Threat Report 173

This week’s report highlights five developments with direct implications for digital health and defence organisations:

- Oracle’s April 2026 security update, delivering 481 fixes across business‑critical platforms.

- A major data exposure involving UK Biobank volunteers, with anonymised records advertised for sale on a Chinese marketplace.

- FIRESTARTER, a new backdoor discovered on Cisco firewall appliances that can remain in place even after patches are applied.

- Criminal groups impersonating IT help desks on Microsoft Teams to persuade staff to install malware.

- A supply chain compromise of the Bitwarden command-line tool, widely used by IT and development teams to manage secrets.

Oracle Releases April 2026 Critical Patch Update — 481 Fixes

Oracle has released its April 2026 Critical Patch Update. This is a scheduled bundle of security fixes that covers 481 separate weaknesses across 28 different Oracle product families. The biggest concerns are in Oracle Communications, which has 139 security holes (93 of which can be attacked from the internet without any login), Oracle Fusion Middleware, which has 46 internet-exploitable flaws that need no login, and Oracle E-Business Suite, which has 18 flaws (8 of them remotely exploitable without a login). NHS England has flagged the update as a medium-severity alert for all healthcare organisations.

Oracle software runs in the background of many UK businesses, hospitals, and NHS suppliers. It is used for finance systems, communications platforms, customer databases, and large healthcare applications. When a vulnerability does not need any login, it means an attacker on the internet can reach the system and try to break in straight away. The number of fixes is also a problem on its own. Big patch sets often slip through busy IT teams, which leaves systems exposed for weeks or months. For DSPT-aligned organisations, missing critical patches is a clear control failure that can affect both audit outcomes and real-world risk.

Recommendations

• Check whether your organisation, or any of your suppliers, runs Oracle Communications, Oracle Fusion Middleware, Oracle E-Business Suite, or any other Oracle product family.
• Prioritise patching for any system that is reachable from the internet or that processes sensitive data.
• Apply the April 2026 Critical Patch Update across all affected systems, starting with the highest-risk ones.
• Ask your managed service providers to confirm in writing when each Oracle system has been patched.
• Add this patch cycle to your vulnerability management tracker so progress can be reviewed at the next risk meeting.

UK Biobank Data on Half a Million Volunteers Listed for Sale on Alibaba

UK Biobank, a charity that holds one of the world's largest sets of biomedical research data, has confirmed that data on around 500,000 of its volunteers was listed for sale on Chinese e-commerce site Alibaba. UK technology minister Ian Murray told the House of Commons that the data was anonymised, but the charity could not fully guarantee that individuals could never be re-identified. The data was traced back to three Chinese research institutions that had accreditation to use UK Biobank's platform. All three have now had their access revoked. Investigations are ongoing, and there is currently no evidence that the data has been bought or downloaded by other parties. UK Biobank and the UK government worked with the Chinese government and Alibaba to take the listings down.

This case is a stark reminder that "anonymised" data is not the same as "safe" data. Once a large set of health information leaves controlled environments, it can be recombined with other data sources and may eventually identify real people. For UK digital health organisations, NHS suppliers, and any service handling research or clinical data, this incident shows how third-party access — even for legitimate research — can create serious data protection risks. It is also relevant for DSPT and UK GDPR compliance: organisations that share data with researchers, partners, or international institutions must be able to track who has it, what they did with it, and how access can be removed if something goes wrong.

Recommendations

• Map every external party that has access to your patient, clinical, or research data, including academic and overseas institutions.
• Review the contracts and data sharing agreements behind those relationships, focusing on data return, deletion, and onward sharing.
• Apply the principle of least privilege — only share the minimum dataset needed, and prefer aggregated or query-based access where possible.
• Use technical controls such as audit logging, watermarking, and download limits when sharing research datasets.
• Review your incident response plan so it covers data being leaked or sold by an authorised third party, not just by an external attacker.
• Speak to your Data Protection Officer about whether existing anonymisation standards still hold up against modern re-identification techniques.

FIRESTARTER Backdoor Hides on Cisco ASA and Firepower Devices, Survives Patches

CISA, working with the UK's National Cyber Security Centre (NCSC), has revealed a new piece of malware called FIRESTARTER. It was found on a US federal agency's Cisco Firepower device running ASA (Adaptive Security Appliance) software. FIRESTARTER is a backdoor — a hidden tool that lets attackers come back to the device whenever they want. It is part of a wider campaign by an advanced attacker group, who first broke in by using earlier Cisco flaws (CVE-2025-20333 and CVE-2025-20362). The worrying part is that FIRESTARTER stays in place even after the original holes are patched. Attackers also use a separate toolkit called LINE VIPER to run commands, capture network traffic, bypass VPN access controls, and quietly turn off log messages.

Cisco ASA and Firepower devices are common in UK enterprises, hospitals, NHS suppliers, and managed service environments. They sit at the edge of the network and are trusted with very sensitive jobs, such as VPN access for remote staff and clinicians. If an attacker plants a backdoor on this kit, they can quietly watch traffic, harvest credentials, and step across into clinical or business systems. Because FIRESTARTER survives patching, simply applying the original Cisco fixes is not enough — you also need to check whether the device was already compromised before the patch was installed. This is a strong example of why "patched" does not always mean "clean".

Recommendations

• Identify every Cisco ASA and Firepower device in use across your estate, including those operated by suppliers or managed service providers.
• Confirm that each device has been updated to a fixed version for CVE-2025-20333 and CVE-2025-20362.
• Follow the official CISA and NCSC guidance for checking ASA and Firepower devices for signs of FIRESTARTER and LINE VIPER.
• Where possible, take suspect devices offline for forensic review rather than just rebooting or reimaging them.
• Review remote access logs, VPN authentication events, and admin actions on these devices for the last 6–12 months.
• Rotate VPN credentials, admin passwords, and any shared secrets used by these devices.

Criminals Use Microsoft Teams Help Desk Impersonation to Drop Malware

A criminal group tracked as UNC6692 has been spotted using a clever social engineering trick on Microsoft Teams. First, the attackers flood a target's inbox with junk email so the user feels overwhelmed. Then someone pretending to be an "IT help desk" agent sends a chat invitation through Teams from outside the organisation. The user, looking for help with the spam, accepts the message. From there, the attacker walks them through actions that lead to a custom malware suite called SNOW being installed on their device. A separate group, tracked by Cato Networks, uses a similar approach with a backdoor called PhantomBackdoor, delivered through obfuscated PowerShell scripts during a Teams meeting.

Most UK NHS trusts, suppliers, and businesses use Microsoft Teams every day. Staff are used to seeing IT messages there, and many will trust a help desk persona by default. This makes Teams a very attractive channel for attackers compared to traditional email phishing. Where the attacker can join a screen share, they can guide users into running PowerShell, approving installs, or handing over codes — bypassing many email and endpoint controls. For digital health and NHS suppliers, a single successful attack like this can give attackers a foothold inside clinical and administrative systems. It is exactly the kind of human-centred attack that DSPT controls around training, access management, and monitoring are designed to catch.

Recommendations

• Restrict or disable external Microsoft Teams chat by default, and only allow it where there is a clear business need.
• Review and tighten Teams settings for screen sharing, meeting joining, and external file transfer.
• Train staff that no genuine IT help desk will message them out of the blue from an external Teams account, especially during an email "storm".
• Set up a clear, well-known channel for staff to verify any IT help desk contact (for example, an internal phone number or ticket portal).
• Harden PowerShell with logging, constrained language mode, and execution policies, and monitor for unusual PowerShell commands run after a Teams meeting.
• Add Teams-based social engineering scenarios to your phishing simulation programme.

Bitwarden CLI Compromised in Ongoing Supply Chain Attack

A malicious version of Bitwarden CLI (the command-line tool for the popular password manager) has been published as part of a wider supply chain campaign affecting a number of open-source projects. Researchers from JFrog and Socket reported that version 2026.4.0 of @bitwarden/cli on npm contained a hidden malicious file called "bw1.js". The attack is believed to have come from a compromised GitHub Action inside Bitwarden's build pipeline, which is the same pattern seen in earlier compromises in this campaign. Bitwarden has released a clean version (2026.4.1), but anyone who installed the bad version may have had secrets and environment variables exposed.

Password managers are a critical control in modern security, and Bitwarden is widely used across UK businesses, IT teams, and NHS suppliers. The CLI tool is often used in scripts, automation, and CI/CD pipelines, where it has access to highly sensitive secrets. A poisoned version of the CLI could quietly steal API keys, tokens, and other secrets used to access cloud, source control, or production systems. Supply chain attacks of this kind are difficult to detect because the malicious code arrives through normal trusted channels, such as npm. For organisations subject to DSPT or working under contracts that require secure development, this is another reason to take open-source dependency hygiene seriously.

Recommendations

• Identify whether @bitwarden/cli has been used anywhere in your environment, including developer machines, build servers, and automation jobs.
• Upgrade affected installations to Bitwarden CLI 2026.4.1 or later.
• Treat any system that ran the compromised version as potentially exposed: rotate the secrets, tokens, and credentials it had access to.
• Review GitHub activity, CI workflows, and connected services for unauthorised access or unexpected changes.
• Add software composition analysis or a similar tool to detect malicious or tampered dependencies in npm and other package ecosystems.
• Make sure your incident response plan covers supply chain compromise of build and developer tooling, not just front-line systems.

Stay Ahead of Threats Like These

Want help staying ahead of threats like these? Contact Periculo, our team supports UK digital health companies and NHS suppliers with practical, hands-on cybersecurity assurance from vulnerability management and DSPT readiness to incident response, AI Assurance and supplier risk reviews.