31 articles
A January 2026 survey found that 75% of UK business leaders who consider cyber their top risk simultaneously doubt their ability to manage one. Corrine Jefferson on what that gap represents, why it persists, and the three conversations to have before the end of this week.
Read more →
No ransomware. No smashed firewall. No dramatic movie scene. Just a fraudulent invoice, a trusted relationship, and $432,739.21 gone. If you think this cannot happen to your business, you need to read this.
Read more →
For five months, anyone with a Companies House login could access the private dashboard of any of the five million registered UK companies. Home addresses. Dates of birth. Email addresses. All the personal data fraudsters need to impersonate a director, open accounts in your company's name, or reroute your banking. Not by hacking. Not by sophisticated exploit. By pressing the back button. That is the entirety of the technical skill required. The government body responsible for the UK's corporate
Read more →
Microsoft's Defender Experts published research yesterday on a campaign called Contagious Interview. Attackers pose as recruiters, walk your developers through a convincing fake job interview, then get them to clone and run a malicious code repository. The moment they do, your cloud credentials, API tokens, signing keys, and password manager databases are on their way out the door. This campaign has been running since at least December 2022. Your developers are the target. Your infrastructure is
Read more →
Microsoft shipped March 2026 Patch Tuesday on 10 March with no actively exploited zero-days. And I can already hear the conversation in the finance department: "Quiet month, push it to next quarter." Wrong. This month's release covers six Windows elevation-of-privilege flaws that Microsoft itself rates as Exploitation More Likely, a critical Excel bug that can hijack Copilot Agent to exfiltrate data with near zero user interaction, and two Office remote code execution issues that fire through th
Read more →
Hello, Mauven here. Yesterday, Dutch military and domestic intelligence confirmed what European security agencies have been circling for weeks: Russian state-sponsored hackers are running a large-scale global campaign to take over Signal and WhatsApp accounts. Not by breaking the encryption. By asking for the keys. Two governments have now issued formal warnings. Dutch officials have confirmed their own employees are among the victims. And the attack method is devastatingly simple. If your busin
Read more →
I spent time with Mauven this week working through the Unit 42 Global Incident Response Report 2026. Seven hundred and fifty incident response engagements. Fifty-plus countries. Real cases. The headline statistic, 89% of investigations involving identity as a material factor, is striking. But it's not the number that should concern you most. It's what that number tells us about where organisations are spending their security budgets versus where attackers are actually operating. They are not in
Read more →
Last week, researchers proved something that should make every small business owner put down their coffee. Your Wi-Fi guest network, the one you set up so visitors don't touch your business systems, doesn't actually protect you. A new attack called AirSnitch lets anyone already on your network spy on every device connected to the same physical router, regardless of which network name they joined, regardless of whether you're running WPA2 or WPA3. Every single router tested failed. Here's what it
Read more →
Switzerland looked at Palantir and said no. The UK leaned in. That should worry you. Your business runs on the same US owned platforms that governments argue about. Email, files, chat, identity, backups. The CLOUD Act means a provider can face legal demands for data, even when the servers sit outside the US. UK hosting does not always mean UK control. This teaser sets up the real question: if access rules changed tomorrow, could you prove who can touch your data, and how you would know? Could yo
Read more →
That TP-Link router you bought because it was Β£40 cheaper than the alternatives? Two days ago, the state of Texas sued the manufacturer for allegedly handing the Chinese Communist Party access to Americans' devices. A US federal ban is on the table. Sixteen thousand routers worldwide have already been conscripted into a Chinese state-sponsored attack network. And the UK? Doing absolutely nothing. This isn't paranoia. This is documented, court-filed, backed-by-three-US-federal-departments reality
Read more →
Three hundred and ninety-three days. That's how long Chinese state hackers camped inside defence networks before anyone bloody noticed. Over a year. Reading emails. Mapping systems. Making themselves at home while everyone assumed the firewall was doing its job. Google just published the receipts, and the uncomfortable truth is this: manufacturing is the most targeted sector on ransomware leak sites. Not banks. Not hospitals. Factories. Your VPN appliance is the front door nobody's watching, and
Read more →
Your business just plugged an AI chatbot into its website, an AI assistant into email, or a coding copilot into your dev team. Congratulations. You may have just installed a backdoor. A landmark research paper from Bruce Schneier, Ben Nassi, and their colleagues has mapped a full malware kill chain for AI systems. They call it promptware. It is not theoretical. Twenty-one documented attacks already cross four or more stages of this kill chain, in live production systems. The NCSC agrees the thre
Read more →
Graham here. Microsoft dropped six actively exploited zero-days on us yesterday, three of them publicly disclosed before the patch even landed. That means attackers had working exploits before you had fixes. Three bypass your security warnings entirely. One gives SYSTEM access through Remote Desktop Services. CrowdStrike confirmed active abuse in the wild. Meanwhile, SAP shipped a CVSS 9.9 code injection flaw and Adobe patched 44 vulnerabilities across nine products. If your patching approval pr
Read more →
Russia's Sandworm hacking group just attempted the largest cyber attack on Poland's energy infrastructure in years, deploying custom wiper malware called DynoWiper against 30 wind farms, solar installations, and a heat plant serving half a million people. The attack failed, but only barely. The NCSC is now warning UK critical infrastructure operators to act immediately. If you think nation-state attacks on power grids are somebody else's problem, think again. Every UK business sitting in those s
Read more →
Google just dropped a report that should make every UK business owner physically uncomfortable. Chinese state-sponsored hackers have exploited more than two dozen zero-day vulnerabilities in VPNs, routers, and firewalls since 2020. From ten different vendors. The average time they sit inside your network before anyone notices? 393 days. Over a year of unfettered access. And if you think "I'm not a defence contractor, this doesn't affect me," think again. Manufacturing has been the single most ta
Read more →
Four concurrent cyberattack campaigns hit last week. Russian military intelligence weaponised a critical Microsoft Office vulnerability within 24 hours of the patch dropping. Commodity criminals started selling the same capability for Β£50 a month. A Chinese-linked group compromised Notepad++ updates for six months. Three separate macOS infostealer campaigns ran simultaneously. And while all of that was unfolding, the UK's biggest data protection law change since Brexit went live with 48 hours' n
Read more →
The Apple App Store feels safe. That is the story many people tell themselves. Firehound and Vulnu show why that comfort can be dangerous. Researchers have flagged this week insecure iPhone apps that expose user data through badly secured cloud storage. Some leak private chats, email addresses, and location traces. Many of these apps look polished and carry strong ratings. That is the trap. In this guest post, Corrine Jefferson explains how slop apps slip through review, why AI apps raise the st
Read more →
UK Government's shocking admission: cyber risk critically high, 28% legacy systems vulnerable, 2030 targets unachievable. The numbers are damning.
Read more →
You've got MFA turned on. Authenticator app, text codes, the lot. You think you're protected. Now picture this: your finance director clicks a legitimate-looking link, signs in, approves the MFA request like always, and boomβan attacker just stole her session token. Full access to Microsoft 365. No more MFA prompts needed. Welcome to 2026, where adversary-in-the-middle attacks surged 146% in the past year. Nearly 40,000 incidents daily. Your traditional MFA? Doing precisely nothing to stop them.
Read more →
Three Mile Island. You remember it, right? The 1979 nuclear accident that terrified an entire generation and effectively killed nuclear power plant construction in America for 40 years? Microsoft just spent $1.6 billion to restart Unit 1. Not for clean energy virtue signaling. Because they're bloody desperate. Google committed to 500 megawatts of Small Modular Reactors. Amazon's all-in on multiple nuclear projects. Meta wants up to 4 gigawatts. Billions in nuclear investment. Timeline: 2028 to 2
Read more →
There's a lab in Switzerland where they're building computers out of living human neurons. Sounds completely barking mad, right? Here's the thing: these brain cells compute using one million times less energy than silicon. Meanwhile, training a single AI model now produces the carbon emissions of 500 cars over their entire lifetimes. Microsoft, Google, and Amazon just committed billions to restart nuclear power plants because they can't keep the lights on. And your business? You're paying for ev
Read more →
The British Library decided not to implement MFA on administrator accounts. Their reasoning: "practicality, cost and impact on ongoing programmes." That decision cost them Β£7 million in recovery, 600GB of staff data dumped on the dark web, and over a year of service disruption. This is Mauven's Take on one of the clearest examples of the doorman fallacy in UK history. When cost-cutting decisions focus narrowly on immediate expense whilst ignoring catastrophic downside risk, you get exactly this
Read more →
Your help desk just became your biggest security liability. Scattered Spider criminals are ringing UK support teams, impersonating executives, and convincing staff to reset multi-factor authentication. Within hours, they're inside your network deploying DragonForce ransomware. The July 2025 IC3/CISA advisory exposes how these English-speaking social engineers are systematically destroying businesses through basic phone manipulation. If your Tier 1 support can reset MFA without proper verificatio
Read more →
After analyzing the global response to CVE-2025-53770, the critical SharePoint zero-day that's compromised 75+ organizations in 48 hours, I'm convinced this isn't about technical competence. It's about human psychology. Right now, IT administrators who know their systems are vulnerable (CVSS 9.8) are doing nothing because of normalcy bias, sunk cost fallacy, and optimism bias. The organizations getting breached aren't those lacking knowledge - they're the ones whose psychology prevents acting on
Read more →
The White House CIO has access to threat intelligence that would make UK SMB owners lose sleep for weeks. While British businesses worry about basic phishing, US government analysts are tracking systematic campaigns targeting supply chains, MSPs, and small businesses as stepping stones to bigger targets. They're seeing patterns you've never heard of: criminal groups spending months mapping your vendor relationships, state actors using SMBs to access critical infrastructure, and ransomware cartel
Read more →
Former UK Government Cyber analyst Mauven MacLeod exposes the disturbing Catwatchful stalkerware operation that suffered a massive breach in June 2025, revealing 62,000 customer accounts and 26,000 monitored victims across seven countries. This isn't just cybersecurity failure - it's weaponised surveillance technology enabling domestic abuse and stalking. The breach exposed plaintext passwords, comprehensive victim data dating to 2018, and the operation's Uruguay-based administrator. From a government security
Read more →
Janet Jackson's "Rhythm Nation" music video could crash laptops just by playing the audio. Not through software exploits or malware, but because the bloody song contained the exact resonant frequency that turned 5400 RPM hard drives into expensive paperweights. Even better: playing the video on one laptop could crash OTHER laptops sitting nearby through pure acoustic warfare. Microsoft engineers had to add secret audio filters to prevent pop music from destroying computers. If a 1989 dance track
Read more →
Last Friday, it was someone else's war. Over the weekend, Iranian hackers considered your Microsoft 365 account enemy infrastructure. American B-2 bombers dropped 14 bunker-busters on Iranian nuclear facilities over the weekend. The cyber retaliation has already begun, and UK small businesses as we all use US cloud services are the in the firing line primary targets. Remember NotPetya? Ukrainian attack, global devastation. Windows is Windows regardless of location. Your customer database could b
Read more →
This week we explored compliance theatre vs real security. Next week, we're diving into the monthly war zone that every IT team knows: Microsoft's Patch Tuesday roulette where one wrong decision can sink your business. Monday's podcast takes you inside the 6 PM chaos when UK teams scramble with late-breaking updates, and Tuesday's deep-dive exposes why traditional patch management advice is built for enterprises that don't exist. Plus, practical survival strategies for when you're fighting attac
Read more →
Your passwords are already for sale. The only question is whether you know it yet. Stolen credentials jumped from 10% to 16% of all cyberattacks in just one year, making it the second most common attack vector behind exploits. With 3.9 billion passwords compromised by infostealer malware and 94% of people reusing the same credentials across multiple sites, your business authentication isn't just vulnerable; it's already broken. While you're investing in firewalls and endpoint protection, crimina
Read more →
Microsoft Teams is the new darling of UK business. Itβs chat, calls, meetings, file sharing and productivity all in one app. Unfortunately, itβs also a goldmine for attackers, and they know it. With the Tycoon 2FA phishing kit now targeting Microsoft 365 users through fake Teams login prompts, criminals are bypassing multifactor authentication in real time. Itβs slick. Itβs scary. And worst of all, it works. If your business still believes Teams is βsafe because itβs Microsoft,β youβre dangerous
Read more →