SendTech Times
CybersecurityNews|June 5, 2026 at 08:07 PM
MARKET SIGNAL:

NFSP Ransomware Attack Turns Supplier Email Pause Into a Security-Control Test

BySTechTimes Editor|Source: Computerweekly
Article summary

The National Federation of Subpostmasters was hit by ransomware after a cPanel-related hosting software bug was exploited. The NFSP was targeted on 30 April, and the Post Office paused some email interactions with the federation while saying branch operations were not affected. The immediate test is whether trusted communications can resume without pushing subpostmasters toward insecure workaround channels.

NFSP Ransomware Attack Turns Supplier Email Pause Into a Security-Control Test
Image source: ComputerWeekly.com

NFSP Email Pause Shows a Supplier-Side Cyber Risk

The National Federation of Subpostmasters (NFSP) has been hit by a ransomware attack after a bug was exploited in software used by its web hosting provider, forcing the Post Office to pause some email interactions with the federation.

The NFSP was targeted on 30 April, days after a vulnerability in cPanel software was discovered and exploited by hackers. cPanel is a web-based hosting control panel used to manage servers and websites.

NFSP CEO Calum Greenhow said the website was hit by ransomware after the cPanel attack.

He said attackers made “demands for release of our files,” the incident had been reported to the Information Commissioner’s Office (ICO), and his IT team had confirmed no data was lost.

Operational Controls Move Beyond the Victim Network

Ransomware is malware that locks or encrypts files, devices or systems until attackers receive payment.

In this case, the immediate operational impact is not described as a Post Office network compromise, but as a disruption to communications with an external supplier.

A Post Office spokesperson said some interactions and integrations with the affected supplier had been temporarily suspended as a precaution.

The spokesperson added that branch operations were not affected and that no compromise of Post Office networks or applications had been identified.

Post Office Chief Information Security Officer Neil Bennett warned subpostmasters on 22 May that inbound and outbound email between the Post Office and the NFSP had been paused.

Emails to @nfsp.org.uk would not be delivered, and emails from @nfsp.org.uk would not reach inboxes during the pause.

The Reader-Risk Control Is Identity and Channel Discipline

Bennett told subpostmasters not to work around the pause using insecure electronic channels such as personal email, text or WhatsApp.

If telephone calls with NFSP stakeholders were required, he advised validating identity before discussing potentially sensitive information, including turning on cameras.

In an update on 2 June, Bennett said the issue remained ongoing and that earlier guidance had not changed.

The practical test is whether the NFSP and the Post Office can restore trusted communications without creating a secondary social-engineering risk through unofficial channels.

Share this article
inXf

Related articles

More
AI-Built Ransomware Toolkit Turns EDR Evasion Into a Faster Cybercrime Workflow
Cybersecurity

AI-Built Ransomware Toolkit Turns EDR Evasion Into a Faster Cybercrime Workflow

A ransomware-focused threat actor adopted an AI-built toolkit for Active Directory discovery and endpoint detection and response evasion. Sophos found Cursor and Claude Opus agents assisted development, with close to 80 modules tested against more than 70 techniques. The practical test is whether defenders can shorten validation cycles as AI accelerates the move from offensive research to working malware components.

UAE Crypto Discovery Tool Turns Post-Quantum Security Into an Inventory Test
Cybersecurity

UAE Crypto Discovery Tool Turns Post-Quantum Security Into an Inventory Test

The UAE launched a national Crypto Discovery Tool to help organisations identify and manage cryptographic systems before post-quantum migration. The platform was developed by the UAE Cyber Security Council and Abu Dhabi-based QuantumGate as part of the National Post-Quantum Migration Programme. The practical test is whether public- and private-sector organisations use the tool to build a reliable inventory of cryptographic exposure.

CISA Android and Linux Warnings Put Patch Timing Back on the Security Agenda
Cybersecurity

CISA Android and Linux Warnings Put Patch Timing Back on the Security Agenda

CISA added exploited Android and Linux vulnerabilities to its Known Exploited Vulnerabilities catalog. The Android flaw affects Android 14 through 16, while the Linux issue centers on older kernel branches and cgroups v1 container environments. The immediate test is whether agencies and infrastructure operators apply vendor updates or mitigations by CISA's June 5 deadline.

Cisco Unified CM Flaw Puts WebDialer Exposure Under Patch Pressure
Cybersecurity

Cisco Unified CM Flaw Puts WebDialer Exposure Under Patch Pressure

Cisco disclosed fixed-release guidance for a critical Unified Communications Manager flaw that can let attackers gain root privileges when WebDialer is enabled. Cisco PSIRT is aware of public proof-of-concept exploit code for CVE-2026-20230, though it has not found active exploitation or targeting. The immediate test is whether administrators patch Unified CM or disable WebDialer before proof-of-concept code turns into wider exposure.

Keep Reading

More Stories

Latest
Gulf Hiring Freezes Put AI And Digital Transformation Skills At RiskEconomyJun 10, 2026Gulf Hiring Freezes Put AI And Digital Transformation Skills At RiskGulf companies are using hiring freezes to protect costs, but source-backed labour data shows continued shortages in AI, technology, fintech, compliance and digital transformation roles. The risk is that broad freezes can weaken delivery and retention just as skilled workers in the UAE and Saudi Arabia see strong job-market alternatives.Blue Owl ADGM Office Turns Abu Dhabi Finance Growth Into A Private-Credit SignalEconomyJun 10, 2026Blue Owl ADGM Office Turns Abu Dhabi Finance Growth Into A Private-Credit SignalBlue Owl Capital is opening a regional headquarters in ADGM, adding a $315 billion asset manager to Abu Dhabi financial hub as the centre reports 57% first-quarter growth in assets under management.Belfast Knife Attack Turns Into Public-Order And Migration Test For UK AuthoritiesPoliticsJun 10, 2026Belfast Knife Attack Turns Into Public-Order And Migration Test For UK AuthoritiesPolice in Northern Ireland are investigating a serious Belfast knife attack as attempted murder while urging calm after residents intervened and online footage triggered public-order concerns.Sandstone Raises $30M For AI Workflow Tools In Company Legal TeamsScience & TechJun 10, 2026Sandstone Raises $30M For AI Workflow Tools In Company Legal TeamsSandstone raised $30 million in Series A funding led by Lightspeed Venture Partners to build AI workflow tools for in-house legal teams at small and mid-sized businesses.SpaceX Fixed-Price IPO Turns Retail Allocation Into The Main Market TestScience & TechJun 10, 2026SpaceX Fixed-Price IPO Turns Retail Allocation Into The Main Market TestSpaceX is offering IPO shares at a fixed $135 price, leaving allocation of roughly $75 billion in shares, especially retail access, as the main test before Thursday offering and Friday trading.UAE Salary Deadline Turns WPS Payroll Into A First-Of-Month Payments TestFintech & Digital PaymentsJun 10, 2026UAE Salary Deadline Turns WPS Payroll Into A First-Of-Month Payments TestUAE private-sector salary rules triggered a sharp WPS payroll surge on June 1, with Al Ansari Exchange up more than 151 per cent and Al Fardan Exchange up 136 per cent, turning wage compliance into a first-of-month payments and cash-flow test.Sabertooth's $500 Million SPV Push Turns AI Startup Access Into A ProductAIJun 10, 2026Sabertooth's $500 Million SPV Push Turns AI Startup Access Into A ProductSabertooth Capital has invested nearly $500 million into 10 late-stage AI and deep-tech companies through single-deal SPVs, showing how access to scarce private technology rounds is becoming a product of its own.Google's $4.99 AI Plus Cut Turns Consumer AI Into A Bundle FightAIJun 10, 2026Google's $4.99 AI Plus Cut Turns Consumer AI Into A Bundle FightGoogle cut AI Plus from $7.99 to $4.99 per month and doubled included storage to 400 gigabytes, pushing U.S. consumer AI subscriptions toward lower-priced platform bundles.GM Sodium-Ion Storage Push Turns AI Data Center Power Into A Battery Market TestCloud & Data CentersJun 10, 2026GM Sodium-Ion Storage Push Turns AI Data Center Power Into A Battery Market TestGeneral Motors is expanding into grid-scale energy storage through Peak Energy, LG Energy Solution and Redwood Materials, making AI data center demand a battery commercialization test.NAVER’s 55-Megawatt NVIDIA Buildout Tests Sovereign AI Cloud DemandCloud & Data CentersJun 9, 2026NAVER’s 55-Megawatt NVIDIA Buildout Tests Sovereign AI Cloud DemandNAVER and NVIDIA are expanding sovereign AI infrastructure from a 55-megawatt starting point toward gigawatt scale, tying Korea’s AI factory ambitions to DSX software, GAK Sejong capacity and localized model services.UAE Retail Forecast Turns AI And Luxury Spending Into A $227 Billion Market TestEconomyJun 9, 2026UAE Retail Forecast Turns AI And Luxury Spending Into A $227 Billion Market TestThe UAE retail sector is forecast to reach $227.1 billion by 2033, while smart retail is projected to grow more than twelvefold as luxury demand, tourism, grocery growth and AI-enabled retail systems reshape the market.Perplexity’s 2028 IPO Plan Puts AI Search On The Mega-Listing WatchlistAIJun 9, 2026Perplexity’s 2028 IPO Plan Puts AI Search On The Mega-Listing WatchlistPerplexity CEO Aravind Srinivas said the AI search company is still planning a 2028 IPO as Anthropic, OpenAI and SpaceX prepare large listings that could reset AI valuation expectations.