Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Intelligence Briefing 24 April 2026
Black Arrow Cyber Threat Intelligence Briefing 24 April 2026:
-AI Is Now a ‘Standard Part of the Attacker Toolkit’
-Every Old Vulnerability Is Now an AI Vulnerability
-New Technology Is Increasing the Speed and Depth of Cyber Attacks
-The AI Era Demands a Different Kind of CISO
-Phishing and MFA Exploitation: Targeting the Keys to the Kingdom
-Phishing Reclaims the Top Initial Access Spot, Attackers Experiment with AI Tools
-Surge in Silent Subject Phishing Attacks Targets VIP Users
-Threat Actors Exploiting Trust in Everyday Workflows
-UK Must Brace for Rise in State-Backed Cyberattacks, Security Chief Says
-CISOs See Gaps in Their Incident Response Playbooks
-SMEs Say Cyber Resilience Is Lacking Amid Fears Security Is Failing
-Insurance Carriers Quietly Back Away from Covering AI Outputs
-Ransomware, Fraud, and Lawsuits Drive Cyber Insurance Claims to New Peaks
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Our review of cyber security open source intelligence this week includes insights that fall into four key themes.
AI is now a standard part of an attacker’s toolkit, increasing the speed and scale of attacks and amplifying the impact of existing techniques and vulnerabilities. Phishing remains a highly successful and popular route into organisations, including exploiting weaknesses in MFA and trusted business activities. The cyber insurance market is responding to the shifting risks, with insurers tightening terms around AI related risks while claims arising from ransomware, fraud and lawsuits remain prominent. Lastly, various sources are highlighting that businesses need to strengthen their management of cyber risks, including how they plan to respond to an incident.
From our perspective at Black Arrow, we are clear that the response to these developments must be from a leadership team that is upskilled on today’s evolving risks and has worked with impartial experts to assess their risks and controls, and to practice how to protect their business during an incident rather than relying only on the Technology team assurance. Contact us to discuss how to do this in a proportionate manner.
Top Cyber Stories of the Last Week
AI Is Now a ‘Standard Part of the Attacker Toolkit’
Forescout reports that artificial intelligence is now a routine part of cyber criminals’ toolkit, helping them identify weaknesses and speed up attacks. Its research found a sharp rise in AI capability, with all tested models in its latest study performing well at basic vulnerability research, compared with 55% failing a year earlier. The pace is striking: once inside a network, criminals now hand over access to other attackers in a median of 22 seconds, down from more than eight hours in 2022, increasing pressure on organisations to detect and respond far faster.
https://www.itpro.com/security/ai-is-now-a-standard-part-of-the-attacker-toolkit
Every Old Vulnerability Is Now an AI Vulnerability
In March 2026, Microsoft patched an Excel vulnerability that exposed a broader risk created by embedded AI assistants. A malicious spreadsheet could execute hidden code and use Copilot to exfiltrate data without user interaction or warning. The flaw was not new, but AI amplified its impact by acting with the same access as the host application. This means vulnerabilities in applications with embedded AI assistants can carry far greater business risk, highlighting that AI assistants effectively act as privileged systems, amplifying the impact of existing vulnerabilities.
https://www.darkreading.com/vulnerabilities-threats/every-old-vulnerability-ai-vulnerability
New Technology Is Increasing the Speed and Depth of Cyber Attacks
Financial services firms are facing faster, broader cyber attacks as criminals use artificial intelligence to find weaknesses, craft convincing scams and target suppliers as a route into larger organisations. IBM found the finance and insurance sector accounted for 27% of all incidents in 2025, while Kroll reported that 76% of organisations experienced an AI-related security incident over the past two years. In response, banks are tightening supplier checks, improving staff awareness and investing in tools that detect genuine threats more accurately, with regulators placing greater emphasis on operational resilience and rapid recovery.
https://www.ft.com/content/954a44c6-cc11-49dd-b95a-dba61438b532?syn-25a6b1a6=1
The AI Era Demands a Different Kind of CISO
AI is rapidly increasing the speed of cyber attacks, allowing weaknesses to be found and exploited in minutes rather than days or weeks. This is exposing the limits of traditional security checks such as audits, compliance reviews and periodic testing, which only show a snapshot in time. Security leadership is increasingly focused on real‑time visibility of risks, tighter control over who and what can access critical systems and data, and stronger incident response planning.
https://cyberscoop.com/ciso-strategy-ai-real-time-risk-op-ed/
Phishing and MFA Exploitation: Targeting the Keys to the Kingdom
Phishing remained a major route into organisations in 2025, featuring in 40% of incidents, while attackers increasingly bypassed multi‑factor authentication by exploiting weaknesses in how identity controls were implemented and managed. Criminals use convincing emails about routine business tasks such as IT requests, invoices, travel and expenses, often sent from trusted or seemingly internal accounts. Attackers increasingly targeted the controls that manage who is allowed to access systems, with a sharp rise in cases where organisations were fooled into trusting malicious devices, leading to a 178% increase in these types of breaches. The trend highlights how everyday workflows and trusted systems can be turned against an organisation when controls are inconsistent or poorly enforced.
https://blog.talosintelligence.com/phishing-and-mfa-exploitation-targeting-the-keys-to-the-kingdom/
Phishing Reclaims the Top Initial Access Spot, Attackers Experiment with AI Tools
Cisco Talos reports that phishing was the main route into organisations in early 2026, responsible for more than a third of known break-ins, while attacks on internet-facing systems fell from 62% at their peak to 18% after fixes and better detection. Healthcare and public administration were the most targeted sectors, each making up 24% of incidents. Weak multi-factor authentication, used to add a second identity check, remained the most common security gap at 35%. Talos also saw attackers using an AI website builder to create convincing fake login pages and steal credentials.
https://www.helpnetsecurity.com/2026/04/22/cisco-phishing-initial-access-2026/
Surge in Silent Subject Phishing Attacks Targets VIP Users
Cyberproof has reported a rise in phishing emails sent with no subject line, a tactic often targeting senior staff and other high value users. By removing normal warning signs, these messages are more likely to be opened and can also avoid some email security checks. The campaign grew throughout the first quarter of 2026, rising over 13% from January to February and a further 7.0% in March. Messages often include links, QR codes or attachments that lead to fake sign-in pages or harmful software, with attackers also misusing legitimate remote access tools to stay hidden inside organisations.
https://www.infosecurity-magazine.com/news/silent-subject-phishing-campaigns/
Threat Actors Exploiting Trust in Everyday Workflows
Abnormal AI found that email-based cyber attacks are increasingly designed to blend into normal business activity by mimicking trusted suppliers, routine payment requests and familiar internal communications. Its analysis of nearly 800,000 email attacks across more than 4,600 organisations found that 61% of business email compromise incidents involved supplier relationships. Phishing made up 58% of attacks, with many using multi-step web links to evade detection. The findings show that attackers are exploiting trust and everyday working practices, making fraudulent messages far harder to distinguish from legitimate business communication.
https://betanews.com/article/threat-actors-exploiting-trust-in-everyday-workflows/
UK Must Brace for Rise in State-Backed Cyberattacks, Security Chief Says
The UK is facing a growing threat from state-backed cyber attacks, with the National Cyber Security Centre handling around four nationally significant incidents each week. While ransomware remains the most common risk, the most serious attacks are now increasingly linked to hostile governments. Officials also warned that rising geopolitical tensions could trigger large-scale disruptive campaigns, particularly against critical national infrastructure. In response, the government is seeking closer cooperation with AI firms and has committed £90 million over three years to strengthen cyber security, including support for smaller businesses.
https://www.claimsjournal.com/news/national/2026/04/22/337080.htm
CISOs See Gaps in Their Incident Response Playbooks
Sygnia found that more than three quarters of senior security leaders said their organisation had suffered a cyber attack in the past year, yet 73% felt unprepared for the next one. While almost all reported having a formal incident response plan, many still struggle to put it into practice. Common weaknesses include poor coordination between decision makers, limited board and executive involvement, and delays caused by legal or communications concerns. The findings point to the importance of direct business leader involvement in incident response readiness, clearer decision‑making and coordination during attacks, and addressing visibility gaps before an incident occurs.
https://www.ciodive.com/news/cisos-gaps-incident-response-playbooks/817765/
SMEs Say Cyber Resilience Is Lacking Amid Fears Security Is Failing
A survey of 500 UK SMEs suggests cyber security readiness remains weak despite rising threat levels. One in eight businesses reported a past cyber attack, while 52% rated themselves moderately to highly vulnerable to future incidents. Fewer than one in ten provide regular staff awareness training, and less than a third have increased cyber security spending in the past two years. The findings also show limited resilience if operations are disrupted, with one in eight businesses saying they could not survive a full shutdown lasting more than 48 hours, highlighting that gaps in training, preparedness and investment translate directly into business survival risk.
https://www.emergingrisks.co.uk/smes-say-cyber-resilience-is-lacking-amid-fears-security-is-failing/
Insurance Carriers Quietly Back Away from Covering AI Outputs
Insurers are becoming more cautious about covering risks linked to artificial intelligence, with some excluding losses caused by AI generated decisions and others raising premiums. The concern is that many AI systems can produce inconsistent or hard to explain results, making claims harder to assess. Insurance providers are also asking far more detailed questions about how organisations use and control AI. Cover is proving especially difficult for businesses whose products are built around AI, while firms with clear oversight, monitoring and fallback plans are viewed more favourably by insurers.
Ransomware, Fraud, and Lawsuits Drive Cyber Insurance Claims to New Peaks
Cyber insurance provider At-Bay’s 2026 analysis of more than 100,000 policy years shows cyber insurance claims rising, with overall claim frequency up 7% and average losses reaching a record $221,000. Ransomware remained the most costly incident, averaging $508,000, while financial fraud was the most common, making up about 30% of claims. In 2025, 73% of ransomware attacks started through a virtual private network, or VPN, up from 38% two years earlier, while VPNs and remote desktop tools together accounted for 87% of claims. Separate legal claims also increased significantly, adding further cost through lawsuits and business interruption.
https://www.helpnetsecurity.com/2026/04/23/cyber-insurance-claims-report/
Governance, Risk and Compliance
CISOs see gaps in their incident response playbooks | CIO Dive
SMEs say cyber resilience is lacking amid fears security is failing
Ransomware, fraud, and lawsuits drive cyber insurance claims to new peaks - Help Net Security
CISOs reshape their roles as business risk strategists | CSO Online
Oil crisis? IT spending de-coupled from wider war shock • The Register
The AI era demands a different kind of CISO | CyberScoop
Cyber risks still getting lost in translation
Beyond awareness: Human risk management metrics for CISOs | TechTarget
Threats
Ransomware, Extortion and Destructive Attacks
Most Organizations Fail to Fully Recover After Ransomware Attacks
Ransomware, fraud, and lawsuits drive cyber insurance claims to new peaks - Help Net Security
'The Gentlemen' Rapidly Rises to Ransomware Prominence
1 in 3 Ransomware Claims Started with SonicWall in 2025 as VPN Attacks Nearly Double in Two Years
Payouts King ransomware uses QEMU VMs to bypass endpoint security
SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
The Gentlemen Ransomware Expands With Rapid Affiliate Growth - Infosecurity Magazine
Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
Adaptavist Group breach: Ransomware crew claims mega-haul • The Register
Kyber ransomware gang toys with post-quantum encryption on Windows
'Thankful I Got Caught': FBI Arrests Teen Hacker After Massive PowerSchool Breach
Scattered Spider member Tyler Buchanan pleads guilty to major crypto theft
Ransomware’s Next Phase: From Data Encryption to Business Extortion | Silicon UK Tech News
Third ransomware pro pleads guilty to cybercrime U-turn • The Register
Ransomware negotiator admits role in attacks he was hired to resolve - Help Net Security
Ex-FBI lead urges homicide charges against ransomware scum • The Register
Ransomware and Destructive Attack Victims
'Thankful I Got Caught': FBI Arrests Teen Hacker After Massive PowerSchool Breach
Hackers target US banking giants Frost Bank and Citizens Bank | Cybernews
Automotive Ransomware Attacks Double in a Year - Infosecurity Magazine
Ransomware Hits Automotive Data Expert Autovista - SecurityWeek
M&S one year on: turning anticipation into secure by design | Computer Weekly
French govt agency confirms breach as hacker offers to sell data
Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000 - SecurityWeek
Phishing & Email Based Attacks
Surge in Silent Subject Phishing Campaigns Targets VIP Users - Infosecurity Magazine
Threat actors exploiting trust in everyday workflows - BetaNews
Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks - SecurityWeek
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
Phishing and MFA exploitation: Targeting the keys to the kingdom
New iPhone phishing scam involves email sent from Apple servers | Macworld
Watch Out for Unexpected Apple Account Change Emails. It's a Phishing Scam
Cyberattack on French government agency triggers phishing alert - Help Net Security
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Threat actors exploiting trust in everyday workflows - BetaNews
Other Social Engineering
Threat actors exploiting trust in everyday workflows - BetaNews
Microsoft: Teams increasingly abused in helpdesk impersonation attacks
Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks - SecurityWeek
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
US nationals sentenced for aiding North Korea’s tech worker scheme | CyberScoop
North Korea targets macOS users in latest heist • The Register
New iPhone phishing scam involves email sent from Apple servers | Macworld
macOS ClickFix attacks deliver AppleScript stealers • The Register
AI Tools Are Helping Mediocre North Korean Hackers Steal Millions | WIRED
Lazarus Group Uses Fake Meetings to Hijack Crypto Firms | CoinMarketCap
How to spot a North Korean fake in a job interview - Help Net Security
2FA/MFA
Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks - SecurityWeek
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
Phishing and MFA exploitation: Targeting the keys to the kingdom
Artificial Intelligence
UK Government Sound Alarm Over AI Security Risk - IT Security Guru
HR Magazine - Government advises businesses about AI cyber threats
What is Anthopic's Claude Mythos and what risks does it pose? - BBC News
Insurance carriers quietly back away from covering AI outputs | CSO Online
New technology is increasing the speed and depth of cyber attacks
The AI cybersecurity boom may be creating a bigger problem than it solves | Ctech
Anthropic's Mythos AI model sparks fears of turbocharged hacking - Ars Technica
Russia uses AI to hack Europe, Dutch intelligence warns – POLITICO
Cybersecurity in the age of AI means bigger, faster threats | TechTarget
A tsunami of flaws: When frontier AI and Patch Tuesday collide | Computer Weekly
Anthropic’s Claude Is Pumping Out Vulnerable Code, Cyber Experts Warn
AI Tools Are Helping Mediocre North Korean Hackers Steal Millions | WIRED
ECB to Quiz Bankers About Risks of Anthropic’s New AI Model, Source Says
Beyond Mythos: A Defining Moment for Cybersecurity
OpenClaw Exposes the Real Cybersecurity Risks of Agentic AI - Infosecurity Magazine
Anthropic's Mythos model accessed by unauthorized users, Bloomberg News reports | Reuters
OpenAI’s Codex agent fails as an investigator | Cybernews
House lawmakers get a chilling demo of ‘jailbroken’ AI - POLITICO
Time for government, business leaders to figure out AI cybersecurity regulation — Harvard Gazette
Mythos can find the vulnerability. It can't tell you what to do about it. | CyberScoop
Anthropic's Mythos AI System Might Actually Create More Cybersecurity Vulnerabilities
Every Old Vulnerability Is Now an AI Vulnerability
Commercial AI Models Show Rapid Gains in Vulnerability Research - Infosecurity Magazine
How AI companies are quietly becoming the world’s cybersecurity gatekeepers - The Hindu
New artificial intelligence bots could drain nation's cash machines | This is Money
Never put all your eggs in one basket, fintech CTO warns after Anthropic suspends 60+ accounts
UK to build ‘national cyber shield’ to protect against AI cyber threats | Computer Weekly
Bots/Botnets
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
Attackers Exploit DVR Command Injection Flaw to Deploy Botnet - Infosecurity Magazine
New Mirai campaign exploits RCE flaw in EoL D-Link routers
New Mirai variants target routers and DVRs in parallel campaigns - Help Net Security
Researchers link Smartproxy.org IPs to IPIDEA botnet network Google disrupted | Cybernews
Careers, Roles, Skills, Working in Cyber and Information Security
CYBERUK ’26: UK lagging on legal protections for cyber pros | Computer Weekly
What it takes to win that CSO role | CSO Online
CISOs reshape their roles as business risk strategists | CSO Online
The AI era demands a different kind of CISO | CyberScoop
Cloud/SaaS
EU pushes for stronger cloud sovereignty, awards €180 million to four providers - Help Net Security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
AI Tools Are Helping Mediocre North Korean Hackers Steal Millions | WIRED
Lazarus Group Uses Fake Meetings to Hijack Crypto Firms | CoinMarketCap
KelpDAO suffers $290 million heist tied to Lazarus hackers
macOS ClickFix attacks deliver AppleScript stealers • The Register
Are Russian exchanges like Grinex targeted by hackers or spies? - Cryptopolitan
Grinex exchange blames "Western intelligence" for $13.7M crypto hack
Google warns quantum computers could break crypto encryption sooner than expected. | Mashable
China's Apple App Store infiltrated by crypto-stealing wallet apps
Dozens of Malicious Crypto Apps Land in Apple App Store - SecurityWeek
Cyber Crime, Organised Crime & Criminal Actors
Scattered Spider member Tyler Buchanan pleads guilty to major crypto theft
Inside Caller-as-a-Service Fraud: The Scam Economy Has a Hiring Process
The shadowy SIM farms behind those incessant scam texts - and how to stay safe | ZDNET
How Cybercrime Became a Leading Industry in ‘Scambodia’ - WSJ
Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops
Hackers who stole crime tip records now selling them | Cybernews
A single platform powers SIM farm proxy networks across 17 countries - Help Net Security
Data Breaches/Leaks
Hackers who stole crime tip records now selling them | Cybernews
Lovable denies data leak, cites 'intentional behavior' • The Register
Unsecured Perforce Servers Expose Sensitive Data From Major Orgs - SecurityWeek
Data breach at edtech giant McGraw Hill affects 13.5 million accounts
Man gets 30 months for selling thousands of hacked DraftKings accounts
Hacker Jeffrey Epstein claims 400K records stolen from Bol | Cybernews
WhatsApp Leaks User Metadata to Attackers
France's 'Secure' ID agency probes claimed 19M record breach • The Register
Cosmetics giant Rituals confirms data breach of customer membership records | TechCrunch
Crook claims to leak 'video surveillance footage' of firms • The Register
President of German parliament hit by Signal hack, report says – POLITICO
Data Protection
GDPR works, but only where someone enforces it - Help Net Security
Data/Digital Sovereignty
EU pushes for stronger cloud sovereignty, awards €180 million to four providers - Help Net Security
Denial of Service/DoS/DDoS
Four arrested in latest ‘PowerOFF’ DDoS-for-hire takedown | The Record from Recorded Future News
Europol launches Operation PowerOFF — warns 75,000 DDoS users and takes down 53 domains | TechRadar
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility
Mastodon says its flagship server was hit by a DDoS attack | TechCrunch
Encryption
Half of the 6 Million Internet-Facing FTP Servers Lack Encryption - SecurityWeek
Google warns quantum computers could break crypto encryption sooner than expected. | Mashable
Kyber ransomware gang toys with post-quantum encryption on Windows
The race to become quantum-safe | IT Pro
Fraud, Scams and Financial Crime
Ransomware, fraud, and lawsuits drive cyber insurance claims to new peaks - Help Net Security
Inside Caller-as-a-Service Fraud: The Scam Economy Has a Hiring Process
The shadowy SIM farms behind those incessant scam texts - and how to stay safe | ZDNET
How cybercrime became a leading industry in ‘Scambodia’
Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops
A single platform powers SIM farm proxy networks across 17 countries - Help Net Security
How to spot a North Korean fake in a job interview - Help Net Security
Insider Risk and Insider Threats
How to spot a North Korean fake in a job interview - Help Net Security
Insurance
Ransomware, fraud, and lawsuits drive cyber insurance claims to new peaks - Help Net Security
Insurance carriers quietly back away from covering AI outputs | CSO Online
Cyber risks still getting lost in translation
Internet of Things – IoT
Attackers Exploit DVR Command Injection Flaw to Deploy Botnet - Infosecurity Magazine
New Mirai campaign exploits RCE flaw in EoL D-Link routers
New Mirai variants target routers and DVRs in parallel campaigns - Help Net Security
Law Enforcement Action and Take Downs
Four arrested in latest ‘PowerOFF’ DDoS-for-hire takedown | The Record from Recorded Future News
Europol launches Operation PowerOFF — warns 75,000 DDoS users and takes down 53 domains | TechRadar
Scattered Spider member Tyler Buchanan pleads guilty to major crypto theft
British National Admits Hacking Companies and Stealing Millions in Virtual Currency
DraftKings hacker sentenced to prison, ordered to pay $1.4 Million
Man gets 30 months for selling thousands of hacked DraftKings accounts
'Thankful I Got Caught': FBI Arrests Teen Hacker After Massive PowerSchool Breach
Third ransomware pro pleads guilty to cybercrime U-turn • The Register
Ransomware negotiator admits role in attacks he was hired to resolve - Help Net Security
Linux and Open Source
Open source malware sees a 21 percent increase - BetaNews
Malvertising
When PUPs Bite: Huntress Uncovers “weaponised” Adware Exposing 25,000+ Systems
Malware
When PUPs Bite: Huntress Uncovers “weaponised” Adware Exposing 25,000+ Systems
Open source malware sees a 21 percent increase - BetaNews
Formbook Malware Campaign Uses Multiple Obfuscation Techniques - Infosecurity Magazine
Another npm supply chain worm hits dev environments • The Register
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths - Security Boulevard
macOS ClickFix attacks deliver AppleScript stealers • The Register
Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware
Bitwarden NPM Package Hit in Supply Chain Attack - SecurityWeek
New Checkmarx supply-chain breach affects KICS analysis tool
109 Fake GitHub Repositories Used to Deliver SmartLoader and StealC Malware
Mobile
China's Apple App Store infiltrated by crypto-stealing wallet apps
Dozens of Malicious Crypto Apps Land in Apple App Store - SecurityWeek
New iPhone phishing scam involves email sent from Apple servers | Macworld
Android Phones Shown to Have a Major Biometric Security Weakness - Tech Advisor
The History of iOS Exploits: Apple’s Flawed Security Paradigm
Models, Frameworks and Standards
GDPR works, but only where someone enforces it - Help Net Security
UK Commits £90m for Cybersecurity and Pushes for ‘Resilience Pledge’ - Infosecurity Magazine
Passwords, Credential Stuffing & Brute Force Attacks
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
What Makes Credential Stuffing Difficult to Detect? - Security Boulevard
NCSC heralds end of passwords for consumers and pushes secure passkeys | Computer Weekly
Regulations, Fines and Legislation
Social media bans might steer kids into riskier corners of the internet - Help Net Security
Time for government, business leaders to figure out AI cybersecurity regulation — Harvard Gazette
CISA Budget Cuts Could Push More Security Burden onto MSSPs | news | MSSP Alert
EU's New Age Verification App Can Be Hacked Within 2 Minutes, Researchers Claim
Ex-FBI lead urges homicide charges against ransomware scum • The Register
The surveillance law Congress can't quit — and can't explain | CyberScoop
Washington’s 2026 cyber strategy normalises offensive operations | The Strategist
CISA director pick Sean Plankey withdraws his nomination | CyberScoop
Social Media
Social media bans might steer kids into riskier corners of the internet - Help Net Security
Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility
Mastodon says its flagship server was hit by a DDoS attack | TechCrunch
UK probes Telegram, teen chat sites over CSAM sharing concerns
Supply Chain and Third Parties
Threat actors exploiting trust in everyday workflows - BetaNews
Another npm supply chain worm hits dev environments • The Register
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths - Security Boulevard
Bitwarden NPM Package Hit in Supply Chain Attack - SecurityWeek
New Checkmarx supply-chain breach affects KICS analysis tool
109 Fake GitHub Repositories Used to Deliver SmartLoader and StealC Malware
Unsecured Perforce Servers Expose Sensitive Data From Major Orgs - SecurityWeek
Crook claims to leak 'video surveillance footage' of firms • The Register
The US NSA is using Anthropic's Claude Mythos despite supply chain risk
Why the Axios attack proves AI is mandatory for supply chain security | CyberScoop
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
U.K. Forces Counter Covert Russian Submarine Activities, Officials Say - USNI News
The scramble to protect Britain’s undersea cables from sabotage
New undersea cable cutter risks Internet’s backbone - Ars Technica
How Iran Has Excelled at 'Threat Projection' Using Cyber
UK Must Brace for Rise in State-Backed Cyberattacks, Security Chief Says
UK faces ‘perfect storm’ for cybersecurity, says cyber chief - UKTN
Sweden Sees Russia Intensifying Cyber Attacks on Infrastructure
Poland hit by record cyberattacks in 2025 as minister warns of 'digital war'
Government Can’t Win the Cyber War Without the Private Sector - SecurityWeek
Iran claims US used backdoors in networking equipment • The Register
The U.S. must defend the final frontier against cyberattacks - SpaceNews
Seeing the Cyber in Economic Statecraft
Nation State Actors
UK Says Iran, China Drive Regular Significant Cyberattacks
Iran, Russia and China behind most major cyberattacks on UK, security chief warns | The Independent
Cyber chief: UK faces "perfect storm" for cyber security | National Cyber Security Centre
UK intelligence: 100 nations have spyware that can hack Britain – POLITICO
Cheapskate cyber strategy won't stop Beijing's finest • The Register
UK Must Brace for Rise in State-Backed Cyberattacks, Security Chief Says
The U.S. must defend the final frontier against cyberattacks - SpaceNews
Seeing the Cyber in Economic Statecraft
China
UK Says Iran, China Drive Regular Significant Cyberattacks
Iran, Russia and China behind most major cyberattacks on UK, security chief warns | The Independent
Cheapskate cyber strategy won't stop Beijing's finest • The Register
The scramble to protect Britain’s undersea cables from sabotage
New undersea cable cutter risks Internet’s backbone - Ars Technica
UK Must Brace for Rise in State-Backed Cyberattacks, Security Chief Says
Chinese APT Targets Indian Banks, Korean Policy Circles
Russia
UK: Russian Hacking Reaches New Levels of Hostility
Iran, Russia and China behind most major cyberattacks on UK, security chief warns | The Independent
The scramble to protect Britain’s undersea cables from sabotage
U.K. Forces Counter Covert Russian Submarine Activities, Officials Say - USNI News
Russia uses AI to hack Europe, Dutch intelligence warns – POLITICO
Sweden Sees Russia Intensifying Cyber Attacks on Infrastructure
Poland hit by record cyberattacks in 2025 as minister warns of 'digital war'
Sanctioned Grinex halts after $13M crypto hack / The New Voice of Ukraine
Information Warfare: Russians Returning To landlines
North Korea
AI Tools Are Helping Mediocre North Korean Hackers Steal Millions | WIRED
Lazarus Group Uses Fake Meeting Hack
KelpDAO suffers $290 million heist tied to Lazarus hackers
North Korea targets macOS users in latest heist • The Register
UK Must Brace for Rise in State-Backed Cyberattacks, Security Chief Says
How to spot a North Korean fake in a job interview - Help Net Security
Iran
UK Says Iran, China Drive Regular Significant Cyberattacks
Iran, Russia and China behind most major cyberattacks on UK, security chief warns | The Independent
How Iran Has Excelled at 'Threat Projection' Using Cyber
Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility
The thin gray line: Handala, CyberAv3ngers and Iran’s proxy ops | CSO Online
Cybersecurity Risks Related to the Iran War | Dinsmore & Shohl LLP - JDSupra
Iran claims US used backdoors in networking equipment • The Register
Inside ZionSiphon: politically driven malware aims at Israeli water systems
Tools and Controls
Ransomware, fraud, and lawsuits drive cyber insurance claims to new peaks - Help Net Security
What is Anthopic's Claude Mythos and what risks does it pose? - BBC News
New technology is increasing the speed and depth of cyber attacks
The AI cybersecurity boom may be creating a bigger problem than it solves | Ctech
Anthropic’s New Mythos A.I. Model Sets Off Global Alarms - The New York Times
1 in 3 Ransomware Claims Started with SonicWall in 2025 as VPN Attacks Nearly Double in Two Years
CISOs see gaps in their incident response playbooks | CIO Dive
CISOs reshape their roles as business risk strategists | CSO Online
The AI era demands a different kind of CISO | CyberScoop
Half of the 6 Million Internet-Facing FTP Servers Lack Encryption - SecurityWeek
ECB to Quiz Bankers About Risks of Anthropic’s New AI Model, Source Says
Commercial AI Models Show Rapid Gains in Vulnerability Research - Infosecurity Magazine
How AI companies are quietly becoming the world’s cybersecurity gatekeepers - The Hindu
Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware
The Mythos Breach: Why Frontier Models Turn AI Safety Into A Fiduciary Responsibility
Oil crisis? IT spending de-coupled from wider war shock • The Register
Other News
Cyber attacks fuel surge in cargo theft across logistics industry
MacOS Native Tools Enable Stealthy Enterprise Attacks - Infosecurity Magazine
MSSPs Need to Move Beyond Reactive Security | perspective | MSSP Alert
Health care’s biggest cybersecurity vulnerability is structural | STAT
How hackers are helping criminal gangs hijack truck deliveries
Experts say telecoms should include internet security for free | News | ERR
Vulnerability Management
New technology is increasing the speed and depth of cyber attacks
The AI cybersecurity boom may be creating a bigger problem than it solves | Ctech
Anthropic's Mythos AI model sparks fears of turbocharged hacking - Ars Technica
A tsunami of flaws: When frontier AI and Patch Tuesday collide | Computer Weekly
What is Anthopic's Claude Mythos and what risks does it pose? - BBC News
ECB to Quiz Bankers About Risks of Anthropic’s New AI Model, Source Says
Anthropic's Mythos model accessed by unauthorized users, Bloomberg News reports | Reuters
Mythos can find the vulnerability. It can't tell you what to do about it. | CyberScoop
Every Old Vulnerability Is Now an AI Vulnerability
Commercial AI Models Show Rapid Gains in Vulnerability Research - Infosecurity Magazine
NIST to stop rating non-priority flaws due to volume increase
The History of iOS Exploits: Apple’s Flawed Security Paradigm
Vulnerabilities
Unpatched Microsoft Defender Flaw Lets Hackers Gain Admin Access on Windows | Extremetech
Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks
PoC Exploit Released for Windows Snipping Tool NTLM Hash Leak Vulnerability
Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster - SecurityWeek
More Cisco SD-WAN bugs battered in attacks • The Register
New RDP Alert After April 2026 Security Update Warns of Unknown Connections
Android Phones Shown to Have a Major Biometric Security Weakness - Tech Advisor
Microsoft releases emergency updates to fix Windows Server issues
Critical flaw in Protobuf library enables JavaScript code execution
Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case
Apple releases important iOS and iPadOS security fix you need to install now - PhoneArena
Oracle Patches 450 Vulnerabilities With April 2026 CPU - SecurityWeek
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
New Firefox update patches a whopping 271 bugs with help from Claude Mythos | ZDNET
New Mirai variants target routers and DVRs in parallel campaigns - Help Net Security
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution
Microsoft issues emergency update for macOS and Linux ASP.NET threat - Ars Technica
Hackers exploit file upload bug in Breeze Cache WordPress plugin
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 17 April 2026
Black Arrow Cyber Threat Intelligence Briefing 17 April 2026:
-UK Financial Regulators Rush to Assess Risks of Anthropic Latest AI Model, FT Reports
-AI Adoption Is Outpacing the Safeguards Around It
-PwC: Cyber Security Risk Outpaces Corporate Ability to Manage
-New VENOM Phishing Attacks Steal Senior Executives’ Microsoft Logins
-Beyond Wipers: Iran-Backed Cyber Attacks and the Threat to Businesses
-Wiz: 80% of Cloud Breaches Are Caused by Basic Mistakes
-Ransomware Lives On, Blending Hacktivism and Crime, Fuelled by AI
-Security Leaders Overconfident About Ransomware Recovery
-‘It’s More Common Than You Think’: Experts Reveal How Hackers Are Trying to Hijack Your Inbox with These Clever Tactics
-From Awareness to Action: Closing the Human Risk Gap in Cyber Security
-How the Enterprise Supply Chain Has Created a Global Attack Surface
-UK Reliance on US Big Tech Companies Is ‘National Security Risk’, Claims Report
-The Most Important Cyber Security Trends in 2026 So Far
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
In our threat intelligence briefing last week, we described how Anthropic’s new AI model had identified thousands of new serious vulnerabilities in major operating systems and ways to exploit them; this week, we include details of how the UK financial regulators are working to quickly address these AI developments with similar activity in other countries. We also report on how the adoption of AI by organisations themselves has increased the need for business leaders to strengthen their understanding and management of the associated risks.
We include details this week of how AI and other attacker tactics have increased risks such as inbox compromise, ransomware and other destructive attacks. Our advice on how business leaders should manage the risks remains fundamentally unchanged. The leadership should ensure a strong understanding of cyber risks from impartial experts, to lead the conversation on risk management with their control providers through proportionate controls underpinned by credible governance. The focus is not just on security, to reduce the probability of a successful attack, but also on resilience to withstand a successful attack when it happens. Contact us to discuss a suitable approach to achieve this.
Top Cyber Stories of the Last Week
UK Financial Regulators Rush to Assess Risks of Anthropic Latest AI Model, FT Reports
UK financial regulators are urgently assessing the cyber security implications of a new artificial intelligence model after claims it identified thousands of serious weaknesses across widely used software, including operating systems and web browsers. The Bank of England, the Financial Conduct Authority, HM Treasury and the National Cyber Security Centre are working with major banks, insurers and exchanges to understand whether the model could expose risks in critical systems. The move reflects growing concern that advanced AI could strengthen cyber defence, but also increase the risk of more effective cyber attacks.
AI Adoption Is Outpacing the Safeguards Around It
AI is being adopted faster than the safeguards around it, creating new risks for organisations. Reported AI related incidents rose from 233 in 2024 to 362 in 2025, while separate monitoring showed monthly cases reaching 435 at the start of 2026. At the same time, major AI providers are giving less visibility into how their systems are built and tested, with transparency scores falling from 58 to 40 in a year. This leaves organisations relying more on their own testing, monitoring and supplier controls to manage systems whose behaviour can be harder to predict than traditional software.
https://www.helpnetsecurity.com/2026/04/14/ai-adoption-safety-transparency-report/
PwC: Cyber Security Risk Outpaces Corporate Ability to Manage
PwC’s latest survey of more than 600 US executives shows cyber security is a board-level business risk that most organisations do not feel equipped to deal with. While 60% rank it among their top three risks, only 6% say they can manage it effectively. The report also found 68% see cyber-attacks as a moderate or serious threat, while 38% have increased spending on technology and artificial intelligence since January 2025. Despite this investment, many firms remain on the back foot as fast-changing regulation and rapid advances in AI make threats harder to manage.
https://www.inforisktoday.com/pwc-cybersecurity-risk-outpaces-corporate-ability-to-manage-a-31405
New VENOM Phishing Attacks Steal Senior Executives’ Microsoft Logins
A previously undocumented phishing‑as‑a‑service platform known as VENOM is targeting C‑suite executives through highly personalised emails designed to look like internal Microsoft SharePoint messages. The campaign uses QR codes to move victims onto mobile devices, where attackers relay the victim’s login and multi‑factor authentication process to Microsoft in real time, allowing them to capture credentials and active session tokens. Active since at least November, VENOM appears closed to wider criminal use, limiting its visibility. The activity highlights how senior leadership accounts are being deliberately singled out using sophisticated, identity‑focused phishing techniques.
Beyond Wipers: Iran-Backed Cyber Attacks and the Threat to Businesses
Iran-linked cyber activity is posing a growing risk to UK and US organisations, particularly those in finance, healthcare, energy, transport and critical services. One recent attack reportedly disrupted a global medical technology firm and claimed to have wiped more than 200,000 devices using a legitimate remote management tool. Researchers have tracked 5,800 attacks from 50 Iran-linked groups. While the US faces the greatest direct exposure, UK businesses remain vulnerable through supply chains and cloud-based services. Business leaders should ensure foundational controls are in place, including patching systems, enforcing MFA, reviewing privileged access, resilient backups and having incident response plans ready.
Wiz: 80% of Cloud Breaches Are Caused by Basic Mistakes
Researchers report that 80% of cloud breaches in 2025 stemmed from basic mistakes such as poor system configuration, weak handling of passwords and access keys, and gaps in user security. 53% of malicious activity that occurred before an attack involved reconnaissance, where criminals quietly map systems and test access. Rapid AI adoption is widening the number of possible entry points, while attackers are also using AI to speed up phishing, automate tasks and scale operations. To address this, business leaders should focus on visibility of the organisation’s externally reachable assets, identities and attack paths, while reinforcing basic security hygiene.
Ransomware Lives On, Blending Hacktivism and Crime, Fuelled by AI
Ransomware continues to evolve despite law enforcement disruption, with groups adopting more aggressive extortion tactics and increasingly blending criminal and political motives. Artificial intelligence is being used to generate malicious code, improve social engineering and scale operations, lowering the barrier for less‑skilled actors. In 2025, ransomware groups extorted more than $724 million in cryptocurrency, highlighting the profitability of the model. Hybrid ransomware and hacktivist groups are also using ransomware tools for ideological impact alongside traditional financial extortion. Business leaders should ensure strong control over user identities and privileges, as ransomware and extortion attacks are only as effective as the access they are able to obtain.
Security Leaders Overconfident About Ransomware Recovery
Many organisations are overconfident about their ability to recover from ransomware. Research shows that while 90% of security leaders believe they can restore operations quickly, only 28% fully recover their data after an attack. On average, just 72% of affected data is restored, with many organisations still facing data loss, downtime and business disruption. The report also found that more than 40% of organisations hit by cyber incidents suffered customer disruption or financial loss. Rapid adoption of artificial intelligence is adding further risk, with 43% saying it is advancing faster than their ability to secure it.
https://www.itpro.com/security/security-leaders-overconfident-about-ransomware-recovery
‘It’s More Common Than You Think’: Experts Reveal How Hackers Are Trying to Hijack Your Inbox with These Clever Tactics
Proofpoint has warned that criminals are increasingly abusing a legitimate email feature called inbox rules to quietly maintain access to compromised accounts. These automated settings can hide security alerts, forward sensitive messages, and mark emails as read, allowing attackers to monitor communications and impersonate victims without drawing attention. In the final quarter of 2025, around 10% of breached accounts had a malicious rule created within seconds of the initial compromise. Senior leaders, finance teams and other outward-facing roles remain particularly attractive targets for this type of cyber attack.
From Awareness to Action: Closing the Human Risk Gap in Cyber Security
Human behaviour is one of the biggest drivers of cyber security incidents, yet most organisations are still not responding effectively. Mimecast reports that 96% of those surveyed believe their defences against people being deceived or misusing access are incomplete. Attacks are rising across email, messaging and collaboration tools, with 53% reporting more phishing, 48% more email fraud and 45% more attacks through workplace platforms. The report also found that just 8% of users account for 80% of incidents, highlighting the value of better oversight, targeted training and joined-up security controls.
How the Enterprise Supply Chain Has Created a Global Attack Surface
Modern organisations now face growing cyber security risk through their suppliers, not just their own systems. As businesses rely on more cloud services, software providers and outsourced partners, each relationship can create a route into sensitive data or critical operations. Recent disruption linked to the war in Ukraine showed how problems in one region can affect organisations far beyond it through indirect supplier connections. The most effective response is a practical one: focus greatest scrutiny on high-risk suppliers with access to important systems or data, and build security checks into procurement and access decisions from the start.
UK Reliance on US Big Tech Companies Is ‘National Security Risk’, Claims Report
A report backed by MPs warns that the UK’s heavy dependence on a small number of US technology providers for data centres, software and other critical digital services could become a national security risk. It argues that political tensions could disrupt essential services, while limited competition may also be driving up public sector cloud costs by as much as £500 million a year. The report calls for greater investment in UK-based providers, open standards and open-source software (publicly available code that organisations can inspect and adapt), to improve resilience, reduce lock-in and support innovation.
The Most Important Cyber Security Trends in 2026 So Far
Cyber security trends in early 2026 centre on artificial intelligence, ransomware and nation‑state attacks. AI is being used to detect threats and understand sensitive data environments, while at the same time attackers use it to scale phishing, social engineering and deepfake attacks. Identity and access management remains vulnerable where credentials are compromised, or insider threats occur. Ransomware continues to evolve, with some attacks focused on encrypting or wiping systems to disrupt operations. Business leaders should ensure their data is identified and protected wherever it is stored or accessed, apply clear classification, and scrutinise third‑party software and suppliers.
https://securityboulevard.com/2026/04/the-most-important-cybersecurity-trends-in-2026-so-far/
Governance, Risk and Compliance
PwC: Cybersecurity Risk Outpaces Corporate Ability to Manage
Businesses are paying the price for CISO burnout | Computer Weekly
The Most Important Cybersecurity Trends in 2026 So Far - Security Boulevard
Only a third of cybersecurity professionals plan to stay in their current role - BetaNews
Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)
Threats
Ransomware, Extortion and Destructive Attacks
Just Three Ransomware Gangs Accounted for 40% of Attacks Last Month - Infosecurity Magazine
Ransomware Lives On, Blending Hacktivism and Crime, Fueled by AI - Security Boulevard
Ransomware Groups Are Actively Disabling Your EDR Before You Even Know It - Security Boulevard
Security leaders overconfident about ransomware recovery | IT Pro
Ransomware scum, other crims exploit 4 old Microsoft bugs • The Register
Emulating the Persuasive NightSpire Ransomware - Security Boulevard
0APT ransomware gang extorts Krybit amid doxxing threat • The Register
Pay up for ransomware and they’ll be back for more - BetaNews
Crypto-exchange Kraken extorted by hackers after insider breach
Ransomware and Destructive Attack Victims
Beyond wipers: Iran-backed cyber attacks and the threat to businesses | IT Pro
Stolen Rockstar Games analytics data leaked by extortion gang
Hackers threaten to leak over 9M Amtrak records, including personal info | Cybernews
McGraw-Hill confirms data breach following extortion threat
Hallmark data breach escalates as hackers leak and sell customer records| Cybernews
All jobs lost as Scottish company forced into liquidation after cyber attack | The National
6-Year Ransomware Campaign Targets Turkish Homes & SMBs
Teenaged Boy Arrested After NI Schools Hacked | Silicon UK Tech
U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026 | Trend Micro (US)
Phishing & Email Based Attacks
New VENOM phishing attacks steal senior executives' Microsoft logins
Poisoned "Office 365" search results lead to stolen paychecks - Help Net Security
Global phishing war targets smartphones in massive hack-for-hire espionage campaign - Times Kuwait
Other Social Engineering
From awareness to action: Closing the human risk gap in cybersecurity | resource | SC Media
Poisoned "Office 365" search results lead to stolen paychecks - Help Net Security
North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
ClickFix campaign delivers Mac malware via fake Apple page - Help Net Security
AML/CFT/Money Laundering/Terrorist Financing/Sanctions
Triad Nexus Expands Global Fraud Operations Despite US Sanctions - Infosecurity Magazine
Major Scam Network Triad Nexus Adapts Operations to Avoid U.S. Scrutiny - Security Boulevard
Artificial Intelligence
AI cyber threats: open letter to business leaders (HTML) - GOV.UK
Financial services regulators assess risks from Anthropic’s new AI model - FStech
The 'Vulnpocalypse': Why experts fear AI could tip the scales toward hackers
UK gov's Mythos AI tests help separate cybersecurity threat from hype - Ars Technica
Anthropic’s Mythos finds software flaws faster than companies can fix them | Fortune
Anthropic’s Mythos signals a structural cybersecurity shift | CSO Online
Ransomware Lives On, Blending Hacktivism and Crime, Fueled by AI - Security Boulevard
AI adoption is outpacing the safeguards around it - Help Net Security
The exploit gap is closing, and your patch cycle wasn't built for this - Help Net Security
AI and Cryptocurrency Scams are Costing Americans Billions, FBI Reports
How the explosion in machine identities is changing cyber defense | IT Pro
AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud
CEOs are embracing AI agents as cyber risks grow | Semafor
Apple Intelligence AI Guardrails Bypassed in New Attack - SecurityWeek
Rethinking Insider Risk in the Age of AI and Autonomy - Silicon UK Expert Advice
What AI-Driven Attack Chains Mean for CFOs and CISOs
China Cracking Down on the Types of AI That Are Tearing America Apart
43% of AI-generated code changes need debugging in production, survey finds | VentureBeat
Enterprises are using AI for security but less than a third fully trust it - BetaNews
Bots/Botnets
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
Careers, Roles, Skills, Working in Cyber and Information Security
Businesses are paying the price for CISO burnout | Computer Weekly
Only a third of cybersecurity professionals plan to stay in their current role - BetaNews
CISOs Urged to Innovate in Talent Retention as Job Satisfaction Declin - Infosecurity Magazine
UK Cyber Security Council Launches Associate Cyber Security Profession - Infosecurity Magazine
Cloud/SaaS
APT41 Delivers 'Undetectable' Backdoor to Steal Cloud Credentials
Wiz: 80% of cloud breaches are caused by basic mistakes | IT Pro
Microsoft 365 Tenant Security: How to Stay in Control of Your Data - Infosecurity Magazine
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
AI and Cryptocurrency Scams are Costing Americans Billions, FBI Reports
Bitcoin Depot hack leads to $3.6M Bitcoin theft via stolen credentials
Over 20,000 crypto fraud victims identified in international crackdown
French cops free mother and son after crypto kidnapping • The Register
U.S. Treasury enlists crypto in national cyber defense push as digital asset hacks rise
Crypto-exchange Kraken extorted by hackers after insider breach
$12 million frozen, 20,000 victims identified in crypto scam crackdown - Help Net Security
Cyber Crime, Organised Crime & Criminal Actors
Ransomware Lives On, Blending Hacktivism and Crime, Fueled by AI - Security Boulevard
French cops free mother and son after crypto kidnapping • The Register
W3LL phishing service sold for $500 dismantled by the FBI - Help Net Security
Triad Nexus Expands Global Fraud Operations Despite US Sanctions - Infosecurity Magazine
Cybercriminal responsible for PowerSchool breach speaks out
Hacker Unknown now known, named on Europol’s most-wanted list | CSO Online
Data Breaches/Leaks
108 Chrome Extensions Linked to Data Exfiltration and Sessio...
Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch
Over 100 Chrome extensions caught stealing Google and Telegram data: How to stay safe? | Mint
LiteLLM Supply Chain Attack Exposes Millions To Credential Theft
Hackers threaten to leak over 9M Amtrak records, including personal info | Cybernews
McGraw-Hill confirms data breach following extortion threat
Hallmark data breach escalates as hackers leak and sell customer records| Cybernews
300,000 People Impacted by Eurail Data Breach - SecurityWeek
Hims Breach Exposes the Most Sensitive Kinds of PHI
European Gym giant Basic-Fit data breach affects 1 million members
Nightclub Giant RCI Hospitality Reports Data Breach - SecurityWeek
Europe's Largest Gym Chain Says Data Breach Impacts 1 Million Members - SecurityWeek
Stolen Rockstar Games analytics data leaked by extortion gang
Hungary officials used weak passwords exposed in breach dump • The Register
Data Protection
Health insurance lead sites sell personal data within seconds of form submission - Help Net Security
Data/Digital Sovereignty
UK reliance on US big tech companies is ‘national security risk’, claims report | Computer Weekly
France to ditch Windows for Linux to reduce reliance on US tech | TechCrunch
Denial of Service/DoS/DDoS
Orgs Must Test Networks to Handle DDoS Attacks During Peak Loads
Cybercriminals are increasingly attacking digital services
Encryption
Why is the timeline to quantum-proof everything constantly shrinking? | CyberScoop
Preparing for 'Q-Day': Why Quantum Risk Management Is a Must
WhatsApp's 'End-to-End Encryption by Default' Claim Called Major Consumer Fraud by Pavel Durov
Fraud, Scams and Financial Crime
AI and Cryptocurrency Scams are Costing Americans Billions, FBI Reports
Over 20,000 crypto fraud victims identified in international crackdown
Triad Nexus Expands Global Fraud Operations Despite US Sanctions - Infosecurity Magazine
AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud
Beyond wipers: Iran-backed cyber attacks and the threat to businesses | IT Pro
$12 million frozen, 20,000 victims identified in crypto scam crackdown - Help Net Security
FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts
Identity and Access Management
How the explosion in machine identities is changing cyber defense | IT Pro
Your Next Breach Will Look Like Business as Usual
Insider Risk and Insider Threats
Crypto-exchange Kraken extorted by hackers after insider breach
From awareness to action: Closing the human risk gap in cybersecurity | resource | SC Media
Rethinking Insider Risk in the Age of AI and Autonomy - Silicon UK Expert Advice
The Quiet Revolt: What The World Happiness Report 2026 Tells Security Professionals
Internet of Things – IoT
The Tech Of The Iran War: Hacking Traffic Cameras & Cyberpunk Surveillance Ops
Law Enforcement Action and Take Downs
Teenaged Boy Arrested After NI Schools Hacked | Silicon UK Tech
$12 million frozen, 20,000 victims identified in crypto scam crackdown - Help Net Security
Hacker Unknown now known, named on Europol’s most-wanted list | CSO Online
Linux and Open Source
France to ditch Windows for Linux to reduce reliance on US tech | TechCrunch
Distributed Risk: Open-Source Software as Strategic Infrastructure | Geopolitical Monitor
Microsoft locks out top open source devs, blames process • The Register
Malvertising
Poisoned "Office 365" search results lead to stolen paychecks - Help Net Security
'Harmless' Global Adware Transforms Into an AV Killer
AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud
Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads
Signed software abused to deploy antivirus-killing scripts
Malware
'Harmless' Global Adware Transforms Into an AV Killer
APT41 Delivers 'Undetectable' Backdoor to Steal Cloud Credentials
North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
Yes, you can get malware just by visiting a website
Renovate & Dependabot: The New Malware Delivery System - Security Boulevard
The silent “Storm”: New infostealer hijacks sessions, decrypts server-side
Signed software abused to deploy antivirus-killing scripts
ClickFix campaign delivers Mac malware via fake Apple page - Help Net Security
GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
Fake Claude Website Distributes PlugX RAT - SecurityWeek
Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites | TechCrunch
New ‘LucidRook’ malware used in targeted attacks on NGOs, universities
JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025
New AgingFly malware used in attacks on Ukraine govt, hospitals
Misinformation, Disinformation and Propaganda
War Game Exercise Shows How Social Media Manipulation Works
Mobile
Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads
Users lose $9.5 million to fake Ledger wallet app on the Apple App Store
Global phishing war targets smartphones in massive hack-for-hire espionage campaign - Times Kuwait
WhatsApp's 'End-to-End Encryption by Default' Claim Called Major Consumer Fraud by Pavel Durov
Musk, Durov attack WhatsApp encryption | Cybernews
iPhone forensics expose Signal messages after app removal in U.S. case
Models, Frameworks and Standards
EU cybersecurity standards are at risk if supplier ban passes - Help Net Security
Outages
Kremlin tells Russians internet shutdowns are temporary after crackdown ruffles elite | Reuters
Passwords, Credential Stuffing & Brute Force Attacks
APT41 Delivers 'Undetectable' Backdoor to Steal Cloud Credentials
Bitcoin Depot hack leads to $3.6M Bitcoin theft via stolen credentials
New VENOM phishing attacks steal senior executives' Microsoft logins
Your Next Breach Will Look Like Business as Usual
Are Rainbow Tables Still Relevant in 2026? - Infosecurity Magazine
Raspberry Pi OS 6.2 disables passwordless sudo by default - Help Net Security
Regulations, Fines and Legislation
AI security officials warn on Anthropic model as Bank to hold meeting
Bessent, Powell Summon Bank CEOs to Urgent Meeting Over Anthropic's New AI Model - Bloomberg
EU cybersecurity standards are at risk if supplier ban passes - Help Net Security
What the EU AI Act requires for AI agent logging - Help Net Security
Netherlands won't ban ransom payments to hackers | Cybernews
The FCC just saved Netgear from its router ban for no obvious reason | The Verge
FCC just handed Netgear a de facto router monopoly in the US
Social Media
North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
The Quiet Revolt: What The World Happiness Report 2026 Tells Security Professionals
Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads
War Game Exercise Shows How Social Media Manipulation Works
BrowserGate: Claims of LinkedIn ‘Spying’ Clash With Security Research Findings - SecurityWeek
Software Supply Chain
CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads - SecurityWeek
Supply Chain and Third Parties
Two different attackers poisoned popular open source tools • The Register
How the enterprise supply chain has created a global attack surface - IT Security Guru
Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch
Google Warns of New Threat Group Targeting BPOs and Helpdesks - Infosecurity Magazine
OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Beyond wipers: Iran-backed cyber attacks and the threat to businesses | IT Pro
Do Ceasefires Slow Cyberattacks? History Suggests Not
Cyberattacks, Tariffs, Geopolitics Loom Over Business Executives
The Tech Of The Iran War: Hacking Traffic Cameras & Cyberpunk Surveillance Ops
Global phishing war targets smartphones in massive hack-for-hire espionage campaign - Times Kuwait
We should be more worried about cyber warfare targeting the civilian economy
Cybersecurity in an Age of Geopolitical Fracture
Nation State Actors
U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026 | Trend Micro (US)
China
APT41 Delivers 'Undetectable' Backdoor to Steal Cloud Credentials
U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026 | Trend Micro (US)
China Cracking Down on the Types of AI That Are Tearing America Apart
Russia
Inside the FBI’s router takedown that cut off APT28’s ‘tremendous access’ | CyberScoop
Your router may be vulnerable to Russian hackers, FBI warns: 5 steps to take now | ZDNET
Russia's 'Fancy Bear' APT Continues Its Global Onslaught
The cables powering the internet are under the ocean – and under threat | TechSpot
New AgingFly malware used in attacks on Ukraine govt, hospitals
With Russia already 'at war with us', UK must urgently defend key North Sea energy infrastructure
Kremlin tells Russians internet shutdowns are temporary after crackdown ruffles elite | Reuters
Russian-Linked Hackers Breach Emails of the Romanian Army - The Romania Journal
North Korea
Two different attackers poisoned popular open source tools • The Register
North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
Iran
Beyond wipers: Iran-backed cyber attacks and the threat to businesses | IT Pro
Do Ceasefires Slow Cyberattacks? History Suggests Not
The Tech Of The Iran War: Hacking Traffic Cameras & Cyberpunk Surveillance Ops
Iran Planning Cyberattack on US Infrastructure, Intelligence Community Warns - The National Interest
Iran-linked group Handala claims to have breached three major UAE organizations
Sweden reports cyberattack attempt on heating plant amid rising energy threats
Industrial Devices Still Vulnerable As Conflicts Move to Cyber
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Ransomware Lives On, Blending Hacktivism and Crime, Fueled by AI - Security Boulevard
Global phishing war targets smartphones in massive hack-for-hire espionage campaign - Times Kuwait
Tools and Controls
Enterprises are using AI for security but less than a third fully trust it - BetaNews
Ransomware Groups Are Actively Disabling Your EDR Before You Even Know It - Security Boulevard
PwC: Cybersecurity Risk Outpaces Corporate Ability to Manage
'Harmless' Global Adware Transforms Into an AV Killer
Microsoft locks out top open source devs, blames process • The Register
From awareness to action: Closing the human risk gap in cybersecurity | resource | SC Media
UK financial regulators rush to assess risks of Anthropic’s latest AI model
Financial services regulators assess risks from Anthropic’s new AI model - FStech
Mythos testing begins as governments raise cyber concerns
The Vuln Surge is Coming. CSA is Telling Us How to Survive It - Security Boulevard
The 'Vulnpocalypse': Why experts fear AI could tip the scales toward hackers
Testing reveals Claude Mythos's offensive capabilities and limits - Help Net Security
Claude Mythos Preview completes full cyberattack simulation for the first time - The New Stack
Anthropic’s Mythos finds software flaws faster than companies can fix them | Fortune
The exploit gap is closing, and your patch cycle wasn't built for this - Help Net Security
Security leaders overconfident about ransomware recovery | IT Pro
How AI is getting better at finding security holes : NPR
Most organizations make a mess of handling digital disruption | IT Pro
Signed software abused to deploy antivirus-killing scripts
Incident response for AI: Same fire, different fuel | Microsoft Security Blog
43% of AI-generated code changes need debugging in production, survey finds | VentureBeat
GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
Network segmentation projects fail in predictable patterns - Help Net Security
What vibe hunting gets right about AI threat hunting, and where it breaks down - Help Net Security
Other News
Fortinet report: cyberattacks against banks increasing
From Somerset to New York: Why are undersea cables so important? - BBC News
The cables powering the internet are under the ocean – and under threat | TechSpot
Mailbox Rule Abuse Emerges as Stealthy Post-Compromise Threat - Infosecurity Magazine
Cybercriminals are increasingly attacking digital services
Comms Business - One fifth of telcos' websites wide open to cyber attacks
Healthcare IT under siege: CloudWave is fighting back - SiliconANGLE
The Dumbest Hack of the Year Exposed a Very Real Problem | WIRED
Vulnerability Management
NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions
AI security officials warn on Anthropic model as Bank to hold meeting
Bessent, Powell Summon Bank CEOs to Urgent Meeting Over Anthropic's New AI Model - Bloomberg
UK financial regulators rush to assess risks of Anthropic’s latest AI model
Mythos testing begins as governments raise cyber concerns
Testing reveals Claude Mythos's offensive capabilities and limits - Help Net Security
The exploit gap is closing, and your patch cycle wasn't built for this - Help Net Security
How AI is getting better at finding security holes : NPR
Vulnerabilities
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
Microsoft drops its second-largest monthly batch of defects on record | CyberScoop
Privilege Elevation Dominates Massive Microsoft Patch Update
Windows BitLocker Vulnerability Allows Attacker to Bypass Security Feature
Cisco says critical Webex Services flaw requires customer action
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
Ransomware scum, other crims exploit 4 old Microsoft bugs • The Register
Mac users, update your ChatGPT app immediately: OpenAI issues urgent security warning | Mint
Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000 - SecurityWeek
Juniper Networks Patches Dozens of Junos OS Vulnerabilities - SecurityWeek
Adobe Patches Exploited Zero-Day That Lingered for Months
Adobe Patches 55 Vulnerabilities Across 11 Products - SecurityWeek
Recently leaked Windows zero-days now exploited in attacks
Vindictive hacker drops second Windows Defender exploit | Cybernews
SAP Patches Critical ABAP Vulnerability - SecurityWeek
Critical Fortinet sandbox bugs allow auth bypass and RCE • The Register
OpenSSL 4.0.0 release cuts deprecated protocols and gains post-quantum support - Help Net Security
Attackers target unpatched ShowDoc servers via CVE-2025-0520
DavMail 6.6.0 patches a regex flaw and advances its Microsoft Graph backend - Help Net Security
New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released
Two Vulnerabilities Patched in Ivanti Neurons for ITSM - SecurityWeek
Microsoft: April Windows Server 2025 update may fail to install
Splunk Enterprise Update Patches Code Execution Vulnerability - SecurityWeek
Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
Critical flaw in wolfSSL library enables forged certificate use
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 10 April 2026
Black Arrow Cyber Threat Intelligence Briefing 10 April 2026:
-Anthropic’s New AI Model Finds and Exploits Zero-Days Across Every Major OS and Browser
-Hundreds of Orgs Compromised Daily in Microsoft Device Code Phishing Attacks
-Qilin Ransomware Uses Malicious DLL to Kill Almost Every Vendor’s EDR Solutions
-More than Half of Enterprises Are Using Devices with Out-of-Date Operating Systems – and It’s Leaving Them Wide Open to Attacks
-Russian Hackers Exploiting Home and Small-office Routers in Massive DNS hijacking Attack
-Why Britain’s Most Common Crime Has Been Poorly Investigated for Decades
-Mobile Attack Surface Expands as Enterprises Lose Control
-FBI: Cyber Fraud Surges to $17.6 Billion in Losses as Scams, Crypto Theft Soar
-Boards Are Falling Short on Cyber Security
-72% of Workers Say AI Is Giving Phishing a Dangerous New Edge, Sagiss Managed Security Survey Finds
-The Rise of Proactive Cyber: Why Defence Is No Longer Enough
-Better Prepare for a Cyber Breach
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
There are two big headlines for business leaders this week in our review of cyber security in the specialist and public media.
Anthropic’s AI model has identified thousands of new serious vulnerabilities in major operating systems and quickly established ways to exploit them. This is a ground-shift, because AI models used by attackers will likely be able to do the same soon, and many of these vulnerabilities had been undiscovered by human security researchers for decades. The second headline is the escalating use of a new type of phishing attack that can bypass controls. We published advisories on our website last week, with recommended actions that business leaders should focus on in response to these developments; see below for links to the advisories.
Other developments this week include ransomware attackers who disable security monitoring tools, Russian attackers gaining access to home and small-office routers, and research into organisations using Mac devices with out-of-date operating systems.
Our advice for business leaders remains consistent: ensure you have an unbiased understanding of your risks and how effectively those risks are addressed through your controls. This is achieved by upskilling on cyber security from a business perspective, and implementing proportionate governance enhanced by working with specialists in cyber risk management. Contact us to discuss how you can achieve this to help protect your business.
Top Cyber Stories of the Last Week
Anthropic’s New AI Model Finds and Exploits Zero-Days Across Every Major OS and Browser
Anthropic has reported a sharp leap in the ability of advanced AI to find and exploit previously unknown software flaws across major operating systems and web browsers. In testing, its new model uncovered thousands of serious weaknesses and produced working attack methods far more often than earlier versions. It also turned known flaws into usable exploits in less than a day at relatively low cost. The findings suggest the window between a vulnerability being discovered and weaponised is shrinking. This increases pressure on organisations to patch faster and strengthen their preparations for incident response.
https://www.helpnetsecurity.com/2026/04/08/anthropic-claude-mythos-preview-identify-vulnerabilities/
Hundreds of Orgs Compromised Daily in Microsoft Device Code Phishing Attacks
Microsoft has reported a large-scale phishing campaign that is compromising hundreds of organisations each day by abusing a legitimate sign in process designed for devices such as smart TVs and printers. The attackers use AI to create convincing, highly personalised emails and automate much of the attack, helping them evade detection and bypass multi-factor authentication. Once inside, they focus on finance related accounts, stealing sensitive emails and financial information. The campaign underlines the need for business leaders to restrict unnecessary sign‑in methods, reinforce employee phishing awareness, and ensure unusual authentication activity is monitored.
https://www.theregister.com/2026/04/07/microsoft_device_code_phishing/
Qilin Ransomware Uses Malicious DLL to Kill Almost Every Vendor’s EDR Solutions
Researchers have uncovered how the ransomware group Qilin is using a sophisticated attack chain designed to disable more than 300 security monitoring tools before launching encryption. The group hides malware inside trusted software, runs it largely in memory to avoid detection, and installs software to interfere with core Windows security functions. The campaign shows how attackers are neutralising defences first to extend their time undetected. For business leaders, this underlines the need for layered security and oversight of unusual system changes, and avoiding reliance on a single protective tool.
https://cybersecuritynews.com/qilin-ransomware-kill-edr/
More than Half of Enterprises Are Using Devices with Out-of-Date Operating Systems – and It’s Leaving Them Wide Open to Attacks
A review of more than 150,000 Mac devices shows weak device management is leaving many organisations exposed to cyber security risks. 53% of organisations had at least one device running a critically out of date operating system, while 95% of assessed applications had at least one medium severity weakness. The findings also show growing risks on Mac devices, with 44% seeing malicious network activity and 26% affected by cryptojacking, where attackers misuse devices to generate cryptocurrency.
Russian Hackers Exploiting Home and Small-office Routers in Massive DNS hijacking Attack
A Russian state-linked hacking group has compromised more than 200 organisations and 5,000 consumer devices by targeting home and small office routers since at least August 2025. By changing internet settings on these devices, the group was able to monitor web traffic and, in some cases, intercept sensitive information such as emails, login details and cloud data. Sectors affected include government, technology, telecoms and energy. The campaign highlights how poorly secured home networks used by remote and hybrid staff can create a serious cyber security risk for organisations.
https://cybersecuritynews.com/russian-hackers-exploiting-routers/
Why Britain’s Most Common Crime Has Been Poorly Investigated for Decades
Fraud remains the most common crime in Britain, with an estimated 4.2 million cases recorded in the year to September 2025, yet only a small share result in prosecution. For years, victims have faced poor support, weak investigations and outdated reporting systems, with some police forces taking no action on most cases. Reviews have also found too few specialist investigators, limited investment and inadequate technology. The UK Government has launched a new strategy focused on better victim support, reimbursement, stronger justice outcomes and a renewed reporting system.
Mobile Attack Surface Expands as Enterprises Lose Control
Jamf’s review of more than 1.7 million mobile devices shows many organisations are losing control of a rapidly expanding mobile risk. Over half had at least one device running a critically outdated operating system, 18% had users connecting to risky public Wi‑Fi, and 8% had clicked phishing links designed to steal credentials or sensitive data. The report also found 86% of widely used mobile apps carried known security weaknesses, with “shadow AI” in everyday apps creating new exposure. For business leaders, this underlines the importance of knowing what devices and apps are accessing corporate data, enforcing basic hygiene such as updates and secure connections, and maintaining visibility over how mobile tools are actually being used.
https://www.securityweek.com/mobile-attack-surface-expands-as-enterprises-lose-control/
FBI: Cyber Fraud Surges to $17.6 Billion in Losses as Scams, Crypto Theft Soar
The FBI’s latest figures show $17.6 billion in cyber‑enabled fraud losses in 2025, with over one million complaints filed. Investment scams caused the greatest financial harm, while business email compromise exceeded $3 billion in losses. Cryptocurrency was linked to more than $11.3 billion stolen, and reports involving AI‑enabled fraud are rising. For business leaders, the figures highlight growing financial exposure from impersonation, payment fraud, and emerging technologies, not just technical cyber incidents.
https://therecord.media/cyber-fraud-surges-to-17-billion-fbi-ic3
Boards Are Falling Short on Cyber Security
Board attention to cyber security is rising, but progress in reducing risk remains slow. Recent data shows cybercrime losses increased by 33% year on year, underlining the scale of the challenge. A common weakness is that boards often lack the expertise to judge whether senior cyber security leaders are effective, treat artificial intelligence mainly as a growth issue rather than a security and governance risk, and confuse regulatory compliance with genuine protection. Stronger outcomes come when cyber security is overseen as a business resilience issue tied to leadership accountability, operational continuity and competitive strength.
https://hbr.org/2026/04/boards-are-falling-short-on-cybersecurity
72% of Workers Say AI Is Giving Phishing a Dangerous New Edge, Sagiss Managed Security Survey Finds
A Sagiss survey of 500 desk-based workers found that AI is making phishing emails and chat messages more polished, convincing and harder to recognise. Nearly three quarters of respondents said these messages are more believable than a year ago, while 64% said AI could plausibly imitate a colleague. The risk is heightened by pressured working habits: 63% admitted clicking a work link before properly checking it, 57% verified a request only after acting, and 68% review work messages outside normal hours. The findings show that speed and fatigue are now amplifying phishing risk as much as technical deception.
The Rise of Proactive Cyber: Why Defence Is No Longer Enough
Cyber attacks are moving too quickly for a purely reactive approach to keep pace. The time between an attacker gaining access and passing that access to a second criminal group has fallen from eight hours in 2022 to just 22 seconds in 2025, showing how coordinated and fast moving the threat has become. In response, governments and major technology providers are stepping up efforts to disrupt attackers earlier through legal action, infrastructure takedowns and stronger product security. For most organisations, however, the priority remains strong internal resilience, rapid evidence sharing and well rehearsed incident response.
Better Prepare for a Cyber Breach
Mid-market organisations face growing exposure to cyber attacks as a breach at one supplier or technology provider can quickly disrupt operations, deliveries and customer service across an entire business network. At the same time, 77% of organisations still lack the basic controls needed to protect artificial intelligence systems, data and cloud environments. The priority is stronger oversight of how AI tools are used, tighter access controls, clearer rules for staff and suppliers, and better governance so businesses can spot threats earlier, limit disruption and protect long term value.
https://professionalsecurity.co.uk/products/cyber/better-prepare-for-a-cyber-breach/
Advisories Published in the Last Week
Black Arrow Cyber Advisory 10 April 2026 – Frontier AI and the Changing Cyber Threat Landscape
https://www.blackarrowcyber.com/blog/advisory-10-april-2026-frontier-ai-changing-threat-landscape
Black Arrow Cyber Advisory - 10 April 2026 - Microsoft device code phishing campaigns targeting Microsoft 365 users
https://www.blackarrowcyber.com/blog/advisory-10-april-2026-microsoft-device-code-phishing
Governance, Risk and Compliance
Cyber threats need to be embedded in corporate culture – report
Most Organizations Do Not Fully Trust Their Cybersecurity Vendors
The rise of proactive cyber: Why defense is no longer enough | CSO Online
Better prepare for a cyber breach | Professional Security Magazine
Boards Are Falling Short on Cybersecurity
How to know you’re a real-deal CSO — and whether that job opening truly seeks one | CSO Online
Meaningful metrics demonstrate the value of cyber-resiliency | TechTarget
Cyberattacks On Law Firms Are Rising. Here’s What’s Driving It. - Above the Law
Threats
Ransomware, Extortion and Destructive Attacks
Qilin Ransomware Uses Malicious DLL to Kill Almost Every Vendor's EDR Solutions
Qilin EDR killer infection chain
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense
Evolution of Ransomware: Multi-Extortion Ransomware Attacks
Man admits to locking thousands of Windows devices in extortion plot
German authorities identify REvil and GandCrab ransomware bosses
Ransomware reimagined: Why containment alone is no longer enough | resource | SC Media
Emulating the Concealed Sinobi Ransomware - Security Boulevard
Ransomware and Destructive Attack Victims
Die Linke German political party confirms data stolen by Qilin ransomware
Dutch hospitals hit after patient software cyberattack | Cybernews
Ransomware knocks Dutch healthcare software vendor offline • The Register
Signature Healthcare hit by cyberattack, services and pharmacies impacted
Ransomware attack on company that manages Dutch hospitals' patient files | NL Times
Phishing & Email Based Attacks
72% of Workers Say AI Is Giving Phishing a Dangerous New Edge, Sagiss Managed Security Survey Finds
Hundreds compromised daily in Microsoft device code phishes • The Register
Inside an AI‑enabled device code phishing campaign | Microsoft Security Blog
New Phishing Platform Used in Credential Theft Campaigns - Infosecurity Magazine
Device code phishing attacks surge 37x as new kits spread online
Phishers sneak through using GitHub and Jira’s own mail delivery infrastructure - Help Net Security
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
How a burner email can protect your inbox - setting one up one is easy and free | ZDNET
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Other Social Engineering
Hundreds compromised daily in Microsoft device code phishes • The Register
Inside an AI‑enabled device code phishing campaign | Microsoft Security Blog
Device code phishing attacks surge 37x as new kits spread online
Axios Attack Shows Social Complex Engineering Is Industrialized
I knew about North Korean hackers—they still tricked me and got into my computer | Fortune
Traffic violation scams switch to QR codes in new phishing texts
That dream job offer from Coca-Cola or Ferrari? It’s a trap for your passwords | Malwarebytes
New macOS stealer campaign uses Script Editor in ClickFix attack
Social engineering attacks on open source developers are escalating - Help Net Security
Artificial Intelligence
72% of Workers Say AI Is Giving Phishing a Dangerous New Edge, Sagiss Managed Security Survey Finds
Inside an AI‑enabled device code phishing campaign | Microsoft Security Blog
Threat actor abuse of AI accelerates from tool to cyberattack surface | Microsoft Security Blog
Claude Code's innards revealed as source code leaked online • The Register
The New Rules of Engagement: Matching Agentic Attack Speed - SecurityWeek
CISOs grapple with AI demands within flat budgets - Help Net Security
Most Organisations Face an Unsecured API Surge As AI Agents Outpace Security - IT Security Guru
Anthropic Issues Copyright Takedowns to Scrub Claude Code Leak | PCMag
A.I. Is on Its Way to Upending Cybersecurity - The New York Times
Agentic AI's role in amplifying and creating insider risks | TechTarget
The AI Revolution in Cyber Conflict | Lawfare
How Security Leaders Can Safeguard Against Vibe Coding Security Risks - Infosecurity Magazine
Bots/Botnets
Cybercriminals move deeper into networks, hiding in edge infrastructure - Help Net Security
Residential proxies evaded IP reputation checks in 78% of 4B sessions
Residential proxies make a mockery of IP-based defenses - Help Net Security
Careers, Roles, Skills, Working in Cyber and Information Security
How to know you’re a real-deal CSO — and whether that job opening truly seeks one | CSO Online
ISC2 Publishes Guidance on the Inclusion of AI Security Concepts Across all its Certifications
The cybersecurity boom hiding a growing privacy skills shortage | TechRadar
Why modern cyber conflict is partly a global skills challenge | TechRadar
Cloud/SaaS
Trivy supply chain attack enabled European Commission cloud breach - Help Net Security
The EU is suffering a hacking crisis. Here’s what we know. – POLITICO
Snowflake customers hit in data theft attacks after SaaS integrator breach
Chaos malware expands from routers to Linux cloud servers - Help Net Security
New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy
Act-of-War Clauses Cloud Cyber Insurance Coverage - DataBreaches.Net
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
Hackers steal $3.6 million from crypto ATM giant Bitcoin Depot
Cryptographers place $5,000 bet whether quantum will matter • The Register
Cyber Crime, Organised Crime & Criminal Actors
Cybercriminals move deeper into networks, hiding in edge infrastructure - Help Net Security
Don't glamorize cybercrims, roast them instead • The Register
Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime
Threat Actors Get Crafty With Emojis to Escape Detection
Security lapse lets researchers view React2Shell hackers’ dashboard | CSO Online
Criminal wannabes even more dangerous than the pros • The Register
Data Breaches/Leaks
European Commission breach exposed data of 30 EU entities, CERT-EU says
Trivy supply chain attack enabled European Commission cloud breach - Help Net Security
The EU is suffering a hacking crisis. Here’s what we know. – POLITICO
Snowflake customers hit in data theft attacks after SaaS integrator breach
Jones Day Law Firm Says Hackers Accessed Some Clients’ Data (1)
FBI declares suspected Chinese hack of US surveillance system a ‘major cyber incident’ - POLITICO
Claude Code's innards revealed as source code leaked online • The Register
Adobe Breach - Threat Actor Allegedly Claims Leak of 13 Million Support Tickets and Employee Records
Hundreds of UK soldiers exposed at military bases… by their Strava workouts
Anthropic Issues Copyright Takedowns to Scrub Claude Code Leak | PCMag
Die Linke German political party confirms data stolen by Qilin ransomware
Better prepare for a cyber breach | Professional Security Magazine
Google: New UNC6783 hackers steal corporate Zendesk support tickets
Hims & Hers warns of data breach after Zendesk support ticket breach
Denial of Service/DoS/DDoS
Major outage cripples Russian banking apps and metro payments nationwide
Why DDoS Mitigation Fails: 5 Gaps That Testing Reveals - Security Boulevard
Pro-Iran Group Takes Credit for Cyberattacks on Chime, Pinterest
Encryption
‘It’s a real shock’: quantum-computing breakthroughs pose imminent risks to cybersecurity
Cryptographers place $5,000 bet whether quantum will matter • The Register
Fraud, Scams and Financial Crime
Why Britain's most common crime has been poorly investigated for decades | UK News | Sky News
Nigerian romance scammer jailed after being caught out by fellow fraudster
Websites suffering from subscription bombing attacks | Cybernews
Life imprisonment for Cambodian scam compound operators - but will it make a difference?
Your marketing stack is an attack surface – is security watching? | TechRadar
Your customer passed authentication. So why are they sending money to a scammer? - Help Net Security
Hidden scammer arms race every business now faces - Insurance Post
Identity and Access Management
The Hidden Cost of Recurring Credential Incidents
MSSPs Are the New Target in Login-Based Attacks – Blackpoint Cyber | news | MSSP Alert
Insider Risk and Insider Threats
Agentic AI's role in amplifying and creating insider risks | TechTarget
Insurance
Act-of-War Clauses Cloud Cyber Insurance Coverage - DataBreaches.Net
Internet of Things – IoT
Internet-Connected Coffee Machine Reportedly Led to Corporate Data Breach - Security Boulevard
Law Enforcement Action and Take Downs
Man admits to locking thousands of Windows devices in extortion plot
Police Are Using Cookies To Catch Criminals - Here's How
Why Britain's most common crime has been poorly investigated for decades | UK News | Sky News
Nigerian romance scammer jailed after being caught out by fellow fraudster
Life imprisonment for Cambodian scam compound operators - but will it make a difference?
BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
German authorities identify REvil and GandCrab ransomware bosses
Linux and Open Source
Social engineering attacks on open source developers are escalating - Help Net Security
The State of Trusted Open Source Report
Chaos malware expands from routers to Linux cloud servers - Help Net Security
New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy
Microsoft suspends dev accounts for high-profile open source projects
Malvertising
Your marketing stack is an attack surface – is security watching? | TechRadar
Malware
Chaos malware expands from routers to Linux cloud servers - Help Net Security
New macOS stealer campaign uses Script Editor in ClickFix attack
Hackers use pixel-large SVG trick to hide credit card stealer
Malware Threat to Critical Infrastructure Raises Alarms
APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
Mobile
Mobile Attack Surface Expands as Enterprises Lose Control - SecurityWeek
Android Malware Infects Over 2.3 Million Devices - Is Yours One? - Tech Advisor
Your phone is shouting your identity to every Wi-Fi network — fix it now
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
Outages
‘Skipping a beat on resilience investment isn’t an option any more’ as IT outage costs soar | IT Pro
Passwords, Credential Stuffing & Brute Force Attacks
New Phishing Platform Used in Credential Theft Campaigns - Infosecurity Magazine
React2Shell Exploited in Large-Scale Credential Harvesting Campaign - SecurityWeek
MSSPs Are the New Target in Login-Based Attacks – Blackpoint Cyber | news | MSSP Alert
That dream job offer from Coca-Cola or Ferrari? It’s a trap for your passwords | Malwarebytes
Regulations, Fines and Legislation
Old laws treat whitehats like criminals and pose risks | Cybernews
Trump wants to slash $707M from CISA's budget • The Register
Social Media
Software Supply Chain
Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack | CSO Online
Supply Chain and Third Parties
Axios Attack Shows Social Complex Engineering Is Industrialized
MSSPs Are the New Target in Login-Based Attacks – Blackpoint Cyber | news | MSSP Alert
Trivy supply chain attack enabled European Commission cloud breach - Help Net Security
Snowflake customers hit in data theft attacks after SaaS integrator breach
Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting
MSSPs Caught in the Middle of Iran’s Cyber Escalation | perspective | MSSP Alert
Google: New UNC6783 hackers steal corporate Zendesk support tickets
Hims & Hers warns of data breach after Zendesk support ticket breach
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
The New Rules of Engagement: Matching Agentic Attack Speed - SecurityWeek
Cyber threat must be recognised despite geopolitical tensions
Iranian cyber activity hits US energy, water, and government networks - Help Net Security
The AI Revolution in Cyber Conflict | Lawfare
Act-of-War Clauses Cloud Cyber Insurance Coverage - DataBreaches.Net
Why modern cyber conflict is partly a global skills challenge | TechRadar
Microsoft hints at bit bunkers for war zones • The Register
Fiber Optic Cables Turned Into Hidden Microphones to Secretly Spy on Your Conversations
Nation State Actors
The New Rules of Engagement: Matching Agentic Attack Speed - SecurityWeek
Cyber threat must be recognised despite geopolitical tensions
China
FBI declares suspected Chinese hack of US surveillance system a ‘major cyber incident’ - POLITICO
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
Russia
Russian military hackers reroute British internet users’ traffic
FBI Disrupts Russian Router Hijacking Operation Compromised Thousands of Users
Feds quash widespread Russia-backed espionage network spanning 18,000 devices | CyberScoop
Your router could be Russian spy — Ukraine and FBI just exposed how Moscow did it - Euromaidan Press
Russian Hackers Exploiting Home and Small-office Routers in Massive DNS hijacking Attack
APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
Russia's attempt to block VPNs is causing widespread banking outages | TechSpot
Major outage cripples Russian banking apps and metro payments nationwide
North Korea
Axios Attack Shows Social Complex Engineering Is Industrialized
How North Korean hackers turn legitimate infrastructure into an attack surface | TechFinitive
I knew about North Korean hackers—they still tricked me and got into my computer | Fortune
Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack | CSO Online
Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
North Korea–linked hackers drain $285M from Drift in sophisticated attack
Iran
Iranian cyber activity hits US energy, water, and government networks - Help Net Security
MSSPs Caught in the Middle of Iran’s Cyber Escalation | perspective | MSSP Alert
Pro-Iran Group Takes Credit for Cyberattacks on Chime, Pinterest
News brief: Iran cyberattacks escalate, U.S. targets named | TechTarget
Cyber Agency Issues First Iran Threat Amid Government Shutdown
Pro-Iran Handala group breached Israeli defence contractor PSK Wind Technologies
How Iranian hackers pose a threat to US critical infrastructure
Iran Conflict Heightens Cyber Threats to U.S. Energy Infrastructure
Iran digital repression surged amid war and protests: rights group
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Cyber threat must be recognised despite geopolitical tensions
The Hack That Exposed Syria’s Sweeping Security Failures | WIRED
Hack-for-hire spyware campaign targets journalists in Middle East, North Africa | CyberScoop
Tools and Controls
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
Most Organizations Do Not Fully Trust Their Cybersecurity Vendors
Anthropic withholds Mythos Preview model because its hacking is too powerful
Better prepare for a cyber breach | Professional Security Magazine
Cybercriminals move deeper into networks, hiding in edge infrastructure - Help Net Security
The rise of proactive cyber: Why defense is no longer enough | CSO Online
‘Skipping a beat on resilience investment isn’t an option any more’ as IT outage costs soar | IT Pro
Social engineering attacks on open source developers are escalating - Help Net Security
Microsoft suspends dev accounts for high-profile open source projects
The Hidden Cost of Recurring Credential Incidents
Why DDoS Mitigation Fails: 5 Gaps That Testing Reveals - Security Boulevard
CISOs grapple with AI demands within flat budgets - Help Net Security
Why risk alone doesn't get you to yes - Help Net Security
How Security Leaders Can Safeguard Against Vibe Coding Security Risks - Infosecurity Magazine
Security Bosses Are All-In on AI, Here's Why
Proactive Threat Hunting - Security Boulevard
Russia's attempt to block VPNs is causing widespread banking outages | TechSpot
Act-of-War Clauses Cloud Cyber Insurance Coverage - DataBreaches.Net
Meaningful metrics demonstrate the value of cyber-resiliency | TechTarget
Other News
Cyberattacks On Law Firms Are Rising. Here’s What’s Driving It. - Above the Law
Threat Actors Get Crafty With Emojis to Escape Detection
Even cybersecurity experts make simple mistakes. Here's the real lesson | PCWorld
Most CNI Firms Face Up to £5m in Downtime from OT Attacks - Infosecurity Magazine
Click, wait, repeat: Digital trust erodes one login at a time - Help Net Security
Why Cybersecurity Is the First Step in Preparing Your Company for an IPO - Security Boulevard
Vulnerability Management
Anthropic withholds Mythos Preview model because its hacking is too powerful
‘BlueHammer’ Windows Exploit Signals Microsoft Disclosure Issues
AI Vulnerability Detection With Anthropic Glasswing - Futurum
Is Anthropic’s New Claude Model a Cybersecurity Disaster?
Why Microsoft is forcing Windows 11 25H2 update on all eligible PCs | ZDNET
Vulnerabilities
React2Shell Exploited in Large-Scale Credential Harvesting Campaign - SecurityWeek
OpenClaw gives users yet another reason to be freaked out about security - Ars Technica
Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploit - Infosecurity Magazine
Multiple TP-Link Vulnerabilities Let Attackers Trigger DoS and Crash Routers
New FortiClient EMS flaw exploited in attacks, emergency patch released
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
Hackers exploit critical flaw in Ninja Forms WordPress plugin
GPU Rowhammer Attack Enables Privilege Escalation - Infosecurity Magazine
Acrobat Reader zero-day exploited in the wild for many months - Help Net Security
Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities - SecurityWeek
New Progress ShareFile Bugs Let Attackers Take Over Servers Without Logging In - Security Boulevard
OpenSSL 3.6.2 lands with eight CVE fixes - Help Net Security
Severe StrongBox Vulnerability Patched in Android - SecurityWeek
Flatpak 1.16.4 fixes sandbox escape and three other security flaws - Help Net Security
Critical Flowise Vulnerability in Attacker Crosshairs - SecurityWeek
Grafana Patches AI Bug That Could Have Leaked User Data
Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users - SecurityWeek
13-year-old bug in ActiveMQ lets hackers remotely execute commands
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Advisory 10 April 2026 – Frontier AI and the Changing Cyber Threat Landscape
Black Arrow Cyber Advisory 10 April 2026 – Frontier AI and the Changing Cyber Threat Landscape
Executive summary
Anthropic’s new Mythos AI model and Project Glasswing initiative are an important moment for the cyber security of all organisations across the globe. Anthropic says the model has identified large numbers of serious software vulnerabilities and has chosen not to make the model generally available. Instead, access is being tightly controlled while selected organisations work to address weaknesses in critical software and infrastructure.
For most organisations, the main point is not Anthropic or the Mythos model itself. It is that AI is making advanced vulnerability discovery and exploit development exponentially faster and more broadly accessible. As those capabilities spread, firms should expect less time between a serious weakness being identified and attackers trying to use it, as well as a sharp increase in the number of zero-day vulnerabilities that require organisations to prioritise resilience and defence-in-depth.
This does not mean every business is suddenly facing a completely new threat overnight. It does require that organisations have good visibility of their exposure through internet-facing systems, fast patching, strong identity controls, and deeper oversight of key suppliers.
Black Arrow Cyber’s view is that this should be treated as an imminent warning. This is not a reason to panic. It is a reason to make sure the basics are strong and that your organisation can move quickly and effectively when a serious issue emerges.
What’s the risk to me or my business?
The biggest change here is speed. AI reduces the time and effort needed to find and validate vulnerabilities, so organisations may have less time to understand whether they are exposed and put protections in place before attacker’s act.
That risk is not limited to software you build yourself. It can sit in technology your business depends on every day, including operating systems, browsers, identity platforms, remote access tools, cloud services, open-source components, and third-party applications. In practice, this means cyber risk may increasingly come from shared dependencies that, until now, have been secure, as much as from your own internal environment.
It is also worth noting that attackers do not need entirely new types of weaknesses for this to matter. A more likely concern is that existing bugs, misconfigurations, weak access controls, and poorly managed dependencies become easier to find and combine in new ways. Organisations that already struggle with asset visibility, patching discipline, or privileged access management are likely to be the most exposed.
From a leadership perspective, this is not just a technical issue. It is a governance issue. The organisations that respond well will be the ones that know what assets they have, know what is exposed, know who owns important systems, and can make decisions quickly when a serious vulnerability affects the business.
What can I do?
Review patching timelines for your most important systems. Internet-facing services, identity platforms, remote access tools, and systems used to administer the environment should be treated as priorities. Where quick patching is not possible, there should be clear compensating controls and clear ownership.
Improve visibility of exposed assets and key dependencies. Most organisations still do not have a complete picture of internet-facing systems, inherited software dependencies, privileged accounts, and unmanaged or shadow technology. That becomes more dangerous if attackers can move faster.
Strengthen identity and privilege controls. Phishing-resistant multi-factor authentication, least privilege, admin segregation, and rapid removal of access all matter even more if a vulnerability can be exploited quickly.
Make sure there is a clear process for triaging and escalating serious vulnerabilities. This should include technical ownership, business decision-making, supplier engagement, and communications where needed. If a critical weakness emerges, the organisation should not be working this out for the first time under pressure.
Test and strengthen incident response resilience through regular exercises. Run scenario‑based exercises to validate roles, decision‑making, communications, and escalation under pressure. These exercises help identify gaps in preparedness, improve coordination between technical and leadership teams, and ensure the organisation can respond quickly and effectively when a serious incident occurs.
Questions leadership teams should be asking
Do we know which internet-facing and critical systems would create the most risk if a serious vulnerability were exploited quickly?
How quickly can we confirm whether we are affected by a newly disclosed high-severity issue?
Do we have clear visibility of key suppliers and software dependencies?
Are our identity and privileged access controls strong enough to limit damage if an attacker gets in?
Do we have a clear process for making decisions quickly when a serious software weakness affects the business?
Black Arrow Cyber’s assessment
Mythos and Project Glasswing should be viewed as a sign of where the threat landscape is heading rather than as a single vendor story. The main risk for most organisations is not one model on its own. It is the wider direction of travel: advanced AI capabilities are quickly becoming more accessible, making sophisticated cyber activity faster and cheaper.
The most effective response is operational discipline: know what you have, know what is exposed, reduce time to remediate, tighten identity controls, understand your key dependencies, and make sure the organisation can respond at speed when it matters.
Further details and references
Anthropic Project Glasswing announcement: https://www.anthropic.com/project/glasswing
Anthropic Mythos Preview research note: https://red.anthropic.com/2026/mythos-preview/
UK NCSC guidance on frontier AI and cyber defence: https://www.ncsc.gov.uk/blogs/why-cyber-defenders-need-to-be-ready-for-frontier-ai
Need help understanding your gaps, or just want some advice? Get in touch with us.
Black Arrow Cyber Advisory - 10 April 2026 - Microsoft device code phishing campaigns targeting Microsoft 365 users
Black Arrow Cyber Advisory - 10 April 2026 - Microsoft device code phishing campaigns targeting Microsoft 365 users
Executive summary
Microsoft and other researchers are reporting a sharp rise in device code phishing aimed at Microsoft 365 users. Public reporting says detected device code phishing pages are up nearly 40 percent this year, while Microsoft says it has seen 10 to 15 campaigns every 24 hours with hundreds of compromises daily since mid-March. We have been involved in helping organisations respond to these types of attacks. Device code authentication is enabled by default in Microsoft 365.
In these attacks, the victim is not usually sent to a fake Microsoft sign-in page designed to steal their password, as we have seen with other attacks of this type. Instead, they are tricked into entering a short code into Microsoft’s legitimate device login process, which authorises the attacker’s session. Once in, attackers have been seen reading mailboxes, creating malicious inbox rules, registering devices for persistence, and focusing on finance, executive, and administrative users.
For organisations that do not use device code authentication for a genuine business case, blocking the flow in Conditional Access is one of the clearest and most effective mitigations. Microsoft now explicitly recommends blocking device code flow wherever possible.
We have attached example screenshots from our own investigations showing what the landing page and follow-on Microsoft prompts may look like to an end user. It is important to note that, if a user is already signed in to Microsoft in their browser, they may not be asked to enter their credentials after submitting the code.
What is the risk to me or my business?
For most organisations, the immediate risk is an identity compromise inside Microsoft 365. A successful device code phish can give the attacker valid tokens, mailbox access, and a foothold for data theft, payment diversion, and ongoing surveillance of sensitive conversations. Attackers in the current campaigns have been observed creating inbox rules, using Microsoft Graph for reconnaissance, and targeting users with financial authority.
This is also easy for users to misread as genuine because the sign-in can happen through Microsoft’s real device login experience. That means ordinary “check the URL” advice is not enough on its own.
Technical Summary
Device code flow is a legitimate OAuth sign-in method designed for devices with limited input capability, such as smart TVs, printers, shared devices, and digital signage. In this abuse case, the attacker initiates the flow, sends the code to the victim in a lure, and relies on the victim completing the Microsoft sign-in on the attacker’s behalf. Once approved, the attacker can obtain tokens and access Microsoft 365 resources without needing the user’s password on a fake site.
What makes the current wave more effective is the level of automation and the visibility gap it creates for defenders. Microsoft says the campaigns are using AI-personalised lures, redirect chains on trusted cloud services, and dynamic code generation so the 15-minute validity window only starts when the victim reaches the final page. Detection is further complicated because the resulting activity can appear in Entra as non-interactive sign-in activity rather than a classic user-driven login, making it easier to blend into normal background authentication traffic and harder to spot quickly during routine sign-in review.
What types of organisations are most likely to be affected?
Any organisation using Microsoft 365 or Microsoft Entra ID is a potential target. Risk is highest where finance, payroll, procurement, executive support, or administrative users can be lured into approving access, and where device code flow remains enabled despite having no genuine operational requirement. Microsoft notes that device code flow is rarely used by most customers but is frequently used by attackers.
Organisations may also be more exposed where inbound email controls are weak against rare senders, new domains, or convincing external document-sharing lures. Microsoft has published detections for device code authentication occurring after a user clicks a link in an email from a non-prevalent sender.
What can I do?
1. Block device code flow where you do not need it
Create a Conditional Access policy for all users and all resources, set Authentication Flows to Device code flow, start in report-only mode, exclude emergency access accounts and documented exceptions, then move to block once you have confirmed there is no legitimate dependency. If you do need it for specific cases such as conference room devices or other shared devices, restrict it tightly rather than leaving it broadly available. Microsoft also offers a managed policy to help block device code flow.
2. Reset user expectations
Tell users never to enter a short Microsoft sign-in code unless they initiated the sign-in themselves from a known device or business process. Current lures include invoices, RFPs, shared documents, e-signature requests, and voicemail or secure message themes.
3. Tighten email controls
Review anti-phishing policies and Safe Links or equivalent controls. As an additional measure, where your email security tooling supports it, quarantine or heavily score inbound messages from newly registered or previously unseen domains, especially where they use external document-sharing, Adobe, Microsoft 365, DocuSign, or file-access themes.
4. Hunt for signs of compromise
Review Entra sign-in logs for device code authentication, unusual IP addresses, anonymous IP use, rare sender correlations, suspicious token use, and new device registrations. If you suspect compromise, revoke sign-in sessions, force reauthentication, review inbox rules, and check for unusual mailbox access or forwarding behaviour.
Further details and references
Microsoft Security Blog coverage and Microsoft mitigation guidance: https://www.microsoft.com/en-us/security/blog/2026/04/06/ai-enabled-device-code-phishing-campaign-april-2026/
Microsoft Learn guidance on Conditional Access authentication flow controls and blocking device code flow: https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-block-authentication-flows
Recent public reporting on campaign scale and adoption: https://www.theregister.com/2026/04/07/microsoft_device_code_phishing/
Need help understanding your gaps, or just want some advice? Get in touch with us.
Black Arrow Cyber Threat Intelligence Briefing 03 April 2026
Black Arrow Cyber Threat Intelligence Briefing 03 April 2026:
-Iran Targets M365 Accounts with Password-Spraying Attacks
-Iran Deploys 'Pseudo-Ransomware,' Revives Pay2Key Operations
-North Korea Hackers Suspected of Attack on Widely Used Software Tool
-Most Businesses Couldn’t Survive Three Days Downtime
-Cyber Security and Operational Resilience: A Board-Level Imperative
-95% of Organisations Don’t Trust Their Cyber Security Vendors
-3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)
-The Company’s Biggest Security Hole Lived In the Breakroom
-The Next Cyber Security Crisis Isn’t Breaches - It’s Data You Can’t Trust
-New Criminal Service Plans to Monetise Data Stolen by Ransomware Gangs
-Nearly Half a Million Mobile Customers of Lloyds Banking Group Affected by Security Incident
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
We have reviewed the specialist and general media over the past week to help raise the awareness of business leaders regarding evolving cyber security risks. We start with heightened activity by Iran-aligned attackers who use password-spraying to gain access to Microsoft 365 accounts, and use various techniques to deploy destructive malware. In separate news, North Korean attackers gained access to a widely used business software to establish long-term access to multiple organisations. We also highlight the need for business leaders to review their approach to removing legitimate tools that are not required by the organisation, and reducing the opportunity for attackers to misuse them.
Research on the impact of a cyber incident highlights that most businesses believe they could not survive more than three days of downtime, while other research finds that most organisations do not trust their cyber security vendors. This underlines the need for business leaders to upskill on cyber security, and to use that knowledge to ensure that their risks and controls are appropriately addressed. We recommend the upskilling should be through an impartial specialist source to reduce the risks of shared blind spots; contact us to find out how we support business leaders to be confident in governing their own security.
Top Cyber Stories of the Last Week
Iran Targets M365 Accounts with Password-Spraying Attacks
Check Point Research has identified a campaign of password spraying against Microsoft 365 accounts, affecting more than 300 organisations in Israel and more than 25 in the UAE, with activity also seen in the US, Europe and Saudi Arabia. Password spraying is a technique where attackers try common or weak passwords across many accounts to gain access. The activity came in three waves during March and focused heavily on infrastructure in cities recently hit by missile attacks, suggesting an effort to gather sensitive information linked to missile strike response and damage assessment.
https://www.theregister.com/2026/03/31/iran_password_spraying_m365/
Iran Deploys 'Pseudo-Ransomware,' Revives Pay2Key Operations
Iran is increasingly blending state-backed operations with criminal tactics, using the revived Pay2Key ransomware group to target high impact US organisations. Researchers say some attacks are not true extortion attempts but destructive campaigns disguised as ransomware, making them harder to identify and respond to. Iran is also reportedly offering cyber criminals a larger share of profits, raising payouts from 70% to 80% for attacks aligned to its political aims. This mix of disruption, financial crime and political intent increases legal, financial and operational risk for organisations, particularly where sanctions exposure may be involved. Business leaders should, as part of their governance, ensure appropriate security controls are maintained to help prevent and detect such attacks.
https://www.darkreading.com/threat-intelligence/iran-pseudo-ransomware-pay2key-operations
North Korea Hackers Suspected of Attack on Widely Used Software Tool
Hackers linked to North Korea are suspected of compromising Axios, a widely used software package with tens of millions of weekly downloads. Google analysts said the breach could have far‑reaching implications because other popular packages rely on Axios, warning that hundreds of thousands of stolen secrets may now be circulating and could enable further ransomware, extortion and cryptocurrency‑theft operations. The attackers gained control of a maintainer account and published two backdoored versions of the package, prompting security firms to advise developers that systems using those versions should be considered compromised. The incident underlines how a compromise in a widely used software package can have broad, ripple‑effect consequences across many organisations.
https://techxplore.com/news/2026-04-north-korea-hackers-widely-software.html
Most Businesses Couldn’t Survive Three Days Downtime
Veeam reports that business resilience remains fragile, with 76% of organisations saying they could not survive more than three days of downtime. Although 47% expect a serious data breach or cyber attack, only 32% believe they are very likely to fully recover critical data and operations. Ransomware tops the list of feared threats at 67%, while 38% of boards have never formally discussed newer AI related risks such as data leaks or unsafe automation. The impact is not only financial, with 57% of leaders reporting burnout or resignations after major incidents.
https://betanews.com/article/most-businesses-couldnt-survive-three-days-downtime/
Cyber Security and Operational Resilience: A Board-Level Imperative
Cyber security and operational resilience are now core boardroom issues as attacks become more frequent, more disruptive and more costly. Since the pandemic, cyber attacks have more than doubled, and average losses from major incidents have risen fourfold since 2017 to $2.5 billion. In one recent case, a ransomware attack on a major healthcare payments provider caused nationwide disruption and more than $1.5 billion in costs. At the same time, tougher rules in the EU, UK and US are making boards more directly accountable for oversight, response planning, third party risk and accurate public reporting.
https://www.jdsupra.com/legalnews/cybersecurity-and-operational-2897791/
95% of Organisations Don’t Trust Their Cyber Security Vendors
Sophos reports a widespread trust gap in the cyber security market, with 95% of organisations saying they do not fully trust their cyber security vendors. The research also found that 79% struggle to judge the trustworthiness of new suppliers, while 62% find it difficult even with existing providers. This lack of confidence is having a business impact, with 51% reporting greater anxiety about the risk of a serious cyber incident. Independent checks, certifications and clear communication during incidents were identified as the strongest foundations for building trust.
https://betanews.com/article/95-percent-of-organizations-dont-trust-their-cybersecurity-vendors/
3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)
Attackers are increasingly avoiding malicious software and instead misusing the trusted tools already built into an organisation’s systems, making harmful activity much harder to spot. Analysis of more than 700,000 serious incidents found that 84% involved legitimate tools being used in this way. On a standard Windows 11 device, hundreds of built in tools may be available, with research suggesting up to 95% of access to higher risk tools is unnecessary. This leaves organisations exposed because security monitoring alone can struggle to separate normal administrative activity from an active cyber attack. Organisations should review their approach to hardening their systems, to reduce the opportunity for attackers to misuse legitimate tools that are not required by the organisation.
https://thehackernews.com/2026/04/3-reasons-attackers-are-using-your.html
The Company’s Biggest Security Hole Lived In the Breakroom
An apparently low risk connected coffee machine became the entry point for a serious data breach after being placed on a secure corporate network with its default password unchanged, outdated software and no basic protections. Investigators found the device was quietly sending data to attackers whenever it was used. The incident reflects a wider pattern, with researchers warning that internet connected devices are increasingly linked to breaches because they are often overlooked, poorly monitored and treated as harmless. A similar case at a North American casino led to 10GB of data being stolen through a connected fish tank.
https://www.theregister.com/2026/04/02/pwned/
The Next Cyber Security Crisis Isn’t Breaches - It’s Data You Can’t Trust
As organisations rely more heavily on data and AI to guide financial, operational and strategic decisions, the greater risk may be not stolen data, but data that is inaccurate, altered or no longer reliable. Even small changes can lead to flawed outcomes, while weak ownership, poor access controls and inconsistent handling of sensitive information can blur the line between trusted and compromised data. Stronger governance, clear accountability and better tracking of changes are becoming essential, not just for security teams but for leadership, as regulators and cyber insurers raise expectations.
https://www.securityweek.com/the-next-cybersecurity-crisis-isnt-breaches-its-data-you-cant-trust/
New Criminal Service Plans to Monetise Data Stolen by Ransomware Gangs
A new criminal service is aiming to turn data stolen in ransomware incidents into a more valuable asset by organising large, unstructured datasets into searchable information for sale or extortion. This could increase pressure on organisations, support follow-on crimes such as fraud and business email compromise where attackers impersonate trusted contacts, and potentially enable direct blackmail of individuals. Experts say the model is not yet proven at scale, as cyber criminals still favour high-volume attacks that deliver quicker returns, but it signals continued innovation in the cyber crime economy.
https://therecord.media/new-criminal-service-plans-to-monetize-ransomware-data
Nearly Half a Million Mobile Customers of Lloyds Banking Group Affected by Security Incident
A software error at Lloyds Banking Group briefly exposed transaction details for up to 447,936 mobile banking customers across Lloyds, Halifax and Bank of Scotland. The issue lasted for less than five hours on 12 March and affected customers who viewed their transaction lists at almost exactly the same time. In some cases, exposed information included payment amounts, dates, references and National Insurance numbers. Lloyds said no unauthorised transactions were possible and no financial losses have been identified, although £139,000 has been paid to 3,625 customers for distress and inconvenience. The incident is a reminder that business leaders should ensure robust testing of software and also maintain strong incident‑response readiness to prevent and manage data exposure during faults.
Governance, Risk and Compliance
Cyberthreat level remains high – attacks becoming more targeted and complex
Most businesses couldn’t survive three days downtime - BetaNews
More Confident, More Tooled, More Breached: The Security Gap Isn’t Closing | news | MSSP Alert
Attackers Are Scaling. Defenders Are Still Missing the Basics | perspective | MSSP Alert
Meta Lawsuit Dismissal: WhatsApp Security Chief Not Done Fighting - Business Insider
Why silence is no longer a security strategy | TechRadar
Trust, friction, and ROI: A CISO's take on making security work for the business - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Iran-Linked Pay2Key Ransomware Group Re-Emerges - Infosecurity Magazine
TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM | Trend Micro (US)
Ransomware in 2025: Blending in is the strategy
Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware
Ransomware and Destructive Attack Victims
European Commission Confirms Cloud Data Breach - Infosecurity Magazine
ShinyHunters claims the hack of the European Commission
Co-Op Chief Steps Down As Hack Leads To £125m Loss
St Anne's School in Southampton closed after cyber attack - BBC News
Qilin Ransomware allegedly breached chemical manufacturer giant Dow Inc
Marquis bank data breach exposes 672,000 in ransomware attack | Fox News
Ransomware group claims it stole data from Monmouth University | EdScoop
Hasbro cyberattack delays orders, weeks-long recovery | Cybernews
Phishing & Email Based Attacks
Dutch Police discloses security breach after phishing attack
New Wave of AiTM Phishing Targets TikTok for Business - Infosecurity Magazine
CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
New EvilTokens service fuels Microsoft device code phishing attacks
How businesses can defend themselves against the rise of ‘phishing as a service’ | TechRadar
Cybercriminals Exploit Tax Season With New Phishing Tactics - Infosecurity Magazine
Other Social Engineering
New ClickFix Variant Uses Rundll32 and WebDAV to Evade PowerShell Detection
New EvilTokens service fuels Microsoft device code phishing attacks
Don't open that WhatsApp message, Microsoft warns • The Register
New macOS Infinity Stealer uses Nuitka Python payload and ClickFix
Another worrying macOS malware scheme has been discovered — here's how to stay safe | TechRadar
3 red flags that job posting is a scam - and how to verify safely | ZDNET
Invoice Fraud Costs UK Construction Sector Millions, NCA Warns - Infosecurity Magazine
AML/CFT/Money Laundering/Terrorist Financing/Sanctions
UK sanctions Xinbi marketplace linked to Asian scam centers
Artificial Intelligence
AI is the Top Cyber Priority for Defenders as Criminals Exploit it - Infosecurity Magazine
TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM | Trend Micro (US)
Breaking out: Can AI agents escape their sandboxes? - Help Net Security
Critical Flaw in Langflow AI Platform Under Attack
AI Shrinks Cyberattack Exploit Time From Years to Days
Security leaders say the next two years are going to be 'insane' | CyberScoop
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust - SecurityWeek
AI Cyberattacks Call for Company Preparation to Limit Fallout
Why 'Emerging Threats' Are Harder to Prioritize in the AI Era
The Real Risk of Vibecoding | Trend Micro (US)
Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
Shadow AI 'double agents' are outpacing security visibility | TechRadar
Mercor says it was 'one of thousands' hit in LiteLLM attack • The Register
Claude Code leak used to push infostealer malware on GitHub
MP victim of AI deepfake fails to get answers from Big Tech • The Register
Latest Anthropic Miscue Puts AI and Cyber Firms at Odds
Bots/Botnets
4 IoT botnets generated attack traffic exceeding 30Tbps - Mobile Europe
Reddit declares war on bad bot activity - Help Net Security
Careers, Roles, Skills, Working in Cyber and Information Security
The human cost of cybersecurity and what we should do about it | TechRadar
Meta Lawsuit Dismissal: WhatsApp Security Chief Not Done Fighting - Business Insider
Are hackers better off staying legal? The answer may surprise you | Cybernews
How to Grow Your Cybersecurity Skills, According to Experts | Security Magazine
How dyslexic thinking strengthens cyber security | BCS
Cloud/SaaS
European Commission Confirms Cloud Data Breach - Infosecurity Magazine
ShinyHunters claims the hack of the European Commission
Iran targets M365 accounts with password-spraying attacks • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
GitHub Used as Covert Channel in Multi-Stage Malware Campaign - Infosecurity Magazine
Maryland Man Charged Over $53m Uranium Finance Crypto Hack - Infosecurity Magazine
Cyber Crime, Organised Crime & Criminal Actors
Are hackers better off staying legal? The answer may surprise you | Cybernews
UK sanctions Xinbi marketplace linked to Asian scam centers
Russia arrests suspected owner of LeakBase cybercrime forum
Data Breaches/Leaks
48 Hours: The Window Between Infostealer Infection and Dark Web Sale - Security Boulevard
European Commission suffered a cyberattack - hackers stole data | УНН
Hackers steal EU Commission cloud data | Cybernews
Dutch Police discloses security breach after phishing attack
Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers - Infosecurity Magazine
Mercor says it was 'one of thousands' hit in LiteLLM attack • The Register
OkCupid settles claims it shared user photos with a facial recognition company | The Verge
Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
Marquis bank data breach exposes 672,000 in ransomware attack | Fox News
Hightower Holding Data Breach Impacts 130,000 - SecurityWeek
Smith & Co Solicitors in Ipswich faces data breach | Ipswich Star
Ajax silenced hacker who found 2017 data breach| Cybernews
Healthcare tech firm CareCloud says hackers stole patient data
Ajax football club hack exposed fan data, enabled ticket hijack
Denial of Service/DoS/DDoS
4 IoT botnets generated attack traffic exceeding 30Tbps - Mobile Europe
Fraud, Scams and Financial Crime
Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers
UK sanctions Xinbi marketplace linked to Asian scam centers
Financial groups lay out a plan to fight AI identity attacks - Help Net Security
ICO Fines UK Nuisance Call Scammers £100,000 - Infosecurity Magazine
3 red flags that job posting is a scam - and how to verify safely | ZDNET
Invoice Fraud Costs UK Construction Sector Millions, NCA Warns - Infosecurity Magazine
Identity and Access Management
Internet of Things – IoT
4 IoT botnets generated attack traffic exceeding 30Tbps - Mobile Europe
Vehicle Cybersecurity Threats Grow in Era of Connected Vehicles
Don’t count on government guidance after a smart home breach - Help Net Security
The company's biggest security hole lived in the breakroom • The Register
Your Streaming Device Could Be Spying For Hackers, According To The FBI
India Set to Ban Sale of Hikvision, TP-Link, CCTV Products From April
Law Enforcement Action and Take Downs
Alleged RedLine malware developer extradited to United States
Russia arrests suspected owner of LeakBase cybercrime forum
Linux and Open Source
How AI has suddenly become much more useful to open-source developers | ZDNET
Malware
48 Hours: The Window Between Infostealer Infection and Dark Web Sale - Security Boulevard
Fake Claude Code source downloads actually delivered malware • The Register
North Korean hackers compromise major software used by thousands of companies | NK News
Backdooring of JavaScript Library Axios Tied to North Korea
Hackers Hijack Axios npm Package to Spread RATs - Infosecurity Magazine
New Venom Stealer MaaS Platform Automates Continuous Data Theft - Infosecurity Magazine
GitHub Used as Covert Channel in Multi-Stage Malware Campaign - Infosecurity Magazine
New macOS Infinity Stealer uses Nuitka Python payload and ClickFix
New ClickFix Variant Uses Rundll32 and WebDAV to Evade PowerShell Detection
Backdoored Telnyx PyPI package pushes malware hidden in WAV audio
Malware Is Sleeping on the Blockchain, and It's Already Infected Dozens of Global Targets
The FBI Just Named 18 Popular Routers Targeted By A Massive Malware Operation
Phantom Project Bundles Infostealer, Crypter and RAT For Sale - Infosecurity Magazine
Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
Remcos RAT Infection Chain Hides Behind Obfuscated Scripts and Trusted Windows Binaries
Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
New 'Storm' Infostealer Remotely Decrypts Stolen Credentials - Infosecurity Magazine
vSphere and BRICKSTORM Malware: A Defender's Guide | Google Cloud Blog
Alleged RedLine malware developer extradited to United States
CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels
New CrystalRAT malware adds RAT, stealer and prankware features
Huge numbers of web stores are facing attack from this dangerous new malware | TechRadar
Mobile
Nearly half a Million mobile customers of Lloyds Banking Group affected by a security incident
FBI Warns of Data Security Risks From China-Made Mobile Apps - SecurityWeek
'NoVoice' Android malware on Google Play infected 2.3 million devices
Coruna iOS exploit framework linked to Triangulation attacks
Android Developer Verification Rollout Begins Ahead of September Enforcement
WhatsApp warns users of fake app used to distribute spyware | The Record from Recorded Future News
Passwords, Credential Stuffing & Brute Force Attacks
48 Hours: The Window Between Infostealer Infection and Dark Web Sale - Security Boulevard
Iran targets M365 accounts with password-spraying attacks • The Register
Regulations, Fines and Legislation
UK defining stronger energy cybersecurity rules after Poland attack – pv magazine International
ICO Fines UK Nuisance Call Scammers £100,000 - Infosecurity Magazine
FCC's Router Ban Quietly Places an Expiration Date on Home Internet Security | PCMag
US router ban is ‘industrial policy' not better infosec • The Register
If You Buy a New Router, It Might ‘Turn Into a Pumpkin’ Next Year - CNET
Former NSA chiefs worry American offensive edge in cybersecurity is slipping | CyberScoop
Home router ban is unserious political manoeuvring - Verdict
Social Media
New Wave of AiTM Phishing Targets TikTok for Business - Infosecurity Magazine
Meta Lawsuit Dismissal: WhatsApp Security Chief Not Done Fighting - Business Insider
Reddit declares war on bad bot activity - Help Net Security
Software Supply Chain
North Korean hackers compromise major software used by thousands of companies | NK News
North Korean Attackers Compromise Popular Web Tool | Silicon UK
The Hidden Blast Radius of the Axios Compromise - Socket
Hackers Hijack Axios npm Package to Spread RATs - Infosecurity Magazine
Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069
Supply Chain and Third Parties
The external pressures redefining cybersecurity risk | CSO Online
North Korean hackers compromise major software used by thousands of companies | NK News
Backdooring of JavaScript Library Axios Tied to North Korea
The Hidden Blast Radius of the Axios Compromise - Socket
Hackers Hijack Axios npm Package to Spread RATs - Infosecurity Magazine
Famous Telnyx Pypi Package compromised by TeamPCP - Security Boulevard
Backdoored Telnyx PyPI package pushes malware hidden in WAV audio
TeamPCP’s attack spree slows, but threat escalates with ransomware pivot - Help Net Security
TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM | Trend Micro (US)
Mercor says it was 'one of thousands' hit in LiteLLM attack • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Wartime Usage of Compromised IP Cameras Highlight Their Danger
Information sharing of cyber threats vital to national security - Defence Connect
Europe's Power Grid Faces Hybrid Warfare Threat
National Cyber Resilience Demands Unified Defense
'Cyber Power' Drives Modern Geopolitical Conflict
Iran's hackers are on the offensive against the US and Israel - Ars Technica
European-Chinese geopolitical issues drive renewed cyberespionage campaign | CyberScoop
Telecom Sleeper Cells: Nation-State Threats Below the Radar
How History Shapes Nation-State Cyber Conflict
Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains
Former NSA chiefs worry American offensive edge in cybersecurity is slipping | CyberScoop
The Perils of Privatized Cyberwarfare | Lawfare
Nation State Actors
Information sharing of cyber threats vital to national security - Defence Connect
China
FBI Warns of Data Security Risks From China-Made Mobile Apps - SecurityWeek
Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure - SecurityWeek
China-linked Red Menshen APT deploys stealthy BPFDoor implants in telecom networks
European-Chinese geopolitical issues drive renewed cyberespionage campaign | CyberScoop
FCC's Router Ban Quietly Places an Expiration Date on Home Internet Security | PCMag
NCSC warns of messaging app targeting public sector | UKAuthority
Telcos targeted by threat actor ‘sleeper cells’ – report | TelecomTV
Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains
If You Buy a New Router, It Might ‘Turn Into a Pumpkin’ Next Year - CNET
Home router ban is unserious political manoeuvring - Verdict
Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign
India Set to Ban Sale of Hikvision, TP-Link, CCTV Products From April
Russia
NCSC warns of messaging app targeting public sector | UKAuthority
CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels
Russia targets VPNs used by millions in Putin’s latest internet crackdown | The Independent
Top EU officials’ Signal group chat shut down over hacking fears – POLITICO
Russia arrests suspected owner of LeakBase cybercrime forum
Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware
North Korea
North Korean hackers compromise major software used by thousands of companies | NK News
Backdooring of JavaScript Library Axios Tied to North Korea
The Hidden Blast Radius of the Axios Compromise - Socket
Hackers Hijack Axios npm Package to Spread RATs - Infosecurity Magazine
Iran
Europe's Power Grid Faces Hybrid Warfare Threat
Iranian hackers, Handala, claim to compromise FBI Director Kash Patel’s personal data | CyberScoop
Iran-Linked Pay2Key Ransomware Group Re-Emerges - Infosecurity Magazine
Iran Deploys 'Pseudo-Ransomware,' Revives Pay2Key Operations
NCSC warns of messaging app targeting public sector | UKAuthority
Wartime Usage of Compromised IP Cameras Highlight Their Danger
Iran's hackers are on the offensive against the US and Israel - Ars Technica
Iran targets M365 accounts with password-spraying attacks • The Register
FBI Confirms Kash Patel Email Hack as US Offers $10M Reward for Hackers - SecurityWeek
Iranian hackers breach FBI director's personal email, and post his CV and photos online
Hidden Battle…Iran Conflict Shows How Digital Fight is Ingrained in Warfare
Why U.S. Special Operations Forces Will Focus More On The Cyber Domain
Cyber Warfare 101: Bluff Don’t Tell - CEPA
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Information sharing of cyber threats vital to national security - Defence Connect
The Perils of Privatized Cyberwarfare | Lawfare
A New Cyber Service is Not the Answer > The Cyber Defense Review > Article View
Former NSA chiefs worry American offensive edge in cybersecurity is slipping | CyberScoop
Why U.S. Special Operations Forces Will Focus More On The Cyber Domain
Tools and Controls
More Confident, More Tooled, More Breached: The Security Gap Isn’t Closing | news | MSSP Alert
95 percent of organizations don’t trust their cybersecurity vendors - BetaNews
Security boffins harvest bumper crop of API keys from web • The Register
The Forgotten Endpoint: Security Risks of Dormant Devices
Russia targets VPNs used by millions in Putin’s latest internet crackdown | The Independent
Security leaders say the next two years are going to be 'insane' | CyberScoop
The Real Risk of Vibecoding | Trend Micro (US)
DMARC Policies in the Age of AI-Driven Impersonation | Proofpoint US
AI agents are about to overtake cybersecurity - for better, or worse? - SiliconANGLE
This privacy-first chatbot is taking off - here's why and how to try it | ZDNET
Germany urges citizens to back up data on World Backup Day | Cybernews
Enterprises are all in on AI for security but budgets aren’t keeping pace - Verdict
How AI has suddenly become much more useful to open-source developers | ZDNET
Leak reveals Anthropic’s ‘Mythos,’ a powerful AI model aimed at cybersecurity use cases | CSO Online
Trust, friction, and ROI: A CISO's take on making security work for the business - Help Net Security
Agentic GRC: Teams Get the Tech. The Mindset Shift Is What's Missing.
GPT Can’t Trace an Attack Chain. A Purpose-Built Cybersecurity LLM Can. - Security Boulevard
Free VPNs leak your data while claiming privacy
Malware detectors trained on one dataset often stumble on another - Help Net Security
Other News
3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)
Cyberthreat level remains high – attacks becoming more targeted and complex
Your router is about to stop getting security updates - here's what to do
Security precautions to consider while traveling through airports
Critical Infrastructure at Risk | Security Insider
The House Article | Government needs to take cyber security in our energy system seriously
Have telcos invested enough in security? | TelecomTV
UK manufacturers under cyber fire with 80% reporting attacks • The Register
Eight in 10 UK Manufacturers Hit by Cyber Incident in a Year - Infosecurity Magazine
Vulnerability Management
Security leaders say the next two years are going to be 'insane' | CyberScoop
EU wants to support bedrock cyber vulnerability program, top official says - Nextgov/FCW
Rethinking Vulnerability Management Strategies
Vulnerabilities
A critical Windows security fix puts legacy hardware on borrowed time – Computerworld
Windows is finally fixing a years-old security hole in April | PCWorld
New Windows 11 emergency update fixes preview update install issues
F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild - SecurityWeek
Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks
Exploitation of Critical Fortinet FortiClient EMS Flaw Begins - SecurityWeek
Cisco Patches Critical and High-Severity Vulnerabilities - SecurityWeek
Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
Rapid Exploitation of CVE-2026-21962 Hits Oracle WebLogic - Infosecurity Magazine
Urgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data
Critical Fortinet Forticlient EMS flaw now exploited in attacks
Fortinet hit by another exploited cybersecurity flaw | CSO Online
Google fixes fourth Chrome zero-day exploited in attacks in 2026
Critical Vulnerability in Claude Code Emerges Days After Source Leak - SecurityWeek
Critical Flaw in Langflow AI Platform Under Attack
BIND Updates Patch High-Severity Vulnerabilities - SecurityWeek
Apple issues urgent lock screen warnings for unpatched iPhones and iPads
Hackers Actively Exploiting Critical WebLogic RCE Vulnerabilities in Attacks
Hackers Compromised 700+ Next.js Hosts by Exploiting React2Shell Vulnerability
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
CISA Flags Critical PTC Vulnerability That Had German Police Mobilized - SecurityWeek
TP-Link Patches High-Severity Router Vulnerabilities - SecurityWeek
TrueConf zero-day vulnerability exploited to target government networks - Help Net Security
New Progress ShareFile flaws can be chained in pre-auth RCE attacks
OpenSSH 10.3 patches five security bugs and drops legacy rekeying support - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 27 March 2026
Black Arrow Cyber Threat Intelligence Briefing 27 March 2026:
-When Confidence Becomes a Risk: The Gap Between Cyber Resilience Readiness and Reality
-Cyber Warfare Outstripping Business Defence Capabilities
-Enterprise Cyber Security Software Fails 20% of the Time, Warns Absolute Security
-An AI-Powered Phishing Campaign Has Compromised Hundreds of Organisations
-NCSC Warns Vibe Coding Poses a Major Risk to Businesses
-32% of Top-Exploited Vulnerabilities Are Over a Decade Old
-It’s Time Cyber Security Understood Human Behaviour and Acted Accordingly
-The Phone Call Is the New Phishing Email
-Financial Brands Targeted in Global Mobile Banking Malware Surge
-UK Finance Firms Given 12 Months to Prepare for Stricter Cyber Reporting
-NCA Boss Warns That Teens Are Being “Radicalised” Into Cybercrime Online
-Most Wanted Hackers Hide in Plain Sight – And There’s Nothing Police Can Do
-US Regulator Bans Imports of New Foreign-Made Routers, Citing Security Concerns
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
With escalating attacks, it is vital that business leaders focus on both cyber security (to reduce the likelihood of a successful attack) and cyber resilience (to stand the best chance of surviving an attack). In our review of specialist and general media this week, we highlight the gap in business leaders’ perception of how resilient they are versus how they manage a real or simulated incident.
We share reasons for that gap including security controls that have not been maintained, vulnerabilities that are over a decade old, and insecure business software code that has been written by AI. Meanwhile, attackers are using AI to empower their own attacks and adapt their social engineering techniques to gain access via employees. The high number of attacks has prompted the UK financial services regulator to enforce stricter reporting of cyber incidents, which is effective in the next 12 months.
From the above, business leaders need to ensure they understand how robust their own cyber security is, and whether their organisation is resilient enough to withstand a likely attack. This requires an objective assessment, with upskilled governance to assess against the reports from control providers. Contact us to find out how to do this proportionately in your organisation.
Top Cyber Stories of the Last Week
When Confidence Becomes a Risk: The Gap Between Cyber Resilience Readiness and Reality
Research indicates that many leadership teams may be more confident in their cyber resilience than the facts justify. While 99% of organisations say they have a cyber resilience strategy, only 40% successfully contained and recovered from their most recent incident or test, and 63% of IT leaders believe executives overestimate readiness. Organisations that test recovery plans monthly achieve a higher success rate compared with those that test less often, showing that regular validation is critical to reducing operational, financial and reputational risk.
Cyber Warfare Outstripping Business Defence Capabilities
Armis warns that cyber warfare has become a daily business risk, with artificial intelligence helping attackers move faster and target more precisely. While 81% of UK decision-makers say they are confident in their ability to detect and respond to a coordinated cyber attack, 48% report being hit by an AI-led attack in the past year. The financial impact is also rising sharply: the average ransomware payment for larger organisations reached £7.71 million in 2025, and 44% say these payments now exceed their annual cyber security budget.
https://www.emergingrisks.co.uk/cyber-warfare-outstripping-business-defence-capabilities/
Enterprise Cyber Security Software Fails 20% of the Time, Warns Absolute Security
Absolute Security reports that delays in applying patches is a main cause of endpoint security tools failing on around 20% of enterprise devices, creating the equivalent of 76 days a year when organisations may face greater exposure to cyber threats. Its research, based on data from tens of millions of business devices, also found nearly a quarter of vulnerability management tools were operating outside compliance, critical Windows updates were delayed by an average of 127 days, and almost 10% of devices were permanently unpatched. For senior leaders, the message is clear: security tools are only effective if they remain operational, updated and consistently enforced.
https://www.infosecurity-magazine.com/news/cybersecurity-software-failure-20/
An AI-Powered Phishing Campaign Has Compromised Hundreds of Organisations
Researchers have uncovered a large-scale phishing campaign that used artificial intelligence to create convincing, varied scam emails and gain access to Microsoft cloud accounts at speed. Huntress identified 344 affected organisations across sectors including finance, healthcare, government and legal services, and believes the true number could run into the thousands. In some cases, attackers could keep access for up to 90 days without needing a password or additional verification. The campaign highlights how artificial intelligence is lowering the barrier for cyber criminals and increasing the pace and scale of cyber attacks.
https://cyberscoop.com/huntress-railway-ai-phishing-campaign-compromised-hundreds-of-organizations/
NCSC Warns Vibe Coding Poses a Major Risk to Businesses
The UK’s NCSC has warned that AI generated code, often called “vibe coding”, is creating growing cyber security risks for businesses. While AI could help reduce long standing software weaknesses, the agency says many organisations are not improving their ability to find and fix flaws quickly enough. It notes that software code in systems doubles roughly every 42 months, increasing the potential attack surface, while serious weaknesses are often exploited before fixes are applied. Separate industry research found 1 in 5 security leaders had experienced a major incident linked to AI generated code.
https://www.itpro.com/security/ncsc-warns-vibe-coding-poses-a-major-risk
32% of Top-Exploited Vulnerabilities Are Over a Decade Old
Cisco Talos reports that many of the security weaknesses most often exploited in 2025 were not new. Around 32% were more than 10 years old and nearly 40% affected unsupported devices, showing how ageing technology continues to create risk. Attackers also moved quickly on newly disclosed flaws, often using them almost at once. Ransomware remained steady, with manufacturing the hardest hit sector, while email was still a major route in, featuring in 40% of response cases.
It’s Time Cyber Security Understood Human Behaviour and Acted Accordingly
Organisations are being reminded that many serious cyber security breaches exploit human behaviour rather than technical flaws. Human actions such as responding quickly under pressure or approving repeated login requests can open the door to attackers, with Verizon finding human behaviour involved in around 60% of breaches. The growing use of AI is expected to make these manipulation tactics more convincing. Effective defence now depends on combining staff awareness with stronger sign in controls that can detect suspicious activity without creating unnecessary friction for employees.
The Phone Call Is the New Phishing Email
Mandiant reports a marked shift in cyber crime tactics, with voice phishing now behind 11% of the incidents it investigated in 2025. In these attacks, criminals phone employees or IT support while pretending to be legitimate staff in order to gain access. Software weaknesses still remained the main route in, accounting for 32% of cases. Technology firms were most affected at 17% of incidents, followed by finance at 14%, professional services at 13% and health care at 11%.
https://cyberscoop.com/social-engineering-surge-intrusion-vector-mandiant-m-trends/
Financial Brands Targeted in Global Mobile Banking Malware Surge
A sharp rise in mobile banking malware is putting financial organisations under growing pressure, with 1,243 financial brands across 90 countries now being targeted. Zimperium found attacks are increasingly happening on customers’ phones rather than within bank systems, making fraud harder to spot because it can look like normal account activity. Android banking trojan activity rose 56% in 2025, while online fraud increased 21% year on year. The US faces the highest concentration of targeted banking apps, followed by the UK.
https://www.infosecurity-magazine.com/news/financial-brands-mobile-banking/
UK Finance Firms Given 12 Months to Prepare for Stricter Cyber Reporting
Britain’s financial regulator has given firms 12 months to prepare for tougher reporting rules on cyber incidents and disruptions affecting key suppliers. The measures take effect on 18 March 2027 and are designed to improve operational resilience, meaning an organisation’s ability to keep critical services running during disruption. The move reflects growing concern over supply chain risk, with more than 40% of cyber incidents reported to the Financial Conduct Authority in 2025 involving a third party, including major outages linked to Cloudflare and AWS.
NCA Boss Warns That Teens Are Being “Radicalised” Into Cybercrime Online
The UK National Crime Agency warns that online platforms and recommendation systems are drawing some teenagers into cyber crime, alongside other serious offences, as digital networks make crime faster, more global and harder to separate into neat categories. The agency also reports rising online fraud, including investment scams and sexual extortion, plus a growing number of UK-based attackers using both malicious software and manipulation of staff. Its message to leaders is that protecting systems alone is not enough: organisations must also strengthen staff awareness, processes and supply chain resilience.
https://www.infosecurity-magazine.com/news/nca-boss-warns-teens-radicalized/
Most Wanted Hackers Hide in Plain Sight – And There’s Nothing Police Can Do
Cyber criminals often remain beyond the reach of law enforcement not because they cannot be identified, but because legal and political barriers make prosecutions difficult. In 2023, the FBI received more than 880,000 cyber crime complaints reporting losses above $12.5 billion, yet only a tiny proportion led to prosecutions. While international cooperation has improved and some criminal services have been disrupted, replacements quickly emerge. The result is a low risk, high reward environment in which many offenders operate openly from countries unwilling to extradite them.
https://cybernews.com/security/wanted-hackers-hide-plain-sight-police/
US Regulator Bans Imports of New Foreign-Made Routers, Citing Security Concerns
The US communications regulator has banned imports of newly approved foreign-made home routers, citing national security and cyber security concerns. China is thought to supply at least 60% of the US home router market. Existing models are unaffected, but new imports will be blocked after a government review warned that weaknesses in some devices could be used to disrupt essential services, spy on networks and steal valuable information. The move reflects growing concern that everyday internet equipment, which connects homes and businesses to online services, can create wider risks to national infrastructure and economic security.
Governance, Risk and Compliance
Cyber warfare outstripping business defence capabilities
UK finance firms given 12 months to prepare for stricter cyber reporting | Cyprus Mail
When confidence becomes a risk: The gap between cyber resilience readiness and reality | TechRadar
You can’t patch poor leadership: cyber security starts in the boardroom | BCS
From boardroom risk to deal flow: why cyber M&A is accelerating in 2026 | TechRadar
US government launches Bureau of Emerging Threats | Computer Weekly
How To Strengthen Cyber Resilience Through Shared Risk Ownership
Threats
Ransomware, Extortion and Destructive Attacks
Why hackers almost never get caught | Cybernews
Stryker cyber attack: Employees still unable to work more than a week after hack - mlive.com
Ransomware's New Era: Moving at AI Speed
Ransomware Affiliate Exposes Details of 'The Gentlemen' Operation - Infosecurity Magazine
Ex-data analyst stole company data in $2.5M extortion scheme
FBI seizes domains linked to Iran hackers after Stryker cyberattack
TeamPCP deploys Iran-targeted wiper in Kubernetes attacks
Handala Group Tied to Iranian Hack‑and‑Leak Operations, FBI Reveals - Infosecurity Magazine
U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage
Stryker Sued by Former Employee Alleging Failure to Secure Data
Cyber OpSec Fail: Beast Gang Exposes Ransomware Server
Extortion Group Claims It Hacked AstraZeneca - SecurityWeek
UK watchdog raises concerns over Jaguar Land Rover's cyber bailout | SC Media UK
Manager of botnet used in ransomware attacks gets 2 years in prison
Law Firm Ransomware Attacks On Rise, Report Says - Law360
Ransomware and Destructive Attack Victims
Co-op takes £126m knock from cyber attack as boss quits
UK watchdog raises concerns over Jaguar Land Rover's cyber bailout | SC Media UK
WorldLeaks group breached the City of Los Angeles
Chip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware - SecurityWeek
Phishing & Email Based Attacks
An AI-powered phishing campaign has compromised hundreds of organizations | CyberScoop
The phone call is the new phishing email | CyberScoop
Voice phishing skyrockets as smooth crims talk their way in • The Register
Microsoft Azure Monitor alerts abused for callback phishing attacks
Signal is being targeted by Russian hackers in a huge new phishing campaign, FBI says | TechRadar
Tycoon2FA phishing platform returns after recent police disruption
Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
Manager of botnet used in ransomware attacks gets 2 years in prison
Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
Phishers Pose as Palo Alto Networks' Recruiters in Job Scam
Other Social Engineering
The phone call is the new phishing email | CyberScoop
Voice phishing skyrockets as smooth crims talk their way in • The Register
Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
Trio sentenced for facilitating North Korean IT worker scheme from their homes | CyberScoop
Attackers are handing off access in 22 seconds, Mandiant finds - Help Net Security
Google slows Android sideloading to trip up scammers - Help Net Security
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
2FA/MFA
It’s time cyber security understood human behavior and acted accordingly | TechRadar
Tycoon2FA phishing platform returns after recent police disruption
Artificial Intelligence
An AI-powered phishing campaign has compromised hundreds of organizations | CyberScoop
Cybersecurity Staff Don’t Know How Fast They Could Stop AI Attacks - Infosecurity Magazine
Ransomware's New Era: Moving at AI Speed
Cyber Attacks Hit 93% of UK Critical Infrastructure as AI Threats Accelerate - IT Security Guru
Cybercriminals are Winning with AI - Security Boulevard
1 in 2 security leaders say they're not ready for AI attacks - 4 actions to take now | ZDNET
NCSC warns vibe coding poses a major risk to businesses | IT Pro
A nearly undetectable LLM attack needs only a handful of poisoned samples - Help Net Security
The Kill Chain Is Obsolete When Your AI Agent Is the Threat
AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest Link - SecurityWeek
SANS: Top 5 Most Dangerous New Attack Techniques to Watch
MSSPs Can’t Keep Up With AI-Driven Threats | news | MSSP Alert
Deepfake scams skyrocket. Can a safe word protect your family? | Cybernews
OpenClaw AI goes viral in China, raising cybersecurity fears - Asia Times
3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to China - SecurityWeek
China moves to curb use of OpenClaw AI at banks, state agencies | The Straits Times
Stop telling AI your secrets - 5 reasons why, and what to do if you already overshared | ZDNET
The OWASP Top 10 for LLM Applications (2025): Explained Simply - Security Boulevard
Who owns AI agent access? At most companies, nobody knows - Help Net Security
Bots/Botnets
US Takes Down Botnets Used in Record-Breaking Cyberattacks | WIRED
Manager of botnet used in ransomware attacks gets 2 years in prison
How one man used 10,000 bots to steal $8,000,000 from music artists
Careers, Roles, Skills, Working in Cyber and Information Security
The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills
Cyber platformisation is a skills issue for security teams | Computer Weekly
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
Cyber Crime, Organised Crime & Criminal Actors
Why hackers almost never get caught | Cybernews
The rise of the cyber hacker - does clout matter more than cash? | TechRadar
Operation Henhouse Nets Over 500 Arrests in UK Fraud Crackdown - Infosecurity Magazine
Manager of botnet used in ransomware attacks gets 2 years in prison
Russian initial access broker jailed for 81 months in US • The Register
Data Breaches/Leaks
Hackers claim to have accessed data tied to millions of crime tipsters | Malwarebytes
Marquis Data Breach Affects 672,000 Individuals - SecurityWeek
Mazda discloses security breach exposing employee and partner data
HackerOne Employee Data Exposed in Massive Navia Breach - SecurityWeek
Data/Digital Sovereignty
Big Win for Open Source as Germany Backs Open Document Format
Open source is booming in Europe as enterprises look to strengthen digital autonomy | IT Pro
Denial of Service/DoS/DDoS
US Takes Down Botnets Used in Record-Breaking Cyberattacks | WIRED
International joint action disrupts world’s largest DDoS botnets
Encryption
Google moves post-quantum encryption timeline up to 2029 | CyberScoop
Fraud, Scams and Financial Crime
Operation Henhouse Nets Over 500 Arrests in UK Fraud Crackdown - Infosecurity Magazine
Industry Acts Against Fraud, but Government's Role Unclear
Fake app stores bypass sideloading restrictions using PWAs | Cybernews
Deepfake scams skyrocket. Can a safe word protect your family? | Cybernews
Google slows Android sideloading to trip up scammers - Help Net Security
Police take down 373,000 fake CSAM sites in Operation Alice
Man Used 373,000 Sites On Dark Web To Swindle Predators, Hackers
Scammers have virtual smartphones on speed dial for fraud • The Register
How one man used 10,000 bots to steal $8,000,000 from music artists
Phishers Pose as Palo Alto Networks' Recruiters in Job Scam
Identity and Access Management
AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest Link - SecurityWeek
Insider Risk and Insider Threats
Human Risk Multiplier: How Mobile Devices Expand Enterprise Attack Surfaces
It’s time cyber security understood human behavior and acted accordingly | TechRadar
Trio sentenced for facilitating North Korean IT worker scheme from their homes | CyberScoop
Ex-data analyst stole company data in $2.5M extortion scheme
Insurance
UK watchdog raises concerns over Jaguar Land Rover's cyber bailout | SC Media UK
Are nations ready to be the cybersecurity insurers of last resort? | CSO Online
Internet of Things – IoT
Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US | TechCrunch
Law Enforcement Action and Take Downs
Operation Henhouse Nets Over 500 Arrests in UK Fraud Crackdown - Infosecurity Magazine
Why hackers almost never get caught | Cybernews
Trio sentenced for facilitating North Korean IT worker scheme from their homes | CyberScoop
US Takes Down Botnets Used in Record-Breaking Cyberattacks | WIRED
International joint action disrupts world’s largest DDoS botnets
Manager of botnet used in ransomware attacks gets 2 years in prison
NCA Boss Warns That Teens Are Being “Radicalized” Online - Infosecurity Magazine
Dark web platforms taken down in international operation | IT Pro
Alleged RedLine infostealer conspirator extradited to US | CyberScoop
Man Used 373,000 Sites On Dark Web To Swindle Predators, Hackers
Tycoon2FA phishing platform returns after recent police disruption
FBI seizes domains linked to Iran hackers after Stryker cyberattack
U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage
3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to China - SecurityWeek
Linux and Open Source
Big Win for Open Source as Germany Backs Open Document Format
Open source is booming in Europe as enterprises look to strengthen digital autonomy | IT Pro
Malware
If You Own One Of These Popular Routers, The FBI Has A Serious Warning
Alleged RedLine infostealer conspirator extradited to US | CyberScoop
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
The New Turing Test: How Threats Use Geometry to Prove 'Humanness'
Chrome encryption bypass discovered: New malware steals passwords and cookies – Computerworld
GitHub-hosted malware campaign uses split payload to evade detection - Help Net Security
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
FBI: Iranian hackers targeting opponents with Telegram malware | CyberScoop
North Korea-linked threat actors abuse VS Code auto-run to spread StoatWaffle malware
Mobile
Human Risk Multiplier: How Mobile Devices Expand Enterprise Attack Surfaces
CISA urges US orgs to secure Microsoft Intune systems after Stryker breach
Financial Brands Targeted in Global Mobile Banking Malware Surge - Infosecurity Magazine
New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data
Fake app stores bypass sideloading restrictions using PWAs | Cybernews
FBI: Iranian hackers targeting opponents with Telegram malware | CyberScoop
Google slows Android sideloading to trip up scammers - Help Net Security
iOS, macOS 26.4 Roll Out With Fresh Security Patches - SecurityWeek
Hong Kong police can now demand phone passwords under national security law
Models, Frameworks and Standards
NIST updates its DNS security guidance for the first time in over a decade - Help Net Security
The OWASP Top 10 for LLM Applications (2025): Explained Simply - Security Boulevard
Cyber Resilience Act (EU) - Security Boulevard
Outages
Microsoft Exchange Online service change causes email access issues
Passwords, Credential Stuffing & Brute Force Attacks
Chrome encryption bypass discovered: New malware steals passwords and cookies – Computerworld
Hong Kong police can now demand phone passwords under national security law
Regulations, Fines and Legislation
UK finance firms given 12 months to prepare for stricter cyber reporting | Cyprus Mail
US bans foreign-made internet routers over security concerns | The Independent
UK Law Update 2026: Key Legal Shifts and What They Mean - Law News
US government launches Bureau of Emerging Threats | Computer Weekly
Irish government launches CNI resilience plan | Computer Weekly
What was missing from the UK digital ID consultation? • The Register
Social Media
Software Supply Chain
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
Supply Chain and Third Parties
SANS: Top 5 Most Dangerous New Attack Techniques to Watch
TeamPCP deploys Iran-targeted wiper in Kubernetes attacks
Trivy’s March Supply Chain Attack Shows Where Secret Exposure Hurts Most - Security Boulevard
LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks - Help Net Security
From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI - SecurityWeek
Chip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware - SecurityWeek
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Cyber warfare outstripping business defence capabilities
Iran Readied Cyberattack Capabilities for Response Prior to Epic Fury - SecurityWeek
How Russian electronic warfare is forcing ships to abandon GPS
First cyberattacks of war hint at Iran's playbook against U.S.
Inside the Growing 'Cyber Invasion' Targeting the US
Iran war fallout is no longer confined to states - it now runs through companies | The National
Only Trump decides when cyberwar turns into real war • The Register
How CISOs Can Survive the Era of Geopolitical Cyberattacks
Nation State Actors
Inside the Growing 'Cyber Invasion' Targeting the US
Blame Game: Why Public Cyber Attribution Carries Risks
China
US regulator bans imports of new foreign-made routers, citing security concerns | Reuters
3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to China - SecurityWeek
How Cyberattacks Can Turn Battery Farms Into Grid Blackouts
Hong Kong police can now demand phone passwords under national security law
OpenClaw AI goes viral in China, raising cybersecurity fears - Asia Times
China moves to curb use of OpenClaw AI at banks, state agencies | The Straits Times
Russia
How Russian electronic warfare is forcing ships to abandon GPS
Signal is being targeted by Russian hackers in a huge new phishing campaign, FBI says | TechRadar
Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376
FBI links Signal phishing attacks to Russian intelligence services
Manager of botnet used in ransomware attacks gets 2 years in prison
Russian initial access broker jailed for 81 months in US • The Register
Internet outages disrupt daily life in Russia, fueling fears of a digital crackdown | CNN
North Korea
North Korea-linked threat actors abuse VS Code auto-run to spread StoatWaffle malware
Trio sentenced for facilitating North Korean IT worker scheme from their homes | CyberScoop
Iran
Iran Readied Cyberattack Capabilities for Response Prior to Epic Fury - SecurityWeek
First cyberattacks of war hint at Iran's playbook against U.S.
FBI seizes domains linked to Iran hackers after Stryker cyberattack
Stryker cyber attack: Employees still unable to work more than a week after hack - mlive.com
Handala Group Tied to Iranian Hack‑and‑Leak Operations, FBI Reveals - Infosecurity Magazine
Iran Hacktivists Make Noise but Have Little Impact on War
Iran war fallout is no longer confined to states - it now runs through companies | The National
TeamPCP deploys Iran-targeted wiper in Kubernetes attacks
FBI: Iranian hackers targeting opponents with Telegram malware | CyberScoop
French aircraft carrier Charles de Gaulle tracked via Strava activity in OPSEC failure
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Only Trump decides when cyberwar turns into real war • The Register
Tools and Controls
Enterprise Cybersecurity Software Fails 20% of the Time, Warns Report - Infosecurity Magazine
CISA urges US orgs to secure Microsoft Intune systems after Stryker breach
NCSC warns vibe coding poses a major risk to businesses | IT Pro
When confidence becomes a risk: The gap between cyber resilience readiness and reality | TechRadar
NIST updates its DNS security guidance for the first time in over a decade - Help Net Security
UK firms regret software spending as tool sprawl causes IT headaches | IT Pro
Enterprise PCs are unreliable, unpatched, and unloved • The Register
CISOs Debate Human Role in AI-Powered Security
The OWASP Top 10 for LLM Applications (2025): Explained Simply - Security Boulevard
MSSPs Can’t Keep Up With AI-Driven Threats | news | MSSP Alert
Using a single LLM tool for malware analysis leads to unreliable results - BetaNews
Top AI coding tools make mistakes one in four times, study shows
UK is set to lead multinational cyber defence exercise | UKAuthority
Google unleashes Gemini AI agents on the dark web • The Register
Other News
Cyber Attacks Hit 93% of UK Critical Infrastructure as AI Threats Accelerate - IT Security Guru
7,500+ Magento sites defaced in global hacking campaign
The UK’s cyber-security reckoning | The Independent
Blame Game: Why Public Cyber Attribution Carries Risks
The era of cheap technology could be over | IT Pro
New rules, rising threats: why lean IT teams must rethink cyber-security | The Independent
One year on from retail’s devastating cyber attacks, what’s changed? - Retail Gazette
Vulnerability Management
32% of top-exploited vulnerabilities are over a decade old - Help Net Security
Enterprise PCs are unreliable, unpatched, and unloved • The Register
Lightning-fast exploits mean patch fast, says Cisco Talos • The Register
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
Vulnerabilities
New KB5085516 emergency update fixes Microsoft account sign-in
Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
Chrome encryption bypass discovered: New malware steals passwords and cookies – Computerworld
iOS, macOS 26.4 Roll Out With Fresh Security Patches - SecurityWeek
Telnet vulnerability opens door to remote code execution as root | CSO Online
Microsoft releases emergency fix for account internet error • The Register
Chrome 146 Update Patches High-Severity Vulnerabilities - SecurityWeek
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
MS update kills Microsoft account sign-ins in Windows 11 • The Register
Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376
PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks
Apple details Safari 26.4 with 44 new features, 191 bug fixes, more - 9to5Mac
Patch now: TP-Link Archer NX routers vulnerable to firmware takeover
Critical Quest KACE Vulnerability Potentially Exploited in Attacks - SecurityWeek
QNAP fixed four vulnerabilities demonstrated at Pwn2Own Ireland 2025
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 20 March 2026
Black Arrow Cyber Threat Intelligence Briefing 20 March 2026:
-Cyberattacks Spike 245% in the Two Weeks After the Start of War with Iran
-Attack on Stryker’s Microsoft Environment Wiped Employee Devices Without Malware
-Researchers Ask AI Agents to Create LinkedIn Posts. They Publish Passwords Instead
-AI Finally Delivers Those Elusive Productivity Gains… for Cybercriminals
-Phishers Weaponise Safe Links with Multi-Layered URL Rewriting to Evade Detection
-Ransomware Gang Exploits Cisco Flaw in Zero-Day Attacks Since January
-Your Favourite Image-Saving Chrome Extension Was Scraping Your Data for Cash
-Credential-Stealing Crew Spoofs VPN Clients From Cisco, Fortinet, and Others
-EDR Killers Are Now Standard Equipment in Ransomware Attacks
-Your Employees’ Tech Frustration is a Gift to Cybercriminals
-Third-Party Risk Management Must Now Confront AI, Cyber Security, and Technology Risk Head-On
-North Korea’s 100,000-Strong Fake IT Worker Army Rake In $500M a Year for Kim Jong Un
-Why Cyber Attacks on Critical National Infrastructure Are Such a Huge Threat
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
The Iran war is affecting organisations across the world, with a 245% rise in cyber attacks shortly after it started, particularly against financial services, e‑commerce and gaming sectors. Separately, a healthcare technology firm confirmed it had been attacked by Iranian‑linked hacktivists who wiped tens of thousands of devices.
In other news from our review of specialist and general media, we highlight the need for businesses to manage the risks associated with AI, either due to autonomous AI agents taking harmful actions or the use of AI by attackers.
We also share details of new and developing attacker tactics including multi-layered weblinks, zero-day firewall vulnerabilities, malicious Chrome extensions, fake VPNs and deactivating victims’ security controls. These tactics are not only used against your organisation but also against your suppliers and clients, which is why we include a reminder of the need to understand the security posture of third parties that you work with and to identify whether your need to include additional security in the way you work with them.
Current geopolitical tensions, whether in the Middle East or Europe, are further reasons for business leaders to take a structured approach to identifying cyber risks and the pragmatic controls to address them as part of a strategy across people, operations and technology. Contact us to discuss how to do this in your organisation.
Top Cyber Stories of the Last Week
Cyberattacks Spike 245% in the Two Weeks After the Start of War with Iran
Security researchers have reported a 245% rise in cyber-attacks in the two weeks after the conflict with Iran began on 28 February 2026, with banks, online retailers and gaming firms making up 80% of observed targets. Financial services and e-commerce accounted for more than half. Attackers are increasingly using legitimate administrative tools and stolen login details, making malicious activity harder to spot and allowing them to disrupt services or erase data at scale. The trend highlights how geopolitical conflict can quickly raise cyber security risks for private sector organisations well beyond the immediate region.
Attack on Stryker’s Microsoft Environment Wiped Employee Devices Without Malware
Medical technology firm Stryker has confirmed a major cyber-attack that disrupted its internal Microsoft systems and remotely wiped around 80,000 employee devices, leaving some ordering systems offline and forcing manual workarounds. The attackers also claimed to have stolen about 50 terabytes of company data and caused disruption across 79 countries. Stryker said the incident was contained within its corporate IT environment and did not affect its medical products or connected devices, which remain safe to use. The case highlights how compromised admin accounts can cause serious operational disruption without malicious software being installed.
Researchers Ask AI Agents to Create LinkedIn Posts. They Publish Passwords Instead
Tests by AI security researchers found that autonomous AI agents can take harmful actions even during routine business tasks. In one exercise, AI agents that were asked to draft LinkedIn posts exposed passwords publicly, while others bypassed security controls, ignored anti-virus protections and accessed restricted data by creating fake credentials. Separate studies found agents could leak confidential information, damage databases and influence other agents to break rules. The findings suggest that giving AI systems broad access, persistence and freedom to act can create serious cyber security, legal and governance risks for organisations.
https://cybernews.com/security/rogue-ai-agents-aggressive-passwords/
AI Finally Delivers Those Elusive Productivity Gains… for Cybercriminals
Interpol reports that artificial intelligence is making online fraud far more effective and around 4.5 times more profitable for criminals. Tools that refine language, mimic voices and create fake identities are helping scams appear more convincing at very low cost. The agency also warns that AI is driving a rise in blackmail using fabricated images, while large scale scam centres are expanding beyond South East Asia into Africa, Europe and the Americas. Global losses from financial fraud reached an estimated $442 billion in 2025, underlining the growing business risk and need for stronger public and private sector cooperation.
https://www.theregister.com/2026/03/16/interpol_ai_fraud/
Phishers Weaponise Safe Links with Multi-Layered URL Rewriting to Evade Detection
Criminal groups are increasingly abusing trusted email security tools to make phishing messages look legitimate and bypass automated checks. Researchers saw a marked rise in this tactic between late 2025 and January 2026, with attacks targeting Microsoft 365 users through multiple layers of trusted vendor links before reaching fake sign in pages. In some cases, links exceeded 1,200 characters and passed through five separate security services. The aim is to steal login details and access tokens, which can then be used to take over accounts, steal sensitive data, send internal phishing emails and, in serious cases, deploy ransomware.
https://cybersecuritynews.com/phishers-weaponize-safe-links-with-multi-layered-url/
Ransomware Gang Exploits Cisco Flaw in Zero-Day Attacks Since January
Cisco has warned that a ransomware group has been exploiting a previously unknown flaw in its firewall management software since late January, giving attackers more than a month to target organisations before a fix was released on 4 March. According to Amazon’s threat intelligence team, the group had a 36-day window to abuse the weakness in internet-facing systems. The case underlines the speed at which cyber criminals can weaponise newly discovered software flaws and the importance of rapid patching, strong monitoring and resilient incident response plans.
Your Favourite Image-Saving Chrome Extension Was Scraping Your Data for Cash
Google has removed the "Save image as Type" Chrome extension after identifying malicious behaviour, affecting at least one million users. The tool, which let people save website images in formats such as PNG or JPG, was found to be quietly redirecting users when making online purchases through its own affiliate links across at least 578 websites. In practice, this meant user activity was being monitored and monetised without clear consent. Reports suggest the extension changed ownership in late 2025, with the questionable activity continuing on Chrome until March 2026. The case is a reminder that even widely used browser add-ons can create hidden cyber security and privacy risks.
https://9to5google.com/2026/03/16/image-saving-chrome-extension-removed-as-malware/
Credential-Stealing Crew Spoofs VPN Clients From Cisco, Fortinet, and Others
Microsoft has uncovered a criminal group using fake virtual private network, or VPN, software from major suppliers including Cisco, Fortinet, Ivanti and Check Point to steal employee usernames and passwords. Since mid-January, the group has manipulated search results so bogus download pages appear above genuine ones, then directed victims to counterfeit installers hosted on GitHub. After capturing login details, the software shows a fake error and points uses to the real supplier site, making the attack hard to spot. The case underlines the need for controls including multi-factor authentication.
https://www.theregister.com/2026/03/13/vpn_clients_spoofed/
EDR Killers Are Now Standard Equipment in Ransomware Attacks
Ransomware gangs now routinely use tools that disable endpoint security (EDR) software before locking files, giving attackers a short but reliable window to cause disruption. Researchers found nearly 90 such tools in active use, showing how common this tactic has become. Many rely on weaknesses in legitimate software drivers, while others use standard administrator tools or interfere with security systems more directly. The trend is being widened by criminal affiliate networks and may be accelerated by AI assisted coding, making ransomware attacks harder to predict and defend against.
https://www.helpnetsecurity.com/2026/03/19/edr-killer-ransomware-attacks/
Your Employees’ Tech Frustration is a Gift to Cybercriminals
Poor workplace technology is more than a productivity issue. It is a growing cyber security risk. Research found 89% of IT professionals believe improving employees’ day to day digital experience strengthens security, while 27% of office workers use unapproved personal devices or apps when official tools are too difficult to use. Nearly half say they are left to teach themselves new systems. For senior leaders, the message is clear: simpler systems, better training and more automated routine IT tasks can reduce frustration, cut risky workarounds and make it harder for attackers to gain access.
https://www.techradar.com/pro/your-employees-tech-frustration-is-a-gift-to-cybercriminals
Third-Party Risk Management Must Now Confront AI, Cyber Security, and Technology Risk Head-On
Third-party risk management needs to cover more than compliance and financial checks. Many suppliers have access to sensitive data, core systems and critical business services, which means any weaknesses in their security, use of artificial intelligence, or wider technology can directly disrupt operations or expose other organisations to data loss, fraud and legal risk. Effective oversight should focus on the highest risk suppliers, strengthen contract terms, and include ongoing monitoring so businesses can spot problems early and reduce dependence on a small number of critical providers.
https://www.jdsupra.com/legalnews/third-party-risk-management-must-now-9969518/
North Korea’s 100,000-Strong Fake IT Worker Army Rake In $500M a Year for Kim Jong Un
North Korea is using a vast network of fake IT workers to secure remote technology jobs at companies around the world, generating an estimated $500 million a year for the regime. Researchers believe the operation involves more than 100,000 people across 40 countries, supported by recruiters, facilitators and Western accomplices who help provide false identities. Beyond the financial gain, the wider risk is that these workers can gain trusted access to company systems and sensitive information, making recruitment checks, interview scrutiny and identity verification an increasingly important part of cyber security.
https://www.theregister.com/2026/03/18/researchers_lift_the_lid_on/
Why Cyber Attacks on Critical National Infrastructure Are Such a Huge Threat
Critical national infrastructure is facing growing cyber security pressure as attackers target essential services such as energy, transport, healthcare, telecommunications and water. The aim is often not the direct target itself, but the wider disruption caused to daily life, public confidence and business operations. In the UK, 95% of critical national infrastructure organisations reported a cyber-attack in 2024. The risk is heightened by connected systems, complex supply chains and mixed public and private ownership, making stronger collaboration, clearer risk oversight and security built into infrastructure from the outset increasingly important.
Governance, Risk and Compliance
UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs - Infosecurity Magazine
Why cyber attacks on critical national infrastructure are such a huge threat | IT Pro
How Cyber Risk Management Builds Resilience | Kovrr - Security Boulevard
Did cybersecurity recently have its Gatling gun moment? | CSO Online
When Liability Turns the CISO Into the Fall Guy
Clear Communication: The Missing Link in Cybersecurity Success
Cyber exposures: third-party risk in a hyperconnected world — Financier Worldwide
Threats
Ransomware, Extortion and Destructive Attacks
Attack on Stryker ’s Microsoft environment wiped employee devices without malware
Ransomware gang exploits Cisco flaw in zero-day attacks since January
Cisco’s latest vulnerability spree has a more troubling pattern underneath | CyberScoop
EDR killers are now standard equipment in ransomware attacks - Help Net Security
AI-generated Slopoly malware used in Interlock ransomware attack
The ransomware economy is shifting toward straight-up data extortion | CyberScoop
Ransomware Tactics, Techniques, and Procedures in a Shifting Threat Landscape | Google Cloud Blog
Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack | Trend Micro (US)
LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
The UK's plans to tackle ransomware
Ransomware and Destructive Attack Victims
England Hockey investigating ransomware data breach
Payload Ransomware claims the hack of Royal Bahrain Hospital
Phishing & Email Based Attacks
Security Firm Executive Targeted in Sophisticated Phishing Attack - SecurityWeek
Phishers Weaponize Safe Links With Multi-Layered URL Rewriting to Evade Detection
Fake invoices appear as calendar events | Cybernews
Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload
Robotics surgical biz Intuitive discloses phishing attack • The Register
Other Social Engineering
Elite members of North Korean society fake their way into Western paychecks - Help Net Security
North Korean's 100k fake IT workers net $500M a year for Kim • The Register
Fake invoices appear as calendar events | Cybernews
LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
Help on the line: How a Microsoft Teams support call led to compromise | Microsoft Security Blog
I stopped using security questions when I found how easy they are to hack
AML/CFT/Money Laundering/Terrorist Financing/Sanctions
EU freezes Chinese, Iranian firms over major cyberattacks | Cybernews
Artificial Intelligence
The AI literacy gap liability - Emerging Europe
Did cybersecurity recently have its Gatling gun moment? | CSO Online
Rogue AI agents can work together to hack systems • The Register
Rogue AI agents bypass antivirus, publish passwords | Cybernews
Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive Breaches - SecurityWeek
AI-generated Slopoly malware used in Interlock ransomware attack
AI-driven fraud far more profitable, Interpol warns • The Register
OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration
AI coding agents keep repeating decade-old security mistakes - Help Net Security
Shadow AI is everywhere. Here’s how to find and secure it.
Odido routers forwarded customers' personal data to American AI company for years | NL Times
Critical Langflow Vulnerability Exploited Hours After Public Disclosure - SecurityWeek
DOD says Anthropic’s ‘red lines’ make it an ‘unacceptable risk to national security’ | TechCrunch
Bots/Botnets
174 Vulnerabilities Targeted by RondoDox Botnet - SecurityWeek
Criminals hijack thousands of devices to create never-before-seen cyber weapon | The Independent
Law enforcement shuts down botnet made of tens of thousands of hacked routers | TechCrunch
Cyber criminals too are working from home… your home – Computerworld
Careers, Roles, Skills, Working in Cyber and Information Security
When Liability Turns the CISO Into the Fall Guy
Cloud/SaaS
Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive Breaches - SecurityWeek
Most Google Cloud Attacks Start With Bug Exploitation
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto Scam "ShieldGuard" Dismantled After Malware Discovery - Infosecurity Magazine
C2 Implant 'SnappyClient' Targets Crypto Wallets
Cyber Crime, Organised Crime & Criminal Actors
Cyber criminals too are working from home… your home – Computerworld
Home Office and NCA to lead new national Online Crime Centre – PublicTechnology
Cybercriminals scale up, government sector hit hardest - Help Net Security
Data Breaches/Leaks
Millions of UK businesses exposed by Companies House security flaw | The Independent
Threat Actor Targeting VPN Users in New Credential Theft Campaign - SecurityWeek
What the Recent PayPal Breach Says About Modern Web Risk - Security Boulevard
Telus Digital confirms breach after hacker claims 1 petabyte data theft
Starbucks discloses data breach affecting hundreds of employees
What Proton’s Data Breach Observatory reveals in 2026 | Proton
Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact - SecurityWeek
Robotics surgical biz Intuitive discloses phishing attack • The Register
Police Scotland Fined After Sharing Victim’s Phone Data - Infosecurity Magazine
Canadian retail giant Loblaw notifies customers of data breach
Starbucks data breach impacts 889 employees
Aura confirms data breach exposing 900,000 marketing contacts
Denial of Service/DoS/DDoS
Why Most DDoS Protection Fails: Solving for Continuity and Resilience - Security Boulevard
What Are Your DDoS Testing Options in 2026? - Security Boulevard
Encryption
Why Post-Quantum Cryptography Can't Wait
Fraud, Scams and Financial Crime
Crypto Scam "ShieldGuard" Dismantled After Malware Discovery - Infosecurity Magazine
C2 Implant 'SnappyClient' Targets Crypto Wallets
AI-driven fraud far more profitable, Interpol warns • The Register
Fake scandal clips on Facebook bait victims into investment scams - Help Net Security
Global fraud losses climb to $442 billion - Help Net Security
Home Office and NCA to lead new national Online Crime Centre – PublicTechnology
€1 million online fraud scheme uncovered, three suspects arrested - Help Net Security
Going the Extra Mile: Travel Rewards Turn into Underground Currency.
The Refund Fraud Economy: Exploiting Major Retailers and Payment Platforms
Google, Amazon, Microsoft and others sign accord to stop scammers
Insider Risk and Insider Threats
When Cyberwar Hits the Corporate Home Front | Ropes & Gray LLP - JDSupra
War, AI, and the human factor | Ctech
Your Employees’ Tech Frustration is a Gift to Cybercriminals | TechRadar
Rising cyber threats bring the human factor back center stage | Ctech
Elite members of North Korean society fake their way into Western paychecks - Help Net Security
North Korean's 100k fake IT workers net $500M a year for Kim • The Register
Insurance
Gallagher Re urges more efficient cyber coverage :: Insurance Day
Emerging cyber risks challenge brokers | Insurance Business
Internet of Things – IoT
Every New Connected Feature Expands Vehicle Cybersecurity Risk, Says Deloitte | Autocar Professional
Security issues found in 79% of dash cams we tested - Which?
Law Enforcement Action and Take Downs
Law enforcement shuts down botnet made of tens of thousands of hacked routers | TechCrunch
US and European authorities disrupt socksEscort proxy service tied to AVrecon botnet
Home Office and NCA to lead new national Online Crime Centre – PublicTechnology
€1 million online fraud scheme uncovered, three suspects arrested - Help Net Security
FBI seeks victims of Steam games used to spread malware
British man charged in Dubai for alleged filming of Iranian missiles - BBC News
Linux and Open Source
Big tech companies step in to support the open source security ecosystem - Help Net Security
Unprivileged users could exploit AppArmor bugs to gain root access
Malvertising
Fake scandal clips on Facebook bait victims into investment scams - Help Net Security
Malware
Your favorite image-saving Chrome extension was scraping data
Crypto Scam "ShieldGuard" Dismantled After Malware Discovery - Infosecurity Magazine
C2 Implant 'SnappyClient' Targets Crypto Wallets
Criminals hijack thousands of devices to create never-before-seen cyber weapon | The Independent
AI-generated Slopoly malware used in Interlock ransomware attack
Sophisticated Surveillance RAT Marketed for Global Buyers
Self-replicating malware spreads on GitHub, npm, Open VSX | Cybernews
Adaptability, Not Novelty: The Next Evolution of Malware - Security Boulevard
FBI seeks victims of Steam games used to spread malware
Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays
Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware
Vidar Stealer 2.0 Exploits Fake Game Cheats on GitHub, Reddit - Infosecurity Magazine
Misinformation, Disinformation and Propaganda
Russia’s crackdown on VPNs reaches new heights as internet restrictions intensify | TechRadar
Information Warfare: Ukrainian CyberWar Deceptions
Mobile
Attack on Stryker ’s Microsoft environment wiped employee devices without malware
New iOS Exploit With Advanced iPhone Hacking Tools Attacking Users to Steal Personal Data
Second iOS exploit kit now in use by suspected Russian hackers | CyberScoop
DarkSword: iPhone Exploit Kit Serves Spies & Thieves Alike
Snoops plant info-stealing malware on iPhones, Google warns • The Register
875 Million Android Phones At Risk From 60 Second Hack
Apple WebKit Vulnerability Enables Malicious Web Content Bypass on iOS and macOS
MediaTek security flaw may have affected more Android phones than initially reported
LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
Android vs iOS security: Which operating system is safer? | Proton
Models, Frameworks and Standards
ISO 27000 standards for security and compliance | Proton
Outages
Microsoft Exchange Online outage blocks access to mailboxes
Passwords, Credential Stuffing & Brute Force Attacks
Threat Actor Targeting VPN Users in New Credential Theft Campaign - SecurityWeek
Credential-stealing crew spoofs Ivanti, Fortinet, Cisco VPNs • The Register
Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays
I stopped using security questions when I found how easy they are to hack
Regulations, Fines and Legislation
EU freezes Chinese, Iranian firms over major cyberattacks | Cybernews
UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs - Infosecurity Magazine
EU Parliament backs extension of CSAM detection rules until 2027 - Help Net Security
UK Cyber Security and Resilience Bill: key considerations for technology businesses
The UK's plans to tackle ransomware
Commercial Spyware Opponents Fear US Policy Shifting
Social media giants urged to protect children, UK rejects under-16 ban
Social Media
Fake scandal clips on Facebook bait victims into investment scams - Help Net Security
EU Parliament backs extension of CSAM detection rules until 2027 - Help Net Security
Russia’s crackdown on VPNs reaches new heights as internet restrictions intensify | TechRadar
Social media giants urged to protect children, UK rejects under-16 ban
Software Supply Chain
Self-replicating malware spreads on GitHub, npm, Open VSX | Cybernews
Supply Chain and Third Parties
Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact - SecurityWeek
Cyber exposures: third-party risk in a hyperconnected world — Financier Worldwide
The Growing Cyber Risk to Supply Chains by Marko Kovacevic & Sasha Pailet Koff - Project Syndicate
UK Cyber Security and Resilience Bill: key considerations for technology businesses
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
When Cyberwar Hits the Corporate Home Front | Ropes & Gray LLP - JDSupra
War, AI, and the human factor | Ctech
DarkSword: iPhone Exploit Kit Serves Spies & Thieves Alike
Snoops plant info-stealing malware on iPhones, Google warns • The Register
Why cyber attacks on critical national infrastructure are such a huge threat | IT Pro
'Digital fog of war' around Iranian cyberattacks | DefenceTalk
Stryker hack could set stage for more pro-Iran cyber sabotage - Nextgov/FCW
Suspicions grow that China is exploiting FOI laws to gather UK security data
Cyberattacks Spike 245% in the Two Weeks After the Start of War With Iran - Security Boulevard
Surge in Nation State Attacks on UK Firms Amid Cyber Warfare Fears - Infosecurity Magazine
Russia establishes Vienna as key western spy hub targeting NATO
The Growing Cyber Risk to Supply Chains by Marko Kovacevic & Sasha Pailet Koff - Project Syndicate
Attack on Stryker ’s Microsoft environment wiped employee devices without malware
Hybrid attack on Ireland's critical infrastructure 'could cause social collapse within 48 hours'
Information Warfare: Ukrainian CyberWar Deceptions
Tracking the Iran War: A Month of Escalation and Regional Impact
Autonomous Agents and the Future of Cyber Competition
SideWinder Espionage Campaign Expands Across Southeast Asia
Nation State Actors
Why cyber attacks on critical national infrastructure are such a huge threat | IT Pro
China
Suspicions grow that China is exploiting FOI laws to gather UK security data
EU freezes Chinese, Iranian firms over major cyberattacks | Cybernews
Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware
Russia
New iOS Exploit With Advanced iPhone Hacking Tools Attacking Users to Steal Personal Data
Second iOS exploit kit now in use by suspected Russian hackers | CyberScoop
DarkSword: iPhone Exploit Kit Serves Spies & Thieves Alike
Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks - SecurityWeek
Cisco’s latest vulnerability spree has a more troubling pattern underneath | CyberScoop
NCSC warns of ongoing Russian-aligned hacktivist cyber threats | UKAuthority
Russia establishes Vienna as key western spy hub targeting NATO
Russia-linked APT uses DRILLAPP backdoor to spy on Ukrainian targets
Information Warfare: Ukrainian CyberWar Deceptions
Russia’s crackdown on VPNs reaches new heights as internet restrictions intensify | TechRadar
Cyberattack disrupts parking payments in Russian city | The Record from Recorded Future News
North Korea
Elite members of North Korean society fake their way into Western paychecks - Help Net Security
North Korean's 100k fake IT workers net $500M a year for Kim • The Register
Iran
Stryker hack could set stage for more pro-Iran cyber sabotage - Nextgov/FCW
Cyberattacks Spike 245% in the Two Weeks After the Start of War With Iran - Security Boulevard
Surge in Nation State Attacks on UK Firms Amid Cyber Warfare Fears - Infosecurity Magazine
Iran conflict prompts US tech companies to reassess cyber vulnerabilities
'Digital fog of war' around Iranian cyberattacks | DefenceTalk
Attack on Stryker ’s Microsoft environment wiped employee devices without malware
EU freezes Chinese, Iranian firms over major cyberattacks | Cybernews
Tracking the Iran War: A Month of Escalation and Regional Impact
Iranian cyber attacks at full force even as Tehran imposes internet blackout | The National
Are Microsoft systems exposed? US flags risks after Stryker breach
Poland says foiled cyberattack on nuclear centre may have come from Iran | Reuters
Hybrid attack on Ireland's critical infrastructure 'could cause social collapse within 48 hours'
Risky Business? Why US and Israel Are Targeting Iran’s Banks | Geopolitical Monitor
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Surge in Nation State Attacks on UK Firms Amid Cyber Warfare Fears - Infosecurity Magazine
Tools and Controls
EDR killers are now standard equipment in ransomware attacks - Help Net Security
How Cyber Risk Management Builds Resilience | Kovrr - Security Boulevard
Cyber exposures: third-party risk in a hyperconnected world — Financier Worldwide
Threat Actor Targeting VPN Users in New Credential Theft Campaign - SecurityWeek
Credential-stealing crew spoofs Ivanti, Fortinet, Cisco VPNs • The Register
Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload
Your APIs are under siege, and attackers are just getting warmed up - Help Net Security
UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs - Infosecurity Magazine
US charges another ransomware negotiator linked to BlackCat attacks
Emerging cyber risks challenge brokers | Insurance Business
How CISOs can build a truly unified and resilient security platform | Computer Weekly
Calculating the ROI of AI in cybersecurity | TechTarget
Russia’s crackdown on VPNs reaches new heights as internet restrictions intensify | TechRadar
Certificate lifespans are shrinking and most organizations aren't ready - Help Net Security
Bank built its own AI threat hunter because vendors can’t • The Register
UK Cyber Monitoring Centre Sets Its Sights on US Expansion - Infosecurity Magazine
Switzerland built an alternative to BGP. Nobody noticed • The Register
Reports Published in the Last Week
Other News
Cyberattackers Don't Care About Good Causes
The Data Gap: Why Nonprofit Cyber Incidents Go Underreported
Hybrid attack on Ireland's critical infrastructure 'could cause social collapse within 48 hours'
EU-UK digital cooperation | Epthinktank | European Parliament
The Market for Spyware is Growing: It's Used Differently Against Women - The Citizen Lab
Why Are Platform Ecosystems — Like Salesforce — Often Targeted? | Security Magazine
UK Cyber Monitoring Centre Sets Its Sights on US Expansion - Infosecurity Magazine
The midmarket security gap • The Register
SMB cybersecurity in 2026: From reactive defense to strategic partnership | ChannelPro
Vulnerability Management
Most Google Cloud Attacks Start With Bug Exploitation
Vulnerabilities
Ransomware gang exploits Cisco flaw in zero-day attacks since January
Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks - SecurityWeek
Cisco’s latest vulnerability spree has a more troubling pattern underneath | CyberScoop
Apple WebKit Vulnerability Enables Malicious Web Content Bypass on iOS and macOS
875 Million Android Phones At Risk From 60 Second Hack
MediaTek security flaw may have affected more Android phones than initially reported
Google rushes Chrome update to fix zero-days under attack • The Register
Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw
Researchers disclose vulnerabilities in IP KVMs from four manufacturers - Ars Technica
Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
ConnectWise patches new flaw allowing ScreenConnect hijacking
Unknown attackers exploit another critical SharePoint bug • The Register
Unprivileged users could exploit AppArmor bugs to gain root access
Critical HPE AOS-CX Vulnerability Allows Admin Password Resets - SecurityWeek
Critical UniFi flaw allows unauthenticated compromise | Cybernews
Critical Langflow Vulnerability Exploited Hours After Public Disclosure - SecurityWeek
New Ubuntu Flaw Enables Local Attackers to Gain Root Access - Infosecurity Magazine
New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 13 March 2026
Black Arrow Cyber Threat Intelligence Briefing 13 March 2026:
-Only 30 Minutes per Quarter on Cyber Risk: Why CISO-Board Conversations Are Falling Short
-The Who, What, and Why of the Attack That Has Shut Down Stryker’s Windows Network
-Insights: Increased Risk of Wiper Attacks
-Iran Plots 'Infrastructure Warfare' Against US Tech Giants
-Middle East Conflict Tests Cyber War Exclusions, S&P Warns
-New Windows Malware Impersonates Everyday Apps to Infect Your Computer
-Cyber Attacks on UK Firms Increase at Four Times Global Rate
-Why Cyber Security Threats Are Growing
-The Human Side of Password Security That Tools Can’t Fix
-Credential Stuffing in 2025 – How Combolists, Infostealers and Account Takeover Became an Industry
-Microsoft: Hackers Abusing AI at Every Stage of Cyber Attacks
-Microsoft Warns North Korean Threat Groups Are Scaling Up Fake Worker Schemes With Generative AI
-Google Threat Intelligence Group Warns Enterprise Systems Increasingly Targeted by Zero-Day Exploits
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Cyber security is based on risk management and governance; we start this week with research on the views of business and security leaders on how effective that governance is. We also share insights on an impactful incident where Iranian attackers accessed an organisation’s Microsoft Intune platform and remotely wiped large numbers of the victim’s Windows devices. The Middle East conflict also highlights the challenges with cyber insurance coverage and war exclusions.
The second half of our briefing includes developments in attacker tactics, from fake versions of familiar apps to AI-driven malware and exploiting poor password choices of employees, highlighting again that employees are at the front line of cyber security and are vital to safeguarding the organisation.
These threats and the required actions require business leaders to have their own clear and objective understanding of their organisation’s risk and the options for security controls spanning people, operations and technology. Credible and informed governance underpins all of this. Contact us to discuss how to achieve this, proportionate to your profile.
Top Cyber Stories of the Last Week
Only 30 Minutes per Quarter on Cyber Risk: Why CISO-Board Conversations Are Falling Short
New research suggests many boards are not spending enough time on cyber risk, with most security leaders given just 30 minutes each quarter and only 30% of boards describing the relationship as strong and collaborative. While 95% of security leaders report to the board regularly, discussions often stay at a high level and do not explore future risks such as artificial intelligence, which can both power more advanced cyber attacks and create new business exposures. Boards often stop short of experiencing cyber risk directly, with fewer than half participating in tabletop exercises or crisis simulations, indicating that reporting still focuses more on the current state than on preparing directors for what comes next.
The Who, What, and Why of the Attack That Has Shut Down Stryker’s Windows Network
A US‑based healthcare technology company, Stryker, has suffered a major cyber disruption after a pro-Iranian hacking group claimed responsibility for wiping large numbers of the company’s Windows systems. Reports suggest attackers may have used Microsoft Intune to issue deletion commands across Stryker’s Windows network, while other reports indicated that the erased devices displayed the Handala Hack logo, a group aligned with Iran’s Ministry of Intelligence. Stryker says it has found no evidence of ransomware or traditional malware; the attackers framed the attack as retaliation for recent US and Israeli military action.
Insights: Increased Risk of Wiper Attacks
Organisations face a heightened risk of disruptive cyber attacks linked to the conflict with Iran, with attackers reportedly gaining access to networks using legitimate corporate user credentials and then deleting servers and workstations. Israeli authorities have already reported several cases where operations were disrupted in this way. To manage this risk, organisations should reduce always-on administrator access, strengthen multi-factor authentication, tightly control high impact actions, monitor for unusual remote wipe activity and keep secure offline backups. Regular staff training is also essential, as email deception remains a common entry point.
https://unit42.paloaltonetworks.com/handala-hack-wiper-attacks/
Iran Plots 'Infrastructure Warfare' Against US Tech Giants
Iran has identified nearly 30 facilities linked to major US technology companies as potential targets, according to reporting from Iranian state‑affiliated media, including Amazon, Google, IBM, Microsoft, Nvidia, Oracle and Palantir across Bahrain, Israel, Qatar and the UAE. The move follows reported strikes on three Amazon Web Services data centres in the region, which disrupted some cloud services and forced several providers to activate disaster recovery plans. For business leaders, this highlights how geopolitical conflict can quickly affect digital services, supply chains and operational resilience far beyond the immediate area.
https://www.theregister.com/2026/03/11/iran_threatens_us_tech_companies/
Middle East Conflict Tests Cyber War Exclusions, S&P Warns
S&P Global Ratings has warned that rising cyber activity linked to the Middle East conflict could expose weaknesses in cyber insurance, particularly where policy wording struggles to separate acts of war from criminal activity. Recent incidents have mainly caused disruption rather than major insured losses, but the risk of more damaging attacks remains. The agency also noted that cyber insurance premiums could more than double by the end of the decade. For leaders, the concern is clear: a single large-scale event could disrupt multiple organisations at once and leave uncertainty over what is actually covered.
New Windows Malware Impersonates Everyday Apps to Infect Your Computer
Microsoft has warned of a Windows malware campaign that tricks people into downloading fake versions of familiar apps such as Adobe, Teams, Zoom and Google Meet through convincing phishing emails and counterfeit PDF prompts. The malicious software can appear legitimate because it looks digitally signed, a feature many people associate with trust. Once installed, the fake applications deploy remote monitoring and management tools, and create a secondary copy of the application as a Windows service to maintain persistence in the victim’s systems. The campaign is a reminder of the need to control software downloads, and to treat unexpected email attachments and update prompts with caution.
https://www.bgr.com/2119188/windows-malware-impersonates-signed-apps-infect-computer/
Cyber Attacks on UK Firms Increase at Four Times Global Rate
UK organisations are facing a sharp rise in cyber attacks, with incidents up 36% year on year in February 2026, compared with 9.8% globally. Education, energy, government, healthcare and financial services were among the hardest hit sectors. Ransomware, where criminals lock systems or data until a payment is made, remains a serious threat. At the same time, growing use of generative AI is increasing the risk of sensitive business information being accidentally exposed through employee prompts.
https://www.infosecurity-magazine.com/news/cyberattacks-uk-firms-increase/
Why Cyber Security Threats Are Growing
Organisations are facing a fast-growing cyber security threat as attacks become cheaper, faster and more convincing, particularly with the rise of artificial intelligence. The average global cost of a single data breach is about $4.4 million, while reported losses in the United States exceeded $10 million between March 2024 and February 2025. New tactics such as realistic fake audio and video, used to impersonate senior executives, are increasing fraud risks. For leadership teams, the message is clear: cyber security must be treated as a business resilience issue, supported by stronger authentication practices, employee training and greater awareness of how AI-enabled deception can bypass traditional defences.
https://time.com/7382979/cybersecurity-threats-are-growing/
The Human Side of Password Security That Tools Can’t Fix
Weak and reused passwords remain one of the easiest ways for attackers to gain access, and the problem is often human behaviour rather than a lack of technology. Annual training alone is rarely enough, so organisations should reinforce simple, practical guidance throughout the year. Stronger habits are most effective when backed by approved password managers, longer unique passphrases, and multi-factor authentication, which adds a second check to confirm identity. Leaders should also ensure existing security tools are fully enabled, as many already include stronger password controls that are not being used.
https://www.msspalert.com/perspective/the-human-side-of-password-security-that-tools-cant-fix
Credential Stuffing in 2025 – How Combolists, Infostealers and Account Takeover Became an Industry
Stolen usernames and passwords remain one of the most common ways into organisations, contributing to around a fifth of confirmed data breaches over the last three years. Criminal groups now treat account takeover as a low cost, high volume business, using malware to harvest login details and automated tools to test them across multiple services. Recent incidents affected more than 20,000 Australian pension accounts, while one major US healthcare breach caused a $22 million ransom payment and an estimated $872 million in disruption costs. The clearest safeguard is strong multi-factor authentication, which requires more than a password to gain access.
Microsoft: Hackers Abusing AI at Every Stage of Cyber Attacks
Microsoft reports that criminals are now using artificial intelligence to speed up and scale cyber attacks at almost every stage, from research and convincing scam emails to malicious software and follow-on activity after access is gained. The technology helps less skilled attackers work faster by producing text, code and fake online identities, while human operators choose the targets and direct the attack. The wider risk is that AI is lowering the barrier to entry, making established tactics easier to deliver at greater volume and with more convincing social engineering.
Microsoft Warns North Korean Threat Groups Are Scaling Up Fake Worker Schemes With Generative AI
Microsoft reports that North Korean groups are using generative AI to make fake remote worker schemes faster, more convincing and harder to detect. AI is helping them build realistic online identities, tailor job applications, mimic internal communications in multiple languages and even alter photos for identity documents. In some cases, it is also being used after hiring to draft credible messages, answer technical questions and produce code. Microsoft warns this could increase the scale and success of fraud, espionage and data theft against global organisations.
https://cyberscoop.com/microsoft-north-korea-ai-operations/
Google Threat Intelligence Group Warns Enterprise Systems Increasingly Targeted by Zero-Day Exploits
Google reports that attackers continued to exploit previously unknown software flaws at a high rate in 2025, with 90 cases tracked during the year. The focus is shifting away from consumer software towards business systems such as networking equipment, security tools and virtualisation platforms that help run corporate IT. Mobile devices were also targeted more often, rising from 9 cases in 2024 to 15 in 2025. The report warns that commercial surveillance firms are now playing a larger role in these attacks and that attackers may increasingly use AI tools to automate reconnaissance, vulnerability discovery and exploit development.
Threats
Ransomware, Extortion and Destructive Attacks
Majority of cyber insureds refuse to pay ransomware: Coalition :: Insurance Day
Initial cyber ransom demands grew by 47% in 2025 | Insurance Times
Revealed - what's changing about cyber claims | Insurance Business
Termite ransomware breaches linked to ClickFix CastleRAT attacks
Ransomware record year | Professional Security Magazine
Insights: Increased Risk of Wiper Attacks
Destructive Activity Targeting Stryker Highlights Emerging Supply Chain Risks - Security Boulevard
Is cyberattack on U.S. health care firm the next phase of the Iran war? - National | Globalnews.ca
Stryker flags disruption to orders, manufacturing a day after cyberattack - CNA
Phobos Ransomware admin faces up to 20 years after guilty plea
Russian Ransomware Operator Pleads Guilty in US - SecurityWeek
The people behind cyber extortion are often in their forties - Help Net Security
Ransomware and Destructive Attack Victims
US Medical Equipment Maker Disabled In Hack Claimed By Iran
bne IntelliNews - Hacker group Handala claims cyber attack on US medical firm Stryker Corporation
How an Iranian-backed group crippled Stryker’s Irish HQ with a ‘wiper’ cyberattack
Crims hit EV charger firm ELECQ, steal customer contact data • The Register
INC Ransomware Group Holds Healthcare Hostage in Oceania
Phishing & Email Based Attacks
Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes
Microsoft Teams phishing targets employees with A0Backdoor malware
Signed Malware Masquerading as Teams, Zoom Apps Drops RMM Backdoors
Attackers use AiTM phishing kit, typosquatted domains to hijack AWS accounts - Help Net Security
New ‘BlackSanta’ EDR killer spotted targeting HR departments
HR, recruiters targeted in year-long malware campaign - Help Net Security
EU court adviser says banks must immediately refund phishing victims
Phishers hide scam links with IPv6 trick in “free toothbrush” emails | Malwarebytes
Phishing scammers weaponize ICE ragebait | PCWorld
Other Social Engineering
Termite ransomware breaches linked to ClickFix CastleRAT attacks
Microsoft spots ClickFix scam spreading Lumma infostealer • The Register
Fake Claude Code install guides push infostealers in InstallFix attacks
ClickFix Campaign Uses Fake VCs on LinkedIn to Deliver Malware to Crypto and Web3 Professionals
Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer
'InstallFix' Attacks Spread Fake Claude Code Sites
Researchers uncover AI-powered vishing platform - Help Net Security
EU court adviser says banks must immediately refund phishing victims
SIM Swaps Expose a Critical Flaw in Identity Security - SecurityWeek
Compromised WordPress Sites Deliver ClickFix Attacks - Infosecurity Magazine
2FA/MFA
Where Multi-Factor Authentication Stops and Credential Abuse Starts
Artificial Intelligence
Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes
AI-Driven Insider Risk Now a “Critical Business Threat,” Report Warns - Infosecurity Magazine
Microsoft: Hackers abusing AI at every stage of cyberattacks
Fake Claude Code install guides push infostealers in InstallFix attacks
CISOs in a Pinch: A Security Analysis of OpenClaw | Trend Micro (US)
AI is supercharging cloud cyberattacks - and third-party software is the most vulnerable | ZDNET
Most executives have no idea how many employees are actually using AI | IT Pro
AI has overtaken stolen passwords as the top identity threat, report says - BetaNews
Iran war: AI-fueled cyberattacks are escalating. Here's what to know
Agentic attack chains advance as infostealers flood criminal markets - Help Net Security
Researchers uncover AI-powered vishing platform - Help Net Security
Nation-State Actor Embraces AI Malware Assembly Line
Nation-State Hackers Play the Vibes - InfoRiskToday
AI Adoption Is Forcing Security Teams to Rethink Browser Defense - Security Boulevard
FBI says even in an AI-powered world, security basics still matter | CyberScoop
AI on the battlefield: How is the US integrating AI into its military?
AI is transforming modern warfare. It also wants to dismantle the rules | The Independent
'InstallFix' Attacks Spread Fake Claude Code Sites
5 Inconvenient Truths: How Agentic AI Breaks Your Security Playbook | SECURITY.COM
AI agent hacked McKinsey chatbot for read-write access • The Register
GhostClaw Mimic as OpenClaw to Steal Everything from Developers
Europe unites to build sovereign cloud and AI infrastructure to stop reliance on US
Anthropic forms institute to study long-term AI risks facing society - Help Net Security
The Fallout Over OpenAI's Pentagon Deal Is Growing - Business Insider
OpenAI robotics leader resigns over concerns about surveillance and autonomous weapons | Fortune
Privacy risks of agentic oversharing on the Web | Brave
Trump’s cyber strategy emphasizes offensive operations, deregulation, AI | CSO Online
Bots/Botnets
KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet
Cloud/SaaS
Cloud Attackers Now Prefer Vulnerability Exploits Over Credentials - Infosecurity Magazine
AI is supercharging cloud cyberattacks - and third-party software is the most vulnerable | ZDNET
Attackers use AiTM phishing kit, typosquatted domains to hijack AWS accounts - Help Net Security
Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool
Google: Cloud attacks exploit flaws more than weak credentials
'Overly Permissive' Salesforce Cloud Configs in the Crosshairs
Hundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign - SecurityWeek
Middle East Conflict Highlights Cloud Resilience Gaps
UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
Cloud to ground: Iran puts foreign data centres on the front line | The Strategist
Salesforce issues new security alert tied to third customer attack spree in six months | CyberScoop
Europe unites to build sovereign cloud and AI infrastructure to stop reliance on US
Threat Actor Exploits Flaws and Uses Elastic Cloud SIEM to Manage Stol - Infosecurity Magazine
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
US contractor's son arrested over alleged $46M crypto theft • The Register
Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
ClickFix Campaign Uses Fake VCs on LinkedIn to Deliver Malware to Crypto and Web3 Professionals
Fake CleanMyMac site installs SHub Stealer and backdoors crypto wallets | Malwarebytes
Fake GitHub tools are wiping wallets of Windows users | Cybernews
FBI arrests suspect linked to $46M crypto theft from US Marshals
Hackers Use Fake CleanMyMac Site to Deploy SHub Stealer and Hijack Crypto Wallets
UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
Crypto Gets National Security Status In New US Cyber Strategy
Cyber Crime, Organised Crime & Criminal Actors
Iran MOIS Colludes With Criminals to Boost Cyberattacks
Cybercrime isn't just a cover for Iran's government goons • The Register
Data Breaches/Leaks
'Overly Permissive' Salesforce Cloud Configs in the Crosshairs
Hundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign - SecurityWeek
Scattered Spider attack on TfL affected 10 million people | Computer Weekly
Michelin Confirms Data Breach Linked to Oracle EBS Attack - SecurityWeek
GhostClaw Mimic as OpenClaw to Steal Everything from Developers
Crims hit EV charger firm ELECQ, steal customer contact data • The Register
Cal AI allegedly breached, hackers expose user data | Cybernews
Ericsson US discloses data breach after service provider hack
Data/Digital Sovereignty
Europe unites to build sovereign cloud and AI infrastructure to stop reliance on US
Denial of Service/DoS/DDoS
Teen crew caught selling DDoS attack tools - Help Net Security
Encryption
Swiss e-vote snafu leaves 2,048 ballots unreadable • The Register
Fraud, Scams and Financial Crime
That attractive online ad might be a malware trap - Help Net Security
A global investment scam is spreading across Facebook, WhatsApp, and more - what to look for | ZDNET
EU law advisor wants cybercrime protections fast-tracked • The Register
Signal warns users to be vigilant in spate of phishing attacks | Cybernews
Ghanain man pleads guilty to role in $100 million fraud ring
Dutch police start publicly shaming scammers into submission • The Register
EU court adviser says banks must immediately refund phishing victims
UK Launches New Crackdown Unit to Tackle Cyber-Fraud at the Source - Infosecurity Magazine
Identity and Access Management
AI has overtaken stolen passwords as the top identity threat, report says - BetaNews
SIM Swaps Expose a Critical Flaw in Identity Security - SecurityWeek
Insider Risk and Insider Threats
AI-Driven Insider Risk Now a “Critical Business Threat,” Report Warns - Infosecurity Magazine
Insurance
Majority of cyber insureds refuse to pay ransomware: Coalition :: Insurance Day
Revealed - what's changing about cyber claims | Insurance Business
Internet of Things – IoT
Crims hit EV charger firm ELECQ, steal customer contact data • The Register
DJI will pay $30K to the man who accidentally hacked 7,000 Romo robovacs | The Verge
Law Enforcement Action and Take Downs
Teen crew caught selling DDoS attack tools - Help Net Security
Dutch police start publicly shaming scammers into submission • The Register
UK Launches New Crackdown Unit to Tackle Cyber-Fraud at the Source - Infosecurity Magazine
Phobos Ransomware admin faces up to 20 years after guilty plea
Russian Ransomware Operator Pleads Guilty in US - SecurityWeek
Ghanain man pleads guilty to role in $100 million fraud ring
US contractor's son arrested over alleged $46M crypto theft • The Register
FBI arrests suspect linked to $46M crypto theft from US Marshals
Age Verification Laws Are Multiplying Like a Virus, and Your Linux Computer Might be Next
Police dismantles online gambling ring exploiting Ukrainian women
Linux and Open Source
Malvertising
A global investment scam is spreading across Facebook, WhatsApp, and more - what to look for | ZDNET
Malware
Browser extensions can install malware, researchers say | Cybernews
That attractive online ad might be a malware trap - Help Net Security
Hackers Use Fake CleanMyMac Site to Deploy SHub Stealer and Hijack Crypto Wallets
New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network
Fake Claude Code install guides push infostealers in InstallFix attacks
Agentic attack chains advance as infostealers flood criminal markets - Help Net Security
Microsoft spots ClickFix scam spreading Lumma infostealer • The Register
Crooks compromise WordPress sites, spread infostealers • The Register
Microsoft Teams phishing targets employees with A0Backdoor malware
Signed Malware Masquerading as Teams, Zoom Apps Drops RMM Backdoors
HR, recruiters targeted in year-long malware campaign - Help Net Security
Iran-linked MuddyWater deploys Dindoor malware against U.S. organizations
Massive GitHub malware operation spreads BoryptGrab stealer
Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft
Credential Stuffing in 2025 - How Combolists, Infostealers and Account Takeover Became an Industry
New 'Zombie ZIP' technique lets malware slip past security tools
ClickFix Campaign Uses Fake VCs on LinkedIn to Deliver Malware to Crypto and Web3 Professionals
Fake GitHub tools are wiping wallets of Windows users | Cybernews
UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
Nation-State Actor Embraces AI Malware Assembly Line
Nation-State Hackers Play the Vibes - InfoRiskToday
Compromised WordPress Sites Deliver ClickFix Attacks - Infosecurity Magazine
Over 100 GitHub Repositories Distributing BoryptGrab Stealer - SecurityWeek
Wikipedia hit by self-propagating JavaScript worm that vandalized pages
Chinese state hackers target telcos with new malware toolkit
Misinformation, Disinformation and Propaganda
Twitter suspended 800 million accounts last year — so why does manipulation remain so rampant?
Mobile
Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
Feds take notice of iOS vulnerabilities exploited under mysterious circumstances - Ars Technica
Government iPhone Exploits Reach Cybercriminals - DevX
New BeatBanker Android malware poses as Starlink app to hijack devices
Signal warns users to be vigilant in spate of phishing attacks | Cybernews
Spyware disguised as emergency-alert app sent to Israelis • The Register
A major security flaw could affect 1 in 4 Android phones - here's how to check yours | ZDNET
SIM Swaps Expose a Critical Flaw in Identity Security - SecurityWeek
You should lock your SIM card before someone else does
Models, Frameworks and Standards
EU Cyber Resilience Act: European Commission publishes draft guidance | Hogan Lovells - JDSupra
Germany Implements NIS2, Expanding Cybersecurity Obligations
EU NIS2 directive implemented into Polish law by president
Passwords, Credential Stuffing & Brute Force Attacks
Credential Stuffing in 2025 - How Combolists, Infostealers and Account Takeover Became an Industry
Cloud Attackers Now Prefer Vulnerability Exploits Over Credentials - Infosecurity Magazine
The Human Side of Password Security That Tools Can’t Fix | perspective | MSSP Alert
AI has overtaken stolen passwords as the top identity threat, report says - BetaNews
Google: Cloud attacks exploit flaws more than weak credentials
Where Multi-Factor Authentication Stops and Credential Abuse Starts
FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
Regulations, Fines and Legislation
EU Cyber Resilience Act: European Commission publishes draft guidance | Hogan Lovells - JDSupra
EU law advisor wants cybercrime protections fast-tracked • The Register
EU court adviser says banks must immediately refund phishing victims
CVE program funding secured, easing fears of repeat crisis | CSO Online
Germany Implements NIS2, Expanding Cybersecurity Obligations
EU NIS2 directive implemented into Polish law by president
Age Verification Laws Are Multiplying Like a Virus, and Your Linux Computer Might be Next
Crypto Gets National Security Status In New US Cyber Strategy
Anthropic sues the Pentagon after being labeled a threat to national security | Fortune
Trump’s cyber strategy emphasizes offensive operations, deregulation, AI | CSO Online
DHS CISO, deputy CISO exit amid reported IT leadership overhaul | FedScoop
White House Cybersecurity Strategy Is Light on Details, Big on Consequences
Social Media
Twitter suspended 800 million accounts last year — so why does manipulation remain so rampant?
A global investment scam is spreading across Facebook, WhatsApp, and more - what to look for | ZDNET
ClickFix Campaign Uses Fake VCs on LinkedIn to Deliver Malware to Crypto and Web3 Professionals
Software Supply Chain
AI is supercharging cloud cyberattacks - and third-party software is the most vulnerable | ZDNET
Over 100 GitHub Repositories Distributing BoryptGrab Stealer - SecurityWeek
Supply Chain and Third Parties
AI is supercharging cloud cyberattacks - and third-party software is the most vulnerable | ZDNET
UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
Michelin Confirms Data Breach Linked to Oracle EBS Attack - SecurityWeek
Ericsson US discloses data breach after service provider hack
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Cyberattacks and Unpredictable Targeting Remain an Iran Risk
Insights: Increased Risk of Wiper Attacks
Iran war: Is Europe prepared for the fallout?
Securing Critical Infrastructure in a Time of War
Chinese Nexus Actors Shift Focus to Qatar Amid Iranian Conflict
Hybrid warfare and Europe’s democratic resilience - Decode39
War spreads into cyberspace after Iran-linked hackers hit medtech giant Stryker - Help Net Security
Iran war: What role is cyber warfare played in Iran? - BBC News
Middle East conflict tests cyber war exclusions, S&P warns | Insurance Business
Heightened risk of severe cyberattacks amid Middle East conflict: S&P - Reinsurance News
AI on the battlefield: How is the US integrating AI into its military?
AI is transforming modern warfare. It also wants to dismantle the rules | The Independent
Submarine cables move to the center of critical infrastructure security debate - Help Net Security
How Chinese Hackers Reached America’s Surveillance Infrastructure - Security Boulevard
5 Actions Critical for Cybersecurity Leadership During International Conflicts - Security Boulevard
OpenAI robotics leader resigns over concerns about surveillance and autonomous weapons | Fortune
This spy tool has been quietly stealing data for years - Help Net Security
Defence secretary John Healey is losing sleep over our uncertain world
Nation State Actors
Nation-State Actor Embraces AI Malware Assembly Line
Nation-State Hackers Play the Vibes - InfoRiskToday
China
Chinese Nexus Actors Shift Focus to Qatar Amid Iranian Conflict
How Chinese Hackers Reached America’s Surveillance Infrastructure - Security Boulevard
Google: Spyware vendors, China-linked spies led 0-day abuse • The Register
Spyware suppliers exploit more zero-days than nation states | Computer Weekly
The New U.S. Cyber Strategy Misreads China’s Threat | Council on Foreign Relations
Chinese state hackers target telcos with new malware toolkit
Chinese Cyber Threat Lurks In Critical Asian Sectors for Years
China’s CERT warns OpenClaw can inflict nasty wounds • The Register
China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks
Russia
Hybrid warfare and Europe’s democratic resilience - Decode39
Signal issues scam warning to users after hackers target officials - BBC News
Russia-linked hackers appear on Iran war’s cyber front, but their impact is murky - Nextgov/FCW
This spy tool has been quietly stealing data for years - Help Net Security
Russian gang claims breach of US power grid cooperative | Cybernews
Phobos Ransomware admin faces up to 20 years after guilty plea
Russian Ransomware Operator Pleads Guilty in US - SecurityWeek
North Korea
UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
Iran
War spreads into cyberspace after Iran-linked hackers hit medtech giant Stryker - Help Net Security
Iran war: What role is cyber warfare played in Iran? - BBC News
Middle East conflict tests cyber war exclusions, S&P warns | Insurance Business
Heightened risk of severe cyberattacks amid Middle East conflict: S&P - Reinsurance News
Cyberattacks and Unpredictable Targeting Remain an Iran Risk
Iran conflict drives heightened espionage activity against Middle East targets | Proofpoint US
Iran war: AI-fueled cyberattacks are escalating. Here's what to know
Global business on alert for Iranian cyber-attack threat
Middle East Conflict Fuels Opportunistic Cyber Attacks - Security Boulevard
Iran plots 'infrastructure warfare' against US tech giants • The Register
Insights: Increased Risk of Wiper Attacks
Iran war: Is Europe prepared for the fallout?
Securing Critical Infrastructure in a Time of War
Iran-linked APT targets US critical sectors with new backdoors - Help Net Security
Iran MOIS Colludes With Criminals to Boost Cyberattacks
Cybercrime isn't just a cover for Iran's government goons • The Register
Middle East Conflict Highlights Cloud Resilience Gaps
Cloud to ground: Iran puts foreign data centres on the front line | The Strategist
bne IntelliNews - Hacker group Handala claims cyber attack on US medical firm Stryker Corporation
Destructive Activity Targeting Stryker Highlights Emerging Supply Chain Risks - Security Boulevard
The who, what, and why of the attack that has shut down Stryker's Windows network - Ars Technica
Is cyberattack on U.S. health care firm the next phase of the Iran war? - National | Globalnews.ca
Stryker flags disruption to orders, manufacturing a day after cyberattack - CNA
Iran war will bring wave of 'low-level cyber activity,' says intelligence group | StateScoop
Europol warns of elevated terrorism threat in EU amid Iran conflict
GPS Attacks Near Iran Are Wreaking Havoc on Delivery and Mapping Apps | WIRED
Iran's Cyber-Kinetic War Doctrine Takes Shape
Iran-linked hackers target IP cameras across Israel and Gulf states for military intelligence
Russia-linked hackers appear on Iran war’s cyber front, but their impact is murky - Nextgov/FCW
Chinese Nexus Actors Shift Focus to Qatar Amid Iranian Conflict
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
Spyware suppliers exploit more zero-days than nation states | Computer Weekly
Tools and Controls
Majority of cyber insureds refuse to pay ransomware: Coalition :: Insurance Day
Revealed - what's changing about cyber claims | Insurance Business
Survey: CISOs Continue to Struggle to Strike Right Risk Balance - Security Boulevard
Microsoft warns of new signed malware which deploys remote monitoring tools as backdoors | TechRadar
Threat Actor Exploits Flaws and Uses Elastic Cloud SIEM to Manage Stol - Infosecurity Magazine
AI is getting scary good at finding hidden software bugs - even in decades-old code | ZDNET
More AI tools, more burnout! New research explains why - Help Net Security
This VPN ban is edging ever closer, and here's what it means for your privacy
Why AI Security Is Emerging as the Fourth Pillar of Cybersecurity - IT Security Guru
After the Panic, the Reality of Claude Code Security
OpenAI’s GPT-5.4 doubles down on safety as competition heats up - Help Net Security
Bug bounties are broken, and the best security pros are moving on - Help Net Security
Scientists have found a way to hide data in plain sight, and hackers can’t touch it - Digital Trends
Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
Other News
Submarine cables move to the center of critical infrastructure security debate - Help Net Security
Defence secretary John Healey is losing sleep over our uncertain world
UK Launches New Crackdown Unit to Tackle Cyber-Fraud at the Source - Infosecurity Magazine
Swiss e-vote snafu leaves 2,048 ballots unreadable • The Register
Vulnerability Management
Cloud Attackers Now Prefer Vulnerability Exploits Over Credentials - Infosecurity Magazine
Google GTIG: 90 zero-day flaws exploited in 2025 as enterprise targets grow
Spyware suppliers exploit more zero-days than nation states | Computer Weekly
CVE program funding secured, easing fears of repeat crisis | CSO Online
AI is getting scary good at finding hidden software bugs - even in decades-old code | ZDNET
Vulnerabilities
Critical Microsoft Excel bug weaponizes Copilot Agent • The Register
Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution
Microsoft Patches 83 CVEs in March Update
Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices
Fortinet, Ivanti, Intel Patch High-Severity Vulnerabilities - SecurityWeek
Splunk, Zoom Patch Severe Vulnerabilities - SecurityWeek
Chrome 146 Update Patches Two Exploited Zero-Days - SecurityWeek
Apple issues emergency fixes for Coruna flaws in older iOS versions
Apple Updates Legacy iOS Versions to Patch Coruna Exploits - SecurityWeek
FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
SAP Patches Critical FS-QUO, NetWeaver Vulnerabilities - SecurityWeek
Adobe Patches 80 Vulnerabilities Across Eight Products - SecurityWeek
Cisco Patches High-Severity IOS XR Vulnerabilities - SecurityWeek
WordPress membership plugin bug exploited to create admin accounts
Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
Critical Nginx UI flaw CVE-2026-27944 exposes server backups
HPE warns of critical AOS-CX flaw allowing admin password resets
Critical defect in Java security engine poses serious downstream security risks | CyberScoop
Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
Critical SQL Injection bug in Ally plugin threatens 400,000+ WordPress sites
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 06 March 2026
Black Arrow Cyber Threat Intelligence Briefing 06 March 2026:
-European Police Body Warns Iran Crisis Raises Threat of Terror, Extremism and Cyber Attacks
-NCSC Warns UK Organisations to Prepare for Potential Iran-Linked Cyber Activity
-Ransomware Attacks Soar as Hackers Pivot to Small Businesses
-Ransomware Activity Peaks Outside Business Hours
-Ransomware Groups Switch to Stealthy Attacks and Long-Term Access
-Most Organisations Unprepared for External Cyber Risks and Supply Chain Disruptions
-High‑Risk Vulnerabilities Surge, Deepening Security Debt for IT Teams
-AI Went from Assistant to Autonomous Actor and Security Never Caught Up
-Why Enterprise AI Agents Could Become the Ultimate Insider Threat
-AI Raises the Cybersecurity Stakes — But People Still Open the Door
-Hackers Are Turning to Easy, Fast AI Solutions to Roll Out Attacks – So How Can Your Business Stay Safe?
-New AirSnitch Attack Bypasses Wi-Fi Encryption in Homes, Offices, and Enterprises
-Employees Install Pirate Software Despite Malware Risks
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week, much of the specialist and general media has reported on the security ramifications of the military action in the Middle East, and we have included warnings from European and UK authorities on the need for organisations to heighten their vigilance for cyber security attacks.
In a more general context, we also report on increasing levels of ransomware attacks, especially on smaller organisations and outside of business hours with a focus on long term access to victims’ systems. Supply chain risks and unmanaged vulnerabilities also continue to present challenges to be addressed in a cyber security strategy.
AI risks are accumulating, with expected growth in the number of enterprise applications using AI agents. As we reported previously, AI is also enabling attackers to enhance attacks such as social engineering to be more effective against employees.
The variety of established and evolving risks reminds us of the need for business leaders to be regularly updated on the developing threat landscape and to ensure that the risks are prioritised and addressed in a proportionate cyber security strategy that is delivered by your chosen control providers. Contact us for an impartial discussion on how to do this.
Top Cyber Stories of the Last Week
European Police Body Warns Iran Crisis Raises Threat of Terror, Extremism and Cyber Attacks
Europol has warned that the escalating conflict involving Iran is likely to increase security risks across the European Union, including a higher threat of terrorism, organised crime and cyber attacks targeting critical infrastructure such as energy and transport systems. Officials expect more online fraud using artificial intelligence, where criminals use automated tools to create convincing scams and misinformation linked to the conflict. Europol also noted that groups aligned with Iran may attempt destabilising activities including intimidation, terrorist financing and cyber crime. Authorities assess the overall terrorist threat level in the EU as high, with concerns that online content could accelerate radicalisation and inspire lone actors or small cells.
NCSC Warns UK Organisations to Prepare for Potential Iran-Linked Cyber Activity
The UK National Cyber Security Centre has urged organisations to review their cyber security posture following rising tensions involving Iran, the United States and Israel. While there is no confirmed increase in direct threats to the UK, the agency warns there is almost certainly a heightened risk of indirect cyber activity, particularly for organisations with operations or supply chains in the Middle East. Iranian state actors and politically motivated groups have previously targeted sectors including energy, finance and transport. The NCSC advises organisations to strengthen monitoring, maintain software updates, prepare for phishing and service disruption attacks, and review incident response plans to ensure resilience during periods of geopolitical instability.
Ransomware Attacks Soar as Hackers Pivot to Small Businesses
Attackers are increasingly targeting small and medium sized businesses that may lack strong cyber security defences. Chainalysis reports a sharp rise in ransomware activity, with nearly 8,000 public leak events recorded in 2025, a 50% increase on the previous year. Despite this surge, total ransom payments fell 8% to about $820 million as many large organisations refused to pay and law enforcement disrupted criminal money laundering networks. At the same time, the average price for buying access to compromised systems on dark web marketplaces dropped from $1,427 in 2023 to $439 in 2026, lowering the barrier for criminals to launch cyber attacks.
https://invezz.com/news/2026/02/27/ransomware-attacks-soar-as-hackers-pivot-to-small-businesses/
Ransomware Activity Peaks Outside Business Hours
Sophos has reported that ransomware is typically deployed when organisations are least staffed, with 88% of attacks launched outside normal working hours. Identity compromise is now the main route used in cyber attacks, accounting for 67% of initial access across 661 incidents analysed between November 2024 and October 2025 in 70 countries. Attackers commonly use stolen or guessed passwords and phishing emails to gain entry before moving quickly to central identity systems that control user access, often under 4 hours. Data theft followed a similar pattern in 79% of cases, highlighting the need for continuous security monitoring.
https://www.helpnetsecurity.com/2026/02/27/sophos-identity-driven-breaches-report/
Ransomware Groups Switch to Stealthy Attacks and Long-Term Access
Ransomware groups are increasingly shifting from disruptive attacks to quieter, long-term intrusions designed to remain undetected inside corporate networks. Research by Picus Security analysing 1.1 million malicious files found that four in five common attack techniques are now designed to evade security controls and maintain persistent access. Rather than immediately encrypting systems, many attackers focus on stealing sensitive data and threatening to release it publicly to force payment. Encryption based attacks have fallen by 38% over the past year, while more than 7,000 victims were publicly named by ransomware groups, highlighting the growing scale and persistence of the threat.
Most Organisations Unprepared for External Cyber Risks and Supply Chain Disruptions
Zscaler reports that many organisations are overconfident about cyber security resilience because plans still focus mainly on internal systems, not the wider supplier and partner network. In its research, 61% of businesses admit their approach is too inward looking, while 60% suffered a major supplier related disruption in the past year. Yet only 54% have cyber insurance that covers a third-party breach. More than half of IT leaders say current controls are not ready for AI driven cyber attacks, and up to 70% lack visibility of shadow AI (meaning unapproved AI tools used without oversight).
https://petri.com/organizations-unprepared-external-cyber-risks/
High‑Risk Vulnerabilities Surge, Deepening Security Debt for IT Teams
Veracode’s 2026 State of Software Security report highlights a growing gap between the number of software vulnerabilities discovered and the ability of organisations to fix them. Security debt, meaning unresolved security weaknesses in software, now affects 82% of organisations, up from 74%, while 60% face critical long-standing flaws. High risk vulnerabilities have risen by 36%, driven by AI assisted coding and increased reliance on third party software components. Nearly half of applications still contain vulnerabilities more than a year old, underscoring the need for stronger governance and prioritisation of the most serious risks.
https://petri.com/sharp-rise-high-risk-flaws-security-debt/
AI Went from Assistant to Autonomous Actor and Security Never Caught Up
A briefing from the AIUC 1 Consortium warns that as artificial intelligence moves from simple assistants to autonomous systems capable of carrying out business tasks, security oversight has not kept pace. An EY survey found that 64% of companies with annual turnover above $1 billion have lost more than $1 million due to AI failures, while one in five reported a breach linked to unauthorised use of AI tools by staff. Many organisations lack visibility into how AI systems access data or systems, increasing the risk of sensitive information exposure and operational disruption if these tools act incorrectly or without proper controls.
https://www.helpnetsecurity.com/2026/03/03/enterprise-ai-agent-security-2026/
Why Enterprise AI Agents Could Become the Ultimate Insider Threat
Generative AI tools are rapidly evolving from simple assistants into autonomous agents that can launch other agents, access systems and even authorise transactions. Security researchers warn this could create a new form of insider threat if poorly controlled. CyberArk reports that machine identities already outnumber human ones by 82 to 1, while Gartner expects more than 40% of enterprise applications to use AI agents by 2026. Yet governance remains limited, highlighting the growing cyber security challenge as these tools gain greater access to corporate systems.
https://www.zdnet.com/article/enterprise-ai-agents-insider-threat/
AI Raises the Cybersecurity Stakes — But People Still Open the Door
Artificial intelligence is lowering the barrier for cyber criminals, enabling them to produce convincing phishing emails, cloned voice calls and highly targeted scams far more quickly. These tactics, known as social engineering, manipulate people through urgency, authority or confusion rather than breaking technical defences. While organisations are investing heavily in AI security tools, many successful cyber attacks still begin with human interaction. The key defence therefore lies in building strong security awareness and judgement across the workforce. Encouraging staff to pause, question unusual requests and report concerns can significantly reduce the risk of deception led cyber attacks.
https://www.infosecurity-magazine.com/opinions/ai-cybersecurity-people-open-door/
Hackers Are Turning to Easy, Fast AI Solutions to Roll Out Attacks – So How Can Your Business Stay Safe?
HP Wolf Security found that 14% of malicious emails bypassed at least one email security filter, as cyber criminals increasingly use generative AI to launch cyber attacks more quickly and at lower cost. Rather than creating highly sophisticated attacks, many criminals prioritise speed and scale, using readily available tools to produce convincing emails, fake invoices and malicious software installers. Despite their basic nature, these attacks remain effective. Common delivery methods included executable files accounting for 37% of attacks, ZIP files at 11% and Word documents at 10%, highlighting the continued effectiveness of simple tactics.
New AirSnitch Attack Bypasses Wi-Fi Encryption in Homes, Offices, and Enterprises
Researchers have uncovered “AirSnitch”, a new Wi-Fi attack that can bypass the client isolation feature many routers use to keep connected devices separated, including on guest networks. It affects a wide range of home and enterprise equipment and could enable a machine-in-the-middle cyber attack where an intruder intercepts and potentially alters data in transit. The risk is highest where internet traffic is not fully encrypted, as attackers could steal passwords, session cookies, and payment details. Some vendors have issued updates, but parts of the issue may require longer term hardware changes.
Employees Install Pirate Software Despite Malware Risks
Barracuda reports that employees are still attempting to install pirated or cracked software on company devices, despite the significant cyber security risks. Such software is often modified to include hidden malware that can steal login details, install ransomware, hijack user sessions or run cryptomining programs that misuse company systems. Because pirated software cannot receive legitimate security updates, vulnerabilities remain unpatched. Barracuda warns that organisations should strengthen security controls, restrict installation permissions and improve employee awareness to reduce the risk of a cyber attack.
https://betanews.com/article/employees-install-pirate-software-despite-malware-risks/
Governance, Risk and Compliance
Four Risks Boards Cannot Treat as Background Noise - SecurityWeek
AI risk moves into the security budget spotlight - Help Net Security
Cyber incidents remain the primary challenge facing UK businesses
The CISO role keeps getting heavier - Help Net Security
Executive data can become the weak link in the cybersecurity chain - BetaNews
Cyber resilience tunnel vision is leaving enterprises open to external threats | IT Pro
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware groups switch to stealthy attacks and long-term access | CSO Online
Ransomware: As Infostealers Bite, Prevention Beats Recovery
Ransomware activity peaks outside business hours - Help Net Security
Ransomware attacks soar as hackers pivot to small businesses - Invezz
Scattered Lapsus$ Hunters seeks women to defraud helpdesks • The Register
Double whammy: Steaelite RAT bundles data theft, ransomware • The Register
Notorious ransomware gang allegedly blackmailed by fake FSB officer
Bitcoin Still Fuels Ransomware Economy in 2025
Ransomware Attacks Rose 50% in 2025 According to Chainalysis Report
Ransomware groups claim record number of victims in 2025 - CIR Magazine
Ransomware Payments Decline 8% as Attacks Surge 50% - Infosecurity Magazine
Ransomware Victims
Conduent Data Breach - Largest Data Breach in U.S. History As Ransomware Group Stolen 8 TB of Data
1 Million Records from Dutch Telco Odido Published Online After Extortion Attempt
Qilin ransomware hits Malaysia Airlines | Cybernews
Dutch cops back Odido as ShinyHunters leaks continue • The Register
ShinyHunters leaked the full Odido dataset
Airbus and Boeing supplier named in ransomware attack | Cybernews
Phishing & Email Based Attacks
OAuth Abuse in Microsoft Entra ID Enables Stealthy Email Access
Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication
Fake LastPass support email threads try to steal vault passwords
Purchase order attachment isn’t a PDF. It’s phishing for your password | Malwarebytes
Remote-working breaches as phishing fears reach record high | theHRD
Microsoft warning: attackers are abusing Google logins to spread malware | Cybernews
Attack on trust | Professional Security Magazine
Darktrace Flags 32 Million Phishing Emails in 2025 as Identity Attacks - Infosecurity Magazine
Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks
Hacker mass-mails HungerRush extortion emails to restaurant patrons
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Attack on trust | Professional Security Magazine
Other Social Engineering
Fake LastPass support email threads try to steal vault passwords
Attack on trust | Professional Security Magazine
Purchase order attachment isn’t a PDF. It’s phishing for your password | Malwarebytes
Scattered Lapsus$ Hunters seeks women to defraud helpdesks • The Register
Europol-led crackdown on The Com hackers leads to 30 arrests
DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams
Why scammers call you and say nothing - and how to respond safely | ZDNET
Scammers target Dubai bank accounts amid Iran missile salvo • The Register
If You're a Tech Worker With an Attractive Girlfriend, We Have Extremely Bad News
Telegram rises to top spot in job scam activity - Help Net Security
2FA/MFA
Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication
Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks
Artificial Intelligence
AI went from assistant to autonomous actor and security never caught up - Help Net Security
Why enterprise AI agents could become the ultimate insider threat | ZDNET
AI Raises the Cybersecurity Stakes — But People Still Open the Door - Infosecurity Magazine
AI risk moves into the security budget spotlight - Help Net Security
Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer | Trend Micro (US)
How Threat Actors Turned OpenClaw Into a Scraping Botnet - Security Boulevard
Organizations Unprepared for External Cyber Risks
Fraudsters integrate ChatGPT into global scam campaigns - Help Net Security
Your Staff Are Your Biggest Security Risk: AI is Making it Worse
AI bot compromises five major GitHub repositories | Cybernews
ClawJacked flaw exposed OpenClaw users to data theft
Your personal OpenClaw agent may also be taking orders from malicious websites | CSO Online
AI and Deepfakes Supercharge Sophisticated Cyber-Attacks: Cloudflare - Infosecurity Magazine
The AI-Powered Hacking Spree Is Here
Destroyed servers and DoS attacks: What can happen when OpenClaw AI agents interact | ZDNET
Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement
How Deepfakes and Injection Attacks Are Breaking Identity Verification
Chatbot data harvesting yields sensitive personal info • The Register
Calls for Global Digital Estate Standard as Fraud Risk Grows - Infosecurity Magazine
Hackers Leveraged CyberStrikeAI Tool to Breach Fortinet FortiGate Devices
Pentagon ditches Anthropic AI over “security risk” and OpenAI takes over - Security Boulevard
Sam Altman admits OpenAI can’t control Pentagon’s use of AI | Technology | The Guardian
Pentagon moves to build AI tools for China cyber operations
Hacker Steals Huge Data Trove From Mexico Using Anthropic's Claude
OpenAI Reaches A.I. Agreement With Defense Dept. After Anthropic Clash - The New York Times
Why Pentagon-Anthropic AI clash is pivotal front in future of warfare
Flaw-Finding AI Assistants Face Criticism for Speed, Accuracy
LLMs are getting better at unmasking people online | CyberScoop
Anthropic fallout Iran strikes fuel tech backlash over military AI use
What AI Models for War Actually Look Like | WIRED
Bots/Botnets
Memory scalpers hunt scarce DRAM with bot blitz • The Register
How Threat Actors Turned OpenClaw Into a Scraping Botnet - Security Boulevard
Careers, Roles, Skills, Working in Cyber and Information Security
Code of Professional Conduct | Professional Security Magazine
Cybersecurity professionals are burning out on extra hours every week - Help Net Security
GCHQ hunts for CISO with £130K top salary • The Register
Comms Dealer - Why UK MSPs Need Global Talent Now More Than Ever
Cloud/SaaS
Cloudflare tracked 230 billion daily threats and here is what it found - Help Net Security
Attackers are using your network against you, according to Cloudflare | CyberScoop
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams
QuickLens Chrome extension steals crypto, shows ClickFix attack
Bitcoin Still Fuels Ransomware Economy in 2025
Cyber Crime, Organised Crime & Criminal Actors
AI and Deepfakes Supercharge Sophisticated Cyber-Attacks: Cloudflare - Infosecurity Magazine
Europol-led crackdown on The Com hackers leads to 30 arrests
Turns out most cybercriminals are old enough to know better • The Register
Compromised Site Management Panels are a Hot Item in Cybercrime Markets
Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks
FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials
Data Breaches/Leaks
Conduent Data Breach - Largest Data Breach in U.S. History As Ransomware Group Stolen 8 TB of Data
AI bot compromises five major GitHub repositories | Cybernews
ClawJacked flaw exposed OpenClaw users to data theft
Double whammy: Steaelite RAT bundles data theft, ransomware • The Register
Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks - Infosecurity Magazine
1 Million Records from Dutch Telco Odido Published Online After Extortion Attempt
15M French citizens affected by massive data breach following cyberattack on medical software
New LexisNexis Data Breach Confirmed After Hackers Leak Files - SecurityWeek
“Non-terrestrial officers:” the UFO files McKinnon found, hacking NASA | Cybernews
Hacker Steals Huge Data Trove From Mexico Using Anthropic's Claude
Olympique Marseille confirms 'attempted' cyberattack after data leak
Canadian Tire 2025 data breach impacts 38 million users
UH Cyber Hack Exposed Social Security Numbers Of Up To 1.15 Million - Honolulu Civil Beat
Brit games studio Cloud Imperium admits to data breach • The Register
Madison Square Garden Data Breach Confirmed Months After Hacker Attack - SecurityWeek
Denial of Service/DoS/DDoS
149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict
Russian DDoS: what’s the threat to businesses? | IT Pro
Encryption
Expert Recommends: Prepare for PQC Right Now
Fraud, Scams and Financial Crime
Fraudsters integrate ChatGPT into global scam campaigns - Help Net Security
Calls for Global Digital Estate Standard as Fraud Risk Grows - Infosecurity Magazine
Data Broker Breaches Fueled Nearly $21 Billion in Identity-Theft Losses | WIRED
Memory scalpers hunt scarce DRAM with bot blitz • The Register
Why scammers call you and say nothing - and how to respond safely | ZDNET
Scammers target Dubai bank accounts amid Iran missile salvo • The Register
Telegram rises to top spot in job scam activity - Help Net Security
Alabama man pleads guilty to hacking, extorting hundreds of women
Florida woman imprisoned for massive Microsoft license fraud scheme
Identity and Access Management
How Deepfakes and Injection Attacks Are Breaking Identity Verification
Insider Risk and Insider Threats
Why enterprise AI agents could become the ultimate insider threat | ZDNET
AI Raises the Cybersecurity Stakes — But People Still Open the Door - Infosecurity Magazine
42 percent of organizations see an increase in malicious insider incidents - BetaNews
Your Staff Are Your Biggest Security Risk: AI is Making it Worse
Employees install pirate software despite malware risks - BetaNews
U.S. Defense Contractor Faces 87 Months in Prison For Selling Secrets to Russia - ClearanceJobs
Insurance
Zurich Acquires Beazley in $11 Billion Deal to Lead Cyberinsurance - SecurityWeek
Internet of Things – IoT
Your smart home may be at risk - 6 ways experts protect your devices from attacks | ZDNET
Every Car Made After 2008 Has the Same Digital Security Risk
Meta Workers Say They're Seeing Disturbing Things Through Users' Smart Glasses
Law Enforcement Action and Take Downs
Europol-led crackdown on The Com hackers leads to 30 arrests
U.S. Defense Contractor Faces 87 Months in Prison For Selling Secrets to Russia - ClearanceJobs
Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks
FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials
DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams
Project Compass is Europol's new playbook for taking on The Com | CyberScoop
Cambodia, a center for online scam, cracks down on the scammers : State of the World from NPR : NPR
Ukrainian man pleads guilty to running AI-powered fake ID site
Alabama man pleads guilty to hacking, extorting hundreds of women
Florida woman imprisoned for massive Microsoft license fraud scheme
Malware
Double whammy: Steaelite RAT bundles data theft, ransomware • The Register
Microsoft OAuth scams abuse redirects for malware delivery • The Register
Employees install pirate software despite malware risks - BetaNews
Microsoft warning: attackers are abusing Google logins to spread malware | Cybernews
CISA warns that RESURGE malware can be dormant on Ivanti devices
North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT
QuickLens Chrome extension steals crypto, shows ClickFix attack
Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer | Trend Micro (US)
Microsoft warns of RAT delivered through trojanized gaming utilities
Mobile
Coruna: Spy-grade iOS exploit kit powering financial crime - Help Net Security
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
Models, Frameworks and Standards
Passwords, Credential Stuffing & Brute Force Attacks
Fake LastPass support email threads try to steal vault passwords
Purchase order attachment isn’t a PDF. It’s phishing for your password | Malwarebytes
US Shuts Down 'LeakBase' Hacker Forum Known for Selling Stolen Data
FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials
Regulations, Fines and Legislation
UK’s Data Watchdog Gets a Makeover to Match Growing Demands - Infosecurity Magazine
CISA leadership shakeup comes amid ‘pressure’ moment for cyber agency | Federal News Network
Trump Bans Anthropic AI in Federal Agencies — Pentagon Flags Claude as Security Risk
OpenAI Reaches A.I. Agreement With Defense Dept. After Anthropic Clash - The New York Times
Why Pentagon-Anthropic AI clash is pivotal front in future of warfare
Social Media
Social media companies are fighting the 'age verification trap' | Fortune
Software Supply Chain
What to Know About the Notepad++ Supply-Chain Attack - Security Boulevard
Your dependencies are 278 days out of date and your pipelines aren't protected - Help Net Security
Surging third-party risks create software vulnerability headaches for developer teams | IT Pro
Supply Chain and Third Parties
Conduent Data Breach - Largest Data Breach in U.S. History As Ransomware Group Stolen 8 TB of Data
Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks - Infosecurity Magazine
Organizations Unprepared for External Cyber Risks
What to Know About the Notepad++ Supply-Chain Attack - Security Boulevard
Madison Square Garden Data Breach Confirmed Months After Hacker Attack - SecurityWeek
Airbus and Boeing supplier named in ransomware attack | Cybernews
Third-Party Risk: The New Maturity Curve for Security Providers | perspective | MSSP Alert
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
UK warns of Iranian cyberattack risks amid Middle-East conflict
U.S. war with Iran forces CEOs to prepare for the worst | Fortune
Hybrid Middle East Conflict Triggers Surge in Global Cyber Activity - Infosecurity Magazine
The cyber war in Iran - POLITICO
Expect Iran to Launch Cyber-Attacks Globally, Warns Google - Infosecurity Magazine
Europe braces as Iran threatens to attack – POLITICO
If You're a Tech Worker With an Attractive Girlfriend, We Have Extremely Bad News
Businesses told to harden defenses amid Iran conflict risk • The Register
Mapping Iran’s hacking threats | Ctech
Iran War Puts Companies, Infrastructure on Cyber Threat Alert
Iran could use AI to accelerate cyberattacks on U.S. and Israeli critical infrastructure | Fortune
Cyberwarfare ignites in US-Israel-Iran war
Pro-Iranian Actors Launch Barrage of Cyberattacks
Double jeopardy for Dubai, faces espionage threat amid Iran offensive - The Statesman
Western Cybersecurity Experts Brace for Iranian Reprisal
Iranian Hackers Ramp Up Cyberattacks on US and Israel After Recent Strikes - gHacks Tech News
Sam Altman admits OpenAI can’t control Pentagon’s use of AI | Technology | The Guardian
Anthropic fallout Iran strikes fuel tech backlash over military AI use
What AI Models for War Actually Look Like | WIRED
Nation State Actors
How to understand and avoid Advanced Persistent Threats - Security Boulevard
China
If You're a Tech Worker With an Attractive Girlfriend, We Have Extremely Bad News
Hackers Leveraged CyberStrikeAI Tool to Breach Fortinet FortiGate Devices
From phishing to Google Drive C2: Silver Dragon expands APT41 playbook
China's Silver Dragon Razes Governments in EU, SE Asia
Pentagon moves to build AI tools for China cyber operations
Russia
If You're a Tech Worker With an Attractive Girlfriend, We Have Extremely Bad News
Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks - SecurityWeek
Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch
Russian DDoS: what’s the threat to businesses? | IT Pro
U.S. Defense Contractor Faces 87 Months in Prison For Selling Secrets to Russia - ClearanceJobs
Notorious ransomware gang allegedly blackmailed by fake FSB officer
North Korea
North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT
North Korea’s APT37 Expands Toolkit to Breach Air-Gapped Networks - Infosecurity Magazine
ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
APT37 hackers use new malware to breach air-gapped networks
Suspected Nork intruders infecting US healthcare, education • The Register
Britain sees North Korea as 'major' cyber threat: Cybersecurity expert
Iran
U.S. war with Iran forces CEOs to prepare for the worst | Fortune
Hybrid Middle East Conflict Triggers Surge in Global Cyber Activity - Infosecurity Magazine
The cyber war in Iran - POLITICO
Europe braces as Iran threatens to attack – POLITICO
Businesses told to harden defenses amid Iran conflict risk • The Register
Mapping Iran’s hacking threats | Ctech
Iran War Puts Companies, Infrastructure on Cyber Threat Alert
Cyberwarfare ignites in US-Israel-Iran war
Pro-Iranian Actors Launch Barrage of Cyberattacks
Iran intelligence backdoored US bank, airport networks • The Register
Scammers target Dubai bank accounts amid Iran missile salvo • The Register
US financial firms on cyber alert amid Iran war | The Jerusalem Post
Iranian Hackers Ramp Up Cyberattacks on US and Israel After Recent Strikes - gHacks Tech News
149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict
Strikes on Iran will test US cyber strategy abroad, and defenses at home - Nextgov/FCW
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Hacktivists claim to have hacked Homeland Security to release ICE contract data | TechCrunch
149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict
Tools and Controls
AI risk moves into the security budget spotlight - Help Net Security
Flaw-Finding AI Assistants Face Criticism for Speed, Accuracy
Why encrypted backups may fail in an AI-driven ransomware era | ZDNET
How Deepfakes and Injection Attacks Are Breaking Identity Verification
Cloudflare tracked 230 billion daily threats and here is what it found - Help Net Security
Attackers are using your network against you, according to Cloudflare | CyberScoop
The Expanding Link Between Software Engineering And Cyber Security - DevX
Your dependencies are 278 days out of date and your pipelines aren't protected - Help Net Security
Cyber resilience tunnel vision is leaving enterprises open to external threats | IT Pro
12 Million exposed .env files reveal widespread security failures
Security debt is becoming a governance issue for CISOs - Help Net Security
Other News
Cloudflare tracked 230 billion daily threats and here is what it found - Help Net Security
Attackers are using your network against you, according to Cloudflare | CyberScoop
The Increasing Speed of Cyberattacks
How 'silent probing' can make your security playbook a liability | CyberScoop
The Expanding Link Between Software Engineering And Cyber Security - DevX
UK government seeks to clamp down on cyber-threats - Digital Journal
DEF CON hackers 'fed up with government,' Jake Braun says • The Register
Sweden Tells Energy Sector to Raise Security, but Faces no Specific Threat
Healthcare organizations are accepting cyber risk to cut costs - Help Net Security
Cybersecurity is now a bigger worry for car-makers than costs - Drives&Controls
Cybersecurity a ‘significant’ issue for 95% of manufacturers
Vulnerability Management
Flaw-Finding AI Assistants Face Criticism for Speed, Accuracy
Exploitable Vulnerabilities Present in 87% of Organizations - Infosecurity Magazine
Report Shows Sharp Rise in High‑Risk Flaws and Security Debt
Your dependencies are 278 days out of date and your pipelines aren't protected - Help Net Security
Surging third-party risks create software vulnerability headaches for developer teams | IT Pro
Google will soon ship Chrome updates every two weeks • The Register
Vulnerabilities
NCSC warns of attacks to Cisco Catalyst SD-WAN | UKAuthority
Cisco Drops 48 New Firewall Vulnerabilities, 2 Critical
Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities
Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
Juniper issues emergency patch for critical PTX router RCE
Cisco warns of max severity Secure FMC flaws giving root access
What to Know About the Notepad++ Supply-Chain Attack - Security Boulevard
Trend Micro fixes two critical flaws in Apex One
Critical Juniper Networks PTX flaw allows full router takeover
Firefox 148 Released With Sanitizer API to Disable XSS Attack
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
Security hole could let hackers take over Juniper Networks PTX core routers | CSO Online
Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 27 February 2026
Black Arrow Cyber Threat Intelligence Briefing 27 February 2026:
-The Growing Risk of Malicious Apps in a Mobile-First Workplace
-Why 'Call This Number' TOAD Emails Beat Gateways
-New Phishing Hacks Aren’t Sloppy—They’re Personalised
-Google Disrupts Chinese-Linked Hackers That Attacked 53 Groups Globally
-Basic Security Gaps Leave Enterprises Exposed to AI-Boosted Attacks
-'God-Like' Attack Machines: AI Agents Ignore Security Policies
-13 Ways Attackers Use Generative AI To Exploit Your Systems
-AI Accelerates Attacker Breakout Time to Just Four Minutes
-Resilience: Cyber Risk Shifts from Disruption to Long-Tail Losses
-Ransomware Readiness is the Difference Between a Bad Day at Work and No More Workplace
-So You Think You Have Cyber Insurance? The Breach is Only the First Incident. The Claim is the Second.
-Russia Stepping Up Hybrid Attacks, Preparing for Long Standoff with West, Dutch Intelligence Warns
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
We have details of new and developing threats for business leaders to address in their security strategy. These include malicious apps on work mobile devices, and phishing emails without links or attachments but with instructions for the recipient to call a number that turns out to be a scam. Separately, Google has identified attackers using online Google Sheets that contain command instructions for malware already installed in victims’ systems at a previous stage. As mentioned in our previous weekly reports, AI is being used to make cyber-attacks faster and more effective.
Addressing these and other risks requires two areas of focus: proportionate cyber security to reduce the frequency of successful attacks, and cyber resilience to improve the chances that the organisation can successfully detect and respond to attacks. Insurance is often part of that resilience; however, we include a reminder on the need to ensure a clear understanding upfront on exactly what the insurance policy provides and the conditions of cover.
Business leaders are not expected to be cyber experts, but your ability to ensure that your cyber security and resilience can address today’s evolving risks requires you to understand the fundamentals, and this is best sourced from experts who are not your control providers. Contact us for details of how to achieve proportionate security and resilience for your business .
Top Cyber Stories of the Last Week
The Growing Risk of Malicious Apps in a Mobile-First Workplace
As workplaces become increasingly mobile-first, employees’ smartphones now provide a direct route into corporate systems and sensitive data. Attackers are exploiting this by disguising malicious code inside legitimate-looking apps, including those published in trusted app stores, and by rapidly creating new variants that evade traditional, signature-based security tools. Risk also comes from poorly built apps that request excessive access or accidentally expose information through weak design. To reduce exposure, organisations need greater visibility into what apps are installed, what data they access, and whether their behaviour changes after updates, treating mobile apps as a core enterprise risk, not just an IT concern.
Why 'Call This Number' TOAD Emails Beat Gateways
Attackers are increasingly using “call this number” emails that contain no links or attachments, helping them slip past many secure email gateways. Analysis of roughly 5,000 threats that bypassed enterprise defences since December 2025 found telephone-oriented attack delivery (TOAD) made up almost 28% of these incidents. The tactic typically mimics a billing alert from a trusted brand and pressures staff to phone a number, where scammers try to steal login details, gain remote access to devices, or extract payments such as gift cards. Senior leaders should reinforce clear rules: invoices are not resolved by unsolicited phone calls, and staff must verify unexpected payment requests via known channels.
https://www.darkreading.com/threat-intelligence/why-call-this-number-toad-emails-beat-gateways
New Phishing Hacks Aren’t Sloppy—They’re Personalised
Artificial intelligence is making phishing scams far more convincing by tailoring messages with personal details pulled from past data breaches and public sources such as social media. These emails and texts may reference your name, location, services you use, or even your interests, helping criminals build trust and pressure people into clicking links, sharing information, or sending money. If staff credentials are stolen, accounts can be compromised, potentially impacting the wider business. Key safeguards include keeping software and security tools up to date, and treating personalised or unexpected payment or account warnings with caution by verifying them through official channels.
Google Disrupts Chinese-Linked Hackers That Attacked 53 Groups Globally
Google has disrupted a Chinese-linked hacking group with a near decade-long record of targeting governments and telecoms, after confirming access to at least 53 organisations across 42 countries, with possible reach into 22 more. The attackers used Google Sheets to hide activity within normal network traffic, which Google stressed was not a flaw in its products. In one incident, they installed a hidden way to regain access on a system holding sensitive personal data such as names, phone numbers, dates of birth and national ID details.
Basic Security Gaps Leave Enterprises Exposed to AI-Boosted Attacks
IBM’s 2026 X-Force Threat Intelligence Index warns that criminals are increasingly using AI to find and exploit basic security gaps at speed. Attacks starting through internet-facing applications rose 44%, often due to insufficient access controls, while ransomware and extortion activity grew 49% year on year and disclosed victim counts increased by about 12%. Supply chain and third-party compromises have almost quadrupled since 2020, targeting software build and deployment environments and cloud applications. In 2025, exploiting known weaknesses drove 40% of observed incidents. Manufacturing remained the most targeted sector (27%), and North America saw 29% of cases.
https://betanews.com/article/basic-security-gaps-leave-enterprises-exposed-to-ai-boosted-attacks/
'God-Like' Attack Machines: AI Agents Ignore Security Policies
Security leaders are warning that goal-driven AI agents can unintentionally expose sensitive information or make damaging changes if they are given too much access. A recent Microsoft Copilot bug reportedly summarised confidential emails, and separately an AI agent ignored restrictions and deleted a live database. Experts caution that built-in AI guardrails are not strong enough to be relied on as security controls. Organisations adopting AI agents should limit permissions to the minimum required, separate critical systems, keep clear oversight through monitoring and audit logs, and ensure robust backups to quickly reverse mistakes.
https://www.darkreading.com/application-security/ai-agents-ignore-security-policies
13 Ways Attackers Use Generative AI To Exploit Your Systems
Criminals are using generative AI to make familiar cyber attacks faster and more convincing, rather than inventing entirely new ones. It is boosting realistic phishing messages that trick staff into handing over passwords, and helping create malware to damage systems or steal data. AI is also enabling deepfake voice and video scams and automating espionage, with one campaign reportedly automated by about 80% and aimed at roughly 30 major organisations.
AI Accelerates Attacker Breakout Time to Just Four Minutes
ReliaQuest reports that attackers are moving faster, with the average time from initial access to spreading inside an organisation dropping to 34 minutes in 2025, and a record low of just four minutes. Data theft can happen in as little as six minutes, down from over four hours in 2024. The report links this acceleration to wider use of automation and AI, with 80% of ransomware groups using one or both. Many organisations remain exposed due to gaps such as poor visibility of activity logs, weak remote access protections, and identity processes that can be tricked through social engineering where attackers persuade staff to grant access.
https://www.infosecurity-magazine.com/news/ai-accelerates-attack-breakout/
Resilience: Cyber Risk Shifts from Disruption to Long-Tail Losses
According to a report by US insurance provider, Resilience, cyber attacks are increasingly causing long-lasting financial, regulatory and reputational harm, driven by criminals stealing data and demanding payment to stop it being published. Data theft-only incidents rose from 49% of extortion claims in the first half of last year to 65% in the second half, and this model could become the majority by the end of 2026. The report also warns that paying to suppress stolen data may still lead to lawsuits and further exposure. Retail, manufacturing and health care made up 68% of losses.
https://www.insurancejournal.com/news/national/2026/02/25/859511.htm
Ransomware Readiness is the Difference Between a Bad Day at Work and No More Workplace
Ransomware is now a routine business risk, and organisations that recover fastest are typically those with strong readiness rather than the most complex technology. Effective preparation starts with clear governance and a tested incident response plan that assumes key systems and email may be unavailable. It also requires reliable, regularly tested backups that can restore critical services quickly, plus offline access to continuity plans and contact lists. Senior leaders should rehearse early decisions, including how to handle ransom demands, legal checks, and insurer requirements. Today’s ransomware is often data theft followed by extortion, raising regulatory and reputational stakes.
So You Think You Have Cyber Insurance? The Breach is Only the First Incident. The Claim is the Second.
Many organisations treat cyber insurance as a simple safety net, but in practice it is often a patchwork of policies with gaps and overlaps that only become clear after an incident. The most common losses involve other people’s data held on your systems, ransomware that combines disruption with extortion, and business email compromise where criminals impersonate staff to divert payments. Insurers may dispute claims by arguing the loss sits under a different policy, that payments were voluntary, or that conditions were not met. The key message is to stress test cover in advance, so it still pays out under real-world pressure.
Russia Stepping Up Hybrid Attacks, Preparing for Long Standoff with West, Dutch Intelligence Warns
Dutch intelligence agencies warn that Russia is intensifying a hybrid campaign across Europe as it prepares for a long confrontation with the West. This blends cyber-attacks, sabotage, disinformation and covert political influence to stay below the threshold of open war. Since late 2023, activity has risen sharply, with the Netherlands targeted through cyber operations against public institutions and critical infrastructure. The agencies assess Russia’s risk tolerance has increased since 2024, meaning disruption to vital services could become more likely even without direct military conflict.
Governance, Risk and Compliance
Resilience: Cyber Risk Shifts From Disruption to Long-Tail Losses
Resilience Cyber Claims Data Reveals The New Economics of Professionalized Cybercrime
Cyber is long tail threat warns new study
Identifying cyber crime motives more vital than ever, report says | The National
Organizations, MSSPs Need to Mind the Gaps in Their Security: Barracuda | MSSP Alert
Businesses rank cyber incidents as their biggest threat - BetaNews
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware is a mid-market tax. Here's how UK firms can stop it - Raconteur
Ransomware playbook torn up as data theft becomes top threat – Resilience | Insurance Business
BeyondTrust Vulnerability Exploited in Ransomware Attacks - SecurityWeek
Ransomware Victims
Mississippi medical center closes all clinics after ransomware attack
Chip Testing Giant Advantest Hit by Ransomware - SecurityWeek
ShinyHunters demands $1.5M not to leak Wynn Resorts data • The Register
Two years on, what are the lessons from the British Library cyberattack?
ShinyHunters extortion gang claims Odido breach affecting millions
Wynn Resorts confirms data stolen after ShinyHunters threats • The Register
Qilin targets NYC transit workers | Cybernews
Everest ransomware hits Vikor Scientific 's supplier, data of 140,000 patients stolen
Phishing & Email Based Attacks
New phishing hacks aren't sloppy—they're personalized | PCWorld
Why 'Call This Number' TOAD Emails Beat Gateways
The Art of Deception: Typosquatting to Bypass Detection
UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware
Russian hackers target European firms with new spear-phishing cyberattacks | TechRadar
Hackers Using OAuth Apps in Microsoft Entra ID to Establish Persistence
Airline brands become launchpads for phishing, crypto fraud - Help Net Security
Phishing campaign targets freight and logistics orgs in the US, Europe
Multifaceted Phishing Scheme Deceives Bitpanda Customers - Infosecurity Magazine
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Know the red flags: Business email compromise signs to look out for | CSO Online
Other Social Engineering
Why 'Call This Number' TOAD Emails Beat Gateways
The Art of Deception: Typosquatting to Bypass Detection
ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware
Fake CAPTCHA attacks exploded by 563% last year: How to spot them and stay safe online | ZDNET
Airline brands become launchpads for phishing, crypto fraud - Help Net Security
I'm a tech pro and an AI job scam almost fooled me - here's what gave it away | ZDNET
Threat Actors Using Fake Avast Website to Harvest Users Credit Card Details
Ad tech firm Optimizely confirms data breach after vishing attack
How to protect yourself from SIM swapping
The latest delivery scam has 'carriers' calling to return your phone - don't fall for it | ZDNET
Virgin Media O2 Warn Customers to Watch Out for Fake 5G SIM Upgrade Emails - ISPreview UK
AML/CFT/Money Laundering/Terrorist Financing/Sanctions
The US expanded its sanctions list against Russia due to cybersecurity threats | УНН
Artificial Intelligence
Cyberattack Breakout in Just 27 Seconds? 2026 Threat Report Reveals Shocking Speed | IBTimes UK
AI Accelerates Attacker Breakout Time to Just Four Minutes - Infosecurity Magazine
Hackers Gain Speed, Not Major New Tradecraft, Using AI Tools
AI-powered Cyber-Attacks Up Significantly, Warns CrowdStrike - Infosecurity Magazine
13 ways attackers use generative AI to exploit your systems | CSO Online
New phishing hacks aren't sloppy—they're personalized | PCWorld
'God-Like' Attack Machines: AI Agents Ignore Security Policies
2026 CrowdStrike Global Threat Report: AI Accelerates Adversaries and Reshapes the Attack Surface
Attackers Now Need Just 29 Minutes to Own a Network
Cyberattacks are hitting faster with AI fuelling an 89% jump, data shows - National | Globalnews.ca
The rise of the evasive adversary | CSO Online
Basic security gaps leave enterprises exposed to AI-boosted attacks - BetaNews
Android malware uses Google’s own Gemini AI to adapt in real time - Android Authority
Multiple Hacking Groups Exploit OpenClaw Instances to Steal API key and Deploy Malware
AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries
Lessons From AI Hacking: Every Model, Every Layer Is Risky
Model Inversion Attacks: Growing AI Business Risk - Security Boulevard
AI is becoming part of everyday criminal workflows - Help Net Security
Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer | Trend Micro (US)
Cyber Attacks Skirt Corporate Defenses With AI, Cloud Intrusions
Anthropic Drops Flagship Safety Pledge | TIME
National Crime Agency calls for ‘whole-system approach’ to tech-enabled abuse – PublicTechnology
44% Surge in App Exploits as AI Speeds Up Cyber-Attacks, IBM Finds - Infosecurity Magazine
AI coding assistant Cline compromised, installs OpenClaw • The Register
Urgent research needed to tackle AI threats, says Google AI boss - BBC News
Deloitte Australia bans staff from using ChatGPT over data leak fears
How Exposed Endpoints Increase Risk Across LLM Infrastructure
UAE foils AI-powered 'terrorist cyber attacks' on vital sectors | The National
Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model
Shai-Hulud-Like Worm Targets Developers via npm and AI Tools - Infosecurity Magazine
Major 'vibe-coding' platform Orchids is easily hacked, researcher finds - BBC News
Do NOT use AI-generated passwords, security experts warn | PCWorld
Nation state hackers fail to gain edge with AI, OpenAI report finds - Cryptopolitan
Claude's collaboration tools allowed remote code execution • The Register
Cyber: the dangers of agents and vibe coding | ICAEW
Chinese Police Use ChatGPT to Smear Japan PM Takaichi
Careers, Roles, Skills, Working in Cyber and Information Security
Where CISOs need to hire and develop cybersecurity talent
ISC2 Launches Global Code of Professional Conduct for Cybersecurity
UK tech has fewer foreign techies, struggling to upskill • The Register
Cloud/SaaS
2026 CrowdStrike Global Threat Report: AI Accelerates Adversaries and Reshapes the Attack Surface
Cyber Attacks Skirt Corporate Defenses With AI, Cloud Intrusions
Hackers Using OAuth Apps in Microsoft Entra ID to Establish Persistence
Founder drops AWS for Euro stack in bid for sovereignty • The Register
Europe’s ‘tech sovereignty’ ambitions carry security risks, military warns
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Airline brands become launchpads for phishing, crypto fraud - Help Net Security
Cyber Crime, Organised Crime & Criminal Actors
Resilience: Cyber Risk Shifts From Disruption to Long-Tail Losses
AI is becoming part of everyday criminal workflows - Help Net Security
Resilience Cyber Claims Data Reveals The New Economics of Professionalized Cybercrime
Cyber Claims Data Shows ‘New Economics’ of Cybercrime
Cyber is long tail threat warns new study
Identifying cyber crime motives more vital than ever, report says | The National
Latin America's Cyber Maturity Lags Threat Landscape
Don’t trust TrustConnect: This fake remote support tool only helps hackers | CSO Online
International operation dismantles fraud network, €400,000 seized - Help Net Security
Data Breaches/Leaks
PayPal Data Breach Led to Fraudulent Transactions - SecurityWeek
PayPal discloses extended data leak linked to Loan App glitch
ICO wins battle in fight to fine tech retailer £500k • The Register
ShinyHunters extortion gang claims Odido breach affecting millions
Ashley Madison pivots to shake cyberattack ghost | Cybernews
CarGurus data breach exposes information of 12.4 million accounts
Ad tech firm Optimizely confirms data breach after vishing attack
Data/Digital Sovereignty
Founder drops AWS for Euro stack in bid for sovereignty • The Register
Europe’s ‘tech sovereignty’ ambitions carry security risks, military warns
Denial of Service/DoS/DDoS
Dramatic Escalation Frequency and Power of in DDoS Attacks - Infosecurity Magazine
Suspected Anonymous members cuffed in Spain over DDoS attack • The Register
Spain arrests suspected hacktivists for DDoSing govt sites
Fraud, Scams and Financial Crime
PayPal Data Breach Led to Fraudulent Transactions - SecurityWeek
Fraud Investigation Reveals Sophisticated Python Malware - Infosecurity Magazine
International operation dismantles fraud network, €400,000 seized - Help Net Security
I'm a tech pro and an AI job scam almost fooled me - here's what gave it away | ZDNET
Manipulating AI memory for profit: The rise of AI Recommendation Poisoning | Microsoft Security Blog
Threat Actors Using Fake Avast Website to Harvest Users Credit Card Details
Virgin Media O2 Warn Customers to Watch Out for Fake 5G SIM Upgrade Emails - ISPreview UK
Hackers use this tool to bypass fraud detection and weaponize Google ads | Mashable
The latest delivery scam has 'carriers' calling to return your phone - don't fall for it | ZDNET
Identity and Access Management
When identity isn’t the weak link, access still is
Insider Risk and Insider Threats
Cost of Insider Incidents Surges 20% to Nearly $20m - Infosecurity Magazine
Ex-L3Harris exec jailed for selling zero-days to Russian exploit broker
Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker
Insurance
Internet of Things – IoT
Security vulnerabilities in Tesla's Model 3 and Cybertruck reveal how connected cars can be hacked
Law Enforcement Action and Take Downs
Ex-Google engineers accused of swiping chip security secrets • The Register
Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker
International operation dismantles fraud network, €400,000 seized - Help Net Security
Suspected Anonymous members cuffed in Spain over DDoS attack • The Register
Police seize 100,000 stolen Facebook credentials in cybercrime raid - Help Net Security
Linux and Open Source
Open-source security debt grows across commercial software - Help Net Security
Malvertising
Hackers use this tool to bypass fraud detection and weaponize Google ads | Mashable
Malware
Fraud Investigation Reveals Sophisticated Python Malware - Infosecurity Magazine
Multiple Hacking Groups Exploit OpenClaw Instances to Steal API key and Deploy Malware
Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer | Trend Micro (US)
Fake troubleshooting tip on ClawHub leads to infostealer infection - Help Net Security
ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware
Russian hackers target European firms with new spear-phishing cyberattacks | TechRadar
New malware-as-a-service fronts as legit RMM provider | SC Media
Criminals create business website to sell RAT disguised as RMM tool - Help Net Security
Fake Zoom update covertly installs spy tool | Cybernews
Don’t trust TrustConnect: This fake remote support tool only helps hackers | CSO Online
Shai-Hulud-Like Worm Targets Developers via npm and AI Tools - Infosecurity Magazine
MuddyWater Targets Orgs With Fresh Malware Amid Rising Tensions
Mobile
The Growing Risk of Malicious Apps in a Mobile-First Workplace - Security Boulevard
Android malware uses Google’s own Gemini AI to adapt in real time - Android Authority
Predator spyware hooks iOS SpringBoard to hide mic, camera activity
How To Prevent Your Smartphone From Spying On Your Activities
Researchers flag Samsung Tizen OS weakness | Cybernews
Virgin Media O2 Warn Customers to Watch Out for Fake 5G SIM Upgrade Emails - ISPreview UK
How to protect yourself from SIM swapping
Android mental health apps with 14.7M installs filled with security flaws
Models, Frameworks and Standards
Passwords, Credential Stuffing & Brute Force Attacks
The 25 Most Vulnerable Passwords of 2026 | Security Magazine
Every day in every way, passwords are getting worse • The Register
The Real Initial Access Vector: Compromised Active Directory Credentials - Security Boulevard
Too many users are reusing passwords: Cybersecurity dangers revealed - Digital Journal
Police seize 100,000 stolen Facebook credentials in cybercrime raid - Help Net Security
Do NOT use AI-generated passwords, security experts warn | PCWorld
Regulations, Fines and Legislation
National Crime Agency calls for ‘whole-system approach’ to tech-enabled abuse – PublicTechnology
ICO wins battle in fight to fine tech retailer £500k • The Register
UK fines Reddit $19 million for using children’s data unlawfully
US cybersecurity agency CISA reportedly in dire shape amid Trump cuts and layoffs | TechCrunch
Across party lines and industry, the verdict is the same: CISA is in trouble | CyberScoop
Social Media
Police seize 100,000 stolen Facebook credentials in cybercrime raid - Help Net Security
I'm a tech pro and an AI job scam almost fooled me - here's what gave it away | ZDNET
Discord postpones global age verification rollout | AP News
UK fines Reddit $19 million for using children’s data unlawfully
Supply Chain and Third Parties
Group-IB High-Tech Crime Trends Report 2026: Supply Chain Attacks Emerge as Top Global Cyber Threat
Shai-Hulud-Like Worm Targets Developers via npm and AI Tools - Infosecurity Magazine
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Disrupting the GRIDTIDE Global Cyber Espionage Campaign | Google Cloud Blog
Awareness of Russian threat growing in EU, says MEP
Nation State Actors
Nation state hackers fail to gain edge with AI, OpenAI report finds - Cryptopolitan
UAE foils AI-powered 'terrorist cyber attacks' on vital sectors | The National
China
Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries
Google and friends disrupt suspected Beijing espionage op • The Register
Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model
Chinese Police Use ChatGPT to Smear Japan PM Takaichi
Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs - SecurityWeek
Russia
Awareness of Russian threat growing in EU, says MEP
UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware
Russian hackers target European firms with new spear-phishing cyberattacks | TechRadar
Russian Cyber Threat Actor Uses GenAI to Compromise Fortinet Firewalls - Infosecurity Magazine
The US expanded its sanctions list against Russia due to cybersecurity threats | УНН
Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker
North Korea
Iran
MuddyWater Targets Orgs With Fresh Malware Amid Rising Tensions
Ex-Google engineers accused of swiping chip security secrets • The Register
Tools and Controls
Criminals create business website to sell RAT disguised as RMM tool - Help Net Security
Fake Zoom update covertly installs spy tool | Cybernews
Identity-First AI Security: Why CISOs Must Add Intent to the Equation
AI gets good at finding bugs, not as good at fixing them • The Register
When identity isn’t the weak link, access still is
Why Most Breaches Happen After Launch: SaaS Security Testing Best Practices - Security Boulevard
Why the shift left dream has become a nightmare for security and developers
What Is Zero Trust Security? A Plain-English Guide - Security Boulevard
Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs - SecurityWeek
Shai-Hulud-Like Worm Targets Developers via npm and AI Tools - Infosecurity Magazine
AI coding assistant Cline compromised, installs OpenClaw • The Register
Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems
Major 'vibe-coding' platform Orchids is easily hacked, researcher finds - BBC News
Cyber: the dangers of agents and vibe coding | ICAEW
LLM firewalls emerge as a new AI security layer | TechTarget
Other News
The FBI Says These Wi-Fi Routers Are Unsafe, And Here's Why
Cyber-attacks may disrupt smart factories by targeting time | University of East London
“The automotive industry will eventually wake up to cyber attacks. It's a pandemic th | Ctech
Emerging Chiplet Designs Spark Fresh Cybersecurity Challenges
Enigma Cipher Device Still Holds Secrets for Cyber Pros
Vulnerability Management
AI gets good at finding bugs, not as good at fixing them • The Register
Organizations, MSSPs Need to Mind the Gaps in Their Security: Barracuda | MSSP Alert
Ex-L3Harris exec jailed for selling zero-days to Russian exploit broker
Microsoft extends security patching for three Windows products at a price - Help Net Security
Vulnerabilities
AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries
Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers - SecurityWeek
Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access
Claude's collaboration tools allowed remote code execution • The Register
BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
BeyondTrust Vulnerability Exploited in Ransomware Attacks - SecurityWeek
CISA gives feds 3 days to patch actively exploited Dell bug • The Register
Attackers Use New Tool to Scan for React2Shell Exposure
SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution
VMware Aria Operations flaws could enable remote attacks
Major 'vibe-coding' platform Orchids is easily hacked, researcher finds - BBC News
Researchers flag Samsung Tizen OS weakness | Cybernews
Recent RoundCube Webmail Vulnerability Exploited in Attacks - SecurityWeek
Critical Zyxel router flaw exposed devices to remote attacks
Android mental health apps with 14.7M installs filled with security flaws
Critical Grandstream Phone Vulnerability Exposes Calls to Interception - SecurityWeek
RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN
CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 20 February 2026
Black Arrow Cyber Threat Intelligence Briefing 20 February 2026:
-New Phishing Campaign Tricks Employees into Bypassing Microsoft 365 MFA
-Microsoft Patches Security Flaw That Exposed Confidential Emails to AI
-SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks, NCSC Boss Warns
-One Stolen Credential Is All It Takes to Compromise Everything
-Ukrainian Sentenced to 5 Years in Prison for Facilitating North Korean Remote Worker Scheme
-1,500 Percent Increase in New, Unique Malware Highlights Growing Complexity
-A Worrying Dell Zero-Day Flaw Has Reportedly Gone Unpatched for Nearly Two Years – and Chinese Hackers Are Taking Advantage
-AI Agents Abound, Unbound by Rules or Safety Disclosures
-‘An All-Time High’: Number of Ransomware Groups Exploded in 2025 As Victim Growth Rate Doubled – With Qilin Dominating the Landscape
-Ransomware Hackers Targeting Employee Monitoring Software to Access Computers
-Low-Skilled Cybercriminals Use AI to Perform "Vibe Extortion" Attacks
-Europe Must Adapt to ‘Permanent’ Cyber and Hybrid Threats, Sweden Warns
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
There is a significant new attack technique against organisations that use Microsoft 365, bypassing MFA, and Microsoft has also recently fixed a flaw in Copilot Chat that compromised confidential emails. We report on these developments for the attention of business leaders, as well as a government alert on attacks against small and medium sized businesses, and the risks posed when user access is not appropriately managed.
The North Korean military continues to pose as civilians hired by organisations, and a high number of new malware variants are being delivered over encrypted web traffic, making inspection necessary to reliably identify and block them. As in previous weeks, we include information on how attackers are using AI to develop their techniques and malware.
While cyber security risks can be varied, the solution is consistently clear. Business leaders should undertake an impartial assessment of their risks against their information and systems, and ensure they have appropriate controls to manage those risks. It is important not to rely on the standard offerings of control providers such as IT, which is why business leaders should upskill on the fundamentals of cyber risk management from impartial experts. Contact us to discuss how to achieve this in a proportionate manner.
Top Cyber Stories of the Last Week
New Phishing Campaign Tricks Employees into Bypassing Microsoft 365 MFA
A new phishing campaign is bypassing Microsoft 365 multi factor authentication by tricking employees into approving a login for a hacker’s device on a genuine Microsoft sign-in page. Emails posing as payment requests, bonus documents or voicemails prompt users to enter a ‘secure authorisation’ code, which actually grants an access token that can keep an attacker signed into services such as Outlook, Teams and OneDrive without repeated login checks. Leaders should ensure only approved applications and devices can be connected, limit unnecessary device sign-ins, and reinforce user awareness of unexpected login prompts, even on trusted domains.
Microsoft Patches Security Flaw That Exposed Confidential Emails to AI
Microsoft has fixed a flaw in Copilot Chat that allowed the AI to summarise confidential emails without proper permission, bypassing controls designed to stop sensitive company information being shared with large language models. The issue, present since late January and patched in early February, affected emails in users’ Sent Items and Drafts even when marked as confidential. The incident reflects wider concerns about AI tools handling organisational data, with Microsoft reporting that over 80% of Fortune 500 firms are deploying AI agents, but only 47% say they have the security controls needed to manage them safely.
SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks, NCSC Boss Warns
The UK NCSC chief Richard Horne has warned that small and medium sized businesses should not assume they are too small to face a cyber attack. Many attackers are not chasing big names; they look for easy opportunities where basic protections are missing, and the impact can be severe. Horne urged SMEs to adopt basic cyber controls including the secure set up of devices, controls on who can access systems, protection against malicious software, timely security updates, and firewalls. The NCSC has also highlighted rising cyber threats in its latest annual review.
https://www.infosecurity-magazine.com/news/sme-cyber-attack-threat-ncsc/
One Stolen Credential Is All It Takes to Compromise Everything
A research report on more than 750 investigations shows how a single stolen login can rapidly open the door to multiple parts of an organisation. Identity weaknesses featured in almost 90% of cases, with attacks often spanning endpoints, networks, cloud services and software as a service platforms. Cloud access is a particular concern: analysis of over 680,000 cloud identities found 99% had excessive permissions, including access unused for 60 days. Attack speed is also rising, with the fastest quarter reaching data exfiltration in 72 minutes, down from 285 minutes in 2024.
https://www.helpnetsecurity.com/2026/02/18/identity-based-cyberattacks-compromise/
Ukrainian Sentenced to 5 Years in Prison for Facilitating North Korean Remote Worker Scheme
US authorities have sentenced Ukrainian national Oleksandr Didenko to five years in prison for helping North Korean operatives secure remote IT jobs at 40 American companies. Over six years, he stole identities, created more than 2,500 fraudulent online accounts, and ran laptop farms in several US states so workers could appear to be based locally. Officials say the operatives earned hundreds of thousands of dollars, with payments helping fund North Korea’s weapons programmes.
https://cyberscoop.com/doj-ukrainian-north-korea-remote-worker-scheme-facilitator-sentenced/
1,500 Percent Increase in New, Unique Malware Highlights Growing Complexity
WatchGuard threat intelligence shows a sharp rise in malicious software, with new variants increasing each quarter in 2025 and jumping 1,548% from Q3 to Q4. Nearly a quarter of detected malware bypassed traditional signature checks, meaning it was effectively new and unknown to defenders. Most blocked malware is now delivered over encrypted (TLS) internet traffic, which can hide threats unless organisations inspect encrypted web traffic. While ransomware activity fell 68% percent year-on-year, record extortion payments suggest fewer but more costly cyber-attacks, underlining the need for layered, proactive cyber security.
A Worrying Dell Zero-Day Flaw Has Reportedly Gone Unpatched for Nearly Two Years – and Chinese Hackers Are Taking Advantage
Dell has patched a critical weakness in RecoverPoint for Virtual Machines (a Dell disaster recovery product for VMware and Hyper-V) where login details were mistakenly left in the software. Google and Mandiant report the flaw was exploited as a previously unknown issue from mid-2024 by a China-linked group, giving attackers unauthorised access and long term control at the highest system level. The group used a new Grimbolt backdoor and a stealth technique to move between systems and stay hidden.
AI Agents Abound, Unbound by Rules or Safety Disclosures
A review of 30 AI agents found rapid growth without clear, consistent safety disclosure. Of the 13 agents showing very high autonomy, only four publicly share any safety evaluation, while 25 provide no detail on safety testing and 23 offer no independent test data. Most of the AI agents reviewed do not publish their underlying code, offering limited independent visibility into how they operate. Many depend on a small number of underlying models from Anthropic, Google and OpenAI, creating complex shared responsibility. Researchers warn some agents ignore signals when sites do not permit automated access.
https://www.theregister.com/2026/02/20/ai_agents_abound_unbound_by/
‘An All-Time High’: Number of Ransomware Groups Exploded in 2025 As Victim Growth Rate Doubled – With Qilin Dominating the Landscape
Searchlight Cyber reports that ransomware reached record levels in 2025, with 7,458 organisations listed on ransomware leak sites and the victim growth rate doubling since 2024. The US was hardest hit with 1,536 disclosed victims, while the UK reported 131. Behind these figures is a fast growing criminal marketplace: 124 active groups operated in 2025, including 73 newcomers, helped by ransomware as a service, where criminals can buy ready made tools and share profits. Artificial intelligence is also being used to create more convincing scam messages that trick staff into clicking.
Ransomware Hackers Targeting Employee Monitoring Software to Access Computers
Huntress has identified two recent attempted ransomware incidents where attackers misused employee monitoring software and an IT remote support tool to gain and maintain access to corporate systems. By blending in with legitimate administrative software, the criminals made their activity harder to spot and ultimately attempted to deploy ransomware. This matters because such monitoring tools are widely used, with around a third of UK firms and roughly 60% of US firms using them, expanding organisations’ exposure. The underlying issues were weak access controls, including compromised VPN accounts.
Low-Skilled Cybercriminals Use AI to Perform "Vibe Extortion" Attacks
Even low skilled criminals are using AI writing tools to run convincing extortion campaigns, a tactic dubbed “vibe extortion”. This matters because AI can enable low skilled attackers to create attacks that sound polished and urgent. Researchers have seen attackers begin searching for newly disclosed weaknesses within 15 minutes of them being announced, and in some cases reduce work that previously took three to four weeks to under 25 minutes. Leaders should prioritise rapid patching, stronger checks for sensitive requests, and tighter control of business AI systems.
https://www.infosecurity-magazine.com/news/cybercriminals-ai-vibe-extortion/
Europe Must Adapt to ‘Permanent’ Cyber and Hybrid Threats, Sweden Warns
Sweden is warning that cyber and hybrid threats, where cyber attacks are combined with economic pressure and influence campaigns designed to erode public trust, are becoming a permanent part of Europe’s security landscape. Speaking at the Munich Cyber Security Conference, a senior Swedish defence official said organisations and governments must plan to operate through sustained disruption, not treat incidents as rare. Sweden is responding through its ‘total defence’ approach, rebuilding civil defence, strengthening national cyber security, and improving coordination through Sweden’s National Cyber Security Centre. The aim is credible deterrence through resilience, supported by closer public and private sector collaboration.
https://therecord.media/sweden-cyber-threats-europe-permanent
Governance, Risk and Compliance
SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks: NCSC Boss War - Infosecurity Magazine
UK.gov launches cyber 'lockdown' campaign as 80% of orgs hit • The Register
Attackers keep finding the same gaps in security programs - Help Net Security
Discipline is the new power move in cybersecurity leadership | CSO Online
Cyber attacks enabled by basic failings, Palo Alto analysis finds | CSO Online
With CISOs stretched thin, re-envisioning enterprise risk may be the only fix | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Why Ransomware Remains One of Cybersecurity’s Most Persistent Threats - Infosecurity Magazine
Ransomware attacks up almost 50 percent in 2025 - BetaNews
LockBit 5.0 ransomware expands its reach across Windows, Linux, and ESXi - Help Net Security
The UK’s Ransomware Strategy: What the UK Government’s Response Signals | Goodwin - JDSupra
Record Number of Ransomware Victims and Groups in 2025 - Infosecurity Magazine
Ransomware gangs are using employee monitoring software as a springboard for cyber attacks | IT Pro
Washington Hotel in Japan discloses ransomware infection incident
Polish authorities arrest alleged Phobos ransomware affiliate | CyberScoop
Negotiating with hackers: The AI in ransomware response
Ransomware Victims
Fintech firm Figure disclosed data breach after employee phishing attack
ShinyHunters allegedly drove off with 1.7M CarGurus records • The Register
Phishing & Email Based Attacks
Best-in-Class 'Starkiller' Phishing Kit Bypasses MFA
New phishing campaign tricks employees into bypassing Microsoft 365 MFA – Computerworld
Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection | CSO Online
Spam Campaign Abuses Atlassian Jira, Targets Government and Corporate Entities | Trend Micro (US)
Microsoft: Anti-phishing rules mistakenly blocked emails, Teams messages
Phishing via Google Tasks | Kaspersky official blog
Fintech firm Figure disclosed data breach after employee phishing attack
Other Social Engineering
Snail mail letters target Trezor and Ledger users in crypto-theft attacks
Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps
ClickFix added nslookup commands to its arsenal for downloading RATs - Security Boulevard
Hackers Use Fake CAPTCHA To Infect Windows PCs - gHacks Tech News
2FA/MFA
Best-in-Class 'Starkiller' Phishing Kit Bypasses MFA
Ongoing Campaign Targets Microsoft 365 to Steal OAuth Tokens and Gain Persistent Access
New phishing campaign tricks employees into bypassing Microsoft 365 MFA – Computerworld
Artificial Intelligence
Microsoft: Anti-phishing rules mistakenly blocked emails, Teams messages
Agentic AI is a priority for 87 percent of security teams - BetaNews
Why are experts sounding the alarm on AI risks? | Cybercrime News | Al Jazeera
Low-Skilled Cybercriminals Use AI to Perform “Vibe Extortion” Attacks - Infosecurity Magazine
Microsoft Patches Security Flaw That Exposed Confidential Emails to AI - Security Boulevard
AI agents abound, unbound by rules or safety disclosures • The Register
What CISOs need to know about the OpenClaw security nightmare | CSO Online
Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations
Infostealer Targets OpenClaw to Loot Victim’s Digital Life - Infosecurity Magazine
Meta and Other Tech Firms Put Restrictions on Use of OpenClaw Over Security Fears | WIRED
PromptSpy: First Android malware to use generative AI in its execution flow - Help Net Security
Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies
API Threats Grow in Scale as AI Expands the Blast Radius - SecurityWeek
Why ‘secure-by-design’ systems are non-negotiable in the AI era | CyberScoop
Over-Privileged AI Drives 4.5 Times Higher Incident Rates - Infosecurity Magazine
Scam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto
AI platforms can be abused for stealthy malware communication
Security at AI speed: The new CISO reality - Help Net Security
UK sets course for stricter AI chatbot regulation - Help Net Security
Ireland now also investigating X over Grok-made sexual images
Turning Moltbook Into a Global Botnet Map
When Cybersecurity Breaks at Scale: What 2026 Will Expose
Safe and Inclusive E‑Society: How Lithuania Is Bracing for AI‑Driven Cyber Fraud
Bots/Botnets
Cloud/SaaS
Phishing via Google Tasks | Kaspersky official blog
CTM360: Lumma Stealer and Ninja Browser malware campaign abusing Google Groups
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Snail mail letters target Trezor and Ledger users in crypto-theft attacks
What Is Cryptojacking? How to Check That Your Computer Isn't Infected
Scam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto
Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps
Crypto Payments to Human Traffickers Surges 85% - Infosecurity Magazine
Cryptojacking Campaign Exploits Driver to Boost Monero Mining - Infosecurity Magazine
Cyber Crime, Organised Crime & Criminal Actors
More Than 40% of South Africans Were Scammed in 2025
Men sentenced to 8 years in $1.3 million computer intrusion and tax fraud scheme - Help Net Security
Nigerian man gets eight years in prison for hacking tax firms
Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions
RAT disguised as an RMM costs crims $300 a month • The Register
Glendale man gets 5 years in prison for role in darknet drug ring
Nigerian man sentenced to 8 years in prison for running phony tax refund scheme | CyberScoop
On The Front Lines Of Cybercrime – Eurasia Review
Data Breaches/Leaks
French Ministry confirms data access to 1.2 Million bank accounts
'Your data is public': Hacker warns victims after leaking 6.8 billion emails online | TechRadar
Over 300 Malicious Chrome Extensions Caught Leaking or Stealing User Data - SecurityWeek
Data breach at fintech firm Figure affects nearly 1 million accounts
Betterment data breach might be worse than we thought - Security Boulevard
Millions of passwords and Social Security numbers exposed
Exposed Database Was Storing More Than 1 Billion Social Security Numbers
Hackers sell stolen Eurail traveler information on dark web
Adidas investigates third-party data breach • The Register
Fintech firm Figure disclosed data breach after employee phishing attack
Canada Goose investigating as hackers leak 600K customer records
Dutch cops arrest man after sending him confidential files • The Register
53% of Gen Z were warned by retailers that their data was compromised - Retail Gazette
Hotel hacker paid 1 cent for luxury rooms, Spanish cops say • The Register
Asahi cyberattack: leak of over 110,000 personal records confirmed - Just Food
Washington Hotel in Japan discloses ransomware infection incident
Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches
Sex toys maker Tenga says hacker stole customer information | TechCrunch
Data/Digital Sovereignty
Washington pushes back against EU’s bid for tech autonomy – POLITICO
Denial of Service/DoS/DDoS
German Rail Giant Deutsche Bahn Hit by Large-Scale DDoS Attack - SecurityWeek
Encryption
Quantum security is turning into a supply chain problem - Help Net Security
Your encrypted data is already being stolen - Help Net Security
Fraud, Scams and Financial Crime
Revealed: 95 billion scam adverts shown to Britons on social media last year | The Independent
More Than 40% of South Africans Were Scammed in 2025
Men sentenced to 8 years in $1.3 million computer intrusion and tax fraud scheme - Help Net Security
Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions
Scam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto
Keenadu backdoor found preinstalled on Android devices, powers Ad fraud campaign
Nigerian man sentenced to 8 years in prison for running phony tax refund scheme | CyberScoop
Identity and Access Management
Identity is the new cyber attack surface | UKAuthority
Survey: Most Security Incidents Involve Identity Attacks - Security Boulevard
Unit 42: Nearly two-thirds of breaches now start with identity abuse | CyberScoop
Over-Privileged AI Drives 4.5 Times Higher Incident Rates - Infosecurity Magazine
Insider Risk and Insider Threats
Infosec exec sold eight zero-day exploit kits to Russia: DoJ • The Register
Internet of Things – IoT
Poland bans Chinese cars from military bases • The Register
Connected and Compromised: When IoT Devices Turn Into Threats
Amazon Scraps Partnership With Surveillance Company After Super Bowl Ad Backlash - SecurityWeek
Apple privacy labels often don't match what Chinese smart home apps do - Help Net Security
Critical infra Honeywell CCTVs vulnerable to auth bypass flaw
Law Enforcement Action and Take Downs
Men sentenced to 8 years in $1.3 million computer intrusion and tax fraud scheme - Help Net Security
Nigerian man gets eight years in prison for hacking tax firms
Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions
Polish authorities arrest alleged Phobos ransomware affiliate | CyberScoop
Former Google Engineers Indicted Over Trade Secret Transfers to Iran
Nigerian man sentenced to 8 years in prison for running phony tax refund scheme | CyberScoop
Dutch cops arrest man after sending him confidential files • The Register
Glendale man gets 5 years in prison for role in darknet drug ring
Linux and Open Source
LockBit 5.0 ransomware expands its reach across Windows, Linux, and ESXi - Help Net Security
Everyone uses open source, but patching still moves too slowly - Help Net Security
Open source registries underfunded as security costs rise • The Register
Malvertising
Threat Actors Exploit Claude Artifacts and Google Ads to Target macOS Users
Malware
1,500 percent increase in new, unique malware highlights growing complexity - BetaNews
Threat Actors Exploit Claude Artifacts and Google Ads to Target macOS Users
Over 300 Malicious Chrome Extensions Caught Leaking or Stealing User Data - SecurityWeek
RAT disguised as an RMM costs crims $300 a month • The Register
CTM360: Lumma Stealer and Ninja Browser malware campaign abusing Google Groups
Infostealer Targets OpenClaw to Loot Victim’s Digital Life - Infosecurity Magazine
Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection | CSO Online
OysterLoader Evolves With New C2 Infrastructure and Obfuscation - Infosecurity Magazine
New 'Foxveil' Malware Loader Leverages Cloudflare, Netlify, and Discord to Evade Detection
Remcos RAT Expands Real-Time Surveillance Capabilities - Infosecurity Magazine
Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies
AI platforms can be abused for stealthy malware communication
ClickFix added nslookup commands to its arsenal for downloading RATs - Security Boulevard
Microsoft alerts on DNS-based ClickFix variant delivering malware via nslookup
Hackers Use Fake CAPTCHA To Infect Windows PCs - gHacks Tech News
New threat actor UAT-9921 deploys VoidLink against enterprise sectors
Cryptojacking Campaign Exploits Driver to Boost Monero Mining - Infosecurity Magazine
Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs
RMM Abuse Explodes as Hackers Ditch Malware
Mobile
Keenadu backdoor found preinstalled on Android devices, powers Ad fraud campaign
PromptSpy: First Android malware to use generative AI in its execution flow - Help Net Security
New Keenadu Android Malware Found on Thousands of Devices - SecurityWeek
ZeroDayRAT spyware targets Android and iOS devices via commercial toolkit | CSO Online
Apple privacy labels often don't match what Chinese smart home apps do - Help Net Security
Public mobile networks are being weaponized for combat drone operations - Help Net Security
Google blocked over 1.75 million Play Store app submissions in 2025
Models, Frameworks and Standards
UK.gov launches cyber 'lockdown' campaign as 80% of orgs hit • The Register
When DORA Goes From Afterthought to Commercial Imperative - IT Security Guru
Businesses urged to “lock the door” on cyber criminals as new government campaign launches - GOV.UK
Cyber Resilience Act: The Fine Line Between SaaS and Digital Products | DLA Piper - JDSupra
EU eyes rollback of key privacy rules, GDPR| Cybernews
Breaking down NIS2: the five main requirements of the updated NIS Directive — Financier Worldwide
How the Cybersecurity and Resilience Bill could impact MSPs | ChannelPro
Passwords to passkeys: Staying ISO 27001 compliant in a passwordless era
Bulgaria's Cybersecurity Act Amendments: Key Changes 2026
Outages
Microsoft Teams outage affects users in United States, Europe
Passwords, Credential Stuffing & Brute Force Attacks
One stolen credential is all it takes to compromise everything - Help Net Security
French Ministry confirms data access to 1.2 Million bank accounts
Millions of passwords and Social Security numbers exposed
Exploitable Flaws Found in Cloud-Based Password Managers
Vulnerabilities in Password Managers Allow Hackers to Change Passwords - Infosecurity Magazine
Password managers' promise that they can't see your vaults isn't always true - Ars Technica
Regulations, Fines and Legislation
When DORA Goes From Afterthought to Commercial Imperative - IT Security Guru
The UK’s Ransomware Strategy: What the UK Government’s Response Signals | Goodwin - JDSupra
EU eyes rollback of key privacy rules, GDPR| Cybernews
Breaking down NIS2: the five main requirements of the updated NIS Directive — Financier Worldwide
How the Cybersecurity and Resilience Bill could impact MSPs | ChannelPro
UK to force social media to remove abusive pics in 48 hours • The Register
Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches
UK sets course for stricter AI chatbot regulation - Help Net Security
Ireland now also investigating X over Grok-made sexual images
US appears open to reversing some China tech bans • The Register
US Reportedly Shelves Plan a Ban TP-Link Routers for Now | PCMag
Bulgaria's Cybersecurity Act Amendments: Key Changes 2026
CISA Navigates DHS Shutdown With Reduced Staff - SecurityWeek
Europe's social media ban wave | Cybernews
Social Media
Revealed: 95 billion scam adverts shown to Britons on social media last year | The Independent
UK to force social media to remove abusive pics in 48 hours • The Register
Europe's social media ban wave | Cybernews
Supply Chain and Third Parties
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs
The Law of Cyberwar is Pretty Discombobulated - Security Boulevard
Venezuela operation relied on little-known cyber center, official says - Breaking Defense
Nation State Actors
China
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
New threat actor UAT-9921 deploys VoidLink against enterprise sectors
If we can’t name China’s cyberattacks, we lose trust in ourselves | The Strategist
US appears open to reversing some China tech bans • The Register
US Reportedly Shelves Plan a Ban TP-Link Routers for Now | PCMag
Poland bans Chinese cars from military bases • The Register
US lawyers file privacy class action against Lenovo • The Register
FBI: Threats from Salt Typhoon are ‘still very much ongoing’ | CyberScoop
Texas sues TP-Link over China links and security vulns • The Register
China-linked crew embedded in US energy networks • The Register
Apple privacy labels often don't match what Chinese smart home apps do - Help Net Security
Russia
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs
Public mobile networks are being weaponized for combat drone operations - Help Net Security
Infosec exec sold eight zero-day exploit kits to Russia: DoJ • The Register
Poland Energy Survives Attack on Wind, Solar Infrastructure
First Starlink, Now Telegram: Russian War Bloggers Sound The Alarm
North Korea
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
Iran
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
Former Google Engineers Indicted Over Trade Secret Transfers to Iran
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Venezuela operation relied on little-known cyber center, official says - Breaking Defense
Tools and Controls
RMM Abuse Explodes as Hackers Ditch Malware
LockBit 5.0 ransomware expands its reach across Windows, Linux, and ESXi - Help Net Security
Exploitable Flaws Found in Cloud-Based Password Managers
Vulnerabilities in Password Managers Allow Hackers to Change Passwords - Infosecurity Magazine
RAT disguised as an RMM costs crims $300 a month • The Register
Identity is the new cyber attack surface | UKAuthority
Survey: Most Security Incidents Involve Identity Attacks - Security Boulevard
Unit 42: Nearly two-thirds of breaches now start with identity abuse | CyberScoop
Microsoft: Anti-phishing rules mistakenly blocked emails, Teams messages
How the rise of the AI ‘agent boss’ is reshaping accountability in IT | IT Pro
Why ‘secure-by-design’ systems are non-negotiable in the AI era | CyberScoop
Ransomware gangs are using employee monitoring software as a springboard for cyber attacks | IT Pro
With CISOs stretched thin, re-envisioning enterprise risk may be the only fix | CSO Online
Microsoft Under Pressure to Bolster Defenses for BYOVD Attacks
Security professionals struggle to spot production risks - BetaNews
Microsoft alerts on DNS-based ClickFix variant delivering malware via nslookup
New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS
Flaws in popular VSCode extensions expose developers to attacks
Cybersecurity Requires Collective Resilience
Redefining risk management | IT Pro
How Security Operations Will Fundamentally Change in 2026
Spain orders NordVPN, ProtonVPN to block LaLiga piracy sites
Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot
Other News
RMM Abuse Explodes as Hackers Ditch Malware
SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks: NCSC Boss War - Infosecurity Magazine
Attackers keep finding the same gaps in security programs - Help Net Security
Dutch defense chief: F-35s can be jailbroken like iPhones • The Register
FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025
Hotel hacker paid 1 cent for luxury rooms, Spanish cops say • The Register
Four new reasons why Windows LNK files cannot be trusted | CSO Online
Exclusive: US plans online portal to bypass content bans in Europe and elsewhere | Reuters
Vulnerability Management
Microsoft Under Pressure to Bolster Defenses for BYOVD Attacks
Everyone uses open source, but patching still moves too slowly - Help Net Security
Notepad++ boosts update security with ‘double-lock’ mechanism
Vulnerabilities
Dell's Hard-Coded Flaw: A Nation-State Goldmine
Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection | CSO Online
Vulnerabilities in Password Managers Allow Hackers to Change Passwords - Infosecurity Magazine
Exploitable Flaws Found in Cloud-Based Password Managers
One threat actor responsible for 83% of recent Ivanti RCE attacks
Critical Microsoft bug from 2024 under exploitation • The Register
Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center
PoC Released for Windows Notepad Vulnerability that Enables Malicious Command Execution
Flaws in popular VSCode extensions expose developers to attacks
Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration - SecurityWeek
Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs
Windows 11 KB5077181 Securiuty Update Causing Some Devices to Restart in an Infinite Loop
Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025 - SecurityWeek
Four new reasons why Windows LNK files cannot be trusted | CSO Online
Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot
Critical infra Honeywell CCTVs vulnerable to auth bypass flaw
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 13 February 2026
Black Arrow Cyber Threat Intelligence Briefing 13 February 2026:
-‘Dead’ Outlook Add-In Hijacked to Phish 4,000 Microsoft Office Store Users
-30+ Chrome Extensions Disguised as AI Chatbots Steal Users’ API Keys, Emails, Other Sensitive Data
-Payroll Pirates Are Conning Help Desks to Steal Workers’ Identities and Redirect Paychecks
-Naming and Shaming: How Ransomware Groups Tighten the Screws on Victims
-LummaStealer Infections Surge After CastleLoader Malware Campaigns
-Devilish Devs Spawn 287 Chrome Extensions to Flog Your Browser History to Data Brokers
-AI Threat Modelling Must Include Supply Chain, Agents, and Human Risk
-Deepfake Fraud Taking Place on an Industrial Scale, Study Finds
-Supply Chain Attacks Now Fuel a ‘Self-Reinforcing’ Cybercrime Economy
-These 4 Critical AI Vulnerabilities Are Being Exploited Faster than Defenders Can Respond
-Those 'Summarise With AI' Buttons May Be Lying to You
-Which Cyber Security Terms Your Management Might Be Misinterpreting
-Follow the Code
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
We start this week with some actions for business leaders to address new and emerging threats including malicious Outlook add-ins and Chrome extensions disguised as AI chatbots, as well as an evolution of classic payroll fraud. We also report on how attackers, once in your system, are increasingly using data leak sites on the dark web to force victims to pay.
AI, as expected, is proving to be an escalating risk. We include a number of examples used by attackers including deepfake fraud, hidden instructions that manipulate AI, and data poisoning. AI is also empowering criminals to conduct traditional attacks more successfully. This information highlights that organisations to consider their entire ecosystem in their threat modelling to identify the necessary cyber controls, which should consider security as well as the minimum standards for regulatory compliance.
We finish with an article written by one of our Directors for the magazine of the Institute of Chartered Accountants of Scotland (ICAS), on the value of the UK Government’s Cyber Governance Code of Practice.
Contact us to discuss how to apply these insights in your security strategy in a pragmatic and proportionate manner.
Top Cyber Stories of the Last Week
‘Dead’ Outlook Add-In Hijacked to Phish 4,000 Microsoft Office Store Users
Researchers at Koi Security found that an abandoned Outlook add-in called AgreeTo was taken over and used to steal Microsoft account log-in details from around 4,000 users. The abandoned add‑in relied on an external website to load its content when used; the attacker took over that website and replaced it with a fake Microsoft login page to gain access to the user’s Outlook. This allowed the attacker to access the user’s emails by using previously granted permissions.
30+ Chrome Extensions Disguised as AI Chatbots Steal Users’ API Keys, Emails, Other Sensitive Data
More than 30 malicious Chrome extensions disguised as AI chatbot tools have been found stealing sensitive information from at least 260,000 users. The extensions share the same code and link back to a single operator in a campaign called AiFrame. Some use embedded web pages to mimic trusted tools, allowing them to harvest browsing data, login details, API keys, and even Gmail messages and drafts.
https://www.theregister.com/2026/02/12/30_chrome_extensions_ai/
Payroll Pirates Are Conning Help Desks to Steal Workers’ Identities and Redirect Paychecks
Binary Defense investigated a December 2025 incident where criminals redirected a physician’s salary by manipulating a help desk, exploiting people and weak internal processes rather than breaking through technical defences. After gaining access to a shared email mailbox, the attacker phoned the help desk, claimed they were locked out and needed urgent access, and persuaded staff to reset the password and multi-factor authentication. They then used the organisation’s own virtual desktop system so activity looked normal, accessed the Workday payroll platform, and changed bank details. This was only spotted when the physician was not paid.
https://www.theregister.com/2026/02/11/payroll_pirates_business_social_engineering/
Naming and Shaming: How Ransomware Groups Tighten the Screws on Victims
Ransomware groups are increasingly using data leak sites on the dark web to pressure organisations into paying, by stealing information and threatening to publish it publicly. These sites often release a small sample, such as emails or contracts, then use deadlines and public exposure to force rapid decisions, even before leaders have full clarity on what was taken. The impact can spread beyond the initial victim, with stolen data reused for fraud, phishing, and attacks on customers and partners. Paying a ransom does not guarantee recovery or confidentiality, and some victims are targeted again within months.
LummaStealer Infections Surge After CastleLoader Malware Campaigns
LummaStealer, a criminal malware‑as‑a‑service operation disrupted in May 2025 when authorities seized 2,300 malicious domains, is scaling up again. Activity resumed in July 2025 and grew sharply between December 2025 and January 2026. Infections are increasingly spread through ClickFix pages that show fake verification prompts and trick users into running a PowerShell command, which silently installs LummaStealer to capture passwords, browser data, and other sensitive information.
Devilish Devs Spawn 287 Chrome Extensions to Flog Your Browser History to Data Brokers
A security researcher has identified 287 Google Chrome extensions, with an estimated 37.4 million installations, that allegedly share users’ browsing histories with more than 30 organisations. Browsing history is a record of websites visited and can reveal sensitive interests or activities; even when anonymised, it can often be linked back to individuals. Many of the extensions present as harmless tools while requesting broad access that is not clearly justified, with privacy policies that may obscure how data is used. The findings highlight the need for tighter controls over browser add-ons and clearer user awareness.
https://www.theregister.com/2026/02/11/security_researcher_287_chrome_extensions_data_leak/
AI Threat Modelling Must Include Supply Chain, Agents, and Human Risk
Palo Alto Networks reports that 99% of organisations suffered at least one attack on an AI system in the past year, underscoring that AI risk is not solved by strengthening cloud infrastructure alone. Effective protection must cover the wider ecosystem including the third party software and data used to build and run AI, as well as the automated AI agents that can take actions on behalf of staff, and the people who approve changes. When agents have broad permissions, attackers can manipulate what they read and influence what they do without obvious signs of hacking. These risks can be better managed through strong governance, strict access controls and better monitoring.
https://cyberscoop.com/ai-threat-modeling-beyond-cloud-infrastructure-op-ed/
Deepfake Fraud Taking Place on an Industrial Scale, Study Finds
Deepfake fraud is now happening at industrial scale, with inexpensive AI tools making it easy to create convincing fake video and voice that impersonate trusted people such as journalists, politicians or company leaders. The AI Incident Database has logged more than a dozen recent cases, and researchers estimate fraud and manipulation have been the largest category of reported incidents in 11 of the past 12 months. The impact is real: a finance officer at a Singaporean multinational transferred nearly $500,000 after a fake video call, while UK consumers are estimated to have lost £9.4bn to fraud in the nine months to November 2025.
Supply Chain Attacks Now Fuel a ‘Self-Reinforcing’ Cybercrime Economy
Group-IB warns that criminals are increasingly using supply chain attacks as an industrial-scale route of entry into many organisations, by compromising trusted suppliers, service providers, or widely used software components. The report describes a self-reinforcing cycle where stolen login details and abused sign-in permissions are used to gain access to cloud business services; the attacker then moves across connected partners before deploying ransomware or extortion. Over the next year, Group-IB expects attacks to speed up through AI tools that scan suppliers. It is also expected that identity-based intrusions will increasingly replace traditional malware; these can be harder to spot because attackers appear to be legitimate users.
https://www.theregister.com/2026/02/12/supply_chain_attacks/
These 4 Critical AI Vulnerabilities Are Being Exploited Faster than Defenders Can Respond
Researchers warn that companies are rolling out AI faster than they can secure it, and several major weaknesses currently have no reliable fix. Attackers can manipulate AI agents to carry out cyber attacks, including tricking AI tools using hidden instructions, poisoning training data very cheaply, and using deepfake audio or video to impersonate executives. Studies show prompt‑based attacks work against 56% of large AI models, training data can be poisoned using just 250 malicious documents for about $60, and deepfake scams have already enabled major fraud.
https://www.zdnet.com/article/ai-security-threats-2026-overview/
Those 'Summarise With AI' Buttons May Be Lying to You
Microsoft has found that some ‘Summarise with AI’ buttons on websites hide instructions designed to influence the answers given by AI assistants. These hidden prompts can quietly steer the assistant toward recommending a particular company or source. Microsoft detected 50 such attempts across 31 companies in 14 industries, meaning senior decision makers could receive biased advice without realising it. This works by pre‑filling prompts and, in some cases, storing them using the assistant’s memory feature.
https://www.darkreading.com/cyber-risk/summarize-ai-buttons-may-be-lying
Which Cyber Security Terms Your Management Might Be Misinterpreting
Clear, shared language between the CISO and the Board is essential because common cyber security terms are often misunderstood, leading to misdirected spending and false confidence. Cyber risk is a business risk tied to continuity, financial loss, and reputation, not just an IT uptime issue. Compliance only proves minimum standards at a point in time and does not equal safety. Leaders should distinguish weaknesses from threats and the resulting business risk, and avoid assuming recovery plans alone cover a cyber attack. Zero-trust and cloud security also require long term process change, not a product purchase.
https://www.kaspersky.co.uk/blog/language-of-risk-key-cybersecurity-terms-for-the-board/30035/
Follow the Code
The UK government’s Cyber Governance Code of Practice is becoming an important framework for business leaders as cyber‑attacks rise. It contains clear actions to help achieve proportionate and evidence-based governance, avoiding ‘compliance theatre’. Leaders are expected to improve their own cyber literacy, understand the business impact of a cyber incident, and to challenge the evidence provided to them including from control providers in IT. Two high value elements are realistic incident rehearsals, and quarterly reviews of cyber metrics. The Code complements established cyber security frameworks and standards, and supports wider governance regimes. Boards are encouraged to discuss adopting the Code and to use specialist expertise to strengthen their oversight.
Governance, Risk and Compliance
Supply chain breaches fuel cybercrime cycle, report says • The Register
69% of CISOs open to career move — including leaving role entirely | CSO Online
Attackers are moving at machine speed, defenders are still in meetings - Help Net Security
Schrödinger's cat and the enterprise security paradox | CSO Online
Security in the Dark: Recognizing the Signs of Hidden Information - SecurityWeek
CISOs to pour 2026 budgets into AI as cybersecurity priorities shift | Ctech
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Groups May Pivot Back to Encryption as Data Theft Tactics Falter - SecurityWeek
Reynolds ransomware uses BYOVD to disable security before encryption
Naming and shaming: How ransomware groups tighten the screws on victims
Nitrogen’s ransomware can’t be decrypted — even by Nitrogen – DataBreaches.Net
Black Basta Ransomware Actors Embeds BYOVD Defense Evasion Component with Ransomware Payload Itself
Interlock Ransomware Actors New Tool Exploiting Gaming Anti-Cheat Driver 0-Day to Disable EDR and AV
Phorpiex Phishing Delivers Low-Noise Global Group Ransomware - Infosecurity Magazine
Attackers Weaponizing Windows Shortcut File to Deliver Global Group Ransomware
As ransomware recedes, a new more dangerous digital parasite rises | ZDNET
From Ransomware to Residency: Inside the Rise of the Digital Parasite
Crazy ransomware gang abuses employee monitoring tool in attacks
FTC warns poor cybersecurity leaves consumers open to ransomware | Cybernews
0APT ransomware group rises swiftly with bluster, along with genuine threat of attack | CyberScoop
Under-reporting masks scale of ransomware crisis, ESET warn
Italian university La Sapienza hit by massive IT outage
Ransomware Victims
Payments platform BridgePay confirms ransomware attack behind outage
BridgePay Confirms Ransomware Attack, No Card Data Compromised - Infosecurity Magazine
Phishing & Email Based Attacks
Surge in AI-Driven Phishing Attacks and QR Code Quishing in 2025 Spam and Phishing Report
Phorpiex Phishing Delivers Low-Noise Global Group Ransomware - Infosecurity Magazine
‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users – Computerworld
Flickr moves to contain data exposure, warns users of phishing
Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign
Other Social Engineering
Surge in AI-Driven Phishing Attacks and QR Code Quishing in 2025 Spam and Phishing Report
Payroll pirates conned the help desk, stole employee’s pay • The Register
DPRK IT Workers Use Stolen LinkedIn Identities to Secure Remote Employment
EDR, Email, and SASE Miss This Entire Class of Browser Attacks
Digital squatters are weaponizing your muscle memory to steal passwords | Cybernews
State-sponsored cyber spies directly target defense industry employees across West | Cybernews
Dating online this Valentine’s Day? Here’s how to spot an AI romance scam - Digital Trends
A new wave of romance scams is washing across the internet—here's how to stay safe
2FA/MFA
Police arrest seller of JokerOTP MFA passcode capturing tool
Artificial Intelligence
Surge in AI-Driven Phishing Attacks and QR Code Quishing in 2025 Spam and Phishing Report
Deepfake fraud taking place on an industrial scale, study finds | Deepfake | The Guardian
Google says hackers are abusing Gemini AI for all attacks stages
42,900 OpenClaw Exposed Control Panels and Why You Should Care - Security Boulevard
These 4 critical AI vulnerabilities are being exploited faster than defenders can respond | ZDNET
30+ Chrome extensions disguised as AI chatbots steal secrets • The Register
Those 'Summarize With AI' Buttons May Be Lying to You
AI threat modeling must include supply chains, agents, and human risk | CyberScoop
Attackers are moving at machine speed, defenders are still in meetings - Help Net Security
OpenClaw's Gregarious Insecurities Make Safe Usage Difficult
Moltbook: Cutting Through the AI Hype to the Real Security Risks - IT Security Guru
AI agents behave like users, but don't follow the same rules - Help Net Security
Living off the AI: The Next Evolution of Attacker Tradecraft - SecurityWeek
North Korean Hackers Use Deepfake Video Calls to Target Crypto Firms - Infosecurity Magazine
Your AI browser is a cybersecurity threat you’re not prepared for
Security professionals express concern over OpenClaw - SD Times
Threat Actors Weaponize ChatGPT, Grok and Leverages Google Ads to Distribute macOS AMOS Stealer
Why your AI doctor doesn't follow HIPAA: The hidden risks of medical chatbots | CyberScoop
Cloud teams are hitting maturity walls in governance, security, and AI use - Help Net Security
Indian police commissioner wants ID cards for AI agents • The Register
AI hacking platform WormGPT has user data leaked, attackers claim | Cybernews
VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code - Infosecurity Magazine
Bots/Botnets
DDoS deluge: Brit biz battered by record botnet blitz • The Register
Kimwolf Botnet Swamps Anonymity Network I2P – Krebs on Security
New Linux botnet SSHStalker uses old-school IRC for C2 comms
Careers, Roles, Skills, Working in Cyber and Information Security
69% of CISOs open to career move — including leaving role entirely | CSO Online
Survey: Widespread Adoption of AI Hasn't Yet Reduced Cybersecurity Burnout - Security Boulevard
What happens when cybersecurity knowledge walks out the door - Help Net Security
Cloud/SaaS
AI threat modeling must include supply chains, agents, and human risk | CyberScoop
VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code - Infosecurity Magazine
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
Sovereign infrastructure spend to triple in Europe as fifth of workloads stay local | IT Pro
EU capitals say deleting US tech is not realistic – POLITICO
Cloud teams are hitting maturity walls in governance, security, and AI use - Help Net Security
Security teams are paying for sprawl in more ways than one - Help Net Security
Why organizations need cloud attack surface management | TechTarget
The invisible breach: how SaaS supply chains became cybersecurity’s new weak link
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
North Korean Hackers Use Deepfake Video Calls to Target Crypto Firms - Infosecurity Magazine
Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
North Korean hackers use new macOS malware in crypto-theft attacks
Cyber Crime, Organised Crime & Criminal Actors
Supply chain breaches fuel cybercrime cycle, report says • The Register
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
Police arrest seller of JokerOTP MFA passcode capturing tool
On the Front Lines of Cybercrime - Africa Defense Forum
Data Breaches/Leaks
30+ Chrome extensions disguised as AI chatbots steal secrets • The Register
Handful of breaches expose most patient data in UK | Cybernews
UK blames legacy IT for incomplete data protection progress • The Register
Nearly 17,000 Volvo staff dinged in supplier breach • The Register
South Korea Blames Coupang Data Breach on Management Failure, Not Sophisticated Attack
Security researcher finds 287 Chrome extensions leaking data • The Register
Why your AI doctor doesn't follow HIPAA: The hidden risks of medical chatbots | CyberScoop
Odido data breach exposes personal info of 6.2 million customers
AI hacking platform WormGPT has user data leaked, attackers claim | Cybernews
Flickr Security Incident Tied to Third-Party Email System - SecurityWeek
European Governments Breached in Zero-Day Attacks Targeting Ivanti - Infosecurity Magazine
Budget leak bigger than thought, says NCSC - www.rossmartin.co.uk
Polish hacker charged seven years after massive Morele.net data breach
Fairphone denies any hack behind suspicious emails - Android Authority
Data Protection
UK blames legacy IT for incomplete data protection progress • The Register
Data/Digital Sovereignty
Sovereign infrastructure spend to triple in Europe as fifth of workloads stay local | IT Pro
EU capitals say deleting US tech is not realistic – POLITICO
Denial of Service/DoS/DDoS
DDoS deluge: Brit biz battered by record botnet blitz • The Register
Encryption
"Encrypt It Already" Campaign Pushes Big Tech on E2E Encryption
Fraud, Scams and Financial Crime
Deepfake fraud taking place on an industrial scale, study finds | Deepfake | The Guardian
Payroll pirates conned the help desk, stole employee’s pay • The Register
Fake Dubai Crown Prince tracked to Nigerian mansion after $2.5M romance scam
'Digital squatting' hits new levels as hackers target brand domains | TechRadar
Dating online this Valentine’s Day? Here’s how to spot an AI romance scam - Digital Trends
A new wave of romance scams is washing across the internet—here's how to stay safe
FTC warns poor cybersecurity leaves consumers open to ransomware | Cybernews
60% of Financial Cyberattacks Begin with Stolen Logins: UAE Cyber Security Council
Fugitive behind $73M 'pig butchering' scheme gets 20 years in prison
Identity and Access Management
Why identity recovery is now central to cyber resilience | CSO Online
Insider Risk and Insider Threats
AI threat modeling must include supply chains, agents, and human risk | CyberScoop
DPRK IT Workers Use Stolen LinkedIn Identities to Secure Remote Employment
Internet of Things – IoT
Hackers Are Targeting Your Smart Home. Here's How to Stop Them | PCMag
'Dodgy boxes': Irish homes warned after major global cyberattack targets Android-enabled TVs
What Organizations Need to Change When Managing Printers
Law Enforcement Action and Take Downs
Police arrest seller of JokerOTP MFA passcode capturing tool
Fugitive behind $73M 'pig butchering' scheme gets 20 years in prison
Dutch authorities seized one of Windscribe VPN's servers – here's everything we know | TechRadar
Polish hacker charged seven years after massive Morele.net data breach
Man pleads guilty to hacking nearly 600 women’s Snapchat accounts
Linux and Open Source
New Linux botnet SSHStalker uses old-school IRC for C2 comms
Malvertising
Social Media Platforms Earn Billions from Scam Ads - Infosecurity Magazine
Malware
‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users – Computerworld
LummaStealer infections surge after CastleLoader malware campaigns
30+ Chrome extensions disguised as AI chatbots steal secrets • The Register
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
Kimwolf Botnet Swamps Anonymity Network I2P – Krebs on Security
Shai-hulud: The Hidden Costs of Supply Chain Attacks
Over 1,800 Windows Servers Compromised by BADIIS Malware in Large-Scale SEO Poisoning Campaign
Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
North Korean hackers use new macOS malware in crypto-theft attacks
VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code - Infosecurity Magazine
Threat Actors Weaponize ChatGPT, Grok and Leverages Google Ads to Distribute macOS AMOS Stealer
Cybercriminals Use Malicious Cybersquatting Attacks to Distribute Malware and Hijack Data
Malicious 7-Zip site distributes installer laced with proxy tool
Chinese-Made Malware Kit Targets Chinese-Based Edge Devices - Infosecurity Magazine
Sophisticated Cyber Attack Targets Wedding Industry With Teams-Based Malware Delivery
APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities
Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign
RATs in the Machine: Inside a Pakistan-Linked Three-Pronged Cyber Assault on India - SecurityWeek
Misinformation, Disinformation and Propaganda
From disinformation to espionage – Russia’s hybrid actions against Poland
Mobile
Security teams are paying for sprawl in more ways than one - Help Net Security
Google says 1 billion Android users need to buy a new phone now - PhoneArena
Germany warns of Signal account hijacking targeting senior figures
ZeroDayRAT spyware grants attackers total access to mobile devices
Is spyware hiding on your phone? How to find out and remove it - fast | ZDNET
Fairphone denies any hack behind suspicious emails - Android Authority
Models, Frameworks and Standards
Outages
Microsoft 365 outage takes down admin center in North America
Passwords, Credential Stuffing & Brute Force Attacks
First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials
60% of Financial Cyberattacks Begin with Stolen Logins: UAE Cyber Security Council
Digital squatters are weaponizing your muscle memory to steal passwords | Cybernews
Your router's default password is probably on a public database
Your browser extensions can see every password you type
Regulations, Fines and Legislation
Why your AI doctor doesn't follow HIPAA: The hidden risks of medical chatbots | CyberScoop
Cybersecurity Information Sharing Act of 2015 Reauthorized Through September 2026 – DataBreaches.Net
Social Media
Social Media Platforms Earn Billions from Scam Ads - Infosecurity Magazine
DPRK IT Workers Impersonating Individuals Using Real LinkedIn Accounts to Apply for Remote Roles
Man pleads guilty to hacking nearly 600 women’s Snapchat accounts
Discord Is Threatening To Restrict Your Account Unless You Provide ID And Facial Scans
Flickr moves to contain data exposure, warns users of phishing
TikTok under EU pressure to change its addictive algorithm - Help Net Security
Fears about TikTok’s policy changes point to a deeper problem in the tech industry
Supply Chain and Third Parties
AI threat modeling must include supply chains, agents, and human risk | CyberScoop
Supply chain breaches fuel cybercrime cycle, report says • The Register
Shai-hulud: The Hidden Costs of Supply Chain Attacks
Security teams are paying for sprawl in more ways than one - Help Net Security
Cloud teams are hitting maturity walls in governance, security, and AI use - Help Net Security
The invisible breach: how SaaS supply chains became cybersecurity’s new weak link
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
State-sponsored cyber spies directly target defense industry employees across West | Cybernews
Google Warns of 'Relentless' Cyber Siege on Defense Industry
State-sponsored hackers targeting defence sector employees, Google says | Espionage | The Guardian
EU Commission commits €347m to submarine cable security ...
Grey Zone Warfare - The Statesman
State spies snooping on Signal users, Germany warns | Cybernews
Singapore spent 11 months evicting suspected telco spies • The Register
Nation State Actors
German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists
Hackers Linked to State Actors Target Signal Messages of Military Officials and Journalists
China
Google: China's APT31 used Gemini to plan US cyberattacks • The Register
Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
Palo Alto Chose Not to Tie China to Hacking Campaign on Retaliation Fear: Sources
Chinese cyberspies breach Singapore's four largest telcos
Singapore spent 11 months evicting suspected telco spies • The Register
Senator doesn't trust telcos on Salt Typhoon mitigations • The Register
Chinese-Made Malware Kit Targets Chinese-Based Edge Devices - Infosecurity Magazine
China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
8.7 billion records spilled: Inside the massive Chinese data leak | Cybernews
Russia
The world’s default productivity tool is becoming a national security liability | Computer Weekly
State-sponsored hackers targeting defence sector employees, Google says | Espionage | The Guardian
EU Commission commits €347m to submarine cable security ...
From disinformation to espionage – Russia’s hybrid actions against Poland
Thwarted Winter Olympics hack highlights growing cyber exposure for major events | Insurance Times
Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign
Top Putin General Vladimir Alexeyev Behind U.S. Election Meddling Shot in Moscow
Russia tries to block WhatsApp, Telegram in communication blockade
North Korea
DPRK IT Workers Impersonating Individuals Using Real LinkedIn Accounts to Apply for Remote Roles
North Korean Hackers Use Deepfake Video Calls to Target Crypto Firms - Infosecurity Magazine
North Korean hackers use new macOS malware in crypto-theft attacks
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities
RATs in the Machine: Inside a Pakistan-Linked Three-Pronged Cyber Assault on India - SecurityWeek
State-sponsored cyber spies directly target defense industry employees across West | Cybernews
Google Warns of 'Relentless' Cyber Siege on Defense Industry
State-sponsored hackers targeting defence sector employees, Google says | Espionage | The Guardian
Tools and Controls
Reynolds ransomware uses BYOVD to disable security before encryption
Survey: Widespread Adoption of AI Hasn't Yet Reduced Cybersecurity Burnout - Security Boulevard
Interlock Ransomware Actors New Tool Exploiting Gaming Anti-Cheat Driver 0-Day to Disable EDR and AV
Crazy ransomware gang abuses employee monitoring tool in attacks
Security in the Dark: Recognizing the Signs of Hidden Information - SecurityWeek
Dutch authorities seized one of Windscribe VPN's servers – here's everything we know | TechRadar
What Organizations Need to Change When Managing Printers
"Encrypt It Already" Campaign Pushes Big Tech on E2E Encryption
Microsoft Copilot Security Has a Blind Spot — And It’s at Runtime - Security Boulevard
Ransomware crews abuse bossware to blend into networks • The Register
CISOs to pour 2026 budgets into AI as cybersecurity priorities shift | Ctech
Organizations Urged to Replace Discontinued Edge Devices - SecurityWeek
Other News
NCSC Issues Warning Over “Severe” Cyber-Attacks Targeting CNI - Infosecurity Magazine
Cyberattacks emerges as “material transaction risk” for PE | Insurance Business
Cyber risk is becoming a hold-period problem for private equity firms - Help Net Security
European Commission Investigating Cyberattack - SecurityWeek
‘Prepare for blackouts’: Ed Miliband’s net zero revolution is a hacker’s dream
A case of when, not if – the reality of Cyber-attacks | London City Hall
Rising threats require a battle-tested electricity system for Europe, says Eurelectric report
How Emerging Threats Are Forcing A Reboot Of Defence Industrial Base Security Policy | Scoop News
Vulnerability Management
CVEs set to hit record high levels in 2026 - BetaNews
FIRST Forecasts Record-Breaking 50,000+ CVEs in 2026 - Infosecurity Magazine
Time to Exploit Plummets as N-Day Flaws Dominate - Infosecurity Magazine
New Data Tool Helps Orgs Prioritize Exploited Flaws Smarter
Google says 1 billion Android users need to buy a new phone now - PhoneArena
Upgrade Now: Microsoft Issues Security Warning to Those Still on Windows 10
Infosec researchers mull curious case of Telnet ancient flaw • The Register
Organizations Urged to Replace Discontinued Edge Devices - SecurityWeek
Vulnerabilities
Microsoft just patched 6 zero-days, but you might want to hold off updating - here's why | ZDNET
Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms
Chrome 145 Patches 11 Vulnerabilities - SecurityWeek
Cisco Meeting Management Vulnerability Let Remote Attacker Upload Arbitrary Files
F5 Patches Critical Vulnerabilities in BIG-IP, NGINX, and Related Products
SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers
Apple Patches iOS Zero-Day Exploited in 'Extremely Sophisticated Attack' - SecurityWeek
Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices
Windows Notepad is now complex enough to have a serious security flaw | PCWorld
Windows 11 Notepad flaw let files execute silently via Markdown links
Microsoft begins Secure Boot certificate update for Windows devices - Help Net Security
Chipmaker Patch Tuesday: Over 80 Vulnerabilities Addressed by Intel and AMD - SecurityWeek
BeyondTrust warns of critical RCE flaw in remote support software
Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution
Critical Fortinet FortiClientEMS flaw allows remote code execution
Claude Desktop Extensions 0-Click RCE Vulnerability Exposes 10,000+ Users to Remote Attacks
Ivanti EPMM exploitation: Researchers warn of "sleeper" webshells - Help Net Security
83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure
Hackers breach SmarterTools network using flaw in its own software
Ransomware group breached SmarterTools via flaw in its SmarterMail deployment - Help Net Security
Dutch data watchdog caught up in Ivanti zero-day attacks • The Register
WordPress plugin with 900k installs vulnerable to critical RCE flaw
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 06 February 2026
Black Arrow Cyber Threat Intelligence Briefing 06 February 2026:
-From Clawdbot to OpenClaw: This Viral AI Agent Is Evolving Fast – and It’s Nightmare Fuel for Security Pros
-Why Moltbook Changes the Enterprise Security Conversation
-Beware of Weaponised Voicemail Messages Granting Hackers Remote Access to Your System
-Open the Wrong “PDF” and Attackers Gain Remote Access to Your PC
-AI Drives Doubling of Phishing Attacks in a Year
-Nitrogen Ransomware Is So Broken Even the Crooks Can’t Unlock Your Files
-The Human Layer of Security: Why People Are Still the Weakest Link in 2026
-What Is Cyber Risk Management and Why It Is Important for Businesses?
-The Growing Cyber Risk in Interconnected Supply Chains
-Over 75 Percent of Cyber Security Professionals Worry About AI Agent Risks
-Experts Show How Major UK Food Crisis Might Occur
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
A new evolving business threat has come to the fore, caused by autonomous AI assistants such as OpenClaw (aka Clawdbot and Moltbot), with significant and developing cyber risk considerations. In our summaries below, we also give details of other developing attack methods, including voicemail alerts and fake PDFs. AI, as predicted, is also escalating the dangers of phishing emails and is a concern for 75% of cyber professionals.
We also look at how employees and supply chains represent significant security weaknesses and how to address them, further underlining why cyber security is not a technology subject but instead requires coordinated risk management across the business.
To address these risks, leadership teams need to ensure their cyber knowledge comes from impartial experts, to take greater command of the risks and avoid the same blind spots as their control providers across people, operations and technology. Contact us to discuss how to achieve this in a proportionate manner.
Top Cyber Stories of the Last Week
From Clawdbot to OpenClaw: This Viral AI Agent Is Evolving Fast – and It’s Nightmare Fuel for Security Pros
OpenClaw, a fast growing open source personal AI assistant, shows how quickly AI tools could reshape cyber risk. It can connect to everyday apps like WhatsApp, email and calendars, and needs broad permissions to take actions on a user’s behalf. That access creates new routes for cyber attack, including fake downloads and scams, malicious add-ons, unsafe settings that leak passwords or access keys, and hidden instructions that trick the AI into harmful actions. Despite 34 recent security fixes, leaders should treat autonomous assistants as high risk until governance and controls mature.
https://www.zdnet.com/article/clawdbot-moltbot-openclaw-security-nightmare/
Why Moltbook Changes the Enterprise Security Conversation
A new risk is emerging as artificial intelligence agents begin talking to each other on social platforms such as Moltbook, often without ongoing human oversight. Once an employee sets an agent in motion, it can continue reading and posting online for long periods, creating a largely invisible route for sensitive information to leak, including source code, customer data, or internal project details. There is also an inbound threat where agents may absorb harmful instructions or links posted by others, influencing behaviour and decisions. Organisations should consider blocking such platforms by default, with tightly governed exceptions where needed.
https://securityboulevard.com/2026/02/why-moltbook-changes-the-enterprise-security-conversation/
Beware of Weaponised Voicemail Messages Granting Hackers Remote Access to Your System
A new “Voicemail Trap” campaign is using fake voicemail notifications to trick staff into handing criminals remote access to their devices. The messages often impersonate trusted financial organisations and direct recipients to convincing, bank themed websites. Victims are told to download an “audio update” to hear the message, but the file is a script that silently installs legitimate remote management software, allowing attackers persistent access to steal data or deploy further malware. Researchers observed 86 websites linked to this activity on 12 January 2026. Leaders should reinforce click caution and block untrusted download prompts.
https://cybersecuritynews.com/beware-of-weaponized-voicemail-messages/
Open the Wrong “PDF” and Attackers Gain Remote Access to Your PC
A phishing campaign known as DEAD#VAX is tricking staff into opening what looks like a normal PDF invoice or purchase order, but is actually a virtual hard disk file. When opened, Windows mounts it as a new drive and runs a hidden script that installs AsyncRAT, giving attackers remote access and the ability to monitor and control the PC. Because the malicious code runs in memory and hides inside trusted Microsoft processes, it can be harder for security tools and later investigation to spot. This can lead to password theft, data exposure, and a foothold into wider networks.
AI Drives Doubling of Phishing Attacks in a Year
Cofense reports that security filters intercepted one phishing email every 19 seconds in 2025, more than double the rate in 2024. It warns that criminals are using AI to create faster, more convincing scams, including messages written in near flawless local languages. Nearly one in five phishing emails now relies on conversation alone, a tactic often linked to business email compromise, where attackers impersonate trusted contacts to trick staff into making payments or sharing sensitive information. Cofense also saw a 105% rise in remote access tools abuse and a 204% increase in phishing emails delivering malware.
https://www.infosecurity-magazine.com/news/ai-double-volume-phishing-attacks/
Nitrogen Ransomware Is So Broken Even the Crooks Can’t Unlock Your Files
Researchers at Coveware have found that the Nitrogen ransomware group has a serious flaw in its file unlocking tool, meaning victims may be unable to recover data even if they pay. The issue affects attacks against VMware ESXi, a common virtualisation platform used to run servers, where the malware encrypts files using a corrupted key that cannot be matched to any working unlock code. Active since 2023 and extorting organisations since around September 2024, Nitrogen is not the most prolific group, but this bug turns its attacks into purely destructive cyber crime.
https://www.theregister.com/2026/02/04/nitrogen_ransomware_broken_decryptor/
The Human Layer of Security: Why People Are Still the Weakest Link in 2026
Despite major investment in tools and automation, people remain the primary cause of cyber security incidents. Gartner expects human error and social engineering, where criminals trick staff into unsafe actions, to drive 85% of data breaches by 2026, and Verizon links roughly two thirds of incidents to mistakes or misuse of login details. Threat actors are increasingly using AI to scale deception, with CrowdStrike’s 2025 report showing 79% of intrusions were malware-free and voice phishing rising 442%. Leaders should prioritise stronger day-to-day security habits, not just annual training, so staff become a resilient first line of defence.
What Is Cyber Risk Management and Why It Is Important for Businesses?
Cyber risk management is how organisations identify, understand and reduce the risks that come with using digital systems, networks and data. It is a continuous process, not a one-off exercise, because threats evolve as technology and working practices change. Effective cyber risk management considers people, processes and technology together, covering areas such as staff awareness, access controls, software updates, backups and monitoring. With around 39% of UK businesses reporting a cyber security breach or cyber attack in the last year, this approach helps reduce financial loss, disruption and reputational harm, while supporting compliance and stakeholder trust.
The Growing Cyber Risk in Interconnected Supply Chains
Supply chains are now a major driver of cyber risk across the UK, as disruption can spread quickly beyond a single organisation. Jaguar Land Rover, M&S, Heathrow and the Co-op were among hundreds impacted last year, with reported losses in the hundreds of millions, affecting thousands of suppliers, partners and customers. Human error contributes to over 60% of breaches, while attackers increasingly use convincing impersonation techniques to trick staff. Leaders can reduce exposure by setting clear security expectations for third parties, investing in staff training, and strengthening business continuity so essential services can keep running during disruption.
https://www.techuk.org/resource/the-growing-cyber-risk-in-interconnected-supply-chains.html
Over 75 Percent of Cyber Security Professionals Worry About AI Agent Risks
A survey of more than 1,500 cyber security professionals found that 73% say AI-powered threats are already significantly affecting their organisation, yet nearly half feel unprepared, even as 92% report major upgrades to defences. While 96% say AI improves the speed and efficiency of their work, concerns remain around data exposure (61%), regulatory breaches (56%) and misuse of AI tools (51%). Only 37% have a formal policy for deploying AI securely, highlighting that oversight of AI agents, including who and what they can access, is now a board-level issue.
Experts Show How Major UK Food Crisis Might Occur
A new study involving 39 experts from institutions including Anglia Ruskin University and the University of York warns that shocks such as extreme weather, a cyber attack or war could quickly disrupt the UK’s just-in-time food supply networks, driving price spikes and shortages. The report argues these pressures would hit low-income households hardest, increasing food insecurity and raising the risk of fraud, black market sales and illness, with worst case outcomes including social unrest. It recommends improving energy security, diversifying supply chains and supporting more resilient diets, alongside better cross-government planning.
https://www.aru.ac.uk/news/experts-show-how-major-uk-food-crisis-might-occur
Governance, Risk and Compliance
The Human Layer of Security: Why People are Still the Weakest Link in 2026 - Security Boulevard
Global tech spending is skyrocketing, and European firms are doubling down on investment | IT Pro
Novel Cyber Expectations for 2026 Reveal a Grab Bag of Risk
Why boards should be obsessed with their most 'boring' systems | CyberScoop
What is cyber risk management and why it is important for businesses? | The Global Recruiter
Threats
Ransomware, Extortion and Destructive Attacks
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
Ransomware gangs focus on winning hearts and minds | Computer Weekly
Hackers exploit unsecured MongoDB instances to wipe data and demand ransom
Experts show how major UK food crisis might occur - ARU
CVE-2025-22225 in VMware ESXi now used in active ransomware attacks
Nitrogen can't unlock its own ransomware after coding error • The Register
DragonForce Ransomware Attacking Critical Business to Exfiltrate Sensitive Information
Ransomware gang uses ISPsystem VMs for stealthy payload delivery
CISA quietly updated ransomware flags on 59 flaws last year • The Register
Critical SmarterMail Vulnerability Exploited in Ransomware Attacks - SecurityWeek
The Case for a Ransom Payment Ban and When It Might Happen
Researchers Warn of New “Vect” RaaS Variant - Infosecurity Magazine
Ransomware Victims
M&S attackers hit German insurance giant – HanseMerkur | Cybernews
Ransomware leaves Belgian hospitals unable to pay staff | Cybernews
Panera Bread breach affected 5.1 Million accounts, HIBP Confirms
Quarterly losses top £300m at JLR in wake of cyber attack | Insider Media
One of Europe's largest universities knocked offline for days after cyberattack | TechCrunch
Italian university La Sapienza goes offline after cyberattack
Romanian oil pipeline operator Conpet discloses cyberattack
Qilin claims Tulsa airport cyberattack | Cybernews
Spain's Ministry of Science shuts down systems after breach claims
Phishing & Email Based Attacks
AI Drives Doubling of Phishing Attacks in a Year - Infosecurity Magazine
Beware of New Compliance Emails Weaponizing Word/PDF Files to Steal Sensitive Data
Cybercriminals' Key Attack Vector is 'Trust', VIPRE's Q4 2025 Email Threat Report Reveals
Open the wrong “PDF” and attackers gain remote access to your PC | Malwarebytes
Private school parents targeted by fraudsters stealing fee payments | Scams | The Guardian
Cloud storage payment scam floods inboxes with fake renewals
Attackers Harvest Dropbox Logins Via Fake PDF Lures
Don't get caught out by Apple Pay phishing scams | Stuff
Beware of Weaponized Voicemail Messages Granting Hackers Remote Access to Your System
Zendesk spam wave returns, floods users with 'Activate account' emails
Other Social Engineering
Cybercriminals' Key Attack Vector is 'Trust', VIPRE's Q4 2025 Email Threat Report Reveals
Attackers Harvest Dropbox Logins Via Fake PDF Lures
Beware of Weaponized Voicemail Messages Granting Hackers Remote Access to Your System
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
2FA/MFA
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
Artificial Intelligence
AI Drives Doubling of Phishing Attacks in a Year - Infosecurity Magazine
OpenClaw AI Runs Wild in Business Environments
Alarm Grows as Social Network Entirely for AI Starts Plotting Against Humans
OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link
MoltBot Skills exploited to distribute 400+ malware packages in days
Moltbook, the AI social network, exposed human credentials due to vibe-coded security flaw
Researchers Hacked Moltbook and Accessed Thousands of Emails and DMs - Business Insider
Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users
It Turns Out 'Social Media for AI Agents' Is a Security Nightmare
DIY AI bot farm OpenClaw is a security 'dumpster fire' • The Register
Hundreds of Malicious Crypto Trading Add-Ons Found in Moltbot/OpenClaw - Infosecurity Magazine
Over 75 percent of cybersecurity professionals worry about AI agent risks - BetaNews
95% of AI Projects Are Unproductive and Not Breach Ready - Security Boulevard
2026: The Year Agentic AI Becomes the Attack-Surface Poster Child
82 percent of hackers now use AI - BetaNews
Cybersecurity in 2026: How AI will reshape the Digital Battlefield
AWS intruder pulled off AI-assisted cloud break-in in 8 mins • The Register
Autonomous attacks ushered cybercrime into AI era in 2025 - TechCentral.ie
AI-Enabled Voice and Virtual Meeting Fraud Surges 1000%+ - Infosecurity Magazine
Deepfake job seeker applied to work for an AI security firm • The Register
Paris Prosecutors Raid Elon Musk’s X Offices in France - Infosecurity Magazine
ICO Launches Investigation into X Over AI Non Consensual Sexual Images - Infosecurity Magazine
Bots/Botnets
Wave of Citrix NetScaler scans use thousands of residential proxies
Global SystemBC Botnet Found Active Across 10,000 Infected Systems - Infosecurity Magazine
Polish cops bail 20-year-old bedroom botnet operator • The Register
Careers, Roles, Skills, Working in Cyber and Information Security
Cyber Success Trifecta: Education, Certifications & Experience
How risk culture turns cyber teams predictive | CSO Online
Cloud/SaaS
AWS intruder pulled off AI-assisted cloud break-in in 8 mins • The Register
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
Attackers Harvest Dropbox Logins Via Fake PDF Lures
Mandiant details how ShinyHunters abuse SSO to steal cloud data
Cloud storage payment scam floods inboxes with fake renewals
Cloud sovereignty is no longer just a public sector concern • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hundreds of Malicious Crypto Trading Add-Ons Found in Moltbot/OpenClaw - Infosecurity Magazine
Step Finance says compromised execs' devices led to $40M crypto theft
Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
Coinbase confirms insider breach linked to leaked support tool screenshots
Cyber Crime, Organised Crime & Criminal Actors
Holiday Hits: Hackers Love to Strike When Defenders Are Away
Cybercriminals set sites on identities | CSO Online
China carries out further executions of Myanmar scam centre suspects | Crime News | Al Jazeera
Data Breaches/Leaks
Exposed MongoDB instances still targeted in data extortion attacks
Step Finance says compromised execs' devices led to $40M crypto theft
Moltbook, the AI social network, exposed human credentials due to vibe-coded security flaw
Researchers Hacked Moltbook and Accessed Thousands of Emails and DMs - Business Insider
Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users
Coinbase confirms insider breach linked to leaked support tool screenshots
Police Service of Northern Ireland officer names published on courts website - BBC News
Betterment breach scope pegged at 1.4M users • The Register
Hacker claims theft of data from 700,000 Substack users; Company confirms breach
Researcher reveals evidence of private Instagram profiles leaking photos
PSNI to compensate officers £7,500 for 2023 data breach • The Register
Panera Bread breach affected 5.1 Million accounts, HIBP Confirms
The Government Published Dozens of Nude Photos in the Epstein Files - The New York Times
Redditors breached Epstein’s email account using #1Island | Cybernews
Iron Mountain: Data breach mostly limited to marketing materials
Data Protection
Why Data Protection Matters | Cohen Seglias Pallas Greenhall & Furman PC - JDSupra
Data/Digital Sovereignty
Cloud sovereignty is no longer just a public sector concern • The Register
Denial of Service/DoS/DDoS
Polish cops bail 20-year-old bedroom botnet operator • The Register
Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics
Police shut down global DDoS operation, arrest 20-year-old - Help Net Security
Fraud, Scams and Financial Crime
Cloud storage payment scam floods inboxes with fake renewals
AI-Enabled Voice and Virtual Meeting Fraud Surges 1000%+ - Infosecurity Magazine
Private school parents targeted by fraudsters stealing fee payments | Scams | The Guardian
National Crime Agency and NatWest Issue Warning Over Invoice Fraud - Infosecurity Magazine
China carries out further executions of Myanmar scam centre suspects | Crime News | Al Jazeera
Google's disruption rips millions out of devices out of malicious network | CyberScoop
Identity and Access Management
Cybercriminals set sites on identities | CSO Online
Rising Risk of Compromised Credentials in AD - Security Boulevard
Insider Risk and Insider Threats
Ransomware gangs focus on winning hearts and minds | Computer Weekly
Step Finance says compromised execs' devices led to $40M crypto theft
The Human Layer of Security: Why People are Still the Weakest Link in 2026 - Security Boulevard
The best cyber defence is employee awareness, not technology
Human risk management: CISOs’ solution to the security awareness training paradox | CSO Online
Coinbase confirms insider breach linked to leaked support tool screenshots
Deepfake job seeker applied to work for an AI security firm • The Register
Law Enforcement Action and Take Downs
Paris raid on X focuses on child abuse material allegations
Empire Market co-founder faces 10 years to life after guilty plea
Polish cops bail 20-year-old bedroom botnet operator • The Register
Smartphones Now Involved in Nearly Every Police Investigation - Infosecurity Magazine
Google's disruption rips millions out of devices out of malicious network | CyberScoop
Police shut down global DDoS operation, arrest 20-year-old - Help Net Security
Paris Prosecutors Raid Elon Musk’s X Offices in France - Infosecurity Magazine
ICO Launches Investigation into X Over AI Non Consensual Sexual Images - Infosecurity Magazine
Alleged 764 member arrested, charged with CSAM possession in New York | CyberScoop
International sting dismantles illegal streaming empire serving millions - Help Net Security
Four held in £3m illegal TV streaming raids - BBC News
Linux and Open Source
Open-source attacks move through normal development workflows - Help Net Security
Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries
Malware
Beware of New Compliance Emails Weaponizing Word/PDF Files to Steal Sensitive Data
Open the wrong “PDF” and attackers gain remote access to your PC | Malwarebytes
Attackers Use Windows Screensavers to Drop Malware, RMM Tools
OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link
MoltBot Skills exploited to distribute 400+ malware packages in days
Global SystemBC Botnet Found Active Across 10,000 Infected Systems - Infosecurity Magazine
Notepad++ Supply Chain Hack Conducted by China via Hosting Provider - SecurityWeek
New GlassWorm attack targets macOS via compromised OpenVSX extensions
This stealthy Windows RAT holds live conversations with its operators | CSO Online
eScan Antivirus Delivers Malware in Supply Chain Attack - SecurityWeek
GlassWorm Returns to Shatter Developer Ecosystems
China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware
Mobile
9 Million Android Devices Hijacked in Secret Proxy Network - Tech Advisor
IPE - Are printers and mobile devices your Achilles heel?
Smartphones Now Involved in Nearly Every Police Investigation - Infosecurity Magazine
Google's disruption rips millions out of devices out of malicious network | CyberScoop
Apple's new privacy feature limits how precisely carriers track your location - Help Net Security
Models, Frameworks and Standards
NIST’s AI guidance pushes cybersecurity boundaries | CSO Online
Passwords, Credential Stuffing & Brute Force Attacks
From credentials to cloud admin in 8 minutes: AI supercharges AWS attack chain | CSO Online
Rising Risk of Compromised Credentials in AD - Security Boulevard
McDonald's tells customers to use better passwords • The Register
Regulations, Fines and Legislation
UK government must get its hands dirty on security, report says | Computer Weekly
The Case for a Ransom Payment Ban and When It Might Happen
The Government Published Dozens of Nude Photos in the Epstein Files - The New York Times
Five updates on the Trump admin’s cybersecurity agenda | Federal News Network
CISA tells agencies to stop using unsupported edge devices | CyberScoop
Social Media
Researcher reveals evidence of private Instagram profiles leaking photos
Paris raid on X focuses on child abuse material allegations
ICO Launches Investigation into X Over AI Non Consensual Sexual Images - Infosecurity Magazine
Supply Chain and Third Parties
Notepad++ Supply Chain Hack Conducted by China via Hosting Provider - SecurityWeek
The Growing Cyber Risk in Interconnected Supply Chains
Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
eScan Antivirus Delivers Malware in Supply Chain Attack - SecurityWeek
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries - SecurityWeek
UK government must get its hands dirty on security, report says | Computer Weekly
Cyber Terrorism: A New Threat To World Security – OpEd – Eurasia Review
Cyber Insights 2026: Cyberwar and Rising Nation State Threats - SecurityWeek
Cybersecurity planning keeps moving toward whole-of-society models - Help Net Security
UK warns of rising Russian, Chinese activity in High North
Nation State Actors
How does cyberthreat attribution help in practice?
Cybersecurity planning keeps moving toward whole-of-society models - Help Net Security
China
Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries - SecurityWeek
Notepad++ Supply Chain Hack Conducted by China via Hosting Provider - SecurityWeek
FUD on the line as telcos contemplate the cost of quitting Chinese kit | Euractiv
UK warns of rising Russian, Chinese activity in High North
China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware
China carries out further executions of Myanmar scam centre suspects | Crime News | Al Jazeera
Chinese organized crime networks moved $16 billion in crypto in 2025, according to report
Russia
Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks - Infosecurity Magazine
Russian Hackers Weaponize Microsoft Office Bug in Just 3 Days
Russian ship anchors over trans-Atlantic cables in Bristol Channel
Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics
ICS Devices Bricked Following Russia-Linked Intrusion Into Polish Power Grid - SecurityWeek
Poland traces December cyberattacks on 30 energy sites to Russian spy agency - Euromaidan Press
UK warns of rising Russian, Chinese activity in High North
North Korea
Labyrinth Chollima Evolves into Three North Korean Hacking Groups - Infosecurity Magazine
Iran
Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Cybersecurity planning keeps moving toward whole-of-society models - Help Net Security
Tools and Controls
IPE - Are printers and mobile devices your Achilles heel?
Attackers Use Windows Screensavers to Drop Malware, RMM Tools
Open-source attacks move through normal development workflows - Help Net Security
The Human Layer of Security: Why People are Still the Weakest Link in 2026 - Security Boulevard
Global tech spending is skyrocketing, and European firms are doubling down on investment | IT Pro
Open-source AI pentesting tools are getting uncomfortably good - Help Net Security
We moved fast and broke things. It’s time for a change. | CyberScoop
eScan Antivirus Delivers Malware in Supply Chain Attack - SecurityWeek
Rising Risk of Compromised Credentials in AD - Security Boulevard
Onboarding new AI hires calls for context engineering - here's your 3-step action plan | ZDNET
Smartphones Now Involved in Nearly Every Police Investigation - Infosecurity Magazine
Holiday Hits: Hackers Love to Strike When Defenders Are Away
AIs Are Getting Better at Finding and Exploiting Security Vulnerabilities - Schneier on Security
AI May Supplant Pen Testers, But Trust Is Not There Yet
What Are Risk Sciences? A New Framework for Understanding Risk and Uncertainty | Newswise
Why boards should be obsessed with their most 'boring' systems | CyberScoop
Reports Published in the Last Week
Cybercriminals' Key Attack Vector is 'Trust', VIPRE's Q4 2025 Email Threat Report Reveals
Other News
Experts show how major UK food crisis might occur - ARU
UK government must get its hands dirty on security, report says | Computer Weekly
Dark Patterns Undermine Security, One Click at a Time
DOJ releases details alleged talented hacker working for Jeffrey Epstein
Advice firms' lack of focus on cybersecurity 'worrying'
Energy infrastructure cyberattacks are suddenly in fashion • The Register
Vulnerability Management
We moved fast and broke things. It’s time for a change. | CyberScoop
EU’s answer to CVE solves dependency issue, adds fragmentation risks | CSO Online
AIs Are Getting Better at Finding and Exploiting Security Vulnerabilities - Schneier on Security
Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries
Vulnerabilities
Russian Hackers Weaponize Microsoft Office Bug in Just 3 Days
CVE-2025-22225 in VMware ESXi now used in active ransomware attacks
Microsoft 365 Outlook Add-ins Weaponized to Exfiltrate Sensitive Email Data Without Leaving Traces
Microsoft fixes Outlook bug blocking access to encrypted emails
Cisco, F5 Patch High-Severity Vulnerabilities - SecurityWeek
Threat actors hijack web traffic after exploiting React2Shell vulnerability | CSO Online
Critical SmarterMail Vulnerability Exploited in Ransomware Attacks - SecurityWeek
Ivanti’s EPMM is under active attack, thanks to two critical zero-days | CyberScoop
CISA flags critical SolarWinds RCE flaw as exploited in attacks
SQL Injection Flaw Affects 40,000 WordPress Sites - Infosecurity Magazine
Malicious Commands in GitHub Codespaces Enable RCE - Infosecurity Magazine
Microsoft to disable NTLM by default in future Windows releases
Critical React Native Vulnerability Exploited in the Wild - SecurityWeek
Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
Vulnerabilities Allowed Full Compromise of Google Looker Instances - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 30 January 2026
Black Arrow Cyber Threat Intelligence Briefing 30 January 2026:
-Cyber Security Failures Stem from Leadership Gaps, Not Technology, Says Former FTSE CISO
-10 Ways AI Can Inflict Unprecedented Damage in 2026
-Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted
-Over 100 Organisations Targeted in ShinyHunters Phishing Campaign
-77% of Financial Service Organisations Accrued Security Debt in 2025
-Patch or Perish: Vulnerability Exploits Now Dominate Intrusions
-5 Reasons Why a Password Manager Is More Essential than Ever
-Password Reuse in Disguise: An Often-Missed Risky Workaround
-Data Breach Exposes 149M Login Credentials for Apps Such as Gmail, Instagram, Netflix and More
-‘We’re Losing Massively’: EU Cyber Chief Warns Europe’s Defences Lag
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week’s review begins with a finding that cyber security failures are increasingly driven by leadership and accountability gaps, not a lack of technology. We look at the cyber risks that leadership teams need to manage, including how artificial intelligence is accelerating the speed, scale and effectiveness of cyber attacks by reshaping malware, phishing and extortion tactics. We report on the emergence of flawed ransomware, where paying a ransom still fails to restore data due to discarded encryption keys, and voice‑led phishing campaigns that guide staff to approve MFA prompts or share one‑time passcodes.
Our review highlights long‑standing security weaknesses left unresolved in financial services, and the dominance of unpatched vulnerabilities as an entry point. We discuss password risks, including where employees create predictable passwords by only tweaking the previous one, and a major breach exposing 149 million credentials from an unsecured dataset.
These risks reinforce that cyber security is not an IT topic, and that leadership teams need to manage the risks across people, operations and technology. Contact us for details of how to address these risks in a proportionate manner with your control providers.
Top Cyber Stories of the Last Week
Cyber Security Failures Stem from Leadership Gaps, Not Technology, Says Former FTSE CISO
Cyber security failures often stem from leadership and accountability gaps rather than a lack of technology, according to former FTSE-250 chief information security officer (CISO) Amy Lemberger of The CISO Hub. Many organisations have extensive security and monitoring tools, but cyber risk is frequently split across IT, compliance and procurement, leaving no senior owner for key trade-offs between security, speed, cost and growth. Appointing a CISO should make risk visible, not make it disappear, and boards need clearer insight into business impact and priorities, not more technical detail.
10 Ways AI Can Inflict Unprecedented Damage in 2026
Experts expect 2026 to be a step change in cyber risk as criminals and hostile states use artificial intelligence to make attacks faster, more convincing, and harder to spot. They warn of more self-adjusting malicious software, automated AI agents moving through networks to find valuable data, and a rise in staff using unauthorised AI tools that can leak sensitive information without oversight. Financial pressure is also set to grow, with ransomware damage forecast to rise from $57bn in 2025 to $74bn in 2026, shifting towards data theft and blackmail rather than simply locking systems.
https://www.zdnet.com/article/10-ways-ai-will-do-unprecedented-damage-in-2026-experts-warn/
Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted
A new ransomware variant called Sicarii has been advertised as a ransomware service since December, but researchers warn its decryption process is fundamentally broken. Even if an organisation pays, the criminals are unlikely to be able to unlock the data because the malware generates a new encryption key for each infected system and then discards the key needed to restore files. Claims suggest it has hit three to six mainly small business victims so far, though this is unverified. The poor quality of the code and odd branding hints at an inexperienced actor, possibly using AI tools, reinforcing why paying ransoms is a high-risk decision.
https://www.darkreading.com/endpoint-security/vibe-coded-sicarii-ransomware-decrypted
Over 100 Organisations Targeted in ShinyHunters Phishing Campaign
Security researchers have linked the cyber attacker group ShinyHunters to a phishing campaign that has prepared attacks against at least 100 organisations across sectors including technology, finance, healthcare and energy. The group uses voice phishing, where victims receive convincing phone calls, to target single sign-on accounts used to access multiple business systems. By combining phone guidance with fake login pages, attackers can capture passwords and persuade staff to approve multi-factor authentication prompts or share one-time passcodes. Some organisations have reported confirmed data breaches, and the criminals claim to have stolen millions of records with extortion demands reported in some cases.
https://www.securityweek.com/over-100-organizations-targeted-in-shinyhunters-phishing-campaign/
77% of Financial Service Organisations Accrued Security Debt in 2025
Veracode’s latest analysis of the financial sector highlights a growing build-up of ‘security debt’, meaning serious software weaknesses have been left unresolved for more than a year. It found 77% of banking, financial services and insurance organisations accrued some level of security debt in 2025, with 63% carrying critical issues. On average, it takes 276 days for firms to fix half of identified weaknesses, almost a month slower than other industries. While third party code makes up 17% of overall debt, it drives more than 82% of the most critical exposure, and takes 50% longer to remediate than in-house code.
Patch or Perish: Vulnerability Exploits Now Dominate Intrusions
According to Cisco Talos, software weaknesses are now the leading way attackers break into organisations, accounting for nearly 40% of intrusions in Q4 2025. Attackers are exploiting newly disclosed issues within hours, especially in internet facing business applications, leaving a very small window to respond. Phishing remains a close second at 32%, often leading to compromised email accounts and follow on scams from trusted addresses. Ransomware fell to 13% of cases, but this may reflect criminal groups consolidating rather than a reduced threat.
https://www.theregister.com/2026/01/29/faster_patching_please_cry_infoseccers/
5 Reasons Why a Password Manager Is More Essential than Ever
Password reuse remains one of the simplest ways for criminals to take over accounts, especially after a data breach where stolen usernames and passwords are circulated and then tried on other services. Password managers reduce this risk by creating unique, random passwords for every account and warning users if their saved details appear in known breaches. They can also help defend against phishing, where convincing fake emails and websites trick people into entering credentials, by only auto filling details on the correct site. Combined with multi factor authentication, they make stronger login security easier to adopt across the organisation.
https://www.makeuseof.com/reasons-why-password-manager-is-more-essential-than-ever/
Password Reuse in Disguise: An Often-Missed Risky Workaround
Near-identical password reuse remains a quietly significant cyber security risk, even in organisations with strong password rules. Staff often make small, predictable tweaks to existing passwords, such as changing a year or adding a character, which can still meet policy requirements but are easier for criminals to guess. This matters at scale: research suggests a 250 person organisation may collectively manage around 47,750 passwords, increasing the number of possible entry points. Attackers use automated tools to test common variations based on credentials leaked in previous breaches, so improving controls should include checks for overly similar passwords and continuous monitoring for breached credentials.
https://thehackernews.com/2026/01/password-reuse-in-disguise-often-missed.html
Data Breach Exposes 149M Login Credentials for Apps Such as Gmail, Instagram, Netflix and More
A major data leak exposed 149 million usernames and passwords across widely used services, including 48 million Gmail logins and millions linked to social media, streaming and financial platforms. The dataset, totalling 96GB, was reportedly left unsecured and publicly accessible, and even included some credentials for government websites. This creates a heightened risk of account takeovers, where criminals reuse stolen email and password pairs to access higher value services such as banking, trading or crypto. Leaders should reinforce two basics: enable two-factor authentication (a second sign-in step) and stop password reuse across accounts.
https://www.phonearena.com/news/data-breach-exposes-login-credentials-for-popular-apps_id177639
‘We’re Losing Massively’: EU Cyber Chief Warns Europe’s Defences Lag
The Chief of ENISA, the EU body responsible for strengthening cyber security across member states, has warned that Europe’s cyber security defences are falling behind the speed and scale of modern cyber attacks, despite rising overall security spending. Recent incidents have disrupted airports, elections and hospitals, while Germany’s Bundesbank reports facing over 5,000 attempted cyber attacks every minute. ENISA’s Chief argues the EU needs a fundamental rethink, not just incremental funding. A proposed expansion of ENISA by 118 staff would take it to roughly 268 people, far smaller than other EU security bodies, and he says even doubling capacity should be seen as the minimum.
https://www.politico.eu/article/we-are-losing-massively-against-hackers-eu-cyber-chief-warns/
Governance, Risk and Compliance
Regulation and financial crime lead UK company concerns - CDR News
Healthy Security Cultures Thrive on Risk Reporting
The cybercrime industry continues to challenge CISOs in 2026 | CSO Online
The human paradox at the center of modern cyber resilience | TechRadar
The Window Of Exposure Is The Real Cybersecurity Problem
UK cyber tests show banks' struggle with cybersecurity basics | American Banker
77% of Financial Service Organizations Accrued Security Debt in 2025 | Security Magazine
Bundesbank hit by 5,000 cyberattacks every minute | Cybernews
Security teams are carrying more tools with less confidence - Help Net Security
Security work keeps expanding, even with AI in the mix - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Osiris ransomware emerges, leveraging BYOVD technique to kill security tools
Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted
Over 100 Organizations Targeted in ShinyHunters Phishing Campaign - SecurityWeek
More criminals are using AI for ransomware attacks, cybersecurity centre warns | CBC News
Voice Phishing Okta Customers: ShinyHunters Claims Credit
Okta users under attack: Modern phishing kits are turbocharging vishing attacks - Help Net Security
Ransomware gang’s slip-up led to data recovery for 12 US firms | CSO Online
Initial access hackers switch to Tsundere Bot for ransomware attacks
How Can CISOs Respond to Ransomware Getting More Violent?
UK production hits 73-year low after tariff battle and cyber attack | Autocar
Cyber Centre releases Ransomware Threat Outlook 2025 to 2027 - Canada.ca
Russian ransomware forum seized by U.S. law enforcement – DataBreaches.Net
Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Group - Infosecurity Magazine
Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware
Ransomware Victims
UK production hits 73-year low after tariff battle and cyber attack | Autocar
Ransomware gang’s slip-up led to data recovery for 12 US firms | CSO Online
London boroughs limping back online months after cyberattack • The Register
ShinyHunters claims 2 Million Crunchbase records; company confirms breach
WorldLeaks Ransomware Group Claims 1.4TB Nike Data Breach - Infosecurity Magazine
ShinyHunters claims Panera Bread in alleged data theft • The Register
Marquis blames ransomware breach on SonicWall cloud backup hack
Phishing & Email Based Attacks
Over 100 Organizations Targeted in ShinyHunters Phishing Campaign - SecurityWeek
Phishing pages can appear after you click on them | Cybernews
News brief: Email scams highlight need for employee vigilance | TechTarget
Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access
The 2025 Phishing Surge Proved One Thing: Chasing Doesn't Work - Security Boulevard
New malware service guarantees phishing extensions on Chrome web store
Open-source AI used for scams, hacking, phishing, and abuse, study finds | Cybernews
Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware
Other Social Engineering
Voice Phishing Okta Customers: ShinyHunters Claims Credit
Okta users under attack: Modern phishing kits are turbocharging vishing attacks - Help Net Security
AML/CFT/Money Laundering/Terrorist Financing/Sanctions
Chinese Money Launderers Drive Global Ecosystem Worth $82bn - Infosecurity Magazine
Artificial Intelligence
10 ways AI can inflict unprecedented damage in 2026 | ZDNET
Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted
More criminals are using AI for ransomware attacks, cybersecurity centre warns | CBC News
AI-powered cyberattack kits are 'just a matter of time' • The Register
AI Security Threats Loom as Enterprise Usage Jumps 91% - Infosecurity Magazine
AI Is Lowering the Cost of Cybercrime—and Raising the Risk for Every Company | Fortune
Open-source AI used for scams, hacking, phishing, and abuse, study finds | Cybernews
Konni hackers target blockchain engineers with AI-built malware
Is your phone committing ad fraud? This AI malware may be responsible - SamMobile
Study: 94% of Experts Say AI Will Drive Cybersecurity Changes
LLMs Hijacked, Monetized in 'Operation Bizarre Bazaar' - SecurityWeek
EU investigates Musk's X over AI deepfake images | AP News
Beware! Fake ChatGPT browser extensions are stealing your login credentials
AI Is Rewriting Compliance Controls and CISOs Must Take Notice
Fake Moltbot AI assistant just spreads malware - so AI fans, watch out for scams | TechRadar
Moltbot is a security nightmare: 5 reasons to avoid using the viral AI agent right now | ZDNET
Crooks are hijacking and reselling AI infrastructure: Report | CSO Online
Undressed victims file class action lawsuit against xAI for Grok deepfakes | CyberScoop
Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup
AI is quietly poisoning itself and pushing models toward collapse - but there's a cure | ZDNET
Trump’s acting cyber chief uploaded sensitive files into a public version of ChatGPT - POLITICO
The open source ecosystem is booming thanks to AI, but hackers are taking advantage | IT Pro
US wants to push its view of AI cybersecurity standards to the rest of the world | CyberScoop
Bots/Botnets
Initial access hackers switch to Tsundere Bot for ransomware attacks
Aisuru botnet sets new record with 31.4 Tbps DDoS attack
Careers, Roles, Skills, Working in Cyber and Information Security
The human paradox at the center of modern cyber resilience | TechRadar
Security now one of the UK’s fastest-growing career paths | Computer Weekly
UK cyber security jobs have tripled since 2021, Socura ONS report reveals
Cloud/SaaS
Cyber Crime, Organised Crime & Criminal Actors
Chinese Money Launderers Drive Global Ecosystem Worth $82bn - Infosecurity Magazine
What motivates hackers and what makes them walk away - Help Net Security
Crooks are hijacking and reselling AI infrastructure: Report | CSO Online
China executes 11 people linked to Myanmar scam operation | China | The Guardian
Data Breaches/Leaks
5 reasons why a password manager is more essential than ever
infostealer malware breach - IT Security Guru
Massive breach exposes 149 million Instagram, Gmail, OnlyFans passwords: How to stay safe? | Mint
Law Firm Investigates Coupang Security Failures After Cyber-Attack - Infosecurity Magazine
Bumble, Panera Bread, CrunchBase, Match Hit by Cyberattacks
Match Group breach exposes data from Hinge, Tinder, OkCupid, and Match
WorldLeaks Ransomware Group Claims 1.4TB Nike Data Breach - Infosecurity Magazine
ShinyHunters claims Panera Bread in alleged data theft • The Register
Nike Probing Potential Security Incident as Hackers Threaten to Leak Data - SecurityWeek
Google agrees to pay $135 million over Android data harvesting claims - Help Net Security
France Fines National Employment Agency €5m Over 2024 Data Breach - Infosecurity Magazine
US Data Breaches Hit Record High but Victim Numbers Decline - Infosecurity Magazine
Trump's cybersecurity chief caught in massive ChatGPT blunder - Raw Story
Data Protection
France Fines National Employment Agency €5m Over 2024 Data Breach - Infosecurity Magazine
Data/Digital Sovereignty
Europe is launching its own social media platform | Cybernews
The Netherlands rethinks its US tech addiction – POLITICO
Denial of Service/DoS/DDoS
Aisuru botnet sets new record with 31.4 Tbps DDoS attack
Encryption
Fraud, Scams and Financial Crime
Chinese Money Launderers Drive Global Ecosystem Worth $82bn - Infosecurity Magazine
Is your phone committing ad fraud? This AI malware may be responsible - SamMobile
LLMs Hijacked, Monetized in 'Operation Bizarre Bazaar' - SecurityWeek
Regulation and financial crime lead UK company concerns - CDR News
Open-source AI used for scams, hacking, phishing, and abuse, study finds | Cybernews
Cybersecurity’s New Business Case: Fraud
A fake romance turns into an Android spyware infection - Help Net Security
China executes 11 people linked to Myanmar scam operation | China | The Guardian
Insider Risk and Insider Threats
The human paradox at the center of modern cyber resilience | TechRadar
How insider threats are growing – And what to do about it | SC Media UK
New CISA Guidance Targets Insider Threat Risks - Infosecurity Magazine
CISA insider-threat warning comes with an ironic twist • The Register
Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup
Internet of Things – IoT
Wearable tech adoption continues as privacy worries grow - Help Net Security
Law Enforcement Action and Take Downs
Russian ransomware forum seized by U.S. law enforcement – DataBreaches.Net
Google Disrupts IPIDEA — One of the World's Largest Residential Proxy Networks
Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup
Four arrested in crackdown on Discord-Based SWATting and doxing
Empire cybercrime market owner pleads guilty to drug conspiracy
Slovakian man pleads guilty to operating darknet marketplace
Linux and Open Source
Open-source malware zeroes in on developer environments - Help Net Security
The open source ecosystem is booming thanks to AI, but hackers are taking advantage | IT Pro
Malvertising
Your phone might be clicking on ads because of these malware-infected apps
Malware
infostealer malware breach - IT Security Guru
Is your phone committing ad fraud? This AI malware may be responsible - SamMobile
Open-source malware zeroes in on developer environments - Help Net Security
Konni hackers target blockchain engineers with AI-built malware
New malware service guarantees phishing extensions on Chrome web store
GhostPoster: 17 malware browser extensions you should delete ASAP | Mashable
Threat Actors Fake BSODs and Trusted Build Tools to Bypass Defenses and Deploy DCRat
What are drive-by download attacks? - Security Boulevard
Attackers use Windows App-V scripts to slip infostealer past enterprise defenses - Help Net Security
Fake Moltbot AI assistant just spreads malware - so AI fans, watch out for scams | TechRadar
Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor
Top antivirus hacked to push out a malicious update - find out if you're affected | TechRadar
Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware
New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector
US charges 31 more suspects linked to ATM malware attacks
Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware
Misinformation, Disinformation and Propaganda
TikTok blocks ‘Epstein’ mentions and anti-Trump videos, users claim | The Independent
Mobile
Is your phone committing ad fraud? This AI malware may be responsible - SamMobile
A WhatsApp bug lets malicious media files spread through group chats | Malwarebytes
Google Warns 2 Billion Android Users—Do Not Save Photos From WhatsApp
Hugging Face abused to spread thousands of Android malware variants
A fake romance turns into an Android spyware infection - Help Net Security
Microsoft: Outlook for iOS crashes, freezes due to coding error
Google agrees to pay $135 million over Android data harvesting claims - Help Net Security
What are phishing messages on phones? - SamMobile - SamMobile
Models, Frameworks and Standards
Government publishes Cyber Security and Resilience Bill | UKAuthority
France Fines National Employment Agency €5m Over 2024 Data Breach - Infosecurity Magazine
AI Is Rewriting Compliance Controls and CISOs Must Take Notice
A first look at NIST’s new cyber AI framework | Freeman Mathis & Gary - JDSupra
Outages
Why the internet kept breaking and taking down your favorite sites in 2025 | ZDNET
Passwords, Credential Stuffing & Brute Force Attacks
5 reasons why a password manager is more essential than ever
Why Using The Same Password For Every Website Is So Dangerous | HuffPost Life
Password Reuse in Disguise: An Often-Missed Risky Workaround
Massive breach exposes 149 million Instagram, Gmail, OnlyFans passwords: How to stay safe? | Mint
149 Million Usernames and Passwords Exposed by Unsecured Database | WIRED
Beware! Fake ChatGPT browser extensions are stealing your login credentials
Regulations, Fines and Legislation
Regulation and financial crime lead UK company concerns - CDR News
Government publishes Cyber Security and Resilience Bill | UKAuthority
UK government to build digital ID in-house • The Register
France Fines National Employment Agency €5m Over 2024 Data Breach - Infosecurity Magazine
US wants to push its view of AI cybersecurity standards to the rest of the world | CyberScoop
Bankruptcy as a National Security Risk | Oxford Law Blogs
Feds Take Their Ball and Go Home From RSAC Conference - Security Boulevard
EU Cybersecurity Shake Up Puts Non EU Rail Tech Under Fresh Scrutiny | Rail News
Social Media
Massive breach exposes 149 million Instagram, Gmail, OnlyFans passwords: How to stay safe? | Mint
Europe is launching its own social media platform | Cybernews
TikTok blocks ‘Epstein’ mentions and anti-Trump videos, users claim | The Independent
Supply Chain and Third Parties
AV vendor disputes security shop's update server claims • The Register
Top antivirus hacked to push out a malicious update - find out if you're affected | TechRadar
Marquis blames ransomware breach on SonicWall cloud backup hack
NHS Issues Open Letter Demanding Improved Cybersecurity Standards - Infosecurity Magazine
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
‘We’re losing massively’: EU cyber chief warns Europe’s defenses lag – POLITICO
UK Cyber Action Plan's promise | Professional Security Magazine
Russia's hybrid war is weakening Europe's cohesion, expert says | Euronews
Preparing for looming national cyber security threats in 2026 and beyond | Federal News Network
Nation State Actors
‘We’re losing massively’: EU cyber chief warns Europe’s defenses lag – POLITICO
Preparing for looming national cyber security threats in 2026 and beyond | Federal News Network
China
Hackers suspected of spying on UK officials' calls for years • The Register
Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor
China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023
Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup
Chinese Money Launderers Drive Global Ecosystem Worth $82bn - Infosecurity Magazine
China executes 11 people linked to Myanmar scam operation | China | The Guardian
Russia
‘We’re losing massively’: EU cyber chief warns Europe’s defenses lag – POLITICO
Russia's hybrid war is weakening Europe's cohesion, expert says | Euronews
SSU thwarts over 14,000 cyberattacks on Ukraine since Russia’s full-scale invasion
Russian ransomware forum seized by U.S. law enforcement – DataBreaches.Net
New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector
Cyberattack on Polish energy grid impacted around 30 facilities
Ubiquiti: The U.S. Tech Enabling Russia's Drone War - HUNTERBROOK
Russia car owners stranded after cyberattack hits Delta app | Cybernews
North Korea
Konni hackers target blockchain engineers with AI-built malware
Long-running North Korea threat group splits into 3 distinct operations | CyberScoop
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Preparing for looming national cyber security threats in 2026 and beyond | Federal News Network
Tools and Controls
5 reasons why a password manager is more essential than ever
Osiris ransomware emerges, leveraging BYOVD technique to kill security tools
Threat Actors Fake BSODs and Trusted Build Tools to Bypass Defenses and Deploy DCRat
Attackers use Windows App-V scripts to slip infostealer past enterprise defenses - Help Net Security
Study: 94% of Experts Say AI Will Drive Cybersecurity Changes
Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access
Security teams are carrying more tools with less confidence - Help Net Security
Security Teams Embrace AI, Just Not at the Scale Marketing Suggests - Infosecurity Magazine
Open-source malware zeroes in on developer environments - Help Net Security
73% of CISOs more likely to consider AI-enabled security solution | CSO Online
Ethical Hackers are Ramping Up AI Adoption, Collaboration: Bugcrowd | MSSP Alert
Secret Service warns domain registration system is major security flaw hackers exploit | CyberScoop
Viral Moltbot AI assistant raises concerns over data security
Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware
AI & the Death of Accuracy: What It Means for Zero-Trust
Security work keeps expanding, even with AI in the mix - Help Net Security
Rethinking Cybersecurity in a Platform World - InfoRiskToday
Other News
UK cyber tests show banks' struggle with cybersecurity basics | American Banker
77% of Financial Service Organizations Accrued Security Debt in 2025 | Security Magazine
Secret Service warns domain registration system is major security flaw hackers exploit | CyberScoop
Why the internet kept breaking and taking down your favorite sites in 2025 | ZDNET
UK Cyber Action Plan's promise | Professional Security Magazine
Majority of family businesses experienced cyberattacks in past two years, report reveals - Spear's
Germany To Strengthen Cyber Countermeasures | Silicon UK Tech
Cyber criminals turn sights on UK vehicle remarketing sector
Shoppers Avoid Stores That Fail to Prioritize Security Measures
What to know about the UK Cyber Action Plan | SC Media UK
EU Cybersecurity Shake Up Puts Non EU Rail Tech Under Fresh Scrutiny | Rail News
Inside Housing - Comment - Cyberattackers are changing, and we need to be ready
The Space Review: When satellites are hacked: the legal gray zone of non-kinetic space attack
Surging Cyberattacks Boost Latin America to Riskiest Region
Operation Winter SHIELD: FBI Issues Cyber Call to Arms - Infosecurity Magazine
Vulnerability Management
Vulnerability exploits now dominate intrusions • The Register
Europe's GCVE Raises Concerns Over Fragmentation Risks
Hand CVE Over to the Private Sector
Vulnerabilities
Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation
Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls
Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected
Everyone’s exploiting a WinRAR bug to drop RATs • The Register
Exploited Zero-Day Flaw in Cisco UC Could Affect Millions
Critical VMware vCenter Server bug under attack • The Register
Why you need Microsoft's new emergency Windows patch - and the black-screen bug to watch for | ZDNET
CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog
Microsoft releases emergency OOB update to fix Outlook freezes
Microsoft investigates Windows 11 boot failures after January updates
'PackageGate' Flaws Open JavaScript Ecosystem to Supply Chain Attacks - SecurityWeek
Critical sandbox escape flaw found in popular vm2 NodeJS library
Organizations Warned of Exploited Linux Vulnerabilities - SecurityWeek
OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution
SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass
Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online
eScan confirms update server breached to push malicious update
Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas
Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 23 January 2026
Black Arrow Cyber Threat Intelligence Briefing 23 January 2026:
-A New LinkedIn Phishing Scam Is Targeting Executives Online – Make Sure You Don’t Fall for This
-LastPass Warns of Phishing Campaign Attempting to Steal Master Passwords
-VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun
-Analysis of 6 Billion Passwords Shows Stagnant User Behaviour
-For Cyber Risk Assessments, Frequency Is Essential
-Most SMBs Aren’t Set Up to Survive a Major Cyberattack – Here’s What Needs to Be Done
-63% of IT Leaders Say Firms Overestimate Cyber Recovery
-Cyber Risks Among CEOs’ Top Worries Amid Weak Short Term Growth Outlook
-Global Tensions Are Pushing Cyber Activity Toward Dangerous Territory
-Europe Wants to End Its Dangerous Reliance on US Internet Technology
-UK Firms’ Cyber Security Budget Set for Major Increase
-Europe’s GDPR Cops Dished Out €1.2B in Fines Last Year as Data Breaches Piled Up
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Our review this week starts with a number of emerging attacks that business leaders should be aware of involving LinkedIn and LastPass. We report how AI is able to develop advanced malware within one week, while classic attacks remain a real risk due to poor password choices by employees. In response to these and other developments, business leaders are treating cyber as one of their top risks, while governments are addressing the risk of concentrated reliance on a small number of technology providers.
We include calls to action for business leaders to review their security, including frequent security assessments. We also focus on rehearsing how to manage a cyber incident where our point of view is clear: the objective is to consider the possibility of a successful attack rather than a walkthrough of a showcase scenario by your control provider; therefore, the rehearsal should be led by an impartial expert to help flush out incorrect assumptions by your leadership team and security providers.
Contact us to discuss how to apply these insights in a proportionate manner in your organisation’s cyber risk management strategy.
Top Cyber Stories of the Last Week
A New LinkedIn Phishing Scam Is Targeting Executives Online – Make Sure You Don’t Fall for This
ReliaQuest has identified a sophisticated phishing campaign on LinkedIn that targets senior executives and IT administrators using convincing fake job ads and project invitations. Messages include a download link to a compressed file disguised as a business document, such as a product roadmap or project plan. Opening it quietly installs a remote access trojan, a type of malware that gives criminals ongoing access to a device and enables data theft. The campaign highlights that phishing is no longer limited to email, with social media and other everyday platforms increasingly used to reach high value targets.
LastPass Warns of Phishing Campaign Attempting to Steal Master Passwords
LastPass is warning of a widespread phishing email campaign, first seen on 19 January, that impersonates the company and pressures recipients to click a link within 24 hours to back up their password vault before maintenance. The link leads to a fake login page designed to steal the user’s master password, which can give criminals access not only to LastPass but also to many other accounts stored in the vault. With around 33 million users and more than 100,000 business customers, LastPass says it will never ask for a master password or demand urgent action by email.
https://www.infosecurity-magazine.com/news/lastpass-phishing-master-passwords/
VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun
Check Point Research has identified VoidLink as the first clearly documented example of a highly capable malware framework built largely using artificial intelligence, likely by a single actor. Researchers were able to access the developer’s infrastructure due to poor security that exposed planning documents and source code showing the tool moved from concept to a working implant in under a week. This illustrates how AI can dramatically speed up the creation of sophisticated malicious software, potentially making complex cyber attacks more accessible and harder to defend against.
https://research.checkpoint.com/2026/voidlink-early-ai-generated-malware-framework/
Analysis of 6 Billion Passwords Shows Stagnant User Behaviour
A review of 6 billion leaked passwords from 2025 shows user behaviour has barely improved, with ‘123456’, ‘admin’ and ‘password’ still among the most commonly stolen credentials. ‘Admin’ and ‘password’ are often default logins on business systems, connected devices and industrial equipment, and leaving them unchanged can provide criminals with direct access to critical services. The study also found many passwords are only slightly more complex but remain predictable, and that most were stolen by password stealing malware. This reinforces the need for stronger sign-in controls and regular checks for exposed credentials.
https://www.securityweek.com/analysis-of-6-billion-passwords-shows-stagnant-user-behavior/
For Cyber Risk Assessments, Frequency Is Essential
Regular cyber security risk assessments give leadership a clear view of real exposure, not just headline threats. They help teams spot weaknesses early, focus investment on the most critical systems and data, and meet regulatory duties such as GDPR. Data deserves particular attention because, once stolen, it cannot be recovered like infrastructure. Recent findings show one in ten cloud data sets are accessible to all employees, increasing the potential impact of ransomware. Microsoft also reports over 99% of compromised accounts lacked multi factor authentication, a key control that adds a second step to logins.
https://www.csoonline.com/article/4117003/cyber-risk-assessments-risk-assessment-helps-cisos.html
Most SMBs Aren’t Set Up to Survive a Major Cyberattack – Here’s What Needs to Be Done
Vodafone Business research suggests more than 10% of UK organisations might not survive a major cyber attack. Nearly two-thirds (63%) say their risk has increased over the past year, and 71% of leaders believe at least one employee would fall for a phishing email, where criminals trick staff into revealing information or approving payments. Basic protections are still often missing: staff reuse work passwords across up to 11 personal accounts, and only 45% of firms have given all employees basic cyber awareness training. Encouragingly, 89% say recent high-profile attacks have made them more alert, while 70% are now more wary of AI-driven impersonation during video calls.
63% of IT Leaders Say Firms Overestimate Cyber Recovery
Dell research highlights a growing gap between how confident leaders feel about recovering from a cyber attack and how ready their organisations really are. While 99% of firms claim to have a cyber resilience strategy, 63% of IT leaders say executives are overconfident, and 57% did not recover as effectively as planned in their most recent incident or rehearsal. Regular recovery testing makes a material difference, with a 55% success rate for organisations testing monthly or more, versus 35% for less frequent testing. Dell urges boards to treat recovery as a core priority, balancing investment between prevention and recovery.
https://cybernews.com/security/hidden-resilience-debt-half-firms-unready-cyberattacks/
Cyber Risks Among CEOs’ Top Worries Amid Weak Short Term Growth Outlook
PwC’s 29th Global CEO Survey of 4,454 chief executives across 95 countries and territories shows cyber risk is now one of CEOs’ top concerns, alongside economic volatility and geopolitical conflict. Nearly a third (31%) say their organisation is highly or extremely exposed to significant financial loss from cyber threats in the next year, up from 24% in 2024. In response, 84% plan to strengthen enterprise-wide cyber security, while concerns about data privacy (38%) and responsible use of AI (37%) highlight growing risks to stakeholder trust.
https://www.infosecurity-magazine.com/news/cyber-risks-among-ceos-top-worries/
Global Tensions Are Pushing Cyber Activity Toward Dangerous Territory
Rising geopolitical tensions are driving more state backed cyber activity that can disrupt essential services. 72% of IT leaders fear nation state capabilities could escalate into cyber war, with power and water systems most at risk. Past incidents show the impact, including a 2016 attack that cut electricity for six hours and left over one million people without power, plus a 2025 intrusion that opened a Norwegian dam floodgate. Alongside disruption, AI-made misinformation is spreading rapidly online. The World Economic Forum warns that sovereignty and supply chain control are shaping choices, including AWS launching a European Sovereign Cloud.
https://www.helpnetsecurity.com/2026/01/19/cybersecurity-geopolitical-tensions/
UK Firms’ Cyber Security Budget Set for Major Increase
KPMG’s Global Tech Report 2026 finds UK organisations are making cyber security their biggest area for budget growth over the next 12 months, driven by geopolitical tensions and high profile data breaches. More than half of UK firms (57%) plan to increase cyber security spending by over 10%, well ahead of the global figure. The focus is shifting from buying tools to building cyber resilience, meaning protecting the most important systems and data, fixing the basics, and assigning clear accountability. The UK Government has also proposed new cyber security legislation in response to the rising threat.
https://www.uktech.news/cybersecurity/uk-firms-cybersecurity-budget-set-for-major-increase-20260122
Europe’s GDPR Cops Dished Out €1.2B in Fines Last Year as Data Breaches Piled Up
DLA Piper’s latest survey shows GDPR enforcement continuing at scale, with fines topping £1 billion (€1.2 billion) in 2025 and reaching €7.1 billion (£6.2 billion) since the rules began in May 2018. More concerning for business leaders is the sharp rise in incident reporting: regulators received an average of 443 personal data breach notifications a day from late January 2025, up 22 percent year on year and the first time the daily total has exceeded 400. With new reporting laws increasing expectations and speed, organisations need stronger cyber defences and operational resilience.
https://www.theregister.com/2026/01/22/europes_gdpr_cops_dished_out/
Governance, Risk and Compliance
CISOs Rise in Rank as Cyber Risk Reaches the Boardroom | MSSP Alert
Cyber Breaches, Compliance and Reputation Top UK Corporate Concerns - Infosecurity Magazine
Cyber Risks Among CEOs’ Top Worries Amid Weak Short Term Growth - Infosecurity Magazine
Most SMBs aren't set up to survive a major cyberattack - here's what needs to be done | TechRadar
Rising AI threats drive 82% of firms to boost cybersecurity budgets - Cryptopolitan
63% of IT leaders say firms overestimate cyber recovery| Cybernews
Cyber fraud most pervasive global threat for CEOs: report
Cyber attack would wipe out over 10% of UK businesses – Vodafone
Comms Business - Cyber attack would put one in 10 firms out of business
BoE: UK finservs still lacking on basic cybersecurity • The Register
UK firms' cybersecurity budget set for major increase - UKTN
Cybersecurity Is More Than Technical. It’s A Financial Issue
Ransomware gangs extort victims by citing compliance violations | CSO Online
For cyber risk assessments, frequency is essential | CSO Online
Privacy teams feel the strain as AI, breaches, and budgets collide - Help Net Security
9 strategic imperatives every business leader must master to survive and thrive in 2026 | ZDNET
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware 2026: Attacks Surge Despite Gang Takedowns
Ransomware attacks showed a 45 percent increase in 2025 - BetaNews
Researchers Uncovered LockBit’s 5.0 Latest Affiliate Panel and Encryption Variants
New Osiris ransomware reveals sophisticated tactics and experienced attackers - SiliconANGLE
Ransomware gangs extort victims by citing compliance violations | CSO Online
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
New PDFSider Windows malware deployed on Fortune 100 firm's network
Crims hit the easy button for IT helpdesk scams • The Register
DeadLock ransomware abuses Polygon blockchain to rotate proxy servers quietly - CoinJournal
Law enforcement tracks ransomware group blamed for massive financial losses - Help Net Security
INC ransomware opsec fail allowed data recovery for 12 US orgs
Leader of ransomware crew pleads guilty to four-year crime spree | CyberScoop
Ransomware Victims
New PDFSider Windows malware deployed on Fortune 100 firm's network
Cyber fallout continues as M&S CTO exits months after ransomware attack - InternetRetailing
Grubhub confirms breach linked to Salesforce attacks | Cybernews
Ransomware attack on Ingram Micro impacts 42,000 individuals
72.7M Under Armour accounts hit in alleged ransomware leak • The Register
Cyber security update | London Borough of Hammersmith & Fulham
RansomHub claims alleged breach of Apple partner Luxshare - Help Net Security
Phishing & Email Based Attacks
From Phishing to Reconnaissance: How Attackers Are Weaponizing Generative AI - GovInfoSecurity
LastPass Warns of Fake Maintenance Messages Targeting Users' Master Passwords
You Got Phished? Of Course! You're Human...
Domain spoofing used in 90 percent of top phishing attacks - BetaNews
Zendesk ticket systems hijacked in massive global spam wave
Irish university lost €2.3 million from cyber attack, report reveals | Crime World
Phishing and Spoofed Sites Remain Primary Entry Points For Olympics - Infosecurity Magazine
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Other Social Engineering
LastPass Warns of Fake Maintenance Messages Targeting Users' Master Passwords
Crims hit the easy button for IT helpdesk scams • The Register
'Contagious Interview' Attack Now Delivers Backdoor Via VS Code
What’s a browser-in-browser attack? The key traits to know | PCWorld
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
Phishing and Spoofed Sites Remain Primary Entry Points For Olympics - Infosecurity Magazine
2FA/MFA
One-time SMS links that never expire can expose personal data for years - Help Net Security
Artificial Intelligence
VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point Research
From Phishing to Reconnaissance: How Attackers Are Weaponizing Generative AI - GovInfoSecurity
Rising AI threats drive 82% of firms to boost cybersecurity budgets - Cryptopolitan
For the price of Netflix, crooks can rent AI crime ops • The Register
Cyber risk keeps winning, even as AI takes over - Help Net Security
Why CEOs and CISOs are split on AI-driven cyber risk | Invezz
Businesses are deploying AI agents faster than safety protocols can keep up, Deloitte says | ZDNET
New Android malware uses AI to click on hidden browser ads
AI Risks a Key Driver Behind Cyber Insurance Growth, Evolution | MSSP Alert
Privacy teams feel the strain as AI, breaches, and budgets collide - Help Net Security
Microsoft & Anthropic MCP Servers At Risk of RCE, Cloud Takeovers
A new European standard outlines security requirements for AI - Help Net Security
ChatGPT Health Raises Big Security, Safety Concerns
Gemini AI assistant tricked into leaking Google Calendar data
Pentagon's Use of Grok Raises AI Security Concerns
Curl shutters bug bounty program to stop AI slop • The Register
Bots/Botnets
RondoDox botnet exploits critical HPE OneView bug • The Register
ISP Sinkholes Kimwolf Servers Amid Eruption of Bot Traffic
Cloud/SaaS
Azure Identity Token Flaw Exposes Windows Admin Center to Tenant-Wide Breaches
Hackers exploit security testing apps to breach Fortune 500 firms
'Damn Vulnerable' Training Apps Leave Vendors' Clouds Exposed
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto
Cyber Crime, Organised Crime & Criminal Actors
For the price of Netflix, crooks can rent AI crime ops • The Register
Researchers Gained Access to Hacker Domain Server Using Name Server Delegation - Cyber Security News
Malware control panels could give experts the tools they need to spy on hackers | TechRadar
Cybercriminals speak the language young people trust - Help Net Security
Data Breaches/Leaks
750,000 Impacted by Data Breach at Canadian Investment Watchdog - SecurityWeek
Vastaamo hack: My darkest secrets were revealed to the world - BBC News
Grubhub confirms breach linked to Salesforce attacks | Cybernews
Ransomware attack on Ingram Micro impacts 42,000 individuals
When Space Isn’t Safe: Inside the European Space Agency’s Massive Cyberattack - Security Boulevard
UStrive security lapse exposed personal data of its users, including children | TechCrunch
DOGE shared Social Security data to unauthorized server, according to court filing | CNN Politics
Attackers claim theft of 183M records from major oil company | Cybernews
Data Protection
Europe’s GDPR cops dished out €1.2B in fines last year • The Register
Denial of Service/DoS/DDoS
Fresh alert warns of pro-Russia hackers targeting UK groups in cyber attacks
UK NCSC warns of Russia-linked hacktivists DDoS attacks
Encryption
Chinese military says it is developing over 10 quantum warfare weapons | South China Morning Post
A new framework helps banks sort urgent post-quantum crypto work from the rest - Help Net Security
Ireland explores legal spyware, encryption-breaking powers • The Register
Fraud, Scams and Financial Crime
Cyber fraud most pervasive global threat for CEOs: report
Banks: Even strict security measures may not protect customers from fraud | News | ERR
Irish university lost €2.3 million from cyber attack, report reveals | Crime World
Peruvian Loan Scam Harvests Cards and PINs via Fake Applications - Infosecurity Magazine
Insurance
AI Risks a Key Driver Behind Cyber Insurance Growth, Evolution | MSSP Alert
SMEs looking for cover as cyber risks mount
Internet of Things – IoT
Smart home hacking is a serious threat - but here's how experts actually stop it | ZDNET
Canada’s new EV deal with China prompts cybersecurity questions
TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking - SecurityWeek
Law Enforcement Action and Take Downs
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
Ukraine–Germany operation targets Black Basta, Russian leader wanted
Access broker caught: Jordanian pleads guilty to hacking 50 companies
Law enforcement tracks ransomware group blamed for massive financial losses - Help Net Security
Tennessee Man Pleads Guilty to Repeatedly Hacking Supreme Court’s Filing System - SecurityWeek
Linux and Open Source
Old Attack, New Speed: Researchers Optimize Page Cache Exploits - SecurityWeek
Malvertising
TamperedChef Malvertising Campaign Drops Malware via Fake PDF Manuals - Infosecurity Magazine
Malware
VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point Research
Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto
More malicious browser extensions uncovered - Chrome, Firefox, and Edge all affected | TechRadar
PDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR Evasion
New PDFSider Windows malware deployed on Fortune 100 firm's network
840,000+ users hit by malicious browser extensions. Uninstall these ASAP! | PCWorld
TamperedChef Malvertising Campaign Drops Malware via Fake PDF Manuals - Infosecurity Magazine
ISP Sinkholes Kimwolf Servers Amid Eruption of Bot Traffic
'Contagious Interview' Attack Now Delivers Backdoor Via VS Code
Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts
Malicious GhostPoster browser extensions found with 840,000 installs
Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations
Attackers are getting stealthier – how can defenders stay ahead? | TechRadar
New PixelCode Attack Smuggles Malware via Image Pixel Encoding
New Multi-Stage Windows Malware Disables Microsoft Defender Before Dropping Malicious Payloads
Credential-stealing Chrome extensions target enterprise HR platforms
Misinformation, Disinformation and Propaganda
Mainland deals with almost 4,000 cyber attacks from Taiwan in 2025-Xinhua
China says highly concerned about EU's cybersecurity package reportedly targeting China-Xinhua
Mobile
New Android malware uses AI to click on hidden browser ads
One-time SMS links that never expire can expose personal data for years - Help Net Security
Turn off this Pixel feature now - it could be leaking your background audio | ZDNET
Android’s new feature lets you see what happened after a break-in - Android Authority
Models, Frameworks and Standards
Europe’s GDPR cops dished out €1.2B in fines last year • The Register
EU Cyber Resilience Act: Key 2026 milestones toward CRA compliance | Hogan Lovells - JDSupra
EU Unveils Proposed Update to Cybersecurity Act - Infosecurity Magazine
EU tightens cybersecurity rules for tech supply chains - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
LastPass Warns of Fake Maintenance Messages Targeting Users' Master Passwords
Analysis of 6 Billion Passwords Shows Stagnant User Behavior - SecurityWeek
Account Compromise Surged 389% in 2025, Says eSentire - Infosecurity Magazine
Passwords are still a problem for UK businesses - what next? | TechRadar
Regulations, Fines and Legislation
Europe’s GDPR cops dished out €1.2B in fines last year • The Register
EU Cyber Resilience Act: Key 2026 milestones toward CRA compliance | Hogan Lovells - JDSupra
EU Unveils Proposed Update to Cybersecurity Act - Infosecurity Magazine
EU tightens cybersecurity rules for tech supply chains - Help Net Security
A new European standard outlines security requirements for AI - Help Net Security
Europe Readies Law to Eject Chinese Equipment From Telecoms
Starmer stares down social media ban barrel in latest U-turn • The Register
MPs question regulators’ capacity to meet cyber security demands
Beijing pledges to defend tech crown jewels against EU cyber rules – POLITICO
Social Media
Starmer stares down social media ban barrel in latest U-turn • The Register
Meta urges Australia to rethink 'blanket' social media ban for teens
Supply Chain and Third Parties
EU Cyber Resilience Act: Key 2026 milestones toward CRA compliance | Hogan Lovells - JDSupra
EU Commission publishes Cybersecurity Act revision proposal
Grubhub confirms breach linked to Salesforce attacks | Cybernews
Training, Education and Awareness
Hackers exploit security testing apps to breach Fortune 500 firms
Exposed training apps are showing up in active cloud attacks - Help Net Security
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Global tensions are pushing cyber activity toward dangerous territory - Help Net Security
Chinese military says it is developing over 10 quantum warfare weapons | South China Morning Post
From battlefield to courtroom - Emerging Europe
Former sailor sentenced to 16 years for selling information about US Navy ships to China | Euronews
US Cyberattack Blacks Out Venezuela, Leads to Maduro’s Capture in 2026 – DataBreaches.Net
Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities - The New York Times
Nation State Actors
Global tensions are pushing cyber activity toward dangerous territory - Help Net Security
China
VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point Research
MI5 to move cables away from China mega-embassy over spy fears
Chinese military says it is developing over 10 quantum warfare weapons | South China Morning Post
China-linked hackers exploited Sitecore zero-day for initial access
Cybersecurity Firms React to China's Reported Software Ban - SecurityWeek
Uncovered: Secret room beneath Chinese embassy that poses threat to City
China-linked APT UAT-8837 targets North American critical infrastructure
UK approves China plan for mega embassy in London despite spy fears | Reuters
Beijing pledges to defend tech crown jewels against EU cyber rules – POLITICO
Canada’s new EV deal with China prompts cybersecurity questions
Former sailor sentenced to 16 years for selling information about US Navy ships to China | Euronews
Russia
Fresh alert warns of pro-Russia hackers targeting UK groups in cyber attacks
UK NCSC warns of Russia-linked hacktivists DDoS attacks
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
Ukraine–Germany operation targets Black Basta, Russian leader wanted
A new cybersecurity course for military personnel has been launched in "Army+" | УНН
North Korea
'Contagious Interview' Attack Now Delivers Backdoor Via VS Code
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
Iran
Hackers target Iran’s state TV to air footage supporting exiled crown prince | The Independent
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Global tensions are pushing cyber activity toward dangerous territory - Help Net Security
Trump “Precision Cyber” Meant 150 Planes Bombing Venezuelan Infrastructure to Rubble | flyingpenguin
Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities - The New York Times
Tools and Controls
More malicious browser extensions uncovered - Chrome, Firefox, and Edge all affected | TechRadar
Rising AI threats drive 82% of firms to boost cybersecurity budgets - Cryptopolitan
63% of IT leaders say firms overestimate cyber recovery| Cybernews
UK firms' cybersecurity budget set for major increase - UKTN
For cyber risk assessments, frequency is essential | CSO Online
AI Risks a Key Driver Behind Cyber Insurance Growth, Evolution | MSSP Alert
Why CEOs and CISOs are split on AI-driven cyber risk | Invezz
Mandiant pushes organizations to dump insecure NTLMv1 by releasing a way to crack it – Computerworld
The internet's oldest trust mechanism is still one of its weakest links - Help Net Security
North Korea-Linked Hackers Target Developers via Malicious VS Code Projects
Passwords are still a problem for UK businesses - what next? | TechRadar
SMEs looking for cover as cyber risks mount
Privacy teams feel the strain as AI, breaches, and budgets collide - Help Net Security
Other News
Most SMBs aren't set up to survive a major cyberattack - here's what needs to be done | TechRadar
The internet's oldest trust mechanism is still one of its weakest links - Help Net Security
One in 10 UK Firms “Unlikely to Survive” Serious Cyber Incident - Infosecurity Magazine
Reinventing transformation - UKTN
When the Olympics connect everything, attackers pay attention - Help Net Security
Why Higher Ed CIOs Must Rethink Cybersecurity
British Army to spend £279 million on permanent cyber regiment base - Help Net Security
Confusion and fear send people to Reddit for cybersecurity advice - Help Net Security
Ports central to EU cybersecurity | News | Port Strategy
Best of British: UK's infosec envoys are mostly US firms • The Register
Insurance CEOs bullish on growth but flag cyber as top constraint - KPMG | Insurance Business
Vulnerability Management
Zero-Day Exploits Surge, 30% of Flaws Attacked Before Disclosure - Infosecurity Magazine
Experts welcome EU-led alternative to MITRE's vulnerability tracking scheme | IT Pro
Curl shutters bug bounty program to stop AI slop • The Register
Vulnerabilities
Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) - Help Net Security
Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex
More Problems for Fortinet: Critical FortiSIEM Flaw Exploited
Fortinet admins report patched FortiGate firewalls getting hacked
Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations
New research shows Bluetooth devices are at risk of hijack - Trusted Reviews
Azure Identity Token Flaw Exposes Windows Admin Center to Tenant-Wide Breaches
Microsoft issues emergency patch for latest Windows bugs - grab it ASAP | ZDNET
Zoom fixed critical Node Multimedia Routers flaw
Microsoft & Anthropic MCP Servers At Risk of RCE, Cloud Takeovers
Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers
ACME Flaw in Cloudflare allowed attackers to reach origin servers
RondoDox botnet exploits critical HPE OneView bug • The Register
CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution
Oracle Critical Security Patch - 337 Vulnerabilities Patched Across Product Families
China-linked hackers exploited Sitecore zero-day for initial access
SmarterMail auth bypass flaw now exploited to hijack admin accounts
Critical Appsmith Flaw Enables Account Takeovers - Infosecurity Magazine
GitLab patches major security flaw - here's what we know | TechRadar
TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking - SecurityWeek
RealHomes CRM Plugin Flaw Affected 30,000 WordPress Sites - Infosecurity Magazine
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 16 January 2026
Black Arrow Cyber Threat Intelligence Briefing 16 January 2026:
-We’re Moving Too Fast: Why AI’s Race to Market Is a Security Disaster
-The Speed Mismatch Putting Modern Security At Risk
-New Intelligence Is Moving Faster than Enterprise Controls
-Cyber Risk Enters a New Era as AI and Supply Chains Reshape Global Security
-Allianz Risk Barometer 2026: Cyber Remains Top Business Risk but AI Fastest Riser at #2
-Downtime Pushes Resilience Planning into Security Operations
-Executives More Likely to Take Phishing Bait than Junior Staff
-QR Codes Are Getting Colourful, Fancy, and Dangerous
-Convincing LinkedIn Comment-Reply Tactic Used in New Phishing
-Cyber Criminals Recruiting Insiders at Specific Organisations
-Ransomware Activity Surges to Record Levels
-State-Backed Cyberattacks Are No Longer a Government Problem – They’re Now a Boardroom Priority
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Looking at various sources in this week’s review, the recurring conclusion is the need for organisations to make sure they understand the risks of AI before and during its use. Examples include a vulnerability in popular business software that allowed abuse by attackers, while organisations are deploying AI faster than their security. AI, and cyber risks in general, are top business risks according to research by the World Economic Forum and Allianz.
From a business leadership perspective, cyber reliance is increasingly important, yet research shows that executives are more likely to fall for a phishing attack. We look at emerging threats to businesses, including stylised QR codes, LinkedIn scams and attackers recruiting insiders to gain entry to targeted organisations. Ransomware remains a primary risk and is at record levels.
We are consistent in our messaging on how business leaders should address these risks. Ensure you have a contemporary understanding of how cyber is evolving, through our weekly threat intelligence briefings and leadership training, and establish a proportionate strategy to address the risks across people, operations and technology. By gaining your own impartial perspective, you will be better placed to govern and challenge others who are designing and maintaining your security controls.
Top Cyber Stories of the Last Week
We’re Moving Too Fast: Why AI’s Race to Market Is a Security Disaster
A critical ServiceNow AI vulnerability demonstrates how weaknesses introduced during rapid AI deployment can lead to serious security failures. The flaw allowed unauthenticated attackers to impersonate administrators and abuse AI agents. Default configurations, weak authentication and limited oversight are common in agentic AI systems, expanding organisational attack surfaces and enabling privilege abuse through automation.
The Speed Mismatch Putting Modern Security At Risk
Attackers now operate at machine speed, while many organisations still rely on quarterly or annual security checks. This gap creates hidden risk, as vulnerabilities can appear and disappear between reviews and be exploited before they are identified. Security validation must move away from periodic checks and keep pace with continuously changing systems and attack activity.
New Intelligence Is Moving Faster than Enterprise Controls
Enterprises are deploying AI faster than supporting infrastructure, governance and data controls can keep up, according to NTT research. Only a small proportion of organisations can operate AI at scale, with infrastructure limits and weak data hygiene creating security and reliability risks. The use of unsanctioned AI tools raises concerns around data leakage and inaccurate outputs, while governance maturity varies widely.
Source: https://www.helpnetsecurity.com/2026/01/16/ntt-data-enterprise-ai-governance/
Cyber Risk Enters a New Era as AI and Supply Chains Reshape Global Security
According to the World Economic Forum’s Global Cybersecurity Outlook 2026, AI‑related vulnerabilities surged more than any other cyber risk in 2025. Many organisations reported sensitive data leaking through generative AI tools as adoption outpaces governance, and a significant share of respondents expressed growing concern over attackers’ use of advanced AI capabilities. Uneven cyber security strength across suppliers and regions increases the risk that incidents spread beyond individual organisations, causing wider disruption across connected ecosystems.
Source: https://petri.com/cyber-risk-ai-supply-chains-global-security/
Allianz Risk Barometer 2026: Cyber Remains Top Business Risk but AI Fastest Riser at #2
Cyber incidents remain the top global business risk for the fifth consecutive year, ranked number one by 42% of respondents worldwide, driven largely by ransomware. AI rose from #10 to #2 as adoption accelerates faster than governance, creating operational, legal and reputational risk. Supply chain dependence and third‑party exposure continue to amplify the impact of disruption across businesses of all sizes.
Downtime Pushes Resilience Planning into Security Operations
Operational disruption and prolonged downtime caused by security incidents are becoming routine, with recovery often taking days and direct remediation costs reaching millions. These impacts are now prominent in board discussions. In response, research shows that CISOs are increasingly defining success in their role based on recovery and continuity rather than prevention alone, with growing executive expectations and accountability for restoring operations from risks including ransomware, supply chains, insiders and failures in trusted security software.
Source: https://www.helpnetsecurity.com/2026/01/12/absolute-ciso-resilience-planning/
Executives More Likely to Take Phishing Bait than Junior Staff
Yubico data shows over 11% of C‑suite respondents interacted with phishing in the past week, compared to 8.8% of entry‑level staff. Perception gaps persist, with 44% of C‑suite respondents saying they believe their organisation’s cyber security is “very good”, compared with 25% of entry‑level staff. Small businesses show low training and MFA adoption, increasing exposure to AI‑driven social engineering.
Source: https://betanews.com/article/executives-more-likely-to-take-phishing-bait-than-junior-staff/
QR Codes Are Getting Colourful, Fancy, and Dangerous
QR codes are increasingly used by attackers in phishing campaigns known as quishing. Research highlights how stylised QR codes using colours, logos and backgrounds preserve scan reliability while evading traditional URL inspection and email security controls. Industry data shows 22% of QR‑related attacks involve phishing, with state‑sponsored and criminal actors using redirection chains to harvest credentials via mobile devices.
Source: https://www.helpnetsecurity.com/2026/01/15/fancy-qr-codes-phishing-risk/
Convincing LinkedIn Comment-Reply Tactic Used in New Phishing
Attackers are posting fake LinkedIn comment replies impersonating the platform to claim policy violations and drive users to phishing sites. Some campaigns abuse LinkedIn’s own lnkd.in shortener, obscuring destinations. Fake company pages using LinkedIn branding have been identified, with LinkedIn confirming it does not notify users of violations via public comments.
Cyber Criminals Recruiting Insiders at Specific Organisations
Dark web forums show criminals actively seeking insiders at named organisations to access customer data and internal systems. Listings target crypto firms, consultancies and consumer platforms, offering payments of $3,000–$15,000. Insiders can bypass standard alerts, with researchers citing previous incidents where recruited employees enabled large‑scale data theft and financial loss.
Source: https://www.itpro.com/security/cyber-criminals-recruiting-insiders-at-specific-organizations
Ransomware Activity Surges to Record Levels
Global ransomware activity reached record levels in 2025, with 2,287 victims reported in Q4 alone and 124 active ransomware groups, a 46% year‑on‑year increase. Victim numbers rose 58% as law enforcement pressure fragmented larger groups of attackers into many smaller operators running frequent, repeatable attacks. The US accounted for 55% of victims, but activity remains global and sustained.
Source: https://betanews.com/article/ransomware-activity-surges-to-record-levels/
State-Backed Cyberattacks Are No Longer a Government Problem – They’re Now a Boardroom Priority
State‑backed actors increasingly target private organisations and supply chains rather than governments alone. The UK NCSC handled 204 nationally significant incidents in 12 months, up from 89 the previous year. Smaller suppliers are frequently exploited as backdoors, with resilience, governance and supply chain controls highlighted as practical responses to persistent geopolitical cyber threats.
Governance, Risk and Compliance
Executives more likely to take phishing bait than junior staff - BetaNews
Businesses in 2026: AI security oh yeah better look at that • The Register
Business leaders see AI risks and fraud outpacing ransomware, says WEF | Computer Weekly
Privacy and Cybersecurity Laws in 2026 Pose Challenges
Downtime pushes resilience planning into security operations - Help Net Security
Cyber Risk Enters a New Era as AI Reshapes Global Security
CISOs flag gaps in third-party risk management - Help Net Security
CISO Succession Crisis Highlights How Turnover Amplifies Risks
Allianz Risk Barometer 2026: Cyber Remains Top Business Risk but AI Fastest Riser at #2
CISO Role Reaches “Inflexion Point” With Executive-Level Titles - Infosecurity Magazine
Technology dominates global risk concerns – Allianz
What insurers expect from cyber risk in 2026 - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
The Ransomware Paradox: Why Payments Are Soaring as Attacks “Drop” | MSSP Alert
Ransomware activity surges to record levels - BetaNews
Ransomware activity never dies, it multiplies - Help Net Security
Business leaders see AI risks and fraud outpacing ransomware, says WEF | Computer Weekly
Threat Actors Attacking Systems with 240+ Exploits Before Ransomware Deployment
Ransomware: Tactical Evolution Fuels Extortion Epidemic | SECURITY.COM
Takedowns and arrests didn't slow down ransomware in 2025 | TechRadar
DeadLock ransomware uses smart contracts to evade defenders • The Register
Ransomware by the Numbers: Count of Victims and Groups Surge
Fog Ransomware Attacking US Organizations Leveraging Compromised VPN Credentials
France swaps alleged ransomware crook for conflict researcher • The Register
Sicarii Ransomware: Truth vs Myth - Check Point Research
MEED | Construction is third most targeted sector by ransomware
Ransomware Victims
South Korean giant Kyowon confirms data theft in ransomware attack
Cyberattack forces Belgian hospitals to cancel surgeries | Cybernews
Government statement on 'serious cyber attack' at Nuneaton school | Coventry Live
Belgian hospitals refuse ambulances following cyberattack • The Register
Phishing & Email Based Attacks
Executives more likely to take phishing bait than junior staff - BetaNews
QR codes are getting colorful, fancy, and dangerous - Help Net Security
FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes - SecurityWeek
North Korea turns QR codes into phishing weapons • The Register
FBI Flags Quishing Attacks From North Korean APT
Why can’t companies stop social engineering attacks?
Hackers Use Fake PayPal Notices to Steal Credentials, Deploy RMMs - Infosecurity Magazine
Trellix warns of advanced Facebook phishing using browser-in-the-browser attacks - SiliconANGLE
Facebook login thieves now using browser-in-browser trick
Phishing scammers are posting fake “account restricted” comments on LinkedIn | Malwarebytes
MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors
Why QR Codes Are Education's New Phishing Blind Spot - Security Boulevard
Fake Facebook pop-ups mimic browser window | Cybernews
Browser-in-the-Browser phishing is on the rise: Here's how to spot it - Help Net Security
China spies used Maduro capture as lure to phish US agencies • The Register
Other Social Engineering
QR codes are getting colorful, fancy, and dangerous - Help Net Security
Impersonation Fraud Drives Record $17bn in Crypto Losses - Infosecurity Magazine
Why can’t companies stop social engineering attacks?
Hackers Use Fake PayPal Notices to Steal Credentials, Deploy RMMs - Infosecurity Magazine
Phishing scammers are posting fake “account restricted” comments on LinkedIn | Malwarebytes
Fake Facebook pop-ups mimic browser window | Cybernews
Browser-in-the-Browser phishing is on the rise: Here's how to spot it - Help Net Security
Artificial Intelligence
Businesses in 2026: AI security oh yeah better look at that • The Register
Business leaders see AI risks and fraud outpacing ransomware, says WEF | Computer Weekly
Cyber Risk Enters a New Era as AI Reshapes Global Security
Allianz Risk Barometer 2026: Cyber Remains Top Business Risk but AI Fastest Riser at #2
WEF: Deepfake Face-Swapping Tools Are Creating Critical Risks - Infosecurity Magazine
Top cyber threats to your AI systems and infrastructure | CSO Online
LLMs in Attacker Crosshairs, Warns Threat Intel Firm - SecurityWeek
We’re Moving Too Fast: Why AI’s Race to Market Is a Security Disaster - Security Boulevard
New intelligence is moving faster than enterprise controls - Help Net Security
AI-Powered Truman Show Operation Industrializes Investment Fraud - Infosecurity Magazine
Hackers target misconfigured proxies to access paid LLM services
Generative AI in Enterprises: Security Risks Most Companies Are Not Measuring - Security Boulevard
Mac users are being targeted by a fake Grok app, and it's powered by AI - PhoneArena
AI driving serious fraud spike – WEF
What Should We Learn From How Attackers Leveraged AI in 2025?
Your Copilot data can be hijacked with a single click - here's how | ZDNET
AI Agents Are Becoming Authorization Bypass Paths
The quiet way AI normalizes foreign influence | CyberScoop
Malaysia and Indonesia block X over deepfake smut • The Register
Elon Musk calls UK government ‘fascist’ over touted X ban
California AG launches investigation into X’s sexualized deepfakes | CyberScoop
Vibe coding security risks and how to mitigate them | TechTarget
Ofcom continues X probe despite Grok 'nudify' fix • The Register
Bots/Botnets
Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers
GoBruteforcer Botnet Targeting Crypto, Blockchain Projects - SecurityWeek
Careers, Roles, Skills, Working in Cyber and Information Security
We're losing in recruitment | Professional Security Magazine
Cloud/SaaS
New Linux malware targets the cloud, steals creds, then vanishes • The Register
New Chinese-Made Malware Framework Targets Linux Cloud Environments - Infosecurity Magazine
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Impersonation Fraud Drives Record $17bn in Crypto Losses - Infosecurity Magazine
Crypto crime hits record levels as state actors move billions - Help Net Security
GoBruteforcer Botnet Targeting Crypto, Blockchain Projects - SecurityWeek
Betterment Customer Data Accessed in Online Crypto Scam Attack
Cyber Crime, Organised Crime & Criminal Actors
Russia’s Cyber Sanctuary in Transition: Implications for Global Cybercrime | Geopolitical Monitor
Europol Leads Global Crackdown on Black Axe Cybercrime Gang, 34 Arrest - Infosecurity Magazine
The country at the heart of the global scam industry
Exclusive research: Cybersecurity issues may worsen in 2026 | PaymentsSource | American Banker
The New Threats: Attackers Don't Just Break In, They Blend In - The New Stack
We're losing in recruitment | Professional Security Magazine
Why are cybercriminals getting younger? | TechRadar
BreachForums Breach Exposes 324K Cybercriminals
Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages
BreachForums Data Leak Raises Fresh Questions Over Credibility - IT Security Guru
Data Breaches/Leaks
Russia’s Fancy Bear APT Doubles Down on Global Secrets Theft
France fines telcos €42M for issues leading to 2024 breach • The Register
California bans data broker reselling health data of millions
After Goldman, JPMorgan Discloses Law Firm Data Breach - SecurityWeek
Sensitive data of Eurail, Interrail travelers compromised in data breach - Help Net Security
BreachForums Data Leak Raises Fresh Questions Over Credibility - IT Security Guru
BreachForums hacking forum database leaked, exposing 324,000 accounts
Manage My Health starts notifying affected practices after major cyber breach | Cybernews
Second health provider, Canopy Health, hit in major cyber attack | RNZ News
Central Maine Healthcare breach exposed data of over 145,000 people
Instagram denies data breach after password reset emails spark leak claims - SiliconANGLE
Target employees confirm leaked source code is authentic
Threat actor claims the theft of full customer data from Spanish energy firm Endesa
Denial of Service/DoS/DDoS
ICE Agent Doxxing Site DDoS-ed Via Russian Servers - Infosecurity Magazine
Encryption
EU’s Chat Control could put government monitoring inside robots - Help Net Security
Michael Tsai - Blog - UK Child Protections and Messaging Backdoor
WFE Urges Regulators to Balance Quantum Risks With Immediate Cyber Threats - FinanceFeeds
G7 Sets 2034 Deadline for Finance to Adopt Quantum-Safe Systems - Infosecurity Magazine
Fraud, Scams and Financial Crime
Impersonation Fraud Drives Record $17bn in Crypto Losses - Infosecurity Magazine
Cyber Fraud Overtakes Ransomware as Top CEO Concern: WEF - SecurityWeek
WEF: Deepfake Face-Swapping Tools Are Creating Critical Risks - Infosecurity Magazine
The country at the heart of the global scam industry
Exclusive research: Cybersecurity issues may worsen in 2026 | PaymentsSource | American Banker
Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages
AI-Powered Truman Show Operation Industrializes Investment Fraud - Infosecurity Magazine
AI driving serious fraud spike – WEF
Phishing scammers are posting fake “account restricted” comments on LinkedIn | Malwarebytes
Online shoppers at risk as Magecart skimming hits major payment networks | Malwarebytes
Identity and Access Management
AI Agents Are Becoming Authorization Bypass Paths
Insurance
What insurers expect from cyber risk in 2026 - Help Net Security
US regulator tells GM to hit the brakes on customer tracking • The Register
Insider Risk and Insider Threats
Cyber criminals recruiting insiders at specific organizations | IT Pro
Internet of Things – IoT
Is your smart home at risk of being hacked? 6 ways experts lock theirs down | ZDNET
Sorry I'm late for work boss, my car's been hacked | Autocar
Why hacking could be the biggest threat facing automotive | Autocar
Multiple Hikvision Vulnerabilities Let Attackers Cause Device Malfunction Using Crafted Packets
China targets US cybersecurity firms, Tesla's FSD subscription
Law Enforcement Action and Take Downs
Takedowns and arrests didn't slow down ransomware in 2025 | TechRadar
Europol Leads Global Crackdown on Black Axe Cybercrime Gang, 34 Arrest - Infosecurity Magazine
Dutch cops cuff alleged AVCheck malware kingpin in Amsterdam • The Register
Why are cybercriminals getting younger? | TechRadar
Hacker gets seven years for breaching Rotterdam and Antwerp ports
'Violence-as-a-service' suspect arrested • The Register
Appeal fails for hacker who opened port to coke smugglers • The Register
Illinois man charged with hacking Snapchat accounts to steal nude photos
Linux and Open Source
New Linux malware targets the cloud, steals creds, then vanishes • The Register
GoBruteforcer Botnet Targets 50K-plus Linux Servers
New Chinese-Made Malware Framework Targets Linux Cloud Environments - Infosecurity Magazine
Europe Has a New Plan to Break Free from US Tech Dominance
Malware
New Linux malware targets the cloud, steals creds, then vanishes • The Register
ValleyRAT_S2 Attacking Organizations to Deploy Stealthy Malware and Extract Financial Details
GoBruteforcer Botnet Targets 50K-plus Linux Servers
Mac users are being targeted by a fake Grok app, and it's powered by AI - PhoneArena
Beware of Weaponized Employee Performance Reports that Deploys Guloader Malware
New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack
How real software downloads can hide remote backdoors | Malwarebytes
Gootloader now uses 1,000-part ZIP archives for stealthy delivery
Dutch cops cuff alleged AVCheck malware kingpin in Amsterdam • The Register
Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers
China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware
MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors
PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces
Misinformation, Disinformation and Propaganda
The quiet way AI normalizes foreign influence | CyberScoop
Mobile
Your phone is sharing data without your knowledge - how to stop it ASAP | ZDNET
Apple iPhone Attacks Confirmed — Experts Warn 'Update Now or Stay Exposed' | IBTimes
Tories want kids off social media and phones out of schools • The Register
Models, Frameworks and Standards
UK government exempting itself from flagship cyber law inspires little confidence • The Register
Parliament Asks Security Pros to Shape Cyber Security and Resilience Bill - Infosecurity Magazine
Michael Tsai - Blog - UK Child Protections and Messaging Backdoor
Outages
Investor Lawsuit Over CrowdStrike Outage Dismissed - SecurityWeek
Verizon blames nationwide outage on a "software issue"
Passwords, Credential Stuffing & Brute Force Attacks
Fog Ransomware Attacking US Organizations Leveraging Compromised VPN Credentials
Credential-harvesting attacks by APT28 hit Turkish, European, and Central Asian organizations
Regulations, Fines and Legislation
UK government exempting itself from flagship cyber law inspires little confidence • The Register
Privacy and Cybersecurity Laws in 2026 Pose Challenges
France fines telcos €42M for issues leading to 2024 breach • The Register
Elon Musk calls UK government ‘fascist’ over touted X ban
California AG launches investigation into X’s sexualized deepfakes | CyberScoop
EU’s Chat Control could put government monitoring inside robots - Help Net Security
Dems pressure Google, Apple to drop X app as international regulators turn up heat | CyberScoop
Ofcom continues X probe despite Grok 'nudify' fix • The Register
The US doesn’t need a Cyber Force: it needs to prioritize cybersecurity
Hill warning: Don’t put cyber offense before defense | CyberScoop
Treat US tech firms the same as Chinese providers say campaigners | UKAuthority
UK backtracks on digital ID requirement for right to work • The Register
US cybersecurity weakened by congressional delays despite Plankey renomination | CSO Online
Social Media
Phishing scammers are posting fake “account restricted” comments on LinkedIn | Malwarebytes
Ofcom continues X probe despite Grok 'nudify' fix • The Register
Browser-in-the-Browser phishing is on the rise: Here's how to spot it - Help Net Security
Trellix warns of advanced Facebook phishing using browser-in-the-browser attacks - SiliconANGLE
Facebook login thieves now using browser-in-browser trick
Tories want kids off social media and phones out of schools • The Register
Instagram says it fixed the issue behind shady password reset emails - Digital Trends
Instagram denies breach amid claims of 17 million account data leak
Supply Chain and Third Parties
Cyber Risk Enters a New Era as AI Reshapes Global Security
CISOs flag gaps in third-party risk management - Help Net Security
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
The quiet way AI normalizes foreign influence | CyberScoop
Is the US adopting the gray zone cyber playbook? | CyberScoop
Estonia: Small State Security and the International Order
Taiwan Endures Greater Cyber Pressure From China
Nation State Actors
Cyber Risk Enters a New Era as AI Reshapes Global Security
The quiet way AI normalizes foreign influence | CyberScoop
Crypto crime hits record levels as state actors move billions - Help Net Security
China
New Linux malware targets the cloud, steals creds, then vanishes • The Register
China crew abused ESXi zero-days a year before disclosure • The Register
Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways
New Chinese-Made Malware Framework Targets Linux Cloud Environments - Infosecurity Magazine
China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware
China bans U.S. and Israeli cybersecurity software over security concerns
Taiwan Endures Greater Cyber Pressure From China
China spies used Maduro capture as lure to phish US agencies • The Register
Treat US tech firms the same as Chinese providers say campaigners | UKAuthority
Russia
Russia’s Fancy Bear APT Doubles Down on Global Secrets Theft
Russia’s Cyber Sanctuary in Transition: Implications for Global Cybercrime | Geopolitical Monitor
Credential-harvesting attacks by APT28 hit Turkish, European, and Central Asian organizations
Russia-linked APT28 targets energy and defense groups tied to NATO | SC Media
Ukraine's army targeted in new charity-themed malware campaign
PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces
ICE Agent Doxxing Site DDoS-ed Via Russian Servers - Infosecurity Magazine
France swaps alleged ransomware crook for conflict researcher • The Register
Estonia: Small State Security and the International Order
North Korea
FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes - SecurityWeek
North Korea turns QR codes into phishing weapons • The Register
FBI Flags Quishing Attacks From North Korean APT
Iran
MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors
Iran cuts Internet nationwide amid deadly protest crackdown
‘Kill Switch’—Iran Shuts Down Starlink Internet For First Time
Trump’s cyber options in Iran - POLITICO
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Cyber Risk Enters a New Era as AI Reshapes Global Security
The quiet way AI normalizes foreign influence | CyberScoop
Venezuelan Oil Industry Is Running on WhatsApp After Cyberattack - Bloomberg
Trump’s cyber options in Iran - POLITICO
Treat US tech firms the same as Chinese providers say campaigners | UKAuthority
Is the US adopting the gray zone cyber playbook? | CyberScoop
How hackers fight back against ICE surveillance tech • The Register
Tools and Controls
Hackers Use Fake PayPal Notices to Steal Credentials, Deploy RMMs - Infosecurity Magazine
CISOs flag gaps in third-party risk management - Help Net Security
Fog Ransomware Attacking US Organizations Leveraging Compromised VPN Credentials
Vibe coding security risks and how to mitigate them | TechTarget
Downtime pushes resilience planning into security operations - Help Net Security
China bans U.S. and Israeli cybersecurity software over security concerns
What insurers expect from cyber risk in 2026 - Help Net Security
The 2 faces of AI: How emerging models empower and endanger cybersecurity | CSO Online
DRAM shortage may drive firewall prices higher: analysts • The Register
Deploying AI agents is not your typical software launch - 7 lessons from the trenches | ZDNET
Reports Published in the Last Week
The State of Ransomware in the U.S.: Report and Statistics 2025
Other News
The Speed Mismatch Putting Modern Security At Risk
UK establishes Government Cyber Unit to protect against large-scale cyberattacks - SZR | УНН
New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification
Cyber body ISC2 signs on as UK software security ambassador | Computer Weekly
Hedge funds step up cybersecurity spending amid rising threats and regulatory pressure - Hedgeweek
Act Now To Enhance Your Business's Cyber Resilience - British Chambers of Commerce
Cyber Threat Actors Ramp Up Attacks on Industrial Environments - Infosecurity Magazine
The concerning cyber-physical security disconnect | SC Media
The US doesn’t need a Cyber Force: it needs to prioritize cybersecurity
Vulnerability Management
Vulnerabilities Surge, But Messy Reporting Blurs Picture
Vulnerabilities
Hackers Launched 8.1 Million Attack Sessions to React2Shell Vulnerability
China crew abused ESXi zero-days a year before disclosure • The Register
Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways
Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws
PoC exploit for critical FortiSIEM vulnerability released (CVE-2025-64155) - Help Net Security
Apple iPhone Attacks Confirmed — Experts Warn 'Update Now or Stay Exposed' | IBTimes
Hackers exploit Modular DS WordPress plugin flaw for admin access
Microsoft SQL Server Vulnerability Allows Attackers to Elevate Privileges over a Network
Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking | WIRED
Flipping one bit leaves AMD CPUs open to VM vuln • The Register
Trend Micro Patches Critical Code Execution Flaw in Apex Central - SecurityWeek
CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution
'Most Severe AI Vulnerability to Date' Hits ServiceNow
Adobe Patches Critical Apache Tika Bug in ColdFusion - SecurityWeek
SAP's January 2026 Security Updates Patch Critical Vulnerabilities - SecurityWeek
Broadcom Wi-Fi Chipset Flaw Allows Hackers to Disrupt Networks - SecurityWeek
8000+ SmarterMail Hosts Vulnerable to RCE Attack - PoC Exploit Released
US government told to patch high-severity Gogs security issue or face attack | TechRadar
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Advisory - 14 January 2026 - Security Updates - Microsoft, SAP, Adobe
Black Arrow Cyber Advisory - 14 January 2026 - Security Updates - Microsoft, SAP, Adobe
Executive Summary
January’s security releases are dominated by Microsoft’s Patch Tuesday, which addresses over a hundred CVEs and includes an actively exploited zero-day, alongside SAP fixes containing multiple critical issues and Adobe updates across key Creative Cloud applications plus ColdFusion. The highest risks this month centre on remote code execution, elevation of privilege, and injection flaws affecting business-critical and user-facing systems. Prioritise patching for internet-facing services, identity and access components, and widely deployed endpoint and productivity tooling.
Vulnerabilities by Vendor
Microsoft[1]: 112 vulnerabilities, affecting Windows, Microsoft 365 and Office, browser components, developer tools, and enterprise services. Prioritise updates addressing actively exploited vulnerabilities and critical remote code execution or privilege escalation paths, especially on internet facing and end user endpoints.
SAP[2]: 19 vulnerabilities affecting SAP S/4HANA (private cloud and on premise), SAP HANA, SAP NetWeaver (including AS ABAP and Enterprise Portal), RFCSDK, Identity Management, and supporting components. Prioritise critical and high severity fixes first, particularly where systems are exposed to users, integrations, or administrative workflows.
Adobe[3]: 25 vulnerabilities affecting Creative Cloud applications (including Dreamweaver, InDesign, Illustrator, InCopy, Bridge, and Substance 3D tools) plus ColdFusion. Prioritise updates that address arbitrary code execution, and treat ColdFusion as urgent where it is deployed in production or accessible to untrusted inputs.
What’s the risk to me or my business?
The presence of actively exploited zero-days and critical RCE/privilege escalation vulnerabilities across major enterprise platforms significantly elevates the risk of data breaches, lateral movement, malware deployment, and full system compromise.
What can I do?
Black Arrow recommends promptly applying the available security updates for all affected products. Prioritise patches for vulnerabilities that are actively exploited or rated as critical or high severity. Regularly review and update your organisation's security policies and ensure that all systems are running supported and up-to-date software versions.
Footnotes:
1 Microsoft — https://msrc.microsoft.com/update-guide/releaseNote/2026-Jan
2 SAP — https://support.sap.com/en/my-support/knowledge-base/security-notes-news/january-2026.html
3 Adobe — https://helpx.adobe.com/security.html
Black Arrow Cyber: 5 Cyber Predictions for Business Leaders in 2026, and What You Need to Do
Throughout the year in our weekly Cyber Threat Intelligence Briefing, we bring you insights into the evolving cyber risks that your business faces and importantly, what you can do about them. As a business leader, you are not expected to be a cyber expert; you just need a sound grasp of the fundamentals, and an objective assessment of your risks and controls from an impartial expert so you can appropriately challenge your control providers. Proportionality and impartiality are key, and so too is keeping up to date with how the ground is shifting.
Throughout the year in our weekly Cyber Threat Intelligence Briefing, we bring you insights into the evolving cyber risks that your business faces and importantly, what you can do about them. As a business leader, you are not expected to be a cyber expert; you just need a sound grasp of the fundamentals, and an objective assessment of your risks and controls from an impartial expert so you can appropriately challenge your control providers. Proportionality and impartiality are key, and so too is keeping up to date with how the ground is shifting.
Here are five of our focus areas for this year, to help keep your business running in a more secure environment. Other risks such as ransomware and business email compromise remain high on the list too. We discuss these and many others in our weekly threat intelligence email; subscribe today and contact us for impartial expertise on how to address your risks through proportionate security.
1. Tailored Attacks Using Agentic AI
Agentic AI tools can autonomously design and execute attacks, leveraging resources they identify. We already saw examples in 2025, and this will ramp up in 2026. The result is faster and more potent attacks, tailored to the victim.
What to do: review your controls including vulnerability management, access management, and monitoring and detection. And keep your finger on the pulse through good governance; this includes discussing reports and knowing how to challenge what you see, and keeping abreast of evolving risks through threat intelligence.
2. Deepfake and Voice AI Become Commonplace
What was considered sophisticated deepfake in 2025 will be commonplace in 2026. Technology has advanced and is more widely used since the infamous $25m deepfake payment fraud in Hong Kong. AI deepfake video and voice will be used increasingly in social engineering attacks for fraudulent payment callbacks, malicious employee recruitment, and other attacks.
What to do: assess your security across your people, operations and technology, because that is what the attacker is doing. Review your controls and processes, including the use of purchase orders and outbound callback checks. Train your people on why the controls exist, how to stick to them, and how to raise a flag if something is unusual such as someone scheduling a work call via WhatsApp.
3. Break In Through the Supply Chain
When attackers compromise a service provider, such as an MSP or payroll provider, they can access the systems and data of all its customers, including yours. Remember also, it’s about your supply chain, not just your suppliers. For example, consider how readily you click on a SharePoint link in a client email, and whether that email could be sent by an attacker lurking in your client’s systems.
What to do: Check how your third parties identify and mitigate the risk of attacker access. Do this by asking targeted questions, and evaluating the responses including with support from impartial experts. From this, assess what controls you need to have to manage any resulting risks to you.
4. Regulatory Consequences
Regulators are taking a harder line on penalties after a cyber or data breach. Looking at the published reports by authorities in different countries, they appear increasingly frustrated when breaches harm the public due to organisations failing to implement proportionate security measures. Regulations are tightening, from the EU’s DORA in 2025 to new laws anticipated in countries such as the UK.
What to do: implement proportionate and credible governance over your cyber security; the UK’s Cyber Governance Code of Practice is a good starting point, and note its repeated use of “Gain assurance that…”. This means avoiding ‘compliance theatre’, instead recognising that the true objective is to defend yourself against the attacker, not just the regulator.
5. Resilience and Security
We see a greater focus on cyber resilience, building on and going beyond the foundations of cyber security. Good security can reduce the frequency and impact of a cyber incident, while cyber resilience requires business leaders to acknowledge evolving attacker tactics and ask ‘Yes, we have some good security, but what do we do if someone still gets through?’. In late 2025 for example, the UK Government wrote to business leaders urging them to prepare for managing a cyber incident.
What to do: get your leadership team together in a workshop, assume an attacker has breached your security, and work through your responses across people, operations and technology. The conversation needs to be run by a skilled cyber specialist who is not a control provider, to freely explore the possibilities. Consider also the paper-and-pen operational processes you will use during an incident, and challenge every assumption by creating an open and collaborative workshop environment.
Subscribe to our weekly Cyber Threat Intelligence Briefing via our website www.blackarrowcyber.com, and contact us to hear how we are supporting clients in various countries and sectors to manage their cyber security risks in a proportionate way.
Black Arrow Cyber Threat Intelligence Briefing 09 January 2025
Black Arrow Cyber Threat Intelligence Briefing 09 January 2026:
-2025 Proved Hackers Aren’t Slowing Down – and Neither Should You
-Ransomware Attacks Kept Climbing in 2025 as Gangs Refused to Stay Dead
-Phishing Kits Soared in Popularity Last Year as Rookie Hackers Ramped Up DIY Cyber Attacks
-Cyber Risk Trends for 2026: Building Resilience, Not Just Defences
-Cyber Risk in 2026: How Geopolitics, Supply Chains and Shadow AI Will Test Resilience
-Average Cyberattack Cost Hits $2.5M as Recovery Lags
-New Phishing Attack Impersonate as DocuSign Deploys Stealthy Malware on Windows Systems
-Phishers Exploit Office 365 Users Who Let Their Guard Down
-Dozens of Organisations Fall Victim to Infostealers After Failing to Enforce MFA
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week’s review of cyber security insights in the specialist and general media includes a look back at 2025 and a look forward to 2026, with recommended focus areas for business leaders. Last year saw an increase in attacks and a greater focus on gaining entry through employees and third parties, and exploiting insufficient controls around access management.
The escalation in risks requires business leaders in 2026 to test their resilience to a cyber attack through rehearsals of the incident response plan. From experience of running many simulations with clients across the world, we strongly recommend the rehearsal should be led by an impartial cyber and business expert to take you and your control providers, including IT, into ‘what if’ scenarios that help to flush out assumptions.
This week, we also include news on attack campaigns for you to be aware of, including fake DocuSign emails and the continued attacks on organisations that rely only on passwords to secure access.
Contact us to discuss how to reflect our threat intelligence briefing in your approach to cyber security, in an impartial and proportionate manner.
Top Cyber Stories of the Last Week
2025 Proved Hackers Aren’t Slowing Down – and Neither Should You
Cyber activity intensified in 2025, with ransomware, espionage, cryptomining and infostealers hitting manufacturing, aerospace and critical infrastructure. Attackers are moving beyond passwords to session token theft, exploiting non-human identities and AI-driven social engineering. The Jaguar Land Rover incident shows third-party compromise can cripple operations. Business leaders should prioritise a Zero Trust model, and encourage staff to pause before clicking and to verify urgent requests before acting.
Source: https://www.phonearena.com/news/2025-proved-hackers-arent-slowing-down-neither-should-you_id177153
Ransomware Attacks Kept Climbing in 2025 as Gangs Refused to Stay Dead
Ransomware victim numbers rose sharply in 2025, with thousands of organisations named on extortion sites. Law enforcement disrupted several major groups, but attackers quickly re-emerged under new brands and affiliations. Entry points increasingly involve social engineering and stolen credentials rather than technical exploits, keeping barriers to entry low. To address this, organisations should prioritise protecting credentials, staff vigilance, and testing recovery plans, recognising that law enforcement action rarely eliminates the threat of attack.
Source: https://www.theregister.com/2026/01/08/ransomware_2025_emsisoft/
Phishing Kits Soared in Popularity Last Year as Rookie Hackers Ramped Up DIY Cyber Attacks
Phishing kits are making large-scale attacks easier, with most high-volume campaigns relying on pre-built tools that support MFA bypass and evasion. QR codes and obfuscated links are increasingly used to avoid detection, enabling less skilled attackers to run sophisticated campaigns. Business leaders should focus on strengthening access controls and authentication, reducing link-clicking behaviour, and ensuring staff recognise QR and MFA-bypass lures as part of routine security awareness.
Source: https://www.itpro.com/security/phishing/phishing-as-a-service-kits-growth-2025-barracuda
Cyber Risk Trends for 2026: Building Resilience, Not Just Defences
Cyber risk in 2026 is shaped by increasingly automated, persistent and intelligent attacks; this requires business leaders to shift their focus to resilience across governance, operations, technology and people. Key pressures include AI-driven social engineering, third-party dependencies, uncertainty around quantum computing risks and geopolitical instability. Priorities include ensuring recovery readiness and clear ownership, strengthening how identity and access are managed, and rehearsing incident response that measures success by time to detect, contain and recover.
Source: https://www.securityweek.com/cyber-risk-trends-for-2026-building-resilience-not-just-defenses/
Cyber Risk in 2026: How Geopolitics, Supply Chains and Shadow AI Will Test Resilience
Geopolitical friction will amplify cyber risk in 2026 due to shifting alliances and sanctions. Employee use of AI tools that are not within the remit of the organisation’s security controls adds unmanaged risks to vulnerability management, incident response and resilience processes. Maritime logistics is a prime target, with resilient shipping relying on real-time monitoring and intelligence-led risk exposure management. Business leaders should embed AI governance and geopolitical awareness into risk planning.
Source: https://www.infosecurity-magazine.com/opinions/geopolitics-supply-chains-shadow/
Average Cyberattack Cost Hits $2.5M as Recovery Lags
A survey of 750 CISOs across the US and UK shows recovery is taking longer and costing more, with average recovery costs at $2.5M. Many organisations face days of downtime and some up to weeks. Fewer organisations now have formal cyber resilience strategies, yet boards still expect zero breaches. Leadership responses include resetting expectations, prioritising rapid recovery, and reducing time to restore operations rather than relying solely on prevention.
Source: https://www.telecomstechnews.com/news/average-cyberattack-cost-hits-2-5m-as-recovery-lags/
New Phishing Attack Impersonate as DocuSign Deploys Stealthy Malware on Windows Systems
Attackers are using fake DocuSign emails to trick staff into launching malware on Windows devices. The campaign is designed to evade common security checks and can run without obvious warning signs. Organisations should confirm their endpoint protections can detect malicious activity triggered through email links or attachments, and ensure staff treat unexpected document-signing requests with caution and verify requests via trusted channels.
Source: https://cybersecuritynews.com/new-phishing-attack-impersonate-as-docusign/
Phishers Exploit Office 365 Users Who Let Their Guard Down
Phishing attacks are increasingly exploiting misconfigured Office 365 tenants allowing attackers to spoof trusted domains and route messages in ways that evade controls. In October 2025 alone, Microsoft reported blocking over 13 million MFA-bypass phishing emails linked to an attack campaign known as Tycoon2FA. To reduce risks, ensure tenant email authentication controls are correctly configured, prioritise phishing-resistant MFA, and treat email-based password resets as a high-risk process.
Source: https://www.darkreading.com/cloud-security/phishers-exploit-office-365-users-guard-down
Dozens of Organisations Fall Victim to Infostealers After Failing to Enforce MFA
Fifty global organisations were compromised after relying on passwords alone to access cloud systems. Attackers used infostealers to harvest stored credentials, including some that were years old, and accessed cloud platforms and exfiltrated large volumes of data, including a reported 139GB from one firm. Business leaders should ensure MFA is enforced for cloud access, reduce reuse of old credentials, and monitor access logs and unusual downloads.
Governance, Risk and Compliance
The Big Risks for ’26 – Resilience key in navigating cyber landscape
Cyber Risk Trends for 2026: Building Resilience, Not Just Defenses - SecurityWeek
2025 proved hackers aren’t slowing down – and neither should you - PhoneArena
What European security teams are struggling to operationalize - Help Net Security
Average cyberattack cost hits $2.5M as recovery lags
8 things CISOs can’t afford to get wrong in 2026 | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Inside the Cyber Extortion Boom: Phishing Gangs and Crime-as-a-Service - Infosecurity Magazine
New ransomware tactics to watch out for in 2026
Ransomware on the rise: why mid-market firms are in the crosshairs - Raconteur
The Big Risks for ’26 – Resilience key in navigating cyber landscape
Two cybersecurity experts plead guilty to running ransomware operation | CSO Online
Hackers Trapped in Resecurity’s Honeypot During Targeted Attack on Employee Network
Ransomware Victims
Cyberattack slams Jaguar Land Rover sales| Cybernews
Everest claims large insurance platform Bolttech | Cybernews
Nuneaton school reopening delayed to next week after cyber attack - BBC News
Sedgwick discloses data breach after TridentLocker ransomware attack
Jaguar Land Rover sales slump sharply amid US tariffs and cyber-attack
Cressi diving gear allegedly breached by hackers | Cybernews
Covenant Health data breach after ransomware attack impacted over 478,000 people
Phishing & Email Based Attacks
Phishers Exploit Office 365 Users Who Let Their Guard Down
Inside the Cyber Extortion Boom: Phishing Gangs and Crime-as-a-Service - Infosecurity Magazine
Phishing-as-a-service kits doubled in 2025 as tactics evolve - BetaNews
International Threats: Themes for Regional Phishing Campaigns - Security Boulevard
New Phishing Attack Impersonate as DocuSign Deploys Stealthy Malware on Windows Systems
Microsoft sends warning over new type of phishing attack | Cybernews
Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign
Phishing campaign abuses Google Cloud services to steal Microsoft 365 logins | Malwarebytes
This phishing campaign spoofs internal messages - here's what we know | TechRadar
Cybercriminals use HTML to hide QR code phishing | Cybernews
Phishing kits soared in popularity last year as rookie hackers ramped up DIY cyber attacks | IT Pro
What the Year’s Biggest Phishing Scams Reveal
Pornhub tells users to expect sextortion emails after data exposure | Malwarebytes
Hackers target Booking.com users | Cybernews
Email-first cybersecurity predictions for 2026 - Security Boulevard
Fake emails target Cardano users with remote access malware
Other Social Engineering
Hackers target Booking.com users | Cybernews
ClickFix attack uses fake Windows BSOD screens to push malware
Pornhub tells users to expect sextortion emails after data exposure | Malwarebytes
Voice cloning defenses are easier to undo than expected - Help Net Security
I Talked to Cybersecurity Experts After These LinkedIn Scams Almost Fooled Me - CNET
Fraud, Scams and Financial Crime
Why governments need to treat fraud like cyberwarfare, not customer service | CyberScoop
What the Year’s Biggest Phishing Scams Reveal
FCC finalizes new penalties for robocall violators | CyberScoop
Artificial Intelligence
AI security risks are also cultural and developmental - Help Net Security
When AI agents interact, risk can emerge without warning - Help Net Security
In 2026, Hackers Want AI: Threat Intel on Vibe Hacking & HackGPT
Security Experts Dire Warning on AI Agents in 2026
Yes, criminals are using AI to vibe-code malware • The Register
Voice cloning defenses are easier to undo than expected - Help Net Security
EU plans new AI data rules, privacy at risk| Cybernews
Europe looks to AI resilience amid growing risk
NIST Releases Preliminary Draft Cyber AI Profile
AI agents 2026's biggest insider threat: PANW security boss • The Register
Agentic AI Is an Identity Problem and CISOs Will Be Accountable for the Outcome
Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users
ChatGPT's Memory Feature Supercharges Prompt Injection
New Zero-Click Attack Lets ChatGPT User Steal Data - Infosecurity Magazine
Legacy IAM was built for humans — and AI agents now outnumber them 82 to 1 | VentureBeat
Identity becomes the 2026 battleground as AI erases trust signals | SC Media
China moves to rein in 'anthropomorphic' AI chatbots
Government demands Musk's X deals with 'appalling' Grok AI - BBC News
UK regulators swarm X after Grok generated nudes from photos • The Register
2FA/MFA
One criminal stole info from 50 orgs thanks to no MFA • The Register
Dozens of Major Data Breaches Linked to Single Threat Actor - SecurityWeek
Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass
Malware
Dozens of organizations fall victim to infostealers after failing to enforce MFA | TechRadar
Dozens of Major Data Breaches Linked to Single Threat Actor - SecurityWeek
New Phishing Attack Impersonate as DocuSign Deploys Stealthy Malware on Windows Systems
2.2M Chrome, Firefox, Edge users impacted by meeting-stealing malware | Cybernews
Infostealers Enable Attackers to Hijack Legitimate Business Infrastructure for Malware Hosting
Yes, criminals are using AI to vibe-code malware • The Register
Versatile Malware Loader pkr_mtsi Delivers Diverse Payloads - Infosecurity Magazine
Hackers target Booking.com users | Cybernews
ClickFix attack uses fake Windows BSOD screens to push malware
How attackers are weaponizing open-source package managers [Q&A] - BetaNews
GoBruteforcer Botnet Targets Linux Servers - Infosecurity Magazine
Fake emails target Cardano users with remote access malware
New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code
Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025
Who Benefited from the Aisuru and Kimwolf Botnets? – Krebs on Security
Astaroth banking Trojan spreads in Brazil via WhatsApp worm
Bots/Botnets
The Kimwolf Botnet is Stalking Your Local Network – Krebs on Security
Kimwolf Botnet Hacked 2 Million Devices and Turned User’s Internet Connection as Proxy Node
GoBruteforcer Botnet Targets Linux Servers - Infosecurity Magazine
Who Benefited from the Aisuru and Kimwolf Botnets? – Krebs on Security
Mobile
Google fixes critical Dolby Decoder bug in Android January update
HSBC blocks app users for having sideloaded password manager • The Register
Do Smartphone Apps Spy On Your Contacts?
Denial of Service/DoS/DDoS
5 myths about DDoS attacks and protection | CSO Online
New ransomware tactics to watch out for in 2026
Internet of Things – IoT
When the Cloud Rains on Everyone's IoT Parade
Hundreds of British buses have Chinese ‘kill switch’
Data Breaches/Leaks
Experts Trace $35m in Stolen Crypto to LastPass Breach - Infosecurity Magazine
Hackers Allegedly Steal Access Tokens, Confidential Documents From European Space Agency
Hackers claim to hack Resecurity, firm says it was a honeypot
Cybercrook claims to sell critical info about utilities • The Register
NordVPN denies breach claims, says attackers have "dummy data"
Manage My Health hack: New Zealand's worst cybersecurity incidents | RNZ News
Brightspeed investigates breach as crims post data for sale • The Register
Covenant Health data breach after ransomware attack impacted over 478,000 people
Leak exposes Knownsec’s role in state cyber targeting | Cybernews
Organised Crime & Criminal Actors
Inside the Cyber Extortion Boom: Phishing Gangs and Crime-as-a-Service - Infosecurity Magazine
In 2026, Hackers Want AI: Threat Intel on Vibe Hacking & HackGPT
Billion-dollar Bitcoin hacker Ilya Lichtenstein thanks Trump for early prison release | The Verge
Alleged cybercrime kingpin arrested and extradited to China, Cambodia says | CNN
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Experts Trace $35m in Stolen Crypto to LastPass Breach - Infosecurity Magazine
Crypto wallet firm Ledger faces new data breach through Global-e partner
Billion-dollar Bitcoin hacker Ilya Lichtenstein thanks Trump for early prison release | The Verge
Coinbase insider who sold customer data to criminals arrested in India
Fake emails target Cardano users with remote access malware
Insider Risk and Insider Threats
Coinbase insider who sold customer data to criminals arrested in India
AI agents 2026's biggest insider threat: PANW security boss • The Register
Insurance
CISOs Face A Tighter Insurance Market in 2026
Supply Chain and Third Parties
Crypto wallet firm Ledger faces new data breach through Global-e partner
Cloud/SaaS
Dozens of organizations fall victim to infostealers after failing to enforce MFA | TechRadar
Cloud file-sharing sites targeted for corporate data theft attacks
When the Cloud Rains on Everyone's IoT Parade
Phishers Exploit Office 365 Users Who Let Their Guard Down
Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign
Phishing campaign abuses Google Cloud services to steal Microsoft 365 logins | Malwarebytes
Phishing attacks exploit misconfigured emails to target Microsoft 365 - Infosecurity Magazine
Europe’s Cloud Debate Is Looking the Wrong Way: It’s Not Concentration – It’s Lock-In |
Identity and Access Management
Agentic AI Is an Identity Problem and CISOs Will Be Accountable for the Outcome
Identity becomes the 2026 battleground as AI erases trust signals | SC Media
Enterprises still aren’t getting IAM right – Computerworld
Legacy IAM was built for humans — and AI agents now outnumber them 82 to 1 | VentureBeat
Encryption
The U.K.’s Plan for Electronic Eavesdropping Poses Cybersecurity Risks | Lawfare
Linux and Open Source
GoBruteforcer Botnet Targets Linux Servers - Infosecurity Magazine
Passwords, Credential Stuffing & Brute Force Attacks
Infostealers Enable Attackers to Hijack Legitimate Business Infrastructure for Malware Hosting
Phishing campaign abuses Google Cloud services to steal Microsoft 365 logins | Malwarebytes
Cryptocurrency theft attacks traced to 2022 LastPass breach
HSBC blocks app users for having sideloaded password manager • The Register
Palo Alto crosswalks hacked due to unchanged default passwords - Boing Boing
Social Media
I Talked to Cybersecurity Experts After These LinkedIn Scams Almost Fooled Me - CNET
Regulations, Fines and Legislation
The U.K.’s Plan for Electronic Eavesdropping Poses Cybersecurity Risks | Lawfare
EU plans new AI data rules, privacy at risk| Cybernews
Europe looks to AI resilience amid growing risk
Trump admin lifts sanctions on Predator-linked spyware execs • The Register
Uk Government's Digital ID plan is a ‘huge new cyber risk’ say Tories
Cyber security Bill will introduce mandatory digital ID by stealth, say Tories | Morning Star
Cybersecurity Act review: What to expect | Epthinktank | European Parliament
Trump pulls US out of international cyber orgs | CyberScoop
US To Leave Global Forum on Cyber Expertise - Infosecurity Magazine
Billion-dollar Bitcoin hacker Ilya Lichtenstein thanks Trump for early prison release | The Verge
China moves to rein in 'anthropomorphic' AI chatbots
Government demands Musk's X deals with 'appalling' Grok AI - BBC News
FCC finalizes new penalties for robocall violators | CyberScoop
Time to restore America’s cyberspace security system | CyberScoop
Nearly half of UK users watch unverified porn | Cybernews
Models, Frameworks and Standards
Uk Government's Digital ID plan is a ‘huge new cyber risk’ say Tories
Cyber security Bill will introduce mandatory digital ID by stealth, say Tories | Morning Star
Cybersecurity Act review: What to expect | Epthinktank | European Parliament
NIST Releases Preliminary Draft Cyber AI Profile
Careers, Roles, Skills, Working in Cyber and Information Security
Why cybersecurity cannot hire its way through the AI era | CyberScoop
The Pentagon’s short more than 20,000 cyber pros. Veterans could help fill the gap.
Cybersecurity skills matter more than headcount in the AI era | CSO Online
6 strategies for building a high-performance cybersecurity team | CSO Online
Law Enforcement Action and Take Downs
Billion-dollar Bitcoin hacker Ilya Lichtenstein thanks Trump for early prison release | The Verge
Alleged cybercrime kingpin arrested and extradited to China, Cambodia says | CNN
Two cybersecurity experts plead guilty to running ransomware operation | CSO Online
Misinformation, Disinformation and Propaganda
US, observers watch for cyber, disinformation campaigns in wake of Venezuela raid - Defense One
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
A rash of Baltic cable-cutting raises fears of sabotage
Russia Builds Underwater Drone Fleet That Could Target NATO Cables and Pipelines — UNITED24 Media
Leak exposes Knownsec’s role in state cyber targeting | Cybernews
Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025
What is happening to the Internet in Venezuela?
Nation State Actors
China
Leak exposes Knownsec’s role in state cyber targeting | Cybernews
New China-linked hackers breach telcos using edge device exploits
Hundreds of British buses have Chinese ‘kill switch’
China hits Taiwan with 2.6M cyberattacks a day | Cybernews
Taiwan blames Chinese ‘cyber army’ for rise in millions of daily intrusion attempts | CyberScoop
China-linked groups intensify attacks on Taiwan’s critical infrastructure, NSB warns
China moves to rein in 'anthropomorphic' AI chatbots
China’s New Cybersecurity Law Demands Faster Incident Reporting From Companies - gHacks Tech News
Congressional staff emails hacked as part of Salt Typhoon campaign | TechRadar
Russia
A rash of Baltic cable-cutting raises fears of sabotage
Russia Builds Underwater Drone Fleet That Could Target NATO Cables and Pipelines — UNITED24 Media
ClickFix attack uses fake Windows BSOD screens to push malware
Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025
Hackers target Booking.com users | Cybernews
Starlink Satellites Might Start Falling Out Of The Sky Due To This New Threat
North Korea
North Korean hackers using QR codes to attack governments and think tanks: FBI | NK News
The Evolution of North Korea – And What To Expect In 2026 | SC Media UK
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
International Threats: Themes for Regional Phishing Campaigns - Security Boulevard
Trump suggests US used cyberattacks to turn off lights in Venezuela during strikes - POLITICO
US Action in Venezuela Provokes Cyberattack Speculation
Trump suggests US used cyberattacks to turn off lights in Venezuela during strikes - POLITICO
What is happening to the Internet in Venezuela?
US, observers watch for cyber, disinformation campaigns in wake of Venezuela raid - Defense One
Cyberattacks Likely Part of Military Operation in Venezuela
Critics pan spyware maker NSO's transparency claims amid its push to enter US market | TechCrunch
Tools and Controls
Cyber Risk Trends for 2026: Building Resilience, Not Just Defenses - SecurityWeek
Think of executive security as a must-have, not a luxury | SC Media
Logitech caused its mice to freak out by not renewing a certificate | The Verge
Security teams are paying more attention to the energy cost of detection - Help Net Security
How AI is Changing the Incident Response Landscape: What GCs Need to Know | Alston & Bird - JDSupra
The Boardroom Case for Penetration Testing - Security Boulevard
Why cybersecurity cannot hire its way through the AI era | CyberScoop
HSBC blocks app users for having sideloaded password manager • The Register
Enterprises still aren’t getting IAM right – Computerworld
Legacy IAM was built for humans — and AI agents now outnumber them 82 to 1 | VentureBeat
Yes, criminals are using AI to vibe-code malware • The Register
Legislation, loopholes, and loose ends — what does 2026 hold for the VPN industry? | TechRadar
Lack of training opening up councils to future cyber attacks - BBC News
The Role of Behavioral Analytics in Enhancing Cybersecurity Defense - Security Boulevard
Hackers claim to hack Resecurity, firm says it was a honeypot
Other News
Car brands must go back to cyber security school | Auto Express
Google tops the list of most exploited platforms in the US
Logitech caused its mice to freak out by not renewing a certificate | The Verge
Lack of training opening up councils to future cyber attacks - BBC News
Uk Government's Digital ID plan is a ‘huge new cyber risk’ say Tories
Cyber security Bill will introduce mandatory digital ID by stealth, say Tories | Morning Star
Why schools are at risk from cyber attacks | Education Business
UK government to spend £210m on public sector cyber resilience | Computer Weekly
Vulnerability Management
CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries - SecurityWeek
How attackers are weaponizing open-source package managers [Q&A] - BetaNews
Vulnerabilities
Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass
VMware ESXi zero-days likely exploited a year before disclosure
Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release
Adobe ColdFusion Servers Targeted in Coordinated Campaign - SecurityWeek
Multiple Vulnerabilities in QNAP Tools Let Attackers Obtain Secret Data
Maximum Severity “Ni8mare” Bug Lets Hackers Hijack n8n Servers - Infosecurity Magazine
Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers
Cisco switches hit by reboot loops due to DNS client bug
Google fixes critical Dolby Decoder bug in Android January update
Legacy D-Link routers actively exploited in the wild | Cybernews
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.