MITRE-Lite has two versions. You're reading the plain English edition — written for business owners, no technical knowledge needed. MITRE ATT&CK is the gold standard framework used by cybersecurity professionals worldwide. It's also highly technical by design. We built both versions so everyone in your business can act on the same intelligence. View Technical Version →
MITRE-Lite Plain English Edition ● Updated This Week

Who is targeting your business right now — and what do they want?

This page translates real, active cyber threat intelligence into plain English for UK business owners. No acronyms. No jargon. Just what you need to know and what you should do about it.

What is MITRE ATT&CK — and why does it matter to you?

MITRE is an American non-profit research organisation that works with governments and security agencies worldwide. Their ATT&CK framework is a constantly updated library of every known attack technique used by criminal groups and state-sponsored hackers — built from real incident data, not theory.

Think of it as a documented playbook of everything attackers do. When a criminal group successfully breaks into a bank, a hospital, or a business like yours, their methods get analysed and added to this library. Security professionals use it to understand what they're up against.

MITRE-Lite takes that intelligence and cuts it down to what actually matters for UK SMEs. You don't need to read a 500-page framework. You need to know who is active this week, what they're doing, and whether your business is at risk.

Last updated: 7 July 2026  ·  Week 28 / 2026  ·  Next update: 14 July 2026

Current Status

What is the threat level for UK businesses like yours?

Every week we assess the overall risk level for UK small businesses in financial services — insurance brokers, financial advisers, mortgage intermediaries, and professional services firms. This is based on real intelligence from the UK's National Cyber Security Centre (NCSC), US cyber agencies, and industry reporting.

█ Threat Level: Elevated

Attacks on UK financial services businesses are above normal levels this week

Seven criminal and state-sponsored groups are currently running active operations targeting UK businesses in your sector. Attacks involving fake payment requests, account takeover, and ransomware are all running at higher-than-normal frequency. This does not mean an attack on your specific business is imminent — but it does mean your defences are more likely to be tested than they would be in a quieter period.

What do the three levels mean?
Normal — background level of threat activity, no significant increase in targeting of your sector.
Elevated — active campaigns confirmed against UK businesses in your sector. Increased vigilance recommended.
High — significant coordinated threat activity. Specific sectors or business types being actively targeted at scale.
Most Urgent This Week

The most important thing your staff need to know right now

Each week we identify the single highest-risk attack technique that is seeing a spike in use against UK businesses. This week:

► Highest Risk This Week — Week 28 / 2026

A ransomware attack has now been completed entirely by AI — with no human involved

For years, every cyber attack has required a person at a keyboard making decisions — when to move, what to target, when to deploy the ransomware. That has changed this week.

Security researchers at Sysdig have identified and documented what they describe as the first confirmed case of agentic ransomware — an attack called Jadepuffer in which an artificial intelligence system completed an entire ransomware operation end-to-end, from initial access through to the extortion demand, without a human directing it at any point. The AI made its own decisions, adapted to the environment it found itself in, and executed the attack autonomously.

The US and its allies — including the UK — warned at the end of June that attacks like this could appear within months. It took less than two weeks.

What does this mean for your business in practical terms? The speed and volume of attacks will increase significantly. Attackers no longer need skilled humans to be available at every stage. An AI can run hundreds of attacks simultaneously, learning from each one. The window between a vulnerability being discovered and your systems being targeted gets shorter.

The practical response has not changed — but the urgency has. The businesses that get attacked are overwhelmingly those with known gaps: unpatched software, no multi-factor authentication, no tested backup and recovery plan. AI makes those gaps more dangerous, not different. Closing them matters more now than it did six months ago.

What to do right now: If your business uses Microsoft SharePoint — either directly or through Microsoft 365 — ask your IT provider to confirm that the patch for CVE-2026-45659 has been applied. This vulnerability was added to the US government's confirmed-exploited list on 1 July 2026 and allows an attacker with network access to run code on your SharePoint server. Also ask your IT provider whether they use SimpleHelp for remote support access to your systems — if so, that software has its own confirmed vulnerability this week and needs updating.
Also this week — the UK government's Cyber Resilience Pledge and what it means for SMEs: The government launched its Cyber Resilience Pledge today, with M&S, Nationwide, ITV, Microsoft UK and around 60 other organisations signing up. The pledge is currently voluntary — but the small print matters for smaller businesses. If you supply goods or services to any large organisation that has signed the pledge, you may be required to sign it yourself to remain in their supply chain. This is the same mechanism that has driven adoption of Cyber Essentials in government supply chains. It is not yet mandatory, but the direction of travel is clear. If you have not yet achieved Cyber Essentials certification, this is another reason to put it on the agenda.
Also this week — the FCA is examining whether AI chatbots should be regulated as financial advisers: The FCA has confirmed it is examining whether AI tools like ChatGPT, Gemini, and Claude should be subject to financial regulation, after a review found that more than a quarter of UK consumers already use them for financial advice. One in five adults said they would allow AI to make financial decisions on their behalf — such as choosing savings products or borrowing options — despite those tools not being covered by the consumer protections that apply to regulated advisers. For insurance brokers, this has a practical implication: some of your clients may already be relying on AI for advice that sits outside any regulatory framework. When a client comes to you having been told by an AI what cover they need, that creates a due diligence question worth thinking through.
1
If your business uses SharePoint or Microsoft 365 — confirm it has been patched this week

Microsoft SharePoint Server has a newly confirmed vulnerability (CVE-2026-45659) that allows someone with access to your network to run malicious code on the server. SharePoint underpins document management, intranet sites, and collaboration tools across a large proportion of UK businesses — often accessed through Microsoft 365 without staff realising it is there. The vulnerability was added to the US government's confirmed-exploited list on 1 July 2026, meaning it is being actively used in real attacks right now. Contact your IT provider and ask specifically whether this patch has been applied. If they manage your Microsoft 365 environment, they should be able to confirm within minutes. If they are not aware of the vulnerability, that itself tells you something important.

Why now: CVE-2026-45659 was confirmed exploited on 1 July 2026. SharePoint is one of the most widely deployed platforms in UK professional services. Unpatched systems are being targeted actively.

2
Ask your IT provider whether they use SimpleHelp — and if so, whether it has been updated

SimpleHelp is remote support software used by many IT providers and managed service companies to access client systems remotely — the tool they use when they "take control of your screen" to fix a problem. It was added to the US government's confirmed-exploited vulnerability list this week (CVE-2026-48558). If your IT provider uses SimpleHelp and has not updated it, there is a confirmed vulnerability in the software that has access to your systems. You may not even know SimpleHelp is installed on your machines — it often runs quietly in the background. Ask your IT provider: do you use SimpleHelp to access our systems, and has it been updated following the CISA alert published 29 June 2026? A good IT provider will know immediately. If they are not aware, ask them to check and update before their next remote session on your systems.

Why now: Vulnerabilities in remote access tools used by IT providers are a particularly high-risk category — they provide access to multiple clients' systems from a single compromised tool. This one has confirmed active exploitation.

3
Look up the Cyber Resilience Pledge and consider whether it affects your supply chain relationships

The UK government launched the Cyber Resilience Pledge today. Around 60 organisations have signed so far — including M&S, Nationwide, ITV, Microsoft UK, and Accenture. The pledge commits signatories to a set of cybersecurity standards. It is currently voluntary. However, the documentation makes clear that organisations signing the pledge are expected to extend those standards through their supply chains — meaning if you supply a signatory, you may be required to sign too. This is the same model used for Cyber Essentials in government contracts, which started voluntary and became mandatory. If any of your clients or the organisations you work with are large enough to appear on that list, it is worth checking whether a supply chain requirement is coming. Cyber Essentials certification is the most direct way to demonstrate compliance with the kind of baseline standards the pledge covers.

Why now: The pledge launched today (7 July 2026). Supply chain pressure is the mechanism that has driven Cyber Essentials adoption among SMEs supplying the public sector. The same dynamic is now beginning in the private sector.

Want to know how exposed your business actually is?

A GET-IT resilience scan maps your current defences against the active threat techniques on this page and tells you exactly where your gaps are — in plain English, with costs to fix them.

Book a Free Resilience Scan → View Technical Version
Intelligence sourced from NCSC UK, the CISA Known Exploited Vulnerabilities Catalog, FCA ScamSmart, and the MITRE ATT&CK framework (CC BY 4.0). All figures are sourced from published industry data and government reporting — see the technical version for full source references. This page is updated every Monday. GET-IT Solutions Ltd is not responsible for inaccuracies in third-party source data. Nothing on this page constitutes legal or regulatory advice.