Episode Summary
COLT Technology Services, a major UK telecommunications provider, suffers from ongoing ransomware attacks, causing week-long outages affecting thousands of businesses. Host Lucy Harper breaks down the SharePoint vulnerability exploitation and provides emergency supplier risk protection strategies for UK SMEs.
What You'll Learn
Critical Statistics Mentioned
Key Sources & References
Episode Sponsor
Equate Group - Comprehensive cybersecurity and IT services specialising in network resilience planning, business continuity management, and supplier risk assessment.
Visit www.equategroup.com
Your Next Steps
URGENT ACTION REQUIRED:
Source Verification Standards
All sources cited in this episode have been fact-checked and verified through multiple authoritative channels.
Microsoft Security Blog serves as the primary source for technical details on vulnerabilities.
Financial figures are cross-referenced through cybersecurity threat intelligence platforms. UK-specific impact data prioritises telecommunications industry publications and government cybersecurity guidance.
Disclaimer
This episode provides general guidance only. Always consult qualified cybersecurity professionals before making critical infrastructure changes. Content is based on independent research and industry best practices.
🎧 Subscribe for daily cybersecurity updates
👍 Like this episode if it helped you prepare
Production: Small Business Cyber Security Guy Production
Host: Lucy Harper
All rights reserved
Episode Summary
AI-powered cybercriminals are now targeting UK small businesses with unprecedented sophistication, making artificial intelligence threats the top security concern for 35% of SMEs in 2025. Host Lucy Harper breaks down how criminals weaponise machine learning against businesses and provides a five-step action plan to defend against deepfakes, AI-generated phishing, and automated attacks that traditional security cannot detect.
What You'll Learn
AI-Powered Cyber Attacks: How criminals use machine learning to create personalised, sophisticated attacks that bypass traditional security measures and target UK SMEs specifically.
Technical Threat Landscape: The mechanics behind AI-generated phishing, deepfake technology, and automated attack systems that can launch thousands of customised attacks simultaneously.
Business Impact Assessment: Why AI cybercrime contributes to the 27 billion pounds annual cost to the UK economy and how skills shortages leave SMEs vulnerable to advanced threats.
Practical Defence Strategy: Five immediate actions including AI-aware email security, enhanced verification protocols, and employee training specifically designed for AI threat recognition.
Regulatory Compliance Preparation: New UK AI Cyber Security Code requirements, upcoming Cyber Security and Resilience Bill implications, and GDPR changes affecting AI-powered data processing.
Key Sources & References
Six Degrees Research Study: "Mapping the UK SME Cyber Security Landscape in 2025"
UK Government DSIT & NCSC: AI Cyber Security Code of Practice published January 31, 2025
DefCon 33 Official Information: Premier cybersecurity conference featuring DARPA AI Cyber Challenge and emerging threat research
UK Cyber Security Breaches Survey 2025: Government analysis of cybersecurity threat landscape and business impacts
NIST AI Security Framework: Technical standards for identifying and defending against AI-powered cyber attacks
World Economic Forum Case Study: Analysis of 25 million dollar deepfake attack demonstrating advanced AI threat capabilities
Episode Sponsor
Equate Group. Visit equategroup.com
Your Next Steps
Immediate Action Required: Assess your current email security systems against AI-generated phishing threats and implement enhanced verification protocols for all financial transactions exceeding £ 1,000.
Professional Help Recommended: For businesses requiring sophisticated AI threat monitoring and rapid response capabilities, consider partnering with managed security providers who offer AI-powered threat detection services.
Source Verification Standards
All sources cited in this episode have been fact-checked and verified through multiple authoritative channels. UK Government research serves as the primary source for cybersecurity statistics and regulatory requirements. Financial figures are cross-referenced through official government surveys and established cybersecurity research organisations.
Disclaimer
This episode provides general guidance only. Always consult qualified cybersecurity professionals before making critical infrastructure changes. Content is based on independent research and industry best practices.
🎧 Subscribe for daily cybersecurity updates
👍 Like this episode if it helped you prepare
Production: The Small Business Cyber Security Guy Production
Hosts: Lucy Harper & Graham
All rights reserved
#Cybersecurity #AISecurity #UKBusiness #SMESecurity #CyberThreats #BusinessSecurity #Deepfakes #PhishingAttacks #CyberDefense #TechSecurity
Episode Summary
Cybercriminals are selling alleged PayPal credentials for nearly 16 million users on dark web forums, highlighting the devastating reality of credential stuffing attacks targeting UK businesses daily. Hosts Lucy Harper and Graham break down why this threat represents far more than just another data breach and provide an emergency action plan for protecting your business from automated credential attacks.
What You'll Learn
Critical Statistics Mentioned
Key Sources & References
Your Next Steps
Conduct an immediate credential audit across all business accounts and enable multi-factor authentication everywhere today. The alleged PayPal credentials may already be circulating in criminal networks, which are being tested against UK business platforms.
For businesses lacking internal cybersecurity expertise, professional monitoring services can detect and prevent credential stuffing attacks before they cause devastating financial damage.
Source Verification Standards
All sources cited in this episode have been fact-checked and verified through multiple authoritative channels. Cybersecurity research firms and threat intelligence platforms serve as primary sources for attack methodology and statistics. Financial impact figures are cross-referenced through various industry sources. UK-specific data prioritises government cybersecurity surveys and established UK technology security publications.
Disclaimer
This episode provides general guidance only. Always consult qualified cybersecurity professionals before making critical infrastructure changes. Content is based on independent research and industry best practices.
🎧 Subscribe for daily cybersecurity updates👍 Like this episode if it helped you prepare
Production: Small Business Cyber Security Guy Production
Hosts: Lucy Harper and Graham Falkner
Sponsor: Equate Group Ltd
All rights reserved
#CyberSecurity #PayPalBreach #CredentialStuffing #DataBreach #CyberThreats #PasswordSecurity #MFA #TwoFactorAuthentication #UKCyberSecurity #SmallBusiness #BusinessSecurity #DarkWeb #Cybercrime #InfoStealerMalware #CyberIntelligence #ThreatIntelligence #CyberSecurityPodcast #TechPodcast #BusinessPodcast #UKPodcast #CyberNews #SecurityNews #TechNews #BusinessNews #DailyTech #CyberEducation #PasswordManager
Episode Summary
HR giant Workday falls victim to ShinyHunters' sophisticated social engineering campaign, exposing how simple phone calls can bypass enterprise-grade security. Host Lucy Harper breaks down the attack methods and provides actionable defence strategies for UK businesses facing this escalating threat.
What You'll Learn
Critical Statistics Mentioned
Key Sources & References
Episode Sponsor
Equate Group - Comprehensive cybersecurity and IT services specialising in social engineering defence training, security operations centre monitoring, and OAuth application security auditing.
Your Next Steps
Implement immediate social engineering verification protocols across your organisation today. Audit all connected applications with administrative access, particularly CRM and cloud platforms. Establish multi-person approval processes for new application integrations. If your business lacks dedicated cybersecurity expertise, professional social engineering defence training becomes essential.
Source Verification Standards
All sources cited in this episode have been fact-checked and verified through multiple authoritative channels. Cybersecurity research firms and threat intelligence groups serve as primary sources for attack methodology and attribution. Financial figures are cross-referenced through industry security publications. UK-specific risk assessment prioritises government and established UK cybersecurity guidance.
Disclaimer
This episode provides general guidance only. Always consult qualified cybersecurity professionals before making critical infrastructure changes. Content is based on independent research and industry best practices.🎧 Subscribe for daily cybersecurity updates
👍 Like this episode if it helped you prepare
Production: Small Business Cyber Security Guy Production
Host: Lucy Harper
Sponsor:
All rights reserved
Episode Summary
CISA warns of active exploitation targeting N-able N-central RMM platforms used by UK managed service providers. Host Lucy Harper breaks down the critical vulnerabilities affecting thousands of businesses and provides immediate action steps for SME protection.
What You'll Learn
Critical Statistics Mentioned
Key Sources & References
Episode Sponsor
Equate Group Ltd - Comprehensive cybersecurity and IT services specialising in MSP oversight, incident response, and independent security monitoring.
Your Next Steps
Source Verification Standards
All sources cited have been fact-checked through multiple authoritative channels. CISA and N-able serve as primary sources for vulnerability details.
Financial figures cross-referenced through UK government research. All statistics verified through official cybersecurity publications.
Disclaimer
🎧 Subscribe for daily cybersecurity updates
👍 Like this episode if it helped you prepare
Production: Small Business Cyber Security Guy Production
Host: Lucy Harper
All rights reserved
Episode Summary
Host Lucy Harper breaks down why this latest FortiNet incident should represent the final straw in a relentless pattern of Fortinet vulnerabilities and provides a comprehensive action plan for UK businesses to conduct strategic vendor risk assessments.
What You'll Learn
Key Sources & References
Episode Sponsor
Equate Group - Comprehensive cybersecurity and IT services specialising in vendor risk assessment, security architecture transitions, and threat detection monitoring.
Source Verification Standards
All sources cited in this episode have been fact-checked and verified through multiple authoritative channels. GreyNoise threat intelligence serves as the primary source for attack correlation data. CVE details cross-referenced through MITRE, NVD, and CISA Known Exploited Vulnerabilities catalog. Market share figures verified through IDC and Statista industry reports.
All technical claims validated against vendor security advisories and independent security research.
Disclaimer
This episode provides general guidance only. Always consult qualified cybersecurity professionals before making critical infrastructure changes.
Content is based on independent research and industry best practices.
Cyber threats evolve rapidly - verify current threat status before implementing recommendations.🎧 Subscribe for daily cybersecurity updates
👍 Like this episode if it helped you prepare for the Fortinet crisis
Production: Small Business Cyber Security Guy Production
Episode Date: Monday, August 18th, 2025
All rights reserved
Episode Summary
A critical zero-day vulnerability in WinRAR (CVE-2025-8088) is being actively exploited by Russian-aligned criminal groups targeting UK businesses through malicious email attachments. Host Lucy Harper breaks down how two sophisticated threat actors are using this flaw to deploy ransomware and provides immediate steps to protect your business.
What You'll Learn
Critical Statistics Mentioned
Key Sources & References
Episode Sponsor
Equate Group - Comprehensive cybersecurity and IT services specialising in patch management, security awareness training, and incident response planning.
Visit www.equategroup.com
Your Next Steps
Source Verification Standards
All sources cited in this episode have been fact-checked and verified through multiple authoritative channels. ESET Research serves as the primary source for vulnerability discovery and exploitation details. Financial figures and exploit pricing are cross-referenced through cybersecurity intelligence firms. UK-specific data prioritises government sources and established UK technology security publications.
Disclaimer
This episode provides general guidance only. Always consult qualified cybersecurity professionals before making critical infrastructure changes. Content is based on independent research and industry best practices.
🎧 Subscribe for daily cybersecurity updates
👍 Like this episode if it helped you prepare
Production: Small Business Cyber Security Guy Production
Host: Lucy Harper
All rights reserved
Episode Summary
Cybersecurity researchers reveal how thousands of trusted Lenovo webcams can be remotely converted into persistent BadUSB attack weapons that survive complete system wipes. Host Lucy Harper breaks down the BadCam vulnerability (CVE-2025-4371) and provides immediate protection strategies for UK businesses using affected devices.
What You'll Learn
Critical Statistics Mentioned
Key Sources & References
Episode Sponsor
Equate Group Ltd - Comprehensive cybersecurity and IT services specialising in device security assessment, firmware threat management, and peripheral ecosystem auditing. Visit www.equategroup.com
Your Next Steps
Audit all Lenovo webcams immediately, checking model numbers for 510 FHD and Performance FHD variants. Update any device running firmware earlier than version 4.8.0 and implement USB device monitoring policies.
For businesses with multiple vulnerable devices or complex peripheral environments, professional security assessment becomes essential to prevent firmware-level compromise.
Source Verification Standards
All sources cited in this episode have been fact-checked and verified through multiple authoritative channels. Eclypsium security research serves as the primary source for BadCam technical details and attack methodology. Vulnerability information is cross-referenced through official CVE databases and manufacturer security bulletins. UK-specific guidance prioritises NCSC recommendations and established UK cybersecurity publications.
Disclaimer
This episode provides general guidance only. Always consult qualified cybersecurity professionals before making critical infrastructure changes. Content is based on independent research and industry best practices.
🎧 Subscribe for daily cybersecurity updates
👍 Like this episode if it helped you prepare
Production: Small Business Cyber Security Guy Production
Host: Lucy Harper
All rights reserved
Episode Summary
Microsoft's August 2025 Patch Tuesday delivers 107 vulnerability fixes including one actively exploited zero-day, while critical updates from Adobe, Google, Cisco, and WinRAR address zero-day attacks across the software ecosystem. Host Lucy Harper breaks down the coordinated multi-vendor security response and provides immediate deployment guidance for UK businesses.
What You'll Learn
Critical Statistics Mentioned
Key Sources & References
Episode Sponsor
Equate Group Ltd - Comprehensive cybersecurity services specialising in emergency patch coordination, multi-vendor security management, and business continuity planning.
Visit www.equategroup.com
Your Next Steps
Deploy Microsoft KB5063878 within 48 hours for internet-exposed systems. Coordinate Adobe, WinRAR, and Android updates across your technology stack. Create vendor tracking spreadsheet to prevent critical updates being overlooked during complex multi-vendor deployments.
Source Verification Standards
All vulnerability statistics verified through Microsoft Security Update Guide and vendor security advisories. CVE references cross-checked through official security bulletins. UK business impact assessments based on industry deployment patterns and SME technology usage data.
DisclaimerThis episode provides general guidance only. Always consult qualified cybersecurity professionals before making critical infrastructure changes. Content is based on independent research and industry best practices.
🎧 Subscribe for daily cybersecurity updates
👍 Like this episode if it helped you prepare
Production: Small Business Cyber Security Guy Production
Host: Lucy Harper
Sponsor: Equate Group Ltd
All rights reserved
Episode Summary
New research reveals the UK has become the third most targeted country globally for malware attacks, with over 103 million incidents hitting British businesses in Q2 2025. Host Lucy Harper explains why the UK has become Europe's biggest cybersecurity target and provides immediate protection steps on Microsoft Patch Tuesday.
What You'll Learn
Critical Statistics Mentioned
Key Sources & References
Episode SponsorEquate Group Limited - Comprehensive cybersecurity services specialising in threat monitoring, incident response, and security awareness training. When your country becomes Europe's biggest malware target, expert guidance is essential.
Visit www.equategroup.com
Your Next Steps
Immediate action required : Install Microsoft Patch Tuesday updates when released today. Implement email link verification, audit video platform access, and deploy brand verification procedures. Professional cybersecurity support essential when facing 1 million daily attacks.
Source Checking Standard
All sources fact-checked through multiple authoritative cybersecurity channels. NordVPN's Q2 2025 Threat Protection Report serves as primary source for UK malware statistics. UK-specific data prioritises government and established technology publications.
Disclaimer
This episode provides general guidance only. Always consult qualified cybersecurity professionals before making critical infrastructure changes. Content based on independent research and industry best practices.🎧 Subscribe for daily cybersecurity updates
👍 Like this episode if it helped you prepare
Production: Small Business Cyber Security Guy Production
Host: Lucy Harper
Sponsor: Equate Group Ltd
Episode Date: Tuesday, 12th August 2025 All rights reserved
Next Episode: Tomorrow we'll analyse what Microsoft patched today and provide specific implementation guidance for UK businesses.
Episode Summary
Critical vulnerabilities in NVIDIA's Triton Inference Server allow complete AI system takeover through sophisticated vulnerability chaining. Host Lucy Harper breaks down how attackers can steal proprietary AI models, manipulate responses, and use compromised servers as network pivot points, providing emergency patch guidance for UK businesses deploying artificial intelligence infrastructure.
What You'll Learn
Key Sources & References
Episode Sponsor
Equate Group - Their expertise addresses the unique security challenges of machine learning deployments that traditional IT security cannot handle.
Visit www.equategroup.com
Your Next Steps
Emergency action required: Update all NVIDIA Triton Inference Server installations to version 25.07 immediately. Audit your AI infrastructure exposure and implement AI-specific security monitoring. This vulnerability chain allows complete system takeover - delays increase exploitation risk exponentially.
Additional AI Security Threats Mentioned
Source Verification Standards
All sources cited in this episode have been fact-checked and verified through multiple authoritative channels. Wiz Research serves as the primary source for technical vulnerability details. NVIDIA official security bulletins provide vendor confirmation and patch information. CVSS scores are verified through multiple cybersecurity research channels. UK-specific AI deployment guidance prioritises National Cyber Security Centre recommendations.
Disclaimer
This episode provides general guidance only and shouldn't replace professional cybersecurity advice tailored to your specific business. Cyber threats evolve rapidly, so always verify current threat status and consult qualified security professionals before making critical infrastructure changes. While we've fact-checked our content and provide sources in the episode notes, neither we nor our sponsors nor production company can be held responsible for decisions made based on this briefing. Equate Group Ltd is our sponsor, but all security recommendations are based on independent research and industry best practices.
🎧 Subscribe for daily cybersecurity updates
👍 Like this episode if it helped you prepare
Production: Small Business Cyber Security Guy Production
Host: Lucy Harper
Voice Over: Graham Falkner
Sponsor: Equate Group Ltd
All rights reserved
Episode Summary
UK businesses face a sophisticated new threat as criminals deploy artificial intelligence to industrialize fraud through TikTok Shop. Host Lucy Harper exposes the "FraudOnTok" campaign that's already stolen over £900,000 through 15,000 fake websites, weaponized AI-generated content, and advanced malware specifically designed to hunt cryptocurrency wallets on personal devices that connect to business systems.
What You'll Learn
Critical Statistics Mentioned
Key Sources & References
Episode Sponsor
Equate Group Limited - Comprehensive cybersecurity services specialising in protecting businesses against sophisticated social engineering attacks that target personal devices connecting to business systems.
Additional Threats Mentioned
Source Verification Standards
All sources cited in this episode have been fact-checked and verified through multiple authoritative cybersecurity research channels. CTM360's FraudOnTok research serves as the primary technical source for campaign details. Financial impact figures are cross-referenced through multiple security vendors. UK-specific threat intelligence prioritises National Cyber Security Centre guidance and UK business impact assessments.
Weekend Security Reminder
Social media scams traditionally spike during weekends when users are more relaxed and security awareness is lower. Stay vigilant with social commerce platforms and remember that legitimate businesses never require cryptocurrency payments for routine transactions.
Disclaimer
This episode provides general guidance only and shouldn't replace professional cybersecurity advice tailored to your specific business. Cyber threats evolve rapidly, so always verify current threat status and consult qualified security professionals before making critical infrastructure changes. Content is based on independent research and industry best practices.
🎧 Subscribe for daily cybersecurity updates
👍 Like this episode if it helped you stay secure
Production: Small Business Cyber Security Guy Production
Host: Lucy Harper
Voice Over: Graham Falkner
Sponsor: Equate Group Ltd
All rights reserved
Episode Summary
Google's August 2025 Android security update finally patches CVE-2025-27038, a critical Qualcomm Adreno GPU vulnerability that cybercriminals have been actively exploiting since June.
What You'll Learn
Critical Statistics Mentioned
Key Sources & References
Episode Sponsor
Equate Group - Mobile device management solutions, automated patch deployment services, and comprehensive endpoint protection. When your business Android devices face critical vulnerabilities like CVE-2025-27038,
Equate Group ensures rapid security updates across your entire mobile fleet.
Visit www.equategroup.com or call +44 345 125 5400
Your Next Steps
Don't delay - CVE-2025-27038 is actively being exploited by sophisticated threat actors. Check every business Android device immediately for the August 2025 security update (patch level 2025-08-05). Audit Chrome browser usage on corporate devices and implement enhanced mobile device monitoring protocols.
Additional Current Threats
Source Verification Standards
All vulnerability data sourced from official Qualcomm and Google security bulletins. CISA Known Exploited Vulnerabilities catalog provides authoritative exploitation confirmation. Technical analysis cross-referenced through multiple cybersecurity publications. UK business impact assessments based on established mobile device usage patterns and SME operational requirements.
Disclaimer
The information in today's episode is for general guidance only and shouldn't replace professional cybersecurity advice tailored to your specific business.
While we've fact-checked our content and provide sources in the episode notes, neither we nor our sponsors nor production company can be held responsible for decisions made based on this briefing.
Equate Group Limited is our sponsor, but all security recommendations are based on independent research and industry best practices.🎧 Subscribe for daily cybersecurity updates targeting UK SMEs
👍 Like this episode if it helped you secure your Android devices
Production: Small Business Cyber Security Guy Production
Host: Lucy Harper
Date: Wednesday, 7th August 2025
Episode: 4 - Critical Android GPU Vulnerability
Sponsor: Equate Group Ltd
All rights reserved
Episode Summary
UK businesses face an unprecedented crisis: three major Microsoft changes hitting simultaneously on October 14th, 2025 - just 69 days away.
Host Lucy Harper breaks down the "Perfect Storm" that could bankrupt unprepared SMEs and provides an emergency action plan for survival.
What You'll Learn
Critical Statistics Mentioned
Key Sources & References
Episode Sponsor
Equate Group Limited - Comprehensive cybersecurity and IT services specialising in complex Microsoft migrations, business continuity planning, and emergency preparedness.
Call them on +44 345 1255400 or Visit the website here
Your Next Steps
Don't wait - with only 69 days remaining, every day of delay increases your vulnerability and reduces your options.
Start your hardware audit immediately and contact IT professionals for complex environments.
Source Verification Standards
All sources cited in this episode have been fact-checked and verified through multiple authoritative channels. Microsoft official documentation serves as the primary source for all policy changes and dates. Financial figures are cross-referenced through multiple industry sources. UK-specific data prioritises government and established UK technology publications.
Disclaimer
This episode provides general guidance only. Always consult qualified cybersecurity professionals before making critical infrastructure changes. Content is based on independent research and industry best practices.🎧 Subscribe for daily cybersecurity updates
👍 Like this episode if it helped you prepare
Production: Small Business Cyber Security Guy Production
Host: Lucy Harper
Sponsor: Equate Group Ltd
All rights reserved
Episode Summary
QR codes have become a weapon of choice for cybercriminals, with UK businesses losing £3.5 million in just one year to "quishing" attacks. This episode breaks down the alarming surge in QR code phishing, how these sophisticated attacks work, and provides five actionable steps every SME can take immediately to protect themselves.
Key Statistics & Facts
Main Topics Covered
1. Understanding Quishing (QR Code Phishing)
2. Why Quishing is Exploding
3. Real-World UK Attack Patterns
4. Why SMEs Are Prime Targets
Sources & References
Episode Sponsor
Equate Group provides comprehensive security awareness training and mobile device protection, helping SMEs navigate evolving cyber threats while maintaining the convenience of modern technology. Their multi-layered security approach protects against threats from email, malicious websites, and manipulated QR codes in physical spaces.
Legal Disclaimer
The information in this episode is for general guidance only and shouldn't replace professional cybersecurity advice tailored to your specific business. Cyber threats evolve rapidly, so always verify current threat status and consult qualified security professionals before making critical infrastructure changes. While content has been fact-checked with sources provided, neither the hosts, sponsors, nor production company can be held responsible for decisions made based on this briefing.
Sponsor Disclosure: Equate Group Ltd is the episode sponsor, but all security recommendations are based on independent research and industry best practices.
Production: Small Business Cyber Security Guy Production - All rights reserved.
Breaking: Critical SonicWall Vulnerability Threatens UK Small Businesses
Arctic Wolf researchers identified a surge in ransomware attacks targeting SonicWall devices since July 15th, 2025. The Akira ransomware gang exploits a zero-day vulnerability bypassing traditional security measures, affecting thousands of UK SMEs.
Why This Attack Is Different:
Impact on UK Small Business:SonicWall devices are popular among UK SMEs for enterprise-grade security at accessible prices. Documented breaches accessed 30 months of sensitive data including employee records, salaries, supplier payments, and customer financial information.
Immediate Actions Required:
1. Monitor SSL VPN Logs: Check for authentication attempts from hosting providers rather than typical business connections.
2. Disable SSL VPN: Arctic Wolf recommends disabling services until patches available.
3. Reset Credentials: Change all VPN passwords, verify MFA, remove unused accounts.
4. Review Network Segmentation: Prevent lateral movement targeting virtual machines and backup systems.
Additional Threats To watch for:
Expert Analysis:This demonstrates why effective cybersecurity requires more than security appliances. Modern threats demand ongoing monitoring, proactive assessment, and rapid reconfiguration capabilities. The compressed timeline makes internal response nearly impossible for small businesses.
Key Terms:
Sources:
The 10-Minute Cyber Fix: Daily cybersecurity intelligence for UK businesses. Sponsored by Equate Group - Visit equategroup.com
Read by Lucy Harper and Graham Faulkner
Written and Produced by The Small Business Cyber Security Guy