AI in the Attack Chain: How Threat Actors Are Using Language Models Operationally
AI-assisted exploitation is no longer theoretical. From automated vulnerability research to AI-generated spear-phishing, the adoption of LLMs across the offensive lifecycle is accelerating. This analysis examines what is confirmed, what is emerging, and what it means for defenders.
Critical Unpatched RCE in Siemens RUGGEDCOM and ScadaBR — No Fix Available for Either
CISA's May 19 ICS advisories flag unauthenticated root-level code execution in Siemens RUGGEDCOM APE1808 and ScadaBR SCADA software. Neither has a patch. The ScadaBR vendor has not responded to CISA.
NCSC Warns: Volt Typhoon Reconnaissance Extends to Tier 2 UK Government Suppliers
Intelligence confirms Volt Typhoon pre-positioning activity has moved beyond primary CNI operators into the Tier 2 supplier networks that service UK central government and defence. Smaller suppliers with privileged access to government systems are now directly in scope.
RansomHub Affiliates Targeting UK Law Firms During Active M&A Mandates
Multiple UK and European law firms have been hit by RansomHub-affiliated actors during live M&A transactions. The timing is deliberate: attackers maximise leverage by striking when client pressure to resolve the incident is highest.
Volt Typhoon Activity Confirmed Across UK Water and Energy OT Networks
NCSC and Five Eyes partners have confirmed Volt Typhoon intrusions at operational technology networks in UK water treatment and regional energy distribution. The group is not causing disruption — it is waiting.
AI in the Attack Chain: How Threat Actors Are Using Language Models Operationally
AI-assisted exploitation is no longer theoretical. From automated vulnerability research to AI-generated spear-phishing, the adoption of LLMs across the offensive lifecycle is accelerating. This analysis examines what is confirmed, what is emerging, and what it means for defenders.
Volt Typhoon: The Long Game in Western Critical Infrastructure
A deep analysis of Volt Typhoon's objectives, methods, and targets — and what the sustained Chinese pre-positioning campaign in Western CNI means for how operators, regulators, and governments need to respond.
Salt Typhoon: How China Compromised the West's Wiretap Infrastructure
The Salt Typhoon campaign against US and European telecommunications carriers was not a data breach in any conventional sense. It was a strategic intelligence operation targeting the systems governments use to conduct lawful surveillance.
A joint advisory from CISA, NCSC, and ten allied nations describes how China-linked threat actors have abandoned dedicated attack infrastructure in favour of networks of compromised home routers and IoT devices. The implication for defenders is worse than it sounds.
The Data That Nation-States Actually Want Is Sitting in Your Document Management System
Law firms and professional services firms are among the most intelligence-rich targets in the UK economy. Understanding why clarifies the threat — and why perimeter security alone is the wrong response.
The Public Sector Cyber Gap: Why Government's Security Posture Trails the Threat
The structural factors that make the UK public sector a persistently soft target — fragmented IT estates, procurement cycles that optimise for cost over security, and a talent market that can't compete with private sector pay — are not going away. Here's what the gap looks like and what's actually being done about it.