Your Quarterly Cybersecurity Intelligence Briefing from Onecom Partners
Welcome to the June edition of CyberScope, your go-to quarterly update on the ever-evolving cybersecurity landscape. Designed for our Partner Channel, this blog delivers the latest news, trends and insights, along with a practical starting point for your customers.
In the News: Breaches, Phishing and the Dark Web
Booking.com breach highlights travel sector risk
The travel industry has once again come under the spotlight following reports of a cyber incident linked to Booking.com. Rather than a traditional system breach, attackers used social engineering techniques to compromise hotel accounts on the platform, enabling them to send highly convincing phishing messages directly to customers. These messages appear to come from genuine hotels that customers have already interacted with, making them far more believable and harder to detect.
Reservation hijack scams are not new, but what makes this latest wave more dangerous is the level of precision attackers can now achieve. By accessing real booking information, criminals can reference the correct property, travel dates and customer details, making their messages feel like a routine part of the booking process rather than a scam. This significantly lowers a customer’s guard and increases the likelihood of payment fraud or credential theft.
There is also a growing link between these attacks and the dark web. Stolen customer data is being actively traded and reused by criminal groups, while ready-made phishing kits designed specifically for Booking.com users are being bought and sold. These kits replicate genuine communications and booking workflows, allowing even low-skilled attackers to launch highly effective campaigns at scale.
For customers, this means a much higher risk of being targeted with personalised scams that are difficult to distinguish from legitimate travel updates. For businesses, it highlights a broader shift in attacker behaviour. Cybercriminals are no longer focused solely on breaking into systems. They are increasingly focused on exploiting human trust, brand reputation and real-world interactions.
UK Biobank incident raises data sensitivity concerns
Closer to home, the UK Biobank incident has reinforced just how valuable sensitive data sets have become. In April 2026, data linked to around 500,000 UK volunteers was found advertised for sale on Alibaba’s platform in China after being misused through authorised research access. While the dataset did not include names or direct contact details, it still contained highly sensitive information such as genetic data, health records, lifestyle habits and medical histories.
Even without direct identifiers, the depth of this data creates a real risk of re-identification when combined with other sources. The fact it appeared on a global marketplace also highlights how quickly data can move beyond traditional controls and into wider circulation. Although the listings were taken down and no purchases are believed to have been made, the incident underlines a critical point. Unlike financial data, health and genetic data cannot be reset, making it a long-term risk if exposed and a highly valuable target for both cybercriminals and state-level actors.
Rise of AI challenges traditional ethical hacking
A more positive but equally telling development comes from the ethical hacking community. Valentina Palmiotti, a leading ethical hacker, has suggested her competitive career could be impacted by the rapid advancement of AI tools. Competitions that once relied on deep technical skill are now being influenced by automation and AI-assisted discovery, allowing vulnerabilities to be identified faster than ever before.
While this shift is redefining the role of ethical hackers, it also reflects a broader reality. The same AI capabilities that are helping defenders improve speed and accuracy can just as easily be used by attackers to scale and refine their methods.
Cyber Threat Trends
AI is changing the game on both sides
Artificial intelligence is now firmly at the centre of the cybersecurity landscape. Attackers are using AI to automate phishing campaigns, generate highly realistic impersonation content and identify vulnerabilities at scale. At the same time, defenders are relying more heavily on AI to detect patterns, identify anomalies and respond in real time.
This has created a clear arms race. Organisations that do not adopt AI-driven protection risk falling behind increasingly sophisticated threats. The key takeaway is simple. AI is no longer optional in cybersecurity. It is becoming essential.
Continuous testing replaces point-in-time security
Traditional approaches to security testing are being challenged. Annual penetration testing, and even compliance-focused frameworks like Cyber Essentials Plus, were designed for environments that changed far less frequently than they do today. While certifications such as Cyber Essentials remain an important baseline, they are increasingly seen as a starting point rather than a complete security strategy.
Penetration testing plays a critical role here, helping organisations demonstrate that external vulnerabilities are not only understood but actively assessed and managed. This is particularly relevant for businesses working towards Cyber Essentials Plus, where evidence of strong external security controls can support both readiness and confidence.
At the same time, the insurance market is evolving. Insurers are asking more detailed questions about how organisations identify and remediate vulnerabilities, and there is a clear shift away from one-off, tick-box compliance towards continuous security practices. Businesses that can demonstrate regular testing, ongoing monitoring and a proactive approach to risk are increasingly viewed more favourably.
This is where continuous testing models such as PenX come into their own. By combining regular automated scanning with human-led penetration testing, organisations can move beyond periodic assurance and towards real-time visibility. In an environment where systems, users and threats are constantly changing, security needs to keep up.
Compliance continues to shape buying decisions
Cybersecurity is no longer just a technical requirement. It is a commercial necessity. Many organisations now find that without certifications such as ISO 27001, they are unable to bid for major contracts or government tenders. For partners working with mid-market and enterprise customers, security credentials are increasingly influencing revenue opportunities.
ISO 27001 requires organisations to identify, assess and manage security risks as part of their Information Security Management System. Penetration testing is one of the most effective ways to demonstrate that controls are not only in place, but working as intended.
New legislation raises the bar for resilience
The upcoming Cyber Security and Resilience (Network and Information Systems) Bill is set to strengthen requirements across the UK, particularly for organisations operating in critical sectors such as telecoms, infrastructure and digital services. While full details are still emerging, the direction of travel is clear. Greater accountability, increased reporting obligations and stronger expectations around resilience and incident response.
For partners in the IT and telecoms space, this means customers will need to demonstrate not just protection, but ongoing readiness and the ability to recover quickly from attacks.
Partner Advice: Where to begin
With the threat landscape becoming more complex, customers need clear and practical guidance, and this is where partners play a critical role.
Start with CyberProtect
CyberProtect provides immediate visibility of one of the most common risks organisations face today: compromised credentials. Combined with ID Guard, which detects domain impersonation in real time, it gives customers a simple but highly effective way to reduce risk from phishing, account takeover and brand impersonation. Offering a one-month free trial is a strong way to demonstrate value and open the door to broader security conversations.
Introduce PenX for continuous security testing
PenX represents a shift in how penetration testing is delivered. By combining human expertise with AI-driven automation, it allows customers to move from periodic testing to continuous assurance. Monthly scanning alongside regular penetration testing ensures vulnerabilities are identified as environments change, not months later. For partners, this creates a recurring, value-driven service that aligns closely with how modern businesses operate.
Get Started Today
Help your customers take the next step towards stronger cyber resilience while unlocking new commercial opportunities for your business.
Contact your Partner Business Manager or email hello@onecompartners.co.uk to learn more about CyberProtect and PenX.
.png)
