BlogContributors

News Desk

24 articles by News Desk

Cyber Essentials v3.3: Your Badge Might Already Be Lying for You

Cyber Essentials v3.3: Your Badge Might Already Be Lying for You

If you're flashing a Cyber Essentials badge on your website but couldn't explain the difference between Willow and Danzell without Googling it, you're not certified. You're exposed. One awkward question from a big customer, an insurer, or a regulator and that logo goes from asset to evidence. In Season 2 Episode 10 of The Small Business Cyber Security Guy, Noel Bradford, Graham Falkner, and Lucy Harper walk through every material change in CE v3.3: scope rules, cloud scoping, FIDO2, the 14-day p

Read more →
Switzerland Said No. The UK Said Hold My Beer. The Palantir Case Study Every Business Owner Needs to Read.

Switzerland Said No. The UK Said Hold My Beer. The Palantir Case Study Every Business Owner Needs to Read.

Switzerland's military commissioned a 20-page risk assessment of Palantir's software. The findings were blunt: data held by Palantir could be accessed by the American government, leaks could not be technically prevented, and the Army would become dependent on Palantir specialists. The recommendation was unambiguous: consider alternatives. Neutral Switzerland quietly walked away. The United Kingdom looked at the same company and gave them more than £900 million in contracts across the NHS, Minist

Read more →
Monday's Cyber Carnage: Instagram Chaos, Nissan Breach, and Why Tomorrow's Patch Tuesday Can't Come Soon Enough

Monday's Cyber Carnage: Instagram Chaos, Nissan Breach, and Why Tomorrow's Patch Tuesday Can't Come Soon Enough

Monday, 12th January 2026. Instagram denies a breach while millions get password reset emails. Nissan admits attackers stole employee data. A UK school in Nuneaton faces "serious" cyber attack. Three London councils still recovering from November breach affecting 100,000 households. India's entire mobile security infrastructure looks dodgy as hell. BreachForums, the criminal marketplace itself, gets its database leaked. And the US withdraws from global cyber coordination bodies right when we nee

Read more →
iOS 26.2: Apple Confirms Active iPhone Attacks Against Business Targets

iOS 26.2: Apple Confirms Active iPhone Attacks Against Business Targets

Apple released iOS 26.2 on 12 December 2025 patching two WebKit zero-day vulnerabilities that were actively exploited before patches existed. Google's Threat Analysis Group discovered CVE-2025-43529 and CVE-2025-14174 being used in sophisticated attacks against targeted individuals. These vulnerabilities allow arbitrary code execution through malicious websites with no user interaction required. The update patches over 20 vulnerabilities total, including a kernel bug allowing root access and an

Read more →
Windows 11 25H2: Microsoft's Security Update You're Probably Ignoring (And Why That's Bloody Stupid)

Windows 11 25H2: Microsoft's Security Update You're Probably Ignoring (And Why That's Bloody Stupid)

Windows 11 25H2 landed on 30 September 2025, and you're probably ignoring it because "it's just another update." Wrong. This is Microsoft finally removing the attack surfaces ransomware gangs have been exploiting for years. PowerShell 2.0? Gone. WMIC? Gone. Both are documented malware vectors that criminals use to bypass your security. The update weighs 200KB for existing 24H2 systems. One restart. Done. Enterprise editions get 36 months of support. But you're still on 23H2, aren't you? Your sup

Read more →
The JLR and Collins Aerospace Disasters: When Britain's Critical Infrastructure Becomes a Criminal Playground

The JLR and Collins Aerospace Disasters: When Britain's Critical Infrastructure Becomes a Criminal Playground

September 2025 delivered the most devastating supply chain cyberattacks in UK history. Jaguar Land Rover's £72 million daily losses and Collins Aerospace's airport chaos weren't isolated incidents - they exposed systematic vulnerabilities destroying British business resilience. The same criminal networks using identical social engineering tactics have paralyzed critical infrastructure worth billions. While government offers reactive support, these attacks validate every cybersecurity warning ign

Read more →
60% of Small Businesses Don’t Survive Cyberattacks. Are You Listening Yet?

60% of Small Businesses Don’t Survive Cyberattacks. Are You Listening Yet?

Cybersecurity isn’t just an enterprise issue — it’s a survival issue for UK SMEs. With 96% of attacks aimed at small businesses and 60% of victims closing within six months, the myth of being “too small to hack” is lethal. This article tears apart the excuses business owners use, reveals the hidden costs of breaches, and explains why simple, affordable defences like Cyber Essentials, patching, MFA, and staff training are the only reason some firms survive. Don’t wait until it’s too late — find o

Read more →
Think You’re Too Small to Be Hacked? So did the Last 60%

Think You’re Too Small to Be Hacked? So did the Last 60%

Too many UK small businesses still believe they’re “too small to hack.” It’s the most dangerous myth in business today. With 96% of cyberattacks targeting SMEs and 60% of victims closing within six months, denial is a death sentence. This article pulls apart the excuses business owners use, exposes the real-world costs of breaches, and explains why simple, affordable steps like Cyber Essentials, MFA, patching, and staff training are the difference between survival and closure. Think you’re too s

Read more →
The UK Government's Ransomware Gambit: Why Your SMB Just Became a Bigger Target

The UK Government's Ransomware Gambit: Why Your SMB Just Became a Bigger Target

The UK Government's July 2025 consultation response commits to implementing world-leading ransomware legislation by late 2026. Three key proposals include payment bans for public sector/CNI, universal 72-hour incident reporting, and government pre-approval for private sector payments. This will dramatically increase ransomware targeting of SMBs as criminals pivot from restricted sectors to easier private targets.

Read more →
Shadow IT: The Digital Squatters in Your Business

Shadow IT: The Digital Squatters in Your Business

Episode 6 drops today with a statistic that'll make your blood run cold: 42% of business applications are unauthorized. While you're worrying about hackers, your helpful employees have built them a data highway using WhatsApp customer service, Karen's Dropbox backup strategy (password: "Password"), and seventeen project management tools for twelve people. Mauven brings her government cyber perspective on government Shadow IT disasters, while Noel shares the DNS monitoring method that revealed 200+ cloud con

Read more →
Tonight at Midnight: The Password Archaeology Begins

Tonight at Midnight: The Password Archaeology Begins

Picture this: It's midnight, crisis hits, you need email access urgently. Staring at the login screen, mind completely blank. Was it your dog's name plus random numbers? Your old football team with an exclamation mark? Welcome to digital archaeology - the art of excavating your own memory for password variations you can't quite remember. Tonight's podcast reveals why we've become amateur archaeologists in our own digital lives, managing 250+ passwords while 78% of us reuse them. The midnight pas

Read more →
Week Ahead: The Digital Archaeology Intervention UK SMBs Desperately Need

Week Ahead: The Digital Archaeology Intervention UK SMBs Desperately Need

This week we're staging an intervention for UK SMBs trapped in digital archaeology hell. Picture this: It's midnight, crisis hits, you need email access, and your mind goes completely blank. Was it your dog's name plus random numbers? Your old football team with an exclamation mark? Welcome to digital archaeology - excavating your own memory for password variations across 250+ accounts. Monday's podcast kicks off our deep-dive into why 78% of us reuse passwords, why only 15% use managers, and ho

Read more →
UK Legal Aid Agency Breach: Cybersecurity Incompetence Meets Supply Chain Chaos

UK Legal Aid Agency Breach: Cybersecurity Incompetence Meets Supply Chain Chaos

The UK Legal Aid Agency has been hit by a serious cybersecurity incident—and the fallout could be catastrophic. With over 1.5 million legal aid cases a year and £2.3 billion in funding flowing through its systems, sensitive data from criminal, immigration, and abuse cases could now be in the hands of cybercriminals. Was it a supply chain failure? A government screw-up? (Spoiler: probably both.) If you thought justice was blind, wait until you see how blindfolded their cybersecurity really was. H

Read more →
EU Bans SIM Farms – Years Too Late, As Usual

EU Bans SIM Farms – Years Too Late, As Usual

The EU has finally banned SIM farms — about five years after scammers used them to turn SMS networks into a cybercrime playground. Bravo. This industrial-scale abuse wasn’t exactly a secret, yet regulators somehow needed a multi-year nap before acting. Businesses were battered, individuals scammed, networks flooded and now, just as criminals are moving onto bigger, nastier tricks, the ban lands with all the urgency of a snail on sedatives. It’s the right move, just years too late. If this is wha

Read more →
Retail Cyber Crisis Uncovered: How the Co‑op Hack Is Just the Tip of the Iceberg

Retail Cyber Crisis Uncovered: How the Co‑op Hack Is Just the Tip of the Iceberg

The Co-op breach? Just the start. Behind every checkout is a ticking digital time bomb—and UK retailers keep hitting snooze. From Harrods to M&S, data is being leaked, stolen, and casually ignored while executives issue vague apologies and blame “sophisticated attacks.” Payroll provider Zellis is quietly at the centre of it all—again. Meanwhile, your personal info is floating in the dark web like last season’s clearance stock. In this brutal deep dive, we expose the rot behind the logos, the

Read more →
The SMS Scam: Why Your 2FA Strategy is an Open Goal for Hackers

The SMS Scam: Why Your 2FA Strategy is an Open Goal for Hackers

Still using SMS for 2FA? You’re not securing your business—you’re leaving the door wide open and waving attackers in. A live zero-day exploit for SS7—the ancient, insecure telecom protocol still propping up your text messages—is being sold right now for five grand. That’s all it takes to intercept your logins, steal your bank codes, and track your phone. No malware. No warnings. Just game over. If your IT team or MSP still thinks SMS is ‘good enough’, this article is the slap they need. Read it.

Read more →
M&S Ransomware Chaos: Scattered Spider Breaches Percy Pig's Safehouse

M&S Ransomware Chaos: Scattered Spider Breaches Percy Pig's Safehouse

HACKERS HAVE TAKEN PERCY PIG HOSTAGE — and Marks & Spencer is fumbling the ransom call. In the most British cyber disaster yet, Scattered Spider cracked open M&S's network like a soggy trifle, stole their passwords, locked up their servers, and left Colin the Caterpillar trembling. Payments broken. Orders vanished. Cakes missing in action. Meanwhile, M&S says it's all just “minor disruption” — right, and the Blitz was a minor weather event. Dive into the unbelievable timeline of how

Read more →
Are You Trusting Your Car with Your Business Data? You Might Want to Rethink That

Are You Trusting Your Car with Your Business Data? You Might Want to Rethink That

Your phone plugs in. Your data leaks out. Welcome to the real risk hiding behind every shiny infotainment screen. UK cyber security experts are warning that modern vehicles, especially those loaded with erm “foreign” tech could be silent spies in your driveway. Sensitive emails, call logs, even your location history could be hoovered up the moment you hit "connect." Still trusting your MG, Tesla, or BMW without a second thought? You might want to rethink that. Your dashboard is not just a dashbo

Read more →
Marks & Spencer Cyberattack: Why Your Click & Collect Order is Missing and Your Contactless Card is Crying

Marks & Spencer Cyberattack: Why Your Click & Collect Order is Missing and Your Contactless Card is Crying

Percy Pig and Colin the Caterpillar Have Been Taken Hostage – And Yes, This Is Real Life Marks & Spencer has confirmed it’s the latest victim of a cyberattack, but forget dull technical jargon — the internet’s gone wild over rumours that iconic treats Percy Pig and Colin the Caterpillar are caught in the digital crossfire. With contactless payments down and click-and-collect orders delayed, shoppers have been left confused, furious, and Colin-less. Was it ransomware? A supply chain hit? Or j

Read more →
They Slid Into Your DMs: How Hackers Are Weaponising Microsoft Teams to Breach Your Business

They Slid Into Your DMs: How Hackers Are Weaponising Microsoft Teams to Breach Your Business

Hackers are now using Microsoft Teams chats to phish credentials and drop malware — right under your nose. By exploiting Teams' external access features and mimicking trusted domains, attackers send convincing messages that look like they’re from colleagues or suppliers. Users, assuming Teams is safe, often click without thinking. These attacks bypass traditional email defences and thrive on default settings and user trust. While Microsoft offers tools to mitigate the risk, most organisations ha

Read more →
Windows 11’s April Update Quietly Installs Web Server Folder – Because Why the F*** Not?

Windows 11’s April Update Quietly Installs Web Server Folder – Because Why the F*** Not?

Microsoft’s April 2025 Windows 11 update (KB5036893) has pulled a fast one, quietly creating a C:/inetpub folder on machines that have never had IIS installed. No changelog entry. No heads-up. Just a mysterious web server directory suddenly appearing across the fleet. Whether you’re managing personal laptops or enterprise desktops, this isn’t just clutter—it’s a potential security red flag. IT pros are furious, forums are lighting up, and Microsoft? Silent. Again. If you thought updates couldn’t

Read more →
April 2025 Patch Tuesday: What You Need to Know

April 2025 Patch Tuesday: What You Need to Know

Act now or risk breach : Microsoft’s April 2025 Patch Tuesday just dropped with 121 fixes—and one is already being actively exploited in the wild. From remote desktop gateways to Office and authentication systems, these vulnerabilities target everything you rely on. Think your network is safe? Think again. With privilege escalation bugs, Hyper-V escapes, and Kerberos enforcement changes, this update isn’t optional—it’s urgent. Don’t let today’s Patch Tuesday become tomorrow’s security incident.

Read more →
Snap, Crackle, Compromise: How Kellogg's Quietly Served Up Employee Data to Hackers

Snap, Crackle, Compromise: How Kellogg's Quietly Served Up Employee Data to Hackers

Think your breakfast is safe? Think again. WK Kellogg Co.—yes, the cereal giant—just had employee data spilled thanks to a third-party software breach. Hackers from the Clop ransomware gang waltzed in via Cleo’s "secure" file transfer platform and helped themselves to names, addresses, and Social Security numbers. It’s another textbook example of supply chain negligence dressed up as digital transformation. If your business relies on vendors without grilling their security, you might as well sta

Read more →
Unprecedented Surge: Nearly 24,000 IPs Target PAN-OS GlobalProtect Gateways in Coordinated Attack​

Unprecedented Surge: Nearly 24,000 IPs Target PAN-OS GlobalProtect Gateways in Coordinated Attack​

Nearly 24,000 IP addresses just launched a coordinated scan on Palo Alto Networks’ GlobalProtect gateways — and if you think this was random, think again. This wasn’t a glitch in the matrix or some bored script kiddie. It was targeted, global, and likely the opening move in something far bigger. If you’re running PAN-OS at the edge of your network and haven’t patched recently, you’re on the menu. This article breaks down what happened, what it means, and what you need to do right now before your

Read more →