Black Arrow Cyber Threat Intelligence Briefing 18 April 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Exec Summary
Black Arrow’s look at threat intelligence from the last week highlights that email-based fraud is still rampant, accounting for 83% of financial fraud claims, highlighting how easily employees can be deceived by impersonation and AI-generated scams. Similarly, credential stuffing and phishing campaigns persistently exploit insufficient password practices and user behaviour, with financial and insurance firms reporting average losses of over $500,000 per incident.
We report on the reprimand and fine imposed by the UK’s information security authority, the ICO, on a law firm with Cyber Essentials that had failed to prevent a breach of its systems that resulted in significant data loss. Other insights include the risks posed by third parties, mergers, and even basic mobile device theft. These underscore the need for tighter internal controls, stronger governance, and proactive risk assessments.
That risk assessment should include Cyber Risk Quantification which, as we report, is increasingly used to align cyber priorities with financial goals. As regulatory pressures mount and geopolitical tensions rise, Black Arrow recommends embedding cyber risk assessment and management into board-level strategy to enable a justified investment in long-term cyber resilience to withstand the evolving threat landscape.
Top Cyber Stories of the Last Week
Fraud in Your Inbox: Email Is Still the Weakest Link
At-Bay’s latest report reveals that 83% of financial fraud claims originate from email-based attacks, with tactics such as executive impersonation and AI-generated scams increasingly used to deceive employees. Email remains the weakest link, particularly for mid-sized firms. Financial and insurance sectors reported average losses exceeding $500,000 per incident. As a result, cyber insurers are now demanding stronger controls such as multifactor authentication and email security protocols before issuing cover. The findings highlight a growing need to tackle human error and social engineering in everyday digital communication.
Firm Fined After Stolen Client Details Leaked onto Dark Web
DPP Law Ltd has been fined £60,000 following a cyber attack in which over 32GB of sensitive client data, including court files and police bodycam footage, was stolen and leaked on the dark web. The Information Commissioner’s Office found significant lapses in the firm’s cyber security, including failure to report the breach within the required 72 hours and reliance on an outdated administrator account with full access rights. Despite being certified under Cyber Essentials, DPP was found to lack sufficient internal IT oversight, highlighting the ongoing risk of relying solely on third-party providers without conducting proper risk assessments.
Financial Fraud, with a Third-Party Twist, Dominates Cyber Claims
Cyber insurers report that financial fraud, often sparked by phishing and third-party breaches, was the most frequent cause of claims in 2024, while ransomware remained the costliest. Claims rose by 16% overall. Attacks linked to third parties surged, with indirect ransomware claims rising 72% to $241,000 per incident. One insurer found third-party breaches drove nearly a third of all claims. Experts stress that organisations must now treat third-party risk as their own, investing in visibility, detection tools, and security partnerships to stay ahead in an increasingly interconnected threat landscape.
Cyber Risks in M&A: When Companies Merge, So Do Their Cyber Threats
Mergers and acquisitions bring growth opportunities but also expose firms to significant cyber security risks. Inherited vulnerabilities, misaligned systems, and inconsistent compliance standards are common challenges, particularly in cross-border deals. Over 150 small business assessments revealed most operate below the ‘cyber poverty line’, lacking basic controls like asset inventories and incident response plans. Experts stress that cultural mismatches, not just technical gaps, pose the greatest risk. Successful integration demands early due diligence, strong identity and access management, and a collaborative approach to governance and risk alignment, with CISOs playing a central role in bridging operational differences and building long-term resilience.
CISOs Turn to Cyber Risk Quantification to Bridge the Gap Between Security and Business
CISOs are increasingly adopting Cyber Risk Quantification (CRQ) to help business leaders understand cyber risks in financial terms. By calculating potential monetary losses from cyber incidents, CRQ enables more informed, board-level decision-making. The approach supports alignment between security investments and business objectives, helping organisations prioritise resources based on financial risk tolerance. A recent report highlights that CRQ can show, for example, how a $1 million investment in security controls may reduce expected annual losses by $5 million. As regulatory scrutiny grows, CRQ is proving essential for demonstrating accountability and embedding cyber risk into wider business strategy.
UK Financial Services Under Pressure from Cyber Security Challenges and Mounting Regulatory Requirements
Bridewell’s latest research highlights regulation as both the biggest challenge and key driver of cyber security maturity in UK financial services, with 44% of firms citing compliance as their top concern. Response times to ransomware remain static at over 6.7 hours, while supply chain attacks take nearly 16 hours to resolve. Remote working (39%) and cloud security (35%) continue to pose risks, and AI-powered phishing is now the most feared emerging threat (89%). Despite strong confidence in infrastructure security, over half plan to outsource due to ongoing skills shortages, and 63% expect to increase cyber security investment in the year ahead.
Organisations Can’t Afford to Be Non-Compliant
Secureframe has found that non-compliance can cost organisations up to 2.71 times more than maintaining a proper compliance programme. European regulators alone have issued €4.48 billion in fines across over 2,000 cases, with GDPR violations such as Meta’s €1.2 billion penalty topping the list. In the US, SOX and HIPAA enforcement continues to intensify, with executives facing personal liability and healthcare breaches driving $144.9 million in fines. Failure to comply also threatens contracts and revenue, as seen when Health Net Federal Services paid $11.2 million and lost a key defence contract. Proactive compliance is now essential for risk reduction and resilience.
C-Suite Divides on Cyber Security Threats Pose Organisational Risks, Study Finds
EY’s latest study reveals that 84% of C-suite leaders in the US experienced a cyber security incident in the past three years, with firms seeing an average 1.5% drop in stock price within 90 days of an event. The research highlights a critical disconnect, with CISOs significantly more concerned about threats than their executive peers. Just 21% of leaders currently allocate more than 10% of their IT budget to cyber security, though this is expected to rise to 38% next year. EY urges firms to treat cyber security as a strategic investment, not a cost, to improve resilience and reduce financial risk.
Cyber Security Threats and Geopolitical Risks Top Business Travel Concerns
A recent survey of 500 UK business travellers reveals rising concern around the safety of corporate travel, with nearly half feeling less safe than in the past. Key risks for 2025 include travel disruption (74%), loss of essential items (72%), crime (65%), cyber security threats (62%), and geopolitical instability (59%). Emergency evacuations rose 17% last year, while severe weather disruptions surged by nearly 50%. The findings underscore the need for real-time risk mitigation and tailored support for diverse traveller profiles.
Rising Cyber Threats Fuel 12.2% Growth in Global Cyber Security Spending
Global cyber security spending is set to rise by 12.2% by 2025, reaching $377 billion by 2028, as organisations respond to increasingly sophisticated cyber threats and the rapid uptake of digital technologies. The U.S. and Europe will drive this growth, accounting for 70% of global spend, though the fastest increases are expected in Latin America, Central and Eastern Europe, and the Middle East and Africa. Banking, government, and healthcare will lead investment, while capital markets and life sciences show the sharpest growth. Firms are prioritising proactive security strategies as both a protective measure and long-term competitive advantage.
Understanding Credential Stuffing: A Growing Cyber Security Threat
Credential stuffing is a fast-growing cyber security threat that exploits users’ tendency to reuse passwords. Attackers use stolen credentials and automated tools to test them across websites, often breaching thousands of accounts despite a low success rate. Businesses face average annual losses of $6 million due to fraud, legal action, and customer churn. The attacks are difficult to detect, mimicking legitimate login activity using rotating IPs and global bot networks.
30% of Charities Experienced Cyber Security Breaches or Attacks Last Year
UK Government figures reveal that 30% of UK charities – around 61,000 – experienced a cyber security breach or attack in the past year, with phishing remaining the most common and disruptive threat. Of those affected, 86% faced phishing incidents, while a fifth reported attacks on a weekly basis. Despite this, only 35% have formal cyber security policies, and just 21% of larger charities reviewed immediate supplier risks. While 68% of senior leadership view cyber security as a high priority, board-level expertise remains limited, raising concerns about effective governance and decision-making in this increasingly targeted sector.
The UK’s Phone Theft Crisis Is a Wake-Up Call for Digital Security
Phone theft has surged across the UK, with over 83,000 incidents reported annually and 1,000 stolen phones recovered weekly in London alone. This growing criminal trade, valued at £50 million, is more than a loss of devices: it’s a gateway to financial fraud, identity theft, and corporate data breaches. Thieves exploit weak PINs and stored credentials to bypass biometrics, access accounts, and lock out victims. As personal and work data converge on mobile devices, businesses must adopt stricter mobile security controls and user awareness campaigns. This crisis highlights the urgent need for stronger digital hygiene and coordinated action across sectors.
Sources:
https://www.bankinfosecurity.com/fraud-in-your-inbox-email-still-weakest-link-a-27997
https://www.darkreading.com/threat-intelligence/financial-fraud-third-party-cyber-claims
https://www.helpnetsecurity.com/2025/04/16/mergers-and-acquisitions-cybersecurity/
https://cybersecuritynews.com/cyber-risk-quantification/
https://www.helpnetsecurity.com/2025/04/14/regulatory-non-compliance-penalties/
https://www.techmonitor.ai/news/c-suite-divides-cybersecurity-threats-pose-organisational-risks
https://petri.com/businesses-increase-cybersecurity-spending-12-2/
https://www.helpnetsecurity.com/2025/04/18/uk-phone-theft-crisis/
Governance, Risk and Compliance
Organisations can't afford to be non-compliant - Help Net Security
The UK's cyber blindspot lies with its SMBs
The most dangerous time for enterprise security? One month after an acquisition | CSO Online
When companies merge, so do their cyber threats - Help Net Security
C-suite divides on cyber security threats pose organisational risks
Businesses to Increase Cyber Security Spending by 12.2%
Cyber Risk Quantification - Turning Security into Business Language
The Future of GRC - Integrating ESG, Cyber, and Regulatory Risk
Are We Prioritizing the Wrong Security Metrics?
Why 78% of Security Leaders Are Rethinking Their Entire Cyber Strategy in 2025
What boards want and don’t want to hear from cyber security leaders | CSO Online
Cyber Security Leadership in Crisis? CISO Resignations Spike After Major Breaches
Why Every CISO Needs a Crisis Communications Plan in 2025
CISOs Face 2025 Cyber Threats with Shrinking Budgets and High Demands
Cyber threats are inevitable - Is your board ready? - Businessday NG
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware crooks search for 'insurance' 'policy' right away • The Register
Unpacking IABs: The Middlemen Fuelling Ransomware Attacks
More Resilient Organisations Successfully Battled Ransomware in 2024: BakerHostetler
Black Basta-like Microsoft Teams phishing leads to novel backdoor | SC Media
HelloKitty Ransomware Resurafced Targeting Windows, Linux, & ESXi Environments
RansomHouse Ransomware: What You Need To Know | Fortra
The CISO's Guide to Managing Ransomware Threats in 2025
Ransomware Reaches A Record High, But Payouts Are Dwindling | Tripwire
Ransomware Attacks Rose by 126% Attacking Consumer Goods & Services Companies
Ransomware Victims
Cyber Attack Impacting Oregon Environmental Department
Ransomware attack cost IKEA operator in Eastern Europe $23 million
Kidney dialysis firm DaVita hit by weekend ransomware attack
Ransomware Group Claims Hacking of Oregon Regulator After Data Breach Denial - SecurityWeek
Ahold Delhaize confirms data theft after INC ransomware claims attack
Phishing & Email Based Attacks
Fraud in Your Inbox: Email Is Still the Weakest Link
Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft
Tycoon2FA phishing kit targets Microsoft 365 with new tricks
Black Basta-like Microsoft Teams phishing leads to novel backdoor | SC Media
Cozy Bear Strikes Again: Sophisticated Phishing Campaign Hits EU Foreign Ministries
AI Presentation Tool Leveraged in Phishing Attacks
Watch Out for This Sophisticated Phishing Email That Looks Like It's From Google
Other Social Engineering
Cozy Bear Strikes Again: Sophisticated Phishing Campaign Hits EU Foreign Ministries
Russian state hackers target European diplomats — with fake wine-tasting events – POLITICO
Minister’s hacked X account promotes ‘House of Commons cryptocurrency’ scam | The Standard
Fraud, Scams and Financial Crime
Financial Fraud, With a Third-Party Twist, Dominates Cyber Claims
Romance As A Weapon: The New Face Of Cyberattacks
Google blocked over 5 billion ads in 2024 amid rise in AI-powered scams
Microsoft Thwarts $4bn in Fraud Attempts - Infosecurity Magazine
Holyrood Article | UK minister's X account hacked to promote fake cryptocurrency
Man who helped scammers swindle at least £100m from victims is jailed | UK News | Sky News
The Most Dangerous Hackers You’ve Never Heard Of | WIRED
Artificial Intelligence
The quiet data breach hiding in AI workflows - Help Net Security
Google blocked over 5 billion ads in 2024 amid rise in AI-powered scams
AI Presentation Tool Leveraged in Phishing Attacks
Report: Cyber Security, Not AI, Is Top Concern for Businesses
Widely available AI tools signal new era of malicious bot activity - Help Net Security
CISOs Respond to Surge in AI-Powered Attacks with Advanced Defence Strategies
When AI agents go rogue, the fallout hits the enterprise - Help Net Security
Organisations Found to Address Only 21% of GenAI-Related Flaws - Infosecurity Magazine
Comprehensive framework addresses AI cyber threats
10 Bugs Found in Perplexity AI's Chatbot Android App
Meta Resumes EU AI Training Using Public User Data After Regulator Approval
2FA/MFA
Don't just lock your door: MFA alone is not enough in today's cyber security climate | TechRadar
Tycoon2FA phishing kit targets Microsoft 365 with new tricks
Malware
European Companies Infected With New Chinese-Nexus Backdoor
New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms
Cozy Bear Strikes Again: Sophisticated Phishing Campaign Hits EU Foreign Ministries
Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool
DPRK Hackers Exploit LinkedIn to Infect Developers with Infostealers - Infosecurity Magazine
Emulating the Stealthy StrelaStealer Malware - Security Boulevard
Over 16,000 Fortinet devices compromised with symlink backdoor
Midnight Blizzard deploys new GrapeLoader malware in embassy phishing
Paper Werewolf Targets Flash Drives With New Malware
Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT
Bots/Botnets
Widely available AI tools signal new era of malicious bot activity - Help Net Security
Mobile
The UK’s phone theft crisis is a wake-up call for digital security - Help Net Security
5 warning signs that your phone's been hacked - and how to fight back | ZDNET
Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users
‘China Is Everywhere’—Your iPhone, Android Phone Now At Risk
How This Simple Phone Security Boost From Google Could Be Good for Your Business
Building mobile security awareness training for end users | TechTarget
Google adds Android auto-reboot to block forensic data extractions
Your Android phone is getting a new security secret weapon - how it works | ZDNET
10 Bugs Found in Perplexity AI's Chatbot Android App
Internet of Things – IoT
Securing digital products under the Cyber Resilience Act - Help Net Security
Data Breaches/Leaks
From likes to leaks: How social media presence impacts corporate security - Help Net Security
Hacked law firm 'didn't think it was a data breach' – the ICO disagreed | IT Pro
The quiet data breach hiding in AI workflows - Help Net Security
Sector by sector: How data breaches are wrecking bottom lines - Help Net Security
Lessons from the cyber attacks on Brydens Lawyers, Aussie super funds - Lawyers Weekly
Hertz confirms customer info, drivers' licenses stolen in data breach
Govtech giant Conduent confirms client data stolen in January cyberattack
Hertz says personal, sensitive data stolen in Cleo attacks • The Register
Insurance Firm Lemonade Says API Glitch Exposed Some Driver’s License Numbers - SecurityWeek
Landmark Admin now says info on 1.6M people stolen from it • The Register
Western Sydney University discloses security breaches, data leak
Laboratory Services Cooperative data breach impacts 1.6M People
Entertainment venue management firm Legends International disclosed a data breach
Private Jet Hack Surfaces Guide to Serving Elon Musk on Flights
Organised Crime & Criminal Actors
Cyber criminal groups embrace corporate structures to scale, sustain operations - Help Net Security
The Most Dangerous Hackers You’ve Never Heard Of | WIRED
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users
TraderTraitor: The Kings of the Crypto Heist | WIRED
Holyrood Article | UK minister's X account hacked to promote fake cryptocurrency
The Most Dangerous Hackers You’ve Never Heard Of | WIRED
Binance Users Targeted by New Phishing SMS Scam
Insider Risk and Insider Threats
Cyber Security by Design: When Humans Meet Technology
Insurance
Ransomware crooks search for 'insurance' 'policy' right away • The Register
Financial Fraud, With a Third-Party Twist, Dominates Cyber Claims
What insurers should know about today’s cyber threats - Insurance Post
You’re always a target, so it pays to review your cyber security insurance | CSO Online
Supply Chain and Third Parties
Financial Fraud, With a Third-Party Twist, Dominates Cyber Claims
Building Cyber Resilience into Supply Chains | Manufacturing.net
From Third-Party Vendors to US Tariffs: The New Cyber Risks Facing Supply Chains
Govtech giant Conduent confirms client data stolen in January cyber attack
Landmark Admin now says info on 1.6M people stolen from it • The Register
Cloud/SaaS
Microsoft blocks ActiveX by default in Microsoft 365, Office 2024
Black Basta-like Microsoft Teams phishing leads to novel backdoor | SC Media
Identity and Access Management
Identity Attacks Now Comprise a Third of Intrusions - Infosecurity Magazine
Encryption
Why businesses must prepare for a post-quantum future | TechRadar
Government's privacy dispute with Apple 'really strange', expert says
Linux and Open Source
HelloKitty Ransomware Resurafced Targeting Windows, Linux, & ESXi Environments
Chinese espionage group leans on open-source tools to mask intrusions | CyberScoop
Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool
Passwords, Credential Stuffing & Brute Force Attacks
Credential theft escalates as threat actors use stealthier tactics
Understanding Credential Stuffing: A Growing Cyber Security Threat - Security Boulevard
Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft
Identity Attacks Now Comprise a Third of Intrusions - Infosecurity Magazine
Social Media
From likes to leaks: How social media presence impacts corporate security - Help Net Security
Holyrood Article | UK minister's X account hacked to promote fake cryptocurrency
Regulations, Fines and Legislation
Hacked law firm 'didn't think it was a data breach' – the ICO disagreed | IT Pro
ICO fines law firm £60,000 after dark web publishes client data - Legal Futures
Law biz appeals £60K ICO fine over 32 GB digital burglary • The Register
UK: Will UK Cyber Reforms Keep Step with NIS2? | DLA Piper - JDSupra
CVE Program Funding Reinstated—What It Means And What To Do Next
Cutting NIST’s Workforce Threatens American Tech Innovation and Leadership
Pall Mall Process Progresses but Leads to More Questions
Cybersecurity act: European Commission prepares revision | Practical Law
The US almost let the CVE system die - the cyber security world's universal bug tracker | TechSpot
Chris Krebs resigns from SentinelOne to focus on fighting Trump’s executive order | CyberScoop
Zambian cyber-security law: US embassy issues alert - BBC News
CVE Foundation Launched to Ensure the Long-term Vulnerability Tracking
Will politicization of security clearances make US cyber security firms radioactive? | CSO Online
Meta Resumes EU AI Training Using Public User Data After Regulator Approval
Securing digital products under the Cyber Resilience Act - Help Net Security
Models, Frameworks and Standards
UK: Will UK Cyber Reforms Keep Step with NIS2? | DLA Piper - JDSupra
Top Security Frameworks Used by CISOs in 2025
NIST Updates Privacy Framework, Tying It to Recent Cyber Security Guidelines | NIST
Pall Mall Process Progresses but Leads to More Questions
Cyber Security act: European Commission prepares revision | Practical Law
Holyrood | Cutting Through the Framework Fog: Building Real Cyber Resilience in Scotland
Securing digital products under the Cyber Resilience Act - Help Net Security
Data Protection
Hacked law firm 'didn't think it was a data breach' – the ICO disagreed | IT Pro
Law firm fined after hackers leak client files on dark web following cyber attack | Law Gazette
Law biz appeals £60K ICO fine over 32 GB digital burglary • The Register
Careers, Working in Cyber and Information Security
Self-Motivation: The Key to Working in Cyber Security - Infosecurity Magazine
The cyber security job market is complicated: 3 key insights - Security Boulevard
From classrooms to command posts: The cyber education crisis | SC Media
CISOs rethink hiring to emphasize skills over degrees and experience | CSO Online
The Top Company Names for a Cyber Security Résumé - Business Insider
Law Enforcement Action and Take Downs
Man who helped scammers swindle at least £100m from victims is jailed | UK News | Sky News
Met brings leader of fraud platform to justice | Metropolitan Police
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Cyber resilience key to UK defence says Minister
Are they really hacktivists or state-backed goons in masks? • The Register
Nation State Actors
China
China can flick EU 'kill switch' -- Europe mulls cyberattack risk - Nikkei Asia
China admits behind closed doors it was involved in Volt Typhoon attacks | TechRadar
European Companies Infected With New Chinese-Nexus Backdoor
Chinese APT Mustang Panda Updates, Expands Arsenal - SecurityWeek
Chinese APTs Exploit EDR 'Visibility Gap' for Cyber Espionage
Chinese espionage group leans on open-source tools to mask intrusions | CyberScoop
Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool
‘China Is Everywhere’—Your iPhone, Android Phone Now At Risk
Shadow War: US-China Cyber Tensions and the Taiwan Fault Line
Man Helped Chinese Nationals Get Jobs Involving Sensitive US Government Projects - SecurityWeek
Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users
Ransomware gang 'CrazyHunter' Targets Taiwan Orgs
Russia
Cozy Bear Strikes Again: Sophisticated Phishing Campaign Hits EU Foreign Ministries
Possible Russian Hackers Targeted UK Ministry of Defence
Russian state hackers target European diplomats — with fake wine-tasting events – POLITICO
Hacking group Anonymous unleashes huge cyber attack on Russia - World News - LADbible
Gamaredon: The Turncoat Spies Relentlessly Hacking Ukraine | WIRED
Midnight Blizzard deploys new GrapeLoader malware in embassy phishing
Centre Party website under attack on Election Day; suspicions point toward Russia | Yle News | Yle
Paper Werewolf Targets Flash Drives With New Malware
Poland Says Russian Cyberattacks Intensify Ahead of Vote
Iran
CyberAv3ngers: The Iranian Saboteurs Hacking Water and Gas Systems Worldwide | WIRED
North Korea
Are they really hacktivists or state-backed goons in masks? • The Register
TraderTraitor: The Kings of the Crypto Heist | WIRED
DPRK Hackers Exploit LinkedIn to Infect Developers with Infostealers - Infosecurity Magazine
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT
Cyber Threats Against Energy Sector Surge as Global Tensions Mount
Cyber security threats and geopolitical risks top business travel concerns | Travolution
Are they really hacktivists or state-backed goons in masks? • The Register
Hacking group Anonymous unleashes huge cyberattack on Russia - World News - LADbible
Tools and Controls
Cyber Risk Quantification - Turning Security into Business Language
Hackers Exploiting Windows .RDP Files For Rogue Remote Desktop Connections
Chinese APTs Exploit EDR 'Visibility Gap' for Cyber Espionage
Building Cyber Resilience into Supply Chains | Manufacturing.net
94% of firms say pentesting is essential, but few are doing it right - Help Net Security
Hackers are duping developers with malware-laden coding challenges | IT Pro
DPRK Hackers Exploit LinkedIn to Infect Developers with Infostealers - Infosecurity Magazine
Cyber Security by Design: When Humans Meet Technology
Network Edge Devices the Biggest Entry Point for Attacks on SMBs - Infosecurity Magazine
Active Directory Recovery Can't Be an Afterthought
Understanding and threat hunting for RMM software misuse | Intel 471
How This Simple Phone Security Boost From Google Could Be Good for Your Business
How Threat Intelligence Can Identify Chinks in the Armor
What is Vulnerability Exposure Management? - Security Boulevard
Demystifying Security Posture Management - SecurityWeek
Your Network Is Showing - Time to Go Stealth - Security Boulevard
Why 78% of Security Leaders Are Rethinking Their Entire Cyber Strategy in 2025
Why Every CISO Needs a Crisis Communications Plan in 2025
Why shorter SSL/TLS certificate lifespans matter - Help Net Security
Secure by design: what we can learn from the financial services sector | TechRadar
Organisations Lack Incident Response Plans, but Answers Are on the Way
AI in Cyber Security: Double-Edged Sword or Game-Changer? | Silicon UK Tech News
Cyber resilience key to UK defence says Minister
CISOs Face 2025 Cyber Threats with Shrinking Budgets and High Demands
You’re always a target, so it pays to review your cyber security insurance | CSO Online
Cyber threats are inevitable - Is your board ready? - Businessday NG
Reports Published in the Last Week
BakerHostetler Launches 2025 Data Security Incident Response Report
Other News
30% of charities experienced cyber security breaches or attacks last year, stats show
Initial Access Brokers Shift Tactics, Selling More for Less
Cyber Threats Against Energy Sector Surge as Global Tensions Mount
Public Officials Separate Workplace and Personal Online Lives. Hackers Don’t Care. - WSJ
Network Edge Devices the Biggest Entry Point for Attacks on SMBs - Infosecurity Magazine
Accounting Firms Can't Skimp on Cyber Security
Cyber resilience key to UK defence says Minister
UK Public Sector under fire: the battle against cyber crime | TechRadar
How Online Poker Platforms Stay a Step Ahead of Cyber Threats - IT Security Guru
The engineer's guide to staying ahead of cyber threats | TechRadar
Vulnerability Management
NVD Revamps Operations as Vulnerability Reporting Surges - Infosecurity Magazine
69% of Critical & High Severity Vulnerabilities Not Patched by Organisations
94% of firms say pentesting is essential, but few are doing it right - Help Net Security
Microsoft: Exchange 2016 and 2019 reach end of support in six months
CVE Program Funding Reinstated—What It Means And What To Do Next
What is Vulnerability Exposure Management? - Security Boulevard
Screw gov’t funding, we’re going nonprofit, CVE Board declares after database debacle | Cybernews
CVE Foundation Launched to Ensure the Long-term Vulnerability Tracking
TP-Link becomes a CVE Numbering Authority to improve cyber security
Vulnerabilities
Microsoft vulnerabilities: What's improved, what's at risk - Help Net Security
Microsoft: New Windows updates fix Active Directory policy issues
Hackers lurk in over 14K Fortinet devices | Cybernews
Fortinet Zero-Day Bug May Lead to Arbitrary Code Execution
Is Ivanti the problem or a symptom of a systemic issue with network devices? | CyberScoop
Attackers Maintaining Access to Fully Patched Fortinet Gear
New Windows Task Scheduler Bugs Let Attackers Bypass UAC and Tamper with Logs
Fresh Windows NTLM Vulnerability Exploited in Attacks - SecurityWeek
SonicWall Patches High-Severity Vulnerability in NetExtender - SecurityWeek
Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle - SecurityWeek
Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks
Hackers Exploiting Windows .RDP Files For Rogue Remote Desktop Connections
Major WordPress Plugin Flaw Exploited in Under 4 Hours - Infosecurity Magazine
Chrome 136 fixes 20-year browser history privacy risk
CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices
Chrome 135, Firefox 137 Updates Patch Severe Vulnerabilities - SecurityWeek
Apple Quashes Two Zero-Days With iOS, MacOS Patches - SecurityWeek
Max Severity Bug in Apache Roller Enabled Persistent Access
Critical flaws fixed in Nagios Log Server - Help Net Security
Oracle Patches 180 Vulnerabilities With April 2025 CPU - SecurityWeek
Vulnerabilities Patched in Atlassian, Cisco Products - SecurityWeek
NVIDIA and Docker Flaws Raise Container Security Concerns | MSSP Alert
Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.