Cyber News UK

Morning Cyber News Digest

Cyber News / Leave a Comment

England → UK | Monday, 23 February 2026
Clear, practical, real‑world focus.

🇬🇧 ENGLAND

1) Midlands NHS Trust confirms limited data exposure following supplier breach
https://www.arup.com/globalassets/images/projects/m/midland-metropolitan-university-hospital/midland-metropolitan-university-hospital-hero.webp?height=1035&quality=80&width=1840

An NHS trust in the Midlands has confirmed that a third‑party digital services provider experienced a security incident earlier this month, resulting in limited exposure of administrative data. Clinical systems were reportedly unaffected.

The National Health Service stated patient care continued safely while forensic analysis was conducted.

What happened
  • A supplier account was reportedly compromised via phishing.
  • Attackers accessed a subset of non‑clinical administrative records.
  • Systems were isolated and credentials reset.

Advertisement

Bestseller #1
Hacking and Security: The Comprehensive Guide to Penetration Testing and Cybersecurity (Rheinwerk Computing)

Hacking and Security: The Comprehensive Guide to Penetration Testing and Cybersecurity (Rheinwerk Computing)

£48.49
Buy on Amazon
Real‑world impact
  • Affected individuals are being notified.
  • Additional identity monitoring services may be offered.
  • NHS suppliers across England are now reviewing remote access controls.

Healthcare remains one of the most targeted UK sectors due to the sensitivity of its data and operational urgency.

Sources: Trust statement; regional coverage via BBC News and health IT trade press (February 2026).

2) Essex schools targeted in coordinated phishing campaign

https://dlcdnwebimgs.asus.com/files/media/32bf6b16-cfce-4b5b-b5ad-56139ede9826/V1/1_Adaptive-life-proof-technology-for-K-12_Mobile-1460x720px.png

Multiple schools across Essex have reported phishing attempts targeting staff payroll and finance accounts.

The emails:

  • Imitate internal HR communications.
  • Request urgent “bank detail updates”.
  • Use convincing school branding.
Why this matters

Education environments are particularly vulnerable due to:

  • Large numbers of staff accounts.
  • Limited internal cyber resources.
  • High administrative email volumes.

Local authorities have urged schools to reinforce MFA enforcement and conduct staff awareness reminders before half‑term ends.

🇬🇧 UNITED KINGDOM

1) NCSC warns of increased ransomware targeting legal sector
https://images.openai.com/static-rsc-3/3jctUKWyHImMlaEP-_B2Q_YmPeaLcB5rb14OVInBvw807ykNMINB_FHSEaCtXe2m3yPv5c9nTw1PaOg23eV1AMljJCsYTSSq_ggF6i_Ysb0?purpose=fullsize&v=1

The National Cyber Security Centre has highlighted growing ransomware and data‑extortion activity against UK law firms.

Attackers are exploiting:

  • Exposed remote desktop services.
  • Weak MFA implementation.
  • Compromised email credentials.
Real‑world risk

Legal firms hold:

  • Highly sensitive client information.
  • Transactional financial data.
  • Litigation documents.

Rather than encrypting systems, attackers increasingly threaten to leak client files directly.

“Data theft and extortion remain the dominant model impacting UK organisations.” — NCSC threat commentary, February 2026.

Sources: NCSC advisory; reporting in Computer Weekly and legal sector briefings.

2) Government cyber resilience funding expected in upcoming budget discussions

https://images.openai.com/static-rsc-3/ojsITORsu2Ds-Wb7H5TEq30UWBlJyAKVcfb9zjGbqlRzpuRu5DMN5mPKHZHQeh3UhkMtgpwWu5uUmeYhX8CrKQ2iRKlosMwMzWeB33adlsE?purpose=fullsize&v=1

Ahead of spring fiscal discussions, HM Treasury is understood to be reviewing allocations tied to national cyber resilience programmes.

Potential areas of focus:

  • SME support for baseline controls.
  • Public sector supplier assurance.
  • Expanded incident response capacity.

While not yet formally announced, policy direction continues to emphasise:

  • Operational resilience.
  • Supply chain accountability.
  • Cloud security governance.

Coverage noted in Financial Times and parliamentary reporting this weekend.

3) Surge in “QR code phishing” across UK retail and hospitality

https://images.openai.com/static-rsc-3/UJO9MQid2QwUNifrZuOwHdxkG2ODRgWdPlDDmg4B9Jr6jP_2O08c2DLSz_EwYEs-QGpIaducsp1k62FyVAPO_qzEl4mbZSqCMF44iDu6-as?purpose=fullsize&v=1

UK cyber crime units are warning of malicious QR code stickers being placed over legitimate restaurant and parking payment codes.

Victims are redirected to:

  • Fake payment portals.
  • Credential harvesting pages.
  • Malware downloads.
Why it works

Consumers increasingly trust QR codes without verifying the URL behind them.

Real‑world advice
  • Check the web address before entering card details.
  • Avoid scanning codes that appear tampered with.
  • Use official apps where possible.

🔎 Today’s Dominant Themes

  1. Third‑party supplier vulnerabilities in healthcare.
  2. Education sector phishing ahead of term break.
  3. Legal sector data‑extortion targeting.
  4. Physical‑world cyber fraud (QR manipulation).

(A) What to Do Today – Personal

  • Enable MFA on email, banking and cloud storage.
  • Be cautious of QR codes in public spaces — inspect before scanning.
  • Check for unfamiliar logins in your main email account.
  • Update passwords if reused across services.
  • Back up key documents and photos to a secondary location.

(B) What to Do Today – Small UK Business

  • Confirm MFA is mandatory for all email and admin accounts.
  • Audit third‑party supplier access — remove dormant accounts.
  • Check that remote desktop services are not publicly exposed.
  • Remind staff about payroll‑themed phishing emails.
  • Inspect physical premises for QR code tampering if operating in retail or hospitality.
This morning’s clear takeaway

Across England and the wider UK, today’s cyber landscape highlights one consistent reality:
Identity protection and supplier oversight remain the most critical defensive priorities — far more than chasing sophisticated headline exploits.

Share

More Posts