Two pieces of upcoming legislation are set to transform the cyber strategies of companies in certain sectors. Immediate reporting of significant cyber-attacks is soon to be mandatory and making ransomware payments may soon be outlawed.
A recent attempt to bribe BBC News reporter Joe Tidy to assist a cybercriminal in breaching the BBC’s cyber defenses highlights the growing threat all organizations now face from within. Tidy was offered millions of pounds and told he need never work again if he assisted the threat actor. With the permission of his editor, the BBC reporter played along with the cybercriminals without actually assisting them in order to discover more about their methods.
Carmaker Jaguar Land Rover (JLR) has shut down its systems after suffering a cyber-attack. The group claiming responsibility for the attack, The Com, also referred to as Scattered Spider, is a loosely affiliated online community of predominantly teenage English-speaking hackers based in the UK and the US.
The Chinese government now has a vast storehouse of confidential information belonging to key industries and individuals in the US and UK and many other countries. According to an urgent joint cybersecurity advisory issued by the US National Security Agency (NSA) and other U.S. and foreign organizations, threat actors sponsored by the Chinese government, notably Salt Typhoon, have been consistently targeting telecommunications, government, transportation, lodging, and military infrastructure networks globally.
The most in-demand skill on cybercrime recruiting sites is English-speaking social engineering. According to cybersecurity company Reliaquest, job posts more than doubling from 2024 to 2025, with recruiters accounting for 87 percent of these postings, indicating strong demand.
Louis Vuitton, owned by French giant LVMH, is the latest retailer to suffer a cyber-breach in a recent flurry of attacks that previously compromised Marks & Spencer, the Co-Op and others. The cybercriminals have accessed Louis Vuitton’s customer data not only in the UK but also in Turkey and Korea. According to Louis Vuitton, the hackers were sitting on its systems for a full month before the intrusion was discovered.
The US Federal Bureau of Investigation (FBI) last week issued a warning on X that the cybercriminals responsible for the recent devastating cyber-attacks on the UK retail sector are now targeting the airline sector on both sides of the Atlantic. Hard on the heels of the FBI’s warning came the news that the Qantas airline has suffered a major cyber-attack, affecting more than six million customers and likely resulting in the “significant” theft of personal information. Qantas confirmed the data breach Wednesday morning, alerting customers to a cyber incident affecting a third-party platform used by an airline contact center.
A patient’s death following a cyber-attack on the UK health sector by ransomware group Qilin has now been reported. The death has been confirmed by King’s College Hospital NHS Foundation Trust.
It has been attributed to a long wait for a blood test as a result of a cyber-attack on 3 June last year, which brought pathology services to a temporary standstill. IT company Synnovis, which provides blood test services primarily in southeast London, was the victim of a ransomware attack carried out by Qilin. The hospitals affected were Guy’s and St Thomas’, King’s College, and Lewisham and Greenwich, along with primary care facilities across six London boroughs and two mental health trusts.
As Iran prepares to avenge its recent humiliating ground defeats with concerted cyber-attacks on the US, the Food and Drug Administration (FDA) has issued a stark warning to the medical sector.
“Manufacturing infrastructure can be particularly vulnerable with connected devices, Industrial Internet of Things (IIoT), and smart technologies becoming more ubiquitous. These connected technologies, considered Operational Technologies (OT), have historically been designed to prioritize consistent functionality over cybersecurity. Consequently, it is sometimes difficult to tell what, when, and where communications are happening, which has the potential to increase the risk of a cybersecurity incident,” warns the FDA.
A new cybercriminal group, Qilin, is rapidly establishing dominance in the murky world of ransomware by providing not just ransomware-as-a-service (RaaS) but a full soup-to-nuts cybercrime service .In addition to the malware, Qilin also provides a full suite of legal guidance for criminals together with operational and storage features. According cybersecurity company, Cybereason, Qilin is positioning itself not just as a ransomware group, but as a full cybercrime service.
Cybercriminals have just added what may be the most dangerous weapon yet to their arsenal of illegal software, a Dark Web version of legitimate artificial intelligence (AI) platforms. Tel Aviv-based network security company, Cato Networks, has uncovered an emerging criminal platform called Nytheon AI that it says is “a fully-fledged illicit AI platform”. While there have been other attempts to offer criminal versions of popular AI models, Nytheon AI is the first truly comprehensive multilingual offering. Threat actors can now use the platform to conduct a variety of attacks including tailored spear-phishing campaigns, deepfake documents, and polymorphic malware capable of constantly mutating its appearance.
The recent UK retail cyberattacks that impacted Marks & Spencer and the Co-Op supermarket chain are only the tip of a very large iceberg that now threatens organizations on both sides of the Atlantic.
Although media reports have attributed the attacks to a group named “Scattered Spider,” the actual threat is far bigger. For a start, there is no criminal group that actually calls itself “Scattered Spider”, which is just a made-up name attributed by cybersecurity researchers. These attacks and many others in the US and the UK are now known to be the work of a vast sprawling network of hackers, some as young as 14, spread across the US and the UK. They call themselves “the Community”, or “the Com” for short, and are essentially a vast teenage subculture of criminal hackers.
Artificial Intelligence (AI) is learning to think like a human. But the critical question now being asked in IT circles is: “What kind of human?”
Claude, Opus 4, a groundbreaking new AI system released by AI developers Anthropic on Tuesday, is attempting to blackmail its creator by exposing an alleged extramarital affair. This follows on from other AI systems programmed to interact with humans effectively, lying by making up fake information, a phenomenon known by developers as “hallucinating”.
In an exclusive interview with Cyber Intelligence, Tim Grieveson, Chief Security Officer for attack surface discovery platform, ThingsRecon, explains how companies can protect their constantly expanding attack surfaces while using AI tools to monitor potential vulnerabilities in real time.
The UK retailers, Marks & Spencer, Harrods and the Co-Op, who have been hit by a flurry of cyber-attacks over the last two weeks, have immediately experienced a loss in consumer and investor confidence.
Artificial Intelligence (AI)-driven cybersecurity is set to dominate RSA, the world’s largest cybersecurity event, which kicked off yesterday in San Francisco and runs from April 28 to May 1.
Networking giant Cisco set the pace with an announcement that it is deepening its partnership with ServiceNow, a leading AI platform for business transformation. It is claimed that the combination of Cisco’s infrastructure and security platforms and ServiceNow’s AI-driven platform and security solutions will unlock mutual customers’ ability to secure and scale their use of AI while decreasing risk and complexity. The first such integration will bring together Cisco’s AI Defense capabilities with ServiceNow SecOps.
Deepfake videos of TV news presenters are being used to dupe gullible viewers into logging onto illegal gambling sites where malware is then downloaded onto their devices. News anchors on Sky and other channels appear to be quoting Apple CEO Tim Cook recommending an app where users can easily get rich by winning vast sums of money. The news reports have been identified as deepfake videos. It has been further revealed that thousands of similar videos of deepfakes of journalists have been circulated in the US and the UK.
In our business, assessing risk is crucial. There is a constantly evolving threat landscape, and cybercriminals are constantly introducing new techniques and developing existing ones. And as online connectivity grows, so does every organization’s overall attack surface. Unit 42 are constantly conducting research examining the full scope of the ever expanding attack surface and constantly testing existing defenses. They play the role of cybercriminals, acting as white-hat hackers, if you like, in order to detect potential weaknesses. This research is conducted across the board and also directed at each client specific attacks surface. And when there is a breach, Unit 42 is there to detect and control it. They effectively act as wartime consiglieres – remember that the ongoing Russia/Ukraine conflict started in cyberspace. They must also act immediately to mitigate any breach that does occur. Constant research and testing of defenses are vital. We have to be right every time, but the cybercriminal gangs only have to be right once to effect a breach and perform a successful attack.
George Patsis is the founder and CEO of Obrela and has a proven track record in developing large-scale innovative security programs for major Global 500 companies. In an exclusive interview with Cyber Intelligence, he explains why a global approach is needed to fight cybercrime.
This is a philosophical discussion shaped by the evolving changes in the human and society conditions. Ten years ago, digital communications and laptops were supplementary tools in people’s lives and perceived as an extension of our natural world. Today, we are witnessing the evolution of a full-scale digital transformation leading to an entirely new domain: cyberspace. Much like the air travel leading to partitioning of the skies, or the British Empire’s domination of the seas or the space quest. Whenever humankind discovers new domains and frontiers, the absence of clear leadership and authority often leads to conflict and crime. In the American Old West, every town had its own safe, and criminals tried to rob it. In the same way, the new digital frontier of cyberspace is driving demand for companies like OBRELA to protect their digital assets. But we need more than just individual Cybersecurity companies to protect us across the new threats in cyberspace. In the absence of a central cybersecurity authority, cybercriminals operate with near impunity—facing little resistance, no clear attribution, and a remarkably low risk of consequences.
Another cyber breach as potentially damaging as that of the infamous hook-up site for married users, Ashley Madison, 15 years ago has recently come to light that could have equally serious consequences.
According to a notification filed this month with the California Department of Justice, the sperm bank California Cryobank reports a breach that occurred last April. Stolen files include the names, social security numbers, driver’s license numbers, financial accounts, and health insurance information of many of the sperm bank donors and their recipients.
Boeing Employees’ Credit Union (BECU) is a not-for-profit credit union based in Washington, dedicated to improving the financial well-being of its members and communities. It has grown beyond serving Boeing’s employees to more than 1.5 million members and $29 billion in assets. In an exclusive interview, Sean Murphy, Chief Information Security Officer (CISO) at BECU, explains the changing cyber-threats now facing consumers.
The cybersecurity challenges faced by all consumers have escalated with the growth of artificial intelligence (AI). We have witnessed the growing use of botnets, and AI is at such a stage that it can be used to attempt to gain access to accounts on an individual level. The use of virtual private networks (VPNs) simplifies this process and makes it difficult to track. Remember – while organizations are constantly monitoring for threats and attacks, the cybercriminals only have to get it right one time to cause a highly damaging breach. Advanced persistent threats (APTs) have now become a major ongoing threat. Financial institution employees are the first line of defense against cyber attackers and play a key role in protecting consumers. As such, a robust cybersecurity team and the regular training of employees is crucial.
The UK Ministry of Defence (MoD) has egg all over its face following its admission that over 269 of its phones went missing between January 1 and February 27. This is a record number, even for the MoD, which lost 262 phones in total in 2023 and 2024.
The astonishing total of how many phones were recorded as lost, misplaced or stolen in the first two months of this year only came to light in response to a question asked in the UK parliament by the shadow defence secretary, James Cartlidge. The fact that a security-conscious organization such as the MoD could lose track of so many devices only evidences the increasing overlap between cybersecurity and physical security. Once a device such as a smartphone is in the hands of a threat actor, it can provide a portal to enable all kinds of cyber-attacks.
US Defense Secretary Pete Hegseth’s shock directive to US Cyber Command to pause offensive cyber-operations against Russia may have unforeseen consequences for organizations across the US. It would mean that the West could be blind-sided by a lack of actionable intelligence regarding Russia’s ongoing cyber-war against countries such as the US and the UK.
Russian groups are already upping cyber-attacks on the US. In December, Cyber Intelligence reported that two Russian groups, the People’s Cyber Army and Z-Pentest, claim to have taken attacks on critical infrastructure in the US to a new and more dangerous level. This was evidenced by Telegram videos detailing attacks on US energy and water facilities far beyond the previously supposed capabilities of such groups.
Over three million Google Chrome users have been issued a warning concerning 16 browser extensions that have been compromised by hackers. This alarming news comes hard on the heels of reports earlier this month that cybercriminals are also leveraging search engine giant Google’s new Gemini 2.0 (artificial intelligence) AI assistant.
The list of Google’s hacked browser extensions includes: Emojis, Video Effects for YouTube, Audio Enhancer, Blipshot, Color Changer for YouTube, Themes for Chrome, and YouTube Picture in Pictures. Adblocker for Chrome, Adblock for You, Adblock for Chrome, Nimble Capture, KProxy and Page Refresh, Wistia Video Downloader have also been compromised.
Most organizations have no clear idea of the value of the data they hold on themselves and their customers. According to technology research and consulting firm Gartner, 30 percent of chief data and analytics officers (CDAOs) say that their top challenge is the inability to measure data, analytics, and AI’s impact on business outcomes. Gartner also reports that only 22 percent of organizations surveyed have defined, tracked, and communicated business impact metrics for the bulk of their data and analytics (D&A) use cases.
“There is a massive value vibe around data, where many organizations talk about the value of data, desire to be data-driven, etc., but there are few who can substantiate it,” said Michael Gabbard, senior director analyst at Gartner.
Cybercrime just got easier. A new artificial intelligence off-the-shelf phishing kit named darcula now enables even inexperienced cyber criminals to impersonate any corporate brand with a complex, customizable campaign. Phishing generally refers to a form of online fraud where attackers attempt to steal sensitive information such as passwords, credit card numbers, or bank account details.
“The criminals at darcula are back for more blood, and they mean business with one of the more impactful innovations in phishing in recent years. The new version of their “Phishing-as-a-Service” (PhaaS) platform, darcula-suite adds first-of-its-kind personalization capabilities …to allow criminals to build advanced phishing kits that can now target any brand with the click of a button,” says Cybersecurity company, Netcraft.
On January 31, Texas became the first US state to ban the Chinese-owned generative artificial intelligence (AI) application, DeepSeek, on state-owned devices and networks. New York swiftly followed suit on February 10 with Virginia imposing a ban on February 11.
The Texas state governor’s office stated: “Texas will not allow the Chinese Communist Party to infiltrate our state’s critical infrastructure through data-harvesting AI and social media apps. State agencies and employees responsible for handling critical infrastructure, intellectual property, and personal information must be protected from malicious espionage operations by the Chinese Communist Party. Texas will continue to protect and defend our state from hostile foreign actors.”
California-based cybersecurity goliath Palo Alto Networks has issued a bullish revenue forecast based on a perceived rising global demand for artificial intelligence (AI)-driven security products.
“In Q2 [2025], our strong business performance was fuelled by customers adopting technology driven by the imperative of AI, including cloud investment and infrastructure modernization,” said CEO Nikesh Arora. “Our growth across regions and demand for our platforms demonstrates our customers’ confidence in our approach. It reaffirms our faith in our 2030 plans and our $15 billion next-generation technology annual recurring revenue goal.”
This coming Friday is St Valentine’s Day and cybercriminals all over the world are rubbing their hands together with glee at the harvest they intend to reap. Developments in artificial intelligence and the widespread availability of off-the-shelf cybercrime software have enabled a new generation of cyber-scams specifically designed around St Valentine’s Day.
In the recent past, cybercriminals typically used February 14th as an excuse to introduce themselves to lonely people with a view to patiently winning their victims’ trust in the short-term and cruelly robbing them of their savings in the longer term.
In an exclusive interview with Cyber Intelligence, Patrick Harding, chief product architect at digital identity security company, Ping Identity, outlines the growing threat of identity theft and fraud, explaining how it evolved and what can be done to counter it.
Everybody is forced into digital transactions and relationships and identity management is fundamental to knowing who you are interacting with. The problem goes back to the beginning of the internet in the 1990s and a cartoon of a dog in front of a computer with the caption, “On the internet no-one knows you’re a dog!” That really illustrates the core problem of identifying online users and customers. The extent to which this is carried out largely depends on the sensitivity of the activity concerned. There is a big difference between buying a pair of jeans online and opening a bank account. In both cases, there is a significant series of steps which could include requesting passport ID for financial services.
While Silicon Valley is finding that artificial intelligence (AI) is proving a tough sell to businesses and consumers, cybercriminals worldwide have lost little time in adapting the technology to cybercrime.
The latest rogue AI offering is GhostGPT. According to Abnormal Security, Ghost GPT follows hard on the heels of earlier illicit AI offerings: WormGPT, WolfGPT, and EscapeGPT. To test its capabilities, Abnormal Security researchers asked GhostGPT to create a Docusign phishing email. The chatbot produced a convincing template with ease, demonstrating its ability to trick potential victims
A man alleged to be behind the recent Salt Typhoon US telecoms network and US Treasury department breaches has been sanctioned by the US Department of the Treasury’s Office of Foreign Assets Control (OFAC). Yin Kecheng “has been a cyber actor for over a decade and is affiliated with the People’s Republic of China Ministry of State Security (MSS)”, says the Treasury Office. Yin is alleged to have had direct and associated involvement in both breaches.
Two key individuals in President Donald Trump’s new administration, Elon Musk, and the president’s nominee to head the Department of Homeland Security, Kristi Noem, have specifically cited the two devastating breaches as the prime examples of why the nation’s cybersecurity strategy is in pressingly urgent need of being overhauled.
One of the greatest challenges now facing President Trump’s new administration is to protect the US’s critical infrastructure and its economy from the rapidly growing menace of cyber-attacks.
On Friday, the president’s nominee to head the Department of Homeland Security, Kristi Noem, signalled a new direction for America’s main cybersecurity agency, the Cybersecurity and Infrastructure Security Agency (CISA), which, she says, urgently needs to be realigned away from focusing on misinformation and curtailing free speech and more towards preventing cyber-attacks on critical infrastructure in the US.
The New Year has begun with further news of a particularly cynical fraud campaign aimed at jobseekers. Lucrative-seeming fake job offers are being sent by email to individuals working in targeted organizations and in companies operating in critical industries.
This month, cybersecurity company Crowdstrike has identified an email phishing campaign exploiting its recruitment branding to deliver malware disguised as an “employee CRM application.” The fake email impersonates Crowdstrike recruitment and directs recipients who are curious about the personalized job offer to a malicious website. But Crowdstrike also reports that the cybersecurity company is also aware of a number of other fake job offer scams currently taking place.
The latest threat for companies using large language (LLM) AI software to replace human staff is the software’s innate gullibility. LLM software can be likened to some cowardly bank clerk in an old Western hold-up who not only willingly opens a back door for the bad guys but also willingly tells them the combination of the safe.
The methods for persuading LLMs into naively disclosing the keys to the corporate kingdom are known as ‘LLM Jailbreak’ techniques. Palo Alto Networks Unit 42 researchers have named one such LLM Jailbreak, “Bad Likert Judge”.
While the assassination of health insurance CEO Brian Thompson on the streets of central New York last week has been grabbing headlines this month, life-endangering cyber-attacks on the US healthcare industry are escalating at an alarming rate. Once again, the pressing need for both IT and physical security could not be more clear.
According to John Riggi, national advisor for healthcare security and risk at the American Hospital Association, healthcare security must now be seen as far more than just an IT issue. This year has seen what amounts to a sea change in the way healthcare executives must view not only their own personal security but also the impact of cyber-attacks not only on their bottom line but also on the lives and well-being of patients.
Authorities in Korea and Beijing dismantled a sprawling voice phishing syndicate responsible for financial losses totaling US$ 1.1 billion. But South-East Asian observers believe this to be only the tip of an impenetrable iceberg of cybercrime in South-East Asia that is rapidly starting spread around the globe.
The Korean bust was part of an Interpol-co-ordinated global operation involving law enforcement from 40 countries, territories, and regions and has ended with the arrest of over 5,500 financial crime suspects and the seizure of more than US$400 million in virtual assets and government-backed currencies.
Women cybercriminals and lady Darknet hackers are now starting to make inroads into the hitherto male-dominated fraternities of Russian-speaking cybercrime. According to the cybersecurity training and certification cooperative, the SANS Institute, women cybercriminals sometimes now pose as men in order to obfuscate their identities as well as to gain credibility among Russian-speaking criminals.
The SANS Institute interviewed one such woman cybercriminal, who is referred to only as a “Confidential Human Source (CHS)” in order to comply with her request for anonymity.
“I often took my boyfriend to in-person meetings,” CHS revealed, shining a new light on a so-far largely unrecognized aspect of cybercrime, the fact that cybercriminals meetings are frequently also conducted offline.
Research conducted by Which, the consumer watchdog magazine, has confirmed something the smartphone industry has known for years: Chinese electronic products are routinely used to spy on citizens in countries like the US and the UK.
The latest suspects, domestic air fryers, join a long list of products the Chinese are accused of having used to spy on the West, which already ranges from smart watches to automobiles. Which analyzed three air fryers sold in the UK and found that Aigostar, Xiaomi Mi Smart, and Cosori CAF-LI401S knew their customers’ precise locations and demanded permission to listen in on users’ conversations. The Aigostar air fryer even wanted to know the user’s gender and date of birth when setting up an account. Disturbingly, both the Aigostar and Xiaomi air fryers are reported to have sent personal data to servers in China.
Tony Glover
