© 2026 Improve the News Foundation.
All rights reserved.
Version 7.7.2
The FortiBleed breach exposed 80,000 firewalls across 194 countries because basic password hygiene was ignored — no MFA, recycled credentials, default logins left unchanged. NHS data, Foreign Office logins and local government accounts were all sitting wide open for the taking. Underfunded public sector IT created the vulnerability, and a proposed ransomware payment ban would strip those same bodies of their last real recovery option.
Russia's APT28 is relentlessly hammering U.K. critical infrastructure, democratic institutions and supply chains in a daily hybrid war that spans cyberspace to the seabed, with Western intelligence agencies attributing this latest credential theft campaign to the Russia-linked Unit 26165. Waiting for a direct hit before treating cybersecurity with urgency is a losing strategy against an adversary this determined.
Once again, Russia is being cast as the likely culprit before any evidence proves direct Kremlin involvement. Even British officials acknowledge no state link has been established, yet accusations echo past cases that relied on speculation rather than proof. Instead of fueling another cycle of politicized blame, London should present verifiable evidence or pursue the cyber cooperation it has previously rejected.