpenSSH, Enables RDP, and Scheduled Task

Russia-linked gang using Cisco devices for spying​ | Cybernews

FBI, Cisco Warn of Russian Attacks on 7-Year Flaw

FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage

Nation State Actors

Swap Around and Find Out: The New Rules of International Digital Economic Warfare – War on the Rocks

China

CrowdStrike warns of uptick in Silk Typhoon attacks this summer | CyberScoop

4 in 5 CISOs say DeepSeek must be regulated - Data Centre & Network News

Microsoft scales back Chinese access to cyber early warning system

China labels US as 'surveillance empire' over chip tracking • The Register

Chinese hackers are targeting web hosting firms - here's what we know | TechRadar

Microsoft restricts Chinese firms over hacking fears | Windows Central

Chinese APT Group Targets Web Hosting Services in Taiwan - Infosecurity Magazine

China cut itself off from the global internet on Wednesday • The Register

DPRK, China Suspected in South Korean Embassy Attacks

Russia

Russia-linked gang using Cisco devices for spying | Cybernews

Russia Is Cracking Down on End-to-End Encrypted Calls | WIRED

Russian Hacktivists Take Aim at Polish Power Plant, Again

Solana malware targeting Russian crypto developers • The Register

Russian hackers lurked in US courts for years and took sealed files | Stars and Stripes

Russian investment platform confirms cyberattack by pro-Ukraine hackers | The Record from Recorded Future News

Russia-linked European attacks renew concerns over water cybersecurity | CSO Online

Russian Hackers Hitting Critical Infrastructure, FBI Warns

Iran

APT MuddyWater Attacking CFOs Leveraging OpenSSH, Enables RDP, and Scheduled Task

Hackers disrupt communications of dozens of Iranian oil and cargo ships | Iran International

North Korea

North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms

North Korea's IT worker fraud has fooled nearly every Fortune 500 firm

Lazarus strikes again? $23m theft topples crypto platform

South Korean military hit by 9,200 cyber attacks in first half of 2025, up 44% from 2024 | The Straits Times

Hackers who exposed North Korean government hacker explain why they did it | TechCrunch

Tools and Controls

Study: Phishing always works, despite cyber training​ | Cybernews

Cybercriminals Attack VPS to Access Business Email Systems | Security Magazine

Hackers Weaponizing Cisco's Secure Links to Evade Link Scanning and By-Pass Network Filters

Zero-day Clickjacking exploit impacts several password managers - gHacks Tech News

Password Managers Vulnerable to Data Theft via Clickjacking - SecurityWeek

Scans From Hacked Cisco Small Business Routers, Linksys and Araknis are at the Raise

Hackers can abuse IPv6 to hijack networks | Cybernews

McDonald's not lovin' it when hacker exposes rotten security • The Register

Cyber teams are struggling to keep up with a torrent of security alerts | IT Pro

The EU NIS2 Directive and intra-group IT services | Hogan Lovells - JDSupra

Children’s exposure to porn higher than before 2023 Online Safety Act, poll finds | Pornography | The Guardian

Insurers face challenges with UK ransomware ban

Britons back Online Safety Act’s age checks, but are sceptical of effectiveness and unwilling to share ID | Ipsos

Employee distraction is a bigger risk than attack sophistication - BetaNews

Android VPN apps used by millions are covertly connected AND insecure - Help Net Security

This Authentication Method Is Horribly Insecure—AI Just Made It Worse

CISOs need to think about risks before rushing into AI - Help Net Security

Hackers Abuse Vibe Coding Service to Build Malicious Sites

BYOD Evolution: Essential for Hybrid Work Productivity and Security

How VPNs are helping people evade increased censorship - and much more | ZDNET

78% of Businesses Are Investing in GenAI -- but Just 36% have the Infrastructure to Support It, New Unisys Study Finds

The Security Vulnerabilities to Watch for When You’re Vibe Coding

The invisible battlefield: Good AI vs Bad AI in the evolving cybersecurity landscape | TechRadar

How to Vibe Code With Security in Mind

Attackers Start Outside: Why MSSPs Should Prioritize External Threat Intelligence | MSSP Alert

Perplexity's Comet AI browser could expose your data to attackers - here's how | ZDNET

Elastic rejects claims of a zero-day RCE flaw in Defend EDR

Is personal cyber insurance at an inflection point? - Insurance Post

Making Pen Testing a Year-Round Cybersecurity Strength | SC Media UK

Solana malware targeting Russian crypto developers • The Register

Other News

Should Europe wean itself off US tech? - BBC News

Hackers can abuse IPv6 to hijack networks | Cybernews

Teen hackers aren't the problem. They're the wake-up call | Computer Weekly

UK firms at risk of more cyber incidents - here's how to stay protected | TechRadar

Aviation Tech Failures Expose Aging Systems and Cyber Risks

Dutch prosecution service attack keeps speed cameras offline • The Register

McDonald's not lovin' it when hacker exposes rotten security • The Register

Teen hacker’s journey: From curiosity to revenge | Cybernews

From medieval stronghold to cyber fortress: shielding Europe’s digital future | Cyprus Mail

Local governments struggle to defend critical infrastructure as threats grow - Help Net Security

How your solar rooftop became a national security issue | TechCrunch

How Outer Space Became the Next Big Attack Surface

UK cyber leaders feel impact of Trump cutbacks | Computer Weekly

Casino outfit Bragg says personal data untouched in attack • The Register

Train Maker Sues Hackers For Exposing Dodgy Efforts To Make Train Repairs More Difficult | Techdirt

What makes airport and airline systems so vulnerable to attack? - Help Net Security

Vulnerability Management

Majority of Organizations Ship Vulnerable Code, Study Finds - Infosecurity Magazine

Attacker “Patches” Vulnerability Post Exploitation to Lock Out Competi - Infosecurity Magazine

Majority of Organizations Ship Vulnerable Code, Study Finds - Infosecurity Magazine

Vulnerabilities

Zero-day Clickjacking exploit impacts several password managers - gHacks Tech News

Researcher to release exploit for full auth bypass on FortiWeb

Microsoft releases emergency updates to fix Windows recovery

At least three UK organizations hit by SharePoint zero-day hacking campaign | The Record from Recorded Future News

FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage

Internet-wide Vulnerability Enables Giant DDoS Attacks

Apple discloses actively exploited zero-day affecting iOS, iPadOS and macOS | CyberScoop

Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware

Warlock: From SharePoint Vulnerability Exploit to Enterprise Ransomware | Trend Micro (US)

Multiple Chrome High-Severity Vulnerabilities Let Attackers Execute Arbitrary Code

U.S. CISA adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog

Over 800 N-able servers left unpatched against critical flaws

Scans From Hacked Cisco Small Business Routers, Linksys and Araknis are at the Raise

Easy ChatGPT Downgrade Attack Undermines GPT-5 Security

Xerox fixed path traversal and XXE bugs in FreeFlow Core

New Elastic EDR 0-Day Vulnerability Allows Attackers to Bypass Detection, Execute Malware, and Cause BSOD

High-Severity Vulnerabilities Patched in Chrome, Firefox - SecurityWeek

Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution

Commvault plugs holes in backup suite that allow remote code execution - Help Net Security

Perplexity's Comet AI browser could expose your data to attackers - here's how | ZDNET

Elastic rejects claims of a zero-day RCE flaw in Defend EDR

Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems

Microsoft Windows 11 24H2 Update May Cause SSD Failures | TechPowerUp

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive summary

Security researchers and vendors have confirmed active campaigns abusing Microsoft 365’s Direct Send feature to deliver emails that look like they originate from inside an organisation, without any mailbox compromise or authentication. The messages often utilise Microsoft infrastructure and can bypass external security controls, increasing the likelihood of credential theft and business email compromise. Microsoft has released a control that tenants can enable to reject unauthenticated Direct Send. Additional configuration can prevent direct delivery to the tenant when email records are configured to point to a third party. 

What’s the risk to me or my business?

Attackers can send emails that impersonate your own users or departments. Common themes include voicemail or fax alerts and PDFs that contain QR codes leading to credential-harvesting pages. Because delivery uses Microsoft endpoints, messages may appear internal and can evade external filtering paths, undermining user trust and raising the success rate of social engineering and payment fraud.

Increased risk of further exploitation through other vulnerabilities

Successful credential theft enables lateral movement, mailbox rule abuse, internal spear-phishing and financial fraud. Some campaigns inject messages via unsecured third-party relays and VPS infrastructure before final delivery to Microsoft 365, complicating attribution and forensics.

What can I do?

Given active exploitation, immediate action is advised.

1. If you do not need Direct Send, block it
   Enable the organisation setting to reject unauthenticated Direct Send traffic using PowerShell. This blocks anonymous messages where the envelope sender domain matches one of your accepted domains. Test, then monitor for breakage in legacy devices or services.

2. If you need Direct Send, authenticate and restrict it
   Create inbound partner connectors and restrict by TLS certificate (preferred) or by approved IP ranges for printers, applications and third-party services that must send as your domain. Where full rejection is not yet possible, use transport rules to quarantine unauthenticated internal-looking mail while you add exceptions for legitimate sources.

3. Prevent direct delivery bypass when MX points to a third party
   If your MX is not Exchange Online, configure an inbound connector and set restrictions so only your approved gateway path can deliver to the tenant. This closes the direct-to-tenant path that might otherwise bypass external filtering.

4. Strengthen authentication and policy
   Enforce SPF, DKIM and DMARC with a reject policy, and tune anti-spoofing. Treat unauthenticated internal-looking messages as suspicious. Consider transport rules that quarantine them by default.

5. Hunt and monitor
   Use Historical Message Trace, Threat Explorer, or Advanced Hunting to identify messages received without an attributed connector. Hunt for unauthenticated internal-looking mail, composite authentication failures and unusual attachment patterns such as PDFs with QR codes.

6. Prepare users
   Brief staff that internal-looking emails can be forged. Call out common lures and warn specifically about QR-code attachments. Encourage out-of-band verification for sensitive requests.

Technical Summary

Abuse mechanism
Direct Send allows devices and applications to send to internal recipients without authentication via tenant smart hosts such as tenantname.mail.protection.outlook.com. Threat actors send spoofed messages to those endpoints using internal-looking From addresses, often with scripted SMTP clients.

Observed tactics
Lures frequently mimic voicemail or fax notifications and include PDFs with QR codes that resolve to credential harvesters. Some campaigns relay through unsecured third-party email appliances or VPS infrastructure before final delivery.

Why it lands
Messages traverse Microsoft infrastructure and can be treated as internal, so they may land in inboxes or junk despite composite authentication failures, especially where mail routing is complex or controls are not locked down.

Microsoft controls
Microsoft introduced a tenant-wide Reject Direct Send setting, plus guidance on preventing direct delivery to the tenant and on quarantine-first transport rules for organisations not ready to block.

Activity timeline
Campaigns observed since May 2025, with multiple vendors reporting ongoing abuse through July and August 2025.

Further information

• Microsoft Exchange Team: Introducing more control over Direct Send in Exchange Online. Public preview of Reject Direct Send, behaviour and error text. (TECHCOMMUNITY.MICROSOFT.COM)

• Microsoft Exchange Team: Direct Send vs sending directly to an Exchange Online tenant. Lockdown patterns, connectors, hunting and quarantine-first rules. (TECHCOMMUNITY.MICROSOFT.COM)

• Varonis Threat Labs: Ongoing campaign abusing Direct Send to deliver internal-appearing phishing, with timeline and technique details. (Varonis)

• Proofpoint: Attackers abusing M365 for internal phishing, delivery paths via unsecured relays, and recommended mitigations. (Proofpoint)

• Mimecast Threat Intelligence: Direct Send abuse overview, observed artefacts and recommendations. (Mimecast)

• eSentire Advisory: Direct Send abuse leading to internal phishing, QR-code lures and response guidance. (eSentire)

• Barracuda: Securing Microsoft Direct Send, attack summary and guidance. (Barrcuda Blog)

• IRONSCALES: Inside Job: attackers spoofing emails with M365 Direct Send, controls to reduce risk. (IRONSCALES)

• BleepingComputer: Microsoft 365 Direct Send abused to send phishing as internal users. (BleepingComputer)

Need help understanding your gaps, or just want some advice? Get in touch with us. 

#threatadvisory #threatintelligence #cybersecurity

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

We begin with two calls to action for stronger cyber security: ensure your systems are patched to fix vulnerabilities, in this case Microsoft Exchange servers, and ensure your team uses strong passwords. We also report on the ongoing rise in cyber attacks including the increase in ransomware, the use of physical violence in cryptocurrency-related incidents, and changes within the attacker community such as a further shift towards the financial services sector.

To address these and other threats, it is essential to have a clear and objective understanding of your risks, and to counter them through a strategy that encompasses people, operations and technology.

The UK Cyber Governance Code of Practice is a valuable reference, even for organisations outside the UK. It includes two key principles: build strong defences through your employees, and rehearse how your leadership team will respond to an incident. It is also strongly recommended to commission assessments from an attacker’s perspective, to identify and resolve vulnerabilities before they are exploited.

Contact us for impartial specialist advice and support to implement the above in a proportionate and effective manner.

Top Cyber Stories of the Last Week

Over 29,000 Exchange Servers Still Unpatched Against High-Severity Flaw

Over 29,000 Microsoft Exchange servers remain unpatched against a serious flaw that could allow attackers to gain full control of both cloud and on-premises systems in hybrid environments. The vulnerability affects Exchange 2016, 2019 and Subscription Edition, and can be exploited to bypass detection by forging trusted credentials. Despite a fix released in April 2025, scans show large numbers of exposed systems worldwide. US federal agencies have been ordered to apply patches immediately, and all organisations are strongly advised to follow suit to prevent potential domain compromise.

https://www.bleepingcomputer.com/news/security/over-29-000-exchange-servers-unpatched-against-high-severity-flaw/

Nearly Half of Enterprises Tested Had Easily Cracked Passwords

Picus Security’s 2025 Blue Report found that nearly half of enterprises tested had at least one easily cracked password, with attacks using valid credentials succeeding 98% of the time. Overall, the ability to block an attack dropped from 69% in 2024 to 62%, while the ability to stop data theft fell to just 3%. Detection weaknesses persisted, with only 14% of simulated attacks triggering alerts. The report urges stronger password policies, improved monitoring for data loss, and testing for ransomware scenarios to strengthen resilience.

https://siliconangle.com/2025/08/11/nearly-half-enterprises-tested-passwords-cracked-picus-security-report/

Leaked Credentials Up 160% - What Attackers Are Doing With Them

Leaked credentials are a growing driver of cyber breaches, accounting for 22% of incidents in 2024, according to Verizon. Cyberint reports a 160% rise in such leaks in 2025, with many remaining active and exploitable for months. Attackers increasingly use automated tools, infostealer malware, and AI-driven phishing to obtain usernames and passwords, which are then sold or reused for account takeovers, credential stuffing, and fraud. Even with strong password policies and multi-factor authentication, rapid detection is vital. Proactively identifying exposures before they are exploited is a key differentiator in reducing long-term business risk.

https://thehackernews.com/2025/08/leaked-credentials-up-160-what.html

Ransomware Attacks Up by 41% Globally

Global cyber attacks rose sharply in July, with ransomware incidents up 41% year-on-year to 487 cases. North America accounted for over half of these, followed by Europe. Business services, healthcare, and manufacturing were among the most affected sectors, while education faced the highest weekly attack rate at over 4,200 per organisation. North America saw the largest percentage increase. Notable ransomware groups Qilin, Akira, and Play drove much of the activity, with Qilin alone linked to 17% of known cases, reflecting the growing scale and sophistication of financially motivated threats.

https://betanews.com/2025/08/11/ransomware-attacks-up-by-41-percent-globally/

Physical Threats to Crypto Owners Hit Record Highs

Criminals are increasingly targeting cryptocurrency holders through both physical violence and complex online scams. Experts warn that “wrench attacks”, where victims are coerced into handing over their digital assets under threat of harm, have risen sharply, sometimes for amounts as low as $6,000. Leaks of over 80 million user identities, including 2.2 million with home addresses, have made it easier for attackers to locate victims. At the same time, the “GreedyBear” group has stolen more than $1 million through malicious browser extensions, malware, and fake websites, highlighting the growing sophistication and scale of threats in the crypto sector.

https://coinpaper.com/10443/physical-threats-to-crypto-owners-hit-record-highs

The UK Cyber Governance Code of Practice: Beyond Basic Protections to Culture, Leadership and Training

Sectors including financial services, retail and government are facing millions of sophisticated cyber attacks each month. The UK Government’s Cyber Governance Code of Practice urges boards to strengthen cyber risk management by fostering a security-focused culture, improving leadership cyber literacy, and delivering tailored, ongoing training for all staff. In 2024, global ransomware payments reached $813.55 million, underlining the stakes. Technology alone is insufficient; a vigilant, well-trained workforce operating within a Zero Trust framework can significantly enhance defences against today’s fast-evolving digital threats.

https://www.techradar.com/pro/dont-stop-at-basic-protections-make-ongoing-training-a-priority

The Human Firewall: Building a Cyber-Aware Workforce

The UK government’s latest survey shows that half of all businesses, and nearly three quarters of large firms, experienced a cyber security breach in the past year, with the average cost of a UK data breach reaching £3.58 million. As human error is linked to up to 95% of incidents, the focus is shifting from one-off awareness sessions to role-specific training and cultural change. Gamification, real-time feedback, and positive reinforcement are helping organisations turn staff from potential vulnerabilities into proactive defenders, reducing successful attacks, cutting incident response costs, and strengthening compliance.

https://www.telecomstechnews.com/news/the-human-firewall-building-a-cyber-aware-workforce/

Microsoft Warns Organisations Without a Rehearsed Response Plan Are Hit Harder by a Security Incident

Microsoft has warned that organisations without a well-rehearsed incident response plan face longer and more damaging cyber attacks. Only one in four organisations have such a plan and have practised it. Those that regularly test their procedures, run exercises and assess vulnerabilities recover in days rather than months. Experts stressed the need for strong security fundamentals, including keeping software updated, enabling logging and applying proper configurations. Attackers increasingly move quickly, often exploiting basic weaknesses before using advanced techniques, making preparation and early detection critical for limiting business impact. Contact us for details of how Black Arrow can help your leadership team to prepare and rehearse managing the business impact of a cyber security incident.

https://cyberscoop.com/microsoft-threat-intel-response-tips/

Attack Yourself First: the Logic Behind Offensive Security

Recent high-profile cyber attacks on UK retailers have highlighted the speed and sophistication of modern threats, fuelled by automation and AI. Traditional defences such as firewalls and periodic checks are no longer enough, as attackers exploit weaknesses almost instantly. Offensive security, which proactively tests systems through simulated attacks, helps organisations find and fix critical vulnerabilities before criminals can exploit them. Leadership engagement is essential, ensuring cyber security is embedded into business strategy and transformation plans. The strongest organisations will be those that continuously validate their defences rather than relying on assumptions of security.

https://www.techradar.com/pro/attack-yourself-first-the-logic-behind-offensive-security

These Two Ransomware Groups Are Ramping Up Attacks and Have Claimed Hundreds of Victims 

Research by Acronis warns that the Akira and Lynx ransomware groups are intensifying attacks on small and medium-sized businesses, particularly managed service providers (MSPs). Akira has claimed over 220 victims and Lynx around 145, often gaining access through stolen credentials, VPN weaknesses, or phishing emails. Both disable security software, steal data, and encrypt systems to extort payment. MSPs are prime targets as they can provide access to multiple customers. Experts advise organisations to strengthen multi-factor authentication, keep external systems patched, and maintain robust, tested backups to reduce the risk of disruption and financial loss.

https://www.itpro.com/security/ransomware/msps-beware-these-two-ransomware-groups-are-ramping-up-attacks-and-have-claimed-hundreds-of-victims

Financial Services Could Be Next in Line for ShinyHunters

Threat intelligence suggests financially motivated cyber groups are shifting focus towards banks, insurers and financial services, with a 12% rise in targeted domain registrations since July 2025, while targeting of technology firms fell by 5%. Around 700 such domains have been registered this year, some mimicking login portals of major providers. Evidence points to overlap between ShinyHunters and Scattered Spider, both linked to an English-speaking youth movement involved in a range of cyber and physical crimes. Experts advise security leaders to focus on attacker tactics and behaviours rather than group names, to better anticipate and defend against evolving threats.

https://www.infosecurity-magazine.com/news/financial-services-next-line/

Three Notorious Cybercrime Gangs, Scattered Spider, ShinyHunters and Lapsus$, Appear to Be Collaborating

Three well-known cyber crime groups, Scattered Spider, ShinyHunters and Lapsus$, appear to be working together under a loose collective known as The Com. Recent activity suggests Scattered Spider is providing initial access to high-value targets, enabling ShinyHunters to carry out large-scale data theft and extortion. The groups have been linked to coordinated attacks on global retail, insurance, and aviation brands, often exploiting trusted enterprise tools like Salesforce and Okta through social engineering. Experts warn their methods are well-documented but highly effective, with weak helpdesk identity checks and poor multi-factor authentication enforcement remaining key vulnerabilities.

https://www.theregister.com/2025/08/12/scattered_spidershinyhunterslapsus_cybercrime_collab/

Nation State Actor Groups are Getting Personal, Going After Executives in Their Personal Lives

Threat groups linked to nation states are increasingly targeting executives through their personal lives, exploiting less secure home networks, private devices and family connections. Remote working, personal cloud use and active social media profiles provide openings for attackers to gather information and launch phishing or malware campaigns. Experts recommend organisations support executives with secure home network configurations, enterprise-grade device protections, credential monitoring, and training for both the individual and their family. This approach helps reduce the risk of personal-targeted cyber attacks while respecting privacy and avoiding intrusive monitoring.

https://www.helpnetsecurity.com/2025/08/12/apt-executive-cybersecurity-threats/

Governance, Risk and Compliance

Redefining the Role: What Makes a CISO Great

CISOs face a complex tangle of tools, threats, and AI uncertainty - Help Net Security

APT groups are getting personal, and CISOs should be concerned - Help Net Security

The UK’s ‘chronic shortage of cyber professionals’ is putting the country at risk | IT Pro

The human firewall: Building a cyber-aware workforce

Don't stop at basic protections; make ongoing training a priority | TechRadar

How to implement a blameless approach to cybersecurity | Kaspersky official blog

Mastering control of sovereign digital resilience | Computer Weekly

Navigating the Cybersecurity Budget Tug-of-War

What Is the Three Lines Model and What Is Its Purpose? | Definition From TechTarget

I am a cybersecurity strategist, and here's why businesses need a new cyber defense playbook | TechRadar

Cyber Regulatory Harmonization: The Prospects and Potential Impacts of Current Efforts | Wiley Rein LLP - JDSupra

Professional services firms stuck in network security IT doom loop | Computer Weekly

Beyond the Balance Sheet: The Continued Importance of Cybersecurity in M&A | Blank Rome LLP - JDSupra

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware attacks up by 41 percent globally - BetaNews

ShinyHunters Tactics Now Mirror Scattered Spider

Financial Services Could Be Next in Line for ShinyHunters - Infosecurity Magazine

Cybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on Businesses

Three notorious cybercrime gangs appear to be collaborating • The Register

Help Desk at Risk: Scattered Spider Shines Light on Overlook Threat Vector - SecurityWeek

Ransomware crews don't care about your EDR • The Register

When Theft Replaces Encryption: Blue Report 2025 on Ransomware & Infostealers

Embargo Ransomware Gang Amasses $34.2m in Attack Proceeds - Infosecurity Magazine

MSPs beware – these two ransomware groups are ramping up attacks and have claimed hundreds of victims | ChannelPro

Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics

New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises | Trend Micro (US)

Crypto24 ransomware hits large orgs with custom EDR evasion tool

Akira Ransomware Exploits SonicWall Zero-Day with BYOVD Evasion

MedusaLocker ransomware group is looking for pentesters

Embargo Ransomware nets $34.2M in crypto since April 2024

Crypto24 Ransomware Group Blends Legitimate Tools with Custom Malware for Stealth Attacks | Trend Micro (US)

MuddyWater’s DarkBit ransomware cracked for free data recovery

Ransomware crew dumps 43GB Saint Paul files, no ransom paid • The Register

North Korea Attacks South Koreans With Ransomware

Intel gathered following HSE attack leads to dismantling of ransomware gang – The Irish Times

US govt seizes $1 million in crypto from BlackSuit ransomware gang

Researchers cracked the encryption used by DarkBit ransomware

UK firms turn to back-ups over ransom payments - CIR Magazine

Law Enforcement Disrupts BlackSuit Ransomware Gang

Ransomware Victims

Google suffers a serious data breach at the hands of a ransomware group - PhoneArena

Google Confirms Data Breach - Notifying Users Affected By the Cyberattack

M&S still struggling with IT issues following cyberattack - Retail Gazette

Australian Regulator Sues Optus Over 2022 Data Breach - Infosecurity Magazine

What happened when cybercriminals hit a recruitment firm

M&S click and collect finally returns months after cyberattack | The Independent

Boeing, US Navy supplier Jamco Aerospace claimed in ransomware attack | Cybernews

Manpower franchise discloses data breach • The Register

Croatian research institute confirms ransomware attack via ToolShell vulnerabilities - Help Net Security

Phishing & Email Based Attacks

The Rise of Native Phishing: Microsoft 365 Apps Abused in Attacks

Threat Actors Personalize Phishing Attacks With Advanced Tactics for Malware Delivery

That email with your name in the subject line might not be from who you think, and it could carry malware | TechRadar

Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom

WinRAR zero-day exploited to plant malware on archive extraction

Booking.com phishing campaign uses sneaky 'ん' character to trick you

Hackers Using Dedicated Phishlet to Launch FIDO Authentication Downgrade Attacks

UK immigration system targeted by hackers - dangerous new phishing campaign hits Sponsorship Management System | TechRadar

For $40, you can buy stolen police and government email accounts - Help Net Security

Other Social Engineering

Help Desk at Risk: Scattered Spider Shines Light on Overlook Threat Vector - SecurityWeek

Google confirms data breach exposed potential Google Ads customers' info

Criminals built a secret Telegram network to steal 115 million cards without breaching a single bank firewall | TechRadar

Fraud, Scams and Financial Crime

Criminals built a secret Telegram network to steal 115 million cards without breaching a single bank firewall | TechRadar

FTC: older adults lost record $700 million to scammers in 2024

WhatsApp Bans 6.8M Scam Accounts in Southeast Asia with AI Tools

Deepfake detectors are coming of age, at a time of dire need • The Register

'Chairmen' of $100 million scam operation extradited to US

Over $300 million in cybercrime crypto seized in anti-fraud effort

Football clubs urged to tighten cyber security for fans at risk from scammers - Inside World Football

Artificial Intelligence

MITRE: Russian APT28's LameHug, a Pilot for Future AI Cyber-Attacks - Infosecurity Magazine

CISOs face a complex tangle of tools, threats, and AI uncertainty - Help Net Security

Red Teams Jailbreak GPT-5 With Ease, Warn It's ‘Nearly Unusable’ for Enterprise - SecurityWeek

Prompt injection vuln found in Google Gemini apps • The Register

Don't fall for AI-powered disinformation attacks online - here's how to stay sharp | ZDNET

Black Hat 2025: ChatGPT, Copilot, DeepSeek now create malware | VentureBeat

Guess what else GPT-5 is bad at? Security | CyberScoop

Leading AI Agents Like ChatGPT Are Vulnerable to Hacking, Security Firm Finds

New Report Warns of Looming Security Crisis as AI Agents Proliferate

62% of People Believe AI Agents Are Easier To Deceive Than Humans - IT Security Guru

Deepfake detectors are coming of age, at a time of dire need • The Register

Research reveals possible privacy gaps in Apple Intelligence’s data handling | CyberScoop

Echo Chamber, Prompts Used to Jailbreak GPT-5 in 24 Hours

From Lab to Deployment: AI-Powered Agents in Action

Google Cloud Warns of AI-Driven Ransomware Threats and Key Defenses

Employees race to build custom AI apps despite security risks - Help Net Security

Chinese biz using AI to influence US politicians • The Register

2FA/MFA

Hackers Using Dedicated Phishlet to Launch FIDO Authentication Downgrade Attacks

FIDO authentication undermined | CSO Online

Malware

Threat Actors Personalize Phishing Attacks With Advanced Tactics for Malware Delivery

That email with your name in the subject line might not be from who you think, and it could carry malware | TechRadar

When Theft Replaces Encryption: Blue Report 2025 on Ransomware & Infostealers

Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom

WinRAR zero-day exploited to plant malware on archive extraction

The Efimer Trojan steals cryptocurrency via malicious torrent files and WordPress websites | Kaspersky official blog

BadCam: Linux-based Lenovo webcam bugs enable BadUSB attacks

Adult sites are stashing exploit code inside racy .svg files - Ars Technica

Russia's RomCom among those exploiting a WinRAR 0-day • The Register

This new malware really goes the extra mile when it comes to infecting your devices | TechRadar

Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon's Reach to Linux and macOS

Malvertising Campaign Deploys Modular PowerShell Malware PS1Bot - Infosecurity Magazine

Crypto24 Ransomware Group Blends Legitimate Tools with Custom Malware for Stealth Attacks | Trend Micro (US)

Popular Apps Are Vessels for Malware—Here’s How To Protect Yourself

Mobile

Criminals built a secret Telegram network to steal 115 million cards without breaching a single bank firewall | TechRadar

Hackers Could Gain Full Control of Your Rooted Android Devices by Exploiting One Vulnerability

4 ways I spot and avoid phishing scams on my iPhone

KernelSU v0.5.7 Flaw Lets Android Apps Gain Root Access - Infosecurity Magazine

Denial of Service/DoS/DDoS

How to prevent DoS attacks and what to do if they happen | TechTarget

New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP

Critical internet flaw lets attackers crash servers​ | Cybernews

'MadeYouReset' HTTP2 Vulnerability Enables Massive DDoS Attacks - SecurityWeek

Internet of Things – IoT

BadCam: Linux-based Lenovo webcam bugs enable BadUSB attacks

Security flaws in a carmaker's web portal let one hacker remotely unlock cars from anywhere | TechCrunch

Hackers Can Take Over Your Security Cameras—and It’s Easier Than You Think

Hyundai UK charging customers for luxury of secure car locks • The Register

Hackers Went Looking for a Backdoor in High-Security Safes—and Now Can Open Them in Seconds | WIRED

How a chain of security flaws exposed thousands of enterprise surveillance cameras to remote code execution - TechTalks

Hackers love these 7 smart home devices — here’s how to keep them secure | Tom's Guide

Smart Buses flaws expose vehicles to tracking, control, and spying

Data Breaches/Leaks

Leaked Credentials Up 160%: What Attackers Are Doing With Them

Google suffers a serious data breach at the hands of a ransomware group - PhoneArena

The US Court Records System Has Been Hacked | WIRED

New Active Directory Lateral Movement Techniques that Bypasses Authentication and Exfiltrate Data

This infamous people search site is back after leaking 3 billion records - how to remove your data from it ASAP | ZDNET

Australian Regulator Sues Optus Over 2022 Data Breach - Infosecurity Magazine

The inside story of the Telemessage saga • The Register

North Korean Kimsuky hackers exposed in alleged data breach

Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach

U.K. Secretly Spent $3.2 Million to Stop Journalists From Reporting on Data Breach - The New York Times

Cancer care provider breach exposes 113K+ patients​ | Cybernews

Connex Credit Union data breach impacts 172,000 members

Italian hotels breached en masse since June, gov confirms • The Register

ICE Accidentally Adds Wrong Person to Sensitive Group Chat About Manhunt

Organised Crime & Criminal Actors

Criminals built a secret Telegram network to steal 115 million cards without breaching a single bank firewall | TechRadar

Three notorious cybercrime gangs appear to be collaborating • The Register

Researchers identify Chinese cybercriminal working for North Korean threat group | NK News

6 ways hackers hide their tracks | CSO Online

Dark web websites: 10 things you should know | CSO Online

Inside the Dark Web’s Access Economy: How Hackers Sell the Keys to Enterprise Networks - SecurityWeek

Cybercriminals Exploit Low-Cost Initial Access Broker Market - Infosecurity Magazine

Threat actors move to smaller more persistent attacks - BetaNews

How money mules powered cyber cons’ ‘operating system’ | Lucknow News - Times of India

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Attackers Target the Foundations of Crypto: Smart Contracts

Crypto hacker steals $14.5 billion in Bitcoin using a gaming PC and nobody notices for five years | TechRadar

Physical Threats to Crypto Owners Hit Record Highs

The rise of real-world cyber threats | Opinion

The Efimer Trojan steals cryptocurrency via malicious torrent files and WordPress websites | Kaspersky official blog

Over $300 million in cybercrime crypto seized in anti-fraud effort

Embargo Ransomware nets $34.2M in crypto since April 2024

Insurance

Cyber insurance market shows early signs of maturity - Help Net Security

How Insurers Use Threat Intelligence to Reduce Losses

Cloud/SaaS

Google Cloud Warns of AI-Driven Ransomware Threats and Key Defenses

Researchers determine old vulnerabilities pose real-world threat to sensitive data in public clouds | CyberScoop

Outages

Major outage at Pennsylvania OAG blamed on 'cyber incident' • The Register

Identity and Access Management

New Active Directory Lateral Movement Techniques that Bypasses Authentication and Exfiltrate Data

Encryption

BitUnlocker - Multiple 0-days to Bypass BitLocker and Extract All Protected Data

New TETRA Radio Encryption Flaws Expose Law Enforcement Communications

Critical SSH vulnerabilities expose enterprise network infrastructure as patching lags | Network World

White House could stymie the UK’s anti-encryption plans? • The Register

Linux and Open Source

BadCam: Linux-based Lenovo webcam bugs enable BadUSB attacks

Passwords, Credential Stuffing & Brute Force Attacks

46% of Enterprise Passwords Can Be Cracked | Security Magazine

Leaked Credentials Up 160%: What Attackers Are Doing With Them

Nearly half of enterprises tested had passwords cracked in Picus Security report - SiliconANGLE

Malvertising

Malvertising Campaign Deploys Modular PowerShell Malware PS1Bot - Infosecurity Magazine

Training, Education and Awareness

The human firewall: Building a cyber-aware workforce

Don't stop at basic protections; make ongoing training a priority | TechRadar

Regulations, Fines and Legislation

UK proxy traffic surges as users consider VPN alternatives • The Register

FCC tightens rules on foreign firms building undersea cables, citing security | CyberScoop

Government expands police use of live facial recognition vans - BBC News

Porn site traffic plummets as UK age verification rules enforced - BBC News

Australian Regulator Sues Optus Over 2022 Data Breach - Infosecurity Magazine

Cyber Regulatory Harmonization: The Prospects and Potential Impacts of Current Efforts | Wiley Rein LLP - JDSupra

UK passport database images used in facial recognition scans • The Register

Home Office explores biometric enrolment via smartphone – PublicTechnology

Eight Countries Face EU Action Over NIS2 Deadline Failings - Infosecurity Magazine

White House could stymie the UK’s anti-encryption plans? • The Register

Campaigners Slam Expansion of Police Facial Recognition Schemes in UK - Infosecurity Magazine

The overlooked changes that two Trump executive orders could bring to cybersecurity | CyberScoop

EU law to protect journalists from spyware takes effect | The Record from Recorded Future News

CISA pledges to continue backing CVE Program after April funding fiasco | The Record from Recorded Future News

Trump's unusual Nvidia deal raises new corporate and national security risks - The Economic Times

Models, Frameworks and Standards

EU Targets Nations Lagging on NIS2 Cyber Rules | SC Media UK

Eight Countries Face EU Action Over NIS2 Deadline Failings - Infosecurity Magazine

Cyber Regulatory Harmonization: The Prospects and Potential Impacts of Current Efforts | Wiley Rein LLP - JDSupra

Careers, Working in Cyber and Information Security

The UK’s ‘chronic shortage of cyber professionals’ is putting the country at risk | IT Pro

Top Cybersecurity Certifications Drive $150K+ Salaries Amid US Shortage

How military leadership prepares veterans for cybersecurity success - Help Net Security

Law Enforcement Action and Take Downs

Dark web websites: 10 things you should know | CSO Online

Over $300 million in cybercrime crypto seized in anti-fraud effort

'Chairmen' of $100 million scam operation extradited to US

US govt seizes $1 million in crypto from BlackSuit ransomware gang

Law Enforcement Disrupts BlackSuit Ransomware Gang

Intel gathered following HSE attack leads to dismantling of ransomware gang – The Irish Times

Misinformation, Disinformation and Propaganda

Don't fall for AI-powered disinformation attacks online - here's how to stay sharp | ZDNET

Your Internet, their rules: How DNS blocking shapes what we see online

Beijing’s hybrid warfare: How China seeks to win Taiwan without firing a shot | Taiwan News | Aug. 10, 2025 13:10

Chinese biz using AI to influence US politicians • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Commander of Polish Cyberspace Defense Forces: we are in our conflict phase

China Is Winning the Cyberwar | Foreign Affairs

Beijing’s hybrid warfare: How China seeks to win Taiwan without firing a shot | Taiwan News | Aug. 10, 2025 13:10

Nation State Actors

APT groups are getting personal, and CISOs should be concerned - Help Net Security

China

China Is Winning the Cyberwar | Foreign Affairs

Criminals built a secret Telegram network to steal 115 million cards without breaching a single bank firewall | TechRadar

APT groups are getting personal, and CISOs should be concerned - Help Net Security

Silicon under siege: Nation-state hackers target semiconductor supply chains | CSO Online

Trump's unusual Nvidia deal raises new corporate and national security risks - The Economic Times

Researchers identify Chinese cybercriminal working for North Korean threat group | NK News

Beijing’s hybrid warfare: How China seeks to win Taiwan without firing a shot | Taiwan News | Aug. 10, 2025 13:10

Chinese biz using AI to influence US politicians • The Register

Russia

MITRE: Russian APT28's LameHug, a Pilot for Future AI Cyber-Attacks - Infosecurity Magazine

Commander of Polish Cyberspace Defense Forces: we are in our conflict phase

Russia's RomCom among those exploiting a WinRAR 0-day • The Register

Finland charges tanker crew members with sabotage of undersea cables | Finland | The Guardian

REvil Actor Accuses Russia of Planning 2021 Kaseya Attack

Russia said to be behind US Federal Court systems hack | Cybernews

Norway spy chief blames Russian hackers for dam sabotage in April | Reuters

North Korea

North Korean Kimsuky hackers exposed in alleged data breach

Hackers breach and expose a major North Korean spying operation | TechCrunch

Researchers identify Chinese cybercriminal working for North Korean threat group | NK News

North Korean network breached, hackers claim - Washington Times

North Korea Attacks South Koreans With Ransomware

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Torture Victim’s Landmark Hacking Lawsuit Against Spyware Maker Can Proceed, Judge Rules | Electronic Frontier Foundation

EU law to protect journalists from spyware takes effect | The Record from Recorded Future News

Tools and Controls

CISOs face a complex tangle of tools, threats, and AI uncertainty - Help Net Security

The human firewall: Building a cyber-aware workforce

Don't stop at basic protections; make ongoing training a priority | TechRadar

Ransomware crews don't care about your EDR • The Register

Pentesting is now central to CISO strategy - Help Net Security

Microsoft: An organization without a response plan will be hit harder by a security incident | CyberScoop

UK proxy traffic surges as users consider VPN alternatives • The Register

Cyber insurance market shows early signs of maturity - Help Net Security

Crypto24 ransomware hits large orgs with custom EDR evasion tool

Navigating the Cybersecurity Budget Tug-of-War

Black Hat/DEF CON: AI more useful for defense than hacking • The Register

Why DNS threats should be on every CISO's radar in 2025 - Help Net Security

Attack yourself first: the logic behind offensive security | TechRadar

I am a chief security officer and here's why I think AI Cybersecurity has only itself to blame for the huge problem that's coming | TechRadar

How Insurers Use Threat Intelligence to Reduce Losses

FIDO authentication undermined | CSO Online

Deepfake detectors are coming of age, at a time of dire need • The Register

WhatsApp Bans 6.8M Scam Accounts in Southeast Asia with AI Tools

What Is the Three Lines Model and What Is Its Purpose? | Definition From TechTarget

UK Red Teamers “Deeply Skeptical” of AI - Infosecurity Magazine

What is DMARC and why it could prevent your organization from being hacked by cybercriminals | TechRadar

Your Internet, their rules: How DNS blocking shapes what we see online

Porn site traffic plummets as UK age verification rules enforced - BBC News

UK traffic to popular porn sites slumps after age checks introduced | Internet safety | The Guardian

Professional services firms stuck in network security IT doom loop | Computer Weekly

The rising need for offensive security strategy and skill | SC Media

Reports Published in the Last Week

When Theft Replaces Encryption: Blue Report 2025 on Ransomware & Infostealers

Other News

6 ways hackers hide their tracks | CSO Online

Threat actors move to smaller more persistent attacks - BetaNews

Mastering control of sovereign digital resilience | Computer Weekly

I am a cybersecurity strategist, and here's why businesses need a new cyber defense playbook | TechRadar

What happens when cyber attacks break more than just networks? | Insurance Business America

Everything You Should Know About Wi-Fi Jammers and Your Home Security - CNET

Ex-NSA Chief Paul Nakasone Has a Warning for the Tech World | WIRED

South Korea’s Yes24 ticketing platform hit by cyber attack - TheTicketingBusiness News

Vulnerability Management

Microsoft Sued For Killing Windows 10—All Users Must Act Now

Windows 11 23H2 Home and Pro reach end of support in November

Researchers determine old vulnerabilities pose real-world threat to sensitive data in public clouds | CyberScoop

CISA pledges to continue backing CVE Program after April funding fiasco | The Record from Recorded Future News

Vulnerabilities

Russia's RomCom among those exploiting a WinRAR 0-day • The Register

WinRAR has a serious security flaw - worrying zero-day issue lets hackers plant malware, so patch right away | TechRadar

Over 29,000 Exchange servers unpatched against high-severity flaw

Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws

Over 3,000 NetScaler devices left unpatched against CitrixBleed 2 bug

Zoom patches critical Windows flaw allowing privilege escalation

Active attacks target Office vuln patched 8 years ago • The Register

Spike in Fortinet VPN brute-force attacks raises zero-day concerns

Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

FortiWeb Authentication Bypass Vulnerability Let Attackers Log in As Any Existing User

Windows Remote Desktop Services Vulnerability Let Attacker Deny Services Over Network

BitUnlocker - Multiple 0-days to Bypass BitLocker and Extract All Protected Data

Critical SSH vulnerabilities expose enterprise network infrastructure as patching lags | Network World

New Active Directory Lateral Movement Techniques that Bypasses Authentication and Exfiltrate Data

New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP

'MadeYouReset' HTTP2 Vulnerability Enables Massive DDoS Attacks - SecurityWeek

Red Teams Jailbreak GPT-5 With Ease, Warn It's ‘Nearly Unusable’ for Enterprise - SecurityWeek

Prompt injection vuln found in Google Gemini apps • The Register

Akira Ransomware Exploits SonicWall Zero-Day with BYOVD Evasion

Windows Hello for Business Flaw Could Allow Unauthorized Access

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately

Microsoft Entra OAuth Flaw Exposed Internal Apps to Unauthorized Access

SonicWall pins firewall attack spree on year-old vulnerability | CyberScoop

Netherlands: Citrix Netscaler flaw CVE-2025-6543 exploited to breach orgs

Fortinet, Ivanti Release August 2025 Security Patches - SecurityWeek

Critical FortiSIEM Vulnerability Let Attackers to Execute Malicious Commands - PoC Found in Wild

Fortinet SSL VPNs Hit by Global Brute-Force Wave Before Attackers Shift to FortiManager

Vulnerabilities in MSP-friendly RMM solution exploited in the wild (CVE-2025-8875, CVE-2025-8876) - Help Net Security

Hackers reportedly compromise Canadian House of Commons through Microsoft vulnerability | The Record from Recorded Future News

New Linux Kernel Vulnerability Directly Exploited from Chrome Renderer Sandbox

7-Zip Arbitrary File Write Vulnerability Let Attackers Execute Arbitrary Code

Trend Micro reports two critical CVEs under active exploit • The Register

Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia - SecurityWeek

Vulnerabilities in Xerox Print Orchestration Product Allow Remote Code Execution - SecurityWeek

How a chain of security flaws exposed thousands of enterprise surveillance cameras to remote code execution - TechTalks

Hackers Could Gain Full Control of Your Rooted Android Devices by Exploiting One Vulnerability

Croatian research institute confirms ransomware attack via ToolShell vulnerabilities - Help Net Security

SAP fixed 26 flaws in August 2025 Update, including 4 Critical

Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks

Flaws in a pair of Grafana plugins could hand over DevOps control | CSO Online

New TETRA Radio Encryption Flaws Expose Law Enforcement Communications

KernelSU v0.5.7 Flaw Lets Android Apps Gain Root Access - Infosecurity Magazine

Matrix admits 'high severity' flaws need breaking fixes • The Register

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.