SendTech Times
CybersecurityNews|June 5, 2026 at 11:07 AM
MARKET SIGNAL:

NFSP Ransomware Attack Turns Supplier Email Pause Into a Security-Control Test

Article summary

The National Federation of Subpostmasters was hit by ransomware after a cPanel-related hosting software bug was exploited. The NFSP was targeted on 30 April, and the Post Office paused some email interactions with the federation while saying branch operations were not affected. The immediate test is whether trusted communications can resume without pushing subpostmasters toward insecure workaround channels.

NFSP Ransomware Attack Turns Supplier Email Pause Into a Security-Control Test
Image source: ComputerWeekly.com

NFSP Email Pause Shows a Supplier-Side Cyber Risk

The National Federation of Subpostmasters (NFSP) has been hit by a ransomware attack after a bug was exploited in software used by its web hosting provider, forcing the Post Office to pause some email interactions with the federation.

The NFSP was targeted on 30 April, days after a vulnerability in cPanel software was discovered and exploited by hackers. cPanel is a web-based hosting control panel used to manage servers and websites.

NFSP CEO Calum Greenhow said the website was hit by ransomware after the cPanel attack.

He said attackers made “demands for release of our files,” the incident had been reported to the Information Commissioner’s Office (ICO), and his IT team had confirmed no data was lost.

Operational Controls Move Beyond the Victim Network

Ransomware is malware that locks or encrypts files, devices or systems until attackers receive payment.

In this case, the immediate operational impact is not described as a Post Office network compromise, but as a disruption to communications with an external supplier.

A Post Office spokesperson said some interactions and integrations with the affected supplier had been temporarily suspended as a precaution.

The spokesperson added that branch operations were not affected and that no compromise of Post Office networks or applications had been identified.

Post Office Chief Information Security Officer Neil Bennett warned subpostmasters on 22 May that inbound and outbound email between the Post Office and the NFSP had been paused.

Emails to @nfsp.org.uk would not be delivered, and emails from @nfsp.org.uk would not reach inboxes during the pause.

The Reader-Risk Control Is Identity and Channel Discipline

Bennett told subpostmasters not to work around the pause using insecure electronic channels such as personal email, text or WhatsApp.

If telephone calls with NFSP stakeholders were required, he advised validating identity before discussing potentially sensitive information, including turning on cameras.

In an update on 2 June, Bennett said the issue remained ongoing and that earlier guidance had not changed.

The practical test is whether the NFSP and the Post Office can restore trusted communications without creating a secondary social-engineering risk through unofficial channels.

Share this article
inXf

Related articles

More
AI-Built Ransomware Toolkit Turns EDR Evasion Into a Faster Cybercrime Workflow
Cybersecurity

AI-Built Ransomware Toolkit Turns EDR Evasion Into a Faster Cybercrime Workflow

A ransomware-focused threat actor adopted an AI-built toolkit for Active Directory discovery and endpoint detection and response evasion. Sophos found Cursor and Claude Opus agents assisted development, with close to 80 modules tested against more than 70 techniques. The practical test is whether defenders can shorten validation cycles as AI accelerates the move from offensive research to working malware components.

UAE Crypto Discovery Tool Turns Post-Quantum Security Into an Inventory Test
Cybersecurity

UAE Crypto Discovery Tool Turns Post-Quantum Security Into an Inventory Test

The UAE launched a national Crypto Discovery Tool to help organisations identify and manage cryptographic systems before post-quantum migration. The platform was developed by the UAE Cyber Security Council and Abu Dhabi-based QuantumGate as part of the National Post-Quantum Migration Programme. The practical test is whether public- and private-sector organisations use the tool to build a reliable inventory of cryptographic exposure.

CISA Android and Linux Warnings Put Patch Timing Back on the Security Agenda
Cybersecurity

CISA Android and Linux Warnings Put Patch Timing Back on the Security Agenda

CISA added exploited Android and Linux vulnerabilities to its Known Exploited Vulnerabilities catalog. The Android flaw affects Android 14 through 16, while the Linux issue centers on older kernel branches and cgroups v1 container environments. The immediate test is whether agencies and infrastructure operators apply vendor updates or mitigations by CISA's June 5 deadline.

Cisco Unified CM Flaw Puts WebDialer Exposure Under Patch Pressure
Cybersecurity

Cisco Unified CM Flaw Puts WebDialer Exposure Under Patch Pressure

Cisco disclosed fixed-release guidance for a critical Unified Communications Manager flaw that can let attackers gain root privileges when WebDialer is enabled. Cisco PSIRT is aware of public proof-of-concept exploit code for CVE-2026-20230, though it has not found active exploitation or targeting. The immediate test is whether administrators patch Unified CM or disable WebDialer before proof-of-concept code turns into wider exposure.

Keep Reading

More Stories

Latest
Meta's Ohio AI Data Center Tents Put Speed and Power at the Center of the Capacity RaceCloud & Data CentersJun 5, 2026Meta's Ohio AI Data Center Tents Put Speed and Power at the Center of the Capacity RaceMeta has built six rapid deployment structures outside New Albany, Ohio, as it seeks faster AI data center capacity. Local permits reviewed by Michael Thomas show five 125,000-square-foot structures started between April and June, while the site uses 200 megawatts of nearby modular gas turbines. The practical test is whether faster construction helps Meta turn heavy AI capital spending into usable developer and product capacity.Warren Hearing Request Puts Nvidia China Chip Sales Under Export-Control ScrutinyChips & SemiconductorsJun 5, 2026Warren Hearing Request Puts Nvidia China Chip Sales Under Export-Control ScrutinySen. Elizabeth Warren invited Nvidia CEO Jensen Huang to testify before the Senate Banking Committee on June 11 over China chip sales and export controls. The request focuses on Nvidia's views on U.S. export control laws and its business in China as lawmakers scrutinize advanced AI chip flows. The next signal is whether Huang appears and gives senators enough detail on Nvidia's China strategy and national-security posture.UK Cloud Sovereignty Report Puts Palantir Exit Rights and Open Standards in FocusCloud & Data CentersJun 5, 2026UK Cloud Sovereignty Report Puts Palantir Exit Rights and Open Standards in FocusUK MPs urged the government to reduce public-sector cloud lock-in through break clauses, open standards and stronger procurement controls. The committee report points to about £10bn a year in government cloud spending and recommends an exit plan for the Palantir NHS Federated Data Platform by the end of 2026. The practical test is whether the government turns the recommendations into procurement rules, contract disclosures and enforceable exit plans.Poke Gets Apple Approval as AI Agents Move Into iMessage DistributionAIJun 5, 2026Poke Gets Apple Approval as AI Agents Move Into iMessage DistributionPoke received approval to operate on Apple's Messages for Business platform, adding iMessage to its AI-agent distribution channels. The startup says it has relayed about 100 million messages and will pay Apple on a per-user basis, with exact pricing not disclosed. The immediate test is whether iMessage access increases consumer use enough to justify the new platform cost.Ramp's $44 Billion Valuation Turns AI Spending Into a CFO Control ProblemAIJun 5, 2026Ramp's $44 Billion Valuation Turns AI Spending Into a CFO Control ProblemRamp announced a $750 million funding round at a $44 billion valuation as companies look for tighter control over AI spending. CEO Eric Glyman said the company crossed $1 billion in annualized revenue and that AI token costs are becoming a new budget line for finance teams. The practical test is whether finance software buyers treat AI usage controls as a core spend-management requirement.Kodesage Raises $6.6M for AI Legacy-Code Modernization in Regulated SectorsAIJun 5, 2026Kodesage Raises $6.6M for AI Legacy-Code Modernization in Regulated SectorsKodesage closed a $6.6 million seed round to expand an AI platform for modernizing on-premises legacy software. VentureFriends led the round, with Portfolion participating, as the company targets regulated sectors that keep critical workloads inside controlled environments. The practical test is whether Kodesage can turn code discovery, documentation and conversion automation into named customer deployments across the U.S. and Europe.Iren Plans 800MW Australia AI Data Center Campus as Power Becomes the Capacity GateCloud & Data CentersJun 5, 2026Iren Plans 800MW Australia AI Data Center Campus as Power Becomes the Capacity GateIren signed a transmission connection agreement for a planned 800MW data center campus in Bundey, South Australia. The project is Iren's first Australian foray and is expected to be energized in 2028 as the company shifts more cash flow toward AI cloud infrastructure. The practical test is whether Iren can turn grid-connected power, financing and GPU capacity into energized AI cloud campuses on the announced timelines.AMD Server CPU Share Hits 33.2% as AI Server Demand Lifts the SegmentChips & SemiconductorsJun 5, 2026AMD Server CPU Share Hits 33.2% as AI Server Demand Lifts the SegmentAMD reached 33.2 percent of the server CPU market in the first quarter of 2026 as overall x86 processor shipments fell by more than six percent. Server CPU unit shipments rose by more than 10 percent from a year earlier, while Intel still held roughly two-thirds of the server CPU market. The next signal is whether AI server demand keeps server processors stronger than the wider PC and client CPU cycle.Oman's Energy Security Pitch Puts Ports, Private Capital and AI Demand in FocusEconomyJun 4, 2026Oman's Energy Security Pitch Puts Ports, Private Capital and AI Demand in FocusOman was presented as a stronger energy and infrastructure hub as global markets put more weight on supply security and diversified trade routes. The Global Energy Debate at the 2nd Oman Capital Market Conference included Shell Oman, Oman LNG, OQ, BlackRock and Vision Invest. The next signal is whether private capital and infrastructure planning turn Oman's location, ports and energy assets into financed projects.CISA WebLogic Warning Turns Oracle Patch Lag Into an Exposure TestCybersecurityJun 4, 2026CISA WebLogic Warning Turns Oracle Patch Lag Into an Exposure TestCISA ordered U.S. federal agencies to patch Oracle WebLogic Server systems affected by CVE-2024-21182 after active exploitation was observed. Shodan tracks more than 1,592 exposed WebLogic servers vulnerable to the flaw, including 961 on version 12.2.1.4.0 and 631 on version 14.1.1.0.0. The immediate test is whether public- and private-sector defenders apply Oracle fixes or remove exposed systems where mitigations are unavailable.WeedHack Malware Turns Minecraft Mods Into a 116,000-System Infostealer CampaignCybersecurityJun 4, 2026WeedHack Malware Turns Minecraft Mods Into a 116,000-System Infostealer CampaignWeedHack has infected more than 116,000 systems by targeting Minecraft players through malicious mods, clients, cheats and utilities. McAfee telemetry shows 116,464 affected systems, 2,000 to 3,000 infections a day, more than 240 distribution URLs and 3,820 malicious JAR files. The next signal is whether Minecraft mod communities can move users back toward official download sources before infostealer distribution expands further.EU Tech Sovereignty Push Puts Cloud Providers And AI Chips Under Policy ScrutinyCloud & Data CentersJun 4, 2026EU Tech Sovereignty Push Puts Cloud Providers And AI Chips Under Policy ScrutinyThe European Commission proposed a tech-sovereignty package covering chips, AI and cloud services. The package includes the Cloud and AI Development Act and Chips Act 2.0, and still needs approval from all 27 EU member states. The next signal is whether member states convert the proposals into cloud procurement rules and semiconductor investment priorities.