Black Arrow Cyber Threat Intelligence Briefing 07 March 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Our review this week includes the evolving shift in cyber security, where governance and proactive risk management is becoming more critical than tool proliferation as exemplified by the inclusion of the ‘Govern’ function in the NIST Cyber Security Framework. Businesses still face a cocktail of cyber risks as geopolitical tensions, misinformation, and AI-driven threats continue to evolve. Despite increased awareness, cyber risk integration remains insufficient at the executive level, leaving many organisations, particularly smaller businesses, exposed.
Vulnerability management remains a pressing concern. 40% of vulnerabilities leveraged in 2024 date back to 2020 or earlier, while ransomware and botnet expansion thrive on unpatched systems. Meanwhile, the financial sector continues to be a target for cyber attacks, with European regulators responding through stricter risk management frameworks like DORA. The rise of state-sponsored actors such as China-backed Silk Typhoon, which targets IT service providers, further underscores the importance of securing supply chains and third-party dependencies.
Our review this week also highlights the importance of rehearsing how to respond to a cyber incident, as well as the changing tactics of attackers such as the use of AI voice cloning from voicemail recordings to impersonate individuals, and false extortion demands. These, and other observations from our threat intelligence briefings, highlight the need for comprehensive security awareness. With cyber threats at an all-time high, organisations must adopt a strategic, governance-led approach to resilience, ensuring robust defences against both sophisticated adversaries and opportunistic cyber criminals.
Top Cyber Stories of the Last Week
Cyber Security's Future Is All About Governance, Not More Tools
The cyber security landscape is shifting from tool-centric procurement to strategic governance, with CISOs taking a more prominent role in business decision-making. Despite growth in the number of security tools that organisations deploy, fragmented workflows and diminishing returns persist. The focus is now on aligning security with business objectives, regulatory expectations, and operational efficiency. The NIST Cyber Security Framework 2024 update introduced a "Govern" function, underscoring proactive risk management. As cyber security becomes integral to corporate strategy, CISOs must prioritise transparency, accountability, and resilience over simply expanding their security stack.
'Cocktail of Cyber-Risk' Should Stir Concerns Among CISOs
The World Economic Forum's ‘Global Cybersecurity Outlook 2025’ highlights the evolving risk landscape, where cyber security threats are increasingly intertwined with geopolitical and economic risks. Misinformation and AI-related threats are now among the top concerns, while cyber espionage is reportedly declining. Despite growing awareness, only 60% of CEOs and CISOs integrate cyber risk into enterprise risk management. Smaller businesses are particularly vulnerable, with 35% admitting their cyber resilience is insufficient. The report stresses that CISOs must navigate shifting board priorities, regulatory changes, and supply chain risks while ensuring cyber security remains a core business consideration.
Why Cyber Drills are as Vital as Fire Drills
Cyber resilience is becoming a business imperative, with human error remaining the leading cause of cyber incidents and the average cost of a cyber attack reaching a record $4.88 million in 2024. A recent study found that 94% of organisations have implemented or plan to implement cyber drills within three years, recognising their role in strengthening defences and ensuring business continuity. Yet, decision-makers spend only 39% of their time on cyber readiness. As nearly half of businesses faced an attack in the past year, routine cyber drills, like fire drills, are essential to preparing teams for real-world threats.
Nonprofits Face Surge in Cyber-Attacks as Email Threats Rise 35%
Nonprofit organisations have experienced a sharp rise in cyber attacks, with email threats increasing by 35% over the past year. A report by Abnormal Security highlights that limited cyber security resources and high-trust environments make nonprofits prime targets. Credential phishing has surged by 50%, compromising donor databases and enabling financial fraud, while malware attacks have risen by 26%, often leading to ransomware incidents. As cyber criminals refine their tactics, nonprofits must prioritise email security, leveraging AI-driven solutions to detect threats and protect sensitive data, ensuring operational resilience and maintaining public trust.
Rising Cyber Threats in Europe’s Financial Sector: An ENISA Overview
The latest report from the European Network and Information Security Agency (ENISA) highlights a surge in cyber threats targeting Europe’s financial sector, with 488 reported incidents between January 2023 and June 2024. Banks bore the brunt of attacks (46%), followed by public financial institutions (13%) and individual customers (10%). DDoS attacks were the most common, accounting for 58% of incidents, often linked to geopolitical tensions. Data breaches, ransomware, and fraud also saw a rise, exposing sensitive financial records and disrupting operations. In response, regulators have strengthened cyber security policies, with initiatives like DORA aiming to enhance resilience through stricter risk management and incident response frameworks.
Old Unpatched Vulnerabilities Among the Most Widely Exploited
GreyNoise’s latest report highlights that 40% of vulnerabilities exploited in 2024 were from 2020 or earlier, with some dating back over two decades. Attackers are also accelerating their exploitation of newly disclosed flaws, with some targeted within hours. Home internet routers and enterprise solutions from vendors like Ivanti, D-Link, and VMware were among the most affected. Ransomware groups remain the primary exploiters, leveraging 28% of newly listed vulnerabilities in the US Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalogue. Key attacker objectives include botnet expansion, cryptocurrency mining, and ransomware deployment, underscoring the risks posed by unpatched legacy systems.
Chinese State Back Threat Actor ‘Silk Typhoon’ Shifted to Specifically Targeting Outsourced IT Providers
Microsoft has reported that Silk Typhoon, a Chinese state-backed espionage group, has shifted focus to targeting IT management firms, aiming to infiltrate downstream customers. The group exploits stolen API keys, credentials, and unpatched software to access cloud and on-premises systems. By compromising IT providers and privileged access tools, they steal sensitive data from sectors including government, healthcare, and energy. Microsoft highlights Silk Typhoon’s ability to swiftly adapt, making it one of the most pervasive Chinese threat actors. This report coincides with US indictments of 12 Chinese nationals linked to cyber espionage, including two alleged Silk Typhoon members.
Social Engineering and Stolen Credential Threats Continue to Dominate Cyber Attacks
CrowdStrike’s 2025 Global Threat Report highlights a sharp rise in social engineering attacks, with credential theft surging by 442% in the latter half of 2024. Stolen credentials remain a primary attack vector, while adversaries operate with increasing speed: the average time to move within a compromised network has fallen to just 48 minutes, with some breaches occurring in as little as 51 seconds. The report underscores the need for enhanced employee training, stronger credential protection, and improved detection capabilities to counter these evolving threats, particularly as cyber criminals leverage AI and target cloud environments with greater sophistication.
Security CEOs Warn Your Voicemail Greeting is the Latest Target for Cyber Criminals
Cyber security leaders are warning that AI voice cloning is a growing threat, with criminals using voicemail recordings to impersonate individuals. Experts highlight that just three seconds of audio is enough to create a convincing deepfake, which can be exploited in scams targeting employees, families, and businesses. C-suite executives are particularly at risk, with attacks mimicking their voices to manipulate staff. To mitigate this risk, security professionals recommend replacing personal voicemail greetings with automated defaults, limiting voice recordings online, and using a family-safe word to verify urgent requests.
Would-be Extortionists Send “BianLian” Ransom Notes in the Mail
Executives are being targeted in a new ransomware scam involving physical letters falsely claiming to be from the BianLian ransomware group. The letters demand ransoms of $250,000 to $350,000, threatening to leak sensitive data unless payment is made within 10 days. However, security experts have found no evidence of actual network intrusions, suggesting the campaign is a fraudulent extortion attempt. The FBI has issued a warning, confirming no links to the real BianLian group. Organisations are advised to inform executives, review incident response procedures, and report any such letters to law enforcement.
Cyber Threat Highest It’s Ever Been, Ex-Five Eyes Leader Warns
The cyber threat to critical infrastructure is at an all-time high, driven by geopolitical tensions, financial incentives, and technological advancements, warns the former head of the UK’s National Cyber Security Centre (NCSC). Organised criminals and state-backed hacking groups pose a growing risk to essential services. Artificial intelligence is making cyber attacks more efficient, cost-effective, and accessible, potentially enabling new threat actors to launch large-scale campaigns. While financial motives remain unchanged, the increasing role of AI in cyber warfare is a key concern, as it lowers barriers to entry for malicious actors, amplifying the risks faced by organisations globally.
Trump Administration Retreats in Fight Against Russian Cyber Threats
The Trump administration has shifted its stance on cyber threats, no longer publicly recognising Russia as a major cyber security risk to US national security and critical infrastructure. This policy change marks a significant departure from long-standing intelligence assessments and contrasts with the positions of US allies. Experts warn that deprioritising Russia as a cyber threat could leave the US vulnerable to attacks. Reports indicate internal directives have limited efforts to monitor Russian cyber activities, raising concerns that adversaries may exploit weakened defences. Meanwhile, job cuts across key agencies may have further reduced cyber security capabilities, compounding the risks.
Sources:
https://www.darkreading.com/cyber-risk/cybersecurity-future-governance-not-more-tools
https://www.darkreading.com/cyber-risk/thinking-outside-box-cyber-risk
https://www.forbes.com/sites/jameshadley/2025/03/04/why-cyber-drills-are-as-vital-as-fire-drills/
https://www.infosecurity-magazine.com/news/nonprofits-email-threats-rise-35/
https://www.jdsupra.com/legalnews/rising-cyber-threats-in-europe-s-7746792/
https://www.infosecurity-magazine.com/news/old-vulnerabilities-widely/
https://cyberscoop.com/silk-typhoon-targets-it-services/
https://cybernews.com/security/cybercriminals-use-voicemail-greetings-ai-voice-cloning-attacks/
https://www.infosecurity-magazine.com/news/extortionists-bianlian-ransom/
https://www.theguardian.com/us-news/2025/feb/28/trump-russia-hacking-cyber-security
Governance, Risk and Compliance
Cybersecurity’s Future Is All About Governance, Not More Tools
Why Employee Training Is A Critical Component Of Effective Business Cybersecurity - Minutehack
Why Cyber Drills Are As Vital As Fire Drills
'Cocktail of Cyber-Risk' Should Stir Concerns Among CISOs
Top security CEOs warn your voicemail greeting is the latest target for cyber criminals | Cybernews
Third-Party Attacks Drive Major Financial Losses in 2024 - Infosecurity Magazine
Third-Party Risk Top Cybersecurity Claims
Cyber risks see SME focus but big risks remain
Board Oversight of Cyber Security Incidents
How to create an effective incident response plan | CSO Online
CFOs’ Risk Outlook—The Economy, Cyber and Talent Are Top Concerns
What CISOs need from the board: Mutual respect on expectations | CSO Online
The evolving landscape of regulatory compliance in cybersecurity - Digital Journal
WTF? Why the cyber security sector is overrun with acronyms | CSO Online
The 5 stages of incident response grief - Help Net Security
A Shield of Defensibility Protecting CISOs and Their Companies
CISO Liability Risks Spur Policy Changes at 93% of Organisations - Infosecurity Magazine
CISO vs. CIO: Where security and IT leadership clash (and how to fix it) - Help Net Security
Cyber Threats Are Evolving Faster Than Defences
Cyber threat highest it’s ever been, ex-Five Eyes leader warns - NZ Herald
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Evolution: From Encryption to Extortion
Mad, Bad, And Dangerous To Know: Cyber Criminals Are More Sophisticated Than Ever
Cyber criminals picked up the pace on attacks last year | CyberScoop
Ransomware 2025: Lessons from the Past Year and What Lies Ahead
Report: CISA Vulnerabilities Catalog Monitored By Ransomware Gangs | MSSP Alert
Ransomware activity surged last year, report finds | SC Media
Ransomware Attacks Appear to Keep Surging - InfoRiskToday
Your New Car Could Be the Next Ransomware Target
Ransomware scum abusing Microsoft Windows-signed driver • The Register
VulnCheck Exposes CVEs From Black Bastas' Chats
Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates
Would-be Extortionists Send “BianLian” Ransom Notes in the Mail - Infosecurity Magazine
Cactus Ransomware: What You Need To Know | Tripwire
EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing
Emulating the Relentless RansomHub Ransomware - Security Boulevard
Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom
Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks
Ransomware: from REvil to Black Basta, what do we know about Tramp? | Computer Weekly
Schools Vs Ransomware: Lessons Learned From A Cyber Attack - TeachingTimes
Ransomware Victims
Hunters International ransomware claims attack on Tata Technologies
Qilin claims attacks on cancer, women's clinics • The Register
Ransomware crew threatens to leak 'stolen' Tata Tech data • The Register
‘My company thrived for 150 years — then Russian hackers brought it down in three months’
Ransomware Group Takes Credit for Lee Enterprises Attack - SecurityWeek
Qilin Ransomware gang claims the hack of the Ministry of Foreign Affairs of Ukraine
Phishing & Email Based Attacks
Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail
Phishing Campaign Uses Havoc Framework to Control Infected Systems - Infosecurity Magazine
EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing
Watch out - that LinkedIn email could be a fake, laden with malware | TechRadar
5,000 CAPTCHA Tests Used As Infostealer Gateways—Do Not Complete Them
Massive Phishing Campaign Spreads Lumma Stealer Via Bogus CAPTCHA PDFs | MSSP Alert
How a Manual Remediation for a Phishing URL Took Down Cloudflare R2 - InfoQ
Business Email Compromise (BEC)/Email Account Compromise (EAC)
From Event to Insight Unpacking a B2B Business Email Compromise BEC Scenario | Trend Micro (US)
Other Social Engineering
2025 CrowdStrike Global Threat Report: 442% Surge in Social Engineering and Credential Theft
How QR code attacks work and how to protect yourself - Help Net Security
Vishing attacks surged 442% last year - how to protect yourself | ZDNET
The Hidden Risks Of Job Hunting: Recruitment Fraud And Cybersecurity
What is vishing? Voice phishing is surging - expert tips on how to spot it and stop it | ZDNET
North Korea's Latest 'IT Worker' Scheme Seeks Nuclear Funds
Digital nomads and risk associated with the threat of infiltred employees
YouTube warns of AI-generated video of its CEO used in phishing attacks
Scammers take over social media - Help Net Security
Fake police call cryptocurrency investors to steal their funds
Artificial Intelligence
Top security CEOs warn your voicemail greeting is the latest target for cyber criminals | Cybernews
89% of enterprise AI usage is invisible to the organisation - Help Net Security
Deepfake cyber attacks proliferated in 2024, iProov claims • The Register
Nearly 12,000 API keys and passwords found in AI training dataset
The Urgent Need to Address Cyber Security in the GenAI Market
Web DDoS attacks see major surge as AI allows more powerful attacks | TechRadar
How New AI Agents Will Transform Credential Stuffing Attacks
YouTube warns of AI-generated video of its CEO used in phishing attacks
Private 5G Networks Face Security Risks Amid AI Adoption - Infosecurity Magazine
Police arrests suspects tied to AI-generated CSAM distribution ring
Innovation vs. security: Managing shadow AI risks - Help Net Security
Malware
Microsoft says malvertising campaign impacted 1 million PCs
Fake CAPTCHA PDFs Spread Lumma Stealer via Webflow, GoDaddy, and Other Domains
Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus
EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing
Watch out - that LinkedIn email could be a fake, laden with malware | TechRadar
Hackers Weaponizing PowerShell & Microsoft Legitimate Apps To Deploy Malware
Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems
Devs beware: fake Golang packages target Mac users | Cybernews
Polyglot files used to spread new backdoor | CSO Online
1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers | WIRED
5,000 CAPTCHA Tests Used As Infostealer Gateways—Do Not Complete Them
Typosquatted Go Packages Distribute Malware Loader Targeting Linux And MacOS
Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access
Badbox Android botnet disrupted through coordinated threat hunting | CSO Online
Massive Phishing Campaign Spreads Lumma Stealer Via Bogus CAPTCHA PDFs | MSSP Alert
26 Million Devices Hit By Infostealers—Bank Cards Leaked To Dark Web
1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers | WIRED
Massive botnet that appeared overnight is delivering record-size DDoSes - Ars Technica
Russian-Speaking Hackers Goad Users Into Installing Havoc
Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants
Bots/Botnets
Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet | TechRadar
Widespread network edge device targeting conducted by PolarEdge botnet | SC Media
Massive botnet that appeared overnight is delivering record-size DDoSes - Ars Technica
New Eleven11bot DDoS Botnet Powered by 80,000 Hacked Devices - SecurityWeek
Badbox Android botnet disrupted through coordinated threat hunting | CSO Online
Mobile
Over 500K Android, iOS, iPadOS, Devices Impacted By Spyzie Stalkerware | MSSP Alert
Governments can't seem to stop asking for secret backdoors • The Register
New Android RAT Dubbed “AndroRAT” Attacking to Steal Pattern, PIN & Passcodes
Do you really need to worry about spyware on your phone?
Google’s 'consent-less' Android tracking probed by academics • The Register
Google confirms mass app deletion on Play Store after ad fraud | Android Central
Denial of Service/DoS/DDoS
Massive botnet that appeared overnight is delivering record-size DDoSes - Ars Technica
Web DDoS attacks see major surge as AI allows more powerful attacks | TechRadar
New Eleven11bot DDoS Botnet Powered by 80,000 Hacked Devices - SecurityWeek
Internet of Things – IoT
Top risks produced by old wireless routers and smart home devices
8 ways to secure your smart home from hackers
Your New Car Could Be the Next Ransomware Target
BadBox Botnet Powered by 1 Million Android Devices Disrupted - SecurityWeek
How Can Your Smart Washer Pose A Threat To Your Privacy?
Badbox Android botnet disrupted through coordinated threat hunting | CSO Online
Goodbye Kia - this is the serious vulnerability that affects all vehicles registered after this date
Data Breaches/Leaks
Inside a cyber attack: How hackers steal data
Lost luggage data leak exposes nearly a million records | Cybernews
75% of US government websites experienced data breaches | Cybernews
Angel One Breach Compromises Client Data | MSSP Alert
Organised Crime & Criminal Actors
Mad, Bad, And Dangerous To Know: Cyber Criminals Are More Sophisticated Than Ever
Cyber criminals picked up the pace on attacks last year | CyberScoop
Cyber threat highest it’s ever been, ex-Five Eyes leader warns - NZ Herald
Online crime-as-a-service skyrockets with 24,000 users selling attack tools - Help Net Security
US Soldier Intends to Admit Hacking 15 Telecom Carriers
Nigerian Accused of Hacking Tax Preparation Firms Extradited to US - SecurityWeek
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
How North Korea stole $1.5bn from Bybit – the biggest ever crypto theft - AML Intelligence
International cops seize Russian crypto exchange Garantex • The Register
Bybit hackers resume laundering activities, moving another 62,200 ETH
US recovers $31 million stolen in 2021 Uranium Finance hack
$51,300,000,000: Crypto Scams 2025 Report by Chainalysis is Out
Lazarus Group at it again - New victim suspected in $3.1M Tron hack | Cryptopolitan
North Korea’s $1.5 billion heist puts the crypto world on notice - The Japan Times
Shape-shifting Chrome extensions target wallets | Cybernews
Fake police call cryptocurrency investors to steal their funds
Insider Risk and Insider Threats
Digital nomads and risk associated with the threat of infiltred employees
Insurance
Third-Party Risk Top Cyber Security Claims
Supply Chain and Third Parties
Third-Party Attacks Drive Major Financial Losses in 2024 - Infosecurity Magazine
Third-Party Risk Top Cyber Security Claims
China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access
Why Vendor Risk Management Can't Be a One-Time Task | UpGuard
Ransomware crew threatens to leak 'stolen' Tata Tech data • The Register
Cloud/SaaS
How to plan your cloud migration with security in mind | SC Media
Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail
New Microsoft 365 outage impacts Teams, causes call failures
Microsoft Teams and other Windows tools hijacked to hack corporate networks | TechRadar
Attackers Leverage Microsoft Teams and Quick Assist for Access - Infosecurity Magazine
Apple begins legal battle to resist 'egregious' iCloud backdoor demand | Macworld
Outages
New Microsoft 365 outage impacts Teams, causes call failures
Barclays: bank to pay £12.5m compensation for online outage
Microsoft Blames Widespread Outage On “Problematic Code Change”
How a Manual Remediation for a Phishing URL Took Down Cloudflare R2 - InfoQ
Identity and Access Management
Misconfigured access management systems expose global enterprises to security risks | CSO Online
Identity: The New Cyber Security Battleground
Prioritising data and identity security in 2025 - Help Net Security
Encryption
The UK will neither confirm nor deny that it’s killing encryption | The Verge
Encryption Wars: Governments Want a Backdoor, but Hackers Are Watching | HackerNoon
France pushes for law enforcement access to Signal, WhatsApp and encrypted email | Computer Weekly
Governments can't seem to stop asking for secret backdoors • The Register
Apple begins legal battle to resist 'egregious' iCloud backdoor demand | Macworld
Why a push for encryption backdoors is a global security risk - Help Net Security
UK cyber security damaged by “clumsy Home Office political censorship” | Computer Weekly
Linux and Open Source
Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems
Typosquatted Go Packages Distribute Malware Loader Targeting Linux And MacOS
Open Source Security Risks Continue To Rise
Passwords, Credential Stuffing & Brute Force Attacks
2025 CrowdStrike Global Threat Report: 442% Surge in Social Engineering and Credential Theft
How New AI Agents Will Transform Credential Stuffing Attacks
‘My company thrived for 150 years — then Russian hackers brought it down in three months’
Social Media
UK probes TikTok, Reddit over child data privacy concerns • The Register
Watch out - that LinkedIn email could be a fake, laden with malware | TechRadar
YouTube warns of AI-generated video of its CEO used in phishing attacks
Scammers take over social media - Help Net Security
USCIS mulls policing social media of all would-be citizens • The Register
Malvertising
Microsoft says malvertising campaign impacted 1 million PCs
Training, Education and Awareness
Why Employee Training Is A Critical Component Of Effective Business Cyber Security - Minutehack
Regulations, Fines and Legislation
Former intelligence officials denounce job cuts to federal cyber roles - Nextgov/FCW
Cyber resilience under DORA – are you prepared for the challenge? | TechRadar
The Crime and Policing Bill Explained
Governments can't seem to stop asking for secret backdoors • The Register
Apple begins legal battle to resist 'egregious' iCloud backdoor demand | Macworld
Why a push for encryption backdoors is a global security risk - Help Net Security
What is the Digital Operational Resilience Act (DORA)? | Definition from TechTarget
The evolving landscape of regulatory compliance in cyber security - Digital Journal
CISA: No Change on Defending Against Russian Cyber Threats - SecurityWeek
UK security in shock as America signals end to cyber operations against Russia
The Wiretap: How Trump, Hegseth And DOGE Are Undermining Ukrainian Security
DoD, CISA Deny Reports of Pausing Cyber Operations Against Russia | MSSP Alert
Gadgets Used By American Presidents (And Why They Were A Security Nightmare)
National Security Threatened By Cyber Security Job Cuts, Experts Say | MSSP Alert
CISA Cuts: A Dangerous Gamble in a Dangerous World
Trump's Staffing Overhauls Hit Nation's Cyber Defense Agency
Strengthening Telecommunications Security: A Call to Action for Cyber Resilience
Proactive Security: Navigating HIPAA’s Proposed Risk Analysis Updates - Security Boulevard
Google asks US government to drop breakup plan over national security fears | TechRadar
Models, Frameworks and Standards
Cyber resilience under DORA – are you prepared for the challenge? | TechRadar
What is the Digital Operational Resilience Act (DORA)? | Definition from TechTarget
Financial Organisations Urge CISA to Revise Proposed CIRCIA Implementation - SecurityWeek
Navigating NIS 2 compliance [Q&A]
Proactive Security: Navigating HIPAA’s Proposed Risk Analysis Updates - Security Boulevard
Careers, Working in Cyber and Information Security
New 2025 SANS Threat Hunting Survey Reveals 61% of Organisations Struggle with Staffing Shortages
The days of easy hiring in cyber security coming to an end • The Register
Stress and Burnout Impacting Vast Majority of IT Pros - Infosecurity Magazine
Cyber Security Job Satisfaction Plummets, Women Hit Hardest - Infosecurity Magazine
Why Cyber Security Jobs Are Hard to Find in a Worker Shortage
Will AI Start Taking Cyber Security Professionals' Jobs?
Law Enforcement Action and Take Downs
International cops seize Russian crypto exchange Garantex • The Register
US seizes domain of Garantex crypto exchange used by ransomware gangs
US Soldier Intends to Admit Hacking 15 Telecom Carriers
Police arrests suspects tied to AI-generated CSAM distribution ring
Nigerian Accused of Hacking Tax Preparation Firms Extradited to US - SecurityWeek
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Nation State Actors
China
Will Chinese cyberespionage be more aggressive in 2025? CrowdStrike thinks so | TechRadar
Silk Typhoon shifted to specifically targeting IT management companies | CyberScoop
In case we forgot, Typhoon attacks remind us of China’s cyber capability—and intent | The Strategist
Chinese cyber espionage growing across all industry sectors | CSO Online
Defence, not more assertive cyber activity, is the right response to Salt Typhoon | The Strategist
US Charges Members of Chinese Hacker-for-Hire Group i-Soon - Infosecurity Magazine
Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants
Russia
The Trump Administration Is Deprioritizing Russia as a Cyber Threat | WIRED
As Trump warms to Putin, U.S. halts offensive cyber operations against Moscow - The Washington Post
Finland's secret service says frequency of cable incidents is 'exceptional' | Reuters
France has ‘trouble understanding’ US halt on cyber operations against Russia – POLITICO
CISA: No Change on Defending Against Russian Cyber Threats - SecurityWeek
US Cyber Command Russia stand-down: Strategic diplomacy or security gamble? | SC Media
DHS says CISA won’t stop looking at Russian cyber threats | CyberScoop
UK security in shock as America signals end to cyber operations against Russia
National Security Threatened By Cyber Security Job Cuts, Experts Say | MSSP Alert
CISA Cuts: A Dangerous Gamble in a Dangerous World
Russian telecom Beeline facing outages after cyber attack | The Record from Recorded Future News
Russian-Speaking Hackers Goad Users Into Installing Havoc
International cops seize Russian crypto exchange Garantex • The Register
‘My company thrived for 150 years — then Russian hackers brought it down in three months’
Qilin Ransomware gang claims the hack of the Ministry of Foreign Affairs of Ukraine
Iran
Large cyber attack emanated from Iran days after Trump sanctions - watchdogs | Iran International
Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector
Crafty Camel APT Targets Aviation, OT With Polygot Files
North Korea
How North Korea stole $1.5bn from Bybit – the biggest ever crypto theft - AML Intelligence
Bybit hackers resume laundering activities, moving another 62,200 ETH
North Korea's Latest 'IT Worker' Scheme Seeks Nuclear Funds
Digital nomads and risk associated with the threat of infiltred employees
Lazarus Group at it again - New victim suspected in $3.1M Tron hack | Cryptopolitan
The rise of Lazarus Group from Sony hacks to billion dollar crypto heists
Tools and Controls
Why Employee Training Is A Critical Component Of Effective Business Cyber Security - Minutehack
Why Cyber Drills Are As Vital As Fire Drills
Board Oversight of Cyber Security Incidents
How to create an effective incident response plan | CSO Online
How to plan your cloud migration with security in mind | SC Media
RDP: a Double-Edged Sword for IT Teams – Essential Yet Exploitable
British Tech Industry Backs UK Proposal on Software Security
Misconfigured access management systems expose global enterprises to security risks | CSO Online
'Cocktail of Cyber-Risk' Should Stir Concerns Among CISOs
Why Vendor Risk Management Can't Be a One-Time Task | UpGuard
EDR And Vendor Consolidation Are A Losing Approach To Cyber Security
Prioritising data and identity security in 2025 - Help Net Security
Other News
Rising Cyber Threats in Europe’s Financial Sector: An ENISA Overview | HaystackID - JDSupra
Nonprofits Face Surge in Cyber-Attacks as Email Threats Rise 35% - Infosecurity Magazine
Cyber risks see SME focus but big risks remain
Attackers could hack smart solar systems and cause serious damages
This Browser-Based Attack Can Dodge Security Protections to Take Over Your Account
What is cyber stalking and how to prevent it? | Definition from TechTarget
The More You Care, The More You Share: Information Sharing And Cyber Awareness
What is a Watering Hole Attack? | Definition from TechTarget
WTF? Why the cyber security sector is overrun with acronyms | CSO Online
If you want security, start with secure products – Computerworld
ICS/OT Security Budgets Increasing, but Critical Areas Underfunded: Report - SecurityWeek
Over Half of Organisations Report Serious OT Security Incidents - Infosecurity Magazine
Finland's secret service says frequency of cable incidents is 'exceptional' | Reuters
Polish Space Agency offline as it recovers from cyber attack
Hackers breach military walls as funding falls short | Cybernews
Why Decommissioned Nuclear Sites Must Stay on the Security Agenda | SC Media UK
3 Cyber Security Steps Every Local Government Should Take
Google asks US government to drop breakup plan over national security fears | TechRadar
Vulnerability Management
CISA's KEV list informs ransomware attacks, paper suggests • The Register
Old Vulnerabilities Among the Most Widely Exploited - Infosecurity Magazine
Report: CISA Vulnerabilities Catalog Monitored By Ransomware Gangs | MSSP Alert
VulnCheck Exposes CVEs From Black Bastas' Chats
Vulnerabilities
CISA tags Windows, Cisco vulnerabilities as actively exploited
Android security update contains 2 actively exploited vulnerabilities | CyberScoop
Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks - SecurityWeek
Cisco warns some Webex users of worrying security flaw, so patch now | TechRadar
Hackers can turn any Bluetooth device into an AirTag and track its location | Cybernews
Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities - SecurityWeek
Cisco warns of Webex for BroadWorks flaw exposing credentials
PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors
Vulnerabilities Patched in Qualcomm, Mediatek Chipsets - SecurityWeek
Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.