Four Campaigns, One Week, Zero Excuses: New Episode Out Now

Threat IntelligencePodcast
Written By Noel Bradford

Last week was one of the busiest in recent memory for cyber security. Four major attack campaigns landed within days of each other, each using completely different methods, each capable of compromising the kind of security controls most UK small businesses depend on.

And while those attacks were rolling out, the UK government quietly enacted the biggest change to data protection law since Brexit. With roughly 48 hours' notice.

In this week's episode, Mauven, Graham, and I break down all of it.

Campaign One: Russian military intelligence (APT28) weaponised a critical Microsoft Office vulnerability within 24 hours of the patch being published. The attack needs zero user interaction beyond opening a document. No macros. No warnings. It installs an Outlook backdoor that silently forwards every email you receive to Russian intelligence servers.

Campaign Two: Commodity criminals running a campaign called DEAD#VAX, using virtual hard disc files to bypass Windows security flags. The same techniques that nation-state actors use, sold as malware-as-a-service for about £50 a month.

Campaign Three: A Chinese-linked group compromised the download infrastructure for Notepad++, one of the most popular text editors in the world, for six months. Selective targeting. Nearly invisible.

Campaign Four: Three separate macOS infostealer campaigns running simultaneously, distributed through Google Ads, fake PDF tools, and WhatsApp.

On top of all that, the Data Use and Access Act came into force on February 5th. Cookie and marketing fines jumped from £500,000 to £17.5 million overnight. The ICO gained new enforcement powers. And every business handling personal data now has until June 19th to implement a formal complaints procedure.

We cover what happened, why it matters for UK small businesses, what you can do about it today, and how to protect a 20-person company for roughly £10,000 a year.

Fifteen minutes. No waffle. Practical actions you can take before close of business.

Listen now on your preferred podcast platform, or visit our episode page for full show notes, threat intelligence sources, and the complete immediate actions checklist.

Noel Bradford

Noel Bradford – Head of Technology at Equate Group, Professional Bullshit Detector, and Full-Time IT Cynic

As Head of Technology at Equate Group, my job description is technically “keeping the lights on,” but in reality, it’s more like “stopping people from setting their own house on fire.” With over 40 years in tech, I’ve seen every IT horror story imaginable—most of them self-inflicted by people who think cybersecurity is just installing antivirus and praying to Saint Norton.

I specialise in cybersecurity for UK businesses, which usually means explaining the difference between ‘MFA’ and ‘WTF’ to directors who still write their passwords on Post-it notes. On Tuesdays, I also help further education colleges navigate Cyber Essentials certification, a process so unnecessarily painful it makes root canal surgery look fun.

My natural habitat? Server rooms held together with zip ties and misplaced optimism, where every cable run is a “temporary fix” from 2012. My mortal enemies? Unmanaged switches, backups that only exist in someone’s imagination, and users who think clicking “Enable Macros” is just fine because it makes the spreadsheet work.

I’m blunt, sarcastic, and genuinely allergic to bullshit. If you want gentle hand-holding and reassuring corporate waffle, you’re in the wrong place. If you want someone who’ll fix your IT, tell you exactly why it broke, and throw in some unsolicited life advice, I’m your man.

Technology isn’t hard. People make it hard. And they make me drink.

https://noelbradford.com
Next

Four Game-Changing Cyber Stories in One Episode