Black Arrow Cyber Threat Intelligence Briefing 11 April 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Exec Summary
Black Arrow’s look at threat intelligence from the last week highlights that attackers are now leveraging artificial intelligence to craft highly convincing phishing scams and precision-targeted campaigns. Businesses must prioritise cyber awareness among employees and leadership teams to address this. Our experience shows that even well-resourced firms are at risk if cyber training is generic, outdated, or not led by informed security teams.
This week’s developments also reinforce the importance of engaging executive leadership in cyber resilience. The rise in cyber crisis simulations reflects a growing recognition that incident response is not just an IT issue but a board-level imperative. Black Arrow Cyber is seeing increased demand for tailored tabletop exercises and governance workshops that empower leadership teams to manage risk more effectively and demonstrate proportionate control. The UK government's new Cyber Governance Code and troubling statistics, such as 65% of financial services firms experiencing breaches, only strengthen the case for structured, executive-led cyber readiness.
Finally, the rapid adoption of AI in both legitimate operations and criminal activity signals a shifting threat landscape. From fintech to remote working environments, firms are now grappling with security challenges that extend beyond technical controls. In today’s environment, cyber resilience starts with people, not just technology.
Top Cyber Stories of the Last Week
Why Organisations Are Doubling Down on Cyber Crisis Simulations
Driven by a surge in high-profile cyber attacks, 74% of CISOs plan to increase budgets for cyber crisis simulations this year. These exercises are no longer IT-only; they now involve executives across legal, finance, and communications, helping organisations coordinate more effectively under pressure. Simulations highlight gaps in processes, decision-making, and communication, offering a controlled space to strengthen response. They also address team resilience, with some firms embedding mental health checks into crisis planning. As regulatory expectations grow, simulations are proving essential in helping firms move from theoretical risk planning to practical readiness, and from chaos to coordinated response.
At Black Arrow, we are seeing an increase in clients requesting support in designing and preparing for managing a cyber security incident; this includes an incident response plan and an educational tabletop exercise for the leadership team that highlights proportionate controls to help the organisation prevent and mitigate an incident. Contact us for details.
UK SMEs Losing Over £3bn a Year to Cyber Incidents
UK SMEs are losing £3.4bn annually due to inadequate cyber security, with over 30% lacking any protection and more than a quarter facing repeated attacks each year, according to Vodafone Business. The average cost of a cyber attack is £3,400, rising to £5,000 for firms with over 50 staff. Despite the growing threat, over a third of SMEs provide no staff training, most spend under £100 annually on cyber security, and nearly two-thirds allow home working on personal devices.
Over 40% of UK Businesses Faced Cyber Security Breaches in 2024
The UK government’s latest Cyber Security Breaches Survey reveals that 43% of businesses and 30% of charities suffered a cyber breach or attack in the past year, with phishing the leading cause. Criminals are increasingly using artificial intelligence to craft convincing scams, making them harder to detect. Despite these threats, board-level oversight of cyber resilience is declining, raising concerns about organisational readiness. Experts are calling for urgent legal reform, warning that outdated legislation is hindering efforts to defend against over 8.5 million annual attacks.
Boards Urged to Follow New Cyber Code of Practice
The UK government has launched a new Cyber Governance Code of Practice to help boards strengthen their organisation’s cyber resilience. Aimed at medium and large-sized firms, the initiative responds to the growing threat landscape, with 74% of large and 70% of medium firms hit by cyber attacks or breaches in the past year. These incidents have previously cost the UK economy nearly £22bn annually. Backed by the UK’s National Cyber Security Centre (NCSC) and industry bodies, the code outlines key actions for boards, supported by training and a toolkit, helping leaders embed cyber risk management alongside financial and legal oversight.
Black Arrow’s board-level cyber security workshops enable leadership teams to implement and demonstrate proportionate governance of cyber risk management. Contact us for details.
Two-Thirds of Financial Services Firms Hit by Cyber Breach in Past Year
A recent survey of 200 senior financial services leaders revealed that nearly two-thirds (65%) of firms suffered a cyber breach in the past year, with smaller firms hit slightly harder than larger ones. Despite widespread AI adoption, with 90% of organisations using it and 84% of senior managers relying on it, almost a third of respondents lacked confidence in their ability to prevent future data breaches. Top security concerns for the year ahead include trust in AI (47%), ransomware (45%) and data mismanagement (44%). While many see AI as key to better cyber security and operational gains, training and transparency gaps remain a notable risk.
AI Is Now Better Than Humans at Phishing
A new report from AI training firm Hoxhunt has found as of March 2025, AI-generated phishing attacks were 24% more successful than those crafted by human experts. This shift is attributed to advanced AI models that tailor phishing messages to individual users, significantly increasing click rates. The findings highlight an urgent need for organisations to adopt AI-driven defences and enhance user behaviour training to stay ahead of increasingly sophisticated cyber threats.
Europol Warns: AI Is Turbocharging Organised Crime
Europol has warned that AI is transforming the landscape of organised crime, making criminal operations faster, more scalable, and harder to detect. The European Serious Organised Crime Threat Assessment reveals that AI is being exploited to automate cyber attacks, enhance social engineering, and enable large-scale fraud and identity theft. Criminals now use AI to generate convincing deepfakes and craft multilingual phishing campaigns with minimal expertise. Within financial services, AI and cryptocurrencies are increasingly used for money laundering and fraud, with Europol highlighting that the very structure of organised crime is evolving into a tech-driven enterprise.
Is HR Running Your Employee Security Training? Here’s Why That’s Not Always the Best Idea
A growing number of security leaders are warning that relying solely on HR to deliver employee security training leaves organisations exposed. While HR plays a key role in logistics and compliance, it lacks the up-to-date threat intelligence and technical insight required to effectively address phishing, social engineering, and evolving cyber attacks. Experts agree that training content must be led by security teams and tailored to sector-specific risks. Without this, organisations risk generic, outdated programmes that fail to drive real-world awareness. A collaborative approach across HR, security, IT, and legal is essential to ensure training is both relevant and effective.
Precision-Validated Phishing Elevates Credential Theft Risks
A new phishing tactic, known as precision-validated credential theft, is raising concern due to its ability to bypass traditional defences by targeting only verified, high-value email accounts. Unlike broad phishing attempts, this method uses real-time validation via JavaScript scripts or email verification APIs to ensure only active users see malicious content. In one case, attackers even redirected invalid users to legitimate sites to avoid detection. This selective targeting makes threat detection and intelligence sharing more difficult, with experts urging firms to adopt behavioural analytics and anomaly detection to identify threats before they take hold.
Why Remote Work Is a Security Minefield (and What You Can Do About It)
Remote work has become a long-term strategy for many organisations, but it brings significant cyber security risks. Key concerns include unsecured home networks, personal device use lacking enterprise protections, and increased exposure to phishing and social engineering attacks. Isolation and relaxed home environments heighten risk-taking behaviours. Organisations should look at adopting a zero trust model, mandatory use of VPNs, encrypted Wi-Fi, and regular employee training. Balancing security with employee privacy is also critical, with transparency around monitoring practices essential for trust. As AI tools evolve, so too do cyber threats, making a proactive, security-first culture more important than ever.
Why Cyber Security Should Be a Top Priority in Fintech
Fintech’s rapid growth has made it a prime target for cyber attacks, with platforms handling high volumes of sensitive personal and financial data in real time. High-profile breaches have impacted millions, highlighting the risks of underinvesting in security. Fast-moving startups, third-party integrations, and misconfigured cloud environments widen the attack surface. Yet, forward-thinking firms view cyber security as a strategic enabler, building trust, driving compliance, and attracting investment. Core priorities now include zero trust architectures, AI-driven threat detection, and secure development practices. In digital finance, security is not optional; it’s the foundation on which trust, growth, and resilience are built.
Half of Firms Stall Digital Projects as Cyber Warfare Risk Surges
Armis has found that nearly half of UK organisations have paused or delayed digital transformation projects due to rising fears of state-sponsored cyber attacks. Concern around nation-state threats has surged by 32% since last year, with 88% of IT decision-makers voicing alarm and 47% having already reported incidents to authorities. The report highlights further strain on firms, as 52% cite regulatory complexity and 48% admit to lacking in-house expertise to manage AI-powered security tools. With China, Russia and North Korea seen as top cyber threats, businesses are being urged to shift to a proactive cyber security stance to mitigate growing risks.
Sources:
https://www.helpnetsecurity.com/2025/04/09/ciso-cyber-crisis-simulations/
https://www.computerweekly.com/news/366622019/UK-SMEs-losing-over-3bn-a-year-to-cyber-incidents
https://www.infosecurity-magazine.com/news/40-uk-businesses-face-breaches/
https://www.infosecurity-magazine.com/news/bords-urged-follow-new-cyber-code/
https://betanews.com/2025/04/04/ai-is-now-better-that-humans-at-phishing/
https://informationsecuritybuzz.com/europol-ai-is-turbocha-organized-crime/
https://www.infosecurity-magazine.com/news/precision-validated-phishing/
https://www.helpnetsecurity.com/2025/04/11/remote-work-cybersecurity-challenges/
https://www.finextra.com/blogposting/28257/why-cybersecurity-should-be-a-top-priority-in-fintech
https://www.infosecurity-magazine.com/news/half-firms-stall-digital-projects/
Governance, Risk and Compliance
Business leaders supported to bolster online defences to safeguard growth - GOV.UK
Boards Urged to Follow New Cyber Code of Practice - Infosecurity Magazine
UK says company boards need to worry more about cyber security risks | News Brief | Compliance Week
Why CISOs are doubling down on cyber crisis simulations - Help Net Security
Security Theatre: Vanity Metrics Keep You Busy - and Exposed
UK businesses are still getting hacked, but they are becoming smarter | Cybernews
Key Cyber Security Challenges In 2025—Trends And Observations
Cyber insurance set to boom but so are the threats – Munich Re
Capacity is Critical in Riskier Threat Landscape | Trend Micro (US)
Many CIOs operate within a culture of fear | CIO
New cyber threats demand new model report warns
Cyber pros see trade war driving costs of tech gear | Cybernews
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Attacks Hit All-Time High as Payoffs Dwindle - Infosecurity Magazine
Ransomware 2025: gangs hunt for Fortune 500 companies | Cybernews
Ban ransomware payments? UK pitches new cyber rules
Ransomware Incidents On the Rise in the UK - DataBreachToday
Medusa Rides Momentum From Ransomware-as-a-Service Pivot
Ransomware Underground Faces Declining Relevance
Ransomware groups push negotiations to new levels of uncertainty - Help Net Security
Everest ransomware group’s Tor leak site offline after a defacement
Everest ransomware's dark web leak site defaced, now offline
US businesses are the top target for ransomware in 2025 so far | TechRadar
Ransomware Victims
Food giant WK Kellogg discloses data breach linked to Clop ransomware
Clop Ransomware Hack Of WK Kellogg Shows Growing Threat To Your Data
Beyond The Breach: The Ongoing Impact Of The Change Healthcare Attack
Port of Seattle says ransomware breach impacts 90,000 people
Medway Community Healthcare still recovering from 'cyber-attack' - BBC News
Ransomware Gang Claims Hack Of NASCAR
Phishing & Email Based Attacks
AI is now better than humans at phishing
Phishing kits now vet victims in real-time before stealing credentials
Precision-Validated Phishing Elevates Credential Theft Risks - Infosecurity Magazine
Why defensive AI alone is not enough: the crucial role of a strong security culture | TechRadar
How Cyber Criminals Are Exploiting QR Codes for Phishing Attacks - ClearanceJobs
Phishing, fraud, and the financial sector's crisis of trust - Help Net Security
Scattered Spider adds new phishing kit, malware to its web • The Register
Attackers Use 'Spam Bombing' to Hide Malicious Motives
iOS devices face twice the phishing attacks of Android - Help Net Security
New PoisonSeed Attacking CRM & Bulk Email Providers in Supply Chain Phishing Attack
Cyber security company alarmed by ease of scam creation with Lovable website builder | Cybernews
E-ZPass toll payment texts return in massive phishing wave
Over 100 million malicious emails blocked by HMRC | TechRadar
Other Social Engineering
Smishing Triad Fuels Surge in Toll Payment Scams in US, UK - Infosecurity Magazine
Someone is trying to recruit security researchers in bizarre hacking campaign | TechCrunch
Fraud, Scams and Financial Crime
Identity Fraud Costs Orgs Average of $7m Annually - IT Security Guru
Phishing, fraud, and the financial sector's crisis of trust - Help Net Security
Smishing Triad Fuels Surge in Toll Payment Scams in US, UK - Infosecurity Magazine
Australian pension funds hit by wave of credential stuffing attacks
This Is How Hackers Target Everyday People With AI Chatbots
SIM-swapper must repay $13.2M to 59 victims • The Register
Cyber security company alarmed by ease of scam creation with Lovable website builder | Cybernews
Artificial Intelligence
AI is now better than humans at phishing
Why defensive AI alone is not enough: the crucial role of a strong security culture | TechRadar
Europol Warns: AI Is Turbocharging Organised Crime
AI is Reshaping Cyber Threats: Here’s What CISOs Must Do Now - Security Boulevard
Key Cyber Security Challenges In 2025—Trends And Observations
The rise of compromised LLM attacks - Help Net Security
This Is How Hackers Target Everyday People With AI Chatbots
DDoS attacks added to cyberwarfare toolkit amid AI, botnet enhancements | SC Media
AI-Powered AkiraBot Evades CAPTCHA to Spam 80,000 Websites - Infosecurity Magazine
Cyber security company alarmed by ease of scam creation with Lovable website builder | Cybernews
How to find out if your AI vendor is a security risk - Help Net Security
Malware
Network-based malware detections increase 94 percent
Police detains Smokeloader malware customers, seizes servers
An APT group exploited ESET flaw to execute malware
Scattered Spider adds new phishing kit, malware to its web • The Register
North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
Threat Actors Weaponize Windows Screensavers Files to Deliver Malware
PlayPraetor Reloaded: CTM360 Uncovers a Play Masquerading Party
Open Source Poisoned Patches Infect Local Software
Bots/Botnets
New Mirai botnet behind surge in TVT DVR exploitation
Europol Targets Customers of Smokeloader Pay-Per-Install Botnet - SecurityWeek
Russian bots hard at work spreading political unrest on Romania's internet
DDoS attacks added to cyberwarfare toolkit amid AI, botnet enhancements | SC Media
AI-Powered AkiraBot Evades CAPTCHA to Spam 80,000 Websites - Infosecurity Magazine
Mobile
Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities
iOS devices face twice the phishing attacks of Android - Help Net Security
Is your Android smartphone at risk? Here’s what you need to know - Talk Android
Call Records of Millions Exposed by Verizon App Vulnerability - SecurityWeek
iPhone vault app exposed passwords, photos | Cybernews
Denial of Service/DoS/DDoS
DDoS Attacks on the Rise, but How Can You Prevent One?
DDoS attacks added to cyberwarfare toolkit amid AI, botnet enhancements | SC Media
Internet of Things – IoT
New Mirai botnet behind surge in TVT DVR exploitation
Will IoT Downtime Be the Biggest Risk of the Next Decade?
Study Identifies 20 Most Vulnerable Connected Devices of 2025 - SecurityWeek
Nissan Leaf Hacked for Remote Spying, Physical Takeover - SecurityWeek
Data Breaches/Leaks
Oracle tells customers its public cloud was compromised • The Register
Over 200 German politician email addresses appear on dark web | Proton
Food giant WK Kellogg discloses data breach linked to Clop ransomware
Beyond The Breach: The Ongoing Impact of the Change Healthcare Attack
The Reg translates Oracle's weak breach confession letter • The Register
Hackers accessed 150,000 emails of 100 US bank regulators at OCC | SC Media
Europcar GitLab breach exposes data of up to 200,000 customers
Signalgate solved? Reports claim accidental contact mix-up • The Register
Call Records of Millions Exposed by Verizon App Vulnerability - SecurityWeek
iPhone vault app exposed passwords, photos | Cybernews
Organised Crime & Criminal Actors
Europol Warns: AI Is Turbocharging Organised Crime
EDR-as-a-Service makes the headlines in the cyber crime landscape
Operation Endgame Continues with Smokeloader Customer Arrests - Infosecurity Magazine
Europol Targets Customers of Smokeloader Pay-Per-Install Botnet - SecurityWeek
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
PoisonSeed phishing campaign behind emails with wallet seed phrases
New PoisonSeed Attacking CRM & Bulk Email Providers in Supply Chain Phishing Attack
Jack Dorsey's Block fined $40M for compliance failures
Insurance
Cyber insurance set to boom but so are the threats – Munich Re
New cyber threats demand new model report warns
Supply Chain and Third Parties
PoisonSeed phishing campaign behind emails with wallet seed phrases
New PoisonSeed Attacking CRM & Bulk Email Providers in Supply Chain Phishing Attack
Cloud/SaaS
Oracle tells customers its public cloud was compromised • The Register
Hackers target SSRF flaws to steal AWS credentials | CSO Online
The Reg translates Oracle's weak breach confession letter • The Register
Identity and Access Management
The shift to identity-first security and why it matters - Help Net Security
Encryption
Secure Communications Evolve Beyond End-to-End Encryption
UK Home Office loses attempt to keep legal battle with Apple secret | Home Office | The Guardian
Passwords, Credential Stuffing & Brute Force Attacks
Phishing kits now vet victims in real-time before stealing credentials
Sophisticated credential exfiltrating phishing kits with real-time validation emerge | SC Media
Hackers target SSRF flaws to steal AWS credentials | CSO Online
Social Media
Senate hears Meta dangled US data in bid to enter China • The Register
Training, Education and Awareness
Regulations, Fines and Legislation
Is the ICO Ready for the Resilience Bill's Requirements? | SC Media UK
Boards Urged to Follow New Cyber Code of Practice - Infosecurity Magazine
UK says company boards need to worry more about cyber security risks | News Brief | Compliance Week
Ban ransomware payments? UK pitches new cyber rules
UK Court Rejects Government Secrecy in Apple's Fight Against Backdoor Request - MacRumors
The Cyber Resilience Act: Consultation on the Technical Description Opens
Rebranding of SEC Cyber Unit Reflects Shift in Enforcement Priorities | King & Spalding - JDSupra
CISA braces for more cuts, threat-intel efforts are doomed • The Register
CISA reevaluating its critical infrastructure public-private partnership | Hogan Lovells - JDSupra
Trump orders DOJ to investigate pair who disputed his allegation of election fraud - SiliconANGLE
Three key federal cyber regulations to watch under Trump
Trump Fires NSA, Cyber Command Chief, Fuelling Security Fears
President Trump fired the head of U.S. Cyber Command and NSA
Cyber attacks to thrive amid Trump tariffs, says expert | SC Media
Jack Dorsey's Block fined $40M for compliance failures
Models, Frameworks and Standards
Business leaders supported to bolster online defences to safeguard growth - GOV.UK
The Cyber Resilience Act: Consultation on the Technical Description Opens
Backup and Recovery
Do backups mean little when incident response dawdles? • The Register
How to work backups into your cyber hygiene routine
Data Protection
Malicious cyber actors using spyware to target individuals’ personal data | Cyber.gov.au
Why Data Privacy Isn't the Same as Data Security
Careers, Working in Cyber and Information Security
A continuous learning strategy | Professional Security Magazine
Neurodiversity in Cyber Security: A Strategic Advantage Beyond DEI | SC Media UK
Cyber Security Career Resilience: Certs + Experience =
CISA Releases NICE Workforce Framework Version 2.0.0 Released - What’s New
Law Enforcement Action and Take Downs
UK Home Office loses attempt to keep legal battle with Apple secret | Home Office | The Guardian
Police detains Smokeloader malware customers, seizes servers
Operation Endgame Continues with Smokeloader Customer Arrests - Infosecurity Magazine
Europol Targets Customers of Smokeloader Pay-Per-Install Botnet - SecurityWeek
SIM-swapper must repay $13.2M to 59 victims • The Register
Misinformation, Disinformation and Propaganda
Russian bots hard at work spreading political unrest on Romania's internet
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
DDoS attacks added to cyberwarfare toolkit amid AI, botnet enhancements | SC Media
Half of Firms Stall Digital Projects as Cyber Warfare Risk Surges - Infosecurity Magazine
Nation State Actors
China
Google Cloud: China Achieves “Cyber Superpower” Status - Infosecurity Magazine
Russia, China target SpaceX's Starlink in escalating space electronic warfare - SpaceNews
What Should the US Do About Salt Typhoon?
Chinese claimed behind closed doors, PRC played role in US cyber attacks: Report | Fox News
China Admits Conducting Cyber Attacks Against US | Newsmax.com
NCSC issues warning over Chinese Moonshine and BadBazaar spyware | Computer Weekly
An APT group exploited ESET flaw to execute malware
Security experts say US-China trade war could hit cyber space • The Register
Smishing Triad Fuels Surge in Toll Payment Scams in US, UK - Infosecurity Magazine
Someone is trying to recruit security researchers in bizarre hacking campaign | TechCrunch
Senate hears Meta dangled US data in bid to enter China • The Register
Russia
Weekly cyber attacks on UK by pro-Russian and pro-Palestinian hackers
Russia, China target SpaceX's Starlink in escalating space electronic warfare - SpaceNews
Germany suspects Russian cyber attack on research group – DW – 04/08/2025
Russian hackers attack Western military mission using malicious drive
Gamaredon targeted the military mission of a Western country based in Ukraine
Ukraine subjected to new cyberespionage campaign | SC Media
Russian bots hard at work spreading political unrest on Romania's internet
North Korea
North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
The need for collaborative global cyber diplomacy is growing - Nextgov/FCW
Capacity is Critical in Riskier Threat Landscape | Trend Micro (US)
Court document reveals locations of WhatsApp victims targeted by NSO spyware | TechCrunch
Tools and Controls
Why CISOs are doubling down on cyber crisis simulations - Help Net Security
Do backups mean little when incident response dawdles? • The Register
CISOs battle security platform fatigue - Help Net Security
Key Cyber Security Challenges In 2025—Trends And Observations
Tariff war has tech buyers wondering what's next. Here's what we know | ZDNET
Security Theater: Vanity Metrics Keep You Busy - and Exposed
What is DSPM? Understanding Data Security Posture Management - Security Boulevard
Why Data Privacy Isn't the Same as Data Security
DNS: The Secret Weapon CISOs May Be Overlooking in the Fight Against Cyber Attacks - SecurityWeek
Cyber pros see trade war driving costs of tech gear | Cybernews
Cracking the Code on Cyber Security ROI
Why remote work is a security minefield (and what you can do about it) - Help Net Security
Microsoft Boosts Email Sender Rules for Outlook
How to find out if your AI vendor is a security risk - Help Net Security
Other News
Two-thirds of financial services firms hit by cyber breach in past year - report - TechCentral.ie
Why Cyber Security Should Be a Top Priority in Fintech: By Ruchi Rathor
Over 40% of UK Businesses Faced Cyber Security Breaches in 2024 - Infosecurity Magazine
Tariff war has tech buyers wondering what's next. Here's what we know | ZDNET
Cyber attacks on water and power utilities threaten public safety - Help Net Security
Trustees should ‘double down’ on cyber risks in face of increasing threats - Pensions Age Magazine
Cyber attacks continue to blight almost all UK higher education - Research Professional News
Turbulence Ahead: Navigating the Challenges of Aviation Cyber Security
Why remote work is a security minefield (and what you can do about it) - Help Net Security
Cyber Criminals Are Exploiting Universities' Weakness In Document Management
Protecting maritime data: the next frontier for shipping cyber security
New KnowBe4 report exposes critical cyber threats in European energy sector | World Pipelines
Trojan Horses in Space: Cyber Threats Hidden in Satellite Networks | DefenceTalk
Vulnerability Management
The Ultimate Guide to Vulnerability Assessment - Security Boulevard
10 best practices for vulnerability management according to CISOs | CSO Online
NIST Declares CVE Cutoff: Pre-2018 Vulnerabilities Now ‘Deferred’
It’s time to stop the victim-blaming and insist on safer software | Computer Weekly
Microsoft delays WSUS driver sync deprecation indefinitely
Vulnerabilities
Hackers are targeting Ivanti VPN users again – here’s what you need to know | IT Pro
Microsoft patches zero-day actively exploited in string of ransomware attacks | CyberScoop
Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability
Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities
WinRAR flaw bypasses Windows Mark of the Web security alerts
Chrome preps fix for browser history spying • The Register
ESET Vulnerability Exploited for Stealthy Malware Execution - SecurityWeek
Vulnerabilities Patched by Ivanti, VMware, Zoom - SecurityWeek
Critical FortiSwitch flaw lets hackers change admin passwords remotely
VMware Patches Multiple 47 Vulnerabilities VMware Tanzu Greenplum Backup & Components
SAP Patches Critical Code Injection Vulnerabilities - SecurityWeek
Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered
WhatsApp Flaw Exposes Users To Malicious Attacks
Juniper Networks Patches Dozens of Junos Vulnerabilities - SecurityWeek
Hackers exploit WordPress plugin auth bypass hours after disclosure
Zero-Day Vulnerability in CentreStack Exploited to Breach Enterprise File Servers | MSSP Alert
Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes
Call Records of Millions Exposed by Verizon App Vulnerability - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.