In cybersecurity, we often say that attackers only need to be right once – and defenders need to be right every time. Traditionally, we’ve focused on perimeter breaches, phishing campaigns, and zero-day exploits.
But increasingly, attackers are bypassing these hardened defenses and taking a different route: persuading someone on the inside to hand over the keys. A recent BBC investigation illustrated this shift in stark terms. A journalist was approached by the ransomware group Medusa and offered a portion of a ransom if they provided login access to BBC systems.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Threat Landscape of the Building and Construction Sector: IA, Supply Chain, and IoT
November 7, 2025
In 2025, the construction industry stands at the crossroads of digital transformation and evolving cybersecurity risks, making it a prime target for threat actors. Cyber adversaries, including ransomware operators, organized cybercriminal networks, and state-sponsored APT groups from countries such as China, Russia, Iran, and North Korea, are increasingly focusing their attacks on the building and construction ...
- LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices
November 7, 2025
Unit 42 researchers have uncovered a previously unknown Android spyware family, which we have named LANDFALL. To deliver the spyware, attackers exploited a zero-day vulnerability (CVE-2025-21042) in Samsung’s Android image processing library. The specific flaw LANDFALL exploited, CVE-2025-21042, is not an isolated case but rather part of a broader pattern of similar issues found on multiple ...
- Hyundai IT services breach could put 2.7 million Hyundai, Kia owners in the US at risk
November 7, 2025
Hyundai AutoEver America (HAEA), the carmaker’s IT-services subsidiary servicing the North American region, has confirmed suffering a cyberattack and lost sensitive customer data as a result. In a data breach notification letter recently sent out to affected individuals, HAEA explained that the attack began on February 22, 2025, and lasted until March 2, when the attackers ...
- U.S. Congressional Budget Office confirms it was hacked
November 7, 2025
The U.S. Congressional Budget Office has confirmed it was hacked. Caitlin Emma, a spokesperson for CBO, told TechCrunch on Friday that the agency is investigating the breach and “has identified the security incident, has taken immediate action to contain it, and has implemented additional monitoring and new security controls to further protect the agency’s systems ...
- Cisco Releases Security Updates for Unified CCX
November 6, 2025
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4 Read more… Source: NHS Digital Sign up for the Cyber Security Review Newsletter The latest cyber security news and ...
- SonicWall blames state hackers for damaging data breach
November 6, 2025
SonicWall has blamed “state-sponsored threat actors” for the cloud backup security breach which hit its services in September 2025. In an update posted on the company’s website, SonicWall said it completed the investigation into the incident, and confirmed that the malicious activity was “carried out by a state-sponsored threat actor” and was “isolated to the unauthorized ...