Black Arrow Cyber Threat Intelligence Briefing 27 June 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week, our review of cyber security intelligence in the specialist and general media includes the latest ransomware report by Sophos, which shows that nearly half of organisations paid the ransom and over 40% of victims cited unrecognised security gaps as entry points for attackers. We discuss that popular entry points include employees, with phishing being particularly successful against newly hired employees and smaller organisations not training their staff. We also discuss the pressures of cyber security on key roles in the organisation: for CISOs, more than half are under pressure to keep breaches secret and many want a pause on AI deployment in their organisation; for CFOs, the challenge is to quantify and manage the financial risk of a breach.
Other articles describe how attackers are moving into the insurance, aviation and transportation sectors, while other attackers are using tactics including hijacking search results for major brands, or sending malicious text messages to phones that have been lured onto fake networks. Businesses are urged to address their supply chain risks and their wider security in the light of geopolitical risks from the Middle East, Russia, China and North Korea.
The recurring theme is the need for organisations to understand and proactively manage their risks through proportionate controls, and to establish and rehearse how to respond to an incident in order to remain resilient in the face of escalating threats.
Top Cyber Stories of the Last Week
Nearly Half of Companies Opt to Pay the Ransom, Sophos Report Finds
Sophos’ latest global report shows nearly half of organisations hit by ransomware paid to regain access to their data, with a median payment of one million dollars. 53% negotiated lower sums than initially demanded, and the average recovery cost fell from $2.73 million to $1.53 million year on year. Over 40% of victims cited unrecognised security gaps as entry points for attackers, with lack of staff or expertise remaining a key weakness. However, more firms are halting attacks before data is encrypted, and faster recovery times suggest some organisations have improved readiness against ransomware threats.
New Hires More Likely to Fall for Phishing and Social Engineering Attacks
A recent study highlights that 71% of new hires click on phishing emails within their first three months, making them 44% more likely to fall victim than experienced staff. This increased risk stems from limited security training during onboarding and eagerness to please superiors, especially when emails appear to come from senior figures like the CEO or HR. Encouragingly, organisations that implemented tailored phishing simulations and behaviour-focused training saw phishing risk drop by 30%. Early, practical cyber security training is essential to equip new employees to recognise and report suspicious activity, strengthening overall organisational defences.
https://natlawreview.com/article/new-hires-more-likely-fall-phishing-social-engineering-attacks
BT Warns UK SMEs Are Primary Targets for Hackers as Only Three in Five Have Had Cyber Security Training
BT has warned that UK small and medium-sized enterprises face increasing cyber threats, with 42% of small and 67% of medium firms suffering an attack in the past year. Two in five, the equivalent of two million, SMEs have not provided any cyber security training, leaving them vulnerable to phishing and ransomware, which has more than doubled in a year. QR code scams have surged 1,400% over five years. The average cost of a serious breach for small firms is nearly £8,000, and many SMEs lack the resources or awareness to defend against emerging threats such as AI-driven attacks and account takeovers.
More than Half of Cyber Security Professionals Told to Conceal Breaches, Survey Claims
A recent Bitdefender survey has revealed that 57% of cyber security professionals worldwide have been pressured to keep breaches secret, with Singapore and the US experiencing the highest rates. The study also highlights growing concerns over AI-driven cyber attacks, which 67% reported had increased and 51% cited as their top risk. Notably, a gap exists between executives’ high confidence in cyber resilience and mid-level managers’ lower assurance. Skills shortages, complex security tools, and challenges securing hybrid systems emerged as key obstacles, with nearly half saying the cyber security skills gap had worsened over the past year.
Half of Security Pros Want GenAI Deployment Pause
Research by security firm Cobalt reveals that nearly half of security professionals believe a pause on generative AI deployment is needed, as 36% feel adoption is outpacing their teams’ ability to manage risks. Three-quarters of practitioners consider generative AI their top IT risk, with concerns including exposure of sensitive data, manipulation of training information and model inaccuracies. Only 21% of serious vulnerabilities identified in generative AI tools are resolved. The report stresses that traditional web security measures like input validation remain essential, while highlighting that addressing prompt-based attacks on AI systems demands expert, adaptive testing.
https://www.infosecurity-magazine.com/news/half-security-pros-genai-pause/
Cyber Attacks on Insurers Put CFOs on High Alert
Recent cyber attacks on major insurers, including Aflac, have heightened concerns among chief financial officers about quantifying and managing the financial risks of data breaches in the insurance sector. Aflac detected unauthorised access to its network involving sensitive data such as health records and Social Security numbers. While operations remain unaffected and ransomware was not involved, the attack is linked to a sophisticated criminal group known for exploiting staff through social engineering, which uses deception to manipulate employees. Other insurers have faced similar breaches, signalling a rising trend of targeted attacks against the insurance industry that demand immediate attention from senior leaders.
https://fortune.com/2025/06/24/cyberattacks-insurers-aflac-cfo-high-alert/
Scattered Spider Behind Cyber Attacks on M&S and Co-op, Causing Up to £440M in Damages, Widening Attacks to Insurance, Aviation and Transportation Sectors
Recent cyber attacks on UK retailers Marks & Spencer and Co-op, linked to the same criminal group Scattered Spider, have resulted in combined damages estimated between £270 million and £440 million. These incidents exploited social engineering, where attackers tricked IT help desks to gain access. The attacks are considered a significant event with deep impacts on both firms and their suppliers. Experts warn that Scattered Spider is now targeting the insurance, aviation and transportation sectors, urging heightened vigilance.
https://thehackernews.com/2025/06/scattered-spider-behind-cyberattacks-on.html
Netflix, Apple, BofA Websites Hijacked with Fake Help-Desk Numbers
Cyber criminals are hijacking search results for major brands like Netflix, Apple, and Bank of America, placing fake ads that lead victims to authentic-looking support pages showing fraudulent phone numbers. When users call these numbers, scammers posing as help-desk staff trick them into giving away personal or financial details, or granting remote access to their devices. This attack exploits weaknesses in website search functions and is difficult for browsers to detect. Organisations should raise awareness that legitimate support will never request sensitive information over the phone, and staff should be wary of unsolicited phone numbers in search results.
https://www.theregister.com/2025/06/20/netflix_apple_bofa_websites_hijacked/
Police Alerts About New SMS “Blaster” Scams Used for Smishing
UK Police have highlighted a rise in smishing attacks involving SMS blasters; these are radio devices that attract and connect to mobile phones in the area, and then send out text messages to those phones appearing to be from trusted organisations. A recent case saw a man jailed for sending thousands of scam messages from a car in London to steal personal information. Although some networks have blocked millions of scam texts, individuals are urged to avoid engaging with suspicious messages and report them to their mobile network provider. Disabling 2G on Android or filtering unknown senders on iPhones can further reduce exposure to these threats.
https://cybernews.com/news/police-alerts-about-new-sms-blaster-scams-used-for-smishing/
Report Reveals 5 in 6 Organisations at Risk Due to Immature Supply Chain Security
A new report from SecurityScorecard shows that 5 in 6 organisations face heightened cyber security risks due to outdated supply chain defences. Third-party involvement in breaches has doubled to nearly 30%, yet fewer than half of firms monitor cyber security across even half of their extended supply chains. Over 70% have suffered at least one serious third-party incident in the past year. Experts warn that without integrated detection and incident response, organisations remain vulnerable to cascading impacts from supply chain cyber attacks.
Businesses Urged to Strengthen Cyber Defences Amid Increase in Iran-Adjacent Attacks
Cyber security experts have warned of a sharp rise in cyber attacks linked to Iran following the recent Israel-Iran conflict, with UK, US and EU businesses targeted. Attacks have included attempts to crash systems by overwhelming them with traffic, malicious software designed to delete data, and coordinated disinformation campaigns. UK Prime Minister Sir Keir Starmer described these cyber attacks as assaults on the UK itself, urging firms to urgently review and strengthen their cyber security. Experts caution that companies may be targeted simply for being connected to Western interests. Organisations are urged to strengthen security by promptly applying updates, using strong access controls, and preparing incident response plans. Experts stress the importance of employee awareness and real-time monitoring to counter sophisticated attack techniques aimed at disruption and data theft.
National Security Strategy 2025: Security for the British People in a Dangerous World
The UK’s National Security Strategy 2025 sets out the country’s response to an increasingly dangerous world, committing to spend 5% of GDP on national security by 2035. It highlights rising threats from Russia, China and Iran, and warns of growing cyber attacks undermining public services. The strategy stresses stronger borders, revitalising the defence industry, and aligning technology and economic resilience with security goals. It calls for a national effort to build resilience, improve cyber defences and ensure stability at home and abroad, emphasising that economic security and technological advantage are now central to protecting the British people.
How Geopolitical Tensions Are Shaping Cyber Warfare
Geopolitical tensions are fuelling a surge in cyber attacks as nation-state-backed groups target governments, finance, and infrastructure with increasing speed and sophistication. Iran focuses on disruption for political gain, North Korea pursues profit through theft, and Russia and China aim for long-term strategic advantage. Attackers often reuse old tools with new delivery methods, exploiting poor patching and weak user awareness. Artificial intelligence is compounding risks by enabling precise, large-scale attacks. To remain resilient, organisations must combine strong basics like patching and training with intelligence-led testing of defences tailored to the specific threats they face.
https://www.darkreading.com/vulnerabilities-threats/geopolitical-tensions-shape-cyber-warfare
Governance, Risk and Compliance
Comms Business - Almost 40 per cent of SMEs have no cyber security training, BT survey finds
BT says nearly half small businesses have suffered a cyber attack in the last year
Cyber security neglect issue for UK businesses? - The Recycler
More than half of cyber security professionals told to conceal breaches, survey claims
SecurityScorecard Report Reveals 5 in 6 Organisations at Risk Due to Immature Supply Chain Security
Cyber security Governance: A Guide for Businesses to Follow | TechTarget
Is Your CISO Ready to Flee? - Security Boulevard
After a hack many firms still say nothing, and that’s a problem - Help Net Security
Cyber attacks on insurers put CFOs on high alert | Fortune
How CISOs can justify security investments in financial terms - Help Net Security
How Executives Could Respond When Faced With Multiple Crisis Situations
How Customer Trust Can Shield Your Business In A Crisis
What is Risk Avoidance? | Definition from TechTarget
How to Keep Up with Overlapping Cyber Security Regulations in Finance - Infosecurity Magazine
Threats
Ransomware, Extortion and Destructive Attacks
Nearly Half of Companies Opt to Pay the Ransom, Sophos Report Finds
UK ransomware costs significantly outpace other countries | Computer Weekly
Four REvil ransomware crooks walk free after admitting guilt • The Register
Ransomware threat actors today and how to thwart them | TechTarget
Cyber criminals cash in on stolen cookies and credentials | Insurance Business America
Qilin Ransomware Adds "Call Lawyer" Feature to Pressure Victims for Larger Ransoms
Bring Your Own Installer EDR Bypass Observed in Ransomware Operation | MSSP Alert
Dire Wolf Ransomware Comes Out Snarling, Bites Verticals
Ransomware in Cars: Why Automotive Cyber Attacks Are Spiking in 2025 | Raleigh News & Observer
Ransomware Victims
Major insurer hit by giant cyber attack | Insurance Business America
M&S and Co-op Hacks Classified as Single Cyber Event - Infosecurity Magazine
Scattered Spider Behind Cyber Attacks on M&S and Co-op, Causing Up to $592M in Damages
M&S cyber-attack boosted sales at Next, Zara and H&M
Patient death at London hospital linked to cyber attack on NHS – DataBreaches.Net
M&S cyber attack deepens as tech partner TCS denies blame - Retail Gazette
3 key takeaways from the Scattered Spider attacks on insurance firms
Whole Foods supplier UNFI restores core systems after cyber attack
Services disrupted as cyber attack hits Glasgow Council - UKTN
Phishing & Email Based Attacks
Report on New Hires and Phishing Susceptibility
Microsoft 365 'Direct Send' abused to send phishing as internal users
Other Social Engineering
Police warn of SMS scams as ‘blaster’ is used to send thousands of texts | Scams | The Guardian
How Foreign Scammers Use US Banks to Fleece Americans — ProPublica
ClickFix attacks skyrocketing more than 500% - Help Net Security
New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks
New wave of ‘fake interviews’ use 35 npm packages to spread malware
Fraud, Scams and Financial Crime
Netflix, Apple, BofA sites hijacked with fake help numbers • The Register
Police warn of SMS scams as ‘blaster’ is used to send thousands of texts | Scams | The Guardian
How Foreign Scammers Use U.S. Banks to Fleece Americans — ProPublica
Reported Impersonation Scams Surge 148% as AI Takes Hold - Infosecurity Magazine
Malware Campaign Uses Rogue WordPress Plugin to Skim Credit Cards - Infosecurity Magazine
Half of Customer Signups Are Now Fraudulent - Infosecurity Magazine
UK cyber attacks set to continue amid ‘fraud pandemic’, security experts warn | The Independent
Amazon Prime Day Is Coming — How To Protect Yourself From Scammers
Artificial Intelligence
New AI Jailbreak Bypasses Guardrails With Ease - SecurityWeek
Most AI and SaaS apps are outside IT's control - Help Net Security
Reported Impersonation Scams Surge 148% as AI Takes Hold - Infosecurity Magazine
AI Is Behind 50% Of Spam — And Now It’s Hacking Your Accounts
AI Agents Are Getting Better at Writing Code—and Hacking It as Well | WIRED
Navigating Generative AI's Expanding Capabilities and Evolving Risks
Half of Security Pros Want GenAI Deployment Pause - Infosecurity Magazine
Vulnerability in Public Repository Could Enable Hijacked LLM Responses | Security Magazine
And Now Malware That Tells AI to Ignore It?
Hundreds of MCP Servers at Risk of RCE and Data Leaks - Infosecurity Magazine
We know GenAI is risky, so why aren't we fixing its flaws? - Help Net Security
US Army Blocks Air Force's AI Program Over Data Security Concerns | Air & Space Forces Magazine
Malware
Researchers discover first malware to exploit AI prompt injection
And Now Malware That Tells AI to Ignore It?
Malware Campaign Uses Rogue WordPress Plugin to Skim Credit Cards - Infosecurity Magazine
20,000 Malicious IPs And Domains Taken Down In INTERPOL Infostealer Crackdown – Eurasia Review
Stealthy backdoor found hiding in SOHO devices running Linux - Help Net Security
Threat Actor Trojanizes Copy of SonicWall NetExtender App
Attackers Wield Signed ConnectWise Installers as Malware
New wave of ‘fake interviews’ use 35 npm packages to spread malware
Threat Actor Allegedly Selling FortiGate API Exploit Tool Targeting FortiOS
APT28 hackers use Signal chats to launch new malware attacks on Ukraine
XDigo Malware Exploits Windows LNK Flaw in Eastern European Government Attacks
Cyber attacks on state bodies: a multi-level interaction scheme via Word and Signal revealed | УНН
Prometei botnet activity has surged since March 2025
WinRAR patches bug letting malware launch from extracted archives
Hackers abuse Microsoft ClickOnce and AWS services for stealthy attacks
OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors
Bots/Botnets
Prometei botnet activity has surged since March 2025
Half of Customer Signups Are Now Fraudulent - Infosecurity Magazine
Mobile
Godfather Malware Targets 400+ Banking Apps Worldwide
SparkKitty Swipes Pics From iOS, Android Devices
What to do if your mobile phone account is hacked or number stolen | Mobile phones | The Guardian
Denial of Service/DoS/DDoS
Cloudflare blocked record-breaking 7.3 Tbps DDoS attack against a hosting provider
Record DDoS pummels site with once-unimaginable 7.3Tbps of junk traffic - Ars Technica
Internet of Things – IoT
Typhoon-like gang slinging TLS certificate 'signed' by LAPD • The Register
Chinese APT Hacking Routers to Build Espionage Infrastructure - SecurityWeek
Ransomware in Cars: Why Automotive Cyber Attacks Are Spiking in 2025 | Raleigh News & Observer
DSIT identifies cyber security weaknesses in IoT devices | UKAuthority
Israel urges citizens to turn off home cameras as Iran hacks surveillance systems | TechSpot
Medical device cyber attacks push hospitals into crisis mode - Help Net Security
Data Breaches/Leaks
Supply Chain Attack Hits Swiss Banks | SC Media UK
Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself | ZDNET
Oxford City Council suffers breach exposing two decades of data
Hacker 'IntelBroker' charged in US for global data theft breaches
Steel Giant Nucor Confirms Data Stolen in Cyber Attack
Cyber attacks at two Melbourne hospitals expose patient details on dark web
Hawaiian Airlines discloses cyber attack, flights not affected
Former US Army Sergeant admits he sold secrets to China • The Register
Advance Auto Parts data breach class action settlement
Organised Crime & Criminal Actors
Man Who Hacked Organisations to Advertise Security Services Pleads Guilty - SecurityWeek
Man pleads guilty to hacking networks to pitch security services
British Man Suspected of Being the Hacker IntelBroker Arrested, Charged - SecurityWeek
Money mule networks evolve into hierarchical, business-like criminal enterprises - Help Net Security
Africa Sees Surge in Cyber Crime as Law Enforcement Struggles
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Attackers Target Docker APIs in Stealthy Crypto Heist
Supply Chain and Third Parties
SecurityScorecard Report Reveals 5 in 6 Organisations at Risk Due to Immature Supply Chain Security
Supply Chain Attack Hits Swiss Banks | SC Media UK
M&S and Co-op Hacks Classified as Single Cyber Event - Infosecurity Magazine
Scattered Spider Behind Cyber Attacks on M&S and Co-op, Causing Up to $592M in Damages
Most organisations are at risk thanks to immature supply chain security | TechRadar
M&S cyber attack deepens as tech partner TCS denies blame - Retail Gazette
MSPs Juggle High Breach Rates and Strong Cyber Confidence | MSSP Alert
Security pro counts the cost of Microsoft dependency • The Register
Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks
Why Are CISOs Prioritizing Snowflake Security? The Breach Playbook Has Changed. - Security Boulevard
Officials set out cyber security charter for NHS suppliers | UKAuthority
Cloud/SaaS
Most AI and SaaS apps are outside IT's control - Help Net Security
The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience
Why Are CISOs Prioritizing Snowflake Security? The Breach Playbook Has Changed. - Security Boulevard
Hackers abuse Microsoft ClickOnce and AWS services for stealthy attacks
When the Cloud Goes Down, Will Your Security Go With It? | Symantec Enterprise Blogs
Outages
UK mobile telco Three suffers voice, text outage • The Register
Encryption
China breaks RSA encryption with a quantum computer - Earth.com
Quantum risk is already changing cyber security - Help Net Security
Home Office anti-encryption site pushes payday loan scheme • The Register
Linux and Open Source
Stealthy backdoor found hiding in SOHO devices running Linux - Help Net Security
Linux flaws chain allows Root access across major distributions
French city of Lyon ditching Microsoft for FOSS • The Register
Passwords, Credential Stuffing & Brute Force Attacks
Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself | ZDNET
Cyber criminals cash in on stolen cookies and credentials | Insurance Business America
Brother printer bug in 689 models exposes default admin passwords
Social Media
Regulations, Fines and Legislation
Home Office anti-encryption site pushes payday loan scheme • The Register
How to Keep Up with Overlapping Cyber Security Regulations in Finance - Infosecurity Magazine
Top Pentagon spy pick rejected by White House - POLITICO
WhatsApp messaging app banned on all US House of Representatives devices | WhatsApp | The Guardian
CISA Is Shrinking: What Does It Mean for Cyber?
Foreign aircraft, domestic risks | CSO Online
Models, Frameworks and Standards
New Cyber Blueprint to Scale Up the EU Cyber Security Crisis Management | ENISA
Careers, Working in Cyber and Information Security
Why work-life balance in cyber security must start with executive support - Help Net Security
Getting a career in cyber security isn’t easy, but this can help
UK Gov Cyber Security Jobs Average Salary is Under £45,000, Study Finds - Infosecurity Magazine
Charming Kitten APT Tries Spying on Israeli Cyber Experts
Law Enforcement Action and Take Downs
Man Who Hacked Organisations to Advertise Security Services Pleads Guilty - SecurityWeek
British Man Suspected of Being the Hacker IntelBroker Arrested, Charged - SecurityWeek
20,000 Malicious IPs And Domains Taken Down In INTERPOL Infostealer Crackdown – Eurasia Review
Four REvil ransomware crooks walk free after admitting guilt • The Register
Hacker 'IntelBroker' charged in US for global data theft breaches
Indian police arrest 10 for laundering fraud proceeds for a Chinese gang | Cryptopolitan
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
How Cyber Warfare Changes the Face of Geopolitical Conflict
How Geopolitical Tensions Are Shaping Cyber Warfare
Cyber warfare escalates: Israel and Iran's digital conflict
Nation State Actors
How Cyber Warfare Changes the Face of Geopolitical Conflict
Are we making hackers sound too cool? These security experts think so | TechRadar
Decade of risk: signaling security in an era of geopolitical tension - DCD
China
Stealthy backdoor found hiding in SOHO devices running Linux - Help Net Security
China breaks RSA encryption with a quantum computer - Earth.com
Chinese APT Hacking Routers to Build Espionage Infrastructure - SecurityWeek
China-linked APT Salt Typhoon targets Canadian Telecom companies
Indian police arrest 10 for laundering fraud proceeds for a Chinese gang | Cryptopolitan
Former US Army Sergeant admits he sold secrets to China • The Register
China increases cyber attacks on hospitals to ‘humiliate’ Taiwan
Russia
APT28 hackers use Signal chats to launch new malware attacks on Ukraine
XDigo Malware Exploits Windows LNK Flaw in Eastern European Government Attacks
Cyber attacks on state bodies: a multi-level interaction scheme via Word and Signal revealed | УНН
Iran
Cyber warfare escalates: Israel and Iran's digital conflict
Israel urges citizens to turn off home cameras as Iran hacks surveillance systems | TechSpot
The real threat to the UK from Iran - from sleeper cells to cyber attacks
Israel expands cyber powers amid rising threats—via WhatsApp | Ctech
Tools and Controls
Most AI and SaaS apps are outside IT's control - Help Net Security
Are we making hackers sound too cool? These security experts think so | TechRadar
The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience
When the Cloud Goes Down, Will Your Security Go With It? | Symantec Enterprise Blogs
And Now Malware That Tells AI to Ignore It?
AI Agents Are Getting Better at Writing Code—and Hacking It as Well | WIRED
Half of Security Pros Want GenAI Deployment Pause - Infosecurity Magazine
Microsoft rolls out Windows security changes to prevent another CrowdStrike meltdown | ZDNET
Don’t be distracted by AI – fundamental cyber skills are still key | TechRadar
Bring Your Own Installer EDR Bypass Observed in Ransomware Operation | MSSP Alert
What is Risk Avoidance? | Definition from TechTarget
How CISOs can justify security investments in financial terms - Help Net Security
How Executives Could Respond When Faced With Multiple Crisis Situations
Other News
BT says nearly half small businesses have suffered a cyber attack in the last year
Microsoft rolls out Windows security changes to prevent another CrowdStrike meltdown | ZDNET
Services disrupted as cyber attack hits Glasgow Council - UKTN
Cyber attacks on insurers put CFOs on high alert | Fortune
EU and Australia commit to Defence Partnership| Cybernews
Building cyber resilience in the financial sector
Decade of risk: signaling security in an era of geopolitical tension - DCD
Medical device cyber attacks push hospitals into crisis mode - Help Net Security
Cyber Intel Pros and Hobbyists Can Now Report Threats Anonymously - Infosecurity Magazine
French city of Lyon ditching Microsoft for FOSS • The Register
Security pro counts the cost of Microsoft dependency • The Register
Some European Countries Are Ditching Microsoft Software For Good (And Here's Why That Matters)
Denmark is switching to Linux | PC Gamer
Dual-Use Military and Civil Airports Face Cyber Threats
The Security Fallout of Cyber Attacks on Government Agencies - Security Boulevard
Cyber Skills Today for Economic Growth Tomorrow
Vulnerability Management
'7% of organisations tackle vulnerabilities only when necessary' - Data Centre & Network News
CISA Is Shrinking: What Does It Mean for Cyber?
Irish businesses show gaps in cyber security as 6 in 10 overlook regular software updates
Vulnerabilities
Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777) - Help Net Security
Up next on the KEV? All signs point to 'CitrixBleed 2' • The Register
Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access
Linux flaws chain allows Root access across major distributions
Threat Actor Allegedly Selling FortiGate API Exploit Tool Targeting FortiOS
Hundreds of MCP Servers at Risk of RCE and Data Leaks - Infosecurity Magazine
Asana Fixes Security Flaw in AI Data Integration Tool
Chrome 138, Firefox 140 Patch Multiple Vulnerabilities - SecurityWeek
Millions of Brother Printers Hit by Critical Unpatchable Bug
CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet
Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks
WinRAR patches bug letting malware launch from extracted archives
Critical Teleport Vulnerability Let Attackers Remotely Bypass Authentication Controls
Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144) - Help Net Security
Motors Theme Vulnerability Exploited to Hack WordPress Websites - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.