What happens when your IT provider makes a mistake—and then tries to hide it? In Part 2 of Breached, a hidden support ticket, a missing firewall log, and over 400 unpatched vulnerabilities unravel a small business’s trust in the team meant to protect them.

The MSP said, “Don’t tell the client.” But she was accidentally copied in. What followed was seven days of denial, silence, and mounting pressure—until the truth was read aloud, word for word, in a boardroom gone cold. This isn’t about poor support. This is about betrayal, exposure… and what happens when you catch someone in the lie.

Still using SMS for 2FA? You’re not securing your business—you’re leaving the door wide open and waving attackers in. A live zero-day exploit for SS7—the ancient, insecure telecom protocol still propping up your text messages—is being sold right now for five grand. That’s all it takes to intercept your logins, steal your bank codes, and track your phone. No malware.

No warnings. Just game over. If your IT team or MSP still thinks SMS is ‘good enough’, this article is the slap they need. Read it. Then rip SMS out of your security stack before someone else does it for you.

Katie Roberts thought it was just another Tuesday—until her personal phone rang at 11:27 a.m. The voice on the other end wasn’t a client. It was the National Crime Agency. Within minutes, her calm, structured world tilted on its axis. A cyber breach. Live. Real. Observed. And her business—the one she’d built from scratch—was now under threat. No plan. No warnings. Just a quiet office and a slow, sinking realisation that everything was about to change. What do you do when your worst-case scenario starts with a phone call? You listen. You freeze. And then… you start asking questions.

Co-op just confirmed a major data breach—but only after the hackers got sick of waiting and contacted the BBC themselves. Yes, really. It turns out customer data wasn’t just mishandled, it was gift-wrapped and forgotten like an expired loyalty card.

With Zellis—the same payroll firm linked to the BBC and BA MOVEit fiascos—once again in the mix, this breach isn’t just another blip.

It’s part of a growing pattern of retail cybersecurity disasters. And with legal and funeralcare data involved, the stakes are higher than most boardrooms seem willing to admit. So the real question is: who's next?

Samsung has once again reminded us why blind trust is a cybersecurity death sentence. Researchers discovered a massive vulnerability in Galaxy devices' Secure Element — the hardware vault meant to protect your biometrics and encryption keys. Attackers could exploit this “inadvertent” flaw remotely, with Samsung quietly patching it months later and offering zero transparency.

No warnings. No device list. Just a silent fix and crossed fingers. If you own a Galaxy, you're now part of a grand experiment called cybersecurity roulette. Trust nothing. Verify everything. Then verify it again — especially when your vendor’s motto is basically “Oops, sorry!”

Think 2025 would be the year we finally nailed DDoS protection? Think again. Some poor online betting site just got steamrolled by a 1Tbps brute-force attack — and the industry is clutching its pearls like it’s 2005. Guess what?

If you’re running a high-value, downtime-sensitive business without bulletproof DDoS mitigation, you’re basically waving a “please fuck up my day” flag at the internet. This wasn’t a sophisticated hack; it was raw, stupid power.

And it still worked. If your master plan is “hope and pray,” you deserve every packet flood coming your way. Dive into this raging breakdown of why businesses are still flailing when the digital shitstorm hits.

Spoiler: it's entirely their own bloody fault.

The UK’s new Cyber Security and Resilience Bill is about to shake things up – hard. With fines of up to £100,000 per day for failing to report serious cyber incidents, the days of shrugging off IT failures are officially over.

Critical suppliers like MSPs are firmly in the government’s sights, and mandatory reporting within 24 hours means businesses must be ready to move fast. But is it enough?

Will this finally close the gaps attackers have exploited for years, or will it pile more pressure on already stretched organisations? One thing is clear: ignoring cyber security is no longer an option.

HACKERS HAVE TAKEN PERCY PIG HOSTAGE — and Marks & Spencer is fumbling the ransom call. In the most British cyber disaster yet, Scattered Spider cracked open M&S's network like a soggy trifle, stole their passwords, locked up their servers, and left Colin the Caterpillar trembling. Payments broken. Orders vanished. Cakes missing in action. Meanwhile, M&S says it's all just “minor disruption” — right, and the Blitz was a minor weather event. Dive into the unbelievable timeline of how Percy, Colin, and an entire retail giant got steamrolled by hackers who aren’t even old enough to remember dial-up.

Paper password managers. Charming relics of a simpler time... or a catastrophically bad idea in 2025?

At home? Fine. Lock it up tighter than your secret stash of biscuits.

At work? Absolutely fucking not.

Unless your business strategy includes "hoping Karen does not spill coffee on the master admin password" – get a proper password manager.

Maybe, maybe a sealed "break glass" password for your CRM or M365 admin account. And I mean sealed like you are guarding the Crown Jewels.

Want the full sarcastic (and slightly sweary) breakdown?

Your phone plugs in. Your data leaks out. Welcome to the real risk hiding behind every shiny infotainment screen. UK cyber security experts are warning that modern vehicles, especially those loaded with erm “foreign” tech could be silent spies in your driveway.

Sensitive emails, call logs, even your location history could be hoovered up the moment you hit "connect." Still trusting your MG, Tesla, or BMW without a second thought?

You might want to rethink that. Your dashboard is not just a dashboard. It is a potential threat. Are you ready to unplug?

Still clinging to that dusty old server from 2012? So are the hackers. Legacy systems are not just outdated — they are a neon sign flashing “easy target” above your business.

Whether you run a small law firm, an accountancy practice, or any small business handling client data, ignoring your ageing IT is a fast track to fines, breaches, and reputational disaster.

DPP Law learned this the hard way with a £60,000 fine. Will you be next?

Find out why modernising your systems is no longer optional — and how a little cyber hygiene today could save your firm tomorrow.

In April 2025, the global cybersecurity world almost lost CVE — the bedrock of vulnerability tracking — not to hackers, but to sheer bureaucratic incompetence. While politicians played games and cyber defenders were told to look the other way, the fragile, outdated systems of CVE and CVSS staggered toward collapse.

We didn’t fix them. We barely taped them back together. This isn’t just a story of near-miss disaster — it’s a full-blown indictment of cybersecurity's rotting foundations. If we do not burn it all down and rebuild, the next collapse won’t be a warning. It will be the end.

Think your law firm is too small for hackers to bother with? DPP Law thought so too—right up until they faced a £60,000 fine and a public shaming after a catastrophic cyber attack. A single unsecured admin account was all it took to unleash chaos.

No MFA, no breach reporting, no chance. If you are still relying on luck instead of basic cyber hygiene, you are playing a dangerous game with your clients’ trust—and your firm’s future. Cyber Essentials is the starting line, not the victory lap. How much will you lose before you wake up?

Think Windows 11 was secure? Think again. A critical flaw let attackers hijack full admin control in just 300 milliseconds using a tired old trick – DLL hijacking. Microsoft called it “Important” (because, sure, SYSTEM access is casual now), but for the rest of us, it was a neon sign saying “Hack me.”

Find out how your phone link feature became a hacker’s dream, why millions were left exposed for six months, and why patching yesterday might still not save you. How many ticking time bombs are hiding in Windows 11? Are you ready for the next one?

Google is stepping up Android security by introducing an automatic reboot feature. If your phone remains idle for three days after a critical update, it will now reboot itself to apply the patch and enhance your protection. This smart move helps close the vulnerability window users often leave open by ignoring reboot prompts.

Designed to be seamless and non-intrusive, the feature ensures devices are updated without disrupting daily use.

While not mandatory across all manufacturers yet, it signals a strong shift towards making mobile cybersecurity automatic, effortless, and unavoidable — exactly what modern users need in today’s fast-evolving threat landscape.

In April 2025, 4chan – the internet’s digital back alley – got thoroughly rinsed. A full-scale hack exposed moderators, leaked source code, and proved even the web’s most chaotic platforms aren’t immune to catastrophic failure. But here’s the twist: the real story isn’t the leak, it’s what it reveals about your own business.

If outdated software, poor access control, or silence-in-a-crisis sounds familiar, you’re already on thin ice. This isn’t just drama for meme lords – it’s a neon-lit warning for UK SMBs. Find out what happened, who did it, and how not to be next.

Percy Pig and Colin the Caterpillar Have Been Taken Hostage – And Yes, This Is Real Life
Marks & Spencer has confirmed it’s the latest victim of a cyberattack, but forget dull technical jargon — the internet’s gone wild over rumours that iconic treats Percy Pig and Colin the Caterpillar are caught in the digital crossfire.

With contactless payments down and click-and-collect orders delayed, shoppers have been left confused, furious, and Colin-less.

Was it ransomware? A supply chain hit? Or just a catastrophic IT whoopsie? We’ve dug into the timeline, the fallout, and the very British drama that is a cake and a pig caught in cyber limbo.

The Samsung Galaxy S24 was meant to be the crown jewel of Android. Instead, it shipped with a gaping security hole—thanks to a preinstalled app no one asked for. Researchers found that this app allowed remote attackers to hijack your device, steal your data, and generally wreck your digital life. This isn’t just sloppy—it’s a disgrace.

Samsung pushed out a flagship phone with built-in vulnerabilities, proving once again that shiny hardware means nothing if the software is a ticking time bomb. If you own a Galaxy S24, you should be furious. If you don’t—maybe keep it that way.

People used to think Macs couldn’t get viruses. That’s no longer true. New malware kits called JokRAT and XenoRAT can give hackers full control of a Mac computer. These tools are easy to rent online, even for people with no tech skills.

Hackers can use them to spy on you, steal files, and stay hidden on your computer. Mac users should use security software, update their systems often, and be careful about what they click on.

If your Mac is part of a company network, a single infected device can put the whole business at risk. Stay alert and stay protected.

Not all firewalls are created equal—some vendors make patching painless, others seem to actively hide the fixes. We evaluated SonicWall, Fortinet, UniFi, DrayTek, Zyxel, WatchGuard, Sophos, Meraki and more using a realistic UK small business setup: one firewall, one switch, two access points.

Then we scored them out of 50 on cost, usability, licensing, and update handling.

Spoiler: UniFi smashed it. SonicWall? Not so much. If you want to know which vendor respects your time and budget—and which one just wants your wallet—this is your no-nonsense firewall buyer’s guide.