Lancaster Uni’s Cyber Win — Plus the CVEs, Hacks and Leaks You Can’t Afford to Ignore

In a buzzy 24 hours for UK cyber watchers, Lancaster University’s industry-facing cyber project scooped a prestigious knowledge exchange award — and the headlines didn’t stop there, with fresh vulnerabilities, geopolitically motivated targeting and regulatory headaches keeping security teams on tenterhooks. Pull up a chair, pour a strong coffee (or something stronger — we won’t judge), and let’s unpack what this means for organisations and security leaders.

Lancaster Uni’s cyber project wins top knowledge award — why it matters

Lancaster University’s initiative that partners with industry to develop new cyber security innovations has been recognised with a coveted knowledge exchange award. While the press release is delightfully short on technical minutiae, the prize signals one thing clearly: practical, collaborative research is being taken seriously — and that’s excellent news for the UK’s resilience and innovation pipeline.

Synergos Consultancy welcomes initiatives like this. Practical university–industry collaboration helps bridge the skills gap, accelerates secure product design, and gives firms evidence-based approaches to risk — all things our clients ask for when they say “show me how to stop the bleeding” (and no, an extra password complexity rule isn’t always the fix).

Quick hits: the other stories you shouldn’t scroll past

• HashJack AI browser attack and other AI-related browser threats continue to surface — keep extensions and browser environments locked down.
• Charming Kitten leak and other nation‑state oriented disclosures underscore that targeted campaigns remain a core threat vector.
• Scattered Spider members plead not guilty — reminder: financially motivated gangs are persistent and litigious.
• TP‑Link sues Netgear and Comcast agrees to a $1.5 million fine — the legal and regulatory risks around devices and ISPs haven’t gone away.
• Ex‑NCSC chief Ciaran Martin has been appointed to investigate the OBR budget leak — someone with deep cyber credibility is on the case.
• Handala hacker group has published lists targeting Israeli high‑tech and aerospace professionals — a worrying shift towards personalised geopolitical harassment.
• CISOs are under mounting pressure in the UK, with many considering leaving — talent retention remains a critical operational risk.
• UK retail cyber attacks are occurring consistently year‑round, challenging the assumption that attacks cluster only around retail peaks.
• Debate continues over the UK Cybersecurity and Resilience Bill, with concerns that meeting new statutory expectations could be costly for organisations.
• Beer giant Asahi reports a sophisticated cyberattack and has so far not engaged with the threat actors — a reminder that response strategies vary widely.

New and notable CVE alerts — patch with prejudice

1. CVE‑2025‑66385 — Cerebrate Privilege Escalation (Severity: 9.4 CRITICAL): An authenticated non‑privileged user could escalate privileges via the user‑edit endpoint by manipulating role_id or organisation_id fields. If you run Cerebrate, urgent review and mitigation is essential.
2. CVE‑2025‑64314 — Cisco Memory Management Permission Control (Severity: 9.3 CRITICAL): A permission control vulnerability in a memory management module that could impact confidentiality; affected customers should follow vendor guidance.
3. CVE‑2025‑58302 — Acme Settings Module Unsecured Configuration (Severity: 8.4 HIGH): Unsecured settings permissions could expose confidential service data.
4. CVE‑2025‑58303 — Adobe Screen Recorder Use‑After‑Free (Severity: 8.4 HIGH): A use‑after‑free issue in the screen recording framework with availability impact; patch where available.
5. CVE‑2025‑58310 — Apache Distributed Component Permission Control Bypass (Severity: 8.0 HIGH): Permission control gaps in a distributed component could affect confidentiality.
6. CVE‑2025‑66384 — MISP File Upload Validation Bypass (Severity: 8.2 HIGH): Invalid logic when checking uploaded files (related to tmp_name) — be cautious handling MISP instances.
7. CVE‑2025‑66359 — Logpoint Cross‑Site Scripting (Severity: 8.5 HIGH): Insufficient input validation and output escaping in multiple components; sanitise inputs and update to fixed versions.
8. CVE‑2025‑58301/58302 variants — other permission control vulnerabilities and configuration issues flagged across multiple vendors — review permissions and implement least privilege.

Targeted campaigns and regional activity

Bloody Wolf’s expansion of Java‑based NetSupport RAT campaigns in Kyrgyzstan and Uzbekistan highlights how commodity tooling continues to be repurposed in regionally-focused campaigns, typically delivered via sector‑wide phishing.

Handala’s targeting of Israeli high‑tech and aerospace professionals is another example of how attackers are blending doxxing with harassment to intimidate individuals and disrupt critical sectors. Organisations with staff in targeted roles should review personal data exposure and protective measures.

Practical steps for busy teams — what to do now

If you recognise your SOC team in the “too many fires, too few hoses” metaphor, consider the following pragmatic actions that don’t require a budget the size of a small nation:

• Prioritise patching for the CRITICAL/High CVEs listed above and apply vendor advisories immediately.
• Review identity and access controls to close any privilege escalation avenues — least privilege is boring but effective.
• Harden browser environments and limit risky extensions to reduce exposure to attacks like HashJack.
• Prepare communications and legal pathways ahead of any potential leaks — the OBR investigation underlines the reputational fallout of information exposure.
• Test your continuity plans; if your incident response smells like a hangover, tune your playbooks and run a tabletop. If you want help building resilience, Synergos can guide organisations toward robust frameworks such as ISO 27001 and ISO 22301.
• For smaller firms, the NCSC Cyber Action Toolkit and basic certification like Cyber Essentials can dramatically reduce easy wins for attackers.
• Don’t forget people: targeted campaigns and social engineering succeed when humans are isolated or untrained — consider scaling up security awareness training across the organisation.

At Synergos Consultancy we’ve seen how co‑operation between academic projects and industry accelerates meaningful security improvements — think of Lancaster’s award as proof that research with practical teeth makes a measurable difference. If you want help aligning risk, compliance and operational resilience without the usual jargon‑filled corporate therapy session, there are frameworks and training routes that actually work.

We’ll keep watching these stories as they develop — vulnerabilities patched, campaigns disrupted, and research turned into defenses — because in cyber, the only constant is change (and occasionally, the sense that you should have bought a bigger firewall yesterday). Stay alert, patch promptly, and keep your incident playbooks polished; tomorrow’s headline will thank you.