Kirsten Doyle

Iran doesn’t need to fire missiles to be dangerous. It already sees the UK as a threat. And it’s acting accordingly. That’s the clear warning from Parliament’s Intelligence and Security Committee in its July 2025 report. Drawing on classified material, the report exposes Iran’s deep-rooted hostility to the West, and how that ideology is driving a wide range of hostile activity against the UK. From targeted cyber attacks and online espionage to physical threats against dissidents and journalists living in Britain, the Iranian regime is playing a long game. One shaped by survival instinct, historic grievances, and a willingness to…

Europe’s manufacturing sector is under siege. A new report from KnowBe4, released this week, lays bare the growing cyber vulnerabilities facing the continent’s increasingly digitalised production lines. Titled Securing Manufacturing’s Digital Future, the report paints a stark picture: as factories adopt smarter, more connected systems, they are becoming prime targets for ransomware gangs and social engineering attacks. Digital progress has its price Manufacturers are pouring investment into automation and smart infrastructure. But the result is a sprawling attack surface, one that blends IT and operational technology, and opens the door to exploitation.  “Every minute of disruption costs money,” the report…

A high-severity vulnerability in the ServiceNow platform could have exposed vast amounts of sensitive data to low-privileged or even anonymous users. Researchers at Varonis Threat Labs discovered the issue, dubbed Count(er) Strike, which exploits a flaw in how the system displays record counts, offering attackers a quiet but powerful method of data inference and exfiltration. “Any user in an instance could exploit this vulnerability, even those with minimal privileges and no assigned roles,” said Varonis. “All they needed was access to a single misconfigured table.” The exposure risk was broad. ServiceNow is used by 85% of the Fortune 500 to…

Google has quietly switched on default access for its Gemini AI to interact with apps like WhatsApp, even if you previously told it not to. Android users began receiving emails last week alerting them that Gemini now has broader access to their phones. As of 9 July, the AI assistant can read and act on commands involving third-party apps, including messaging services. “We’ve made it easier for Gemini to interact with your device,” the email read. “We’re updating how Gemini interacts with some of the apps on your Android device.” It went on: “Gemini will soon be able to help…

Marks & Spencer chairman Archie Norman has faced tough questions in Parliament after a cyberattack that paralysed the British retailer’s digital operations for months and is expected to cost the company £300 million in lost profits. Appearing before the Business and Trade Committee on 8 July, Norman described the breach as “devastating” but refused to disclose whether M&S had ponied up a ransom to the attackers, citing public interest and ongoing law enforcement matters. “We’ve said that we are not discussing any of the details of our interaction with the threat actor,” he said.  “We don’t think it’s in the…

An unidentified individual used artificial intelligence to impersonate U.S. Secretary of State Marco Rubio, contacting foreign ministers, a U.S. governor, and a member of Congress via voice and text messages, according to a State Department cable first seen by The Washington Post. The impersonator cloned Rubio’s voice using AI-powered software, then reached out through Signal, the encrypted messaging app favored by many officials for its security. The messages mimicked not only Rubio’s voice but also his writing style. The display name, “[email protected], wasn’t a real email address, just another layer in a calculated deception. According to the cable, dated July…

A tax credit consulting firm seems to have exposed the personal data of thousands of Americans after leaving a slew of sensitive documents unprotected online. The breach was discovered by cybersecurity researcher Jeremiah Fowler, who reported his findings to vpnMentor.  As outlined by Fowler, the unencrypted, non-password-protected database contained 245,949 records, which translated to nearly 287 GB of data. Among the files included: addresses, Social Security numbers, work history, and even DD214 U.S. Department of Defense discharge forms. Available to “Anyone With an Internet Connection” “In a limited sampling of the exposed documents, I saw files that detailed PII such…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four more security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, citing clear evidence of active exploitation in the wild.  The latest additions span a range of technologies, some dating back more than a decade. The vulnerabilities are:  CVE-2014-3931 (CVSS score: 9.8) – A buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) that could allow remote attackers to cause an arbitrary memory write and memory corruption   CVE-2016-10033 (CVSS score: 9.8) – A command injection vulnerability in PHPMailer that could allow an attacker to execute arbitrary code within the context of…

Ingram Micro has confirmed a ransomware attack that has forced systems offline and disrupted core services across its global operations. The breach, first reported as an unexplained outage on 3 July has now been linked to the SafePay ransomware group, one of the more active players in the 2025 threat landscape. By 6 July, the IT distribution giant broke its silence: “Ingram Micro recently identified ransomware on certain of its internal systems,” the company said in a statement. “Promptly after learning of the issue, the Company took steps to secure the relevant environment, including proactively taking certain systems offline and…

The biggest threat to your business may no longer be malware or ransomware. It’s your people. Or rather, their identities. Between 2023 and the first quarter of 2025, identity-driven threats surged by 156%, now accounting for 59% of all confirmed cyber incidents, according to new research by eSentire’s Threat Response Unit (TRU). The findings mark a fundamental shift in how attackers gain access to organizations. Instead of breaking in, they log in. Where traditional attacks targeted software flaws or exposed ports, today’s adversaries are choosing the path of least resistance: valid user credentials. Often stolen. Sometimes bought. Occasionally given away.…