Black Arrow Cyber Threat Intelligence Briefing 30 May 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week’s review highlights the growing risks facing senior executives, with threat actors increasingly targeting C-suite leaders through tailored spear-phishing campaigns and exploiting their digital footprints. A recent study reports cyber risk as the top reputational concern for senior leaders globally, yet most organisations remain unprepared to model the business impact of such events, while the CEO of M&S highlights the personal effects of experiencing a cyber attack. By contrast, we report on a study that has assessed the business value of including cyber security at the outset of business initiatives.
We also report on the evolution of attack tactics, including disguising ransomware and malware as legitimate AI tools, and enabling teenagers with limited technical skills to conduct attacks. The cyber threat landscape remains volatile, with criminal groups exploiting AI hype, expanding supply chain attack vectors, and even competing for dominance amongst their peers.
Finally, Australia now requires companies to report ransomware payments, which we see as part of a growing drive for transparency that builds on current and forthcoming legislation in other jurisdictions.
Black Arrow recommends that business leaders should ensure they perform an objective assessment of their cyber risks, and address those risks through controls across people, operations and technology aligned to a respected framework underpinned by robust governance.
Top Cyber Stories of the Last Week
New Spear-Phishing Attack Targeting Financial Executives by Deploying Malware
A new spear-phishing (highly targeted/individualised phishing) campaign is actively targeting chief financial officers and senior executives in the banking, energy, insurance, and investment sectors across multiple regions, including the UK. The operation impersonates recruitment outreach from a well-known financial firm and uses convincing social engineering to bypass standard security training. The attackers deploy a legitimate remote access tool, blending into normal network activity and complicating detection. The use of custom CAPTCHA and hidden download mechanisms highlights the operation’s sophistication. The campaign’s precise targeting and persistence tactics reflect a well-resourced threat actor likely pursuing long-term strategic access.
https://cybersecuritynews.com/new-spear-phishing-attack-targeting-financial-executives/
The Hidden Cyber Risks in Your Executive Team’s Digital Footprint
Executives and board members are increasingly targeted by cyber criminals due to their extensive digital footprints and access to high-value systems. Public profiles, reused passwords, and personal device use create opportunities for attackers to launch tailored phishing, impersonation, and deepfake scams. Infostealers harvesting login details and cookies from executive endpoints are now sold on dark web markets, sometimes with corporate credentials priced as low as $100. These risks go beyond technical flaws, exposing organisations to reputational and operational damage. Proactive monitoring of executive identities and digital exposure is now critical to reducing breach likelihood and maintaining cyber resilience.
Mandatory Ransomware Payment Disclosure Begins in Australia
Australia has become the first country to mandate the reporting of ransomware payments, requiring private organisations with turnover above AUD $3m to notify authorities within 72 hours of making or learning of a payment. The new measures aim to improve visibility into cyber crime and reduce underreporting, with research showing only one in five victims currently alert authorities. The law also introduces a Cyber Incident Review Board and forthcoming smart device security standards. With global momentum growing, the UK is now consulting on similar ransomware reporting and payment restrictions for critical infrastructure and public sector entities.
https://www.infosecurity-magazine.com/news/ransomware-payment-disclosure/
Cyber is Now the Top Reputational Risk for Global Firms for 2024/25 per WTW
WTW’s latest global survey has found that cyber risk is now the top reputational concern for senior executives, cited by 65% of respondents up from 52% last year. Environmental and governance risks also rose significantly, reflecting growing regulatory pressures. While 94% of organisations now reserve budgets for managing reputational damage, only 11% feel confident in modelling the financial impact of such events. Encouragingly, most firms have formal crisis response teams and conduct regular scenario testing, but the gap between preparedness and risk quantification remains a key challenge for leadership to address in today’s volatile threat landscape.
Cyber Security Teams Generate Average of $36M in Business Growth
An EY global study has found that cyber security teams contribute a median of $36 million in business value per enterprise initiative, yet budget allocations have halved as a percentage of revenue over the past two years. Despite their growing strategic role, only 13% of CISOs are engaged early in key business decisions. The report highlights that when involved from the outset, security leaders accelerate innovation, reduce risk, and strengthen customer trust particularly in AI adoption and market expansion. Organisations recognising this are seeing both enhanced resilience and competitive advantage through secure, business-aligned transformation.
https://www.infosecurity-magazine.com/news/cybersecurity-teams-business-growth/
M&S Boss: I Went into Shock over Cyber Attack
The chief executive of UK retailer Marks & Spencer (M&S) described feeling “in shock” as the company faced a ransomware cyber attack that disrupted payments, digital stock systems and online sales, with losses estimated at £300 million. The incident exposed personal data belonging to staff and millions of customers, prompting warnings about scams and reinforcing the reputational impact. The attack, attributed to human error, highlighted the persistent difficulty in defending against ransomware. The crisis has accelerated M&S’ digital infrastructure overhaul, reducing a planned three-year transformation to just 18 months.
https://www.telegraph.co.uk/business/2025/05/25/ms-boss-i-went-into-shock-over-cyber-attack/
Cyber Criminals Exploit AI Hype to Spread Ransomware, Malware
Cyber criminals are increasingly exploiting public interest in artificial intelligence by disguising ransomware and malware as legitimate AI tools. Recent campaigns have used fake websites and malicious installers claiming to offer free AI services to lure users into downloading harmful software. Victims are targeted through manipulated search engine results and deceptive advertisements. Once installed, these payloads can encrypt data, corrupt systems, or render devices inoperable. Notably, attackers are blending legitimate AI components with malware to evade detection. Organisations are advised to source AI tools only from verified providers and avoid downloading from promoted links or unofficial platforms.
AI Is Perfecting Scam Emails, Making Phishing Hard to Catch
AI-driven tools are transforming phishing scams, making fraudulent emails far harder to detect. Unlike earlier scams with poor grammar and awkward phrasing, messages now appear polished and convincingly mimic trusted brands and individuals, even in niche languages like Icelandic. The FBI estimates email and impersonation frauds generated $16.6 billion last year. Attackers can now rapidly customise scams at scale, embedding into real threads and exploiting lookalike domains. Experts warn traditional awareness training is no longer enough; verifying suspicious messages and using measures like multifactor authentication and password managers are increasingly essential for defence.
https://www.axios.com/2025/05/27/chatgpt-phishing-emails-scam-fraud
4.5% of Breaches Now Extend to Fourth Parties
There has been a sharp rise in supply chain risks, with over a third (35%) of breaches in 2024 linked to third parties, up 6.5% from last year, and 4.5% now involving fourth parties. Nearly half of these third-party breaches stemmed from technology services, though attack surfaces are diversifying. Ransomware operations are increasingly exploiting supply chains, with 41% of attacks originating via third-party vectors. Subsidiaries and acquisitions now account for nearly 12% of third-party breaches, exposing internal blind spots. The findings underscore the urgent need for continuous, real-time monitoring of vendor ecosystems, as traditional periodic assessments are no longer sufficient.
https://www.helpnetsecurity.com/2025/05/27/third-party-breaches-increase/
Any Teenager Can Be a Cyber Attacker Now, Parents Warned
There has observed a shift in the cyber crime landscape, with younger, less technically skilled individuals now able to participate in serious offences using widely available online tools. Hacking communities such as “the Com” have evolved into organised groups engaging in ransomware, fraud and extortion, with some members living extravagantly on stolen cryptocurrency. The recent cyber attack on UK retailer M&S, linked to this network, could cost the retailer up to £300 million. Authorities warn that parents and organisations alike must be more alert, as cyber crime becomes more accessible, socially driven and increasingly blurred with real-world violence and intimidation.
New Russian State Hacking Group Hits Europe and North America
Microsoft has identified a newly active Russian state-affiliated group, called Void Blizzard or Laundry Bear, targeting government bodies and critical industries across Europe and North America. The group has compromised multiple organisations, including Ukrainian aviation and Dutch police entities, with tactics ranging from password spraying to spear phishing using spoofed authentication pages. Recent campaigns targeted over 20 NGOs with malicious QR codes to harvest credentials. Post-compromise activity includes automated data theft from cloud platforms and access to Microsoft Teams. Intelligence agencies warn that the group is seeking sensitive defence-related information, particularly linked to NATO, EU member states and military support for Ukraine.
https://www.infosecurity-magazine.com/news/russian-state-group-europe-america/
DragonForce Engages in "Turf War" for Ransomware Dominance
Sophos has revealed that the ransomware group DragonForce is engaged in a power struggle with rivals in a bid to dominate the cyber crime landscape. Following a rebrand into a ‘cartel’ model and launch of its white-label ransomware platform, DragonForce has targeted competitors and appears responsible for the sudden outage of a rival group’s infrastructure in March. This internal warfare has disrupted some operations but has not reduced the threat to organisations. Instead, researchers warn it may lead to more unpredictable and opportunistic cyber attacks, requiring businesses to strengthen incident response and threat monitoring capabilities.
https://www.infosecurity-magazine.com/news/dragonforce-turf-war-ransomware/
Governance, Risk and Compliance
Cyber now the top reputational risk for global firms, WTW report finds | Global Reinsurance
Welcome to the age of cyber insecurity in business
M&S boss: I went into shock over cyber attack
Firms Eye Vulnerabilities as Enterprise Cyber Security Risks Surge
4.5% of breaches now extend to fourth parties - Help Net Security
When leaders ignore cyber security rules, the whole system weakens | Computer Weekly
The Hidden Cyber Risks in Your Executive Team’s Digital Footprint - Security Boulevard
Cyber Security Teams Generate Average of $36M in Business Growth - Infosecurity Magazine
Why Cyber Security Is Shifting From Detection To Performance
Threats
Ransomware, Extortion and Destructive Attacks
DragonForce used MSP's RMM software to distribute ransomware • The Register
DragonForce Engages in "Turf War" for Ransomware Dominance - Infosecurity Magazine
Police Probe Hacking Gang Over Retail Attacks | Silicon UK Tech
Cyber criminals exploit AI hype to spread ransomware, malware
Any teenager can be a cyber attacker now, parents warned
In cyber attacks, humans can be the weakest link
Ransomware, Rewritten: How AI Is Fueling Both Sides of the Fight | MSSP Alert
How CISOs can defend against Scattered Spider ransomware attacks | CSO Online
Silent Ransom Group targeting law firms, the FBI warns
FBI warns of Luna Moth extortion attacks targeting law firms
UK, US Police Target Ransomware Gangs In Latest Action | Silicon
Sophos warns MSPs over DragonForce threat | Microscope
'Everest Group' Extorts Global Orgs via SAP's HR Tool
'Kisses from Prague': The fall of a Russian ransomware giant
The rise and rise of ransomware - Chris Skinner's blog
Ransomware Victims
Police Probe Hacking Gang Over Retail Attacks | Silicon UK Tech
M&S boss: I went into shock over cyber attack
In cyber attacks, humans can be the weakest link
Retail attacks put cyber security in the spotlight | ICAEW
Silent Ransom Group targeting law firms, the FBI warns
FBI warns of Luna Moth extortion attacks targeting law firms
Hackers just hit a $5B hospital empire, demand ransom | Cybernews
Nova Scotia Power Confirms Ransomware Attack, 280k Notified of Data Breach - SecurityWeek
Luxury jet company allegedly faces data breach | Cybernews
Nova Scotia Power confirms it was hit by ransomware
The rise and rise of ransomware - Chris Skinner's blog
Victoria’s Secret Website Taken Offline After Cyber Attack - SecurityWeek
Phishing & Email Based Attacks
How to spot phishing emails now that AI has cleaned up the typos
New Spear-Phishing Attack Targeting Financial Executives by Deploying NetBird Malware
'Haozi' Gang Sells Turnkey Phishing Tools to Amateurs
Less than eight percent of top domains implement the toughest DMARC protection
Threat actors abuse Google Apps Script in evasive phishing attacks
Threat Actors Impersonate Fake Docusign Notifications To Steal Corporate Data
Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth's Stealth Phishing Campaign
The rise of AI-driven phishing attacks: A growing threat and the power of smarter defences | Ctech
New Browser Exploit Technique Undermines Phishing Detection - Infosecurity Magazine
New Russian cyber-spy crew Laundry Bear joins the pack • The Register
What to do if your Facebook account has been phished, hacked, stolen
Gone phishing: the rise of retail cyber crime in four charts
‘Secure email’: A losing battle CISOs must give up | CSO Online
Other Social Engineering
In cyber attacks, humans can be the weakest link
Cyber criminals exploit AI hype to spread ransomware, malware
Oversharing online? 5 ways it makes you an easy target for cyber criminals | ZDNET
The Hidden Cyber Risks in Your Executive Team’s Digital Footprint - Security Boulevard
Can You Identify a Scam Link? Don't Worry, We'll Teach You How - CNET
How well do you know your remote IT worker? - Help Net Security
Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers
Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth's Stealth Phishing Campaign
WSJ: US probes fake White House staff plot | Cybernews
Late night cyber attack targets Israelis with fake hostage calls
Fraud, Scams and Financial Crime
Crypto Drainers are Targeting Cryptocurrency Users - Security Boulevard
Can You Identify a Scam Link? Don't Worry, We'll Teach You How - CNET
Digital trust is cracking under the pressure of deepfakes, cyber crime - Help Net Security
Grandpa-conning crook jailed over sugar-coated drug scam • The Register
Public urged to create secret passwords with family and friends to avoid AI-generated scams
Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats
Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers
How CISOs can regain ground in the AI fraud war - Help Net Security
US sanctions firm linked to cyber scams behind $200 million in losses
Artificial Intelligence
How to spot phishing emails now that AI has cleaned up the typos
Cyber criminals exploit AI hype to spread ransomware, malware
The Hidden Cyber Risks in Your Executive Team’s Digital Footprint - Security Boulevard
Ransomware, Rewritten: How AI Is Fueling Both Sides of the Fight | MSSP Alert
Digital trust is cracking under the pressure of deepfakes, cyber crime - Help Net Security
Cyber criminals Take Advantage of ChatGPT and Other Generative AI Models | Security Magazine
TikTok fans beware - experts warn dangerous malware spread by AI fake videos | TechRadar
How well do you know your remote IT worker? - Help Net Security
Public urged to create secret passwords with family and friends to avoid AI-generated scams
How CISOs can regain ground in the AI fraud war - Help Net Security
Rethinking Data Privacy in the Age of Generative AI
AI forces security leaders to rethink hybrid cloud strategies - Help Net Security
The rise of AI-driven phishing attacks: A growing threat and the power of smarter defences | Ctech
Most AI chatbots devour your user data - these are the worst offenders | ZDNET
Malware
Cyber criminals exploit AI hype to spread ransomware, malware
New Spear-Phishing Attack Targeting Financial Executives by Deploying NetBird Malware
SilverRAT Source Code Leaked Online: Here’s What You Need to Know
TikTok fans beware - experts warn dangerous malware spread by AI fake videos | TechRadar
Fake Zenmap. WinMRT sites target IT staff with Bumblebee malware
Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware
Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto
Hackers increasingly target UEFI and bootloaders | Cybernews
Don't click on that Facebook ad for a text-to-AI-video tool • The Register
GitHub becomes go-to platform for malware delivery across Europe - Help Net Security
New AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor.
Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations
Latrodectus malware detected on over 44K IPs | Cybernews
PumaBot Targets Linux Devices in Botnet Campaign
From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign
$24 Mln In Cryptocurrency Seized From Russian Malware Network
New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency
Bots/Botnets
New AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor.
PumaBot Targets Linux Devices in Botnet Campaign
Mobile
Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats
If You Get This Message On Your Phone It’s An Attack
Internet of Things – IoT
PumaBot Targets Linux Devices in Botnet Campaign
States Have a TP-Link Problem - The National Interest
Data Breaches/Leaks
ConnectWise Hit by Cyber Attack; Nation-State Actor Suspected in Targeted Breach
NHS trusts in London and Southampton hit by cyber attack
Coinbase and TaskUs hack: How it happened | Fortune Crypto
Hackers claim major French govt email data breach | Cybernews
Adidas Falls Victim to Third-Party Data Breach
Luxury jet company allegedly faces data breach | Cybernews
Organised Crime & Criminal Actors
Cyber crime much bigger than nation-state ops: Daniel • The Register
Any teenager can be a cyber attacker now, parents warned
Russian Government Hackers Caught Buying Passwords from Cyber Criminals - SecurityWeek
$24 Mln In Cryptocurrency Seized From Russian Malware Network
US sanctions firm linked to cyber scams behind $200 million in losses
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Coinbase and TaskUs hack: How it happened | Fortune Crypto
Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto
Crypto Drainers are Targeting Cryptocurrency Users - Security Boulevard
Hacker steals $223 million in Cetus Protocol cryptocurrency heist
Dark Partners cyber crime gang fuels large-scale crypto heists
$24 Mln In Cryptocurrency Seized From Russian Malware Network
Insider Risk and Insider Threats
In cyber attacks, humans can be the weakest link
Why layoffs increase cyber security risks - Help Net Security
US intelligence agency employee charged with espionage | AP News
Insurance
Cyber attack Surge Benefits Insurers, Prompts Rethink on Premiums
Cyber now the top reputational risk for global firms, WTW report finds | Global Reinsurance
What UK retail breaches mean for the global cyber insurance market | Insurance Business America
Supply Chain and Third Parties
DragonForce used MSP's RMM software to distribute ransomware • The Register
ConnectWise Hit by Cyber Attack; Nation-State Actor Suspected in Targeted Breach
UK: Two NHS trusts hit by cyber attack that exploited Ivanti flaw – DataBreaches.Net
Firms Eye Vulnerabilities as Enterprise Cyber Security Risks Surge
4.5% of breaches now extend to fourth parties - Help Net Security
'Everest Group' Extorts Global Orgs via SAP's HR Tool
Cloud/SaaS
SaaS companies in firing line following Commvault attack • The Register
What Your Traffic Logs Aren't Telling You About Cloud Security - Security Boulevard
AI forces security leaders to rethink hybrid cloud strategies - Help Net Security
Outages
SentinelOne back online after lengthy outage • The Register
Encryption
Experts "deeply concerned" by the EU plan to weaken encryption | TechRadar
Quantum Computing Threat to Cryptography
Linux and Open Source
PumaBot Targets Linux Devices in Botnet Campaign
Passwords, Credential Stuffing & Brute Force Attacks
Russian Government Hackers Caught Buying Passwords from Cyber Criminals - SecurityWeek
Social Media
TikTok fans beware - experts warn dangerous malware spread by AI fake videos | TechRadar
Don't click on that Facebook ad for a text-to-AI-video tool • The Register
Oversharing online? 5 ways it makes you an easy target for cyber criminals | ZDNET
Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas
What to do if your Facebook account has been phished, hacked, stolen
Regulations, Fines and Legislation
Cyber defence cuts could sap US response to China hacks, insiders say | World | postguam.com
Major conference in San Antonio shelved due to US policy climate
Banks Want SEC to Rescind Cyber Attack Disclosure Requirements
US Government Launches Audit of NIST’s National Vulnerability Database - Infosecurity Magazine
Models, Frameworks and Standards
How FedRAMP Reciprocity Works with Other Frameworks - Security Boulevard
Careers, Working in Cyber and Information Security
Armed forces charity steps in to address cyber mental health crisis | Computer Weekly
Christian Timbers: Cyber Security Executive Pay Up 4.3% in 2025
Cyber Security salaries in 2025: Shifting priorities, rising demand for specialized roles | SC Media
Law Enforcement Action and Take Downs
Latrodectus malware detected on over 44K IPs | Cybernews
UK, US Police Target Ransomware Gangs In Latest Action | Silicon
Grandpa-conning crook jailed over sugar-coated drug scam • The Register
Misinformation, Disinformation and Propaganda
Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
UK Government invests £1bn to equip the army for cyber war, defence secretary reveals
US intelligence agency employee charged with espionage | AP News
Britain’s new defence pact with the EU
Nation State Actors
Cyber crime much bigger than nation-state ops: Daniel • The Register
Midyear Roundup: Nation-State Cyber Threats in 2025
ConnectWise Hit by Cyber Attack; Nation-State Actor Suspected in Targeted Breach
US intelligence agency employee charged with espionage | AP News
China
China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure
China hacks show they're 'preparing for war': McMaster • The Register
States Have a TP-Link Problem - The National Interest
Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations
Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors - SecurityWeek
Prague blames Beijing for cyber attack on foreign ministry
Chinese Hacking Group 'Earth Lamia' Targets Multiple Industries - SecurityWeek
Cyber defence cuts could sap US response to China hacks, insiders say | World | postguam.com
China, Taiwan trade accusations over cyber attacks | Reuters
Russia
Russian Government Hackers Caught Buying Passwords from Cyber Criminals - SecurityWeek
New Russian state-sponsored APT quickly gains global reach, hitting expansive targets | CyberScoop
New Russian State Hacking Group Hits Europe and North America - Infosecurity Magazine
NCSC pins ‘malicious campaign’ of cyber attacks on Russian military intelligence – PublicTechnology
$24 Mln In Cryptocurrency Seized From Russian Malware Network
Electricity supply emerges as prime cyber attack target – German security agency | Clean Energy Wire
'Kisses from Prague': The fall of a Russian ransomware giant
Russia-Linked Hackers Target Tajikistan Government with Weaponized Word Documents
Russia sentences programmer to 14 years for treason • The Register
Iran
85 Iranian cyber attacks linked to killing plots foiled in 2025, Israel says | Iran International
North Korea
How well do you know your remote IT worker? - Help Net Security
Tools and Controls
DragonForce used MSP's RMM software to distribute ransomware • The Register
ConnectWise Hit by Cyber Attack; Nation-State Actor Suspected in Targeted Breach
Cyber Attack Surge Benefits Insurers, Prompts Rethink on Premiums
Why layoffs increase cyber security risks - Help Net Security
The Hidden Cyber Risks in Your Executive Team’s Digital Footprint - Security Boulevard
Welcome to the age of cyber insecurity in business
US, allies push for immediate SIEM, SOAR implementation | SC Media
Why Cyber Security Is Shifting From Detection To Performance
What is OSINT and why it is so important to fight cyber criminals? | TechRadar
SaaS companies in firing line following Commvault attack • The Register
'Everest Group' Extorts Global Orgs via SAP's HR Tool
Ransomware, Rewritten: How AI Is Fueling Both Sides of the Fight | MSSP Alert
The edge devices security risk: What leaders can do | IT Pro
Less than eight percent of top domains implement the toughest DMARC protection
AI Beats 90% of Human Teams in a Hacking Competition
Why data provenance must anchor every CISO’s AI governance strategy - Help Net Security
Recent Acquisitions Illustrate Consolidation Trends in Cyber Security | MSSP Alert
CISA's New SIEM Guidance Tackles Visibility and Blind Spots
‘Secure email’: A losing battle CISOs must give up | CSO Online
Incident Response Planning - Preparing for Data Breaches
Explaining What’s Happened in a Cyber Attack Is Challenging
Predictive Cyber Risk Analysis Using Aggregated Threat Intelligence
Building resilient cyber threat intelligence communities | Computer Weekly
SentinelOne back online after lengthy outage • The Register
What Your Traffic Logs Aren't Telling You About Cloud Security - Security Boulevard
AI forces security leaders to rethink hybrid cloud strategies - Help Net Security
Hackers claim major French govt email data breach | Cybernews
This National Guard unit went analog to simulate a cyber attack
Cyber security challenges could pave the way to a unified approach
Other News
Electricity supply emerges as prime cyber attack target – German security agency | Clean Energy Wire
Britain’s new defence pact with the EU
Why pilots fear that airplanes will be the next target of cyber hackers
The US Is Building a One-Stop Shop for Buying Your Data | WIRED
94 billion browser cookies sold on Telegram | Cybernews
The Cyber Security Catch That Comes With Free Public Wi-Fi
Banks report growing number of cyber attacks against clients | Radio Prague International
This National Guard unit went analog to simulate a cyber attack
Japan to draw up new cyber security strategy by year-end - Japan Today
Cyber security in mining: protecting infrastructure and digital assets | A&O Shearman - JDSupra
Airplane crash-detection systems could be vulnerable | The Week
Vulnerability Management
China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure
Not Every CVE Deserves a Fire Drill: Focus on What’s Exploitable
CVE Uncertainty Underlines Importance of Cyber Resilience
Firms Eye Vulnerabilities as Enterprise Cyber Security Risks Surge
Hackers increasingly target UEFI and bootloaders | Cybernews
NIST Launches Metric to Measure Likelihood of Vulnerability Exploits - Infosecurity Magazine
New Attack Bypasses HTTP/2 Security for Arbitrary Cross-Site Scripting
Microsoft wants Windows Update to handle all apps | The Verge
Vulnerabilities
China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure
ConnectWise Confirms Hack, “Very Small Number” of Customers Affected - Infosecurity Magazine
Questions mount as Ivanti tackles another round of zero-days | CyberScoop
SaaS companies in firing line following Commvault attack • The Register
Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors - SecurityWeek
UK: Two NHS trusts hit by cyber attack that exploited Ivanti flaw – DataBreaches.Net
Thousands of Asus routers are being hit with stealthy, persistent backdoors - Ars Technica
Cisco security flaw exploited to build botnet of thousands of devices | TechRadar
Chrome 137, Firefox 139 Patch High-Severity Vulnerabilities - SecurityWeek
Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin
Apple Safari exposes users to fullscreen browser-in-the-middle attacks
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.