Welcome to Periculo's weekly threat report, where we break down the latest cybersecurity incidents to keep you informed and protected. This week, we saw a major cyberattack on an NHS supplier, affecting 17 million patients, UK Foreign Office finally confirm a breach, and critical vulnerabilities affecting widely used network hardware and software. Read on for the details and our recommendations to stay safe.
This is a significant concern because it demonstrates that even trusted suppliers underpinning frontline care can be targeted by cybercriminals. When a company of this type is compromised, the potential impact extends across thousands of GP practices and millions of patients, increasing the risk to both operational continuity and confidential information. It underlines the need for robust, proactive cybersecurity across the entire healthcare supply chain, not just within direct care providers, given the highly sensitive nature of the data involved.
Recommendations
The UK government has confirmed that hostile actors gained unauthorised access to Foreign, Commonwealth & Development Office (FCDO) systems. The intrusion has been attributed to a China‑linked threat group known as Storm 1849, which is assessed to have exploited a vulnerability in Cisco networking equipment as the initial access vector. Reporting indicates the attackers may have accessed highly sensitive information, including data from thousands of visa applications.
A successful compromise of a central government department represents a serious national security incident. The information potentially exposed can be leveraged for espionage, coercion, and long‑term targeting of individuals and organisations, directly undermining UK interests at home and abroad. It also reinforces a critical point for defence and wider public sector organisations: even highly secured government environments remain attractive targets, and advanced adversaries will actively seek to exploit unpatched infrastructure and supply chain weaknesses wherever they exist.
This incident highlights the importance of keeping all systems, especially those used by the government, secure. Key recommendations include:
A serious security vulnerability has been identified in WatchGuard Firebox appliances, widely used to protect organisational networks, including within health and defence supply chains. Tracked as CVE‑2025‑14733, this flaw allows an unauthenticated attacker on the internet to gain remote control of the device without needing valid credentials. The NHS has issued an alert confirming that this vulnerability is already being actively exploited.
Because Firebox devices often sit at the perimeter of critical networks, this issue presents a high‑impact risk. Once an attacker controls the firewall, they can bypass security controls, pivot further into the internal network, and potentially access or exfiltrate sensitive data. This significantly increases the likelihood of data theft, ransomware deployment, and broader operational disruption across any environment that relies on the affected device for protection.
For more information on how to protect your organisation from these and other threats, contact Periculo about our Threat Intelligence services.