Threat intelligence for small businesses, with clinical precision.
Corrine brings a threat intelligence background to the publication. She thinks in terms of threat actors, attack surfaces, indicators of compromise, and risk matrices, and she is exact with her terminology: threats, vulnerabilities, and risks are not the same thing, and she will tell you which is which.
She writes the Tuesday deep-dive, the longest and most technical slot, framed around the threat landscape: who is attacking, why, how, and what the indicators look like. Her aim is situational awareness, not just another checklist.
She does not speculate or sensationalise, and where the evidence is unclear she says so. However deep the technical detail runs, she always brings it back to what a small business owner actually needs to know and do.
A SharePoint vulnerability is being actively exploited right now. CISA confirmed it. Microsoft sat on the disclosure for weeks. Here is what you need to know.
SharePoint has a confirmed, actively-exploited code execution flaw. CISA added it to the KEV list yesterday. If your business uses SharePoint, read this now.
A maximum-severity flaw in SimpleHelp RMM is being actively exploited. Attackers are walking straight through your MSP's front door. Here is what that means for your business.
CISA confirmed active exploitation of a Joomla plugin flaw on Tuesday. Microsoft has no patch for its Defender zero-day. Two fires, one week. Here is what to do.
Two critical vulnerabilities confirmed in active exploitation this week. If you run Joomla or use any web application with token-based login, read this now.
Three stories from the last 24 hours that should matter to every small business in the UK. Two are actively exploited. One was patched three weeks after it was found.
No credentials required. A WordPress plugin flaw published yesterday lets unauthenticated attackers create admin accounts. Here is what to do before lunch.
Microsoft's biggest-ever Patch Tuesday, a critical Veeam backup flaw, and a WordPress plugin that hands attackers your server. Three stories. One to-do list.
Palo Alto's GlobalProtect VPN has a confirmed authentication bypass under active exploitation. If you haven't patched, your network perimeter is already open.
Three critical flaws landed overnight. WordPress sites, Microsoft Authenticator, and on-premises email are all in the frame. Here is the data, without the spin.
Strip out Microsoft licensing. If your provider is below £50 per user per month outside London or £75 inside it, something has been removed. The maths does not lie.
Attackers can own your WordPress store without a password. cPanel has fresh critical flaws. CISA just confirmed active exploitation of Ivanti. Three reasons to act today.
A critical Palo Alto firewall flaw is being actively exploited with no patch yet available. If your MSP manages a PAN-OS device, ask them one question.
WordPress sites can be taken over without a password. A Linux root exploit is being actively weaponised. And a nation-state group is still walking through Exchange servers that weren't patched in 2021.
cPanel is on CISA's active exploit list. MOVEit has a new authentication bypass. Your cheap router may already be compromised. Here is what matters today.
CISA confirmed active exploitation of a Linux root access flaw this week. If your business runs Linux anywhere, including on a NAS or cloud VM, read this now.
44,000 hosting control panels confirmed compromised. A WordPress plugin is handing out admin access to anyone who asks. This week's threats are not theoretical.
Russian state hackers are in your Windows machine without a click. Five router flaws scored 9.8 overnight. This week's threat brief cuts through the noise.
CISA just added SimpleHelp remote support vulnerabilities to its actively-exploited list. If your IT provider uses it, attackers may already have a path in.
61% of organisations were breached through their supply chain last year. Just 7% monitor beyond immediate suppliers. That is a structural failure, not bad luck.
Is your business unknowingly at risk? Discover how supply chain attacks threaten your operations and learn the essential steps to safeguard your future.
The Bank of England runs live cyberattack simulations on the UK's most critical financial institutions every year. Real attacks, on live systems, designed by intelligence analysts who know exactly how sophisticated threat actors operate. The 2025 results are in. Weak passwords. Overly permissive access controls. Systems that haven't been patched. Staff who hand over credentials when asked convincingly. Third year running. Same findings. If the institutions that hold your money, process your payr
I spent time with Mauven this week working through the Unit 42 Global Incident Response Report 2026. Seven hundred and fifty incident response engagements. Fifty-plus countries. Real cases. The headline statistic, 89% of investigations involving identity as a material factor, is striking. But it's not the number that should concern you most. It's what that number tells us about where organisations are spending their security budgets versus where attackers are actually operating. They are not in
In September 2024, a UK tribunal concluded that 5.6 million stolen card records might not constitute personal data. The argument was structural, not frivolous. Hackers who cannot identify individuals from card numbers alone are not, the Upper Tribunal suggested, processing personal data. The Court of Appeal corrected that in February 2026. Lord Justice Warby's ruling establishes a clean and reusable test: you assess whether data is personal from the controller's perspective, not the attacker's.
In early 2026, the FBI served Microsoft with a search warrant. Microsoft handed over the BitLocker encryption keys for three laptops. No hack. No breach. No compromised passwords. Just a warrant, and Microsoft's compliance. Here is what nobody in UK small business is talking about: those same default settings that allowed this are almost certainly running on your devices right now. And the legal mechanism that made it possible, the US CLOUD Act, reaches across the Atlantic directly into your Mic
The US CLOUD Act gives American courts the power to compel any US technology company to hand over your data, regardless of whether it sits in a London data centre or a bunker in Wyoming. UK GDPR Article 48 says foreign court orders do not make that transfer lawful. No UK court has tested this conflict. No ICO enforcement action has targeted it. The NCSC does not mention it by name. Corrine Jefferson, our resident intelligence analyst, dissects the legal contradiction sitting quietly in the middl
I used to work in US government intelligence. I now live in London. Those two facts make me uniquely uncomfortable about Palantir's expanding presence across the British state. In December 2024, Switzerland's military concluded that data held by Palantir could be accessed by the American government and that leaks "cannot be technically prevented." Their recommendation was unambiguous: find alternatives. The UK's response to the same evidence has been to award Palantir more than £900 million in c
I live in London. I used to work in US government intelligence. And when Google Threat Intelligence Group published their defence industrial base report on 10 February, I did what any former analyst does: I stopped reading the headlines and started reading the primary source. The findings are precise and they are uncomfortable. Chinese state-sponsored actors have exploited more than two dozen zero-day vulnerabilities in edge devices from ten different vendors since 2020. Average dwell time insid
The reality is this: the acting director of America's civilian cybersecurity agency uploaded sensitive government contracting documents to ChatGPT's public platform. Multiple automated alerts were triggered. A Department of Homeland Security investigation was launched. And somehow, this still happened. From my former life in government service, I can tell you this isn't just embarrassing. It's a systems failure that reveals fundamental problems with how we approach privileged access, AI governan
The Apple App Store feels safe. That is the story many people tell themselves. Firehound and Vulnu show why that comfort can be dangerous. Researchers have flagged this week insecure iPhone apps that expose user data through badly secured cloud storage. Some leak private chats, email addresses, and location traces. Many of these apps look polished and carry strong ratings. That is the trap. In this guest post, Corrine Jefferson explains how slop apps slip through review, why AI apps raise the st