TRACE Cyber Intelligence Pulse - 14 November 2025
Cyber threats do not wait for you to catch up. Stay ahead with CyXcel’s weekly threat intelligence foresight, grounded in real-world incident response and powered by our fusion of legal, technical and strategic expertise.
Edited by: Samuel Kudláč, Senior Analyst, and Danny Howett, Technical Director – Digital Forensics and Incident Response.
In Focus
UK Cyber Security and Resilience Bill Enters Parliament
The UK Government introduced the Cyber Security and Resilience Bill (CSRB) to Parliament, marking the most substantial legislative update since the 2018 Network and Information Systems Regulations.
The bill expands regulatory scope to data centers, cloud, managed service providers, and critical digital infrastructure suppliers. It mandates 24-hour incident notifications with comprehensive 72-hour follow-up reports, tying non-compliance penalties to company turnover. Ministers will gain authority to include additional sectors in scope of CSRB through secondary legislation without requiring primary parliamentary approval.
Key Takeaways
The CSRB represents the UK’s adaptation of the EU’s NIS 2 framework, informed by recent supply chain breaches including Synnovis, Marks & Spencer, Jaguar Land Rover, and the Ministry of Defence payroll compromise. The bill shifts to a supply chain focused approach, recognizing that systemic cyber risk now resides primarily in third-party suppliers and dependencies.
The legislation will empower regulators to impose direct security obligations on managed service providers and cloud platforms, with boards and senior management facing explicit accountability requirements. The CSRB uses outcome-based language focused on operational resilience rather than checkbox compliance, positioning itself as adaptable to the evolving cyber threat landscape.
Notably absent from the first reading are Home Office proposals for ransomware payment bans and mandatory pre-payment notification regimes for public sector and critical national infrastructure entities. There is a realistic possibility that these will surface as Committee Stage amendments in early 2026 or emerge as standalone legislation.
Around the Globe
EU: European Commission Launches Democracy Shield Initiative
The European Commission has launched the European Democracy Shield and an EU Strategy for Civil Society to coordinate Member State efforts against foreign information manipulation, interference and disinformation, and to strengthen the bloc’s electoral resilience. These measures are meant to improve the EU’s whole-of-society defensive posture against disinformation, aligning with CyXcel’s previous assessment of an escalating threat of influence operations across Europe and North America.
UK: Cl0p Ransomware Lists National Health Service (NHS) as Latest Victim
Cl0p Ransomware group has listed the NHS on its data leak site following exploitation of Oracle E-Business Suite (EBS) vulnerabilities. However, no data has been published yet. The NHS is coordinating with the National Cyber Security Centre to assess the breach scope and impact. The Oracle EBS campaign continues to expand with Cl0p having published stolen data from 25 organizations to date.
US: Chinese State-Sponsored Actors Abused Claude Code to Automate Cyber Espionage
Anthropic’s Threat Intelligence team identified and disrupted a campaign by a Chinese state-sponsored actor tracked as GTG-1002, which abused agentic AI (Claude Code) to autonomously conduct a cyber espionage operation. The campaign targeted 30 organizations across technology and government sectors and is the first documented case of an AI system autonomously conducting most of the cyber kill chain with minimal human input. The threat actors leveraged Claude Code to automate their existing tooling and faced operational limitations with the agent hallucinating findings.
We Can Help
Expand your threat intelligence monitoring capabilities beyond the dark web with support from CyXcel’s TRACE team. Contact our experts today to find out more.
Photo by Sandip Kalal on Unsplash.