Ticker feed

Blacon High School near Chester has shut down temporarily after a ransomware attack hit on Friday. Head teacher Rachel Hudson announced students won't return Monday and Tuesday while cyber-security experts investigate the data breach.

The closure could extend longer as the school waits for all staff devices to be cleaned. Teachers will then need time to re-plan lessons and set up remote work through Google Classroom. Students can still collect lunch from reception between 11:00 and 13:00 GMT on January 20-21.

The school promises to reopen "as soon as it is safe to do so" and will update parents when more information becomes available.

Source: BBC

Cisco released patches Thursday for a maximum severity vulnerability (CVE-2025-20393) in its email security products that Chinese hackers have been exploiting since November. The flaw allows attackers to execute commands with root privileges on affected Secure Email Gateway and Email and Web Manager appliances.

Cisco's Talos team discovered the attacks targeting a small number of devices. The China-linked group UAT-9686 used the zero-day to install backdoors including AquaShell and tunneling tools. The vulnerability stems from poor HTTP request validation in the Spam Quarantine feature.

Patches are available for multiple AsyncOS versions, with no workarounds. Cisco urges immediate updates through the web interface.

Source: SecurityWeek

Cisco confirmed active exploitation of a critical zero-day vulnerability (CVE-2025-20393) in its Secure Email Gateway appliances, scoring a maximum 10.0 CVSS rating. Chinese threat actors UAT-9686, linked to APT41, have been exploiting the flaw since November 2025 to execute remote commands with root privileges.

The attackers deploy custom tools including AquaShell backdoor and AquaTunnel for network pivoting, primarily targeting telecommunications and critical infrastructure for espionage. CISA added the vulnerability to its Known Exploited Vulnerabilities list, requiring federal agencies to patch by December 24, 2025.

Cisco released patches and urges immediate upgrades, as no workarounds exist for this internet-exposed vulnerability.

Source: Cybersecurity News

The Canadian Investment Regulatory Organization (CIRO) disclosed that hackers stole personal data from 750,000 individuals during a sophisticated phishing attack in August 2025. The compromised information includes social insurance numbers, dates of birth, government ID numbers, income details, and investment account information.

CIRO says the breach didn't affect critical operations and there's no evidence the stolen data has been misused or appeared on the dark web. The organization is providing two years of free credit monitoring to affected individuals and has started mailing notification letters to impacted clients.

Source: Security Week

Higham Lane School in Nuneaton shut down Monday after hackers targeted its IT systems, affecting 1,400 students aged 11-18. The Central England Academy Trust school will remain closed until Wednesday as a precautionary measure while cyber security specialists investigate.

The school immediately activated incident response protocols and secured its systems when the attack was discovered. Parents received letters explaining the "difficult decision" was made following expert advice. Students and staff are banned from accessing school systems like Google Classroom and SharePoint during the investigation.

The Department for Education's Cyber Incident Response Team is assisting with the investigation alongside IT experts from the trust.

Source: BBC

Cybercriminals and hacktivists dramatically escalated attacks on industrial control systems in 2025, with vulnerability disclosures jumping from 1,690 to 2,451 across 152 vendors, according to Cyble's latest threat report.

Siemens topped the list with 1,175 reported vulnerabilities, though Schneider Electric faced more severe threats with 70% classified as high or critical. Manufacturing and healthcare bore the brunt of ransomware attacks, seeing 600 and 477 entities compromised respectively.

Hacktivist groups like Z-Pentest increasingly targeted human-machine interfaces and SCADA systems, while geopolitical tensions fueled cyber operations. The Israel-Iran conflict alone sparked activity from 74 hacktivist groups, generating 1.5 million intrusion attempts tied to India-Pakistan tensions.

Cyble warns that exposed industrial systems will face even more aggressive targeting in 2026.

Source: Infosecurity Magazine

Microsoft partnered with international law enforcement to shut down RedVDS, a cybercrime marketplace that enabled attackers to steal millions from businesses worldwide. The $24-per-month service provided criminals with disposable virtual computers to launch phishing campaigns and business email compromise attacks.

RedVDS facilitated major thefts, including $7.3 million from Alabama pharmaceutical company H-2 Pharma and nearly $500,000 from a Florida condominium association. The service operated at massive scale, with 2,600 virtual machines sending 1 million phishing messages daily to Microsoft customers alone.

Since September, attackers compromised over 191,000 organizations globally using RedVDS infrastructure. Microsoft seized two key domains and laid groundwork to identify the operators behind the service.

Source: Dark Reading

Kensington and Chelsea Council suffered a major cyber attack that may have compromised the personal details of hundreds of thousands of residents. The west London authority is warning people to watch for scams using their stolen information and to be suspicious of unexpected calls or messages claiming to be from the council.

The attack also affected shared services with Westminster City Council and Hammersmith and Fulham Council. Cybersecurity experts say local authorities are prime targets because they hold valuable data including social care and housing records, while operating under tight budgets that can leave security gaps.

Council leader Elizabeth Campbell called the breach "serious" and said it could take months to fully assess what data was accessed. The Met's Cyber Crime Unit is investigating, but no arrests have been made yet.

Source: BBC

Cyber fraud has surpassed ransomware as CEOs' biggest digital threat concern, according to the World Economic Forum's 2026 Global Cybersecurity Outlook released Monday. The shift marks a dramatic change from previous years when ransomware dominated executive fears.

A striking 73% of CEOs were personally affected by cyber fraud or knew someone who was in 2025, while 77% believe these attacks increased over the past year. The new top three CEO concerns are cyber fraud, AI vulnerabilities, and software exploitation—notably pushing ransomware off the list entirely.

Interestingly, CISOs still rank ransomware as their primary worry, suggesting different priorities between financial and operational leaders. AI concerns have also evolved, with executives now more worried about employees accidentally exposing data through internal AI tools than hackers weaponizing artificial intelligence.

Source: Security Week

Microsoft released its largest January security update ever, fixing 112 vulnerabilities—nearly double December's count. The standout concern is CVE-2026-20805, a zero-day flaw in Desktop Window Manager that hackers are already exploiting to steal memory information and potentially escalate attacks.

Eight vulnerabilities are flagged as likely exploitation targets, including two critical Windows NTFS buffer overflow bugs that could allow remote code execution. Security experts warn these third-party-reported flaws may soon become public, creating urgency for patches.

Two Microsoft Office vulnerabilities stand out for enabling code execution through the Preview Pane without user interaction—meaning simply viewing a file could trigger an attack.

Source: Dark Reading