A recent attempt to bribe BBC News reporter Joe Tidy to assist a cybercriminal in breaching the BBC’s cyber defenses highlights the growing threat all organizations now face from within. Tidy was offered millions of pounds and told he need never work again if he assisted the threat actor. With the permission of his editor, the BBC reporter played along with the cybercriminals without actually assisting them in order to discover more about their methods.
“Lurking in the murky depths of the global marketplace for offensive cyber capabilities sits a particularly dangerous capability—spyware,” warns the Atlantic Council, a Washington, DC-based organization that promotes transatlantic cooperation and global economic prosperity.
The number of US-based entities investing in the spyware market is three times greater than in the next three-highest countries with the most investors, according to a report published by the Atlantic Council on September 10: Mythical Beasts: Diving into the depths of the global spyware market.
Carmaker Jaguar Land Rover (JLR) has shut down its systems after suffering a cyber-attack. The group claiming responsibility for the attack, The Com, also referred to as Scattered Spider, is a loosely affiliated online community of predominantly teenage English-speaking hackers based in the UK and the US.
Over half of cyber-attacks exploiting known vulnerabilities are the work of state-sponsored groups from abroad, mainly from China. According to cybersecurity company Recorded Future’s research arm, Insikt Group, 53 percent of observed exploitation activity in the first half of this year was driven by state-sponsored and suspected state-sponsored actors and conducted for espionage, surveillance, or other geopolitical objectives.
The Chinese government now has a vast storehouse of confidential information belonging to key industries and individuals in the US and UK and many other countries. According to an urgent joint cybersecurity advisory issued by the US National Security Agency (NSA) and other U.S. and foreign organizations, threat actors sponsored by the Chinese government, notably Salt Typhoon, have been consistently targeting telecommunications, government, transportation, lodging, and military infrastructure networks globally.
Cybercriminals are now weaponizing artificial intelligence (AI) to create potentially devastating off-the-shelf ransomware. Researchers at cybersecurity company ESET have discovered what they called “the first known AI-powered ransomware”. The malware, which ESET has named PromptLock, has the ability to exfiltrate, encrypt, and possibly even destroy data, though this last functionality appears not to have been implemented in the malware as yet.
Telecoms operator Orange Belgium has revealed that a cyber-attack in July resulted in the theft of data from 850,000 customer accounts. The telecoms operator has been quick to reassure its customers that no passwords, email addresses, bank or financial details were hacked.
Throughout June and August of this year, a sophisticated off-the-shelf malware campaign targeted over 300 organizations. According to cybersecurity company CrowdStrike, the campaign deployed SHAMOS, a malware variant of Atomic macOS Stealer (AMOS) developed by cybercriminal group COOKIE SPIDER.
The most in-demand skill on cybercrime recruiting sites is English-speaking social engineering. According to cybersecurity company Reliaquest, job posts more than doubling from 2024 to 2025, with recruiters accounting for 87 percent of these postings, indicating strong demand.
A staggering total of $329 billion is at risk globally because of poor cybersecurity applied to operational technology (OT) systems, which control facilities such as manufacturing and energy storage, according to cybersecurity company, Dragos.
The days are long gone when OT systems from online hackers were protected by the airgap, effectively a digital moat where all data was transferred manually. Today OT systems are linked to online IT systems to facilitate communication and increase efficiency. But organisations relying on OT systems are now finding that they must now pay too high a price for these gains.
In an exclusive interview with Cyber Intelligence, Fergus Hay, the CEO and co-founder of The Hacking Games, explains how teenage hackers hold the keys to the future of cybersecurity.
The US Nuclear Security Administration, which is responsible for maintaining and designing the USA’s cache of nuclear weapons, has been hacked by China-based cybercriminal group Storm-2603. Other organizations including the U.S Education Department, Florida’s Department of Revenue, and the Rhode Island General Assembly were also breached by Storm-2603.
Asian cybercrime syndicates based in China and Southeast Asia have caused approximately $37 billion in losses in East and Southeast Asia. The UN warns that they are now spreading operations across Africa, South America, the Middle East, Europe, and the Pacific.
Cybersecurity Threats on the Rise in Asia Pacific Cybersecurity incidents in Asia Pacific have increased by 29 percent this year and 134 percent in the last four years, according to Aon’s 2025 Cyber Risk Report. The rise in AI-driven deepfake attacks resulted in a 233 percent increase in incidents involving social engineering and fraud. Kazakhstan […]
Louis Vuitton, owned by French giant LVMH, is the latest retailer to suffer a cyber-breach in a recent flurry of attacks that previously compromised Marks & Spencer, the Co-Op and others. The cybercriminals have accessed Louis Vuitton’s customer data not only in the UK but also in Turkey and Korea. According to Louis Vuitton, the hackers were sitting on its systems for a full month before the intrusion was discovered.
Identity-based attacks are emerging as the major attack vector for businesses of all kinds. According to cybersecurity company eSentire, Identity-driven threats have “skyrocketed”, with a 156 percent surge in identity-based attacks between 2023-2025.
Brazilian IT worker João Roque has been arrested in connection with a $100 million theft through payment system PIX. Roque admitted to police that he had sold his login credentials to hackers who had approached him earlier this year.
admin
