Black Arrow Cyber Threat Intelligence Briefing 14 February 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
There has been a clear surge in cyber threats targeting UK and US organisations in recent weeks, particularly from state-backed and criminal ransomware groups. Russian state-affiliated actors are exploiting vulnerabilities in critical infrastructure sectors, while nation-state groups from China, Iran, and North Korea increasingly use ransomware for espionage and financial gain. The number of active ransomware groups rose by 38% in 2024, with attacks becoming more efficient through automation. The evolving threat landscape demands proactive cyber defence, including robust endpoint protection, threat intelligence, and rapid incident response.
Despite growing awareness, organisations remain vulnerable due to inadequate investment and outdated security strategies. Research shows that 60% of businesses expect a cyber breach in 2025, yet nearly half have not reviewed their security posture recently. Supply chain risks are particularly pressing, with financial services firms facing repeated third-party breaches. The EU’s NIS2 directive is set to impose stricter cyber security standards, with UK firms working with EU partners already required to comply. Leadership alignment is crucial, as gaps between CIOs, CTOs, and CISOs continue to hinder cyber resilience.
Regulatory pressure is mounting, with the UK government reportedly seeking backdoor access to encrypted data. Meanwhile, cyber criminals are exploiting seasonal events, such as Valentine’s Day, to launch sophisticated scams. As cyber threats intensify, Black Arrow Cyber advises organisations to adopt a ‘Resilient by Design’ approach, prioritising zero trust security models, continuous monitoring, and executive-level collaboration to mitigate risks and safeguard long-term business continuity.
Top Cyber Stories of the Last Week
Russian State Threat Group Shifts Focus to US, UK Targets
Microsoft has identified a shift in focus by a Russian state-backed cyber threat group, Seashell Blizzard, towards targets in the US and UK. The group, linked to the Russian military intelligence, has exploited vulnerabilities in widely used internet-facing systems to gain persistent access, steal credentials, and move laterally within networks. Their indiscriminate approach has impacted critical infrastructure sectors, including energy and defence. The campaign aligns with Russia’s broader strategy of destabilising Western institutions, with Microsoft warning that such activity is likely to continue, presenting a significant cyber security challenge for organisations globally.
Majority of Businesses Expect a Cyber Breach in 2025
Zscaler’s latest research highlights a stark reality: 60% of global organisations expect a significant cyber breach in 2025. Despite 94% of IT leaders expressing confidence in their resilience measures, nearly half have not reviewed their strategies recently. The report underscores the need for a shift towards ‘Resilient by Design’, embedding cyber resilience into security strategies from the outset. However, 49% of leaders say investment is inadequate. Zscaler advocates for a zero-trust approach to mitigate threats and ensure business continuity in an evolving cyber landscape.
The Hidden Cyber Threat Lurking in Your Supply Chain
More than half of large UK financial services firms suffered a third-party supply chain attack in 2024, with nearly a quarter facing three or more incidents, according to research by Orange Cyberdefense. The study found that firms relying on one-time onboarding risk assessments were twice as likely to be attacked as those with continuous monitoring. With 92% of UK cyber security leaders calling for stronger regulations, many argue that aligning with EU standards could enhance resilience. While sentiment on UK regulation remains mixed, firms failing to rigorously assess third-party risks face the greatest exposure to cyber threats.
Cyber Resilience: A C-Suite Game Plan for Balancing Innovation, Compliance and Risk
LevelBlue’s latest report highlights the disconnect between CIOs, CTOs, and CISOs, which is undermining cyber resilience. While 66% of CISOs believe budgets lack proactive security funding, only around half of CIOs and CTOs agree. Compliance is another divide, with 73% of CTOs seeing it as a barrier to competitiveness, while most CISOs and CIOs view it as essential for risk management. Encouragingly, cloud adoption is a shared priority. However, with 63% of executives stating leadership does not prioritise cyber resilience, organisations must foster collaboration at the top to treat it as a strategic business imperative, not just a technical concern.
NIS2: the GDPR of Cyber Security
The EU’s NIS2 directive introduces stringent cyber security standards, yet only 30% of member states have fully implemented it. This legislation mandates 24-hour reporting of major cyber incidents and stricter accountability for supply chain security. UK businesses working with EU partners are already being asked to comply, as contracts are being updated to reflect these requirements. With open-source software making up 90% of modern applications and cyber threats rising, aligning with NIS2 principles is not just about compliance but about safeguarding long-term resilience. Early adoption helps businesses avoid operational strain and remain competitive in an evolving regulatory landscape.
Hackers Ramp Up Efficiency, Speed, and Scale in 2024, Targeting Business of All Sizes
Hackers are accelerating their tactics, deploying ransomware faster and at greater scale across businesses of all sizes. The Huntress 2025 Cyber Threat Report found that ransomware incidents from key groups increased by up to 15% in 2024, with some attacks executed in under six hours. Automation played a major role, with 87% of attacks relying on automated tools before shifting to hands-on activity. Education, healthcare, and technology were prime targets, while infostealers enabled initial access. As cyber criminals refine their techniques, organisations must adopt proactive security measures, including strong incident response plans and robust endpoint protection.
Number of Active Dark Web Ransomware Groups Up 38% in 2024
A new report highlights a 38% rise in active ransomware groups in 2024, with 94 groups listing victims and 49 new groups emerging. The total number of victims posted on ransomware leak sites also increased by 11% to 5,728. The ransomware landscape is shifting, with newer groups like RansomHub, now the most prolific, overtaking previously dominant players. This evolving threat environment presents challenges for security teams, making it essential for organisations to apply threat intelligence to anticipate attack techniques and focus defences on the most likely adversaries based on their industry and risk profile.
Nation State Hackers Want in on the Ransomware Action – Ransomware Isn’t Always About the Money: Government Spies Have Objectives, Too
Nation-state actors are increasingly adopting ransomware, not just for financial gain but also for espionage and geopolitical disruption. Threat groups linked to Russia, China, Iran, and North Korea are blurring the lines between cyber crime and state-sponsored hacking. Russian-linked Sandworm has disguised destructive attacks as ransomware, while North Korea uses ransomware profits to fund weapons programmes. Chinese and Iranian groups have leveraged ransomware as a distraction to mask intelligence gathering. With over $3 billion stolen in cryptocurrency-related cyber attacks, these operations highlight the evolving threats beyond traditional financially motivated cyber crime.
Enterprises Under Growing Pressure to Demonstrate Readiness for Cyber Threats
A new study by Immersive Labs highlights that 96% of cyber leaders see effective communication of cyber readiness to boards as crucial for 2025, driven by regulatory pressures and rising cyber threats. Nearly half of organisations surveyed experienced a cyber attack in the past year, with software and cloud vulnerabilities (51%) and ransomware (46%) cited as the biggest risks. To improve resilience, 94% are deploying cyber drills, yet 76% face readiness barriers, mainly due to competing business priorities. Encouragingly, 55% report strong cyber awareness at board level, reflecting a growing recognition of cyber risk at the highest levels.
Cyber Criminals Exploit Valentine’s Day with Romance Scams, Phishing Attacks
Cyber criminals are exploiting Valentine’s Day with romance scams, phishing attacks and fraudulent e-commerce offers. A report found that 58,734 people in the US fell victim to romance scams in 2024, resulting in losses of $697 million. AI-driven scams are becoming more sophisticated, with chatbots and deepfake videos increasing fraud success rates. Valentine-themed phishing emails have doubled since last year, with half now classified as scams. Businesses are urged to monitor brand impersonation and educate customers. McAfee blocked over 321,000 fraudulent URLs, highlighting the growing cyber threat as criminals exploit emotions for financial gain.
The UK’s Secret iCloud Backdoor Request Raises Concerns from Critics
The UK government has reportedly issued a secret order requiring Apple to create a backdoor into its iCloud encryption, raising concerns from some quarters about privacy and security. The request, made under the Investigatory Powers Act 2016, would give authorities unrestricted access to users’ private data, bypassing Apple’s end-to-end encryption safeguards. Apple has historically resisted similar demands and has suggested it may withdraw services from the UK rather than compromise security. Critics warn that such backdoors weaken encryption for all users, set a dangerous global precedent, and risk enabling mass surveillance under the guise of national security.
Sources:
https://cyberscoop.com/russian-state-threat-group-shifts-focus/
https://www.accountancyage.com/2025/02/10/the-hidden-cyber-threat-lurking-in-your-supply-chain/
https://www.techradar.com/pro/nis2-the-gdpr-of-cybersecurity
https://betanews.com/2025/02/11/number-of-active-dark-web-ransomware-groups-up-38-percent-in-2024/
https://www.theregister.com/2025/02/12/ransomware_nation_state_groups/
https://www.helpnetsecurity.com/2025/02/13/uk-government-icloud-backdoor-request/
Governance, Risk and Compliance
58% of UK financial firms targeted in supply chain cyber attacks, survey reveals
Third-Party Risk Management Failures Expose UK Finance Sector - Infosecurity Magazine
Majority Of Businesses Expect A Cyber Breach In 2025 | Silicon UK
Gartner: Most Security Leaders Cannot Balance Data Security, Business Goals
Enterprises under growing pressure to demonstrate readiness for cyber threats
Cyber resilience: A C-suite game plan for balancing innovation, compliance and risk | SC Media
From Reactive to Predictive: Building Cyber Resilience for 2025 - Security Boulevard
7 tips for improving cyber security ROI | CSO Online
Research Reveals Data Breaches On The Rise at UK Law Firms | Tripwire
Cyber Resilience: What’s in store for 2025? | SC Media UK
Human Risk Management Will Be the Hot Topic of 2025 | Mimecast
Inconsistent security strategies fuel third-party threats - Help Net Security
Business leaders see risks in economy, cyber threats and talent | Accounting Today
Why CFOs and CISOs Should Care About B2B Cyber Audits
New Cyber Attack Severity Classification Scale Unveiled By UK Org | MSSP Alert
Financial crime in the shadows of the dark web | Premium | Compliance Week
Threats
Ransomware, Extortion and Destructive Attacks
2024 Breaks Records With Highest Ever Ransomware Attacks
Number of active dark web ransomware groups up 38 percent in 2024
Ransomware Gangs Increasingly Prioritize Speed and Volume in Attacks - Infosecurity Magazine
Hackers Ramp Up Efficiency, Speed, and Scale in 2024,
Nation-state hackers want in on the ransomware action • The Register
Chinese Cyber Spy Possibly Launching Ransomware Attacks as Side Job - SecurityWeek
Triplestrength hits with ransomware, cloud crypto mining • The Register
Google says policymakers must stem upward cyber crime trend • The Register
US adversaries increasingly turning to cyber criminals and their malware for help | CyberScoop
Warning: Cyber Crime Services Underpin National Security Risk
‘We Don’t Negotiate with Terrorists’: Ransomware Strategy in Modern Cyber Security | MSSP Alert
Cyber attacks targeting medical organisations up 32% in 2024 | SC Media
US indicts 8Base ransomware operators for Phobos encryption attacks
Operation Phobos Aetor: Police dismantled 8Base ransomware gang
Thai authorities detain four Europeans in ransomware crackdown | CyberScoop
Ransomware Victims
Was Cisco Just Hit By Ransomware? What Happened And What To Do
Cisco Hacked – Ransomware Group Allegedly Breached & Gained AD Access
Cisco Says Ransomware Group's Leak Related to Old Hack - SecurityWeek
Cisco dispels Kraken data breach claims, insists stolen data came from old attack | ITPro
120K Compromised in Memorial Hospital Ransomware Attack
'Cyber event' delaying US newspaper prints enters 2nd week • The Register
Phishing & Email Based Attacks
SVG files are offering cyber criminals an easy way in with new phishing attacks | TechRadar
Cyber Criminals Weaponize Graphics Files in Phishing Attacks - Infosecurity Magazine
AI-Powered Social Engineering: Reinvented Threats
Cyber Criminals Exploit Valentine’s Day with Romance Scams, Phishing Attacks - Security Boulevard
Astaroth Phishing Kit Bypasses 2FA Using Reverse Proxy Techniques - Infosecurity Magazine
Google's DMARC Push Pays Off, but Challenges Remain
A new Facebook phishing campaign looks to trick you with emails sent from Salesforce | TechRadar
Cloudflare outage caused by botched blocking of phishing URL
Phishing Season 2025: The Latest Predictions Unveiled - Security Boulevard
Study: Workplace Phishing Tests Only Have a 2% Success Rate
Other Social Engineering
DPRK hackers dupe targets into typing PowerShell commands as admin
Windows, Mac And Linux Users Given New LinkedIn Security Warning
I'm a security expert and I almost fell for this IT job scam • The Register
Artificial Intelligence
Malicious AI Models on Hugging Face Exploit Novel Attack Technique - Infosecurity Magazine
DeepSeek App Transmits Sensitive User and Device Data Without Encryption
AI-Powered Social Engineering: Reinvented Threats
Bad Actors Target DeepSeek In LLMJacking Attacks
DeepSeek-R1: A Smorgasbord Of Security Risks
CISOs Brace for LLM-Powered Attacks: Key Strategies to Stay Ahead - Security Boulevard
How to Steer AI Adoption: A CISO Guide
AI-Driven Cyber Threats Require New Defence Strategies | MSSP Alert
Biz Beware: DeepSeek AI Fails Multiple Security Tests
AI chatbots distort the news, BBC finds - see what they get wrong | ZDNET
A review of the UK Government AI security guidance
How fake security reports are swamping open-source projects, thanks to AI | ZDNET
Rapid growth of AI poses ‘profound’ threat to privacy – The Irish Times
In Paris, US signals shift from AI safety to deregulation | CyberScoop
ChatGPT maker OpenAI taking claims of data breach ‘seriously’ | The Independent
20 million OpenAI users hacked? Here's how to stay safe | PCWorld
2FA/MFA
Astaroth Phishing Kit Bypasses 2FA Using Reverse Proxy Techniques - Infosecurity Magazine
Inside The Söze Syndicate: MFA Flaws, And The Battle For SMB Security
4 Ways to Keep MFA From Becoming too Much of a Good Thing
Malware
DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects
Millions of Mac owners urged to be on alert for info-stealing malware | Tom's Guide
Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks
US adversaries increasingly turning to cyber criminals and their malware for help | CyberScoop
Microsoft IIS servers targeted for malware deployment | SC Media
Hackers are targeting your password manager app | Mashable
Microsoft warns hackers have a new and devious way of distributing malware | TechRadar
Linux running in a PDF? This hack is as bizarre as it is brilliant | ZDNET
Bots/Botnets
Botnet Spotlight | Networks Hosting Botnet C&Cs: Same Players, Same Problems | Blog
Denial of Service/DoS/DDoS
DDoS Attack Volume and Magnitude Continues to Soar - Infosecurity Magazine
Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks
Internet of Things – IoT
Exclusive: Massive IoT Data Breach Exposes 2.7 Billion Records - Infosecurity Magazine
Data Breaches/Leaks
Research Reveals Data Breaches On The Rise at UK Law Firms | Tripwire
Exclusive: Massive IoT Data Breach Exposes 2.7 Billion Records - Infosecurity Magazine
Silent breaches are happening right now, most companies have no clue - Help Net Security
Over 3 million Fortune 500 employee accounts compromised since 2022 - Help Net Security
14 State AGs to Sue DOGE Over Payment System Access | MSSP Alert
Judge: DOGE made US Treasury ‘more vulnerable to hacking’ • The Register
Research Reveals Data Breaches On The Rise at UK Law Firms | Tripwire
20 million OpenAI users hacked? Here's how to stay safe | PCWorld
HPE notifies employees of data breach after Russian Office 365 hack
Over 882K Impacted By Hospital Sisters Health System Breach | MSSP Alert
Georgia Hospital Alerts 120,000 Individuals of Data Breach - Infosecurity Magazine
OpenAI Finds No Evidence of Breach After Hacker Offers to Sell 20 Million Credentials - SecurityWeek
Lexipol Data Leak: Hackers Drop Police Training Manuals
Cisco dispels Kraken data breach claims, insists stolen data came from old attack | ITPro
Additional Details on PowerSchool Breach Impact Emerge | MSSP Alert
120K Compromised in Memorial Hospital Ransomware Attack
Organised Crime & Criminal Actors
Nation-state hackers want in on the ransomware action • The Register
Google says policymakers must stem upward cyber crime trend • The Register
US adversaries increasingly turning to cyber criminals and their malware for help | CyberScoop
Warning: Cyber Crime Services Underpin National Security Risk
Russian cyber criminal Alexander Vinnik is being released from US custody in exchange for Marc Fogel
Russia taps cyber criminals to keep military pressure on Ukraine – POLITICO
Botnet Spotlight | Networks Hosting Botnet C&Cs: Same Players, Same Problems | Blog
Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Triplestrength hits with ransomware, cloud crypto mining • The Register
US: Man Gets 20 Years for $37m Crypto Heist - Infosecurity Magazine
Insider Risk and Insider Threats
Human Risk Management Will Be the Hot Topic of 2025 | Mimecast
Behavioural Analytics in Cyber Security: Who Benefits Most?
Insurance
Tips for Maximizing Your Cyber Insurance Program | Goodwin - JDSupra
Supply Chain and Third Parties
Nearly half of organisations suffer third-party security incidents
58% of UK financial firms targeted in supply chain cyber attacks, survey reveals
Third-Party Risk Management Failures Expose UK Finance Sector - Infosecurity Magazine
The hidden cyber threat lurking in your supply chain - Accountancy Age
Inconsistent security strategies fuel third-party threats - Help Net Security
Protecting Your Software Supply Chain: Assessing the Risks Before Deployment
It's time to secure the extended digital supply chain - Help Net Security
Why CFOs and CISOs Should Care About B2B Cyber Audits
IT reliance leaves insurers open to attack
Cloud/SaaS
Triplestrength hits with ransomware, cloud crypto mining • The Register
Outages
PlayStation Network Outage: A Wake-Up Call For Cyber Security?
Cloudflare outage caused by botched blocking of phishing URL
Encryption
UK's secret Apple iCloud backdoor order is a global emergency, say critics | TechCrunch
Apple’s ‘Dangerous’ iPhone Update Is Much Worse Than You Think
Experts Dismayed at UK’s Apple Encryption Demands - Infosecurity Magazine
The UK’s war on encryption affects all of us | The Verge
Europol Warns Financial Sector of “Imminent” Quantum Threat - Infosecurity Magazine
Passwords, Credential Stuffing & Brute Force Attacks
Over 3 million Fortune 500 employee accounts compromised since 2022 - Help Net Security
Security attacks on password managers have soared | TechRadar
Massive brute force attack uses 2.8 million IPs to target VPN devices
Huge cyber attack under way - 2.8 million IPs being used to target VPN devices | TechRadar
Social Media
Windows, Mac And Linux Users Given New LinkedIn Security Warning
What to do if your social media accounts are hacked | The Independent
Google fixes flaw that could unmask YouTube users' email addresses
A new Facebook phishing campaign looks to trick you with emails sent from Salesforce | TechRadar
Malvertising
Magecart Attackers Abuse Google Ad Tool to Steal Data
Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores
Chinese-Speaking Group Manipulates SEO with BadIIS | Trend Micro (US)
Regulations, Fines and Legislation
The UK’s war on encryption affects all of us | The Verge
CIOs to the DORA test: how to speed up the process for compliance | CSO Online
Apple ordered to open encrypted user accounts globally to UK spying | The Verge
NIS2: the GDPR of cyber security | TechRadar
Most UK GDPR Enforcement Actions Targeted Public Sector in 2024 - Infosecurity Magazine
Treasury Curtails Musk-led DOGE’s Government Access | MSSP Alert
Musk’s DOGE teen was fired by cyber security firm for leaking company secrets
Judge: DOGE made US Treasury ‘more vulnerable to hacking’ • The Register
Elon Musk's DOGE Is a Cyber Security Nightmare
The Government’s Computing Experts Say They Are Terrified - The Atlantic
A review of the UK Government AI security guidance
Cyber security group sues DOGE over data access | Mashable
Trump White House Dismantles Key Data Security Safeguards
In Paris, US signals shift from AI safety to deregulation | CyberScoop
Coast Guard falls short on maritime cyber security, GAO says • The Register
Trump Order Grants DOGE Hiring Powers, Raising Cyber Fears
Models, Frameworks and Standards
CIOs to the DORA test: how to speed up the process for compliance | CSO Online
NIS2: the GDPR of cyber security | TechRadar
Data Protection
Most UK GDPR Enforcement Actions Targeted Public Sector in 2024 - Infosecurity Magazine
Careers, Working in Cyber and Information Security
Tackling the UK's cyber security skills shortage | TechRadar
Cyber Security Challenge Announces Plans for Closure | SC Media UK
UK Military Fast-Tracks Cyber Security Recruitment - Infosecurity Magazine
Law Enforcement Action and Take Downs
US: Man Gets 20 Years for $37m Crypto Heist - Infosecurity Magazine
US indicts 8Base ransomware operators for Phobos encryption attacks
Operation Phobos Aetor: Police dismantled 8Base ransomware gang
Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster
US woman faces years in federal prison for running laptop farm for N Korean IT workers
Alabama Man Pleads Guilty to Hacking SEC's X Account - SecurityWeek
Misinformation, Disinformation and Propaganda
AI chatbots distort the news, BBC finds - see what they get wrong | ZDNET
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets
Nation State Actors
Nation-state hackers want in on the ransomware action • The Register
Google says policymakers must stem upward cyber crime trend • The Register
US adversaries increasingly turning to cyber criminals and their malware for help | CyberScoop
Warning: Cyber Crime Services Underpin National Security Risk
China
Chinese Cyber Spy Possibly Launching Ransomware Attacks as Side Job - SecurityWeek
Chinese espionage tools deployed in RA World ransomware attack
DeepSeek App Transmits Sensitive User and Device Data Without Encryption
New Chinese Hacking Campaign Targets Manufacturing Firms to Steal IP - Infosecurity Magazine
China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers | WIRED
DeepSeek-R1: A Smorgasbord Of Security Risks
We’re In for a Rude Awakening on Cyber Security
Security Researchers Warn of New Risks in DeepSeek AI App
Chinese-Speaking Group Manipulates SEO with BadIIS | Trend Micro (US)
Russia
A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks | WIRED
Russian state threat group shifts focus to US, UK targets | CyberScoop
Russia's intelligence recruits Ukrainians for terror attacks via messaging apps
Salt Typhoon's Impact on the US and Beyond
Russia taps cyber criminals to keep military pressure on Ukraine – POLITICO
Russian military hackers deploy malicious Windows activators in Ukraine
US, UK and Australia Hit Bulletproof Hoster Zservers with Sanctions - Infosecurity Magazine
HPE notifies employees of data breach after Russian Office 365 hack
Russian cyber criminal Alexander Vinnik is being released from US custody in exchange for Marc Fogel
Russia Says Baltic Sea Cable Damaged by ‘External Impact' - The Moscow Times
TeamViewer's CISO on Thriving After Russian Cyber-Attack - Infosecurity Magazine
North Korea
DPRK hackers dupe targets into typing PowerShell commands as admin
Researchers Unveiled Tactics, Techniques, and Procedures Used by North Korean Hackers
I'm a security expert and I almost fell for this IT job scam • The Register
US woman faces years in federal prison for running laptop farm for N Korean IT workers
Tools and Controls
Massive brute force attack uses 2.8 million IPs to target VPN devices
Security attacks on password managers have soared | TechRadar
Cyber resilience: A C-suite game plan for balancing innovation, compliance and risk | SC Media
From Reactive to Predictive: Building Cyber Resilience for 2025 - Security Boulevard
Analyst Burnout Is an Advanced Persistent Threat
Huge cyber attack under way - 2.8 million IPs being used to target VPN devices | TechRadar
Google's DMARC Push Pays Off, but Challenges Remain
7 tips for improving cyber security ROI | CSO Online
New Cyber Attack Severity Classification Scale Unveiled By UK Org | MSSP Alert
4 Ways to Keep MFA From Becoming too Much of a Good Thing
Behavioural Analytics in Cyber Security: Who Benefits Most?
Transforming Cyber Security With Continuous Threat Exposure Management
How Deepseek’s security failures shape the future of cyber defence on AI | Cybernews
Other News
Why Attackers Heart SMBs— and How to Fight Back | Symantec Enterprise Blogs
What is Physical Security and How Does it Work? | Definition from TechTarget
London council hit by 20,000 cyber attacks every day | The Standard
Elon Musk's DOGE Is a Cyber Security Nightmare
Cyber attacks targeting medical organisations up 32% in 2024 | SC Media
Cyber security requires new approaches, where all stakeholders contribute | Healthcare IT News
IT reliance leaves insurers open to attack
Canada to spend almost $38 million on huge cyber security overhaul
Vehicle cyber security under scrutiny as major hacking attempts triple in 2024
Japan Goes on Offense With New 'Active Cyber Defense' Bill
Cyber security group sues DOGE over data access | Mashable
Coast Guard falls short on maritime cyber security, GAO says • The Register
Linux running in a PDF? This hack is as bizarre as it is brilliant | ZDNET
Vulnerability Management
XE Group shifts from credit card skimming to exploiting zero-days
How fake security reports are swamping open-source projects, thanks to AI | ZDNET
Vulnerabilities
Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws
Adobe Plugs 45 Software Security Holes, Warn of Code Execution Risks - SecurityWeek
SonicWall firewall exploit lets hackers hijack VPN sessions, patch now
Fortinet 0-Day in FortiOS & FortiProxy Let Attackers Hijack Firewall to Gain Super Admin Access
SAP Releases 21 Security Patches - SecurityWeek
PAN-OS 0-day Vulnerability Let Attackers Bypass Web Interface Authentication
High-Severity OpenSSL Vulnerability Found by Apple Allows MitM Attacks - SecurityWeek
Apple’s security patch highlights the growing security threat – Computerworld
Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now
Chipmaker Patch Tuesday: Intel, AMD, Nvidia Fix High-Severity Vulnerabilities - SecurityWeek
Additional Details on PowerSchool Breach Impact Emerge | MSSP Alert
Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers
Apple fixes iPhone and iPad bug actively exploited in ‘extremely sophisticated attacks’
Progress Software fixed multiple high-severity LoadMaster flaws
Intel Patched 374 Vulnerabilities in 2024 - SecurityWeek
Security Researchers Warn of New Risks in DeepSeek AI App
PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.