Flash Briefings

Critical Unpatched RCE in Siemens RUGGEDCOM and ScadaBR — No Fix Available for Either

CISA's May 19 ICS advisories flag unauthenticated root-level code execution in Siemens RUGGEDCOM APE1808 and ScadaBR SCADA software. Neither has a patch. The ScadaBR vendor has not responded to CISA.

Volt Typhoon Activity Confirmed Across UK Water and Energy OT Networks

NCSC and Five Eyes partners have confirmed Volt Typhoon intrusions at operational technology networks in UK water treatment and regional energy distribution. The group is not causing disruption — it is waiting.

NHS Trusts Targeted in Coordinated Ransomware Wave as RaaS Affiliates Shift Focus

A cluster of ransomware affiliates, several previously linked to ALPHV/BlackCat, has targeted three NHS trusts in the past six weeks. Attackers are exploiting legacy VPN appliances and unpatched remote access infrastructure.

FIN7 Pivots to Financial Services with New Phishing Infrastructure and Loader Malware

The FIN7 group has refreshed its phishing infrastructure and is deploying a new loader variant against mid-tier UK and European financial institutions. Targets include wealth managers, brokers, and payment processors.

Salt Typhoon Access Persists in European Telecoms More Than a Year After Initial Disclosure

Fourteen months after the US disclosed Salt Typhoon's compromise of major American carriers, intelligence assessments confirm the same group retains access inside at least two major European telecommunications networks.

Cl0p Exploiting File Transfer Vulnerabilities Across Transport and Logistics Sector

The Cl0p ransomware group is mass-exploiting a newly disclosed vulnerability in a widely used managed file transfer platform. Several European freight and logistics operators have been impacted, with customs and supply chain data exfiltrated.