If you're flashing a Cyber Essentials badge on your website but couldn't explain the difference between Willow and Danzell without Googling it, you're not certified. You're exposed. One awkward question from a big customer, an insurer, or a regulator and that logo goes from asset to evidence. In Season 2 Episode 10 of The Small Business Cyber Security Guy, Noel Bradford, Graham Falkner, and Lucy Harper walk through every material change in CE v3.3: scope rules, cloud scoping, FIDO2, the 14-day p
Switzerland's military commissioned a 20-page risk assessment of Palantir's software. The findings were blunt: data held by Palantir could be accessed by the American government, leaks could not be technically prevented, and the Army would become dependent on Palantir specialists. The recommendation was unambiguous: consider alternatives. Neutral Switzerland quietly walked away. The United Kingdom looked at the same company and gave them more than £900 million in contracts across the NHS, Minist
Monday, 12th January 2026. Instagram denies a breach while millions get password reset emails. Nissan admits attackers stole employee data. A UK school in Nuneaton faces "serious" cyber attack. Three London councils still recovering from November breach affecting 100,000 households. India's entire mobile security infrastructure looks dodgy as hell. BreachForums, the criminal marketplace itself, gets its database leaked. And the US withdraws from global cyber coordination bodies right when we nee
Apple released iOS 26.2 on 12 December 2025 patching two WebKit zero-day vulnerabilities that were actively exploited before patches existed. Google's Threat Analysis Group discovered CVE-2025-43529 and CVE-2025-14174 being used in sophisticated attacks against targeted individuals. These vulnerabilities allow arbitrary code execution through malicious websites with no user interaction required. The update patches over 20 vulnerabilities total, including a kernel bug allowing root access and an
Windows 11 25H2 landed on 30 September 2025, and you're probably ignoring it because "it's just another update." Wrong. This is Microsoft finally removing the attack surfaces ransomware gangs have been exploiting for years. PowerShell 2.0? Gone. WMIC? Gone. Both are documented malware vectors that criminals use to bypass your security. The update weighs 200KB for existing 24H2 systems. One restart. Done. Enterprise editions get 36 months of support. But you're still on 23H2, aren't you? Your sup
September 2025 delivered the most devastating supply chain cyberattacks in UK history. Jaguar Land Rover's £72 million daily losses and Collins Aerospace's airport chaos weren't isolated incidents - they exposed systematic vulnerabilities destroying British business resilience. The same criminal networks using identical social engineering tactics have paralyzed critical infrastructure worth billions. While government offers reactive support, these attacks validate every cybersecurity warning ign
Cybersecurity isn’t just an enterprise issue — it’s a survival issue for UK SMEs. With 96% of attacks aimed at small businesses and 60% of victims closing within six months, the myth of being “too small to hack” is lethal. This article tears apart the excuses business owners use, reveals the hidden costs of breaches, and explains why simple, affordable defences like Cyber Essentials, patching, MFA, and staff training are the only reason some firms survive. Don’t wait until it’s too late — find o
Too many UK small businesses still believe they’re “too small to hack.” It’s the most dangerous myth in business today. With 96% of cyberattacks targeting SMEs and 60% of victims closing within six months, denial is a death sentence. This article pulls apart the excuses business owners use, exposes the real-world costs of breaches, and explains why simple, affordable steps like Cyber Essentials, MFA, patching, and staff training are the difference between survival and closure. Think you’re too s
The UK Government's July 2025 consultation response commits to implementing world-leading ransomware legislation by late 2026. Three key proposals include payment bans for public sector/CNI, universal 72-hour incident reporting, and government pre-approval for private sector payments. This will dramatically increase ransomware targeting of SMBs as criminals pivot from restricted sectors to easier private targets.
Episode 6 drops today with a statistic that'll make your blood run cold: 42% of business applications are unauthorized. While you're worrying about hackers, your helpful employees have built them a data highway using WhatsApp customer service, Karen's Dropbox backup strategy (password: "Password"), and seventeen project management tools for twelve people. Mauven brings her government cyber perspective on government Shadow IT disasters, while Noel shares the DNS monitoring method that revealed 200+ cloud con
Picture this: It's midnight, crisis hits, you need email access urgently. Staring at the login screen, mind completely blank. Was it your dog's name plus random numbers? Your old football team with an exclamation mark? Welcome to digital archaeology - the art of excavating your own memory for password variations you can't quite remember. Tonight's podcast reveals why we've become amateur archaeologists in our own digital lives, managing 250+ passwords while 78% of us reuse them. The midnight pas
This week we're staging an intervention for UK SMBs trapped in digital archaeology hell. Picture this: It's midnight, crisis hits, you need email access, and your mind goes completely blank. Was it your dog's name plus random numbers? Your old football team with an exclamation mark? Welcome to digital archaeology - excavating your own memory for password variations across 250+ accounts. Monday's podcast kicks off our deep-dive into why 78% of us reuse passwords, why only 15% use managers, and ho
The UK Legal Aid Agency has been hit by a serious cybersecurity incident—and the fallout could be catastrophic. With over 1.5 million legal aid cases a year and £2.3 billion in funding flowing through its systems, sensitive data from criminal, immigration, and abuse cases could now be in the hands of cybercriminals. Was it a supply chain failure? A government screw-up? (Spoiler: probably both.) If you thought justice was blind, wait until you see how blindfolded their cybersecurity really was. H
The EU has finally banned SIM farms — about five years after scammers used them to turn SMS networks into a cybercrime playground. Bravo. This industrial-scale abuse wasn’t exactly a secret, yet regulators somehow needed a multi-year nap before acting. Businesses were battered, individuals scammed, networks flooded and now, just as criminals are moving onto bigger, nastier tricks, the ban lands with all the urgency of a snail on sedatives. It’s the right move, just years too late. If this is wha
The Co-op breach? Just the start. Behind every checkout is a ticking digital time bomb—and UK retailers keep hitting snooze. From Harrods to M&S, data is being leaked, stolen, and casually ignored while executives issue vague apologies and blame “sophisticated attacks.” Payroll provider Zellis is quietly at the centre of it all—again. Meanwhile, your personal info is floating in the dark web like last season’s clearance stock. In this brutal deep dive, we expose the rot behind the logos, the
Still using SMS for 2FA? You’re not securing your business—you’re leaving the door wide open and waving attackers in. A live zero-day exploit for SS7—the ancient, insecure telecom protocol still propping up your text messages—is being sold right now for five grand. That’s all it takes to intercept your logins, steal your bank codes, and track your phone. No malware. No warnings. Just game over. If your IT team or MSP still thinks SMS is ‘good enough’, this article is the slap they need. Read it.
HACKERS HAVE TAKEN PERCY PIG HOSTAGE — and Marks & Spencer is fumbling the ransom call. In the most British cyber disaster yet, Scattered Spider cracked open M&S's network like a soggy trifle, stole their passwords, locked up their servers, and left Colin the Caterpillar trembling. Payments broken. Orders vanished. Cakes missing in action. Meanwhile, M&S says it's all just “minor disruption” — right, and the Blitz was a minor weather event. Dive into the unbelievable timeline of how
Your phone plugs in. Your data leaks out. Welcome to the real risk hiding behind every shiny infotainment screen. UK cyber security experts are warning that modern vehicles, especially those loaded with erm “foreign” tech could be silent spies in your driveway. Sensitive emails, call logs, even your location history could be hoovered up the moment you hit "connect." Still trusting your MG, Tesla, or BMW without a second thought? You might want to rethink that. Your dashboard is not just a dashbo
Percy Pig and Colin the Caterpillar Have Been Taken Hostage – And Yes, This Is Real Life Marks & Spencer has confirmed it’s the latest victim of a cyberattack, but forget dull technical jargon — the internet’s gone wild over rumours that iconic treats Percy Pig and Colin the Caterpillar are caught in the digital crossfire. With contactless payments down and click-and-collect orders delayed, shoppers have been left confused, furious, and Colin-less. Was it ransomware? A supply chain hit? Or j
Hackers are now using Microsoft Teams chats to phish credentials and drop malware — right under your nose. By exploiting Teams' external access features and mimicking trusted domains, attackers send convincing messages that look like they’re from colleagues or suppliers. Users, assuming Teams is safe, often click without thinking. These attacks bypass traditional email defences and thrive on default settings and user trust. While Microsoft offers tools to mitigate the risk, most organisations ha
Microsoft’s April 2025 Windows 11 update (KB5036893) has pulled a fast one, quietly creating a C:/inetpub folder on machines that have never had IIS installed. No changelog entry. No heads-up. Just a mysterious web server directory suddenly appearing across the fleet. Whether you’re managing personal laptops or enterprise desktops, this isn’t just clutter—it’s a potential security red flag. IT pros are furious, forums are lighting up, and Microsoft? Silent. Again. If you thought updates couldn’t
Act now or risk breach : Microsoft’s April 2025 Patch Tuesday just dropped with 121 fixes—and one is already being actively exploited in the wild. From remote desktop gateways to Office and authentication systems, these vulnerabilities target everything you rely on. Think your network is safe? Think again. With privilege escalation bugs, Hyper-V escapes, and Kerberos enforcement changes, this update isn’t optional—it’s urgent. Don’t let today’s Patch Tuesday become tomorrow’s security incident.
Think your breakfast is safe? Think again. WK Kellogg Co.—yes, the cereal giant—just had employee data spilled thanks to a third-party software breach. Hackers from the Clop ransomware gang waltzed in via Cleo’s "secure" file transfer platform and helped themselves to names, addresses, and Social Security numbers. It’s another textbook example of supply chain negligence dressed up as digital transformation. If your business relies on vendors without grilling their security, you might as well sta
Nearly 24,000 IP addresses just launched a coordinated scan on Palo Alto Networks’ GlobalProtect gateways — and if you think this was random, think again. This wasn’t a glitch in the matrix or some bored script kiddie. It was targeted, global, and likely the opening move in something far bigger. If you’re running PAN-OS at the edge of your network and haven’t patched recently, you’re on the menu. This article breaks down what happened, what it means, and what you need to do right now before your