When the Patch Was Not Enough: An Accountability Audit
The patch closed the hole. Attackers got in through a new one. The real failure was not technical. It was the absence of anyone watching the edge.
Read more →12 articles
The patch closed the hole. Attackers got in through a new one. The real failure was not technical. It was the absence of anyone watching the edge.
Read more →
A social engineering phone call. A password reset. £300 million in losses. The M&S DragonForce attack is the most expensive lesson in UK retail cyber security history.
Read more →
GoGetSMS sold SIM verification bypass on the open web for years. Europol shut it down. UK banks still rely on the control it defeated.
Read more →
KNP Logistics had antivirus, firewalls, backups, and insurance. No MFA. No EDR. One guessed password later, 700 people were out of work and a 158-year-old company was gone.
Read more →
6% of UK businesses review their wider supply chain for cyber risk. 94% are flying blind. The most dangerous number in the 2026 Breaches Survey.
Read more →
The JLR attack cost £1.9 billion. Suppliers six tiers down the chain had no say in JLR's security decisions. They paid anyway. Here is the full story.
Read more →
Three weeks. Two resolver changes. One compromised router nobody checked. How a UK accountancy firm blamed DNS while the real threat hid.
Read more →
Learn from a UK BEC case study where a property firm lost £12,100. Discover the one free policy that could have stopped it.
Read more →
A household with refrigerated medication says the paid route delivered a worse practical outcome than the free one, and that the later data request became a dispute of its own.
Read more →
A UK business said yes to MFA on their proposal form. The attack came through servers with no MFA. The policy was voided. Lucy Harper investigates.
Read more →
One compromised npm account. Two poisoned packages. 100 million weekly downloads at risk. Who is accountable when open-source governance fails?
Read more →
One attack. One network. 350,000 people locked out. And four days later, nobody will say what type of attack it was.
Read more →