Think your MSP has your back? Think again. In Part 4 of Breached , we unpack the brutal truths most businesses only learn after the worst happens. From useless logs to skyrocketing insurance, and a support ticket that nearly destroyed everything, this is the roadmap you wish you had before the call came. Ten hard lessons, zero fluff. Why your MSP is there to sell, not protect. Why a good fractional CIO is worth their weight in gold. And why silence from your IT provider isn’t just dangerous—it m
Think you're too small to be a target? Think again. UK small businesses are now the top attack vector for state-backed hackers from Russia and China, and your half-baked cybersecurity is a red carpet to our critical infrastructure. M&S, Harrods, and the Co-op didn’t get hit by chance, they got hit through you. If you’re in the supply chain without Cyber Essentials Plus, real EDR, or even basic patching, you’re not just vulnerable — you’re a national liability. Time to grow up or get out of t
The breach was just the beginning. In Part 3 of Breached , the truth is out—and now come the consequences. The MSP tried to hide a misconfiguration. They failed. Now the clients are calling, the regulators want answers, and the business owner is left holding the fallout. From a quiet boardroom to sleepless nights and rising insurance premiums, this is what happens when a cover-up gets exposed. Contracts are cancelled. Trust evaporates. And the worst part? It all could have been prevented. If you
The Co-op breach? Just the start. Behind every checkout is a ticking digital time bomb—and UK retailers keep hitting snooze. From Harrods to M&S, data is being leaked, stolen, and casually ignored while executives issue vague apologies and blame “sophisticated attacks.” Payroll provider Zellis is quietly at the centre of it all—again. Meanwhile, your personal info is floating in the dark web like last season’s clearance stock. In this brutal deep dive, we expose the rot behind the logos, the
What happens when your IT provider makes a mistake—and then tries to hide it? In Part 2 of Breached , a hidden support ticket, a missing firewall log, and over 400 unpatched vulnerabilities unravel a small business’s trust in the team meant to protect them. The MSP said, “Don’t tell the client.” But she was accidentally copied in. What followed was seven days of denial, silence, and mounting pressure—until the truth was read aloud, word for word, in a boardroom gone cold. This isn’t about poor s
Still using SMS for 2FA? You’re not securing your business—you’re leaving the door wide open and waving attackers in. A live zero-day exploit for SS7—the ancient, insecure telecom protocol still propping up your text messages—is being sold right now for five grand. That’s all it takes to intercept your logins, steal your bank codes, and track your phone. No malware. No warnings. Just game over. If your IT team or MSP still thinks SMS is ‘good enough’, this article is the slap they need. Read it.
Katie Roberts thought it was just another Tuesday—until her personal phone rang at 11:27 a.m. The voice on the other end wasn’t a client. It was the National Crime Agency. Within minutes, her calm, structured world tilted on its axis. A cyber breach. Live. Real. Observed. And her business—the one she’d built from scratch—was now under threat. No plan. No warnings. Just a quiet office and a slow, sinking realisation that everything was about to change. What do you do when your worst-case scenario
Co-op just confirmed a major data breach— but only after the hackers got sick of waiting and contacted the BBC themselves . Yes, really. It turns out customer data wasn’t just mishandled, it was gift-wrapped and forgotten like an expired loyalty card. With Zellis—the same payroll firm linked to the BBC and BA MOVEit fiascos—once again in the mix, this breach isn’t just another blip. It’s part of a growing pattern of retail cybersecurity disasters. And with legal and funeralcare data involved, th
Samsung has once again reminded us why blind trust is a cybersecurity death sentence. Researchers discovered a massive vulnerability in Galaxy devices' Secure Element — the hardware vault meant to protect your biometrics and encryption keys. Attackers could exploit this “inadvertent” flaw remotely, with Samsung quietly patching it months later and offering zero transparency. No warnings. No device list. Just a silent fix and crossed fingers. If you own a Galaxy, you're now part of a grand experi
Think 2025 would be the year we finally nailed DDoS protection? Think again. Some poor online betting site just got steamrolled by a 1Tbps brute-force attack — and the industry is clutching its pearls like it’s 2005. Guess what? If you’re running a high-value, downtime-sensitive business without bulletproof DDoS mitigation, you’re basically waving a “please fuck up my day” flag at the internet. This wasn’t a sophisticated hack; it was raw, stupid power. And it still worked. If your master plan i
The UK’s new Cyber Security and Resilience Bill is about to shake things up – hard. With fines of up to £100,000 per day for failing to report serious cyber incidents, the days of shrugging off IT failures are officially over. Critical suppliers like MSPs are firmly in the government’s sights, and mandatory reporting within 24 hours means businesses must be ready to move fast. But is it enough? Will this finally close the gaps attackers have exploited for years, or will it pile more pressure on
HACKERS HAVE TAKEN PERCY PIG HOSTAGE — and Marks & Spencer is fumbling the ransom call. In the most British cyber disaster yet, Scattered Spider cracked open M&S's network like a soggy trifle, stole their passwords, locked up their servers, and left Colin the Caterpillar trembling. Payments broken. Orders vanished. Cakes missing in action. Meanwhile, M&S says it's all just “minor disruption” — right, and the Blitz was a minor weather event. Dive into the unbelievable timeline of how
Paper password managers. Charming relics of a simpler time... or a catastrophically bad idea in 2025? At home? Fine. Lock it up tighter than your secret stash of biscuits. At work? Absolutely fucking not. Unless your business strategy includes "hoping Karen does not spill coffee on the master admin password" – get a proper password manager. Maybe, maybe a sealed "break glass" password for your CRM or M365 admin account. And I mean sealed like you are guarding the Crown Jewels. Want the full sarc
Your phone plugs in. Your data leaks out. Welcome to the real risk hiding behind every shiny infotainment screen. UK cyber security experts are warning that modern vehicles, especially those loaded with erm “foreign” tech could be silent spies in your driveway. Sensitive emails, call logs, even your location history could be hoovered up the moment you hit "connect." Still trusting your MG, Tesla, or BMW without a second thought? You might want to rethink that. Your dashboard is not just a dashbo
Still clinging to that dusty old server from 2012? So are the hackers. Legacy systems are not just outdated — they are a neon sign flashing “easy target” above your business. Whether you run a small law firm, an accountancy practice, or any small business handling client data, ignoring your ageing IT is a fast track to fines, breaches, and reputational disaster. DPP Law learned this the hard way with a £60,000 fine. Will you be next? Find out why modernising your systems is no longer optional —
In April 2025, the global cybersecurity world almost lost CVE — the bedrock of vulnerability tracking — not to hackers, but to sheer bureaucratic incompetence. While politicians played games and cyber defenders were told to look the other way, the fragile, outdated systems of CVE and CVSS staggered toward collapse. We didn’t fix them. We barely taped them back together. This isn’t just a story of near-miss disaster — it’s a full-blown indictment of cybersecurity's rotting foundations. If we do n
Think your law firm is too small for hackers to bother with? DPP Law thought so too—right up until they faced a £60,000 fine and a public shaming after a catastrophic cyber attack. A single unsecured admin account was all it took to unleash chaos. No MFA, no breach reporting, no chance. If you are still relying on luck instead of basic cyber hygiene, you are playing a dangerous game with your clients’ trust—and your firm’s future. Cyber Essentials is the starting line, not the victory lap. How m
Think Windows 11 was secure? Think again. A critical flaw let attackers hijack full admin control in just 300 milliseconds using a tired old trick – DLL hijacking. Microsoft called it “Important” (because, sure, SYSTEM access is casual now), but for the rest of us, it was a neon sign saying “Hack me.” Find out how your phone link feature became a hacker’s dream, why millions were left exposed for six months, and why patching yesterday might still not save you. How many ticking time bombs are hid
Google is stepping up Android security by introducing an automatic reboot feature. If your phone remains idle for three days after a critical update, it will now reboot itself to apply the patch and enhance your protection. This smart move helps close the vulnerability window users often leave open by ignoring reboot prompts. Designed to be seamless and non-intrusive, the feature ensures devices are updated without disrupting daily use. While not mandatory across all manufacturers yet, it signal
In April 2025, 4chan – the internet’s digital back alley – got thoroughly rinsed. A full-scale hack exposed moderators, leaked source code, and proved even the web’s most chaotic platforms aren’t immune to catastrophic failure. But here’s the twist: the real story isn’t the leak, it’s what it reveals about your own business. If outdated software, poor access control, or silence-in-a-crisis sounds familiar, you’re already on thin ice. This isn’t just drama for meme lords – it’s a neon-lit warning
