Still running Windows Server 2012 in 2025? You might as well leave your doors unlocked and shout “come on in” to attackers. End of life means no patches, no protection, and no excuse. This article explains why sticking with outdated infrastructure is a reckless liability, not a cost-saving strategy. From cyber insurance exclusions to ICO scrutiny and NCSC guidance, we break down the real-world risks UK businesses face. You’ve been warned: unsupported systems aren’t just old — they’re dangerous.
When your supplier suffers a cyber attack, it’s not just their mess to clean up — it can quickly become your problem too. This guide walks UK SMBs through exactly what to do if a supplier breach threatens your data, operations, or reputation. From securing your systems and understanding GDPR obligations, to involving the right experts and tightening up contracts, you’ll learn how to stay one step ahead when the blast radius includes you. Because in today's interconnected world, your security is
Google has patched a critical "Use After Free" vulnerability in Chrome, tracked as CVE-2025-3066, which could allow remote code execution via malicious web pages. The flaw was found in Chrome's Site Isolation feature—meant to protect users—ironically making it a prime attack vector. Users on versions prior to 135.0.7049.84/.85 (Windows/Mac) or 135.0.7049.84 (Linux) are urged to update immediately. Left unpatched, this bug could let attackers install malware, steal data, or worse. This is yet ano
They had the infrastructure. They had the trust. And they had the gall to cover up the very breach they caused. This isn’t fiction—it’s a real-world cybersecurity disaster involving a big-name MSP, a firewall misconfiguration, and a damning internal email that said “don’t tell the customer.” Weeks later, the logs were useless, the excuses piled up, and the recovery bill is heading for six figures. If you think your MSP would never… think again. Here’s what went wrong, how it got exposed, and why
Think your cyber security is airtight? Doesn’t matter — your suppliers might be the ones getting you hacked. One dodgy vendor, one reused password, and suddenly your business is in the headlines for all the wrong reasons. Supply chain attacks are exploding, and most businesses have no idea who actually has access to their systems. If you’re blindly trusting every outsourced service, freelancer, or cloud tool without asking hard questions, you’re basically inviting cybercriminals in for tea. Want
Microsoft’s April 2025 Windows 11 update (KB5036893) has pulled a fast one, quietly creating a C:/inetpub folder on machines that have never had IIS installed. No changelog entry. No heads-up. Just a mysterious web server directory suddenly appearing across the fleet. Whether you’re managing personal laptops or enterprise desktops, this isn’t just clutter—it’s a potential security red flag. IT pros are furious, forums are lighting up, and Microsoft? Silent. Again. If you thought updates couldn’t
The internet isn’t a safe space for everyone — especially if you’re a journalist, activist, or survivor of abuse. The UK’s National Cyber Security Centre (NCSC) has released new guidance for people and communities at high risk of digital surveillance. And unlike most government advice, this is actually worth reading. It’s direct, useful, and designed for the real world — covering everything from encrypted messaging to avoiding spyware. Whether you're at risk or supporting someone who is, this gu
Act now or risk breach : Microsoft’s April 2025 Patch Tuesday just dropped with 121 fixes—and one is already being actively exploited in the wild. From remote desktop gateways to Office and authentication systems, these vulnerabilities target everything you rely on. Think your network is safe? Think again. With privilege escalation bugs, Hyper-V escapes, and Kerberos enforcement changes, this update isn’t optional—it’s urgent. Don’t let today’s Patch Tuesday become tomorrow’s security incident.
Think your breakfast is safe? Think again. WK Kellogg Co.—yes, the cereal giant—just had employee data spilled thanks to a third-party software breach. Hackers from the Clop ransomware gang waltzed in via Cleo’s "secure" file transfer platform and helped themselves to names, addresses, and Social Security numbers. It’s another textbook example of supply chain negligence dressed up as digital transformation. If your business relies on vendors without grilling their security, you might as well sta
Welcome to the inaugural edition of Breach of the Month Club™ , your monthly tour of reputational disaster. March 2025 was a banner month for avoidable breaches, from Lloyds accidentally mailing out million-pound statements, to Jaguar Land Rover getting wrecked by leaked JIRA credentials. Reform UK ignored GDPR completely, Morrisons got battered by a supplier breach, and 23andMe? Well, they lost your DNA and filed for bankruptcy. We break it all down with just the right amount of sarcasm—and a r
Nearly 24,000 IP addresses just launched a coordinated scan on Palo Alto Networks’ GlobalProtect gateways — and if you think this was random, think again. This wasn’t a glitch in the matrix or some bored script kiddie. It was targeted, global, and likely the opening move in something far bigger. If you’re running PAN-OS at the edge of your network and haven’t patched recently, you’re on the menu. This article breaks down what happened, what it means, and what you need to do right now before your
Apple has dropped emergency updates to fix three zero-day vulnerabilities —and yes, they’re already being exploited. These flaws affect iPhones, iPads, Macs, and more, letting attackers bypass USB protections, escape Safari’s sandbox, and escalate privileges through CoreMedia. If you’re not updating your devices right now, you’re basically rolling out the red carpet for hackers. This isn’t just another patch Tuesday. It’s a loud, flashing red warning. Your move.
Think you can handle a cyber attack without an Incident Manager? Think again. Here's what a good IM does, why they're not a luxury, and how they help UK businesses survive the worst day of their digital lives.
A cyber breach isn’t just an IT headache—it’s a full-blown business crisis. If you run a small UK business and your systems are compromised, your next 24 hours are critical. This guide walks you through what to do and why—from shutting the breach down without wiping forensic evidence, to dealing with regulators, staff, and customers. Most importantly, it makes clear that your MSP or IT team should not be leading the response. You need an independent Incident Manager and a solid plan. No fluff. N
A hacker could be hiding in your business for over nine months before you even notice—and IBM has the stats to prove it. Their latest report shows UK small businesses are dangerously exposed to long dwell times, where cybercriminals quietly steal data, cause chaos, and vanish before anyone sounds the alarm. If you're not actively looking for threats, you're practically inviting them in. Here's what dwell time means for your business—and how to slam the door shut.
Over half of UK businesses got digitally f**ked last year—and most didn’t even realise until it was too late. While leadership played buzzword bingo, ransomware crews strolled in through weak passwords and forgotten patches. Attacks hit every 44 seconds. Still think “we’re too small to be a target” holds up? It doesn’t. Hope isn’t a strategy. Luck isn’t resilience. And if you’ve got no plan, you’re just waiting to be the next headline.
So naturally… the ICO fined them £4.4 million. And then knocked £3 million off for being helpful afterwards . Yes, really. That’s the cybersecurity equivalent of “you crashed the car but said sorry nicely—so we’ll waive the repair bill.” I’ve written a new piece on this absolute masterclass in weak governance, supplier accountability theatre, and the dangerous precedent it sets.
Microsoft’s at it again—this time breaking Remote Desktop for Windows 11 users with their latest round of updates. If your helpdesk tickets are piling up with RDP disconnects and login weirdness, you’re not alone. From silent session drops to broken smart card authentication, this bug is hitting SMBs and IT pros where it hurts. We unpack what’s going wrong, who’s affected, and how to survive it—while Microsoft casually promises a fix “at some point.” Spoiler: rollback might be your only friend.
London ranks dead last for 5G performance in Europe – but it’s not just the capital struggling. Across the UK, coverage is patchy, motorway connectivity is unreliable, and performance wildly varies between networks. Yet where it’s deployed properly, UK 5G can rival the best on the continent. The problem? Not the tech – the execution. Less hype, more follow-through, and a proper plan could turn the UK’s 5G fortunes around.
Most UK businesses spend more on coffee than on Cyber Security Awareness Training—and that’s exactly how breaches happen. Your biggest threat isn’t a hacker in a hoodie; it’s Dave in Sales clicking a dodgy email. The good news? Quality training is cheap, effective, and actually enjoyable. For less than the cost of your weekly latte run, you can turn your staff from cyber risks into cyber defenders. Still think you can’t afford it? Think again.
