Cyber Threats Facing UK Further and Higher Education
UK further education (FE) colleges and higher education (HE) institutions face a persistently high-volume threat environment driven by phishing, account compromise, ransomware/extortion, and…
92 reports
UK further education (FE) colleges and higher education (HE) institutions face a persistently high-volume threat environment driven by phishing, account compromise, ransomware/extortion, and…
Tags: Payload ransomware, data broker extortion, double extortion, Tor leak site, ESXi ransomware, RECOVERY-xx0001.txt, IOCs, incident response
Ivanti Endpoint Manager Mobile (EPMM) sits in a uniquely privileged position: it manages device enrollment, policy enforcement, and app/content distribution across entire mobile fleets. When an…
Publish date: 21 February 2026 Category: Threat Intelligence / Defense Evasion / Endpoint Security Tags: EDR, XDR, ransomware, defense evasion, BYOVD, Windows drivers, tamper protection, detection…
Bring Your Own Vulnerable Driver (BYOVD) is a post-compromise technique where attackers load a legitimately signed (but vulnerable) kernel driver and then abuse it to gain ring-0 capabilities…
APT29, also known as Cozy Bear, is a Russian hacker group believed to be affiliated with one or more Russian intelligence agencies. The group has been operating for the Russian Federation since at…
APT31 is a China-linked cyber espionage actor assessed by the U.S. Department of Justice and U.S. Treasury as operating in support of the PRC Ministry of State Security , specifically the Hubei…
CVE-2026-20841 is a high-severity command injection flaw in the modern Windows Notepad (Microsoft Store) application that can result in arbitrary code execution in the context of the logged-in…
Microsoft’s February 2026 Patch Tuesday shipped fixes for 58 vulnerabilities , including six zero-days confirmed as actively exploited and three publicly disclosed issues. Microsoft also fixed…
A widespread data-theft and extortion campaign has targeted organisations’ Salesforce environments by abusing trusted third-party integrations and malicious OAuth “Connected Apps” —rather than…
Notepad++’s update mechanism (WinGUp) was abused in a targeted supply-chain compromise in 2025, where certain users’ update traffic was selectively redirected to attacker-controlled infrastructure…
Microsoft’s January 2026 Patch Tuesday security release shipped fixes for 114 vulnerabilities , including three zero-days (one actively exploited ) and eight Critical issues. The bulk of the fixes…