Preventing the Access That Powers Ransomware Lateral Movement (Part 2/2)
Designing upstream controls that cut off access brokers, endpoint breakout, and perimeter device exploitation before T1021 starts
44 reports
Designing upstream controls that cut off access brokers, endpoint breakout, and perimeter device exploitation before T1021 starts
Ransomware lateral movement techniques in 2026 are increasingly identity-led, cloud-aware, and executed through legitimate admin channels, forcing defenders to prioritise high-fidelity telemetry,…
UK financial stability and customer outcomes are increasingly shaped by operational cyber risk: attacks (and disruptive technology failures) that impair critical services, amplify fraud losses,…
Operational profile of the Black Basta ransomware ecosystem (2022–2026) Black Basta, BASTA, ransomware, RaaS, double extortion, UNC4393, Storm-1811, QakBot, DarkGate, Quick Assist, vishing, MITRE…
UK further education (FE) colleges and higher education (HE) institutions face a persistently high-volume threat environment driven by phishing, account compromise, ransomware/extortion, and…
CISA has now flagged CVE-2026-1731 —a critical, pre-authentication remote code execution flaw in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) as being used in ransomware…
LAPSUS$ is an extortion-focused cybercriminal collective best known for high-tempo intrusions against large enterprises and service providers, frequently leveraging social engineering and identity…
In October 2025, multiple threat intelligence and government sources reported active exploitation of a critical, unauthenticated remote code execution vulnerability in Oracle E-Business Suite…
In late September 2025, Asahi Group Holdings disclosed a cyberattack that disrupted core business systems in Japan and later confirmed that personal information linked to nearly two million…
In late June to early July 2025, multiple airlines disclosed cybersecurity incidents affecting internal systems and/or customer data, with reporting and government/industry warnings pointing to…
In February 2025, Lee Enterprises disclosed a material cybersecurity incident that disrupted distribution, billing, collections, and vendor payments across its newspaper portfolio. In a regulatory…
Note on timing: Public reporting and official disclosures indicate the intrusion began in February 2024 , while October 2024 is significant because Change Healthcare informed HHS OCR that ~ 100…