The Small Business

Cyber Security Guy

Welcome to my blog and podcast, where I share brutally honest views, sharp opinions, and lived experience from four decades in the technology trenches. Whether you're here to read or tune in, expect no corporate fluff and no pulled punches.

Everything here is personal. These are my thoughts, not those of my employer, clients, or any poor soul professionally tied to me. If you’re offended, take it up with me, not them.

What you’ll get here (and on the podcast):

  • Straight-talking advice for small businesses that want to stay secure

  • Honest takes on cybersecurity trends, IT malpractice, and vendor nonsense

  • The occasional rant — and yes, the occasional expletive

  • War stories from the frontlines (names changed to protect the spectacularly guilty)

I've been doing this for over 40 years. I’ve seen genius, idiocy, and everything in between. Some of it makes headlines, and most of it should.

This blog and the podcast is where I unpack it all. Pull up a chair.

Man wearing glasses and a light gray sweater, smiling
The CVE-2025-53770 Crisis: Why Your SharePoint Response Reveals More About Human Psychology Than Technical Competence
Threat Intelligence Mauven MacLeod Threat Intelligence Mauven MacLeod

The CVE-2025-53770 Crisis: Why Your SharePoint Response Reveals More About Human Psychology Than Technical Competence

After analyzing the global response to CVE-2025-53770, the critical SharePoint zero-day that's compromised 75+ organizations in 48 hours, I'm convinced this isn't about technical competence.

It's about human psychology. Right now, IT administrators who know their systems are vulnerable (CVSS 9.8) are doing nothing because of normalcy bias, sunk cost fallacy, and optimism bias.

The organizations getting breached aren't those lacking knowledge - they're the ones whose psychology prevents acting on information they already possess. This is a masterclass in how cognitive biases turn manageable security events into disasters.

Read More
What the White House CIO Sees That UK SMBs Don't: The Threat Landscape Reality Check
Threat Intelligence Noel Bradford Threat Intelligence Noel Bradford

What the White House CIO Sees That UK SMBs Don't: The Threat Landscape Reality Check

The White House CIO has access to threat intelligence that would make UK SMB owners lose sleep for weeks. While British businesses worry about basic phishing, US government analysts are tracking systematic campaigns targeting supply chains, MSPs, and small businesses as stepping stones to bigger targets.

They're seeing patterns you've never heard of: criminal groups spending months mapping your vendor relationships, state actors using SMBs to access critical infrastructure, and ransomware cartels that make the mafia look disorganized.

Here's what America's top cybersecurity official knows about threats heading your way.

Read More
Catwatchful Exposed: When Surveillance Technology Becomes a Weapon
Threat Intelligence Mauven MacLeod Threat Intelligence Mauven MacLeod

Catwatchful Exposed: When Surveillance Technology Becomes a Weapon

Former NCSC expert Mauven MacLeod exposes the disturbing Catwatchful stalkerware operation that suffered a massive breach in June 2025, revealing 62,000 customer accounts and 26,000 monitored victims across seven countries. This isn't just cybersecurity failure - it's weaponised surveillance technology enabling domestic abuse and stalking.

The breach exposed plaintext passwords, comprehensive victim data dating to 2018, and the operation's Uruguay-based administrator. From a government security perspective, this represents exactly why stalkerware is classified as malicious software. Understanding the psychology behind surveillance abuse is crucial for protecting potential victims and building technology that resists weaponization.

Read More
When Janet Jackson Accidentally Became a Cyber Weapon: The Pop Song That Crashed Laptops
Threat Intelligence Noel Bradford Threat Intelligence Noel Bradford

When Janet Jackson Accidentally Became a Cyber Weapon: The Pop Song That Crashed Laptops

Janet Jackson's "Rhythm Nation" music video could crash laptops just by playing the audio. Not through software exploits or malware, but because the bloody song contained the exact resonant frequency that turned 5400 RPM hard drives into expensive paperweights. Even better: playing the video on one laptop could crash OTHER laptops sitting nearby through pure acoustic warfare.

Microsoft engineers had to add secret audio filters to prevent pop music from destroying computers. If a 1989 dance track can accidentally weaponise your hardware, what else can deliberate attackers do?

Pull up a chair, this is peak engineering incompetence.

Read More
Middle East Conflict Escalation Creates Immediate Cyber Threats for UK Small Businesses
Threat Intelligence Mauven MacLeod Threat Intelligence Mauven MacLeod

Middle East Conflict Escalation Creates Immediate Cyber Threats for UK Small Businesses

Last Friday, it was someone else's war. Over the weekend, Iranian hackers considered your Microsoft 365 account enemy infrastructure.

American B-2 bombers dropped 14 bunker-busters on Iranian nuclear facilities over the weekend. The cyber retaliation has already begun, and UK small businesses as we all use US cloud services are the in the firing line primary targets.

Remember NotPetya? Ukrainian attack, global devastation. Windows is Windows regardless of location.

Your customer database could be wiped tomorrow because you use American cloud services in a conflict between Washington and Tehran.

Most UK business owners have no idea they're now combatants in a cyber war they never signed up for.

➤ Why Iranian hackers are targeting YOUR business specifically
➤ The 7 things you must do TODAY (before they find you)
➤ How to tell if your MSP is protecting you or just taking your money
➤ Why "it won't happen to me" thinking will destroy your business

This isn't theory. The attacks started over the weekend. Your business is already on their target list.

From the creators of The Small Business Cyber Security Guy Podcast - emergency episode available now

Read More
Week Ahead Preview: Microsoft's Monthly Security Roulette
Threat Intelligence Noel Bradford Threat Intelligence Noel Bradford

Week Ahead Preview: Microsoft's Monthly Security Roulette

This week we explored compliance theatre vs real security. Next week, we're diving into the monthly war zone that every IT team knows: Microsoft's Patch Tuesday roulette where one wrong decision can sink your business.

Monday's podcast takes you inside the 6 PM chaos when UK teams scramble with late-breaking updates, and Tuesday's deep-dive exposes why traditional patch management advice is built for enterprises that don't exist.

Plus, practical survival strategies for when you're fighting attackers who reverse-engineer fixes faster than you can deploy them.

Read More
Stolen Credentials Are the New Normal: Why Your Authentication Is Already Broken (And What This Means for Your Business)
Threat Intelligence Noel Bradford Threat Intelligence Noel Bradford

Stolen Credentials Are the New Normal: Why Your Authentication Is Already Broken (And What This Means for Your Business)

Your passwords are already for sale. The only question is whether you know it yet. Stolen credentials jumped from 10% to 16% of all cyberattacks in just one year, making it the second most common attack vector behind exploits. With 3.9 billion passwords compromised by infostealer malware and 94% of people reusing the same credentials across multiple sites, your business authentication isn't just vulnerable; it's already broken. While you're investing in firewalls and endpoint protection, criminals are buying your employees' passwords for pennies on the dark web. Time to stop pretending multi-factor authentication is optional.

Read More
Microsoft Teams: Now Available in Phish-Flavoured
Threat Intelligence Noel Bradford Threat Intelligence Noel Bradford

Microsoft Teams: Now Available in Phish-Flavoured

Microsoft Teams is the new darling of UK business. It’s chat, calls, meetings, file sharing and productivity all in one app. Unfortunately, it’s also a goldmine for attackers, and they know it.

With the Tycoon 2FA phishing kit now targeting Microsoft 365 users through fake Teams login prompts, criminals are bypassing multifactor authentication in real time. It’s slick. It’s scary.

And worst of all, it works. If your business still believes Teams is “safe because it’s Microsoft,” you’re dangerously behind the curve.

Phishing has moved in. And it brought its own desk chair.

Read More
Fake CAPTCHAs Are Now Malware Traps – Because Of Course They Are!
Cyber Security for Small Businesses, Threat Intelligence, Social Engineering Noel Bradford Cyber Security for Small Businesses, Threat Intelligence, Social Engineering Noel Bradford

Fake CAPTCHAs Are Now Malware Traps – Because Of Course They Are!

Think you’re safe clicking through a CAPTCHA? Think again. Cybercriminals are hijacking your trust with fake CAPTCHA pop-ups that trick you into downloading malware—by following simple keyboard instructions you’d never question. One click and boom—your passwords, wallets, and entire digital life are up for grabs. This isn’t just clever, it’s terrifyingly effective. If you’ve ever hit "I’m not a robot," you need to read this before you hand your system over to hackers.

Read More

⚠️ Full Disclaimer

This is my personal blog. The views, opinions, and content shared here are mine and mine alone. They do not reflect or represent the views, beliefs, or policies of:

  • My employer

  • Any current or past clients, suppliers, or partners

  • Any other organisation I’m affiliated with in any capacity

Nothing here should be taken as formal advice — legal, technical, financial, or otherwise. If you’re making decisions for your business, always seek professional advice tailored to your situation.

Where I mention products, services, or companies, that’s based purely on my own experience and opinions — I’m not being paid to promote anything. If that ever changes, I’ll make it clear.

In short: This is my personal space to share my personal views. No one else is responsible for what’s written here — so if you have a problem with something, take it up with me, not my employer.