Episode Summary

New research reveals the UK has become the third most targeted country globally for malware attacks, with over 103 million incidents hitting British businesses in Q2 2025. Host Lucy Harper explains why the UK has become Europe's biggest cybersecurity target and provides immediate protection steps on Microsoft Patch Tuesday.

What You'll Learn

• Why the UK faces over 1 million daily malware attacks, ranking #1 in Europe
• How APC virus targets business automation systems for maximum disruption
• Why Britain's digital economy makes it a prime criminal target
• Four immediate action steps to protect against malware infiltration
• Which website categories harbour the most malware threats

Critical Statistics Mentioned

• 103 million incidents - UK malware attacks in Q2 2025 (7% increase)
• 1,473 incidents per device monthly - UK versus 1,281 in US
• 717,000 APC attacks - Advanced Persistent Cyber virus incidents blocked
• 1 million daily attacks - Targeting UK businesses (every 86 seconds)
• 200,000+ malicious websites - Fake Google sites stealing credentials
• 2 billion blocked cases - Malware on video hosting platforms

Key Sources & References

• ISPreview UK: NordVPN UK malware targeting report
• Digit.fyi: UK malware analysis
• Engineering & Technology: UK cyber attack surge
• NordVPN Research Lab: Q2 2025 Threat Report
• Proofpoint UK: Advanced Persistent Threat analysis
• Palo Alto Networks: APC attack methodology

Episode SponsorEquate Group Limited - Comprehensive cybersecurity services specialising in threat monitoring, incident response, and security awareness training. When your country becomes Europe's biggest malware target, expert guidance is essential.

Visit www.equategroup.com

Your Next Steps

Immediate action required : Install Microsoft Patch Tuesday updates when released today. Implement email link verification, audit video platform access, and deploy brand verification procedures. Professional cybersecurity support essential when facing 1 million daily attacks.

Source Checking Standard

All sources fact-checked through multiple authoritative cybersecurity channels. NordVPN's Q2 2025 Threat Protection Report serves as primary source for UK malware statistics. UK-specific data prioritises government and established technology publications.

Disclaimer

This episode provides general guidance only. Always consult qualified cybersecurity professionals before making critical infrastructure changes. Content based on independent research and industry best practices.🎧 Subscribe for daily cybersecurity updates

👍 Like this episode if it helped you prepare

Production: Small Business Cyber Security Guy Production

Host: Lucy Harper

Sponsor: Equate Group Ltd

Episode Date: Tuesday, 12th August 2025 All rights reserved

Next Episode: Tomorrow we'll analyse what Microsoft patched today and provide specific implementation guidance for UK businesses.

Episode Summary

Critical vulnerabilities in NVIDIA's Triton Inference Server allow complete AI system takeover through sophisticated vulnerability chaining. Host Lucy Harper breaks down how attackers can steal proprietary AI models, manipulate responses, and use compromised servers as network pivot points, providing emergency patch guidance for UK businesses deploying artificial intelligence infrastructure.

What You'll Learn

• How three chained vulnerabilities (CVE-2025-23319, CVE-2025-23320, CVE-2025-23334) enable complete AI server takeover
• Why NVIDIA Triton's Python backend becomes the entry point for sophisticated AI infrastructure attacks
• The business impact of AI model theft, data manipulation, and intellectual property compromise
• 4-step emergency action plan for securing AI infrastructure and preventing exploitation
• How AI-specific security monitoring differs from traditional IT security approaches

Key Sources & References

• Wiz Research: Breaking NVIDIA Triton Vulnerability Chain Analysis
• NVIDIA: Security Bulletin Triton Inference Server August 2025
• The Hacker News: NVIDIA Triton Remote Code Execution Technical Details
• SecurityWeek: NVIDIA Triton Vulnerabilities Risk Assessment
• The Register: NVIDIA Patches Triton Takeover Bug Chain
• Cybersecurity News: NVIDIA Triton Vulnerability Chain Technical Analysis
• Trend Micro: State of AI Security Report 1H 2025

Episode Sponsor

Equate Group - Their expertise addresses the unique security challenges of machine learning deployments that traditional IT security cannot handle.

Visit www.equategroup.com

Your Next Steps

Emergency action required: Update all NVIDIA Triton Inference Server installations to version 25.07 immediately. Audit your AI infrastructure exposure and implement AI-specific security monitoring. This vulnerability chain allows complete system takeover - delays increase exploitation risk exponentially.

Additional AI Security Threats Mentioned

• Redis Vector Database Exploits: Over 250,000 exposed Redis servers used for AI data storage under active targeting
• NVIDIA Container Toolkit Vulnerabilities: External initialization flaws affecting AI deployment infrastructure
• Quantum-AI Hybrid Threats: New attack surfaces emerging at the intersection of AI and quantum computing

Source Verification Standards

All sources cited in this episode have been fact-checked and verified through multiple authoritative channels. Wiz Research serves as the primary source for technical vulnerability details. NVIDIA official security bulletins provide vendor confirmation and patch information. CVSS scores are verified through multiple cybersecurity research channels. UK-specific AI deployment guidance prioritises National Cyber Security Centre recommendations.

Disclaimer

This episode provides general guidance only and shouldn't replace professional cybersecurity advice tailored to your specific business. Cyber threats evolve rapidly, so always verify current threat status and consult qualified security professionals before making critical infrastructure changes. While we've fact-checked our content and provide sources in the episode notes, neither we nor our sponsors nor production company can be held responsible for decisions made based on this briefing. Equate Group Ltd is our sponsor, but all security recommendations are based on independent research and industry best practices.

🎧 Subscribe for daily cybersecurity updates

👍 Like this episode if it helped you prepare

Production: Small Business Cyber Security Guy Production

Host: Lucy Harper

Voice Over: Graham Falkner

Sponsor: Equate Group Ltd

All rights reserved

Episode Summary

UK businesses face a sophisticated new threat as criminals deploy artificial intelligence to industrialize fraud through TikTok Shop. Host Lucy Harper exposes the "FraudOnTok" campaign that's already stolen over £900,000 through 15,000 fake websites, weaponized AI-generated content, and advanced malware specifically designed to hunt cryptocurrency wallets on personal devices that connect to business systems.

What You'll Learn

• How the "FraudOnTok" campaign uses AI to create convincing fake influencer videos at industrial scale
• Why SparkKitty malware specifically targets screenshots to steal cryptocurrency wallet recovery phrases
• How OAuth token theft bypasses traditional password security and multi-factor authentication
• The business risk when employees' personal devices compromise corporate Google accounts
• 4-step emergency protection plan for businesses and individuals using social media platforms
• Weekend-specific threat patterns targeting casual social media users

Critical Statistics Mentioned

• £900,000+ already stolen through FraudOnTok campaign
• 15,000+ fake TikTok Shop domains registered by criminals
• 10,000+ unique fake websites identified by researchers
• 5,000+ malicious applications distributing SparkKitty malware
• .top, .shop, .icu domains most commonly used for fake sites
• Meta ads used to distribute fake content to legitimate audiences
• OAuth tokens provide persistent access even after password changes

Key Sources & References

• CTM360: FraudOnTok Campaign Analysis Report
• The Hacker News: 15,000 Fake TikTok Shop Domains Technical Analysis
• BleepingComputer: CTM360 SparkKitty Malware Research
• Cybersecurity News: SparkKitty Technical Specifications
• Cybernews: Global TikTok Scam Impact Analysis
• Keeper Security: TikTok Shop Safety Guidelines
• F-Secure: TikTok Scam Prevention Guide

Episode Sponsor

Equate Group Limited - Comprehensive cybersecurity services specialising in protecting businesses against sophisticated social engineering attacks that target personal devices connecting to business systems.

Additional Threats Mentioned

• CyberHeist Banking Phish: Parallel campaigns targeting UK banking customers through fake Google advertisements
• Deepfake Identity Verification: AI-generated identity documents sophisticated enough to pass automated verification systems
• Weekend Crypto Surge: Cryptocurrency scams spike during weekends when security monitoring is reduced

Source Verification Standards

All sources cited in this episode have been fact-checked and verified through multiple authoritative cybersecurity research channels. CTM360's FraudOnTok research serves as the primary technical source for campaign details. Financial impact figures are cross-referenced through multiple security vendors. UK-specific threat intelligence prioritises National Cyber Security Centre guidance and UK business impact assessments.

Weekend Security Reminder

Social media scams traditionally spike during weekends when users are more relaxed and security awareness is lower. Stay vigilant with social commerce platforms and remember that legitimate businesses never require cryptocurrency payments for routine transactions.

Disclaimer

This episode provides general guidance only and shouldn't replace professional cybersecurity advice tailored to your specific business. Cyber threats evolve rapidly, so always verify current threat status and consult qualified security professionals before making critical infrastructure changes. Content is based on independent research and industry best practices.

🎧 Subscribe for daily cybersecurity updates

👍 Like this episode if it helped you stay secure

Production: Small Business Cyber Security Guy Production

Host: Lucy Harper

Voice Over: Graham Falkner

Sponsor: Equate Group Ltd

All rights reserved

Episode Summary

Google's August 2025 Android security update finally patches CVE-2025-27038, a critical Qualcomm Adreno GPU vulnerability that cybercriminals have been actively exploiting since June.

What You'll Learn

• Why CVE-2025-27038 represents a fundamental shift in mobile threat landscapes targeting business environments
• How GPU driver exploitations operate with minimal system impact while maintaining persistent device access
• The three-month vulnerability window that left millions of UK business devices exposed to commercial spyware
• 5 immediate actions your business must take to protect against actively exploited Android vulnerabilities
• Why graphics processing units are becoming preferred attack vectors for advanced persistent threat groups

Critical Statistics Mentioned

• Billions of Android devices worldwide affected by CVE-2025-27038
• 7.5 CVSS score (High severity) for the Qualcomm Adreno GPU vulnerability
• 3 months delay between Qualcomm patch availability and Google deployment
• June 2025 - confirmed exploitation start date by Google Threat Analysis Group
• 24th June - CISA deadline for federal agency patching
• 2025-08-05 - required Android security patch level for protection
• 5 additional Android vulnerabilities patched in August 2025 update
• CVE-2025-48530 - critical remote code execution flaw requiring no user interaction

Key Sources & References

• Qualcomm Security Bulletin: June 2025
• Google Android Security Bulletin: August 2025
• CISA Known Exploited Vulnerabilities Catalog
• NVD Database: CVE-2025-27038 Technical Details
• SecurityWeek: Android August 2025 Update Analysis
• The Hacker News: Google Fixes Exploited Vulnerabilities
• BleepingComputer: Qualcomm Adreno GPU Zero-Days
• Cybersecurity News: Qualcomm GPU Vulnerability Analysis

Episode Sponsor

Equate Group - Mobile device management solutions, automated patch deployment services, and comprehensive endpoint protection. When your business Android devices face critical vulnerabilities like CVE-2025-27038,

Equate Group ensures rapid security updates across your entire mobile fleet.

Visit www.equategroup.com or call +44 345 125 5400

Your Next Steps

Don't delay - CVE-2025-27038 is actively being exploited by sophisticated threat actors. Check every business Android device immediately for the August 2025 security update (patch level 2025-08-05). Audit Chrome browser usage on corporate devices and implement enhanced mobile device monitoring protocols.

Additional Current Threats

• Microsoft 365 Direct Send Exploit: Actively exploited - disable if not required for printers/scanners
• SonicWall SSL VPN: Continued exploitation attempts from Episode 1 coverage
• AI Supply Chain Poisoning: "Slopsquatting" attacks targeting businesses using AI coding assistants

Source Verification Standards

All vulnerability data sourced from official Qualcomm and Google security bulletins. CISA Known Exploited Vulnerabilities catalog provides authoritative exploitation confirmation. Technical analysis cross-referenced through multiple cybersecurity publications. UK business impact assessments based on established mobile device usage patterns and SME operational requirements.

Disclaimer

The information in today's episode is for general guidance only and shouldn't replace professional cybersecurity advice tailored to your specific business.

While we've fact-checked our content and provide sources in the episode notes, neither we nor our sponsors nor production company can be held responsible for decisions made based on this briefing.

Equate Group Limited is our sponsor, but all security recommendations are based on independent research and industry best practices.🎧 Subscribe for daily cybersecurity updates targeting UK SMEs

👍 Like this episode if it helped you secure your Android devices

Production: Small Business Cyber Security Guy Production

Host: Lucy Harper

Date: Wednesday, 7th August 2025

Episode: 4 - Critical Android GPU Vulnerability

Sponsor: Equate Group Ltd

All rights reserved

Episode Summary

UK businesses face an unprecedented crisis: three major Microsoft changes hitting simultaneously on October 14th, 2025 - just 69 days away.

Host Lucy Harper breaks down the "Perfect Storm" that could bankrupt unprepared SMEs and provides an emergency action plan for survival.

What You'll Learn

• Why October 14th, 2025 represents the biggest technology threat to UK SMEs since WannaCry
• The three simultaneous Microsoft changes that create a "perfect storm" scenario
• Real cost calculations: why this could represent 200-700% of your annual profit
• 5-step emergency survival plan you must start TODAY
• Sector-specific impacts for manufacturing, retail, and professional services

Critical Statistics Mentioned

• 69 days remaining until October 14th, 2025
• 75% of UK SME employees work on Windows computers
• 40% of business devices cannot upgrade to Windows 11
• £48.19 per device for Extended Security Updates (year 1)
• £1,200 average hardware replacement cost per device
• £12,000 average UK SME annual profit
• 41% of SMEs have dedicated IT staff
• 82% have no clear transition plan

Key Sources & References

• Microsoft Support: Windows 10 EOL October 14, 2025
• Microsoft M365 Admin: Excel external links blocking
• Microsoft ESU Program: Extended Security Updates pricing
• BleepingComputer: Technical Excel security analysis
• BetaNews: NCSC Windows 11 upgrade warning
• Which? UK: Windows 10 security support ending
• Statista: Windows market share data
• Statista: UK SME profit statistics
• Tom's Hardware: ESU pricing analysis

Episode Sponsor

Equate Group Limited - Comprehensive cybersecurity and IT services specialising in complex Microsoft migrations, business continuity planning, and emergency preparedness.

Call them on +44 345 1255400 or Visit the website here

Your Next Steps

Don't wait - with only 69 days remaining, every day of delay increases your vulnerability and reduces your options.

Start your hardware audit immediately and contact IT professionals for complex environments.

Source Verification Standards

All sources cited in this episode have been fact-checked and verified through multiple authoritative channels. Microsoft official documentation serves as the primary source for all policy changes and dates. Financial figures are cross-referenced through multiple industry sources. UK-specific data prioritises government and established UK technology publications.

Disclaimer

This episode provides general guidance only. Always consult qualified cybersecurity professionals before making critical infrastructure changes. Content is based on independent research and industry best practices.🎧 Subscribe for daily cybersecurity updates

👍 Like this episode if it helped you prepare

Production: Small Business Cyber Security Guy Production

Host: Lucy Harper

Sponsor: Equate Group Ltd

All rights reserved

Episode Summary

QR codes have become a weapon of choice for cybercriminals, with UK businesses losing £3.5 million in just one year to "quishing" attacks. This episode breaks down the alarming surge in QR code phishing, how these sophisticated attacks work, and provides five actionable steps every SME can take immediately to protect themselves.

Key Statistics & Facts

• 784 quishing reports to Action Fraud (April 2024 - April 2025)
• £3.5 million stolen from UK victims (reported cases only)
• £4,500 stolen daily through fake QR codes
• 5.3 billion QR code redemptions projected for 2025
• 500,000+ phishing emails now contain QR codes in PDF attachments
• 73% of people scan QR codes without any verification
• £300 average loss per victim in Manchester Trafford Centre attacks

Main Topics Covered

1. Understanding Quishing (QR Code Phishing)

• Definition: Criminals hiding malicious links inside fake QR codes
• Technical method: URL redirection through legitimate-looking intermediate sites
• Physical placement: Fake QR stickers placed over legitimate ones
• Digital distribution: QR codes embedded in PDF email attachments

2. Why Quishing is Exploding

• Massive increase in QR code usage (nearly one scan per person globally)

• Shift from traditional email links to PDF-embedded codes
• Bypasses traditional email security filters
• Exploits trust in QR code technology

3. Real-World UK Attack Patterns

• Car Parks: Fake codes on parking payment machines (primary attack vector)
• HMRC Impersonation: Fake tax-related QR codes timed around deadlines
• Online Shopping: Malicious codes targeting eBay/Facebook Marketplace sellers

• Microsoft 365 Targeting: Sophisticated campaigns targeting personal devices used for work

4. Why SMEs Are Prime Targets

• Employees scan codes using personal phones lacking corporate security

• Limited security awareness training compared to large corporations
• Financial constraints make them more likely to pay quickly when attacked
• Attacks bypass business email filters and firewalls

Sources & References

• Action Fraud (Official UK fraud reporting)
• Barracuda Networks threat research
• FBI cybercrime reports
• Manchester Police incident reports
• HMRC impersonation campaign analysis
• Microsoft 365 targeting research
• PayByPhone/RingGo official app recommendations

Episode Sponsor

Equate Group provides comprehensive security awareness training and mobile device protection, helping SMEs navigate evolving cyber threats while maintaining the convenience of modern technology. Their multi-layered security approach protects against threats from email, malicious websites, and manipulated QR codes in physical spaces.

Legal Disclaimer

The information in this episode is for general guidance only and shouldn't replace professional cybersecurity advice tailored to your specific business. Cyber threats evolve rapidly, so always verify current threat status and consult qualified security professionals before making critical infrastructure changes. While content has been fact-checked with sources provided, neither the hosts, sponsors, nor production company can be held responsible for decisions made based on this briefing.

Sponsor Disclosure: Equate Group Ltd is the episode sponsor, but all security recommendations are based on independent research and industry best practices.

Production: Small Business Cyber Security Guy Production - All rights reserved.

Breaking: Critical SonicWall Vulnerability Threatens UK Small Businesses

Arctic Wolf researchers identified a surge in ransomware attacks targeting SonicWall devices since July 15th, 2025. The Akira ransomware gang exploits a zero-day vulnerability bypassing traditional security measures, affecting thousands of UK SMEs.

Why This Attack Is Different:

• 90-minute deployment: Initial breach to full encryption in under 2 hours
• Bypasses security: Compromises updated devices with MFA enabled
• Massive scale: 300,000+ SonicWall appliances vulnerable, 210,000 unpatched
• Sophisticated infrastructure: Uses established hosting providers
• Long-term campaign: Patterns traced to October 2024

Impact on UK Small Business:SonicWall devices are popular among UK SMEs for enterprise-grade security at accessible prices. Documented breaches accessed 30 months of sensitive data including employee records, salaries, supplier payments, and customer financial information.

Immediate Actions Required:

1. Monitor SSL VPN Logs: Check for authentication attempts from hosting providers rather than typical business connections.

2. Disable SSL VPN: Arctic Wolf recommends disabling services until patches available.

3. Reset Credentials: Change all VPN passwords, verify MFA, remove unused accounts.

4. Review Network Segmentation: Prevent lateral movement targeting virtual machines and backup systems.

Additional Threats To watch for:

• WhatsApp Zero-Click: £1M bounty for exploits targeting business messaging
• Pi-hole Exposure: Vulnerability in GiveWP plugin exposed donor information
• Microsoft Office: External workbook links blocked by default Oct 2025-July 2026

Expert Analysis:This demonstrates why effective cybersecurity requires more than security appliances. Modern threats demand ongoing monitoring, proactive assessment, and rapid reconfiguration capabilities. The compressed timeline makes internal response nearly impossible for small businesses.

Key Terms:

• Zero-day vulnerability: Unknown software weakness with no fix
• SSL VPN: Secure tunnel for remote network access
• Network segmentation: Isolated security zones within networks
• Lateral movement: Criminal exploration after initial compromise
• Ransomware: Software encrypting data for ransom

Sources:

• Arctic Wolf Security Research - SonicWall Analysis (August 2025)
• BleepingComputer - Akira Ransomware Reporting
• Check Point Research - Q2 2025 Ransomware Report
• SonicWall Security Advisory
• NCSC - UK Small Business Threat Assessment
• WhatsApp Security Research
• Microsoft Security Response Centre

The 10-Minute Cyber Fix: Daily cybersecurity intelligence for UK businesses. Sponsored by Equate Group - Visit equategroup.com

Read by Lucy Harper and Graham Faulkner

Written and Produced by The Small Business Cyber Security Guy