Black Arrow Cyber Threat Intelligence Briefing 25 April 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Exec Summary
Black Arrow Cyber’s review of specialist and general media has observed a significant shift in executive mindsets, with cyber security now seen as essential to business growth, not just a defensive measure. This includes reports of CEOs increasingly recognising the strategic value of robust security practices, particularly amid rising concerns over AI-driven threats. However, there remains a concerning gap between CISOs and the wider C-suite regarding the severity of risks, underlining the need for stronger alignment at leadership level.
This week’s reporting also highlights that cyber threats have become a daily operational reality, with small and medium-sized businesses bearing a disproportionate share of ransomware and nation-state attacks. Third-party vulnerabilities and supply chain compromises are escalating rapidly, exposing organisations to breaches through trusted partners. Black Arrow Cyber believes this growing complexity demands that businesses urgently reassess their resilience strategies and third-party risk management.
Finally, we note that ransomware attacks continue to overwhelm organisations, with high ransom payment rates despite advanced backup tools. Rapid exploitation of newly disclosed vulnerabilities, particularly in widely used systems, further compounds the threat landscape. Black Arrow believes that operational readiness, strong identity management, and swift vulnerability patching are now critical pillars for cyber resilience.
Top Cyber Stories of the Last Week
Cyber Security Is Now Critical for Business Growth, CEOs Say
A Gartner study has found that 85% of CEOs now view cyber security as critical to business growth in today’s digital and connected world. Three in five (61%) are concerned about cyber security threats, particularly with the rise of artificial intelligence influencing the threat landscape. The report highlights a shift in risk thresholds and underlines that cyber security has become a core business priority rather than simply a protective measure. CEOs are urged to champion the role of security leaders, while security leaders must demonstrate how effective cyber security strategies can safeguard assets and drive strategic growth.
Cyber Threats Now a Daily Reality for One in Three Businesses
FIS and Oxford Economics report that one in three businesses face daily cyber threats, 74% encounter critical incidents monthly and 88% of leaders cited cyber threats as a major disruption. Despite prioritising fraud risk management, over half of firms were dissatisfied with their fraud response plans, and nearly half do not regularly train employees on fraud and cyber awareness, leaving them exposed to greater risk.
66% of CISOs Are Worried Cyber Security Threats Surpass Their Defences
EY has found a growing disconnect between CISOs and the wider C-suite when it comes to cyber security threats. Two-thirds of CISOs fear threats now surpass their defences, compared to just over half of their C-suite peers. The report highlights that CISOs are more concerned than the rest of the C-suite about senior leaders at their organisation underestimating the dangers of cybersecurity threats (68% vs. 57%) and note a higher incidence of attacks from both cyber criminals and insider threats. Encouragingly, 75% of CISOs reported fewer incidents following investment in AI. C-suite leaders expect cyber security budgets to double next year, from 21% to 38% of total IT spend.
M&S: Shares at FTSE 100 Retailer Fall as Cyber Attack Hits Customers
Marks & Spencer (M&S) has confirmed it is managing a cyber attack that has disrupted contactless payments and forced the retailer to stop taking online orders amid a payments meltdown. As a result, shares have fallen by more than 4%. While stores remain open, M&S has temporarily moved some operations offline to protect customers and partners. Online orders have been suspended, but cash payments are still being accepted. The retailer is working with industry experts to restore full services and minimise further disruption.
Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks
Verizon’s latest Data Breach Investigations Report (DBIR) highlights that small businesses are bearing the brunt of ransomware attacks, with extortion malware found in 88% of breaches compared to 39% at larger firms. Ransomware was involved in 44% of all breaches, a 37% rise from the previous year with attack volumes increasing globally. State-sponsored actors are also increasingly deploying ransomware, with financial motives present in 28% of their incidents. Industries such as administration, wholesale trade, and transportation remain key targets for financially motivated cyber attacks.
Cyber Attacks Surged in 2025, with Third Party Attacks Seeing a Huge Rise
Verizon’s latest Data Breach Investigations Report also found that third-party involvement in cyber attacks has doubled, now featuring in 30% of cases. Based on over 22,000 security incidents and 12,195 confirmed data breaches, the research highlights a sharp rise in supply chain and partner ecosystem compromises. Cyber criminals increasingly target open-source code repositories to push malicious updates or impersonate legitimate software packages. The findings underline the growing risk third parties pose to organisations’ cyber security, with trust in external partners becoming a significant vulnerability.
Nation-State Threats Put SMBs in Their Sights
Nation-state cyber threat groups are increasingly targeting small and medium-sized businesses (SMBs), particularly those linked to larger organisations. Broadcom warns that most nation-state attacks now impact the private sector and midmarket firms, with identity providers among common targets. Many SMBs remain unaware of their role in the broader supply chain, making them attractive entry points. Nation-state actors are also seen moonlighting, switching between espionage and financially motivated cyber attacks. Experts stress that SMBs must strengthen their cyber defences, as they face the same sophisticated threats once reserved for larger enterprises.
Global Firms Succumb to Ransomware: 86% Pay Up Despite Having Advanced Backup Tools
Rubrik’s latest research shows that 86% of global organisations paid ransom demands last year, despite having access to advanced backup tools. The report highlights that 74% of firms experienced partial compromise of their backup systems, with 35% suffering complete compromise, often due to attackers disabling recovery infrastructure before encrypting data. Nearly 80% of breaches were driven by stolen identities, particularly exploiting legacy systems like Active Directory. Average ransom payments globally are around $479,000. The findings stress that true resilience requires not just technology, but operational readiness and leadership commitment to recovery preparedness.
Dutch Intelligence Report: Russia’s Sabotage in Europe Borders on State Terrorism
The Dutch Intelligence services (AIVD) have reported a sharp rise in Russian aggression across Europe in 2024, including espionage, cyber attacks, and disinformation campaigns described as bordering on state terrorism. A Dutch public facility was targeted by Russian hackers, and overall national threats increased, with 73 official reports issued - up from 56 in 2023. The report also flagged escalating extremist threats, including right-wing and jihadist violence, some involving very young individuals. China was identified as another major threat, targeting Dutch military research and supplying military goods to Russia. The AIVD warned that international conflicts are increasingly fuelling domestic instability.
Cyber Crime Syndicates Expand Beyond Southeast Asia, UN Warns of Global Threat
The United Nations has warned that cybercrime syndicates originating in Southeast Asia are now operating on a global scale, generating billions in scam profits each year. Despite law enforcement crackdowns, these groups have expanded into Africa, South America, and South Asia, moving operations to regions with weak governance. The UN reports that these networks use online platforms and cryptocurrency to scale operations, targeting victims in over 50 countries. In 2023 alone, the US reported losses of over $5.6 billion to cryptocurrency scams. Without international collaboration, the scale and impact of cyber fraud will continue to escalate.
159 Vulnerabilities Exploited in Q1 2025 — 28% Within 24 Hours of Disclosure
VulnCheck has reported that 159 vulnerabilities were exploited in the first quarter of 2025, with 28% targeted within just one day of disclosure. Most affected systems were content management platforms, network edge devices, and operating systems. Microsoft Windows, Broadcom VMware, and TOTOLINK routers were among the most impacted products. Verizon’s 2025 Data Breach Investigations Report noted a 34% rise in breaches initiated through vulnerability exploitation, now accounting for 20% of all incidents.
Sources:
https://www.techradar.com/pro/security/cybersecurity-is-now-critical-for-business-growth-ceos-say
https://www.helpnetsecurity.com/2025/04/21/businesses-fraud-consequence/
https://www.cityam.com/ms-shares-at-ftse-100-retailer-fall-as-cyber-attack-hits-customers/
https://www.infosecurity-magazine.com/news/verizon-dbir-smb-ransomware-attacks/
https://www.darkreading.com/threat-intelligence/nation-state-threats-smb
https://thehackernews.com/2025/04/159-cves-exploited-in-q1-2025-283.html
Governance, Risk and Compliance
66% of CISOs are worried cyber security threats surpass their defenses | Security Magazine
The Role of Threat Intelligence in Proactive Defense
Compliance weighs heavily on security and GRC teams - Help Net Security
Cyber threats now a daily reality for one in three businesses - Help Net Security
Cyber security is now critical for business growth, CEOs say | TechRadar
Cybersecurity Metrics That Matter for Board-Level Reporting
Cybersecurity Controls: What Do Regulators Expect Nowadays? | Alston & Bird - JDSupra
Why CISOs and CTOs Must Collaborate More Than Ever in Today’s Security Landscape
Nine of 10 global firms hit by cyber attacks – report | Insurance Business America
Exclusive: Small businesses under-prepared amid restructuring push
Businesses Failing to Prevent Cyber Attacks, Says Report
The C-suite gap that's putting your company at risk - Help Net Security
Veeam Report Finds Close to 70% of Organizations Still Under Cyber-Attack Despite Improved Defenses
Enterprises change how they manage cyber risk
From Reactive to Predictive - The Next Frontier for Security Leaders
Staying Ahead of Cyber Threats with Cyber Resilience | Dell USA
Beyond Compliance - How VPs of Security Drive Strategic Cybersecurity Initiatives
Not if, but when -- Why every organization needs a cyber resilience strategy
Threats
Ransomware, Extortion and Destructive Attacks
Verizon discovers spike in ransomware and exploited vulnerabilities | CyberScoop
Ransomware, espionage and data breaches? Yep – Verizon just dropped a 117-page thriller - PhoneArena
Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks - Infosecurity Magazine
Could Ransomware Survive Without Cryptocurrency?
Ransomware Gangs Innovate With New Affiliate Models
Global firms succumb to ransomware: 86% pay up despite having advanced backup tools | CSO Online
The Ransomware Business Model: The State of Cyber Crime | Silicon UK Tech News
Ransomware activity trends | Professional Security Magazine
Interlock ransomware gang pushes fake IT tools in ClickFix attacks
Teach young people about ransomware risks before they enter work, expert urges | The Standard
Credential theft outpaces ransomware as cyber threat landscape evolves, report claims
Ransomware Gang Takes Page From Elon's 'What Did You Do This Week' DOGE Emails
Ransomware the most pervasive threat to US critical infrastructure in 2024, says FBI | CSO Online
Emulating the Hellish Helldown Ransomware - Security Boulevard
What is Ransomware? Definition and Complete Guide | Informa TechTarget
Ransomware Victims
Ransomware Gang Claims Attack On Manchester Credit Union
3 More Healthcare Orgs Hit by Ransomware Attacks
Interlock ransomware claims DaVita attack, leaks stolen data
M&S takes systems offline as 'cyber incident' lingers • The Register (unconfirmed)
Money blog: M&S forced to stop taking online orders amid payment meltdown | Money News | Sky News (unconfirmed)
Phishing & Email Based Attacks
Emails delivering infostealers rose by 84% year-over-year | Security Magazine
The dark side of YouTube: Malicious links, phishing, and deepfakes - Help Net Security
Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals
Windows NTLM Hash Flaw Targeted in Global Phishing Attacks | MSSP Alert
Beware, hackers can apparently now send phishing emails from “no-reply@google.com” | TechRadar
Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows | Volexity
Pope Francis’ Passing Triggers Surge Of Phishing, SEO Poisoning, And Fake Images
A new kind of phishing attack is fooling Gmail’s security. Here’s how it works | Laptop Mag
DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
Cover-Up Culture? 95% of Phishing Attacks Go Unreported in Healthcare, New Paubox Report Reveals
Who needs phishing when your login's already in the wild? • The Register
Business Email Compromise (BEC)/Email Account Compromise (EAC)
FBI: Cybercrime cost victims 'staggering' $16.6B last year • The Register
Other Social Engineering
Cyber criminals blend AI and social engineering to bypass detection - Help Net Security
The dark side of YouTube: Malicious links, phishing, and deepfakes - Help Net Security
State-sponsored hackers embrace ClickFix social engineering tactic
'Elusive Comet' Attackers Use Zoom to Swindle Victims
Deepfake Impersonations: Your CEO’s Voice as a Threat Vector | MSSP Alert
State-sponsored actors spotted using ClickFix hacking tool developed by criminals | TechRadar
Pope Francis’ Passing Triggers Surge Of Phishing, SEO Poisoning, And Fake Images
North Korean Operatives Use Deepfakes in IT Job Interviews
Fraud, Scams and Financial Crime
FBI: Cyber Crime cost victims 'staggering' $16.6B last year • The Register
Deepfake Impersonations: Your CEO’s Voice as a Threat Vector | MSSP Alert
$40bn Southeast Asian Scam Sector Growing “Like a Cancer” - Infosecurity Magazine
Attackers, Defenders Lean on AI in Identity Fraud Battle
'Elusive Comet' Attackers Use Zoom to Swindle Victims
Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms' sites
WordPress ad-fraud plugins generated 1.4 billion ad requests per day
“Scallywag” Scheme Monetizing Piracy Through Browser Extensions
Pope Francis’ Passing Triggers Surge Of Phishing, SEO Poisoning, And Fake Images
Microsoft warns users about AI-Driven scams that target Quick Assist - gHacks Tech News
This Android malware drains cards with a single tap | Cybernews
UK Romance Scams Spike 20% as Online Dating Grows - Infosecurity Magazine
The Evolution of Cyber Crime: How to Stay Safe from AI-Driven Fraud | StoneTurn - JDSupra
Microsoft warns of AI-powered scam surge
The Cyber Criminals Who Organized a $243 Million Crypto Heist - The New York Times
Scammers Are Impersonating the FBI. Here's How To Spot Them - CNET
Artificial Intelligence
Cyber criminals blend AI and social engineering to bypass detection - Help Net Security
Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals
Bot Traffic Surpasses Humans Online—Driven by AI and Criminal Innovation - SecurityWeek
DeepSeek Breach Opens Floodgates to Dark Web
The AI market does not understand AI safety | TechTarget
Rethinking Resilience for the Age of AI-Driven Cyber Crime - Infosecurity Magazine
Attackers, Defenders Lean on AI in Identity Fraud Battle
Why CISOs are watching the GenAI supply chain shift closely - Help Net Security
Microsoft warns users about AI-Driven scams that target Quick Assist - gHacks Tech News
Identity is under siege as AI and cyber exploits evolve and outpace defenses | Biometric Update
The Evolution of Cyber Crime: How to Stay Safe from AI-Driven Fraud | StoneTurn - JDSupra
Microsoft warns of AI-powered scam surge
Slopsquatting: The worrying AI hallucination bug that could be spreading malware | Tom's Guide
The Shadow AI Surge: Study Finds 50% of Workers Use Unapproved AI Tools - SecurityWeek
Anthropic finds alarming 'emerging trends' in Claude misuse report | ZDNET
2FA/MFA
'SessionShark' ToolKit Evades Microsoft Office 365 MFA
Malware
Emails delivering infostealers rose by 84% year-over-year | Security Magazine
Russian Bulletproof Hosting Provider Proton66 Linked To Global Cyber Attack Surge
Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery
Chinese APT Mustang Panda Debuts 4 New Attack Tools
Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader
The dark side of YouTube: Malicious links, phishing, and deepfakes - Help Net Security
The Zoom attack you didn't see coming - Help Net Security
'Elusive Comet' Attackers Use Zoom to Swindle Victims
Slopsquatting: The worrying AI hallucination bug that could be spreading malware | Tom's Guide
Rootkit bypasses most Linux security detection | Cybernews
Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools
Chinese hackers target Russian govt with upgraded RAT malware
Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign
Korean Telco Giant SK Telecom Hacked - SecurityWeek
Your cat’s microchip could carry malware | Cybernews
Bots/Botnets
Bot Traffic Surpasses Humans Online—Driven by AI and Criminal Innovation - SecurityWeek
Unmasking the Dead Internet: How bots and propaganda hijacked online discourse
Mobile
New Android malware steals your credit cards for NFC relay attacks
Leaking Apps: The Hidden Data Risks On Your Phone
New Android Warning — This TOAD Malware Attack Steals Cash From ATMs
Flexible working models fuel surge in device theft - Help Net Security
Russian army targeted by new Android malware hidden in mapping app
Denial of Service/DoS/DDoS
Dutch payment processor Adyen hit by three DDoS attacks | NL Times
Internet of Things – IoT
Opt out: how to protect your data and privacy if you own a Tesla | Tesla | The Guardian
Data Breaches/Leaks
Thousands of UK users of Vinted, Candy Crush and Tinder were hit in global hack
DeepSeek Breach Opens Floodgates to Dark Web
US Data Breach Victim Count Surges 26% Annually - Infosecurity Magazine
Data breach class action costs mount up | Computer Weekly
CISA Weighs In on Alleged Oracle Cloud Breach
3 More Healthcare Orgs Hit by Ransomware Attacks
5.5 Million Patients Affected by Data Breach at Yale New Haven Health - SecurityWeek
Blue Shield shared 4.7M people's health info with Google Ads • The Register
Hackers claim TikTok breach, 927,000 passwords might hit the internet | Cybernews
Korean Telco Giant SK Telecom Hacked - SecurityWeek
Organised Crime & Criminal Actors
Russian Bulletproof Hosting Provider Proton66 Linked To Global Cyberattack Surge
Cyber Crime Syndicates Expand Globally From Southeast Asia: UN
Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery
$40bn Southeast Asian Scam Sector Growing “Like a Cancer” - Infosecurity Magazine
Russian Infrastructure Plays Crucial Role in North Korean Cyber Crime Operations | Trend Micro (US)
Hacking groups are now increasingly in it for the money, not the chaos | TechRadar
When confusion becomes a weapon: How cyber criminals exploit economic turmoil - Help Net Security
The Evolution of Cyber Crime: How to Stay Safe from AI-Driven Fraud | StoneTurn - JDSupra
Microsoft warns of AI-powered scam surge
Scattered Spider Hacking Suspect Extradited to US From Spain
'Cyber crime ranks as No 1 risk in SA, overtaking long-standing issues': expert
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
More Than a Quarter of Bybit's Hacked Crypto Is Now Untraceable
Could Ransomware Survive Without Cryptocurrency?
The Cybercriminals Who Organized a $243 Million Crypto Heist - The New York Times
DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
Web3, cryptocurrency sectors targeted by North Korean hackers | SC Media
North Korean cyber spies created U.S. firms to dupe crypto developers | Reuters
Insider Risk and Insider Threats
Teach young people about ransomware risks before they enter work, expert urges | The Standard
The Foundations of a Resilient Cyber Workforce
Supply Chain and Third Parties
Cyber attacks surged in 2025, with third party attacks seeing a huge rise | TechRadar
Security snafus caused by third parties up from 15% to 30% • The Register
Why CISOs are watching the GenAI supply chain shift closely - Help Net Security
Cloud/SaaS
Microsoft Purges Millions of Cloud Tenants After Storm-0558
Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows | Volexity
Enterprises are facing a ‘cloud security crisis’ | IT Pro
Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts
'SessionShark' ToolKit Evades Microsoft Office 365 MFA
Widespread Microsoft Entra lockouts tied to new security feature rollout
CISA Weighs In on Alleged Oracle Cloud Breach
Outages
Widespread Microsoft Entra lockouts tied to new security feature rollout
Wait, how did a decentralized service like Bluesky go down? | TechCrunch
Identity and Access Management
Identity is under siege as AI and cyber exploits evolve and outpace defenses | Biometric Update
Widespread Microsoft Entra lockouts tied to new security feature rollout
Encryption
Hackers Weaponizing Certificates & Stolen Private Keys to Infiltrate Organizations
New Android Warning — This TOAD Malware Attack Steals Cash From ATMs
Telegram vows to exit markets over encryption backdoor demands
Linux and Open Source
Open Source and Container Security Are Fundamentally Broken - The New Stack
Rootkit bypasses most Linux security detection | Cybernews
Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools
Passwords, Credential Stuffing & Brute Force Attacks
Credential theft outpaces ransomware as cyber threat landscape evolves, report claims
Vulnerability Exploitation and Credential Theft Now Top Initial Access - Infosecurity Magazine
Who needs phishing when your login's already in the wild? • The Register
7 Steps to Take After a Credential-Based cyberattack
Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials
Social Media
The dark side of YouTube: Malicious links, phishing, and deepfakes - Help Net Security
Wait, how did a decentralized service like Bluesky go down? | TechCrunch
LinkedIn adds new verification tool to ensure security across the internet | TechRadar
Hackers claim TikTok breach, 927,000 passwords might hit the internet | Cybernews
Training, Education and Awareness
Teach young people about ransomware risks before they enter work, expert urges | The Standard
The Foundations of a Resilient Cyber Workforce
Regulations, Fines and Legislation
Compliance weighs heavily on security and GRC teams - Help Net Security
Cyber Security Controls: What Do Regulators Expect Nowadays? | Alston & Bird - JDSupra
Challenges persist as UK’s Cyber Security and Resilience Bill moves forward | Computer Weekly
Assessing The Impact Of The UK's Proposed Cyber Resilience Bill
EU Bolsters Cybersecurity With NIS2 Directive
Governance code of practice | Professional Security Magazine
The Wiretap: Trump’s Cyber Security Agency Avoided A Near Disaster
US cyber defences are being dismantled from the inside • The Register
Holyrood | Ofcom closes legal loophole that allowed criminals to track your location
Leasing of Global Titles banned | Professional Security Magazine
The splintering of a standard bug tracking system has begun • The Register
Why the MITRE CVE Database Scare Proves Multi-Source Vulnerability Intelligence Is Essential
Bill introduced to extend the Cybersecurity Information Sharing Act | Security Magazine
Two top cyber officials resign from CISA | The Record from Recorded Future News
2025 State Cybersecurity Legislation Focuses on Financial Services | Alston & Bird - JDSupra
Zambia's Updated Cyber Laws Prompt Surveillance Warnings
Top intelligence lawmaker fears China may exploit DOGE’s changes to government - Nextgov/FCW
Telegram vows to exit markets over encryption backdoor demands
Models, Frameworks and Standards
Assessing The Impact Of The UK's Proposed Cyber Resilience Bill
EU Bolsters Cybersecurity With NIS2 Directive
Governance code of practice | Professional Security Magazine
MITRE Launches New D3FEND CAD Tool to Create Precise Cybersecurity Scenarios
Mapping The Cyber Kill Chain Using Correlated Security Logs And Timeline Tools
Careers, Working in Cyber and Information Security
Switching to Cyber Security: Advice for Midcareer Professionals
Two ways AI hype is worsening the cyber security skills crisis | CSO Online
Cyber ‘agony aunts’ launch guidebook for women in security | Computer Weekly
Law Enforcement Action and Take Downs
Scattered Spider Hacking Suspect Extradited to US From Spain
Misinformation, Disinformation and Propaganda
Unmasking the Dead Internet: How bots and propaganda hijacked online discourse
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Ransomware, espionage and data breaches? Yep – Verizon just dropped a 117-page thriller - PhoneArena
Dutch intelligence report: Russia’s sabotage in Europe borders on state terrorism | NL Times
Cyber threats target F-35 in new era of military defense risks
The state of cyberwar in Ukraine — and how CISOs can help | CSO Online
Countries shore up digital defenses as tensions raise the threat of cyberwarfare - ABC News
Nation State Actors
Nation-State Threats Put SMBs in Their Sights
State-sponsored actors spotted using ClickFix hacking tool developed by criminals | TechRadar
China
Chinese APT Mustang Panda Debuts 4 New Attack Tools
How Chinese hacking got so good
Chinese Ghost Hackers Hit Hospitals And Factories In America And U.K.
Microsoft Purges Millions of Cloud Tenants After Storm-0558
Chinese hackers target Russian govt with upgraded RAT malware
Earth Kurma APT Campaign Targets Southeast Asian Government Telecom Sectors | Trend Micro (US)
DeepSeek Breach Opens Floodgates to Dark Web
Top intelligence lawmaker fears China may exploit DOGE’s changes to government - Nextgov/FCW
Russia
Dutch intelligence report: Russia’s sabotage in Europe borders on state terrorism | NL Times
State-sponsored hackers embrace ClickFix social engineering tactic
Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations | Trend Micro (US)
Russia is ramping up hybrid attacks against Europe, Dutch intelligence says | Reuters
Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows | Volexity
Dutch Warn of “Whole of Society” Russian Cyber-Threat - Infosecurity Magazine
The state of cyberwar in Ukraine — and how CISOs can help | CSO Online
Russia’s Arming For Space War I, Targeting SpaceX Satellite Systems
Chinese hackers target Russian govt with upgraded RAT malware
Russian Bulletproof Hosting Provider Proton66 Linked To Global Cyberattack Surge
Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery
Trojanized Alpine Quest app geolocates Russian soldiers • The Register
Russian army targeted by new Android malware hidden in mapping app
Iran
Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign
Israel subjected to persistent targeting by Iranian hackers | SC Media
North Korea
Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations | Trend Micro (US)
North Korean Operatives Use Deepfakes in IT Job Interviews
Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan
More Than a Quarter of Bybit's Hacked Crypto Is Now Untraceable
DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
Web3, cryptocurrency sectors targeted by North Korean hackers | SC Media
Lazarus hackers breach six companies in watering hole attacks
North Korean cyber spies created U.S. firms to dupe crypto developers | Reuters
Tools and Controls
66% of CISOs are worried cyber security threats surpass their defenses | Security Magazine
The Role of Threat Intelligence in Proactive Defense
Cyber security Controls: What Do Regulators Expect Nowadays? | Alston & Bird - JDSupra
Cyber security Metrics That Matter for Board-Level Reporting
Enterprises change how they manage cyber risk
What is Risk Exposure in Business? | Definitions from TechTarget
Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials
Chinese APT Mustang Panda Debuts 4 New Attack Tools
Two ways AI hype is worsening the cyber security skills crisis | CSO Online
Rethinking Resilience for the Age of AI-Driven Cybercrime - Infosecurity Magazine
Open Source and Container Security Are Fundamentally Broken - The New Stack
Hackers Weaponizing Certificates & Stolen Private Keys to Infiltrate Organizations
Digital Forensics In 2025: How CSOs Can Lead Effective Investigations
Stronger Cloud Security in Five: How To Protect Your Cloud Workloads - Security Boulevard
Criminals target APIs as web attacks skyrocket globally | IT Pro
Widespread Microsoft Entra lockouts tied to new security feature rollout
7 Steps to Take After a Credential-Based cyberattack
The Foundations of a Resilient Cyber Workforce
From Reactive to Predictive - The Next Frontier for Security Leaders
5 Reasons Device Management Isn't Device Trust
Staying Ahead of Cyber Threats with Cyber Resilience | Dell USA
Not if, but when -- Why every organization needs a cyber resilience strategy
Traditional Networks Are Leaving Organizations Exposed
Coaching AI agents: Why your next security hire might be an algorithm - Help Net Security
Executives think AI can supercharge cyber security teams – analysts aren’t convinced | IT Pro
Exposure validation emerges as critical cyber defense component - Help Net Security
5 Major Concerns With Employees Using The Browser
Microsoft Claims Steady Progress Revamping Security Culture
Cyber Security Indicators: How IOCs, IOBs, and IOAs Empower Threat Detection and Prevention
Mapping The Cyber Kill Chain Using Correlated Security Logs And Timeline Tools
MITRE Launches New D3FEND CAD Tool to Create Precise Cybersecurity Scenarios
Reports Published in the Last Week
Other News
66% of CISOs are worried cybersecurity threats surpass their defenses | Security Magazine
Cyber threats now a daily reality for one in three businesses - Help Net Security
UK utility cyberattacks rose 586% from 2022 to 2023 | Security Magazine
Nine of 10 global firms hit by cyber attacks – report | Insurance Business America
Cyber in financial services study | Professional Security Magazine
The Biggest Security Risks With Public Wi-Fi | HuffPost Life
Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks - Infosecurity Magazine
A new era of cyber threats is approaching for the energy sector - Help Net Security
New KnowBe4 Report Exposes Critical Cyber Threats in European Energy Sector
Why cyber security matters for small and medium-sized businesses – Computerworld
Exclusive: Small businesses under-prepared amid restructuring push
Adversary-in-the-Middle Attacks Persist – Strategies to Lessen the Impact - Security Boulevard
Two-thirds of cops find NATO summit in The Hague irresponsible | NL Times
Cyber threats escalate against energy sector | SC Media
Understanding 2024 cyber attack trends - Help Net Security
Microsoft Claims Steady Progress Revamping Security Culture
5 Most Common Security Attack Methods in 2024: Mandiant’s M-Trends Report
Cyber attacks Soar 47% Globally – Attacks On Education Increase By 73%
What school IT admins are up against, and how to help them win - Help Net Security
Cyber security in 2025- Real-World Threats and Lessons Learned
Is the automotive industry on the cusp of a cyber war? | Automotive World
Phishing Attacks Lead to Theft in the Shipping Industry | Manufacturing.net
Are maritime hackers pushing at an open door? - Ship Technology
Vulnerability Management
159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure
Enterprises change how they manage cyber risk
Microsoft Security Vulnerabilities Set Record High in 2024: BeyondTrust
Vulnerability Exploitation and Credential Theft Now Top Initial Access - Infosecurity Magazine
Attackers hit security device defects hard in 2024 | CyberScoop
Businesses Failing to Prevent Cyber Attacks, Says Report
Verizon's DBIR Reveals 34% Jump in Vulnerability Exploitation - Infosecurity Magazine
The Wiretap: Trump’s Cyber Security Agency Avoided A Near Disaster
Open Source and Container Security Are Fundamentally Broken - The New Stack
The splintering of a standard bug tracking system has begun • The Register
Exposed and unaware: The state of enterprise security in 2025 - Help Net Security
Why the MITRE CVE Database Scare Proves Multi-Source Vulnerability Intelligence Is Essential
Vulnerabilities
Cisco Webex bug lets hackers gain code execution via meeting links
SonicWall SMA VPN devices targeted in attacks since January
Windows NTLM Hash Flaw Targeted in Global Phishing Attacks | MSSP Alert
Eight days from patch to exploitation for Microsoft flaw • The Register
Apple Zero Days Under 'Sophisticated Attack,' but Details Lacking
Rootkit bypasses most Linux security detection | Cybernews
Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools
Zyxel RCE Vulnerability Allows Arbitrary Query Execution Without any Authentication
Highest-Risk Security Flaw Found in Commvault Backup Solutions - Infosecurity Magazine
Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) - Help Net Security
VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025 | CyberScoop
TP-Link Router Vulnerabilities Let Attackers Inject Malicious SQL Commands
Patch Now: NVIDIA Flaws Expose AI Models, Critical Infrastructure
ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.