📬 This Week’s Clickables

• 📰 Big News: Scattered Spider attacks UK retail giants + Indian banks go full war room

• 🔥 Can’t Miss: AI agents, Russian DDoS drama, and router zombies

• 👀 Might Have Missed: SAP bugs, Shopify legal headaches, and telecom ghosts

• 🧭 Strange Cyber Story: MI6 goes full James Bond to pull secrets from a sunken yacht

🚨 Big Stories This Week

Scattered Spider’s Social Engineering Mayhem in the UK

The Intro: Scattered Spider, the group behind some major U.S. breaches, is back at it again—this time targeting UK retailers.

What Happened: The hacking group used social engineering techniques, including SIM swapping and impersonating employees, to access privileged accounts at Marks & Spencer and the Co-op. They reportedly manipulated IT help desks into resetting passwords, gaining unauthorized access to critical internal systems.

Why It’s Important: Despite all our tech, humans are still the weakest link. This attack shows how easily social engineering can circumvent even strong technical defenses.

The Other Side: Co-op claims no financial data was accessed, only basic member data. M&S says its backups saved the day, and the NCSC stepped in with updated identity verification guidelines.

The Takeaway: Identity verification protocols matter. And if your help desk is resetting passwords without proper checks, you're one step from becoming the next headline.

TL;DR: Scattered Spider exploited UK help desks to access internal systems. Social engineering remains a favorite (and effective) tool.

More on This:

• The Times Coverage

• Co-op Acknowledges Breach

Indian Banks Prepare for Digital War

The Intro: With geopolitical tensions running high, Indian banks are shoring up their defenses for a potential cyber showdown.

What Happened: Following concerns about attacks linked to Pakistan, Indian banks have gone into full alert mode. Punjab National Bank even created a 24/7 cyber "war room" to track threats and respond in real time.

Why It’s Important: Critical infrastructure, especially financial institutions, are prime targets during geopolitical standoffs.

The Other Side: It’s a proactive approach, but time will tell if the measures are enough to counter nation-state threats.

The Takeaway: When diplomacy is tense, cybersecurity becomes frontline defense.

TL;DR: Indian banks are hardening cyber defenses amid geopolitical fears. War room ready, fingers crossed.

More on This:

• Times of India report 

• Economic Times Analysis

🔥 Can’t Miss This Week

👀 Might Have Missed

🧟‍♂️ Strange Cyber Story of the Week

MI6’s Deep Dive for Secrets

The Intro: It doesn’t get more James Bond than this: MI6 allegedly dove into a sunken yacht to retrieve classified files before Italian authorities could.

What Happened: After the superyacht Bayesian sank in 2024, rumors swirled that it held top-secret UK files. MI6 reportedly beat Italian authorities to the wreck and retrieved encrypted hard drives hidden in waterproof safes.

Why It’s Important: It highlights how international cyber-ops sometimes happen underwater. And yes, literal dives for data.

The Other Side: Italy planned a secure salvage, but MI6 apparently didn’t feel like waiting. Cue the diplomatic awkwardness.

The Takeaway: In cyber-espionage, whoever acts fastest wins—even if it means suiting up and diving in.

TL;DR: MI6 recovered sensitive data from a sunken yacht before Italian authorities. Cyber-spycraft meets scuba gear.

More on This:

• NY Post

• Oceans Vibe

Thanks for reading this week’s edition. If you have feedback or advice, want to submit a dog, or just hate everything you see? Reply back to this email!