Blog
Research, detection engineering notes, and incident response lessons learned.
Latest
The US FCC's decision to ban all new foreign-made consumer routers marks a significant escalation in how Western governments are treating hardware supply chain integrity as a national security issue. For UK and EU CISOs, the implications extend well beyond American regulatory borders.
Cyber security has moved from the server room to the boardroom. Regulators, insurers, and shareholders now expect boards to demonstrate active oversight of cyber risk — and for most organisations, that means understanding what their Security Operations Centre provider is actually delivering. This article sets out the ten areas every board should scrutinise when evaluating a modern SOC provider, from detection engineering and threat intelligence to transparent reporting, compliance alignment, and measurable outcomes.
LockBit has returned with its most ambitious release yet. Version 5.0 introduces purpose-built payloads for Windows, Linux, and VMware ESXi hypervisors, a rewritten codebase with advanced anti-analysis capabilities, and an expanded affiliate programme. This article provides a comprehensive threat intelligence assessment of LockBit 5.0, its technical capabilities, attack chains, and the defensive measures organisations must adopt to protect themselves.
The regulatory environment for cyber security has undergone a fundamental shift. The FCA's PS21/3 operational resilience framework is now fully enforceable, DORA has been in effect since January 2025, and NIS2 transposition is reshaping obligations across the EU — with the UK's own Cyber Security and Resilience Bill following close behind. For organisations navigating these overlapping requirements, a well-structured SOC as a Service engagement is no longer a convenience. It is a compliance enabler. This article maps the specific requirements of each framework to the capabilities a modern managed SOC should deliver.
The modern security operations landscape is drowning in acronyms — EDR, XDR, SIEM, SOAR, NDR, MDR — each promising to solve the detection and response problem. For organisations working with a managed SOC provider, the question is not which technology to choose, but how these technologies should work together to deliver unified visibility, high-fidelity detection, and rapid response across the entire attack surface. This article cuts through the marketing noise and examines the practical architecture of how EDR, XDR and SIEM integrate within a well-engineered managed SOC, where each technology adds value, where the overlaps create either strength or waste, and what the board and security leadership should understand about the stack beneath their SOC service.
The modern SOC is drowning. Industry research consistently reports that organisations receive thousands of security alerts per day, that the majority are false positives, and that analysts are leaving the profession faster than the industry can replace them. Alert fatigue is not a minor inconvenience — it is a structural vulnerability that attackers actively exploit. When every alert looks the same, none of them look important. This article examines the mechanics of alert fatigue, its quantifiable cost to organisations, and the specific practices a well-engineered managed SOC deploys to break the cycle — because the solution is not working harder, but building a fundamentally different operational model.
A major Android adware operation, now known asGhostAd, has been uncovered after spreading quietly through Google Play and affecting millions of users across East and Southeast Asia. Although the apps involved appeared benign at first glance, they concealed aggressive advertising engines that ran continuously in the background, degrading device performance, draining batteries, and causing widespread frustration for victims. The scale of this campaign, combined with the sophistication of its persistence mechanisms, marks it as one of the more impactful adware incidents seen on the platform in recent years.
The holiday shopping season has become one of the most lucrative periods of the year for cybercriminals. Alongside legitimate Black Friday and Christmas offers, threat actors are now operating large, co-ordinated networks of fake online stores designed to steal payment card details and personal information at scale.
In today’s digital landscape, web applications are the backbone of business operations, customer engagement, and data exchange. However, with this reliance comes increased risk. Cyber threats targeting web applications are more sophisticated and frequent than ever. From data breaches to ransomware attacks, organizations face mounting pressure to secure their digital assets.
In today’s digital world, online privacy and security have never been more important. Whether you’re browsing at home, working remotely, or connecting to free Wi-Fi at a café, your data can be exposed to hackers, advertisers, and even your internet service provider (ISP). This is where aVPN (Virtual Private Network)comes in.
AnIncident Response (IR) tabletop exerciseis a discussion-based simulation where team members walk through a hypothetical cybersecurity incident. Unlike full-scale drills, tabletop exercises do not require actual system disruption. Instead, they focus on evaluating how your team responds to scenarios such as data breaches, ransomware attacks, or insider threats.
When common‑use becomes common risk: what Collins Aerospace should have had in place before Europe’s airports went dark