Black Arrow Cyber Threat Intelligence Briefing 04 April 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Summary
Our review of threat intelligence this week looks at the increase in state-linked cyber attacks driven by geopolitical tensions, increasingly targeting sectors like energy, manufacturing, and healthcare. This includes reports of the North Korean Army posing as remote IT freelancers to infiltrate organisations in Europe. The UK Government is progressing its Cyber Security and Resilience Bill to improve security against these and other threats.
Also, research shows that the rise of generative AI apps has led to a significant increase in data sharing risks, despite policies being in place, while insider threats, potentially driven by personal stress and dissatisfaction, remain a critical concern. To mitigate these risks, organisations must enhance both technical controls and cultural improvements.
Businesses are reported to be struggling with disaster recovery, even those with incident response plans, highlighting the need for regular testing and secure backups. Regular testing, third-party involvement, and up-to-date network mapping are crucial for effective response. Backup systems often fail due to misconfiguration or lack of testing, and attackers increasingly target backups, making their security vital.
Black Arrow believes that resilient organisations will be those that treat cyber security not as an IT function, but as a strategic, people-led business priority.
Top Cyber Stories of the Last Week
Why Global Tensions Are a Cyber Security Problem for Every Business
A surge in geopolitical tensions is fuelling a rise in state-linked cyber attacks, which are becoming more frequent, sophisticated, and difficult to attribute. Businesses are increasingly being targeted, especially in sectors like energy, manufacturing, and healthcare, with attacks now blending espionage, sabotage, and financially motivated cyber crime. A PwC report confirms that board-level attention is growing, as CEOs reassess supplier risks and operational exposure in politically unstable regions. With traditional defences struggling to keep pace, experts recommend a shift towards cyber-informed engineering and stronger industry collaboration. In this volatile climate, cyber security has become a core strategic issue, not just a technical concern.
When Disaster Strikes, Proper Preparation Prevents Poor Performance
Many firms remain underprepared for disaster recovery, and that includes those that have incident response plans in place. Experts stress that regular testing, ideally involving third parties, and up-to-date network mapping are critical to effective response. Tools like chaos engineering software and automation scripts can help simulate and handle real-world failures. Yet, many organisations still rely on manual methods, risking delays during a crisis. Backup systems, although common, often fail due to misconfiguration or lack of testing. With attackers increasingly targeting backups, ensuring their security is vital. Ultimately, consistent preparation and practice are key to avoiding chaos during high-pressure incidents.
GenAI Turning Employees into Unintentional Insider Threats
Netskope has found that enterprise data sharing with generative AI (GenAI) apps has surged 30-fold in a year, with the average organisation now transferring over 7.7GB of data per month. This includes sensitive material such as source code, regulated data, and passwords. While 90% of organisations have users directly accessing GenAI apps, 72% of users do so via personal accounts, creating a growing risk from unintentional insider threats. With GenAI now embedded across both dedicated tools and backend systems, firms are struggling with visibility and governance, despite 99% having policies in place to reduce the associated cyber security risks.
Cyber Scams Cost Businesses $1.7 Million Per Year, Claims Report
According to BrandShield’s 2025 CyberScam Report, 98% of businesses experienced a cyber attack in 2024, with 94% suffering financial losses, averaging $1.7 million annually. The most common threats included supply chain attacks, brand impersonation, and advanced persistent threats. As a result, 76% of CISOs expect increased budgets for threat monitoring in 2025. Concern around AI risks rose significantly among those impacted, particularly where losses exceeded $1 million. The report underscores the growing scale of online threats, with cyber criminals increasingly leveraging AI faster than organisations can respond, prompting calls for real-time, AI-driven defences.
The Human Side of Insider Threats: People, Pressure, and Payback
Insider threats remain a critical but often overlooked cyber security risk, driven not just by malicious intent but by personal stress, dissatisfaction, and opportunity. Studies highlight motivations ranging from financial pressure and mental health issues to ideological beliefs and career frustration. Notably, breaches at Capital One and Tesla affected over 180 million individuals combined, with insiders exploiting trusted access. The FBI has also warned of remote work abuse by North Korean operatives. Organisations are urged to combine technical controls with cultural improvements limiting access, offering mental health support, and addressing grievances early, to reduce the likelihood of insiders turning against their employers.
North Korean IT Worker Army Expands Operations in Europe
North Korean IT workers are expanding their operations into Europe, posing as remote freelancers to infiltrate organisations and generate revenue for the DPRK regime. A recent Google Threat Intelligence report highlights activity in Germany, Portugal, and the UK, with workers using fake identities and encrypted payment methods like cryptocurrency. Roles range from AI and blockchain to CMS development, including targeting defence and government sectors. Up to 90% of wages are reportedly funnelled to the regime. The UK has issued an advisory, warning that hiring such workers could breach financial sanctions and expose firms to data theft and extortion.
The UK’s Cyber Security and Resilience Bill Will Boost Standards and Increase Costs
The UK government’s upcoming Cyber Security and Resilience Bill will significantly expand regulation to cover up to 1,100 managed service providers and 64 data centre operators, driving higher security standards but also increasing service costs. Providers will be required to report serious incidents, including supply chain attacks, to the National Cyber Security Centre within 24 hours. The Information Commissioner’s Office will take on a new regulatory role, prompting concerns over scope and resourcing. With over half of UK businesses facing cyber attacks last year and one NHS supplier breach alone costing £32.7 million, the bill aims to drive long-term resilience across critical digital infrastructure.
Why Multi-Factor Authentication Is Still Absolutely Essential in 2025
Passwords alone are not sufficient to protect online accounts, especially as data breaches and phishing attacks continue to rise. Multi-factor authentication (MFA) adds an essential layer of security by requiring a second form of identification, typically a code sent to or generated by a smartphone. Even if a password is stolen, an attacker is unlikely to gain access without this second factor. Research shows MFA stops the vast majority of unauthorised sign-in attempts, making it one of the most effective and accessible defences available. Enabling MFA is a simple but critical step for safeguarding sensitive accounts in 2025. No control is bulletproof of course, and attackers are increasingly finding ways around MFA but it still an essential control.
Bridging the Gap Between the CISO and the Board of Directors
A recent CISO report highlights a communication gap between security leaders and board members, with only 29% of boards feeling adequately informed about security milestones, compared to 44% of CISOs. This disconnect risks real financial and reputational harm, including regulatory non-compliance and data breaches. The report recommends CISOs build stronger ties across departments, improve communication by translating technical risks into business outcomes, and align clearly on compliance responsibilities. As CISOs evolve into strategic advisers, their ability to demonstrate cyber security as a business enabler is key to bridging the gap and gaining lasting influence within the C-suite.
Enterprises Beef Up Cyber Security Plans to Mitigate AI Risks
Gallagher’s latest report finds that over 2 in 5 business leaders have strengthened cyber security and data protection practices in response to growing risks linked to AI use. Concerns cited include inaccurate outputs, data breaches, privacy violations and legal exposure. Despite rising investment in AI integration and talent, fewer leaders are now communicating these risks to staff, down from 84% to 78% year on year. While 70% of cyber leaders plan to adopt AI tools in the next year, fewer than 2 in 5 believe the benefits of generative AI outweigh its risks, highlighting the need for sustained, organisation-wide resilience efforts.
Prioritising an Enterprise-wide Cyber Culture in 2025
In 2025, organisations face increasingly complex cyber threats, including AI-driven risks such as deepfakes and advanced phishing attacks. A resilient cyber culture, underpinned by strong leadership commitment and clear expectations, is critical. Employee behaviour is the key vulnerability, which can be enhanced by integrating cyber security into performance reviews, rewarding vigilance, and using plain language in training and communication driven by strong leadership commitment. Regularly tracking indicators like breach numbers, phishing test results and compliance rates supports continuous improvement ensuring innovation isn’t stifled while maintaining a secure environment in the face of evolving risks.
Surge of Swatting Attacks Targets Corporate Executives and Board Members
Swatting attacks, where criminals make fake emergency calls to prompt armed police responses, are increasingly targeting C-suite executives and board members in the US. Over the past four months, threat intelligence has identified a surge in such incidents, especially in healthcare, pharma, and esports sectors, with hotspots in Boston, Chicago, San Francisco, and LA. Attackers exploit personal data from company websites, data brokers, and breached records to locate victims. Experts warn this marks a shift to coordinated campaigns against corporate leadership. Reducing digital footprints and limiting personal details in public filings are key steps to reduce risk.
Sources:
https://www.helpnetsecurity.com/2025/04/01/global-tensions-cybersecurity-problem/
https://www.theregister.com/2025/04/03/disaster_planning_preparation/
https://www.helpnetsecurity.com/2025/03/31/genai-apps-risks-organizations/
https://www.itpro.com/security/cyber-scams-cost-businesses-1-7-million-per-year-report
https://www.helpnetsecurity.com/2025/04/01/insider-threats-why-people-turn-on-their-employers/
https://www.zdnet.com/article/why-multi-factor-authentication-is-absolutely-essential-in-2025/
https://www.darkreading.com/cybersecurity-operations/bridging-gap-between-ciso-board
https://www.ciodive.com/news/enterprise-cybersecurity-AI-risk-strategy-shift-report/743755/
Governance, Risk and Compliance
The UK’s Cyber Security and Resilience Bill will boost standards – and increase costs | CSO Online
Cyber Security and Resilience Bill Boosts ICO Powers, Protects Services and Impr... | SC Media UK
Surge of swatting attacks targets corporate executives and board members | CSO Online
Cyber Security’s Greatest Threat Isn’t AI—It’s Us
When disaster hits, preparation prevents poor performance • The Register
CISOs and CIOs forge vital partnerships for business success | CSO Online
Bridging the Gap Between the CISO & the Board of Directors
Prioritizing an enterprisewide cyber culture in 2025
How Cyber Risk Quantification Bridges Security-Board Gap
Navigating Cyber-Risks and New Defences in 2025
7 ways to get C-suite buy-in on that new cyber security tool - Help Net Security
When blaming the user for a security breach is unfair – or just wrong | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Cyber Criminals exfiltrate data in just three days - Help Net Security
Hunters International shifts from ransomware to pure data extortion
Hunters International said ransomware now ‘too risky’ • The Register
Hunters International Overlaps Hive Ransomware Attacking Windows, Linux, and ESXi Systems
Why paying the ransom is not the answer | TechRadar
HellCat Ransomware: What You Need To Know | Tripwire
VanHelsing Ransomware: What You Need To Know | Tripwire
Ransomware crews add EDR killers to their arsenal • The Register
Hackers Used Weaponized Zoom Installer to Gain RDP Access & Deploy BlackSuit Ransomware
Resilience in the face of ransomware: A key to business survival
New phishing scam outsmarts security codes to steal your info - CyberGuy
Ransomware Payments Ban: What it Means for Businesses | SC Media UK
Ransomware Victims
Malaysia PM Refuses to Pay $10M Ransomware Demand
Sam’s Club Investigates Alleged Cl0p Ransomware Breach
Retail giant Sam’s Club investigates Clop ransomware breach claims
Ransomware Group Takes Credit for National Presto Industries Attack - SecurityWeek
Phishing & Email Based Attacks
11 ways cyber criminals are making phishing more potent than ever | CSO Online
KnowBe4 Report Finds Polymorphic Phishing Features Present In 76.4% Of Campaigns
How to Recognize and Defend Against 7 Specific Phishing Attacks - ClearanceJobs
New Phishing Attack Combines Vishing and DLL Sideloading Techniques - Infosecurity Magazine
Phishing-as-a-service operation uses DNS-over-HTTPS for evasion
Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks
Cyber Criminals Expand Use of Lookalike Domains in Email Attacks - Infosecurity Magazine
Only 1% of malicious emails that reach inboxes deliver malware - Help Net Security
Surge in Smishing Fuelled by Lucid PhaaS Platform
AI phishing hits its Skynet moment as agents outperform human red teams - SiliconANGLE
Watch out - those PDFs lurking in your inbox could be a major security risk | TechRadar
Phishing Emails Aren't as Obvious Anymore. Here's How to Spot Them - CNET
Help! I clicked on a phishing link - now what? | ZDNET
Over 500 Phishing Domains Emerge Following Bybit Heist - Infosecurity Magazine
Phishers are increasingly impersonating electronic toll collection companies - Help Net Security
New phishing scam outsmarts security codes to steal your info - CyberGuy
Other Social Engineering
North Korean IT worker army expands operations in Europe
New Phishing Attack Combines Vishing and DLL Sideloading Techniques - Infosecurity Magazine
Qakbot Resurfaces in Fresh Wave of ClickFix Attacks
Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks
Surge in Smishing Fueled by Lucid PhaaS Platform
Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware
Social Engineering Just Got Smarter
Artificial Intelligence
GenAI turning employees into unintentional insider threats - Help Net Security
Enterprises beef up cyber security plans to mitigate AI risks | CIO Dive
How to recognize and prevent deepfake scams - Help Net Security
How AI Is Opening New Doors for Hackers to Cause Chaos - Business Insider
What Cyber Security Guardrails Do CIOs and CISOs Want for AI?
Does AI leave security teams struggling? | TechRadar
Cyber Security’s Greatest Threat Isn’t AI—It’s Us
AI Giving Rise of the ‘Zero-Knowledge’ Threat Actor - SecurityWeek
Hackers Exploit Microsoft Teams in Multi-Stage AI Cyber Attack
What You Should Know About the UK's New Cyber Standard
UK public expresses strong support for AI regulation | Computer Weekly
Generative AI Is reshaping financial fraud. Can security keep up? - Help Net Security
AI phishing hits its Skynet moment as agents outperform human red teams - SiliconANGLE
Law enforcement needs to fight fire with fire on AI threats | ITPro
Gray Bots Surge as Generative AI Scraper Activity Increases - Infosecurity Magazine
2FA/MFA
Why multi-factor authentication is absolutely essential in 2025 | ZDNET
'Evilginx' Tool (Still) Bypasses MFA
Microsoft secretly stopped actors from snooping on your MFA codes | CSO Online
Malware
CoffeeLoader Malware Is Stacked With Vicious Evasion Tricks
Hackers Used Weaponized Zoom Installer to Gain RDP Access & Deploy BlackSuit Ransomware
Watch out - those PDFs lurking in your inbox could be a major security risk | TechRadar
Infostealer malware: What’s the threat to businesses? | ITPro
Rootkit, Backdoor and Tunneler: Ivanti Malware Does It All
Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe - SecurityWeek
9-Year-Old NPM Crypto Package Hijacked for Information Theft - SecurityWeek
These Hackers Use Your GPU To Load Password-Stealing Malware
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
Threats Actors Hide Malware in Wordpress Websites to Execute Code Remotely
Qakbot Resurfaces in Fresh Wave of ClickFix Attacks
We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain
FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites
New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth
Only 1% of malicious emails that reach inboxes deliver malware - Help Net Security
'Evilginx' Tool (Still) Bypasses MFA
Ransomware crews add EDR killers to their arsenal • The Register
Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware
Beware fake AutoCAD, SketchUp sites dropping malware - Help Net Security
Open-source malware doubles, data exfiltration attacks dominate - Help Net Security
Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances - SecurityWeek
Suspected Chinese snoops hijacking buggy Ivanti gear — again • The Register
Amateur Hacker Leverages Bulletproof Hosting Server to Spread Malware - Infosecurity Magazine
Russia-linked Gamaredon targets Ukraine with Remcos RAT
Mobile
'Crocodilus' Android Banking Trojan Allows Device Takeover, Data Theft - SecurityWeek
An old Android RAT has returned with some new tricks - here is what to look out for | TechRadar
Russian authorities arrest three suspects behind Mamont Android banking trojan
Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices
Five VPN apps in the App Store had links to Chinese military - 9to5Mac
Hacker Leaks Samsung Customer Data - SecurityWeek
Denial of Service/DoS/DDoS
DDoS attacks now a dominant means of waging political cyber-warfare
Vulnerabilities Expose Cisco Meraki and ECE Products to DoS Attacks - SecurityWeek
Millions of tunneling hosts are vulnerable to spoofing, DDoS attacks, say researchers | CSO Online
Surging DDoS attack rates show no sign of slowing down – here’s why | ITPro
Internet of Things – IoT
7 Tips to Keep Your Smart Home Safer and More Private, From a NIST Cyber Security Researcher | NIST
Connected cars drive into a cyber security crisis - Help Net Security
Hackers Could Unleash Chaos Through Backdoor in China-Made Robot Dogs - SecurityWeek
89% of Healthcare Organisations Use the Most Vulnerable IoT Devices - Infosecurity Magazine
Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware - SecurityWeek
Unpatched Manufacturing Camera Could Allow Industrial Spying
Data Breaches/Leaks
Cyber criminals exfiltrate data in just three days - Help Net Security
Top Trump Officials’ Passwords and Personal Phone Numbers Discovered Online | WIRED
Trump Officials Exposed by NatSec Advisor’s Unsecured Venmo Account | MSSP Alert
FBI investigating cyber attack at Oracle, Bloomberg News reports | Reuters
Britain Follows Signalgate With Its Own Jaw-Dropping Military Leak
Check Point confirms breach, but says crim posted old data • The Register
5 Companies That Have Suffered Data Breaches – & Paid the Price
Critical Cyber Security Lessons from the Recent Exposure of US Military Plans - Security Boulevard
Oracle tells clients of second recent hack, log-in data stolen, Bloomberg News reports | Reuters
Evolve Bank Reaches $11.8M Deal Over 2024 Data Breach - Law360
Customer info allegedly stolen from Royal Mail, Samsung • The Register
Oracle privately confirms Cloud breach to customers
Cyber Security Experts Slam Oracle's Handling of Big Breach
What the Signal Leak Revealed About Washington - The New York Times
Senior Trump officials ordered to preserve Signal group chat - BBC News
Using Signal to discuss war plans is even dumber than it sounds
Genetic Breach Fallout: 23andMe’s Collapse Raises Security Alarms - Security Boulevard
How Oracle took a security breach claim and made it worse • The Register
Hacker Leaks Samsung Customer Data - SecurityWeek
T-Mobile Bug Reveals Names, Images, and Locations of Random Children
Thousands Of Driver’s Licenses, Bank Records, And PII Exposed In Australian Fintech Data Leak
Former GCHQ intern admits top secret data breach risking national security – DataBreaches.Net
200 Million X User Records Released — 2.8 Billion Twitter IDs Leaked
The Ultimate Overshare: 1.5M Private Photos Left Exposed On Dating Apps
Intimate images from kink and LGBTQ+ dating apps left exposed online | Malwarebytes
39 Million Secrets Leaked on GitHub in 2024 - SecurityWeek
National Security Adviser Waltz now accused of using Gmail • The Register
Organised Crime & Criminal Actors
AI Giving Rise of the ‘Zero-Knowledge’ Threat Actor - SecurityWeek
Amateur Hacker Leverages Bulletproof Hosting Server to Spread Malware - Infosecurity Magazine
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
New Crocodilus malware steals Android users’ crypto wallet keys
Over $1.5 billion of crypto was lost to scams or theft in just three months of 2025 | TechRadar
Over 500 Phishing Domains Emerge Following Bybit Heist - Infosecurity Magazine
Insider Risk and Insider Threats
GenAI turning employees into unintentional insider threats - Help Net Security
The human side of insider threats: People, pressure, and payback - Help Net Security
Cyber Security’s Greatest Threat Isn’t AI—It’s Us
Man charged over Network Rail terror message hack - BBC News
Insurance
Small Businesses Continue to Be Underserved by Cyber Insurers: CyberCube
Supply Chain and Third Parties
Evolve Bank Reaches $11.8M Deal Over 2024 Data Breach - Law360
Customer info allegedly stolen from Royal Mail, Samsung • The Register
Royal Mail probes possible breach after cyber criminal posts customer data
Cloud/SaaS
Hackers Exploit Microsoft Teams in Multi-Stage AI Cyber Attack
Oracle Cloud Users Urged to Take Action
SaaS Is Broken: Why Bring Your Own Cloud (BYOC) Is the Future - The New Stack
Independent tests show why orgs should use third-party cloud security services | CyberScoop
Amazon refuses Microsoft 365 deployment because of lax cyber security | CSO Online
Outages
ChatGPT is down worldwide with something went wrong error
Identity and Access Management
Identity lapses ensnared organisations at scale in 2024 | CyberScoop
Encryption
EU: These are scary times – let's backdoor encryption! • The Register
Apple devices are at ‘most risk’ in UK following government ‘backdoor’ order | Computer Weekly
Linux and Open Source
New Ubuntu Linux security bypasses require manual mitigations
Qualys Finds Three Security Bypasses In Ubuntu's Unprivileged User Namespace Restrictions
Passwords, Credential Stuffing & Brute Force Attacks
These Hackers Use Your GPU To Load Password-Stealing Malware
Top 10 Most-Used RDP Passwords Are Not Complex Enough
Social Media
Qakbot Resurfaces in Fresh Wave of ClickFix Attacks
The Ultimate Overshare: 1.5M Private Photos Left Exposed On Dating Apps
Intimate images from kink and LGBTQ+ dating apps left exposed online | Malwarebytes
Training, Education and Awareness
When blaming the user for a security breach is unfair – or just wrong | CSO Online
Regulations, Fines and Legislation
UK threatens £100K-a-day fines under new cyber bill • The Register
Cyber Security and Resilience Bill Will Apply to 1000 UK Firms - Infosecurity Magazine
What NIS2 implementation means for enterprises [Q&A]
Legal impact on cyber security in 2025: new developments and challenges in the EU | CSO Online
Anti-scam campaign groups urge UK police forces to get tougher on fraudsters | Scams | The Guardian
EU: These are scary times – let's backdoor encryption! • The Register
EU to invest $1.4 billion in artificial intelligence, cyber security and digital skills | Reuters
Apple devices are at ‘most risk’ in UK following government ‘backdoor’ order | Computer Weekly
Cyber attacks to remain a national emergency event in the US | SC Media
Russia formally declared national security threat to Britain
Europe Hits The Brakes On GDPR: Plans To Slash Red Tape In The Works
Trump CISA Cuts Threaten US Election Integrity, Experts Warn - Infosecurity Magazine
Top Trump Officials’ Passwords and Personal Phone Numbers Discovered Online | WIRED
Trump Officials Exposed by NatSec Advisor’s Unsecured Venmo Account | MSSP Alert
Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices
Japan Bolsters Cyber Safeguards, Passes Cyber Defense Bill
DOGE official at DOJ bragged about hacking, distributing pirated software - CNA
National Security Adviser Waltz now accused of using Gmail • The Register
Models, Frameworks and Standards
Legal impact on cyber security in 2025: new developments and challenges in the EU | CSO Online
The UK’s Cyber Security and Resilience Bill will boost standards – and increase costs | CSO Online
UK threatens £100K-a-day fines under new cyber bill • The Register
New cyber laws to safeguard UK economy and secure long-term growth - GOV.UK
Cyber Security and Resilience Bill Will Apply to 1000 UK Firms - Infosecurity Magazine
New ‘pivotal’ legislation to force businesses to boost cyber defences
What NIS2 implementation means for enterprises [Q&A]
New bill requires IT firms to bolster safeguards amid rising cyber threats
Europe Hits The Brakes On GDPR: Plans To Slash Red Tape In The Works
New PCI DSS Rules Say Merchants on Hook for Compliance, Not Providers
ICO Apologizes After Data Protection Response Snafu - Infosecurity Magazine
Data Protection
Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices
Careers, Working in Cyber and Information Security
Cyber skills: How to become a digital detective
Why cyber security needs more neurodivergent thinkers and diverse talent | Capacity Media
Law Enforcement Action and Take Downs
Interpol-Led International Cyber Crime Operation Arrests 300
Europol Dismantles Kidflix With 72,000 CSAM Videos Seized in Major Operation
Major Online Platform for Child Exploitation Dismantled - Infosecurity Magazine
US Seizes $8.2m from Romance Baiting Scammers - Infosecurity Magazine
DoJ Seizes Over $8M From Sprawling Pig Butchering Scheme
Man charged over Network Rail terror message hack - BBC News
FBI raids home of prominent computer scientist who has gone incommunicado - Ars Technica
Indiana security prof and wife vanish after FBI raid • The Register
Former GCHQ intern admits top secret data breach risking national security – DataBreaches.Net
Student pleads guilty to smuggling software out of GCHQ • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
The Espionage Toolkit of Earth Alux A Closer Look at its Advanced Techniques | Trend Micro (US)
The War Room newsletter: How Chinese hackers hunt American secrets
Countering nation-state cyber espionage: A CISO field guide | Computer Weekly
DDoS attacks now a dominant means of waging political cyber-warfare
US and its allies are undergoing a digital Pearl Harbor attack - Asia Times
How Cyber Espionage Threatens Democracy in the Age of Trump (The Agenda) - The Citizen Lab
Why global tensions are a cyber security problem for every business - Help Net Security
Nation State Actors
Why no business is safe from state-sponsored cyber attacks | TechRadar
Countering nation-state cyber espionage: A CISO field guide | Computer Weekly
China
Why no business is safe from state-sponsored cyber attacks | TechRadar
The War Room newsletter: How Chinese hackers hunt American secrets
US and its allies are undergoing a digital Pearl Harbor attack - Asia Times
Salt Typhoon may have upgraded backdoors for efficiency and evasion | CSO Online
The Espionage Toolkit of Earth Alux A Closer Look at its Advanced Techniques | Trend Micro (US)
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances - SecurityWeek
Suspected Chinese snoops hijacking buggy Ivanti gear — again • The Register
Five VPN apps in the App Store had links to Chinese military - 9to5Mac
Cyber Security Professor Faced China-Funding Inquiry Before Disappearing, Sources Say | WIRED
Indiana security prof and wife vanish after FBI raid • The Register
China cracks down on personal information collection • The Register
Hackers Could Unleash Chaos Through Backdoor in China-Made Robot Dogs - SecurityWeek
Russia
Over 50 European Hybrid-Attacks Attributed to Russia, Journalists Find
US and its allies are undergoing a digital Pearl Harbor attack - Asia Times
A Deep Dive into Water Gamayun's Arsenal and Infrastructure | Trend Micro (US)
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
Russia formally declared national security threat to Britain
Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia - SecurityWeek
Russia-linked Gamaredon targets Ukraine with Remcos RAT
'89 hours of non-stop work' — Ukrainian Railways' battle against a cyber attack by 'the enemy'
Ukraine Blames Russia for Railway Hack, Labels It “Act of Terrorism” - Infosecurity Magazine
Russian secret services' tactics used in cyber attack on Ukrainian Railways | Ukrainska Pravda
Russian Hackers Using Russia-Based Bulletproof Network to Switch Network Infrastructure
Why you should replace your Kaspersky antivirus | TechRadar
Russian authorities arrest three suspects behind Mamont Android banking trojan
Amateur Hacker Leverages Bulletproof Hosting Server to Spread Malware - Infosecurity Magazine
North Korea
North Korean IT worker army expands operations in Europe
North Korean hackers adopt ClickFix attacks to target crypto firms
Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware
Over $1.5 billion of crypto was lost to scams or theft in just three months of 2025 | TechRadar
Tools and Controls
Top 10 Most-Used RDP Passwords Are Not Complex Enough
When disaster hits, preparation prevents poor performance • The Register
Resilience in the face of ransomware: A key to business survival
How Cyber Risk Quantification Bridges Security-Board Gap
Hackers Exploit Microsoft Teams in Multi-Stage AI Cyber Attack
SaaS Is Broken: Why Bring Your Own Cloud (BYOC) Is the Future - The New Stack
Independent tests show why orgs should use third-party cloud security services | CyberScoop
Ransomware crews add EDR killers to their arsenal • The Register
Identity lapses ensnared organisations at scale in 2024 | CyberScoop
Hackers Used Weaponized Zoom Installer to Gain RDP Access & Deploy BlackSuit Ransomware
The Reality Behind Security Control Failures—And How to Prevent Them
7 ways to get C-suite buy-in on that new cyber security tool - Help Net Security
Why you should replace your Kaspersky antivirus | TechRadar
Suspected Chinese snoops hijacking buggy Ivanti gear — again • The Register
Five VPN apps in the App Store had links to Chinese military - 9to5Mac
Visibility, Monitoring Key to Enterprise Endpoint Strategy
Law enforcement needs to fight fire with fire on AI threats | ITPro
How an Interdiction Mindset Can Help Win War on Cyber Attacks
Expert Insights: Strengthening Business Continuity And Disaster Recovery Strategies With AI
Agentic AI might take years to transform security, but cyber defenders must prepare now
Amazon refuses Microsoft 365 deployment because of lax cyber security | CSO Online
Google DeepMind Unveils Framework to Exploit AI's Cyber Weaknesses - SecurityWeek
Benefits from privacy investment are greater than the cost - Help Net Security
Other News
Why no small business is too small for hackers - and 8 security best practices for SMBs | ZDNET
CyberCube Releases New Report Highlighting Cyber Risk Exposure for Small Businesses
Why no business is too small for the cyber criminals – The Irish News
Small Businesses Continue to Be Underserved by Cyber Insurers: CyberCube
When it comes to security, public Wi-Fi could be a risky choice for commuters worldwide | TechRadar
As CISA Downsizes, Where Can Enterprises Get Support?
Cyber security report advocates an offence-driven approach ...
Over Half of Attacks on Electricity and Water Firms Are Destructive - Infosecurity Magazine
How an Interdiction Mindset Can Help Win War on Cyber Attacks
Solar Power System Vulnerabilities Could Result in Blackouts - Infosecurity Magazine
Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA
Tradespeople warned to be vigilant against cyber-crime | Dorset Echo
The Cyber Security Confidence Paradox in Law Firms: Trends, Threats and Best Practices
Cyber attacks on utilities pose risk to public safety
The hidden cyber threats lurking in critical infrastructure
Safeguarding Student and Faculty Data: Cyber Security in Higher Education - Security Boulevard
Cyber criminals target auto industry with sophisticated hacks | SC Media
Vulnerability Management
Follow Patch Tuesday best practices for optimal results | TechTarget
How Linux Kernel Deals With Tracking CVE Security Issues - The New Stack
Why delaying software updates is a terrible idea | ZDNET
What are business logic vulnerabilities? | ITPro
Vulnerabilities
Unknown scanners probing Juniper and Palo Alto products • The Register
Hackers Actively Targeting SonicWall, Zoho, F5 & Ivanti Systems to Exploit Vulnerabilities
Rootkit, Backdoor and Tunneler: Ivanti Malware Does It All
Vulnerabilities Expose Cisco Meraki and ECE Products to DoS Attacks - SecurityWeek
Suspected Chinese snoops hijacking buggy Ivanti gear — again • The Register
Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
A Deep Dive into Water Gamayun's Arsenal and Infrastructure | Trend Micro (US)
Qualys Finds Three Security Bypasses In Ubuntu's Unprivileged User Namespace Restrictions
Don't wait to update: iOS 18.4 introduces key security fixes
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
Apple issues fixes for vulnerabilities in both old and new OS versions | CyberScoop
Spike in Palo Alto Networks scanner activity suggests imminent cyber threats
Hackers Scanning From 24,000 IP’s to Gain Access to Palo Alto Networks
Max severity RCE flaw discovered in widely used Apache Parquet
New Ubuntu Linux security bypasses require manual mitigations
VMware Workstation auto-updates broken after Broadcom URL redirect
Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia - SecurityWeek
Critical RCE flaws put Kubernetes clusters at risk of takeover | CSO Online
Microsoft warns of critical flaw in Canon printer drivers
Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities - SecurityWeek
Questions Remain Over Attacks Causing DrayTek Router Reboots - SecurityWeek
Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent
Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.