Black Arrow Cyber Threat Intelligence Briefing 16 May 2025

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

There has been a continued rise in the sophistication and scale of social engineering threats, particularly phishing campaigns enhanced by generative AI. These attacks increasingly bypass traditional filters and exploit executive impersonation, with one malicious email now detected every 42 seconds. Simultaneously, criminal groups are embedding themselves within corporate environments for prolonged periods, enabled by ransomware-as-a-service and AI-driven deception. This underscores the need for continuous monitoring, behaviour-based threat detection, and stronger identity verification practices across organisations.

Meanwhile, the global cyber threat landscape is becoming more fragmented and unpredictable. Ransomware gangs are operating without clear allegiances, making extortion attempts more erratic and harder to trace. At the same time, state-aligned actors, including North Korean IT operatives, are covertly infiltrating Western businesses under fake identities, exploiting remote work trends to fund illicit national objectives. Despite growing investment, nearly three-quarters of CISOs admit incidents caused by unknown or unmanaged assets—highlighting the critical importance of full visibility across the digital estate.

We believe boards must move from passive oversight to active engagement. The UK’s new Cyber Governance Code of Practice reflects this shift, encouraging directors to treat cyber risk as integral to business resilience. As threats intensify, governance, testing, and strategic communication must become core pillars of cyber readiness.


Top Cyber Stories of the Last Week

Thousands of UK Companies 'Could Have M&S-Style Hackers Waiting in Their Systems'

There are warnings that a growing number of UK businesses may already be compromised, with attackers silently embedded in their systems awaiting the right moment to strike. This follows a surge in high-profile incidents including M&S, the Coop, Dior and Harrods, linked to an evolution of criminal tactics. The emergence of ‘ransomware-as-a-service’ is enabling less skilled actors to launch sophisticated attacks using pre-built tools. Combined with generative AI-enhanced social engineering, the risk landscape is becoming more unpredictable. Many firms remain unaware of these intrusions until damage is done, highlighting the urgent need for continuous monitoring and stronger internal controls.

North Korean IT Workers Are Being Exposed on a Massive Scale, Potentially Thousands of Businesses Infiltrated

North Korean IT workers are increasingly infiltrating Western businesses by posing as legitimate remote developers, generating hundreds of millions of dollars annually to fund the regime’s weapons programmes and evade sanctions. A new report has exposed over 1,000 email addresses linked to these operations, with individuals often using fake identities, AI tools, and face-changing software to secure roles. Despite operating globally from Laos to Russia, many leave digital trails that reveal their activities. The scale and adaptability of these operations, likened to a state-run crime syndicate, underline the need for tighter scrutiny of remote hiring and identity verification processes.

‘They Yanked Their Own Plug’: How Co-op Averted an Even Worse Cyber Attack

The UK supermarket chain Co-op appears to have avoided a more severe cyber attack by rapidly disconnecting its systems after detecting malicious activity, a decision that disrupted operations but ultimately prevented ransomware deployment. In contrast, M&S suffered greater system compromise, with ongoing issues affecting online orders and store operations. The incident is costing M&S an estimated £43 million per week. The cyber crime group responsible, linked to a service known as DragonForce, claims to have accessed both retailers’ networks. Co-op’s swift response is viewed by experts as a decisive move that limited long-term damage but highlighted the continuing challenge of restoring public trust.

UK Government Publishes New Software and Cyber Security Codes of Practice

The UK government has introduced two new voluntary codes to help raise standards in cyber security and software resilience. The Cyber Governance Code of Practice, aimed at boards and directors of medium and large organisations, sets out how leadership teams should govern and monitor cyber security risks. It encourages directors to embed cyber governance into business risk management, focusing on oversight rather than operational duties. Complementing this, the Software Security Code of Practice outlines 14 principles for secure software development and maintenance, aligned with international frameworks. While voluntary, both codes may soon influence contractual requirements in supply chains.

Ransomware and the Board’s Role: What You Need to Know

Ransomware continues to escalate in scale and complexity, with attackers leveraging AI, remote work gaps, and third-party exposures to increase pressure on organisations. Boards are being urged to actively engage in cyber resilience planning, ensuring foundational controls such as multi-factor authentication, immutable backups, and incident response protocols are in place. Emphasis is also placed on testing recovery capabilities, reviewing cyber insurance terms, and rehearsing decision-making through tabletop exercises. Crucially, boards must prepare for the strategic, legal and reputational implications of whether to pay a ransom, with pre-agreed decision frameworks now seen as essential for effective crisis response.

73% of CISOs Admit Security Incidents Due to Unknown or Unmanaged Assets

Nearly three-quarters of cyber security leaders admit to experiencing security incidents due to unknown or unmanaged assets within their IT environments. Despite 90% acknowledging that attack surface management directly affects business risk, fewer than half of organisations have dedicated tools in place, and 58% lack continuous monitoring. The consequences of inaction are wide-ranging, with leaders citing risks to business continuity, customer trust, financial performance, and supplier relationships. As digital infrastructures grow more complex, firms are being urged to treat cyber risk management as a strategic priority rather than a technical afterthought.

AI Is Making Phishing Emails Far More Convincing with Fewer Typos and Better Formatting: Here’s How to Stay Safe

AI is transforming phishing into a more dangerous and convincing threat. New analysis shows that email-based scams have risen by 70% year-on-year, with one malicious message detected every 42 seconds. These attacks now feature flawless grammar, professional formatting, and realistic sender details, often impersonating senior executives. Traditional email filters are struggling, particularly against polymorphic attacks that constantly change to evade detection. Over 40% of malware in these campaigns is newly observed, including remote access tools. With generative AI accelerating this trend, organisations must shift from legacy defences to behaviour-based threat detection and strengthen verification procedures across the organisation.

Ransomware Enters ‘Post-Trust Ecosystem’

Ransomware threats have entered a new, more fragmented era, where traditional trust between cyber criminals has broken down following major law enforcement operations. High-profile takedowns in 2024 disrupted dominant ransomware groups, leading to reduced ransom payments and a shift away from large, centralised platforms. The result is a more unpredictable threat landscape, marked by agile, peer-to-peer groups and an increase in encryption-less extortion. This decentralisation, alongside the rise of ransomware ‘cartels’, signals an evolution in attacker tactics that is lowering entry barriers and complicating defensive strategies for organisations of all sizes.

Sim-Swap Fraud Rises by 1,000%: Why You Should Use App-Based, not SMS-Based, Two-Factor Authentication

Sim-swap fraud in the UK has surged by over 1,000%, with nearly 3,000 cases reported in 2024, up from just 289 the previous year. Criminals exploit mobile phone providers to hijack victims' numbers, bypassing SMS-based two-factor authentication and gaining access to personal accounts. Older consumers and sectors like retail and telecoms are particularly vulnerable. The rise of eSims is expected to further increase risk. In one case, a victim lost £50,000 while abroad after fraudsters took control of his accounts. Organisations are urged to strengthen identity verification processes and encourage customers to use app-based authentication methods where possible.

Cyber Threats Outpace Global Readiness

The World Economic Forum has found that cyber threats are accelerating faster than many nations and organisations can respond, with 72% of businesses reporting an increasingly risky environment. Nearly 60% have already revised their cyber security strategies in response to global tensions and emerging threats. Despite progress in areas like infrastructure protection and public-private collaboration, most national approaches remain underdeveloped, especially in supporting small businesses and defining measurable outcomes. Just 14% of organisations feel fully prepared, highlighting a growing skills gap and the need for cyber security to be treated not only as risk mitigation but as a driver of trust and innovation.

CISOs Must Speak Business to Earn Executive Trust

Many business leaders still view cyber security as a barrier to speed and innovation, rather than a business enabler. There’s an argument that this perception must shift, with CISOs framing their role in terms of operational efficiency, resilience, and growth. By automating security controls and embedding them within business functions, CISOs can eliminate bottlenecks while reducing risk. Influence grows when security is expressed in business terms, highlighting revenue protection, risk-adjusted innovation, and customer trust. Effective CISOs use clear data, visual storytelling, and scenario-based dialogue to demonstrate value, helping boards see cyber security as a strategic partner rather than a cost centre.

Downing St Updating Secret Contingencies for Russia Cyber Attack, Report Claims

The UK government is reportedly updating its national defence strategy to reflect the rising threat of state-backed cyber attacks, particularly from Russia. The revised plans will, for the first time, include specific scenarios involving cyber attacks on critical infrastructure such as power grids, gas terminals and undersea cables. The existing contingency plan, last updated in 2005, is considered outdated given today’s cyber threat landscape. A recent risk assessment warned that such attacks could cause civilian casualties and severe disruption to essential services. Ministers are now preparing strategies for maintaining government operations during wartime or major national emergencies.

Sources:

https://news.sky.com/story/thousands-of-uk-companies-could-have-mands-style-hackers-waiting-in-their-systems-13368239

https://www.wired.com/story/north-korean-it-worker-scams-exposed/

https://www.bbc.co.uk/news/articles/cwy382w9eglo

https://natlawreview.com/article/uk-government-publishes-new-software-and-cyber-security-codes-practice

https://corpgov.law.harvard.edu/2025/05/10/ransomware-and-the-boards-role-what-you-need-to-know/

https://www.csoonline.com/article/3980431/more-assets-more-attack-surface-more-risk.html

https://www.techradar.com/pro/security/ai-is-making-phishing-emails-far-more-convincing-with-fewer-typos-and-better-formatting-heres-how-to-stay-safe

https://www.infosecurity-magazine.com/news/ransomware-enters-posttrust/

https://www.itv.com/news/2025-05-12/sim-swap-fraud-rises-by-1000-as-criminals-exploit-two-factor-authentication

https://www.scworld.com/brief/report-cyber-threats-outpace-global-readiness

https://www.helpnetsecurity.com/2025/05/13/pritesh-parekh-pagerduty-cisos-business-leaders-conversations/

https://www.publictechnology.net/2025/05/09/defence-and-security/downing-st-updating-secret-contingencies-for-russia-cyberattack-report-claims/



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Enters ‘Post-Trust Ecosystem,’ NCA Cyber Expert Says - Infosecurity Magazine

UK retailers face 10% rises in premiums after cyber attacks

Ransomware and the Board’s Role: What You Need to Know

The ransomware landscape in 2025 | Kaspersky official blog

Artificial Intelligence Fuels New Wave of Complex Cyber Attacks Challenging Defenders

‘Aggressive’ hackers of UK retailers are now targeting US stores, says Google | Technology | The Guardian

Companies take an average of four months to report a ransomware attack

Thousands of UK companies 'could have M&S-style hackers waiting in their systems' | Science, Climate & Tech News | Sky News

Data Exfiltration is the New Ransomware in Evolving Cyber Landscape

How Interlock Ransomware Affects the Defense Industrial Base Supply Chain

Ransomware spreads faster, not smarter - Help Net Security

Ransomware attacks up over 120 percent in two years

BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan

"Endemic" Ransomware Prompts NHS to Demand Supplier Action - Infosecurity Magazine

Inside the Ransomware Supply Chain: The Role of Initial Access Brokers in Modern Attacks | MSSP Alert

Threat hunting case study: Medusa ransomware | Intel 471

You think ransomware is bad? Wait until it infects CPUs • The Register

Beware — These Ransomware Hackers Are Watching You Work

Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency

Ransomware Victims

Marks and Spencer could face 12% drop in profits after cyber attacks

M&S to make £100m cyber claim from Allianz and Beazley

UK retailers face 10% rises in premiums after cyber attacks

‘Aggressive’ hackers of UK retailers are now targeting US stores, says Google | Technology | The Guardian

M&S Admit Customer Data Stolen in Cyber Incident | SC Media UK

Thousands of UK companies 'could have M&S-style hackers waiting in their systems' | Science, Climate & Tech News | Sky News

What we know about DragonForce ransomware • The Register

M&S cyber attack: How sim-swap fraudsters exploit trust to steal data | The Independent

'They yanked their own plug': How Co-op averted an even worse cyber attack - BBC News

How Interlock Ransomware Affects the Defense Industrial Base Supply Chain

Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data - SecurityWeek

Coinbase Targeted In $20 Million Extortion Plot Tied To Insider Data Leak - FinanceFeeds

Largest US steel manufacturer puts production on the backburner after cyber attack | TechRadar

Nova Scotia Power discloses data breach after March security incident

Security Firm Andy Frain Says 100,000 People Impacted by Ransomware Attack - SecurityWeek

Almost Half of Healthcare Breaches Involved Microsoft 365 | Security Magazine

Phishing & Email Based Attacks

AI is making phishing emails dangerously convincing with better spelling, grammar and formatting | TechRadar

New Phishing Attack Abusing Blob URLs to Bypass SEGs and Evade Analysis

Artificial Intelligence Fuels New Wave of Complex Cyber Attacks Challenging Defenders

Focused Phishing: Attack Targets Victims With Trusted Sites and Live Validation

This Microsoft 365 phishing campaign can bypass MFA - here's what we know | TechRadar

International cybercrime tackled: Amsterdam police and FBI dismantle proxy service Anyproxy – DataBreaches.Net

Email trap exposes 49K stockbroker customer records​ | Cybernews

Edinburgh schools targeted in cyber attack as pupils passwords reset - Edinburgh Live

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Despite drop in cyber claims, BEC keeps going strong - Help Net Security

Other Social Engineering

North Korea’s ‘state-run syndicate’ looks at cyber operations as a survival mechanism | CyberScoop

North Korean IT Workers Are Being Exposed on a Massive Scale | WIRED

‘Hello pervert’: the sextortion scam claiming to have videoed you | Money | The Guardian

Hackers now testing ClickFix attacks against Linux targets

88% of Executives Had Home Floor Plans Available Online | Security Magazine

Fraud, Scams and Financial Crime

North Korea’s ‘state-run syndicate’ looks at cyber operations as a survival mechanism | CyberScoop

North Korean IT Workers Are Being Exposed on a Massive Scale | WIRED

Fraud Losses Hit $11m Per Company as Customers Abuse Soars - Infosecurity Magazine

M&S cyber attack: How sim-swap fraudsters exploit trust to steal data | The Independent

Sim-swap fraud rises by 1,000% as criminals seek to exploit growth of two-factor authentication | ITV News

4 times data breaches ramped up the UK's fraud risk - Which?

European Police Bust €3m Investment Fraud Ring - Infosecurity Magazine

‘Hello pervert’: the sextortion scam claiming to have videoed you | Money | The Guardian

Deepfake voices of senior US officials used in scams: FBI • The Register

Deepfake attacks could cost you more than money - Help Net Security

International Crime Rings Defraud US Gov't Out of Billions

Artificial Intelligence

AI is making phishing emails dangerously convincing with better spelling, grammar and formatting | TechRadar

Artificial Intelligence Fuels New Wave of Complex Cyber Attacks Challenging Defenders

Cisco: Majority of Businesses Unprepared for AI Cyberattacks

NCSC sounds warning over AI threat to critical national infrastructure | UKAuthority

In the AI age, excessive data accumulation is a cyber security threat - Nikkei Asia

Can Cyber Security Keep Up With the AI Arms Race?

AI-Powered DDoS Attacks Are Changing the Threat Landscape | IT Pro

Deepfake voices of senior US officials used in scams: FBI • The Register

Deepfake attacks could cost you more than money - Help Net Security

Why security teams cannot rely solely on AI guardrails - Help Net Security

Over Three Thousand macOS Cursor Users Compromised

Deepfake Defense in the Age of AI

AI vs AI: How cyber security pros can use criminals’ tools against them - Help Net Security

 FTC wants a new, segregated software system to police deepfake porn  | CyberScoop

Tackling threats and managing budgets in an age of AI  - Tech Monitor

Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures

noyb sends Meta C&D demanding no EU user data AI training • The Register

How To Remove Meta AI From All Your WhatsApp Chats

2FA/MFA

This Microsoft 365 phishing campaign can bypass MFA - here's what we know | TechRadar

Malware

Malware landscape dominated by FakeUpdates | SC Media

Over Three Thousand macOS Cursor Users Compromised

Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures

Bots/Botnets

7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. - Dutch Operation

Police dismantles botnet selling hacked routers as residential proxies

Three Russians, one Kazakhstani charged in takedown of Anyproxy and 5socks botnets | The Record from Recorded Future News

Mobile

M&S cyber attack: How sim-swap fraudsters exploit trust to steal data | The Independent

Sim-swap fraud rises by 1,000% as criminals seek to exploit growth of two-factor authentication | ITV News

Denial of Service/DoS/DDoS

AI-Powered DDoS Attacks Are Changing the Threat Landscape | IT Pro

A cyber attack briefly disrupted South African Airways operations

Internet of Things – IoT

UK report uncovers serious security flaws in business IoT devices

Data Breaches/Leaks

Company and Personal Data Compromised in Recent Insight Partners Hack  - SecurityWeek

Insight Partners fears secret financial info cyber-stolen • The Register

4 times data breaches ramped up the UK's fraud risk - Which?

Nova Scotia Power discloses data breach after March security incident

Ascension reveals personal data of 437,329 patients exposed in cyberattack

Almost Half of Healthcare Breaches Involved Microsoft 365 | Security Magazine

Hackers hit deportation airline GlobalX, leak flight manifests, and leave an unsubtle message for "Donnie" Trump

Email trap exposes 49K stockbroker customer records​ | Cybernews

Fashion giant Dior discloses cyberattack, warns of data breach

Australian Human Rights Commission Discloses Data Breach - SecurityWeek

160,000 Impacted by Valsoft Data Breach - SecurityWeek

Organised Crime & Criminal Actors

Who needs VC funding? How cybercriminals spread their ill-gotten gains to everyday business ventures | CyberScoop

Global Cyber Alliance Launches Internet Pollution Index to Combat Malicious Online Activity Around the World

How Security Has Changed the Hacker Marketplace

NatWest facing 100 million cyber attacks each month as experts reveal ‘staggering’ scale... - LBC

Kosovo authorities extradited admin of the cybercrime marketplace BlackDB.cc

Andrei Tarasov: Inside the Journey of a Russian Hacker on the FBI’s Most Wanted List - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data

Coinbase data breach exposes customer info and government IDs

Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data - SecurityWeek

Telegram shuts ‘largest darknet marketplace to have ever existed’

Insider Risk and Insider Threats

North Korea’s ‘state-run syndicate’ looks at cyber operations as a survival mechanism | CyberScoop

North Korean IT Workers Are Being Exposed on a Massive Scale | WIRED

Layoffs pose a cybersecurity risk: Here's why offboarding matters - Help Net Security

Insider risk management needs a human strategy - Help Net Security

How working in a stressful environment affects cybersecurity - Help Net Security

Insurance

M&S to make £100m cyber claim from Allianz and Beazley

UK retailers face 10% rises in premiums after cyber attacks

Despite drop in cyber claims, BEC keeps going strong - Help Net Security

Cyber cover needs to be a board conversation business chiefs warned

Supply Chain and Third Parties

How Interlock Ransomware Affects the Defense Industrial Base Supply Chain

"Endemic" Ransomware Prompts NHS to Demand Supplier Action - Infosecurity Magazine

Earth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan | Trend Micro (US)

Cloud/SaaS

Microsoft Listens to Security Concerns and Delays New OneDrive Sync - Security Boulevard

Microsoft Teams will soon block screen capture during meetings

Almost Half of Healthcare Breaches Involved Microsoft 365 | Security Magazine

Identity and Access Management

The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That

Linux and Open Source

New Linux Vulnerabilities Surge 967% in a Year - Infosecurity Magazine

Hackers now testing ClickFix attacks against Linux targets

Passwords, Credential Stuffing & Brute Force Attacks

The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That

Social Media

Well, Well, Well: Meta to Add Facial Recognition To Glasses After All

Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures

noyb sends Meta C&D demanding no EU user data AI training • The Register

Regulations, Fines and Legislation

Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection

Why we must reform the Computer Misuse Act: A cyber pro speaks out | Computer Weekly

EU extends cyber sanctions regime amid rising digital threats - EU Reporter

UK Government Publishes New Software and Cyber Security Codes of Practice

NCSC assures CISA relationship unchanged post-Trump • The Register

DHS won’t tell Congress how many people it’s cut from CISA | CyberScoop

10 Reasons Why America Needs a Cyber Force

New cyber security law updates may be on the way

President Trump's Qatari 747 is a flying security disaster • The Register

CISA Reverses Decision on Cyber Security Advisory Changes - Infosecurity Magazine

Update to How CISA Shares Cyber-Related Alerts and Notifications | CISA

US Army Deactivates Only Active-Duty Information Operations Command

New EU vulnerability database will complement CVE program, not compete with it, says ENISA | CSO Online

What Does EU's Bug Database Mean for Vulnerability Tracking?

CVE funding crisis offers chance for vulnerability remediation rethink | CSO Online

Models, Frameworks and Standards

UN Launches New Cyber-Attack Assessment Framework - Infosecurity Magazine

UK Government Publishes New Software and Cyber Security Codes of Practice

New Cyber Security Certification for Defence Announced

NCSC and industry at odds over how to tackle shoddy software • The Register

Data Protection

noyb sends Meta C&D demanding no EU user data AI training • The Register

Careers, Working in Cyber and Information Security

Most businesses can't fill cyber roles leaving huge gaps in defense | TechRadar

Linux Foundation debuts Cybersecurity Skills Framework to address enterprise talent gaps - SiliconANGLE

Cyber Security Skills Framework connects the dots between IT job roles and the practical skills needed - Help Net Security

Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe – Krebs on Security

EU Launches Free Entry-Level Cyber Training Program - Infosecurity Magazine

Infosec Layoffs Aren't the Bargain Boards May Think

Law Enforcement Action and Take Downs

Police dismantles botnet selling hacked routers as residential proxies

Three Russians, one Kazakhstani charged in takedown of Anyproxy and 5socks botnets | The Record from Recorded Future News

Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data

European Police Bust €3m Investment Fraud Ring - Infosecurity Magazine

Kosovo authorities extradited admin of the cybercrime marketplace BlackDB.cc

Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Locked Shields 2025 Showcased Nations' Commitment to Defending Cyberspace

Nation State Actors

CyberUK 2025: Resilience and APT Threats Loom Large

China

Chinese hackers behind attacks targeting SAP NetWeaver servers

Can Cybersecurity Keep Up With the AI Arms Race?

Locked Shields 2025 Showcased Nations' Commitment to Defending Cyberspace

‘Rogue’ devices found in Chinese solar inverters - PV Tech

Earth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan | Trend Micro (US)

Ghost in the machine? Rogue communication devices found in Chinese inverters | Reuters

Russia

Downing St updating secret contingencies for Russia cyberattack, report claims – PublicTechnology

Russia-linked hackers target webmail servers in Ukraine-related espionage operation - Help Net Security

Fancy Bear campaign sought emails of high-level Ukrainians and their military suppliers | CyberScoop

Andrei Tarasov: Inside the Journey of a Russian Hacker on the FBI’s Most Wanted List - SecurityWeek

Attack claimed by pro-Ukraine hackers reportedly erases a third of Russian court case archive | The Record from Recorded Future News

North Korea

North Korea’s ‘state-run syndicate’ looks at cyber operations as a survival mechanism | CyberScoop

North Korean IT Workers Are Being Exposed on a Massive Scale | WIRED

North Korea ramps up cyberspying in Ukraine to assess war risk


Tools and Controls

CyberUK 2025: Resilience and APT Threats Loom Large

Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals

DMARC’s Future: Ignoring Email Authentication is No Longer an Option - Security Boulevard

73% of CISOs admit security incidents due to unknown or unmanaged assets | CSO Online

Layoffs pose a cybersecurity risk: Here's why offboarding matters - Help Net Security

The browser blind spot: Hidden security risks behind employee web activity - Digital Journal

UK Government Publishes New Software and Cyber Security Codes of Practice

When the Perimeter Fails: Microsegmentation as the Last Line of Defense - Security Boulevard

Cyber cover needs to be a board conversation business chiefs warned

CIOs paying too much for not enough IT security - survey - TechCentral.ie

Cyber Security’s Early Warning System: How Live Network Traffic Analysis Detects The ‘Shock Wave’ Before the Breach ‘Tsunami’  - Security Boulevard

New UK Security Guidelines Aims to Reshape Software Development

NCSC and industry at odds over how to tackle shoddy software • The Register

Locked Shields 2025 Showcased Nations' Commitment to Defending Cyberspace

Government webmail hacked via XSS bugs in global spy campaign

88% of Executives Had Home Floor Plans Available Online | Security Magazine

Why Red Teaming belongs on the C-suite agenda | TechRadar

Pen Testing for Compliance Only? It's Time to Change Your Approach

Tackling threats and managing budgets in an age of AI  - Tech Monitor

Building Effective Security Programs Requires Strategy, Patience, and Clear Vision



Vulnerability Management

SonicWall customers confront resurgence of actively exploited vulnerabilities | CyberScoop

Beyond Vulnerability Management – Can You CVE What I CVE?

Your old router could be a security threat - here's why and what to do | ZDNET

ISO - Configuration management: Why it’s so important for IT security

Malware landscape dominated by FakeUpdates | SC Media

DHS won’t tell Congress how many people it’s cut from CISA | CyberScoop

CISA Reverses Decision on Cybersecurity Advisory Changes - Infosecurity Magazine

EU launches own vulnerability database in wake of CVE funding issues | Cybernews

New EU vulnerability database will complement CVE program, not compete with it, says ENISA | CSO Online

Why CVSS is failing us and what we can do about it • The Register

New Linux Vulnerabilities Surge 967% in a Year - Infosecurity Magazine

CVE funding crisis offers chance for vulnerability remediation rethink | CSO Online

EU bug database fully operational as US slashes infosec • The Register

CVE funding crisis offers chance for vulnerability remediation rethink | CSO Online

Vulnerabilities

Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server

SonicWall Under Pressure as Security Flaws Resurface | MSSP Alert

Your old router could be a security threat - here's why and what to do | ZDNET

Adobe Patches Big Batch of Critical-Severity Software Flaws - SecurityWeek

Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems

Critical Vulnerabilities in Mitel SIP Phones Let Attackers Inject Malicious Commands

Apple Patches Major Security Flaws in iOS, macOS Platforms - SecurityWeek

Compromised SAP NetWeaver instances are ushering in opportunistic threat actors - Help Net Security

Broadcom urges patching VMware Tools vulnerability | Cybernews

Ivanti warns of critical Neurons for ITSM auth bypass flaw

Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers - SecurityWeek

BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan

New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy

New Linux Vulnerabilities Surge 967% in a Year - Infosecurity Magazine

SAP cyberattack widens, drawing Salt Typhoon and Volt Typhoon comparisons | CyberScoop

Critical SAP NetWeaver Vuln Faces Barrage of Cyber Attacks

SAP patches second zero-day flaw exploited in recent attacks

Commvault Command Center patch incomplete: researcher • The Register

Chipmaker Patch Tuesday: Intel, AMD, Arm Respond to New CPU Attacks - SecurityWeek

CISA Warns of TeleMessage Vuln Despite Low CVSS Score

Flaw in Asus DriverHub makes utility vulnerable to remote code execution | Tom's Hardware

Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Previous
Previous

Black Arrow Cyber Threat Intelligence Briefing 23 May 2025

Next
Next

Black Arrow Cyber Advisory 15 May 2025 – Microsoft, Adobe, Ivanti, Fortinet, ASUS, Apple, Broadcom, Juniper and Zoom Security Updates