Category: 3. Business

British Gas’s parent company Centrica, Euro Garages and Holland & Barrett are among the latest companies named and shamed by the government for underpaying staff.

The Department for Business and Trade (DBT) has released a list of nearly 500 employers fined more than £10m for failing to pay the national minimum wage. It said 42,000 workers were repaid more than £6m.

Business Secretary Peter Kyle said: “I know that no employer wants to end up on one of these lists. But our Plan to Make Work Pay cracks down on those not playing by the rules.”

All three firms blamed past payroll problems for the underpayments and said all affected staff had been remunerated.

All the employers named on DBT’s list were fined up to double the total amount they owed to staff, some for underpayments dating as far back as 2013.

Paul Nowak, the TUC general secretary, said there was “no excuse for workers being cheated out of money they’re owed. It’s bad for workers, families and the economy.”

According to the government’s latest investigations between 2018 and 2023, Euro Garages, known as EG Group, is top of the list short-changing 3,317 of its workers by a hefty sum of more than £824,000.

The company, which was co-founded by billionaire brothers Mohsin and Zuber Issa but who have since stepped back from leading the firm, has significantly reduced its UK operations over the past year.

It sold its UK petrol forecourts business and Cooplands bakeries, but still runs some Starbucks franchise stores across the UK.

In a statement, an EG Group spokesperson said: “These historic payroll issues that took place between 2015 and 2019 have been fully rectified.

“All affected employees were subsequently reimbursed in full in agreement with HMRC.”

The firm said it improved its systems to make sure it complied with UK laws and maintained that it was committed to treating employees fairly.

Centrica, which owns British Gas, was eighth on DBT’s list having failed to pay £167,815 to 356 workers.

The energy giant recently bought one of the biggest liquefied natural gas (LNG) facilities in the UK for £1.7bn, extending the firm’s control of the country’s energy supplies.

A Centrica spokesperson said the company supported fair pay and pointed to technical faults in its payroll system between 2015 and 2019.

“This issue relates to a small number of historic technical errors which was put right as soon as it was identified.

“The total underpayment related primarily to salary sacrifice arrangements and training bonds, rather than take home pay, and was around £160,000 – our UK annual wage bill is currently around £1.2bn.”

High street retailer Holland & Barrett is next on the list after it failed to pay more than £153,000 to 2,551 workers.

In a statement, the company said past issues with minimum wage payments, between 2015 and 2021, had since been fixed in 2022.

“This was not a case of deliberate underpayment,” said a spokesperson.

“The issue stemmed from legacy practices such as requiring team members to wear specific shoes, unpaid training completed at home, and time spent preparing for shifts at our Burton distribution site.”

Holland & Barrett said it remained “committed to fair pay” and that it was paying store staff about 5% above the National Living Wage and follows all rules.

“While we respect the transparency of the scheme, we are disappointed that naming has occurred over three years after the matter was settled.”

The minimum wage for over 21s, known officially as the National Living Wage, is currently £12.21 an hour. Younger employees – aged between 16 and 20 – are entitled to receive the National Minimum Wage, which is set at £10 and hour.

News this week that Indonesia has entered debt restructuring negotiations with China over its Jakarta-Bandung high speed rail mega-project should have come as no surprise.

Indonesian officials announced publicly more than three years ago, before the rail became operational, that it would be 40 years before the project broke even. Uncertainty around a planned relocation of the capital to the island of Borneo complicated the projections for user numbers. But even as those plans lie dormant and underfunded, the head of the state-owned rail operator labelled the project a financial “ticking time bomb”.

China’s exports of its high-speed train expertise and financing packages constitute a hallmark of its offer as a development partner to Southeast Asia.

But construction in Indonesia was marred from the start, leading to a delay of four years and a cost blow-out of $1.2 billion above the original estimate. The Jakarta-Bandung was Southeast Asia’s first high-speed railway, known as Whoosh, but it is one in a series of similar China-backed projects at varying levels of completion. Officials around the region will be closely watching these negotiations.

There is precedent. In both Thailand and Malaysia, high-speed rail projects that were originally backed by Chinese loans were renegotiated and restructured after disputes about perceived debt traps and corruption. Construction on both is proceeding, but with drastically reduced reliance on finance from China.

A similar story is unfolding in the Philippines, though the problem there is arguably more political than fiscal. Three rail projects, worth an estimated total of US$5 billion in concessional loans from China, were cancelled in 2023 amid deteriorating bilateral ties.

Things are different in the smaller countries of mainland Southeast Asia. Lessons in railway debt negotiations might come too late for Laos, where a line from Vientiane to Boten on the border with China was completed in 2021. The Asian Development Bank has predicted that the project and the associated loan could “present a very large contingent liability” and deemed it “unlikely to bring major economic benefits.”

Cambodia is also eager to attract China’s support for a US$4 billion high-speed rail, despite some recent unexplained lapses in financing from Beijing to Phnom Penh.

In Myanmar, the ostracised junta is reportedly still seeking financing from China for the long-debated Muse-Mandalay railroad, part of the troubled China-Myanmar Economic Corridor. For Myanmar’s crippled and fragile economy, the risk of an unsustainable debt burden is immense.

It’s plain that the shine has not totally worn off China’s infrastructure mega-projects in Southeast Asia.

Outside of Jakarta, the keenest eyes on the restructuring negotiations will likely be in Hanoi. In February, Vietnam approved loans from China to build a new conventional railway in the north of the country. The exact amount of that financing package isn’t clear yet, but the project is estimated to cost more than US$8 billion in total.

Additionally, Hanoi’s breathless ambition for a north-south high-speed rail won’t be deterred by the astronomical bill, close to US$70 billion. Officials have, at various points in the past 12 months, sworn off and welcomed foreign funding. China appears the front-runner to supply the technology but Japan, the region’s second-largest transport provider, has also expressed interest.

Given sustained interest from Myanmar, Cambodia and Vietnam, it’s plain that the shine has not totally worn off China’s infrastructure mega-projects in Southeast Asia. But the financial floundering of the region’s first high-speed rail, in the region’s largest country, ought to prompt second thoughts.

---

The City regulator has called on banks and payment firms to bring in stricter controls protecting customers from romance fraud after a study showed a number of missed “red flags” that led to people losing huge sums of money.

The review by the Financial Conduct Authority (FCA) highlighted one case where someone lost £428,000, another where a customer made 403 payments totalling £72,000 to a fraudster and a case where someone wanted money to transfer cryptocurrency to their “partner” in Iraq.

Romance scams, where criminals try to build emotional connections with victims before defrauding them, have been growing in scale and complexity in recent years.

Figures from the City of London police put the loss from romance fraud at £106m last year, although the FCA says the real figure is much higher as many people do not report the crime owing to feelings of shame and stigma.

The FCA review of six banks and payment firms looked at how they detect and prevent romance fraud and found large disparities in how victims of fraud were treated. “Despite examples of good practice, there were multiple instances of firms missing opportunities to identify seemingly suspicious transactions,” it said. The study found 60 fraud cases, ranging from £100 to £428,249.

Most of the scams (85%) emerged from relationships built by the fraudsters on social media and dating sites. In one case, a firm failed to identify fraud when six payments totalling more than £131,000 were sent overseas.

In almost half of the cases, the victims did not give the real reason for payments. In another fraud that went through, a victim made 15 international payments, worth £190,000, and claimed to be buying international property. But the staff handling the transactions did not seek documentation or question the use of multiple accounts in different names, said the report.

The FCA report said some firms did not properly safeguard victims after the fraud emerged, even though there were clear signs they were vulnerable. “For example, one victim expressed suicidal thoughts and another received threats of violence from the fraudster,” it said.

The watchdog said banks and payment providers could bring in measures to better protect customers, including improved monitoring systems, better training for staff and providing compassionate aftercare.

Steve Smart, the FCA’s joint executive director of enforcement and market oversight, described romance fraud as a “vicious crime”, adding: “All too often it is the vulnerable that fall victim. The impact – financially and personally – can be devastating.”

Fraudsters typically try to identify people who are lonely or isolated. They often claim to be working abroad, and are therefore unable to meet, and say they need money to fund a medical emergency.

Santander has said it has seen almost £5.5m stolen through romance frauds since the start of the year. Michelle Pilsworth, the bank’s head of fraud, said the criminals increasingly ask for gift cards from victims.

The consumer group Which? said banks and payment operators that fail to protect customers should have action taken against them.

Become a Vogue Business Member to receive unlimited access to Member-only reporting and insights, our Beauty and TikTok Trend Trackers, Member-only newsletters and exclusive event invitations.

It’s the end of an era at Hermès. The house’s artistic director of menswear Véronique Nichanian is stepping down after 37 years, Hermès confirmed on Thursday. She will present her last collection during Paris men’s week in January. It’s understood that her successor will be appointed in the coming days.

Nichanian began her career at Cerruti before being poached by Hermès’s chief executive Jean-Louis Dumas in 1988 to lead menswear. She became known for her inventive, wearable designs, grabbing attention with high-quality materials and a beautiful colour palette. Her Spring/Summer 2026 collection was “breathable clothing, just some lightness, softness, sensuality in the silk, in the prints,” she told editors after the show. She introduced a monkey print on tote bags. “Just for fun. It can’t do any harm in this world.”

Nichanian becomes the latest luxury designer to leave a creative vacancy at a major fashion house following the SS26’s big reset, which saw 15 designer debuts. But Nichanian is a particularly notable exit: she had the longest tenure of a serving creative director in fashion.

On her decision to step down, she told Le Figaro in an exclusive interview: “I still love this job. However, I believe that to practice it the way I like to, it now requires more and more time — and today, I want to devote that time to other things… Hermès has, above all, shown great elegance by allowing me to choose the moment that felt right to step down. I’ve been thinking about it and discussing it with Axel and Pierre-Alexis Dumas for a year or two now. It’s time to pass the baton.”

Hermès’s financial performance has continued to defy the ongoing luxury slowdown. The company posted 8 per cent growth in the first half of 2025, with ready-to-wear and accessories growing 5.5 per cent in the period.

Comments, questions or feedback? Email us at feedback@voguebusiness.com.

More from this author:

What’s Sephora’s secret recipe?

LVMH fashion sales down 2% in Q3

Maria Grazia Chiuri returns to Fendi as chief creative officer

Executive Summary

On Oct. 15, 2025, F5 — a U.S. technology company — disclosed that a nation-state threat actor conducted a significant long-term compromise of their corporate networks. In this incident, attackers stole source code from their BIG-IP suite of products and information about undisclosed vulnerabilities. F5’s BIG-IP suite is commonly used by large organizations, primarily in the U.S. but also globally, for availability, access control and security. Organizations including government agencies and Fortune 500 companies rely on BIG-IP.

Cortex Xpanse currently identifies over 600,000 F5 Big-IP instances exposed to the internet.

F5’s investigation revealed that the attackers maintained long-term access to the company’s product development environment and engineering knowledge management platform. This enabled attackers to access highly sensitive data.

F5 also released details of several vulnerabilities of varying severity. Some of the key vulnerabilities are:

• CVE-2025-53868: A BIG-IP SCP and SFTP vulnerability with a CVSS score of 8.7. This could allow for a significant impact on affected systems.
• CVE-2025-61955: An F5OS vulnerability with a CVSS score of up to 8.8 in appliance mode. This could lead to major compromises of F5OS-A and F5OS-C systems.
• CVE-2025-57780: An F5OS vulnerability with a CVSS score of up to 8.8 in appliance mode, representing another critical threat to F5OS systems.

Key Takeaways

• What Was Exfiltrated: The threat actor exfiltrated files from the BIG-IP product development environment and engineering knowledge management platforms. These files contained some BIG-IP source code and information about undisclosed vulnerabilities. F5 stated it currently has no knowledge of undisclosed critical or remote code vulnerabilities, and it has not observed active exploitation of any undisclosed F5 vulnerabilities.
• Customer Impact: There is no evidence of access to — or exfiltration of — data from F5’s CRM, financial, support case management or iHealth systems. However, some of the exfiltrated files from the knowledge management platform contained configuration or implementation information for a small percentage of customers.
• Supply Chain Integrity: There is no evidence of modification to F5’s software supply chain, including source code and build and release pipelines.
• Unaffected: There is no evidence that the threat actor accessed or modified the NGINX source code or product development environment. There was also no evidence that the threat actor accessed or modified the F5 Distributed Cloud Services or Silverline systems.

While details of what exactly was exfiltrated are not publicly available, the theft of source code and previously undisclosed vulnerabilities is significant and could potentially facilitate rapid exploitation of vulnerabilities.

Guidance

Unit 42 highly recommends following F5 public guidance in its public Security Notification and Quarterly Security Notification.

Palo Alto Networks customers receive protections from and mitigations for these CVEs in the following ways:

• The Unit 42 Incident Response team can be engaged to help with a compromise or to provide a proactive assessment to lower your risk.
• Cortex Xpanse has existing attack surface rules that can be used to assist customers in identifying publicly accessible F5 devices.

Details of the Attack

According to F5, the compromise of their corporate networks was conducted by an unspecified sophisticated nation-state actor. Attacks in recent years have illustrated the allure of technology companies as not just a viable target, but a force multiplier in increasing the efficiency and timeline of espionage activity.

F5 also released details of several vulnerabilities of varying severity. Some of the key vulnerabilities are:

• CVE-2025-53868: A BIG-IP SCP and SFTP vulnerability with a CVSS score of 8.7. This could allow for a significant impact on affected systems.
• CVE-2025-61955: An F5OS vulnerability with a CVSS score of up to 8.8 in appliance mode. This could lead to major compromises of F5OS-A and F5OS-C systems.
• CVE-2025-57780: An F5OS vulnerability with a CVSS score of up to 8.8 in appliance mode, representing another critical threat to F5OS systems.

History of Targeted Attacks

There is a history of nation-state actors going after high value targets in the technology industry. Given the reach of F5’s BIG-IP suite, well-resourced, sophisticated actors have focused on it in the past.

In late 2023, a critical vulnerability (CVE-2023-46747) emerged within the BIG-IP Traffic Management User Interface (TMUI), allowing for an authentication bypass. UNC5174, a China-nexus threat actor, actively exploited this flaw. Mandiant’s investigation revealed that the group leveraged this vulnerability to create backdoor administrator accounts, ultimately gaining command execution on compromised devices.

For three years, a Chinese state-sponsored group reported as Velvet Ant used malicious software to exploit outdated F5 BIG-IP equipment. This allowed persistent access and exfiltration of data from a targeted organization’s network.

In July 2025, a critical vulnerability (CVE-2022-1388) became the gateway for another sophisticated attack. The China-nexus group known as Fire Ant — overlapping with UNC3886 — exploited an iControl REST authentication bypass flaw in F5 BIG-IP devices. This allowed them to deploy web shells, tunnel traffic between network segments and execute arbitrary system commands.

Current Scope of the Attack Against F5

The threat actor exfiltrated files from the BIG-IP product development environment and engineering knowledge management platforms. F5’s post as of Oct. 16 stated that the company has found no evidence of access to — or exfiltration of — data from its CRM, financial, support case management or iHealth systems. However, some of the exfiltrated files from the knowledge management platform contained configuration or implementation information for a small percentage of customers.

F5 stated that the stolen files contained some BIG-IP source code and information about undisclosed vulnerabilities. F5 stated it currently has no knowledge of undisclosed critical or remote code vulnerabilities. It also has not observed active exploitation of any undisclosed F5 vulnerabilities.

There has been no evidence of modification to F5’s software supply chain, including source code and build and release pipelines. There is also no evidence that the threat actor accessed or modified the NGINX source code or product development environment. Finally, there was no evidence that the threat actor accessed or modified the F5 Distributed Cloud Services or Silverline systems.

Generally, if an attacker steals source code it takes time to find exploitable issues. In this case, the threat actor also stole information on previously undisclosed vulnerabilities that F5 was actively working to patch. This could provide the ability for threat actors to exploit vulnerabilities that have no public patch, potentially increasing speed to exploit creation.

The disclosure of 45 vulnerabilities in this quarter versus just six last quarter suggests F5 is moving as fast as they can to actively patch as many flaws as possible before the threat actors can exploit them.

Interim Guidance

Unit 42 highly recommends following F5 public guidance in its public Security Notification and Quarterly Security Notification. This guidance includes:

• Updating BIG-IP software
• A threat hunting guide
• Hardening guidance
• Security information and event management (SIEM) integration recommendations

F5 strongly recommends updating BIG-IP software as soon as possible. F5 support is providing a threat hunting guide to strengthen detection and monitoring. It also published best practices for hardening F5 systems, adding automated hardening checks to the F5 iHealth Diagnostic Tool. This tool can help surface gaps, prioritize actions and provide links to remediation guidance.

Lastly, F5 recommends the following:

• Enabling BIG-IP event streaming to SIEM
• Following step-by-step instructions for syslog configuration (KB13080)
• Monitoring for login attempts (KB13426) to enhance visibility and alerting for:
  • Admin logins
  • Failed authentications
  • Privilege and configuration changes

Conclusion

The potential impact of this compromise is unique due to the theft of confidential information regarding previously undisclosed vulnerabilities that F5 was actively in the process of patching. This data potentially grants threat actors the capacity to exploit vulnerabilities for which no public patch currently exists, which could accelerate the creation of exploits.

According to public information, the compromise was identified in early August 2025. While F5 stated they had not yet seen evidence of in-the-wild exploitation, the timing suggests that these vulnerabilities could have been exploited for upwards of two months. This highlights the need to immediately address mitigation guidance.

F5’s prompt disclosure and mitigation guidance are crucial first steps. The top priority for any organization using F5 BIG-IP is to implement mitigation and hardening guidance without delay and begin threat hunting activities immediately.

This underscores the need for a defense-in-depth strategy in the face of unknown, emerging and previously-identified vulnerabilities.

Palo Alto Networks customers are better protected by our products, as listed below. We will update this threat brief as more relevant information becomes available.

Palo Alto Networks Product Protections

Palo Alto Networks customers can leverage a variety of product protections and updates to identify and defend against this threat.

If you think you might have been compromised or have an urgent matter, get in touch with the Unit 42 Incident Response team or call:

• North America: Toll Free: +1 (866) 486-4842 (866.4.UNIT42)
• UK: +44.20.3743.3660
• Europe and Middle East: +31.20.299.3130
• Asia: +65.6983.8730
• Japan: +81.50.1790.0200
• Australia: +61.2.4062.7950
• India: 000 800 050 45107

Cortex Xpanse

Cortex Xpanse has existing attack surface rules that can be used to assist customers in identifying publicly accessible F5 devices.