#threat-actors

#threat-actors

A Common Vulnerability Exposure (CVE) that cannot reach the privilege plane is operationally ineffective - even at a CVSS Score of 10. This should be a core philosophy that is embedded into the fabric of software engineering.

How this proliferation occurred is unclear, but suggests an active market for 'second hand' zero-day exploits. Beyond these identified exploits, multiple threat actors have now acquired advanced exploitation techniques that can be re-used and modified with newly identified vulnerabilities.

Once again threat actors kept cyber pros on their toes in 2025 in a never-ending cat-and-mouse game. But amid the noise, there were some notable stories and incidents affecting household names in the UK - the likes of Marks & Spencer, Co-op, and Jaguar Land Rover - meaning that 2025 will undoubtedly live long in the memory. Here are Computer Weekly's top cyber crime stories of 2025

The AI company said while its large language models (LLMs) refused the threat actor's direct requests to produce malicious content, they worked around the limitation by creating building-block code, which was then assembled to create the workflows. Some of the produced output involved code for obfuscation, clipboard monitoring, and basic utilities to exfiltrate data using a Telegram bot. It's worth pointing out that none of these outputs are inherently malicious on their own.

The threat actor leveraged combinations of sophisticated and stealthy techniques creating multilayered attack kill chains to facilitate access to restricted and segmented network assets within presumed to be isolated environments.