Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Intelligence Briefing 27 June 2025
Black Arrow Cyber Threat Intelligence Briefing 27 June 2025:
-Nearly Half of Companies Opt to Pay the Ransom, Sophos Report Finds
-New Hires More Likely to Fall for Phishing and Social Engineering Attacks
-BT Warns UK SMEs Are Primary Targets for Hackers as Only Three in Five Have Had Cyber Security Training
-More than Half of Cyber Security Professionals Told to Conceal Breaches, Survey Claims
-Half of Security Pros Want GenAI Deployment Pause
-Cyber Attacks on Insurers Put CFOs on High Alert
-Scattered Spider Behind Cyber Attacks on M&S and Co-op, Causing Up to £440M in Damages, Widening Attacks to Insurance, Aviation and Transportation Sectors
-Netflix, Apple, BofA Websites Hijacked with Fake Help-Desk Numbers
-Police Alerts About New SMS “Blaster” Scams Used for Smishing
-Report Reveals 5 in 6 Organisations at Risk Due to Immature Supply Chain Security
-Businesses Urged to Strengthen Cyber Defences amid Increase in Iran-Adjacent Attacks
-National Security Strategy 2025: Security for the British People in a Dangerous World
-How Geopolitical Tensions Are Shaping Cyber Warfare
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week, our review of cyber security intelligence in the specialist and general media includes the latest ransomware report by Sophos, which shows that nearly half of organisations paid the ransom and over 40% of victims cited unrecognised security gaps as entry points for attackers. We discuss that popular entry points include employees, with phishing being particularly successful against newly hired employees and smaller organisations not training their staff. We also discuss the pressures of cyber security on key roles in the organisation: for CISOs, more than half are under pressure to keep breaches secret and many want a pause on AI deployment in their organisation; for CFOs, the challenge is to quantify and manage the financial risk of a breach.
Other articles describe how attackers are moving into the insurance, aviation and transportation sectors, while other attackers are using tactics including hijacking search results for major brands, or sending malicious text messages to phones that have been lured onto fake networks. Businesses are urged to address their supply chain risks and their wider security in the light of geopolitical risks from the Middle East, Russia, China and North Korea.
The recurring theme is the need for organisations to understand and proactively manage their risks through proportionate controls, and to establish and rehearse how to respond to an incident in order to remain resilient in the face of escalating threats.
Top Cyber Stories of the Last Week
Nearly Half of Companies Opt to Pay the Ransom, Sophos Report Finds
Sophos’ latest global report shows nearly half of organisations hit by ransomware paid to regain access to their data, with a median payment of one million dollars. 53% negotiated lower sums than initially demanded, and the average recovery cost fell from $2.73 million to $1.53 million year on year. Over 40% of victims cited unrecognised security gaps as entry points for attackers, with lack of staff or expertise remaining a key weakness. However, more firms are halting attacks before data is encrypted, and faster recovery times suggest some organisations have improved readiness against ransomware threats.
New Hires More Likely to Fall for Phishing and Social Engineering Attacks
A recent study highlights that 71% of new hires click on phishing emails within their first three months, making them 44% more likely to fall victim than experienced staff. This increased risk stems from limited security training during onboarding and eagerness to please superiors, especially when emails appear to come from senior figures like the CEO or HR. Encouragingly, organisations that implemented tailored phishing simulations and behaviour-focused training saw phishing risk drop by 30%. Early, practical cyber security training is essential to equip new employees to recognise and report suspicious activity, strengthening overall organisational defences.
https://natlawreview.com/article/new-hires-more-likely-fall-phishing-social-engineering-attacks
BT Warns UK SMEs Are Primary Targets for Hackers as Only Three in Five Have Had Cyber Security Training
BT has warned that UK small and medium-sized enterprises face increasing cyber threats, with 42% of small and 67% of medium firms suffering an attack in the past year. Two in five, the equivalent of two million, SMEs have not provided any cyber security training, leaving them vulnerable to phishing and ransomware, which has more than doubled in a year. QR code scams have surged 1,400% over five years. The average cost of a serious breach for small firms is nearly £8,000, and many SMEs lack the resources or awareness to defend against emerging threats such as AI-driven attacks and account takeovers.
More than Half of Cyber Security Professionals Told to Conceal Breaches, Survey Claims
A recent Bitdefender survey has revealed that 57% of cyber security professionals worldwide have been pressured to keep breaches secret, with Singapore and the US experiencing the highest rates. The study also highlights growing concerns over AI-driven cyber attacks, which 67% reported had increased and 51% cited as their top risk. Notably, a gap exists between executives’ high confidence in cyber resilience and mid-level managers’ lower assurance. Skills shortages, complex security tools, and challenges securing hybrid systems emerged as key obstacles, with nearly half saying the cyber security skills gap had worsened over the past year.
Half of Security Pros Want GenAI Deployment Pause
Research by security firm Cobalt reveals that nearly half of security professionals believe a pause on generative AI deployment is needed, as 36% feel adoption is outpacing their teams’ ability to manage risks. Three-quarters of practitioners consider generative AI their top IT risk, with concerns including exposure of sensitive data, manipulation of training information and model inaccuracies. Only 21% of serious vulnerabilities identified in generative AI tools are resolved. The report stresses that traditional web security measures like input validation remain essential, while highlighting that addressing prompt-based attacks on AI systems demands expert, adaptive testing.
https://www.infosecurity-magazine.com/news/half-security-pros-genai-pause/
Cyber Attacks on Insurers Put CFOs on High Alert
Recent cyber attacks on major insurers, including Aflac, have heightened concerns among chief financial officers about quantifying and managing the financial risks of data breaches in the insurance sector. Aflac detected unauthorised access to its network involving sensitive data such as health records and Social Security numbers. While operations remain unaffected and ransomware was not involved, the attack is linked to a sophisticated criminal group known for exploiting staff through social engineering, which uses deception to manipulate employees. Other insurers have faced similar breaches, signalling a rising trend of targeted attacks against the insurance industry that demand immediate attention from senior leaders.
https://fortune.com/2025/06/24/cyberattacks-insurers-aflac-cfo-high-alert/
Scattered Spider Behind Cyber Attacks on M&S and Co-op, Causing Up to £440M in Damages, Widening Attacks to Insurance, Aviation and Transportation Sectors
Recent cyber attacks on UK retailers Marks & Spencer and Co-op, linked to the same criminal group Scattered Spider, have resulted in combined damages estimated between £270 million and £440 million. These incidents exploited social engineering, where attackers tricked IT help desks to gain access. The attacks are considered a significant event with deep impacts on both firms and their suppliers. Experts warn that Scattered Spider is now targeting the insurance, aviation and transportation sectors, urging heightened vigilance.
https://thehackernews.com/2025/06/scattered-spider-behind-cyberattacks-on.html
Netflix, Apple, BofA Websites Hijacked with Fake Help-Desk Numbers
Cyber criminals are hijacking search results for major brands like Netflix, Apple, and Bank of America, placing fake ads that lead victims to authentic-looking support pages showing fraudulent phone numbers. When users call these numbers, scammers posing as help-desk staff trick them into giving away personal or financial details, or granting remote access to their devices. This attack exploits weaknesses in website search functions and is difficult for browsers to detect. Organisations should raise awareness that legitimate support will never request sensitive information over the phone, and staff should be wary of unsolicited phone numbers in search results.
https://www.theregister.com/2025/06/20/netflix_apple_bofa_websites_hijacked/
Police Alerts About New SMS “Blaster” Scams Used for Smishing
UK Police have highlighted a rise in smishing attacks involving SMS blasters; these are radio devices that attract and connect to mobile phones in the area, and then send out text messages to those phones appearing to be from trusted organisations. A recent case saw a man jailed for sending thousands of scam messages from a car in London to steal personal information. Although some networks have blocked millions of scam texts, individuals are urged to avoid engaging with suspicious messages and report them to their mobile network provider. Disabling 2G on Android or filtering unknown senders on iPhones can further reduce exposure to these threats.
https://cybernews.com/news/police-alerts-about-new-sms-blaster-scams-used-for-smishing/
Report Reveals 5 in 6 Organisations at Risk Due to Immature Supply Chain Security
A new report from SecurityScorecard shows that 5 in 6 organisations face heightened cyber security risks due to outdated supply chain defences. Third-party involvement in breaches has doubled to nearly 30%, yet fewer than half of firms monitor cyber security across even half of their extended supply chains. Over 70% have suffered at least one serious third-party incident in the past year. Experts warn that without integrated detection and incident response, organisations remain vulnerable to cascading impacts from supply chain cyber attacks.
Businesses Urged to Strengthen Cyber Defences Amid Increase in Iran-Adjacent Attacks
Cyber security experts have warned of a sharp rise in cyber attacks linked to Iran following the recent Israel-Iran conflict, with UK, US and EU businesses targeted. Attacks have included attempts to crash systems by overwhelming them with traffic, malicious software designed to delete data, and coordinated disinformation campaigns. UK Prime Minister Sir Keir Starmer described these cyber attacks as assaults on the UK itself, urging firms to urgently review and strengthen their cyber security. Experts caution that companies may be targeted simply for being connected to Western interests. Organisations are urged to strengthen security by promptly applying updates, using strong access controls, and preparing incident response plans. Experts stress the importance of employee awareness and real-time monitoring to counter sophisticated attack techniques aimed at disruption and data theft.
National Security Strategy 2025: Security for the British People in a Dangerous World
The UK’s National Security Strategy 2025 sets out the country’s response to an increasingly dangerous world, committing to spend 5% of GDP on national security by 2035. It highlights rising threats from Russia, China and Iran, and warns of growing cyber attacks undermining public services. The strategy stresses stronger borders, revitalising the defence industry, and aligning technology and economic resilience with security goals. It calls for a national effort to build resilience, improve cyber defences and ensure stability at home and abroad, emphasising that economic security and technological advantage are now central to protecting the British people.
How Geopolitical Tensions Are Shaping Cyber Warfare
Geopolitical tensions are fuelling a surge in cyber attacks as nation-state-backed groups target governments, finance, and infrastructure with increasing speed and sophistication. Iran focuses on disruption for political gain, North Korea pursues profit through theft, and Russia and China aim for long-term strategic advantage. Attackers often reuse old tools with new delivery methods, exploiting poor patching and weak user awareness. Artificial intelligence is compounding risks by enabling precise, large-scale attacks. To remain resilient, organisations must combine strong basics like patching and training with intelligence-led testing of defences tailored to the specific threats they face.
https://www.darkreading.com/vulnerabilities-threats/geopolitical-tensions-shape-cyber-warfare
Governance, Risk and Compliance
Comms Business - Almost 40 per cent of SMEs have no cyber security training, BT survey finds
BT says nearly half small businesses have suffered a cyber attack in the last year
Cyber security neglect issue for UK businesses? - The Recycler
More than half of cyber security professionals told to conceal breaches, survey claims
SecurityScorecard Report Reveals 5 in 6 Organisations at Risk Due to Immature Supply Chain Security
Cyber security Governance: A Guide for Businesses to Follow | TechTarget
Is Your CISO Ready to Flee? - Security Boulevard
After a hack many firms still say nothing, and that’s a problem - Help Net Security
Cyber attacks on insurers put CFOs on high alert | Fortune
How CISOs can justify security investments in financial terms - Help Net Security
How Executives Could Respond When Faced With Multiple Crisis Situations
How Customer Trust Can Shield Your Business In A Crisis
What is Risk Avoidance? | Definition from TechTarget
How to Keep Up with Overlapping Cyber Security Regulations in Finance - Infosecurity Magazine
Threats
Ransomware, Extortion and Destructive Attacks
Nearly Half of Companies Opt to Pay the Ransom, Sophos Report Finds
UK ransomware costs significantly outpace other countries | Computer Weekly
Four REvil ransomware crooks walk free after admitting guilt • The Register
Ransomware threat actors today and how to thwart them | TechTarget
Cyber criminals cash in on stolen cookies and credentials | Insurance Business America
Qilin Ransomware Adds "Call Lawyer" Feature to Pressure Victims for Larger Ransoms
Bring Your Own Installer EDR Bypass Observed in Ransomware Operation | MSSP Alert
Dire Wolf Ransomware Comes Out Snarling, Bites Verticals
Ransomware in Cars: Why Automotive Cyber Attacks Are Spiking in 2025 | Raleigh News & Observer
Ransomware Victims
Major insurer hit by giant cyber attack | Insurance Business America
M&S and Co-op Hacks Classified as Single Cyber Event - Infosecurity Magazine
Scattered Spider Behind Cyber Attacks on M&S and Co-op, Causing Up to $592M in Damages
M&S cyber-attack boosted sales at Next, Zara and H&M
Patient death at London hospital linked to cyber attack on NHS – DataBreaches.Net
M&S cyber attack deepens as tech partner TCS denies blame - Retail Gazette
3 key takeaways from the Scattered Spider attacks on insurance firms
Whole Foods supplier UNFI restores core systems after cyber attack
Services disrupted as cyber attack hits Glasgow Council - UKTN
Phishing & Email Based Attacks
Report on New Hires and Phishing Susceptibility
Microsoft 365 'Direct Send' abused to send phishing as internal users
Other Social Engineering
Police warn of SMS scams as ‘blaster’ is used to send thousands of texts | Scams | The Guardian
How Foreign Scammers Use US Banks to Fleece Americans — ProPublica
ClickFix attacks skyrocketing more than 500% - Help Net Security
New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks
New wave of ‘fake interviews’ use 35 npm packages to spread malware
Fraud, Scams and Financial Crime
Netflix, Apple, BofA sites hijacked with fake help numbers • The Register
Police warn of SMS scams as ‘blaster’ is used to send thousands of texts | Scams | The Guardian
How Foreign Scammers Use U.S. Banks to Fleece Americans — ProPublica
Reported Impersonation Scams Surge 148% as AI Takes Hold - Infosecurity Magazine
Malware Campaign Uses Rogue WordPress Plugin to Skim Credit Cards - Infosecurity Magazine
Half of Customer Signups Are Now Fraudulent - Infosecurity Magazine
UK cyber attacks set to continue amid ‘fraud pandemic’, security experts warn | The Independent
Amazon Prime Day Is Coming — How To Protect Yourself From Scammers
Artificial Intelligence
New AI Jailbreak Bypasses Guardrails With Ease - SecurityWeek
Most AI and SaaS apps are outside IT's control - Help Net Security
Reported Impersonation Scams Surge 148% as AI Takes Hold - Infosecurity Magazine
AI Is Behind 50% Of Spam — And Now It’s Hacking Your Accounts
AI Agents Are Getting Better at Writing Code—and Hacking It as Well | WIRED
Navigating Generative AI's Expanding Capabilities and Evolving Risks
Half of Security Pros Want GenAI Deployment Pause - Infosecurity Magazine
Vulnerability in Public Repository Could Enable Hijacked LLM Responses | Security Magazine
And Now Malware That Tells AI to Ignore It?
Hundreds of MCP Servers at Risk of RCE and Data Leaks - Infosecurity Magazine
We know GenAI is risky, so why aren't we fixing its flaws? - Help Net Security
US Army Blocks Air Force's AI Program Over Data Security Concerns | Air & Space Forces Magazine
Malware
Researchers discover first malware to exploit AI prompt injection
And Now Malware That Tells AI to Ignore It?
Malware Campaign Uses Rogue WordPress Plugin to Skim Credit Cards - Infosecurity Magazine
20,000 Malicious IPs And Domains Taken Down In INTERPOL Infostealer Crackdown – Eurasia Review
Stealthy backdoor found hiding in SOHO devices running Linux - Help Net Security
Threat Actor Trojanizes Copy of SonicWall NetExtender App
Attackers Wield Signed ConnectWise Installers as Malware
New wave of ‘fake interviews’ use 35 npm packages to spread malware
Threat Actor Allegedly Selling FortiGate API Exploit Tool Targeting FortiOS
APT28 hackers use Signal chats to launch new malware attacks on Ukraine
XDigo Malware Exploits Windows LNK Flaw in Eastern European Government Attacks
Cyber attacks on state bodies: a multi-level interaction scheme via Word and Signal revealed | УНН
Prometei botnet activity has surged since March 2025
WinRAR patches bug letting malware launch from extracted archives
Hackers abuse Microsoft ClickOnce and AWS services for stealthy attacks
OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors
Bots/Botnets
Prometei botnet activity has surged since March 2025
Half of Customer Signups Are Now Fraudulent - Infosecurity Magazine
Mobile
Godfather Malware Targets 400+ Banking Apps Worldwide
SparkKitty Swipes Pics From iOS, Android Devices
What to do if your mobile phone account is hacked or number stolen | Mobile phones | The Guardian
Denial of Service/DoS/DDoS
Cloudflare blocked record-breaking 7.3 Tbps DDoS attack against a hosting provider
Record DDoS pummels site with once-unimaginable 7.3Tbps of junk traffic - Ars Technica
Internet of Things – IoT
Typhoon-like gang slinging TLS certificate 'signed' by LAPD • The Register
Chinese APT Hacking Routers to Build Espionage Infrastructure - SecurityWeek
Ransomware in Cars: Why Automotive Cyber Attacks Are Spiking in 2025 | Raleigh News & Observer
DSIT identifies cyber security weaknesses in IoT devices | UKAuthority
Israel urges citizens to turn off home cameras as Iran hacks surveillance systems | TechSpot
Medical device cyber attacks push hospitals into crisis mode - Help Net Security
Data Breaches/Leaks
Supply Chain Attack Hits Swiss Banks | SC Media UK
Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself | ZDNET
Oxford City Council suffers breach exposing two decades of data
Hacker 'IntelBroker' charged in US for global data theft breaches
Steel Giant Nucor Confirms Data Stolen in Cyber Attack
Cyber attacks at two Melbourne hospitals expose patient details on dark web
Hawaiian Airlines discloses cyber attack, flights not affected
Former US Army Sergeant admits he sold secrets to China • The Register
Advance Auto Parts data breach class action settlement
Organised Crime & Criminal Actors
Man Who Hacked Organisations to Advertise Security Services Pleads Guilty - SecurityWeek
Man pleads guilty to hacking networks to pitch security services
British Man Suspected of Being the Hacker IntelBroker Arrested, Charged - SecurityWeek
Money mule networks evolve into hierarchical, business-like criminal enterprises - Help Net Security
Africa Sees Surge in Cyber Crime as Law Enforcement Struggles
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Attackers Target Docker APIs in Stealthy Crypto Heist
Supply Chain and Third Parties
SecurityScorecard Report Reveals 5 in 6 Organisations at Risk Due to Immature Supply Chain Security
Supply Chain Attack Hits Swiss Banks | SC Media UK
M&S and Co-op Hacks Classified as Single Cyber Event - Infosecurity Magazine
Scattered Spider Behind Cyber Attacks on M&S and Co-op, Causing Up to $592M in Damages
Most organisations are at risk thanks to immature supply chain security | TechRadar
M&S cyber attack deepens as tech partner TCS denies blame - Retail Gazette
MSPs Juggle High Breach Rates and Strong Cyber Confidence | MSSP Alert
Security pro counts the cost of Microsoft dependency • The Register
Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks
Why Are CISOs Prioritizing Snowflake Security? The Breach Playbook Has Changed. - Security Boulevard
Officials set out cyber security charter for NHS suppliers | UKAuthority
Cloud/SaaS
Most AI and SaaS apps are outside IT's control - Help Net Security
The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience
Why Are CISOs Prioritizing Snowflake Security? The Breach Playbook Has Changed. - Security Boulevard
Hackers abuse Microsoft ClickOnce and AWS services for stealthy attacks
When the Cloud Goes Down, Will Your Security Go With It? | Symantec Enterprise Blogs
Outages
UK mobile telco Three suffers voice, text outage • The Register
Encryption
China breaks RSA encryption with a quantum computer - Earth.com
Quantum risk is already changing cyber security - Help Net Security
Home Office anti-encryption site pushes payday loan scheme • The Register
Linux and Open Source
Stealthy backdoor found hiding in SOHO devices running Linux - Help Net Security
Linux flaws chain allows Root access across major distributions
French city of Lyon ditching Microsoft for FOSS • The Register
Passwords, Credential Stuffing & Brute Force Attacks
Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself | ZDNET
Cyber criminals cash in on stolen cookies and credentials | Insurance Business America
Brother printer bug in 689 models exposes default admin passwords
Social Media
Regulations, Fines and Legislation
Home Office anti-encryption site pushes payday loan scheme • The Register
How to Keep Up with Overlapping Cyber Security Regulations in Finance - Infosecurity Magazine
Top Pentagon spy pick rejected by White House - POLITICO
WhatsApp messaging app banned on all US House of Representatives devices | WhatsApp | The Guardian
CISA Is Shrinking: What Does It Mean for Cyber?
Foreign aircraft, domestic risks | CSO Online
Models, Frameworks and Standards
New Cyber Blueprint to Scale Up the EU Cyber Security Crisis Management | ENISA
Careers, Working in Cyber and Information Security
Why work-life balance in cyber security must start with executive support - Help Net Security
Getting a career in cyber security isn’t easy, but this can help
UK Gov Cyber Security Jobs Average Salary is Under £45,000, Study Finds - Infosecurity Magazine
Charming Kitten APT Tries Spying on Israeli Cyber Experts
Law Enforcement Action and Take Downs
Man Who Hacked Organisations to Advertise Security Services Pleads Guilty - SecurityWeek
British Man Suspected of Being the Hacker IntelBroker Arrested, Charged - SecurityWeek
20,000 Malicious IPs And Domains Taken Down In INTERPOL Infostealer Crackdown – Eurasia Review
Four REvil ransomware crooks walk free after admitting guilt • The Register
Hacker 'IntelBroker' charged in US for global data theft breaches
Indian police arrest 10 for laundering fraud proceeds for a Chinese gang | Cryptopolitan
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
How Cyber Warfare Changes the Face of Geopolitical Conflict
How Geopolitical Tensions Are Shaping Cyber Warfare
Cyber warfare escalates: Israel and Iran's digital conflict
Nation State Actors
How Cyber Warfare Changes the Face of Geopolitical Conflict
Are we making hackers sound too cool? These security experts think so | TechRadar
Decade of risk: signaling security in an era of geopolitical tension - DCD
China
Stealthy backdoor found hiding in SOHO devices running Linux - Help Net Security
China breaks RSA encryption with a quantum computer - Earth.com
Chinese APT Hacking Routers to Build Espionage Infrastructure - SecurityWeek
China-linked APT Salt Typhoon targets Canadian Telecom companies
Indian police arrest 10 for laundering fraud proceeds for a Chinese gang | Cryptopolitan
Former US Army Sergeant admits he sold secrets to China • The Register
China increases cyber attacks on hospitals to ‘humiliate’ Taiwan
Russia
APT28 hackers use Signal chats to launch new malware attacks on Ukraine
XDigo Malware Exploits Windows LNK Flaw in Eastern European Government Attacks
Cyber attacks on state bodies: a multi-level interaction scheme via Word and Signal revealed | УНН
Iran
Cyber warfare escalates: Israel and Iran's digital conflict
Israel urges citizens to turn off home cameras as Iran hacks surveillance systems | TechSpot
The real threat to the UK from Iran - from sleeper cells to cyber attacks
Israel expands cyber powers amid rising threats—via WhatsApp | Ctech
Tools and Controls
Most AI and SaaS apps are outside IT's control - Help Net Security
Are we making hackers sound too cool? These security experts think so | TechRadar
The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience
When the Cloud Goes Down, Will Your Security Go With It? | Symantec Enterprise Blogs
And Now Malware That Tells AI to Ignore It?
AI Agents Are Getting Better at Writing Code—and Hacking It as Well | WIRED
Half of Security Pros Want GenAI Deployment Pause - Infosecurity Magazine
Microsoft rolls out Windows security changes to prevent another CrowdStrike meltdown | ZDNET
Don’t be distracted by AI – fundamental cyber skills are still key | TechRadar
Bring Your Own Installer EDR Bypass Observed in Ransomware Operation | MSSP Alert
What is Risk Avoidance? | Definition from TechTarget
How CISOs can justify security investments in financial terms - Help Net Security
How Executives Could Respond When Faced With Multiple Crisis Situations
Other News
BT says nearly half small businesses have suffered a cyber attack in the last year
Microsoft rolls out Windows security changes to prevent another CrowdStrike meltdown | ZDNET
Services disrupted as cyber attack hits Glasgow Council - UKTN
Cyber attacks on insurers put CFOs on high alert | Fortune
EU and Australia commit to Defence Partnership| Cybernews
Building cyber resilience in the financial sector
Decade of risk: signaling security in an era of geopolitical tension - DCD
Medical device cyber attacks push hospitals into crisis mode - Help Net Security
Cyber Intel Pros and Hobbyists Can Now Report Threats Anonymously - Infosecurity Magazine
French city of Lyon ditching Microsoft for FOSS • The Register
Security pro counts the cost of Microsoft dependency • The Register
Some European Countries Are Ditching Microsoft Software For Good (And Here's Why That Matters)
Denmark is switching to Linux | PC Gamer
Dual-Use Military and Civil Airports Face Cyber Threats
The Security Fallout of Cyber Attacks on Government Agencies - Security Boulevard
Cyber Skills Today for Economic Growth Tomorrow
Vulnerability Management
'7% of organisations tackle vulnerabilities only when necessary' - Data Centre & Network News
CISA Is Shrinking: What Does It Mean for Cyber?
Irish businesses show gaps in cyber security as 6 in 10 overlook regular software updates
Vulnerabilities
Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777) - Help Net Security
Up next on the KEV? All signs point to 'CitrixBleed 2' • The Register
Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access
Linux flaws chain allows Root access across major distributions
Threat Actor Allegedly Selling FortiGate API Exploit Tool Targeting FortiOS
Hundreds of MCP Servers at Risk of RCE and Data Leaks - Infosecurity Magazine
Asana Fixes Security Flaw in AI Data Integration Tool
Chrome 138, Firefox 140 Patch Multiple Vulnerabilities - SecurityWeek
Millions of Brother Printers Hit by Critical Unpatchable Bug
CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet
Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks
WinRAR patches bug letting malware launch from extracted archives
Critical Teleport Vulnerability Let Attackers Remotely Bypass Authentication Controls
Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144) - Help Net Security
Motors Theme Vulnerability Exploited to Hack WordPress Websites - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 20 June 2025
Black Arrow Cyber Threat Intelligence Briefing 20 June 2025:
-Survey Reveals 98% of CISOs Anticipate Increased Cyber Attacks Within Three Years
-Over Two Thirds of MSPs Hit by Multiple Breaches in Past Year, Survey Reveals
-IT Helpdesk Scams are Ramping Up – Here’s What Leaders Can Do
-Phishing 3.0: Agentic AI Ushers in New Generation of Unprecedented Risk
-Why CISOs Must Align Business Objectives and Cyber Security
-Scattered Spider has Moved from Retail to Financial Services, Insurance Now Targeted
-Ransomware Thrives in Shook-Up Criminal Underworld
-Russian Gang’s Cyber Attack on UK Blood Services ‘Harmed 170 Patients’
-Experts Warn Clicking "Unsubscribe" Could Actually be a Security Risk, Here's Why
-Security Is Only as Strong as the Weakest Third-Party Link
-Employees Are Using AI Where They Know They Shouldn’t
-Threat of Cyber Attacks from Iran Concern Security Experts
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Our review of cyber security in specialist and general media this week features a survey of 300 CISOs where 98% expect increased cyber threats within three years, with growing concern over third-party risks and hybrid outsourcing models. A separate survey revealed that 69% of managed service providers (MSPs) reported multiple cyber breaches in the last 12 months, highlighting supply chain risks to be managed by organisations including the popular attack tactic of IT Helpdesk scams. We also report on the evolution of phishing using agentic-AI and deepfake, and the use of ‘unsubscribe’ buttons on phishing emails to compromise the recipient’s systems.
The structure and tactics of the criminal ecosystem continues to evolve. New attacker groups are emerging as others disappear and existing groups are moving from the retail sector to target financial services, while Iranian cyber attackers are coming to the fore. We also report on the need for CISOs to demonstrate board-level alignment of security and business growth, and the need for stronger governance over the use of AI in organisations.
At Black Arrow Cyber Consulting, we strongly believe these developing risks are best addressed through an organisational-wide approach to security. In line with globally respected frameworks, this starts with governance by a leadership team that has a strong understanding of the fundamentals of cyber security using controls across people, operations and technology to address the evolving risks including social engineering, third party risks, and AI.
Top Cyber Stories of the Last Week
Survey Reveals 98% of CISOs Anticipate Increased Cyber Attacks Within Three Years
CSC’s latest global survey of 300 CISOs found that 70% believe security threats will increase in the next year and almost all (98%) predict an increase in the next three years. The study also highlights a rise in cyber security budgets and growing reliance on hybrid outsourcing models, though concerns remain over third-party access and poor compliance by domain providers.
https://www.techmonitor.ai/technology/cybersecurity/csc-survey-cisos-anticipate-cyberattacks
Over Two Thirds of MSPs Hit by Multiple Breaches in Past Year, Survey Reveals
CyberSmart’s latest survey reveals that managed service providers (MSPs) remain a key target for cybercriminals, citing recent examples of organisations being attacked through their MSP. 69% of MSP participants reported multiple breaches in the last 12 months, with almost half facing three or more. 39% felt prepared to offer a solution or guidance to customers in meeting their cybersecurity regulations which could include DORA or NIS2. The report notes opportunities to further strengthen cyber resilience. MSPs named continuous monitoring, employee cybersecurity training, and proactive risk management as the measures most likely to help them improve cyber confidence. https://www.itsecurityguru.org/2025/06/19/over-two-thirds-of-msps-hit-by-multiple-breaches-in-past-year-survey-reveals/
IT Helpdesk Scams are Ramping Up – Here’s What Leaders Can Do
IT helpdesk scams are becoming more sophisticated, targeting staff across legal, financial and other high-value sectors. Attackers often pose as internal IT support to trick users into installing legitimate remote access tools, giving criminals control of systems. Recent breaches at retailers M&S and the Co-op highlight how even trained IT staff can be manipulated. Criminal groups and state actors alike are adopting these tactics, increasingly enhanced by artificial intelligence to personalise interactions and build trust. With technical controls often bypassed, firms must invest in regular user training, restrict admin rights, and block unauthorised remote access tools to reduce risk.
https://www.itpro.com/security/cyber-attacks/it-helpdesk-scams-are-ramping-up-heres-what-to-do
Phishing 3.0: Agentic AI Ushers in New Generation of Unprecedented Risk
Phishing is entering a new phase, with AI-driven threats set to challenge traditional defences. Known as Phishing 3.0, this wave combines highly convincing deepfakes and autonomous AI agents capable of executing entire campaigns without human input. These tools can convincingly mimic voices or faces of trusted individuals, increasing the risk of fraud and data loss. A recent study found that current defences miss over two-thirds of phishing emails. To remain resilient, organisations must invest in advanced AI-powered detection and raise staff awareness to spot fake communications that appear authentic and urgent. The threat is growing rapidly, and preparation is essential.
Why CISOs Must Align Business Objectives and Cyber Security
A successful chief information security officer (CISO) must align cyber security with business objectives to support growth, innovation and resilience. As cyber threats grow more complex, including silent long-term intrusions and AI-driven attacks, CISOs must take a proactive approach that secures operations without hindering them. This requires board-level engagement, clarity over roles and responsibilities, and regular communication with other executives. Shared ownership of cyber risk across leadership teams fosters a culture where business and security priorities work in tandem. Simulations, modern tools, and well-structured processes further help ensure the organisation is prepared before a major incident occurs.
Scattered Spider has Moved from Retail to Financial Services, Insurance Now Targeted
The cyber crime group known as Scattered Spider has shifted its focus from retailers to the insurance sector, prompting warnings from Google for firms to be on high alert. Several US insurers, including Erie and Philadelphia Insurance, have reported system outages linked to unauthorised access, with investigations still ongoing. The group is known for using fake helpdesk calls to gain access before deploying ransomware. Google recommends enhanced caller verification, stronger authentication methods, and helpdesk training to reduce the risk. The prolonged disruption highlights the need for robust cyber security defences across the financial and insurance sectors.
https://www.theregister.com/2025/06/16/scattered_spider_targets_insurance_firms/
Ransomware Thrives in Shook-Up Criminal Underworld
The ransomware threat landscape is evolving rapidly, with a wave of new groups emerging as older operations disappear. A recent surge in attacks linked to groups such as SafePay, Qlin, Play and Akira accounted for 64 victims in May alone, with organisations in the UK, US, and Europe among those affected. The collapse of major players like RansomHub has triggered fierce competition among criminal groups, leading to greater fragmentation and more sophisticated tactics. Some attacks now appear to serve dual purposes, including espionage. Meanwhile, code reuse from defunct groups like REvil shows that while names may change, the threat remains constant.
https://www.govinfosecurity.com/ransomware-thrives-in-shook-up-criminal-underworld-a-28739
Russian Gang’s Cyber Attack on UK Blood Services ‘Harmed 170 Patients’
A ransomware cyber attack carried out by a Russian criminal group last year severely disrupted pathology services at London hospitals and GP surgeries, directly impacting patient care. The incident, which targeted the provider Synnovis, led to the cancellation of over 10,000 medical appointments and halted blood testing across many GP practices. Reports now confirm that nearly 600 incidents were linked to the disruption, with 170 patients suffering direct harm. These included one case of severe harm and 14 of moderate harm. The attack highlights the real-world consequences of digital vulnerabilities in critical healthcare systems.
https://www.lbc.co.uk/tech/russian-gangs-cyber-attack-on-blood-services-harmed-170-patients/
Experts Warn Clicking "Unsubscribe" Could Actually be a Security Risk, Here's Why
Clicking “unsubscribe” in spam emails may expose users to cyber attacks, experts warn. Threat actors often use these buttons to redirect recipients to harmful websites or confirm active email addresses for future targeting. Research suggests around 1 in 600 clicks lead to malicious content. If the sender is unfamiliar or untrusted, using the unsubscribe option is not advised. Instead, users should rely on built-in unsubscribe features within their email client, use spam filters, or create disposable email addresses to minimise risk. This highlights the need for caution when managing unwanted emails, even in seemingly routine actions.
Security Is Only as Strong as the Weakest Third-Party Link
Third-party risks are now a major contributor to data breaches, accounting for 30% of incidents. High-profile incidents have shown how supplier vulnerabilities can disrupt operations at scale. To remain resilient, security leaders must shift to continuous monitoring and treat third-party risks as their own. With rising complexity and resource constraints, technology and smarter assessments are vital to protecting businesses in an increasingly interconnected environment.
https://www.darkreading.com/vulnerabilities-threats/security-strong-weakest-third-party-link
Employees Are Using AI Where They Know They Shouldn’t
Many employees are using artificial intelligence tools in ways they know they shouldn’t, including for sensitive tasks such as safety decisions and personnel matters. Despite this, 86% of staff lack confidence in AI’s accuracy, and most feel undertrained in its practical use. Smaller firms in particular struggle with adoption, with nearly half of employees unsure how to use AI effectively. Business leaders should take urgent steps to improve staff training, introduce clear and enforceable AI policies, and avoid deploying tools without defined purpose or oversight, as failure to do so risks both misuse and missed productivity gains.
https://www.helpnetsecurity.com/2025/06/18/employees-ai-potential/
Threat of Cyber Attacks from Iran Concern Security Experts
Cyber security experts are warning of a heightened threat of cyber attacks linked to Iran, particularly in light of ongoing regional tensions. Sectors such as energy, finance and transport are viewed as high-risk due to their potential for widespread disruption. Experts have noted the use of advanced phishing techniques and malware targeting critical systems, including those controlling fuel supplies and public infrastructure. Activity from both state-sponsored and sympathetic groups has increased, with dormant hacking groups resurfacing and issuing threats. Businesses are advised to strengthen defences and report suspicious activity, especially where remote access or unpatched systems are involved.
https://www.washingtontimes.com/news/2025/jun/18/cyber-pros-warn-digital-threats-spreading-iran/
Governance, Risk and Compliance
Survey reveals 98% of CISOs anticipate increased cyber attacks within three years – Tech Monitor
Why CISOs Must Align Business Objectives & Cyber Security
Cyber Security Strategy Shifts Amid Global Political Tensions
How to Break the Security Theater Illusion
Bridging the Gap Between CEOs and CISOs for AI Adoption | MSSP Alert
What is a compliance audit? (with an example checklist) | TechTarget
Security Is Only as Strong as the Weakest Third-Party Link
Security Evolution: From Pothole Repair to Road Building
Choosing a Clear Direction in the Face of Growing Cyber Security Demands - SecurityWeek
7 trends shaping digital transformation in 2025 - and AI looms large | ZDNET
How C-suite roles are shaping the future of tech leadership - Help Net Security
15 Emerging Cyber Security Threats and How to Prepare - DevX
Changing nature of cyber threat leads to ‘brittle’ risk landscape - Insurance Post
Threats
Ransomware, Extortion and Destructive Attacks
Scattered Spider Using Aggressive Social Engineering Techniques to Deceive IT Support Teams
IT helpdesk scams are ramping up –here’s what leaders can do | IT Pro
Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
Scattered Spider targets insurance firms, Google warns • The Register
Hackers switch to targeting US insurance companies
Ransomware Thrives in Shook-Up Criminal Underworld
Qilin Ransomware Emerges as World's Top Threat, Demands $50 Million Ransom
Fog ransomware attacks use employee monitoring tool to break into business networks | TechRadar
How cyber insurers are adapting to the new ransomware playbook | Insurance Business America
Anubis ransomware adds wiper to destroy files beyond recovery
Ransomware Group Qilin Offers Legal Counsel to Affiliates - Infosecurity Magazine
Ransomware gang busted in Thailand hotel raid
Don’t Get Caught in Scattered Spider’s Web | McCarter & English, LLP - JDSupra
Ransomware 3.0: A Glimpse Into the Post-Trust Ecosystem
Bert Ransomware: What You Need To Know | Fortra
Cyber attack purportedly compromises Scania’s corporate insurance subsidiary | SC Media
Ryuk ransomware’s initial access expert extradited to the US
Ransomware Victims
Russian gang’s cyber attack on blood services ‘harmed 170 patients’ - LBC
Victoria’s Secret restores critical systems after cyber attack
Freedman HealthCare targeted by cyber extortionists • The Register
Cyber attack pushes German napkin company into insolvency – DataBreaches.Net
2 Insurers Say Ongoing Outages Are Not Caused by Ransomware
Phishing & Email Based Attacks
Phishing 3.0: Agentic AI Ushers in New Generation of Unprecedented Risk
ChainLink Phishing: How Trusted Domains Become Threat Vectors
Why You Should Think Twice Before You Click ‘Unsubscribe’ in an Email - WSJ
Researcher shows how Android notifications can be a phisher's gold mine
Phishing goes prime time: Hackers use trusted sites to hijack search rankings | CSO Online
Russian Hackers Bypass Gmail MFA With App-Specific Password Ruse - SecurityWeek
MailerLite warns of phishing campaign • Graham Cluley
Microsoft 365 security in the spotlight after Washington Post hack - Neowin
Washington Post email breach under probe | Cybernews
Other Social Engineering
SCATTERED SPIDER Using Aggressive Social Engineering Techniques to Deceive IT Support Teams
IT helpdesk scams are ramping up –here’s what leaders can do | IT Pro
North Korean hackers deepfake execs in Zoom call to spread Mac malware
Researcher shows how Android notifications can be a phisher's gold mine
Virtual kidnapping scams prey on our worst fears - Help Net Security
Why Are Cyber Criminals Targeting Law Firms With Voice Phishing? | Law.com
US Seizes $7.74M in Crypto Tied to North Korea's Global Fake IT Worker Network
New ClickFix Malware Variant ‘LightPerlGirl’ Targets Users in Stealthy Hack - SecurityWeek
Fraud, Scams and Financial Crime
Brits Lose £106m to Romance Fraud in a Year - Infosecurity Magazine
Why You Should Think Twice Before You Click ‘Unsubscribe’ in an Email - WSJ
US recovers $225 million of crypto stolen in investment scams
Scammers hijack real support pages to show fake phone numbers | TechSpot
Paddle settles for $5 million over facilitating tech support scams
Krispy Kreme Data Breach Puts Employees at Risk of Financial Fraud - Infosecurity Magazine
Artificial Intelligence
North Korean hackers deepfake execs in Zoom call to spread Mac malware
Phishing 3.0: Agentic AI Ushers in New Generation of Unprecedented Risk
Employees are using AI where they know they shouldn’t - Help Net Security
Bridging the Gap Between CEOs and CISOs for AI Adoption | MSSP Alert
China’s Spy Agencies Are Investing Heavily in AI, Researchers Say - The New York Times
NCSC sounds warning over AI threat to critical national infrastructure | UKAuthority
As Geopolitical Tensions Rise AI Is Amplifying the Threat of Global Cyberwarfare
Who's guarding the AI? Even security teams are bypassing oversight - Help Net Security
M365 Copilot: New Zero-Click AI Flaw Allows Corporate Data Theft - Infosecurity Magazine
Why CISOs need to understand the AI tech stack - Help Net Security
CISOs flag gaps in GenAI strategy, skills, and infrastructure - Help Net Security
7 trends shaping digital transformation in 2025 - and AI looms large | ZDNET
Before scaling GenAI, map your LLM usage and risk zones - Help Net Security
LLM agents flunk CRM and confidentiality tasks • The Register
Stop Anthropomorphizing AI and Secure It Like Software
How CISOs Can Govern AI & Meet Evolving Regulations
Mitigating AI Threats: Bridging the Gap Between AI and Legacy Security - SecurityWeek
Researchers Warn of AI Attacks After PoC Exploits Atlassian's AI Agent - Infosecurity Magazine
Malware attack disguises itself as DeepSeek installer • Graham Cluley
2FA/MFA
Russian Hackers Bypass Gmail MFA With App-Specific Password Ruse - SecurityWeek
Why SMS two-factor authentication codes aren't safe and what to use instead | ZDNET
Malware
North Korean hackers deepfake execs in Zoom call to spread Mac malware
Malware attack disguises itself as DeepSeek installer • Graham Cluley
New ClickFix Malware Variant ‘LightPerlGirl’ Targets Users in Stealthy Hack - SecurityWeek
Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
Threat Actors Target Victims with HijackLoader and DeerStealer - Infosecurity Magazine
Cyber crime crackdown disrupts malware, infostealers, marketplaces across the globe | CyberScoop
Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor
Threat Actors Attacking Windows System With New Winos 4.0 Malware
Sneaky Serpentine#Cloud slithers through Cloudflare tunnels • The Register
Banana Squad’s Stealthy GitHub Malware Campaign Targets Devs - Infosecurity Magazine
New Campaigns Distribute Malware via Open Source Hacking Tools - SecurityWeek
North Korean Hackers Deploy Python-Based Trojan Targeting Crypto - Infosecurity Magazine
Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets
Malicious Chimera Turns Larcenous on Python Index
Security Bite: Infostealer malware spikes 28% among Mac users, says Jamf - 9to5Mac
'Water Curse' Targets Infosec Pros via Poisoned GitHub Repos
Bots/Botnets
Hackers Exploit Langflow Flaw to Unleash Flodrix Botnet
Mobile
Researcher shows how Android notifications can be a phisher's gold mine
Godfather Android malware now uses virtualization to hijack banking apps
New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
Denial of Service/DoS/DDoS
Protecting Against Origin Server DDoS Attacks - Security Boulevard
Internet of Things – IoT
Thieves don't need your car keys, just a wireless signal - Help Net Security
SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles - Help Net Security
Data Breaches/Leaks
The 20 biggest data breaches of the 21st century | CSO Online
UBS Employee Data Reportedly Exposed in Third Party Attack - Infosecurity Magazine
GCHQ intern who took secret data home jailed - BBC News
FCA warned four staffers who pocketed regulator data • The Register
UK fines 23andMe for ‘profoundly damaging’ breach exposing genetics data
Cartier Data Breach: Luxury Retailer Warns Customers That Personal Data Was Exposed - SecurityWeek
Telecom giant Viasat breached by China's Salt Typhoon hackers
No, the 16 billion credentials leak is not a new data breach
Hackers Access Legacy Systems in Oxford City Council Cyber Attack - SecurityWeek
Over Two Thirds of MSPs Hit by Multiple Breaches in Past Year, Survey Reveals - IT Security Guru
MSPs remain confident over security | Microscope
Freedman HealthCare targeted by cyber extortionists • The Register
CCC breach exposes 9M Americans, hackers claim | Cybernews
Krispy Kreme Data Breach Puts Employees at Risk of Financial Fraud - Infosecurity Magazine
Microsoft 365 security in the spotlight after Washington Post hack - Neowin
Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web
Zoomcar discloses security breach impacting 8.4 million users
240,000 Impacted by Data Breach at Eyecare Tech Firm Ocuco - SecurityWeek
Data Breach at Healthcare Services Firm Episource Impacts 5.4 Million People - SecurityWeek
Hacker steals 1 million Cock.li user records in webmail data breach
Ex-CIA Analyst Sentenced to 37 Months for Leaking Top Secret National Defence Documents
Organised Crime & Criminal Actors
Cyber crime crackdown disrupts malware, infostealers, marketplaces across the globe | CyberScoop
Dutch police identify users as young as 11-year-old on Cracked.io hacking forum
Dutch police identify 126 Cracked.io users | Cybernews
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Pro-Israel hackers hit Iran's Nobitex exchange, burn $90M in crypto
North Korean Hackers Deploy Python-Based Trojan Targeting Crypto - Infosecurity Magazine
Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets
US Seizes $7.74M in Crypto Tied to North Korea's Global Fake IT Worker Network
Insurance
How cyber insurers are adapting to the new ransomware playbook | Insurance Business America
Changing nature of cyber threat leads to ‘brittle’ risk landscape - Insurance Post
Supply Chain and Third Parties
UBS Employee Data Reportedly Exposed in Third Party Attack - Infosecurity Magazine
ChainLink Phishing: How Trusted Domains Become Threat Vectors
Security Is Only as Strong as the Weakest Third-Party Link
'Water Curse' Targets Infosec Pros via Poisoned GitHub Repos
Cloud/SaaS
M365 Copilot: New Zero-Click AI Flaw Allows Corporate Data Theft - Infosecurity Magazine
Threat Actor Abuses TeamFiltration for Entra ID Attacks
Google links massive cloud outage to API management issue
Why Denmark is dumping Microsoft Office and Windows for LibreOffice and Linux | ZDNET
German state ditches Microsoft for open-source software - NZ Herald
Microsoft 365 security in the spotlight after Washington Post hack - Neowin
Sneaky Serpentine#Cloud slithers through Cloudflare tunnels • The Register
Outages
Google links massive cloud outage to API management issue
2 Insurers Say Ongoing Outages Are Not Caused by Ransomware
Encryption
Encryption Backdoors: The Security Practitioners’ View - SecurityWeek
Linux and Open Source
Why Denmark is dumping Microsoft Office and Windows for LibreOffice and Linux | ZDNET
German state ditches Microsoft for open-source software - NZ Herald
CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability
New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions
Passwords, Credential Stuffing & Brute Force Attacks
Russian Hackers Bypass Gmail MFA With App-Specific Password Ruse - SecurityWeek
North Korean APT Hackers Attacking Ukrainian Government Agencies to Steal Login Credentials
Social Media
Ofcom investigates 4chan for not protecting users from illegal content • Graham Cluley
Trump administration set to again waive TikTok ban • The Register
Meta Starts Showing Ads on WhatsApp After 6-Year Delay From 2018 Announcement
Regulations, Fines and Legislation
Ofcom investigates 4chan for not protecting users from illegal content • Graham Cluley
How CISOs Can Govern AI & Meet Evolving Regulations
Cyber security takes a big hit in new Trump executive order - Ars Technica
Trump administration set to again waive TikTok ban • The Register
SEC withdraws cyber rules for investment companies, advisers | CyberScoop
The Future of the SEC’s Cyber Security Disclosure Rules | DLA Piper - JDSupra
Careers, Working in Cyber and Information Security
Employers are demanding too much from junior cyber recruits • The Register
AI is changing cyber security roles, and entry-level jobs are at risk - Help Net Security
ISC2 Report: Entry-Level Hiring Needs a Reset
The Triple Threat of Burnout: Overworked, Unsatisfied, Trapped
Building a Career as a Cyber Warfare Defender - DataBreachToday
Cyber Security Company Launches In-House 'University' Training Program
Law Enforcement Action and Take Downs
Cyber crime crackdown disrupts malware, infostealers, marketplaces across the globe | CyberScoop
Dutch police identify 126 Cracked.io users | Cybernews
GCHQ intern who took secret data home jailed - BBC News
Ransomware gang busted in Thailand hotel raid
Ryuk ransomware’s initial access expert extradited to the US
Law enforcement operation shut down dark web drug marketplace Archetyp Market
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
As Geopolitical Tensions Rise AI Is Amplifying the Threat of Global Cyber Warfare
Israeli Strikes Raise Fears of Cyber Attacks and Retaliation
Israel strikes Iran: A history of assassinations, sabotages, cyber attacks
Cyber weapons in the Israel-Iran conflict may hit the US • The Register
Cyber attacks against Israel increase since start of Iran conflict | The Jerusalem Post
Threats to the 2025 NATO Summit: Cyber, Influence, and Hybrid Risks
Protecting Civilians in Cyber Space: A UN Security Council Imperative • Stimson Center
Nation State Actors
Former CISA and NCSC Heads Warn Against Glamorizing Threat Actor Names - Infosecurity Magazine
China
China’s Spy Agencies Are Investing Heavily in AI, Researchers Say - The New York Times
How China Is Using Hackathons, Competitions to Build an Army of Hackers - Bloomberg
Former CISA and NCSC Heads Warn Against Glamorizing Threat Actor Names - Infosecurity Magazine
China Is Hacking Russia to Steal War Secrets - The New York Times
Telecom giant Viasat breached by China's Salt Typhoon hackers
State-sponsored hackers compromised the email accounts of several Washington Post journalists
Russia
Russia has a plan for long-term aggression against Europe - Kallas | УНН
Russian gang’s cyber attack on blood services ‘harmed 170 patients’ - LBC
China Is Hacking Russia to Steal War Secrets - The New York Times
Russian Hackers Bypass Gmail MFA With App-Specific Password Ruse - SecurityWeek
Suspected Russian hackers used new tactic against UK researcher | Reuters
Sweden says it is under cyber attack • Graham Cluley
Iran
Israeli Strikes Raise Fears of Cyber Attacks and Retaliation
Israel strikes Iran: A history of assassinations, sabotages, cyber attacks
Cyber Attacks against Israel increase since start of Iran conflict | The Jerusalem Post
Pro-Israel hackers hit Iran's Nobitex exchange, burn $90M in crypto
Companies Warned On Iranian Cyber Attacks - WSJ
Israel-Tied Predatory Sparrow Hackers Are Waging Cyber War on Iran’s Financial System | WIRED
Iran-Israel War Triggers a Maelstrom in Cyber Space
Iran’s internet goes offline amid claims of ‘enemy abuse’ • The Register
Iran's Cyber Army: Missing in Action
Pro-Israel hackers take credit for cyber attack on Iran's Bank Sepah
Cyber attack hits state-owned bank in Iran - Iraqi News
Iran experienced a near-total national internet blackout
Elon Musk turns on Starlink in Iran as Tehran shuts down internet | The Jerusalem Post
North Korea
North Korean hackers deepfake execs in Zoom call to spread Mac malware
North Korean Hackers Deploy Python-Based Trojan Targeting Crypto - Infosecurity Magazine
Protecting Civilians in Cyber Space: A UN Security Council Imperative • Stimson Center
US Seizes $7.74M in Crypto Tied to North Korea's Global Fake IT Worker Network
North Korean APT Hackers Attacking Ukrainian Government Agencies to Steal Login Credentials
Tools and Controls
Security Is Only as Strong as the Weakest Third-Party Link
Who's guarding the AI? Even security teams are bypassing oversight - Help Net Security
Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
Choosing a Clear Direction in the Face of Growing Cyber Security Demands - SecurityWeek
Former CISA and NCSC Heads Warn Against Glamorizing Threat Actor Names - Infosecurity Magazine
How cyber insurers are adapting to the new ransomware playbook | Insurance Business America
CISOs flag gaps in GenAI strategy, skills, and infrastructure - Help Net Security
Fog ransomware attacks use employee monitoring tool to break into business networks | TechRadar
AI is changing cyber security roles, and entry-level jobs are at risk - Help Net Security
Cyber Security Strategy Shifts Amid Global Political Tensions
What is a compliance audit? (with an example checklist) | TechTarget
CISOs brace for a surge in domain-based cyber threats - Help Net Security
SAML vs. OAuth 2.0: Mastering the Key Differences - Security Boulevard
Microsoft Quietly Disabled Windows Hello Facial Recognition in the Dark
Why a Layered Approach Is Essential for Cyber Security and Zero Trust - Security Boulevard
Mitigating AI Threats: Bridging the Gap Between AI and Legacy Security - SecurityWeek
Application security risk: How leaders can protect their businesses | IT Pro
Stop Anthropomorphizing AI and Secure It Like Software
The new attack surface: from space to smartphone - SpaceNews
Other News
‘We’re being attacked all the time’: how UK banks stop hackers | Banking | The Guardian
Why Legal Firms Are Vulnerable to Cyber Threats and How to Prevent the Risks | LawNews.co.uk
Threats to the 2025 NATO Summit: Cyber, Influence, and Hybrid Risks
Over Two Thirds of MSPs Hit by Multiple Breaches in Past Year, Survey Reveals - IT Security Guru
MSPs remain confident over security | Microscope
Bank of England loses hundreds of laptops amid rising cyber threat
WestJet: 'expect interruptions' online amid security snafu • The Register
This Is One of the Worst Things You Can Do at the Airport, According to Cyber Security Experts
Why Are Cyber Criminals Targeting Law Firms With Voice Phishing? | Law.com
Cyber Attacks on Humanitarian Orgs Jump Worldwide
Survey of UK retailers shows lack of preparedness for cyber attacks | Logistics Matters
Vulnerability Management
Vulnerabilities
Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication
Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Products - SecurityWeek
Critical Vulnerability Patched in Citrix NetScaler - SecurityWeek
High-Severity Vulnerabilities Patched by Cisco, Atlassian - SecurityWeek
New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions
Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor
Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking - SecurityWeek
Apple squashes zero-click bug used for spyware attacks • The Register
Palo Alto Networks fixed multiple privilege escalation flaws
Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Products - SecurityWeek
BeyondTrust warns of pre-auth RCE in Remote Support software
Microsoft Quietly Disabled Windows Hello Facial Recognition in the Dark
AMD releases security update for Ryzen CPUs with TPM vulnerability - Techzine Global
Over 46,000 Grafana instances exposed to account takeover bug
Microsoft: June Windows Server security updates cause DHCP issues
ASUS Armoury Crate bug lets attackers get Windows admin privileges
Attackers actively exploit older TP-Link routers | Cybernews
Organisations Warned of Vulnerability Exploited Against Discontinued TP-Link Routers - SecurityWeek
Zyxel Firewall Vulnerability Again in Attacker Crosshairs - SecurityWeek
Hackers Exploit Langflow Flaw to Unleash Flodrix Botnet
SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles - Help Net Security
Researchers Warn of AI Attacks After PoC Exploits Atlassian's AI Agent - Infosecurity Magazine
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 13 June 2025
Black Arrow Cyber Threat Intelligence Briefing 13 June 2025:
-Scattered Spider Uses Tech Vendor Impersonation and Phishing Kits to Target Helpdesks
-An Emerging Phishing Technique Exploits Trust in Browser-based Messages
-Cyber Attacks on Smartphones Hit New High – Here’s How to Stay Safe
-Distributed Denial of Service Attacks on Financial Sector Surge in Scale and Sophistication
-Cyber Resilience Begins Before the Crisis
-How Did Britain’s Food Supplies Become So Vulnerable?
-Europol Says Criminal Demand for Data is “Skyrocketing”
-AI Is a Data-Breach Time Bomb, Reveals New Report
-What Is Penetration Testing? Types, Processes, Tools, and Why It’s All Worth It
-Internet Infamy Drives the Com’s Crime Sprees
-China-Linked Threat Actor Targeted +70 Orgs Worldwide, SentinelOne Warns
-Here’s Why Ignoring Politics Is No Longer an Option for Cyber Defence
-UK to Join Up with Allies for Stronger Response to Putin’s ‘Grey Zone’ Warfare
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week’s review starts with evolving cyber attack techniques including the targeting of IT and managed service providers to gain access to multiple firms through a single compromise, while other techniques include exploiting end-user trust in messages appearing in browsers, attacks on smartphones, and increasingly complex DDoS attacks. We also reflect on the need for all organisations to proactively plan for a cyber incident, and the need to improve cyber-resilience of food supplies.
Our analysis of specialist and other media highlights the threats that organisations face in protecting their data, with high criminal demand and sensitive data being exposed to insecure and unverified AI tools. We also include information on penetration testing, which is one of the key ways for organisations to identify and address vulnerabilities that can be exploited by attackers.
Finally, we include articles on developments within the attacker community, including groups of teenagers and young adults as well as nation states, and insights into the impact of geo-political developments on cyber security for organisations.
At Black Arrow, we believe organisations achieve the most appropriate security by taking a proactive, cross-functional approach to cyber resilience. This starts with board engagement and threat-informed decision-making, including managing risks that are currently being exploited through third parties such as IT and managed service providers.
Top Cyber Stories of the Last Week
Scattered Spider Uses Tech Vendor Impersonation and Phishing Kits to Target Helpdesks
ReliaQuest has reported that the group behind recent cyber attacks on UK retailers, including Marks & Spencer and Harrods, is now using advanced impersonation tactics to breach organisations via their IT providers. Over 80% of associated domains mimic trusted technology vendors, enabling attacks on high-value targets such as CISOs and CFOs. The group combines phishing kits with social engineering to bypass multi-factor authentication and exploit help desks. Its use of ransomware-as-a-service partnerships allows access to powerful attack tools, expanding its reach. Attacks increasingly target managed service providers to access multiple organisations through a single compromise.
https://www.infosecurity-magazine.com/news/scattered-spider-tech-vendor/
An Emerging Phishing Technique Exploits Trust in Browser-based Messages
ClickFix is an emerging phishing technique exploiting user trust in browser-based messages to deliver malware, with attacks now observed across EMEA and the US. These campaigns trick users into executing PowerShell commands by mimicking familiar prompts, such as fake CAPTCHA checks, browser errors or job interview glitches. Unlike traditional phishing emails, these attacks unfold entirely within the browser, making detection and prevention more difficult. Threat actors are leveraging ClickFix to install a range of malware, from credential stealers to remote access tools, and the method’s adaptability is increasing its appeal. Organisations are advised to adopt phishing-resistant authentication and identity-focused defences.
https://www.darkreading.com/remote-workforce/cutting-edge-clickfix-snowball-phishing
Cyber Attacks on Smartphones Hit New High – Here’s How to Stay Safe
Kaspersky has reported a sharp rise in mobile cyber threats, with malware targeting Android users increasing by 27% in early 2025 compared to the previous quarter. Over 12 million users were affected, with banking trojans and data-stealing malware identified as the primary threats. Some infections were traced to preinstalled malware on new phones, highlighting supply chain risks. Notably active malware families included those capable of stealing credentials, intercepting messages and tampering with cryptocurrency transactions. The report warns that mobile devices are not inherently safer than desktops, and users should treat app downloads and device permissions with far greater caution.
Distributed Denial of Service Attacks on Financial Sector Surge in Scale and Sophistication
FS-ISAC and Akamai have reported a sharp rise in both the volume and complexity of Distributed Denial of Service (DDoS) attacks targeting the financial sector. In October 2024 alone, nearly 350 separate DDoS events were recorded, with some comprising billions of malicious requests. The report highlights a 23% increase in application-layer attacks over the past year, affecting login portals and APIs. What was once seen as a nuisance is now considered a strategic threat, with attackers using adaptive, multi-vector techniques to bypass defences. This surge is fuelled by escalating geopolitical tensions, with hacktivist groups exploiting global events to launch targeted disruption campaigns.
https://www.infosecurity-magazine.com/news/ddos-financial-sector-surge/
Cyber Resilience Begins Before the Crisis
Microsoft’s Deputy CISO highlights the critical need for proactive planning and clear communication in cyber incident response. Many firms treat cyber attacks as isolated IT issues, yet the impact extends across legal, HR, communications and executive leadership. Two common misconceptions, assuming incidents are minor and viewing them as purely technical, undermine resilience. Effective preparation includes tested playbooks, decision frameworks, backup communications, and rehearsed messaging strategies. AI is emerging as a valuable support tool, enhancing detection and response coordination. Ultimately, cyber resilience is a leadership issue requiring cross-functional accountability, continuous refinement, and executive engagement.
https://www.microsoft.com/en-us/security/blog/2025/06/12/cyber-resilience-begins-before-the-crisis/
How Did Britain’s Food Supplies Become So Vulnerable?
A ransomware attack on chilled food distributor Peter Green Chilled left over £100,000 worth of meat products stranded, highlighting vulnerabilities in the UK's cold chain logistics. With around 50 per cent of all UK food moving through this network, any disruption can rapidly impact supermarket shelves. Industry experts warn that cyber attacks on supply chain providers are growing in sophistication, with attackers targeting warehouse systems and vehicle tracking to halt distribution. Despite the sector’s critical role in food and pharmaceutical delivery, it currently lacks formal Critical National Infrastructure recognition, limiting coordinated incident response planning at a national level.
https://www.telegraph.co.uk/news/2025/06/05/how-did-britains-food-supplies-become-so-vulnerable/
Europol Says Criminal Demand for Data is “Skyrocketing”
Europol’s latest assessment highlights a booming criminal underground economy fuelled by an insatiable demand for data. With personal and business information now a central commodity, cyber criminals are exploiting gaps in digital literacy and complex IT environments to steal, trade and weaponise data at scale. Stolen credentials are repeatedly used to fuel further breaches, while specialised marketplaces and encrypted channels facilitate widespread illicit trade. Europol warns this cycle is eroding public trust and undermining economic stability.
https://www.infosecurity-magazine.com/news/europol-criminal-demand-data/
AI Is a Data-Breach Time Bomb, Reveals New Report
Varonis has found that nearly every organisation is vulnerable to data exposure as a result of adopting AI without adequate controls. Analysis of 1,000 data risk assessments revealed 99% had sensitive data exposed to AI tools, and 90% had critical cloud data openly accessible. Shadow AI and unverified apps were present in 98% of cases, while 1 in 7 lacked multi-factor authentication. The report highlights how poor identity governance, excessive data access, and sprawling cloud environments are creating significant breach risks. It urges organisations to tighten access, monitor data use, and employ automation to safeguard information in the AI era.
https://www.bleepingcomputer.com/news/security/ai-is-a-data-breach-time-bomb-reveals-new-report/
What Is Penetration Testing? Types, Processes, Tools, and Why It’s All Worth It
Penetration testing is a controlled and authorised simulation of a cyber attack, designed to identify vulnerabilities that could be exploited by real-world threat actors. Ethical hackers emulate criminal tactics to test systems, infrastructure, and even staff behaviour. While automated scans help detect known flaws, penetration testing offers deeper insight by revealing how small issues can be combined into significant risks. It plays a critical role in strengthening cyber resilience, supporting regulatory compliance such as ISO 27001, and demonstrating due diligence. Organisations typically conduct pen tests one or more times a year, often alongside continuous automated scanning.
Black Arrow delivers tailored penetration testing services together with a range of selected partners to help uncover real-world risks through expert-led assessments.
https://blog.jetbrains.com/teamcity/2025/06/what-is-penetration-testing/
Internet Infamy Drives the Com’s Crime Sprees
A growing cyber criminal movement known as “The Com” is drawing in teenagers and young adults who are motivated more by notoriety than money. Their activities range from phishing and SIM swapping to swatting, sextortion and, in some cases, physical violence. Researchers estimate only a small core group is responsible for the most serious crimes, but the wider subculture is expanding rapidly. Law enforcement is now treating parts of the movement as a terrorism threat, with arrests increasing. Analysts warn that underlying socio-economic pressures are driving recruitment, particularly among minors who are seen as lower-risk by criminal gangs.
https://cyberscoop.com/the-com-subculture-infamy-crimes/
China-Linked Threat Actor Targeted +70 Orgs Worldwide, SentinelOne Warns
SentinelOne has uncovered a sustained cyber espionage campaign linked to China, affecting over 70 organisations globally between July 2024 and March 2025. Targets included government bodies, media outlets, and firms in sectors such as finance, manufacturing, and telecoms. The threat actor, dubbed PurpleHaze, used sophisticated techniques including obfuscated malware and dynamic relay networks to maintain stealth and persistence. Victims ranged from a South Asian government entity to a European media firm and even SentinelOne itself. The research highlights an ongoing trend of state-aligned groups targeting cyber security providers, underscoring the need for continuous monitoring and collective defence through intelligence sharing.
Here’s Why Ignoring Politics Is No Longer an Option for Cyber Defence
Flashpoint’s latest report underscores the growing overlap between global politics and cyber threats, with geopolitical tensions now seen as a key driver of cyber activity. Russian organisations, once largely avoided by cyber criminals, are increasingly targeted due to shifting allegiances following the Ukraine conflict. The SANS Institute found that nearly 500 professionals now view cyber security as a core business risk shaped by international events. Threat actors from countries such as North Korea, Iran, and China are deploying tactics including AI-generated deepfakes and disinformation to destabilise democratic processes and evade sanctions, highlighting the need for a broader geopolitical lens in threat assessments.
https://cybernews.com/security/ignoring-politics-is-no-longer-an-option-for-cyber-pros/
UK to Join Up with Allies for Stronger Response to Putin’s ‘Grey Zone’ Warfare
The UK is strengthening cooperation with allies to deter and respond to so-called grey zone threats, including cyber attacks, sabotage of undersea infrastructure and disinformation operations. These sub-threshold activities, increasingly used by Russia, are designed to destabilise without triggering full-scale military conflict. The Government’s latest Strategic Defence Review highlights the need for joint crisis decision-making and improved readiness to counter such tactics. NATO has reaffirmed that cyber or hybrid attacks may justify a collective response under Article 5. The review also stresses the growing complexity of threats, particularly where state actors blur the lines between conventional, cyber and nuclear deterrence.
https://inews.co.uk/news/politics/uk-allies-putin-grey-zone-warfare-3735380
Governance, Risk and Compliance
Rising strategic role of the CISO | Deloitte Insights
Prep for Layoffs Before They Compromise Security
Docuseries Explores Mental, Physical Hardships of CISOs
Investor behaviour in the wake of cyber's 'black swan' moment | Computer Weekly
The Silent Cyber Crisis Alarming Global Economies and Why It's Time for Collective Action | IBTimes
Cyber resilience begins before the crisis | Microsoft Security Blog
Threats
Ransomware, Extortion and Destructive Attacks
DragonForce Victimisation on the Rise | SC Media UK
Attackers exploit Fortinet flaws to deploy Qilin ransomware
Scattered Spider and DragonForce unite to cash in on M&S hacking
Scattered Spider Uses Tech Vendor Impersonation to Target Helpdesks - Infosecurity Magazine
Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks
Threat hunting case study: DragonForce | Intel 471
Fog ransomware attack uses unusual mix of legitimate and open-source tools
Agencies Release Actionable Guidance on Play Ransomware | Schwabe, Williamson & Wyatt PC - JDSupra
'PathWiper' Attack Hits Critical Infrastructure In Ukraine
LockBit panel data leak shows Chinese orgs among the most targeted - Help Net Security
South African man imprisoned after ransom demand against his former employer
Ransomware Victims
Scattered Spider and DragonForce unite to cash in on M&S hacking
M&S food sales growth collapses after cyber attack
M&S cyber attack should prompt retailers to focus on response
How did Britain’s food supplies become so vulnerable?
M&S restarts online orders after cyber attack - BBC News
Tax resolution firm Optima Tax Relief hit by ransomware, data leaked
Main distributor to Amazon’s Whole Foods hit by cyber attack
British Horseracing Authority targeted by cyber attack - BBC Sport
Phishing & Email Based Attacks
Cutting-Edge ClickFix Tactics Snowball
Study: 73% of founders can’t spot phishing emails | Cybernews
Employees repeatedly fall for vendor email compromise attacks - Help Net Security
New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users
What is asymmetric cyberattack? | Definition from TechTarget
AitM Phishing Attacks Targeting Microsoft 365 and Google to Steal Login Credentials
That ‘unsubscribe’ link is actually a hidden security risk — do this instead | Tom's Guide
Phishing Alert as Erie Insurance Reveals Cyber “Event” - Infosecurity Magazine
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Employees repeatedly fall for vendor email compromise attacks - Help Net Security
Other Social Engineering
Cutting-Edge ClickFix Tactics Snowball
Help Desk Hoax: How Attackers Bypass Tech Defenses
Cybercriminals are turning stolen data into a thriving black market - Help Net Security
New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users
What is asymmetric cyberattack? | Definition from TechTarget
The 'red flag' Grindr users should watch out for to stay safe
FIN6 hackers pose as job seekers to backdoor recruiters’ devices
Fraud, Scams and Financial Crime
The 'red flag' Grindr users should watch out for to stay safe
145 criminal domains linked to BidenCash Marketplace seized - Help Net Security
Mastercard: Fraud attempts jump as retailers feel cyber attack sting
US files to seize $7.7M laundered by North Korean IT workers • The Register
Five plead guilty to laundering $36 million stolen in investment scams
44% of people encounter a mobile scam every single day, Malwarebytes finds | Malwarebytes
WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
Amazon promises fake reviews crackdown after investigation by UK watchdog | Amazon | The Guardian
Artificial Intelligence
Godfather of AI Alarmed as Advanced Systems Quickly Learning to Lie, Deceive, Blackmail and Hack
Next-Gen Developers Are a Cybersecurity Powder Keg
AI threats leave SecOps teams burned out and exposed - Help Net Security
Cloud and AI drive efficiency, but open doors for attackers - Help Net Security
Cyber crime is surging. Will AI make it worse?
AI is a data-breach time bomb, reveals new report
What CISOs need to know about agentic AI - Help Net Security
Securing agentic AI systems before they go rogue - Help Net Security
UK ICO publishes AI and biometrics strategy | Computer Weekly
Enterprises stuck in AI pilot hell, says Chatterbox Labs • The Register
OpenAI Bans ChatGPT Accounts Used by Russian, Iranian and Chinese Hacker Groups
Malware
New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users
New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally
CISO who helped unmask Badbox warns: Version 3 is coming • The Register
FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware
Supply chain attack hits Gluestack NPM packages with 960K weekly downloads
Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks
React Native Aria Packages Backdoored in Supply Chain Attack - SecurityWeek
Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems - SecurityWeek
DanaBot malware operators exposed via C2 bug added in 2022
Bots/Botnets
CISO who helped unmask Badbox warns: Version 3 is coming • The Register
New Mirai botnet infect TBK DVR devices via command injection flaw
Recently Disrupted DanaBot Leaked Valuable Data for 3 Years - SecurityWeek
Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks
Mobile
Cyber attacks on smartphones hit new high - here's how to stay safe | TechRadar
44% of people encounter a mobile scam every single day, Malwarebytes finds | Malwarebytes
Millions of low-cost Android devices turn home networks into crime platforms - Ars Technica
Chinese phone hacks, user lapses create 'mobile security crisis' | Fortune
Blocking stolen phones from the cloud can but won't be done • The Register
Cops want Apple, Google to kill stolen phones remotely • The Register
Apple and Google clash with police and MPs over phone thefts - BBC News
Google patched bug leaking phone numbers tied to accounts
Denial of Service/DoS/DDoS
Don’t give hacktivists what they really want | CSO Online
DDoS Attacks on Financial Sector Surge in Scale and Sophistication - Infosecurity Magazine
Internet of Things – IoT
Millions of low-cost Android devices turn home networks into crime platforms - Ars Technica
CISO who helped unmask Badbox warns: Version 3 is coming • The Register
New Mirai botnet infect TBK DVR devices via command injection flaw
40,000 cameras expose feeds to datacenters, health clinics • The Register
I found terrifying smart home security holes and you probably have them too
Data Breaches/Leaks
Cyber criminals are turning stolen data into a thriving black market - Help Net Security
Europol Says Criminal Demand for Data is “Skyrocketing” - Infosecurity Magazine
Recently Disrupted DanaBot Leaked Valuable Data for 3 Years - SecurityWeek
AI is a data-breach time bomb, reveals new report
The Dark Web's Currency of Choice: Stolen Data - IT Security Guru
Legal aid lawyers face 'chaos' following cyber attack - as some left 'in tears' and... - LBC
Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool
'Major compromise' at NHS temping arm never disclosed • The Register
Phishing Alert as Erie Insurance Reveals Cyber “Event” - Infosecurity Magazine
86 million AT&T customer records reportedly up for sale on the dark web | ZDNET
Insurer Exposed Drivers' Personal Information, Court Told - Law360
Organised Crime & Criminal Actors
Cyber criminals are turning stolen data into a thriving black market - Help Net Security
Europol Says Criminal Demand for Data is “Skyrocketing” - Infosecurity Magazine
Cyber crime is surging. Will AI make it worse?
OpenAI Bans ChatGPT Accounts Used by Russian, Iranian and Chinese Hacker Groups
Five plead guilty to laundering $36 million stolen in investment scams
Cyber criminals turn to “residential proxy” services to hide malicious traffic
Internet infamy drives The Com's crime sprees | CyberScoop
Cyber crime news: How this Canadian hacker was caught
How Crime-As-A-Service Turned Hacking Into A Subscription Business
Hacking the Hackers: When Bad Guys Let Their Guard Down
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hacker arrested after exploiting 5,000 accounts in $4.5 million cryptojacking scheme | TechSpot
US accuses Russian crypto entrepreneur of money laundering and sanctions evasion
145 criminal domains linked to BidenCash Marketplace seized - Help Net Security
Insurance
Cyber insurance demand is rising, but not 'evenly': Beazley cyber head | Insurance Business America
MSSPs, MSPs See Growing Strategic Role in Cyber Insurance | MSSP Alert
Supply Chain and Third Parties
New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally
M&S restarts online orders after cyber attack - BBC News
Main distributor to Amazon’s Whole Foods hit by cyber attack
CISOs urged to push vendors for roadmaps on post-quantum cryptography readiness | CSO Online
Third-party security weaknesses threaten Europe’s big banks | Computer Weekly
Supply chain attack hits Gluestack NPM packages with 960K weekly downloads
Cloud/SaaS
Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool
Cloud and AI drive efficiency, but open doors for attackers - Help Net Security
AitM Phishing Attacks Targeting Microsoft 365 and Google to Steal Login Credentials
Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks
Google Cloud and Cloudflare hit by widespread service outages
Outages
Massive cloud outage knocks out internet services across the globe | ZDNET
‘Severe’ network outages costing $160bn globally | Computer Weekly
Encryption
CISOs urged to push vendors for roadmaps on post-quantum cryptography readiness | CSO Online
See How Much Faster a Quantum Computer Will Crack Encryption | WIRED
Quantum Computers Pose a Grave Risk to The Future. Here's Why. : ScienceAlert
Digital rights groups sound alarm on Stop CSAM Act | CyberScoop
Linux and Open Source
Unverified code is the next national security threat | CyberScoop
Passwords, Credential Stuffing & Brute Force Attacks
295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat Manager
Social Media
The 'red flag' Grindr users should watch out for to stay safe
FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware
Regulations, Fines and Legislation
Trump cyber executive order takes aim at prior orders, secure software, more | CyberScoop
Banks Challenge Treasury on Cybersecurity Failures - The Global Treasurer
Digital rights groups sound alarm on Stop CSAM Act | CyberScoop
UK ICO publishes AI and biometrics strategy | Computer Weekly
Trump limits use of cyber rules to punish US hackers, election meddlers - Defense One
Trump to Keep Starlink at White House Despite Cyber Security Concern
Models, Frameworks and Standards
Enterprise SIEMs miss 79% of known MITRE ATT&CK techniques - Help Net Security
SIEMs Missing the Mark on MITRE ATT&CK Techniques
NIST Launches Updated Incident Response Guide - Security Boulevard
NIST Publishes New Zero Trust Implementation Guidance - Infosecurity Magazine
Data Protection
Security & data protection: when two become one | TechRadar
Careers, Working in Cyber and Information Security
Human vs digital therapy: AI falls short when IT pros need help | Computer Weekly
Hands-On Skills Now Key to Landing Your First Cyber Role - Infosecurity Magazine
Law Enforcement Action and Take Downs
Hacker arrested after exploiting 5,000 accounts in $4.5 million cryptojacking scheme | TechSpot
145 criminal domains linked to BidenCash Marketplace seized - Help Net Security
Operation Secure: INTERPOL dismantles 20,000+ malicious IPs in major cybercrime crackdown
Five plead guilty to laundering $36 million stolen in investment scams
Police arrests 20 suspects for distributing child sexual abuse content
South African man imprisoned after ransom demand against his former employer
Misinformation, Disinformation and Propaganda
Amazon promises fake reviews crackdown after investigation by UK watchdog | Amazon | The Guardian
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
EU Prepares for Transnational Cyberattacks - DataBreachToday
UK to join up with allies for stronger response to Putin's 'grey zone' warfare
Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group
What would break first if hackers hit US infrastructure? | Cybernews
Nation State Actors
Ignoring politics is no longer an option for cyber pros | Cybernews
Advanced Persistent Threats (APTs) - Detection and Defense Strategies
EU Prepares for Transnational Cyberattacks - DataBreachToday
OpenAI Bans ChatGPT Accounts Used by Russian, Iranian and Chinese Hacker Groups
China
China-linked threat actor targeted +70 orgs worldwide, SentinelOne warns
Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group
Chinese hackers broke into US telecom earlier than previously known, Bloomberg reports | Reuters
Chinese phone hacks, user lapses create 'mobile security crisis' | Fortune
Russian Spies Are Suspicious of China, Even as Putin and Xi Grow Close - The New York Times
SentinelOne shares new details on China-linked breach attempt
Russia
Eastern Europe’s Cyber Reckoning: Russia’s Digital Threat Is Forcing a Strategic Shift - Inkstick
UK to join up with allies for stronger response to Putin's 'grey zone' warfare
Russian Spies Are Suspicious of China, Even as Putin and Xi Grow Close - The New York Times
Why Russia Should Fear Ukraine’s Advanced Intelligence Network - The National Interest
'PathWiper' Attack Hits Critical Infrastructure In Ukraine
How The Times Obtained Secret Russian Intelligence Documents - The New York Times
US accuses Russian crypto entrepreneur of money laundering and sanctions evasion
LockBit panel data leak shows Chinese orgs among the most targeted - Help Net Security
'Librarian Ghouls' Cyberattackers Strike at Night
North Korea
US files to seize $7.7M laundered by North Korean IT workers • The Register
Tools and Controls
Enterprise SIEMs miss 79% of known MITRE ATT&CK techniques - Help Net Security
SIEMs Missing the Mark on MITRE ATT&CK Techniques
Next-Gen Developers Are a Cybersecurity Powder Keg
Cyber resilience begins before the crisis | Microsoft Security Blog
CISOs call for operational threat intelligence integration - Help Net Security
Nearly all CISOs struggle with threat intelligence barriers: report
Advanced Persistent Threats (APTs) - Detection and Defense Strategies
NIST Launches Updated Incident Response Guide - Security Boulevard
Cyber insurance demand is rising, but not 'evenly': Beazley cyber head | Insurance Business America
AI threats leave SecOps teams burned out and exposed - Help Net Security
The massive, no-good concerns around agentic AI cybersecurity - Tech Monitor
Study: 73% of founders can’t spot phishing emails | Cybernews
Prep for Layoffs Before They Compromise Security
Why Threat Agents Must be Included in Cyber Security Risk Assessments - Security Boulevard
NIST Publishes New Zero Trust Implementation Guidance - Infosecurity Magazine
MSSPs, MSPs See Growing Strategic Role in Cyber Insurance | MSSP Alert
Inside the Mind of the Adversary: Why More Security Leaders Are Selecting AEV
Your Android phone is getting new security protections - and it's a big deal for enterprises | ZDNET
Microsoft Outlook to block more risky attachments used in attacks
ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks
Other News
Investor behaviour in the wake of cyber's 'black swan' moment | Computer Weekly
What Held the Internet Together for 20 Years and Why It’s Now at Risk - Internet Society
EU Updates Cyber Crisis Blueprint to Strengthen Regional Response | MSSP Alert
EU to ‘step up’ on cyber security as dependence on US laid bare
What would break first if hackers hit US infrastructure? | Cybernews
Surge in Cyber Attacks Targeting Journalists: Cloudflare - SecurityWeek
Vulnerability Management
Security flaws in government apps go unpatched for years - Help Net Security
Vulnerabilities
Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws
Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps
APT Hackers Exploited Windows WebDAV 0-Day RCE Vulnerability in the Wild to Deploy Malware
Multiple Chrome Vulnerabilities Allow Attackers to Execute Malicious Code Remotely
Attackers exploit Fortinet flaws to deploy Qilin ransomware
Over 84,000 Roundcube instances vulnerable to actively exploited flaw
Ivanti Workspace Control hardcoded key flaws expose SQL credentials
Zero Day Initiative — The June 2025 Security Update Review
Palo Alto Networks Patches Privilege Escalation Vulnerabilities - SecurityWeek
Fortinet, Ivanti Patch High-Severity Vulnerabilities - SecurityWeek
Chrome, Firefox Updates Resolve High-Severity Memory Bugs - SecurityWeek
Trend Micro fixes critical vulnerabilities in multiple products
ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks
Google patched bug leaking phone numbers tied to accounts
SAP June 2025 Security Patch Day fixed critical NetWeaver bug
Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks
PayU Plugin Flaw Allows Account Takeover on 5000 WordPress Sites - Infosecurity Magazine
Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 11 June 2025 – Security Updates from Microsoft, Adobe, Ivanti, Salesforce, SAP, and Google
Black Arrow Cyber Advisory 11 June 2025 – Security Updates from Microsoft, Adobe, Ivanti, Salesforce, SAP, and Google
Executive Summary
Microsoft’s Patch Tuesday for June 2025 delivered updates for 66 vulnerabilities, including one actively exploited zero‑day WebDAV remote code execution flaw, alongside nine critical issues such as RCE and privilege escalation in SMB, SharePoint, and Windows Hello for Business.
Adobe patched a number of vulnerabilities addressing critical and important vulnerabilities in Acrobat/Reader, InCopy, and Commerce/Magento—notably patching 254 flaws in Adobe Experience Manager (mostly XSS) and a critical Magento XSS flaw (CVE‑2025‑47110) with potential for arbitrary code execution.
Ivanti’s June advisory fixes multiple high-severity issues in Workspace Control (e.g., SQL credential decrypt) and addresses vulnerabilities in EPMM previously exploited in the wild (CVE‑2025‑4427/4428).
Salesforce Industry Cloud fixed five zero‑days and 15 critical misconfigurations that risk unauthorised access to encrypted data, sessions, credentials, and business logic.
SAP released its June Security Patch Day, addressing 19 notes including a critical NetWeaver RFC missing authorisation flaw (CVE 2025 42989, CVSS 9.6) that allows privilege escalation
Google Chrome received a security update fixing two high severity remote code execution (RCE) bugs in the V8 engine impacting Windows, macOS, and Linux users
What’s the risk to me or my business?
The presence of actively exploited zero‑days and critical RCE/privilege escalation vulnerabilities across major enterprise platforms significantly elevates the risk of data breaches, lateral movement, malware deployment, and full system compromise.
What can I do?
Black Arrow recommends promptly applying the available security updates for all affected products. Prioritise patches for vulnerabilities that are actively exploited or rated as critical or high severity. Regularly review and update your organisation's security policies and ensure that all systems are running supported and up-to-date software versions.
Microsoft
Further details on specific updates within this Microsoft patch Tuesday can be found here:
June 2025 Security Updates - Release Notes - Security Update Guide - Microsoft
Adobe, Ivanti, Salesforce, SAP, and Google
Further details of the vulnerabilities in affected Adobe, Ivanti, SAP and Google:
https://helpx.adobe.com/security/security-bulletin.html
https://appomni.com/blog/low-code-high-stakes-salesforce-security/
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/june-2025.html
https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Intelligence Briefing 06 June 2025
Black Arrow Cyber Threat Intelligence Briefing 06 June 2025:
-Half of Firms Suffer Two Supply Chain Incidents in Past Year
-Vendor Email Compromise (VEC) Attacks Outpace Business Email Compromise (BEC) in EMEA
-UK SMBs Are Ramping Up Cyber Security Spending
-CISO Roles Expand Beyond Cyber Security as Organisations Embrace Strategic Security Leadership
-CISO 3.0: Leading AI Governance and Security in the Boardroom
-Play Ransomware Breached 900 Victims, Including Critical Orgs
-Cyber Claims Report Shows Ransomware Claims Frequency Remains Steady
-Role of Threat Intelligence in Proactive Defence Strategies
-Beware GenAI Use is Outpacing Security Controls
-Why Teenage Hackers Pose More Danger Than Ever
-‘Nation States don’t do hacking for fun’ UK NCSC Urges Businesses to Follow Geopolitics as Defensive Strategy
-Damascened Peacock: Russian Hackers Targeted UK Ministry of Defence
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Our review this week includes the complexity of cyber risk, with UK organisations reporting a sharp rise in supply chain-related incidents and limited visibility across third-party networks. As we discuss in our training events, vendor email compromise (VEC) is growing in prominence alongside BEC, exploiting trust in external partners to evade detection. Organisations need to review their control framework, including training staff and leaders on identifying and reporting suspicious communications, and adhering to the letter and spirit of operational controls that attackers seek to exploit.
We also explore the shifting role of the CISO, now increasingly embedded in strategic business leadership. As AI becomes more integrated into operations, CISOs must balance innovation with governance, mastering risk management to promote responsible adoption. The rise of fractional CISOs offers small and medium firms access to broad expertise at lower cost, which we provide for our clients. Threat actors continue to evolve, with ransomware groups like Play expanding their reach, and teenage hackers blurring the line between mischief and organised crime.
The UK’s Ministry of Defence has disclosed a thwarted spear-phishing campaign by Russia-linked actors posing as journalists, part of over 90,000 state-linked threats in two years. This highlights the growing use of cyber operations in geopolitical conflict. Finally, the unmonitored use of generative AI tools is accelerating, raising concerns about data loss and regulatory breaches. Black Arrow recommends that leaders prioritise visibility across supply chains, invest in adaptive security training by experts, and align AI and threat intelligence strategies with robust governance frameworks.
Top Cyber Stories of the Last Week
Half of Firms Suffer Two Supply Chain Incidents in Past Year
New research reveals that nearly half of UK organisations have faced two or more supply chain-related cyber incidents in the past year, highlighting growing concerns over third-party vulnerabilities. Despite 90% identifying supply chain threats as a top priority for 2025, only 37% felt their current risk management strategies were truly effective. The report points to poor collaboration between stakeholders and inconsistent visibility across sectors, with just 14% of organisations having full visibility into all supply chain tiers. As the UK prepares to introduce new cyber resilience legislation, firms are calling for stronger regulatory powers and incentives to drive better cross-industry coordination.
https://www.infosecurity-magazine.com/news/half-supply-chain-incidents/
Vendor Email Compromise (VEC) Attacks Outpace Business Email Compromise (BEC) in EMEA
New research shows that Vendor Email Compromise (VEC) attacks are now outpacing traditional Business Email Compromise (BEC) across EMEA, with nearly half of recipients engaging with VEC emails, almost double the rate of BEC. VEC exploits trust in external vendors, making it harder to detect and rarely reported by users. With reporting rates as low as 0.2% in EMEA, these scams pose a growing challenge. The findings highlight the need for enhanced email security platforms, third-party behaviour monitoring, and targeted user education to better defend against increasingly sophisticated impersonation threats.
https://www.msspalert.com/brief/vec-attacks-outpace-bec-in-emea-a-growing-challenge-for-mssps
UK SMBs Are Ramping Up Cyber Security Spending
Over half of UK small businesses increased their cyber security spending last year. Phishing, ransomware, and denial-of-service attacks remain key risks. Meanwhile, growing interest in generative AI is prompting fresh concerns around data protection, regulatory uncertainty, and staff readiness, with many SMBs expressing caution over privacy, reliability, and the potential loss of personalised service.
https://www.itpro.com/security/uk-smbs-are-ramping-up-cybersecurity-spending-and-its-about-time
CISO Roles Expand Beyond Cyber Security as Organisations Embrace Strategic Security Leadership
The role of the Chief Information Security Officer (CISO) is undergoing a strategic shift, moving beyond technical oversight to encompass broader business responsibilities including risk management, IT, and digital transformation. Nearly 40% of CISOs now hold senior executive titles, with over half engaging regularly with boards, rising to 65% in large enterprises. Research shows three clear CISO types: Strategic, Functional, and Tactical, with Strategic CISOs earning significantly higher compensation and reporting the greatest job satisfaction. This transformation reflects growing recognition that effective cyber security leadership is now integral to overall business success and long-term resilience. A good outsourced fractional CISO with cost-effective expertise across Strategic, Functional, and Tactical, can benefit organisations with fewer resources, often providing a much wider range of skills and experience than available from an individual.
https://cybersecuritynews.com/ciso-roles-expand-beyond-cybersecurity/
CISO 3.0: Leading AI Governance and Security in the Boardroom
CISOs are evolving into strategic advisors as AI becomes embedded across business operations, with 85% of IT leaders believing AI can enhance cyber security. However, practical challenges persist around system visibility, false positives, and integration with legacy infrastructure. To govern AI effectively, CISOs must gain fluency in data science and risk modelling, ensuring AI tools are explainable and accountable. Building a security culture that embraces AI starts with education, using adaptive and immersive training to close skills gaps. Successful adoption hinges on choosing trustworthy vendors and aligning tools with governance frameworks and business needs.
https://www.helpnetsecurity.com/2025/06/02/aaron-mccray-cdw-cisos-ai-security/
Play Ransomware Breached 900 Victims, Including Critical Orgs
The Play ransomware group has now impacted around 900 organisations globally, including critical infrastructure, marking a threefold increase in victims since late 2023. Active since 2022, the group is known for stealing sensitive data before encrypting systems, using email for extortion rather than dark web platforms. Their attacks are made harder to detect by constantly altering their malware and exploiting known software flaws. Authorities urge organisations to keep systems updated, use multifactor authentication on key services, and ensure offline backups and recovery plans are in place to mitigate the growing risk of ransomware attacks.
Cyber Claims Report Shows Ransomware Claims Frequency Remains Steady
Cowbell’s latest report highlights a sharp rise in cyber claims, driven by increasingly sophisticated attacks. Ransomware remains a consistent threat, making up nearly one in five claims. The most damaging incidents stemmed from just five criminal groups, often exploiting basic weaknesses like unpatched systems or misconfigured email. Phishing continues to be the top entry point for wider breaches and fraud. Professional services, healthcare, education, construction and manufacturing were the most targeted, underscoring the growing impact of cyber attacks on sectors reliant on sensitive data and operational continuity.
https://www.claimsjournal.com/news/national/2025/06/06/330974.htm
Role of Threat Intelligence in Proactive Defence Strategies
Organisations are increasingly shifting from reactive to proactive cyber security strategies, with threat intelligence now central to anticipating and preventing attacks. By integrating strategic, operational, and technical insights into existing defences, businesses are improving detection speeds and reducing attack success rates by over 97%. The use of real-time threat data, predictive analytics, and advanced threat hunting helps organisations detect adversaries earlier and act faster. With the average breach costing nearly USD 4.9 million, the economic case for investing in threat intelligence is growing, offering both financial resilience and enhanced protection in a rapidly evolving threat landscape.
https://cybersecuritynews.com/threat-intelligence-3/
Beware GenAI Use is Outpacing Security Controls
Palo Alto Networks has found that employees in every organisation are now using an average of 6.6 high-risk generative AI tools, often without the knowledge of security teams. In some firms, over 60 different AI applications are present in the environment, with writing assistants and chatbots being the most common. Alarmingly, incidents involving data loss linked to these tools have more than doubled in the past year. Experts warn that without clear policies and real-time monitoring, organisations risk data leaks, regulatory breaches, and even reward the misuse of shadow AI through unintentional incentives for output quality.
https://www.csoonline.com/article/4002103/cisos-beware-genai-use-is-outpacing-security-controls.html
Why Teenage Hackers Pose More Danger Than Ever
Recent high-profile cyber attacks on UK retailers such as M&S and Co-op have exposed a growing and alarming trend: many of these incidents are not the work of overseas state-backed groups, but of teenage hackers operating from bedrooms in the UK and US. Often meeting online through chat forums, these individuals, sometimes referred to as collectives like Scattered Spider, launch attacks for thrill, money, and status. This new generation of hackers combines social manipulation techniques with access to professional criminal tools, blurring the line between youthful mischief and serious organised crime. Tackling this rising threat requires a shift in how we understand and deter cyber crime.
‘Nation States don’t do hacking for fun’ UK NCSC Urges Businesses to Follow Geopolitics as Defensive Strategy
The UK National Cyber Security Centre (NCSC) has warned that nation states are increasingly using cyber attacks as tools of sabotage and espionage, often targeting supply chains and critical infrastructure. Russia’s offensive cyber capabilities have advanced significantly, with recent attacks timed to coincide with military operations, while China is believed to be embedding threat groups within key systems to prepare for possible future conflict. The NCSC urged businesses to understand how global geopolitical tensions intersect with their own cyber risk exposure. Despite this, financially motivated cyber criminals remain the most common threat, with many incidents causing unintended collateral damage to private firms.
Damascened Peacock: Russian Hackers Targeted UK Ministry of Defence
The UK’s Ministry of Defence has disclosed a sophisticated cyber attack attempt by Russia-linked hackers posing as journalists in a spear phishing campaign dubbed “Damascened Peacock”. The attackers aimed to deploy malware through deceptive emails disguised as urgent media or financial requests. Although the attack was thwarted, it is part of over 90,000 state-linked cyber threats against UK defence in the past two years. The malware used was new and linked to a known Russian group previously active in targeting military and government entities across the West. The UK is now investing in stronger cyber capabilities to counter such threats.
Governance, Risk and Compliance
CISO Roles Expand Beyond Cyber Security as Organisations Embrace Strategic Security Leadership
CISO 3.0: Leading AI governance and security in the boardroom - Help Net Security
CISO Stature Rises, but Budgets Remain Tight
UK SMBs are ramping up cyber security spending – and it’s about time | IT Pro
Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions
Building a Cyber-Resilient Organisation CISOs Roadmap
Is Your CISO Navigating Your Flight Path?
What is Fourth-Party Risk Management (FPRM)? | Definition from TechTarget
Breaking Down Silos Aligning IT and Security Teams
Cyber security top investment priority with tech leaders
Are you cyber resilient? Five traits that define the leaders of 2025 | SC Media
Preparing for AI: The CISO’s role in security, ethics and compliance | Computer Weekly
Creating the right organisational culture for cyber security - NCSC.GOV.UK
6 hard truths security pros must learn to live with | CSO Online
Why hacking yourself first is essential for proactive cyber security | TechRadar
From Reactive to Resilient: Achieving Compliance and Driving ROI Through Threat... | SC Media UK
What Is Cyber Threat Intelligence: Quick Guide For CISOs
Cyber and digital get over £1bn to enhance UK’s national security | Computer Weekly
53% of cyber department leaders eyeing the exit | CSO Online
Cyber security Needs Satellite Navigation, Not Paper Maps - Security Boulevard
Threats
Ransomware, Extortion and Destructive Attacks
FBI: Play ransomware breached 900 victims, including critical orgs
Mandatory Ransomware Payment Disclosure Begins in Australia - Infosecurity Magazine
Do-It-Yourself Cyber Attack Tools Are Booming - WSJ
6 rising malware trends every security pro should know | CSO Online
Scattered Spider: Three things the news doesn’t tell you
Play ransomware groups use SimpleHelp flaw: FBI • The Register
Cyber Claims Report Shows Ransomware Claims Frequency Remains Steady
Mysterious leaker outs Conti ransomware kingpins • The Register
Interlock ransomware: what you need to know | Tripwire
Cops in Germany Claim They’ve ID’d the Mysterious Trickbot Ransomware Kingpin | WIRED
New ChatGPT Scam Infects Users With Ransomware: ‘Exercise Extreme Caution’
When ransomware listings create confusion as to who the victim was – DataBreaches.Net
Cyber attacks: What do hackers do with your data?
Men Who Hacked Law Enforcement Database for Doxing Sentenced to Prison - SecurityWeek
ViLE gang members sentenced for DEA portal breach, extortion
Space assets could be held ransom. Will we have any choice but to pay? - SpaceNews
Ransomware and USB attacks are hammering OT systems - Help Net Security
Ransomware Victims
FBI: Play ransomware breached 900 victims, including critical orgs
Two thirds of UK consumers are changing online shopping habits due to recent retail cyber attacks
M&S hackers sent abuse and ransom demand directly to CEO - BBC News
Volkswagen investigates hacker data breach claims | Cybernews
Victoria's Secret Says It Will Postpone Earnings Report After Recent Security Breach - SecurityWeek
Interlock ransomware claims Kettering Health breach, leaks stolen data
A cyber attack hit hospitals operated by Covenant Health
Next beefs up customer security amid retail hacking crisis - UKTN
Phishing & Email Based Attacks
Do-It-Yourself Cyber Attack Tools Are Booming - WSJ
Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions
Crims breached 100k UK tax accounts to steal £43M from HMRC • The Register
Phishing Campaign Uses Fake Booking.com Emails to Deliver Malware - Infosecurity Magazine
VEC Attacks Outpace BEC in EMEA: A Growing Challenge for MSSPs | MSSP Alert
Cyber attacks: What do hackers do with your data?
Fred Hutch to pay $50M+ in 2023 data raid settlement • The Register
Beware of Device Code Phishing
Where Did The Name 'Phishing' Come From?
Business Email Compromise (BEC)/Email Account Compromise (EAC)
VEC Attacks Outpace BEC in EMEA: A Growing Challenge for MSSPs | MSSP Alert
Other Social Engineering
Beware of Device Code Phishing
North Korea Infiltrates US Remote Jobs—With the Help of Everyday Americans - WSJ
Thwart nation-state threat actors with these CISO tips | TechTarget
Vishing Crew Targets Salesforce Data
ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware - SecurityWeek
Fraud, Scams and Financial Crime
Crims breached 100k UK tax accounts to steal £43M from HMRC • The Register
FBI Warns of Filipino Tech Company Running Crypto Scams
Why Scamming Can't Be Stopped—But It Can Be Managed - SecurityWeek
Law enforcement seized the carding marketplace BidenCash
DOJ seizes $7.7M from crypto funds linked to North Korea’s IT worker scheme | CyberScoop
Google survey shows Americans are changing how they fight scams - Help Net Security
Scammer Reported To FBI & Cyber Crime Agency After Conning TV Writers
Airbnb scams: new book explores thriving criminal activity on big tech platforms
Artificial Intelligence
Vibe coding is here to stay. Can it ever be secure? | CyberScoop
CISOs beware: genAI use is outpacing security controls | CSO Online
Beware of Weaponized AI Tool Installers That Infect Your Devices With Ransomware
Preparing for AI: The CISO’s role in security, ethics and compliance | Computer Weekly
The hidden security risks of open source AI | Computer Weekly
AI Emerges as the Top Concern for Security Leaders | Security Magazine
Combatting the Threat of AI Misuse | SC Media UK
The Rise of ‘Vibe Hacking’ Is the Next AI Nightmare | WIRED
96% of IT pros say AI agents are a security risk, but they're deploying them anyway | ZDNET
Companies Are Discovering a Grim Problem With "Vibe Coding"
The security debt of browsing AI agents | TechRadar
Researchers Bypass Deepfake Detection With Replay Attacks
AI agents make great teammates, but don't let them code alone - here's why | ZDNET
2FA/MFA
Malware
Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions
6 rising malware trends every security pro should know | CSO Online
Beware of Weaponized AI Tool Installers That Infect Your Devices With Ransomware
Sophisticated Malware Campaign Targets Windows and Linux Systems - Infosecurity Magazine
Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack
New versions of Chaos RAT target Windows and Linux systems
FBI: BADBOX 2.0 Android malware infects millions of consumer devices
ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware - SecurityWeek
Backdoored Open Source Malware Repositories Target Novice Cyber Criminals - SecurityWeek
US offers $10M for tips on state hackers tied to RedLine malware
Threat Actors Exploiting DevOps Web Servers Misconfigurations To Deploy Malware
Hacker targets other hackers and gamers with backdoored GitHub code
Mobile
Android banking trojan Crocodilus rapidly evolves and goes global
FBI Wants Access To Encrypted iPhone And Android Data—So Does Europe
Google addresses 34 high-severity vulnerabilities in June’s Android security update | CyberScoop
Android malware trends: Stealthier, easier-to-use | Intel 471
Beware of Device Code Phishing
Denial of Service/DoS/DDoS
Major DDoS attack disrupts Moscow’s internet services | SC Media
Internet of Things – IoT
FBI: BADBOX 2.0 Android malware infects millions of consumer devices
Your Amazon light bulb cameras are secretly beaming footage to Chinese servers without consent
Data Breaches/Leaks
ConnectWise Breached, ScreenConnect Customers Targeted
Fred Hutch to pay $50M+ in 2023 data raid settlement • The Register
Volkswagen investigates hacker data breach claims | Cybernews
Men Who Hacked Law Enforcement Database for Doxing Sentenced to Prison - SecurityWeek
ViLE gang members sentenced for DEA portal breach, extortion
Cartier discloses data breach amid fashion brand cyber attacks
The North Face warns customers of April credential stuffing attack
Hackers Leak 86 Million AT&T Records with Decrypted SSNs
Organised Crime & Criminal Actors
Do-It-Yourself Cyber Attack Tools Are Booming - WSJ
Why teenage hackers pose more danger than ever
Websites selling hacking tools to cyber criminals seized – DataBreaches.Net
US DoJ Seizes 4 Domains Supporting Cyber Crime Crypting Services in Global Operation
How global collaboration is hitting cyber criminals where it hurts - Help Net Security
Infosecurity 2025: NCA cyber intelligence head spells out trends | Computer Weekly
Cyber attacks: What do hackers do with your data?
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
FBI Warns of Filipino Tech Company Running Crypto Scams
Hacker arrested for breaching 5,000 hosting accounts to mine crypto
DOJ seizes $7.7M from crypto funds linked to North Korea’s IT worker scheme | CyberScoop
BitMEX discovers cybersecurity lapses in North Korea hacker group
The US government is now a bitcoin whale. That has consequences | American Banker
Insider Risk and Insider Threats
North Korea Infiltrates US Remote Jobs—With the Help of Everyday Americans - WSJ
FBI arrests DoD IT worker, claim he tried to leak intel • The Register
Thwart nation-state threat actors with these CISO tips | TechTarget
Insurance
Cyber Claims Report Shows Ransomware Claims Frequency Remains Steady
Companies Looking to Cyber Liability Insurance
Supply Chain and Third Parties
ConnectWise Breached, ScreenConnect Customers Targeted
Play ransomware groups use SimpleHelp flaw: FBI • The Register
What is Fourth-Party Risk Management (FPRM)? | Definition from TechTarget
Half of Firms Suffer Two Supply Chain Incidents in Past Year - Infosecurity Magazine
Outages
SentinelOne: Last week’s 7-hour outage caused by software flaw
Identity and Access Management
Don’t let dormant accounts become a doorway for cyber criminals
Encryption
FBI Wants Access To Encrypted iPhone And Android Data—So Does Europe
MITRE Publishes Post-Quantum Cryptography Migration Roadmap - SecurityWeek
Inside The Coming Quantum Crisis: Why CEOs Must Prepare For Q-Day Now
The EU’s “Encryption Roadmap” Makes Everyone Less Safe | Electronic Frontier Foundation
Linux and Open Source
Sophisticated Malware Campaign Targets Windows and Linux Systems - Infosecurity Magazine
New versions of Chaos RAT target Windows and Linux systems
New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora
Passwords, Credential Stuffing & Brute Force Attacks
New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora
Account Lockout Policy: Setup and Best Practices Explained | TechTarget
Don’t let dormant accounts become a doorway for cyber criminals
Social Media
Meta is now a defence contractor • The Register
Training, Education and Awareness
Building a Scalable Cyber Security Training Program
Regulations, Fines and Legislation
Mandatory Ransomware Payment Disclosure Begins in Australia - Infosecurity Magazine
The UK’s New Cyber Security Bill: A Call to Action for Tech Businesses - Infosecurity Magazine
Vodafone Germany Fined $51 Million Over Privacy, Security Failures - SecurityWeek
Data watchdog put cops on naughty step for lost CCTV footage • The Register
US Banks Seek to Limit Cyber Attack Disclosures
Trump budget proposal would slash more than 1,000 CISA jobs | CyberScoop
Slashing CISA Is a Gift to Our Adversaries
The EU’s “Encryption Roadmap” Makes Everyone Less Safe | Electronic Frontier Foundation
Trump's Cyber Pick Vows Interagency Cooperation if Confirmed
Senator hounds Trump’s cyber pick over CISA cuts • The Register
Models, Frameworks and Standards
The UK’s New Cyber Security Bill: A Call to Action for Tech Businesses - Infosecurity Magazine
MITRE Publishes Post-Quantum Cryptography Migration Roadmap - SecurityWeek
Data Protection
Data watchdog put cops on naughty step for lost CCTV footage • The Register
Careers, Working in Cyber and Information Security
CIOs get serious about closing the skills gap — mainly from within | CIO
PTSD Resolution and CIISec to offer therapy to cyber workers
53% of cyber department leaders eyeing the exit | CSO Online
Law Enforcement Action and Take Downs
Hacker arrested for breaching 5,000 hosting accounts to mine crypto
Websites selling hacking tools to cyber criminals seized – DataBreaches.Net
US DoJ Seizes 4 Domains Supporting Cyber Crime Crypting Services in Global Operation
How global collaboration is hitting cyber criminals where it hurts - Help Net Security
Infosecurity 2025: NCA cyber intelligence head spells out trends | Computer Weekly
Men Who Hacked Law Enforcement Database for Doxing Sentenced to Prison - SecurityWeek
ViLE gang members sentenced for DEA portal breach, extortion
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
UK CyberEM Command to spearhead new era of armed conflict • The Register
The UK Brings Cyberwarfare Out of the Closet - SecurityWeek
Nation State Actors
Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names - SecurityWeek
Will Massive Security Glossary From Microsoft, Google, CrowdStrike, Palo Alto Improve Collaboration?
China
China accuses Taiwan and the US of being feeble hackers • The Register
Your Amazon light bulb cameras are secretly beaming footage to Chinese servers without consent
Russia
Damascened Peacock: Russian hackers targeted UK Ministry of Defence
Russian hybrid warfare: Ukraine's success offers lessons for Europe - Atlantic Council
Ukraine's enduring cyber defence: Assessing resilience and impact of shifting international support
US offers $10M for tips on state hackers tied to RedLine malware
Russian hackers target Greek company | Ukrainska Pravda
Ukraine takes second strike at Russians with Tupolev hack • The Register
Major DDoS attack disrupts Moscow’s internet services | SC Media
Moscow Poses No Threat to Britain, Says Russia's UK Embassy
Iran
Iranian APT 'BladedFeline' Hides in Network for 8 Years
North Korea
North Korea Infiltrates US Remote Jobs—With the Help of Everyday Americans - WSJ
DOJ seizes $7.7M from crypto funds linked to North Korea’s IT worker scheme | CyberScoop
BitMEX discovers cyber security lapses in North Korea hacker group
Tools and Controls
What Is Cyber Threat Intelligence: Quick Guide For CISOs
Vibe coding is here to stay. Can it ever be secure? | CyberScoop
Companies Are Discovering a Grim Problem With "Vibe Coding"
From Reactive to Resilient: Achieving Compliance and Driving ROI Through Threat... | SC Media UK
Bitdefender report finds 84% of major attacks now involve legitimate tools - SiliconANGLE
Role of Threat Intelligence in Proactive Defence Strategies
Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names - SecurityWeek
Will Massive Security Glossary From Microsoft, Google, CrowdStrike, Palo Alto Improve Collaboration?
Play ransomware groups use SimpleHelp flaw: FBI • The Register
What is Fourth-Party Risk Management (FPRM)? | Definition from TechTarget
The Rise of ‘Vibe Hacking’ Is the Next AI Nightmare | WIRED
AI agents make great teammates, but don't let them code alone - here's why | ZDNET
CISO Stature Rises, but Budgets Remain Tight
Building a Cyber-Resilient Organisation CISOs Roadmap
Cyber security top investment priority with tech leaders
Why hacking yourself first is essential for proactive cyber security | TechRadar
Beyond the Broken Wall: Why the Security Perimeter Is Not Enough
A comprehensive new guide to today’s hazards | UNDRR
CISOs need better tools to turn risk into action - Help Net Security
Account Lockout Policy: Setup and Best Practices Explained | TechTarget
Don’t let dormant accounts become a doorway for cyber criminals
96% of IT pros say AI agents are a security risk, but they're deploying them anyway | ZDNET
Why Scamming Can't Be Stopped—But It Can Be Managed - SecurityWeek
48% of security pros are falling behind compliance requirements - Help Net Security
Threat Actors Exploiting DevOps Web Servers Misconfigurations To Deploy Malware
Researchers Bypass Deepfake Detection With Replay Attacks
Agentic AI and the risks of unpredictable autonomy - Help Net Security
DNS Hijacking, A Major Cyber Threat for the UK Government - Infosecurity Magazine
Other News
A comprehensive new guide to today’s hazards | UNDRR
Bitdefender report finds 84% of major attacks now involve legitimate tools - SiliconANGLE
Two thirds of UK consumers are changing online shopping habits due to recent retail cyber attacks
Cyber and digital get over £1bn to enhance UK’s national security | Computer Weekly
UK Defence Review: “Making Britain safer/secure at home, and strong abroad” - EDR Magazine
New spying claims emerge in Silicon Valley corporate espionage scandal
Danish energy sector probes removes concerns about solar involvement – pv magazine International
Cyber Security Needs Satellite Navigation, Not Paper Maps - Security Boulevard
Space assets could be held ransom. Will we have any choice but to pay? - SpaceNews
CISOs Guide to Navigating the 2025 Threat Landscape
The Secret Defence Strategy of Four Critical Industries Combating Advanced Cyber Threats
Vulnerability Management
Filling the Gap with the European Vulnerability Database
Future-ready cyber security: Lessons from the MITRE CVE crisis | CyberScoop
Trump budget proposal would slash more than 1,000 CISA jobs | CyberScoop
Slashing CISA Is a Gift to Our Adversaries
Seven Steps to Building a Mature Vulnerability Management Program - Infosecurity Magazine
Vulnerabilities
Technical Details Published for Critical Cisco IOS XE Vulnerability - SecurityWeek
Two Linux flaws can lead to the disclosure of sensitive data
SentinelOne: Last week’s 7-hour outage caused by software flaw
Google addresses 34 high-severity vulnerabilities in June’s Android security update | CyberScoop
New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch
Microsoft ships emergency patch to fix Windows 11 startup failures
Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code
Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI
Questions Swirl Around ConnectWise Flaw Used in Attacks
Hackers are exploiting critical flaw in vBulletin forum software
Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU
vBulletin Vulnerability Exploited in the Wild - SecurityWeek
HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass
Why SAP security updates are a struggle for large enterprises - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 30 May 2025
Black Arrow Cyber Threat Intelligence Briefing 30 May 2025:
-New Spear-Phishing Attack Targeting Financial Executives by Deploying Malware
-The Hidden Cyber Risks in Your Executive Team’s Digital Footprint
-Mandatory Ransomware Payment Disclosure Begins in Australia
-Cyber is Now the Top Reputational Risk for Global Firms for 2024/25 per WTW
-Cyber Security Teams Generate Average of $36M in Business Growth
-M&S Boss: I Went into Shock over Cyber Attack
-Cyber Criminals Exploit AI Hype to Spread Ransomware, Malware
-AI Is Perfecting Scam Emails, Making Phishing Hard to Catch
-4.5% of Breaches Now Extend to Fourth Parties
-Any Teenager Can Be a Cyber Attacker Now, Parents Warned
-New Russian State Hacking Group Hits Europe and North America
-DragonForce Engages in "Turf War" for Ransomware Dominance
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week’s review highlights the growing risks facing senior executives, with threat actors increasingly targeting C-suite leaders through tailored spear-phishing campaigns and exploiting their digital footprints. A recent study reports cyber risk as the top reputational concern for senior leaders globally, yet most organisations remain unprepared to model the business impact of such events, while the CEO of M&S highlights the personal effects of experiencing a cyber attack. By contrast, we report on a study that has assessed the business value of including cyber security at the outset of business initiatives.
We also report on the evolution of attack tactics, including disguising ransomware and malware as legitimate AI tools, and enabling teenagers with limited technical skills to conduct attacks. The cyber threat landscape remains volatile, with criminal groups exploiting AI hype, expanding supply chain attack vectors, and even competing for dominance amongst their peers.
Finally, Australia now requires companies to report ransomware payments, which we see as part of a growing drive for transparency that builds on current and forthcoming legislation in other jurisdictions.
Black Arrow recommends that business leaders should ensure they perform an objective assessment of their cyber risks, and address those risks through controls across people, operations and technology aligned to a respected framework underpinned by robust governance.
Top Cyber Stories of the Last Week
New Spear-Phishing Attack Targeting Financial Executives by Deploying Malware
A new spear-phishing (highly targeted/individualised phishing) campaign is actively targeting chief financial officers and senior executives in the banking, energy, insurance, and investment sectors across multiple regions, including the UK. The operation impersonates recruitment outreach from a well-known financial firm and uses convincing social engineering to bypass standard security training. The attackers deploy a legitimate remote access tool, blending into normal network activity and complicating detection. The use of custom CAPTCHA and hidden download mechanisms highlights the operation’s sophistication. The campaign’s precise targeting and persistence tactics reflect a well-resourced threat actor likely pursuing long-term strategic access.
https://cybersecuritynews.com/new-spear-phishing-attack-targeting-financial-executives/
The Hidden Cyber Risks in Your Executive Team’s Digital Footprint
Executives and board members are increasingly targeted by cyber criminals due to their extensive digital footprints and access to high-value systems. Public profiles, reused passwords, and personal device use create opportunities for attackers to launch tailored phishing, impersonation, and deepfake scams. Infostealers harvesting login details and cookies from executive endpoints are now sold on dark web markets, sometimes with corporate credentials priced as low as $100. These risks go beyond technical flaws, exposing organisations to reputational and operational damage. Proactive monitoring of executive identities and digital exposure is now critical to reducing breach likelihood and maintaining cyber resilience.
Mandatory Ransomware Payment Disclosure Begins in Australia
Australia has become the first country to mandate the reporting of ransomware payments, requiring private organisations with turnover above AUD $3m to notify authorities within 72 hours of making or learning of a payment. The new measures aim to improve visibility into cyber crime and reduce underreporting, with research showing only one in five victims currently alert authorities. The law also introduces a Cyber Incident Review Board and forthcoming smart device security standards. With global momentum growing, the UK is now consulting on similar ransomware reporting and payment restrictions for critical infrastructure and public sector entities.
https://www.infosecurity-magazine.com/news/ransomware-payment-disclosure/
Cyber is Now the Top Reputational Risk for Global Firms for 2024/25 per WTW
WTW’s latest global survey has found that cyber risk is now the top reputational concern for senior executives, cited by 65% of respondents up from 52% last year. Environmental and governance risks also rose significantly, reflecting growing regulatory pressures. While 94% of organisations now reserve budgets for managing reputational damage, only 11% feel confident in modelling the financial impact of such events. Encouragingly, most firms have formal crisis response teams and conduct regular scenario testing, but the gap between preparedness and risk quantification remains a key challenge for leadership to address in today’s volatile threat landscape.
Cyber Security Teams Generate Average of $36M in Business Growth
An EY global study has found that cyber security teams contribute a median of $36 million in business value per enterprise initiative, yet budget allocations have halved as a percentage of revenue over the past two years. Despite their growing strategic role, only 13% of CISOs are engaged early in key business decisions. The report highlights that when involved from the outset, security leaders accelerate innovation, reduce risk, and strengthen customer trust particularly in AI adoption and market expansion. Organisations recognising this are seeing both enhanced resilience and competitive advantage through secure, business-aligned transformation.
https://www.infosecurity-magazine.com/news/cybersecurity-teams-business-growth/
M&S Boss: I Went into Shock over Cyber Attack
The chief executive of UK retailer Marks & Spencer (M&S) described feeling “in shock” as the company faced a ransomware cyber attack that disrupted payments, digital stock systems and online sales, with losses estimated at £300 million. The incident exposed personal data belonging to staff and millions of customers, prompting warnings about scams and reinforcing the reputational impact. The attack, attributed to human error, highlighted the persistent difficulty in defending against ransomware. The crisis has accelerated M&S’ digital infrastructure overhaul, reducing a planned three-year transformation to just 18 months.
https://www.telegraph.co.uk/business/2025/05/25/ms-boss-i-went-into-shock-over-cyber-attack/
Cyber Criminals Exploit AI Hype to Spread Ransomware, Malware
Cyber criminals are increasingly exploiting public interest in artificial intelligence by disguising ransomware and malware as legitimate AI tools. Recent campaigns have used fake websites and malicious installers claiming to offer free AI services to lure users into downloading harmful software. Victims are targeted through manipulated search engine results and deceptive advertisements. Once installed, these payloads can encrypt data, corrupt systems, or render devices inoperable. Notably, attackers are blending legitimate AI components with malware to evade detection. Organisations are advised to source AI tools only from verified providers and avoid downloading from promoted links or unofficial platforms.
AI Is Perfecting Scam Emails, Making Phishing Hard to Catch
AI-driven tools are transforming phishing scams, making fraudulent emails far harder to detect. Unlike earlier scams with poor grammar and awkward phrasing, messages now appear polished and convincingly mimic trusted brands and individuals, even in niche languages like Icelandic. The FBI estimates email and impersonation frauds generated $16.6 billion last year. Attackers can now rapidly customise scams at scale, embedding into real threads and exploiting lookalike domains. Experts warn traditional awareness training is no longer enough; verifying suspicious messages and using measures like multifactor authentication and password managers are increasingly essential for defence.
https://www.axios.com/2025/05/27/chatgpt-phishing-emails-scam-fraud
4.5% of Breaches Now Extend to Fourth Parties
There has been a sharp rise in supply chain risks, with over a third (35%) of breaches in 2024 linked to third parties, up 6.5% from last year, and 4.5% now involving fourth parties. Nearly half of these third-party breaches stemmed from technology services, though attack surfaces are diversifying. Ransomware operations are increasingly exploiting supply chains, with 41% of attacks originating via third-party vectors. Subsidiaries and acquisitions now account for nearly 12% of third-party breaches, exposing internal blind spots. The findings underscore the urgent need for continuous, real-time monitoring of vendor ecosystems, as traditional periodic assessments are no longer sufficient.
https://www.helpnetsecurity.com/2025/05/27/third-party-breaches-increase/
Any Teenager Can Be a Cyber Attacker Now, Parents Warned
There has observed a shift in the cyber crime landscape, with younger, less technically skilled individuals now able to participate in serious offences using widely available online tools. Hacking communities such as “the Com” have evolved into organised groups engaging in ransomware, fraud and extortion, with some members living extravagantly on stolen cryptocurrency. The recent cyber attack on UK retailer M&S, linked to this network, could cost the retailer up to £300 million. Authorities warn that parents and organisations alike must be more alert, as cyber crime becomes more accessible, socially driven and increasingly blurred with real-world violence and intimidation.
New Russian State Hacking Group Hits Europe and North America
Microsoft has identified a newly active Russian state-affiliated group, called Void Blizzard or Laundry Bear, targeting government bodies and critical industries across Europe and North America. The group has compromised multiple organisations, including Ukrainian aviation and Dutch police entities, with tactics ranging from password spraying to spear phishing using spoofed authentication pages. Recent campaigns targeted over 20 NGOs with malicious QR codes to harvest credentials. Post-compromise activity includes automated data theft from cloud platforms and access to Microsoft Teams. Intelligence agencies warn that the group is seeking sensitive defence-related information, particularly linked to NATO, EU member states and military support for Ukraine.
https://www.infosecurity-magazine.com/news/russian-state-group-europe-america/
DragonForce Engages in "Turf War" for Ransomware Dominance
Sophos has revealed that the ransomware group DragonForce is engaged in a power struggle with rivals in a bid to dominate the cyber crime landscape. Following a rebrand into a ‘cartel’ model and launch of its white-label ransomware platform, DragonForce has targeted competitors and appears responsible for the sudden outage of a rival group’s infrastructure in March. This internal warfare has disrupted some operations but has not reduced the threat to organisations. Instead, researchers warn it may lead to more unpredictable and opportunistic cyber attacks, requiring businesses to strengthen incident response and threat monitoring capabilities.
https://www.infosecurity-magazine.com/news/dragonforce-turf-war-ransomware/
Governance, Risk and Compliance
Cyber now the top reputational risk for global firms, WTW report finds | Global Reinsurance
Welcome to the age of cyber insecurity in business
M&S boss: I went into shock over cyber attack
Firms Eye Vulnerabilities as Enterprise Cyber Security Risks Surge
4.5% of breaches now extend to fourth parties - Help Net Security
When leaders ignore cyber security rules, the whole system weakens | Computer Weekly
The Hidden Cyber Risks in Your Executive Team’s Digital Footprint - Security Boulevard
Cyber Security Teams Generate Average of $36M in Business Growth - Infosecurity Magazine
Why Cyber Security Is Shifting From Detection To Performance
Threats
Ransomware, Extortion and Destructive Attacks
DragonForce used MSP's RMM software to distribute ransomware • The Register
DragonForce Engages in "Turf War" for Ransomware Dominance - Infosecurity Magazine
Police Probe Hacking Gang Over Retail Attacks | Silicon UK Tech
Cyber criminals exploit AI hype to spread ransomware, malware
Any teenager can be a cyber attacker now, parents warned
In cyber attacks, humans can be the weakest link
Ransomware, Rewritten: How AI Is Fueling Both Sides of the Fight | MSSP Alert
How CISOs can defend against Scattered Spider ransomware attacks | CSO Online
Silent Ransom Group targeting law firms, the FBI warns
FBI warns of Luna Moth extortion attacks targeting law firms
UK, US Police Target Ransomware Gangs In Latest Action | Silicon
Sophos warns MSPs over DragonForce threat | Microscope
'Everest Group' Extorts Global Orgs via SAP's HR Tool
'Kisses from Prague': The fall of a Russian ransomware giant
The rise and rise of ransomware - Chris Skinner's blog
Ransomware Victims
Police Probe Hacking Gang Over Retail Attacks | Silicon UK Tech
M&S boss: I went into shock over cyber attack
In cyber attacks, humans can be the weakest link
Retail attacks put cyber security in the spotlight | ICAEW
Silent Ransom Group targeting law firms, the FBI warns
FBI warns of Luna Moth extortion attacks targeting law firms
Hackers just hit a $5B hospital empire, demand ransom | Cybernews
Nova Scotia Power Confirms Ransomware Attack, 280k Notified of Data Breach - SecurityWeek
Luxury jet company allegedly faces data breach | Cybernews
Nova Scotia Power confirms it was hit by ransomware
The rise and rise of ransomware - Chris Skinner's blog
Victoria’s Secret Website Taken Offline After Cyber Attack - SecurityWeek
Phishing & Email Based Attacks
How to spot phishing emails now that AI has cleaned up the typos
New Spear-Phishing Attack Targeting Financial Executives by Deploying NetBird Malware
'Haozi' Gang Sells Turnkey Phishing Tools to Amateurs
Less than eight percent of top domains implement the toughest DMARC protection
Threat actors abuse Google Apps Script in evasive phishing attacks
Threat Actors Impersonate Fake Docusign Notifications To Steal Corporate Data
Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth's Stealth Phishing Campaign
The rise of AI-driven phishing attacks: A growing threat and the power of smarter defences | Ctech
New Browser Exploit Technique Undermines Phishing Detection - Infosecurity Magazine
New Russian cyber-spy crew Laundry Bear joins the pack • The Register
What to do if your Facebook account has been phished, hacked, stolen
Gone phishing: the rise of retail cyber crime in four charts
‘Secure email’: A losing battle CISOs must give up | CSO Online
Other Social Engineering
In cyber attacks, humans can be the weakest link
Cyber criminals exploit AI hype to spread ransomware, malware
Oversharing online? 5 ways it makes you an easy target for cyber criminals | ZDNET
The Hidden Cyber Risks in Your Executive Team’s Digital Footprint - Security Boulevard
Can You Identify a Scam Link? Don't Worry, We'll Teach You How - CNET
How well do you know your remote IT worker? - Help Net Security
Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers
Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth's Stealth Phishing Campaign
WSJ: US probes fake White House staff plot | Cybernews
Late night cyber attack targets Israelis with fake hostage calls
Fraud, Scams and Financial Crime
Crypto Drainers are Targeting Cryptocurrency Users - Security Boulevard
Can You Identify a Scam Link? Don't Worry, We'll Teach You How - CNET
Digital trust is cracking under the pressure of deepfakes, cyber crime - Help Net Security
Grandpa-conning crook jailed over sugar-coated drug scam • The Register
Public urged to create secret passwords with family and friends to avoid AI-generated scams
Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats
Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers
How CISOs can regain ground in the AI fraud war - Help Net Security
US sanctions firm linked to cyber scams behind $200 million in losses
Artificial Intelligence
How to spot phishing emails now that AI has cleaned up the typos
Cyber criminals exploit AI hype to spread ransomware, malware
The Hidden Cyber Risks in Your Executive Team’s Digital Footprint - Security Boulevard
Ransomware, Rewritten: How AI Is Fueling Both Sides of the Fight | MSSP Alert
Digital trust is cracking under the pressure of deepfakes, cyber crime - Help Net Security
Cyber criminals Take Advantage of ChatGPT and Other Generative AI Models | Security Magazine
TikTok fans beware - experts warn dangerous malware spread by AI fake videos | TechRadar
How well do you know your remote IT worker? - Help Net Security
Public urged to create secret passwords with family and friends to avoid AI-generated scams
How CISOs can regain ground in the AI fraud war - Help Net Security
Rethinking Data Privacy in the Age of Generative AI
AI forces security leaders to rethink hybrid cloud strategies - Help Net Security
The rise of AI-driven phishing attacks: A growing threat and the power of smarter defences | Ctech
Most AI chatbots devour your user data - these are the worst offenders | ZDNET
Malware
Cyber criminals exploit AI hype to spread ransomware, malware
New Spear-Phishing Attack Targeting Financial Executives by Deploying NetBird Malware
SilverRAT Source Code Leaked Online: Here’s What You Need to Know
TikTok fans beware - experts warn dangerous malware spread by AI fake videos | TechRadar
Fake Zenmap. WinMRT sites target IT staff with Bumblebee malware
Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware
Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto
Hackers increasingly target UEFI and bootloaders | Cybernews
Don't click on that Facebook ad for a text-to-AI-video tool • The Register
GitHub becomes go-to platform for malware delivery across Europe - Help Net Security
New AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor.
Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations
Latrodectus malware detected on over 44K IPs | Cybernews
PumaBot Targets Linux Devices in Botnet Campaign
From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign
$24 Mln In Cryptocurrency Seized From Russian Malware Network
New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency
Bots/Botnets
New AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor.
PumaBot Targets Linux Devices in Botnet Campaign
Mobile
Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats
If You Get This Message On Your Phone It’s An Attack
Internet of Things – IoT
PumaBot Targets Linux Devices in Botnet Campaign
States Have a TP-Link Problem - The National Interest
Data Breaches/Leaks
ConnectWise Hit by Cyber Attack; Nation-State Actor Suspected in Targeted Breach
NHS trusts in London and Southampton hit by cyber attack
Coinbase and TaskUs hack: How it happened | Fortune Crypto
Hackers claim major French govt email data breach | Cybernews
Adidas Falls Victim to Third-Party Data Breach
Luxury jet company allegedly faces data breach | Cybernews
Organised Crime & Criminal Actors
Cyber crime much bigger than nation-state ops: Daniel • The Register
Any teenager can be a cyber attacker now, parents warned
Russian Government Hackers Caught Buying Passwords from Cyber Criminals - SecurityWeek
$24 Mln In Cryptocurrency Seized From Russian Malware Network
US sanctions firm linked to cyber scams behind $200 million in losses
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Coinbase and TaskUs hack: How it happened | Fortune Crypto
Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto
Crypto Drainers are Targeting Cryptocurrency Users - Security Boulevard
Hacker steals $223 million in Cetus Protocol cryptocurrency heist
Dark Partners cyber crime gang fuels large-scale crypto heists
$24 Mln In Cryptocurrency Seized From Russian Malware Network
Insider Risk and Insider Threats
In cyber attacks, humans can be the weakest link
Why layoffs increase cyber security risks - Help Net Security
US intelligence agency employee charged with espionage | AP News
Insurance
Cyber attack Surge Benefits Insurers, Prompts Rethink on Premiums
Cyber now the top reputational risk for global firms, WTW report finds | Global Reinsurance
What UK retail breaches mean for the global cyber insurance market | Insurance Business America
Supply Chain and Third Parties
DragonForce used MSP's RMM software to distribute ransomware • The Register
ConnectWise Hit by Cyber Attack; Nation-State Actor Suspected in Targeted Breach
UK: Two NHS trusts hit by cyber attack that exploited Ivanti flaw – DataBreaches.Net
Firms Eye Vulnerabilities as Enterprise Cyber Security Risks Surge
4.5% of breaches now extend to fourth parties - Help Net Security
'Everest Group' Extorts Global Orgs via SAP's HR Tool
Cloud/SaaS
SaaS companies in firing line following Commvault attack • The Register
What Your Traffic Logs Aren't Telling You About Cloud Security - Security Boulevard
AI forces security leaders to rethink hybrid cloud strategies - Help Net Security
Outages
SentinelOne back online after lengthy outage • The Register
Encryption
Experts "deeply concerned" by the EU plan to weaken encryption | TechRadar
Quantum Computing Threat to Cryptography
Linux and Open Source
PumaBot Targets Linux Devices in Botnet Campaign
Passwords, Credential Stuffing & Brute Force Attacks
Russian Government Hackers Caught Buying Passwords from Cyber Criminals - SecurityWeek
Social Media
TikTok fans beware - experts warn dangerous malware spread by AI fake videos | TechRadar
Don't click on that Facebook ad for a text-to-AI-video tool • The Register
Oversharing online? 5 ways it makes you an easy target for cyber criminals | ZDNET
Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas
What to do if your Facebook account has been phished, hacked, stolen
Regulations, Fines and Legislation
Cyber defence cuts could sap US response to China hacks, insiders say | World | postguam.com
Major conference in San Antonio shelved due to US policy climate
Banks Want SEC to Rescind Cyber Attack Disclosure Requirements
US Government Launches Audit of NIST’s National Vulnerability Database - Infosecurity Magazine
Models, Frameworks and Standards
How FedRAMP Reciprocity Works with Other Frameworks - Security Boulevard
Careers, Working in Cyber and Information Security
Armed forces charity steps in to address cyber mental health crisis | Computer Weekly
Christian Timbers: Cyber Security Executive Pay Up 4.3% in 2025
Cyber Security salaries in 2025: Shifting priorities, rising demand for specialized roles | SC Media
Law Enforcement Action and Take Downs
Latrodectus malware detected on over 44K IPs | Cybernews
UK, US Police Target Ransomware Gangs In Latest Action | Silicon
Grandpa-conning crook jailed over sugar-coated drug scam • The Register
Misinformation, Disinformation and Propaganda
Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
UK Government invests £1bn to equip the army for cyber war, defence secretary reveals
US intelligence agency employee charged with espionage | AP News
Britain’s new defence pact with the EU
Nation State Actors
Cyber crime much bigger than nation-state ops: Daniel • The Register
Midyear Roundup: Nation-State Cyber Threats in 2025
ConnectWise Hit by Cyber Attack; Nation-State Actor Suspected in Targeted Breach
US intelligence agency employee charged with espionage | AP News
China
China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure
China hacks show they're 'preparing for war': McMaster • The Register
States Have a TP-Link Problem - The National Interest
Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations
Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors - SecurityWeek
Prague blames Beijing for cyber attack on foreign ministry
Chinese Hacking Group 'Earth Lamia' Targets Multiple Industries - SecurityWeek
Cyber defence cuts could sap US response to China hacks, insiders say | World | postguam.com
China, Taiwan trade accusations over cyber attacks | Reuters
Russia
Russian Government Hackers Caught Buying Passwords from Cyber Criminals - SecurityWeek
New Russian state-sponsored APT quickly gains global reach, hitting expansive targets | CyberScoop
New Russian State Hacking Group Hits Europe and North America - Infosecurity Magazine
NCSC pins ‘malicious campaign’ of cyber attacks on Russian military intelligence – PublicTechnology
$24 Mln In Cryptocurrency Seized From Russian Malware Network
Electricity supply emerges as prime cyber attack target – German security agency | Clean Energy Wire
'Kisses from Prague': The fall of a Russian ransomware giant
Russia-Linked Hackers Target Tajikistan Government with Weaponized Word Documents
Russia sentences programmer to 14 years for treason • The Register
Iran
85 Iranian cyber attacks linked to killing plots foiled in 2025, Israel says | Iran International
North Korea
How well do you know your remote IT worker? - Help Net Security
Tools and Controls
DragonForce used MSP's RMM software to distribute ransomware • The Register
ConnectWise Hit by Cyber Attack; Nation-State Actor Suspected in Targeted Breach
Cyber Attack Surge Benefits Insurers, Prompts Rethink on Premiums
Why layoffs increase cyber security risks - Help Net Security
The Hidden Cyber Risks in Your Executive Team’s Digital Footprint - Security Boulevard
Welcome to the age of cyber insecurity in business
US, allies push for immediate SIEM, SOAR implementation | SC Media
Why Cyber Security Is Shifting From Detection To Performance
What is OSINT and why it is so important to fight cyber criminals? | TechRadar
SaaS companies in firing line following Commvault attack • The Register
'Everest Group' Extorts Global Orgs via SAP's HR Tool
Ransomware, Rewritten: How AI Is Fueling Both Sides of the Fight | MSSP Alert
The edge devices security risk: What leaders can do | IT Pro
Less than eight percent of top domains implement the toughest DMARC protection
AI Beats 90% of Human Teams in a Hacking Competition
Why data provenance must anchor every CISO’s AI governance strategy - Help Net Security
Recent Acquisitions Illustrate Consolidation Trends in Cyber Security | MSSP Alert
CISA's New SIEM Guidance Tackles Visibility and Blind Spots
‘Secure email’: A losing battle CISOs must give up | CSO Online
Incident Response Planning - Preparing for Data Breaches
Explaining What’s Happened in a Cyber Attack Is Challenging
Predictive Cyber Risk Analysis Using Aggregated Threat Intelligence
Building resilient cyber threat intelligence communities | Computer Weekly
SentinelOne back online after lengthy outage • The Register
What Your Traffic Logs Aren't Telling You About Cloud Security - Security Boulevard
AI forces security leaders to rethink hybrid cloud strategies - Help Net Security
Hackers claim major French govt email data breach | Cybernews
This National Guard unit went analog to simulate a cyber attack
Cyber security challenges could pave the way to a unified approach
Other News
Electricity supply emerges as prime cyber attack target – German security agency | Clean Energy Wire
Britain’s new defence pact with the EU
Why pilots fear that airplanes will be the next target of cyber hackers
The US Is Building a One-Stop Shop for Buying Your Data | WIRED
94 billion browser cookies sold on Telegram | Cybernews
The Cyber Security Catch That Comes With Free Public Wi-Fi
Banks report growing number of cyber attacks against clients | Radio Prague International
This National Guard unit went analog to simulate a cyber attack
Japan to draw up new cyber security strategy by year-end - Japan Today
Cyber security in mining: protecting infrastructure and digital assets | A&O Shearman - JDSupra
Airplane crash-detection systems could be vulnerable | The Week
Vulnerability Management
China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure
Not Every CVE Deserves a Fire Drill: Focus on What’s Exploitable
CVE Uncertainty Underlines Importance of Cyber Resilience
Firms Eye Vulnerabilities as Enterprise Cyber Security Risks Surge
Hackers increasingly target UEFI and bootloaders | Cybernews
NIST Launches Metric to Measure Likelihood of Vulnerability Exploits - Infosecurity Magazine
New Attack Bypasses HTTP/2 Security for Arbitrary Cross-Site Scripting
Microsoft wants Windows Update to handle all apps | The Verge
Vulnerabilities
China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure
ConnectWise Confirms Hack, “Very Small Number” of Customers Affected - Infosecurity Magazine
Questions mount as Ivanti tackles another round of zero-days | CyberScoop
SaaS companies in firing line following Commvault attack • The Register
Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors - SecurityWeek
UK: Two NHS trusts hit by cyber attack that exploited Ivanti flaw – DataBreaches.Net
Thousands of Asus routers are being hit with stealthy, persistent backdoors - Ars Technica
Cisco security flaw exploited to build botnet of thousands of devices | TechRadar
Chrome 137, Firefox 139 Patch High-Severity Vulnerabilities - SecurityWeek
Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin
Apple Safari exposes users to fullscreen browser-in-the-middle attacks
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 23 May 2025
Black Arrow Cyber Threat Intelligence Briefing 25 May 2025:
-M&S IT Contractor ‘Investigating Whether It Was Gateway for Cyber Attack’; M&S Chief Executive Faces £1.1M Pay Hit
-Ransomware Attack on Food Distributor Spells More Pain for UK Supermarkets
-Businesses Ignore Advice on Preventing Cyber Attacks, Says GCHQ
-Executive Complacency Is the Most Dangerous Cyber Threat Today, Warns Insurance VP
-Cyber Security Now HSBC’s Largest Operational Cost
-Best Practices for Board-Level Cyber Security Oversight
-The Importance of Culture in an Effective Cyber Security Programme
-You Do a Fire Drill, so Do a Cyber Attack Drill
-Many Rush into GenAI Deployments, Frequently Without a Security Net
-SMBs Remain Easy Pickings for Cyber Criminals – Here’s Why
-Your Information Was Probably Stolen Again: Researcher Discovers 184 Million Stolen Logins
-Lumma Infostealer Infected About 10 Million Systems Before Global Disruption
-Russia-Linked APT28 Targets Western Logistics Entities and Technology Firms
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
The unfolding story of the recent incidents at the UK retailer Marks & Spencer (M&S) and others gives us insights into the risks faced by organisations in all sectors and locations. It is reported that M&S’ outsourced IT provider is conducting an internal investigation to establish if it was the main cause of the incident which has caused significant harm to the retailer. The Chief Executive of M&S is reported to be facing a loss of £1.1m in remuneration due to the attack, while the UK’s data protection authority is investigating the loss of personal information during the incident.
These factors of supply chain risks, regulatory investigations, and personal losses of senior leadership, remind us of the need for all organisations to properly understand and manage their risks. The newly reported attack on food distributor Peter Green Chilled further highlights the need for robust due diligence and embedding cyber security requirements in supplier relationships.
Our review of threat intelligence highlights that despite long-standing guidance, many organisations still fail to act on basic protections. Regulators and insurers alike are now focusing more heavily on board-level accountability and cultural readiness, rather than purely technical defences. From conducting cyber attack drills to strengthening oversight structures, effective governance must be proactive, not reactive. HSBC’s admission that cyber security is now its single largest operational cost underscores just how strategic this issue has become.
Finally, the rise of infostealer malware, generative AI risks, and nation-state espionage campaigns such as APT28 are expanding the threat landscape. Black Arrow urges executives to conduct an impartial cyber risk assessment of their organisation, including their supply chain, and to ensure that this analysis and the resulting cyber security strategy are governed as part of the business-wide risk management.
Top Cyber Stories of the Last Week
M&S IT Contractor ‘Investigating Whether It Was Gateway for Cyber Attack’; M&S Chief Executive Faces £1.1M Pay Hit
Tata Consultancy Services is investigating whether it was the entry point for a recent cyber attack on UK retailer Marks and Spencer (M&S), which has forced the shutdown of M&S’ online clothing business for over three weeks. The breach resulted in customer data being stolen, wiped more than £750m off M&S’s market value, and could cost up to £300m in operating profit. M&S Chief Executive Stuart Machin faces a potential £1.1m loss in deferred bonuses and share-based incentives. M&S attributed the incident to human error at a third-party supplier. The UK’s data protection authority (ICO) is now assessing accountability, with potential fines of up to £17.5m. The case highlights growing concerns over third-party risks and the broader vulnerability of IT outsourcing partnerships to increasingly organised cyber crime.
https://www.ft.com/content/c658645d-289d-49ee-bc1d-241c651516b0
https://www.ft.com/content/43531d25-4f7a-4d6e-b809-e85bb8f0033e
Ransomware Attack on Food Distributor Spells More Pain for UK Supermarkets
A ransomware attack on UK chilled food distributor Peter Green Chilled has disrupted deliveries to major UK supermarkets, with fresh produce left in limbo and small businesses facing losses of up to £100,000. While transport operations continue, order processing was halted, and communication channels remain limited. The incident underscores the growing threat to supply chain resilience, as cyber criminals increasingly target operational systems to inflict maximum disruption. Experts warn that these attacks are no longer just data breaches but full-blown operational crises, with widespread financial and societal consequences, making investment in cyber resilience critical for the retail sector and its partners.
https://www.theregister.com/2025/05/20/ransomware_attack_on_food_distributor/
Businesses Ignore Advice on Preventing Cyber Attacks, Says GCHQ
Despite years of guidance, the UK GCHQ’s National Cyber Security Centre warns that British organisations are still failing to act on freely available cyber security advice. Recent attacks on major retailers and government bodies have highlighted a growing gap between escalating risks and national readiness. Leaders are being urged to take immediate action, as regulatory pressure mounts through a proposed Cyber Resilience Bill aiming to improve supply chain security and grant stronger enforcement powers.
Executive Complacency Is the Most Dangerous Cyber Threat Today, Warns Insurance VP
Executive complacency is emerging as one of the most critical cyber security threats facing organisations today. While insurance and outsourced services can help, they do not absolve leadership of responsibility. Businesses that suffer a cyber attack may face not only operational downtime but also severe reputational damage, which can erode customer trust and long-term viability. Increasingly, insurers are expanding cover to address risks from non-technology vendors and reputational harm, but only where financial loss can be clearly demonstrated. Experts urge board-level engagement and regular risk assessments, with many tools now available to support benchmarking and proactive cyber resilience planning.
Cyber Security Now HSBC’s Largest Operational Cost
HSBC UK has confirmed that cyber security is now its largest operational expense, with hundreds of millions of pounds spent annually to defend against constant digital threats. The bank’s CEO highlighted that attacks are relentless, with over 1,000 transactions processed every second and around 8,000 IT changes made weekly. As customers increasingly rely on digital services, resilience and rapid recovery are critical. This comes as scrutiny intensifies across the financial sector, following widespread service outages and incidents linked to third-party software failures affecting major UK banks.
Best Practices for Board-Level Cyber Security Oversight
Corporate boards are under growing regulatory and operational pressure to strengthen their cyber security oversight. New US disclosure rules now require public companies to outline board-level governance, including how often cyber risks are reviewed, how incidents are reported, and how security is embedded into wider business strategy. Best practice calls for boards to maintain a dedicated oversight structure, meet with the CISO quarterly, and integrate cyber resilience into enterprise risk management. Regular briefings, external expertise, and realistic incident response protocols are essential to ensure accountability, reduce exposure, and support informed, agile decision-making in a dynamic threat landscape.
https://www.techtarget.com/searchsecurity/tip/Best-practices-for-board-level-cybersecurity-oversight
The Importance of Culture in an Effective Cyber Security Programme
A strong cyber security culture is as vital as technical controls in protecting an organisation. Success hinges on leadership fostering a security-first mindset, where all employees understand their role in safeguarding information. Open communication, regular training, and a non-punitive approach to incident reporting create an environment of shared responsibility. When security is embedded into daily operations and visibly supported by leadership, organisations are better equipped to respond to threats and reduce risk. As threats evolve, this cultural foundation enhances resilience and ensures that cyber security remains a collective and continuous priority across the business.
https://www.jdsupra.com/legalnews/the-importance-of-culture-in-an-8005006/
You Do a Fire Drill, so Do a Cyber Attack Drill
Recent cyber attacks on major British retailers have underscored that cyber security is not a luxury but a necessity for all businesses. The disruption caused has ranged from operational paralysis to reputational harm, with some customers even left without basic services. A key takeaway is that strong technology alone is not enough: cultural preparedness and leadership involvement are critical. Just as businesses conduct fire drills, cyber attack simulations should be standard practice. Organisations that fail to plan for continuity, train key personnel, and embed cyber security into contracts and culture risk serious legal, financial, and operational consequences.
https://www.scotsman.com/business/you-do-a-fire-drill-so-do-a-cyber-attack-drill-5137321
Many Rush into GenAI Deployments, Frequently Without a Security Net
Thales research shows that 70% of organisations now rank the rapid growth of generative AI (GenAI) as their top security concern, with many moving ahead before fully securing their environments. A third are already operationalising GenAI, often without a clear understanding of how it integrates with existing systems. Despite this, 73% are actively investing in AI-specific defences, including tools from cloud providers and emerging vendors. GenAI security has become the second-highest priority after cloud security. At the same time, organisations remain alert to evolving risks, including phishing and post-quantum threats, yet many are still lagging in implementing robust countermeasures.
https://www.helpnetsecurity.com/2025/05/22/genai-adoption-security-concern/
SMBs Remain Easy Pickings for Cyber Criminals – Here’s Why
Research shows that over half of UK businesses have suffered a cyber attack in the past five years, with small and medium-sized businesses (SMBs) particularly at risk due to limited budgets, overworked IT teams, and lack of staff training. These weaknesses have led to an estimated £3.4 billion in annual losses for UK SMBs alone. As cyber threats become more advanced, fuelled by artificial intelligence and accessible criminal tools like ransomware-as-a-service, organisations must invest in basic protections, clear policies, and realistic staff training. Without this, the average cost of a breach could escalate alongside reputational and operational damage.
https://www.techradar.com/pro/smbs-remain-easy-pickings-for-cybercriminals-heres-why
Your Information Was Probably Stolen Again: Researcher Discovers 184 Million Stolen Logins
A security researcher has uncovered a publicly exposed database containing over 184 million stolen login credentials from major platforms including Microsoft, Google and PayPal. The 47GB trove, believed to be collected via infostealer malware, included plaintext usernames, passwords and sensitive terms such as "bank" and "wallet", significantly raising the risk of financial fraud. Among the records were over 220 government email addresses spanning 29 countries, signalling potential national security implications. The incident highlights the ongoing threat posed by data harvested through phishing and malicious downloads, and underscores the critical importance of strong passwords, two-factor authentication and continuous monitoring.
Lumma Infostealer Infected About 10 Million Systems Before Global Disruption
LummaC2, a leading malware-as-a-service platform, infected approximately 10 million systems worldwide before a coordinated international takedown disrupted its operations. Used by cyber criminals to harvest sensitive data, including login credentials, financial information, and browser-stored details, the malware is linked to over $36 million in credit card theft in 2023 alone. Victims ranged from individuals to Fortune 500 companies across sectors such as healthcare, finance, and education. Although the group’s infrastructure has been dismantled, authorities warn that the threat may re-emerge, highlighting the ongoing need for vigilance and cross-sector collaboration to protect against sophisticated data theft operations.
https://cyberscoop.com/lumma-infostealer-widespread-victims/
Russia-Linked APT28 Targets Western Logistics Entities and Technology Firms
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that a Russian state-sponsored group, APT28, is actively targeting Western logistics and technology firms supporting aid to Ukraine, posing a growing threat to NATO-aligned supply chains. Since 2022, organisations across 13 countries have been compromised, including those in defence, rail, and maritime sectors. The attackers used a mix of phishing, brute-force attacks, and exploitation of known software flaws to access systems, steal credentials, and exfiltrate sensitive shipment and personnel data. The campaign also leveraged live IP camera feeds near Ukraine’s borders. Authorities expect this espionage-focused activity to persist.
Governance, Risk and Compliance
Businesses ignore advice on preventing cyber attacks, says GCHQ
Jump in cyber attacks should put businesses on high alert | Computer Weekly
You do a fire drill, so do a cyber attack drill
Best practices for board-level cyber security oversight | TechTarget
Cyber attack threat keeps me awake at night, bank boss says - BBC News
Cyber Security now HSBC's largest operational cost | Mortgage Introducer
The Hidden Cyber Security Risks of M&A
The Importance of Culture in an Effective Cyber Security Program | Ankura - JDSupra
Threats
Ransomware, Extortion and Destructive Attacks
What we know about DragonForce ransomware • The Register
Scattered Spider snared financial orgs before retail • The Register
Service desks are under attack: What can you do about it?
Scattered Spider's Ties to Russia: Closer Than We Think?
3am Ransomware Adopts Email Bombing, Vishing Combo Attack
Ransomware gangs increasingly use Skitnet post-exploitation malware
LockBit Leaks Reveal Drive to Recruit Ransomware Newbies
Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang
Ransomware Gangs Use Skitnet Malware for Stealthy Data Theft and Remote Access
Ex-NSA listened to Scattered Spider's calls: 'They're good' • The Register
Hackers are spreading fake password manager ransomware via Bing ads | PCWorld
VanHelsing ransomware builder leaked on hacking forum
Growing Number Of Targeted Businesses Paying Cyber Criminals, Survey Shows | Scoop News
New Ransomware Attack Mocking Elon Musk Supporters Using PowerShell to Deploy Payloads
Ransomware Victims
How hackers went undetected for 52 hours to cripple M&S
M&S chief executive faces £1.1mn pay hit after cyber attack
Ransomware strikes UK food distributor in latest retail blow • The Register
What we know about DragonForce ransomware • The Register
Service desks are under attack: What can you do about it?
Marks & Spencer faces $402 million profit hit after cyber attack
Why DragonForce is growing in prominence – with retailer attacks boosting its reputation | IT Pro
Investors and shoppers await clues on fallout from M&S cyber attack | Marks & Spencer | The Guardian
M&S cyber attack has cost £300m so far - and disruption will continue until July
Lawyers eyeing M&S cyber attack slammed as ‘predatory’ | The Grocer
UK businesses 'ignore free advice' to stop cyber attacks, GCHQ warns as M&S still reels... - LBC
M&S and Co-Op: BBC reporter on talking to the hackers - BBC News
'Cyber Siege' BBC documentary explores 'devastating' attack on council five years on - Teesside Live
Sensitive Personal Data Stolen in West Lothian Ransomware Attack - Infosecurity Magazine
Mobile carrier Cellcom confirms cyber attack behind extended outages
Kettering Health hit by system-wide outage after ransomware attack
Arla Foods confirms cyber attack disrupts production, causes delays
Phishing & Email Based Attacks
BERNAMA - Phishing And Online Scams Dominate Global Cyber Crime Landscape - INTERPOL
Polymorphic phishing attacks flood inboxes - Help Net Security
New Phishing Attack Mimic as Zoom Meeting Invites to Steal Login Details
Novel Phishing Attack Combines AES, Poisoned npm Packages
Russian Threat Actor TAG-110 Goes Phishing in Tajikistan
Business Email Compromise (BEC)/Email Account Compromise (EAC)
BERNAMA - Phishing And Online Scams Dominate Global Cyber Crime Landscape - INTERPOL
Other Social Engineering
Service desks are under attack: What can you do about it?
3am Ransomware Adopts Email Bombing, Vishing Combo Attack
AI voice hijacking: How well can you trust your ears? - Help Net Security
How to Win Followers and Scamfluence People | WIRED
Half of Consumers Targeted by Social Media Fraud Ads - Infosecurity Magazine
SIM scammer who helped hijack SEC X account put behind bars • The Register
Hacker Charged for Hijacking SEC Account to Promote Fake Bitcoin News
Fraud, Scams and Financial Crime
BERNAMA - Phishing And Online Scams Dominate Global Cyber Crime Landscape - INTERPOL
‘Free hamper – just pay P&P’: the scam offers targeting your bank details | Scams | The Guardian
How to Win Followers and Scamfluence People | WIRED
Half of Consumers Targeted by Social Media Fraud Ads - Infosecurity Magazine
Artificial Intelligence
Many rush into GenAI deployments, frequently without a security net - Help Net Security
Uncensored AI Tool Raises Cyber Security Alarms - Infosecurity Magazine
Mapping the Future of AI Security - Security Boulevard
Data Security Risk: Analysis of AI Tools Reveals 84% Breached | Security Magazine
AI voice hijacking: How well can you trust your ears? - Help Net Security
How to Win Followers and Scamfluence People | WIRED
Security Threats of Open Source AI Exposed by DeepSeek
Be careful what you share with GenAI tools at work - Help Net Security
Finding the right balance between 'vibe coders' and security - IT Security Guru
GitLab's AI Assistant Opened Devs to Code Theft
Meta plans to train AI on EU user data from May 27 without consent
Irish DPC okays Meta's EU AI training plans • The Register
2FA/MFA
What is Universal 2nd Factor (U2F)? | Definition from TechTarget
Malware
Lumma infostealer infected about 10 million systems before global disruption | CyberScoop
Malware Evasion Techniques - What Defenders Need to Know
100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads
Ransomware Gangs Use Skitnet Malware for Stealthy Data Theft and Remote Access
Novel Phishing Attack Combines AES, Poisoned npm Packages
Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
Fake CAPTCHA Attacks Deploy Infostealers and RATs in a Multistage Payload Chain | Trend Micro (US)
Warning! Malicious Chrome extensions found mimicking legit tools | PCWorld
Feds finger Russian 'Qakbot mastermind', 700k computers hit • The Register
What Is a Computer Virus, Really?
Bots/Botnets
Hackers unleash botnet capable of ‘killing most companies’ | The Independent
Mobile
Phone theft is on the rise - 7 ways to protect your device before it's too late | ZDNET
How to hack a phone: 7 common attack methods explained | CSO Online
O2 UK patches bug leaking mobile user location from call metadata
Say goodbye to passwords: Android’s bold security shift explained - Talk Android
Denial of Service/DoS/DDoS
Internet of Things – IoT
Growing Cyberthreats To The Internet Of Things
Why console makers can legally brick your game console - Ars Technica
Data Breaches/Leaks
Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials | WIRED
M&S faces multimillion-pound lawsuit over cyber attack data leak - Retail Gazette
M&S’ Slow Recovery From Cyber Attack Puts it at Risk of Lasting Damage
Legal Aid Agency Warns Lawyers, Defendants on Data Breach
Solicitors criticise ‘antiquated’ Legal Aid Agency IT system after cyber attack | The Independent
M&S CEO faces multimillion-pound pay hit after cyber attack - Retail Gazette
Legal Aid cyber attack 'more extensive than originally understood'
M&S cyber attack has cost £300m so far - and disruption will continue until July
Lawyers eyeing M&S cyber attack slammed as ‘predatory’ | The Grocer
Large Retailers Land in Scattered Spider's Ransomware Web
UK businesses 'ignore free advice' to stop cyber attacks, GCHQ warns as M&S still reels... - LBC
More Law Firms Join the Surge of Class Action Lawsuits Against Coinbase in Wake of Cyber Attack
Coinbase confirms insider breach affects 70,000 users • The Register
Cyber attack on Legal Aid Agency exposed ‘significant amount’ of applicant data - LBC
11 Of The Worst Data Breaches In The History Of The Internet
Report: Over 50% of top oil and gas firms hit by data breaches in last 30 days | World Pipelines
Debt Collector Data Breach Affects 200,000 Harbin Clinic Patients - Infosecurity Magazine
Lessons from the M&S cyber attack: how brands can survive digital catastrophe | Creative Boom
Coca-Cola workers' info allegedly stolen by hackers | Cybernews
GitLab's AI Assistant Opened Devs to Code Theft
Organised Crime & Criminal Actors
BERNAMA - Phishing And Online Scams Dominate Global Cyber Crime Landscape - INTERPOL
LockBit Leaks Reveal Drive to Recruit Ransomware Newbies
‘Free hamper – just pay P&P’: the scam offers targeting your bank details | Scams | The Guardian
The cyber criminals are now doing PR | PR Week UK
How to Win Followers and Scamfluence People | WIRED
European Union sanctions Stark Industries for enabling cyber attacks
Attacker Specialization Puts Threat Modeling on Defensive
SIM scammer who helped hijack SEC X account put behind bars • The Register
Hacker Charged for Hijacking SEC Account to Promote Fake Bitcoin News
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hacker Charged for Hijacking SEC Account to Promote Fake Bitcoin News
Hackers use fake Ledger apps to steal Mac users’ seed phrases
Coinbase confirms insider breach affects 70,000 users • The Register
Identity Security Has an Automation Problem—And It's Bigger Than You Think
Insider Risk and Insider Threats
Coinbase confirms insider breach affects 70,000 users • The Register
Identity Security Has an Automation Problem—And It's Bigger Than You Think
Insurance
UK Retail Cyber Attacks May Drive Up US Insurance Premiums
Supply Chain and Third Parties
UK supermarket distributor suffers ransomware attack - BBC News
Third-party vendors responsible for 41.8% of fintech data breaches, survey claims
NHS England Rolls Out Voluntary Cyber Charter for IT Suppliers
Cloud/SaaS
10 SaaS Security Risks Most Organisations Miss | Grip - Security Boulevard
Outages
Delta’s lawsuit against CrowdStrike given go-ahead • The Register
Mobile carrier Cellcom confirms cyber attack behind extended outages
Identity and Access Management
Exposed Credentials: Powering the Global Cyber Crime Wave
Modern authentication: Why OIDC and SAML are just the start - Security Boulevard
Identity Security Has an Automation Problem—And It's Bigger Than You Think
Encryption
Preparing for the post-quantum era: a CIO's guide to securing the future of encryption | CyberScoop
Governments continue losing efforts to gain backdoor access to secure communications
Passwords, Credential Stuffing & Brute Force Attacks
Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials | WIRED
Warning — Stealing Windows Passwords Is As Easy As APT 123
Exposed Credentials: Powering the Global Cyber Crime Wav
Social Media
Meta plans to train AI on EU user data from May 27 without consent
Irish DPC okays Meta's EU AI training plans • The Register
Malvertising
Half of Consumers Targeted by Social Media Fraud Ads - Infosecurity Magazine
Hackers are spreading fake password manager ransomware via Bing ads | PCWorld
Regulations, Fines and Legislation
Japan arms itself against foreign cyber attacks with new law
GDPR Changes Risk Undermining its Principles, Civil Society Warns - Infosecurity Magazine
NSA cyber director Luber to retire at month’s end | The Record from Recorded Future News
Governments continue losing efforts to gain backdoor access to secure communications
Japan passed a law allowing preemptive offensive cyber actions
FTC finalizes order requiring GoDaddy to secure hosting services
CVE Disruption Threatens Foundations of Defensive Security
Members vexed by Cyber Command turmoil - Roll Call
Models, Frameworks and Standards
GDPR Changes Risk Undermining its Principles, Civil Society Warns - Infosecurity Magazine
NCC Group Expert Warns UK Firms to Prepare for New Cyber Security Bill - Infosecurity Magazine
Collaboration is key in the Cyber Assessment Framework | UKAuthority
Inside MITRE ATT&CK v17: Smarter defences, sharper threat intel - Help Net Security
Cyber Security Now Central to Digital Health M&A Success
Data Protection
Meta plans to train AI on EU user data from May 27 without consent
Irish DPC okays Meta's EU AI training plans • The Register
Careers, Working in Cyber and Information Security
UK Cyber Vacancies Growing 12% Per Year - Infosecurity Magazine
Why so many military veterans move into cyber security - BBC News
Law Enforcement Action and Take Downs
Lumma infostealer infected about 10 million systems before global disruption | CyberScoop
Police takes down 300 servers in ransomware supply-chain crackdown
Police arrests 270 dark web vendors, buyers in global crackdown
Feds finger Russian 'Qakbot mastermind', 700k computers hit • The Register
SIM scammer who helped hijack SEC X account put behind bars • The Register
Hacker Charged for Hijacking SEC Account to Promote Fake Bitcoin News
US Navy petty officer charged in horrific CSAM case • The Register
Teen to plead guilty to PowerSchool extortion attack • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
From 60 to 4,000: NATO's Locked Shields Reflects Cyber Defence Growth - SecurityWeek
China
Chinese hackers breach US local governments using Cityworks zero-day
Ivanti EPMM flaw exploited by Chinese hackers to breach govt agencies
Chinese ‘kill switches’ found in US solar farms
Russia
Russia-linked APT28 targets western logistics entities and technology firms
Russian APT Groups Intensify Attacks in Europe with Zero-Day Exploits - Infosecurity Magazine
Nation-state APTs ramp up attacks on Ukraine and the EU - Help Net Security
Scattered Spider's Ties to Russia: Closer Than We Think?
Unpacking Russia's cyber nesting doll - Atlantic Council
Europe sanctions Putin's pals over 'hybrid' threats • The Register
Russia to enforce location tracking app on all foreigners in Moscow
U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cyber Crime Operation
Russian Threat Actor TAG-110 Goes Phishing in Tajikistan
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Tools and Controls
You do a fire drill, so do a cyber attack drill
100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads
Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
Finding the right balance between 'vibe coders' and security - IT Security Guru
Lessons from the M&S cyber attack: how brands can survive digital catastrophe | Creative Boom
NCSC Helps Firms Securely Dispose of IT Assets - Infosecurity Magazine
Modern authentication: Why OIDC and SAML are just the start - Security Boulevard
Threat intelligence is crucial but organisations struggle to use it
The hidden gaps in your asset inventory, and how to close them - Help Net Security
How to Develop & Communicate Metrics for CSIRPs
Warning! Malicious Chrome extensions found mimicking legit tools | PCWorld
What is Universal 2nd Factor (U2F)? | Definition from TechTarget
Identity Security Has an Automation Problem—And It's Bigger Than You Think
GitLab's AI Assistant Opened Devs to Code Theft
AI hallucinations and their risk to cyber security operations - Help Net Security
What good threat intelligence looks like in practice - Help Net Security
Other News
SMBs remain easy pickings for cyber criminals - here’s why | TechRadar
From 60 to 4,000: NATO's Locked Shields Reflects Cyber Defence Growth - SecurityWeek
Cyber security: Lack of planning and outdated IT systems putting Scotland at risk
Healthcare Cyber Attacks Intensify, Sector Now Prime Target - Infosecurity Magazine
Cyber attack threat keeps me awake at night, bank boss says - BBC News
How to safeguard your small business in the hybrid work era: 5 top cyber security solutions | ZDNET
UK 'extremely dependent' on the US for space security • The Register
Why shipping can’t wait for another cyber security crisis - Splash247
German Cyber Agency Sounds Warning on Grid Vulnerabilities
UK Science Funding HQ hit by 5.4M cyber assaults as attacks increase 600%
Vulnerability Management
Russian APT Groups Intensify Attacks in Europe with Zero-Day Exploits - Infosecurity Magazine
Nation-state APTs ramp up attacks on Ukraine and the EU - Help Net Security
CVE Disruption Threatens Foundations of Defensive Security
Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers - SecurityWeek
NIST's LEV Equation to Rate Chances a Bug Was Exploited
Vulnerabilities
Same suspected Chinese spies again attacking Ivanti bugs • The Register
Ivanti RCE attacks 'ongoing,' exploitation hits clouds • The Register
NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch - SecurityWeek
Critical OpenPGP.js Vulnerability Allows Spoofing - SecurityWeek
GitLab, Atlassian Patch High-Severity Vulnerabilities - SecurityWeek
Unpatched Windows Server Flaw Threatens AD Users
Cisco Patches High-Severity DoS, Privilege Escalation Vulnerabilities - SecurityWeek
Mozilla fixed zero-days demonstrated at Pwn2Own Berlin 2025
Windows 10 emergency updates fix BitLocker recovery issues
Multiple pfSense Firewall Vulnerabilities Let Attackers Inject Malicious Codes
RCE Vulnerability Found in RomethemeKit For Elementor Plugin - Infosecurity Magazine
O2 UK patches bug leaking mobile user location from call metadata
Critical Zero-Days Found in Versa Networks SD-WAN/SASE Platform - Infosecurity Magazine
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 16 May 2025
Black Arrow Cyber Threat Intelligence Briefing 16 May 2025:
-Thousands of UK Companies 'Could Have M&S-Style Hackers Waiting in Their Systems'
-North Korean IT Workers Are Being Exposed on a Massive Scale, Potentially Thousands of Businesses Infiltrated
-‘They Yanked Their Own Plug’: How Co-op Averted an Even Worse Cyber Attack
-UK Government Publishes New Software and Cyber Security Codes of Practice
-Ransomware and the Board’s Role: What You Need to Know
-73% of CISOs Admit Security Incidents Due to Unknown or Unmanaged Assets
-AI Is Making Phishing Emails Far More Convincing with Fewer Typos and Better Formatting: Here’s How to Stay Safe
-Ransomware Enters ‘Post-Trust Ecosystem’
-Sim-Swap Fraud Rises by 1,000%: Why You Should Use App-Based, not SMS-Based, Two-Factor Authentication
-Cyber Threats Outpace Global Readiness
-CISOs Must Speak Business to Earn Executive Trust
-Downing St Updating Secret Contingencies for Russia Cyber Attack, Report Claims
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
There has been a continued rise in the sophistication and scale of social engineering threats, particularly phishing campaigns enhanced by generative AI. These attacks increasingly bypass traditional filters and exploit executive impersonation, with one malicious email now detected every 42 seconds. Simultaneously, criminal groups are embedding themselves within corporate environments for prolonged periods, enabled by ransomware-as-a-service and AI-driven deception. This underscores the need for continuous monitoring, behaviour-based threat detection, and stronger identity verification practices across organisations.
Meanwhile, the global cyber threat landscape is becoming more fragmented and unpredictable. Ransomware gangs are operating without clear allegiances, making extortion attempts more erratic and harder to trace. At the same time, state-aligned actors, including North Korean IT operatives, are covertly infiltrating Western businesses under fake identities, exploiting remote work trends to fund illicit national objectives. Despite growing investment, nearly three-quarters of CISOs admit incidents caused by unknown or unmanaged assets—highlighting the critical importance of full visibility across the digital estate.
We believe boards must move from passive oversight to active engagement. The UK’s new Cyber Governance Code of Practice reflects this shift, encouraging directors to treat cyber risk as integral to business resilience. As threats intensify, governance, testing, and strategic communication must become core pillars of cyber readiness.
Top Cyber Stories of the Last Week
Thousands of UK Companies 'Could Have M&S-Style Hackers Waiting in Their Systems'
There are warnings that a growing number of UK businesses may already be compromised, with attackers silently embedded in their systems awaiting the right moment to strike. This follows a surge in high-profile incidents including M&S, the Coop, Dior and Harrods, linked to an evolution of criminal tactics. The emergence of ‘ransomware-as-a-service’ is enabling less skilled actors to launch sophisticated attacks using pre-built tools. Combined with generative AI-enhanced social engineering, the risk landscape is becoming more unpredictable. Many firms remain unaware of these intrusions until damage is done, highlighting the urgent need for continuous monitoring and stronger internal controls.
North Korean IT Workers Are Being Exposed on a Massive Scale, Potentially Thousands of Businesses Infiltrated
North Korean IT workers are increasingly infiltrating Western businesses by posing as legitimate remote developers, generating hundreds of millions of dollars annually to fund the regime’s weapons programmes and evade sanctions. A new report has exposed over 1,000 email addresses linked to these operations, with individuals often using fake identities, AI tools, and face-changing software to secure roles. Despite operating globally from Laos to Russia, many leave digital trails that reveal their activities. The scale and adaptability of these operations, likened to a state-run crime syndicate, underline the need for tighter scrutiny of remote hiring and identity verification processes.
‘They Yanked Their Own Plug’: How Co-op Averted an Even Worse Cyber Attack
The UK supermarket chain Co-op appears to have avoided a more severe cyber attack by rapidly disconnecting its systems after detecting malicious activity, a decision that disrupted operations but ultimately prevented ransomware deployment. In contrast, M&S suffered greater system compromise, with ongoing issues affecting online orders and store operations. The incident is costing M&S an estimated £43 million per week. The cyber crime group responsible, linked to a service known as DragonForce, claims to have accessed both retailers’ networks. Co-op’s swift response is viewed by experts as a decisive move that limited long-term damage but highlighted the continuing challenge of restoring public trust.
UK Government Publishes New Software and Cyber Security Codes of Practice
The UK government has introduced two new voluntary codes to help raise standards in cyber security and software resilience. The Cyber Governance Code of Practice, aimed at boards and directors of medium and large organisations, sets out how leadership teams should govern and monitor cyber security risks. It encourages directors to embed cyber governance into business risk management, focusing on oversight rather than operational duties. Complementing this, the Software Security Code of Practice outlines 14 principles for secure software development and maintenance, aligned with international frameworks. While voluntary, both codes may soon influence contractual requirements in supply chains.
Ransomware and the Board’s Role: What You Need to Know
Ransomware continues to escalate in scale and complexity, with attackers leveraging AI, remote work gaps, and third-party exposures to increase pressure on organisations. Boards are being urged to actively engage in cyber resilience planning, ensuring foundational controls such as multi-factor authentication, immutable backups, and incident response protocols are in place. Emphasis is also placed on testing recovery capabilities, reviewing cyber insurance terms, and rehearsing decision-making through tabletop exercises. Crucially, boards must prepare for the strategic, legal and reputational implications of whether to pay a ransom, with pre-agreed decision frameworks now seen as essential for effective crisis response.
73% of CISOs Admit Security Incidents Due to Unknown or Unmanaged Assets
Nearly three-quarters of cyber security leaders admit to experiencing security incidents due to unknown or unmanaged assets within their IT environments. Despite 90% acknowledging that attack surface management directly affects business risk, fewer than half of organisations have dedicated tools in place, and 58% lack continuous monitoring. The consequences of inaction are wide-ranging, with leaders citing risks to business continuity, customer trust, financial performance, and supplier relationships. As digital infrastructures grow more complex, firms are being urged to treat cyber risk management as a strategic priority rather than a technical afterthought.
AI Is Making Phishing Emails Far More Convincing with Fewer Typos and Better Formatting: Here’s How to Stay Safe
AI is transforming phishing into a more dangerous and convincing threat. New analysis shows that email-based scams have risen by 70% year-on-year, with one malicious message detected every 42 seconds. These attacks now feature flawless grammar, professional formatting, and realistic sender details, often impersonating senior executives. Traditional email filters are struggling, particularly against polymorphic attacks that constantly change to evade detection. Over 40% of malware in these campaigns is newly observed, including remote access tools. With generative AI accelerating this trend, organisations must shift from legacy defences to behaviour-based threat detection and strengthen verification procedures across the organisation.
Ransomware Enters ‘Post-Trust Ecosystem’
Ransomware threats have entered a new, more fragmented era, where traditional trust between cyber criminals has broken down following major law enforcement operations. High-profile takedowns in 2024 disrupted dominant ransomware groups, leading to reduced ransom payments and a shift away from large, centralised platforms. The result is a more unpredictable threat landscape, marked by agile, peer-to-peer groups and an increase in encryption-less extortion. This decentralisation, alongside the rise of ransomware ‘cartels’, signals an evolution in attacker tactics that is lowering entry barriers and complicating defensive strategies for organisations of all sizes.
Sim-Swap Fraud Rises by 1,000%: Why You Should Use App-Based, not SMS-Based, Two-Factor Authentication
Sim-swap fraud in the UK has surged by over 1,000%, with nearly 3,000 cases reported in 2024, up from just 289 the previous year. Criminals exploit mobile phone providers to hijack victims' numbers, bypassing SMS-based two-factor authentication and gaining access to personal accounts. Older consumers and sectors like retail and telecoms are particularly vulnerable. The rise of eSims is expected to further increase risk. In one case, a victim lost £50,000 while abroad after fraudsters took control of his accounts. Organisations are urged to strengthen identity verification processes and encourage customers to use app-based authentication methods where possible.
Cyber Threats Outpace Global Readiness
The World Economic Forum has found that cyber threats are accelerating faster than many nations and organisations can respond, with 72% of businesses reporting an increasingly risky environment. Nearly 60% have already revised their cyber security strategies in response to global tensions and emerging threats. Despite progress in areas like infrastructure protection and public-private collaboration, most national approaches remain underdeveloped, especially in supporting small businesses and defining measurable outcomes. Just 14% of organisations feel fully prepared, highlighting a growing skills gap and the need for cyber security to be treated not only as risk mitigation but as a driver of trust and innovation.
CISOs Must Speak Business to Earn Executive Trust
Many business leaders still view cyber security as a barrier to speed and innovation, rather than a business enabler. There’s an argument that this perception must shift, with CISOs framing their role in terms of operational efficiency, resilience, and growth. By automating security controls and embedding them within business functions, CISOs can eliminate bottlenecks while reducing risk. Influence grows when security is expressed in business terms, highlighting revenue protection, risk-adjusted innovation, and customer trust. Effective CISOs use clear data, visual storytelling, and scenario-based dialogue to demonstrate value, helping boards see cyber security as a strategic partner rather than a cost centre.
Downing St Updating Secret Contingencies for Russia Cyber Attack, Report Claims
The UK government is reportedly updating its national defence strategy to reflect the rising threat of state-backed cyber attacks, particularly from Russia. The revised plans will, for the first time, include specific scenarios involving cyber attacks on critical infrastructure such as power grids, gas terminals and undersea cables. The existing contingency plan, last updated in 2005, is considered outdated given today’s cyber threat landscape. A recent risk assessment warned that such attacks could cause civilian casualties and severe disruption to essential services. Ministers are now preparing strategies for maintaining government operations during wartime or major national emergencies.
Sources:
https://www.wired.com/story/north-korean-it-worker-scams-exposed/
https://www.bbc.co.uk/news/articles/cwy382w9eglo
https://corpgov.law.harvard.edu/2025/05/10/ransomware-and-the-boards-role-what-you-need-to-know/
https://www.csoonline.com/article/3980431/more-assets-more-attack-surface-more-risk.html
https://www.infosecurity-magazine.com/news/ransomware-enters-posttrust/
https://www.scworld.com/brief/report-cyber-threats-outpace-global-readiness
Governance, Risk and Compliance
A third of enterprises have been breached despite increased cyber security investment | TechRadar
Why Every CISO Should Be Gunning For A Seat At The Board Table
The CIO Role Is Expanding -- And So Are the Risks of Getting It Wrong
Fostering Resilience in Cybersecurity: Prevent Burnout and Enhance Sec Ops | MSSP Alert
Ransomware and the Board’s Role: What You Need to Know
Report: Cyber threats outpace global readiness | SC Media
CISOs must speak business to earn executive trust - Help Net Security
Cyber cover needs to be a board conversation business chiefs warned
What is business resilience? | Definition from TechTarget
How to Successfully Evaluate IT Project Risk
Tackling threats and managing budgets in an age of AI - Tech Monitor
CIOs paying too much for not enough IT security - survey - TechCentral.ie
Infosec Layoffs Aren't the Bargain Boards May Think
Building Effective Security Programs Requires Strategy, Patience, and Clear Vision
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Enters ‘Post-Trust Ecosystem,’ NCA Cyber Expert Says - Infosecurity Magazine
UK retailers face 10% rises in premiums after cyber attacks
Ransomware and the Board’s Role: What You Need to Know
The ransomware landscape in 2025 | Kaspersky official blog
Artificial Intelligence Fuels New Wave of Complex Cyber Attacks Challenging Defenders
Companies take an average of four months to report a ransomware attack
Data Exfiltration is the New Ransomware in Evolving Cyber Landscape
How Interlock Ransomware Affects the Defense Industrial Base Supply Chain
Ransomware spreads faster, not smarter - Help Net Security
Ransomware attacks up over 120 percent in two years
BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan
"Endemic" Ransomware Prompts NHS to Demand Supplier Action - Infosecurity Magazine
Threat hunting case study: Medusa ransomware | Intel 471
You think ransomware is bad? Wait until it infects CPUs • The Register
Beware — These Ransomware Hackers Are Watching You Work
Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency
Ransomware Victims
Marks and Spencer could face 12% drop in profits after cyber attacks
M&S to make £100m cyber claim from Allianz and Beazley
UK retailers face 10% rises in premiums after cyber attacks
M&S Admit Customer Data Stolen in Cyber Incident | SC Media UK
What we know about DragonForce ransomware • The Register
M&S cyber attack: How sim-swap fraudsters exploit trust to steal data | The Independent
'They yanked their own plug': How Co-op averted an even worse cyber attack - BBC News
How Interlock Ransomware Affects the Defense Industrial Base Supply Chain
Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data - SecurityWeek
Coinbase Targeted In $20 Million Extortion Plot Tied To Insider Data Leak - FinanceFeeds
Largest US steel manufacturer puts production on the backburner after cyber attack | TechRadar
Nova Scotia Power discloses data breach after March security incident
Security Firm Andy Frain Says 100,000 People Impacted by Ransomware Attack - SecurityWeek
Almost Half of Healthcare Breaches Involved Microsoft 365 | Security Magazine
Phishing & Email Based Attacks
New Phishing Attack Abusing Blob URLs to Bypass SEGs and Evade Analysis
Artificial Intelligence Fuels New Wave of Complex Cyber Attacks Challenging Defenders
Focused Phishing: Attack Targets Victims With Trusted Sites and Live Validation
This Microsoft 365 phishing campaign can bypass MFA - here's what we know | TechRadar
Email trap exposes 49K stockbroker customer records | Cybernews
Edinburgh schools targeted in cyber attack as pupils passwords reset - Edinburgh Live
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Despite drop in cyber claims, BEC keeps going strong - Help Net Security
Other Social Engineering
North Korea’s ‘state-run syndicate’ looks at cyber operations as a survival mechanism | CyberScoop
North Korean IT Workers Are Being Exposed on a Massive Scale | WIRED
‘Hello pervert’: the sextortion scam claiming to have videoed you | Money | The Guardian
Hackers now testing ClickFix attacks against Linux targets
88% of Executives Had Home Floor Plans Available Online | Security Magazine
Fraud, Scams and Financial Crime
North Korea’s ‘state-run syndicate’ looks at cyber operations as a survival mechanism | CyberScoop
North Korean IT Workers Are Being Exposed on a Massive Scale | WIRED
Fraud Losses Hit $11m Per Company as Customers Abuse Soars - Infosecurity Magazine
M&S cyber attack: How sim-swap fraudsters exploit trust to steal data | The Independent
4 times data breaches ramped up the UK's fraud risk - Which?
European Police Bust €3m Investment Fraud Ring - Infosecurity Magazine
‘Hello pervert’: the sextortion scam claiming to have videoed you | Money | The Guardian
Deepfake voices of senior US officials used in scams: FBI • The Register
Deepfake attacks could cost you more than money - Help Net Security
International Crime Rings Defraud US Gov't Out of Billions
Artificial Intelligence
Artificial Intelligence Fuels New Wave of Complex Cyber Attacks Challenging Defenders
Cisco: Majority of Businesses Unprepared for AI Cyberattacks
NCSC sounds warning over AI threat to critical national infrastructure | UKAuthority
In the AI age, excessive data accumulation is a cyber security threat - Nikkei Asia
Can Cyber Security Keep Up With the AI Arms Race?
AI-Powered DDoS Attacks Are Changing the Threat Landscape | IT Pro
Deepfake voices of senior US officials used in scams: FBI • The Register
Deepfake attacks could cost you more than money - Help Net Security
Why security teams cannot rely solely on AI guardrails - Help Net Security
Over Three Thousand macOS Cursor Users Compromised
Deepfake Defense in the Age of AI
AI vs AI: How cyber security pros can use criminals’ tools against them - Help Net Security
FTC wants a new, segregated software system to police deepfake porn | CyberScoop
Tackling threats and managing budgets in an age of AI - Tech Monitor
Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures
noyb sends Meta C&D demanding no EU user data AI training • The Register
How To Remove Meta AI From All Your WhatsApp Chats
2FA/MFA
This Microsoft 365 phishing campaign can bypass MFA - here's what we know | TechRadar
Malware
Malware landscape dominated by FakeUpdates | SC Media
Over Three Thousand macOS Cursor Users Compromised
Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures
Bots/Botnets
7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. - Dutch Operation
Police dismantles botnet selling hacked routers as residential proxies
Mobile
M&S cyber attack: How sim-swap fraudsters exploit trust to steal data | The Independent
Denial of Service/DoS/DDoS
AI-Powered DDoS Attacks Are Changing the Threat Landscape | IT Pro
A cyber attack briefly disrupted South African Airways operations
Internet of Things – IoT
UK report uncovers serious security flaws in business IoT devices
Data Breaches/Leaks
Company and Personal Data Compromised in Recent Insight Partners Hack - SecurityWeek
Insight Partners fears secret financial info cyber-stolen • The Register
4 times data breaches ramped up the UK's fraud risk - Which?
Nova Scotia Power discloses data breach after March security incident
Ascension reveals personal data of 437,329 patients exposed in cyberattack
Almost Half of Healthcare Breaches Involved Microsoft 365 | Security Magazine
Email trap exposes 49K stockbroker customer records | Cybernews
Fashion giant Dior discloses cyberattack, warns of data breach
Australian Human Rights Commission Discloses Data Breach - SecurityWeek
160,000 Impacted by Valsoft Data Breach - SecurityWeek
Organised Crime & Criminal Actors
How Security Has Changed the Hacker Marketplace
NatWest facing 100 million cyber attacks each month as experts reveal ‘staggering’ scale... - LBC
Kosovo authorities extradited admin of the cybercrime marketplace BlackDB.cc
Andrei Tarasov: Inside the Journey of a Russian Hacker on the FBI’s Most Wanted List - SecurityWeek
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data
Coinbase data breach exposes customer info and government IDs
Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data - SecurityWeek
Telegram shuts ‘largest darknet marketplace to have ever existed’
Insider Risk and Insider Threats
North Korea’s ‘state-run syndicate’ looks at cyber operations as a survival mechanism | CyberScoop
North Korean IT Workers Are Being Exposed on a Massive Scale | WIRED
Layoffs pose a cybersecurity risk: Here's why offboarding matters - Help Net Security
Insider risk management needs a human strategy - Help Net Security
How working in a stressful environment affects cybersecurity - Help Net Security
Insurance
M&S to make £100m cyber claim from Allianz and Beazley
UK retailers face 10% rises in premiums after cyber attacks
Despite drop in cyber claims, BEC keeps going strong - Help Net Security
Cyber cover needs to be a board conversation business chiefs warned
Supply Chain and Third Parties
How Interlock Ransomware Affects the Defense Industrial Base Supply Chain
"Endemic" Ransomware Prompts NHS to Demand Supplier Action - Infosecurity Magazine
Cloud/SaaS
Microsoft Listens to Security Concerns and Delays New OneDrive Sync - Security Boulevard
Microsoft Teams will soon block screen capture during meetings
Almost Half of Healthcare Breaches Involved Microsoft 365 | Security Magazine
Identity and Access Management
The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That
Linux and Open Source
New Linux Vulnerabilities Surge 967% in a Year - Infosecurity Magazine
Hackers now testing ClickFix attacks against Linux targets
Passwords, Credential Stuffing & Brute Force Attacks
The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That
Social Media
Well, Well, Well: Meta to Add Facial Recognition To Glasses After All
Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures
noyb sends Meta C&D demanding no EU user data AI training • The Register
Regulations, Fines and Legislation
Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection
Why we must reform the Computer Misuse Act: A cyber pro speaks out | Computer Weekly
EU extends cyber sanctions regime amid rising digital threats - EU Reporter
UK Government Publishes New Software and Cyber Security Codes of Practice
NCSC assures CISA relationship unchanged post-Trump • The Register
DHS won’t tell Congress how many people it’s cut from CISA | CyberScoop
10 Reasons Why America Needs a Cyber Force
New cyber security law updates may be on the way
President Trump's Qatari 747 is a flying security disaster • The Register
CISA Reverses Decision on Cyber Security Advisory Changes - Infosecurity Magazine
Update to How CISA Shares Cyber-Related Alerts and Notifications | CISA
US Army Deactivates Only Active-Duty Information Operations Command
What Does EU's Bug Database Mean for Vulnerability Tracking?
CVE funding crisis offers chance for vulnerability remediation rethink | CSO Online
Models, Frameworks and Standards
UN Launches New Cyber-Attack Assessment Framework - Infosecurity Magazine
UK Government Publishes New Software and Cyber Security Codes of Practice
New Cyber Security Certification for Defence Announced
NCSC and industry at odds over how to tackle shoddy software • The Register
Data Protection
noyb sends Meta C&D demanding no EU user data AI training • The Register
Careers, Working in Cyber and Information Security
Most businesses can't fill cyber roles leaving huge gaps in defense | TechRadar
Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe – Krebs on Security
EU Launches Free Entry-Level Cyber Training Program - Infosecurity Magazine
Infosec Layoffs Aren't the Bargain Boards May Think
Law Enforcement Action and Take Downs
Police dismantles botnet selling hacked routers as residential proxies
Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data
European Police Bust €3m Investment Fraud Ring - Infosecurity Magazine
Kosovo authorities extradited admin of the cybercrime marketplace BlackDB.cc
Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Locked Shields 2025 Showcased Nations' Commitment to Defending Cyberspace
Nation State Actors
CyberUK 2025: Resilience and APT Threats Loom Large
China
Chinese hackers behind attacks targeting SAP NetWeaver servers
Can Cybersecurity Keep Up With the AI Arms Race?
Locked Shields 2025 Showcased Nations' Commitment to Defending Cyberspace
‘Rogue’ devices found in Chinese solar inverters - PV Tech
Ghost in the machine? Rogue communication devices found in Chinese inverters | Reuters
Russia
Downing St updating secret contingencies for Russia cyberattack, report claims – PublicTechnology
Fancy Bear campaign sought emails of high-level Ukrainians and their military suppliers | CyberScoop
Andrei Tarasov: Inside the Journey of a Russian Hacker on the FBI’s Most Wanted List - SecurityWeek
North Korea
North Korea’s ‘state-run syndicate’ looks at cyber operations as a survival mechanism | CyberScoop
North Korean IT Workers Are Being Exposed on a Massive Scale | WIRED
North Korea ramps up cyberspying in Ukraine to assess war risk
Tools and Controls
CyberUK 2025: Resilience and APT Threats Loom Large
Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals
DMARC’s Future: Ignoring Email Authentication is No Longer an Option - Security Boulevard
73% of CISOs admit security incidents due to unknown or unmanaged assets | CSO Online
Layoffs pose a cybersecurity risk: Here's why offboarding matters - Help Net Security
The browser blind spot: Hidden security risks behind employee web activity - Digital Journal
UK Government Publishes New Software and Cyber Security Codes of Practice
When the Perimeter Fails: Microsegmentation as the Last Line of Defense - Security Boulevard
Cyber cover needs to be a board conversation business chiefs warned
CIOs paying too much for not enough IT security - survey - TechCentral.ie
New UK Security Guidelines Aims to Reshape Software Development
NCSC and industry at odds over how to tackle shoddy software • The Register
Locked Shields 2025 Showcased Nations' Commitment to Defending Cyberspace
Government webmail hacked via XSS bugs in global spy campaign
88% of Executives Had Home Floor Plans Available Online | Security Magazine
Why Red Teaming belongs on the C-suite agenda | TechRadar
Pen Testing for Compliance Only? It's Time to Change Your Approach
Tackling threats and managing budgets in an age of AI - Tech Monitor
Building Effective Security Programs Requires Strategy, Patience, and Clear Vision
Other News
A third of enterprises have been breached despite increased cybersecurity investment | TechRadar
Unsophisticated Hackers A Critical Threat, US Government Warns
Will cyber criminals come for accountants next? | AccountingWEB
Critical Infrastructure Siege: OT Security Still Lags
UK report uncovers serious security flaws in business IoT devices
Italy’s G7 drive for unified cyber resilience - Decode39
UK Government cyber 'battlements are crumbling' | Professional Security Magazine
Bluetooth 6.1 released, enhances privacy and power efficiency - Help Net Security
Spain to vet power plants’ cyber security for ‘great blackout’ cause | CSO Online
Departments have underestimated threat posed by cyber attacks, MPs warn
TikTok vs defence: Europe faces a reckoning over the allocation of energy
EU power grid needs trillion-dollar upgrade to avert Spain-style blackouts | Reuters
Students to be offered cyber crime protection training | The Herald
The Vatican’s cyber crusaders – POLITICO
Southwest Airlines CISO on tackling cyber risks in the aviation industry - Help Net Security
Vulnerability Management
SonicWall customers confront resurgence of actively exploited vulnerabilities | CyberScoop
Beyond Vulnerability Management – Can You CVE What I CVE?
Your old router could be a security threat - here's why and what to do | ZDNET
ISO - Configuration management: Why it’s so important for IT security
Malware landscape dominated by FakeUpdates | SC Media
DHS won’t tell Congress how many people it’s cut from CISA | CyberScoop
CISA Reverses Decision on Cybersecurity Advisory Changes - Infosecurity Magazine
EU launches own vulnerability database in wake of CVE funding issues | Cybernews
Why CVSS is failing us and what we can do about it • The Register
New Linux Vulnerabilities Surge 967% in a Year - Infosecurity Magazine
CVE funding crisis offers chance for vulnerability remediation rethink | CSO Online
EU bug database fully operational as US slashes infosec • The Register
CVE funding crisis offers chance for vulnerability remediation rethink | CSO Online
Vulnerabilities
Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server
SonicWall Under Pressure as Security Flaws Resurface | MSSP Alert
Your old router could be a security threat - here's why and what to do | ZDNET
Adobe Patches Big Batch of Critical-Severity Software Flaws - SecurityWeek
Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems
Critical Vulnerabilities in Mitel SIP Phones Let Attackers Inject Malicious Commands
Apple Patches Major Security Flaws in iOS, macOS Platforms - SecurityWeek
Compromised SAP NetWeaver instances are ushering in opportunistic threat actors - Help Net Security
Broadcom urges patching VMware Tools vulnerability | Cybernews
Ivanti warns of critical Neurons for ITSM auth bypass flaw
Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers - SecurityWeek
BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan
New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy
New Linux Vulnerabilities Surge 967% in a Year - Infosecurity Magazine
SAP cyberattack widens, drawing Salt Typhoon and Volt Typhoon comparisons | CyberScoop
Critical SAP NetWeaver Vuln Faces Barrage of Cyber Attacks
SAP patches second zero-day flaw exploited in recent attacks
Commvault Command Center patch incomplete: researcher • The Register
Chipmaker Patch Tuesday: Intel, AMD, Arm Respond to New CPU Attacks - SecurityWeek
CISA Warns of TeleMessage Vuln Despite Low CVSS Score
Flaw in Asus DriverHub makes utility vulnerable to remote code execution | Tom's Hardware
Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 15 May 2025 – Microsoft, Adobe, Ivanti, Fortinet, ASUS, Apple, Broadcom, Juniper and Zoom Security Updates
Black Arrow Cyber Advisory 15 May 2025 – Microsoft, Adobe, Ivanti, Fortinet, ASUS, Apple, Broadcom, Juniper and Zoom Security Updates
Executive Summary
Microsoft's Patch Tuesday for May 2025 addressed 72 vulnerabilities across its product line, including five actively exploited zero-day vulnerabilities. Notably, critical remote code execution flaws were patched in Microsoft Office, Azure DevOps Server, and the Windows Common Log File System Driver.
Adobe released security updates to address 40 vulnerabilities across several products, including critical issues in Adobe Photoshop, Illustrator, and Bridge. These flaws could lead to arbitrary code execution if exploited.
*Updated to clarify that the two vulnerabilities, CVE-2025-4427 and CVE-2025-4428 relating to Ivanti Endpoint Manager (EPMM) are associated with open-source libraries utilised by EPMM.
Ivanti disclosed multiple vulnerabilities affecting several of its products, including a critical authentication bypass in Ivanti Neurons for ITSM (on-premises). A remote code execution vulnerability, and an authentication bypass vulnerability relating to two open-source libraries that are integrated into Ivanti Endpoint Manager Mobile (EPMM) were also disclosed. Ivanti has reported that the EPMM related vulnerabilities have been exploited in the wild, emphasising the importance of applying the latest patches that address these vulnerabilities to secure affected systems.
Fortinet addressed several vulnerabilities across its product suite, notably patching a zero-day remote code execution flaw (CVE-2025-32756) in FortiVoice systems that was actively exploited. Additional critical updates were released for FortiOS and FortiProxy. Administrators should prioritise these updates to protect against potential exploits.
ASUS issued patches for two critical vulnerabilities (CVE-2025-3462 and CVE-2025-3463) in its DriverHub utility. These flaws could allow attackers to execute arbitrary code via crafted HTTP requests or malicious .ini files. Users of ASUS DriverHub should update to the latest version to mitigate these risks.
Apple released comprehensive security updates across its platforms, addressing several vulnerabilities in iOS, iPadOS, macOS, watchOS, tvOS, and visionOS.
Broadcom released a security update for VMware Tools, addressing an insecure file handling vulnerability (CVE-2025-22247). This flaw could allow a malicious actor with non-administrative privileges on Windows and Linux guest VM to tamper with local files, potentially leading to unauthorised behaviours within the virtual environment.
Juniper announced fixes for nearly 90 bugs in third-party dependencies in Secure Analytics, the virtual appliance that collects security events from network devices, endpoints, and applications.
Zoom released seven advisories for nine security defects in Zoom Workplace Apps across desktop and mobile platforms. The most severe of the issues is CVE-2025-30663 (CVSS 8.8), a high-severity time-of-check time-of-use race condition that could allow a local, authenticated attacker to elevate their privileges.
What’s the risk to me or my business?
The actively exploited vulnerabilities across these platforms could allow attackers to compromise the confidentiality, integrity, and availability of affected systems and data. Unpatched systems are at heightened risk of exploitation, leading to potential data breaches, system disruptions, and unauthorised access.
What can I do?
Black Arrow recommends promptly applying the available security updates for all affected products. Prioritise patches for vulnerabilities that are actively exploited or rated as critical or high severity. Regularly review and update your organisation's security policies and ensure that all systems are running supported and up-to-date software versions.
Microsoft
Further details on specific updates within this Microsoft patch Tuesday can be found here:
https://msrc.microsoft.com/update-guide/releaseNote/2025-May
Adobe, Ivanti, Fortinet, ASUS, Apple, Broadcom, Juniper and Zoom
Further details of the vulnerabilities in affected Apple, Adobe, Fortinet and SAP:
https://helpx.adobe.com/security/security-bulletin.html
https://fortiguard.fortinet.com/psirt
https://www.asus.com/content/asus-product-security-advisory/
https://support.apple.com/en-us/100100
https://www.zoom.com/en/trust/security-bulletin/
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Intelligence Briefing 09 May 2025
Black Arrow Cyber Threat Intelligence Briefing 09 May 2025:
-Email-Based Attacks Top Cyber Insurance Claims
-Hackers Pose as Staff in UK Retail Cyber Strikes
-High Profile UK Cyber Attacks Underscore the Case for Resilience over Reactivity
-Cyber Attacks Are Costing UK Firms Billions Every Year: Ransom Payments, Staff Overtime, and Lost Business Are Crippling Victims
-Don’t Plug Phones into Chinese Electric Cars, Defence Firms Warn
-94% of Leaked Passwords Are Not Unique
-Personal Data of Top Executives Easily Found Online
-The SMB Cyber Security Gap: High Awareness, Low Readiness
-How Cyber Criminals Exploit Psychological Triggers in Social Engineering Attacks
-Darcula Phishing as a Service Operation Snares 800,000+ Victims
-Cyber Criminals Hold Britain’s Boardrooms to Ransom
-UK at Risk of Russian Cyber and Physical Attacks as Ukraine Seeks Peace Deal
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Our review of threat intelligence this week reports that business email compromise and funds transfer fraud now account for 60% of cyber insurance claims, and that social engineering now accounts for the majority of cyber threats faced by individuals. Attackers continue to exploit human factors, for example posing as staff to manipulate help desks to grant access to systems as seen in the recent wave of cyber attacks in the UK retail sector. These incidents reinforce the critical importance of layered identity verification, rigorous staff awareness and crisis planning across all sectors.
The growing scale and cost of cyber attacks, now exceeding £64 billion annually for UK firms, highlights a pressing need for resilience over reactivity as a high percentage of affected companies enter insolvency proceedings or file for bankruptcy. Ransomware, social engineering, and password reuse result in operational and reputational harm. Organisations need dedicated cyber leadership, and to avoid a compliance-led approach. Proactive governance and stronger board accountability must become standard practice.
From boardroom data exposure to state-sponsored espionage risks linked to Chinese electric vehicles, the threat landscape is increasingly complex. We continue to warn that both SMEs and large enterprises face escalating risks from persistent attackers, many leveraging phishing-as-a-service platforms or exploiting geopolitical tensions. Now more than ever, cyber security must be embedded in leadership thinking, supply chain oversight, and incident readiness.
Top Cyber Stories of the Last Week
Email-Based Attacks Top Cyber Insurance Claims
Coalition’s 2025 Cyber Claims Report found that business email compromise and funds transfer fraud (FTF) made up 60% of all claims in 2024, with BEC incidents alone averaging $35,000 per event. While ransomware losses were far higher at $292,000 on average, their severity dropped by 7%. Email-based attacks remain the most persistent risk, with nearly a third of BEC incidents also leading to FTF.
Hackers Pose as Staff in UK Retail Cyber Strikes
The UK’s National Cyber Security Centre (NCSC) has issued a critical alert following a wave of cyber attacks targeting major retailers, including M&S, Co-op and Harrods. Criminals posed as IT staff or locked-out employees to manipulate help desk staff into resetting passwords, allowing unauthorised access to internal systems. The attackers, identifying as “DragonForce”, claimed responsibility for data breaches and appear to use methods similar to those of other financially motivated threat groups. The NCSC is urging firms to tighten authentication for help desk processes, particularly for senior staff, and to adopt multi-factor checks and identity code words.
High Profile UK Cyber Attacks Underscore the Case for Resilience over Reactivity
The series of recent cyber attacks on major UK retailers highlights the growing complexity and impact of digital threats. Disruption has ranged from payment failures and warehouse shutdowns to reputational damage, underscoring that cyber resilience is now critical to business continuity. Experts stress that traditional, compliance-led approaches are no longer enough; organisations must adopt Zero Trust principles, enforce multi-factor authentication, and monitor third-party access. With techniques such as credential theft and ransomware increasingly used, cyber security must be treated as a board-level issue embedded in governance, operations and crisis planning.
Cyber Attacks Are Costing UK Firms Billions Every Year: Ransom Payments, Staff Overtime, and Lost Business Are Crippling Victims
Cyber attacks are costing UK businesses £64 billion annually, with over half suffering at least one attack in the past year. Phishing, malware, and online banking threats were the most common, and nearly two-thirds cited staff overtime as a major cost. Direct losses totalled £37 billion, with indirect impacts like increased cyber security budgets and lost clients adding over £26 billion more. Alarmingly, 1 in 8 affected firms entered administration. Despite this, 15% of businesses have no cyber security budget, and nearly half manage risks entirely in-house, underscoring the urgent need for proactive investment in cyber resilience.
Don’t Plug Phones into Chinese Electric Cars, Defence Firms Warn
Defence and intelligence firms are warning staff not to connect phones via cable or Bluetooth to Chinese-made electric vehicles due to fears of state-sponsored espionage. The UK Ministry of Defence has already restricted EV access on military sites, citing findings from the Defence Science and Technology Laboratory that EVs may pose national security risks. Defence suppliers including BAE Systems and Rolls-Royce are advising precautions as all connected vehicles potentially expose sensitive data to foreign interception.
94% of Leaked Passwords Are Not Unique
A new study of over 19 billion leaked passwords has found that 94% are reused or duplicated, leaving users highly vulnerable to cyber attacks. Common entries like “123456”, “admin”, and “password” remain prevalent, with over 700 million instances of “1234” alone. Many systems still rely on default credentials, which users often fail to change. Only 6% of passwords were found to be unique and relatively secure. The report highlights the urgent need for organisations to enforce strong password policies, promote the use of password managers and multi-factor authentication, and regularly monitor for credential leaks.
Personal Data of Top Executives Easily Found Online
Incogni has found that over 75% of corporate board members have personal information including home addresses and family links readily available on people search websites. Exposure is highest in consumer staples (84%), industrials (81%), and technology (77%) sectors, with 26% of board members appearing on more than 20 such sites. Notably, exposure is unrelated to company size, affecting firms with revenues both above $50 billion and below $10 billion equally. The report warns that any organisation, regardless of profile, could face reputational or security risks if senior leaders’ private data remains unprotected online.
The SMB Cyber Security Gap: High Awareness, Low Readiness
CrowdStrike’s latest survey reveals that while 90% of small and midsize business (SMB) leaders recognise cyber threats as a business risk, only 42% provide regular cyber security training. Cost remains the top barrier to better protection, with two-thirds citing it as their primary challenge, yet cutting corners often results in ineffective defences. Smaller firms are disproportionately vulnerable, with 75% of micro-businesses admitting a ransomware attack could shut them down. The report urges stronger vendor support and practical guidance to help SMBs close this growing readiness gap.
How Cyber Criminals Exploit Psychological Triggers in Social Engineering Attacks
Avast reports that social engineering now accounts for the majority of cyber threats faced by individuals in 2024. These attacks exploit human psychology using authority, urgency, and familiarity to bypass technical controls, with tactics ranging from phishing and fake system prompts to deepfake video calls. One such attack resulted in the theft of over $25 million from a global firm. Even security experts are being caught out, highlighting the sophistication of these scams. The report underscores the need for strong identity verification, multi-factor authentication, and regular staff training to mitigate the growing risks posed by these increasingly deceptive methods.
Darcula Phishing as a Service Operation Snares 800,000+ Victims
A sophisticated phishing-as-a-service operation known as Darcula has enabled cyber criminals to compromise over 880,000 payment cards in just seven months. Targeting mobile users globally through SMS, RCS and iMessage, the operation impersonates trusted brands to deceive victims into submitting sensitive information. Researchers uncovered a toolkit named “Magic Cat” at the core of the operation, designed to support non-technical actors with ready-made templates and real-time data streaming. With an estimated 600 cyber crime groups using the platform, law enforcement agencies across multiple jurisdictions have been alerted to the growing threat.
Cyber Criminals Hold Britain’s Boardrooms to Ransom
Cyber attacks have impacted over half of UK firms with ransomware the most damaging threat. High-profile breaches, such as the one affecting M&S, highlight how attacks can cripple operations for weeks and damage share value: M&S alone saw a billion wiped from its market cap. Experts warn that hybrid working, third-party suppliers, and boardroom inexperience are compounding risks, as only 26% of company boards now include a director with cyber responsibility. Despite rising adoption of cyber insurance, it is no substitute for robust cyber security controls.
UK at Risk of Russian Cyber and Physical Attacks as Ukraine Seeks Peace Deal
The UK faces an increasing threat from Russian cyber and physical sabotage as Ukraine moves closer to a peace deal, according to the head of the National Cyber Security Centre. Over 200 cyber incidents have been managed since September 2024, with twice as many nationally significant cases compared to the previous year. Russian intelligence is reportedly using criminal proxies to carry out sabotage, while Iranian, North Korean, and Chinese actors also pose growing risks. The UK government warns that hostile states are using cyber attacks to pursue strategic objectives, often operating in the “grey zone” with plausible deniability.
Sources:
https://www.darkreading.com/cyber-risk/email-based-attacks-cyber-insurance-claims
https://www.scworld.com/brief/hackers-pose-as-it-staff-in-uk-retail-cyber-strikes
https://www.itpro.com/security/cyber-attacks/cyber-attacks-cost-uk-firms-64-billion-each-year
https://www.helpnetsecurity.com/2025/05/07/corporate-directors-personal-information-online/
https://www.msspalert.com/news/the-smb-cybersecurity-gap-high-awareness-low-readiness
https://www.helpnetsecurity.com/2025/05/06/social-engineering-human-behavior/
https://www.infosecurity-magazine.com/news/darcula-phishing-as-a-service/
Governance, Risk and Compliance
UK firms have ‘alarming gaps’ in cyber security readiness | The Standard
UK retail cyber-attacks underscore the case for resilience over reactivity
UK given cyber wake-up call as government looks to act
Government to unveil new cyber security measures after wave of attacks | The Standard
Are You Too Reliant on Third-Party Vendors for Cyber Security? - Security Boulevard
Personal data of top executives easily found online - Help Net Security
The SMB Cyber Security Gap: High Awareness, Low Readiness | MSSP Alert
Building a resilient mindset | The Independent
Cyber resilience is the strategy: Why business and security must align now | SC Media
How CISOs can talk cyber security so it makes sense to executives - Help Net Security
CIOs pay too much for not enough IT security | CIO Dive
CISO vs CFO: why are the conversations difficult? | CSO Online
CISOs Transform Into Business-Critical Digital Risk Leaders
Global cyber security readiness remains critically low - Help Net Security
81% of High-Uncertainty Middle-Market Firms Delay Tech Initiatives
Threats
Ransomware, Extortion and Destructive Attacks
UK businesses lost £64bn to cyber-attacks over a three-year period - UKTN
Don't pay hackers: Cyber Security chief's warning after major retail attacks | ITV News
Cyber Attacks on Critical Infrastructures Makes Us Very Vulnerable - Security Boulevard
Why Ransomware Isn’t Just a Technology Problem (It’s Worse) - Security Boulevard
Ransomware spike exposes cracks in cloud security - Help Net Security
Have Cyber Insurance? The Preferred Victims Of Ransomware Attackers - Above the Law
New "Bring Your Own Installer" EDR bypass used in ransomware attack
Play ransomware exploited Windows logging flaw in zero-day attacks
Govt to inject £16m into retail cyber security
LockBit ransomware gang hacked, victim negotiations exposed
Qilin Has Emerged as The Top Ransomware Group in April with 74 Cyber Attacks
Ransomware Attackers Leveraged Privilege Escalation Zero-day | Symantec Enterprise Blogs
Coalition 2025 Cyber Claims Report Finds Ransomware Stabilized but Remains Costly for Businesses
Ukrainian Nefilim Ransomware Affiliate Extradited to US - SecurityWeek
US Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems
Kickidler employee monitoring software abused in ransomware attacks
470 Ransomware Attacking in 2025, Qilin Remains Dominant Followed by Silent & Crypto24
Ransomware Victims
Despite Arrests, Scattered Spider Continues Hacking
Britain to warn companies cyber security must be 'absolute priority' - The Economic Times
Cyber criminals hold Britain's boardrooms to ransom | This is Money
M&S hackers tricked IT help desk workers to access company systems, says report | The Independent
Inside DragonForce, the Group Tied to M&S, Co-op and Harrods Hacks - Infosecurity Magazine
Co-op cyber attack: supermarket cuts off store deliveries amid food shortage fears
UK retailers under attack: why hackers hit household names
Why Are So Many UK Supermarkets Getting Hacked? | HuffPost UK Life
IT warning after hackers close 160-year-old firm in Kettering - BBC News
Banking Customer Data Exposed Following Ransomware Attack on Vendor | MSSP Alert
Co-op left with empty shelves as it battles cyber attack
Marks & Spencer losses hit £1bn in wake of devastating cyber attacks | This is Money
Rhysida Ransomware gang claims the hack of the Government of Peru
West Lothian schools hit by ransomware cyber attack - BBC News
Lessons Learned from the Blackbaud Hack and Legal Fallout
German drinks group Oettinger confirms cyber attack - Just Drinks
After Hacking 60M Kids for Ransom, PowerSchool Attackers Extort Teachers
TDSB says it got ransom demand over stolen student data not destroyed in cyber security incident
Masimo Manufacturing Facilities Hit by Cyber Attack - SecurityWeek
Phishing & Email Based Attacks
Gen AI is great at phishing, pig butchering scams • The Register
'Venom Spider' Targets Hiring Managers in Phishing Scheme
Beyond the hook: How phishing is evolving in the world of AI | Computer Weekly
Darcula Phishing as a Service Operation Snares 800,000+ Victims - Infosecurity Magazine
Microsoft enforces strict rules for bulk emails on Outlook - gHacks Tech News
Ransomware costs ease but email-based attacks dominate, Coalition reports - Reinsurance News
'CoGUI' Phishing Kit Helps Chinese Hackers Target Japan
Sophisticated Phishing Attack Abuses Discord & Attacked 30,000 Users
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Majority of cyber insurance ransomware claims are due to BEC
Email-Based Attacks Top Cyber Insurance Claims
Other Social Engineering
How cyber criminals exploit psychological triggers in social engineering attacks - Help Net Security
Hackers pose as IT staff in UK retail cyber strikes | SC Media
Marks & Spencer losses hit £1bn in wake of devastating cyber attacks | This is Money
Cyber attack on M&S should be 'wake-up call', minister warns | Politics News | Sky News
Personal data of top executives easily found online - Help Net Security
Darcula PhaaS steals 884,000 credit cards via phishing texts
North Korean hackers show telltale signs, researchers say | SC Media
The many variants of the ClickFix social engineering tactic - Help Net Security
Wave of tech layoffs leads to more job scams - Help Net Security
How to spot and expose fraudulent North Korean IT workers | TechTarget
Crypto scammers abuse X ads with spoofed links | Cybernews
Fraud, Scams and Financial Crime
Gen AI is great at phishing, pig butchering scams • The Register
Digital welfare fraud: ALTSRUS syndicate exploits the financially vulnerable - Help Net Security
Darcula PhaaS steals 884,000 credit cards via phishing texts
Wave of tech layoffs leads to more job scams - Help Net Security
Artificial Intelligence
Gen AI is great at phishing, pig butchering scams • The Register
UK Warns of AI-Based Attacks Against Critical Infrastructure
UK critical systems at risk from ‘digital divide’ created by AI threats | Computer Weekly
1 in 3 workers keep AI use a secret - Help Net Security
Beyond the hook: How phishing is evolving in the world of AI | Computer Weekly
Cisco sounds the alarm over AI security threats
Global cyber security readiness remains critically low - Help Net Security
AI vs. AI: Both Friend and Foe in Cyber Security - EE Times
Most CEOs find their C-suite lacks much-needed 'AI-savvy' | ZDNET
2FA/MFA
Nation-State Actors Continue to Exploit Weak Passwords, MFA
Malware
Hackers Using Weaponized PDF To Deliver Remcos RAT Malware on Windows
StealC malware enhanced with stealth upgrades and data theft tools
Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data
Experts shared up-to-date C2 domains and other artifacts related to recent MintsLoader attacks
Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times
Linux wiper malware hidden in malicious Go modules on GitHub
Activated Magento Backdoor Hits Up to 1,000 Online Stores
Google identifies new malware linked to Russia-based hacking group | Reuters
Macs under threat from thousands of hacked sites spreading malware — how to stay safe | Tom's Guide
The many variants of the ClickFix social engineering tactic - Help Net Security
Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
Supply chain attack hits npm package with 45,000 weekly downloads
Crypto scammers abuse X ads with spoofed links | Cybernews
Your USB Cable Or Device Could Be Hiding Malicious Hardware: Here's How To Stay Safe
Disney Slack hacker was Californian, not Russian: DoJ • The Register
Bots/Botnets
Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet
Improperly Patched Samsung MagicINFO Vulnerability Exploited by Botnet - SecurityWeek
Mobile
Apple issues mercenary spyware threat notifications | Security Magazine
Why Android users should care more about monthly security updates
Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
Google fixes actively exploited FreeType flaw on Android
Google Confirms Android Attack Warnings — Powered By AI
Denial of Service/DoS/DDoS
Europol Take Down DDoS-for-Hire Empire & Arrested 4 Admins
Europol Announces More DDoS Service Takedowns, Arrests - SecurityWeek
Internet of Things – IoT
Don’t plug phones into Chinese electric cars, defence firms say
Hackers Manage To Take Control of Nissan Leaf's Steering Remotely
Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet
Please stop exposing your IoT devices on the internet; your smart light might betray you
Data Breaches/Leaks
Dating app Raw exposed users' location data and personal information | TechCrunch
Signal clone used by Trump official stops operations after report it was hacked - Ars Technica
The Signal Clone Mike Waltz Was Caught Using Has Direct Access to User Chats | WIRED
UK Legal Aid Agency investigates cyber security incident
VC firm Insight Partners confirms personal data stolen during January hack | TechCrunch
Education giant Pearson hit by cyber attack exposing customer data
Hegseth bypassed Pentagon security with dirty line
Texas School District Notifies Over 47,000 People of Major Data Breach - Infosecurity Magazine
Organised Crime & Criminal Actors
Despite Arrests, Scattered Spider Continues Hacking
War on cyber crime: why disrupting attacker infrastructure is critical for security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data
Crypto scammers abuse X ads with spoofed links | Cybernews
Insider Risk and Insider Threats
How cyber criminals exploit psychological triggers in social engineering attacks - Help Net Security
North Korean hackers show telltale signs, researchers say | SC Media
How to spot and expose fraudulent North Korean IT workers | TechTarget
The Most Pressing Security Threat to Business is Hidden in Plain Sight - Security Boulevard
Insurance
Email-Based Attacks Top Cyber Insurance Claims
UK Cyber Insurance Claims Second Highest on Record - Infosecurity Magazine
Have Cyber Insurance? The Preferred Victims Of Ransomware Attackers - Above the Law
A guide to cyber liability insurance for a small business
ABA & Cyber Insurance: Essential IT Requirements for Small Law Firms - LexBlog
Supply Chain and Third Parties
Magento supply chain attack compromises hundreds of e-stores
EY Survey Reveals Rising Cyber Threats from Third-Party Supply Chain Risks
Banking Customer Data Exposed Following Ransomware Attack on Vendor | MSSP Alert
Supply chain attack hits npm package with 45,000 weekly downloads
Activated Magento Backdoor Hits Up to 1,000 Online Stores
Cloud/SaaS
Ransomware spike exposes cracks in cloud security - Help Net Security
New Microsoft 365 outage impacts Teams and other services
Outages
New Microsoft 365 outage impacts Teams and other services
Encryption
After Signal controversy, do private conversations online exist anymore? | CyberScoop
WhatsApp provides no cryptographic management for group messages - Ars Technica
Just 5% of Enterprises Have Deployed Quantum-Safe Encryption - Infosecurity Magazine
Linux and Open Source
Security Researchers Warn a Widely Used Open Source Tool Poses a 'Persistent' Risk to the US | WIRED
Linux wiper malware hidden in malicious Go modules on GitHub
DoD announces overhaul of 'outdated' software procurement • The Register
Passwords, Credential Stuffing & Brute Force Attacks
A whopping 94% of leaked passwords are not unique - will you people ever learn? | ZDNET
A review of 19 billion passwords reveals people are still bad at them | Mashable
Third of Online Users Hit by Account Hacks Due to Weak Passwords - Infosecurity Magazine
Nation-State Actors Continue to Exploit Weak Passwords, MFA
Microsoft sets all new accounts passwordless by default
If we don’t take cyber security seriously, maybe AI will | Cybernews
Social Media
Crypto scammers abuse X ads with spoofed links | Cybernews
Ireland's DPC fined TikTok €530M for sending EU user data to China
Trump promises protection for TikTok as sale deadline nears • The Register
TikTok Fined €530 Million Over Chinese Access to EU Data
Regulations, Fines and Legislation
UK firms have ‘alarming gaps’ in cyber security readiness | The Standard
UK given cyber wake-up call as government looks to act
UK Government to unveil new cyber security measures after wave of attacks | The Standard
What NY's New Security Rules Mean for Finance Firms
What a future without CVEs means for cyber defence - Help Net Security
Ireland's DPC fined TikTok €530M for sending EU user data to China
The nation’s cyber community is quietly rebelling against Trump’s changes - POLITICO
Cut CISA & Everyone Pays for It
Offensive cyber security to be emphasized by Trump admin, official says | SC Media
TikTok Fined €530 Million Over Chinese Access to EU Data
Signal app clone used by Trump's administration was hacked in less than 30 mins - SiliconANGLE
White House Proposal Slashes Half-Billion From CISA Budget - SecurityWeek
Sen. Murphy: Trump administration has ‘illegally gutted funding for cyber security’ | CyberScoop
The Signal Clone Mike Waltz Was Caught Using Has Direct Access to User Chats | WIRED
The Trump Administration Sure Is Having Trouble Keeping Its Comms Private | WIRED
Models, Frameworks and Standards
UK Cyber Essentials Certification Numbers Falling Short - Infosecurity Magazine
Data Protection
Ireland's DPC fined TikTok €530M for sending EU user data to China
Careers, Working in Cyber and Information Security
The 14 most valuable cyber security certifications | CSO Online
Europe leads shift from cyber security ‘headcount gap’ to skills-based hiring | Computer Weekly
Law Enforcement Action and Take Downs
Despite Arrests, Scattered Spider Continues Hacking
War on cyber crime: why disrupting attacker infrastructure is critical for security
Israel Nabs Suspect Sought by US Over $190M Nomad Bridge Exploit: Report - Decrypt
Polish authorities arrested 4 people behind DDoS-for-hire platforms
Europol Take Down DDoS-for-Hire Empire & Arrested 4 Admins
Three Brits charged over US, Canada swattings • The Register
Ukrainian Nefilim Ransomware Affiliate Extradited to US - SecurityWeek
US Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems
Disney Slack hacker was Californian, not Russian: DoJ • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Cyber Warfare's Limitations: Lessons for Future Conflicts
41 Countries Taking Part in NATO's Locked Shields 2025 Cyber Defence Exercise - SecurityWeek
Cyber Warfare Funding Accelerates and Everyone is at Risk - Security Boulevard
Nuclear warheads and cyber attacks: How UK must react to Russia threat
Could striking first in cyber be new Pentagon policy? - Defense One
Countries Begin NATO's Locked Shields Cyber-Defence Exercise
Nation State Actors
Nation-State Actors Continue to Exploit Weak Passwords, MFA
Hostile nation states are ramping up cyber attacks on UK, warns GCHQ | This is Money
China
Don’t plug phones into Chinese electric cars, defence firms say
White House Warns China of Cyber Retaliation Over Infrastructure Hacks - Infosecurity Magazine
Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
'CoGUI' Phishing Kit Helps Chinese Hackers Target Japan
Ireland's DPC fined TikTok €530M for sending EU user data to China
TikTok Fined €530 Million Over Chinese Access to EU Data
Trump promises protection for TikTok as sale deadline nears • The Register
Russia
UK at risk of Russian cyber and physical attacks as Ukraine seeks peace deal
Nuclear warheads and cyber attacks: How UK must react to Russia threat
Google identifies new malware linked to Russia-based hacking group | Reuters
Poland says Russia is trying to interfere in presidential election | Reuters
Security Researchers Warn a Widely Used Open Source Tool Poses a 'Persistent' Risk to the US | WIRED
Pro-Russian hackers claim to have targeted several UK websites | Cybercrime | The Guardian
Convicted Russian spies attended Brexit event in Parliament - BBC News
North Korea
North Korean hackers show telltale signs, researchers say | SC Media
How to spot and expose fraudulent North Korean IT workers | TechTarget
Tools and Controls
Email-Based Attacks Top Cyber Insurance Claims
UK retail cyber-attacks underscore the case for resilience over reactivity
Building a resilient mindset | The Independent
Cyber resilience is the strategy: Why business and security must align now | SC Media
Security Tools Alone Don't Protect You — Control Effectiveness Does
Personal data of top executives easily found online - Help Net Security
Are You Too Reliant on Third-Party Vendors for Cyber Security? - Security Boulevard
41 Countries Taking Part in NATO's Locked Shields 2025 Cyber Defence Exercise - SecurityWeek
Hacker Finds New Technique to Bypass SentinelOne EDR Solution - Infosecurity Magazine
How CISOs can talk cyber security so it makes sense to executives - Help Net Security
CIOs pay too much for not enough IT security | CIO Dive
CISO vs CFO: why are the conversations difficult? | CSO Online
What it really takes to build a resilient cyber program - Help Net Security
A guide to cyber liability insurance for a small business
How OSINT supports financial crime investigations - Help Net Security
Microsoft enforces strict rules for bulk emails on Outlook - gHacks Tech News
81% of High-Uncertainty Middle-Market Firms Delay Tech Initiatives
How to use PC sandbox apps to test dubious files safely | PCWorld
Countries Begin NATO's Locked Shields Cyber-Defence Exercise
ABA & Cyber Insurance: Essential IT Requirements for Small Law Firms - LexBlog
Reports Published in the Last Week
Other News
UK businesses lost £64bn to cyber-attacks over a three-year period - UKTN
Hostile nation states are ramping up cyber attacks on UK, warns GCHQ | This is Money
The SMB Cyber Security Gap: High Awareness, Low Readiness | MSSP Alert
"Nationally Significant" Cyber-Attacks Have Doubled, UK’s NCSC Reports - Infosecurity Magazine
UK Cyber Insurance Claims Second Highest on Record - Infosecurity Magazine
Half of Irish firms have fallen victim to cyber crime in past five years
Delta Air Lines class action cleared for takeoff • The Register
US tells CNI orgs to stop connecting OT kit to the web | Computer Weekly
US government warns of "unsophisticated" hackers targeting oil and gas systems | TechRadar
Almost half of Flemish companies suffered cyber attack last year
Cyber Attacks Targeting US Increased by 136% | Security Magazine
Countries Begin NATO's Locked Shields Cyber-Defence Exercise
Vulnerability Management
Why Android users should care more about monthly security updates
What a future without CVEs means for cyber defence - Help Net Security
Cut CISA & Everyone Pays for It
White House Proposal Slashes Half-Billion From CISA Budget - SecurityWeek
Life Without CVEs? It's Time to Act
Vulnerabilities
Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
PoC Published for Exploited SonicWall Vulnerabilities - SecurityWeek
Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
Hackers Selling SS7 0-Day Vulnerability on Hacker Forums for $5000
Second Wave of Attacks Targets SAP NetWeaver | MSSP Alert
Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT
Cisco Patches 35 Vulnerabilities Across Several Products - SecurityWeek
FBI: End-of-life routers hacked for cyber crime proxy networks
Researcher Says Fixed Commvault Bug Still Exploitable
SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version
Improperly Patched Samsung MagicINFO Vulnerability Exploited by Botnet - SecurityWeek
Apache Parquet exploit tool detect servers vulnerable to critical flaw
Microsoft Warns of Attackers Exploiting Misconfigured Apache Pinot Installations - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 02 May 2025
Black Arrow Cyber Threat Intelligence Briefing 02 May 2025:
-M&S ‘Had No Plan’ for Cyber Attacks, with Staff Sleeping in the Office Amid ‘Paranoia’ and ‘Chaos’
-More than 60% of Organisations Are Insufficiently Prepared to Address Urgent Geopolitical, Cyber Security, and Regulatory Risks
-Fake Payments, Receipts and Invoices on the Rise
-Account Takeovers: A Growing Threat to Your Business and Customers
-North Korean Operatives Have Infiltrated Hundreds of Fortune 500 Companies
-Phone Theft Is Turning into a Serious Cyber Security Risk
-Why Cyber Resilience Must be Part of Every Organisation’s DNA
-Compliance Management In 2025: Ensuring Your Security Strategy Meets Regulatory Demands
-Ransomware Attacks are Getting Smarter, Harder to Stop
-People Know Password Reuse Is Risky but Keep Doing It Anyway
-A Cyber Security Paradox: Even Resilient Organisations Are Blind to AI Threats
-Securing the Invisible: Supply Chain Security Trends
-Don’t Overlook the BISO Role When it Comes to Growth and Continuity
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Exec Summary
Our review this week starts with the high-profile breach at UK retailer Marks & Spencer, which has severely impacted operations and employees for over a week, with reports that the organisation had not tested their cyber incident plan. Similar issues are evident across other sectors, with over 60% of firms globally reporting poor readiness for cyber, geopolitical, and AI-related threats.
Cyber resilience is a recurring theme in this week’s threat intelligence review. At Black Arrow Cyber, we recommend organisations test their response plan, such as through our simulation exercises where impartial experts help the leadership team to uncover and address misconceptions regarding IT provision or operational resilience. Such exercises are required by many cyber frameworks and regulations, including the UK’s Cyber Governance Code of Practice.
We also report on attack types including ransomware, account takeover, and AI-fuelled scams that produce fake receipts indistinguishable from the real thing. These developments strain traditional defences and expose critical gaps in resilience. The growing concern around insider risk, particularly the infiltration of major firms by North Korean operatives, reminds business leaders that threats are not always external.
Encouragingly, board-level awareness is growing, with more organisations recognising that cyber resilience must be embedded into company culture and governance. Black Arrow believes the growing prominence of roles like the Business Information Security Officer (BISO), which many of our services emulate, signals a necessary shift toward strategic, business-aligned security leadership and greater resilience against cyber incidents.
Top Cyber Stories of the Last Week
M&S ‘Had No Plan’ for Cyber Attacks, with Staff Sleeping in the Office Amid ‘Paranoia’ and ‘Chaos’
UK retailer Marks & Spencer continues to grapple with a severe cyber attack that has disrupted online orders and recruitment for over a week, with insiders warning full recovery may take months. Reports indicate the retailer lacked a cyber attack or business continuity plan, leaving staff to respond reactively, with some staff describing sleeping in offices and using personal devices amid confusion and shifting internal guidance. The situation has led to significant operational disruption and employee concern over whether hackers remain inside the system. Harrods and the Co-op Group have also been targeted in recent days, highlighting a broader wave of attacks. The Cabinet Office has warned that such incidents should serve as a wake-up call for all UK businesses to prioritise cyber security.
More than 60% of Organisations Are Insufficiently Prepared to Address Urgent Geopolitical, Cyber Security, and Regulatory Risks
AlixPartners’ 2025 Global Risk Survey reveals that over 60% of organisations feel underprepared to manage rising geopolitical, cyber security, and regulatory risks. Nearly three quarters are not ready for international regulatory changes, while 68% are unprepared for AI-related threats despite widespread adoption. Although 63% are investing in technology to combat financial crime, only 44% find it highly effective. Most also lack readiness for cyber security incidents and data privacy breaches. With nearly 70% anticipating increased corporate litigation, many are boosting legal budgets, highlighting a growing need for strategic risk management amid ongoing global volatility.
Fake Payments, Receipts and Invoices on the Rise
The rise of generative AI and poorly implemented automation is fuelling a surge in fake payments, receipts and invoices, putting businesses, particularly SMEs, at greater risk of financial loss. A third of firms were hit by invoice fraud in 2024, often due to weak controls around payment matching. New scams range from fake banking apps, to AI-generated receipts indistinguishable from genuine ones. While government initiatives like the Cyber Governance Code of Practice and the forthcoming Cyber Security and Resilience Bill offer promise, there remains a gap between awareness and action, especially among smaller organisations.
Account Takeovers: A Growing Threat to Your Business and Customers
Account takeovers are rapidly emerging as one of the most costly and damaging cyber threats facing businesses today, with annual losses exceeding $5 billion in the US alone. These attacks occur when criminals gain unauthorised access to legitimate user accounts, often through tactics like credential stuffing, phishing, and SIM swapping. Once inside, attackers can steal funds and personal data, or lock out genuine users. Despite their growing sophistication, many organisations remain underprepared. The financial and reputational fallout can be severe, but proactive steps such as multi-factor authentication, behavioural analytics, and continuous monitoring can significantly reduce the risk.
North Korean Operatives Have Infiltrated Hundreds of Fortune 500 Companies
Security experts from Mandiant and Google Cloud have warned that hundreds of Fortune 500 firms have unknowingly hired North Korean IT workers, with most CISOs admitting to at least one such hire. These operatives, embedded as full-time staff, are earning six-figure salaries, generating an estimated $100 million annually for North Korea’s regime. While initially a financial operation, this threat has evolved, with some dismissed workers resorting to extortion. There is growing concern that these individuals could disrupt services or leak sensitive data, particularly as some have been linked to North Korea’s intelligence services and previous destructive cyber operations.
Phone Theft Is Turning into a Serious Cyber Security Risk
Phone theft is evolving into a significant cyber security risk, with the UK’s Metropolitan Police seizing 1,000 devices a week and Europol uncovering a network affecting over 480,000 victims worldwide. Many organisations still underestimate the risk posed by mobile devices, with only 63% able to track both BYOD and corporate phones. Poor controls and misplaced trust in default security features leave gaps that attackers can exploit to access corporate systems. Without clear response plans or robust mobile device management, stolen smartphones, often more data-rich than laptops, can become a gateway to wider breaches, especially when used for multi-factor authentication.
Why Cyber Resilience Must be Part of Every Organisation’s DNA
LevelBlue’s 2025 Futures Report highlights that while AI adoption is accelerating, only 29% of executives feel prepared for AI-powered threats, despite 42% expecting them. Deepfake attacks are anticipated by 44%, yet just 32% say they’re ready. Nearly half admit they must improve defences against AI-driven adversaries, and 41% are already seeing a significant rise in attacks. Encouragingly, 45% now view cyber resilience as a company-wide priority, up from 27% last year, with 68% noting increased C-suite focus due to media coverage of major breaches. The report urges leaders to embed resilience at board level, invest early, and foster a cyber-aware culture.
Compliance Management In 2025: Ensuring Your Security Strategy Meets Regulatory Demands
Compliance management in 2025 has become more complex and critical, with organisations facing heightened regulatory scrutiny and rising cyber threats. New laws across data privacy, ESG, and third-party risk demand proactive, data-driven compliance. Real-time monitoring and integration of AI and automation are increasingly used to detect risks and improve reporting accuracy. The cost of non-compliance is growing, making alignment between cyber security and regulatory strategy essential. Frameworks and certifications like NIST and ISO 27001, along with RegTech solutions, are now key to building resilient, scalable systems. Organisations must prioritise cross-functional collaboration and continuous improvement to remain secure and compliant.
Ransomware Attacks are Getting Smarter, Harder to Stop
Ransomware remains a critical threat, with 69% of organisations hit in the past year despite growing collaboration between IT and security teams. Yet only 10% of victims recovered over 90% of their data, while more than half recovered less than 50%. The shift toward data exfiltration and double extortion is accelerating, with attackers striking within hours. While ransom payments are declining and 36% of victims refused to pay, recovery gaps persist. Firms investing in data resilience recover up to seven times faster, but only 44% verify backups regularly. These findings underscore the need for proactive, well-practised cyber resilience strategies across the business.
People Know Password Reuse Is Risky but Keep Doing It Anyway
Bitwarden’s research reveals a concerning disconnect between awareness and behaviour when it comes to password security. While 79% of Gen Z acknowledge the risks of password reuse, 59% still recycle passwords after a breach. Over half of respondents have abandoned accounts to avoid password resets, and only 10% always update compromised credentials. Despite this, younger generations are more inclined to enable multi-factor authentication (MFA). Insecure sharing practices persist, with 25% of Gen Z using text messages to share passwords. The report highlights a clear need for targeted education across all age groups, especially among decision-makers.
A Cyber Security Paradox: Even Resilient Organisations Are Blind to AI Threats
LevelBlue’s latest report reveals a growing gap in AI risk awareness among otherwise cyber-resilient organisations. While 94% of these firms invest in software supply chain security, compared to just 62% overall, they remain largely blind to the risks introduced by rapid AI adoption. Only 30% of executives acknowledged increased AI-related supply chain threats. Many resilient organisations may be overlooking how underregulated AI tools expand their attack surface. The report stresses that cyber resilience now demands shared leadership responsibility, proactive risk management, and readiness for both incident response and business continuity.
Securing the Invisible: Supply Chain Security Trends
Supply chain attacks are evolving, with adversaries exploiting trusted software, hardware, and vendor relationships to bypass traditional defences. Continuous monitoring of third-party risk is replacing one-off assessments, as CISOs extend visibility across the extended enterprise. Real-time data, blockchain traceability, and AI-driven threat detection are now essential tools. Software Bills of Materials (SBOMs) have become operational necessities, helping firms assess exposure during emerging threats. Regulatory pressure is growing, with the EU’s DORA and NIS2 setting new expectations. Yet, only a third of supply chain leaders use GenAI tools designed for their domain despite 97% already using the technology in some form.
Don’t Overlook the BISO Role When it Comes to Growth and Continuity
The role of the Business Information Security Officer (BISO) is gaining traction as organisations recognise cyber risk as a critical business risk. BISOs act as a bridge between security teams and the C-suite, helping drive investment in proactive, cost-effective cyber strategies. With ransomware and extortion attacks on the rise, and the average cost of an incident now around $677 million, BISOs help quantify risk, improve resilience, and align security with broader business goals. Though adoption is still growing, more firms are realising the BISO’s value in fostering innovation, operational continuity, and modern cyber hygiene across the enterprise. Many of the services provided by Black Arrow fulfil the function of an internal BISO; talk to us to see how we can help you achieve your objectives in a cost effective and impartial manner.
Sources:
https://cyberscoop.com/north-korea-workers-infiltrate-fortune-500/
https://www.helpnetsecurity.com/2025/05/02/phone-theft-cybersecurity-threat/
https://www.helpnetsecurity.com/2025/04/30/rethink-cyber-resilience/
https://cybersecuritynews.com/compliance-management-in-2025/
https://www.helpnetsecurity.com/2025/04/28/companies-impacted-ransomware-attacks/
https://www.helpnetsecurity.com/2025/05/02/passwords-update-security-risks/
https://www.darkreading.com/cyber-risk/even-resilient-organizations-bind-ai-threats
https://www.helpnetsecurity.com/2025/04/30/supply-chain-security-trends/
https://www.techradar.com/pro/dont-overlook-the-biso-role-when-it-comes-to-growth-and-continuity
Governance, Risk and Compliance
You're Probably Not Taking Cyber Security Seriously Enough - Above the Law
Don’t overlook the BISO role when it comes to growth and continuity | TechRadar
No longer optional: Cyber risk oversight for boards | American Banker
Stronger Together: Why IT And Security Collaboration Is Business Critical
Compliance Management In 2025: Ensuring Your Security Strategy Meets Regulatory Demands
Gartner: enabling cyber security amid geopolitical rifts | TechRadar
CISOs Call for Streamlined Global Cyber Rules | MSSP Alert
What is a Risk Map (Risk Heat Map)? | Definition from TechTarget
How CISOs Can Leverage Threat Intelligence to Stay Proactive
The CISO’s Role In Ensuring Compliance Amid Evolving Cyber Threats
Half of CIOs lack access to appropriate cyber security tools for their business - Business Plus
The Expanding Role of CISOs in Tech and Corporate Governance
Why CISOs Are Key to Integrating ESG and Cyber Security - Cyber Security News
From compliance to culture: Making security part of our daily routines
How to survive as a CISO aka 'chief scapegoat officer' • The Register
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware attacks are getting smarter, harder to stop - Help Net Security
Ransomware Group Hacks Webcam to Evade Endpoint Defences
The 5 Emerging Cyber Attack Techniques Poised to Disrupt
6 major supply chain cyber security risks in 2025| Cybernews
DragonForce expands ransomware model with white-label branding scheme
Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes - Infosecurity Magazine
Prolific RansomHub Operation Goes Dark
Emerging Threat Actor Hellcat Exemplifies Continued Innovation in Ransomware TPPs | MSSP Alert
The 5,365 Ransomware Attack Rampage — What You Need To Know
Ransomware Attacks on Critical Infrastructure Surge, Reports FBI | Tripwire
Ransomware Victims
Marks & Spencer breach linked to Scattered Spider ransomware attack
M&S market value falls £700m amid cyber attack
Some M&S stores left with empty shelves after cyber attack - BBC News
M&S report warned of cyber threats year before hack
How ‘native English’ Scattered Spider group linked to M&S attack operate | Cybercrime | The Guardian
Co-op hit by cyber attack as back-office systems disrupted
M&S stops hiring after systems taken offline due to cyber attack
Top security body urges retailers to act following Marks & Spencer cyber attack | Retail Week
M&S: WFH staff locked out of systems amid cyber attack fallout - Retail Gazette
Harrods is latest retailer to be hit by cyber-attack | Harrods | The Guardian
Co-op cyber attack: Staff told to keep cameras on in meetings - BBC News
M&S cyber attack: Retailer working 'day and night' to manage impact - BBC News
M&S and Co-op: UK retailers brace for cyber attacks
Retail cyber attacks sound alarm for food manufacturing supply chains
Warning hackers may ‘try their luck’ with other retailers as M&S issues update | The Independent
Almost a million patients hit by Frederick Health data breach | TechRadar
Phishing & Email Based Attacks
Low-tech phishing attacks are gaining ground - Help Net Security
Same Inbox, New Tricks: A Look At The Email Threat Landscape In Q1 2025
This Email Sounds Like It Came From Your Boss. But It Didn’t. | Symantec Enterprise Blogs
Phishers Take Advantage of Iberian Power Outage
Why MFA is getting easer to bypass and what to do about it - Ars Technica
Criminals are pretending to be Microsoft, Google, and Apple in phishing attacks | TechRadar
A large-scale phishing campaign targets WordPress WooCommerce users
Large-Scale Phishing Campaigns Target Russia and Ukraine - Infosecurity Magazine
Other Social Engineering
North Koreans Still Working Hard to Take Your IT Job: 'Any Organisation Is a Target' | PCMag
There's one question that stumps North Korean fake workers • The Register
Mobile security is a frontline risk. Are you ready? - Help Net Security
North Korean operatives have infiltrated hundreds of Fortune 500 companies | CyberScoop
Fraud, Scams and Financial Crime
Cyber security: fake payments, receipts and invoices on the rise | ICAEW
Government Set to Ban SIM Farms in European First - Infosecurity Magazine
WhatsApp, Signal scam leads to Microsoft account hacks [April 2025] | Mashable
PayPal Red Alert Issued After 600% Increase In Scams Recorded in 2025: What You Need To Know
Online fraud peaks as breaches rise - Help Net Security
Mystery Box Scams Deployed to Steal Credit Card Data - Infosecurity Magazine
Gig-Work Platforms at Risk for Data Breaches, Fraud, Account Takeovers
Third-party applications for online banking give fraudsters access to your money - Cyberpolice | УНН
Artificial Intelligence
The 5 Emerging Cyber Attack Techniques Poised to Disrupt
Enterprises Need to Beware of These 5 Threats
AI and automation shift the cyber security balance toward attackers - Help Net Security
Even Cyber Resilient Organisations Struggle to Comprehend AI Risks
AI, Automation & Dark Web Fuel Evolving Threat Landscape
The Next Two Years In AI Cyber Security For Business Leaders
4 lessons in the new era of AI-enabled cyber crime | TechTarget
Agentic AI Systems Pose Alarming API Security Risks
Ex-NSA cyber boss: AI will soon be a great exploit dev • The Register
Claude AI Exploited to Operate 100+ Fake Political Personas in Global Influence Campaign
Forthcoming NIST profile to address growing AI-cyber challenges - Nextgov/FCW
South Korea says DeepSeek transferred user data, prompts without consent | Reuters
Microsoft’s AI Starts Secretly Copying And Saving Your Messages
60% of AI agents are embedded in IT departments - here's what they're doing | ZDNET
End users can code with AI, but IT must be wary | TechTarget
Drones may strike targets with no human input, says minister
2FA/MFA
Why MFA is getting easer to bypass and what to do about it - Ars Technica
Malware
CEO of cyber security firm charged with installing malware on hospital systems
Infosec pro blabs about alleged malware mishap on LinkedIn • The Register
New WordPress Malware Masquerades as Plugin - Infosecurity Magazine
Novel Gremlin Stealer malware emerges | SC Media
WordPress plugin disguised as a security tool injects backdoor
Malware Steals 1.7 Billion Passwords — Publishes Them To Dark Web
Hackers abuse IPv6 networking feature to hijack software updates
DarkWatchman cyber crime malware returns on Russian networks | The Record from Recorded Future News
Hive0117 group targets Russian firms with new variant of DarkWatchman malware
Mobile
Mobile security is a frontline risk. Are you ready? - Help Net Security
Phone theft is turning into a serious cyber security risk - Help Net Security
Mobile Applications: A Cesspool of Security Issues
Government Set to Ban SIM Farms in European First - Infosecurity Magazine
Half of Mobile Devices Run Outdated Operating Systems - Infosecurity Magazine
iOS and Android juice jacking defences have been trivial to bypass for years - Ars Technica
Google’s Play Store lost nearly half its apps | The Verge
Denial of Service/DoS/DDoS
DDoS attacks jump 358% compared to last year - Help Net Security
DDoS attacks in 2025 have already surpassed the 2024 total | TechRadar
Pro-Russian hackers strike Dutch municipalities with coordinated DDoS attack | NL Times
Internet of Things – IoT
Vehicles Face 45% More Attacks, 4 Times More Hackers
Data Breaches/Leaks
SAS names and ranks reportedly available online for a decade - BBC News
Malware Steals 1.7 Billion Passwords — Publishes Them To Dark Web
Signalgate: Security culture? America's screwed • The Register
27 million French electronics giant’s customer records leaked online | Cybernews
Commvault says recent breach didn't impact customer backup data
Ascension discloses second major cyber attack in a year • The Register
Gig-Work Platforms at Risk for Data Breaches, Fraud, Account Takeovers
African multinational telco giant MTN disclosed a data breach
Banking details of thousands of Aussies stolen by cyber criminals
ANY.RUN warns free-tier users of data exposure | Cybernews
Almost a million patients hit by Frederick Health data breach | TechRadar
Employee monitoring app exposes 21M work screens | Cybernews
Nova Scotia Power cyber attack impacts customer billing accounts | Cybernews
Organised Crime & Criminal Actors
Cyber criminals switch up their top initial access vectors of choice | CSO Online
Europol Creates “Violence-as-a-Service” Taskforce - Infosecurity Magazine
Cyber defenders need to remember their adversaries are human, says Trellix research head | IT Pro
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers
Solana DeFi protocol Loopscale hit with $5.8 million exploit two weeks after launch | The Block
Insider Risk and Insider Threats
People know password reuse is risky but keep doing it anyway - Help Net Security
Infosec pro blabs about alleged malware mishap on LinkedIn • The Register
Ex-Disney employee gets three years in prison for menu hacks • The Register
North Koreans Still Working Hard to Take Your IT Job: 'Any Organisation Is a Target' | PCMag
North Korean operatives have infiltrated hundreds of Fortune 500 companies | CyberScoop
Insurance
Reducing Cyber Insurance Costs - CISO Proactive Measures
How Organisations Can Leverage Cyber Insurance Effectively
Supply Chain and Third Parties
6 major supply chain cyber security risks in 2025| Cybernews
Half of red flags in third-party deals never reach compliance teams - Help Net Security
Securing the invisible: Supply chain security trends - Help Net Security
Cloud/SaaS
Over 90% of Cyber Security Leaders Worldwide Encountered Cyber Attacks Targeting Cloud Environments
JPMorgan CISO Warns of SaaS Security Risks - Infosecurity Magazine
Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers
Dropbox, OneDrive Abused In Massive Southeast Asia Cyber-Espionage Operation
Outages
Oracle engineers caused dayslong software outage at U.S. hospitals
Identity and Access Management
Identity and Access Management (IAM) - The CISO’s Core Focus in Modern Cyber Security
Encryption
Quantum computer threat spurring quiet overhaul of internet security | CyberScoop
Passwords, Credential Stuffing & Brute Force Attacks
People know password reuse is risky but keep doing it anyway - Help Net Security
Some of you still use these awful passwords today
Account Takeovers: A Growing Threat to Your Business and Customers - Security Boulevard
Law Enforcement Can Break 77% Of ‘Three Random Word’ Passwords
Malware Steals 1.7 Billion Passwords — Publishes Them To Dark Web
Microsoft Confirms Password Spraying Attack — What You Need To Know
46% of the most trusted US companies' employees reuse
CISOs should re-consider using Microsoft RDP due to password flaw, says expert | CSO Online
Regulations, Fines and Legislation
Government Set to Ban SIM Farms in European First - Infosecurity Magazine
Compliance Management In 2025: Ensuring Your Security Strategy Meets Regulatory Demands
CISOs Call for Streamlined Global Cyber Rules | MSSP Alert
The CISO’s Role In Ensuring Compliance Amid Evolving Cyber Threats
Tariffs could slow replacement of telecom networks, according to industry official | CyberScoop
UK and Canadian Regulators Demand Robust Data Protection Amid 23andMe - Infosecurity Magazine
Former CISA head slams Trump for 'dangerously degrading' US cyber defences | Cybernews
Signalgate: Security culture? America's screwed • The Register
House passes bill to study routers’ national security risks | CyberScoop
FBI steps in amid rash of politically charged swattings • The Register
8 in 10 Brits support biometrics, personal data collection for national security | Biometric Update
The risks of standing down: Why halting US cyber ops against Russia erodes deterrence | CSO Online
CVE board 'kept in the dark' on funding, members say • The Register
Models, Frameworks and Standards
Will UK Cyber Reforms Keep Step with NIS2? | DLA Piper - JDSupra
Forthcoming NIST profile to address growing AI-cyber challenges - Nextgov/FCW
MoD publishes Secure by Design problem book to bolster cyber resilience | UKAuthority
Backup and Recovery
Commvault says recent breach didn't impact customer backup data
Data Protection
UK and Canadian Regulators Demand Robust Data Protection Amid 23andMe - Infosecurity Magazine
Law Enforcement Action and Take Downs
Ex-Disney employee gets three years in prison for menu hacks • The Register
Europol Creates “Violence-as-a-Service” Taskforce - Infosecurity Magazine
Leaders of 764, global child sextortion group, arrested and charged | CyberScoop
Law Enforcement Can Break 77% Of ‘Three Random Word’ Passwords
Misinformation, Disinformation and Propaganda
Claude AI Exploited to Operate 100+ Fake Political Personas in Global Influence Campaign
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
China
China is America's No.1 cyber threat and the US must react • The Register
House passes bill to study routers’ national security risks | CyberScoop
Chinese Hacking Competitions Fuel the Country’s Broad Cyber Ambitions - Bloomberg
China's Secret Weapon? How EV Batteries Could Be Weaponized to Disrupt America - SecurityWeek
Chinese APT's Adversary-in-the-Middle Tool Dissected - SecurityWeek
How Space Force Plans To Protect The US From Chinese & Russian Spy Satellites
Tariffs could slow replacement of telecom networks, according to industry official | CyberScoop
South Korea says DeepSeek transferred user data, prompts without consent | Reuters
Russia
Russia-linked group Nebulous Mantis targets NATO-related defence organisations
France ties Russian APT28 hackers to 12 cyber attacks on French orgs
Putin's Attacks on Ukraine Rise 70%, With Little Effect
Trump cuts US cyber aid to Ukraine, opening doors to Russian attacks | Cryptopolitan
How Space Force Plans To Protect The US From Chinese & Russian Spy Satellites
The risks of standing down: Why halting US cyber ops against Russia erodes deterrence | CSO Online
Pro-Russian hackers strike Dutch municipalities with coordinated DDoS attack | NL Times
Poland’s state registry temporarily blocked by cyber incident | The Record from Recorded Future News
Large-Scale Phishing Campaigns Target Russia and Ukraine - Infosecurity Magazine
DarkWatchman cyber crime malware returns on Russian networks | The Record from Recorded Future News
Hive0117 group targets Russian firms with new variant of DarkWatchman malware
Iran
North Korea
North Koreans Still Working Hard to Take Your IT Job: 'Any Organisation Is a Target' | PCMag
There's one question that stumps North Korean fake workers • The Register
North Korean operatives have infiltrated hundreds of Fortune 500 companies | CyberScoop
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Dropbox, OneDrive Abused In Massive Southeast Asia Cyber-Espionage Operation
Tools and Controls
No longer optional: Cyber risk oversight for boards | American Banker
Why cyber resilience must be part of every organisation's DNA - Help Net Security
Over 90% of Cyber Security Leaders Worldwide Encountered Cyber Attacks Targeting Cloud Environments
Identity and Access Management (IAM) - The CISO’s Core Focus in Modern Cyber Security
How Organisations Can Leverage Cyber Insurance Effectively
How the hybrid work boom reshapes corporate security | TechRadar
SentinelOne says security vendors are under attack | Cybernews
The CISO’s Guide to Managing Cyber Risk in Hybrid Workplaces
CISOs should re-consider using Microsoft RDP due to password flaw, says expert | CSO Online
CISOs Take Note: Is Needless Cyber Security Strangling Your Business?
What is a Risk Map (Risk Heat Map)? | Definition from TechTarget
How CISOs Can Leverage Threat Intelligence to Stay Proactive
Why CISOs Are Key to Integrating ESG and Cyber Security - Cyber Security News
Commvault says recent breach didn't impact customer backup data
The Hidden Risks of Over-Relying on AI in Cyber Security | MSSP Alert
21 million employee screenshots leaked in bossware breach blunder
Cloud Security Essentials - CISO Resource Toolkit
Employee monitoring app exposes 21M work screens | Cybernews
USAID decides not to collect former workers’ abandoned devices | The Verge
End users can code with AI, but IT must be wary | TechTarget
CIOs Say Security Systems Not Delivering Value For Money, Too Complex To Manage - IT Security Guru
MoD publishes Secure by Design problem book to bolster cyber resilience | UKAuthority
Other News
Why SMEs can no longer afford to ignore cyber risk - Help Net Security
Enterprises Need to Beware of These 5 Threats
Cyber security vendors are themselves under attack by hackers, SentinelOne says | CyberScoop
You're Probably Not Taking Cyber Security Seriously Enough - Above the Law
Study: 90% of bankers see need to increase spending on cyber security
Cyber Security in the UK - House of Commons Library
The 3 biggest cyber security threats to small businesses | Malwarebytes
Cyber defenders need to remember their adversaries are human, says Trellix research head | IT Pro
European Council: No cyber attack in Spain-Portugal blackout - Shafaq News
Getting Physical with Cyber Security - Security Boulevard
7 network security myths that make you less secure
How working from home made Britain vulnerable to cyber attackers
It’s Time to Prioritize Cyber Security Education - Security Boulevard
Cyber Threats Loom Large Over US Space Systems, Warns Pentagon Official - ClearanceJobs
Just 60 Seconds From Attacked To Hacked — The Speed Of Cyber Crime
How to Strengthen Cyber Security in Public Safety and Prevent Downtime
The threats to Britain’s food security can no longer be downplayed
A Windows security developer says this is the biggest threat to your PC | PCWorld
Vulnerability Management
Most critical vulnerabilities aren't worth your attention - Help Net Security
Hackers exploited 75 zero-days last year – Google | Cybernews
44% of the zero-days exploited in 2024 were in enterprise solutions - Help Net Security
Google: Governments are using zero-day hacks more than ever - Ars Technica
How Breaches Start: Breaking Down 5 Real Vulns
CVE board 'kept in the dark' on funding, members say • The Register
Solana DeFi protocol Loopscale hit with $5.8 million exploit two weeks after launch | The Block
CIOs Say Security Systems Not Delivering Value For Money, Too Complex To Manage - IT Security Guru
Vulnerabilities
Google Issues Emergency Chrome Security Update — Act Now
Experts forecast Ivanti VPN attacks as endpoint scans surge • The Register
SAP fixes suspected Netweaver zero-day exploited in attacks
Chrome 136, Firefox 138 Patch High-Severity Vulnerabilities - SecurityWeek
SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models
Airplay-enabled devices open to attack via "AirBorne" vulnerabilities - Help Net Security
CISOs should re-consider using Microsoft RDP due to password flaw, says expert | CSO Online
Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised
Craft CMS RCE exploit chain used in zero-day attacks to steal data
Coinbase fixes 2FA log error making people think they were hacked
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 25 April 2025
Black Arrow Cyber Threat Intelligence Briefing 25 April 2025:
-Cyber Security Is Now Critical for Business Growth, CEOs Say
-Cyber Threats Now a Daily Reality for One in Three Businesses
-66% of CISOs Are Worried Cyber Security Threats Surpass Their Defences
-M&S: Shares at FTSE 100 Retailer Fall as Cyber Attack Hits Customers
-Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks
-Cyber Attacks Surged in 2025, with Third Party Attacks Seeing a Huge Rise
-Nation-State Threats Put SMBs in Their Sights
-Global Firms Succumb to Ransomware: 86% Pay Up Despite Having Advanced Backup Tools
-Dutch Intelligence Report: Russia’s Sabotage in Europe Borders on State Terrorism
-Cyber Crime Syndicates Expand Beyond Southeast Asia, UN Warns of Global Threat
-159 Vulnerabilities Exploited in Q1 2025 — 28% Within 24 Hours of Disclosure
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Exec Summary
Black Arrow Cyber’s review of specialist and general media has observed a significant shift in executive mindsets, with cyber security now seen as essential to business growth, not just a defensive measure. This includes reports of CEOs increasingly recognising the strategic value of robust security practices, particularly amid rising concerns over AI-driven threats. However, there remains a concerning gap between CISOs and the wider C-suite regarding the severity of risks, underlining the need for stronger alignment at leadership level.
This week’s reporting also highlights that cyber threats have become a daily operational reality, with small and medium-sized businesses bearing a disproportionate share of ransomware and nation-state attacks. Third-party vulnerabilities and supply chain compromises are escalating rapidly, exposing organisations to breaches through trusted partners. Black Arrow Cyber believes this growing complexity demands that businesses urgently reassess their resilience strategies and third-party risk management.
Finally, we note that ransomware attacks continue to overwhelm organisations, with high ransom payment rates despite advanced backup tools. Rapid exploitation of newly disclosed vulnerabilities, particularly in widely used systems, further compounds the threat landscape. Black Arrow believes that operational readiness, strong identity management, and swift vulnerability patching are now critical pillars for cyber resilience.
Top Cyber Stories of the Last Week
Cyber Security Is Now Critical for Business Growth, CEOs Say
A Gartner study has found that 85% of CEOs now view cyber security as critical to business growth in today’s digital and connected world. Three in five (61%) are concerned about cyber security threats, particularly with the rise of artificial intelligence influencing the threat landscape. The report highlights a shift in risk thresholds and underlines that cyber security has become a core business priority rather than simply a protective measure. CEOs are urged to champion the role of security leaders, while security leaders must demonstrate how effective cyber security strategies can safeguard assets and drive strategic growth.
Cyber Threats Now a Daily Reality for One in Three Businesses
FIS and Oxford Economics report that one in three businesses face daily cyber threats, 74% encounter critical incidents monthly and 88% of leaders cited cyber threats as a major disruption. Despite prioritising fraud risk management, over half of firms were dissatisfied with their fraud response plans, and nearly half do not regularly train employees on fraud and cyber awareness, leaving them exposed to greater risk.
66% of CISOs Are Worried Cyber Security Threats Surpass Their Defences
EY has found a growing disconnect between CISOs and the wider C-suite when it comes to cyber security threats. Two-thirds of CISOs fear threats now surpass their defences, compared to just over half of their C-suite peers. The report highlights that CISOs are more concerned than the rest of the C-suite about senior leaders at their organisation underestimating the dangers of cybersecurity threats (68% vs. 57%) and note a higher incidence of attacks from both cyber criminals and insider threats. Encouragingly, 75% of CISOs reported fewer incidents following investment in AI. C-suite leaders expect cyber security budgets to double next year, from 21% to 38% of total IT spend.
M&S: Shares at FTSE 100 Retailer Fall as Cyber Attack Hits Customers
Marks & Spencer (M&S) has confirmed it is managing a cyber attack that has disrupted contactless payments and forced the retailer to stop taking online orders amid a payments meltdown. As a result, shares have fallen by more than 4%. While stores remain open, M&S has temporarily moved some operations offline to protect customers and partners. Online orders have been suspended, but cash payments are still being accepted. The retailer is working with industry experts to restore full services and minimise further disruption.
Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks
Verizon’s latest Data Breach Investigations Report (DBIR) highlights that small businesses are bearing the brunt of ransomware attacks, with extortion malware found in 88% of breaches compared to 39% at larger firms. Ransomware was involved in 44% of all breaches, a 37% rise from the previous year with attack volumes increasing globally. State-sponsored actors are also increasingly deploying ransomware, with financial motives present in 28% of their incidents. Industries such as administration, wholesale trade, and transportation remain key targets for financially motivated cyber attacks.
Cyber Attacks Surged in 2025, with Third Party Attacks Seeing a Huge Rise
Verizon’s latest Data Breach Investigations Report also found that third-party involvement in cyber attacks has doubled, now featuring in 30% of cases. Based on over 22,000 security incidents and 12,195 confirmed data breaches, the research highlights a sharp rise in supply chain and partner ecosystem compromises. Cyber criminals increasingly target open-source code repositories to push malicious updates or impersonate legitimate software packages. The findings underline the growing risk third parties pose to organisations’ cyber security, with trust in external partners becoming a significant vulnerability.
Nation-State Threats Put SMBs in Their Sights
Nation-state cyber threat groups are increasingly targeting small and medium-sized businesses (SMBs), particularly those linked to larger organisations. Broadcom warns that most nation-state attacks now impact the private sector and midmarket firms, with identity providers among common targets. Many SMBs remain unaware of their role in the broader supply chain, making them attractive entry points. Nation-state actors are also seen moonlighting, switching between espionage and financially motivated cyber attacks. Experts stress that SMBs must strengthen their cyber defences, as they face the same sophisticated threats once reserved for larger enterprises.
Global Firms Succumb to Ransomware: 86% Pay Up Despite Having Advanced Backup Tools
Rubrik’s latest research shows that 86% of global organisations paid ransom demands last year, despite having access to advanced backup tools. The report highlights that 74% of firms experienced partial compromise of their backup systems, with 35% suffering complete compromise, often due to attackers disabling recovery infrastructure before encrypting data. Nearly 80% of breaches were driven by stolen identities, particularly exploiting legacy systems like Active Directory. Average ransom payments globally are around $479,000. The findings stress that true resilience requires not just technology, but operational readiness and leadership commitment to recovery preparedness.
Dutch Intelligence Report: Russia’s Sabotage in Europe Borders on State Terrorism
The Dutch Intelligence services (AIVD) have reported a sharp rise in Russian aggression across Europe in 2024, including espionage, cyber attacks, and disinformation campaigns described as bordering on state terrorism. A Dutch public facility was targeted by Russian hackers, and overall national threats increased, with 73 official reports issued - up from 56 in 2023. The report also flagged escalating extremist threats, including right-wing and jihadist violence, some involving very young individuals. China was identified as another major threat, targeting Dutch military research and supplying military goods to Russia. The AIVD warned that international conflicts are increasingly fuelling domestic instability.
Cyber Crime Syndicates Expand Beyond Southeast Asia, UN Warns of Global Threat
The United Nations has warned that cybercrime syndicates originating in Southeast Asia are now operating on a global scale, generating billions in scam profits each year. Despite law enforcement crackdowns, these groups have expanded into Africa, South America, and South Asia, moving operations to regions with weak governance. The UN reports that these networks use online platforms and cryptocurrency to scale operations, targeting victims in over 50 countries. In 2023 alone, the US reported losses of over $5.6 billion to cryptocurrency scams. Without international collaboration, the scale and impact of cyber fraud will continue to escalate.
159 Vulnerabilities Exploited in Q1 2025 — 28% Within 24 Hours of Disclosure
VulnCheck has reported that 159 vulnerabilities were exploited in the first quarter of 2025, with 28% targeted within just one day of disclosure. Most affected systems were content management platforms, network edge devices, and operating systems. Microsoft Windows, Broadcom VMware, and TOTOLINK routers were among the most impacted products. Verizon’s 2025 Data Breach Investigations Report noted a 34% rise in breaches initiated through vulnerability exploitation, now accounting for 20% of all incidents.
Sources:
https://www.techradar.com/pro/security/cybersecurity-is-now-critical-for-business-growth-ceos-say
https://www.helpnetsecurity.com/2025/04/21/businesses-fraud-consequence/
https://www.cityam.com/ms-shares-at-ftse-100-retailer-fall-as-cyber-attack-hits-customers/
https://www.infosecurity-magazine.com/news/verizon-dbir-smb-ransomware-attacks/
https://www.darkreading.com/threat-intelligence/nation-state-threats-smb
https://thehackernews.com/2025/04/159-cves-exploited-in-q1-2025-283.html
Governance, Risk and Compliance
66% of CISOs are worried cyber security threats surpass their defenses | Security Magazine
The Role of Threat Intelligence in Proactive Defense
Compliance weighs heavily on security and GRC teams - Help Net Security
Cyber threats now a daily reality for one in three businesses - Help Net Security
Cyber security is now critical for business growth, CEOs say | TechRadar
Cybersecurity Metrics That Matter for Board-Level Reporting
Cybersecurity Controls: What Do Regulators Expect Nowadays? | Alston & Bird - JDSupra
Why CISOs and CTOs Must Collaborate More Than Ever in Today’s Security Landscape
Nine of 10 global firms hit by cyber attacks – report | Insurance Business America
Exclusive: Small businesses under-prepared amid restructuring push
Businesses Failing to Prevent Cyber Attacks, Says Report
The C-suite gap that's putting your company at risk - Help Net Security
Veeam Report Finds Close to 70% of Organizations Still Under Cyber-Attack Despite Improved Defenses
Enterprises change how they manage cyber risk
From Reactive to Predictive - The Next Frontier for Security Leaders
Staying Ahead of Cyber Threats with Cyber Resilience | Dell USA
Beyond Compliance - How VPs of Security Drive Strategic Cybersecurity Initiatives
Not if, but when -- Why every organization needs a cyber resilience strategy
Threats
Ransomware, Extortion and Destructive Attacks
Verizon discovers spike in ransomware and exploited vulnerabilities | CyberScoop
Ransomware, espionage and data breaches? Yep – Verizon just dropped a 117-page thriller - PhoneArena
Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks - Infosecurity Magazine
Could Ransomware Survive Without Cryptocurrency?
Ransomware Gangs Innovate With New Affiliate Models
Global firms succumb to ransomware: 86% pay up despite having advanced backup tools | CSO Online
The Ransomware Business Model: The State of Cyber Crime | Silicon UK Tech News
Ransomware activity trends | Professional Security Magazine
Interlock ransomware gang pushes fake IT tools in ClickFix attacks
Teach young people about ransomware risks before they enter work, expert urges | The Standard
Credential theft outpaces ransomware as cyber threat landscape evolves, report claims
Ransomware Gang Takes Page From Elon's 'What Did You Do This Week' DOGE Emails
Ransomware the most pervasive threat to US critical infrastructure in 2024, says FBI | CSO Online
Emulating the Hellish Helldown Ransomware - Security Boulevard
What is Ransomware? Definition and Complete Guide | Informa TechTarget
Ransomware Victims
Ransomware Gang Claims Attack On Manchester Credit Union
3 More Healthcare Orgs Hit by Ransomware Attacks
Interlock ransomware claims DaVita attack, leaks stolen data
M&S takes systems offline as 'cyber incident' lingers • The Register (unconfirmed)
Money blog: M&S forced to stop taking online orders amid payment meltdown | Money News | Sky News (unconfirmed)
Phishing & Email Based Attacks
Emails delivering infostealers rose by 84% year-over-year | Security Magazine
The dark side of YouTube: Malicious links, phishing, and deepfakes - Help Net Security
Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals
Windows NTLM Hash Flaw Targeted in Global Phishing Attacks | MSSP Alert
Beware, hackers can apparently now send phishing emails from “no-reply@google.com” | TechRadar
Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows | Volexity
Pope Francis’ Passing Triggers Surge Of Phishing, SEO Poisoning, And Fake Images
A new kind of phishing attack is fooling Gmail’s security. Here’s how it works | Laptop Mag
DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
Cover-Up Culture? 95% of Phishing Attacks Go Unreported in Healthcare, New Paubox Report Reveals
Who needs phishing when your login's already in the wild? • The Register
Business Email Compromise (BEC)/Email Account Compromise (EAC)
FBI: Cybercrime cost victims 'staggering' $16.6B last year • The Register
Other Social Engineering
Cyber criminals blend AI and social engineering to bypass detection - Help Net Security
The dark side of YouTube: Malicious links, phishing, and deepfakes - Help Net Security
State-sponsored hackers embrace ClickFix social engineering tactic
'Elusive Comet' Attackers Use Zoom to Swindle Victims
Deepfake Impersonations: Your CEO’s Voice as a Threat Vector | MSSP Alert
State-sponsored actors spotted using ClickFix hacking tool developed by criminals | TechRadar
Pope Francis’ Passing Triggers Surge Of Phishing, SEO Poisoning, And Fake Images
North Korean Operatives Use Deepfakes in IT Job Interviews
Fraud, Scams and Financial Crime
FBI: Cyber Crime cost victims 'staggering' $16.6B last year • The Register
Deepfake Impersonations: Your CEO’s Voice as a Threat Vector | MSSP Alert
$40bn Southeast Asian Scam Sector Growing “Like a Cancer” - Infosecurity Magazine
Attackers, Defenders Lean on AI in Identity Fraud Battle
'Elusive Comet' Attackers Use Zoom to Swindle Victims
Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms' sites
WordPress ad-fraud plugins generated 1.4 billion ad requests per day
“Scallywag” Scheme Monetizing Piracy Through Browser Extensions
Pope Francis’ Passing Triggers Surge Of Phishing, SEO Poisoning, And Fake Images
Microsoft warns users about AI-Driven scams that target Quick Assist - gHacks Tech News
This Android malware drains cards with a single tap | Cybernews
UK Romance Scams Spike 20% as Online Dating Grows - Infosecurity Magazine
The Evolution of Cyber Crime: How to Stay Safe from AI-Driven Fraud | StoneTurn - JDSupra
Microsoft warns of AI-powered scam surge
The Cyber Criminals Who Organized a $243 Million Crypto Heist - The New York Times
Scammers Are Impersonating the FBI. Here's How To Spot Them - CNET
Artificial Intelligence
Cyber criminals blend AI and social engineering to bypass detection - Help Net Security
Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals
Bot Traffic Surpasses Humans Online—Driven by AI and Criminal Innovation - SecurityWeek
DeepSeek Breach Opens Floodgates to Dark Web
The AI market does not understand AI safety | TechTarget
Rethinking Resilience for the Age of AI-Driven Cyber Crime - Infosecurity Magazine
Attackers, Defenders Lean on AI in Identity Fraud Battle
Why CISOs are watching the GenAI supply chain shift closely - Help Net Security
Microsoft warns users about AI-Driven scams that target Quick Assist - gHacks Tech News
Identity is under siege as AI and cyber exploits evolve and outpace defenses | Biometric Update
The Evolution of Cyber Crime: How to Stay Safe from AI-Driven Fraud | StoneTurn - JDSupra
Microsoft warns of AI-powered scam surge
Slopsquatting: The worrying AI hallucination bug that could be spreading malware | Tom's Guide
The Shadow AI Surge: Study Finds 50% of Workers Use Unapproved AI Tools - SecurityWeek
Anthropic finds alarming 'emerging trends' in Claude misuse report | ZDNET
2FA/MFA
'SessionShark' ToolKit Evades Microsoft Office 365 MFA
Malware
Emails delivering infostealers rose by 84% year-over-year | Security Magazine
Russian Bulletproof Hosting Provider Proton66 Linked To Global Cyber Attack Surge
Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery
Chinese APT Mustang Panda Debuts 4 New Attack Tools
Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader
The dark side of YouTube: Malicious links, phishing, and deepfakes - Help Net Security
The Zoom attack you didn't see coming - Help Net Security
'Elusive Comet' Attackers Use Zoom to Swindle Victims
Slopsquatting: The worrying AI hallucination bug that could be spreading malware | Tom's Guide
Rootkit bypasses most Linux security detection | Cybernews
Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools
Chinese hackers target Russian govt with upgraded RAT malware
Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign
Korean Telco Giant SK Telecom Hacked - SecurityWeek
Your cat’s microchip could carry malware | Cybernews
Bots/Botnets
Bot Traffic Surpasses Humans Online—Driven by AI and Criminal Innovation - SecurityWeek
Unmasking the Dead Internet: How bots and propaganda hijacked online discourse
Mobile
New Android malware steals your credit cards for NFC relay attacks
Leaking Apps: The Hidden Data Risks On Your Phone
New Android Warning — This TOAD Malware Attack Steals Cash From ATMs
Flexible working models fuel surge in device theft - Help Net Security
Russian army targeted by new Android malware hidden in mapping app
Denial of Service/DoS/DDoS
Dutch payment processor Adyen hit by three DDoS attacks | NL Times
Internet of Things – IoT
Opt out: how to protect your data and privacy if you own a Tesla | Tesla | The Guardian
Data Breaches/Leaks
Thousands of UK users of Vinted, Candy Crush and Tinder were hit in global hack
DeepSeek Breach Opens Floodgates to Dark Web
US Data Breach Victim Count Surges 26% Annually - Infosecurity Magazine
Data breach class action costs mount up | Computer Weekly
CISA Weighs In on Alleged Oracle Cloud Breach
3 More Healthcare Orgs Hit by Ransomware Attacks
5.5 Million Patients Affected by Data Breach at Yale New Haven Health - SecurityWeek
Blue Shield shared 4.7M people's health info with Google Ads • The Register
Hackers claim TikTok breach, 927,000 passwords might hit the internet | Cybernews
Korean Telco Giant SK Telecom Hacked - SecurityWeek
Organised Crime & Criminal Actors
Russian Bulletproof Hosting Provider Proton66 Linked To Global Cyberattack Surge
Cyber Crime Syndicates Expand Globally From Southeast Asia: UN
Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery
$40bn Southeast Asian Scam Sector Growing “Like a Cancer” - Infosecurity Magazine
Russian Infrastructure Plays Crucial Role in North Korean Cyber Crime Operations | Trend Micro (US)
Hacking groups are now increasingly in it for the money, not the chaos | TechRadar
When confusion becomes a weapon: How cyber criminals exploit economic turmoil - Help Net Security
The Evolution of Cyber Crime: How to Stay Safe from AI-Driven Fraud | StoneTurn - JDSupra
Microsoft warns of AI-powered scam surge
Scattered Spider Hacking Suspect Extradited to US From Spain
'Cyber crime ranks as No 1 risk in SA, overtaking long-standing issues': expert
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
More Than a Quarter of Bybit's Hacked Crypto Is Now Untraceable
Could Ransomware Survive Without Cryptocurrency?
The Cybercriminals Who Organized a $243 Million Crypto Heist - The New York Times
DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
Web3, cryptocurrency sectors targeted by North Korean hackers | SC Media
North Korean cyber spies created U.S. firms to dupe crypto developers | Reuters
Insider Risk and Insider Threats
Teach young people about ransomware risks before they enter work, expert urges | The Standard
The Foundations of a Resilient Cyber Workforce
Supply Chain and Third Parties
Cyber attacks surged in 2025, with third party attacks seeing a huge rise | TechRadar
Security snafus caused by third parties up from 15% to 30% • The Register
Why CISOs are watching the GenAI supply chain shift closely - Help Net Security
Cloud/SaaS
Microsoft Purges Millions of Cloud Tenants After Storm-0558
Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows | Volexity
Enterprises are facing a ‘cloud security crisis’ | IT Pro
Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts
'SessionShark' ToolKit Evades Microsoft Office 365 MFA
Widespread Microsoft Entra lockouts tied to new security feature rollout
CISA Weighs In on Alleged Oracle Cloud Breach
Outages
Widespread Microsoft Entra lockouts tied to new security feature rollout
Wait, how did a decentralized service like Bluesky go down? | TechCrunch
Identity and Access Management
Identity is under siege as AI and cyber exploits evolve and outpace defenses | Biometric Update
Widespread Microsoft Entra lockouts tied to new security feature rollout
Encryption
Hackers Weaponizing Certificates & Stolen Private Keys to Infiltrate Organizations
New Android Warning — This TOAD Malware Attack Steals Cash From ATMs
Telegram vows to exit markets over encryption backdoor demands
Linux and Open Source
Open Source and Container Security Are Fundamentally Broken - The New Stack
Rootkit bypasses most Linux security detection | Cybernews
Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools
Passwords, Credential Stuffing & Brute Force Attacks
Credential theft outpaces ransomware as cyber threat landscape evolves, report claims
Vulnerability Exploitation and Credential Theft Now Top Initial Access - Infosecurity Magazine
Who needs phishing when your login's already in the wild? • The Register
7 Steps to Take After a Credential-Based cyberattack
Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials
Social Media
The dark side of YouTube: Malicious links, phishing, and deepfakes - Help Net Security
Wait, how did a decentralized service like Bluesky go down? | TechCrunch
LinkedIn adds new verification tool to ensure security across the internet | TechRadar
Hackers claim TikTok breach, 927,000 passwords might hit the internet | Cybernews
Training, Education and Awareness
Teach young people about ransomware risks before they enter work, expert urges | The Standard
The Foundations of a Resilient Cyber Workforce
Regulations, Fines and Legislation
Compliance weighs heavily on security and GRC teams - Help Net Security
Cyber Security Controls: What Do Regulators Expect Nowadays? | Alston & Bird - JDSupra
Challenges persist as UK’s Cyber Security and Resilience Bill moves forward | Computer Weekly
Assessing The Impact Of The UK's Proposed Cyber Resilience Bill
EU Bolsters Cybersecurity With NIS2 Directive
Governance code of practice | Professional Security Magazine
The Wiretap: Trump’s Cyber Security Agency Avoided A Near Disaster
US cyber defences are being dismantled from the inside • The Register
Holyrood | Ofcom closes legal loophole that allowed criminals to track your location
Leasing of Global Titles banned | Professional Security Magazine
The splintering of a standard bug tracking system has begun • The Register
Why the MITRE CVE Database Scare Proves Multi-Source Vulnerability Intelligence Is Essential
Bill introduced to extend the Cybersecurity Information Sharing Act | Security Magazine
Two top cyber officials resign from CISA | The Record from Recorded Future News
2025 State Cybersecurity Legislation Focuses on Financial Services | Alston & Bird - JDSupra
Zambia's Updated Cyber Laws Prompt Surveillance Warnings
Top intelligence lawmaker fears China may exploit DOGE’s changes to government - Nextgov/FCW
Telegram vows to exit markets over encryption backdoor demands
Models, Frameworks and Standards
Assessing The Impact Of The UK's Proposed Cyber Resilience Bill
EU Bolsters Cybersecurity With NIS2 Directive
Governance code of practice | Professional Security Magazine
MITRE Launches New D3FEND CAD Tool to Create Precise Cybersecurity Scenarios
Mapping The Cyber Kill Chain Using Correlated Security Logs And Timeline Tools
Careers, Working in Cyber and Information Security
Switching to Cyber Security: Advice for Midcareer Professionals
Two ways AI hype is worsening the cyber security skills crisis | CSO Online
Cyber ‘agony aunts’ launch guidebook for women in security | Computer Weekly
Law Enforcement Action and Take Downs
Scattered Spider Hacking Suspect Extradited to US From Spain
Misinformation, Disinformation and Propaganda
Unmasking the Dead Internet: How bots and propaganda hijacked online discourse
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Ransomware, espionage and data breaches? Yep – Verizon just dropped a 117-page thriller - PhoneArena
Dutch intelligence report: Russia’s sabotage in Europe borders on state terrorism | NL Times
Cyber threats target F-35 in new era of military defense risks
The state of cyberwar in Ukraine — and how CISOs can help | CSO Online
Countries shore up digital defenses as tensions raise the threat of cyberwarfare - ABC News
Nation State Actors
Nation-State Threats Put SMBs in Their Sights
State-sponsored actors spotted using ClickFix hacking tool developed by criminals | TechRadar
China
Chinese APT Mustang Panda Debuts 4 New Attack Tools
How Chinese hacking got so good
Chinese Ghost Hackers Hit Hospitals And Factories In America And U.K.
Microsoft Purges Millions of Cloud Tenants After Storm-0558
Chinese hackers target Russian govt with upgraded RAT malware
Earth Kurma APT Campaign Targets Southeast Asian Government Telecom Sectors | Trend Micro (US)
DeepSeek Breach Opens Floodgates to Dark Web
Top intelligence lawmaker fears China may exploit DOGE’s changes to government - Nextgov/FCW
Russia
Dutch intelligence report: Russia’s sabotage in Europe borders on state terrorism | NL Times
State-sponsored hackers embrace ClickFix social engineering tactic
Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations | Trend Micro (US)
Russia is ramping up hybrid attacks against Europe, Dutch intelligence says | Reuters
Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows | Volexity
Dutch Warn of “Whole of Society” Russian Cyber-Threat - Infosecurity Magazine
The state of cyberwar in Ukraine — and how CISOs can help | CSO Online
Russia’s Arming For Space War I, Targeting SpaceX Satellite Systems
Chinese hackers target Russian govt with upgraded RAT malware
Russian Bulletproof Hosting Provider Proton66 Linked To Global Cyberattack Surge
Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery
Trojanized Alpine Quest app geolocates Russian soldiers • The Register
Russian army targeted by new Android malware hidden in mapping app
Iran
Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign
Israel subjected to persistent targeting by Iranian hackers | SC Media
North Korea
Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations | Trend Micro (US)
North Korean Operatives Use Deepfakes in IT Job Interviews
Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan
More Than a Quarter of Bybit's Hacked Crypto Is Now Untraceable
DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
Web3, cryptocurrency sectors targeted by North Korean hackers | SC Media
Lazarus hackers breach six companies in watering hole attacks
North Korean cyber spies created U.S. firms to dupe crypto developers | Reuters
Tools and Controls
66% of CISOs are worried cyber security threats surpass their defenses | Security Magazine
The Role of Threat Intelligence in Proactive Defense
Cyber security Controls: What Do Regulators Expect Nowadays? | Alston & Bird - JDSupra
Cyber security Metrics That Matter for Board-Level Reporting
Enterprises change how they manage cyber risk
What is Risk Exposure in Business? | Definitions from TechTarget
Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials
Chinese APT Mustang Panda Debuts 4 New Attack Tools
Two ways AI hype is worsening the cyber security skills crisis | CSO Online
Rethinking Resilience for the Age of AI-Driven Cybercrime - Infosecurity Magazine
Open Source and Container Security Are Fundamentally Broken - The New Stack
Hackers Weaponizing Certificates & Stolen Private Keys to Infiltrate Organizations
Digital Forensics In 2025: How CSOs Can Lead Effective Investigations
Stronger Cloud Security in Five: How To Protect Your Cloud Workloads - Security Boulevard
Criminals target APIs as web attacks skyrocket globally | IT Pro
Widespread Microsoft Entra lockouts tied to new security feature rollout
7 Steps to Take After a Credential-Based cyberattack
The Foundations of a Resilient Cyber Workforce
From Reactive to Predictive - The Next Frontier for Security Leaders
5 Reasons Device Management Isn't Device Trust
Staying Ahead of Cyber Threats with Cyber Resilience | Dell USA
Not if, but when -- Why every organization needs a cyber resilience strategy
Traditional Networks Are Leaving Organizations Exposed
Coaching AI agents: Why your next security hire might be an algorithm - Help Net Security
Executives think AI can supercharge cyber security teams – analysts aren’t convinced | IT Pro
Exposure validation emerges as critical cyber defense component - Help Net Security
5 Major Concerns With Employees Using The Browser
Microsoft Claims Steady Progress Revamping Security Culture
Cyber Security Indicators: How IOCs, IOBs, and IOAs Empower Threat Detection and Prevention
Mapping The Cyber Kill Chain Using Correlated Security Logs And Timeline Tools
MITRE Launches New D3FEND CAD Tool to Create Precise Cybersecurity Scenarios
Reports Published in the Last Week
Other News
66% of CISOs are worried cybersecurity threats surpass their defenses | Security Magazine
Cyber threats now a daily reality for one in three businesses - Help Net Security
UK utility cyberattacks rose 586% from 2022 to 2023 | Security Magazine
Nine of 10 global firms hit by cyber attacks – report | Insurance Business America
Cyber in financial services study | Professional Security Magazine
The Biggest Security Risks With Public Wi-Fi | HuffPost Life
Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks - Infosecurity Magazine
A new era of cyber threats is approaching for the energy sector - Help Net Security
New KnowBe4 Report Exposes Critical Cyber Threats in European Energy Sector
Why cyber security matters for small and medium-sized businesses – Computerworld
Exclusive: Small businesses under-prepared amid restructuring push
Adversary-in-the-Middle Attacks Persist – Strategies to Lessen the Impact - Security Boulevard
Two-thirds of cops find NATO summit in The Hague irresponsible | NL Times
Cyber threats escalate against energy sector | SC Media
Understanding 2024 cyber attack trends - Help Net Security
Microsoft Claims Steady Progress Revamping Security Culture
5 Most Common Security Attack Methods in 2024: Mandiant’s M-Trends Report
Cyber attacks Soar 47% Globally – Attacks On Education Increase By 73%
What school IT admins are up against, and how to help them win - Help Net Security
Cyber security in 2025- Real-World Threats and Lessons Learned
Is the automotive industry on the cusp of a cyber war? | Automotive World
Phishing Attacks Lead to Theft in the Shipping Industry | Manufacturing.net
Are maritime hackers pushing at an open door? - Ship Technology
Vulnerability Management
159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure
Enterprises change how they manage cyber risk
Microsoft Security Vulnerabilities Set Record High in 2024: BeyondTrust
Vulnerability Exploitation and Credential Theft Now Top Initial Access - Infosecurity Magazine
Attackers hit security device defects hard in 2024 | CyberScoop
Businesses Failing to Prevent Cyber Attacks, Says Report
Verizon's DBIR Reveals 34% Jump in Vulnerability Exploitation - Infosecurity Magazine
The Wiretap: Trump’s Cyber Security Agency Avoided A Near Disaster
Open Source and Container Security Are Fundamentally Broken - The New Stack
The splintering of a standard bug tracking system has begun • The Register
Exposed and unaware: The state of enterprise security in 2025 - Help Net Security
Why the MITRE CVE Database Scare Proves Multi-Source Vulnerability Intelligence Is Essential
Vulnerabilities
Cisco Webex bug lets hackers gain code execution via meeting links
SonicWall SMA VPN devices targeted in attacks since January
Windows NTLM Hash Flaw Targeted in Global Phishing Attacks | MSSP Alert
Eight days from patch to exploitation for Microsoft flaw • The Register
Apple Zero Days Under 'Sophisticated Attack,' but Details Lacking
Rootkit bypasses most Linux security detection | Cybernews
Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools
Zyxel RCE Vulnerability Allows Arbitrary Query Execution Without any Authentication
Highest-Risk Security Flaw Found in Commvault Backup Solutions - Infosecurity Magazine
Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) - Help Net Security
VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025 | CyberScoop
TP-Link Router Vulnerabilities Let Attackers Inject Malicious SQL Commands
Patch Now: NVIDIA Flaws Expose AI Models, Critical Infrastructure
ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 18 April 2025
Black Arrow Cyber Threat Intelligence Briefing 18 April 2025:
-Fraud in Your Inbox: Email Is Still the Weakest Link
-Firm Fined After Stolen Client Details Leaked onto Dark Web
-Financial Fraud, with a Third-Party Twist, Dominates Cyber Claims
-Cyber Risks in M&A: When Companies Merge, So Do Their Cyber Threats
-CISOs Turn to Cyber Risk Quantification to Bridge the Gap Between Security and Business
-UK Financial Services Under Pressure from Cyber Security Challenges and Mounting Regulatory Requirements
-Organisations Can’t Afford to Be Non-Compliant
-C-Suite Divides on Cyber Security Threats Pose Organisational Risks, Study Finds
-Cyber Security Threats and Geopolitical Risks Top Business Travel Concerns
-Rising Cyber Threats Fuel 12.2% Growth in Global Cyber Security Spending
-Understanding Credential Stuffing: A Growing Cyber Security Threat
-30% of Charities Experienced Cyber Security Breaches or Attacks Last Year
-The UK’s Phone Theft Crisis Is a Wake-Up Call for Digital Security
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Exec Summary
Black Arrow’s look at threat intelligence from the last week highlights that email-based fraud is still rampant, accounting for 83% of financial fraud claims, highlighting how easily employees can be deceived by impersonation and AI-generated scams. Similarly, credential stuffing and phishing campaigns persistently exploit insufficient password practices and user behaviour, with financial and insurance firms reporting average losses of over $500,000 per incident.
We report on the reprimand and fine imposed by the UK’s information security authority, the ICO, on a law firm with Cyber Essentials that had failed to prevent a breach of its systems that resulted in significant data loss. Other insights include the risks posed by third parties, mergers, and even basic mobile device theft. These underscore the need for tighter internal controls, stronger governance, and proactive risk assessments.
That risk assessment should include Cyber Risk Quantification which, as we report, is increasingly used to align cyber priorities with financial goals. As regulatory pressures mount and geopolitical tensions rise, Black Arrow recommends embedding cyber risk assessment and management into board-level strategy to enable a justified investment in long-term cyber resilience to withstand the evolving threat landscape.
Top Cyber Stories of the Last Week
Fraud in Your Inbox: Email Is Still the Weakest Link
At-Bay’s latest report reveals that 83% of financial fraud claims originate from email-based attacks, with tactics such as executive impersonation and AI-generated scams increasingly used to deceive employees. Email remains the weakest link, particularly for mid-sized firms. Financial and insurance sectors reported average losses exceeding $500,000 per incident. As a result, cyber insurers are now demanding stronger controls such as multifactor authentication and email security protocols before issuing cover. The findings highlight a growing need to tackle human error and social engineering in everyday digital communication.
Firm Fined After Stolen Client Details Leaked onto Dark Web
DPP Law Ltd has been fined £60,000 following a cyber attack in which over 32GB of sensitive client data, including court files and police bodycam footage, was stolen and leaked on the dark web. The Information Commissioner’s Office found significant lapses in the firm’s cyber security, including failure to report the breach within the required 72 hours and reliance on an outdated administrator account with full access rights. Despite being certified under Cyber Essentials, DPP was found to lack sufficient internal IT oversight, highlighting the ongoing risk of relying solely on third-party providers without conducting proper risk assessments.
Financial Fraud, with a Third-Party Twist, Dominates Cyber Claims
Cyber insurers report that financial fraud, often sparked by phishing and third-party breaches, was the most frequent cause of claims in 2024, while ransomware remained the costliest. Claims rose by 16% overall. Attacks linked to third parties surged, with indirect ransomware claims rising 72% to $241,000 per incident. One insurer found third-party breaches drove nearly a third of all claims. Experts stress that organisations must now treat third-party risk as their own, investing in visibility, detection tools, and security partnerships to stay ahead in an increasingly interconnected threat landscape.
Cyber Risks in M&A: When Companies Merge, So Do Their Cyber Threats
Mergers and acquisitions bring growth opportunities but also expose firms to significant cyber security risks. Inherited vulnerabilities, misaligned systems, and inconsistent compliance standards are common challenges, particularly in cross-border deals. Over 150 small business assessments revealed most operate below the ‘cyber poverty line’, lacking basic controls like asset inventories and incident response plans. Experts stress that cultural mismatches, not just technical gaps, pose the greatest risk. Successful integration demands early due diligence, strong identity and access management, and a collaborative approach to governance and risk alignment, with CISOs playing a central role in bridging operational differences and building long-term resilience.
CISOs Turn to Cyber Risk Quantification to Bridge the Gap Between Security and Business
CISOs are increasingly adopting Cyber Risk Quantification (CRQ) to help business leaders understand cyber risks in financial terms. By calculating potential monetary losses from cyber incidents, CRQ enables more informed, board-level decision-making. The approach supports alignment between security investments and business objectives, helping organisations prioritise resources based on financial risk tolerance. A recent report highlights that CRQ can show, for example, how a $1 million investment in security controls may reduce expected annual losses by $5 million. As regulatory scrutiny grows, CRQ is proving essential for demonstrating accountability and embedding cyber risk into wider business strategy.
UK Financial Services Under Pressure from Cyber Security Challenges and Mounting Regulatory Requirements
Bridewell’s latest research highlights regulation as both the biggest challenge and key driver of cyber security maturity in UK financial services, with 44% of firms citing compliance as their top concern. Response times to ransomware remain static at over 6.7 hours, while supply chain attacks take nearly 16 hours to resolve. Remote working (39%) and cloud security (35%) continue to pose risks, and AI-powered phishing is now the most feared emerging threat (89%). Despite strong confidence in infrastructure security, over half plan to outsource due to ongoing skills shortages, and 63% expect to increase cyber security investment in the year ahead.
Organisations Can’t Afford to Be Non-Compliant
Secureframe has found that non-compliance can cost organisations up to 2.71 times more than maintaining a proper compliance programme. European regulators alone have issued €4.48 billion in fines across over 2,000 cases, with GDPR violations such as Meta’s €1.2 billion penalty topping the list. In the US, SOX and HIPAA enforcement continues to intensify, with executives facing personal liability and healthcare breaches driving $144.9 million in fines. Failure to comply also threatens contracts and revenue, as seen when Health Net Federal Services paid $11.2 million and lost a key defence contract. Proactive compliance is now essential for risk reduction and resilience.
C-Suite Divides on Cyber Security Threats Pose Organisational Risks, Study Finds
EY’s latest study reveals that 84% of C-suite leaders in the US experienced a cyber security incident in the past three years, with firms seeing an average 1.5% drop in stock price within 90 days of an event. The research highlights a critical disconnect, with CISOs significantly more concerned about threats than their executive peers. Just 21% of leaders currently allocate more than 10% of their IT budget to cyber security, though this is expected to rise to 38% next year. EY urges firms to treat cyber security as a strategic investment, not a cost, to improve resilience and reduce financial risk.
Cyber Security Threats and Geopolitical Risks Top Business Travel Concerns
A recent survey of 500 UK business travellers reveals rising concern around the safety of corporate travel, with nearly half feeling less safe than in the past. Key risks for 2025 include travel disruption (74%), loss of essential items (72%), crime (65%), cyber security threats (62%), and geopolitical instability (59%). Emergency evacuations rose 17% last year, while severe weather disruptions surged by nearly 50%. The findings underscore the need for real-time risk mitigation and tailored support for diverse traveller profiles.
Rising Cyber Threats Fuel 12.2% Growth in Global Cyber Security Spending
Global cyber security spending is set to rise by 12.2% by 2025, reaching $377 billion by 2028, as organisations respond to increasingly sophisticated cyber threats and the rapid uptake of digital technologies. The U.S. and Europe will drive this growth, accounting for 70% of global spend, though the fastest increases are expected in Latin America, Central and Eastern Europe, and the Middle East and Africa. Banking, government, and healthcare will lead investment, while capital markets and life sciences show the sharpest growth. Firms are prioritising proactive security strategies as both a protective measure and long-term competitive advantage.
Understanding Credential Stuffing: A Growing Cyber Security Threat
Credential stuffing is a fast-growing cyber security threat that exploits users’ tendency to reuse passwords. Attackers use stolen credentials and automated tools to test them across websites, often breaching thousands of accounts despite a low success rate. Businesses face average annual losses of $6 million due to fraud, legal action, and customer churn. The attacks are difficult to detect, mimicking legitimate login activity using rotating IPs and global bot networks.
30% of Charities Experienced Cyber Security Breaches or Attacks Last Year
UK Government figures reveal that 30% of UK charities – around 61,000 – experienced a cyber security breach or attack in the past year, with phishing remaining the most common and disruptive threat. Of those affected, 86% faced phishing incidents, while a fifth reported attacks on a weekly basis. Despite this, only 35% have formal cyber security policies, and just 21% of larger charities reviewed immediate supplier risks. While 68% of senior leadership view cyber security as a high priority, board-level expertise remains limited, raising concerns about effective governance and decision-making in this increasingly targeted sector.
The UK’s Phone Theft Crisis Is a Wake-Up Call for Digital Security
Phone theft has surged across the UK, with over 83,000 incidents reported annually and 1,000 stolen phones recovered weekly in London alone. This growing criminal trade, valued at £50 million, is more than a loss of devices: it’s a gateway to financial fraud, identity theft, and corporate data breaches. Thieves exploit weak PINs and stored credentials to bypass biometrics, access accounts, and lock out victims. As personal and work data converge on mobile devices, businesses must adopt stricter mobile security controls and user awareness campaigns. This crisis highlights the urgent need for stronger digital hygiene and coordinated action across sectors.
Sources:
https://www.bankinfosecurity.com/fraud-in-your-inbox-email-still-weakest-link-a-27997
https://www.darkreading.com/threat-intelligence/financial-fraud-third-party-cyber-claims
https://www.helpnetsecurity.com/2025/04/16/mergers-and-acquisitions-cybersecurity/
https://cybersecuritynews.com/cyber-risk-quantification/
https://www.helpnetsecurity.com/2025/04/14/regulatory-non-compliance-penalties/
https://www.techmonitor.ai/news/c-suite-divides-cybersecurity-threats-pose-organisational-risks
https://petri.com/businesses-increase-cybersecurity-spending-12-2/
https://www.helpnetsecurity.com/2025/04/18/uk-phone-theft-crisis/
Governance, Risk and Compliance
Organisations can't afford to be non-compliant - Help Net Security
The UK's cyber blindspot lies with its SMBs
The most dangerous time for enterprise security? One month after an acquisition | CSO Online
When companies merge, so do their cyber threats - Help Net Security
C-suite divides on cyber security threats pose organisational risks
Businesses to Increase Cyber Security Spending by 12.2%
Cyber Risk Quantification - Turning Security into Business Language
The Future of GRC - Integrating ESG, Cyber, and Regulatory Risk
Are We Prioritizing the Wrong Security Metrics?
Why 78% of Security Leaders Are Rethinking Their Entire Cyber Strategy in 2025
What boards want and don’t want to hear from cyber security leaders | CSO Online
Cyber Security Leadership in Crisis? CISO Resignations Spike After Major Breaches
Why Every CISO Needs a Crisis Communications Plan in 2025
CISOs Face 2025 Cyber Threats with Shrinking Budgets and High Demands
Cyber threats are inevitable - Is your board ready? - Businessday NG
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware crooks search for 'insurance' 'policy' right away • The Register
Unpacking IABs: The Middlemen Fuelling Ransomware Attacks
More Resilient Organisations Successfully Battled Ransomware in 2024: BakerHostetler
Black Basta-like Microsoft Teams phishing leads to novel backdoor | SC Media
HelloKitty Ransomware Resurafced Targeting Windows, Linux, & ESXi Environments
RansomHouse Ransomware: What You Need To Know | Fortra
The CISO's Guide to Managing Ransomware Threats in 2025
Ransomware Reaches A Record High, But Payouts Are Dwindling | Tripwire
Ransomware Attacks Rose by 126% Attacking Consumer Goods & Services Companies
Ransomware Victims
Cyber Attack Impacting Oregon Environmental Department
Ransomware attack cost IKEA operator in Eastern Europe $23 million
Kidney dialysis firm DaVita hit by weekend ransomware attack
Ransomware Group Claims Hacking of Oregon Regulator After Data Breach Denial - SecurityWeek
Ahold Delhaize confirms data theft after INC ransomware claims attack
Phishing & Email Based Attacks
Fraud in Your Inbox: Email Is Still the Weakest Link
Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft
Tycoon2FA phishing kit targets Microsoft 365 with new tricks
Black Basta-like Microsoft Teams phishing leads to novel backdoor | SC Media
Cozy Bear Strikes Again: Sophisticated Phishing Campaign Hits EU Foreign Ministries
AI Presentation Tool Leveraged in Phishing Attacks
Watch Out for This Sophisticated Phishing Email That Looks Like It's From Google
Other Social Engineering
Cozy Bear Strikes Again: Sophisticated Phishing Campaign Hits EU Foreign Ministries
Russian state hackers target European diplomats — with fake wine-tasting events – POLITICO
Minister’s hacked X account promotes ‘House of Commons cryptocurrency’ scam | The Standard
Fraud, Scams and Financial Crime
Financial Fraud, With a Third-Party Twist, Dominates Cyber Claims
Romance As A Weapon: The New Face Of Cyberattacks
Google blocked over 5 billion ads in 2024 amid rise in AI-powered scams
Microsoft Thwarts $4bn in Fraud Attempts - Infosecurity Magazine
Holyrood Article | UK minister's X account hacked to promote fake cryptocurrency
Man who helped scammers swindle at least £100m from victims is jailed | UK News | Sky News
The Most Dangerous Hackers You’ve Never Heard Of | WIRED
Artificial Intelligence
The quiet data breach hiding in AI workflows - Help Net Security
Google blocked over 5 billion ads in 2024 amid rise in AI-powered scams
AI Presentation Tool Leveraged in Phishing Attacks
Report: Cyber Security, Not AI, Is Top Concern for Businesses
Widely available AI tools signal new era of malicious bot activity - Help Net Security
CISOs Respond to Surge in AI-Powered Attacks with Advanced Defence Strategies
When AI agents go rogue, the fallout hits the enterprise - Help Net Security
Organisations Found to Address Only 21% of GenAI-Related Flaws - Infosecurity Magazine
Comprehensive framework addresses AI cyber threats
10 Bugs Found in Perplexity AI's Chatbot Android App
Meta Resumes EU AI Training Using Public User Data After Regulator Approval
2FA/MFA
Don't just lock your door: MFA alone is not enough in today's cyber security climate | TechRadar
Tycoon2FA phishing kit targets Microsoft 365 with new tricks
Malware
European Companies Infected With New Chinese-Nexus Backdoor
New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms
Cozy Bear Strikes Again: Sophisticated Phishing Campaign Hits EU Foreign Ministries
Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool
DPRK Hackers Exploit LinkedIn to Infect Developers with Infostealers - Infosecurity Magazine
Emulating the Stealthy StrelaStealer Malware - Security Boulevard
Over 16,000 Fortinet devices compromised with symlink backdoor
Midnight Blizzard deploys new GrapeLoader malware in embassy phishing
Paper Werewolf Targets Flash Drives With New Malware
Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT
Bots/Botnets
Widely available AI tools signal new era of malicious bot activity - Help Net Security
Mobile
The UK’s phone theft crisis is a wake-up call for digital security - Help Net Security
5 warning signs that your phone's been hacked - and how to fight back | ZDNET
Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users
‘China Is Everywhere’—Your iPhone, Android Phone Now At Risk
How This Simple Phone Security Boost From Google Could Be Good for Your Business
Building mobile security awareness training for end users | TechTarget
Google adds Android auto-reboot to block forensic data extractions
Your Android phone is getting a new security secret weapon - how it works | ZDNET
10 Bugs Found in Perplexity AI's Chatbot Android App
Internet of Things – IoT
Securing digital products under the Cyber Resilience Act - Help Net Security
Data Breaches/Leaks
From likes to leaks: How social media presence impacts corporate security - Help Net Security
Hacked law firm 'didn't think it was a data breach' – the ICO disagreed | IT Pro
The quiet data breach hiding in AI workflows - Help Net Security
Sector by sector: How data breaches are wrecking bottom lines - Help Net Security
Lessons from the cyber attacks on Brydens Lawyers, Aussie super funds - Lawyers Weekly
Hertz confirms customer info, drivers' licenses stolen in data breach
Govtech giant Conduent confirms client data stolen in January cyberattack
Hertz says personal, sensitive data stolen in Cleo attacks • The Register
Insurance Firm Lemonade Says API Glitch Exposed Some Driver’s License Numbers - SecurityWeek
Landmark Admin now says info on 1.6M people stolen from it • The Register
Western Sydney University discloses security breaches, data leak
Laboratory Services Cooperative data breach impacts 1.6M People
Entertainment venue management firm Legends International disclosed a data breach
Private Jet Hack Surfaces Guide to Serving Elon Musk on Flights
Organised Crime & Criminal Actors
Cyber criminal groups embrace corporate structures to scale, sustain operations - Help Net Security
The Most Dangerous Hackers You’ve Never Heard Of | WIRED
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users
TraderTraitor: The Kings of the Crypto Heist | WIRED
Holyrood Article | UK minister's X account hacked to promote fake cryptocurrency
The Most Dangerous Hackers You’ve Never Heard Of | WIRED
Binance Users Targeted by New Phishing SMS Scam
Insider Risk and Insider Threats
Cyber Security by Design: When Humans Meet Technology
Insurance
Ransomware crooks search for 'insurance' 'policy' right away • The Register
Financial Fraud, With a Third-Party Twist, Dominates Cyber Claims
What insurers should know about today’s cyber threats - Insurance Post
You’re always a target, so it pays to review your cyber security insurance | CSO Online
Supply Chain and Third Parties
Financial Fraud, With a Third-Party Twist, Dominates Cyber Claims
Building Cyber Resilience into Supply Chains | Manufacturing.net
From Third-Party Vendors to US Tariffs: The New Cyber Risks Facing Supply Chains
Govtech giant Conduent confirms client data stolen in January cyber attack
Landmark Admin now says info on 1.6M people stolen from it • The Register
Cloud/SaaS
Microsoft blocks ActiveX by default in Microsoft 365, Office 2024
Black Basta-like Microsoft Teams phishing leads to novel backdoor | SC Media
Identity and Access Management
Identity Attacks Now Comprise a Third of Intrusions - Infosecurity Magazine
Encryption
Why businesses must prepare for a post-quantum future | TechRadar
Government's privacy dispute with Apple 'really strange', expert says
Linux and Open Source
HelloKitty Ransomware Resurafced Targeting Windows, Linux, & ESXi Environments
Chinese espionage group leans on open-source tools to mask intrusions | CyberScoop
Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool
Passwords, Credential Stuffing & Brute Force Attacks
Credential theft escalates as threat actors use stealthier tactics
Understanding Credential Stuffing: A Growing Cyber Security Threat - Security Boulevard
Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft
Identity Attacks Now Comprise a Third of Intrusions - Infosecurity Magazine
Social Media
From likes to leaks: How social media presence impacts corporate security - Help Net Security
Holyrood Article | UK minister's X account hacked to promote fake cryptocurrency
Regulations, Fines and Legislation
Hacked law firm 'didn't think it was a data breach' – the ICO disagreed | IT Pro
ICO fines law firm £60,000 after dark web publishes client data - Legal Futures
Law biz appeals £60K ICO fine over 32 GB digital burglary • The Register
UK: Will UK Cyber Reforms Keep Step with NIS2? | DLA Piper - JDSupra
CVE Program Funding Reinstated—What It Means And What To Do Next
Cutting NIST’s Workforce Threatens American Tech Innovation and Leadership
Pall Mall Process Progresses but Leads to More Questions
Cybersecurity act: European Commission prepares revision | Practical Law
The US almost let the CVE system die - the cyber security world's universal bug tracker | TechSpot
Chris Krebs resigns from SentinelOne to focus on fighting Trump’s executive order | CyberScoop
Zambian cyber-security law: US embassy issues alert - BBC News
CVE Foundation Launched to Ensure the Long-term Vulnerability Tracking
Will politicization of security clearances make US cyber security firms radioactive? | CSO Online
Meta Resumes EU AI Training Using Public User Data After Regulator Approval
Securing digital products under the Cyber Resilience Act - Help Net Security
Models, Frameworks and Standards
UK: Will UK Cyber Reforms Keep Step with NIS2? | DLA Piper - JDSupra
Top Security Frameworks Used by CISOs in 2025
NIST Updates Privacy Framework, Tying It to Recent Cyber Security Guidelines | NIST
Pall Mall Process Progresses but Leads to More Questions
Cyber Security act: European Commission prepares revision | Practical Law
Holyrood | Cutting Through the Framework Fog: Building Real Cyber Resilience in Scotland
Securing digital products under the Cyber Resilience Act - Help Net Security
Data Protection
Hacked law firm 'didn't think it was a data breach' – the ICO disagreed | IT Pro
Law firm fined after hackers leak client files on dark web following cyber attack | Law Gazette
Law biz appeals £60K ICO fine over 32 GB digital burglary • The Register
Careers, Working in Cyber and Information Security
Self-Motivation: The Key to Working in Cyber Security - Infosecurity Magazine
The cyber security job market is complicated: 3 key insights - Security Boulevard
From classrooms to command posts: The cyber education crisis | SC Media
CISOs rethink hiring to emphasize skills over degrees and experience | CSO Online
The Top Company Names for a Cyber Security Résumé - Business Insider
Law Enforcement Action and Take Downs
Man who helped scammers swindle at least £100m from victims is jailed | UK News | Sky News
Met brings leader of fraud platform to justice | Metropolitan Police
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Cyber resilience key to UK defence says Minister
Are they really hacktivists or state-backed goons in masks? • The Register
Nation State Actors
China
China can flick EU 'kill switch' -- Europe mulls cyberattack risk - Nikkei Asia
China admits behind closed doors it was involved in Volt Typhoon attacks | TechRadar
European Companies Infected With New Chinese-Nexus Backdoor
Chinese APT Mustang Panda Updates, Expands Arsenal - SecurityWeek
Chinese APTs Exploit EDR 'Visibility Gap' for Cyber Espionage
Chinese espionage group leans on open-source tools to mask intrusions | CyberScoop
Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool
‘China Is Everywhere’—Your iPhone, Android Phone Now At Risk
Shadow War: US-China Cyber Tensions and the Taiwan Fault Line
Man Helped Chinese Nationals Get Jobs Involving Sensitive US Government Projects - SecurityWeek
Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users
Ransomware gang 'CrazyHunter' Targets Taiwan Orgs
Russia
Cozy Bear Strikes Again: Sophisticated Phishing Campaign Hits EU Foreign Ministries
Possible Russian Hackers Targeted UK Ministry of Defence
Russian state hackers target European diplomats — with fake wine-tasting events – POLITICO
Hacking group Anonymous unleashes huge cyber attack on Russia - World News - LADbible
Gamaredon: The Turncoat Spies Relentlessly Hacking Ukraine | WIRED
Midnight Blizzard deploys new GrapeLoader malware in embassy phishing
Centre Party website under attack on Election Day; suspicions point toward Russia | Yle News | Yle
Paper Werewolf Targets Flash Drives With New Malware
Poland Says Russian Cyberattacks Intensify Ahead of Vote
Iran
CyberAv3ngers: The Iranian Saboteurs Hacking Water and Gas Systems Worldwide | WIRED
North Korea
Are they really hacktivists or state-backed goons in masks? • The Register
TraderTraitor: The Kings of the Crypto Heist | WIRED
DPRK Hackers Exploit LinkedIn to Infect Developers with Infostealers - Infosecurity Magazine
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT
Cyber Threats Against Energy Sector Surge as Global Tensions Mount
Cyber security threats and geopolitical risks top business travel concerns | Travolution
Are they really hacktivists or state-backed goons in masks? • The Register
Hacking group Anonymous unleashes huge cyberattack on Russia - World News - LADbible
Tools and Controls
Cyber Risk Quantification - Turning Security into Business Language
Hackers Exploiting Windows .RDP Files For Rogue Remote Desktop Connections
Chinese APTs Exploit EDR 'Visibility Gap' for Cyber Espionage
Building Cyber Resilience into Supply Chains | Manufacturing.net
94% of firms say pentesting is essential, but few are doing it right - Help Net Security
Hackers are duping developers with malware-laden coding challenges | IT Pro
DPRK Hackers Exploit LinkedIn to Infect Developers with Infostealers - Infosecurity Magazine
Cyber Security by Design: When Humans Meet Technology
Network Edge Devices the Biggest Entry Point for Attacks on SMBs - Infosecurity Magazine
Active Directory Recovery Can't Be an Afterthought
Understanding and threat hunting for RMM software misuse | Intel 471
How This Simple Phone Security Boost From Google Could Be Good for Your Business
How Threat Intelligence Can Identify Chinks in the Armor
What is Vulnerability Exposure Management? - Security Boulevard
Demystifying Security Posture Management - SecurityWeek
Your Network Is Showing - Time to Go Stealth - Security Boulevard
Why 78% of Security Leaders Are Rethinking Their Entire Cyber Strategy in 2025
Why Every CISO Needs a Crisis Communications Plan in 2025
Why shorter SSL/TLS certificate lifespans matter - Help Net Security
Secure by design: what we can learn from the financial services sector | TechRadar
Organisations Lack Incident Response Plans, but Answers Are on the Way
AI in Cyber Security: Double-Edged Sword or Game-Changer? | Silicon UK Tech News
Cyber resilience key to UK defence says Minister
CISOs Face 2025 Cyber Threats with Shrinking Budgets and High Demands
You’re always a target, so it pays to review your cyber security insurance | CSO Online
Cyber threats are inevitable - Is your board ready? - Businessday NG
Reports Published in the Last Week
BakerHostetler Launches 2025 Data Security Incident Response Report
Other News
30% of charities experienced cyber security breaches or attacks last year, stats show
Initial Access Brokers Shift Tactics, Selling More for Less
Cyber Threats Against Energy Sector Surge as Global Tensions Mount
Public Officials Separate Workplace and Personal Online Lives. Hackers Don’t Care. - WSJ
Network Edge Devices the Biggest Entry Point for Attacks on SMBs - Infosecurity Magazine
Accounting Firms Can't Skimp on Cyber Security
Cyber resilience key to UK defence says Minister
UK Public Sector under fire: the battle against cyber crime | TechRadar
How Online Poker Platforms Stay a Step Ahead of Cyber Threats - IT Security Guru
The engineer's guide to staying ahead of cyber threats | TechRadar
Vulnerability Management
NVD Revamps Operations as Vulnerability Reporting Surges - Infosecurity Magazine
69% of Critical & High Severity Vulnerabilities Not Patched by Organisations
94% of firms say pentesting is essential, but few are doing it right - Help Net Security
Microsoft: Exchange 2016 and 2019 reach end of support in six months
CVE Program Funding Reinstated—What It Means And What To Do Next
What is Vulnerability Exposure Management? - Security Boulevard
Screw gov’t funding, we’re going nonprofit, CVE Board declares after database debacle | Cybernews
CVE Foundation Launched to Ensure the Long-term Vulnerability Tracking
TP-Link becomes a CVE Numbering Authority to improve cyber security
Vulnerabilities
Microsoft vulnerabilities: What's improved, what's at risk - Help Net Security
Microsoft: New Windows updates fix Active Directory policy issues
Hackers lurk in over 14K Fortinet devices | Cybernews
Fortinet Zero-Day Bug May Lead to Arbitrary Code Execution
Is Ivanti the problem or a symptom of a systemic issue with network devices? | CyberScoop
Attackers Maintaining Access to Fully Patched Fortinet Gear
New Windows Task Scheduler Bugs Let Attackers Bypass UAC and Tamper with Logs
Fresh Windows NTLM Vulnerability Exploited in Attacks - SecurityWeek
SonicWall Patches High-Severity Vulnerability in NetExtender - SecurityWeek
Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle - SecurityWeek
Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks
Hackers Exploiting Windows .RDP Files For Rogue Remote Desktop Connections
Major WordPress Plugin Flaw Exploited in Under 4 Hours - Infosecurity Magazine
Chrome 136 fixes 20-year browser history privacy risk
CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices
Chrome 135, Firefox 137 Updates Patch Severe Vulnerabilities - SecurityWeek
Apple Quashes Two Zero-Days With iOS, MacOS Patches - SecurityWeek
Max Severity Bug in Apache Roller Enabled Persistent Access
Critical flaws fixed in Nagios Log Server - Help Net Security
Oracle Patches 180 Vulnerabilities With April 2025 CPU - SecurityWeek
Vulnerabilities Patched in Atlassian, Cisco Products - SecurityWeek
NVIDIA and Docker Flaws Raise Container Security Concerns | MSSP Alert
Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 11 April 2025
Black Arrow Cyber Threat Intelligence Briefing 11 April 2025:
-Why Organisations Are Doubling Down on Cyber Crisis Simulations
-UK SMEs Losing Over £3bn a Year to Cyber Incidents
-Over 40% of UK Businesses Faced Cyber Security Breaches in 2024
-Boards Urged to Follow New Cyber Code of Practice
-Two-Thirds of Financial Services Firms Hit by Cyber Breach in Past Year
-AI Is Now Better Than Humans at Phishing
-Europol Warns: AI Is Turbocharging Organised Crime
-Is HR Running Your Employee Security Training? Here’s Why That’s Not Always the Best Idea
-Precision-Validated Phishing Elevates Credential Theft Risks
-Why Remote Work Is a Security Minefield (and What You Can Do About It)
-Why Cyber Security Should Be a Top Priority in Fintech
-Half of Firms Stall Digital Projects as Cyber Warfare Risk Surges
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Exec Summary
Black Arrow’s look at threat intelligence from the last week highlights that attackers are now leveraging artificial intelligence to craft highly convincing phishing scams and precision-targeted campaigns. Businesses must prioritise cyber awareness among employees and leadership teams to address this. Our experience shows that even well-resourced firms are at risk if cyber training is generic, outdated, or not led by informed security teams.
This week’s developments also reinforce the importance of engaging executive leadership in cyber resilience. The rise in cyber crisis simulations reflects a growing recognition that incident response is not just an IT issue but a board-level imperative. Black Arrow Cyber is seeing increased demand for tailored tabletop exercises and governance workshops that empower leadership teams to manage risk more effectively and demonstrate proportionate control. The UK government's new Cyber Governance Code and troubling statistics, such as 65% of financial services firms experiencing breaches, only strengthen the case for structured, executive-led cyber readiness.
Finally, the rapid adoption of AI in both legitimate operations and criminal activity signals a shifting threat landscape. From fintech to remote working environments, firms are now grappling with security challenges that extend beyond technical controls. In today’s environment, cyber resilience starts with people, not just technology.
Top Cyber Stories of the Last Week
Why Organisations Are Doubling Down on Cyber Crisis Simulations
Driven by a surge in high-profile cyber attacks, 74% of CISOs plan to increase budgets for cyber crisis simulations this year. These exercises are no longer IT-only; they now involve executives across legal, finance, and communications, helping organisations coordinate more effectively under pressure. Simulations highlight gaps in processes, decision-making, and communication, offering a controlled space to strengthen response. They also address team resilience, with some firms embedding mental health checks into crisis planning. As regulatory expectations grow, simulations are proving essential in helping firms move from theoretical risk planning to practical readiness, and from chaos to coordinated response.
At Black Arrow, we are seeing an increase in clients requesting support in designing and preparing for managing a cyber security incident; this includes an incident response plan and an educational tabletop exercise for the leadership team that highlights proportionate controls to help the organisation prevent and mitigate an incident. Contact us for details.
UK SMEs Losing Over £3bn a Year to Cyber Incidents
UK SMEs are losing £3.4bn annually due to inadequate cyber security, with over 30% lacking any protection and more than a quarter facing repeated attacks each year, according to Vodafone Business. The average cost of a cyber attack is £3,400, rising to £5,000 for firms with over 50 staff. Despite the growing threat, over a third of SMEs provide no staff training, most spend under £100 annually on cyber security, and nearly two-thirds allow home working on personal devices.
Over 40% of UK Businesses Faced Cyber Security Breaches in 2024
The UK government’s latest Cyber Security Breaches Survey reveals that 43% of businesses and 30% of charities suffered a cyber breach or attack in the past year, with phishing the leading cause. Criminals are increasingly using artificial intelligence to craft convincing scams, making them harder to detect. Despite these threats, board-level oversight of cyber resilience is declining, raising concerns about organisational readiness. Experts are calling for urgent legal reform, warning that outdated legislation is hindering efforts to defend against over 8.5 million annual attacks.
Boards Urged to Follow New Cyber Code of Practice
The UK government has launched a new Cyber Governance Code of Practice to help boards strengthen their organisation’s cyber resilience. Aimed at medium and large-sized firms, the initiative responds to the growing threat landscape, with 74% of large and 70% of medium firms hit by cyber attacks or breaches in the past year. These incidents have previously cost the UK economy nearly £22bn annually. Backed by the UK’s National Cyber Security Centre (NCSC) and industry bodies, the code outlines key actions for boards, supported by training and a toolkit, helping leaders embed cyber risk management alongside financial and legal oversight.
Black Arrow’s board-level cyber security workshops enable leadership teams to implement and demonstrate proportionate governance of cyber risk management. Contact us for details.
Two-Thirds of Financial Services Firms Hit by Cyber Breach in Past Year
A recent survey of 200 senior financial services leaders revealed that nearly two-thirds (65%) of firms suffered a cyber breach in the past year, with smaller firms hit slightly harder than larger ones. Despite widespread AI adoption, with 90% of organisations using it and 84% of senior managers relying on it, almost a third of respondents lacked confidence in their ability to prevent future data breaches. Top security concerns for the year ahead include trust in AI (47%), ransomware (45%) and data mismanagement (44%). While many see AI as key to better cyber security and operational gains, training and transparency gaps remain a notable risk.
AI Is Now Better Than Humans at Phishing
A new report from AI training firm Hoxhunt has found as of March 2025, AI-generated phishing attacks were 24% more successful than those crafted by human experts. This shift is attributed to advanced AI models that tailor phishing messages to individual users, significantly increasing click rates. The findings highlight an urgent need for organisations to adopt AI-driven defences and enhance user behaviour training to stay ahead of increasingly sophisticated cyber threats.
Europol Warns: AI Is Turbocharging Organised Crime
Europol has warned that AI is transforming the landscape of organised crime, making criminal operations faster, more scalable, and harder to detect. The European Serious Organised Crime Threat Assessment reveals that AI is being exploited to automate cyber attacks, enhance social engineering, and enable large-scale fraud and identity theft. Criminals now use AI to generate convincing deepfakes and craft multilingual phishing campaigns with minimal expertise. Within financial services, AI and cryptocurrencies are increasingly used for money laundering and fraud, with Europol highlighting that the very structure of organised crime is evolving into a tech-driven enterprise.
Is HR Running Your Employee Security Training? Here’s Why That’s Not Always the Best Idea
A growing number of security leaders are warning that relying solely on HR to deliver employee security training leaves organisations exposed. While HR plays a key role in logistics and compliance, it lacks the up-to-date threat intelligence and technical insight required to effectively address phishing, social engineering, and evolving cyber attacks. Experts agree that training content must be led by security teams and tailored to sector-specific risks. Without this, organisations risk generic, outdated programmes that fail to drive real-world awareness. A collaborative approach across HR, security, IT, and legal is essential to ensure training is both relevant and effective.
Precision-Validated Phishing Elevates Credential Theft Risks
A new phishing tactic, known as precision-validated credential theft, is raising concern due to its ability to bypass traditional defences by targeting only verified, high-value email accounts. Unlike broad phishing attempts, this method uses real-time validation via JavaScript scripts or email verification APIs to ensure only active users see malicious content. In one case, attackers even redirected invalid users to legitimate sites to avoid detection. This selective targeting makes threat detection and intelligence sharing more difficult, with experts urging firms to adopt behavioural analytics and anomaly detection to identify threats before they take hold.
Why Remote Work Is a Security Minefield (and What You Can Do About It)
Remote work has become a long-term strategy for many organisations, but it brings significant cyber security risks. Key concerns include unsecured home networks, personal device use lacking enterprise protections, and increased exposure to phishing and social engineering attacks. Isolation and relaxed home environments heighten risk-taking behaviours. Organisations should look at adopting a zero trust model, mandatory use of VPNs, encrypted Wi-Fi, and regular employee training. Balancing security with employee privacy is also critical, with transparency around monitoring practices essential for trust. As AI tools evolve, so too do cyber threats, making a proactive, security-first culture more important than ever.
Why Cyber Security Should Be a Top Priority in Fintech
Fintech’s rapid growth has made it a prime target for cyber attacks, with platforms handling high volumes of sensitive personal and financial data in real time. High-profile breaches have impacted millions, highlighting the risks of underinvesting in security. Fast-moving startups, third-party integrations, and misconfigured cloud environments widen the attack surface. Yet, forward-thinking firms view cyber security as a strategic enabler, building trust, driving compliance, and attracting investment. Core priorities now include zero trust architectures, AI-driven threat detection, and secure development practices. In digital finance, security is not optional; it’s the foundation on which trust, growth, and resilience are built.
Half of Firms Stall Digital Projects as Cyber Warfare Risk Surges
Armis has found that nearly half of UK organisations have paused or delayed digital transformation projects due to rising fears of state-sponsored cyber attacks. Concern around nation-state threats has surged by 32% since last year, with 88% of IT decision-makers voicing alarm and 47% having already reported incidents to authorities. The report highlights further strain on firms, as 52% cite regulatory complexity and 48% admit to lacking in-house expertise to manage AI-powered security tools. With China, Russia and North Korea seen as top cyber threats, businesses are being urged to shift to a proactive cyber security stance to mitigate growing risks.
Sources:
https://www.helpnetsecurity.com/2025/04/09/ciso-cyber-crisis-simulations/
https://www.computerweekly.com/news/366622019/UK-SMEs-losing-over-3bn-a-year-to-cyber-incidents
https://www.infosecurity-magazine.com/news/40-uk-businesses-face-breaches/
https://www.infosecurity-magazine.com/news/bords-urged-follow-new-cyber-code/
https://betanews.com/2025/04/04/ai-is-now-better-that-humans-at-phishing/
https://informationsecuritybuzz.com/europol-ai-is-turbocha-organized-crime/
https://www.infosecurity-magazine.com/news/precision-validated-phishing/
https://www.helpnetsecurity.com/2025/04/11/remote-work-cybersecurity-challenges/
https://www.finextra.com/blogposting/28257/why-cybersecurity-should-be-a-top-priority-in-fintech
https://www.infosecurity-magazine.com/news/half-firms-stall-digital-projects/
Governance, Risk and Compliance
Business leaders supported to bolster online defences to safeguard growth - GOV.UK
Boards Urged to Follow New Cyber Code of Practice - Infosecurity Magazine
UK says company boards need to worry more about cyber security risks | News Brief | Compliance Week
Why CISOs are doubling down on cyber crisis simulations - Help Net Security
Security Theatre: Vanity Metrics Keep You Busy - and Exposed
UK businesses are still getting hacked, but they are becoming smarter | Cybernews
Key Cyber Security Challenges In 2025—Trends And Observations
Cyber insurance set to boom but so are the threats – Munich Re
Capacity is Critical in Riskier Threat Landscape | Trend Micro (US)
Many CIOs operate within a culture of fear | CIO
New cyber threats demand new model report warns
Cyber pros see trade war driving costs of tech gear | Cybernews
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Attacks Hit All-Time High as Payoffs Dwindle - Infosecurity Magazine
Ransomware 2025: gangs hunt for Fortune 500 companies | Cybernews
Ban ransomware payments? UK pitches new cyber rules
Ransomware Incidents On the Rise in the UK - DataBreachToday
Medusa Rides Momentum From Ransomware-as-a-Service Pivot
Ransomware Underground Faces Declining Relevance
Ransomware groups push negotiations to new levels of uncertainty - Help Net Security
Everest ransomware group’s Tor leak site offline after a defacement
Everest ransomware's dark web leak site defaced, now offline
US businesses are the top target for ransomware in 2025 so far | TechRadar
Ransomware Victims
Food giant WK Kellogg discloses data breach linked to Clop ransomware
Clop Ransomware Hack Of WK Kellogg Shows Growing Threat To Your Data
Beyond The Breach: The Ongoing Impact Of The Change Healthcare Attack
Port of Seattle says ransomware breach impacts 90,000 people
Medway Community Healthcare still recovering from 'cyber-attack' - BBC News
Ransomware Gang Claims Hack Of NASCAR
Phishing & Email Based Attacks
AI is now better than humans at phishing
Phishing kits now vet victims in real-time before stealing credentials
Precision-Validated Phishing Elevates Credential Theft Risks - Infosecurity Magazine
Why defensive AI alone is not enough: the crucial role of a strong security culture | TechRadar
How Cyber Criminals Are Exploiting QR Codes for Phishing Attacks - ClearanceJobs
Phishing, fraud, and the financial sector's crisis of trust - Help Net Security
Scattered Spider adds new phishing kit, malware to its web • The Register
Attackers Use 'Spam Bombing' to Hide Malicious Motives
iOS devices face twice the phishing attacks of Android - Help Net Security
New PoisonSeed Attacking CRM & Bulk Email Providers in Supply Chain Phishing Attack
Cyber security company alarmed by ease of scam creation with Lovable website builder | Cybernews
E-ZPass toll payment texts return in massive phishing wave
Over 100 million malicious emails blocked by HMRC | TechRadar
Other Social Engineering
Smishing Triad Fuels Surge in Toll Payment Scams in US, UK - Infosecurity Magazine
Someone is trying to recruit security researchers in bizarre hacking campaign | TechCrunch
Fraud, Scams and Financial Crime
Identity Fraud Costs Orgs Average of $7m Annually - IT Security Guru
Phishing, fraud, and the financial sector's crisis of trust - Help Net Security
Smishing Triad Fuels Surge in Toll Payment Scams in US, UK - Infosecurity Magazine
Australian pension funds hit by wave of credential stuffing attacks
This Is How Hackers Target Everyday People With AI Chatbots
SIM-swapper must repay $13.2M to 59 victims • The Register
Cyber security company alarmed by ease of scam creation with Lovable website builder | Cybernews
Artificial Intelligence
AI is now better than humans at phishing
Why defensive AI alone is not enough: the crucial role of a strong security culture | TechRadar
Europol Warns: AI Is Turbocharging Organised Crime
AI is Reshaping Cyber Threats: Here’s What CISOs Must Do Now - Security Boulevard
Key Cyber Security Challenges In 2025—Trends And Observations
The rise of compromised LLM attacks - Help Net Security
This Is How Hackers Target Everyday People With AI Chatbots
DDoS attacks added to cyberwarfare toolkit amid AI, botnet enhancements | SC Media
AI-Powered AkiraBot Evades CAPTCHA to Spam 80,000 Websites - Infosecurity Magazine
Cyber security company alarmed by ease of scam creation with Lovable website builder | Cybernews
How to find out if your AI vendor is a security risk - Help Net Security
Malware
Network-based malware detections increase 94 percent
Police detains Smokeloader malware customers, seizes servers
An APT group exploited ESET flaw to execute malware
Scattered Spider adds new phishing kit, malware to its web • The Register
North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
Threat Actors Weaponize Windows Screensavers Files to Deliver Malware
PlayPraetor Reloaded: CTM360 Uncovers a Play Masquerading Party
Open Source Poisoned Patches Infect Local Software
Bots/Botnets
New Mirai botnet behind surge in TVT DVR exploitation
Europol Targets Customers of Smokeloader Pay-Per-Install Botnet - SecurityWeek
Russian bots hard at work spreading political unrest on Romania's internet
DDoS attacks added to cyberwarfare toolkit amid AI, botnet enhancements | SC Media
AI-Powered AkiraBot Evades CAPTCHA to Spam 80,000 Websites - Infosecurity Magazine
Mobile
Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities
iOS devices face twice the phishing attacks of Android - Help Net Security
Is your Android smartphone at risk? Here’s what you need to know - Talk Android
Call Records of Millions Exposed by Verizon App Vulnerability - SecurityWeek
iPhone vault app exposed passwords, photos | Cybernews
Denial of Service/DoS/DDoS
DDoS Attacks on the Rise, but How Can You Prevent One?
DDoS attacks added to cyberwarfare toolkit amid AI, botnet enhancements | SC Media
Internet of Things – IoT
New Mirai botnet behind surge in TVT DVR exploitation
Will IoT Downtime Be the Biggest Risk of the Next Decade?
Study Identifies 20 Most Vulnerable Connected Devices of 2025 - SecurityWeek
Nissan Leaf Hacked for Remote Spying, Physical Takeover - SecurityWeek
Data Breaches/Leaks
Oracle tells customers its public cloud was compromised • The Register
Over 200 German politician email addresses appear on dark web | Proton
Food giant WK Kellogg discloses data breach linked to Clop ransomware
Beyond The Breach: The Ongoing Impact of the Change Healthcare Attack
The Reg translates Oracle's weak breach confession letter • The Register
Hackers accessed 150,000 emails of 100 US bank regulators at OCC | SC Media
Europcar GitLab breach exposes data of up to 200,000 customers
Signalgate solved? Reports claim accidental contact mix-up • The Register
Call Records of Millions Exposed by Verizon App Vulnerability - SecurityWeek
iPhone vault app exposed passwords, photos | Cybernews
Organised Crime & Criminal Actors
Europol Warns: AI Is Turbocharging Organised Crime
EDR-as-a-Service makes the headlines in the cyber crime landscape
Operation Endgame Continues with Smokeloader Customer Arrests - Infosecurity Magazine
Europol Targets Customers of Smokeloader Pay-Per-Install Botnet - SecurityWeek
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
PoisonSeed phishing campaign behind emails with wallet seed phrases
New PoisonSeed Attacking CRM & Bulk Email Providers in Supply Chain Phishing Attack
Jack Dorsey's Block fined $40M for compliance failures
Insurance
Cyber insurance set to boom but so are the threats – Munich Re
New cyber threats demand new model report warns
Supply Chain and Third Parties
PoisonSeed phishing campaign behind emails with wallet seed phrases
New PoisonSeed Attacking CRM & Bulk Email Providers in Supply Chain Phishing Attack
Cloud/SaaS
Oracle tells customers its public cloud was compromised • The Register
Hackers target SSRF flaws to steal AWS credentials | CSO Online
The Reg translates Oracle's weak breach confession letter • The Register
Identity and Access Management
The shift to identity-first security and why it matters - Help Net Security
Encryption
Secure Communications Evolve Beyond End-to-End Encryption
UK Home Office loses attempt to keep legal battle with Apple secret | Home Office | The Guardian
Passwords, Credential Stuffing & Brute Force Attacks
Phishing kits now vet victims in real-time before stealing credentials
Sophisticated credential exfiltrating phishing kits with real-time validation emerge | SC Media
Hackers target SSRF flaws to steal AWS credentials | CSO Online
Social Media
Senate hears Meta dangled US data in bid to enter China • The Register
Training, Education and Awareness
Regulations, Fines and Legislation
Is the ICO Ready for the Resilience Bill's Requirements? | SC Media UK
Boards Urged to Follow New Cyber Code of Practice - Infosecurity Magazine
UK says company boards need to worry more about cyber security risks | News Brief | Compliance Week
Ban ransomware payments? UK pitches new cyber rules
UK Court Rejects Government Secrecy in Apple's Fight Against Backdoor Request - MacRumors
The Cyber Resilience Act: Consultation on the Technical Description Opens
Rebranding of SEC Cyber Unit Reflects Shift in Enforcement Priorities | King & Spalding - JDSupra
CISA braces for more cuts, threat-intel efforts are doomed • The Register
CISA reevaluating its critical infrastructure public-private partnership | Hogan Lovells - JDSupra
Trump orders DOJ to investigate pair who disputed his allegation of election fraud - SiliconANGLE
Three key federal cyber regulations to watch under Trump
Trump Fires NSA, Cyber Command Chief, Fuelling Security Fears
President Trump fired the head of U.S. Cyber Command and NSA
Cyber attacks to thrive amid Trump tariffs, says expert | SC Media
Jack Dorsey's Block fined $40M for compliance failures
Models, Frameworks and Standards
Business leaders supported to bolster online defences to safeguard growth - GOV.UK
The Cyber Resilience Act: Consultation on the Technical Description Opens
Backup and Recovery
Do backups mean little when incident response dawdles? • The Register
How to work backups into your cyber hygiene routine
Data Protection
Malicious cyber actors using spyware to target individuals’ personal data | Cyber.gov.au
Why Data Privacy Isn't the Same as Data Security
Careers, Working in Cyber and Information Security
A continuous learning strategy | Professional Security Magazine
Neurodiversity in Cyber Security: A Strategic Advantage Beyond DEI | SC Media UK
Cyber Security Career Resilience: Certs + Experience =
CISA Releases NICE Workforce Framework Version 2.0.0 Released - What’s New
Law Enforcement Action and Take Downs
UK Home Office loses attempt to keep legal battle with Apple secret | Home Office | The Guardian
Police detains Smokeloader malware customers, seizes servers
Operation Endgame Continues with Smokeloader Customer Arrests - Infosecurity Magazine
Europol Targets Customers of Smokeloader Pay-Per-Install Botnet - SecurityWeek
SIM-swapper must repay $13.2M to 59 victims • The Register
Misinformation, Disinformation and Propaganda
Russian bots hard at work spreading political unrest on Romania's internet
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
DDoS attacks added to cyberwarfare toolkit amid AI, botnet enhancements | SC Media
Half of Firms Stall Digital Projects as Cyber Warfare Risk Surges - Infosecurity Magazine
Nation State Actors
China
Google Cloud: China Achieves “Cyber Superpower” Status - Infosecurity Magazine
Russia, China target SpaceX's Starlink in escalating space electronic warfare - SpaceNews
What Should the US Do About Salt Typhoon?
Chinese claimed behind closed doors, PRC played role in US cyber attacks: Report | Fox News
China Admits Conducting Cyber Attacks Against US | Newsmax.com
NCSC issues warning over Chinese Moonshine and BadBazaar spyware | Computer Weekly
An APT group exploited ESET flaw to execute malware
Security experts say US-China trade war could hit cyber space • The Register
Smishing Triad Fuels Surge in Toll Payment Scams in US, UK - Infosecurity Magazine
Someone is trying to recruit security researchers in bizarre hacking campaign | TechCrunch
Senate hears Meta dangled US data in bid to enter China • The Register
Russia
Weekly cyber attacks on UK by pro-Russian and pro-Palestinian hackers
Russia, China target SpaceX's Starlink in escalating space electronic warfare - SpaceNews
Germany suspects Russian cyber attack on research group – DW – 04/08/2025
Russian hackers attack Western military mission using malicious drive
Gamaredon targeted the military mission of a Western country based in Ukraine
Ukraine subjected to new cyberespionage campaign | SC Media
Russian bots hard at work spreading political unrest on Romania's internet
North Korea
North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
The need for collaborative global cyber diplomacy is growing - Nextgov/FCW
Capacity is Critical in Riskier Threat Landscape | Trend Micro (US)
Court document reveals locations of WhatsApp victims targeted by NSO spyware | TechCrunch
Tools and Controls
Why CISOs are doubling down on cyber crisis simulations - Help Net Security
Do backups mean little when incident response dawdles? • The Register
CISOs battle security platform fatigue - Help Net Security
Key Cyber Security Challenges In 2025—Trends And Observations
Tariff war has tech buyers wondering what's next. Here's what we know | ZDNET
Security Theater: Vanity Metrics Keep You Busy - and Exposed
What is DSPM? Understanding Data Security Posture Management - Security Boulevard
Why Data Privacy Isn't the Same as Data Security
DNS: The Secret Weapon CISOs May Be Overlooking in the Fight Against Cyber Attacks - SecurityWeek
Cyber pros see trade war driving costs of tech gear | Cybernews
Cracking the Code on Cyber Security ROI
Why remote work is a security minefield (and what you can do about it) - Help Net Security
Microsoft Boosts Email Sender Rules for Outlook
How to find out if your AI vendor is a security risk - Help Net Security
Other News
Two-thirds of financial services firms hit by cyber breach in past year - report - TechCentral.ie
Why Cyber Security Should Be a Top Priority in Fintech: By Ruchi Rathor
Over 40% of UK Businesses Faced Cyber Security Breaches in 2024 - Infosecurity Magazine
Tariff war has tech buyers wondering what's next. Here's what we know | ZDNET
Cyber attacks on water and power utilities threaten public safety - Help Net Security
Trustees should ‘double down’ on cyber risks in face of increasing threats - Pensions Age Magazine
Cyber attacks continue to blight almost all UK higher education - Research Professional News
Turbulence Ahead: Navigating the Challenges of Aviation Cyber Security
Why remote work is a security minefield (and what you can do about it) - Help Net Security
Cyber Criminals Are Exploiting Universities' Weakness In Document Management
Protecting maritime data: the next frontier for shipping cyber security
New KnowBe4 report exposes critical cyber threats in European energy sector | World Pipelines
Trojan Horses in Space: Cyber Threats Hidden in Satellite Networks | DefenceTalk
Vulnerability Management
The Ultimate Guide to Vulnerability Assessment - Security Boulevard
10 best practices for vulnerability management according to CISOs | CSO Online
NIST Declares CVE Cutoff: Pre-2018 Vulnerabilities Now ‘Deferred’
It’s time to stop the victim-blaming and insist on safer software | Computer Weekly
Microsoft delays WSUS driver sync deprecation indefinitely
Vulnerabilities
Hackers are targeting Ivanti VPN users again – here’s what you need to know | IT Pro
Microsoft patches zero-day actively exploited in string of ransomware attacks | CyberScoop
Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability
Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities
WinRAR flaw bypasses Windows Mark of the Web security alerts
Chrome preps fix for browser history spying • The Register
ESET Vulnerability Exploited for Stealthy Malware Execution - SecurityWeek
Vulnerabilities Patched by Ivanti, VMware, Zoom - SecurityWeek
Critical FortiSwitch flaw lets hackers change admin passwords remotely
VMware Patches Multiple 47 Vulnerabilities VMware Tanzu Greenplum Backup & Components
SAP Patches Critical Code Injection Vulnerabilities - SecurityWeek
Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered
WhatsApp Flaw Exposes Users To Malicious Attacks
Juniper Networks Patches Dozens of Junos Vulnerabilities - SecurityWeek
Hackers exploit WordPress plugin auth bypass hours after disclosure
Zero-Day Vulnerability in CentreStack Exploited to Breach Enterprise File Servers | MSSP Alert
Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes
Call Records of Millions Exposed by Verizon App Vulnerability - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 09 April 2025 – Key Security Updates from Microsoft, Fortinet, Adobe, Ivanti, and Google Chrome
Black Arrow Cyber Advisory 09 April 2025 – Key Security Updates from Microsoft, Fortinet, Adobe, Ivanti, and Google Chrome
Executive Summary
Microsoft’s Patch Tuesday for April 2025 delivered security updates addressing 134 vulnerabilities across its product line, including an actively exploited zero-day vulnerability (CVE-2025-29824) in the Windows Common Log File System Driver. This month, several other major software and hardware vendors also released critical security updates to address vulnerabilities that could be exploited by attackers.
Fortinet issued security advisories addressing multiple vulnerabilities across various products, including a critical flaw (CVE-2024-48887) in FortiSwitch that could allow unauthorised password changes.
Adobe released updates addressing 30 vulnerabilities across multiple products, including 11 critical issues in ColdFusion that could lead to arbitrary code execution and unauthorised file system access.
Ivanti disclosed a critical vulnerability (CVE-2025-22457) in its Connect Secure, Policy Secure, and ZTA gateways, which has been exploited in the wild, allowing remote code execution. Ivanti also released a security advisory addressing several medium and high vulnerabilities in Ivanti Endpoint Manager.
Google released a security update for Chrome, addressing a high-severity use-after-free vulnerability (CVE-2025-3066) in the Site Isolation component, which could allow remote code execution.
What’s the risk to me or my business?
The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity, and availability of the affected applications and the organisation's data on the affected systems.
What can I do?
Black Arrow recommends applying the available security updates for all supported versions of products that have been impacted by the various vulnerabilities. The updates should be applied as soon as possible for actively exploited vulnerabilities and all other vulnerabilities that have critical or high severity ratings.
Microsoft
Further details on specific updates within this Microsoft patch Tuesday can be found here:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Apr
Forinet, Adobe, Ivanti, Google
Further details of the vulnerabilities in affected Apple, Adobe, Fortinet and SAP:
https://helpx.adobe.com/security/security-bulletin.html
https://fortiguard.fortinet.com/psirt
https://www.ivanti.com/blog/april-security-update
https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_8.html
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Intelligence Briefing 04 April 2025
Black Arrow Cyber Threat Intelligence Briefing 04 April 2025:
-Why Global Tensions Are a Cyber Security Problem for Every Business
-When Disaster Strikes, Proper Preparation Prevents Poor Performance
-GenAI Turning Employees into Unintentional Insider Threats
-Cyber Scams Cost Businesses $1.7 Million Per Year, Claims Report
-The Human Side of Insider Threats: People, Pressure, and Payback
-North Korean IT Worker Army Expands Operations in Europe
-The UK’s Cyber Security and Resilience Bill Will Boost Standards and Increase Costs
-Why Multi-Factor Authentication Is Still Absolutely Essential in 2025
-Bridging the Gap Between the CISO and the Board of Directors
-Enterprises Beef Up Cyber Security Plans to Mitigate AI Risks
-Prioritising an Enterprise-wide Cyber Culture in 2025
-Surge of Swatting Attacks Targets Corporate Executives and Board Members
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Summary
Our review of threat intelligence this week looks at the increase in state-linked cyber attacks driven by geopolitical tensions, increasingly targeting sectors like energy, manufacturing, and healthcare. This includes reports of the North Korean Army posing as remote IT freelancers to infiltrate organisations in Europe. The UK Government is progressing its Cyber Security and Resilience Bill to improve security against these and other threats.
Also, research shows that the rise of generative AI apps has led to a significant increase in data sharing risks, despite policies being in place, while insider threats, potentially driven by personal stress and dissatisfaction, remain a critical concern. To mitigate these risks, organisations must enhance both technical controls and cultural improvements.
Businesses are reported to be struggling with disaster recovery, even those with incident response plans, highlighting the need for regular testing and secure backups. Regular testing, third-party involvement, and up-to-date network mapping are crucial for effective response. Backup systems often fail due to misconfiguration or lack of testing, and attackers increasingly target backups, making their security vital.
Black Arrow believes that resilient organisations will be those that treat cyber security not as an IT function, but as a strategic, people-led business priority.
Top Cyber Stories of the Last Week
Why Global Tensions Are a Cyber Security Problem for Every Business
A surge in geopolitical tensions is fuelling a rise in state-linked cyber attacks, which are becoming more frequent, sophisticated, and difficult to attribute. Businesses are increasingly being targeted, especially in sectors like energy, manufacturing, and healthcare, with attacks now blending espionage, sabotage, and financially motivated cyber crime. A PwC report confirms that board-level attention is growing, as CEOs reassess supplier risks and operational exposure in politically unstable regions. With traditional defences struggling to keep pace, experts recommend a shift towards cyber-informed engineering and stronger industry collaboration. In this volatile climate, cyber security has become a core strategic issue, not just a technical concern.
When Disaster Strikes, Proper Preparation Prevents Poor Performance
Many firms remain underprepared for disaster recovery, and that includes those that have incident response plans in place. Experts stress that regular testing, ideally involving third parties, and up-to-date network mapping are critical to effective response. Tools like chaos engineering software and automation scripts can help simulate and handle real-world failures. Yet, many organisations still rely on manual methods, risking delays during a crisis. Backup systems, although common, often fail due to misconfiguration or lack of testing. With attackers increasingly targeting backups, ensuring their security is vital. Ultimately, consistent preparation and practice are key to avoiding chaos during high-pressure incidents.
GenAI Turning Employees into Unintentional Insider Threats
Netskope has found that enterprise data sharing with generative AI (GenAI) apps has surged 30-fold in a year, with the average organisation now transferring over 7.7GB of data per month. This includes sensitive material such as source code, regulated data, and passwords. While 90% of organisations have users directly accessing GenAI apps, 72% of users do so via personal accounts, creating a growing risk from unintentional insider threats. With GenAI now embedded across both dedicated tools and backend systems, firms are struggling with visibility and governance, despite 99% having policies in place to reduce the associated cyber security risks.
Cyber Scams Cost Businesses $1.7 Million Per Year, Claims Report
According to BrandShield’s 2025 CyberScam Report, 98% of businesses experienced a cyber attack in 2024, with 94% suffering financial losses, averaging $1.7 million annually. The most common threats included supply chain attacks, brand impersonation, and advanced persistent threats. As a result, 76% of CISOs expect increased budgets for threat monitoring in 2025. Concern around AI risks rose significantly among those impacted, particularly where losses exceeded $1 million. The report underscores the growing scale of online threats, with cyber criminals increasingly leveraging AI faster than organisations can respond, prompting calls for real-time, AI-driven defences.
The Human Side of Insider Threats: People, Pressure, and Payback
Insider threats remain a critical but often overlooked cyber security risk, driven not just by malicious intent but by personal stress, dissatisfaction, and opportunity. Studies highlight motivations ranging from financial pressure and mental health issues to ideological beliefs and career frustration. Notably, breaches at Capital One and Tesla affected over 180 million individuals combined, with insiders exploiting trusted access. The FBI has also warned of remote work abuse by North Korean operatives. Organisations are urged to combine technical controls with cultural improvements limiting access, offering mental health support, and addressing grievances early, to reduce the likelihood of insiders turning against their employers.
North Korean IT Worker Army Expands Operations in Europe
North Korean IT workers are expanding their operations into Europe, posing as remote freelancers to infiltrate organisations and generate revenue for the DPRK regime. A recent Google Threat Intelligence report highlights activity in Germany, Portugal, and the UK, with workers using fake identities and encrypted payment methods like cryptocurrency. Roles range from AI and blockchain to CMS development, including targeting defence and government sectors. Up to 90% of wages are reportedly funnelled to the regime. The UK has issued an advisory, warning that hiring such workers could breach financial sanctions and expose firms to data theft and extortion.
The UK’s Cyber Security and Resilience Bill Will Boost Standards and Increase Costs
The UK government’s upcoming Cyber Security and Resilience Bill will significantly expand regulation to cover up to 1,100 managed service providers and 64 data centre operators, driving higher security standards but also increasing service costs. Providers will be required to report serious incidents, including supply chain attacks, to the National Cyber Security Centre within 24 hours. The Information Commissioner’s Office will take on a new regulatory role, prompting concerns over scope and resourcing. With over half of UK businesses facing cyber attacks last year and one NHS supplier breach alone costing £32.7 million, the bill aims to drive long-term resilience across critical digital infrastructure.
Why Multi-Factor Authentication Is Still Absolutely Essential in 2025
Passwords alone are not sufficient to protect online accounts, especially as data breaches and phishing attacks continue to rise. Multi-factor authentication (MFA) adds an essential layer of security by requiring a second form of identification, typically a code sent to or generated by a smartphone. Even if a password is stolen, an attacker is unlikely to gain access without this second factor. Research shows MFA stops the vast majority of unauthorised sign-in attempts, making it one of the most effective and accessible defences available. Enabling MFA is a simple but critical step for safeguarding sensitive accounts in 2025. No control is bulletproof of course, and attackers are increasingly finding ways around MFA but it still an essential control.
Bridging the Gap Between the CISO and the Board of Directors
A recent CISO report highlights a communication gap between security leaders and board members, with only 29% of boards feeling adequately informed about security milestones, compared to 44% of CISOs. This disconnect risks real financial and reputational harm, including regulatory non-compliance and data breaches. The report recommends CISOs build stronger ties across departments, improve communication by translating technical risks into business outcomes, and align clearly on compliance responsibilities. As CISOs evolve into strategic advisers, their ability to demonstrate cyber security as a business enabler is key to bridging the gap and gaining lasting influence within the C-suite.
Enterprises Beef Up Cyber Security Plans to Mitigate AI Risks
Gallagher’s latest report finds that over 2 in 5 business leaders have strengthened cyber security and data protection practices in response to growing risks linked to AI use. Concerns cited include inaccurate outputs, data breaches, privacy violations and legal exposure. Despite rising investment in AI integration and talent, fewer leaders are now communicating these risks to staff, down from 84% to 78% year on year. While 70% of cyber leaders plan to adopt AI tools in the next year, fewer than 2 in 5 believe the benefits of generative AI outweigh its risks, highlighting the need for sustained, organisation-wide resilience efforts.
Prioritising an Enterprise-wide Cyber Culture in 2025
In 2025, organisations face increasingly complex cyber threats, including AI-driven risks such as deepfakes and advanced phishing attacks. A resilient cyber culture, underpinned by strong leadership commitment and clear expectations, is critical. Employee behaviour is the key vulnerability, which can be enhanced by integrating cyber security into performance reviews, rewarding vigilance, and using plain language in training and communication driven by strong leadership commitment. Regularly tracking indicators like breach numbers, phishing test results and compliance rates supports continuous improvement ensuring innovation isn’t stifled while maintaining a secure environment in the face of evolving risks.
Surge of Swatting Attacks Targets Corporate Executives and Board Members
Swatting attacks, where criminals make fake emergency calls to prompt armed police responses, are increasingly targeting C-suite executives and board members in the US. Over the past four months, threat intelligence has identified a surge in such incidents, especially in healthcare, pharma, and esports sectors, with hotspots in Boston, Chicago, San Francisco, and LA. Attackers exploit personal data from company websites, data brokers, and breached records to locate victims. Experts warn this marks a shift to coordinated campaigns against corporate leadership. Reducing digital footprints and limiting personal details in public filings are key steps to reduce risk.
Sources:
https://www.helpnetsecurity.com/2025/04/01/global-tensions-cybersecurity-problem/
https://www.theregister.com/2025/04/03/disaster_planning_preparation/
https://www.helpnetsecurity.com/2025/03/31/genai-apps-risks-organizations/
https://www.itpro.com/security/cyber-scams-cost-businesses-1-7-million-per-year-report
https://www.helpnetsecurity.com/2025/04/01/insider-threats-why-people-turn-on-their-employers/
https://www.zdnet.com/article/why-multi-factor-authentication-is-absolutely-essential-in-2025/
https://www.darkreading.com/cybersecurity-operations/bridging-gap-between-ciso-board
https://www.ciodive.com/news/enterprise-cybersecurity-AI-risk-strategy-shift-report/743755/
Governance, Risk and Compliance
The UK’s Cyber Security and Resilience Bill will boost standards – and increase costs | CSO Online
Cyber Security and Resilience Bill Boosts ICO Powers, Protects Services and Impr... | SC Media UK
Surge of swatting attacks targets corporate executives and board members | CSO Online
Cyber Security’s Greatest Threat Isn’t AI—It’s Us
When disaster hits, preparation prevents poor performance • The Register
CISOs and CIOs forge vital partnerships for business success | CSO Online
Bridging the Gap Between the CISO & the Board of Directors
Prioritizing an enterprisewide cyber culture in 2025
How Cyber Risk Quantification Bridges Security-Board Gap
Navigating Cyber-Risks and New Defences in 2025
7 ways to get C-suite buy-in on that new cyber security tool - Help Net Security
When blaming the user for a security breach is unfair – or just wrong | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Cyber Criminals exfiltrate data in just three days - Help Net Security
Hunters International shifts from ransomware to pure data extortion
Hunters International said ransomware now ‘too risky’ • The Register
Hunters International Overlaps Hive Ransomware Attacking Windows, Linux, and ESXi Systems
Why paying the ransom is not the answer | TechRadar
HellCat Ransomware: What You Need To Know | Tripwire
VanHelsing Ransomware: What You Need To Know | Tripwire
Ransomware crews add EDR killers to their arsenal • The Register
Hackers Used Weaponized Zoom Installer to Gain RDP Access & Deploy BlackSuit Ransomware
Resilience in the face of ransomware: A key to business survival
New phishing scam outsmarts security codes to steal your info - CyberGuy
Ransomware Payments Ban: What it Means for Businesses | SC Media UK
Ransomware Victims
Malaysia PM Refuses to Pay $10M Ransomware Demand
Sam’s Club Investigates Alleged Cl0p Ransomware Breach
Retail giant Sam’s Club investigates Clop ransomware breach claims
Ransomware Group Takes Credit for National Presto Industries Attack - SecurityWeek
Phishing & Email Based Attacks
11 ways cyber criminals are making phishing more potent than ever | CSO Online
KnowBe4 Report Finds Polymorphic Phishing Features Present In 76.4% Of Campaigns
How to Recognize and Defend Against 7 Specific Phishing Attacks - ClearanceJobs
New Phishing Attack Combines Vishing and DLL Sideloading Techniques - Infosecurity Magazine
Phishing-as-a-service operation uses DNS-over-HTTPS for evasion
Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks
Cyber Criminals Expand Use of Lookalike Domains in Email Attacks - Infosecurity Magazine
Only 1% of malicious emails that reach inboxes deliver malware - Help Net Security
Surge in Smishing Fuelled by Lucid PhaaS Platform
AI phishing hits its Skynet moment as agents outperform human red teams - SiliconANGLE
Watch out - those PDFs lurking in your inbox could be a major security risk | TechRadar
Phishing Emails Aren't as Obvious Anymore. Here's How to Spot Them - CNET
Help! I clicked on a phishing link - now what? | ZDNET
Over 500 Phishing Domains Emerge Following Bybit Heist - Infosecurity Magazine
Phishers are increasingly impersonating electronic toll collection companies - Help Net Security
New phishing scam outsmarts security codes to steal your info - CyberGuy
Other Social Engineering
North Korean IT worker army expands operations in Europe
New Phishing Attack Combines Vishing and DLL Sideloading Techniques - Infosecurity Magazine
Qakbot Resurfaces in Fresh Wave of ClickFix Attacks
Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks
Surge in Smishing Fueled by Lucid PhaaS Platform
Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware
Social Engineering Just Got Smarter
Artificial Intelligence
GenAI turning employees into unintentional insider threats - Help Net Security
Enterprises beef up cyber security plans to mitigate AI risks | CIO Dive
How to recognize and prevent deepfake scams - Help Net Security
How AI Is Opening New Doors for Hackers to Cause Chaos - Business Insider
What Cyber Security Guardrails Do CIOs and CISOs Want for AI?
Does AI leave security teams struggling? | TechRadar
Cyber Security’s Greatest Threat Isn’t AI—It’s Us
AI Giving Rise of the ‘Zero-Knowledge’ Threat Actor - SecurityWeek
Hackers Exploit Microsoft Teams in Multi-Stage AI Cyber Attack
What You Should Know About the UK's New Cyber Standard
UK public expresses strong support for AI regulation | Computer Weekly
Generative AI Is reshaping financial fraud. Can security keep up? - Help Net Security
AI phishing hits its Skynet moment as agents outperform human red teams - SiliconANGLE
Law enforcement needs to fight fire with fire on AI threats | ITPro
Gray Bots Surge as Generative AI Scraper Activity Increases - Infosecurity Magazine
2FA/MFA
Why multi-factor authentication is absolutely essential in 2025 | ZDNET
'Evilginx' Tool (Still) Bypasses MFA
Microsoft secretly stopped actors from snooping on your MFA codes | CSO Online
Malware
CoffeeLoader Malware Is Stacked With Vicious Evasion Tricks
Hackers Used Weaponized Zoom Installer to Gain RDP Access & Deploy BlackSuit Ransomware
Watch out - those PDFs lurking in your inbox could be a major security risk | TechRadar
Infostealer malware: What’s the threat to businesses? | ITPro
Rootkit, Backdoor and Tunneler: Ivanti Malware Does It All
Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe - SecurityWeek
9-Year-Old NPM Crypto Package Hijacked for Information Theft - SecurityWeek
These Hackers Use Your GPU To Load Password-Stealing Malware
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
Threats Actors Hide Malware in Wordpress Websites to Execute Code Remotely
Qakbot Resurfaces in Fresh Wave of ClickFix Attacks
We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain
FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites
New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth
Only 1% of malicious emails that reach inboxes deliver malware - Help Net Security
'Evilginx' Tool (Still) Bypasses MFA
Ransomware crews add EDR killers to their arsenal • The Register
Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware
Beware fake AutoCAD, SketchUp sites dropping malware - Help Net Security
Open-source malware doubles, data exfiltration attacks dominate - Help Net Security
Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances - SecurityWeek
Suspected Chinese snoops hijacking buggy Ivanti gear — again • The Register
Amateur Hacker Leverages Bulletproof Hosting Server to Spread Malware - Infosecurity Magazine
Russia-linked Gamaredon targets Ukraine with Remcos RAT
Mobile
'Crocodilus' Android Banking Trojan Allows Device Takeover, Data Theft - SecurityWeek
An old Android RAT has returned with some new tricks - here is what to look out for | TechRadar
Russian authorities arrest three suspects behind Mamont Android banking trojan
Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices
Five VPN apps in the App Store had links to Chinese military - 9to5Mac
Hacker Leaks Samsung Customer Data - SecurityWeek
Denial of Service/DoS/DDoS
DDoS attacks now a dominant means of waging political cyber-warfare
Vulnerabilities Expose Cisco Meraki and ECE Products to DoS Attacks - SecurityWeek
Millions of tunneling hosts are vulnerable to spoofing, DDoS attacks, say researchers | CSO Online
Surging DDoS attack rates show no sign of slowing down – here’s why | ITPro
Internet of Things – IoT
7 Tips to Keep Your Smart Home Safer and More Private, From a NIST Cyber Security Researcher | NIST
Connected cars drive into a cyber security crisis - Help Net Security
Hackers Could Unleash Chaos Through Backdoor in China-Made Robot Dogs - SecurityWeek
89% of Healthcare Organisations Use the Most Vulnerable IoT Devices - Infosecurity Magazine
Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware - SecurityWeek
Unpatched Manufacturing Camera Could Allow Industrial Spying
Data Breaches/Leaks
Cyber criminals exfiltrate data in just three days - Help Net Security
Top Trump Officials’ Passwords and Personal Phone Numbers Discovered Online | WIRED
Trump Officials Exposed by NatSec Advisor’s Unsecured Venmo Account | MSSP Alert
FBI investigating cyber attack at Oracle, Bloomberg News reports | Reuters
Britain Follows Signalgate With Its Own Jaw-Dropping Military Leak
Check Point confirms breach, but says crim posted old data • The Register
5 Companies That Have Suffered Data Breaches – & Paid the Price
Critical Cyber Security Lessons from the Recent Exposure of US Military Plans - Security Boulevard
Oracle tells clients of second recent hack, log-in data stolen, Bloomberg News reports | Reuters
Evolve Bank Reaches $11.8M Deal Over 2024 Data Breach - Law360
Customer info allegedly stolen from Royal Mail, Samsung • The Register
Oracle privately confirms Cloud breach to customers
Cyber Security Experts Slam Oracle's Handling of Big Breach
What the Signal Leak Revealed About Washington - The New York Times
Senior Trump officials ordered to preserve Signal group chat - BBC News
Using Signal to discuss war plans is even dumber than it sounds
Genetic Breach Fallout: 23andMe’s Collapse Raises Security Alarms - Security Boulevard
How Oracle took a security breach claim and made it worse • The Register
Hacker Leaks Samsung Customer Data - SecurityWeek
T-Mobile Bug Reveals Names, Images, and Locations of Random Children
Thousands Of Driver’s Licenses, Bank Records, And PII Exposed In Australian Fintech Data Leak
Former GCHQ intern admits top secret data breach risking national security – DataBreaches.Net
200 Million X User Records Released — 2.8 Billion Twitter IDs Leaked
The Ultimate Overshare: 1.5M Private Photos Left Exposed On Dating Apps
Intimate images from kink and LGBTQ+ dating apps left exposed online | Malwarebytes
39 Million Secrets Leaked on GitHub in 2024 - SecurityWeek
National Security Adviser Waltz now accused of using Gmail • The Register
Organised Crime & Criminal Actors
AI Giving Rise of the ‘Zero-Knowledge’ Threat Actor - SecurityWeek
Amateur Hacker Leverages Bulletproof Hosting Server to Spread Malware - Infosecurity Magazine
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
New Crocodilus malware steals Android users’ crypto wallet keys
Over $1.5 billion of crypto was lost to scams or theft in just three months of 2025 | TechRadar
Over 500 Phishing Domains Emerge Following Bybit Heist - Infosecurity Magazine
Insider Risk and Insider Threats
GenAI turning employees into unintentional insider threats - Help Net Security
The human side of insider threats: People, pressure, and payback - Help Net Security
Cyber Security’s Greatest Threat Isn’t AI—It’s Us
Man charged over Network Rail terror message hack - BBC News
Insurance
Small Businesses Continue to Be Underserved by Cyber Insurers: CyberCube
Supply Chain and Third Parties
Evolve Bank Reaches $11.8M Deal Over 2024 Data Breach - Law360
Customer info allegedly stolen from Royal Mail, Samsung • The Register
Royal Mail probes possible breach after cyber criminal posts customer data
Cloud/SaaS
Hackers Exploit Microsoft Teams in Multi-Stage AI Cyber Attack
Oracle Cloud Users Urged to Take Action
SaaS Is Broken: Why Bring Your Own Cloud (BYOC) Is the Future - The New Stack
Independent tests show why orgs should use third-party cloud security services | CyberScoop
Amazon refuses Microsoft 365 deployment because of lax cyber security | CSO Online
Outages
ChatGPT is down worldwide with something went wrong error
Identity and Access Management
Identity lapses ensnared organisations at scale in 2024 | CyberScoop
Encryption
EU: These are scary times – let's backdoor encryption! • The Register
Apple devices are at ‘most risk’ in UK following government ‘backdoor’ order | Computer Weekly
Linux and Open Source
New Ubuntu Linux security bypasses require manual mitigations
Qualys Finds Three Security Bypasses In Ubuntu's Unprivileged User Namespace Restrictions
Passwords, Credential Stuffing & Brute Force Attacks
These Hackers Use Your GPU To Load Password-Stealing Malware
Top 10 Most-Used RDP Passwords Are Not Complex Enough
Social Media
Qakbot Resurfaces in Fresh Wave of ClickFix Attacks
The Ultimate Overshare: 1.5M Private Photos Left Exposed On Dating Apps
Intimate images from kink and LGBTQ+ dating apps left exposed online | Malwarebytes
Training, Education and Awareness
When blaming the user for a security breach is unfair – or just wrong | CSO Online
Regulations, Fines and Legislation
UK threatens £100K-a-day fines under new cyber bill • The Register
Cyber Security and Resilience Bill Will Apply to 1000 UK Firms - Infosecurity Magazine
What NIS2 implementation means for enterprises [Q&A]
Legal impact on cyber security in 2025: new developments and challenges in the EU | CSO Online
Anti-scam campaign groups urge UK police forces to get tougher on fraudsters | Scams | The Guardian
EU: These are scary times – let's backdoor encryption! • The Register
EU to invest $1.4 billion in artificial intelligence, cyber security and digital skills | Reuters
Apple devices are at ‘most risk’ in UK following government ‘backdoor’ order | Computer Weekly
Cyber attacks to remain a national emergency event in the US | SC Media
Russia formally declared national security threat to Britain
Europe Hits The Brakes On GDPR: Plans To Slash Red Tape In The Works
Trump CISA Cuts Threaten US Election Integrity, Experts Warn - Infosecurity Magazine
Top Trump Officials’ Passwords and Personal Phone Numbers Discovered Online | WIRED
Trump Officials Exposed by NatSec Advisor’s Unsecured Venmo Account | MSSP Alert
Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices
Japan Bolsters Cyber Safeguards, Passes Cyber Defense Bill
DOGE official at DOJ bragged about hacking, distributing pirated software - CNA
National Security Adviser Waltz now accused of using Gmail • The Register
Models, Frameworks and Standards
Legal impact on cyber security in 2025: new developments and challenges in the EU | CSO Online
The UK’s Cyber Security and Resilience Bill will boost standards – and increase costs | CSO Online
UK threatens £100K-a-day fines under new cyber bill • The Register
New cyber laws to safeguard UK economy and secure long-term growth - GOV.UK
Cyber Security and Resilience Bill Will Apply to 1000 UK Firms - Infosecurity Magazine
New ‘pivotal’ legislation to force businesses to boost cyber defences
What NIS2 implementation means for enterprises [Q&A]
New bill requires IT firms to bolster safeguards amid rising cyber threats
Europe Hits The Brakes On GDPR: Plans To Slash Red Tape In The Works
New PCI DSS Rules Say Merchants on Hook for Compliance, Not Providers
ICO Apologizes After Data Protection Response Snafu - Infosecurity Magazine
Data Protection
Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices
Careers, Working in Cyber and Information Security
Cyber skills: How to become a digital detective
Why cyber security needs more neurodivergent thinkers and diverse talent | Capacity Media
Law Enforcement Action and Take Downs
Interpol-Led International Cyber Crime Operation Arrests 300
Europol Dismantles Kidflix With 72,000 CSAM Videos Seized in Major Operation
Major Online Platform for Child Exploitation Dismantled - Infosecurity Magazine
US Seizes $8.2m from Romance Baiting Scammers - Infosecurity Magazine
DoJ Seizes Over $8M From Sprawling Pig Butchering Scheme
Man charged over Network Rail terror message hack - BBC News
FBI raids home of prominent computer scientist who has gone incommunicado - Ars Technica
Indiana security prof and wife vanish after FBI raid • The Register
Former GCHQ intern admits top secret data breach risking national security – DataBreaches.Net
Student pleads guilty to smuggling software out of GCHQ • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
The Espionage Toolkit of Earth Alux A Closer Look at its Advanced Techniques | Trend Micro (US)
The War Room newsletter: How Chinese hackers hunt American secrets
Countering nation-state cyber espionage: A CISO field guide | Computer Weekly
DDoS attacks now a dominant means of waging political cyber-warfare
US and its allies are undergoing a digital Pearl Harbor attack - Asia Times
How Cyber Espionage Threatens Democracy in the Age of Trump (The Agenda) - The Citizen Lab
Why global tensions are a cyber security problem for every business - Help Net Security
Nation State Actors
Why no business is safe from state-sponsored cyber attacks | TechRadar
Countering nation-state cyber espionage: A CISO field guide | Computer Weekly
China
Why no business is safe from state-sponsored cyber attacks | TechRadar
The War Room newsletter: How Chinese hackers hunt American secrets
US and its allies are undergoing a digital Pearl Harbor attack - Asia Times
Salt Typhoon may have upgraded backdoors for efficiency and evasion | CSO Online
The Espionage Toolkit of Earth Alux A Closer Look at its Advanced Techniques | Trend Micro (US)
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances - SecurityWeek
Suspected Chinese snoops hijacking buggy Ivanti gear — again • The Register
Five VPN apps in the App Store had links to Chinese military - 9to5Mac
Cyber Security Professor Faced China-Funding Inquiry Before Disappearing, Sources Say | WIRED
Indiana security prof and wife vanish after FBI raid • The Register
China cracks down on personal information collection • The Register
Hackers Could Unleash Chaos Through Backdoor in China-Made Robot Dogs - SecurityWeek
Russia
Over 50 European Hybrid-Attacks Attributed to Russia, Journalists Find
US and its allies are undergoing a digital Pearl Harbor attack - Asia Times
A Deep Dive into Water Gamayun's Arsenal and Infrastructure | Trend Micro (US)
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
Russia formally declared national security threat to Britain
Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia - SecurityWeek
Russia-linked Gamaredon targets Ukraine with Remcos RAT
'89 hours of non-stop work' — Ukrainian Railways' battle against a cyber attack by 'the enemy'
Ukraine Blames Russia for Railway Hack, Labels It “Act of Terrorism” - Infosecurity Magazine
Russian secret services' tactics used in cyber attack on Ukrainian Railways | Ukrainska Pravda
Russian Hackers Using Russia-Based Bulletproof Network to Switch Network Infrastructure
Why you should replace your Kaspersky antivirus | TechRadar
Russian authorities arrest three suspects behind Mamont Android banking trojan
Amateur Hacker Leverages Bulletproof Hosting Server to Spread Malware - Infosecurity Magazine
North Korea
North Korean IT worker army expands operations in Europe
North Korean hackers adopt ClickFix attacks to target crypto firms
Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware
Over $1.5 billion of crypto was lost to scams or theft in just three months of 2025 | TechRadar
Tools and Controls
Top 10 Most-Used RDP Passwords Are Not Complex Enough
When disaster hits, preparation prevents poor performance • The Register
Resilience in the face of ransomware: A key to business survival
How Cyber Risk Quantification Bridges Security-Board Gap
Hackers Exploit Microsoft Teams in Multi-Stage AI Cyber Attack
SaaS Is Broken: Why Bring Your Own Cloud (BYOC) Is the Future - The New Stack
Independent tests show why orgs should use third-party cloud security services | CyberScoop
Ransomware crews add EDR killers to their arsenal • The Register
Identity lapses ensnared organisations at scale in 2024 | CyberScoop
Hackers Used Weaponized Zoom Installer to Gain RDP Access & Deploy BlackSuit Ransomware
The Reality Behind Security Control Failures—And How to Prevent Them
7 ways to get C-suite buy-in on that new cyber security tool - Help Net Security
Why you should replace your Kaspersky antivirus | TechRadar
Suspected Chinese snoops hijacking buggy Ivanti gear — again • The Register
Five VPN apps in the App Store had links to Chinese military - 9to5Mac
Visibility, Monitoring Key to Enterprise Endpoint Strategy
Law enforcement needs to fight fire with fire on AI threats | ITPro
How an Interdiction Mindset Can Help Win War on Cyber Attacks
Expert Insights: Strengthening Business Continuity And Disaster Recovery Strategies With AI
Agentic AI might take years to transform security, but cyber defenders must prepare now
Amazon refuses Microsoft 365 deployment because of lax cyber security | CSO Online
Google DeepMind Unveils Framework to Exploit AI's Cyber Weaknesses - SecurityWeek
Benefits from privacy investment are greater than the cost - Help Net Security
Other News
Why no small business is too small for hackers - and 8 security best practices for SMBs | ZDNET
CyberCube Releases New Report Highlighting Cyber Risk Exposure for Small Businesses
Why no business is too small for the cyber criminals – The Irish News
Small Businesses Continue to Be Underserved by Cyber Insurers: CyberCube
When it comes to security, public Wi-Fi could be a risky choice for commuters worldwide | TechRadar
As CISA Downsizes, Where Can Enterprises Get Support?
Cyber security report advocates an offence-driven approach ...
Over Half of Attacks on Electricity and Water Firms Are Destructive - Infosecurity Magazine
How an Interdiction Mindset Can Help Win War on Cyber Attacks
Solar Power System Vulnerabilities Could Result in Blackouts - Infosecurity Magazine
Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA
Tradespeople warned to be vigilant against cyber-crime | Dorset Echo
The Cyber Security Confidence Paradox in Law Firms: Trends, Threats and Best Practices
Cyber attacks on utilities pose risk to public safety
The hidden cyber threats lurking in critical infrastructure
Safeguarding Student and Faculty Data: Cyber Security in Higher Education - Security Boulevard
Cyber criminals target auto industry with sophisticated hacks | SC Media
Vulnerability Management
Follow Patch Tuesday best practices for optimal results | TechTarget
How Linux Kernel Deals With Tracking CVE Security Issues - The New Stack
Why delaying software updates is a terrible idea | ZDNET
What are business logic vulnerabilities? | ITPro
Vulnerabilities
Unknown scanners probing Juniper and Palo Alto products • The Register
Hackers Actively Targeting SonicWall, Zoho, F5 & Ivanti Systems to Exploit Vulnerabilities
Rootkit, Backdoor and Tunneler: Ivanti Malware Does It All
Vulnerabilities Expose Cisco Meraki and ECE Products to DoS Attacks - SecurityWeek
Suspected Chinese snoops hijacking buggy Ivanti gear — again • The Register
Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
A Deep Dive into Water Gamayun's Arsenal and Infrastructure | Trend Micro (US)
Qualys Finds Three Security Bypasses In Ubuntu's Unprivileged User Namespace Restrictions
Don't wait to update: iOS 18.4 introduces key security fixes
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
Apple issues fixes for vulnerabilities in both old and new OS versions | CyberScoop
Spike in Palo Alto Networks scanner activity suggests imminent cyber threats
Hackers Scanning From 24,000 IP’s to Gain Access to Palo Alto Networks
Max severity RCE flaw discovered in widely used Apache Parquet
New Ubuntu Linux security bypasses require manual mitigations
VMware Workstation auto-updates broken after Broadcom URL redirect
Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia - SecurityWeek
Critical RCE flaws put Kubernetes clusters at risk of takeover | CSO Online
Microsoft warns of critical flaw in Canon printer drivers
Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities - SecurityWeek
Questions Remain Over Attacks Causing DrayTek Router Reboots - SecurityWeek
Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent
Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 28 March 2025
Black Arrow Cyber Threat Intelligence Briefing 28 March 2025:
-Third-Party Security Issues Could Be the Biggest Threat Facing Your Business
-New Morphing Meerkat Phishing Kit Mimics 114 Brands
-NCA Warns of Sadistic Online “Com” Networks
-Threat Actors Abuse Trust in Cloud Collaboration Platforms
-Report Reveals How Breaches Are Fuelling Hyper-Personalised Email Attacks
-No MFA? Expect Hefty Fines, UK’s ICO Warns
-Mobsters Now Overlap with Cyber Crime Gangs and Use AI for Evil, Europol Warns
-Ransomware Attacks Surge Despite Payments Being Down
-High-Severity Cloud Security Alerts Tripled in 2024
-If You Think You’re Immune to Phishing Attempts, You’re Wrong!
-UK Expanding Cyber Capabilities Amid US Pause
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Summary
Our summary of threat intelligence this week highlights how attackers exploit your trust in third parties, well-known brands, or cloud collaboration platforms, including Dropbox, SharePoint and DocuSign, to gain access to your information or systems including in ransomware attacks. Criminals are innovating through new social engineering and phishing-as-a-service platforms, combined with voice-phishing and AI. Organisations can help reduce these risks through enhanced employee training and multi-factor-authentication (MFA), and stronger defences against ransomware.
Also this week, the UK’s Information Commissioner’s Office (ICO) imposed a fine of £3m on an IT provider who experienced a cyber incident because they did not have basic cyber security in place such as MFA and vulnerability management. The ICO has warned that it will impose higher fines for similar cases in future.
There has been a continued increase in cyber threats from both domestic and state-aligned actors, including criminal gangs now operating with the speed and sophistication of nation states. The UK government is expanding its cyber capabilities in response, but for organisations, the message is clear: the threat landscape is evolving faster than ever, and both vigilance and adaptability are essential.
Top Cyber Stories of the Last Week
Third-Party Security Issues Could Be the Biggest Threat Facing Your Business
New research has revealed that over a third (35%) of all breaches in 2024 were linked to third-party suppliers; a figure likely to be understated due to underreporting. The report highlights a shift in attack surfaces, with fewer breaches involving traditional technology products and services. More than two in five ransomware attacks now originate through third parties. Experts warn that organisations must move beyond periodic vendor assessments and adopt real-time monitoring to stay ahead of evolving third-party cyber security threats.
New Morphing Meerkat Phishing Kit Mimics 114 Brands
A new phishing-as-a-service platform, dubbed Morphing Meerkat, has been uncovered, targeting users across the globe by mimicking login pages for 114 well-known brands. The phishing kit uses victims’ mail exchange records to tailor fake login pages to their email providers, making the attack more convincing. Thousands of phishing emails have been distributed using compromised websites and advertising redirects to bypass security filters. The kit also supports over a dozen languages and includes anti-analysis features, making detection and investigation more difficult. Stolen credentials are exfiltrated using tools like Telegram, increasing the speed and scale of data theft.
NCA Warns of Sadistic Online “Com” Networks
The UK’s National Crime Agency has warned of a sharp rise in “Com” networks: online groups of sadistic teenage boys engaged in cyber attacks, fraud, extremism and serious abuse. Reports of these threats increased six-fold in the UK between 2022 and 2024. These English-speaking groups operate openly on mainstream platforms and have been linked to ransomware, phishing, SIM swapping and social engineering. While most threats still originate abroad, the NCA highlights a growing domestic risk. The groups target young girls in particular, often coercing them into serious self-harm, with motivations ranging from profit and notoriety to status within these networks.
Threat Actors Abuse Trust in Cloud Collaboration Platforms
Cofense Intelligence has reported a sharp rise in phishing attacks that abuse trusted online document platforms to bypass secure email gateways and steal credentials. In 2024, these platforms were linked to 8.8% of all credential phishing campaigns, with 79% aiming to harvest user credentials. Dropbox was the most exploited at 25%, followed by Adobe, SharePoint and DocuSign. Features like automatic email notifications and delayed takedowns help attackers evade detection. The report recommends organisations enhance user awareness, apply behavioural analysis tools, and adopt multi-factor authentication to better defend against these increasingly sophisticated phishing threats.
Report Reveals How Breaches Are Fuelling Hyper-Personalised Email Attacks
Fortra’s latest report highlights a sharp rise in highly personalised email attacks, with 99% of threats in 2024 involving social engineering or phishing without malware. Over 1 billion records were breached last year, enabling cyber criminals to combine stolen and publicly available data to make scams more convincing. Abuse of legitimate platforms surged by 200%, particularly targeting e-signature services like DocuSign and free developer tools. Hybrid vishing, combining phishing with phone-based deception, emerged as the most common scam, with one in three impersonating PayPal in late 2024. The report warns that generative AI will intensify these threats in 2025.
No MFA? Expect Hefty Fines, UK’s ICO Warns
The UK Information Commissioner’s Office (ICO) has warned that failing to implement basic cyber security measures like multi-factor authentication (MFA) could result in significant fines. This follows a £3.07m penalty issued to IT provider Advanced after a 2022 ransomware attack exposed sensitive data of over 79,000 individuals and severely disrupted NHS services. Hackers exploited a customer account without MFA, highlighting broader failings in patching and vulnerability management. While the fine was reduced from an initial £6.1m due to the firm’s cooperation, the ICO stressed that future penalties may be higher for similar incidents where fundamental protections are missing.
Mobsters Now Overlap with Cyber Crime Gangs and Use AI for Evil, Europol Warns
Europol’s latest threat assessment reveals that organised crime groups are increasingly adopting digital technologies, with AI now central to their operations. These networks are using AI to scale criminal activities, evade detection, and exploit digital platforms and illicit financial systems. Europol warns that organised crime is now deeply embedded online, with the internet serving as its primary arena and data becoming its most valuable asset. The report also highlights growing collaboration between criminal groups and state-aligned hybrid threat actors, amplifying the threat to the EU’s institutions and social cohesion through shared tools, expertise, and protection.
Ransomware Attacks Surge Despite Payments Being Down
Ontinue’s latest threat intelligence report reveals a 132% rise in ransomware attacks, despite ransom payments falling by 35%, indicating a shift in attacker tactics. Vishing (voice enabled phishing) attacks have surged by 1,633% in just one quarter, now fuelled by AI-powered voice cloning to impersonate trusted individuals. Adversary-in-the-Middle attacks are also on the rise, enabling cyber criminals to bypass multi-factor authentication. Meanwhile, the misuse of legitimate tools such as Microsoft Quick Assist and the targeting of Windows Hello authentication keys highlight an evolving threat landscape. The report urges firms to strengthen defences against ransomware, phishing, and credential theft.
High-Severity Cloud Security Alerts Tripled in 2024
Palo Alto Networks reported a 235% surge in high-severity cloud security alerts in 2024, contributing to a 388% overall rise in incidents across the year. Organisations now face an average of 20 serious daily alerts, with the most common linked to suspicious identity use and disabled data protections. Notably, suspicious large downloads rose by 305% and abnormal user activity by over 100%. The focus of cloud security is shifting from misconfigurations to threats occurring in real-time as systems operate, highlighting the growing need for runtime visibility to detect and respond to active threats more effectively.
If You Think You’re Immune to Phishing Attempts, You’re Wrong!
Cyber security expert Troy Hunt has publicly admitted falling victim to a convincing phishing attack that compromised his Mailchimp account and exposed the email addresses, IPs, and geolocation data of newsletter subscribers. Despite recognising warning signs in hindsight, Hunt’s experience highlights how sophisticated and automated such attacks have become. Notably, the attack bypassed two-factor authentication via one-time passcodes, underlining the limitations of commonly used security controls. Hunt stressed the importance of phishing-resistant authentication and the need for stronger default protections from service providers. His transparency serves as a timely reminder that no individual is immune, regardless of expertise.
UK Expanding Cyber Capabilities Amid US Pause
The UK government has reaffirmed its commitment to expanding cyber capabilities in response to the growing threat landscape and a shift in US policy on offensive cyber operations. Armed Forces Minister Luke Pollard confirmed increased investment in both defensive and offensive cyber forces, including a new direct entry pathway for cyber specialists. The 77th Brigade remains central to countering Russian disinformation in Eastern Europe. In 2024, the UK’s National Cyber Security Centre received 1,957 cyber attack reports, including 89 nationally significant incidents and 12 severe cases, underscoring the urgency of strengthening the UK’s cyber resilience.
Sources:
https://thehackernews.com/2025/03/new-morphing-meerkat-phishing-kit.html
https://www.infosecurity-magazine.com/news/nca-warns-of-sadistic-online-com/
https://www.infosecurity-magazine.com/news/threat-actors-abuse-cloud-platforms/
https://informationsecuritybuzz.com/fortra-report-reveals-how-breaches/
https://www.infosecurity-magazine.com/news/mfa-expect-hefty-fines-uk-ico/
https://www.theregister.com/2025/03/24/modern_mafiosos_wield_ai/
https://betanews.com/2025/03/25/ransomware-attacks-surge-despite-payments-being-down/
https://www.darkreading.com/cyber-risk/high-severity-cloud-security-alerts-tripled-2024
https://www.helpnetsecurity.com/2025/03/26/troy-hunt-mailchimp-phishing-email/
https://ukdefencejournal.org.uk/uk-expanding-cyber-capabilities-amid-us-pause/
Threats
Ransomware, Extortion and Destructive Attacks
Massive Surge In Ransomware Attacks—AI And 2FA Bypass To Blame
Ransomware attacks surge despite payments being down
Ransomware Shifts Tactics as Payouts Drop: Critical Infrastructure in the Crosshairs - SecurityWeek
Half of firms have been hit by a cyber attack - Digital Journal
Albabat Ransomware Evolves to Target Linux and macOS - Infosecurity Magazine
Building ransomware resilience to avoid paying out | ITPro
Ransomware hackers are desperate lying liars | Cybernews
Russian Ransomware Gang Exploited Windows Zero-Day Before Patch - SecurityWeek
Ransomware Groups Increasingly Adopting EDR Killer Tools - SecurityWeek
Medusa Ransomware Uses Malicious Driver to Disable Security Tools - SecurityWeek
New VanHelsing ransomware targets Windows, ARM, ESXi systems
VMware Vulnerabilities Exploited Actively to Deploy Ransomware
RedCurl cyber spies create ransomware to encrypt Hyper-V servers
BlackLock Ransomware Targeted by Cyber Security Firm
Russian Espionage Group Using Ransomware in Attacks - SecurityWeek
VSCode extensions found downloading early-stage ransomware
Resecurity turns the table on BlackLock ransomware • The Register
Vampire Cosplay and Brand Revival: Ransomware in 2025
Winning the war on ransomware with multi-layer security | TechRadar
Ransomware Victims
UK fines software provider £3.07 million for 2022 ransomware breach
UK ICO fines Advanced Computer £3.07m after NHS data breach
WoW! A Ransomware Gang Just Took Over One Of America’s Largest ISPs
Ransomware Group Claims Attacks on Ascom, Jaguar Land Rover - SecurityWeek
Cloak ransomware group hacked the Virginia Attorney General’s Office
New Ransomware Group Claims Attack on US Telecom Firm WideOpenWest - SecurityWeek
Phishing & Email Based Attacks
Half of firms have been hit by a cyber attack - Digital Journal
If you think you're immune to phishing attempts, you're wrong! - Help Net Security
Microsoft Teams Phishing Attacks: What to Know and What to Do | MSSP Alert
Cloud collaboration platforms exploited in phishing attacks
Threat Actors Abuse Trust in Cloud Collaboration Platforms - Infosecurity Magazine
New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims' DNS Email Records
Fortra Report Reveals How Breaches Are Fuelling Hyper-Personalized Email Attacks
Intro to Deceptionology: Why Falling for Scams is Human Nature - Security Boulevard
The Rise of Mobile Phishing and How to Prevent Mobile Phishing - Security Boulevard
These phishing attacks are now targeting Mac browsers - how to protect yourself | ZDNET
Why are the young so vulnerable to phishing scams? Blame fomo | BusinessDesk
Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!
Famous Data Breaches & Phishing Attacks: What We Can Learn - Security Boulevard
New phishing campaign uses scareware to steal Apple credentials | CSO Online
'Lucid' Phishing Tool Exploits Faults in iMessage, RCS
Cyber Security Gaps Leave Doors Wide Open
Business Email Compromise (BEC)/Email Account Compromise (EAC)
DoJ Recovers $5M Lost in BEC Fraud Against Workers' Union
Other Social Engineering
Intro to Deceptionology: Why Falling for Scams is Human Nature - Security Boulevard
Teen Boys at Risk of Sextortion as 74% Lack Basic Awareness - Infosecurity Magazine
T-Mobile Coughed Up $33 Million in SIM Swap Lawsuit - SecurityWeek
New phishing campaign uses scareware to steal Apple credentials | CSO Online
Artificial Intelligence
Massive Surge In Ransomware Attacks—AI And 2FA Bypass To Blame
How AI, corruption and digital tools fuel Europe's criminal underworld - Help Net Security
Mobsters now overlap with cyber crime gangs, says Europol • The Register
Enterprises walk a tightrope between AI innovation and security - Help Net Security
89% of Enterprises GenAI Usage Is Untracked, Posing Security Risks - Security Boulevard
Dark Web Mentions of Malicious AI Tools Spike 200% - Infosecurity Magazine
3 in 4 Enterprise Users Upload Data to GenAI Including passwords and keys
NIST Warns of Significant Limitations in AI/ML Security Mitigations - Infosecurity Magazine
AI Agents Will Cut Account Exploitation Time By 50%
The Human Factor: Redefining Cyber Security In The Age Of AI
A CISO’s guide to securing AI models - Help Net Security
Overcoming Cyber Security Challenges In Agentic AI
AI vs. Cyber Criminals: Who Wins the Race in Next-Gen Threat Detection? - Security Boulevard
North Korea launches new unit with a focus on AI hacking, per report | TechCrunch
How governments can strengthen cyber security in the age of AI and hybrid threats - e-Estonia
WhatsApp's Meta AI is now rolling out in Europe, and it can't be turned off
Fake DeepSeek Ads Spread Malware to Google Users
2FA/MFA
Massive Surge In Ransomware Attacks—AI And 2FA Bypass To Blame
No MFA? Expect Hefty Fines, UK’s ICO Warns - Infosecurity Magazine
NCSC taps influencers to make 2FA go viral • The Register
Malware
Cyber Criminals Exploit CheckPoint Driver Flaws in Malicious Campaign - Infosecurity Magazine
How Businesses Can Protect Themselves Against Infostealers
Windows users targeted with CoffeeLoader | Cybernews
SpyX Breach Shows Apple Users Aren’t Invulnerable And Silence Is Deafening
New macOS Malware 'ReaderUpdate' Upgraded Arsenal With Nim and Rust Variants
Fake DeepSeek Ads Spread Malware to Google Users
CoffeeLoader Malware Loader Linked to SmokeLoader Operations - Infosecurity Magazine
Valve just pulled a malicious game demo spreading info-stealing malware from Steam | Tom's Guide
Malware strikes again. I'm starting to worry about Steam's lax security | PCWorld
New Linux Kernel Rust Module Unveiled to Detect Rootkits
Mobile
The Rise of Mobile Phishing and How to Prevent Mobile Phishing - Security Boulevard
Research: Rooting Tools Vs The Mobile Security Industry
Microsoft’s .NET MAUI Tool Leveraged for Android Malware Deployment | MSSP Alert
'Lucid' Phishing Tool Exploits Faults in iMessage, RCS
Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection
T-Mobile Coughed Up $33 Million in SIM Swap Lawsuit - SecurityWeek
Do you use Android? This secret Google technique could protect you - Talk Android
Denial of Service/DoS/DDoS
How to protect your site from DDoS attacks - before it's too late | ZDNET
Internet of Things – IoT
IoT Security Gaps Put Enterprises at Risk - DataBreachToday
Data Breaches/Leaks
Inside the CIA's use of Signal and how America's enemies try to hack it - Washington Times
OPSEC Nightmare: Leaking US Military Plans to a Reporter
Here Are the Attack Plans That Trump’s Advisers Shared on Signal - The Atlantic
The Atlantic releases screenshots of timing, weapons used in Yemen war plans Signal chat - POLITICO
How does your data end up on the dark web? - Help Net Security
Famous Data Breaches & Phishing Attacks: What We Can Learn - Security Boulevard
Oracle’s Data Breach Denial Unravels As Leaked Info Checks Out
Coinbase was primary target of recent GitHub Actions breaches
23andMe files for bankruptcy protection • The Register
Three rules potentially broken by Trump team's Signal group chat leak - BBC News
Dark Web Intelligence: A Critical Layer in Modern Cyber Security Strategy | MSSP Alert
Widespread Keenetic Router Data Breach Uncovered | MSSP Alert
Organised Crime & Criminal Actors
2025 Risk Survey: Cyber Security, Fraud at the Forefront | Bank Director
How AI, corruption and digital tools fuel Europe's criminal underworld - Help Net Security
Mobsters now overlap with cyber crime gangs, says Europol • The Register
Ransomware hackers are desperate lying liars | Cybernews
INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cyber Crime Bust
How Scammers Launder Money and Get Away With It - The New York Times
New Cyber Crime Tool 'Atlantis AIO' Amps Up Credential Stuffing Attacks
NCA Warns of Sadistic Online “Com” Networks - Infosecurity Magazine
Alleged Snowflake hacker agrees to be extradited to the US | The Verge
Furry Hackers Fear Leader Raided by FBI
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
US Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe
Fewer than 500 people are responsible for $3.2 trillion of artificial crypto trading - Fast Company
Coinbase was primary target of recent GitHub Actions breaches
Insider Risk and Insider Threats
The Human Factor: Redefining Cyber Security In The Age Of AI
Cyber security Gaps Leave Doors Wide Open
Insurance
Threat of state-sponsored cyber attacks could make UK terror insurer ‘obsolete’
Cyber insurance isn't always what it seems - Help Net Security
Supply Chain and Third Parties
Third-party security issues could be the biggest threat facing your business | TechRadar
SecurityScorecard Observes Surge in Third-Party Breaches - Infosecurity Magazine
UK ICO fines Advanced Computer £3.07m after NHS data breach
Will your supply chain stand up to a nation-state hack? • The Register
SecurityScorecard 2025 Global Third-Party Breach Report Reveals Surge in Vendor-Driven Attacks
US defence contractor settles whistleblower suit for $4.6M • The Register
Coinbase was primary target of recent GitHub Actions breaches
Cloud/SaaS
Cloud providers aren’t delivering on security promises - Help Net Security
Microsoft Teams Phishing Attacks: What to Know and What to Do | MSSP Alert
Cloud collaboration platforms exploited in phishing attacks
Threat Actors Abuse Trust in Cloud Collaboration Platforms - Infosecurity Magazine
High-Severity Cloud Security Alerts Tripled in 2024
Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks
Hijacked Microsoft Stream classic domain "spams" SharePoint sites
Oracle Cloud denies claims of server intrusion • The Register
Outages
Lessons from CrowdStrike – a particular focus on financial services
Identity and Access Management
Encryption
Prepping for post-quantum: a beginner’s guide to lattice cryptography
Ex-UK cyber chief says asking Apple to break encryption was 'naive' | New Scientist
A Win for Encryption: France Rejects Backdoor Mandate | Electronic Frontier Foundation
Linux and Open Source
Albabat Ransomware Evolves to Target Linux and macOS - Infosecurity Magazine
Cyber security and open-source software in products with digital elements
New Linux Kernel Rust Module Unveiled to Detect Rootkits
EU OS takes a 'layered' approach to its new Linux distro for the public sector | ZDNET
Passwords, Credential Stuffing & Brute Force Attacks
How to Balance Password Security Against User Experience
New Cyber Crime Tool 'Atlantis AIO' Amps Up Credential Stuffing Attacks
Google Account Hijackers Target Victims Via Semrush Ads - Infosecurity Magazine
New phishing campaign uses scareware to steal Apple credentials | CSO Online
Social Media
How to protect your phone and data privacy at the US border | US immigration | The Guardian
What travelers should know about their rights when entering the U.S. - The Washington Post
Travelers fear social media and photos may now trigger deportation
Malvertising
Google Account Hijackers Target Victims Via Semrush Ads - Infosecurity Magazine
Training, Education and Awareness
70% of South African businesses lack basic cyber security awareness
Regulations, Fines and Legislation
UK fines software provider £3.07 million for 2022 ransomware breach
UK ICO fines Advanced Computer £3.07m after NHS data breach
No MFA? Expect Hefty Fines, UK’s ICO Warns - Infosecurity Magazine
Analysis: ‘We’re Choosing to Blind Ourselves’ – US Backs Off Russian Threats, PART I
Ex-UK cyber chief says asking Apple to break encryption was 'naive' | New Scientist
EU Cyber Resilience Act: What You Need to Know - Security Boulevard
Monitoring preparedness and governance under EU cyber security legislation
The importance of cyber security compliance – an overview of the EU regulatory framework
Digital resilience and cyber security reporting requirements in the UK and EU
Our Leaders Don't Take Information Security Seriously | National Review
UK Government’s New Fraud Strategy to Focus on Tech-Enabled Threats - Infosecurity Magazine
Adapting the UK’s cyber ecosystem | TechRadar
Inside the CIA's use of Signal and how America's enemies try to hack it - Washington Times
OPSEC Nightmare: Leaking US Military Plans to a Reporter
Here Are the Attack Plans That Trump’s Advisers Shared on Signal - The Atlantic
What CISA's Red Team Disarray Means for US Cyber Defences
Proof of Concept: Is the US Losing Its Cyber Grip?
Ex-NSA boss: Election security focus helped dissuade Russia • The Register
Cyber security and open-source software in products with digital elements
Lessons from CrowdStrike – a particular focus on financial services
Marco Rubio Says Someone in Signal Chat Made ‘Big Mistake’ in Adding Journalist - The New York Times
How DORA compliance future-proofs your organisation: By Steven Rackham
The EU AI Act: A Critical Overview Of A Necessary Act?
Preparing for Cyber Security Disclosure as a Public Company | WilmerHale - JDSupra
US lifts sanctions on Tornado Cash cryptocurrency mixer • The Register
China poses biggest military threat to US: intel report - Digital Journal
US Cyber Security Weakness Benefits China – Foreign Policy
A Win for Encryption: France Rejects Backdoor Mandate | Electronic Frontier Foundation
Models, Frameworks and Standards
EU Cyber Resilience Act: What You Need to Know - Security Boulevard
Monitoring preparedness and governance under EU cyber security legislation
The importance of cyber security compliance – an overview of the EU regulatory framework
Digital resilience and cyber security reporting requirements in the UK and EU
How DORA compliance future-proofs your organisation: By Steven Rackham
NIST 2.0 Demands Strategic Reset, Not a Compliance Patch
Backup and Recovery
Data Protection: Top Trends In Backup And Recovery
Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks
Careers, Working in Cyber and Information Security
60% of cyber security pros looking to change employers | CSO Online
Which Top Cyber Security Role of 2024 Was Featured in 64,000+ Job Postings? | TechRepublic
A closer look at The Ultimate Cyber Security Careers Guide - Help Net Security
11 hottest IT security certs for higher pay today | CSO Online
These cyber security specialists are the most sought-after, according to a report | Cybernews
Law Enforcement Action and Take Downs
INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cyber Crime Bust
Alleged Snowflake hacker agrees to be extradited to the US | The Verge
DoJ Recovers $5M Lost in BEC Fraud Against Workers' Union
Furry Hackers Fear Leader Raided by FBI
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
RedCurl cyber spies create ransomware to encrypt Hyper-V servers
'We are in a state of war': The UK needs to prepare for a future without Nato
Nation State Actors
Threat of state-sponsored cyber attacks could make UK terror insurer ‘obsolete’
Will your supply chain stand up to a nation-state hack? • The Register
China
Chinese hackers are getting bigger, better and stealthier
China, Beijing's ties with Russia main threats to US: intel report - Digital Journal
US Intelligence identifies China as top military, cyber threat
China's FamousSparrow flies back, breaches US org • The Register
Chinese APT Weaver Ant infiltrated a telco for over four years
Cyber Threats Jeopardize US Military Mobility, Report Warns
Chinese Hacker Group Tracked Back to iSoon APT Operation
China poses biggest military threat to US: intel report - Digital Journal
US Cyber Security Weakness Benefits China – Foreign Policy
China bans facial recognition in hotels, bathrooms • The Register
Commerce limits 19 Chinese, Taiwanese companies from buying U.S. tech | CyberScoop
Chinese Hackers Exploit Unpatched Servers in Taiwan
Russia
UK expanding cyber capabilities amid US pause
Analysis: ‘We’re Choosing to Blind Ourselves’ – US Backs Off Russian Threats, PART I
Russian Espionage Group Using Ransomware in Attacks - SecurityWeek
China, Beijing's ties with Russia main threats to US: intel report - Digital Journal
US Intelligence identifies China as top military, cyber threat
Our Leaders Don't Take Information Security Seriously | National Review
What CISA's Red Team Disarray Means for US Cyber Defences
Proof of Concept: Is the US Losing Its Cyber Grip?
Ex-NSA boss: Election security focus helped dissuade Russia • The Register
Ukraine to establish national cyber attack response system
Ukrainian Railways Faced Massive Cyber Attack Over the Weekend
Russian hackers shut down major Belgian websites | Cybernews
Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers
Poland raises defences against cyber attacks before the vote | Stars and Stripes
Widespread Keenetic Router Data Breach Uncovered | MSSP Alert
Russia subjected to suspected joint Head Mare, Twelve attacks | SC Media
Iran
Iran's MOIS-Linked APT34 Spies on Allies Iraq & Yemen
North Korea
U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe
North Korea launches new unit with a focus on AI hacking, per report | TechCrunch
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Russia subjected to suspected joint Head Mare, Twelve attacks | SC Media
Tools and Controls
Cloud providers aren’t delivering on security promises - Help Net Security
Cyber security spending set to jump 12.2% in 2025 - Help Net Security
Cyber criminals Exploit CheckPoint Driver Flaws in Malicious Campaign - Infosecurity Magazine
Prepping for post-quantum: a beginner’s guide to lattice cryptography
How to Balance Password Security Against User Experience
Data Protection: Top Trends In Backup And Recovery
Spring clean your security data: The case for cyber security data hygiene - Help Net Security
10 Critical Network Pentest Findings IT Teams Overlook
Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks
Ransomware Groups Increasingly Adopting EDR Killer Tools - SecurityWeek
What is Infrastructure Intelligence? - Security Boulevard
Threat Intelligence: Are UK Organisations Flying Blind? | SC Media UK
8 Expert Tips and Resources to Stay Ahead of Security Threats - DevX
How Cyber Security Pros Stay Ahead of the Curve – Insights from Experts - DevX
Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates
The hidden costs of security tool bloat and how to fix it - Help Net Security
53% of security teams lack continuous and up-to-date visibility - Help Net Security
AI vs. Cyber Criminals: Who Wins the Race in Next-Gen Threat Detection? - Security Boulevard
Dark Web Intelligence: A Critical Layer in Modern Cyber Security Strategy | MSSP Alert
Russian zero-day seller is offering up to $4 million for Telegram exploits | TechCrunch
Other News
UK CNI’s Overconfidence Puts National Security At Risk
Security experts warn of ‘contradictory confidence’ over critical infrastructure threats | ITPro
Estonia’s bold approach to cyber security: a holistic model for Europe - e-Estonia
Threat of war and disease means Europeans need 3 days’ supplies, Commission to warn – POLITICO
UK NCSC offers security guidance for domain and DNS registrars - Help Net Security
UK says security ties with US are as strong as ever | Reuters
'We are in a state of war': The UK needs to prepare for a future without Nato
How governments can strengthen cyber security in the age of AI and hybrid threats - e-Estonia
Healthcare's alarming cyber security reality - Help Net Security
OT systems are strategic targets in global power struggles - Help Net Security
Single points of failure for our national infrastructure, like Heathrow, can no longer be tolerated
Dozens of solar inverter flaws could be exploited to attack power grids
Is the Middle East's Race to Digitize a Threat?
Cyber attack threat not taken seriously by food and beverage
ENISA Probes Space Threat Landscape in New Report - Infosecurity Magazine
Vulnerability Management
NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD - SecurityWeek
Cyber security Gaps Leave Doors Wide Open
Chinese Hackers Exploit Unpatched Servers in Taiwan
Vulnerabilities
It's time to update Chrome ASAP - again! - to fix this critical flaw | ZDNET
Cyber Criminals Exploit CheckPoint Driver Flaws in Malicious Campaign - Infosecurity Magazine
Russian Ransomware Gang Exploited Windows Zero-Day Before Patch - SecurityWeek
VMware Vulnerabilities Exploited Actively to Deploy Ransomware
CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) - Help Net Security
Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!
Public-facing Kubernetes clusters at risk of total takeover • The Register
Mozilla warns Windows users of critical Firefox sandbox escape flaw
VSCode extensions found downloading early-stage ransomware
Russian zero-day seller is offering up to $4 million for Telegram exploits | TechCrunch
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
E&OE
Black Arrow Cyber Threat Intelligence Briefing 21 March 2025
Black Arrow Cyber Threat Intelligence Briefing 21 March 2025:
-Why Cyber Security Needs More Business-Minded Leaders
-Cyberwashing Exposes Businesses and Consumers to Cyber Risks, Study Warns
-New KnowBe4 Report Reveals a Spike in Phishing Campaigns
-Over 400 million Unwanted and Malicious Emails Were Received by Businesses in 2024
-The Psychology of Scams: How Cyber Criminals Are Exploiting the Human Brain
-Many Workers Are Overconfident at Spotting Phishing Attacks
-Russia Using Criminal Networks to Drive Increase in Sabotage Acts, Says Europol
-AI Will Make Ransomware Even More Dangerous
-Third of UK Supply Chain Relies on ‘Chinese Military’ Companies
-How Economic Headwinds Influence the Ransomware Ecosystem
-Malicious Android ‘Vapor’ Apps on Google Play Installed 60 million Times
-Moving Beyond Checkbox Security for True Resilience
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Summary
There is a clear trend this week that the human element in cyber attacks is being consistently underestimated. Many organisations are overlooking how psychological manipulation, poor user awareness, and leadership blind spots continue to drive successful attacks – even as technical defences evolve.
Reports reveal a concerning rise in phishing and social engineering, with AI now enabling convincing scams that bypass traditional detection. Despite employee confidence, over half of workers fall victim to these tactics. Malicious email campaigns are becoming more deceptive, targeting hiring processes and using compromised accounts to breach defences. Meanwhile, research highlights concerns that ‘cyberwashing’ (the overstating of security capabilities) is creating a false sense of safety, exposing organisations and consumers to avoidable risk.
From a leadership perspective, there’s a growing recognition that cyber security must be a business-wide priority, not just a technical one. Black Arrow Cyber believes that moving beyond checkbox compliance towards risk-led, strategic resilience is essential. Rising ransomware threats, politically motivated sabotage, and complex supply chain risks all demand a unified approach that integrates robust cyber governance with board-level engagement, independent oversight, and ongoing investment in both technology and human readiness.
Top Cyber Stories of the Last Week
Why Cyber Security Needs More Business-Minded Leaders
Cyber security leadership is undergoing a fundamental shift as organisations move beyond compliance towards true resilience. Increasingly, leaders with backgrounds in finance, law, and corporate strategy are taking the helm, bringing a risk-first mindset to security. Rather than focusing solely on technical defences, today’s leaders must align cyber security with wider business objectives, ensuring it supports operational continuity and mitigates financial and reputational risks. This evolution reflects a growing understanding that cyber threats disrupt entire enterprises, not just IT systems. By embedding security into core business strategy, organisations can drive efficiency, secure executive buy-in, and build long-term resilience.
Cyberwashing Exposes Businesses and Consumers to Cyber Risks, Study Warns
A new study from Monash University in Australia warns that many organisations are overstating their cyber security capabilities, a practice dubbed ‘cyberwashing’. This creates a false sense of safety, leaving businesses and consumers exposed to data breaches. The report highlights that vague security claims, lack of independent verification, and failure to disclose past incidents undermine trust and resilience. High-profile breaches at firms like Optus and Medibank illustrate the reputational and legal risks. The study calls for independent audits, clearer reporting, and stronger board oversight as regulatory scrutiny and shareholder lawsuits increase in response to misleading cyber security assurances.
New KnowBe4 Report Reveals a Spike in Phishing Campaigns
KnowBe4’s latest Phishing Threat Trends Report reveals a 17% rise in phishing emails over six months, with 82% of them using AI. Attacks are increasingly bypassing traditional defences, with phishing hyperlinks up 36%, malware up 20%, and social engineering tactics up 14%. Ransomware payloads rose by 22%, including a sharp 57% increase in the last three months. Notably, 76% of campaigns now use polymorphic techniques to avoid detection, and attacks from compromised accounts are up 57%. The report also warns of growing threats targeting hiring processes: 64% focused on engineering roles to gain access to sensitive systems and data.
Over 400 million Unwanted and Malicious Emails Were Received by Businesses in 2024
Hornetsecurity’s latest research reveals that in 2024, over 427 million malicious emails were received by businesses, with phishing accounting for a third of all cyber attacks. Malicious URLs surged to 22% of attack methods, as cyber criminals shifted tactics away from attachments toward more deceptive strategies like reverse proxy attacks that can bypass two-factor authentication. Despite a slight drop in the overall threat index, industries such as mining, entertainment, and manufacturing remain high-risk. The report stresses the need for advanced email filtering, robust multi-layered authentication, and company-wide cyber security awareness to defend against increasingly sophisticated threats.
The Psychology of Scams: How Cyber Criminals Are Exploiting the Human Brain
Cyber criminals stole over £11.4 billion from UK victims last year, increasingly exploiting human psychology rather than just technical weaknesses. With AI lowering barriers to entry, even unsophisticated attackers can craft convincing scams using deepfakes, fake websites, and personalised phishing emails. In fact, 70% of over 30 million phishing emails detected bypassed standard authentication checks. Under stress and decision fatigue, employees are more likely to fall for social engineering tactics that manipulate trust and urgency. While training helps, organisations must combine human awareness with AI-enabled cyber security systems to detect threats traditional tools may miss.
Many Workers Are Overconfident at Spotting Phishing Attacks
A report from KnowBe4 highlights the risks of overconfidence among employees when it comes to spotting phishing attacks. Despite 86% of employees feeling confident in their ability to identify phishing emails, more than half (53%) have fallen victim to social engineering scams. This includes phishing, social media scams, and deepfakes. The report stresses the importance of employee training and fostering a transparent security culture to combat these threats. Even in regions with historically high confidence, such as the UK, vulnerability to these attacks is rising, highlighting the need for ongoing awareness and education.
Russia Using Criminal Networks to Drive Increase in Sabotage Acts, Says Europol
Europol’s latest threat assessment warns of a rise in politically motivated cyber attacks and sabotage across the EU, driven by state actors like Russia working through organised criminal networks. These proxies engage in cyber attacks, arson, data theft and infrastructure sabotage, often using a “woodpecker” approach of frequent, low-level incidents that cumulatively undermine public trust and stability. The report highlights over 150 migrant-smuggling incidents daily on Poland’s border, as well as recent attacks on hospitals and retail centres linked to Russian intelligence. Europol also flags AI-driven online fraud and youth recruitment into cyber crime as growing concerns.
AI Will Make Ransomware Even More Dangerous
Ivanti’s latest research warns that ransomware, already the top predicted threat for 2025, is expected to become even more dangerous with AI; a concern shared by 38% of security professionals yet only 29% feel very prepared to face such attacks. Despite 49% of leaders understanding exposure management, a more strategic approach to cyber security, just 22% plan to increase investment in it. Blind spots remain across shadow IT and vendor risk, while tech debt is a growing concern, with 43% citing increased breach risk and 71% reporting slowed growth. Boards are engaged, but alignment on risk appetite is often lacking.
Third of UK Supply Chain Relies on ‘Chinese Military’ Companies
Bitsight’s latest report reveals that UK firms have digital supply chains 10% larger than the global average, making them more exposed to cyber threats. A key concern is that 30% of UK supply chain relationships involve companies linked to the Chinese military. Additionally, many organisations depend on ‘hidden pillar’ providers (small vendors with an outsized impact) raising the risk of cascading disruption. Suppliers themselves are often more vulnerable than their clients, using 2.5 times more products and having 10 times more internet-facing assets, while also lagging in critical areas like patching and securing systems.
How Economic Headwinds Influence the Ransomware Ecosystem
Ransomware attacks continue to place severe financial strain on organisations, with median ransom demands reaching $2.54 million and total recovery costs often exceeding $3 million. Economic pressures such as inflation, volatile cryptocurrency markets, and security budget cuts are compounding the issue. Threat actors are increasingly adjusting their demands based on inflation and crypto trends, while financial hardship is breeding more attackers and weakening organisational defences. Encouragingly, only 25% of victims paid ransoms in late 2024, an all-time low, but experts warn that even basic cyber defences are being neglected due to budget constraints, increasing the likelihood of compromise.
Malicious Android ‘Vapor’ Apps on Google Play Installed 60 million Times
A recent campaign dubbed ‘Vapor’ saw over 300 malicious Android apps downloaded 60 million times from Google Play, posing as legitimate utilities like health trackers and QR scanners. Though harmless at first glance, these apps activated malicious functions after installation to commit large-scale ad fraud generating 200 million fake ad requests daily, and in some cases attempted to steal user credentials and credit card details. The apps bypassed Google’s security checks by delaying malicious behaviour, remaining hidden from users. While Google has since removed the apps, experts warn the threat actors could return using similar techniques to evade detection.
Moving Beyond Checkbox Security for True Resilience
Many organisations still rely on a ‘checkbox’ approach to cyber security, meeting regulatory requirements without addressing broader risks. MITRE highlights the need for CISOs to align compliance with a threat-informed, risk-based strategy focused on protecting core business assets. Shadow IT and software supply chain vulnerabilities are key blind spots, often left unaddressed. With cloud-focused attacks and advanced ransomware tactics on the rise, investment in continuous testing and managed services is recommended. Large firms like Microsoft have made sizeable investments in security, demonstrating that security must be treated as an evolving discipline, with regular reviews and proactive enhancements to build true resilience.
Sources:
https://www.itsecurityguru.org/2025/03/20/new-knowbe4-report-reveals-a-spike-in-phishing-campaigns/
https://www.techradar.com/pro/security/many-workers-are-overconfident-at-spotting-phishing-attacks
https://www.helpnetsecurity.com/2025/03/21/exposure-management-understanding-among-security-leaders/
https://www.infosecurity-magazine.com/news/third-uk-supply-chain-relies/
https://www.helpnetsecurity.com/2025/03/19/william-booth-mitre-proactive-security-measures/
Governance, Risk and Compliance
A strategic approach to security is key for cyber resilience | World Economic Forum
The Core Pillars of Cyber Resiliency
What Is Cyber Security Risk? A Guide to Protect Your Business - Security Boulevard
Moving beyond checkbox security for true resilience - Help Net Security
Not all cuts are equal: Security budget choices disproportionately impact risk | CSO Online
What If Prevention Was the Key to Cyber Security Success? | Entrepreneur
Advanced Cyber Security for the Modern Enterprise - Security Boulevard
Why Cyber Security Needs More Business-Minded Leaders
Security Neglect: Like an Unserviced Car, It’s Only a Matter of Time - Security Boulevard
Cyberwashing exposes businesses and consumers to cyber risks, study warns
Higher Profile and AI are Putting More Pressure on GRC Teams: Drata | MSSP Alert
Why 2025’s Cyber Security Landscape Demands a Complete Overhaul of Your IT Infrastructure
Most organisations change policies to reduce CISO liability risk - Help Net Security
Quantifying cyber risk strategies to resonate with CFOs and boards - Help Net Security
5 Mistakes Companies Will Make This Year With Cyber Security
Court Affirms Conviction of Ex-Uber Security Chief That Shook Cyber Security World
Lessons on Attack Attribution for CIOs and CISOs
How financial institutions can minimize their attack surface - Help Net Security
Breaches Often Start Where You Least Expect | Grip Security - Security Boulevard
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware is the top predicted threat for 2025
Now Ransomware Attackers Can Brute Force Your VPNs And Firewalls
How Economic Headwinds Affect Ransomware
Europol Warns of “Shadow Alliance” Between States and Criminals - Infosecurity Magazine
Fraudsters Impersonate Clop Ransomware to Extort Businesses - Infosecurity Magazine
Report: Ransomware attacks soared to new heights last month | SC Media
BlackLock Ransomware Hacked 40+ Organisation Within Two Months
Cyber Security Officials Warn Against Potentially Costly Medusa Ransomware Attacks
SANS Institute Warns of Novel Cloud-Native Ransomware Attacks
The state of ransomware: Fragmented but still potent despite takedowns | CSO Online
Fortinet Vulnerability Exploited in Ransomware Attack, CISA Warns - Infosecurity Magazine
Clop resurgence drives ransomware attacks in February | Computer Weekly
FBI: A Simple Email Could Make You a Target for Extortion
BlackLock Ransomware: What You Need To Know | Tripwire
AI will make ransomware even more dangerous - Help Net Security
Extortion crew to victim: Pay or we tell ... Edward Snowden? • The Register
Update: LockBit Ransomware | Intel 471
RansomHub affiliate leverages multi-function Betruger backdoor - Help Net Security
LockBit Developer Extradited to US
Suspected LockBit ransomware dev extradited to United States
Leaked Black Basta Chats Suggest Russian Officials Aided Leader's Escape from Armenia
Ransomware attacks are costing Government offices a month of downtime on average | TechRadar
Phishing & Email Based Attacks
Many workers are overconfident at spotting phishing attacks | TechRadar
Over 400 million unwanted and malicious emails were received by businesses in 2024 | TechRadar
False confidence leaves businesses at risk of phishing scams
427.8 Million Dangerous Emails Confirmed—One Rule Can Protect You All
Achilles Email: Defending the Eternal Attack Surface - Infosecurity Magazine
Phishing: A Persistent Threat in the Age of AI - Security Boulevard
How to avoid and prevent social engineering attacks | TechTarget
What do watering holes, pharming and evil twins have in common?
New KnowBe4 Report Reveals a Spike in Phishing Campaigns - IT Security Guru
The psychology of scams: how cyber criminals are exploiting the human brain | TechRadar
Microsoft 365 Targeted in New Phishing, Account Takeover Attacks - SecurityWeek
Cyber criminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions
Mac users are now in danger of a well-known Windows phishing attack | Digital Trends
New Mac phishing attack causes fake freezes to nab your Apple ID password | Macworld
FBI: A Simple Email Could Make You a Target for Extortion
Targeted Microsoft 365 Tenants: Attackers Exploit Billing Emails For Phishing
Sneaky 2FA Joins Tycoon 2FA and EvilProxy in 2025 Phishing Surge - Infosecurity Magazine
Scareware Combined With Phishing in Attacks Targeting macOS Users - SecurityWeek
752,000 Browser Phishing Attacks Mark 140% Increase YoY - Infosecurity Magazine
Julius Caesar Linked To 890,000 New Phishing Attacks
How phishing attacks are hitting the supply chain – and how to fight back | TechRadar
Why No-Reply Emails Are a Cyber Security Hazard - Security Boulevard
Browser Security Under Siege: The Alarming Rise of AI-Powered Phishing - SecurityWeek
Malicious Android 'Vapor' apps on Google Play installed 60 million times
New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads
Mandatory Coinbase wallet migration? It's a phishing scam!
Other Social Engineering
How to avoid and prevent social engineering attacks | TechTarget
What do watering holes, pharming and evil twins have in common?
The psychology of scams: how cyber criminals are exploiting the human brain | TechRadar
£1M Lost as UK Social Media and Email Account Hacks Skyrocket - Infosecurity Magazine
Artificial Intelligence
AI Can Crack Your Passwords Fast—6 Tips To Stay Secure
AI Use in Cyber Attacks Raises Worker Cyber Security Concerns
Google Report Reveals How Threat Actors Are Currently Using Generative AI - InfoQ
Invisible C2 — thanks to AI-powered techniques - Security Boulevard
Tackling The Threat Of Cyber Risk During AI Adoption
AI will make ransomware even more dangerous - Help Net Security
How AI agents help hackers steal your confidential data - and what to do about it | ZDNET
Gartner Warns Agentic AI Will Accelerate Account Takeovers - Infosecurity Magazine
Hackers target AI and crypto as software supply chain risks grow - Help Net Security
Browser Security Under Siege: The Alarming Rise of AI-Powered Phishing - SecurityWeek
Cyber criminals Taking Advantage Of AI, 'Shadow' Alliances
Higher Profile and AI are Putting More Pressure on GRC Teams: Drata | MSSP Alert
Security Researcher Proves GenAI Tools Can Develop Chrome Infostealers - Infosecurity Magazine
Rethinking vendor risk management in the age of AI and automation | TechRadar
How Schools Can Prepare for Artificial Intelligence-Backed Cyber Attacks | EdTech Magazine
3 types of deepfake detection technology and how they work | TechTarget
2FA/MFA
Malware
ClickFix Widely Adopted by Cyber Criminals, APT Groups - SecurityWeek
Microsoft Uncovers New XCSSET MacOS Malware Variant Targeting Xcode Projects
Why Infostealer Malware Is My New Biggest Malware Worry
AsyncRAT Surges In Global Malware Rankings
Free file converter malware scam "rampant" claims FBI
Microsoft 365 accounts are under attack from new malware spoofing popular work apps | TechRadar
Invisible Windows Rootkit Hides Dangerous Files Using This Prefix
11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft - SecurityWeek
China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation
Malware Increasingly Spread By Fraudulent CAPTCHA Checks | MSSP Alert
Password Warning As 2.1 Billion Credentials Hit By Infostealer Attacks
Beware the coming Mac malware season – Computerworld
RansomHub affiliate leverages multi-function Betruger backdoor - Help Net Security
Malware campaign 'DollyWay' breached 20,000 WordPress sites
Security Researcher Proves GenAI Tools Can Develop Chrome Infostealers - Infosecurity Magazine
Be Careful What You Search For—New Attack Could Cost You Dearly
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
CERT-UA warns of cyber espionage against the Ukrainian defence industry using Dark Crystal RAT
100 Car Dealerships Hit by Supply Chain Attack - SecurityWeek
Mobile
Rooted Devices 250 Times More Vulnerable to Compromise - Infosecurity Magazine
New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads
Denial of Service/DoS/DDoS
European Cyber Report 2025: 137% more DDoS attacks than
Internet of Things – IoT
All your Alexa recordings will go to the cloud soon, as Amazon sunsets Echo privacy | ZDNET
Data Breaches/Leaks
Over 16.8 Billion Records Exposed as Data Breaches Increase 6% - Infosecurity Magazine
How to calculate the cost of a data breach | TechTarget
Massive Cyber Attack in France: 12 Million Identities at Risk - Protect Yourself Now
GitHub supply chain attack spills secrets from 23K projects • The Register
Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts
Personal info feared stolen from sperm bank • The Register
Top California sperm bank suffers embarrassing leak | TechRadar
Infosys to Pay $17.5 Million in Settlement Over 2023 Data Breach - SecurityWeek
Western Alliance Bank notifies 21,899 customers of data breach
Organised Crime & Criminal Actors
Why Cyber Crime Forum Collaboration Is Making Attacks More Efficient, And How To Stay Ahead
Russia Escalated Sabotage to Pressure U.S. and Allies on Ukraine, Study Says - The New York Times
Europol Warns of “Shadow Alliance” Between States and Criminals - Infosecurity Magazine
UK Police Arrest 422 in Major Fraud Crackdown - Infosecurity Magazine
20,000 Hacked WordPress Sites Used in Redirect Scheme
What Trump 2.0 Might Mean for Russian Cyber Crime - New Lines Magazine
Capital One hacker Paige Thompson got too light a sentence, appeals court rules | CyberScoop
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Blockchain gaming platform WEMIX hacked to steal $6.1 million
Widespread Coinbase phishing attack uncovered | SC Media
Hackers target AI and crypto as software supply chain risks grow - Help Net Security
Bybit: 89% of stolen $1.4B crypto still traceable post-hack
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners
Mandatory Coinbase wallet migration? It's a phishing scam!
Insider Risk and Insider Threats
The psychology of scams: how cyber criminals are exploiting the human brain | TechRadar
43% of office workers say they could cause a cyber security breach this year
Many workers are overconfident at spotting phishing attacks | TechRadar
False confidence leaves businesses at risk of phishing scams
DoD engineer took home top-secret docs, booked a trip to MX • The Register
Supply Chain and Third Parties
Third of UK Supply Chain Relies on “Chinese Military” Companies - Infosecurity Magazine
Supply Chain Attack Exposes Enterprise Secrets: A Wake-Up Call for Enterprise Security Professionals
How phishing attacks are hitting the supply chain – and how to fight back | TechRadar
Hackers target AI and crypto as software supply chain risks grow - Help Net Security
Rethinking vendor risk management in the age of AI and automation | TechRadar
GitHub supply chain attack spills secrets from 23K projects • The Register
Infosys to Pay $17.5 Million in Settlement Over 2023 Data Breach - SecurityWeek
100 Car Dealerships Hit by Supply Chain Attack - SecurityWeek
Cloud/SaaS
UK Businesses Face Growing Cloud Security Crisis – Are You Prepared? | SC Media UK
SANS Institute Warns of Novel Cloud-Native Ransomware Attacks
Microsoft 365 Targeted in New Phishing, Account Takeover Attacks - SecurityWeek
Microsoft 365 accounts are under attack from new malware spoofing popular work apps | TechRadar
Hackers Use OAuth Apps to Steal Microsoft 365 Credentials
Targeted Microsoft 365 Tenants: Attackers Exploit Billing Emails For Phishing
The biggest security flaw of every cloud service that no one talks about -- until it's too late
How to Protect Your Business from Cyber Threats: Mastering the Shared Responsibility Model
Week-long Exchange Online outage causes email failures, delays
Outages
Week-long Exchange Online outage causes email failures, delays
Encryption
New Akira ransomware decryptor cracks encryptions keys using GPUs
US lawmakers urge public hearing on UK Apple encryption • The Register
A New Era of Attacks on Encryption Is Starting to Heat Up | WIRED
US Legislators Demand Transparency in Apple's UK Backdoor Court Fight - Infosecurity Magazine
NCSC Sets 2035 Deadline for Post-Quantum Cryptography Migration - Infosecurity Magazine
UK cyber security watchdog warns on future risk of quantum computer hacking
The UK’s Apple backdoor demand
Filing: DOGE broke Treasury policy with unencrypted email • The Register
Linux and Open Source
Open source security in the spotlight as UK gov publishes fresh guidance | ITPro
Security issue in open source software leaves businesses concerned for systems | TechRadar
Passwords, Credential Stuffing & Brute Force Attacks
AI Can Crack Your Passwords Fast—6 Tips To Stay Secure
Now Ransomware Attackers Can Brute Force Your VPNs And Firewalls
Microsoft 365 Targeted in New Phishing, Account Takeover Attacks - SecurityWeek
New Mac phishing attack causes fake freezes to nab your Apple ID password | Macworld
The poor the bad and the terrible -- popular passwords around the world
Hackers Use OAuth Apps to Steal Microsoft 365 Credentials
Gartner Warns Agentic AI Will Accelerate Account Takeovers - Infosecurity Magazine
Password Warning As 2.1 Billion Credentials Hit By Infostealer Attacks
70% of leaked secrets remain active two years later - Help Net Security
Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts
"China's Amazon" JD.com passwords allegedly stolen | Cybernews
Social Media
£1M Lost as UK Social Media and Email Account Hacks Skyrocket - Infosecurity Magazine
UK’s Online Safety Act: Ofcom Can Now Issue Sanctions - Infosecurity Magazine
Stay safe from online hate with these five tips
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
Malvertising
Malvertising Explained: How To Spot And Steer Clear Of It
Why It's So Hard to Stop Rising Malicious TDS Traffic
Malicious Android 'Vapor' apps on Google Play installed 60 million times
New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads
Large-Scale Malicious App Campaign Bypassing Android Security - Infosecurity Magazine
Training, Education and Awareness
43% of office workers say they could cause a cyber security breach this year
Many workers are overconfident at spotting phishing attacks | TechRadar
False confidence leaves businesses at risk of phishing scams
Regulations, Fines and Legislation
UK ICO warns biometric tools may pose privacy, compliance risks | Biometric Update
A New Era of Attacks on Encryption Is Starting to Heat Up | WIRED
US Legislators Demand Transparency in Apple's UK Backdoor Court Fight - Infosecurity Magazine
MS-ISAC, EI-ISAC Funding Cuts Threaten National Security, Officials Say | MSSP Alert
Trump Administration Orders Federal Agencies To Avoid Cyber Staff Layoffs | MSSP Alert
US lawmakers urge public hearing on UK Apple encryption • The Register
UK’s Online Safety Act: Ofcom Can Now Issue Sanctions - Infosecurity Magazine
The UK’s Apple backdoor demand
NIST’s vulnerability database logjam is still growing despite attempts to clear it - Nextgov/FCW
Open source security in the spotlight as UK gov publishes fresh guidance | ITPro
CISA works to contact probationary employees for reinstatement after court order - Nextgov/FCW
DOGE staffer violated security policies at Treasury Department, court filing shows | CyberScoop
Filing: DOGE broke Treasury policy with unencrypted email • The Register
What Trump 2.0 Might Mean for Russian Cyber Crime - New Lines Magazine
12 Hours or Else: Hong Kong’s Cyber Security Explained - Security Boulevard
Careers, Working in Cyber and Information Security
Wellbeing in the Cyber Security Sector: A Call for Participation - IT Security Guru
3 AI-Driven Roles in Cyber Security
Law Enforcement Action and Take Downs
The state of ransomware: Fragmented but still potent despite takedowns | CSO Online
UK Police Arrest 422 in Major Fraud Crackdown - Infosecurity Magazine
LockBit Developer Extradited to US
Telegram CEO leaves France temporarily as criminal probe continues
Suspected LockBit ransomware dev extradited to United States
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Denmark warns of increased state-sponsored campaigns targeting the European telcos
11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft - SecurityWeek
Windows shortcut exploit used as zero-day in global cyber espionage campaigns
How CISOs can counter the threat of nation state espionage | Computer Weekly
Nation State Actors
Europol Warns of “Shadow Alliance” Between States and Criminals - Infosecurity Magazine
Denmark warns of increased state-sponsored campaigns targeting the European telcos
What is an APT and how are they tracked? | ITPro
ClickFix Widely Adopted by Cyber Criminals, APT Groups - SecurityWeek
New Windows zero-day exploited by 11 state hacking groups since 2017
Microsoft isn't fixing 8-year-old zero day used for spying • The Register
How CISOs can counter the threat of nation state espionage | Computer Weekly
Cyber criminals Taking Advantage Of AI, 'Shadow' Alliances
China
Third of UK Supply Chain Relies on “Chinese Military” Companies - Infosecurity Magazine
China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation
Chinese Hacking Group MirrorFace Targeting Europe - SecurityWeek
Exploit Code for Apache Tomcat RCE Vulnerability Published on Chinese Forum - SecurityWeek
Emulating the Sophisticated Chinese Adversary Salt Typhoon - Security Boulevard
FishMonger APT Group Linked to I-SOON in Espionage Campaigns - Infosecurity Magazine
"China's Amazon" JD.com passwords allegedly stolen | Cybernews
12 Hours or Else: Hong Kong’s Cyber Security Explained - Security Boulevard
Russia
Russia Escalated Sabotage to Pressure U.S. and Allies on Ukraine, Study Says - The New York Times
BlackBasta Ransomware Ties to Russian Authorities Uncovered - Infosecurity Magazine
Europol Warns of “Shadow Alliance” Between States and Criminals - Infosecurity Magazine
UK under-prepared for catastrophic cyber attack
Three years after Russia’s invasion, a global online army is still fighting for Ukraine
Leaked Black Basta Chats Suggest Russian Officials Aided Leader's Escape from Armenia
Black Basta Leader in League With Russian Officials
What Trump 2.0 Might Mean for Russian Cyber Crime - New Lines Magazine
CERT-UA warns of cyber espionage against the Ukrainian defence industry using Dark Crystal RAT
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
North Korea
Bybit: 89% of stolen $1.4B crypto still traceable post-hack
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Six additional countries identified as suspected Paragon spyware customers | CyberScoop
Tools and Controls
Now Ransomware Attackers Can Brute Force Your VPNs And Firewalls
Moving beyond checkbox security for true resilience - Help Net Security
Not all cuts are equal: Security budget choices disproportionately impact risk | CSO Online
A strategic approach to security is key for cyber resilience | World Economic Forum
The API Security Illusion: IT Leaders May Be Overconfident
Hackers Leveraging RMM Tools To Maintain Persistence To Infiltrate And Move Through Networks
What Is Cyber Security Risk? A Guide to Protect Your Business - Security Boulevard
Is it time to retire 'one-off' pen tests for continuous testing?
Why So Many Employee Phishing Training Initiatives Fall Short
What If Prevention Was the Key to Cyber Security Success? | Entrepreneur
Quantifying cyber risk strategies to resonate with CFOs and boards - Help Net Security
43% of office workers say they could cause a cyber security breach this year
Leveraging AI in Security: What MSSPs Need to Know Before They Commit | MSSP Alert
Many workers are overconfident at spotting phishing attacks | TechRadar
Why Continuous Compliance Monitoring Is Essential For IT Managed Service Providers
55% of COOs Use GenAI to Improve Data Security
False confidence leaves businesses at risk of phishing scams
13 API security best practices to protect your business
3 types of deepfake detection technology and how they work | TechTarget
How financial institutions can minimize their attack surface - Help Net Security
Unifying Threat Operations: An Integrated Cyber Security Strategy
Reports Published in the Last Week
New KnowBe4 Report Reveals a Spike in Phishing Campaigns - IT Security Guru
Other News
1 in 10 people do nothing to stay secure and private on vacation | Malwarebytes
New KnowBe4 Report Finds Education Sector Unprepared for Escalating Cyber Attacks
Denmark warns of increased state-sponsored campaigns targeting the European telcos
CNI Security Leaders Express Cyber Confidence Despite 95% Breach Rate - Infosecurity Magazine
Cyber Industry Falls Short on Collaboration, Says Former GCHQ Director - Infosecurity Magazine
Hackers Leveraging RMM Tools To Maintain Persistence To Infiltrate And Move Through Networks
Government probes ‘national security risks’ of data brokers – PublicTechnology
Why 2025’s Cyber Security Landscape Demands a Complete Overhaul of Your IT Infrastructure
Breaches Often Start Where You Least Expect | Grip Security - Security Boulevard
Danish govt raises telecoms sector cyber risk assessment to 'high' - Telecompaper
UK under-prepared for catastrophic cyber attack
Global Education Report Says Some Schools Endure Over 2,500 Attempted Cyber Attacks A Day
Why betting on Mac security could put your organisation at risk | TechRadar
What is a buffer overflow? How do these types of attacks work?| Definition from TechTarget
What Would a Decentralized Internet Look Like? | HackerNoon
The DoD's Cyber Wake-Up Call: Why Playing It Safe Won't Keep Us Safe - ClearanceJobs
Cyber Security Concerns Arise After Announcement To Scrap NHS England
Five ways to protect university data from cyber security threats | EdScoop
Vulnerability Management
Cyber security vulnerabilities and their financial impact | CEPR
How Security Teams Should Respond To The Rise In Vulnerability Disclosures
NIST’s vulnerability database logjam is still growing despite attempts to clear it - Nextgov/FCW
The Microsoft patch management guide for admins | TechTarget
Vulnerabilities
Hackers Use OAuth Apps to Steal Microsoft 365 Credentials
Windows shortcut exploit used as zero-day in global cyber espionage campaigns
Veeam RCE bug lets domain users hack backup servers, patch now
Infoseccers flame Veeam over RCE bug, failing blacklist • The Register
Cisco IOS XR vulnerability lets attackers crash BGP on routers
8,000 New WordPress Vulnerabilities Reported in 2024 - SecurityWeek
Fortinet Vulnerability Exploited in Ransomware Attack, CISA Warns - Infosecurity Magazine
ChatGPT SSRF bug quickly becomes a favorite attack vector
Microsoft isn't fixing 8-year-old zero day used for spying • The Register
Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems
Critical Fortinet Vuln Draws Fresh Attention
IBM urges quick patching of critical AIX bugs • The Register
WordPress security plugin WP Ghost vulnerable to remote code execution bug
Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility
iOS 18.3.2 patches gateway for ‘extremely sophisticated attack' - Tech Advisor
HellCat hackers go on a worldwide Jira hacking spree
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners
CISA tags NAKIVO backup flaw as actively exploited in attacks
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 14 March 2025
Black Arrow Cyber Threat Intelligence Briefing 14 March 2025:
-95% of Data Breaches Tied to Human Error in 2024
-Hackers Using Advanced Social Engineering Techniques with Phishing Attacks
-Confidence Gap in Cyber Security Leaves Businesses at Risk
-Over Half of UK Organisations Experienced a Security Breach Resulting from Third-Party Access in the Past Year
-Ransomware Gang Encrypted Network from a Webcam to Bypass Security Controls
-Microsoft Reveals Over a Million PCs Hit by Malvertising Campaign
-How Cyber Attacks Affect Your Staff
-UK Government Officials: The UK Is Unprepared and Vulnerable to Russian Cyber Attacks.
-Navigating AI-Powered Cyber Threats in 2025: 4 Expert Security Tips for Businesses
-86% of Financial Firms are Still Not Fully Compliant With DORA
-The CISO as Business Resilience Architect
-Data Breach at Japanese Telecom Giant NTT Hits 18,000 Companies
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Summary
Black Arrow Cyber’s review of threat intelligence this week highlights that human error and susceptibility to social engineering remain at the heart of cyber security failures. A new report reveals that 95% of data breaches in 2024 were due to human mistakes, with just 8% of employees responsible for 80% of incidents. Despite widespread training efforts, a confidence gap persists: 86% of employees believe they can detect phishing scams, yet many still fall victim. Meanwhile, cyber criminals are deploying more sophisticated pretexting techniques, such as fake job offers, to exploit trust before launching attacks. The financial impact of phishing-related breaches now averages $4.88 million per incident.
Third-party access and unmonitored IoT devices also present major risks, with over half of UK firms experiencing a breach due to supplier access. The Akira ransomware gang recently exploited an unsecured webcam to bypass endpoint defences, highlighting the need for a more layered approach to cyber security. Additionally, AI-driven threats are accelerating, enabling criminals to automate cyber attacks and create deepfake scams, such as one that resulted in a $25 million theft.
Looking ahead, regulatory compliance pressures are mounting, with 86% of financial firms still unprepared for the EU’s DORA framework. Meanwhile, UK government officials warn of national cyber security vulnerabilities due to outdated systems and staffing shortages. Black Arrow Cyber believes that businesses must take a proactive stance, adopting zero-trust security, strengthening third-party risk management, and ensuring human resilience against evolving cyber threats.
Top Cyber Stories of the Last Week
95% of Data Breaches Tied to Human Error in 2024
A new report by Mimecast has found that human error was the primary cause of 95% of data breaches in 2024, with insider threats, credential misuse and user mistakes playing a major role. Just 8% of employees were responsible for 80% of incidents, highlighting a concentrated risk. Despite 87% of organisations providing regular cyber security training, concerns remain over employee fatigue and errors, particularly in handling email threats. While 95% of firms use AI for cyber defence, over half admit they are unprepared for AI-driven threats. Collaboration tools are an emerging risk, with 79% citing security gaps and 61% expecting a business impact from an attack in 2025.
Hackers Using Advanced Social Engineering Techniques with Phishing Attacks
Cyber criminals are refining their phishing tactics, moving beyond basic scams to sophisticated social engineering that builds trust before delivering malicious payloads. A report by security provider ESET highlights North Korea-aligned groups using elaborate pretexting, such as fake job offers, to lure victims. Verizon’s 2024 report found that 68% of breaches involved human error, with pretexting now surpassing traditional phishing in impact. IBM’s latest study estimates the average cost of a phishing-related breach at $4.88 million. Businesses must adopt a prevention-first approach, combining employee awareness training with multilayered security solutions to mitigate these increasingly deceptive cyber threats.
Confidence Gap in Cyber Security Leaves Businesses at Risk
New research by KnowBe4 highlights a concerning gap between employee confidence and actual ability to detect cyber threats. While 86% of employees believe they can spot phishing emails, nearly a quarter have fallen victim, with South Africa reporting the highest scam victimisation rate at 68%. The study of 12,000 employees across six countries found that confidence is often misplaced, leaving organisations vulnerable to evolving threats like AI-driven scams and deepfakes. Experts stress the need for scenario-based training and simulated phishing tests to close this gap, ensuring security awareness efforts translate into real-world cyber resilience.
Over Half of UK Organisations Experienced a Security Breach Resulting from Third-Party Access in the Past Year
More than half of UK organisations suffered a security breach linked to third-party access in the past year, surpassing the global average. A new study by Imprivata and the Ponemon Institute highlights that 47% see third-party remote access as their biggest attack surface. Despite growing awareness, weak security strategies persist, with only 58% implementing best practices. The most common consequences include data loss (54%), regulatory fines (49%), and severed vendor relationships (47%). With 65% expecting these breaches to increase, businesses must prioritise robust third-party risk management to mitigate ongoing threats.
Ransomware Gang Encrypted Network from a Webcam to Bypass Security Controls
The Akira ransomware gang exploited an unsecured webcam to bypass the victim’s endpoint detection and response (EDR) and encrypt the network. After initial access via a compromised remote access solution, the attackers deployed AnyDesk, stole data, and attempted to deploy ransomware, only to be blocked by EDR. They then pivoted to a vulnerable Linux-based webcam, to access and encrypt resources that were shared across the victim’s network undetected. The incident highlights the risks posed by unmonitored IoT devices and the need for strict network segmentation, regular firmware updates, and a layered security approach beyond EDR to mitigate evolving cyber threats.
Microsoft Reveals Over a Million PCs Hit by Malvertising Campaign
Microsoft has uncovered a large-scale malvertising campaign that has compromised over a million PCs, deploying infostealers to harvest sensitive data. The attack originated from illegal streaming sites, where users were redirected to malicious GitHub repositories hosting malware. Once installed, the malware gathered system details and exfiltrated login credentials, banking data, and cryptocurrency information. Microsoft took action by removing a number of repositories, but the malware was also hosted on other platforms like Dropbox and Discord. The attack affected a broad range of industries, demonstrating the indiscriminate nature of the threat.
How Cyber Attacks Affect Your Staff
Cyber attacks are now the leading cause of data loss and IT downtime for businesses, with over half of organisations surveyed in the 2024 Data Health Check reporting incidents in the past year. 37% of these cases led to job losses, highlighting the significant human impact. High-profile breaches have resulted in redundancies, pay freezes, and financial instability. Beyond financial losses, employees face uncertainty, stress, and reputational concerns. A robust cyber resilience strategy, combining training, incident response exercises, and clear crisis communication, is essential to minimising disruption and protecting staff, ensuring businesses can navigate cyber threats while maintaining operational stability.
UK Government Officials: The UK Is Unprepared and Vulnerable to Russian Cyber Attacks.
The UK Government is at critical risk of cyber attack due to years of underfunding, recruitment shortfalls, and outdated IT systems, senior officials have warned. A parliamentary probe found that one in three cyber security roles in government remains vacant, while nearly a quarter of legacy IT systems are at high risk of attack. Hostile states, particularly Russia and China, have intensified cyber warfare tactics, posing a substantial risk to government and critical services. Experts stress the urgent need for investment in cyber resilience, warning that failure to act could have severe national security and operational consequences.
Navigating AI-Powered Cyber Threats in 2025: 4 Expert Security Tips for Businesses
AI-powered cyber threats are evolving rapidly, with criminals using generative AI to create hyper-personalised phishing attacks, deepfake scams, and automated malware that adapts to defences in real-time. A recent case saw deepfake technology used to steal $25 million via fraudulent video conferencing. AI-driven cyber attacks operate autonomously, probing networks for weaknesses and bypassing traditional security measures. Experts stress the need for zero-trust security, training employees on AI driven threats, monitoring and regulating employee AI use and collaborating with AI and cyber security experts. Without proactive defences, organisations risk being outpaced by increasingly sophisticated attacks in 2025 and beyond.
86% of Financial Firms are Still Not Fully Compliant With DORA
The majority of financial firms are not compliant with the EU’s Digital Operational Resilience Act (DORA). 86% are yet to achieve full compliance despite the regulation coming into force in January 2025, and only 5% are fully confident in their compliance. Managing third-party vendors, a key part of DORA, is a challenge with 54% citing a lack of transparency as a significant risk. Without proper oversight, firms risk regulatory penalties and operational vulnerabilities. Organisations subject to the regulations should take immediate action through policy development, gap analysis, and targeted remediation plans.
The CISO as Business Resilience Architect
The role of the CISO is evolving beyond cyber defence to encompass business resilience. Regulatory scrutiny is intensifying, with personal accountability for breaches and increasing compliance demands stretching CISOs. Gartner predicts 45% will see their responsibilities expand beyond cyber security by 2027. Technical challenges persist, with 44% of CISOs unable to detect breaches using current tools, and AI integration adding complexity. Rather than fragmenting, the role is set to converge with enterprise architecture, embedding resilience into business strategy. With 24% of CISOs considering resignation, adapting to this shift is key to maintaining boardroom influence.
Data Breach at Japanese Telecom Giant NTT Hits 18,000 Companies
NTT Communications Corporation has disclosed a cyber security breach affecting nearly 18,000 corporate customers. Hackers infiltrated its Order Information Distribution System, exposing contract details, contact information, and service usage data. The breach was discovered on 5 February 2025, with access blocked the next day. However, further investigation revealed attackers had pivoted within the network, prompting containment actions. NTT has assured that personal customers were not impacted. This follows previous cyber security incidents, including a major DDoS attack in January and a 2020 breach, highlighting the persistent threats facing critical telecoms infrastructure.
Sources:
https://www.infosecurity-magazine.com/news/data-breaches-human-error/
https://cybersecuritynews.com/hackers-using-advanced-social-engineering-techniques/
https://informationsecuritybuzz.com/confidence-gap-in-cybersecurity-risk/
https://www.darkreading.com/cyberattacks-data-breaches/how-cyberattacks-affect-your-staff
https://inews.co.uk/news/uk-unprepared-vulnerable-russian-cyber-attacks-heres-why-3580126
https://www.darkreading.com/vulnerabilities-threats/ciso-business-resilience-architect
Governance, Risk and Compliance
Tech Complexity Puts UK Cyber Security at Risk - Infosecurity Magazine
The CISO as Business Resilience Architect
KnowBe4 Research Reveals a Confidence Gap in Cyber Security, Leaving Organisations at Risk
Why effective cyber security is a team effort | TechRadar
Cyber Security Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware gang encrypted network from a webcam to bypass EDR
Travelers reports rise in ransomware activity in Q4'24 Cyber Threat Report - Reinsurance News
Medusa Ransomware: FBI and CISA Urge Organisations to Act Now to Mitigate Threat | Tripwire
Medusa ransomware infects 300+, uses 'triple extortion' • The Register
Microsoft: North Korean hackers join Qilin ransomware gang
FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations
Ransomware poseurs are trying to extort businesses through physical letters | CyberScoop
'Spearwing' RaaS Group Ruffles Cyber Threat Feathers
Ransomware Groups Favour Repeatable Access Over Mass Exploits - Infosecurity Magazine
North Korea-linked APT Moonstone used Qilin ransomware in limited attacks
Ragnar Loader Toolkit Evolves Amid Increased Traction Among Threat Operations | MSSP Alert
New SuperBlack ransomware exploits Fortinet auth bypass flaws
Russian crypto exchange Garantex seized in international law enforcement operation | CyberScoop
Ransomware Victims
Many Schools Report Data Breach After Retirement Services Firm Hit by Ransomware - SecurityWeek
Two Rhysida healthcare attacks pwned 300K patients' data • The Register
82% of K-12 schools recently experienced a cyber incident | K-12 Dive
RansomHouse gang claims the hack of the Loretto Hospital in Chicago
More than 300,000 US healthcare patients impacted in suspected Rhysida cyber attacks | ITPro
Phishing & Email Based Attacks
Hackers Using Advanced Social Engineering Techniques With Phishing Attacks
Phishing campaign impersonating Booking.com targeting UK hospitality | The Standard
ICANN regains control of X account after phishing attack - Domain Name Wire | Domain Name News
US cities warn of wave of unpaid parking phishing texts
Other Social Engineering
Hackers Using Advanced Social Engineering Techniques With Phishing Attacks
Most AI voice cloning tools aren't safe from scammers, Consumer Reports finds | ZDNET
Consumer Reports calls out poor AI voice-cloning safeguards • The Register
AI-Powered Fraud: How Cyber Criminals Target Finance Teams—and How To Stop Them
How to spot and avoid AI-generated scams - Help Net Security
'Threat actor' has registered over 10k domains for smishing scams, cyber security firm says
How to Steer Clear of Smishing Scams | TIME
Trump Coins Used as Lure in Malware Campaign - SecurityWeek
Lazarus Group deceives developers with 6 new malicious npm packages | CyberScoop
US cities warn of wave of unpaid parking phishing texts
New YouTube Windows Attack Warning—Three Strikes And You’re Hacked
Artificial Intelligence
Majority of Orgs Hit by AI Cyber-Attacks as Detection Lags - Infosecurity Magazine
Most AI voice cloning tools aren't safe from scammers, Consumer Reports finds | ZDNET
The Invisible Battlefield Behind LLM Security Crisis - Security Boulevard
AI-Powered Fraud: How Cyber Criminals Target Finance Teams—and How To Stop Them
Beware of DeepSeek Hype: It’s a Breeding Ground for Scammers - SecurityWeek
4 expert security tips for navigating AI-powered cyber threats | ZDNET
How to spot and avoid AI-generated scams - Help Net Security
DeepSeek spits out malware code with a little persuasion • The Register
Worried about DeepSeek? Turns out, Gemini and other US AIs collect more user data | ZDNET
UK AI Research Under Threat From Nation-State Hackers - Infosecurity Magazine
Even premium AI tools distort the news and fabricate links - these are the worst | ZDNET
Malware
Update your Wi-Fi cameras, else malware could infect your network | PCWorld
Microsoft Says One Million Devices Impacted by Infostealer Campaign - SecurityWeek
Another top security camera maker is seeing devices hijacked into botnet | TechRadar
New threat uses fake CAPTCHA to infect systems with malware | TechSpot
New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions
Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices
Steganography Explained: How XWorm Hides Inside Images
Gone In 120 Seconds: TRUMP Coin Phishing Lure Delivers RAT
Binance Spoofers Compromise PCs in 'TRUMP' Crypto Scam
DeepSeek spits out malware code with a little persuasion • The Register
Lazarus Group deceives developers with 6 new malicious npm packages | CyberScoop
1,600 Victims Hit by South American APT's Malware - SecurityWeek
Bots/Botnets
Another top security camera maker is seeing devices hijacked into botnet | TechRadar
Unpatched Edimax Camera Flaw Exploited Since at Least May 2024 - SecurityWeek
Update your Wi-Fi cameras, else malware could infect your network | PCWorld
Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices
Edimax Says No Patches Coming for Zero-Day Exploited by Botnets - SecurityWeek
Mobile
'Threat actor' has registered over 10k domains for smishing scams, cyber security firm says
How to Steer Clear of Smishing Scams | TIME
SIM Swapping Fraud Surges in the Middle East - Infosecurity Magazine
US cities warn of wave of unpaid parking phishing texts
Is your phone eavesdropping on you? Try NordVPN's simple test to find out | ZDNET
Denial of Service/DoS/DDoS
DNS DDoS: Downtime is just the tip of the iceberg | Total Telecom
Another top security camera maker is seeing devices hijacked into botnet | TechRadar
How to Survive Fast-and-Furious DDoS Microbursts
Update your Wi-Fi cameras, else malware could infect your network | PCWorld
Musk blames Ukrainians for cyber attack on X. Experts aren’t convinced. – POLITICO
X’s Attackers Hit Servers Faulted for Lacking Key Protection
Cyber Attack on X Hit Insecure Servers
The Real Reason Twitter Went Down Actually Sounds Pretty Embarrassing
Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices
X hit by ‘massive cyber attack’ amid Dark Storm’s DDoS claims
What Really Happened With the DDoS Attacks That Took Down X | WIRED
X Outage Exposes Musk's Poor Digital Hygiene | HackerNoon
Elon Musk blaming Ukraine after Twitter cyber attack is ‘dangerous’, expert says | The Independent
Internet of Things – IoT
Hackers spotted using unsecured webcam to launch cyber attack | TechRadar
Update your Wi-Fi cameras, else malware could infect your network | PCWorld
‘Ban These Chinese Routers NOW,’ Cries House Committee - Security Boulevard
Another top security camera maker is seeing devices hijacked into botnet | TechRadar
Unpatched Edimax Camera Flaw Exploited Since at Least May 2024 - SecurityWeek
Car Exploit Allows You to Spy on Drivers in Real Time
Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices
Edimax Says No Patches Coming for Zero-Day Exploited by Botnets - SecurityWeek
CISOs, are your medical devices secure? Attackers are watching closely - Help Net Security
Data Breaches/Leaks
95% of Data Breaches Tied to Human Error in 2024 - Infosecurity Magazine
Data breach at Japanese telecom giant NTT hits 18,000 companies
Two Rhysida healthcare attacks pwned 300K patients' data • The Register
New York sues Allstate and subsidiaries for back-to-back data breaches | CyberScoop
'Uber for nurses' exposes 86K+ medical records, PII • The Register
Australian financial firm hit with lawsuit after massive data breach | CSO Online
Software bug meant NHS information was potentially “vulnerable to hackers” | TechRadar
More than 23.7 Million Hardcoded Secrets Publicly Exposed In GitHub Last Year | MSSP Alert
Does the NHS have a security culture problem? • The Register
Organised Crime & Criminal Actors
Cyber Crime's Cobalt Strike Use Plummets 80% Worldwide
Texas Developer Convicted After Kill Switch Sabotage Plot - Infosecurity Magazine
New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions
The Violent Rise of ‘No Lives Matter’ | WIRED
Russian crypto exchange Garantex seized in international law enforcement operation | CyberScoop
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Ripple CEO Chris Larsen lost $150M in XRP after LastPass hack
US seizes $23 million in crypto stolen via password manager breach
EU investigates OKX for its role in Lazarus' $1.5 billion Bybit hack | Cryptopolitan
North Korean hackers cash out hundreds of millions from $1.5bn ByBit hack - BBC News
Why CFOs Considering Stablecoins, Crypto Need Cyber Security
Russian crypto exchange Garantex seized in international law enforcement operation | CyberScoop
North Korean hackers cash out $300 million from ByBit heist
MassJacker malware uses 778,000 wallets to steal cryptocurrency
Gone In 120 Seconds: TRUMP Coin Phishing Lure Delivers RAT
Insider Risk and Insider Threats
95% of Data Breaches Tied to Human Error in 2024 - Infosecurity Magazine
Employee charged with stealing unreleased movies, sharing them online
Developer sabotaged ex-employer IT systems with kill switch • The Register
Developer Convicted for Hacking Former Employer's Systems - SecurityWeek
Man found guilty of planting infinite loop logic bomb on ex-employer's system
Insurance
Cyber insurance becoming a key safeguard for SMEs: Report | Insurance Business America
Supply Chain and Third Parties
Data breach at Japanese telecom giant NTT hits 18,000 companies
Who’s in your digital house? The truth about third-party access - Help Net Security
Cyber criminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets | TechRadar
Cloud/SaaS
Cloud security gains overshadowed by soaring storage fees - Help Net Security
Hiding In Plain Sight: Cyber Criminals Take Advantage Of US Cloud Providers - Above the Law
'Uber for nurses' exposes 86K+ medical records, PII • The Register
Identity and Access Management
Machine Identities Outnumber Humans Increasing Risk Seven-Fold - Infosecurity Magazine
Encryption
UK quietly scrubs encryption advice from government websites | TechCrunch
France rejects controversial encryption backdoor provision | TechRadar
Legislative push for child online safety runs afoul of encryption advocates (again) | CyberScoop
Apple To Appeal Government Backdoor Order Friday | Silicon UK
Linux and Open Source
PoC Exploit Released for Actively Exploited Linux Kernel Write Vulnerability
UK Government Report Calls for Stronger Open Source Supply Chain Security Practices - SecurityWeek
Passwords, Credential Stuffing & Brute Force Attacks
Ripple CEO Chris Larsen lost $150M in XRP after LastPass hack
US seizes $23 million in crypto stolen via password manager breach
Social Media
Musk blames Ukrainians for cyber attack on X. Experts aren’t convinced. – POLITICO
X’s Attackers Hit Servers Faulted for Lacking Key Protection
The Real Reason Twitter Went Down Actually Sounds Pretty Embarrassing
X hit by ‘massive cyber attack’ amid Dark Storm’s DDoS claims
What Really Happened With the DDoS Attacks That Took Down X | WIRED
X Outage Exposes Musk's Poor Digital Hygiene | HackerNoon
ICANN regains control of X account after phishing attack - Domain Name Wire | Domain Name News
New YouTube Windows Attack Warning—Three Strikes And You’re Hacked
Malvertising
Microsoft reveals over a million PCs hit by malvertising campaign | TechRadar
GitHub-Hosted Malware Infects 1M Windows Users
Training, Education and Awareness
95% of Data Breaches Tied to Human Error in 2024 - Infosecurity Magazine
4 expert security tips for navigating AI-powered cyber threats | ZDNET
Regulations, Fines and Legislation
SEC cyber security disclosure rules, with checklist | TechTarget
UK quietly scrubs encryption advice from government websites | TechCrunch
Switzerland Mandates Cyber Reporting for Critical Infrastructure - Infosecurity Magazine
The risks of standing down: Why halting US cyber ops against Russia erodes deterrence | CSO Online
Balancing Cyber Security Accountability & Deregulation
‘Ban These Chinese Routers NOW,’ Cries House Committee - Security Boulevard
CISA completed its election security review. It won’t make the results public | CyberScoop
Ex-NSA vet slams reported halt to Russia cyber ops | Cybernews
White House instructs agencies to avoid firing cyber security staff, email says | KELO-AM
Cyber Security Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies
MS-ISAC loses federal support | StateScoop
Legislative push for child online safety runs afoul of encryption advocates (again) | CyberScoop
Apple To Appeal Government Backdoor Order Friday | Silicon UK
Models, Frameworks and Standards
NIST Finalizes Differential Privacy Rules to Protect Data
Cyber Essentials April 2025 Update: What you Need to Know
Backup and Recovery
Lessons from the Field, Part III: Why Backups Alone Won’t Save You - Security Boulevard
Future-Proofing Business Continuity: BCDR Trends and Challenges for 2025
Data Protection
NIST Finalizes Differential Privacy Rules to Protect Data
Careers, Working in Cyber and Information Security
Understaffed but still delivering -- the reality of cyber security teams
How remote work strengthens cyber security teams - Help Net Security
Managing the emotional toll cyber security incidents can take on your team | CSO Online
The Legacy of the Cyber Security Challenge | SC Media UK
UK’s infosec chiefs must be paid more than PM, say officials • The Register
Law Enforcement Action and Take Downs
US seizes $23 million in crypto stolen via password manager breach
Employee charged with stealing unreleased movies, sharing them online
Developer sabotaged ex-employer IT systems with kill switch • The Register
Texas Developer Convicted After Kill Switch Sabotage Plot - Infosecurity Magazine
Developer Convicted for Hacking Former Employer's Systems - SecurityWeek
Russian crypto exchange Garantex seized in international law enforcement operation | CyberScoop
Cyber criminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets | TechRadar
Man found guilty of planting infinite loop logic bomb on ex-employer's system
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Europe, Don't Forget the Information War - CEPA
Nation State Actors
UK AI Research Under Threat From Nation-State Hackers - Infosecurity Magazine
China
Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits
Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers - SecurityWeek
Salt Typhoon: A Wake-up Call for Critical Infrastructure
China's Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days - SecurityWeek
‘Ban These Chinese Routers NOW,’ Cries House Committee - Security Boulevard
UK AI Research Under Threat From Nation-State Hackers - Infosecurity Magazine
Beware of DeepSeek Hype: It’s a Breeding Ground for Scammers - SecurityWeek
Russia
The UK is unprepared and vulnerable to Russian cyber attacks. Here's why
The risks of standing down: Why halting US cyber ops against Russia erodes deterrence | CSO Online
The Geopolitical Fallout of a Potential US Cyber Stand-Down – The Diplomat
Europe, Don't Forget the Information War - CEPA
Ex-NSA vet slams reported halt to Russia cyber ops | Cybernews
Ukraine loses Signal support for anti-Russian cyber threat efforts, says official | SC Media
North Korea
Microsoft: North Korean hackers join Qilin ransomware gang
EU investigates OKX for its role in Lazarus' $1.5 billion Bybit hack | Cryptopolitan
North Korean hackers cash out hundreds of millions from $1.5bn ByBit hack - BBC News
Lazarus Group deceives developers with 6 new malicious npm packages | CyberScoop
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa
1,600 Victims Hit by South American APT's Malware - SecurityWeek
Tools and Controls
Hackers spotted using unsecured webcam to launch cyber attack | TechRadar
95% of Data Breaches Tied to Human Error in 2024 - Infosecurity Magazine
How to safely dispose of old tech without leaving a security risk - Help Net Security
4 expert security tips for navigating AI-powered cyber threats | ZDNET
Lessons from the Field, Part III: Why Backups Alone Won’t Save You - Security Boulevard
Future-Proofing Business Continuity: BCDR Trends and Challenges for 2025
Threat Groups Using RMM Tools for Initial-Stage in Attacks | MSSP Alert
Defending against EDR bypass attacks - Help Net Security
Security operations centres are fundamental to cyber security — here’s how to build one | CSO Online
Other News
Tech Complexity Puts UK Cyber Security at Risk - Infosecurity Magazine
How Cyber Attacks Affect Your Staff
AI, 5G, and Fiber: The Telecom Infrastructure Boom No One’s Monitoring
Every Truth (And Lie) Told in Netflix's 'Zero Day,' Ranked | HackerNoon
Slow development of Irish maritime security strategy raises concerns
Zut Alors! Surge in Cyber Attacks Targeting France in 2024
Does the NHS have a security culture problem? • The Register
Vulnerability Management
Why Now is the Time to Adopt a Threat-Led Approach to Vulnerability Management
CISOs Connect Research Report on Cyber Security Debt Exposes Widespread Vulnerabilities
Balancing Cyber Security Accountability & Deregulation
Vulnerabilities
Thousands of Orgs Risk Zero-Day VM Escape Attacks
Microsoft Flags Six Active Zero-Days, Patches 57 Flaws: Patch Tuesday - SecurityWeek
Patch Tuesday: Critical Code Execution Bugs in Adobe Acrobat and Reader - SecurityWeek
Fortinet Patches 18 Vulnerabilities - SecurityWeek
Newly Patched Windows Zero-Day Exploited for Two Years - SecurityWeek
Google researchers uncover critical security flaw in all AMD Zen processors | TechSpot
Mass Exploitation of Critical PHP Vulnerability Begins - SecurityWeek
Top Bluetooth chip security flaw could put a billion devices at risk worldwide | TechRadar
SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver - SecurityWeek
CISA tags critical Ivanti EPM flaws as actively exploited in attacks
Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw - SecurityWeek
Critical PHP RCE vulnerability mass exploited in new attacks
Apple fixed the third actively exploited zero-day of 2025
Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits
Zoom Patches 4 High-Severity Vulnerabilities - SecurityWeek
PoC Exploit Released for Actively Exploited Linux Kernel Write Vulnerability
New SuperBlack ransomware exploits Fortinet auth bypass flaws
Cisco Patches 10 Vulnerabilities in IOS XR - SecurityWeek
Mozilla warns users to update Firefox before certificate expires
GitLab patches critical authentication bypass vulnerabilities
FreeType Zero-Day Being Exploited in the Wild - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 12 March 2025 – Security Updates from Microsoft, Fortinet, Apple, Adobe, Zoom and SAP
Black Arrow Cyber Advisory 12 March 2025 – Security Updates from Microsoft, Fortinet, Apple, Adobe, Zoom and SAP
Executive Summary
Microsoft’s Patch Tuesday for March 2025 delivered 57 security updates across its product line, including 6 actively exploited zero-day vulnerabilities. This month, several other major software and hardware vendors also released critical security updates to address vulnerabilities that could be exploited by attackers.
Fortinet issued 17 security advisories with updates addressing various high, medium, and low severity vulnerabilities across multiple product ranges, including FortiOS, FortiProxy, FortiPAM, FortiSRA, FortiAnalyzer, FortiManager, FortiAnalyzer-BigData, FortiSandbox, FortiNDR, FortiWeb, FortiSIEM, and FortiADC.
Apple released updates to address zero-day security issues across its iPhone, iPad, macOS, and visionOS product ranges, specifically targeting vulnerabilities in WebKit, the browser engine used within Safari and other Apple products.
Adobe provided updates addressing 35 vulnerabilities, including critical issues in various product lines such as Acrobat and Reader, InDesign, and Substance 3D Sampler.
Zoom patched five vulnerabilities in its applications, including four rated ‘high severity’, affecting Zoom Workplace, Rooms Controller, Rooms Client, and Meeting SDK products.
SAP also released 21 new security notes, covering high, medium, and low severity vulnerabilities addressed by security patches.
What’s the risk to me or my business?
The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.
What can I do?
Black Arrow recommends applying the available security updates for all supported versions of products that have been impacted by the various vulnerabilities. The updates should be applied as soon as possible for actively exploited vulnerabilities and all other vulnerabilities that have a critical or high severity ratings.
Microsoft
Further details on specific updates within this Microsoft patch Tuesday can be found here:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Mar
Apple, Adobe, Fortinet, Zoom, SAP
Further details of the vulnerabilities in affected Apple, Adobe, Fortinet and SAP:
https://helpx.adobe.com/security/security-bulletin.html
https://support.apple.com/en-us/100100
https://fortiguard.fortinet.com/psirt
https://www.zoom.com/en/trust/security-bulletin/?cms_guid=false&lang=en-US
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2025.html
#threatadvisory #threatintelligence #cybersecurity