Cyber Brief: supply chain surge, CBO breach, cloud identity failures

Today’s Cyber Brief highlights a rise in software supply chain attacks, a confirmed data breach within a US government budget agency, and new research showing that identity management gaps remain the biggest cloud security risk. Together, these stories underline how trust, process and privilege remain the weak points most exploited by threat actors.

Software supply chain attacks surge in October 2025

New analysis from Cyble reports that software supply chain attacks rose sharply last month, with 41 recorded incidents, more than 30 percent higher than the previous peak in April. The IT sector led the tally with nearly 120 attacks, followed by finance with around 80. Manufacturing, healthcare and energy each logged between 20 and 30 incidents. Ransomware groups such as Qilin and Akira remain among the most active.

Source: IndustrialCyber

Why it matters:
For UK SMEs and regulated organisations, this increase shows how third-party software continues to be an attacker’s fastest route inside a network. Firms should request software transparency through a Software Bill of Materials (SBOM), verify vendor patching cycles, and isolate third-party integrations wherever possible. Securing your supply chain is now as critical as securing your own network.

US budget office confirms cybersecurity incident

The Congressional Budget Office (CBO) in the United States has confirmed that it suffered a cybersecurity incident that may have exposed internal email communications with Senate offices. Officials have not disclosed attribution, but investigators believe the attack could involve a foreign state actor. The CBO stated that new monitoring tools and controls are now in place following containment.

Source: Reuters

Why it matters:
This breach demonstrates that even non-critical agencies hold valuable data that can be leveraged for influence or espionage. For UK organisations, it is a reminder that sensitive communication data, such as financial reports or strategic plans, must be encrypted and monitored with the same care as customer records. Regular penetration testing of mail and collaboration platforms can reduce these risks.

Cloud breaches continue to stem from identity failures

A new ReliaQuest report finds that most cloud breaches in 2025 originate from weak identity governance rather than unknown vulnerabilities. Over 50 percent of incidents involved privilege escalation or excessive permissions, while 71 percent of critical alerts related to previously known flaws. Researchers conclude that identity lifecycle management is still a neglected area in many cloud operations.

Source: SecurityBrief

Why it matters:
For UK organisations running hybrid or fully cloud environments, over-privileged accounts remain one of the easiest attack paths. Implement least-privilege access, remove dormant accounts, enforce multi-factor authentication, and conduct regular configuration audits. Independent testing of identity controls ensures that misconfigurations or orphaned privileges do not become breach entry points.

Today’s Key Actions

1. Review third-party software use and request SBOM documentation from suppliers.
2. Encrypt and monitor sensitive communication channels, particularly shared mailboxes and collaboration tools.
3. Audit cloud identity roles, enforce MFA, and remove redundant permissions.

Secarma Insight

This week’s stories share one theme: attackers exploit misplaced trust. Whether through vendors, overlooked agencies or forgotten credentials, trust boundaries define modern risk. At Secarma, our Advisory, Certification and Testing services help UK SMEs and regulated firms identify these weak links and strengthen them. Cyber resilience depends on trust that is earned and verified.

Get in touch with us to prioritise your next steps and strengthen your security posture.