Percy Pig and Colin the Caterpillar Have Been Taken Hostage – And Yes, This Is Real Life Marks & Spencer has confirmed it’s the latest victim of a cyberattack, but forget dull technical jargon — the internet’s gone wild over rumours that iconic treats Percy Pig and Colin the Caterpillar are caught in the digital crossfire. With contactless payments down and click-and-collect orders delayed, shoppers have been left confused, furious, and Colin-less. Was it ransomware? A supply chain hit? Or j
The Samsung Galaxy S24 was meant to be the crown jewel of Android. Instead, it shipped with a gaping security hole—thanks to a preinstalled app no one asked for. Researchers found that this app allowed remote attackers to hijack your device, steal your data, and generally wreck your digital life. This isn’t just sloppy—it’s a disgrace. Samsung pushed out a flagship phone with built-in vulnerabilities, proving once again that shiny hardware means nothing if the software is a ticking time bomb. If
People used to think Macs couldn’t get viruses. That’s no longer true. New malware kits called JokRAT and XenoRAT can give hackers full control of a Mac computer. These tools are easy to rent online, even for people with no tech skills. Hackers can use them to spy on you, steal files, and stay hidden on your computer. Mac users should use security software, update their systems often, and be careful about what they click on. If your Mac is part of a company network, a single infected device can
Not all firewalls are created equal—some vendors make patching painless, others seem to actively hide the fixes. We evaluated SonicWall, Fortinet, UniFi, DrayTek, Zyxel, WatchGuard, Sophos, Meraki and more using a realistic UK small business setup: one firewall, one switch, two access points. Then we scored them out of 50 on cost, usability, licensing, and update handling. Spoiler: UniFi smashed it. SonicWall? Not so much. If you want to know which vendor respects your time and budget—and which
More than 4,000 WordPress websites have been hacked thanks to a critical vulnerability in the WP-Automatic plugin. The flaw (CVE-2024-27956) allows unauthenticated attackers to inject malicious code, redirect users, and install backdoors—all without logging in. Despite a patch being available, thousands of sites remain vulnerable due to poor update practices and weak plugin hygiene. This isn't just another WordPress scare story—it's a glaring example of why unmanaged, unmonitored websites are a
Oracle just got hacked—badly—and their excuse? “It was just a legacy system.” That’s corporate-speak for we left the door wide open for four years and hoped no one would notice . Millions of records stolen, a $20 million ransom, and Oracle’s response was to shrug and point at the old kit. If you’re running ancient servers and thinking it won’t happen to us , think again. This isn’t just Oracle’s disaster—it’s a wake-up call for every UK business still clinging to outdated tech. Want to know how
Hackers are now using Microsoft Teams chats to phish credentials and drop malware — right under your nose. By exploiting Teams' external access features and mimicking trusted domains, attackers send convincing messages that look like they’re from colleagues or suppliers. Users, assuming Teams is safe, often click without thinking. These attacks bypass traditional email defences and thrive on default settings and user trust. While Microsoft offers tools to mitigate the risk, most organisations ha
Still running Windows Server 2012 in 2025? You might as well leave your doors unlocked and shout “come on in” to attackers. End of life means no patches, no protection, and no excuse. This article explains why sticking with outdated infrastructure is a reckless liability, not a cost-saving strategy. From cyber insurance exclusions to ICO scrutiny and NCSC guidance, we break down the real-world risks UK businesses face. You’ve been warned: unsupported systems aren’t just old — they’re dangerous.
When your supplier suffers a cyber attack, it’s not just their mess to clean up — it can quickly become your problem too. This guide walks UK SMBs through exactly what to do if a supplier breach threatens your data, operations, or reputation. From securing your systems and understanding GDPR obligations, to involving the right experts and tightening up contracts, you’ll learn how to stay one step ahead when the blast radius includes you. Because in today's interconnected world, your security is
Google has patched a critical "Use After Free" vulnerability in Chrome, tracked as CVE-2025-3066, which could allow remote code execution via malicious web pages. The flaw was found in Chrome's Site Isolation feature—meant to protect users—ironically making it a prime attack vector. Users on versions prior to 135.0.7049.84/.85 (Windows/Mac) or 135.0.7049.84 (Linux) are urged to update immediately. Left unpatched, this bug could let attackers install malware, steal data, or worse. This is yet ano
They had the infrastructure. They had the trust. And they had the gall to cover up the very breach they caused. This isn’t fiction—it’s a real-world cybersecurity disaster involving a big-name MSP, a firewall misconfiguration, and a damning internal email that said “don’t tell the customer.” Weeks later, the logs were useless, the excuses piled up, and the recovery bill is heading for six figures. If you think your MSP would never… think again. Here’s what went wrong, how it got exposed, and why
Think your cyber security is airtight? Doesn’t matter — your suppliers might be the ones getting you hacked. One dodgy vendor, one reused password, and suddenly your business is in the headlines for all the wrong reasons. Supply chain attacks are exploding, and most businesses have no idea who actually has access to their systems. If you’re blindly trusting every outsourced service, freelancer, or cloud tool without asking hard questions, you’re basically inviting cybercriminals in for tea. Want
Microsoft’s April 2025 Windows 11 update (KB5036893) has pulled a fast one, quietly creating a C:/inetpub folder on machines that have never had IIS installed. No changelog entry. No heads-up. Just a mysterious web server directory suddenly appearing across the fleet. Whether you’re managing personal laptops or enterprise desktops, this isn’t just clutter—it’s a potential security red flag. IT pros are furious, forums are lighting up, and Microsoft? Silent. Again. If you thought updates couldn’t
The internet isn’t a safe space for everyone — especially if you’re a journalist, activist, or survivor of abuse. The UK’s National Cyber Security Centre (NCSC) has released new guidance for people and communities at high risk of digital surveillance. And unlike most government advice, this is actually worth reading. It’s direct, useful, and designed for the real world — covering everything from encrypted messaging to avoiding spyware. Whether you're at risk or supporting someone who is, this gu
Act now or risk breach : Microsoft’s April 2025 Patch Tuesday just dropped with 121 fixes—and one is already being actively exploited in the wild. From remote desktop gateways to Office and authentication systems, these vulnerabilities target everything you rely on. Think your network is safe? Think again. With privilege escalation bugs, Hyper-V escapes, and Kerberos enforcement changes, this update isn’t optional—it’s urgent. Don’t let today’s Patch Tuesday become tomorrow’s security incident.
Think your breakfast is safe? Think again. WK Kellogg Co.—yes, the cereal giant—just had employee data spilled thanks to a third-party software breach. Hackers from the Clop ransomware gang waltzed in via Cleo’s "secure" file transfer platform and helped themselves to names, addresses, and Social Security numbers. It’s another textbook example of supply chain negligence dressed up as digital transformation. If your business relies on vendors without grilling their security, you might as well sta
Welcome to the inaugural edition of Breach of the Month Club™ , your monthly tour of reputational disaster. March 2025 was a banner month for avoidable breaches, from Lloyds accidentally mailing out million-pound statements, to Jaguar Land Rover getting wrecked by leaked JIRA credentials. Reform UK ignored GDPR completely, Morrisons got battered by a supplier breach, and 23andMe? Well, they lost your DNA and filed for bankruptcy. We break it all down with just the right amount of sarcasm—and a r
Nearly 24,000 IP addresses just launched a coordinated scan on Palo Alto Networks’ GlobalProtect gateways — and if you think this was random, think again. This wasn’t a glitch in the matrix or some bored script kiddie. It was targeted, global, and likely the opening move in something far bigger. If you’re running PAN-OS at the edge of your network and haven’t patched recently, you’re on the menu. This article breaks down what happened, what it means, and what you need to do right now before your
Apple has dropped emergency updates to fix three zero-day vulnerabilities —and yes, they’re already being exploited. These flaws affect iPhones, iPads, Macs, and more, letting attackers bypass USB protections, escape Safari’s sandbox, and escalate privileges through CoreMedia. If you’re not updating your devices right now, you’re basically rolling out the red carpet for hackers. This isn’t just another patch Tuesday. It’s a loud, flashing red warning. Your move.
Think you can handle a cyber attack without an Incident Manager? Think again. Here's what a good IM does, why they're not a luxury, and how they help UK businesses survive the worst day of their digital lives.
