Volt Typhoon Activity Confirmed Across UK Water and Energy OT Networks
NCSC and Five Eyes partners have confirmed Volt Typhoon intrusions at operational technology networks in UK water treatment and regional energy distribution. The group is not causing disruption — it is waiting.
Critical Unpatched RCE in Siemens RUGGEDCOM and ScadaBR — No Fix Available for Either
CISA's May 19 ICS advisories flag unauthenticated root-level code execution in Siemens RUGGEDCOM APE1808 and ScadaBR SCADA software. Neither has a patch. The ScadaBR vendor has not responded to CISA.
Volt Typhoon Activity Confirmed Across UK Water and Energy OT Networks
NCSC and Five Eyes partners have confirmed Volt Typhoon intrusions at operational technology networks in UK water treatment and regional energy distribution. The group is not causing disruption — it is waiting.
NHS Trusts Targeted in Coordinated Ransomware Wave as RaaS Affiliates Shift Focus
A cluster of ransomware affiliates, several previously linked to ALPHV/BlackCat, has targeted three NHS trusts in the past six weeks. Attackers are exploiting legacy VPN appliances and unpatched remote access infrastructure.
FIN7 Pivots to Financial Services with New Phishing Infrastructure and Loader Malware
The FIN7 group has refreshed its phishing infrastructure and is deploying a new loader variant against mid-tier UK and European financial institutions. Targets include wealth managers, brokers, and payment processors.
Volt Typhoon: The Long Game in Western Critical Infrastructure
A deep analysis of Volt Typhoon's objectives, methods, and targets — and what the sustained Chinese pre-positioning campaign in Western CNI means for how operators, regulators, and governments need to respond.
Salt Typhoon: How China Compromised the West's Wiretap Infrastructure
The Salt Typhoon campaign against US and European telecommunications carriers was not a data breach in any conventional sense. It was a strategic intelligence operation targeting the systems governments use to conduct lawful surveillance.
Scattered Spider: When Social Engineering Becomes a Professional Discipline
The group behind the MGM Resorts and Caesars Entertainment attacks isn't a nation-state operation or a seasoned criminal enterprise. They're young, English-speaking, and they're better at manipulating people than most security teams are at stopping them.
A joint advisory from CISA, NCSC, and ten allied nations describes how China-linked threat actors have abandoned dedicated attack infrastructure in favour of networks of compromised home routers and IoT devices. The implication for defenders is worse than it sounds.
Why Ransomware Groups Don't Die When You Arrest Their Leaders
The ransomware-as-a-service model has created a resilient criminal infrastructure that survives law enforcement actions, FBI seizures, and individual prosecutions. Understanding why is the first step to defending against it.
The OT/ICS Blind Spot: Why Your Cyber Risk Picture Is Missing Half the Picture
Most boards have a reasonable grasp of IT cyber risk. Almost none have adequate visibility into the operational technology that runs their industrial processes, utilities, and physical infrastructure. This gap is exactly what state actors are exploiting.