UK unveils the Cyber Security and Resilience Bill

The UK has unveiled the Cyber Security and Resilience Bill, a major reform designed to strengthen national security and protect essential services from rising cyber threats. The legislation will raise cyber standards across sectors such as healthcare, energy, water and transport, ensuring that disruptions like cancelled NHS appointments or supply chain outages become far less likely.

For the first time, medium and large managed service providers offering IT support, cyber security or help desk services to public bodies and businesses will fall under regulation, requiring them to report significant incidents within tight timeframes and maintain robust response plans. Regulators will also have new powers to designate critical suppliers and enforce tougher penalties for serious failures.

The Bill brings data centres into scope and introduces safeguards for smart-energy systems, reflecting the growing importance of digital infrastructure. With the average major cyber incident now costing over £190,000, the government argues the reforms are essential to improving national resilience and reducing economic risk.

Microsoft issues patches for 63 security flaws, including an actively exploited Windows Kernel zero-day

Microsoft has released fixes for 63 newly identified security flaws across its products, including a Windows Kernel zero-day already being exploited in real-world attacks. Four vulnerabilities are rated Critical and 59 Important, covering issues ranging from privilege escalation to remote code execution and information disclosure.

The most serious is CVE-2025-62215, a privilege escalation flaw caused by a race condition in the Windows Kernel. Attackers who already have low-level access can exploit the bug to gain SYSTEM privileges by repeatedly triggering a “double free” memory corruption, effectively taking control of an affected device. Microsoft discovered the flaw internally, but details on active exploitation remain limited.

Other patches address high-severity buffer overflows in Microsoft’s Graphics Component and the Windows Subsystem for Linux GUI, both of which could enable remote code execution. A separate Kerberos privilege escalation flaw, codenamed CheckSum, allows attackers to impersonate users and potentially compromise entire Active Directory domains. Organisations using AD with Kerberos delegation enabled are urged to prioritise updates.

Danabot resurfaces with new infrastructure six months after Operation Endgame takedown

The banking trojan DanaBot has re-emerged with a new version just half a year after its infrastructure was disrupted by international law enforcement. Researchers have identified a rebuilt variant, version 669, which now uses Tor-based command-and-control domains and back connect nodes to evade detection and regain operational capability.

DanaBot began as a Delphi-based banking trojan delivered through phishing and malvertising, later evolving into a modular information stealer and loader targeting browser-stored credentials and cryptocurrency wallets. Despite a major hit from Operation Endgame in May, the operators behind DanaBot were never fully dismantled, allowing the malware to return with updated infrastructure and renewed activity.

Zscaler has also linked several cryptocurrency wallets in BTC, ETH, LTC and TRX to recent DanaBot campaigns, underlining the financial motivation behind its persistence. Infection routes continue to include malicious emails, SEO poisoning and malvertising, with some attacks serving as gateways to ransomware.

Organisations are advised to update security tools and block the new IoCs published by Zscaler to reduce exposure to the resurging threat.

Latin America becomes the most cyber-attacked region as global threats continue to rise

New research shows that Latin America has overtaken Africa as the most targeted region for cyber attacks. In October, organisations in Latin America faced an average of 2 966 attacks per week, a 16% year-on-year increase. Africa followed with 2 782 weekly attacks, but importantly recorded a 15% overall reduction, which researchers attribute to rising cyber security investment across the continent, particularly in external risk management and improved DDoS defences.

Globally, organisations saw an average of 1 938 attacks per week, up 5% year on year. North America experienced the sharpest rise, with an 18% surge fuelled largely by ransomware, which saw 801 publicly reported incidents in October. Qilin, Akira and Sinobi accounted for nearly 40% of all cases.

The report also highlights growing data-exposure risks linked to enterprise GenAI use, with one in 44 prompts containing high-risk sensitive information. Education remained the most targeted industry worldwide, while hospitality saw a steep 40% increase as peak season approaches.

Dutch broadcaster RTV Noord was hit by cyber attack

Dutch TV and radio broadcaster RTV Noord was heavily disrupted by a cyber attack that knocked out its digital systems and forced presenters to improvise live on air. The incident, discovered on 6 November, left staff on the “De Ochtendploeg” breakfast show unable to access computers, pushing them back to CDs and even vinyl records to keep programmes running.

While the broadcaster has not disclosed the nature of the attack, it confirmed that intruders left a message on its network, strongly suggesting ransomware. Given similar recent incidents and the level of disruption, the likelihood of a ransom demand or data-leak threat is high.

The impact is particularly serious because RTV Noord also serves as an official emergency broadcaster for the Groningen region, meaning any outage could hinder the delivery of critical public information. Internal systems were so affected that the newsroom could only be reached via WhatsApp.

The attack comes as ransomware groups increasingly target broadcasters for maximum leverage, with Spain’s KISS-FM also claimed by Rhysida on the same day.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.