Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Intelligence Briefing 13 March 2026
Black Arrow Cyber Threat Intelligence Briefing 13 March 2026:
-Only 30 Minutes per Quarter on Cyber Risk: Why CISO-Board Conversations Are Falling Short
-The Who, What, and Why of the Attack That Has Shut Down Stryker’s Windows Network
-Insights: Increased Risk of Wiper Attacks
-Iran Plots 'Infrastructure Warfare' Against US Tech Giants
-Middle East Conflict Tests Cyber War Exclusions, S&P Warns
-New Windows Malware Impersonates Everyday Apps to Infect Your Computer
-Cyber Attacks on UK Firms Increase at Four Times Global Rate
-Why Cyber Security Threats Are Growing
-The Human Side of Password Security That Tools Can’t Fix
-Credential Stuffing in 2025 – How Combolists, Infostealers and Account Takeover Became an Industry
-Microsoft: Hackers Abusing AI at Every Stage of Cyber Attacks
-Microsoft Warns North Korean Threat Groups Are Scaling Up Fake Worker Schemes With Generative AI
-Google Threat Intelligence Group Warns Enterprise Systems Increasingly Targeted by Zero-Day Exploits
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Cyber security is based on risk management and governance; we start this week with research on the views of business and security leaders on how effective that governance is. We also share insights on an impactful incident where Iranian attackers accessed an organisation’s Microsoft Intune platform and remotely wiped large numbers of the victim’s Windows devices. The Middle East conflict also highlights the challenges with cyber insurance coverage and war exclusions.
The second half of our briefing includes developments in attacker tactics, from fake versions of familiar apps to AI-driven malware and exploiting poor password choices of employees, highlighting again that employees are at the front line of cyber security and are vital to safeguarding the organisation.
These threats and the required actions require business leaders to have their own clear and objective understanding of their organisation’s risk and the options for security controls spanning people, operations and technology. Credible and informed governance underpins all of this. Contact us to discuss how to achieve this, proportionate to your profile.
Top Cyber Stories of the Last Week
Only 30 Minutes per Quarter on Cyber Risk: Why CISO-Board Conversations Are Falling Short
New research suggests many boards are not spending enough time on cyber risk, with most security leaders given just 30 minutes each quarter and only 30% of boards describing the relationship as strong and collaborative. While 95% of security leaders report to the board regularly, discussions often stay at a high level and do not explore future risks such as artificial intelligence, which can both power more advanced cyber attacks and create new business exposures. Boards often stop short of experiencing cyber risk directly, with fewer than half participating in tabletop exercises or crisis simulations, indicating that reporting still focuses more on the current state than on preparing directors for what comes next.
The Who, What, and Why of the Attack That Has Shut Down Stryker’s Windows Network
A US‑based healthcare technology company, Stryker, has suffered a major cyber disruption after a pro-Iranian hacking group claimed responsibility for wiping large numbers of the company’s Windows systems. Reports suggest attackers may have used Microsoft Intune to issue deletion commands across Stryker’s Windows network, while other reports indicated that the erased devices displayed the Handala Hack logo, a group aligned with Iran’s Ministry of Intelligence. Stryker says it has found no evidence of ransomware or traditional malware; the attackers framed the attack as retaliation for recent US and Israeli military action.
Insights: Increased Risk of Wiper Attacks
Organisations face a heightened risk of disruptive cyber attacks linked to the conflict with Iran, with attackers reportedly gaining access to networks using legitimate corporate user credentials and then deleting servers and workstations. Israeli authorities have already reported several cases where operations were disrupted in this way. To manage this risk, organisations should reduce always-on administrator access, strengthen multi-factor authentication, tightly control high impact actions, monitor for unusual remote wipe activity and keep secure offline backups. Regular staff training is also essential, as email deception remains a common entry point.
https://unit42.paloaltonetworks.com/handala-hack-wiper-attacks/
Iran Plots 'Infrastructure Warfare' Against US Tech Giants
Iran has identified nearly 30 facilities linked to major US technology companies as potential targets, according to reporting from Iranian state‑affiliated media, including Amazon, Google, IBM, Microsoft, Nvidia, Oracle and Palantir across Bahrain, Israel, Qatar and the UAE. The move follows reported strikes on three Amazon Web Services data centres in the region, which disrupted some cloud services and forced several providers to activate disaster recovery plans. For business leaders, this highlights how geopolitical conflict can quickly affect digital services, supply chains and operational resilience far beyond the immediate area.
https://www.theregister.com/2026/03/11/iran_threatens_us_tech_companies/
Middle East Conflict Tests Cyber War Exclusions, S&P Warns
S&P Global Ratings has warned that rising cyber activity linked to the Middle East conflict could expose weaknesses in cyber insurance, particularly where policy wording struggles to separate acts of war from criminal activity. Recent incidents have mainly caused disruption rather than major insured losses, but the risk of more damaging attacks remains. The agency also noted that cyber insurance premiums could more than double by the end of the decade. For leaders, the concern is clear: a single large-scale event could disrupt multiple organisations at once and leave uncertainty over what is actually covered.
New Windows Malware Impersonates Everyday Apps to Infect Your Computer
Microsoft has warned of a Windows malware campaign that tricks people into downloading fake versions of familiar apps such as Adobe, Teams, Zoom and Google Meet through convincing phishing emails and counterfeit PDF prompts. The malicious software can appear legitimate because it looks digitally signed, a feature many people associate with trust. Once installed, the fake applications deploy remote monitoring and management tools, and create a secondary copy of the application as a Windows service to maintain persistence in the victim’s systems. The campaign is a reminder of the need to control software downloads, and to treat unexpected email attachments and update prompts with caution.
https://www.bgr.com/2119188/windows-malware-impersonates-signed-apps-infect-computer/
Cyber Attacks on UK Firms Increase at Four Times Global Rate
UK organisations are facing a sharp rise in cyber attacks, with incidents up 36% year on year in February 2026, compared with 9.8% globally. Education, energy, government, healthcare and financial services were among the hardest hit sectors. Ransomware, where criminals lock systems or data until a payment is made, remains a serious threat. At the same time, growing use of generative AI is increasing the risk of sensitive business information being accidentally exposed through employee prompts.
https://www.infosecurity-magazine.com/news/cyberattacks-uk-firms-increase/
Why Cyber Security Threats Are Growing
Organisations are facing a fast-growing cyber security threat as attacks become cheaper, faster and more convincing, particularly with the rise of artificial intelligence. The average global cost of a single data breach is about $4.4 million, while reported losses in the United States exceeded $10 million between March 2024 and February 2025. New tactics such as realistic fake audio and video, used to impersonate senior executives, are increasing fraud risks. For leadership teams, the message is clear: cyber security must be treated as a business resilience issue, supported by stronger authentication practices, employee training and greater awareness of how AI-enabled deception can bypass traditional defences.
https://time.com/7382979/cybersecurity-threats-are-growing/
The Human Side of Password Security That Tools Can’t Fix
Weak and reused passwords remain one of the easiest ways for attackers to gain access, and the problem is often human behaviour rather than a lack of technology. Annual training alone is rarely enough, so organisations should reinforce simple, practical guidance throughout the year. Stronger habits are most effective when backed by approved password managers, longer unique passphrases, and multi-factor authentication, which adds a second check to confirm identity. Leaders should also ensure existing security tools are fully enabled, as many already include stronger password controls that are not being used.
https://www.msspalert.com/perspective/the-human-side-of-password-security-that-tools-cant-fix
Credential Stuffing in 2025 – How Combolists, Infostealers and Account Takeover Became an Industry
Stolen usernames and passwords remain one of the most common ways into organisations, contributing to around a fifth of confirmed data breaches over the last three years. Criminal groups now treat account takeover as a low cost, high volume business, using malware to harvest login details and automated tools to test them across multiple services. Recent incidents affected more than 20,000 Australian pension accounts, while one major US healthcare breach caused a $22 million ransom payment and an estimated $872 million in disruption costs. The clearest safeguard is strong multi-factor authentication, which requires more than a password to gain access.
Microsoft: Hackers Abusing AI at Every Stage of Cyber Attacks
Microsoft reports that criminals are now using artificial intelligence to speed up and scale cyber attacks at almost every stage, from research and convincing scam emails to malicious software and follow-on activity after access is gained. The technology helps less skilled attackers work faster by producing text, code and fake online identities, while human operators choose the targets and direct the attack. The wider risk is that AI is lowering the barrier to entry, making established tactics easier to deliver at greater volume and with more convincing social engineering.
Microsoft Warns North Korean Threat Groups Are Scaling Up Fake Worker Schemes With Generative AI
Microsoft reports that North Korean groups are using generative AI to make fake remote worker schemes faster, more convincing and harder to detect. AI is helping them build realistic online identities, tailor job applications, mimic internal communications in multiple languages and even alter photos for identity documents. In some cases, it is also being used after hiring to draft credible messages, answer technical questions and produce code. Microsoft warns this could increase the scale and success of fraud, espionage and data theft against global organisations.
https://cyberscoop.com/microsoft-north-korea-ai-operations/
Google Threat Intelligence Group Warns Enterprise Systems Increasingly Targeted by Zero-Day Exploits
Google reports that attackers continued to exploit previously unknown software flaws at a high rate in 2025, with 90 cases tracked during the year. The focus is shifting away from consumer software towards business systems such as networking equipment, security tools and virtualisation platforms that help run corporate IT. Mobile devices were also targeted more often, rising from 9 cases in 2024 to 15 in 2025. The report warns that commercial surveillance firms are now playing a larger role in these attacks and that attackers may increasingly use AI tools to automate reconnaissance, vulnerability discovery and exploit development.
Threats
Ransomware, Extortion and Destructive Attacks
Majority of cyber insureds refuse to pay ransomware: Coalition :: Insurance Day
Initial cyber ransom demands grew by 47% in 2025 | Insurance Times
Revealed - what's changing about cyber claims | Insurance Business
Termite ransomware breaches linked to ClickFix CastleRAT attacks
Ransomware record year | Professional Security Magazine
Insights: Increased Risk of Wiper Attacks
Destructive Activity Targeting Stryker Highlights Emerging Supply Chain Risks - Security Boulevard
Is cyberattack on U.S. health care firm the next phase of the Iran war? - National | Globalnews.ca
Stryker flags disruption to orders, manufacturing a day after cyberattack - CNA
Phobos Ransomware admin faces up to 20 years after guilty plea
Russian Ransomware Operator Pleads Guilty in US - SecurityWeek
The people behind cyber extortion are often in their forties - Help Net Security
Ransomware and Destructive Attack Victims
US Medical Equipment Maker Disabled In Hack Claimed By Iran
bne IntelliNews - Hacker group Handala claims cyber attack on US medical firm Stryker Corporation
How an Iranian-backed group crippled Stryker’s Irish HQ with a ‘wiper’ cyberattack
Crims hit EV charger firm ELECQ, steal customer contact data • The Register
INC Ransomware Group Holds Healthcare Hostage in Oceania
Phishing & Email Based Attacks
Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes
Microsoft Teams phishing targets employees with A0Backdoor malware
Signed Malware Masquerading as Teams, Zoom Apps Drops RMM Backdoors
Attackers use AiTM phishing kit, typosquatted domains to hijack AWS accounts - Help Net Security
New ‘BlackSanta’ EDR killer spotted targeting HR departments
HR, recruiters targeted in year-long malware campaign - Help Net Security
EU court adviser says banks must immediately refund phishing victims
Phishers hide scam links with IPv6 trick in “free toothbrush” emails | Malwarebytes
Phishing scammers weaponize ICE ragebait | PCWorld
Other Social Engineering
Termite ransomware breaches linked to ClickFix CastleRAT attacks
Microsoft spots ClickFix scam spreading Lumma infostealer • The Register
Fake Claude Code install guides push infostealers in InstallFix attacks
ClickFix Campaign Uses Fake VCs on LinkedIn to Deliver Malware to Crypto and Web3 Professionals
Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer
'InstallFix' Attacks Spread Fake Claude Code Sites
Researchers uncover AI-powered vishing platform - Help Net Security
EU court adviser says banks must immediately refund phishing victims
SIM Swaps Expose a Critical Flaw in Identity Security - SecurityWeek
Compromised WordPress Sites Deliver ClickFix Attacks - Infosecurity Magazine
2FA/MFA
Where Multi-Factor Authentication Stops and Credential Abuse Starts
Artificial Intelligence
Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes
AI-Driven Insider Risk Now a “Critical Business Threat,” Report Warns - Infosecurity Magazine
Microsoft: Hackers abusing AI at every stage of cyberattacks
Fake Claude Code install guides push infostealers in InstallFix attacks
CISOs in a Pinch: A Security Analysis of OpenClaw | Trend Micro (US)
AI is supercharging cloud cyberattacks - and third-party software is the most vulnerable | ZDNET
Most executives have no idea how many employees are actually using AI | IT Pro
AI has overtaken stolen passwords as the top identity threat, report says - BetaNews
Iran war: AI-fueled cyberattacks are escalating. Here's what to know
Agentic attack chains advance as infostealers flood criminal markets - Help Net Security
Researchers uncover AI-powered vishing platform - Help Net Security
Nation-State Actor Embraces AI Malware Assembly Line
Nation-State Hackers Play the Vibes - InfoRiskToday
AI Adoption Is Forcing Security Teams to Rethink Browser Defense - Security Boulevard
FBI says even in an AI-powered world, security basics still matter | CyberScoop
AI on the battlefield: How is the US integrating AI into its military?
AI is transforming modern warfare. It also wants to dismantle the rules | The Independent
'InstallFix' Attacks Spread Fake Claude Code Sites
5 Inconvenient Truths: How Agentic AI Breaks Your Security Playbook | SECURITY.COM
AI agent hacked McKinsey chatbot for read-write access • The Register
GhostClaw Mimic as OpenClaw to Steal Everything from Developers
Europe unites to build sovereign cloud and AI infrastructure to stop reliance on US
Anthropic forms institute to study long-term AI risks facing society - Help Net Security
The Fallout Over OpenAI's Pentagon Deal Is Growing - Business Insider
OpenAI robotics leader resigns over concerns about surveillance and autonomous weapons | Fortune
Privacy risks of agentic oversharing on the Web | Brave
Trump’s cyber strategy emphasizes offensive operations, deregulation, AI | CSO Online
Bots/Botnets
KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet
Cloud/SaaS
Cloud Attackers Now Prefer Vulnerability Exploits Over Credentials - Infosecurity Magazine
AI is supercharging cloud cyberattacks - and third-party software is the most vulnerable | ZDNET
Attackers use AiTM phishing kit, typosquatted domains to hijack AWS accounts - Help Net Security
Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool
Google: Cloud attacks exploit flaws more than weak credentials
'Overly Permissive' Salesforce Cloud Configs in the Crosshairs
Hundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign - SecurityWeek
Middle East Conflict Highlights Cloud Resilience Gaps
UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
Cloud to ground: Iran puts foreign data centres on the front line | The Strategist
Salesforce issues new security alert tied to third customer attack spree in six months | CyberScoop
Europe unites to build sovereign cloud and AI infrastructure to stop reliance on US
Threat Actor Exploits Flaws and Uses Elastic Cloud SIEM to Manage Stol - Infosecurity Magazine
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
US contractor's son arrested over alleged $46M crypto theft • The Register
Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
ClickFix Campaign Uses Fake VCs on LinkedIn to Deliver Malware to Crypto and Web3 Professionals
Fake CleanMyMac site installs SHub Stealer and backdoors crypto wallets | Malwarebytes
Fake GitHub tools are wiping wallets of Windows users | Cybernews
FBI arrests suspect linked to $46M crypto theft from US Marshals
Hackers Use Fake CleanMyMac Site to Deploy SHub Stealer and Hijack Crypto Wallets
UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
Crypto Gets National Security Status In New US Cyber Strategy
Cyber Crime, Organised Crime & Criminal Actors
Iran MOIS Colludes With Criminals to Boost Cyberattacks
Cybercrime isn't just a cover for Iran's government goons • The Register
Data Breaches/Leaks
'Overly Permissive' Salesforce Cloud Configs in the Crosshairs
Hundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign - SecurityWeek
Scattered Spider attack on TfL affected 10 million people | Computer Weekly
Michelin Confirms Data Breach Linked to Oracle EBS Attack - SecurityWeek
GhostClaw Mimic as OpenClaw to Steal Everything from Developers
Crims hit EV charger firm ELECQ, steal customer contact data • The Register
Cal AI allegedly breached, hackers expose user data | Cybernews
Ericsson US discloses data breach after service provider hack
Data/Digital Sovereignty
Europe unites to build sovereign cloud and AI infrastructure to stop reliance on US
Denial of Service/DoS/DDoS
Teen crew caught selling DDoS attack tools - Help Net Security
Encryption
Swiss e-vote snafu leaves 2,048 ballots unreadable • The Register
Fraud, Scams and Financial Crime
That attractive online ad might be a malware trap - Help Net Security
A global investment scam is spreading across Facebook, WhatsApp, and more - what to look for | ZDNET
EU law advisor wants cybercrime protections fast-tracked • The Register
Signal warns users to be vigilant in spate of phishing attacks | Cybernews
Ghanain man pleads guilty to role in $100 million fraud ring
Dutch police start publicly shaming scammers into submission • The Register
EU court adviser says banks must immediately refund phishing victims
UK Launches New Crackdown Unit to Tackle Cyber-Fraud at the Source - Infosecurity Magazine
Identity and Access Management
AI has overtaken stolen passwords as the top identity threat, report says - BetaNews
SIM Swaps Expose a Critical Flaw in Identity Security - SecurityWeek
Insider Risk and Insider Threats
AI-Driven Insider Risk Now a “Critical Business Threat,” Report Warns - Infosecurity Magazine
Insurance
Majority of cyber insureds refuse to pay ransomware: Coalition :: Insurance Day
Revealed - what's changing about cyber claims | Insurance Business
Internet of Things – IoT
Crims hit EV charger firm ELECQ, steal customer contact data • The Register
DJI will pay $30K to the man who accidentally hacked 7,000 Romo robovacs | The Verge
Law Enforcement Action and Take Downs
Teen crew caught selling DDoS attack tools - Help Net Security
Dutch police start publicly shaming scammers into submission • The Register
UK Launches New Crackdown Unit to Tackle Cyber-Fraud at the Source - Infosecurity Magazine
Phobos Ransomware admin faces up to 20 years after guilty plea
Russian Ransomware Operator Pleads Guilty in US - SecurityWeek
Ghanain man pleads guilty to role in $100 million fraud ring
US contractor's son arrested over alleged $46M crypto theft • The Register
FBI arrests suspect linked to $46M crypto theft from US Marshals
Age Verification Laws Are Multiplying Like a Virus, and Your Linux Computer Might be Next
Police dismantles online gambling ring exploiting Ukrainian women
Linux and Open Source
Malvertising
A global investment scam is spreading across Facebook, WhatsApp, and more - what to look for | ZDNET
Malware
Browser extensions can install malware, researchers say | Cybernews
That attractive online ad might be a malware trap - Help Net Security
Hackers Use Fake CleanMyMac Site to Deploy SHub Stealer and Hijack Crypto Wallets
New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network
Fake Claude Code install guides push infostealers in InstallFix attacks
Agentic attack chains advance as infostealers flood criminal markets - Help Net Security
Microsoft spots ClickFix scam spreading Lumma infostealer • The Register
Crooks compromise WordPress sites, spread infostealers • The Register
Microsoft Teams phishing targets employees with A0Backdoor malware
Signed Malware Masquerading as Teams, Zoom Apps Drops RMM Backdoors
HR, recruiters targeted in year-long malware campaign - Help Net Security
Iran-linked MuddyWater deploys Dindoor malware against U.S. organizations
Massive GitHub malware operation spreads BoryptGrab stealer
Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft
Credential Stuffing in 2025 - How Combolists, Infostealers and Account Takeover Became an Industry
New 'Zombie ZIP' technique lets malware slip past security tools
ClickFix Campaign Uses Fake VCs on LinkedIn to Deliver Malware to Crypto and Web3 Professionals
Fake GitHub tools are wiping wallets of Windows users | Cybernews
UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
Nation-State Actor Embraces AI Malware Assembly Line
Nation-State Hackers Play the Vibes - InfoRiskToday
Compromised WordPress Sites Deliver ClickFix Attacks - Infosecurity Magazine
Over 100 GitHub Repositories Distributing BoryptGrab Stealer - SecurityWeek
Wikipedia hit by self-propagating JavaScript worm that vandalized pages
Chinese state hackers target telcos with new malware toolkit
Misinformation, Disinformation and Propaganda
Twitter suspended 800 million accounts last year — so why does manipulation remain so rampant?
Mobile
Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
Feds take notice of iOS vulnerabilities exploited under mysterious circumstances - Ars Technica
Government iPhone Exploits Reach Cybercriminals - DevX
New BeatBanker Android malware poses as Starlink app to hijack devices
Signal warns users to be vigilant in spate of phishing attacks | Cybernews
Spyware disguised as emergency-alert app sent to Israelis • The Register
A major security flaw could affect 1 in 4 Android phones - here's how to check yours | ZDNET
SIM Swaps Expose a Critical Flaw in Identity Security - SecurityWeek
You should lock your SIM card before someone else does
Models, Frameworks and Standards
EU Cyber Resilience Act: European Commission publishes draft guidance | Hogan Lovells - JDSupra
Germany Implements NIS2, Expanding Cybersecurity Obligations
EU NIS2 directive implemented into Polish law by president
Passwords, Credential Stuffing & Brute Force Attacks
Credential Stuffing in 2025 - How Combolists, Infostealers and Account Takeover Became an Industry
Cloud Attackers Now Prefer Vulnerability Exploits Over Credentials - Infosecurity Magazine
The Human Side of Password Security That Tools Can’t Fix | perspective | MSSP Alert
AI has overtaken stolen passwords as the top identity threat, report says - BetaNews
Google: Cloud attacks exploit flaws more than weak credentials
Where Multi-Factor Authentication Stops and Credential Abuse Starts
FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
Regulations, Fines and Legislation
EU Cyber Resilience Act: European Commission publishes draft guidance | Hogan Lovells - JDSupra
EU law advisor wants cybercrime protections fast-tracked • The Register
EU court adviser says banks must immediately refund phishing victims
CVE program funding secured, easing fears of repeat crisis | CSO Online
Germany Implements NIS2, Expanding Cybersecurity Obligations
EU NIS2 directive implemented into Polish law by president
Age Verification Laws Are Multiplying Like a Virus, and Your Linux Computer Might be Next
Crypto Gets National Security Status In New US Cyber Strategy
Anthropic sues the Pentagon after being labeled a threat to national security | Fortune
Trump’s cyber strategy emphasizes offensive operations, deregulation, AI | CSO Online
DHS CISO, deputy CISO exit amid reported IT leadership overhaul | FedScoop
White House Cybersecurity Strategy Is Light on Details, Big on Consequences
Social Media
Twitter suspended 800 million accounts last year — so why does manipulation remain so rampant?
A global investment scam is spreading across Facebook, WhatsApp, and more - what to look for | ZDNET
ClickFix Campaign Uses Fake VCs on LinkedIn to Deliver Malware to Crypto and Web3 Professionals
Software Supply Chain
AI is supercharging cloud cyberattacks - and third-party software is the most vulnerable | ZDNET
Over 100 GitHub Repositories Distributing BoryptGrab Stealer - SecurityWeek
Supply Chain and Third Parties
AI is supercharging cloud cyberattacks - and third-party software is the most vulnerable | ZDNET
UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
Michelin Confirms Data Breach Linked to Oracle EBS Attack - SecurityWeek
Ericsson US discloses data breach after service provider hack
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Cyberattacks and Unpredictable Targeting Remain an Iran Risk
Insights: Increased Risk of Wiper Attacks
Iran war: Is Europe prepared for the fallout?
Securing Critical Infrastructure in a Time of War
Chinese Nexus Actors Shift Focus to Qatar Amid Iranian Conflict
Hybrid warfare and Europe’s democratic resilience - Decode39
War spreads into cyberspace after Iran-linked hackers hit medtech giant Stryker - Help Net Security
Iran war: What role is cyber warfare played in Iran? - BBC News
Middle East conflict tests cyber war exclusions, S&P warns | Insurance Business
Heightened risk of severe cyberattacks amid Middle East conflict: S&P - Reinsurance News
AI on the battlefield: How is the US integrating AI into its military?
AI is transforming modern warfare. It also wants to dismantle the rules | The Independent
Submarine cables move to the center of critical infrastructure security debate - Help Net Security
How Chinese Hackers Reached America’s Surveillance Infrastructure - Security Boulevard
5 Actions Critical for Cybersecurity Leadership During International Conflicts - Security Boulevard
OpenAI robotics leader resigns over concerns about surveillance and autonomous weapons | Fortune
This spy tool has been quietly stealing data for years - Help Net Security
Defence secretary John Healey is losing sleep over our uncertain world
Nation State Actors
Nation-State Actor Embraces AI Malware Assembly Line
Nation-State Hackers Play the Vibes - InfoRiskToday
China
Chinese Nexus Actors Shift Focus to Qatar Amid Iranian Conflict
How Chinese Hackers Reached America’s Surveillance Infrastructure - Security Boulevard
Google: Spyware vendors, China-linked spies led 0-day abuse • The Register
Spyware suppliers exploit more zero-days than nation states | Computer Weekly
The New U.S. Cyber Strategy Misreads China’s Threat | Council on Foreign Relations
Chinese state hackers target telcos with new malware toolkit
Chinese Cyber Threat Lurks In Critical Asian Sectors for Years
China’s CERT warns OpenClaw can inflict nasty wounds • The Register
China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks
Russia
Hybrid warfare and Europe’s democratic resilience - Decode39
Signal issues scam warning to users after hackers target officials - BBC News
Russia-linked hackers appear on Iran war’s cyber front, but their impact is murky - Nextgov/FCW
This spy tool has been quietly stealing data for years - Help Net Security
Russian gang claims breach of US power grid cooperative | Cybernews
Phobos Ransomware admin faces up to 20 years after guilty plea
Russian Ransomware Operator Pleads Guilty in US - SecurityWeek
North Korea
UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
Iran
War spreads into cyberspace after Iran-linked hackers hit medtech giant Stryker - Help Net Security
Iran war: What role is cyber warfare played in Iran? - BBC News
Middle East conflict tests cyber war exclusions, S&P warns | Insurance Business
Heightened risk of severe cyberattacks amid Middle East conflict: S&P - Reinsurance News
Cyberattacks and Unpredictable Targeting Remain an Iran Risk
Iran conflict drives heightened espionage activity against Middle East targets | Proofpoint US
Iran war: AI-fueled cyberattacks are escalating. Here's what to know
Global business on alert for Iranian cyber-attack threat
Middle East Conflict Fuels Opportunistic Cyber Attacks - Security Boulevard
Iran plots 'infrastructure warfare' against US tech giants • The Register
Insights: Increased Risk of Wiper Attacks
Iran war: Is Europe prepared for the fallout?
Securing Critical Infrastructure in a Time of War
Iran-linked APT targets US critical sectors with new backdoors - Help Net Security
Iran MOIS Colludes With Criminals to Boost Cyberattacks
Cybercrime isn't just a cover for Iran's government goons • The Register
Middle East Conflict Highlights Cloud Resilience Gaps
Cloud to ground: Iran puts foreign data centres on the front line | The Strategist
bne IntelliNews - Hacker group Handala claims cyber attack on US medical firm Stryker Corporation
Destructive Activity Targeting Stryker Highlights Emerging Supply Chain Risks - Security Boulevard
The who, what, and why of the attack that has shut down Stryker's Windows network - Ars Technica
Is cyberattack on U.S. health care firm the next phase of the Iran war? - National | Globalnews.ca
Stryker flags disruption to orders, manufacturing a day after cyberattack - CNA
Iran war will bring wave of 'low-level cyber activity,' says intelligence group | StateScoop
Europol warns of elevated terrorism threat in EU amid Iran conflict
GPS Attacks Near Iran Are Wreaking Havoc on Delivery and Mapping Apps | WIRED
Iran's Cyber-Kinetic War Doctrine Takes Shape
Iran-linked hackers target IP cameras across Israel and Gulf states for military intelligence
Russia-linked hackers appear on Iran war’s cyber front, but their impact is murky - Nextgov/FCW
Chinese Nexus Actors Shift Focus to Qatar Amid Iranian Conflict
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
Spyware suppliers exploit more zero-days than nation states | Computer Weekly
Tools and Controls
Majority of cyber insureds refuse to pay ransomware: Coalition :: Insurance Day
Revealed - what's changing about cyber claims | Insurance Business
Survey: CISOs Continue to Struggle to Strike Right Risk Balance - Security Boulevard
Microsoft warns of new signed malware which deploys remote monitoring tools as backdoors | TechRadar
Threat Actor Exploits Flaws and Uses Elastic Cloud SIEM to Manage Stol - Infosecurity Magazine
AI is getting scary good at finding hidden software bugs - even in decades-old code | ZDNET
More AI tools, more burnout! New research explains why - Help Net Security
This VPN ban is edging ever closer, and here's what it means for your privacy
Why AI Security Is Emerging as the Fourth Pillar of Cybersecurity - IT Security Guru
After the Panic, the Reality of Claude Code Security
OpenAI’s GPT-5.4 doubles down on safety as competition heats up - Help Net Security
Bug bounties are broken, and the best security pros are moving on - Help Net Security
Scientists have found a way to hide data in plain sight, and hackers can’t touch it - Digital Trends
Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
Other News
Submarine cables move to the center of critical infrastructure security debate - Help Net Security
Defence secretary John Healey is losing sleep over our uncertain world
UK Launches New Crackdown Unit to Tackle Cyber-Fraud at the Source - Infosecurity Magazine
Swiss e-vote snafu leaves 2,048 ballots unreadable • The Register
Vulnerability Management
Cloud Attackers Now Prefer Vulnerability Exploits Over Credentials - Infosecurity Magazine
Google GTIG: 90 zero-day flaws exploited in 2025 as enterprise targets grow
Spyware suppliers exploit more zero-days than nation states | Computer Weekly
CVE program funding secured, easing fears of repeat crisis | CSO Online
AI is getting scary good at finding hidden software bugs - even in decades-old code | ZDNET
Vulnerabilities
Critical Microsoft Excel bug weaponizes Copilot Agent • The Register
Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution
Microsoft Patches 83 CVEs in March Update
Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices
Fortinet, Ivanti, Intel Patch High-Severity Vulnerabilities - SecurityWeek
Splunk, Zoom Patch Severe Vulnerabilities - SecurityWeek
Chrome 146 Update Patches Two Exploited Zero-Days - SecurityWeek
Apple issues emergency fixes for Coruna flaws in older iOS versions
Apple Updates Legacy iOS Versions to Patch Coruna Exploits - SecurityWeek
FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
SAP Patches Critical FS-QUO, NetWeaver Vulnerabilities - SecurityWeek
Adobe Patches 80 Vulnerabilities Across Eight Products - SecurityWeek
Cisco Patches High-Severity IOS XR Vulnerabilities - SecurityWeek
WordPress membership plugin bug exploited to create admin accounts
Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
Critical Nginx UI flaw CVE-2026-27944 exposes server backups
HPE warns of critical AOS-CX flaw allowing admin password resets
Critical defect in Java security engine poses serious downstream security risks | CyberScoop
Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
Critical SQL Injection bug in Ally plugin threatens 400,000+ WordPress sites
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 06 March 2026
Black Arrow Cyber Threat Intelligence Briefing 06 March 2026:
-European Police Body Warns Iran Crisis Raises Threat of Terror, Extremism and Cyber Attacks
-NCSC Warns UK Organisations to Prepare for Potential Iran-Linked Cyber Activity
-Ransomware Attacks Soar as Hackers Pivot to Small Businesses
-Ransomware Activity Peaks Outside Business Hours
-Ransomware Groups Switch to Stealthy Attacks and Long-Term Access
-Most Organisations Unprepared for External Cyber Risks and Supply Chain Disruptions
-High‑Risk Vulnerabilities Surge, Deepening Security Debt for IT Teams
-AI Went from Assistant to Autonomous Actor and Security Never Caught Up
-Why Enterprise AI Agents Could Become the Ultimate Insider Threat
-AI Raises the Cybersecurity Stakes — But People Still Open the Door
-Hackers Are Turning to Easy, Fast AI Solutions to Roll Out Attacks – So How Can Your Business Stay Safe?
-New AirSnitch Attack Bypasses Wi-Fi Encryption in Homes, Offices, and Enterprises
-Employees Install Pirate Software Despite Malware Risks
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week, much of the specialist and general media has reported on the security ramifications of the military action in the Middle East, and we have included warnings from European and UK authorities on the need for organisations to heighten their vigilance for cyber security attacks.
In a more general context, we also report on increasing levels of ransomware attacks, especially on smaller organisations and outside of business hours with a focus on long term access to victims’ systems. Supply chain risks and unmanaged vulnerabilities also continue to present challenges to be addressed in a cyber security strategy.
AI risks are accumulating, with expected growth in the number of enterprise applications using AI agents. As we reported previously, AI is also enabling attackers to enhance attacks such as social engineering to be more effective against employees.
The variety of established and evolving risks reminds us of the need for business leaders to be regularly updated on the developing threat landscape and to ensure that the risks are prioritised and addressed in a proportionate cyber security strategy that is delivered by your chosen control providers. Contact us for an impartial discussion on how to do this.
Top Cyber Stories of the Last Week
European Police Body Warns Iran Crisis Raises Threat of Terror, Extremism and Cyber Attacks
Europol has warned that the escalating conflict involving Iran is likely to increase security risks across the European Union, including a higher threat of terrorism, organised crime and cyber attacks targeting critical infrastructure such as energy and transport systems. Officials expect more online fraud using artificial intelligence, where criminals use automated tools to create convincing scams and misinformation linked to the conflict. Europol also noted that groups aligned with Iran may attempt destabilising activities including intimidation, terrorist financing and cyber crime. Authorities assess the overall terrorist threat level in the EU as high, with concerns that online content could accelerate radicalisation and inspire lone actors or small cells.
NCSC Warns UK Organisations to Prepare for Potential Iran-Linked Cyber Activity
The UK National Cyber Security Centre has urged organisations to review their cyber security posture following rising tensions involving Iran, the United States and Israel. While there is no confirmed increase in direct threats to the UK, the agency warns there is almost certainly a heightened risk of indirect cyber activity, particularly for organisations with operations or supply chains in the Middle East. Iranian state actors and politically motivated groups have previously targeted sectors including energy, finance and transport. The NCSC advises organisations to strengthen monitoring, maintain software updates, prepare for phishing and service disruption attacks, and review incident response plans to ensure resilience during periods of geopolitical instability.
Ransomware Attacks Soar as Hackers Pivot to Small Businesses
Attackers are increasingly targeting small and medium sized businesses that may lack strong cyber security defences. Chainalysis reports a sharp rise in ransomware activity, with nearly 8,000 public leak events recorded in 2025, a 50% increase on the previous year. Despite this surge, total ransom payments fell 8% to about $820 million as many large organisations refused to pay and law enforcement disrupted criminal money laundering networks. At the same time, the average price for buying access to compromised systems on dark web marketplaces dropped from $1,427 in 2023 to $439 in 2026, lowering the barrier for criminals to launch cyber attacks.
https://invezz.com/news/2026/02/27/ransomware-attacks-soar-as-hackers-pivot-to-small-businesses/
Ransomware Activity Peaks Outside Business Hours
Sophos has reported that ransomware is typically deployed when organisations are least staffed, with 88% of attacks launched outside normal working hours. Identity compromise is now the main route used in cyber attacks, accounting for 67% of initial access across 661 incidents analysed between November 2024 and October 2025 in 70 countries. Attackers commonly use stolen or guessed passwords and phishing emails to gain entry before moving quickly to central identity systems that control user access, often under 4 hours. Data theft followed a similar pattern in 79% of cases, highlighting the need for continuous security monitoring.
https://www.helpnetsecurity.com/2026/02/27/sophos-identity-driven-breaches-report/
Ransomware Groups Switch to Stealthy Attacks and Long-Term Access
Ransomware groups are increasingly shifting from disruptive attacks to quieter, long-term intrusions designed to remain undetected inside corporate networks. Research by Picus Security analysing 1.1 million malicious files found that four in five common attack techniques are now designed to evade security controls and maintain persistent access. Rather than immediately encrypting systems, many attackers focus on stealing sensitive data and threatening to release it publicly to force payment. Encryption based attacks have fallen by 38% over the past year, while more than 7,000 victims were publicly named by ransomware groups, highlighting the growing scale and persistence of the threat.
Most Organisations Unprepared for External Cyber Risks and Supply Chain Disruptions
Zscaler reports that many organisations are overconfident about cyber security resilience because plans still focus mainly on internal systems, not the wider supplier and partner network. In its research, 61% of businesses admit their approach is too inward looking, while 60% suffered a major supplier related disruption in the past year. Yet only 54% have cyber insurance that covers a third-party breach. More than half of IT leaders say current controls are not ready for AI driven cyber attacks, and up to 70% lack visibility of shadow AI (meaning unapproved AI tools used without oversight).
https://petri.com/organizations-unprepared-external-cyber-risks/
High‑Risk Vulnerabilities Surge, Deepening Security Debt for IT Teams
Veracode’s 2026 State of Software Security report highlights a growing gap between the number of software vulnerabilities discovered and the ability of organisations to fix them. Security debt, meaning unresolved security weaknesses in software, now affects 82% of organisations, up from 74%, while 60% face critical long-standing flaws. High risk vulnerabilities have risen by 36%, driven by AI assisted coding and increased reliance on third party software components. Nearly half of applications still contain vulnerabilities more than a year old, underscoring the need for stronger governance and prioritisation of the most serious risks.
https://petri.com/sharp-rise-high-risk-flaws-security-debt/
AI Went from Assistant to Autonomous Actor and Security Never Caught Up
A briefing from the AIUC 1 Consortium warns that as artificial intelligence moves from simple assistants to autonomous systems capable of carrying out business tasks, security oversight has not kept pace. An EY survey found that 64% of companies with annual turnover above $1 billion have lost more than $1 million due to AI failures, while one in five reported a breach linked to unauthorised use of AI tools by staff. Many organisations lack visibility into how AI systems access data or systems, increasing the risk of sensitive information exposure and operational disruption if these tools act incorrectly or without proper controls.
https://www.helpnetsecurity.com/2026/03/03/enterprise-ai-agent-security-2026/
Why Enterprise AI Agents Could Become the Ultimate Insider Threat
Generative AI tools are rapidly evolving from simple assistants into autonomous agents that can launch other agents, access systems and even authorise transactions. Security researchers warn this could create a new form of insider threat if poorly controlled. CyberArk reports that machine identities already outnumber human ones by 82 to 1, while Gartner expects more than 40% of enterprise applications to use AI agents by 2026. Yet governance remains limited, highlighting the growing cyber security challenge as these tools gain greater access to corporate systems.
https://www.zdnet.com/article/enterprise-ai-agents-insider-threat/
AI Raises the Cybersecurity Stakes — But People Still Open the Door
Artificial intelligence is lowering the barrier for cyber criminals, enabling them to produce convincing phishing emails, cloned voice calls and highly targeted scams far more quickly. These tactics, known as social engineering, manipulate people through urgency, authority or confusion rather than breaking technical defences. While organisations are investing heavily in AI security tools, many successful cyber attacks still begin with human interaction. The key defence therefore lies in building strong security awareness and judgement across the workforce. Encouraging staff to pause, question unusual requests and report concerns can significantly reduce the risk of deception led cyber attacks.
https://www.infosecurity-magazine.com/opinions/ai-cybersecurity-people-open-door/
Hackers Are Turning to Easy, Fast AI Solutions to Roll Out Attacks – So How Can Your Business Stay Safe?
HP Wolf Security found that 14% of malicious emails bypassed at least one email security filter, as cyber criminals increasingly use generative AI to launch cyber attacks more quickly and at lower cost. Rather than creating highly sophisticated attacks, many criminals prioritise speed and scale, using readily available tools to produce convincing emails, fake invoices and malicious software installers. Despite their basic nature, these attacks remain effective. Common delivery methods included executable files accounting for 37% of attacks, ZIP files at 11% and Word documents at 10%, highlighting the continued effectiveness of simple tactics.
New AirSnitch Attack Bypasses Wi-Fi Encryption in Homes, Offices, and Enterprises
Researchers have uncovered “AirSnitch”, a new Wi-Fi attack that can bypass the client isolation feature many routers use to keep connected devices separated, including on guest networks. It affects a wide range of home and enterprise equipment and could enable a machine-in-the-middle cyber attack where an intruder intercepts and potentially alters data in transit. The risk is highest where internet traffic is not fully encrypted, as attackers could steal passwords, session cookies, and payment details. Some vendors have issued updates, but parts of the issue may require longer term hardware changes.
Employees Install Pirate Software Despite Malware Risks
Barracuda reports that employees are still attempting to install pirated or cracked software on company devices, despite the significant cyber security risks. Such software is often modified to include hidden malware that can steal login details, install ransomware, hijack user sessions or run cryptomining programs that misuse company systems. Because pirated software cannot receive legitimate security updates, vulnerabilities remain unpatched. Barracuda warns that organisations should strengthen security controls, restrict installation permissions and improve employee awareness to reduce the risk of a cyber attack.
https://betanews.com/article/employees-install-pirate-software-despite-malware-risks/
Governance, Risk and Compliance
Four Risks Boards Cannot Treat as Background Noise - SecurityWeek
AI risk moves into the security budget spotlight - Help Net Security
Cyber incidents remain the primary challenge facing UK businesses
The CISO role keeps getting heavier - Help Net Security
Executive data can become the weak link in the cybersecurity chain - BetaNews
Cyber resilience tunnel vision is leaving enterprises open to external threats | IT Pro
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware groups switch to stealthy attacks and long-term access | CSO Online
Ransomware: As Infostealers Bite, Prevention Beats Recovery
Ransomware activity peaks outside business hours - Help Net Security
Ransomware attacks soar as hackers pivot to small businesses - Invezz
Scattered Lapsus$ Hunters seeks women to defraud helpdesks • The Register
Double whammy: Steaelite RAT bundles data theft, ransomware • The Register
Notorious ransomware gang allegedly blackmailed by fake FSB officer
Bitcoin Still Fuels Ransomware Economy in 2025
Ransomware Attacks Rose 50% in 2025 According to Chainalysis Report
Ransomware groups claim record number of victims in 2025 - CIR Magazine
Ransomware Payments Decline 8% as Attacks Surge 50% - Infosecurity Magazine
Ransomware Victims
Conduent Data Breach - Largest Data Breach in U.S. History As Ransomware Group Stolen 8 TB of Data
1 Million Records from Dutch Telco Odido Published Online After Extortion Attempt
Qilin ransomware hits Malaysia Airlines | Cybernews
Dutch cops back Odido as ShinyHunters leaks continue • The Register
ShinyHunters leaked the full Odido dataset
Airbus and Boeing supplier named in ransomware attack | Cybernews
Phishing & Email Based Attacks
OAuth Abuse in Microsoft Entra ID Enables Stealthy Email Access
Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication
Fake LastPass support email threads try to steal vault passwords
Purchase order attachment isn’t a PDF. It’s phishing for your password | Malwarebytes
Remote-working breaches as phishing fears reach record high | theHRD
Microsoft warning: attackers are abusing Google logins to spread malware | Cybernews
Attack on trust | Professional Security Magazine
Darktrace Flags 32 Million Phishing Emails in 2025 as Identity Attacks - Infosecurity Magazine
Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks
Hacker mass-mails HungerRush extortion emails to restaurant patrons
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Attack on trust | Professional Security Magazine
Other Social Engineering
Fake LastPass support email threads try to steal vault passwords
Attack on trust | Professional Security Magazine
Purchase order attachment isn’t a PDF. It’s phishing for your password | Malwarebytes
Scattered Lapsus$ Hunters seeks women to defraud helpdesks • The Register
Europol-led crackdown on The Com hackers leads to 30 arrests
DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams
Why scammers call you and say nothing - and how to respond safely | ZDNET
Scammers target Dubai bank accounts amid Iran missile salvo • The Register
If You're a Tech Worker With an Attractive Girlfriend, We Have Extremely Bad News
Telegram rises to top spot in job scam activity - Help Net Security
2FA/MFA
Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication
Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks
Artificial Intelligence
AI went from assistant to autonomous actor and security never caught up - Help Net Security
Why enterprise AI agents could become the ultimate insider threat | ZDNET
AI Raises the Cybersecurity Stakes — But People Still Open the Door - Infosecurity Magazine
AI risk moves into the security budget spotlight - Help Net Security
Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer | Trend Micro (US)
How Threat Actors Turned OpenClaw Into a Scraping Botnet - Security Boulevard
Organizations Unprepared for External Cyber Risks
Fraudsters integrate ChatGPT into global scam campaigns - Help Net Security
Your Staff Are Your Biggest Security Risk: AI is Making it Worse
AI bot compromises five major GitHub repositories | Cybernews
ClawJacked flaw exposed OpenClaw users to data theft
Your personal OpenClaw agent may also be taking orders from malicious websites | CSO Online
AI and Deepfakes Supercharge Sophisticated Cyber-Attacks: Cloudflare - Infosecurity Magazine
The AI-Powered Hacking Spree Is Here
Destroyed servers and DoS attacks: What can happen when OpenClaw AI agents interact | ZDNET
Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement
How Deepfakes and Injection Attacks Are Breaking Identity Verification
Chatbot data harvesting yields sensitive personal info • The Register
Calls for Global Digital Estate Standard as Fraud Risk Grows - Infosecurity Magazine
Hackers Leveraged CyberStrikeAI Tool to Breach Fortinet FortiGate Devices
Pentagon ditches Anthropic AI over “security risk” and OpenAI takes over - Security Boulevard
Sam Altman admits OpenAI can’t control Pentagon’s use of AI | Technology | The Guardian
Pentagon moves to build AI tools for China cyber operations
Hacker Steals Huge Data Trove From Mexico Using Anthropic's Claude
OpenAI Reaches A.I. Agreement With Defense Dept. After Anthropic Clash - The New York Times
Why Pentagon-Anthropic AI clash is pivotal front in future of warfare
Flaw-Finding AI Assistants Face Criticism for Speed, Accuracy
LLMs are getting better at unmasking people online | CyberScoop
Anthropic fallout Iran strikes fuel tech backlash over military AI use
What AI Models for War Actually Look Like | WIRED
Bots/Botnets
Memory scalpers hunt scarce DRAM with bot blitz • The Register
How Threat Actors Turned OpenClaw Into a Scraping Botnet - Security Boulevard
Careers, Roles, Skills, Working in Cyber and Information Security
Code of Professional Conduct | Professional Security Magazine
Cybersecurity professionals are burning out on extra hours every week - Help Net Security
GCHQ hunts for CISO with £130K top salary • The Register
Comms Dealer - Why UK MSPs Need Global Talent Now More Than Ever
Cloud/SaaS
Cloudflare tracked 230 billion daily threats and here is what it found - Help Net Security
Attackers are using your network against you, according to Cloudflare | CyberScoop
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams
QuickLens Chrome extension steals crypto, shows ClickFix attack
Bitcoin Still Fuels Ransomware Economy in 2025
Cyber Crime, Organised Crime & Criminal Actors
AI and Deepfakes Supercharge Sophisticated Cyber-Attacks: Cloudflare - Infosecurity Magazine
Europol-led crackdown on The Com hackers leads to 30 arrests
Turns out most cybercriminals are old enough to know better • The Register
Compromised Site Management Panels are a Hot Item in Cybercrime Markets
Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks
FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials
Data Breaches/Leaks
Conduent Data Breach - Largest Data Breach in U.S. History As Ransomware Group Stolen 8 TB of Data
AI bot compromises five major GitHub repositories | Cybernews
ClawJacked flaw exposed OpenClaw users to data theft
Double whammy: Steaelite RAT bundles data theft, ransomware • The Register
Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks - Infosecurity Magazine
1 Million Records from Dutch Telco Odido Published Online After Extortion Attempt
15M French citizens affected by massive data breach following cyberattack on medical software
New LexisNexis Data Breach Confirmed After Hackers Leak Files - SecurityWeek
“Non-terrestrial officers:” the UFO files McKinnon found, hacking NASA | Cybernews
Hacker Steals Huge Data Trove From Mexico Using Anthropic's Claude
Olympique Marseille confirms 'attempted' cyberattack after data leak
Canadian Tire 2025 data breach impacts 38 million users
UH Cyber Hack Exposed Social Security Numbers Of Up To 1.15 Million - Honolulu Civil Beat
Brit games studio Cloud Imperium admits to data breach • The Register
Madison Square Garden Data Breach Confirmed Months After Hacker Attack - SecurityWeek
Denial of Service/DoS/DDoS
149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict
Russian DDoS: what’s the threat to businesses? | IT Pro
Encryption
Expert Recommends: Prepare for PQC Right Now
Fraud, Scams and Financial Crime
Fraudsters integrate ChatGPT into global scam campaigns - Help Net Security
Calls for Global Digital Estate Standard as Fraud Risk Grows - Infosecurity Magazine
Data Broker Breaches Fueled Nearly $21 Billion in Identity-Theft Losses | WIRED
Memory scalpers hunt scarce DRAM with bot blitz • The Register
Why scammers call you and say nothing - and how to respond safely | ZDNET
Scammers target Dubai bank accounts amid Iran missile salvo • The Register
Telegram rises to top spot in job scam activity - Help Net Security
Alabama man pleads guilty to hacking, extorting hundreds of women
Florida woman imprisoned for massive Microsoft license fraud scheme
Identity and Access Management
How Deepfakes and Injection Attacks Are Breaking Identity Verification
Insider Risk and Insider Threats
Why enterprise AI agents could become the ultimate insider threat | ZDNET
AI Raises the Cybersecurity Stakes — But People Still Open the Door - Infosecurity Magazine
42 percent of organizations see an increase in malicious insider incidents - BetaNews
Your Staff Are Your Biggest Security Risk: AI is Making it Worse
Employees install pirate software despite malware risks - BetaNews
U.S. Defense Contractor Faces 87 Months in Prison For Selling Secrets to Russia - ClearanceJobs
Insurance
Zurich Acquires Beazley in $11 Billion Deal to Lead Cyberinsurance - SecurityWeek
Internet of Things – IoT
Your smart home may be at risk - 6 ways experts protect your devices from attacks | ZDNET
Every Car Made After 2008 Has the Same Digital Security Risk
Meta Workers Say They're Seeing Disturbing Things Through Users' Smart Glasses
Law Enforcement Action and Take Downs
Europol-led crackdown on The Com hackers leads to 30 arrests
U.S. Defense Contractor Faces 87 Months in Prison For Selling Secrets to Russia - ClearanceJobs
Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks
FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials
DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams
Project Compass is Europol's new playbook for taking on The Com | CyberScoop
Cambodia, a center for online scam, cracks down on the scammers : State of the World from NPR : NPR
Ukrainian man pleads guilty to running AI-powered fake ID site
Alabama man pleads guilty to hacking, extorting hundreds of women
Florida woman imprisoned for massive Microsoft license fraud scheme
Malware
Double whammy: Steaelite RAT bundles data theft, ransomware • The Register
Microsoft OAuth scams abuse redirects for malware delivery • The Register
Employees install pirate software despite malware risks - BetaNews
Microsoft warning: attackers are abusing Google logins to spread malware | Cybernews
CISA warns that RESURGE malware can be dormant on Ivanti devices
North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT
QuickLens Chrome extension steals crypto, shows ClickFix attack
Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer | Trend Micro (US)
Microsoft warns of RAT delivered through trojanized gaming utilities
Mobile
Coruna: Spy-grade iOS exploit kit powering financial crime - Help Net Security
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
Models, Frameworks and Standards
Passwords, Credential Stuffing & Brute Force Attacks
Fake LastPass support email threads try to steal vault passwords
Purchase order attachment isn’t a PDF. It’s phishing for your password | Malwarebytes
US Shuts Down 'LeakBase' Hacker Forum Known for Selling Stolen Data
FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials
Regulations, Fines and Legislation
UK’s Data Watchdog Gets a Makeover to Match Growing Demands - Infosecurity Magazine
CISA leadership shakeup comes amid ‘pressure’ moment for cyber agency | Federal News Network
Trump Bans Anthropic AI in Federal Agencies — Pentagon Flags Claude as Security Risk
OpenAI Reaches A.I. Agreement With Defense Dept. After Anthropic Clash - The New York Times
Why Pentagon-Anthropic AI clash is pivotal front in future of warfare
Social Media
Social media companies are fighting the 'age verification trap' | Fortune
Software Supply Chain
What to Know About the Notepad++ Supply-Chain Attack - Security Boulevard
Your dependencies are 278 days out of date and your pipelines aren't protected - Help Net Security
Surging third-party risks create software vulnerability headaches for developer teams | IT Pro
Supply Chain and Third Parties
Conduent Data Breach - Largest Data Breach in U.S. History As Ransomware Group Stolen 8 TB of Data
Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks - Infosecurity Magazine
Organizations Unprepared for External Cyber Risks
What to Know About the Notepad++ Supply-Chain Attack - Security Boulevard
Madison Square Garden Data Breach Confirmed Months After Hacker Attack - SecurityWeek
Airbus and Boeing supplier named in ransomware attack | Cybernews
Third-Party Risk: The New Maturity Curve for Security Providers | perspective | MSSP Alert
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
UK warns of Iranian cyberattack risks amid Middle-East conflict
U.S. war with Iran forces CEOs to prepare for the worst | Fortune
Hybrid Middle East Conflict Triggers Surge in Global Cyber Activity - Infosecurity Magazine
The cyber war in Iran - POLITICO
Expect Iran to Launch Cyber-Attacks Globally, Warns Google - Infosecurity Magazine
Europe braces as Iran threatens to attack – POLITICO
If You're a Tech Worker With an Attractive Girlfriend, We Have Extremely Bad News
Businesses told to harden defenses amid Iran conflict risk • The Register
Mapping Iran’s hacking threats | Ctech
Iran War Puts Companies, Infrastructure on Cyber Threat Alert
Iran could use AI to accelerate cyberattacks on U.S. and Israeli critical infrastructure | Fortune
Cyberwarfare ignites in US-Israel-Iran war
Pro-Iranian Actors Launch Barrage of Cyberattacks
Double jeopardy for Dubai, faces espionage threat amid Iran offensive - The Statesman
Western Cybersecurity Experts Brace for Iranian Reprisal
Iranian Hackers Ramp Up Cyberattacks on US and Israel After Recent Strikes - gHacks Tech News
Sam Altman admits OpenAI can’t control Pentagon’s use of AI | Technology | The Guardian
Anthropic fallout Iran strikes fuel tech backlash over military AI use
What AI Models for War Actually Look Like | WIRED
Nation State Actors
How to understand and avoid Advanced Persistent Threats - Security Boulevard
China
If You're a Tech Worker With an Attractive Girlfriend, We Have Extremely Bad News
Hackers Leveraged CyberStrikeAI Tool to Breach Fortinet FortiGate Devices
From phishing to Google Drive C2: Silver Dragon expands APT41 playbook
China's Silver Dragon Razes Governments in EU, SE Asia
Pentagon moves to build AI tools for China cyber operations
Russia
If You're a Tech Worker With an Attractive Girlfriend, We Have Extremely Bad News
Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks - SecurityWeek
Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch
Russian DDoS: what’s the threat to businesses? | IT Pro
U.S. Defense Contractor Faces 87 Months in Prison For Selling Secrets to Russia - ClearanceJobs
Notorious ransomware gang allegedly blackmailed by fake FSB officer
North Korea
North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT
North Korea’s APT37 Expands Toolkit to Breach Air-Gapped Networks - Infosecurity Magazine
ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
APT37 hackers use new malware to breach air-gapped networks
Suspected Nork intruders infecting US healthcare, education • The Register
Britain sees North Korea as 'major' cyber threat: Cybersecurity expert
Iran
U.S. war with Iran forces CEOs to prepare for the worst | Fortune
Hybrid Middle East Conflict Triggers Surge in Global Cyber Activity - Infosecurity Magazine
The cyber war in Iran - POLITICO
Europe braces as Iran threatens to attack – POLITICO
Businesses told to harden defenses amid Iran conflict risk • The Register
Mapping Iran’s hacking threats | Ctech
Iran War Puts Companies, Infrastructure on Cyber Threat Alert
Cyberwarfare ignites in US-Israel-Iran war
Pro-Iranian Actors Launch Barrage of Cyberattacks
Iran intelligence backdoored US bank, airport networks • The Register
Scammers target Dubai bank accounts amid Iran missile salvo • The Register
US financial firms on cyber alert amid Iran war | The Jerusalem Post
Iranian Hackers Ramp Up Cyberattacks on US and Israel After Recent Strikes - gHacks Tech News
149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict
Strikes on Iran will test US cyber strategy abroad, and defenses at home - Nextgov/FCW
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Hacktivists claim to have hacked Homeland Security to release ICE contract data | TechCrunch
149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict
Tools and Controls
AI risk moves into the security budget spotlight - Help Net Security
Flaw-Finding AI Assistants Face Criticism for Speed, Accuracy
Why encrypted backups may fail in an AI-driven ransomware era | ZDNET
How Deepfakes and Injection Attacks Are Breaking Identity Verification
Cloudflare tracked 230 billion daily threats and here is what it found - Help Net Security
Attackers are using your network against you, according to Cloudflare | CyberScoop
The Expanding Link Between Software Engineering And Cyber Security - DevX
Your dependencies are 278 days out of date and your pipelines aren't protected - Help Net Security
Cyber resilience tunnel vision is leaving enterprises open to external threats | IT Pro
12 Million exposed .env files reveal widespread security failures
Security debt is becoming a governance issue for CISOs - Help Net Security
Other News
Cloudflare tracked 230 billion daily threats and here is what it found - Help Net Security
Attackers are using your network against you, according to Cloudflare | CyberScoop
The Increasing Speed of Cyberattacks
How 'silent probing' can make your security playbook a liability | CyberScoop
The Expanding Link Between Software Engineering And Cyber Security - DevX
UK government seeks to clamp down on cyber-threats - Digital Journal
DEF CON hackers 'fed up with government,' Jake Braun says • The Register
Sweden Tells Energy Sector to Raise Security, but Faces no Specific Threat
Healthcare organizations are accepting cyber risk to cut costs - Help Net Security
Cybersecurity is now a bigger worry for car-makers than costs - Drives&Controls
Cybersecurity a ‘significant’ issue for 95% of manufacturers
Vulnerability Management
Flaw-Finding AI Assistants Face Criticism for Speed, Accuracy
Exploitable Vulnerabilities Present in 87% of Organizations - Infosecurity Magazine
Report Shows Sharp Rise in High‑Risk Flaws and Security Debt
Your dependencies are 278 days out of date and your pipelines aren't protected - Help Net Security
Surging third-party risks create software vulnerability headaches for developer teams | IT Pro
Google will soon ship Chrome updates every two weeks • The Register
Vulnerabilities
NCSC warns of attacks to Cisco Catalyst SD-WAN | UKAuthority
Cisco Drops 48 New Firewall Vulnerabilities, 2 Critical
Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities
Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
Juniper issues emergency patch for critical PTX router RCE
Cisco warns of max severity Secure FMC flaws giving root access
What to Know About the Notepad++ Supply-Chain Attack - Security Boulevard
Trend Micro fixes two critical flaws in Apex One
Critical Juniper Networks PTX flaw allows full router takeover
Firefox 148 Released With Sanitizer API to Disable XSS Attack
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
Security hole could let hackers take over Juniper Networks PTX core routers | CSO Online
Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 27 February 2026
Black Arrow Cyber Threat Intelligence Briefing 27 February 2026:
-The Growing Risk of Malicious Apps in a Mobile-First Workplace
-Why 'Call This Number' TOAD Emails Beat Gateways
-New Phishing Hacks Aren’t Sloppy—They’re Personalised
-Google Disrupts Chinese-Linked Hackers That Attacked 53 Groups Globally
-Basic Security Gaps Leave Enterprises Exposed to AI-Boosted Attacks
-'God-Like' Attack Machines: AI Agents Ignore Security Policies
-13 Ways Attackers Use Generative AI To Exploit Your Systems
-AI Accelerates Attacker Breakout Time to Just Four Minutes
-Resilience: Cyber Risk Shifts from Disruption to Long-Tail Losses
-Ransomware Readiness is the Difference Between a Bad Day at Work and No More Workplace
-So You Think You Have Cyber Insurance? The Breach is Only the First Incident. The Claim is the Second.
-Russia Stepping Up Hybrid Attacks, Preparing for Long Standoff with West, Dutch Intelligence Warns
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
We have details of new and developing threats for business leaders to address in their security strategy. These include malicious apps on work mobile devices, and phishing emails without links or attachments but with instructions for the recipient to call a number that turns out to be a scam. Separately, Google has identified attackers using online Google Sheets that contain command instructions for malware already installed in victims’ systems at a previous stage. As mentioned in our previous weekly reports, AI is being used to make cyber-attacks faster and more effective.
Addressing these and other risks requires two areas of focus: proportionate cyber security to reduce the frequency of successful attacks, and cyber resilience to improve the chances that the organisation can successfully detect and respond to attacks. Insurance is often part of that resilience; however, we include a reminder on the need to ensure a clear understanding upfront on exactly what the insurance policy provides and the conditions of cover.
Business leaders are not expected to be cyber experts, but your ability to ensure that your cyber security and resilience can address today’s evolving risks requires you to understand the fundamentals, and this is best sourced from experts who are not your control providers. Contact us for details of how to achieve proportionate security and resilience for your business .
Top Cyber Stories of the Last Week
The Growing Risk of Malicious Apps in a Mobile-First Workplace
As workplaces become increasingly mobile-first, employees’ smartphones now provide a direct route into corporate systems and sensitive data. Attackers are exploiting this by disguising malicious code inside legitimate-looking apps, including those published in trusted app stores, and by rapidly creating new variants that evade traditional, signature-based security tools. Risk also comes from poorly built apps that request excessive access or accidentally expose information through weak design. To reduce exposure, organisations need greater visibility into what apps are installed, what data they access, and whether their behaviour changes after updates, treating mobile apps as a core enterprise risk, not just an IT concern.
Why 'Call This Number' TOAD Emails Beat Gateways
Attackers are increasingly using “call this number” emails that contain no links or attachments, helping them slip past many secure email gateways. Analysis of roughly 5,000 threats that bypassed enterprise defences since December 2025 found telephone-oriented attack delivery (TOAD) made up almost 28% of these incidents. The tactic typically mimics a billing alert from a trusted brand and pressures staff to phone a number, where scammers try to steal login details, gain remote access to devices, or extract payments such as gift cards. Senior leaders should reinforce clear rules: invoices are not resolved by unsolicited phone calls, and staff must verify unexpected payment requests via known channels.
https://www.darkreading.com/threat-intelligence/why-call-this-number-toad-emails-beat-gateways
New Phishing Hacks Aren’t Sloppy—They’re Personalised
Artificial intelligence is making phishing scams far more convincing by tailoring messages with personal details pulled from past data breaches and public sources such as social media. These emails and texts may reference your name, location, services you use, or even your interests, helping criminals build trust and pressure people into clicking links, sharing information, or sending money. If staff credentials are stolen, accounts can be compromised, potentially impacting the wider business. Key safeguards include keeping software and security tools up to date, and treating personalised or unexpected payment or account warnings with caution by verifying them through official channels.
Google Disrupts Chinese-Linked Hackers That Attacked 53 Groups Globally
Google has disrupted a Chinese-linked hacking group with a near decade-long record of targeting governments and telecoms, after confirming access to at least 53 organisations across 42 countries, with possible reach into 22 more. The attackers used Google Sheets to hide activity within normal network traffic, which Google stressed was not a flaw in its products. In one incident, they installed a hidden way to regain access on a system holding sensitive personal data such as names, phone numbers, dates of birth and national ID details.
Basic Security Gaps Leave Enterprises Exposed to AI-Boosted Attacks
IBM’s 2026 X-Force Threat Intelligence Index warns that criminals are increasingly using AI to find and exploit basic security gaps at speed. Attacks starting through internet-facing applications rose 44%, often due to insufficient access controls, while ransomware and extortion activity grew 49% year on year and disclosed victim counts increased by about 12%. Supply chain and third-party compromises have almost quadrupled since 2020, targeting software build and deployment environments and cloud applications. In 2025, exploiting known weaknesses drove 40% of observed incidents. Manufacturing remained the most targeted sector (27%), and North America saw 29% of cases.
https://betanews.com/article/basic-security-gaps-leave-enterprises-exposed-to-ai-boosted-attacks/
'God-Like' Attack Machines: AI Agents Ignore Security Policies
Security leaders are warning that goal-driven AI agents can unintentionally expose sensitive information or make damaging changes if they are given too much access. A recent Microsoft Copilot bug reportedly summarised confidential emails, and separately an AI agent ignored restrictions and deleted a live database. Experts caution that built-in AI guardrails are not strong enough to be relied on as security controls. Organisations adopting AI agents should limit permissions to the minimum required, separate critical systems, keep clear oversight through monitoring and audit logs, and ensure robust backups to quickly reverse mistakes.
https://www.darkreading.com/application-security/ai-agents-ignore-security-policies
13 Ways Attackers Use Generative AI To Exploit Your Systems
Criminals are using generative AI to make familiar cyber attacks faster and more convincing, rather than inventing entirely new ones. It is boosting realistic phishing messages that trick staff into handing over passwords, and helping create malware to damage systems or steal data. AI is also enabling deepfake voice and video scams and automating espionage, with one campaign reportedly automated by about 80% and aimed at roughly 30 major organisations.
AI Accelerates Attacker Breakout Time to Just Four Minutes
ReliaQuest reports that attackers are moving faster, with the average time from initial access to spreading inside an organisation dropping to 34 minutes in 2025, and a record low of just four minutes. Data theft can happen in as little as six minutes, down from over four hours in 2024. The report links this acceleration to wider use of automation and AI, with 80% of ransomware groups using one or both. Many organisations remain exposed due to gaps such as poor visibility of activity logs, weak remote access protections, and identity processes that can be tricked through social engineering where attackers persuade staff to grant access.
https://www.infosecurity-magazine.com/news/ai-accelerates-attack-breakout/
Resilience: Cyber Risk Shifts from Disruption to Long-Tail Losses
According to a report by US insurance provider, Resilience, cyber attacks are increasingly causing long-lasting financial, regulatory and reputational harm, driven by criminals stealing data and demanding payment to stop it being published. Data theft-only incidents rose from 49% of extortion claims in the first half of last year to 65% in the second half, and this model could become the majority by the end of 2026. The report also warns that paying to suppress stolen data may still lead to lawsuits and further exposure. Retail, manufacturing and health care made up 68% of losses.
https://www.insurancejournal.com/news/national/2026/02/25/859511.htm
Ransomware Readiness is the Difference Between a Bad Day at Work and No More Workplace
Ransomware is now a routine business risk, and organisations that recover fastest are typically those with strong readiness rather than the most complex technology. Effective preparation starts with clear governance and a tested incident response plan that assumes key systems and email may be unavailable. It also requires reliable, regularly tested backups that can restore critical services quickly, plus offline access to continuity plans and contact lists. Senior leaders should rehearse early decisions, including how to handle ransom demands, legal checks, and insurer requirements. Today’s ransomware is often data theft followed by extortion, raising regulatory and reputational stakes.
So You Think You Have Cyber Insurance? The Breach is Only the First Incident. The Claim is the Second.
Many organisations treat cyber insurance as a simple safety net, but in practice it is often a patchwork of policies with gaps and overlaps that only become clear after an incident. The most common losses involve other people’s data held on your systems, ransomware that combines disruption with extortion, and business email compromise where criminals impersonate staff to divert payments. Insurers may dispute claims by arguing the loss sits under a different policy, that payments were voluntary, or that conditions were not met. The key message is to stress test cover in advance, so it still pays out under real-world pressure.
Russia Stepping Up Hybrid Attacks, Preparing for Long Standoff with West, Dutch Intelligence Warns
Dutch intelligence agencies warn that Russia is intensifying a hybrid campaign across Europe as it prepares for a long confrontation with the West. This blends cyber-attacks, sabotage, disinformation and covert political influence to stay below the threshold of open war. Since late 2023, activity has risen sharply, with the Netherlands targeted through cyber operations against public institutions and critical infrastructure. The agencies assess Russia’s risk tolerance has increased since 2024, meaning disruption to vital services could become more likely even without direct military conflict.
Governance, Risk and Compliance
Resilience: Cyber Risk Shifts From Disruption to Long-Tail Losses
Resilience Cyber Claims Data Reveals The New Economics of Professionalized Cybercrime
Cyber is long tail threat warns new study
Identifying cyber crime motives more vital than ever, report says | The National
Organizations, MSSPs Need to Mind the Gaps in Their Security: Barracuda | MSSP Alert
Businesses rank cyber incidents as their biggest threat - BetaNews
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware is a mid-market tax. Here's how UK firms can stop it - Raconteur
Ransomware playbook torn up as data theft becomes top threat – Resilience | Insurance Business
BeyondTrust Vulnerability Exploited in Ransomware Attacks - SecurityWeek
Ransomware Victims
Mississippi medical center closes all clinics after ransomware attack
Chip Testing Giant Advantest Hit by Ransomware - SecurityWeek
ShinyHunters demands $1.5M not to leak Wynn Resorts data • The Register
Two years on, what are the lessons from the British Library cyberattack?
ShinyHunters extortion gang claims Odido breach affecting millions
Wynn Resorts confirms data stolen after ShinyHunters threats • The Register
Qilin targets NYC transit workers | Cybernews
Everest ransomware hits Vikor Scientific 's supplier, data of 140,000 patients stolen
Phishing & Email Based Attacks
New phishing hacks aren't sloppy—they're personalized | PCWorld
Why 'Call This Number' TOAD Emails Beat Gateways
The Art of Deception: Typosquatting to Bypass Detection
UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware
Russian hackers target European firms with new spear-phishing cyberattacks | TechRadar
Hackers Using OAuth Apps in Microsoft Entra ID to Establish Persistence
Airline brands become launchpads for phishing, crypto fraud - Help Net Security
Phishing campaign targets freight and logistics orgs in the US, Europe
Multifaceted Phishing Scheme Deceives Bitpanda Customers - Infosecurity Magazine
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Know the red flags: Business email compromise signs to look out for | CSO Online
Other Social Engineering
Why 'Call This Number' TOAD Emails Beat Gateways
The Art of Deception: Typosquatting to Bypass Detection
ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware
Fake CAPTCHA attacks exploded by 563% last year: How to spot them and stay safe online | ZDNET
Airline brands become launchpads for phishing, crypto fraud - Help Net Security
I'm a tech pro and an AI job scam almost fooled me - here's what gave it away | ZDNET
Threat Actors Using Fake Avast Website to Harvest Users Credit Card Details
Ad tech firm Optimizely confirms data breach after vishing attack
How to protect yourself from SIM swapping
The latest delivery scam has 'carriers' calling to return your phone - don't fall for it | ZDNET
Virgin Media O2 Warn Customers to Watch Out for Fake 5G SIM Upgrade Emails - ISPreview UK
AML/CFT/Money Laundering/Terrorist Financing/Sanctions
The US expanded its sanctions list against Russia due to cybersecurity threats | УНН
Artificial Intelligence
Cyberattack Breakout in Just 27 Seconds? 2026 Threat Report Reveals Shocking Speed | IBTimes UK
AI Accelerates Attacker Breakout Time to Just Four Minutes - Infosecurity Magazine
Hackers Gain Speed, Not Major New Tradecraft, Using AI Tools
AI-powered Cyber-Attacks Up Significantly, Warns CrowdStrike - Infosecurity Magazine
13 ways attackers use generative AI to exploit your systems | CSO Online
New phishing hacks aren't sloppy—they're personalized | PCWorld
'God-Like' Attack Machines: AI Agents Ignore Security Policies
2026 CrowdStrike Global Threat Report: AI Accelerates Adversaries and Reshapes the Attack Surface
Attackers Now Need Just 29 Minutes to Own a Network
Cyberattacks are hitting faster with AI fuelling an 89% jump, data shows - National | Globalnews.ca
The rise of the evasive adversary | CSO Online
Basic security gaps leave enterprises exposed to AI-boosted attacks - BetaNews
Android malware uses Google’s own Gemini AI to adapt in real time - Android Authority
Multiple Hacking Groups Exploit OpenClaw Instances to Steal API key and Deploy Malware
AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries
Lessons From AI Hacking: Every Model, Every Layer Is Risky
Model Inversion Attacks: Growing AI Business Risk - Security Boulevard
AI is becoming part of everyday criminal workflows - Help Net Security
Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer | Trend Micro (US)
Cyber Attacks Skirt Corporate Defenses With AI, Cloud Intrusions
Anthropic Drops Flagship Safety Pledge | TIME
National Crime Agency calls for ‘whole-system approach’ to tech-enabled abuse – PublicTechnology
44% Surge in App Exploits as AI Speeds Up Cyber-Attacks, IBM Finds - Infosecurity Magazine
AI coding assistant Cline compromised, installs OpenClaw • The Register
Urgent research needed to tackle AI threats, says Google AI boss - BBC News
Deloitte Australia bans staff from using ChatGPT over data leak fears
How Exposed Endpoints Increase Risk Across LLM Infrastructure
UAE foils AI-powered 'terrorist cyber attacks' on vital sectors | The National
Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model
Shai-Hulud-Like Worm Targets Developers via npm and AI Tools - Infosecurity Magazine
Major 'vibe-coding' platform Orchids is easily hacked, researcher finds - BBC News
Do NOT use AI-generated passwords, security experts warn | PCWorld
Nation state hackers fail to gain edge with AI, OpenAI report finds - Cryptopolitan
Claude's collaboration tools allowed remote code execution • The Register
Cyber: the dangers of agents and vibe coding | ICAEW
Chinese Police Use ChatGPT to Smear Japan PM Takaichi
Careers, Roles, Skills, Working in Cyber and Information Security
Where CISOs need to hire and develop cybersecurity talent
ISC2 Launches Global Code of Professional Conduct for Cybersecurity
UK tech has fewer foreign techies, struggling to upskill • The Register
Cloud/SaaS
2026 CrowdStrike Global Threat Report: AI Accelerates Adversaries and Reshapes the Attack Surface
Cyber Attacks Skirt Corporate Defenses With AI, Cloud Intrusions
Hackers Using OAuth Apps in Microsoft Entra ID to Establish Persistence
Founder drops AWS for Euro stack in bid for sovereignty • The Register
Europe’s ‘tech sovereignty’ ambitions carry security risks, military warns
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Airline brands become launchpads for phishing, crypto fraud - Help Net Security
Cyber Crime, Organised Crime & Criminal Actors
Resilience: Cyber Risk Shifts From Disruption to Long-Tail Losses
AI is becoming part of everyday criminal workflows - Help Net Security
Resilience Cyber Claims Data Reveals The New Economics of Professionalized Cybercrime
Cyber Claims Data Shows ‘New Economics’ of Cybercrime
Cyber is long tail threat warns new study
Identifying cyber crime motives more vital than ever, report says | The National
Latin America's Cyber Maturity Lags Threat Landscape
Don’t trust TrustConnect: This fake remote support tool only helps hackers | CSO Online
International operation dismantles fraud network, €400,000 seized - Help Net Security
Data Breaches/Leaks
PayPal Data Breach Led to Fraudulent Transactions - SecurityWeek
PayPal discloses extended data leak linked to Loan App glitch
ICO wins battle in fight to fine tech retailer £500k • The Register
ShinyHunters extortion gang claims Odido breach affecting millions
Ashley Madison pivots to shake cyberattack ghost | Cybernews
CarGurus data breach exposes information of 12.4 million accounts
Ad tech firm Optimizely confirms data breach after vishing attack
Data/Digital Sovereignty
Founder drops AWS for Euro stack in bid for sovereignty • The Register
Europe’s ‘tech sovereignty’ ambitions carry security risks, military warns
Denial of Service/DoS/DDoS
Dramatic Escalation Frequency and Power of in DDoS Attacks - Infosecurity Magazine
Suspected Anonymous members cuffed in Spain over DDoS attack • The Register
Spain arrests suspected hacktivists for DDoSing govt sites
Fraud, Scams and Financial Crime
PayPal Data Breach Led to Fraudulent Transactions - SecurityWeek
Fraud Investigation Reveals Sophisticated Python Malware - Infosecurity Magazine
International operation dismantles fraud network, €400,000 seized - Help Net Security
I'm a tech pro and an AI job scam almost fooled me - here's what gave it away | ZDNET
Manipulating AI memory for profit: The rise of AI Recommendation Poisoning | Microsoft Security Blog
Threat Actors Using Fake Avast Website to Harvest Users Credit Card Details
Virgin Media O2 Warn Customers to Watch Out for Fake 5G SIM Upgrade Emails - ISPreview UK
Hackers use this tool to bypass fraud detection and weaponize Google ads | Mashable
The latest delivery scam has 'carriers' calling to return your phone - don't fall for it | ZDNET
Identity and Access Management
When identity isn’t the weak link, access still is
Insider Risk and Insider Threats
Cost of Insider Incidents Surges 20% to Nearly $20m - Infosecurity Magazine
Ex-L3Harris exec jailed for selling zero-days to Russian exploit broker
Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker
Insurance
Internet of Things – IoT
Security vulnerabilities in Tesla's Model 3 and Cybertruck reveal how connected cars can be hacked
Law Enforcement Action and Take Downs
Ex-Google engineers accused of swiping chip security secrets • The Register
Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker
International operation dismantles fraud network, €400,000 seized - Help Net Security
Suspected Anonymous members cuffed in Spain over DDoS attack • The Register
Police seize 100,000 stolen Facebook credentials in cybercrime raid - Help Net Security
Linux and Open Source
Open-source security debt grows across commercial software - Help Net Security
Malvertising
Hackers use this tool to bypass fraud detection and weaponize Google ads | Mashable
Malware
Fraud Investigation Reveals Sophisticated Python Malware - Infosecurity Magazine
Multiple Hacking Groups Exploit OpenClaw Instances to Steal API key and Deploy Malware
Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer | Trend Micro (US)
Fake troubleshooting tip on ClawHub leads to infostealer infection - Help Net Security
ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware
Russian hackers target European firms with new spear-phishing cyberattacks | TechRadar
New malware-as-a-service fronts as legit RMM provider | SC Media
Criminals create business website to sell RAT disguised as RMM tool - Help Net Security
Fake Zoom update covertly installs spy tool | Cybernews
Don’t trust TrustConnect: This fake remote support tool only helps hackers | CSO Online
Shai-Hulud-Like Worm Targets Developers via npm and AI Tools - Infosecurity Magazine
MuddyWater Targets Orgs With Fresh Malware Amid Rising Tensions
Mobile
The Growing Risk of Malicious Apps in a Mobile-First Workplace - Security Boulevard
Android malware uses Google’s own Gemini AI to adapt in real time - Android Authority
Predator spyware hooks iOS SpringBoard to hide mic, camera activity
How To Prevent Your Smartphone From Spying On Your Activities
Researchers flag Samsung Tizen OS weakness | Cybernews
Virgin Media O2 Warn Customers to Watch Out for Fake 5G SIM Upgrade Emails - ISPreview UK
How to protect yourself from SIM swapping
Android mental health apps with 14.7M installs filled with security flaws
Models, Frameworks and Standards
Passwords, Credential Stuffing & Brute Force Attacks
The 25 Most Vulnerable Passwords of 2026 | Security Magazine
Every day in every way, passwords are getting worse • The Register
The Real Initial Access Vector: Compromised Active Directory Credentials - Security Boulevard
Too many users are reusing passwords: Cybersecurity dangers revealed - Digital Journal
Police seize 100,000 stolen Facebook credentials in cybercrime raid - Help Net Security
Do NOT use AI-generated passwords, security experts warn | PCWorld
Regulations, Fines and Legislation
National Crime Agency calls for ‘whole-system approach’ to tech-enabled abuse – PublicTechnology
ICO wins battle in fight to fine tech retailer £500k • The Register
UK fines Reddit $19 million for using children’s data unlawfully
US cybersecurity agency CISA reportedly in dire shape amid Trump cuts and layoffs | TechCrunch
Across party lines and industry, the verdict is the same: CISA is in trouble | CyberScoop
Social Media
Police seize 100,000 stolen Facebook credentials in cybercrime raid - Help Net Security
I'm a tech pro and an AI job scam almost fooled me - here's what gave it away | ZDNET
Discord postpones global age verification rollout | AP News
UK fines Reddit $19 million for using children’s data unlawfully
Supply Chain and Third Parties
Group-IB High-Tech Crime Trends Report 2026: Supply Chain Attacks Emerge as Top Global Cyber Threat
Shai-Hulud-Like Worm Targets Developers via npm and AI Tools - Infosecurity Magazine
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Disrupting the GRIDTIDE Global Cyber Espionage Campaign | Google Cloud Blog
Awareness of Russian threat growing in EU, says MEP
Nation State Actors
Nation state hackers fail to gain edge with AI, OpenAI report finds - Cryptopolitan
UAE foils AI-powered 'terrorist cyber attacks' on vital sectors | The National
China
Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries
Google and friends disrupt suspected Beijing espionage op • The Register
Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model
Chinese Police Use ChatGPT to Smear Japan PM Takaichi
Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs - SecurityWeek
Russia
Awareness of Russian threat growing in EU, says MEP
UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware
Russian hackers target European firms with new spear-phishing cyberattacks | TechRadar
Russian Cyber Threat Actor Uses GenAI to Compromise Fortinet Firewalls - Infosecurity Magazine
The US expanded its sanctions list against Russia due to cybersecurity threats | УНН
Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker
North Korea
Iran
MuddyWater Targets Orgs With Fresh Malware Amid Rising Tensions
Ex-Google engineers accused of swiping chip security secrets • The Register
Tools and Controls
Criminals create business website to sell RAT disguised as RMM tool - Help Net Security
Fake Zoom update covertly installs spy tool | Cybernews
Identity-First AI Security: Why CISOs Must Add Intent to the Equation
AI gets good at finding bugs, not as good at fixing them • The Register
When identity isn’t the weak link, access still is
Why Most Breaches Happen After Launch: SaaS Security Testing Best Practices - Security Boulevard
Why the shift left dream has become a nightmare for security and developers
What Is Zero Trust Security? A Plain-English Guide - Security Boulevard
Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs - SecurityWeek
Shai-Hulud-Like Worm Targets Developers via npm and AI Tools - Infosecurity Magazine
AI coding assistant Cline compromised, installs OpenClaw • The Register
Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems
Major 'vibe-coding' platform Orchids is easily hacked, researcher finds - BBC News
Cyber: the dangers of agents and vibe coding | ICAEW
LLM firewalls emerge as a new AI security layer | TechTarget
Other News
The FBI Says These Wi-Fi Routers Are Unsafe, And Here's Why
Cyber-attacks may disrupt smart factories by targeting time | University of East London
“The automotive industry will eventually wake up to cyber attacks. It's a pandemic th | Ctech
Emerging Chiplet Designs Spark Fresh Cybersecurity Challenges
Enigma Cipher Device Still Holds Secrets for Cyber Pros
Vulnerability Management
AI gets good at finding bugs, not as good at fixing them • The Register
Organizations, MSSPs Need to Mind the Gaps in Their Security: Barracuda | MSSP Alert
Ex-L3Harris exec jailed for selling zero-days to Russian exploit broker
Microsoft extends security patching for three Windows products at a price - Help Net Security
Vulnerabilities
AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries
Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers - SecurityWeek
Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access
Claude's collaboration tools allowed remote code execution • The Register
BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
BeyondTrust Vulnerability Exploited in Ransomware Attacks - SecurityWeek
CISA gives feds 3 days to patch actively exploited Dell bug • The Register
Attackers Use New Tool to Scan for React2Shell Exposure
SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution
VMware Aria Operations flaws could enable remote attacks
Major 'vibe-coding' platform Orchids is easily hacked, researcher finds - BBC News
Researchers flag Samsung Tizen OS weakness | Cybernews
Recent RoundCube Webmail Vulnerability Exploited in Attacks - SecurityWeek
Critical Zyxel router flaw exposed devices to remote attacks
Android mental health apps with 14.7M installs filled with security flaws
Critical Grandstream Phone Vulnerability Exposes Calls to Interception - SecurityWeek
RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN
CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 20 February 2026
Black Arrow Cyber Threat Intelligence Briefing 20 February 2026:
-New Phishing Campaign Tricks Employees into Bypassing Microsoft 365 MFA
-Microsoft Patches Security Flaw That Exposed Confidential Emails to AI
-SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks, NCSC Boss Warns
-One Stolen Credential Is All It Takes to Compromise Everything
-Ukrainian Sentenced to 5 Years in Prison for Facilitating North Korean Remote Worker Scheme
-1,500 Percent Increase in New, Unique Malware Highlights Growing Complexity
-A Worrying Dell Zero-Day Flaw Has Reportedly Gone Unpatched for Nearly Two Years – and Chinese Hackers Are Taking Advantage
-AI Agents Abound, Unbound by Rules or Safety Disclosures
-‘An All-Time High’: Number of Ransomware Groups Exploded in 2025 As Victim Growth Rate Doubled – With Qilin Dominating the Landscape
-Ransomware Hackers Targeting Employee Monitoring Software to Access Computers
-Low-Skilled Cybercriminals Use AI to Perform "Vibe Extortion" Attacks
-Europe Must Adapt to ‘Permanent’ Cyber and Hybrid Threats, Sweden Warns
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
There is a significant new attack technique against organisations that use Microsoft 365, bypassing MFA, and Microsoft has also recently fixed a flaw in Copilot Chat that compromised confidential emails. We report on these developments for the attention of business leaders, as well as a government alert on attacks against small and medium sized businesses, and the risks posed when user access is not appropriately managed.
The North Korean military continues to pose as civilians hired by organisations, and a high number of new malware variants are being delivered over encrypted web traffic, making inspection necessary to reliably identify and block them. As in previous weeks, we include information on how attackers are using AI to develop their techniques and malware.
While cyber security risks can be varied, the solution is consistently clear. Business leaders should undertake an impartial assessment of their risks against their information and systems, and ensure they have appropriate controls to manage those risks. It is important not to rely on the standard offerings of control providers such as IT, which is why business leaders should upskill on the fundamentals of cyber risk management from impartial experts. Contact us to discuss how to achieve this in a proportionate manner.
Top Cyber Stories of the Last Week
New Phishing Campaign Tricks Employees into Bypassing Microsoft 365 MFA
A new phishing campaign is bypassing Microsoft 365 multi factor authentication by tricking employees into approving a login for a hacker’s device on a genuine Microsoft sign-in page. Emails posing as payment requests, bonus documents or voicemails prompt users to enter a ‘secure authorisation’ code, which actually grants an access token that can keep an attacker signed into services such as Outlook, Teams and OneDrive without repeated login checks. Leaders should ensure only approved applications and devices can be connected, limit unnecessary device sign-ins, and reinforce user awareness of unexpected login prompts, even on trusted domains.
Microsoft Patches Security Flaw That Exposed Confidential Emails to AI
Microsoft has fixed a flaw in Copilot Chat that allowed the AI to summarise confidential emails without proper permission, bypassing controls designed to stop sensitive company information being shared with large language models. The issue, present since late January and patched in early February, affected emails in users’ Sent Items and Drafts even when marked as confidential. The incident reflects wider concerns about AI tools handling organisational data, with Microsoft reporting that over 80% of Fortune 500 firms are deploying AI agents, but only 47% say they have the security controls needed to manage them safely.
SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks, NCSC Boss Warns
The UK NCSC chief Richard Horne has warned that small and medium sized businesses should not assume they are too small to face a cyber attack. Many attackers are not chasing big names; they look for easy opportunities where basic protections are missing, and the impact can be severe. Horne urged SMEs to adopt basic cyber controls including the secure set up of devices, controls on who can access systems, protection against malicious software, timely security updates, and firewalls. The NCSC has also highlighted rising cyber threats in its latest annual review.
https://www.infosecurity-magazine.com/news/sme-cyber-attack-threat-ncsc/
One Stolen Credential Is All It Takes to Compromise Everything
A research report on more than 750 investigations shows how a single stolen login can rapidly open the door to multiple parts of an organisation. Identity weaknesses featured in almost 90% of cases, with attacks often spanning endpoints, networks, cloud services and software as a service platforms. Cloud access is a particular concern: analysis of over 680,000 cloud identities found 99% had excessive permissions, including access unused for 60 days. Attack speed is also rising, with the fastest quarter reaching data exfiltration in 72 minutes, down from 285 minutes in 2024.
https://www.helpnetsecurity.com/2026/02/18/identity-based-cyberattacks-compromise/
Ukrainian Sentenced to 5 Years in Prison for Facilitating North Korean Remote Worker Scheme
US authorities have sentenced Ukrainian national Oleksandr Didenko to five years in prison for helping North Korean operatives secure remote IT jobs at 40 American companies. Over six years, he stole identities, created more than 2,500 fraudulent online accounts, and ran laptop farms in several US states so workers could appear to be based locally. Officials say the operatives earned hundreds of thousands of dollars, with payments helping fund North Korea’s weapons programmes.
https://cyberscoop.com/doj-ukrainian-north-korea-remote-worker-scheme-facilitator-sentenced/
1,500 Percent Increase in New, Unique Malware Highlights Growing Complexity
WatchGuard threat intelligence shows a sharp rise in malicious software, with new variants increasing each quarter in 2025 and jumping 1,548% from Q3 to Q4. Nearly a quarter of detected malware bypassed traditional signature checks, meaning it was effectively new and unknown to defenders. Most blocked malware is now delivered over encrypted (TLS) internet traffic, which can hide threats unless organisations inspect encrypted web traffic. While ransomware activity fell 68% percent year-on-year, record extortion payments suggest fewer but more costly cyber-attacks, underlining the need for layered, proactive cyber security.
A Worrying Dell Zero-Day Flaw Has Reportedly Gone Unpatched for Nearly Two Years – and Chinese Hackers Are Taking Advantage
Dell has patched a critical weakness in RecoverPoint for Virtual Machines (a Dell disaster recovery product for VMware and Hyper-V) where login details were mistakenly left in the software. Google and Mandiant report the flaw was exploited as a previously unknown issue from mid-2024 by a China-linked group, giving attackers unauthorised access and long term control at the highest system level. The group used a new Grimbolt backdoor and a stealth technique to move between systems and stay hidden.
AI Agents Abound, Unbound by Rules or Safety Disclosures
A review of 30 AI agents found rapid growth without clear, consistent safety disclosure. Of the 13 agents showing very high autonomy, only four publicly share any safety evaluation, while 25 provide no detail on safety testing and 23 offer no independent test data. Most of the AI agents reviewed do not publish their underlying code, offering limited independent visibility into how they operate. Many depend on a small number of underlying models from Anthropic, Google and OpenAI, creating complex shared responsibility. Researchers warn some agents ignore signals when sites do not permit automated access.
https://www.theregister.com/2026/02/20/ai_agents_abound_unbound_by/
‘An All-Time High’: Number of Ransomware Groups Exploded in 2025 As Victim Growth Rate Doubled – With Qilin Dominating the Landscape
Searchlight Cyber reports that ransomware reached record levels in 2025, with 7,458 organisations listed on ransomware leak sites and the victim growth rate doubling since 2024. The US was hardest hit with 1,536 disclosed victims, while the UK reported 131. Behind these figures is a fast growing criminal marketplace: 124 active groups operated in 2025, including 73 newcomers, helped by ransomware as a service, where criminals can buy ready made tools and share profits. Artificial intelligence is also being used to create more convincing scam messages that trick staff into clicking.
Ransomware Hackers Targeting Employee Monitoring Software to Access Computers
Huntress has identified two recent attempted ransomware incidents where attackers misused employee monitoring software and an IT remote support tool to gain and maintain access to corporate systems. By blending in with legitimate administrative software, the criminals made their activity harder to spot and ultimately attempted to deploy ransomware. This matters because such monitoring tools are widely used, with around a third of UK firms and roughly 60% of US firms using them, expanding organisations’ exposure. The underlying issues were weak access controls, including compromised VPN accounts.
Low-Skilled Cybercriminals Use AI to Perform "Vibe Extortion" Attacks
Even low skilled criminals are using AI writing tools to run convincing extortion campaigns, a tactic dubbed “vibe extortion”. This matters because AI can enable low skilled attackers to create attacks that sound polished and urgent. Researchers have seen attackers begin searching for newly disclosed weaknesses within 15 minutes of them being announced, and in some cases reduce work that previously took three to four weeks to under 25 minutes. Leaders should prioritise rapid patching, stronger checks for sensitive requests, and tighter control of business AI systems.
https://www.infosecurity-magazine.com/news/cybercriminals-ai-vibe-extortion/
Europe Must Adapt to ‘Permanent’ Cyber and Hybrid Threats, Sweden Warns
Sweden is warning that cyber and hybrid threats, where cyber attacks are combined with economic pressure and influence campaigns designed to erode public trust, are becoming a permanent part of Europe’s security landscape. Speaking at the Munich Cyber Security Conference, a senior Swedish defence official said organisations and governments must plan to operate through sustained disruption, not treat incidents as rare. Sweden is responding through its ‘total defence’ approach, rebuilding civil defence, strengthening national cyber security, and improving coordination through Sweden’s National Cyber Security Centre. The aim is credible deterrence through resilience, supported by closer public and private sector collaboration.
https://therecord.media/sweden-cyber-threats-europe-permanent
Governance, Risk and Compliance
SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks: NCSC Boss War - Infosecurity Magazine
UK.gov launches cyber 'lockdown' campaign as 80% of orgs hit • The Register
Attackers keep finding the same gaps in security programs - Help Net Security
Discipline is the new power move in cybersecurity leadership | CSO Online
Cyber attacks enabled by basic failings, Palo Alto analysis finds | CSO Online
With CISOs stretched thin, re-envisioning enterprise risk may be the only fix | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Why Ransomware Remains One of Cybersecurity’s Most Persistent Threats - Infosecurity Magazine
Ransomware attacks up almost 50 percent in 2025 - BetaNews
LockBit 5.0 ransomware expands its reach across Windows, Linux, and ESXi - Help Net Security
The UK’s Ransomware Strategy: What the UK Government’s Response Signals | Goodwin - JDSupra
Record Number of Ransomware Victims and Groups in 2025 - Infosecurity Magazine
Ransomware gangs are using employee monitoring software as a springboard for cyber attacks | IT Pro
Washington Hotel in Japan discloses ransomware infection incident
Polish authorities arrest alleged Phobos ransomware affiliate | CyberScoop
Negotiating with hackers: The AI in ransomware response
Ransomware Victims
Fintech firm Figure disclosed data breach after employee phishing attack
ShinyHunters allegedly drove off with 1.7M CarGurus records • The Register
Phishing & Email Based Attacks
Best-in-Class 'Starkiller' Phishing Kit Bypasses MFA
New phishing campaign tricks employees into bypassing Microsoft 365 MFA – Computerworld
Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection | CSO Online
Spam Campaign Abuses Atlassian Jira, Targets Government and Corporate Entities | Trend Micro (US)
Microsoft: Anti-phishing rules mistakenly blocked emails, Teams messages
Phishing via Google Tasks | Kaspersky official blog
Fintech firm Figure disclosed data breach after employee phishing attack
Other Social Engineering
Snail mail letters target Trezor and Ledger users in crypto-theft attacks
Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps
ClickFix added nslookup commands to its arsenal for downloading RATs - Security Boulevard
Hackers Use Fake CAPTCHA To Infect Windows PCs - gHacks Tech News
2FA/MFA
Best-in-Class 'Starkiller' Phishing Kit Bypasses MFA
Ongoing Campaign Targets Microsoft 365 to Steal OAuth Tokens and Gain Persistent Access
New phishing campaign tricks employees into bypassing Microsoft 365 MFA – Computerworld
Artificial Intelligence
Microsoft: Anti-phishing rules mistakenly blocked emails, Teams messages
Agentic AI is a priority for 87 percent of security teams - BetaNews
Why are experts sounding the alarm on AI risks? | Cybercrime News | Al Jazeera
Low-Skilled Cybercriminals Use AI to Perform “Vibe Extortion” Attacks - Infosecurity Magazine
Microsoft Patches Security Flaw That Exposed Confidential Emails to AI - Security Boulevard
AI agents abound, unbound by rules or safety disclosures • The Register
What CISOs need to know about the OpenClaw security nightmare | CSO Online
Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations
Infostealer Targets OpenClaw to Loot Victim’s Digital Life - Infosecurity Magazine
Meta and Other Tech Firms Put Restrictions on Use of OpenClaw Over Security Fears | WIRED
PromptSpy: First Android malware to use generative AI in its execution flow - Help Net Security
Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies
API Threats Grow in Scale as AI Expands the Blast Radius - SecurityWeek
Why ‘secure-by-design’ systems are non-negotiable in the AI era | CyberScoop
Over-Privileged AI Drives 4.5 Times Higher Incident Rates - Infosecurity Magazine
Scam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto
AI platforms can be abused for stealthy malware communication
Security at AI speed: The new CISO reality - Help Net Security
UK sets course for stricter AI chatbot regulation - Help Net Security
Ireland now also investigating X over Grok-made sexual images
Turning Moltbook Into a Global Botnet Map
When Cybersecurity Breaks at Scale: What 2026 Will Expose
Safe and Inclusive E‑Society: How Lithuania Is Bracing for AI‑Driven Cyber Fraud
Bots/Botnets
Cloud/SaaS
Phishing via Google Tasks | Kaspersky official blog
CTM360: Lumma Stealer and Ninja Browser malware campaign abusing Google Groups
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Snail mail letters target Trezor and Ledger users in crypto-theft attacks
What Is Cryptojacking? How to Check That Your Computer Isn't Infected
Scam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto
Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps
Crypto Payments to Human Traffickers Surges 85% - Infosecurity Magazine
Cryptojacking Campaign Exploits Driver to Boost Monero Mining - Infosecurity Magazine
Cyber Crime, Organised Crime & Criminal Actors
More Than 40% of South Africans Were Scammed in 2025
Men sentenced to 8 years in $1.3 million computer intrusion and tax fraud scheme - Help Net Security
Nigerian man gets eight years in prison for hacking tax firms
Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions
RAT disguised as an RMM costs crims $300 a month • The Register
Glendale man gets 5 years in prison for role in darknet drug ring
Nigerian man sentenced to 8 years in prison for running phony tax refund scheme | CyberScoop
On The Front Lines Of Cybercrime – Eurasia Review
Data Breaches/Leaks
French Ministry confirms data access to 1.2 Million bank accounts
'Your data is public': Hacker warns victims after leaking 6.8 billion emails online | TechRadar
Over 300 Malicious Chrome Extensions Caught Leaking or Stealing User Data - SecurityWeek
Data breach at fintech firm Figure affects nearly 1 million accounts
Betterment data breach might be worse than we thought - Security Boulevard
Millions of passwords and Social Security numbers exposed
Exposed Database Was Storing More Than 1 Billion Social Security Numbers
Hackers sell stolen Eurail traveler information on dark web
Adidas investigates third-party data breach • The Register
Fintech firm Figure disclosed data breach after employee phishing attack
Canada Goose investigating as hackers leak 600K customer records
Dutch cops arrest man after sending him confidential files • The Register
53% of Gen Z were warned by retailers that their data was compromised - Retail Gazette
Hotel hacker paid 1 cent for luxury rooms, Spanish cops say • The Register
Asahi cyberattack: leak of over 110,000 personal records confirmed - Just Food
Washington Hotel in Japan discloses ransomware infection incident
Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches
Sex toys maker Tenga says hacker stole customer information | TechCrunch
Data/Digital Sovereignty
Washington pushes back against EU’s bid for tech autonomy – POLITICO
Denial of Service/DoS/DDoS
German Rail Giant Deutsche Bahn Hit by Large-Scale DDoS Attack - SecurityWeek
Encryption
Quantum security is turning into a supply chain problem - Help Net Security
Your encrypted data is already being stolen - Help Net Security
Fraud, Scams and Financial Crime
Revealed: 95 billion scam adverts shown to Britons on social media last year | The Independent
More Than 40% of South Africans Were Scammed in 2025
Men sentenced to 8 years in $1.3 million computer intrusion and tax fraud scheme - Help Net Security
Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions
Scam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto
Keenadu backdoor found preinstalled on Android devices, powers Ad fraud campaign
Nigerian man sentenced to 8 years in prison for running phony tax refund scheme | CyberScoop
Identity and Access Management
Identity is the new cyber attack surface | UKAuthority
Survey: Most Security Incidents Involve Identity Attacks - Security Boulevard
Unit 42: Nearly two-thirds of breaches now start with identity abuse | CyberScoop
Over-Privileged AI Drives 4.5 Times Higher Incident Rates - Infosecurity Magazine
Insider Risk and Insider Threats
Infosec exec sold eight zero-day exploit kits to Russia: DoJ • The Register
Internet of Things – IoT
Poland bans Chinese cars from military bases • The Register
Connected and Compromised: When IoT Devices Turn Into Threats
Amazon Scraps Partnership With Surveillance Company After Super Bowl Ad Backlash - SecurityWeek
Apple privacy labels often don't match what Chinese smart home apps do - Help Net Security
Critical infra Honeywell CCTVs vulnerable to auth bypass flaw
Law Enforcement Action and Take Downs
Men sentenced to 8 years in $1.3 million computer intrusion and tax fraud scheme - Help Net Security
Nigerian man gets eight years in prison for hacking tax firms
Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions
Polish authorities arrest alleged Phobos ransomware affiliate | CyberScoop
Former Google Engineers Indicted Over Trade Secret Transfers to Iran
Nigerian man sentenced to 8 years in prison for running phony tax refund scheme | CyberScoop
Dutch cops arrest man after sending him confidential files • The Register
Glendale man gets 5 years in prison for role in darknet drug ring
Linux and Open Source
LockBit 5.0 ransomware expands its reach across Windows, Linux, and ESXi - Help Net Security
Everyone uses open source, but patching still moves too slowly - Help Net Security
Open source registries underfunded as security costs rise • The Register
Malvertising
Threat Actors Exploit Claude Artifacts and Google Ads to Target macOS Users
Malware
1,500 percent increase in new, unique malware highlights growing complexity - BetaNews
Threat Actors Exploit Claude Artifacts and Google Ads to Target macOS Users
Over 300 Malicious Chrome Extensions Caught Leaking or Stealing User Data - SecurityWeek
RAT disguised as an RMM costs crims $300 a month • The Register
CTM360: Lumma Stealer and Ninja Browser malware campaign abusing Google Groups
Infostealer Targets OpenClaw to Loot Victim’s Digital Life - Infosecurity Magazine
Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection | CSO Online
OysterLoader Evolves With New C2 Infrastructure and Obfuscation - Infosecurity Magazine
New 'Foxveil' Malware Loader Leverages Cloudflare, Netlify, and Discord to Evade Detection
Remcos RAT Expands Real-Time Surveillance Capabilities - Infosecurity Magazine
Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies
AI platforms can be abused for stealthy malware communication
ClickFix added nslookup commands to its arsenal for downloading RATs - Security Boulevard
Microsoft alerts on DNS-based ClickFix variant delivering malware via nslookup
Hackers Use Fake CAPTCHA To Infect Windows PCs - gHacks Tech News
New threat actor UAT-9921 deploys VoidLink against enterprise sectors
Cryptojacking Campaign Exploits Driver to Boost Monero Mining - Infosecurity Magazine
Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs
RMM Abuse Explodes as Hackers Ditch Malware
Mobile
Keenadu backdoor found preinstalled on Android devices, powers Ad fraud campaign
PromptSpy: First Android malware to use generative AI in its execution flow - Help Net Security
New Keenadu Android Malware Found on Thousands of Devices - SecurityWeek
ZeroDayRAT spyware targets Android and iOS devices via commercial toolkit | CSO Online
Apple privacy labels often don't match what Chinese smart home apps do - Help Net Security
Public mobile networks are being weaponized for combat drone operations - Help Net Security
Google blocked over 1.75 million Play Store app submissions in 2025
Models, Frameworks and Standards
UK.gov launches cyber 'lockdown' campaign as 80% of orgs hit • The Register
When DORA Goes From Afterthought to Commercial Imperative - IT Security Guru
Businesses urged to “lock the door” on cyber criminals as new government campaign launches - GOV.UK
Cyber Resilience Act: The Fine Line Between SaaS and Digital Products | DLA Piper - JDSupra
EU eyes rollback of key privacy rules, GDPR| Cybernews
Breaking down NIS2: the five main requirements of the updated NIS Directive — Financier Worldwide
How the Cybersecurity and Resilience Bill could impact MSPs | ChannelPro
Passwords to passkeys: Staying ISO 27001 compliant in a passwordless era
Bulgaria's Cybersecurity Act Amendments: Key Changes 2026
Outages
Microsoft Teams outage affects users in United States, Europe
Passwords, Credential Stuffing & Brute Force Attacks
One stolen credential is all it takes to compromise everything - Help Net Security
French Ministry confirms data access to 1.2 Million bank accounts
Millions of passwords and Social Security numbers exposed
Exploitable Flaws Found in Cloud-Based Password Managers
Vulnerabilities in Password Managers Allow Hackers to Change Passwords - Infosecurity Magazine
Password managers' promise that they can't see your vaults isn't always true - Ars Technica
Regulations, Fines and Legislation
When DORA Goes From Afterthought to Commercial Imperative - IT Security Guru
The UK’s Ransomware Strategy: What the UK Government’s Response Signals | Goodwin - JDSupra
EU eyes rollback of key privacy rules, GDPR| Cybernews
Breaking down NIS2: the five main requirements of the updated NIS Directive — Financier Worldwide
How the Cybersecurity and Resilience Bill could impact MSPs | ChannelPro
UK to force social media to remove abusive pics in 48 hours • The Register
Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches
UK sets course for stricter AI chatbot regulation - Help Net Security
Ireland now also investigating X over Grok-made sexual images
US appears open to reversing some China tech bans • The Register
US Reportedly Shelves Plan a Ban TP-Link Routers for Now | PCMag
Bulgaria's Cybersecurity Act Amendments: Key Changes 2026
CISA Navigates DHS Shutdown With Reduced Staff - SecurityWeek
Europe's social media ban wave | Cybernews
Social Media
Revealed: 95 billion scam adverts shown to Britons on social media last year | The Independent
UK to force social media to remove abusive pics in 48 hours • The Register
Europe's social media ban wave | Cybernews
Supply Chain and Third Parties
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs
The Law of Cyberwar is Pretty Discombobulated - Security Boulevard
Venezuela operation relied on little-known cyber center, official says - Breaking Defense
Nation State Actors
China
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
New threat actor UAT-9921 deploys VoidLink against enterprise sectors
If we can’t name China’s cyberattacks, we lose trust in ourselves | The Strategist
US appears open to reversing some China tech bans • The Register
US Reportedly Shelves Plan a Ban TP-Link Routers for Now | PCMag
Poland bans Chinese cars from military bases • The Register
US lawyers file privacy class action against Lenovo • The Register
FBI: Threats from Salt Typhoon are ‘still very much ongoing’ | CyberScoop
Texas sues TP-Link over China links and security vulns • The Register
China-linked crew embedded in US energy networks • The Register
Apple privacy labels often don't match what Chinese smart home apps do - Help Net Security
Russia
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs
Public mobile networks are being weaponized for combat drone operations - Help Net Security
Infosec exec sold eight zero-day exploit kits to Russia: DoJ • The Register
Poland Energy Survives Attack on Wind, Solar Infrastructure
First Starlink, Now Telegram: Russian War Bloggers Sound The Alarm
North Korea
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
Iran
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
Former Google Engineers Indicted Over Trade Secret Transfers to Iran
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Venezuela operation relied on little-known cyber center, official says - Breaking Defense
Tools and Controls
RMM Abuse Explodes as Hackers Ditch Malware
LockBit 5.0 ransomware expands its reach across Windows, Linux, and ESXi - Help Net Security
Exploitable Flaws Found in Cloud-Based Password Managers
Vulnerabilities in Password Managers Allow Hackers to Change Passwords - Infosecurity Magazine
RAT disguised as an RMM costs crims $300 a month • The Register
Identity is the new cyber attack surface | UKAuthority
Survey: Most Security Incidents Involve Identity Attacks - Security Boulevard
Unit 42: Nearly two-thirds of breaches now start with identity abuse | CyberScoop
Microsoft: Anti-phishing rules mistakenly blocked emails, Teams messages
How the rise of the AI ‘agent boss’ is reshaping accountability in IT | IT Pro
Why ‘secure-by-design’ systems are non-negotiable in the AI era | CyberScoop
Ransomware gangs are using employee monitoring software as a springboard for cyber attacks | IT Pro
With CISOs stretched thin, re-envisioning enterprise risk may be the only fix | CSO Online
Microsoft Under Pressure to Bolster Defenses for BYOVD Attacks
Security professionals struggle to spot production risks - BetaNews
Microsoft alerts on DNS-based ClickFix variant delivering malware via nslookup
New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS
Flaws in popular VSCode extensions expose developers to attacks
Cybersecurity Requires Collective Resilience
Redefining risk management | IT Pro
How Security Operations Will Fundamentally Change in 2026
Spain orders NordVPN, ProtonVPN to block LaLiga piracy sites
Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot
Other News
RMM Abuse Explodes as Hackers Ditch Malware
SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks: NCSC Boss War - Infosecurity Magazine
Attackers keep finding the same gaps in security programs - Help Net Security
Dutch defense chief: F-35s can be jailbroken like iPhones • The Register
FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025
Hotel hacker paid 1 cent for luxury rooms, Spanish cops say • The Register
Four new reasons why Windows LNK files cannot be trusted | CSO Online
Exclusive: US plans online portal to bypass content bans in Europe and elsewhere | Reuters
Vulnerability Management
Microsoft Under Pressure to Bolster Defenses for BYOVD Attacks
Everyone uses open source, but patching still moves too slowly - Help Net Security
Notepad++ boosts update security with ‘double-lock’ mechanism
Vulnerabilities
Dell's Hard-Coded Flaw: A Nation-State Goldmine
Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection | CSO Online
Vulnerabilities in Password Managers Allow Hackers to Change Passwords - Infosecurity Magazine
Exploitable Flaws Found in Cloud-Based Password Managers
One threat actor responsible for 83% of recent Ivanti RCE attacks
Critical Microsoft bug from 2024 under exploitation • The Register
Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center
PoC Released for Windows Notepad Vulnerability that Enables Malicious Command Execution
Flaws in popular VSCode extensions expose developers to attacks
Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration - SecurityWeek
Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs
Windows 11 KB5077181 Securiuty Update Causing Some Devices to Restart in an Infinite Loop
Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025 - SecurityWeek
Four new reasons why Windows LNK files cannot be trusted | CSO Online
Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot
Critical infra Honeywell CCTVs vulnerable to auth bypass flaw
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 13 February 2026
Black Arrow Cyber Threat Intelligence Briefing 13 February 2026:
-‘Dead’ Outlook Add-In Hijacked to Phish 4,000 Microsoft Office Store Users
-30+ Chrome Extensions Disguised as AI Chatbots Steal Users’ API Keys, Emails, Other Sensitive Data
-Payroll Pirates Are Conning Help Desks to Steal Workers’ Identities and Redirect Paychecks
-Naming and Shaming: How Ransomware Groups Tighten the Screws on Victims
-LummaStealer Infections Surge After CastleLoader Malware Campaigns
-Devilish Devs Spawn 287 Chrome Extensions to Flog Your Browser History to Data Brokers
-AI Threat Modelling Must Include Supply Chain, Agents, and Human Risk
-Deepfake Fraud Taking Place on an Industrial Scale, Study Finds
-Supply Chain Attacks Now Fuel a ‘Self-Reinforcing’ Cybercrime Economy
-These 4 Critical AI Vulnerabilities Are Being Exploited Faster than Defenders Can Respond
-Those 'Summarise With AI' Buttons May Be Lying to You
-Which Cyber Security Terms Your Management Might Be Misinterpreting
-Follow the Code
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
We start this week with some actions for business leaders to address new and emerging threats including malicious Outlook add-ins and Chrome extensions disguised as AI chatbots, as well as an evolution of classic payroll fraud. We also report on how attackers, once in your system, are increasingly using data leak sites on the dark web to force victims to pay.
AI, as expected, is proving to be an escalating risk. We include a number of examples used by attackers including deepfake fraud, hidden instructions that manipulate AI, and data poisoning. AI is also empowering criminals to conduct traditional attacks more successfully. This information highlights that organisations to consider their entire ecosystem in their threat modelling to identify the necessary cyber controls, which should consider security as well as the minimum standards for regulatory compliance.
We finish with an article written by one of our Directors for the magazine of the Institute of Chartered Accountants of Scotland (ICAS), on the value of the UK Government’s Cyber Governance Code of Practice.
Contact us to discuss how to apply these insights in your security strategy in a pragmatic and proportionate manner.
Top Cyber Stories of the Last Week
‘Dead’ Outlook Add-In Hijacked to Phish 4,000 Microsoft Office Store Users
Researchers at Koi Security found that an abandoned Outlook add-in called AgreeTo was taken over and used to steal Microsoft account log-in details from around 4,000 users. The abandoned add‑in relied on an external website to load its content when used; the attacker took over that website and replaced it with a fake Microsoft login page to gain access to the user’s Outlook. This allowed the attacker to access the user’s emails by using previously granted permissions.
30+ Chrome Extensions Disguised as AI Chatbots Steal Users’ API Keys, Emails, Other Sensitive Data
More than 30 malicious Chrome extensions disguised as AI chatbot tools have been found stealing sensitive information from at least 260,000 users. The extensions share the same code and link back to a single operator in a campaign called AiFrame. Some use embedded web pages to mimic trusted tools, allowing them to harvest browsing data, login details, API keys, and even Gmail messages and drafts.
https://www.theregister.com/2026/02/12/30_chrome_extensions_ai/
Payroll Pirates Are Conning Help Desks to Steal Workers’ Identities and Redirect Paychecks
Binary Defense investigated a December 2025 incident where criminals redirected a physician’s salary by manipulating a help desk, exploiting people and weak internal processes rather than breaking through technical defences. After gaining access to a shared email mailbox, the attacker phoned the help desk, claimed they were locked out and needed urgent access, and persuaded staff to reset the password and multi-factor authentication. They then used the organisation’s own virtual desktop system so activity looked normal, accessed the Workday payroll platform, and changed bank details. This was only spotted when the physician was not paid.
https://www.theregister.com/2026/02/11/payroll_pirates_business_social_engineering/
Naming and Shaming: How Ransomware Groups Tighten the Screws on Victims
Ransomware groups are increasingly using data leak sites on the dark web to pressure organisations into paying, by stealing information and threatening to publish it publicly. These sites often release a small sample, such as emails or contracts, then use deadlines and public exposure to force rapid decisions, even before leaders have full clarity on what was taken. The impact can spread beyond the initial victim, with stolen data reused for fraud, phishing, and attacks on customers and partners. Paying a ransom does not guarantee recovery or confidentiality, and some victims are targeted again within months.
LummaStealer Infections Surge After CastleLoader Malware Campaigns
LummaStealer, a criminal malware‑as‑a‑service operation disrupted in May 2025 when authorities seized 2,300 malicious domains, is scaling up again. Activity resumed in July 2025 and grew sharply between December 2025 and January 2026. Infections are increasingly spread through ClickFix pages that show fake verification prompts and trick users into running a PowerShell command, which silently installs LummaStealer to capture passwords, browser data, and other sensitive information.
Devilish Devs Spawn 287 Chrome Extensions to Flog Your Browser History to Data Brokers
A security researcher has identified 287 Google Chrome extensions, with an estimated 37.4 million installations, that allegedly share users’ browsing histories with more than 30 organisations. Browsing history is a record of websites visited and can reveal sensitive interests or activities; even when anonymised, it can often be linked back to individuals. Many of the extensions present as harmless tools while requesting broad access that is not clearly justified, with privacy policies that may obscure how data is used. The findings highlight the need for tighter controls over browser add-ons and clearer user awareness.
https://www.theregister.com/2026/02/11/security_researcher_287_chrome_extensions_data_leak/
AI Threat Modelling Must Include Supply Chain, Agents, and Human Risk
Palo Alto Networks reports that 99% of organisations suffered at least one attack on an AI system in the past year, underscoring that AI risk is not solved by strengthening cloud infrastructure alone. Effective protection must cover the wider ecosystem including the third party software and data used to build and run AI, as well as the automated AI agents that can take actions on behalf of staff, and the people who approve changes. When agents have broad permissions, attackers can manipulate what they read and influence what they do without obvious signs of hacking. These risks can be better managed through strong governance, strict access controls and better monitoring.
https://cyberscoop.com/ai-threat-modeling-beyond-cloud-infrastructure-op-ed/
Deepfake Fraud Taking Place on an Industrial Scale, Study Finds
Deepfake fraud is now happening at industrial scale, with inexpensive AI tools making it easy to create convincing fake video and voice that impersonate trusted people such as journalists, politicians or company leaders. The AI Incident Database has logged more than a dozen recent cases, and researchers estimate fraud and manipulation have been the largest category of reported incidents in 11 of the past 12 months. The impact is real: a finance officer at a Singaporean multinational transferred nearly $500,000 after a fake video call, while UK consumers are estimated to have lost £9.4bn to fraud in the nine months to November 2025.
Supply Chain Attacks Now Fuel a ‘Self-Reinforcing’ Cybercrime Economy
Group-IB warns that criminals are increasingly using supply chain attacks as an industrial-scale route of entry into many organisations, by compromising trusted suppliers, service providers, or widely used software components. The report describes a self-reinforcing cycle where stolen login details and abused sign-in permissions are used to gain access to cloud business services; the attacker then moves across connected partners before deploying ransomware or extortion. Over the next year, Group-IB expects attacks to speed up through AI tools that scan suppliers. It is also expected that identity-based intrusions will increasingly replace traditional malware; these can be harder to spot because attackers appear to be legitimate users.
https://www.theregister.com/2026/02/12/supply_chain_attacks/
These 4 Critical AI Vulnerabilities Are Being Exploited Faster than Defenders Can Respond
Researchers warn that companies are rolling out AI faster than they can secure it, and several major weaknesses currently have no reliable fix. Attackers can manipulate AI agents to carry out cyber attacks, including tricking AI tools using hidden instructions, poisoning training data very cheaply, and using deepfake audio or video to impersonate executives. Studies show prompt‑based attacks work against 56% of large AI models, training data can be poisoned using just 250 malicious documents for about $60, and deepfake scams have already enabled major fraud.
https://www.zdnet.com/article/ai-security-threats-2026-overview/
Those 'Summarise With AI' Buttons May Be Lying to You
Microsoft has found that some ‘Summarise with AI’ buttons on websites hide instructions designed to influence the answers given by AI assistants. These hidden prompts can quietly steer the assistant toward recommending a particular company or source. Microsoft detected 50 such attempts across 31 companies in 14 industries, meaning senior decision makers could receive biased advice without realising it. This works by pre‑filling prompts and, in some cases, storing them using the assistant’s memory feature.
https://www.darkreading.com/cyber-risk/summarize-ai-buttons-may-be-lying
Which Cyber Security Terms Your Management Might Be Misinterpreting
Clear, shared language between the CISO and the Board is essential because common cyber security terms are often misunderstood, leading to misdirected spending and false confidence. Cyber risk is a business risk tied to continuity, financial loss, and reputation, not just an IT uptime issue. Compliance only proves minimum standards at a point in time and does not equal safety. Leaders should distinguish weaknesses from threats and the resulting business risk, and avoid assuming recovery plans alone cover a cyber attack. Zero-trust and cloud security also require long term process change, not a product purchase.
https://www.kaspersky.co.uk/blog/language-of-risk-key-cybersecurity-terms-for-the-board/30035/
Follow the Code
The UK government’s Cyber Governance Code of Practice is becoming an important framework for business leaders as cyber‑attacks rise. It contains clear actions to help achieve proportionate and evidence-based governance, avoiding ‘compliance theatre’. Leaders are expected to improve their own cyber literacy, understand the business impact of a cyber incident, and to challenge the evidence provided to them including from control providers in IT. Two high value elements are realistic incident rehearsals, and quarterly reviews of cyber metrics. The Code complements established cyber security frameworks and standards, and supports wider governance regimes. Boards are encouraged to discuss adopting the Code and to use specialist expertise to strengthen their oversight.
Governance, Risk and Compliance
Supply chain breaches fuel cybercrime cycle, report says • The Register
69% of CISOs open to career move — including leaving role entirely | CSO Online
Attackers are moving at machine speed, defenders are still in meetings - Help Net Security
Schrödinger's cat and the enterprise security paradox | CSO Online
Security in the Dark: Recognizing the Signs of Hidden Information - SecurityWeek
CISOs to pour 2026 budgets into AI as cybersecurity priorities shift | Ctech
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Groups May Pivot Back to Encryption as Data Theft Tactics Falter - SecurityWeek
Reynolds ransomware uses BYOVD to disable security before encryption
Naming and shaming: How ransomware groups tighten the screws on victims
Nitrogen’s ransomware can’t be decrypted — even by Nitrogen – DataBreaches.Net
Black Basta Ransomware Actors Embeds BYOVD Defense Evasion Component with Ransomware Payload Itself
Interlock Ransomware Actors New Tool Exploiting Gaming Anti-Cheat Driver 0-Day to Disable EDR and AV
Phorpiex Phishing Delivers Low-Noise Global Group Ransomware - Infosecurity Magazine
Attackers Weaponizing Windows Shortcut File to Deliver Global Group Ransomware
As ransomware recedes, a new more dangerous digital parasite rises | ZDNET
From Ransomware to Residency: Inside the Rise of the Digital Parasite
Crazy ransomware gang abuses employee monitoring tool in attacks
FTC warns poor cybersecurity leaves consumers open to ransomware | Cybernews
0APT ransomware group rises swiftly with bluster, along with genuine threat of attack | CyberScoop
Under-reporting masks scale of ransomware crisis, ESET warn
Italian university La Sapienza hit by massive IT outage
Ransomware Victims
Payments platform BridgePay confirms ransomware attack behind outage
BridgePay Confirms Ransomware Attack, No Card Data Compromised - Infosecurity Magazine
Phishing & Email Based Attacks
Surge in AI-Driven Phishing Attacks and QR Code Quishing in 2025 Spam and Phishing Report
Phorpiex Phishing Delivers Low-Noise Global Group Ransomware - Infosecurity Magazine
‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users – Computerworld
Flickr moves to contain data exposure, warns users of phishing
Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign
Other Social Engineering
Surge in AI-Driven Phishing Attacks and QR Code Quishing in 2025 Spam and Phishing Report
Payroll pirates conned the help desk, stole employee’s pay • The Register
DPRK IT Workers Use Stolen LinkedIn Identities to Secure Remote Employment
EDR, Email, and SASE Miss This Entire Class of Browser Attacks
Digital squatters are weaponizing your muscle memory to steal passwords | Cybernews
State-sponsored cyber spies directly target defense industry employees across West | Cybernews
Dating online this Valentine’s Day? Here’s how to spot an AI romance scam - Digital Trends
A new wave of romance scams is washing across the internet—here's how to stay safe
2FA/MFA
Police arrest seller of JokerOTP MFA passcode capturing tool
Artificial Intelligence
Surge in AI-Driven Phishing Attacks and QR Code Quishing in 2025 Spam and Phishing Report
Deepfake fraud taking place on an industrial scale, study finds | Deepfake | The Guardian
Google says hackers are abusing Gemini AI for all attacks stages
42,900 OpenClaw Exposed Control Panels and Why You Should Care - Security Boulevard
These 4 critical AI vulnerabilities are being exploited faster than defenders can respond | ZDNET
30+ Chrome extensions disguised as AI chatbots steal secrets • The Register
Those 'Summarize With AI' Buttons May Be Lying to You
AI threat modeling must include supply chains, agents, and human risk | CyberScoop
Attackers are moving at machine speed, defenders are still in meetings - Help Net Security
OpenClaw's Gregarious Insecurities Make Safe Usage Difficult
Moltbook: Cutting Through the AI Hype to the Real Security Risks - IT Security Guru
AI agents behave like users, but don't follow the same rules - Help Net Security
Living off the AI: The Next Evolution of Attacker Tradecraft - SecurityWeek
North Korean Hackers Use Deepfake Video Calls to Target Crypto Firms - Infosecurity Magazine
Your AI browser is a cybersecurity threat you’re not prepared for
Security professionals express concern over OpenClaw - SD Times
Threat Actors Weaponize ChatGPT, Grok and Leverages Google Ads to Distribute macOS AMOS Stealer
Why your AI doctor doesn't follow HIPAA: The hidden risks of medical chatbots | CyberScoop
Cloud teams are hitting maturity walls in governance, security, and AI use - Help Net Security
Indian police commissioner wants ID cards for AI agents • The Register
AI hacking platform WormGPT has user data leaked, attackers claim | Cybernews
VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code - Infosecurity Magazine
Bots/Botnets
DDoS deluge: Brit biz battered by record botnet blitz • The Register
Kimwolf Botnet Swamps Anonymity Network I2P – Krebs on Security
New Linux botnet SSHStalker uses old-school IRC for C2 comms
Careers, Roles, Skills, Working in Cyber and Information Security
69% of CISOs open to career move — including leaving role entirely | CSO Online
Survey: Widespread Adoption of AI Hasn't Yet Reduced Cybersecurity Burnout - Security Boulevard
What happens when cybersecurity knowledge walks out the door - Help Net Security
Cloud/SaaS
AI threat modeling must include supply chains, agents, and human risk | CyberScoop
VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code - Infosecurity Magazine
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
Sovereign infrastructure spend to triple in Europe as fifth of workloads stay local | IT Pro
EU capitals say deleting US tech is not realistic – POLITICO
Cloud teams are hitting maturity walls in governance, security, and AI use - Help Net Security
Security teams are paying for sprawl in more ways than one - Help Net Security
Why organizations need cloud attack surface management | TechTarget
The invisible breach: how SaaS supply chains became cybersecurity’s new weak link
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
North Korean Hackers Use Deepfake Video Calls to Target Crypto Firms - Infosecurity Magazine
Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
North Korean hackers use new macOS malware in crypto-theft attacks
Cyber Crime, Organised Crime & Criminal Actors
Supply chain breaches fuel cybercrime cycle, report says • The Register
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
Police arrest seller of JokerOTP MFA passcode capturing tool
On the Front Lines of Cybercrime - Africa Defense Forum
Data Breaches/Leaks
30+ Chrome extensions disguised as AI chatbots steal secrets • The Register
Handful of breaches expose most patient data in UK | Cybernews
UK blames legacy IT for incomplete data protection progress • The Register
Nearly 17,000 Volvo staff dinged in supplier breach • The Register
South Korea Blames Coupang Data Breach on Management Failure, Not Sophisticated Attack
Security researcher finds 287 Chrome extensions leaking data • The Register
Why your AI doctor doesn't follow HIPAA: The hidden risks of medical chatbots | CyberScoop
Odido data breach exposes personal info of 6.2 million customers
AI hacking platform WormGPT has user data leaked, attackers claim | Cybernews
Flickr Security Incident Tied to Third-Party Email System - SecurityWeek
European Governments Breached in Zero-Day Attacks Targeting Ivanti - Infosecurity Magazine
Budget leak bigger than thought, says NCSC - www.rossmartin.co.uk
Polish hacker charged seven years after massive Morele.net data breach
Fairphone denies any hack behind suspicious emails - Android Authority
Data Protection
UK blames legacy IT for incomplete data protection progress • The Register
Data/Digital Sovereignty
Sovereign infrastructure spend to triple in Europe as fifth of workloads stay local | IT Pro
EU capitals say deleting US tech is not realistic – POLITICO
Denial of Service/DoS/DDoS
DDoS deluge: Brit biz battered by record botnet blitz • The Register
Encryption
"Encrypt It Already" Campaign Pushes Big Tech on E2E Encryption
Fraud, Scams and Financial Crime
Deepfake fraud taking place on an industrial scale, study finds | Deepfake | The Guardian
Payroll pirates conned the help desk, stole employee’s pay • The Register
Fake Dubai Crown Prince tracked to Nigerian mansion after $2.5M romance scam
'Digital squatting' hits new levels as hackers target brand domains | TechRadar
Dating online this Valentine’s Day? Here’s how to spot an AI romance scam - Digital Trends
A new wave of romance scams is washing across the internet—here's how to stay safe
FTC warns poor cybersecurity leaves consumers open to ransomware | Cybernews
60% of Financial Cyberattacks Begin with Stolen Logins: UAE Cyber Security Council
Fugitive behind $73M 'pig butchering' scheme gets 20 years in prison
Identity and Access Management
Why identity recovery is now central to cyber resilience | CSO Online
Insider Risk and Insider Threats
AI threat modeling must include supply chains, agents, and human risk | CyberScoop
DPRK IT Workers Use Stolen LinkedIn Identities to Secure Remote Employment
Internet of Things – IoT
Hackers Are Targeting Your Smart Home. Here's How to Stop Them | PCMag
'Dodgy boxes': Irish homes warned after major global cyberattack targets Android-enabled TVs
What Organizations Need to Change When Managing Printers
Law Enforcement Action and Take Downs
Police arrest seller of JokerOTP MFA passcode capturing tool
Fugitive behind $73M 'pig butchering' scheme gets 20 years in prison
Dutch authorities seized one of Windscribe VPN's servers – here's everything we know | TechRadar
Polish hacker charged seven years after massive Morele.net data breach
Man pleads guilty to hacking nearly 600 women’s Snapchat accounts
Linux and Open Source
New Linux botnet SSHStalker uses old-school IRC for C2 comms
Malvertising
Social Media Platforms Earn Billions from Scam Ads - Infosecurity Magazine
Malware
‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users – Computerworld
LummaStealer infections surge after CastleLoader malware campaigns
30+ Chrome extensions disguised as AI chatbots steal secrets • The Register
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
Kimwolf Botnet Swamps Anonymity Network I2P – Krebs on Security
Shai-hulud: The Hidden Costs of Supply Chain Attacks
Over 1,800 Windows Servers Compromised by BADIIS Malware in Large-Scale SEO Poisoning Campaign
Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
North Korean hackers use new macOS malware in crypto-theft attacks
VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code - Infosecurity Magazine
Threat Actors Weaponize ChatGPT, Grok and Leverages Google Ads to Distribute macOS AMOS Stealer
Cybercriminals Use Malicious Cybersquatting Attacks to Distribute Malware and Hijack Data
Malicious 7-Zip site distributes installer laced with proxy tool
Chinese-Made Malware Kit Targets Chinese-Based Edge Devices - Infosecurity Magazine
Sophisticated Cyber Attack Targets Wedding Industry With Teams-Based Malware Delivery
APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities
Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign
RATs in the Machine: Inside a Pakistan-Linked Three-Pronged Cyber Assault on India - SecurityWeek
Misinformation, Disinformation and Propaganda
From disinformation to espionage – Russia’s hybrid actions against Poland
Mobile
Security teams are paying for sprawl in more ways than one - Help Net Security
Google says 1 billion Android users need to buy a new phone now - PhoneArena
Germany warns of Signal account hijacking targeting senior figures
ZeroDayRAT spyware grants attackers total access to mobile devices
Is spyware hiding on your phone? How to find out and remove it - fast | ZDNET
Fairphone denies any hack behind suspicious emails - Android Authority
Models, Frameworks and Standards
Outages
Microsoft 365 outage takes down admin center in North America
Passwords, Credential Stuffing & Brute Force Attacks
First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials
60% of Financial Cyberattacks Begin with Stolen Logins: UAE Cyber Security Council
Digital squatters are weaponizing your muscle memory to steal passwords | Cybernews
Your router's default password is probably on a public database
Your browser extensions can see every password you type
Regulations, Fines and Legislation
Why your AI doctor doesn't follow HIPAA: The hidden risks of medical chatbots | CyberScoop
Cybersecurity Information Sharing Act of 2015 Reauthorized Through September 2026 – DataBreaches.Net
Social Media
Social Media Platforms Earn Billions from Scam Ads - Infosecurity Magazine
DPRK IT Workers Impersonating Individuals Using Real LinkedIn Accounts to Apply for Remote Roles
Man pleads guilty to hacking nearly 600 women’s Snapchat accounts
Discord Is Threatening To Restrict Your Account Unless You Provide ID And Facial Scans
Flickr moves to contain data exposure, warns users of phishing
TikTok under EU pressure to change its addictive algorithm - Help Net Security
Fears about TikTok’s policy changes point to a deeper problem in the tech industry
Supply Chain and Third Parties
AI threat modeling must include supply chains, agents, and human risk | CyberScoop
Supply chain breaches fuel cybercrime cycle, report says • The Register
Shai-hulud: The Hidden Costs of Supply Chain Attacks
Security teams are paying for sprawl in more ways than one - Help Net Security
Cloud teams are hitting maturity walls in governance, security, and AI use - Help Net Security
The invisible breach: how SaaS supply chains became cybersecurity’s new weak link
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
State-sponsored cyber spies directly target defense industry employees across West | Cybernews
Google Warns of 'Relentless' Cyber Siege on Defense Industry
State-sponsored hackers targeting defence sector employees, Google says | Espionage | The Guardian
EU Commission commits €347m to submarine cable security ...
Grey Zone Warfare - The Statesman
State spies snooping on Signal users, Germany warns | Cybernews
Singapore spent 11 months evicting suspected telco spies • The Register
Nation State Actors
German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists
Hackers Linked to State Actors Target Signal Messages of Military Officials and Journalists
China
Google: China's APT31 used Gemini to plan US cyberattacks • The Register
Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
Palo Alto Chose Not to Tie China to Hacking Campaign on Retaliation Fear: Sources
Chinese cyberspies breach Singapore's four largest telcos
Singapore spent 11 months evicting suspected telco spies • The Register
Senator doesn't trust telcos on Salt Typhoon mitigations • The Register
Chinese-Made Malware Kit Targets Chinese-Based Edge Devices - Infosecurity Magazine
China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
8.7 billion records spilled: Inside the massive Chinese data leak | Cybernews
Russia
The world’s default productivity tool is becoming a national security liability | Computer Weekly
State-sponsored hackers targeting defence sector employees, Google says | Espionage | The Guardian
EU Commission commits €347m to submarine cable security ...
From disinformation to espionage – Russia’s hybrid actions against Poland
Thwarted Winter Olympics hack highlights growing cyber exposure for major events | Insurance Times
Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign
Top Putin General Vladimir Alexeyev Behind U.S. Election Meddling Shot in Moscow
Russia tries to block WhatsApp, Telegram in communication blockade
North Korea
DPRK IT Workers Impersonating Individuals Using Real LinkedIn Accounts to Apply for Remote Roles
North Korean Hackers Use Deepfake Video Calls to Target Crypto Firms - Infosecurity Magazine
North Korean hackers use new macOS malware in crypto-theft attacks
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities
RATs in the Machine: Inside a Pakistan-Linked Three-Pronged Cyber Assault on India - SecurityWeek
State-sponsored cyber spies directly target defense industry employees across West | Cybernews
Google Warns of 'Relentless' Cyber Siege on Defense Industry
State-sponsored hackers targeting defence sector employees, Google says | Espionage | The Guardian
Tools and Controls
Reynolds ransomware uses BYOVD to disable security before encryption
Survey: Widespread Adoption of AI Hasn't Yet Reduced Cybersecurity Burnout - Security Boulevard
Interlock Ransomware Actors New Tool Exploiting Gaming Anti-Cheat Driver 0-Day to Disable EDR and AV
Crazy ransomware gang abuses employee monitoring tool in attacks
Security in the Dark: Recognizing the Signs of Hidden Information - SecurityWeek
Dutch authorities seized one of Windscribe VPN's servers – here's everything we know | TechRadar
What Organizations Need to Change When Managing Printers
"Encrypt It Already" Campaign Pushes Big Tech on E2E Encryption
Microsoft Copilot Security Has a Blind Spot — And It’s at Runtime - Security Boulevard
Ransomware crews abuse bossware to blend into networks • The Register
CISOs to pour 2026 budgets into AI as cybersecurity priorities shift | Ctech
Organizations Urged to Replace Discontinued Edge Devices - SecurityWeek
Other News
NCSC Issues Warning Over “Severe” Cyber-Attacks Targeting CNI - Infosecurity Magazine
Cyberattacks emerges as “material transaction risk” for PE | Insurance Business
Cyber risk is becoming a hold-period problem for private equity firms - Help Net Security
European Commission Investigating Cyberattack - SecurityWeek
‘Prepare for blackouts’: Ed Miliband’s net zero revolution is a hacker’s dream
A case of when, not if – the reality of Cyber-attacks | London City Hall
Rising threats require a battle-tested electricity system for Europe, says Eurelectric report
How Emerging Threats Are Forcing A Reboot Of Defence Industrial Base Security Policy | Scoop News
Vulnerability Management
CVEs set to hit record high levels in 2026 - BetaNews
FIRST Forecasts Record-Breaking 50,000+ CVEs in 2026 - Infosecurity Magazine
Time to Exploit Plummets as N-Day Flaws Dominate - Infosecurity Magazine
New Data Tool Helps Orgs Prioritize Exploited Flaws Smarter
Google says 1 billion Android users need to buy a new phone now - PhoneArena
Upgrade Now: Microsoft Issues Security Warning to Those Still on Windows 10
Infosec researchers mull curious case of Telnet ancient flaw • The Register
Organizations Urged to Replace Discontinued Edge Devices - SecurityWeek
Vulnerabilities
Microsoft just patched 6 zero-days, but you might want to hold off updating - here's why | ZDNET
Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms
Chrome 145 Patches 11 Vulnerabilities - SecurityWeek
Cisco Meeting Management Vulnerability Let Remote Attacker Upload Arbitrary Files
F5 Patches Critical Vulnerabilities in BIG-IP, NGINX, and Related Products
SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers
Apple Patches iOS Zero-Day Exploited in 'Extremely Sophisticated Attack' - SecurityWeek
Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices
Windows Notepad is now complex enough to have a serious security flaw | PCWorld
Windows 11 Notepad flaw let files execute silently via Markdown links
Microsoft begins Secure Boot certificate update for Windows devices - Help Net Security
Chipmaker Patch Tuesday: Over 80 Vulnerabilities Addressed by Intel and AMD - SecurityWeek
BeyondTrust warns of critical RCE flaw in remote support software
Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution
Critical Fortinet FortiClientEMS flaw allows remote code execution
Claude Desktop Extensions 0-Click RCE Vulnerability Exposes 10,000+ Users to Remote Attacks
Ivanti EPMM exploitation: Researchers warn of "sleeper" webshells - Help Net Security
83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure
Hackers breach SmarterTools network using flaw in its own software
Ransomware group breached SmarterTools via flaw in its SmarterMail deployment - Help Net Security
Dutch data watchdog caught up in Ivanti zero-day attacks • The Register
WordPress plugin with 900k installs vulnerable to critical RCE flaw
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 06 February 2026
Black Arrow Cyber Threat Intelligence Briefing 06 February 2026:
-From Clawdbot to OpenClaw: This Viral AI Agent Is Evolving Fast – and It’s Nightmare Fuel for Security Pros
-Why Moltbook Changes the Enterprise Security Conversation
-Beware of Weaponised Voicemail Messages Granting Hackers Remote Access to Your System
-Open the Wrong “PDF” and Attackers Gain Remote Access to Your PC
-AI Drives Doubling of Phishing Attacks in a Year
-Nitrogen Ransomware Is So Broken Even the Crooks Can’t Unlock Your Files
-The Human Layer of Security: Why People Are Still the Weakest Link in 2026
-What Is Cyber Risk Management and Why It Is Important for Businesses?
-The Growing Cyber Risk in Interconnected Supply Chains
-Over 75 Percent of Cyber Security Professionals Worry About AI Agent Risks
-Experts Show How Major UK Food Crisis Might Occur
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
A new evolving business threat has come to the fore, caused by autonomous AI assistants such as OpenClaw (aka Clawdbot and Moltbot), with significant and developing cyber risk considerations. In our summaries below, we also give details of other developing attack methods, including voicemail alerts and fake PDFs. AI, as predicted, is also escalating the dangers of phishing emails and is a concern for 75% of cyber professionals.
We also look at how employees and supply chains represent significant security weaknesses and how to address them, further underlining why cyber security is not a technology subject but instead requires coordinated risk management across the business.
To address these risks, leadership teams need to ensure their cyber knowledge comes from impartial experts, to take greater command of the risks and avoid the same blind spots as their control providers across people, operations and technology. Contact us to discuss how to achieve this in a proportionate manner.
Top Cyber Stories of the Last Week
From Clawdbot to OpenClaw: This Viral AI Agent Is Evolving Fast – and It’s Nightmare Fuel for Security Pros
OpenClaw, a fast growing open source personal AI assistant, shows how quickly AI tools could reshape cyber risk. It can connect to everyday apps like WhatsApp, email and calendars, and needs broad permissions to take actions on a user’s behalf. That access creates new routes for cyber attack, including fake downloads and scams, malicious add-ons, unsafe settings that leak passwords or access keys, and hidden instructions that trick the AI into harmful actions. Despite 34 recent security fixes, leaders should treat autonomous assistants as high risk until governance and controls mature.
https://www.zdnet.com/article/clawdbot-moltbot-openclaw-security-nightmare/
Why Moltbook Changes the Enterprise Security Conversation
A new risk is emerging as artificial intelligence agents begin talking to each other on social platforms such as Moltbook, often without ongoing human oversight. Once an employee sets an agent in motion, it can continue reading and posting online for long periods, creating a largely invisible route for sensitive information to leak, including source code, customer data, or internal project details. There is also an inbound threat where agents may absorb harmful instructions or links posted by others, influencing behaviour and decisions. Organisations should consider blocking such platforms by default, with tightly governed exceptions where needed.
https://securityboulevard.com/2026/02/why-moltbook-changes-the-enterprise-security-conversation/
Beware of Weaponised Voicemail Messages Granting Hackers Remote Access to Your System
A new “Voicemail Trap” campaign is using fake voicemail notifications to trick staff into handing criminals remote access to their devices. The messages often impersonate trusted financial organisations and direct recipients to convincing, bank themed websites. Victims are told to download an “audio update” to hear the message, but the file is a script that silently installs legitimate remote management software, allowing attackers persistent access to steal data or deploy further malware. Researchers observed 86 websites linked to this activity on 12 January 2026. Leaders should reinforce click caution and block untrusted download prompts.
https://cybersecuritynews.com/beware-of-weaponized-voicemail-messages/
Open the Wrong “PDF” and Attackers Gain Remote Access to Your PC
A phishing campaign known as DEAD#VAX is tricking staff into opening what looks like a normal PDF invoice or purchase order, but is actually a virtual hard disk file. When opened, Windows mounts it as a new drive and runs a hidden script that installs AsyncRAT, giving attackers remote access and the ability to monitor and control the PC. Because the malicious code runs in memory and hides inside trusted Microsoft processes, it can be harder for security tools and later investigation to spot. This can lead to password theft, data exposure, and a foothold into wider networks.
AI Drives Doubling of Phishing Attacks in a Year
Cofense reports that security filters intercepted one phishing email every 19 seconds in 2025, more than double the rate in 2024. It warns that criminals are using AI to create faster, more convincing scams, including messages written in near flawless local languages. Nearly one in five phishing emails now relies on conversation alone, a tactic often linked to business email compromise, where attackers impersonate trusted contacts to trick staff into making payments or sharing sensitive information. Cofense also saw a 105% rise in remote access tools abuse and a 204% increase in phishing emails delivering malware.
https://www.infosecurity-magazine.com/news/ai-double-volume-phishing-attacks/
Nitrogen Ransomware Is So Broken Even the Crooks Can’t Unlock Your Files
Researchers at Coveware have found that the Nitrogen ransomware group has a serious flaw in its file unlocking tool, meaning victims may be unable to recover data even if they pay. The issue affects attacks against VMware ESXi, a common virtualisation platform used to run servers, where the malware encrypts files using a corrupted key that cannot be matched to any working unlock code. Active since 2023 and extorting organisations since around September 2024, Nitrogen is not the most prolific group, but this bug turns its attacks into purely destructive cyber crime.
https://www.theregister.com/2026/02/04/nitrogen_ransomware_broken_decryptor/
The Human Layer of Security: Why People Are Still the Weakest Link in 2026
Despite major investment in tools and automation, people remain the primary cause of cyber security incidents. Gartner expects human error and social engineering, where criminals trick staff into unsafe actions, to drive 85% of data breaches by 2026, and Verizon links roughly two thirds of incidents to mistakes or misuse of login details. Threat actors are increasingly using AI to scale deception, with CrowdStrike’s 2025 report showing 79% of intrusions were malware-free and voice phishing rising 442%. Leaders should prioritise stronger day-to-day security habits, not just annual training, so staff become a resilient first line of defence.
What Is Cyber Risk Management and Why It Is Important for Businesses?
Cyber risk management is how organisations identify, understand and reduce the risks that come with using digital systems, networks and data. It is a continuous process, not a one-off exercise, because threats evolve as technology and working practices change. Effective cyber risk management considers people, processes and technology together, covering areas such as staff awareness, access controls, software updates, backups and monitoring. With around 39% of UK businesses reporting a cyber security breach or cyber attack in the last year, this approach helps reduce financial loss, disruption and reputational harm, while supporting compliance and stakeholder trust.
The Growing Cyber Risk in Interconnected Supply Chains
Supply chains are now a major driver of cyber risk across the UK, as disruption can spread quickly beyond a single organisation. Jaguar Land Rover, M&S, Heathrow and the Co-op were among hundreds impacted last year, with reported losses in the hundreds of millions, affecting thousands of suppliers, partners and customers. Human error contributes to over 60% of breaches, while attackers increasingly use convincing impersonation techniques to trick staff. Leaders can reduce exposure by setting clear security expectations for third parties, investing in staff training, and strengthening business continuity so essential services can keep running during disruption.
https://www.techuk.org/resource/the-growing-cyber-risk-in-interconnected-supply-chains.html
Over 75 Percent of Cyber Security Professionals Worry About AI Agent Risks
A survey of more than 1,500 cyber security professionals found that 73% say AI-powered threats are already significantly affecting their organisation, yet nearly half feel unprepared, even as 92% report major upgrades to defences. While 96% say AI improves the speed and efficiency of their work, concerns remain around data exposure (61%), regulatory breaches (56%) and misuse of AI tools (51%). Only 37% have a formal policy for deploying AI securely, highlighting that oversight of AI agents, including who and what they can access, is now a board-level issue.
Experts Show How Major UK Food Crisis Might Occur
A new study involving 39 experts from institutions including Anglia Ruskin University and the University of York warns that shocks such as extreme weather, a cyber attack or war could quickly disrupt the UK’s just-in-time food supply networks, driving price spikes and shortages. The report argues these pressures would hit low-income households hardest, increasing food insecurity and raising the risk of fraud, black market sales and illness, with worst case outcomes including social unrest. It recommends improving energy security, diversifying supply chains and supporting more resilient diets, alongside better cross-government planning.
https://www.aru.ac.uk/news/experts-show-how-major-uk-food-crisis-might-occur
Governance, Risk and Compliance
The Human Layer of Security: Why People are Still the Weakest Link in 2026 - Security Boulevard
Global tech spending is skyrocketing, and European firms are doubling down on investment | IT Pro
Novel Cyber Expectations for 2026 Reveal a Grab Bag of Risk
Why boards should be obsessed with their most 'boring' systems | CyberScoop
What is cyber risk management and why it is important for businesses? | The Global Recruiter
Threats
Ransomware, Extortion and Destructive Attacks
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
Ransomware gangs focus on winning hearts and minds | Computer Weekly
Hackers exploit unsecured MongoDB instances to wipe data and demand ransom
Experts show how major UK food crisis might occur - ARU
CVE-2025-22225 in VMware ESXi now used in active ransomware attacks
Nitrogen can't unlock its own ransomware after coding error • The Register
DragonForce Ransomware Attacking Critical Business to Exfiltrate Sensitive Information
Ransomware gang uses ISPsystem VMs for stealthy payload delivery
CISA quietly updated ransomware flags on 59 flaws last year • The Register
Critical SmarterMail Vulnerability Exploited in Ransomware Attacks - SecurityWeek
The Case for a Ransom Payment Ban and When It Might Happen
Researchers Warn of New “Vect” RaaS Variant - Infosecurity Magazine
Ransomware Victims
M&S attackers hit German insurance giant – HanseMerkur | Cybernews
Ransomware leaves Belgian hospitals unable to pay staff | Cybernews
Panera Bread breach affected 5.1 Million accounts, HIBP Confirms
Quarterly losses top £300m at JLR in wake of cyber attack | Insider Media
One of Europe's largest universities knocked offline for days after cyberattack | TechCrunch
Italian university La Sapienza goes offline after cyberattack
Romanian oil pipeline operator Conpet discloses cyberattack
Qilin claims Tulsa airport cyberattack | Cybernews
Spain's Ministry of Science shuts down systems after breach claims
Phishing & Email Based Attacks
AI Drives Doubling of Phishing Attacks in a Year - Infosecurity Magazine
Beware of New Compliance Emails Weaponizing Word/PDF Files to Steal Sensitive Data
Cybercriminals' Key Attack Vector is 'Trust', VIPRE's Q4 2025 Email Threat Report Reveals
Open the wrong “PDF” and attackers gain remote access to your PC | Malwarebytes
Private school parents targeted by fraudsters stealing fee payments | Scams | The Guardian
Cloud storage payment scam floods inboxes with fake renewals
Attackers Harvest Dropbox Logins Via Fake PDF Lures
Don't get caught out by Apple Pay phishing scams | Stuff
Beware of Weaponized Voicemail Messages Granting Hackers Remote Access to Your System
Zendesk spam wave returns, floods users with 'Activate account' emails
Other Social Engineering
Cybercriminals' Key Attack Vector is 'Trust', VIPRE's Q4 2025 Email Threat Report Reveals
Attackers Harvest Dropbox Logins Via Fake PDF Lures
Beware of Weaponized Voicemail Messages Granting Hackers Remote Access to Your System
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
2FA/MFA
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
Artificial Intelligence
AI Drives Doubling of Phishing Attacks in a Year - Infosecurity Magazine
OpenClaw AI Runs Wild in Business Environments
Alarm Grows as Social Network Entirely for AI Starts Plotting Against Humans
OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link
MoltBot Skills exploited to distribute 400+ malware packages in days
Moltbook, the AI social network, exposed human credentials due to vibe-coded security flaw
Researchers Hacked Moltbook and Accessed Thousands of Emails and DMs - Business Insider
Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users
It Turns Out 'Social Media for AI Agents' Is a Security Nightmare
DIY AI bot farm OpenClaw is a security 'dumpster fire' • The Register
Hundreds of Malicious Crypto Trading Add-Ons Found in Moltbot/OpenClaw - Infosecurity Magazine
Over 75 percent of cybersecurity professionals worry about AI agent risks - BetaNews
95% of AI Projects Are Unproductive and Not Breach Ready - Security Boulevard
2026: The Year Agentic AI Becomes the Attack-Surface Poster Child
82 percent of hackers now use AI - BetaNews
Cybersecurity in 2026: How AI will reshape the Digital Battlefield
AWS intruder pulled off AI-assisted cloud break-in in 8 mins • The Register
Autonomous attacks ushered cybercrime into AI era in 2025 - TechCentral.ie
AI-Enabled Voice and Virtual Meeting Fraud Surges 1000%+ - Infosecurity Magazine
Deepfake job seeker applied to work for an AI security firm • The Register
Paris Prosecutors Raid Elon Musk’s X Offices in France - Infosecurity Magazine
ICO Launches Investigation into X Over AI Non Consensual Sexual Images - Infosecurity Magazine
Bots/Botnets
Wave of Citrix NetScaler scans use thousands of residential proxies
Global SystemBC Botnet Found Active Across 10,000 Infected Systems - Infosecurity Magazine
Polish cops bail 20-year-old bedroom botnet operator • The Register
Careers, Roles, Skills, Working in Cyber and Information Security
Cyber Success Trifecta: Education, Certifications & Experience
How risk culture turns cyber teams predictive | CSO Online
Cloud/SaaS
AWS intruder pulled off AI-assisted cloud break-in in 8 mins • The Register
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
Attackers Harvest Dropbox Logins Via Fake PDF Lures
Mandiant details how ShinyHunters abuse SSO to steal cloud data
Cloud storage payment scam floods inboxes with fake renewals
Cloud sovereignty is no longer just a public sector concern • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hundreds of Malicious Crypto Trading Add-Ons Found in Moltbot/OpenClaw - Infosecurity Magazine
Step Finance says compromised execs' devices led to $40M crypto theft
Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
Coinbase confirms insider breach linked to leaked support tool screenshots
Cyber Crime, Organised Crime & Criminal Actors
Holiday Hits: Hackers Love to Strike When Defenders Are Away
Cybercriminals set sites on identities | CSO Online
China carries out further executions of Myanmar scam centre suspects | Crime News | Al Jazeera
Data Breaches/Leaks
Exposed MongoDB instances still targeted in data extortion attacks
Step Finance says compromised execs' devices led to $40M crypto theft
Moltbook, the AI social network, exposed human credentials due to vibe-coded security flaw
Researchers Hacked Moltbook and Accessed Thousands of Emails and DMs - Business Insider
Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users
Coinbase confirms insider breach linked to leaked support tool screenshots
Police Service of Northern Ireland officer names published on courts website - BBC News
Betterment breach scope pegged at 1.4M users • The Register
Hacker claims theft of data from 700,000 Substack users; Company confirms breach
Researcher reveals evidence of private Instagram profiles leaking photos
PSNI to compensate officers £7,500 for 2023 data breach • The Register
Panera Bread breach affected 5.1 Million accounts, HIBP Confirms
The Government Published Dozens of Nude Photos in the Epstein Files - The New York Times
Redditors breached Epstein’s email account using #1Island | Cybernews
Iron Mountain: Data breach mostly limited to marketing materials
Data Protection
Why Data Protection Matters | Cohen Seglias Pallas Greenhall & Furman PC - JDSupra
Data/Digital Sovereignty
Cloud sovereignty is no longer just a public sector concern • The Register
Denial of Service/DoS/DDoS
Polish cops bail 20-year-old bedroom botnet operator • The Register
Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics
Police shut down global DDoS operation, arrest 20-year-old - Help Net Security
Fraud, Scams and Financial Crime
Cloud storage payment scam floods inboxes with fake renewals
AI-Enabled Voice and Virtual Meeting Fraud Surges 1000%+ - Infosecurity Magazine
Private school parents targeted by fraudsters stealing fee payments | Scams | The Guardian
National Crime Agency and NatWest Issue Warning Over Invoice Fraud - Infosecurity Magazine
China carries out further executions of Myanmar scam centre suspects | Crime News | Al Jazeera
Google's disruption rips millions out of devices out of malicious network | CyberScoop
Identity and Access Management
Cybercriminals set sites on identities | CSO Online
Rising Risk of Compromised Credentials in AD - Security Boulevard
Insider Risk and Insider Threats
Ransomware gangs focus on winning hearts and minds | Computer Weekly
Step Finance says compromised execs' devices led to $40M crypto theft
The Human Layer of Security: Why People are Still the Weakest Link in 2026 - Security Boulevard
The best cyber defence is employee awareness, not technology
Human risk management: CISOs’ solution to the security awareness training paradox | CSO Online
Coinbase confirms insider breach linked to leaked support tool screenshots
Deepfake job seeker applied to work for an AI security firm • The Register
Law Enforcement Action and Take Downs
Paris raid on X focuses on child abuse material allegations
Empire Market co-founder faces 10 years to life after guilty plea
Polish cops bail 20-year-old bedroom botnet operator • The Register
Smartphones Now Involved in Nearly Every Police Investigation - Infosecurity Magazine
Google's disruption rips millions out of devices out of malicious network | CyberScoop
Police shut down global DDoS operation, arrest 20-year-old - Help Net Security
Paris Prosecutors Raid Elon Musk’s X Offices in France - Infosecurity Magazine
ICO Launches Investigation into X Over AI Non Consensual Sexual Images - Infosecurity Magazine
Alleged 764 member arrested, charged with CSAM possession in New York | CyberScoop
International sting dismantles illegal streaming empire serving millions - Help Net Security
Four held in £3m illegal TV streaming raids - BBC News
Linux and Open Source
Open-source attacks move through normal development workflows - Help Net Security
Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries
Malware
Beware of New Compliance Emails Weaponizing Word/PDF Files to Steal Sensitive Data
Open the wrong “PDF” and attackers gain remote access to your PC | Malwarebytes
Attackers Use Windows Screensavers to Drop Malware, RMM Tools
OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link
MoltBot Skills exploited to distribute 400+ malware packages in days
Global SystemBC Botnet Found Active Across 10,000 Infected Systems - Infosecurity Magazine
Notepad++ Supply Chain Hack Conducted by China via Hosting Provider - SecurityWeek
New GlassWorm attack targets macOS via compromised OpenVSX extensions
This stealthy Windows RAT holds live conversations with its operators | CSO Online
eScan Antivirus Delivers Malware in Supply Chain Attack - SecurityWeek
GlassWorm Returns to Shatter Developer Ecosystems
China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware
Mobile
9 Million Android Devices Hijacked in Secret Proxy Network - Tech Advisor
IPE - Are printers and mobile devices your Achilles heel?
Smartphones Now Involved in Nearly Every Police Investigation - Infosecurity Magazine
Google's disruption rips millions out of devices out of malicious network | CyberScoop
Apple's new privacy feature limits how precisely carriers track your location - Help Net Security
Models, Frameworks and Standards
NIST’s AI guidance pushes cybersecurity boundaries | CSO Online
Passwords, Credential Stuffing & Brute Force Attacks
From credentials to cloud admin in 8 minutes: AI supercharges AWS attack chain | CSO Online
Rising Risk of Compromised Credentials in AD - Security Boulevard
McDonald's tells customers to use better passwords • The Register
Regulations, Fines and Legislation
UK government must get its hands dirty on security, report says | Computer Weekly
The Case for a Ransom Payment Ban and When It Might Happen
The Government Published Dozens of Nude Photos in the Epstein Files - The New York Times
Five updates on the Trump admin’s cybersecurity agenda | Federal News Network
CISA tells agencies to stop using unsupported edge devices | CyberScoop
Social Media
Researcher reveals evidence of private Instagram profiles leaking photos
Paris raid on X focuses on child abuse material allegations
ICO Launches Investigation into X Over AI Non Consensual Sexual Images - Infosecurity Magazine
Supply Chain and Third Parties
Notepad++ Supply Chain Hack Conducted by China via Hosting Provider - SecurityWeek
The Growing Cyber Risk in Interconnected Supply Chains
Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
eScan Antivirus Delivers Malware in Supply Chain Attack - SecurityWeek
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries - SecurityWeek
UK government must get its hands dirty on security, report says | Computer Weekly
Cyber Terrorism: A New Threat To World Security – OpEd – Eurasia Review
Cyber Insights 2026: Cyberwar and Rising Nation State Threats - SecurityWeek
Cybersecurity planning keeps moving toward whole-of-society models - Help Net Security
UK warns of rising Russian, Chinese activity in High North
Nation State Actors
How does cyberthreat attribution help in practice?
Cybersecurity planning keeps moving toward whole-of-society models - Help Net Security
China
Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries - SecurityWeek
Notepad++ Supply Chain Hack Conducted by China via Hosting Provider - SecurityWeek
FUD on the line as telcos contemplate the cost of quitting Chinese kit | Euractiv
UK warns of rising Russian, Chinese activity in High North
China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware
China carries out further executions of Myanmar scam centre suspects | Crime News | Al Jazeera
Chinese organized crime networks moved $16 billion in crypto in 2025, according to report
Russia
Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks - Infosecurity Magazine
Russian Hackers Weaponize Microsoft Office Bug in Just 3 Days
Russian ship anchors over trans-Atlantic cables in Bristol Channel
Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics
ICS Devices Bricked Following Russia-Linked Intrusion Into Polish Power Grid - SecurityWeek
Poland traces December cyberattacks on 30 energy sites to Russian spy agency - Euromaidan Press
UK warns of rising Russian, Chinese activity in High North
North Korea
Labyrinth Chollima Evolves into Three North Korean Hacking Groups - Infosecurity Magazine
Iran
Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Cybersecurity planning keeps moving toward whole-of-society models - Help Net Security
Tools and Controls
IPE - Are printers and mobile devices your Achilles heel?
Attackers Use Windows Screensavers to Drop Malware, RMM Tools
Open-source attacks move through normal development workflows - Help Net Security
The Human Layer of Security: Why People are Still the Weakest Link in 2026 - Security Boulevard
Global tech spending is skyrocketing, and European firms are doubling down on investment | IT Pro
Open-source AI pentesting tools are getting uncomfortably good - Help Net Security
We moved fast and broke things. It’s time for a change. | CyberScoop
eScan Antivirus Delivers Malware in Supply Chain Attack - SecurityWeek
Rising Risk of Compromised Credentials in AD - Security Boulevard
Onboarding new AI hires calls for context engineering - here's your 3-step action plan | ZDNET
Smartphones Now Involved in Nearly Every Police Investigation - Infosecurity Magazine
Holiday Hits: Hackers Love to Strike When Defenders Are Away
AIs Are Getting Better at Finding and Exploiting Security Vulnerabilities - Schneier on Security
AI May Supplant Pen Testers, But Trust Is Not There Yet
What Are Risk Sciences? A New Framework for Understanding Risk and Uncertainty | Newswise
Why boards should be obsessed with their most 'boring' systems | CyberScoop
Reports Published in the Last Week
Cybercriminals' Key Attack Vector is 'Trust', VIPRE's Q4 2025 Email Threat Report Reveals
Other News
Experts show how major UK food crisis might occur - ARU
UK government must get its hands dirty on security, report says | Computer Weekly
Dark Patterns Undermine Security, One Click at a Time
DOJ releases details alleged talented hacker working for Jeffrey Epstein
Advice firms' lack of focus on cybersecurity 'worrying'
Energy infrastructure cyberattacks are suddenly in fashion • The Register
Vulnerability Management
We moved fast and broke things. It’s time for a change. | CyberScoop
EU’s answer to CVE solves dependency issue, adds fragmentation risks | CSO Online
AIs Are Getting Better at Finding and Exploiting Security Vulnerabilities - Schneier on Security
Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries
Vulnerabilities
Russian Hackers Weaponize Microsoft Office Bug in Just 3 Days
CVE-2025-22225 in VMware ESXi now used in active ransomware attacks
Microsoft 365 Outlook Add-ins Weaponized to Exfiltrate Sensitive Email Data Without Leaving Traces
Microsoft fixes Outlook bug blocking access to encrypted emails
Cisco, F5 Patch High-Severity Vulnerabilities - SecurityWeek
Threat actors hijack web traffic after exploiting React2Shell vulnerability | CSO Online
Critical SmarterMail Vulnerability Exploited in Ransomware Attacks - SecurityWeek
Ivanti’s EPMM is under active attack, thanks to two critical zero-days | CyberScoop
CISA flags critical SolarWinds RCE flaw as exploited in attacks
SQL Injection Flaw Affects 40,000 WordPress Sites - Infosecurity Magazine
Malicious Commands in GitHub Codespaces Enable RCE - Infosecurity Magazine
Microsoft to disable NTLM by default in future Windows releases
Critical React Native Vulnerability Exploited in the Wild - SecurityWeek
Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
Vulnerabilities Allowed Full Compromise of Google Looker Instances - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 30 January 2026
Black Arrow Cyber Threat Intelligence Briefing 30 January 2026:
-Cyber Security Failures Stem from Leadership Gaps, Not Technology, Says Former FTSE CISO
-10 Ways AI Can Inflict Unprecedented Damage in 2026
-Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted
-Over 100 Organisations Targeted in ShinyHunters Phishing Campaign
-77% of Financial Service Organisations Accrued Security Debt in 2025
-Patch or Perish: Vulnerability Exploits Now Dominate Intrusions
-5 Reasons Why a Password Manager Is More Essential than Ever
-Password Reuse in Disguise: An Often-Missed Risky Workaround
-Data Breach Exposes 149M Login Credentials for Apps Such as Gmail, Instagram, Netflix and More
-‘We’re Losing Massively’: EU Cyber Chief Warns Europe’s Defences Lag
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week’s review begins with a finding that cyber security failures are increasingly driven by leadership and accountability gaps, not a lack of technology. We look at the cyber risks that leadership teams need to manage, including how artificial intelligence is accelerating the speed, scale and effectiveness of cyber attacks by reshaping malware, phishing and extortion tactics. We report on the emergence of flawed ransomware, where paying a ransom still fails to restore data due to discarded encryption keys, and voice‑led phishing campaigns that guide staff to approve MFA prompts or share one‑time passcodes.
Our review highlights long‑standing security weaknesses left unresolved in financial services, and the dominance of unpatched vulnerabilities as an entry point. We discuss password risks, including where employees create predictable passwords by only tweaking the previous one, and a major breach exposing 149 million credentials from an unsecured dataset.
These risks reinforce that cyber security is not an IT topic, and that leadership teams need to manage the risks across people, operations and technology. Contact us for details of how to address these risks in a proportionate manner with your control providers.
Top Cyber Stories of the Last Week
Cyber Security Failures Stem from Leadership Gaps, Not Technology, Says Former FTSE CISO
Cyber security failures often stem from leadership and accountability gaps rather than a lack of technology, according to former FTSE-250 chief information security officer (CISO) Amy Lemberger of The CISO Hub. Many organisations have extensive security and monitoring tools, but cyber risk is frequently split across IT, compliance and procurement, leaving no senior owner for key trade-offs between security, speed, cost and growth. Appointing a CISO should make risk visible, not make it disappear, and boards need clearer insight into business impact and priorities, not more technical detail.
10 Ways AI Can Inflict Unprecedented Damage in 2026
Experts expect 2026 to be a step change in cyber risk as criminals and hostile states use artificial intelligence to make attacks faster, more convincing, and harder to spot. They warn of more self-adjusting malicious software, automated AI agents moving through networks to find valuable data, and a rise in staff using unauthorised AI tools that can leak sensitive information without oversight. Financial pressure is also set to grow, with ransomware damage forecast to rise from $57bn in 2025 to $74bn in 2026, shifting towards data theft and blackmail rather than simply locking systems.
https://www.zdnet.com/article/10-ways-ai-will-do-unprecedented-damage-in-2026-experts-warn/
Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted
A new ransomware variant called Sicarii has been advertised as a ransomware service since December, but researchers warn its decryption process is fundamentally broken. Even if an organisation pays, the criminals are unlikely to be able to unlock the data because the malware generates a new encryption key for each infected system and then discards the key needed to restore files. Claims suggest it has hit three to six mainly small business victims so far, though this is unverified. The poor quality of the code and odd branding hints at an inexperienced actor, possibly using AI tools, reinforcing why paying ransoms is a high-risk decision.
https://www.darkreading.com/endpoint-security/vibe-coded-sicarii-ransomware-decrypted
Over 100 Organisations Targeted in ShinyHunters Phishing Campaign
Security researchers have linked the cyber attacker group ShinyHunters to a phishing campaign that has prepared attacks against at least 100 organisations across sectors including technology, finance, healthcare and energy. The group uses voice phishing, where victims receive convincing phone calls, to target single sign-on accounts used to access multiple business systems. By combining phone guidance with fake login pages, attackers can capture passwords and persuade staff to approve multi-factor authentication prompts or share one-time passcodes. Some organisations have reported confirmed data breaches, and the criminals claim to have stolen millions of records with extortion demands reported in some cases.
https://www.securityweek.com/over-100-organizations-targeted-in-shinyhunters-phishing-campaign/
77% of Financial Service Organisations Accrued Security Debt in 2025
Veracode’s latest analysis of the financial sector highlights a growing build-up of ‘security debt’, meaning serious software weaknesses have been left unresolved for more than a year. It found 77% of banking, financial services and insurance organisations accrued some level of security debt in 2025, with 63% carrying critical issues. On average, it takes 276 days for firms to fix half of identified weaknesses, almost a month slower than other industries. While third party code makes up 17% of overall debt, it drives more than 82% of the most critical exposure, and takes 50% longer to remediate than in-house code.
Patch or Perish: Vulnerability Exploits Now Dominate Intrusions
According to Cisco Talos, software weaknesses are now the leading way attackers break into organisations, accounting for nearly 40% of intrusions in Q4 2025. Attackers are exploiting newly disclosed issues within hours, especially in internet facing business applications, leaving a very small window to respond. Phishing remains a close second at 32%, often leading to compromised email accounts and follow on scams from trusted addresses. Ransomware fell to 13% of cases, but this may reflect criminal groups consolidating rather than a reduced threat.
https://www.theregister.com/2026/01/29/faster_patching_please_cry_infoseccers/
5 Reasons Why a Password Manager Is More Essential than Ever
Password reuse remains one of the simplest ways for criminals to take over accounts, especially after a data breach where stolen usernames and passwords are circulated and then tried on other services. Password managers reduce this risk by creating unique, random passwords for every account and warning users if their saved details appear in known breaches. They can also help defend against phishing, where convincing fake emails and websites trick people into entering credentials, by only auto filling details on the correct site. Combined with multi factor authentication, they make stronger login security easier to adopt across the organisation.
https://www.makeuseof.com/reasons-why-password-manager-is-more-essential-than-ever/
Password Reuse in Disguise: An Often-Missed Risky Workaround
Near-identical password reuse remains a quietly significant cyber security risk, even in organisations with strong password rules. Staff often make small, predictable tweaks to existing passwords, such as changing a year or adding a character, which can still meet policy requirements but are easier for criminals to guess. This matters at scale: research suggests a 250 person organisation may collectively manage around 47,750 passwords, increasing the number of possible entry points. Attackers use automated tools to test common variations based on credentials leaked in previous breaches, so improving controls should include checks for overly similar passwords and continuous monitoring for breached credentials.
https://thehackernews.com/2026/01/password-reuse-in-disguise-often-missed.html
Data Breach Exposes 149M Login Credentials for Apps Such as Gmail, Instagram, Netflix and More
A major data leak exposed 149 million usernames and passwords across widely used services, including 48 million Gmail logins and millions linked to social media, streaming and financial platforms. The dataset, totalling 96GB, was reportedly left unsecured and publicly accessible, and even included some credentials for government websites. This creates a heightened risk of account takeovers, where criminals reuse stolen email and password pairs to access higher value services such as banking, trading or crypto. Leaders should reinforce two basics: enable two-factor authentication (a second sign-in step) and stop password reuse across accounts.
https://www.phonearena.com/news/data-breach-exposes-login-credentials-for-popular-apps_id177639
‘We’re Losing Massively’: EU Cyber Chief Warns Europe’s Defences Lag
The Chief of ENISA, the EU body responsible for strengthening cyber security across member states, has warned that Europe’s cyber security defences are falling behind the speed and scale of modern cyber attacks, despite rising overall security spending. Recent incidents have disrupted airports, elections and hospitals, while Germany’s Bundesbank reports facing over 5,000 attempted cyber attacks every minute. ENISA’s Chief argues the EU needs a fundamental rethink, not just incremental funding. A proposed expansion of ENISA by 118 staff would take it to roughly 268 people, far smaller than other EU security bodies, and he says even doubling capacity should be seen as the minimum.
https://www.politico.eu/article/we-are-losing-massively-against-hackers-eu-cyber-chief-warns/
Governance, Risk and Compliance
Regulation and financial crime lead UK company concerns - CDR News
Healthy Security Cultures Thrive on Risk Reporting
The cybercrime industry continues to challenge CISOs in 2026 | CSO Online
The human paradox at the center of modern cyber resilience | TechRadar
The Window Of Exposure Is The Real Cybersecurity Problem
UK cyber tests show banks' struggle with cybersecurity basics | American Banker
77% of Financial Service Organizations Accrued Security Debt in 2025 | Security Magazine
Bundesbank hit by 5,000 cyberattacks every minute | Cybernews
Security teams are carrying more tools with less confidence - Help Net Security
Security work keeps expanding, even with AI in the mix - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Osiris ransomware emerges, leveraging BYOVD technique to kill security tools
Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted
Over 100 Organizations Targeted in ShinyHunters Phishing Campaign - SecurityWeek
More criminals are using AI for ransomware attacks, cybersecurity centre warns | CBC News
Voice Phishing Okta Customers: ShinyHunters Claims Credit
Okta users under attack: Modern phishing kits are turbocharging vishing attacks - Help Net Security
Ransomware gang’s slip-up led to data recovery for 12 US firms | CSO Online
Initial access hackers switch to Tsundere Bot for ransomware attacks
How Can CISOs Respond to Ransomware Getting More Violent?
UK production hits 73-year low after tariff battle and cyber attack | Autocar
Cyber Centre releases Ransomware Threat Outlook 2025 to 2027 - Canada.ca
Russian ransomware forum seized by U.S. law enforcement – DataBreaches.Net
Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Group - Infosecurity Magazine
Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware
Ransomware Victims
UK production hits 73-year low after tariff battle and cyber attack | Autocar
Ransomware gang’s slip-up led to data recovery for 12 US firms | CSO Online
London boroughs limping back online months after cyberattack • The Register
ShinyHunters claims 2 Million Crunchbase records; company confirms breach
WorldLeaks Ransomware Group Claims 1.4TB Nike Data Breach - Infosecurity Magazine
ShinyHunters claims Panera Bread in alleged data theft • The Register
Marquis blames ransomware breach on SonicWall cloud backup hack
Phishing & Email Based Attacks
Over 100 Organizations Targeted in ShinyHunters Phishing Campaign - SecurityWeek
Phishing pages can appear after you click on them | Cybernews
News brief: Email scams highlight need for employee vigilance | TechTarget
Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access
The 2025 Phishing Surge Proved One Thing: Chasing Doesn't Work - Security Boulevard
New malware service guarantees phishing extensions on Chrome web store
Open-source AI used for scams, hacking, phishing, and abuse, study finds | Cybernews
Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware
Other Social Engineering
Voice Phishing Okta Customers: ShinyHunters Claims Credit
Okta users under attack: Modern phishing kits are turbocharging vishing attacks - Help Net Security
AML/CFT/Money Laundering/Terrorist Financing/Sanctions
Chinese Money Launderers Drive Global Ecosystem Worth $82bn - Infosecurity Magazine
Artificial Intelligence
10 ways AI can inflict unprecedented damage in 2026 | ZDNET
Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted
More criminals are using AI for ransomware attacks, cybersecurity centre warns | CBC News
AI-powered cyberattack kits are 'just a matter of time' • The Register
AI Security Threats Loom as Enterprise Usage Jumps 91% - Infosecurity Magazine
AI Is Lowering the Cost of Cybercrime—and Raising the Risk for Every Company | Fortune
Open-source AI used for scams, hacking, phishing, and abuse, study finds | Cybernews
Konni hackers target blockchain engineers with AI-built malware
Is your phone committing ad fraud? This AI malware may be responsible - SamMobile
Study: 94% of Experts Say AI Will Drive Cybersecurity Changes
LLMs Hijacked, Monetized in 'Operation Bizarre Bazaar' - SecurityWeek
EU investigates Musk's X over AI deepfake images | AP News
Beware! Fake ChatGPT browser extensions are stealing your login credentials
AI Is Rewriting Compliance Controls and CISOs Must Take Notice
Fake Moltbot AI assistant just spreads malware - so AI fans, watch out for scams | TechRadar
Moltbot is a security nightmare: 5 reasons to avoid using the viral AI agent right now | ZDNET
Crooks are hijacking and reselling AI infrastructure: Report | CSO Online
Undressed victims file class action lawsuit against xAI for Grok deepfakes | CyberScoop
Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup
AI is quietly poisoning itself and pushing models toward collapse - but there's a cure | ZDNET
Trump’s acting cyber chief uploaded sensitive files into a public version of ChatGPT - POLITICO
The open source ecosystem is booming thanks to AI, but hackers are taking advantage | IT Pro
US wants to push its view of AI cybersecurity standards to the rest of the world | CyberScoop
Bots/Botnets
Initial access hackers switch to Tsundere Bot for ransomware attacks
Aisuru botnet sets new record with 31.4 Tbps DDoS attack
Careers, Roles, Skills, Working in Cyber and Information Security
The human paradox at the center of modern cyber resilience | TechRadar
Security now one of the UK’s fastest-growing career paths | Computer Weekly
UK cyber security jobs have tripled since 2021, Socura ONS report reveals
Cloud/SaaS
Cyber Crime, Organised Crime & Criminal Actors
Chinese Money Launderers Drive Global Ecosystem Worth $82bn - Infosecurity Magazine
What motivates hackers and what makes them walk away - Help Net Security
Crooks are hijacking and reselling AI infrastructure: Report | CSO Online
China executes 11 people linked to Myanmar scam operation | China | The Guardian
Data Breaches/Leaks
5 reasons why a password manager is more essential than ever
infostealer malware breach - IT Security Guru
Massive breach exposes 149 million Instagram, Gmail, OnlyFans passwords: How to stay safe? | Mint
Law Firm Investigates Coupang Security Failures After Cyber-Attack - Infosecurity Magazine
Bumble, Panera Bread, CrunchBase, Match Hit by Cyberattacks
Match Group breach exposes data from Hinge, Tinder, OkCupid, and Match
WorldLeaks Ransomware Group Claims 1.4TB Nike Data Breach - Infosecurity Magazine
ShinyHunters claims Panera Bread in alleged data theft • The Register
Nike Probing Potential Security Incident as Hackers Threaten to Leak Data - SecurityWeek
Google agrees to pay $135 million over Android data harvesting claims - Help Net Security
France Fines National Employment Agency €5m Over 2024 Data Breach - Infosecurity Magazine
US Data Breaches Hit Record High but Victim Numbers Decline - Infosecurity Magazine
Trump's cybersecurity chief caught in massive ChatGPT blunder - Raw Story
Data Protection
France Fines National Employment Agency €5m Over 2024 Data Breach - Infosecurity Magazine
Data/Digital Sovereignty
Europe is launching its own social media platform | Cybernews
The Netherlands rethinks its US tech addiction – POLITICO
Denial of Service/DoS/DDoS
Aisuru botnet sets new record with 31.4 Tbps DDoS attack
Encryption
Fraud, Scams and Financial Crime
Chinese Money Launderers Drive Global Ecosystem Worth $82bn - Infosecurity Magazine
Is your phone committing ad fraud? This AI malware may be responsible - SamMobile
LLMs Hijacked, Monetized in 'Operation Bizarre Bazaar' - SecurityWeek
Regulation and financial crime lead UK company concerns - CDR News
Open-source AI used for scams, hacking, phishing, and abuse, study finds | Cybernews
Cybersecurity’s New Business Case: Fraud
A fake romance turns into an Android spyware infection - Help Net Security
China executes 11 people linked to Myanmar scam operation | China | The Guardian
Insider Risk and Insider Threats
The human paradox at the center of modern cyber resilience | TechRadar
How insider threats are growing – And what to do about it | SC Media UK
New CISA Guidance Targets Insider Threat Risks - Infosecurity Magazine
CISA insider-threat warning comes with an ironic twist • The Register
Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup
Internet of Things – IoT
Wearable tech adoption continues as privacy worries grow - Help Net Security
Law Enforcement Action and Take Downs
Russian ransomware forum seized by U.S. law enforcement – DataBreaches.Net
Google Disrupts IPIDEA — One of the World's Largest Residential Proxy Networks
Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup
Four arrested in crackdown on Discord-Based SWATting and doxing
Empire cybercrime market owner pleads guilty to drug conspiracy
Slovakian man pleads guilty to operating darknet marketplace
Linux and Open Source
Open-source malware zeroes in on developer environments - Help Net Security
The open source ecosystem is booming thanks to AI, but hackers are taking advantage | IT Pro
Malvertising
Your phone might be clicking on ads because of these malware-infected apps
Malware
infostealer malware breach - IT Security Guru
Is your phone committing ad fraud? This AI malware may be responsible - SamMobile
Open-source malware zeroes in on developer environments - Help Net Security
Konni hackers target blockchain engineers with AI-built malware
New malware service guarantees phishing extensions on Chrome web store
GhostPoster: 17 malware browser extensions you should delete ASAP | Mashable
Threat Actors Fake BSODs and Trusted Build Tools to Bypass Defenses and Deploy DCRat
What are drive-by download attacks? - Security Boulevard
Attackers use Windows App-V scripts to slip infostealer past enterprise defenses - Help Net Security
Fake Moltbot AI assistant just spreads malware - so AI fans, watch out for scams | TechRadar
Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor
Top antivirus hacked to push out a malicious update - find out if you're affected | TechRadar
Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware
New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector
US charges 31 more suspects linked to ATM malware attacks
Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware
Misinformation, Disinformation and Propaganda
TikTok blocks ‘Epstein’ mentions and anti-Trump videos, users claim | The Independent
Mobile
Is your phone committing ad fraud? This AI malware may be responsible - SamMobile
A WhatsApp bug lets malicious media files spread through group chats | Malwarebytes
Google Warns 2 Billion Android Users—Do Not Save Photos From WhatsApp
Hugging Face abused to spread thousands of Android malware variants
A fake romance turns into an Android spyware infection - Help Net Security
Microsoft: Outlook for iOS crashes, freezes due to coding error
Google agrees to pay $135 million over Android data harvesting claims - Help Net Security
What are phishing messages on phones? - SamMobile - SamMobile
Models, Frameworks and Standards
Government publishes Cyber Security and Resilience Bill | UKAuthority
France Fines National Employment Agency €5m Over 2024 Data Breach - Infosecurity Magazine
AI Is Rewriting Compliance Controls and CISOs Must Take Notice
A first look at NIST’s new cyber AI framework | Freeman Mathis & Gary - JDSupra
Outages
Why the internet kept breaking and taking down your favorite sites in 2025 | ZDNET
Passwords, Credential Stuffing & Brute Force Attacks
5 reasons why a password manager is more essential than ever
Why Using The Same Password For Every Website Is So Dangerous | HuffPost Life
Password Reuse in Disguise: An Often-Missed Risky Workaround
Massive breach exposes 149 million Instagram, Gmail, OnlyFans passwords: How to stay safe? | Mint
149 Million Usernames and Passwords Exposed by Unsecured Database | WIRED
Beware! Fake ChatGPT browser extensions are stealing your login credentials
Regulations, Fines and Legislation
Regulation and financial crime lead UK company concerns - CDR News
Government publishes Cyber Security and Resilience Bill | UKAuthority
UK government to build digital ID in-house • The Register
France Fines National Employment Agency €5m Over 2024 Data Breach - Infosecurity Magazine
US wants to push its view of AI cybersecurity standards to the rest of the world | CyberScoop
Bankruptcy as a National Security Risk | Oxford Law Blogs
Feds Take Their Ball and Go Home From RSAC Conference - Security Boulevard
EU Cybersecurity Shake Up Puts Non EU Rail Tech Under Fresh Scrutiny | Rail News
Social Media
Massive breach exposes 149 million Instagram, Gmail, OnlyFans passwords: How to stay safe? | Mint
Europe is launching its own social media platform | Cybernews
TikTok blocks ‘Epstein’ mentions and anti-Trump videos, users claim | The Independent
Supply Chain and Third Parties
AV vendor disputes security shop's update server claims • The Register
Top antivirus hacked to push out a malicious update - find out if you're affected | TechRadar
Marquis blames ransomware breach on SonicWall cloud backup hack
NHS Issues Open Letter Demanding Improved Cybersecurity Standards - Infosecurity Magazine
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
‘We’re losing massively’: EU cyber chief warns Europe’s defenses lag – POLITICO
UK Cyber Action Plan's promise | Professional Security Magazine
Russia's hybrid war is weakening Europe's cohesion, expert says | Euronews
Preparing for looming national cyber security threats in 2026 and beyond | Federal News Network
Nation State Actors
‘We’re losing massively’: EU cyber chief warns Europe’s defenses lag – POLITICO
Preparing for looming national cyber security threats in 2026 and beyond | Federal News Network
China
Hackers suspected of spying on UK officials' calls for years • The Register
Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor
China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023
Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup
Chinese Money Launderers Drive Global Ecosystem Worth $82bn - Infosecurity Magazine
China executes 11 people linked to Myanmar scam operation | China | The Guardian
Russia
‘We’re losing massively’: EU cyber chief warns Europe’s defenses lag – POLITICO
Russia's hybrid war is weakening Europe's cohesion, expert says | Euronews
SSU thwarts over 14,000 cyberattacks on Ukraine since Russia’s full-scale invasion
Russian ransomware forum seized by U.S. law enforcement – DataBreaches.Net
New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector
Cyberattack on Polish energy grid impacted around 30 facilities
Ubiquiti: The U.S. Tech Enabling Russia's Drone War - HUNTERBROOK
Russia car owners stranded after cyberattack hits Delta app | Cybernews
North Korea
Konni hackers target blockchain engineers with AI-built malware
Long-running North Korea threat group splits into 3 distinct operations | CyberScoop
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Preparing for looming national cyber security threats in 2026 and beyond | Federal News Network
Tools and Controls
5 reasons why a password manager is more essential than ever
Osiris ransomware emerges, leveraging BYOVD technique to kill security tools
Threat Actors Fake BSODs and Trusted Build Tools to Bypass Defenses and Deploy DCRat
Attackers use Windows App-V scripts to slip infostealer past enterprise defenses - Help Net Security
Study: 94% of Experts Say AI Will Drive Cybersecurity Changes
Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access
Security teams are carrying more tools with less confidence - Help Net Security
Security Teams Embrace AI, Just Not at the Scale Marketing Suggests - Infosecurity Magazine
Open-source malware zeroes in on developer environments - Help Net Security
73% of CISOs more likely to consider AI-enabled security solution | CSO Online
Ethical Hackers are Ramping Up AI Adoption, Collaboration: Bugcrowd | MSSP Alert
Secret Service warns domain registration system is major security flaw hackers exploit | CyberScoop
Viral Moltbot AI assistant raises concerns over data security
Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware
AI & the Death of Accuracy: What It Means for Zero-Trust
Security work keeps expanding, even with AI in the mix - Help Net Security
Rethinking Cybersecurity in a Platform World - InfoRiskToday
Other News
UK cyber tests show banks' struggle with cybersecurity basics | American Banker
77% of Financial Service Organizations Accrued Security Debt in 2025 | Security Magazine
Secret Service warns domain registration system is major security flaw hackers exploit | CyberScoop
Why the internet kept breaking and taking down your favorite sites in 2025 | ZDNET
UK Cyber Action Plan's promise | Professional Security Magazine
Majority of family businesses experienced cyberattacks in past two years, report reveals - Spear's
Germany To Strengthen Cyber Countermeasures | Silicon UK Tech
Cyber criminals turn sights on UK vehicle remarketing sector
Shoppers Avoid Stores That Fail to Prioritize Security Measures
What to know about the UK Cyber Action Plan | SC Media UK
EU Cybersecurity Shake Up Puts Non EU Rail Tech Under Fresh Scrutiny | Rail News
Inside Housing - Comment - Cyberattackers are changing, and we need to be ready
The Space Review: When satellites are hacked: the legal gray zone of non-kinetic space attack
Surging Cyberattacks Boost Latin America to Riskiest Region
Operation Winter SHIELD: FBI Issues Cyber Call to Arms - Infosecurity Magazine
Vulnerability Management
Vulnerability exploits now dominate intrusions • The Register
Europe's GCVE Raises Concerns Over Fragmentation Risks
Hand CVE Over to the Private Sector
Vulnerabilities
Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation
Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls
Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected
Everyone’s exploiting a WinRAR bug to drop RATs • The Register
Exploited Zero-Day Flaw in Cisco UC Could Affect Millions
Critical VMware vCenter Server bug under attack • The Register
Why you need Microsoft's new emergency Windows patch - and the black-screen bug to watch for | ZDNET
CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog
Microsoft releases emergency OOB update to fix Outlook freezes
Microsoft investigates Windows 11 boot failures after January updates
'PackageGate' Flaws Open JavaScript Ecosystem to Supply Chain Attacks - SecurityWeek
Critical sandbox escape flaw found in popular vm2 NodeJS library
Organizations Warned of Exploited Linux Vulnerabilities - SecurityWeek
OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution
SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass
Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online
eScan confirms update server breached to push malicious update
Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas
Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 23 January 2026
Black Arrow Cyber Threat Intelligence Briefing 23 January 2026:
-A New LinkedIn Phishing Scam Is Targeting Executives Online – Make Sure You Don’t Fall for This
-LastPass Warns of Phishing Campaign Attempting to Steal Master Passwords
-VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun
-Analysis of 6 Billion Passwords Shows Stagnant User Behaviour
-For Cyber Risk Assessments, Frequency Is Essential
-Most SMBs Aren’t Set Up to Survive a Major Cyberattack – Here’s What Needs to Be Done
-63% of IT Leaders Say Firms Overestimate Cyber Recovery
-Cyber Risks Among CEOs’ Top Worries Amid Weak Short Term Growth Outlook
-Global Tensions Are Pushing Cyber Activity Toward Dangerous Territory
-Europe Wants to End Its Dangerous Reliance on US Internet Technology
-UK Firms’ Cyber Security Budget Set for Major Increase
-Europe’s GDPR Cops Dished Out €1.2B in Fines Last Year as Data Breaches Piled Up
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Our review this week starts with a number of emerging attacks that business leaders should be aware of involving LinkedIn and LastPass. We report how AI is able to develop advanced malware within one week, while classic attacks remain a real risk due to poor password choices by employees. In response to these and other developments, business leaders are treating cyber as one of their top risks, while governments are addressing the risk of concentrated reliance on a small number of technology providers.
We include calls to action for business leaders to review their security, including frequent security assessments. We also focus on rehearsing how to manage a cyber incident where our point of view is clear: the objective is to consider the possibility of a successful attack rather than a walkthrough of a showcase scenario by your control provider; therefore, the rehearsal should be led by an impartial expert to help flush out incorrect assumptions by your leadership team and security providers.
Contact us to discuss how to apply these insights in a proportionate manner in your organisation’s cyber risk management strategy.
Top Cyber Stories of the Last Week
A New LinkedIn Phishing Scam Is Targeting Executives Online – Make Sure You Don’t Fall for This
ReliaQuest has identified a sophisticated phishing campaign on LinkedIn that targets senior executives and IT administrators using convincing fake job ads and project invitations. Messages include a download link to a compressed file disguised as a business document, such as a product roadmap or project plan. Opening it quietly installs a remote access trojan, a type of malware that gives criminals ongoing access to a device and enables data theft. The campaign highlights that phishing is no longer limited to email, with social media and other everyday platforms increasingly used to reach high value targets.
LastPass Warns of Phishing Campaign Attempting to Steal Master Passwords
LastPass is warning of a widespread phishing email campaign, first seen on 19 January, that impersonates the company and pressures recipients to click a link within 24 hours to back up their password vault before maintenance. The link leads to a fake login page designed to steal the user’s master password, which can give criminals access not only to LastPass but also to many other accounts stored in the vault. With around 33 million users and more than 100,000 business customers, LastPass says it will never ask for a master password or demand urgent action by email.
https://www.infosecurity-magazine.com/news/lastpass-phishing-master-passwords/
VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun
Check Point Research has identified VoidLink as the first clearly documented example of a highly capable malware framework built largely using artificial intelligence, likely by a single actor. Researchers were able to access the developer’s infrastructure due to poor security that exposed planning documents and source code showing the tool moved from concept to a working implant in under a week. This illustrates how AI can dramatically speed up the creation of sophisticated malicious software, potentially making complex cyber attacks more accessible and harder to defend against.
https://research.checkpoint.com/2026/voidlink-early-ai-generated-malware-framework/
Analysis of 6 Billion Passwords Shows Stagnant User Behaviour
A review of 6 billion leaked passwords from 2025 shows user behaviour has barely improved, with ‘123456’, ‘admin’ and ‘password’ still among the most commonly stolen credentials. ‘Admin’ and ‘password’ are often default logins on business systems, connected devices and industrial equipment, and leaving them unchanged can provide criminals with direct access to critical services. The study also found many passwords are only slightly more complex but remain predictable, and that most were stolen by password stealing malware. This reinforces the need for stronger sign-in controls and regular checks for exposed credentials.
https://www.securityweek.com/analysis-of-6-billion-passwords-shows-stagnant-user-behavior/
For Cyber Risk Assessments, Frequency Is Essential
Regular cyber security risk assessments give leadership a clear view of real exposure, not just headline threats. They help teams spot weaknesses early, focus investment on the most critical systems and data, and meet regulatory duties such as GDPR. Data deserves particular attention because, once stolen, it cannot be recovered like infrastructure. Recent findings show one in ten cloud data sets are accessible to all employees, increasing the potential impact of ransomware. Microsoft also reports over 99% of compromised accounts lacked multi factor authentication, a key control that adds a second step to logins.
https://www.csoonline.com/article/4117003/cyber-risk-assessments-risk-assessment-helps-cisos.html
Most SMBs Aren’t Set Up to Survive a Major Cyberattack – Here’s What Needs to Be Done
Vodafone Business research suggests more than 10% of UK organisations might not survive a major cyber attack. Nearly two-thirds (63%) say their risk has increased over the past year, and 71% of leaders believe at least one employee would fall for a phishing email, where criminals trick staff into revealing information or approving payments. Basic protections are still often missing: staff reuse work passwords across up to 11 personal accounts, and only 45% of firms have given all employees basic cyber awareness training. Encouragingly, 89% say recent high-profile attacks have made them more alert, while 70% are now more wary of AI-driven impersonation during video calls.
63% of IT Leaders Say Firms Overestimate Cyber Recovery
Dell research highlights a growing gap between how confident leaders feel about recovering from a cyber attack and how ready their organisations really are. While 99% of firms claim to have a cyber resilience strategy, 63% of IT leaders say executives are overconfident, and 57% did not recover as effectively as planned in their most recent incident or rehearsal. Regular recovery testing makes a material difference, with a 55% success rate for organisations testing monthly or more, versus 35% for less frequent testing. Dell urges boards to treat recovery as a core priority, balancing investment between prevention and recovery.
https://cybernews.com/security/hidden-resilience-debt-half-firms-unready-cyberattacks/
Cyber Risks Among CEOs’ Top Worries Amid Weak Short Term Growth Outlook
PwC’s 29th Global CEO Survey of 4,454 chief executives across 95 countries and territories shows cyber risk is now one of CEOs’ top concerns, alongside economic volatility and geopolitical conflict. Nearly a third (31%) say their organisation is highly or extremely exposed to significant financial loss from cyber threats in the next year, up from 24% in 2024. In response, 84% plan to strengthen enterprise-wide cyber security, while concerns about data privacy (38%) and responsible use of AI (37%) highlight growing risks to stakeholder trust.
https://www.infosecurity-magazine.com/news/cyber-risks-among-ceos-top-worries/
Global Tensions Are Pushing Cyber Activity Toward Dangerous Territory
Rising geopolitical tensions are driving more state backed cyber activity that can disrupt essential services. 72% of IT leaders fear nation state capabilities could escalate into cyber war, with power and water systems most at risk. Past incidents show the impact, including a 2016 attack that cut electricity for six hours and left over one million people without power, plus a 2025 intrusion that opened a Norwegian dam floodgate. Alongside disruption, AI-made misinformation is spreading rapidly online. The World Economic Forum warns that sovereignty and supply chain control are shaping choices, including AWS launching a European Sovereign Cloud.
https://www.helpnetsecurity.com/2026/01/19/cybersecurity-geopolitical-tensions/
UK Firms’ Cyber Security Budget Set for Major Increase
KPMG’s Global Tech Report 2026 finds UK organisations are making cyber security their biggest area for budget growth over the next 12 months, driven by geopolitical tensions and high profile data breaches. More than half of UK firms (57%) plan to increase cyber security spending by over 10%, well ahead of the global figure. The focus is shifting from buying tools to building cyber resilience, meaning protecting the most important systems and data, fixing the basics, and assigning clear accountability. The UK Government has also proposed new cyber security legislation in response to the rising threat.
https://www.uktech.news/cybersecurity/uk-firms-cybersecurity-budget-set-for-major-increase-20260122
Europe’s GDPR Cops Dished Out €1.2B in Fines Last Year as Data Breaches Piled Up
DLA Piper’s latest survey shows GDPR enforcement continuing at scale, with fines topping £1 billion (€1.2 billion) in 2025 and reaching €7.1 billion (£6.2 billion) since the rules began in May 2018. More concerning for business leaders is the sharp rise in incident reporting: regulators received an average of 443 personal data breach notifications a day from late January 2025, up 22 percent year on year and the first time the daily total has exceeded 400. With new reporting laws increasing expectations and speed, organisations need stronger cyber defences and operational resilience.
https://www.theregister.com/2026/01/22/europes_gdpr_cops_dished_out/
Governance, Risk and Compliance
CISOs Rise in Rank as Cyber Risk Reaches the Boardroom | MSSP Alert
Cyber Breaches, Compliance and Reputation Top UK Corporate Concerns - Infosecurity Magazine
Cyber Risks Among CEOs’ Top Worries Amid Weak Short Term Growth - Infosecurity Magazine
Most SMBs aren't set up to survive a major cyberattack - here's what needs to be done | TechRadar
Rising AI threats drive 82% of firms to boost cybersecurity budgets - Cryptopolitan
63% of IT leaders say firms overestimate cyber recovery| Cybernews
Cyber fraud most pervasive global threat for CEOs: report
Cyber attack would wipe out over 10% of UK businesses – Vodafone
Comms Business - Cyber attack would put one in 10 firms out of business
BoE: UK finservs still lacking on basic cybersecurity • The Register
UK firms' cybersecurity budget set for major increase - UKTN
Cybersecurity Is More Than Technical. It’s A Financial Issue
Ransomware gangs extort victims by citing compliance violations | CSO Online
For cyber risk assessments, frequency is essential | CSO Online
Privacy teams feel the strain as AI, breaches, and budgets collide - Help Net Security
9 strategic imperatives every business leader must master to survive and thrive in 2026 | ZDNET
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware 2026: Attacks Surge Despite Gang Takedowns
Ransomware attacks showed a 45 percent increase in 2025 - BetaNews
Researchers Uncovered LockBit’s 5.0 Latest Affiliate Panel and Encryption Variants
New Osiris ransomware reveals sophisticated tactics and experienced attackers - SiliconANGLE
Ransomware gangs extort victims by citing compliance violations | CSO Online
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
New PDFSider Windows malware deployed on Fortune 100 firm's network
Crims hit the easy button for IT helpdesk scams • The Register
DeadLock ransomware abuses Polygon blockchain to rotate proxy servers quietly - CoinJournal
Law enforcement tracks ransomware group blamed for massive financial losses - Help Net Security
INC ransomware opsec fail allowed data recovery for 12 US orgs
Leader of ransomware crew pleads guilty to four-year crime spree | CyberScoop
Ransomware Victims
New PDFSider Windows malware deployed on Fortune 100 firm's network
Cyber fallout continues as M&S CTO exits months after ransomware attack - InternetRetailing
Grubhub confirms breach linked to Salesforce attacks | Cybernews
Ransomware attack on Ingram Micro impacts 42,000 individuals
72.7M Under Armour accounts hit in alleged ransomware leak • The Register
Cyber security update | London Borough of Hammersmith & Fulham
RansomHub claims alleged breach of Apple partner Luxshare - Help Net Security
Phishing & Email Based Attacks
From Phishing to Reconnaissance: How Attackers Are Weaponizing Generative AI - GovInfoSecurity
LastPass Warns of Fake Maintenance Messages Targeting Users' Master Passwords
You Got Phished? Of Course! You're Human...
Domain spoofing used in 90 percent of top phishing attacks - BetaNews
Zendesk ticket systems hijacked in massive global spam wave
Irish university lost €2.3 million from cyber attack, report reveals | Crime World
Phishing and Spoofed Sites Remain Primary Entry Points For Olympics - Infosecurity Magazine
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Other Social Engineering
LastPass Warns of Fake Maintenance Messages Targeting Users' Master Passwords
Crims hit the easy button for IT helpdesk scams • The Register
'Contagious Interview' Attack Now Delivers Backdoor Via VS Code
What’s a browser-in-browser attack? The key traits to know | PCWorld
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
Phishing and Spoofed Sites Remain Primary Entry Points For Olympics - Infosecurity Magazine
2FA/MFA
One-time SMS links that never expire can expose personal data for years - Help Net Security
Artificial Intelligence
VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point Research
From Phishing to Reconnaissance: How Attackers Are Weaponizing Generative AI - GovInfoSecurity
Rising AI threats drive 82% of firms to boost cybersecurity budgets - Cryptopolitan
For the price of Netflix, crooks can rent AI crime ops • The Register
Cyber risk keeps winning, even as AI takes over - Help Net Security
Why CEOs and CISOs are split on AI-driven cyber risk | Invezz
Businesses are deploying AI agents faster than safety protocols can keep up, Deloitte says | ZDNET
New Android malware uses AI to click on hidden browser ads
AI Risks a Key Driver Behind Cyber Insurance Growth, Evolution | MSSP Alert
Privacy teams feel the strain as AI, breaches, and budgets collide - Help Net Security
Microsoft & Anthropic MCP Servers At Risk of RCE, Cloud Takeovers
A new European standard outlines security requirements for AI - Help Net Security
ChatGPT Health Raises Big Security, Safety Concerns
Gemini AI assistant tricked into leaking Google Calendar data
Pentagon's Use of Grok Raises AI Security Concerns
Curl shutters bug bounty program to stop AI slop • The Register
Bots/Botnets
RondoDox botnet exploits critical HPE OneView bug • The Register
ISP Sinkholes Kimwolf Servers Amid Eruption of Bot Traffic
Cloud/SaaS
Azure Identity Token Flaw Exposes Windows Admin Center to Tenant-Wide Breaches
Hackers exploit security testing apps to breach Fortune 500 firms
'Damn Vulnerable' Training Apps Leave Vendors' Clouds Exposed
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto
Cyber Crime, Organised Crime & Criminal Actors
For the price of Netflix, crooks can rent AI crime ops • The Register
Researchers Gained Access to Hacker Domain Server Using Name Server Delegation - Cyber Security News
Malware control panels could give experts the tools they need to spy on hackers | TechRadar
Cybercriminals speak the language young people trust - Help Net Security
Data Breaches/Leaks
750,000 Impacted by Data Breach at Canadian Investment Watchdog - SecurityWeek
Vastaamo hack: My darkest secrets were revealed to the world - BBC News
Grubhub confirms breach linked to Salesforce attacks | Cybernews
Ransomware attack on Ingram Micro impacts 42,000 individuals
When Space Isn’t Safe: Inside the European Space Agency’s Massive Cyberattack - Security Boulevard
UStrive security lapse exposed personal data of its users, including children | TechCrunch
DOGE shared Social Security data to unauthorized server, according to court filing | CNN Politics
Attackers claim theft of 183M records from major oil company | Cybernews
Data Protection
Europe’s GDPR cops dished out €1.2B in fines last year • The Register
Denial of Service/DoS/DDoS
Fresh alert warns of pro-Russia hackers targeting UK groups in cyber attacks
UK NCSC warns of Russia-linked hacktivists DDoS attacks
Encryption
Chinese military says it is developing over 10 quantum warfare weapons | South China Morning Post
A new framework helps banks sort urgent post-quantum crypto work from the rest - Help Net Security
Ireland explores legal spyware, encryption-breaking powers • The Register
Fraud, Scams and Financial Crime
Cyber fraud most pervasive global threat for CEOs: report
Banks: Even strict security measures may not protect customers from fraud | News | ERR
Irish university lost €2.3 million from cyber attack, report reveals | Crime World
Peruvian Loan Scam Harvests Cards and PINs via Fake Applications - Infosecurity Magazine
Insurance
AI Risks a Key Driver Behind Cyber Insurance Growth, Evolution | MSSP Alert
SMEs looking for cover as cyber risks mount
Internet of Things – IoT
Smart home hacking is a serious threat - but here's how experts actually stop it | ZDNET
Canada’s new EV deal with China prompts cybersecurity questions
TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking - SecurityWeek
Law Enforcement Action and Take Downs
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
Ukraine–Germany operation targets Black Basta, Russian leader wanted
Access broker caught: Jordanian pleads guilty to hacking 50 companies
Law enforcement tracks ransomware group blamed for massive financial losses - Help Net Security
Tennessee Man Pleads Guilty to Repeatedly Hacking Supreme Court’s Filing System - SecurityWeek
Linux and Open Source
Old Attack, New Speed: Researchers Optimize Page Cache Exploits - SecurityWeek
Malvertising
TamperedChef Malvertising Campaign Drops Malware via Fake PDF Manuals - Infosecurity Magazine
Malware
VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point Research
Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto
More malicious browser extensions uncovered - Chrome, Firefox, and Edge all affected | TechRadar
PDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR Evasion
New PDFSider Windows malware deployed on Fortune 100 firm's network
840,000+ users hit by malicious browser extensions. Uninstall these ASAP! | PCWorld
TamperedChef Malvertising Campaign Drops Malware via Fake PDF Manuals - Infosecurity Magazine
ISP Sinkholes Kimwolf Servers Amid Eruption of Bot Traffic
'Contagious Interview' Attack Now Delivers Backdoor Via VS Code
Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts
Malicious GhostPoster browser extensions found with 840,000 installs
Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations
Attackers are getting stealthier – how can defenders stay ahead? | TechRadar
New PixelCode Attack Smuggles Malware via Image Pixel Encoding
New Multi-Stage Windows Malware Disables Microsoft Defender Before Dropping Malicious Payloads
Credential-stealing Chrome extensions target enterprise HR platforms
Misinformation, Disinformation and Propaganda
Mainland deals with almost 4,000 cyber attacks from Taiwan in 2025-Xinhua
China says highly concerned about EU's cybersecurity package reportedly targeting China-Xinhua
Mobile
New Android malware uses AI to click on hidden browser ads
One-time SMS links that never expire can expose personal data for years - Help Net Security
Turn off this Pixel feature now - it could be leaking your background audio | ZDNET
Android’s new feature lets you see what happened after a break-in - Android Authority
Models, Frameworks and Standards
Europe’s GDPR cops dished out €1.2B in fines last year • The Register
EU Cyber Resilience Act: Key 2026 milestones toward CRA compliance | Hogan Lovells - JDSupra
EU Unveils Proposed Update to Cybersecurity Act - Infosecurity Magazine
EU tightens cybersecurity rules for tech supply chains - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
LastPass Warns of Fake Maintenance Messages Targeting Users' Master Passwords
Analysis of 6 Billion Passwords Shows Stagnant User Behavior - SecurityWeek
Account Compromise Surged 389% in 2025, Says eSentire - Infosecurity Magazine
Passwords are still a problem for UK businesses - what next? | TechRadar
Regulations, Fines and Legislation
Europe’s GDPR cops dished out €1.2B in fines last year • The Register
EU Cyber Resilience Act: Key 2026 milestones toward CRA compliance | Hogan Lovells - JDSupra
EU Unveils Proposed Update to Cybersecurity Act - Infosecurity Magazine
EU tightens cybersecurity rules for tech supply chains - Help Net Security
A new European standard outlines security requirements for AI - Help Net Security
Europe Readies Law to Eject Chinese Equipment From Telecoms
Starmer stares down social media ban barrel in latest U-turn • The Register
MPs question regulators’ capacity to meet cyber security demands
Beijing pledges to defend tech crown jewels against EU cyber rules – POLITICO
Social Media
Starmer stares down social media ban barrel in latest U-turn • The Register
Meta urges Australia to rethink 'blanket' social media ban for teens
Supply Chain and Third Parties
EU Cyber Resilience Act: Key 2026 milestones toward CRA compliance | Hogan Lovells - JDSupra
EU Commission publishes Cybersecurity Act revision proposal
Grubhub confirms breach linked to Salesforce attacks | Cybernews
Training, Education and Awareness
Hackers exploit security testing apps to breach Fortune 500 firms
Exposed training apps are showing up in active cloud attacks - Help Net Security
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Global tensions are pushing cyber activity toward dangerous territory - Help Net Security
Chinese military says it is developing over 10 quantum warfare weapons | South China Morning Post
From battlefield to courtroom - Emerging Europe
Former sailor sentenced to 16 years for selling information about US Navy ships to China | Euronews
US Cyberattack Blacks Out Venezuela, Leads to Maduro’s Capture in 2026 – DataBreaches.Net
Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities - The New York Times
Nation State Actors
Global tensions are pushing cyber activity toward dangerous territory - Help Net Security
China
VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point Research
MI5 to move cables away from China mega-embassy over spy fears
Chinese military says it is developing over 10 quantum warfare weapons | South China Morning Post
China-linked hackers exploited Sitecore zero-day for initial access
Cybersecurity Firms React to China's Reported Software Ban - SecurityWeek
Uncovered: Secret room beneath Chinese embassy that poses threat to City
China-linked APT UAT-8837 targets North American critical infrastructure
UK approves China plan for mega embassy in London despite spy fears | Reuters
Beijing pledges to defend tech crown jewels against EU cyber rules – POLITICO
Canada’s new EV deal with China prompts cybersecurity questions
Former sailor sentenced to 16 years for selling information about US Navy ships to China | Euronews
Russia
Fresh alert warns of pro-Russia hackers targeting UK groups in cyber attacks
UK NCSC warns of Russia-linked hacktivists DDoS attacks
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
Ukraine–Germany operation targets Black Basta, Russian leader wanted
A new cybersecurity course for military personnel has been launched in "Army+" | УНН
North Korea
'Contagious Interview' Attack Now Delivers Backdoor Via VS Code
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
Iran
Hackers target Iran’s state TV to air footage supporting exiled crown prince | The Independent
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Global tensions are pushing cyber activity toward dangerous territory - Help Net Security
Trump “Precision Cyber” Meant 150 Planes Bombing Venezuelan Infrastructure to Rubble | flyingpenguin
Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities - The New York Times
Tools and Controls
More malicious browser extensions uncovered - Chrome, Firefox, and Edge all affected | TechRadar
Rising AI threats drive 82% of firms to boost cybersecurity budgets - Cryptopolitan
63% of IT leaders say firms overestimate cyber recovery| Cybernews
UK firms' cybersecurity budget set for major increase - UKTN
For cyber risk assessments, frequency is essential | CSO Online
AI Risks a Key Driver Behind Cyber Insurance Growth, Evolution | MSSP Alert
Why CEOs and CISOs are split on AI-driven cyber risk | Invezz
Mandiant pushes organizations to dump insecure NTLMv1 by releasing a way to crack it – Computerworld
The internet's oldest trust mechanism is still one of its weakest links - Help Net Security
North Korea-Linked Hackers Target Developers via Malicious VS Code Projects
Passwords are still a problem for UK businesses - what next? | TechRadar
SMEs looking for cover as cyber risks mount
Privacy teams feel the strain as AI, breaches, and budgets collide - Help Net Security
Other News
Most SMBs aren't set up to survive a major cyberattack - here's what needs to be done | TechRadar
The internet's oldest trust mechanism is still one of its weakest links - Help Net Security
One in 10 UK Firms “Unlikely to Survive” Serious Cyber Incident - Infosecurity Magazine
Reinventing transformation - UKTN
When the Olympics connect everything, attackers pay attention - Help Net Security
Why Higher Ed CIOs Must Rethink Cybersecurity
British Army to spend £279 million on permanent cyber regiment base - Help Net Security
Confusion and fear send people to Reddit for cybersecurity advice - Help Net Security
Ports central to EU cybersecurity | News | Port Strategy
Best of British: UK's infosec envoys are mostly US firms • The Register
Insurance CEOs bullish on growth but flag cyber as top constraint - KPMG | Insurance Business
Vulnerability Management
Zero-Day Exploits Surge, 30% of Flaws Attacked Before Disclosure - Infosecurity Magazine
Experts welcome EU-led alternative to MITRE's vulnerability tracking scheme | IT Pro
Curl shutters bug bounty program to stop AI slop • The Register
Vulnerabilities
Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) - Help Net Security
Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex
More Problems for Fortinet: Critical FortiSIEM Flaw Exploited
Fortinet admins report patched FortiGate firewalls getting hacked
Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations
New research shows Bluetooth devices are at risk of hijack - Trusted Reviews
Azure Identity Token Flaw Exposes Windows Admin Center to Tenant-Wide Breaches
Microsoft issues emergency patch for latest Windows bugs - grab it ASAP | ZDNET
Zoom fixed critical Node Multimedia Routers flaw
Microsoft & Anthropic MCP Servers At Risk of RCE, Cloud Takeovers
Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers
ACME Flaw in Cloudflare allowed attackers to reach origin servers
RondoDox botnet exploits critical HPE OneView bug • The Register
CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution
Oracle Critical Security Patch - 337 Vulnerabilities Patched Across Product Families
China-linked hackers exploited Sitecore zero-day for initial access
SmarterMail auth bypass flaw now exploited to hijack admin accounts
Critical Appsmith Flaw Enables Account Takeovers - Infosecurity Magazine
GitLab patches major security flaw - here's what we know | TechRadar
TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking - SecurityWeek
RealHomes CRM Plugin Flaw Affected 30,000 WordPress Sites - Infosecurity Magazine
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 16 January 2026
Black Arrow Cyber Threat Intelligence Briefing 16 January 2026:
-We’re Moving Too Fast: Why AI’s Race to Market Is a Security Disaster
-The Speed Mismatch Putting Modern Security At Risk
-New Intelligence Is Moving Faster than Enterprise Controls
-Cyber Risk Enters a New Era as AI and Supply Chains Reshape Global Security
-Allianz Risk Barometer 2026: Cyber Remains Top Business Risk but AI Fastest Riser at #2
-Downtime Pushes Resilience Planning into Security Operations
-Executives More Likely to Take Phishing Bait than Junior Staff
-QR Codes Are Getting Colourful, Fancy, and Dangerous
-Convincing LinkedIn Comment-Reply Tactic Used in New Phishing
-Cyber Criminals Recruiting Insiders at Specific Organisations
-Ransomware Activity Surges to Record Levels
-State-Backed Cyberattacks Are No Longer a Government Problem – They’re Now a Boardroom Priority
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Looking at various sources in this week’s review, the recurring conclusion is the need for organisations to make sure they understand the risks of AI before and during its use. Examples include a vulnerability in popular business software that allowed abuse by attackers, while organisations are deploying AI faster than their security. AI, and cyber risks in general, are top business risks according to research by the World Economic Forum and Allianz.
From a business leadership perspective, cyber reliance is increasingly important, yet research shows that executives are more likely to fall for a phishing attack. We look at emerging threats to businesses, including stylised QR codes, LinkedIn scams and attackers recruiting insiders to gain entry to targeted organisations. Ransomware remains a primary risk and is at record levels.
We are consistent in our messaging on how business leaders should address these risks. Ensure you have a contemporary understanding of how cyber is evolving, through our weekly threat intelligence briefings and leadership training, and establish a proportionate strategy to address the risks across people, operations and technology. By gaining your own impartial perspective, you will be better placed to govern and challenge others who are designing and maintaining your security controls.
Top Cyber Stories of the Last Week
We’re Moving Too Fast: Why AI’s Race to Market Is a Security Disaster
A critical ServiceNow AI vulnerability demonstrates how weaknesses introduced during rapid AI deployment can lead to serious security failures. The flaw allowed unauthenticated attackers to impersonate administrators and abuse AI agents. Default configurations, weak authentication and limited oversight are common in agentic AI systems, expanding organisational attack surfaces and enabling privilege abuse through automation.
The Speed Mismatch Putting Modern Security At Risk
Attackers now operate at machine speed, while many organisations still rely on quarterly or annual security checks. This gap creates hidden risk, as vulnerabilities can appear and disappear between reviews and be exploited before they are identified. Security validation must move away from periodic checks and keep pace with continuously changing systems and attack activity.
New Intelligence Is Moving Faster than Enterprise Controls
Enterprises are deploying AI faster than supporting infrastructure, governance and data controls can keep up, according to NTT research. Only a small proportion of organisations can operate AI at scale, with infrastructure limits and weak data hygiene creating security and reliability risks. The use of unsanctioned AI tools raises concerns around data leakage and inaccurate outputs, while governance maturity varies widely.
Source: https://www.helpnetsecurity.com/2026/01/16/ntt-data-enterprise-ai-governance/
Cyber Risk Enters a New Era as AI and Supply Chains Reshape Global Security
According to the World Economic Forum’s Global Cybersecurity Outlook 2026, AI‑related vulnerabilities surged more than any other cyber risk in 2025. Many organisations reported sensitive data leaking through generative AI tools as adoption outpaces governance, and a significant share of respondents expressed growing concern over attackers’ use of advanced AI capabilities. Uneven cyber security strength across suppliers and regions increases the risk that incidents spread beyond individual organisations, causing wider disruption across connected ecosystems.
Source: https://petri.com/cyber-risk-ai-supply-chains-global-security/
Allianz Risk Barometer 2026: Cyber Remains Top Business Risk but AI Fastest Riser at #2
Cyber incidents remain the top global business risk for the fifth consecutive year, ranked number one by 42% of respondents worldwide, driven largely by ransomware. AI rose from #10 to #2 as adoption accelerates faster than governance, creating operational, legal and reputational risk. Supply chain dependence and third‑party exposure continue to amplify the impact of disruption across businesses of all sizes.
Downtime Pushes Resilience Planning into Security Operations
Operational disruption and prolonged downtime caused by security incidents are becoming routine, with recovery often taking days and direct remediation costs reaching millions. These impacts are now prominent in board discussions. In response, research shows that CISOs are increasingly defining success in their role based on recovery and continuity rather than prevention alone, with growing executive expectations and accountability for restoring operations from risks including ransomware, supply chains, insiders and failures in trusted security software.
Source: https://www.helpnetsecurity.com/2026/01/12/absolute-ciso-resilience-planning/
Executives More Likely to Take Phishing Bait than Junior Staff
Yubico data shows over 11% of C‑suite respondents interacted with phishing in the past week, compared to 8.8% of entry‑level staff. Perception gaps persist, with 44% of C‑suite respondents saying they believe their organisation’s cyber security is “very good”, compared with 25% of entry‑level staff. Small businesses show low training and MFA adoption, increasing exposure to AI‑driven social engineering.
Source: https://betanews.com/article/executives-more-likely-to-take-phishing-bait-than-junior-staff/
QR Codes Are Getting Colourful, Fancy, and Dangerous
QR codes are increasingly used by attackers in phishing campaigns known as quishing. Research highlights how stylised QR codes using colours, logos and backgrounds preserve scan reliability while evading traditional URL inspection and email security controls. Industry data shows 22% of QR‑related attacks involve phishing, with state‑sponsored and criminal actors using redirection chains to harvest credentials via mobile devices.
Source: https://www.helpnetsecurity.com/2026/01/15/fancy-qr-codes-phishing-risk/
Convincing LinkedIn Comment-Reply Tactic Used in New Phishing
Attackers are posting fake LinkedIn comment replies impersonating the platform to claim policy violations and drive users to phishing sites. Some campaigns abuse LinkedIn’s own lnkd.in shortener, obscuring destinations. Fake company pages using LinkedIn branding have been identified, with LinkedIn confirming it does not notify users of violations via public comments.
Cyber Criminals Recruiting Insiders at Specific Organisations
Dark web forums show criminals actively seeking insiders at named organisations to access customer data and internal systems. Listings target crypto firms, consultancies and consumer platforms, offering payments of $3,000–$15,000. Insiders can bypass standard alerts, with researchers citing previous incidents where recruited employees enabled large‑scale data theft and financial loss.
Source: https://www.itpro.com/security/cyber-criminals-recruiting-insiders-at-specific-organizations
Ransomware Activity Surges to Record Levels
Global ransomware activity reached record levels in 2025, with 2,287 victims reported in Q4 alone and 124 active ransomware groups, a 46% year‑on‑year increase. Victim numbers rose 58% as law enforcement pressure fragmented larger groups of attackers into many smaller operators running frequent, repeatable attacks. The US accounted for 55% of victims, but activity remains global and sustained.
Source: https://betanews.com/article/ransomware-activity-surges-to-record-levels/
State-Backed Cyberattacks Are No Longer a Government Problem – They’re Now a Boardroom Priority
State‑backed actors increasingly target private organisations and supply chains rather than governments alone. The UK NCSC handled 204 nationally significant incidents in 12 months, up from 89 the previous year. Smaller suppliers are frequently exploited as backdoors, with resilience, governance and supply chain controls highlighted as practical responses to persistent geopolitical cyber threats.
Governance, Risk and Compliance
Executives more likely to take phishing bait than junior staff - BetaNews
Businesses in 2026: AI security oh yeah better look at that • The Register
Business leaders see AI risks and fraud outpacing ransomware, says WEF | Computer Weekly
Privacy and Cybersecurity Laws in 2026 Pose Challenges
Downtime pushes resilience planning into security operations - Help Net Security
Cyber Risk Enters a New Era as AI Reshapes Global Security
CISOs flag gaps in third-party risk management - Help Net Security
CISO Succession Crisis Highlights How Turnover Amplifies Risks
Allianz Risk Barometer 2026: Cyber Remains Top Business Risk but AI Fastest Riser at #2
CISO Role Reaches “Inflexion Point” With Executive-Level Titles - Infosecurity Magazine
Technology dominates global risk concerns – Allianz
What insurers expect from cyber risk in 2026 - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
The Ransomware Paradox: Why Payments Are Soaring as Attacks “Drop” | MSSP Alert
Ransomware activity surges to record levels - BetaNews
Ransomware activity never dies, it multiplies - Help Net Security
Business leaders see AI risks and fraud outpacing ransomware, says WEF | Computer Weekly
Threat Actors Attacking Systems with 240+ Exploits Before Ransomware Deployment
Ransomware: Tactical Evolution Fuels Extortion Epidemic | SECURITY.COM
Takedowns and arrests didn't slow down ransomware in 2025 | TechRadar
DeadLock ransomware uses smart contracts to evade defenders • The Register
Ransomware by the Numbers: Count of Victims and Groups Surge
Fog Ransomware Attacking US Organizations Leveraging Compromised VPN Credentials
France swaps alleged ransomware crook for conflict researcher • The Register
Sicarii Ransomware: Truth vs Myth - Check Point Research
MEED | Construction is third most targeted sector by ransomware
Ransomware Victims
South Korean giant Kyowon confirms data theft in ransomware attack
Cyberattack forces Belgian hospitals to cancel surgeries | Cybernews
Government statement on 'serious cyber attack' at Nuneaton school | Coventry Live
Belgian hospitals refuse ambulances following cyberattack • The Register
Phishing & Email Based Attacks
Executives more likely to take phishing bait than junior staff - BetaNews
QR codes are getting colorful, fancy, and dangerous - Help Net Security
FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes - SecurityWeek
North Korea turns QR codes into phishing weapons • The Register
FBI Flags Quishing Attacks From North Korean APT
Why can’t companies stop social engineering attacks?
Hackers Use Fake PayPal Notices to Steal Credentials, Deploy RMMs - Infosecurity Magazine
Trellix warns of advanced Facebook phishing using browser-in-the-browser attacks - SiliconANGLE
Facebook login thieves now using browser-in-browser trick
Phishing scammers are posting fake “account restricted” comments on LinkedIn | Malwarebytes
MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors
Why QR Codes Are Education's New Phishing Blind Spot - Security Boulevard
Fake Facebook pop-ups mimic browser window | Cybernews
Browser-in-the-Browser phishing is on the rise: Here's how to spot it - Help Net Security
China spies used Maduro capture as lure to phish US agencies • The Register
Other Social Engineering
QR codes are getting colorful, fancy, and dangerous - Help Net Security
Impersonation Fraud Drives Record $17bn in Crypto Losses - Infosecurity Magazine
Why can’t companies stop social engineering attacks?
Hackers Use Fake PayPal Notices to Steal Credentials, Deploy RMMs - Infosecurity Magazine
Phishing scammers are posting fake “account restricted” comments on LinkedIn | Malwarebytes
Fake Facebook pop-ups mimic browser window | Cybernews
Browser-in-the-Browser phishing is on the rise: Here's how to spot it - Help Net Security
Artificial Intelligence
Businesses in 2026: AI security oh yeah better look at that • The Register
Business leaders see AI risks and fraud outpacing ransomware, says WEF | Computer Weekly
Cyber Risk Enters a New Era as AI Reshapes Global Security
Allianz Risk Barometer 2026: Cyber Remains Top Business Risk but AI Fastest Riser at #2
WEF: Deepfake Face-Swapping Tools Are Creating Critical Risks - Infosecurity Magazine
Top cyber threats to your AI systems and infrastructure | CSO Online
LLMs in Attacker Crosshairs, Warns Threat Intel Firm - SecurityWeek
We’re Moving Too Fast: Why AI’s Race to Market Is a Security Disaster - Security Boulevard
New intelligence is moving faster than enterprise controls - Help Net Security
AI-Powered Truman Show Operation Industrializes Investment Fraud - Infosecurity Magazine
Hackers target misconfigured proxies to access paid LLM services
Generative AI in Enterprises: Security Risks Most Companies Are Not Measuring - Security Boulevard
Mac users are being targeted by a fake Grok app, and it's powered by AI - PhoneArena
AI driving serious fraud spike – WEF
What Should We Learn From How Attackers Leveraged AI in 2025?
Your Copilot data can be hijacked with a single click - here's how | ZDNET
AI Agents Are Becoming Authorization Bypass Paths
The quiet way AI normalizes foreign influence | CyberScoop
Malaysia and Indonesia block X over deepfake smut • The Register
Elon Musk calls UK government ‘fascist’ over touted X ban
California AG launches investigation into X’s sexualized deepfakes | CyberScoop
Vibe coding security risks and how to mitigate them | TechTarget
Ofcom continues X probe despite Grok 'nudify' fix • The Register
Bots/Botnets
Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers
GoBruteforcer Botnet Targeting Crypto, Blockchain Projects - SecurityWeek
Careers, Roles, Skills, Working in Cyber and Information Security
We're losing in recruitment | Professional Security Magazine
Cloud/SaaS
New Linux malware targets the cloud, steals creds, then vanishes • The Register
New Chinese-Made Malware Framework Targets Linux Cloud Environments - Infosecurity Magazine
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Impersonation Fraud Drives Record $17bn in Crypto Losses - Infosecurity Magazine
Crypto crime hits record levels as state actors move billions - Help Net Security
GoBruteforcer Botnet Targeting Crypto, Blockchain Projects - SecurityWeek
Betterment Customer Data Accessed in Online Crypto Scam Attack
Cyber Crime, Organised Crime & Criminal Actors
Russia’s Cyber Sanctuary in Transition: Implications for Global Cybercrime | Geopolitical Monitor
Europol Leads Global Crackdown on Black Axe Cybercrime Gang, 34 Arrest - Infosecurity Magazine
The country at the heart of the global scam industry
Exclusive research: Cybersecurity issues may worsen in 2026 | PaymentsSource | American Banker
The New Threats: Attackers Don't Just Break In, They Blend In - The New Stack
We're losing in recruitment | Professional Security Magazine
Why are cybercriminals getting younger? | TechRadar
BreachForums Breach Exposes 324K Cybercriminals
Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages
BreachForums Data Leak Raises Fresh Questions Over Credibility - IT Security Guru
Data Breaches/Leaks
Russia’s Fancy Bear APT Doubles Down on Global Secrets Theft
France fines telcos €42M for issues leading to 2024 breach • The Register
California bans data broker reselling health data of millions
After Goldman, JPMorgan Discloses Law Firm Data Breach - SecurityWeek
Sensitive data of Eurail, Interrail travelers compromised in data breach - Help Net Security
BreachForums Data Leak Raises Fresh Questions Over Credibility - IT Security Guru
BreachForums hacking forum database leaked, exposing 324,000 accounts
Manage My Health starts notifying affected practices after major cyber breach | Cybernews
Second health provider, Canopy Health, hit in major cyber attack | RNZ News
Central Maine Healthcare breach exposed data of over 145,000 people
Instagram denies data breach after password reset emails spark leak claims - SiliconANGLE
Target employees confirm leaked source code is authentic
Threat actor claims the theft of full customer data from Spanish energy firm Endesa
Denial of Service/DoS/DDoS
ICE Agent Doxxing Site DDoS-ed Via Russian Servers - Infosecurity Magazine
Encryption
EU’s Chat Control could put government monitoring inside robots - Help Net Security
Michael Tsai - Blog - UK Child Protections and Messaging Backdoor
WFE Urges Regulators to Balance Quantum Risks With Immediate Cyber Threats - FinanceFeeds
G7 Sets 2034 Deadline for Finance to Adopt Quantum-Safe Systems - Infosecurity Magazine
Fraud, Scams and Financial Crime
Impersonation Fraud Drives Record $17bn in Crypto Losses - Infosecurity Magazine
Cyber Fraud Overtakes Ransomware as Top CEO Concern: WEF - SecurityWeek
WEF: Deepfake Face-Swapping Tools Are Creating Critical Risks - Infosecurity Magazine
The country at the heart of the global scam industry
Exclusive research: Cybersecurity issues may worsen in 2026 | PaymentsSource | American Banker
Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages
AI-Powered Truman Show Operation Industrializes Investment Fraud - Infosecurity Magazine
AI driving serious fraud spike – WEF
Phishing scammers are posting fake “account restricted” comments on LinkedIn | Malwarebytes
Online shoppers at risk as Magecart skimming hits major payment networks | Malwarebytes
Identity and Access Management
AI Agents Are Becoming Authorization Bypass Paths
Insurance
What insurers expect from cyber risk in 2026 - Help Net Security
US regulator tells GM to hit the brakes on customer tracking • The Register
Insider Risk and Insider Threats
Cyber criminals recruiting insiders at specific organizations | IT Pro
Internet of Things – IoT
Is your smart home at risk of being hacked? 6 ways experts lock theirs down | ZDNET
Sorry I'm late for work boss, my car's been hacked | Autocar
Why hacking could be the biggest threat facing automotive | Autocar
Multiple Hikvision Vulnerabilities Let Attackers Cause Device Malfunction Using Crafted Packets
China targets US cybersecurity firms, Tesla's FSD subscription
Law Enforcement Action and Take Downs
Takedowns and arrests didn't slow down ransomware in 2025 | TechRadar
Europol Leads Global Crackdown on Black Axe Cybercrime Gang, 34 Arrest - Infosecurity Magazine
Dutch cops cuff alleged AVCheck malware kingpin in Amsterdam • The Register
Why are cybercriminals getting younger? | TechRadar
Hacker gets seven years for breaching Rotterdam and Antwerp ports
'Violence-as-a-service' suspect arrested • The Register
Appeal fails for hacker who opened port to coke smugglers • The Register
Illinois man charged with hacking Snapchat accounts to steal nude photos
Linux and Open Source
New Linux malware targets the cloud, steals creds, then vanishes • The Register
GoBruteforcer Botnet Targets 50K-plus Linux Servers
New Chinese-Made Malware Framework Targets Linux Cloud Environments - Infosecurity Magazine
Europe Has a New Plan to Break Free from US Tech Dominance
Malware
New Linux malware targets the cloud, steals creds, then vanishes • The Register
ValleyRAT_S2 Attacking Organizations to Deploy Stealthy Malware and Extract Financial Details
GoBruteforcer Botnet Targets 50K-plus Linux Servers
Mac users are being targeted by a fake Grok app, and it's powered by AI - PhoneArena
Beware of Weaponized Employee Performance Reports that Deploys Guloader Malware
New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack
How real software downloads can hide remote backdoors | Malwarebytes
Gootloader now uses 1,000-part ZIP archives for stealthy delivery
Dutch cops cuff alleged AVCheck malware kingpin in Amsterdam • The Register
Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers
China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware
MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors
PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces
Misinformation, Disinformation and Propaganda
The quiet way AI normalizes foreign influence | CyberScoop
Mobile
Your phone is sharing data without your knowledge - how to stop it ASAP | ZDNET
Apple iPhone Attacks Confirmed — Experts Warn 'Update Now or Stay Exposed' | IBTimes
Tories want kids off social media and phones out of schools • The Register
Models, Frameworks and Standards
UK government exempting itself from flagship cyber law inspires little confidence • The Register
Parliament Asks Security Pros to Shape Cyber Security and Resilience Bill - Infosecurity Magazine
Michael Tsai - Blog - UK Child Protections and Messaging Backdoor
Outages
Investor Lawsuit Over CrowdStrike Outage Dismissed - SecurityWeek
Verizon blames nationwide outage on a "software issue"
Passwords, Credential Stuffing & Brute Force Attacks
Fog Ransomware Attacking US Organizations Leveraging Compromised VPN Credentials
Credential-harvesting attacks by APT28 hit Turkish, European, and Central Asian organizations
Regulations, Fines and Legislation
UK government exempting itself from flagship cyber law inspires little confidence • The Register
Privacy and Cybersecurity Laws in 2026 Pose Challenges
France fines telcos €42M for issues leading to 2024 breach • The Register
Elon Musk calls UK government ‘fascist’ over touted X ban
California AG launches investigation into X’s sexualized deepfakes | CyberScoop
EU’s Chat Control could put government monitoring inside robots - Help Net Security
Dems pressure Google, Apple to drop X app as international regulators turn up heat | CyberScoop
Ofcom continues X probe despite Grok 'nudify' fix • The Register
The US doesn’t need a Cyber Force: it needs to prioritize cybersecurity
Hill warning: Don’t put cyber offense before defense | CyberScoop
Treat US tech firms the same as Chinese providers say campaigners | UKAuthority
UK backtracks on digital ID requirement for right to work • The Register
US cybersecurity weakened by congressional delays despite Plankey renomination | CSO Online
Social Media
Phishing scammers are posting fake “account restricted” comments on LinkedIn | Malwarebytes
Ofcom continues X probe despite Grok 'nudify' fix • The Register
Browser-in-the-Browser phishing is on the rise: Here's how to spot it - Help Net Security
Trellix warns of advanced Facebook phishing using browser-in-the-browser attacks - SiliconANGLE
Facebook login thieves now using browser-in-browser trick
Tories want kids off social media and phones out of schools • The Register
Instagram says it fixed the issue behind shady password reset emails - Digital Trends
Instagram denies breach amid claims of 17 million account data leak
Supply Chain and Third Parties
Cyber Risk Enters a New Era as AI Reshapes Global Security
CISOs flag gaps in third-party risk management - Help Net Security
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
The quiet way AI normalizes foreign influence | CyberScoop
Is the US adopting the gray zone cyber playbook? | CyberScoop
Estonia: Small State Security and the International Order
Taiwan Endures Greater Cyber Pressure From China
Nation State Actors
Cyber Risk Enters a New Era as AI Reshapes Global Security
The quiet way AI normalizes foreign influence | CyberScoop
Crypto crime hits record levels as state actors move billions - Help Net Security
China
New Linux malware targets the cloud, steals creds, then vanishes • The Register
China crew abused ESXi zero-days a year before disclosure • The Register
Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways
New Chinese-Made Malware Framework Targets Linux Cloud Environments - Infosecurity Magazine
China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware
China bans U.S. and Israeli cybersecurity software over security concerns
Taiwan Endures Greater Cyber Pressure From China
China spies used Maduro capture as lure to phish US agencies • The Register
Treat US tech firms the same as Chinese providers say campaigners | UKAuthority
Russia
Russia’s Fancy Bear APT Doubles Down on Global Secrets Theft
Russia’s Cyber Sanctuary in Transition: Implications for Global Cybercrime | Geopolitical Monitor
Credential-harvesting attacks by APT28 hit Turkish, European, and Central Asian organizations
Russia-linked APT28 targets energy and defense groups tied to NATO | SC Media
Ukraine's army targeted in new charity-themed malware campaign
PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces
ICE Agent Doxxing Site DDoS-ed Via Russian Servers - Infosecurity Magazine
France swaps alleged ransomware crook for conflict researcher • The Register
Estonia: Small State Security and the International Order
North Korea
FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes - SecurityWeek
North Korea turns QR codes into phishing weapons • The Register
FBI Flags Quishing Attacks From North Korean APT
Iran
MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors
Iran cuts Internet nationwide amid deadly protest crackdown
‘Kill Switch’—Iran Shuts Down Starlink Internet For First Time
Trump’s cyber options in Iran - POLITICO
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Cyber Risk Enters a New Era as AI Reshapes Global Security
The quiet way AI normalizes foreign influence | CyberScoop
Venezuelan Oil Industry Is Running on WhatsApp After Cyberattack - Bloomberg
Trump’s cyber options in Iran - POLITICO
Treat US tech firms the same as Chinese providers say campaigners | UKAuthority
Is the US adopting the gray zone cyber playbook? | CyberScoop
How hackers fight back against ICE surveillance tech • The Register
Tools and Controls
Hackers Use Fake PayPal Notices to Steal Credentials, Deploy RMMs - Infosecurity Magazine
CISOs flag gaps in third-party risk management - Help Net Security
Fog Ransomware Attacking US Organizations Leveraging Compromised VPN Credentials
Vibe coding security risks and how to mitigate them | TechTarget
Downtime pushes resilience planning into security operations - Help Net Security
China bans U.S. and Israeli cybersecurity software over security concerns
What insurers expect from cyber risk in 2026 - Help Net Security
The 2 faces of AI: How emerging models empower and endanger cybersecurity | CSO Online
DRAM shortage may drive firewall prices higher: analysts • The Register
Deploying AI agents is not your typical software launch - 7 lessons from the trenches | ZDNET
Reports Published in the Last Week
The State of Ransomware in the U.S.: Report and Statistics 2025
Other News
The Speed Mismatch Putting Modern Security At Risk
UK establishes Government Cyber Unit to protect against large-scale cyberattacks - SZR | УНН
New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification
Cyber body ISC2 signs on as UK software security ambassador | Computer Weekly
Hedge funds step up cybersecurity spending amid rising threats and regulatory pressure - Hedgeweek
Act Now To Enhance Your Business's Cyber Resilience - British Chambers of Commerce
Cyber Threat Actors Ramp Up Attacks on Industrial Environments - Infosecurity Magazine
The concerning cyber-physical security disconnect | SC Media
The US doesn’t need a Cyber Force: it needs to prioritize cybersecurity
Vulnerability Management
Vulnerabilities Surge, But Messy Reporting Blurs Picture
Vulnerabilities
Hackers Launched 8.1 Million Attack Sessions to React2Shell Vulnerability
China crew abused ESXi zero-days a year before disclosure • The Register
Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways
Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws
PoC exploit for critical FortiSIEM vulnerability released (CVE-2025-64155) - Help Net Security
Apple iPhone Attacks Confirmed — Experts Warn 'Update Now or Stay Exposed' | IBTimes
Hackers exploit Modular DS WordPress plugin flaw for admin access
Microsoft SQL Server Vulnerability Allows Attackers to Elevate Privileges over a Network
Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking | WIRED
Flipping one bit leaves AMD CPUs open to VM vuln • The Register
Trend Micro Patches Critical Code Execution Flaw in Apex Central - SecurityWeek
CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution
'Most Severe AI Vulnerability to Date' Hits ServiceNow
Adobe Patches Critical Apache Tika Bug in ColdFusion - SecurityWeek
SAP's January 2026 Security Updates Patch Critical Vulnerabilities - SecurityWeek
Broadcom Wi-Fi Chipset Flaw Allows Hackers to Disrupt Networks - SecurityWeek
8000+ SmarterMail Hosts Vulnerable to RCE Attack - PoC Exploit Released
US government told to patch high-severity Gogs security issue or face attack | TechRadar
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Advisory - 14 January 2026 - Security Updates - Microsoft, SAP, Adobe
Black Arrow Cyber Advisory - 14 January 2026 - Security Updates - Microsoft, SAP, Adobe
Executive Summary
January’s security releases are dominated by Microsoft’s Patch Tuesday, which addresses over a hundred CVEs and includes an actively exploited zero-day, alongside SAP fixes containing multiple critical issues and Adobe updates across key Creative Cloud applications plus ColdFusion. The highest risks this month centre on remote code execution, elevation of privilege, and injection flaws affecting business-critical and user-facing systems. Prioritise patching for internet-facing services, identity and access components, and widely deployed endpoint and productivity tooling.
Vulnerabilities by Vendor
Microsoft[1]: 112 vulnerabilities, affecting Windows, Microsoft 365 and Office, browser components, developer tools, and enterprise services. Prioritise updates addressing actively exploited vulnerabilities and critical remote code execution or privilege escalation paths, especially on internet facing and end user endpoints.
SAP[2]: 19 vulnerabilities affecting SAP S/4HANA (private cloud and on premise), SAP HANA, SAP NetWeaver (including AS ABAP and Enterprise Portal), RFCSDK, Identity Management, and supporting components. Prioritise critical and high severity fixes first, particularly where systems are exposed to users, integrations, or administrative workflows.
Adobe[3]: 25 vulnerabilities affecting Creative Cloud applications (including Dreamweaver, InDesign, Illustrator, InCopy, Bridge, and Substance 3D tools) plus ColdFusion. Prioritise updates that address arbitrary code execution, and treat ColdFusion as urgent where it is deployed in production or accessible to untrusted inputs.
What’s the risk to me or my business?
The presence of actively exploited zero-days and critical RCE/privilege escalation vulnerabilities across major enterprise platforms significantly elevates the risk of data breaches, lateral movement, malware deployment, and full system compromise.
What can I do?
Black Arrow recommends promptly applying the available security updates for all affected products. Prioritise patches for vulnerabilities that are actively exploited or rated as critical or high severity. Regularly review and update your organisation's security policies and ensure that all systems are running supported and up-to-date software versions.
Footnotes:
1 Microsoft — https://msrc.microsoft.com/update-guide/releaseNote/2026-Jan
2 SAP — https://support.sap.com/en/my-support/knowledge-base/security-notes-news/january-2026.html
3 Adobe — https://helpx.adobe.com/security.html
Black Arrow Cyber: 5 Cyber Predictions for Business Leaders in 2026, and What You Need to Do
Throughout the year in our weekly Cyber Threat Intelligence Briefing, we bring you insights into the evolving cyber risks that your business faces and importantly, what you can do about them. As a business leader, you are not expected to be a cyber expert; you just need a sound grasp of the fundamentals, and an objective assessment of your risks and controls from an impartial expert so you can appropriately challenge your control providers. Proportionality and impartiality are key, and so too is keeping up to date with how the ground is shifting.
Throughout the year in our weekly Cyber Threat Intelligence Briefing, we bring you insights into the evolving cyber risks that your business faces and importantly, what you can do about them. As a business leader, you are not expected to be a cyber expert; you just need a sound grasp of the fundamentals, and an objective assessment of your risks and controls from an impartial expert so you can appropriately challenge your control providers. Proportionality and impartiality are key, and so too is keeping up to date with how the ground is shifting.
Here are five of our focus areas for this year, to help keep your business running in a more secure environment. Other risks such as ransomware and business email compromise remain high on the list too. We discuss these and many others in our weekly threat intelligence email; subscribe today and contact us for impartial expertise on how to address your risks through proportionate security.
1. Tailored Attacks Using Agentic AI
Agentic AI tools can autonomously design and execute attacks, leveraging resources they identify. We already saw examples in 2025, and this will ramp up in 2026. The result is faster and more potent attacks, tailored to the victim.
What to do: review your controls including vulnerability management, access management, and monitoring and detection. And keep your finger on the pulse through good governance; this includes discussing reports and knowing how to challenge what you see, and keeping abreast of evolving risks through threat intelligence.
2. Deepfake and Voice AI Become Commonplace
What was considered sophisticated deepfake in 2025 will be commonplace in 2026. Technology has advanced and is more widely used since the infamous $25m deepfake payment fraud in Hong Kong. AI deepfake video and voice will be used increasingly in social engineering attacks for fraudulent payment callbacks, malicious employee recruitment, and other attacks.
What to do: assess your security across your people, operations and technology, because that is what the attacker is doing. Review your controls and processes, including the use of purchase orders and outbound callback checks. Train your people on why the controls exist, how to stick to them, and how to raise a flag if something is unusual such as someone scheduling a work call via WhatsApp.
3. Break In Through the Supply Chain
When attackers compromise a service provider, such as an MSP or payroll provider, they can access the systems and data of all its customers, including yours. Remember also, it’s about your supply chain, not just your suppliers. For example, consider how readily you click on a SharePoint link in a client email, and whether that email could be sent by an attacker lurking in your client’s systems.
What to do: Check how your third parties identify and mitigate the risk of attacker access. Do this by asking targeted questions, and evaluating the responses including with support from impartial experts. From this, assess what controls you need to have to manage any resulting risks to you.
4. Regulatory Consequences
Regulators are taking a harder line on penalties after a cyber or data breach. Looking at the published reports by authorities in different countries, they appear increasingly frustrated when breaches harm the public due to organisations failing to implement proportionate security measures. Regulations are tightening, from the EU’s DORA in 2025 to new laws anticipated in countries such as the UK.
What to do: implement proportionate and credible governance over your cyber security; the UK’s Cyber Governance Code of Practice is a good starting point, and note its repeated use of “Gain assurance that…”. This means avoiding ‘compliance theatre’, instead recognising that the true objective is to defend yourself against the attacker, not just the regulator.
5. Resilience and Security
We see a greater focus on cyber resilience, building on and going beyond the foundations of cyber security. Good security can reduce the frequency and impact of a cyber incident, while cyber resilience requires business leaders to acknowledge evolving attacker tactics and ask ‘Yes, we have some good security, but what do we do if someone still gets through?’. In late 2025 for example, the UK Government wrote to business leaders urging them to prepare for managing a cyber incident.
What to do: get your leadership team together in a workshop, assume an attacker has breached your security, and work through your responses across people, operations and technology. The conversation needs to be run by a skilled cyber specialist who is not a control provider, to freely explore the possibilities. Consider also the paper-and-pen operational processes you will use during an incident, and challenge every assumption by creating an open and collaborative workshop environment.
Subscribe to our weekly Cyber Threat Intelligence Briefing via our website www.blackarrowcyber.com, and contact us to hear how we are supporting clients in various countries and sectors to manage their cyber security risks in a proportionate way.
Black Arrow Cyber Threat Intelligence Briefing 09 January 2025
Black Arrow Cyber Threat Intelligence Briefing 09 January 2026:
-2025 Proved Hackers Aren’t Slowing Down – and Neither Should You
-Ransomware Attacks Kept Climbing in 2025 as Gangs Refused to Stay Dead
-Phishing Kits Soared in Popularity Last Year as Rookie Hackers Ramped Up DIY Cyber Attacks
-Cyber Risk Trends for 2026: Building Resilience, Not Just Defences
-Cyber Risk in 2026: How Geopolitics, Supply Chains and Shadow AI Will Test Resilience
-Average Cyberattack Cost Hits $2.5M as Recovery Lags
-New Phishing Attack Impersonate as DocuSign Deploys Stealthy Malware on Windows Systems
-Phishers Exploit Office 365 Users Who Let Their Guard Down
-Dozens of Organisations Fall Victim to Infostealers After Failing to Enforce MFA
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week’s review of cyber security insights in the specialist and general media includes a look back at 2025 and a look forward to 2026, with recommended focus areas for business leaders. Last year saw an increase in attacks and a greater focus on gaining entry through employees and third parties, and exploiting insufficient controls around access management.
The escalation in risks requires business leaders in 2026 to test their resilience to a cyber attack through rehearsals of the incident response plan. From experience of running many simulations with clients across the world, we strongly recommend the rehearsal should be led by an impartial cyber and business expert to take you and your control providers, including IT, into ‘what if’ scenarios that help to flush out assumptions.
This week, we also include news on attack campaigns for you to be aware of, including fake DocuSign emails and the continued attacks on organisations that rely only on passwords to secure access.
Contact us to discuss how to reflect our threat intelligence briefing in your approach to cyber security, in an impartial and proportionate manner.
Top Cyber Stories of the Last Week
2025 Proved Hackers Aren’t Slowing Down – and Neither Should You
Cyber activity intensified in 2025, with ransomware, espionage, cryptomining and infostealers hitting manufacturing, aerospace and critical infrastructure. Attackers are moving beyond passwords to session token theft, exploiting non-human identities and AI-driven social engineering. The Jaguar Land Rover incident shows third-party compromise can cripple operations. Business leaders should prioritise a Zero Trust model, and encourage staff to pause before clicking and to verify urgent requests before acting.
Source: https://www.phonearena.com/news/2025-proved-hackers-arent-slowing-down-neither-should-you_id177153
Ransomware Attacks Kept Climbing in 2025 as Gangs Refused to Stay Dead
Ransomware victim numbers rose sharply in 2025, with thousands of organisations named on extortion sites. Law enforcement disrupted several major groups, but attackers quickly re-emerged under new brands and affiliations. Entry points increasingly involve social engineering and stolen credentials rather than technical exploits, keeping barriers to entry low. To address this, organisations should prioritise protecting credentials, staff vigilance, and testing recovery plans, recognising that law enforcement action rarely eliminates the threat of attack.
Source: https://www.theregister.com/2026/01/08/ransomware_2025_emsisoft/
Phishing Kits Soared in Popularity Last Year as Rookie Hackers Ramped Up DIY Cyber Attacks
Phishing kits are making large-scale attacks easier, with most high-volume campaigns relying on pre-built tools that support MFA bypass and evasion. QR codes and obfuscated links are increasingly used to avoid detection, enabling less skilled attackers to run sophisticated campaigns. Business leaders should focus on strengthening access controls and authentication, reducing link-clicking behaviour, and ensuring staff recognise QR and MFA-bypass lures as part of routine security awareness.
Source: https://www.itpro.com/security/phishing/phishing-as-a-service-kits-growth-2025-barracuda
Cyber Risk Trends for 2026: Building Resilience, Not Just Defences
Cyber risk in 2026 is shaped by increasingly automated, persistent and intelligent attacks; this requires business leaders to shift their focus to resilience across governance, operations, technology and people. Key pressures include AI-driven social engineering, third-party dependencies, uncertainty around quantum computing risks and geopolitical instability. Priorities include ensuring recovery readiness and clear ownership, strengthening how identity and access are managed, and rehearsing incident response that measures success by time to detect, contain and recover.
Source: https://www.securityweek.com/cyber-risk-trends-for-2026-building-resilience-not-just-defenses/
Cyber Risk in 2026: How Geopolitics, Supply Chains and Shadow AI Will Test Resilience
Geopolitical friction will amplify cyber risk in 2026 due to shifting alliances and sanctions. Employee use of AI tools that are not within the remit of the organisation’s security controls adds unmanaged risks to vulnerability management, incident response and resilience processes. Maritime logistics is a prime target, with resilient shipping relying on real-time monitoring and intelligence-led risk exposure management. Business leaders should embed AI governance and geopolitical awareness into risk planning.
Source: https://www.infosecurity-magazine.com/opinions/geopolitics-supply-chains-shadow/
Average Cyberattack Cost Hits $2.5M as Recovery Lags
A survey of 750 CISOs across the US and UK shows recovery is taking longer and costing more, with average recovery costs at $2.5M. Many organisations face days of downtime and some up to weeks. Fewer organisations now have formal cyber resilience strategies, yet boards still expect zero breaches. Leadership responses include resetting expectations, prioritising rapid recovery, and reducing time to restore operations rather than relying solely on prevention.
Source: https://www.telecomstechnews.com/news/average-cyberattack-cost-hits-2-5m-as-recovery-lags/
New Phishing Attack Impersonate as DocuSign Deploys Stealthy Malware on Windows Systems
Attackers are using fake DocuSign emails to trick staff into launching malware on Windows devices. The campaign is designed to evade common security checks and can run without obvious warning signs. Organisations should confirm their endpoint protections can detect malicious activity triggered through email links or attachments, and ensure staff treat unexpected document-signing requests with caution and verify requests via trusted channels.
Source: https://cybersecuritynews.com/new-phishing-attack-impersonate-as-docusign/
Phishers Exploit Office 365 Users Who Let Their Guard Down
Phishing attacks are increasingly exploiting misconfigured Office 365 tenants allowing attackers to spoof trusted domains and route messages in ways that evade controls. In October 2025 alone, Microsoft reported blocking over 13 million MFA-bypass phishing emails linked to an attack campaign known as Tycoon2FA. To reduce risks, ensure tenant email authentication controls are correctly configured, prioritise phishing-resistant MFA, and treat email-based password resets as a high-risk process.
Source: https://www.darkreading.com/cloud-security/phishers-exploit-office-365-users-guard-down
Dozens of Organisations Fall Victim to Infostealers After Failing to Enforce MFA
Fifty global organisations were compromised after relying on passwords alone to access cloud systems. Attackers used infostealers to harvest stored credentials, including some that were years old, and accessed cloud platforms and exfiltrated large volumes of data, including a reported 139GB from one firm. Business leaders should ensure MFA is enforced for cloud access, reduce reuse of old credentials, and monitor access logs and unusual downloads.
Governance, Risk and Compliance
The Big Risks for ’26 – Resilience key in navigating cyber landscape
Cyber Risk Trends for 2026: Building Resilience, Not Just Defenses - SecurityWeek
2025 proved hackers aren’t slowing down – and neither should you - PhoneArena
What European security teams are struggling to operationalize - Help Net Security
Average cyberattack cost hits $2.5M as recovery lags
8 things CISOs can’t afford to get wrong in 2026 | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Inside the Cyber Extortion Boom: Phishing Gangs and Crime-as-a-Service - Infosecurity Magazine
New ransomware tactics to watch out for in 2026
Ransomware on the rise: why mid-market firms are in the crosshairs - Raconteur
The Big Risks for ’26 – Resilience key in navigating cyber landscape
Two cybersecurity experts plead guilty to running ransomware operation | CSO Online
Hackers Trapped in Resecurity’s Honeypot During Targeted Attack on Employee Network
Ransomware Victims
Cyberattack slams Jaguar Land Rover sales| Cybernews
Everest claims large insurance platform Bolttech | Cybernews
Nuneaton school reopening delayed to next week after cyber attack - BBC News
Sedgwick discloses data breach after TridentLocker ransomware attack
Jaguar Land Rover sales slump sharply amid US tariffs and cyber-attack
Cressi diving gear allegedly breached by hackers | Cybernews
Covenant Health data breach after ransomware attack impacted over 478,000 people
Phishing & Email Based Attacks
Phishers Exploit Office 365 Users Who Let Their Guard Down
Inside the Cyber Extortion Boom: Phishing Gangs and Crime-as-a-Service - Infosecurity Magazine
Phishing-as-a-service kits doubled in 2025 as tactics evolve - BetaNews
International Threats: Themes for Regional Phishing Campaigns - Security Boulevard
New Phishing Attack Impersonate as DocuSign Deploys Stealthy Malware on Windows Systems
Microsoft sends warning over new type of phishing attack | Cybernews
Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign
Phishing campaign abuses Google Cloud services to steal Microsoft 365 logins | Malwarebytes
This phishing campaign spoofs internal messages - here's what we know | TechRadar
Cybercriminals use HTML to hide QR code phishing | Cybernews
Phishing kits soared in popularity last year as rookie hackers ramped up DIY cyber attacks | IT Pro
What the Year’s Biggest Phishing Scams Reveal
Pornhub tells users to expect sextortion emails after data exposure | Malwarebytes
Hackers target Booking.com users | Cybernews
Email-first cybersecurity predictions for 2026 - Security Boulevard
Fake emails target Cardano users with remote access malware
Other Social Engineering
Hackers target Booking.com users | Cybernews
ClickFix attack uses fake Windows BSOD screens to push malware
Pornhub tells users to expect sextortion emails after data exposure | Malwarebytes
Voice cloning defenses are easier to undo than expected - Help Net Security
I Talked to Cybersecurity Experts After These LinkedIn Scams Almost Fooled Me - CNET
Fraud, Scams and Financial Crime
Why governments need to treat fraud like cyberwarfare, not customer service | CyberScoop
What the Year’s Biggest Phishing Scams Reveal
FCC finalizes new penalties for robocall violators | CyberScoop
Artificial Intelligence
AI security risks are also cultural and developmental - Help Net Security
When AI agents interact, risk can emerge without warning - Help Net Security
In 2026, Hackers Want AI: Threat Intel on Vibe Hacking & HackGPT
Security Experts Dire Warning on AI Agents in 2026
Yes, criminals are using AI to vibe-code malware • The Register
Voice cloning defenses are easier to undo than expected - Help Net Security
EU plans new AI data rules, privacy at risk| Cybernews
Europe looks to AI resilience amid growing risk
NIST Releases Preliminary Draft Cyber AI Profile
AI agents 2026's biggest insider threat: PANW security boss • The Register
Agentic AI Is an Identity Problem and CISOs Will Be Accountable for the Outcome
Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users
ChatGPT's Memory Feature Supercharges Prompt Injection
New Zero-Click Attack Lets ChatGPT User Steal Data - Infosecurity Magazine
Legacy IAM was built for humans — and AI agents now outnumber them 82 to 1 | VentureBeat
Identity becomes the 2026 battleground as AI erases trust signals | SC Media
China moves to rein in 'anthropomorphic' AI chatbots
Government demands Musk's X deals with 'appalling' Grok AI - BBC News
UK regulators swarm X after Grok generated nudes from photos • The Register
2FA/MFA
One criminal stole info from 50 orgs thanks to no MFA • The Register
Dozens of Major Data Breaches Linked to Single Threat Actor - SecurityWeek
Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass
Malware
Dozens of organizations fall victim to infostealers after failing to enforce MFA | TechRadar
Dozens of Major Data Breaches Linked to Single Threat Actor - SecurityWeek
New Phishing Attack Impersonate as DocuSign Deploys Stealthy Malware on Windows Systems
2.2M Chrome, Firefox, Edge users impacted by meeting-stealing malware | Cybernews
Infostealers Enable Attackers to Hijack Legitimate Business Infrastructure for Malware Hosting
Yes, criminals are using AI to vibe-code malware • The Register
Versatile Malware Loader pkr_mtsi Delivers Diverse Payloads - Infosecurity Magazine
Hackers target Booking.com users | Cybernews
ClickFix attack uses fake Windows BSOD screens to push malware
How attackers are weaponizing open-source package managers [Q&A] - BetaNews
GoBruteforcer Botnet Targets Linux Servers - Infosecurity Magazine
Fake emails target Cardano users with remote access malware
New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code
Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025
Who Benefited from the Aisuru and Kimwolf Botnets? – Krebs on Security
Astaroth banking Trojan spreads in Brazil via WhatsApp worm
Bots/Botnets
The Kimwolf Botnet is Stalking Your Local Network – Krebs on Security
Kimwolf Botnet Hacked 2 Million Devices and Turned User’s Internet Connection as Proxy Node
GoBruteforcer Botnet Targets Linux Servers - Infosecurity Magazine
Who Benefited from the Aisuru and Kimwolf Botnets? – Krebs on Security
Mobile
Google fixes critical Dolby Decoder bug in Android January update
HSBC blocks app users for having sideloaded password manager • The Register
Do Smartphone Apps Spy On Your Contacts?
Denial of Service/DoS/DDoS
5 myths about DDoS attacks and protection | CSO Online
New ransomware tactics to watch out for in 2026
Internet of Things – IoT
When the Cloud Rains on Everyone's IoT Parade
Hundreds of British buses have Chinese ‘kill switch’
Data Breaches/Leaks
Experts Trace $35m in Stolen Crypto to LastPass Breach - Infosecurity Magazine
Hackers Allegedly Steal Access Tokens, Confidential Documents From European Space Agency
Hackers claim to hack Resecurity, firm says it was a honeypot
Cybercrook claims to sell critical info about utilities • The Register
NordVPN denies breach claims, says attackers have "dummy data"
Manage My Health hack: New Zealand's worst cybersecurity incidents | RNZ News
Brightspeed investigates breach as crims post data for sale • The Register
Covenant Health data breach after ransomware attack impacted over 478,000 people
Leak exposes Knownsec’s role in state cyber targeting | Cybernews
Organised Crime & Criminal Actors
Inside the Cyber Extortion Boom: Phishing Gangs and Crime-as-a-Service - Infosecurity Magazine
In 2026, Hackers Want AI: Threat Intel on Vibe Hacking & HackGPT
Billion-dollar Bitcoin hacker Ilya Lichtenstein thanks Trump for early prison release | The Verge
Alleged cybercrime kingpin arrested and extradited to China, Cambodia says | CNN
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Experts Trace $35m in Stolen Crypto to LastPass Breach - Infosecurity Magazine
Crypto wallet firm Ledger faces new data breach through Global-e partner
Billion-dollar Bitcoin hacker Ilya Lichtenstein thanks Trump for early prison release | The Verge
Coinbase insider who sold customer data to criminals arrested in India
Fake emails target Cardano users with remote access malware
Insider Risk and Insider Threats
Coinbase insider who sold customer data to criminals arrested in India
AI agents 2026's biggest insider threat: PANW security boss • The Register
Insurance
CISOs Face A Tighter Insurance Market in 2026
Supply Chain and Third Parties
Crypto wallet firm Ledger faces new data breach through Global-e partner
Cloud/SaaS
Dozens of organizations fall victim to infostealers after failing to enforce MFA | TechRadar
Cloud file-sharing sites targeted for corporate data theft attacks
When the Cloud Rains on Everyone's IoT Parade
Phishers Exploit Office 365 Users Who Let Their Guard Down
Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign
Phishing campaign abuses Google Cloud services to steal Microsoft 365 logins | Malwarebytes
Phishing attacks exploit misconfigured emails to target Microsoft 365 - Infosecurity Magazine
Europe’s Cloud Debate Is Looking the Wrong Way: It’s Not Concentration – It’s Lock-In |
Identity and Access Management
Agentic AI Is an Identity Problem and CISOs Will Be Accountable for the Outcome
Identity becomes the 2026 battleground as AI erases trust signals | SC Media
Enterprises still aren’t getting IAM right – Computerworld
Legacy IAM was built for humans — and AI agents now outnumber them 82 to 1 | VentureBeat
Encryption
The U.K.’s Plan for Electronic Eavesdropping Poses Cybersecurity Risks | Lawfare
Linux and Open Source
GoBruteforcer Botnet Targets Linux Servers - Infosecurity Magazine
Passwords, Credential Stuffing & Brute Force Attacks
Infostealers Enable Attackers to Hijack Legitimate Business Infrastructure for Malware Hosting
Phishing campaign abuses Google Cloud services to steal Microsoft 365 logins | Malwarebytes
Cryptocurrency theft attacks traced to 2022 LastPass breach
HSBC blocks app users for having sideloaded password manager • The Register
Palo Alto crosswalks hacked due to unchanged default passwords - Boing Boing
Social Media
I Talked to Cybersecurity Experts After These LinkedIn Scams Almost Fooled Me - CNET
Regulations, Fines and Legislation
The U.K.’s Plan for Electronic Eavesdropping Poses Cybersecurity Risks | Lawfare
EU plans new AI data rules, privacy at risk| Cybernews
Europe looks to AI resilience amid growing risk
Trump admin lifts sanctions on Predator-linked spyware execs • The Register
Uk Government's Digital ID plan is a ‘huge new cyber risk’ say Tories
Cyber security Bill will introduce mandatory digital ID by stealth, say Tories | Morning Star
Cybersecurity Act review: What to expect | Epthinktank | European Parliament
Trump pulls US out of international cyber orgs | CyberScoop
US To Leave Global Forum on Cyber Expertise - Infosecurity Magazine
Billion-dollar Bitcoin hacker Ilya Lichtenstein thanks Trump for early prison release | The Verge
China moves to rein in 'anthropomorphic' AI chatbots
Government demands Musk's X deals with 'appalling' Grok AI - BBC News
FCC finalizes new penalties for robocall violators | CyberScoop
Time to restore America’s cyberspace security system | CyberScoop
Nearly half of UK users watch unverified porn | Cybernews
Models, Frameworks and Standards
Uk Government's Digital ID plan is a ‘huge new cyber risk’ say Tories
Cyber security Bill will introduce mandatory digital ID by stealth, say Tories | Morning Star
Cybersecurity Act review: What to expect | Epthinktank | European Parliament
NIST Releases Preliminary Draft Cyber AI Profile
Careers, Roles, Skills, Working in Cyber and Information Security
Why cybersecurity cannot hire its way through the AI era | CyberScoop
The Pentagon’s short more than 20,000 cyber pros. Veterans could help fill the gap.
Cybersecurity skills matter more than headcount in the AI era | CSO Online
6 strategies for building a high-performance cybersecurity team | CSO Online
Law Enforcement Action and Take Downs
Billion-dollar Bitcoin hacker Ilya Lichtenstein thanks Trump for early prison release | The Verge
Alleged cybercrime kingpin arrested and extradited to China, Cambodia says | CNN
Two cybersecurity experts plead guilty to running ransomware operation | CSO Online
Misinformation, Disinformation and Propaganda
US, observers watch for cyber, disinformation campaigns in wake of Venezuela raid - Defense One
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
A rash of Baltic cable-cutting raises fears of sabotage
Russia Builds Underwater Drone Fleet That Could Target NATO Cables and Pipelines — UNITED24 Media
Leak exposes Knownsec’s role in state cyber targeting | Cybernews
Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025
What is happening to the Internet in Venezuela?
Nation State Actors
China
Leak exposes Knownsec’s role in state cyber targeting | Cybernews
New China-linked hackers breach telcos using edge device exploits
Hundreds of British buses have Chinese ‘kill switch’
China hits Taiwan with 2.6M cyberattacks a day | Cybernews
Taiwan blames Chinese ‘cyber army’ for rise in millions of daily intrusion attempts | CyberScoop
China-linked groups intensify attacks on Taiwan’s critical infrastructure, NSB warns
China moves to rein in 'anthropomorphic' AI chatbots
China’s New Cybersecurity Law Demands Faster Incident Reporting From Companies - gHacks Tech News
Congressional staff emails hacked as part of Salt Typhoon campaign | TechRadar
Russia
A rash of Baltic cable-cutting raises fears of sabotage
Russia Builds Underwater Drone Fleet That Could Target NATO Cables and Pipelines — UNITED24 Media
ClickFix attack uses fake Windows BSOD screens to push malware
Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025
Hackers target Booking.com users | Cybernews
Starlink Satellites Might Start Falling Out Of The Sky Due To This New Threat
North Korea
North Korean hackers using QR codes to attack governments and think tanks: FBI | NK News
The Evolution of North Korea – And What To Expect In 2026 | SC Media UK
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
International Threats: Themes for Regional Phishing Campaigns - Security Boulevard
Trump suggests US used cyberattacks to turn off lights in Venezuela during strikes - POLITICO
US Action in Venezuela Provokes Cyberattack Speculation
Trump suggests US used cyberattacks to turn off lights in Venezuela during strikes - POLITICO
What is happening to the Internet in Venezuela?
US, observers watch for cyber, disinformation campaigns in wake of Venezuela raid - Defense One
Cyberattacks Likely Part of Military Operation in Venezuela
Critics pan spyware maker NSO's transparency claims amid its push to enter US market | TechCrunch
Tools and Controls
Cyber Risk Trends for 2026: Building Resilience, Not Just Defenses - SecurityWeek
Think of executive security as a must-have, not a luxury | SC Media
Logitech caused its mice to freak out by not renewing a certificate | The Verge
Security teams are paying more attention to the energy cost of detection - Help Net Security
How AI is Changing the Incident Response Landscape: What GCs Need to Know | Alston & Bird - JDSupra
The Boardroom Case for Penetration Testing - Security Boulevard
Why cybersecurity cannot hire its way through the AI era | CyberScoop
HSBC blocks app users for having sideloaded password manager • The Register
Enterprises still aren’t getting IAM right – Computerworld
Legacy IAM was built for humans — and AI agents now outnumber them 82 to 1 | VentureBeat
Yes, criminals are using AI to vibe-code malware • The Register
Legislation, loopholes, and loose ends — what does 2026 hold for the VPN industry? | TechRadar
Lack of training opening up councils to future cyber attacks - BBC News
The Role of Behavioral Analytics in Enhancing Cybersecurity Defense - Security Boulevard
Hackers claim to hack Resecurity, firm says it was a honeypot
Other News
Car brands must go back to cyber security school | Auto Express
Google tops the list of most exploited platforms in the US
Logitech caused its mice to freak out by not renewing a certificate | The Verge
Lack of training opening up councils to future cyber attacks - BBC News
Uk Government's Digital ID plan is a ‘huge new cyber risk’ say Tories
Cyber security Bill will introduce mandatory digital ID by stealth, say Tories | Morning Star
Why schools are at risk from cyber attacks | Education Business
UK government to spend £210m on public sector cyber resilience | Computer Weekly
Vulnerability Management
CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries - SecurityWeek
How attackers are weaponizing open-source package managers [Q&A] - BetaNews
Vulnerabilities
Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass
VMware ESXi zero-days likely exploited a year before disclosure
Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release
Adobe ColdFusion Servers Targeted in Coordinated Campaign - SecurityWeek
Multiple Vulnerabilities in QNAP Tools Let Attackers Obtain Secret Data
Maximum Severity “Ni8mare” Bug Lets Hackers Hijack n8n Servers - Infosecurity Magazine
Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers
Cisco switches hit by reboot loops due to DNS client bug
Google fixes critical Dolby Decoder bug in Android January update
Legacy D-Link routers actively exploited in the wild | Cybernews
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 02 January 2026
Black Arrow Cyber Threat Intelligence Briefing 02 January 2026:
-The Six Biggest Security Challenges Coming in 2026
-Top Sectors Under Cyber Attack in 2025
-Cyber Security Tech Recommended by Cyber Insurer Claims Data
-World Economic Forum Puts Cyber Security on Global Leadership Agenda
-Get Executives on Board with Managing Cyber Risk
-Executives Say Cyber Security Has Outgrown the IT Department
-How FOMO Is Turning AI Into a Cyber Security Nightmare
-Condé Nast Faces Major Data Breach: 2.3M WIRED Records Leaked, 40M More at Risk
-Zoom Stealer Browser Extensions Harvest Corporate Meeting Intelligence
-‘Help! I Need Money. It’s an Emergency’: Your Child’s Voicemail That Could Be a Scam
-The Changing Role of the MSP: What Does This Mean for Security?
-Customers Turn Cyber Breaches into Courtroom Battles
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
The start of a new year is an opportunity to reflect on the challenges that business leaders need to address as they help their organisations grow in a more secure environment. In this week’s review, we cover which sectors are most at risk and highlight recommended security practices based on cyber insurance claims data.
Business executives continue to rate cyber as their top risk, and we discuss the need for cyber security teams to translate risk into business impact. This week’s highlights include a large-scale campaign using malicious browser extensions to spy on online meetings, affecting over two million users. We also cover the risks of deploying AI in the business without clear controls and guardrails, and the need for business leaders to understand and manage the cyber risks associated with their managed service provider (MSP).
We help our clients take an impartial and proportionate approach to cyber security, based on an understanding of evolving risks, and support executives in leading their own cyber risk management. Contact us to discuss how we do this.
We wish you a prosperous, safe and successful 2026.
Top Cyber Stories of the Last Week
The Six Biggest Security Challenges Coming in 2026
In 2026, businesses face six major security challenges: mandated cyber resilience under new regulations, increasingly sophisticated ransomware, AI-driven phishing and vishing, heightened supply chain risks, emerging threats from agentic AI systems, and growing vulnerability backlogs as exploits accelerate. Practical steps include resilience planning, enforcing MFA, closer supplier checks, tighter controls for agentic AI, and patch prioritisation based on exploitation risk.
Source: https://www.itpro.com/security/the-six-biggest-security-challenges-coming-in-2026
Top Sectors Under Cyber Attack in 2025
A breakdown of significant cyber breaches and incidents in 2025 by industry sector highlights manufacturing ranked first for the fourth year, with finance, professional services, energy, and healthcare also heavily hit. By attack volume, education was the most targeted sector, with government/public and telecoms also seeing elevated rates. Organisations averaged nearly 2,000 weekly attacks, Europe rose by about 22%, and organisations in critical sectors accounted for about 70% of incidents.
Source: https://securityboulevard.com/2025/12/top-sectors-under-cyberattack-in-2025/
Cyber Security Tech Recommended by Cyber Insurer Claims Data
Claims data from cyber‑insurance providers show that investments in six core cyber security technologies reduce losses and influence premiums. These include role‑based access control with frequent auditing, a strong security culture, eliminating outdated legacy systems, strong MFA, zero‑trust models such as SASE, professionally managed detection and response (MDR) services, and immutable backups with restoration practice. The data also showed that payouts due to phishing now make up 49% of claims and remote‑access tools accounted for 80% of initial access vectors in direct ransomware attacks.
Source: https://www.darkreading.com/cyber-risk/cybersecurity-tech-recommended-by-cyber-insurer-claims-data
World Economic Forum Puts Cyber Security on Global Leadership Agenda
The World Economic Forum (WEF) has elevated cyber security to a global leadership priority, with its Davos Annual Meeting framing cyber risk as a top-level policy issue. Fortinet’s Derek Manky noted that the expanding organised cybercrime demands engagement from the boardroom and government, to connect technical realities to economic and geopolitical strategies. WEF attendees discussed initiatives like its Cybercrime Atlas, a bounty programme, and law enforcement/private sector partnerships.
Get Executives on Board With Managing Cyber Risk
Trend Micro’s 2025 Defenders Survey of over 3,000 security professionals shows that the single biggest improvement security teams want is clearer identification of which assets matter most, and which threats are most relevant to the business. Effective governance communication should translate technical risk into business impact, using metrics and financial terms executives understand, yet nearly half only communicate reactively or minimally, often only when required or after major developments, which risks weakening stakeholder trust.
Source: https://www.trendmicro.com/en_us/research/25/l/managing-cyber-risk-with-executives.html
Executives Say Cyber Security Has Outgrown the IT Department
A Rimini Street study finds 54% of executives rank cyber threats as the top external risk; ahead of supply chain and regulation. Organisations are integrating security into enterprise risk management, prioritising business continuity planning, and outsourcing cyber security services. Persistent staffing shortages are influencing vendor choices and driving technology investment strategies.
Source: https://www.helpnetsecurity.com/2025/12/30/rimini-street-security-leadership-strategy-report/
How FOMO Is Turning AI Into a Cyber Security Nightmare
Pressure to deploy AI quickly is pushing organisations to adopt tools before the risks are properly assessed. A 2025 incident involving Drift showed how stolen credentials and overly broad app permissions can be abused to reach data held in services such as Salesforce and Google Workspace. AI programmes need clear definitions, cross-functional risk reviews, testing for how an AI system behaves when things go wrong, tighter limits on what systems can be accessed, and human verification of outputs.
Source: https://www.inc.com/nick-selby/how-fomo-is-turning-ai-into-a-cybersecurity-nightmare/91261473
Condé Nast Faces Major Data Breach: 2.3M WIRED Records Leaked, 40M More at Risk
An attacker called “Lovely” leaked a database of 2.3M subscriber records of WIRED magazine, and threatened to release up to 40M more across Condé Nast brands. The leak includes email addresses and other account details, and includes over 102,000 home addresses.
Zoom Stealer Browser Extensions Harvest Corporate Meeting Intelligence
Researchers uncovered a large-scale campaign that uses malicious browser extensions to spy on online meetings. 2.2 million users of Chrome, Firefox, and Edge were affected. The extensions, disguised as useful tools, captured sensitive meeting details such as links, IDs, and participant information, from dozens of platforms in real time, enabling corporate espionage and targeted social engineering. The campaign was attributed to DarkSpectre, a threat actor the researchers describe as China-linked.
‘Help! I Need Money. It’s an Emergency’: Your Child’s Voicemail That Could Be a Scam
Criminal groups are using AI voice cloning to leave urgent messages that imitate a child or close family member and demand money. Very short voice samples, including clips shared online or taken from phone calls, can be sufficient to generate a usable imitation. The scam succeeds by triggering panic and urgency. Practical safeguards include pausing before responding, confirming requests via a trusted number, and agreeing family codewords in advance.
Source: https://www.theguardian.com/money/2025/dec/21/ai-cloned-voicemail-scam-criminals-fraud
The Changing Role of the MSP: What Does This Mean for Security?
Research shows 69% of managed service providers (MSPs) reported two or more breaches in the last 12 months, prompting 81% to boost specialist security hires and 78% to increase defensive spending. Customers are demanding proof of resilience, driving MSPs towards improving their ability to manage the security of their clients’ cyber and IT estates and stronger internal cyber security practices.
Source: https://www.itpro.com/security/the-changing-role-of-the-msp-what-does-this-mean-for-security
Customers Turn Cyber Breaches Into Courtroom Battles
Consumers are being recruited to join group legal actions against firms like M&S and Co‑Op after cyber breaches. Early statements from these organisations suggested there was no evidence at that point of customer data compromise, but this changed as investigations confirmed access, creating potential legal exposure. CISOs play a role in avoiding false certainty, and adopting litigation-aware communications, which should be part of the organisation’s incident management plans to manage risks.
Source: https://cybernews.com/security/customers-take-stand-cybersecurity-new-trial/
Governance, Risk and Compliance
Customers turn cyber breaches into courtroom battles | Cybernews
WEF Puts Cybersecurity on the Global Leadership Agenda
Executives say cybersecurity has outgrown the IT department - Help Net Security
Get Executives on board with managing Cyber Risk | Trend Micro (US)
Tabletop exercises look a little different this year • The Register
Forensics and Investigation Is the New Cyber Frontline - Infosecurity Magazine
The changing role of the MSP: What does this mean for security? | ChannelPro
Inside the Biggest Cyber Attacks of 2025 - Security Boulevard
Cyber attacks ‘tipping point’ warning issued after Harrods and M&S targeted | The Independent
CISOs are managing risk in survival mode - Help Net Security
Top Sectors Under Cyberattack in 2025 - Security Boulevard
The six biggest security challenges coming in 2026 | IT Pro
Security coverage is falling behind the way attackers behave - Help Net Security
New Tech Deployments That Cyber Insurers Recommend for 2026
Cyber attacks: 2025 the ‘tipping point’ as JLR and M&S incidents highlight risks | The Standard
Building resilient teams in cyberdefense | Opinion | Compliance Week
Europe has ‘lost the internet’, warns Belgium’s cyber security chief
Threats
Ransomware, Extortion and Destructive Attacks
Security coverage is falling behind the way attackers behave - Help Net Security
Former US cybersecurity professionals plead guilty to BlackCat/ALPHV attacks - SiliconANGLE
Web Browsing’s Dark Side: Understanding Ransomware over Modern Web Browsers - Security Boulevard
Ransomware’s new playbook is chaos - Help Net Security
The biggest cybersecurity and cyberattack stories of 2025
Customers turn cyber breaches into courtroom battles | Cybernews
An arrest has been made in the Coinbase ransomware breach | Mashable
How the UK Retail Sector Responded to the Scattered Spider Hack Wave - Infosecurity Magazine
Feds are hunting teenage hackers | Fortune
Ransomware Victims
Crims punish Wired subscribers by publishing personal info • The Register
How the human harms of cybercrime shook the world in 2025 • The Register
Romania’s Oltenia Energy Complex suffers major ransomware attack
The Worst Hacks of 2025 | WIRED
An arrest has been made in the Coinbase ransomware breach | Mashable
Phishing & Email Based Attacks
Security coverage is falling behind the way attackers behave - Help Net Security
Yet another phishing campaign impersonates trusted Google services - here's what we know | TechRadar
Fake GrubHub emails promise tenfold return on sent cryptocurrency
Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware
Other Social Engineering
New ErrTraffic service enables ClickFix attacks via fake browser glitches
Insight: A scammer's guide: How cybercriminals plot to rob a target in a week | Reuters
What is Vishing? - Security Boulevard
Fraud, Scams and Financial Crime
Insight: A scammer's guide: How cybercriminals plot to rob a target in a week | Reuters
Nationwide hit with record fine after failing to spot customer’s £27m Covid fraud
LLMs are automating the human part of romance scams - Help Net Security
2025’s crypto criminals: Making bank while cutting off fingers
Fake GrubHub emails promise tenfold return on sent cryptocurrency
Korean telco failed at femtocell security, exposed customers • The Register
Artificial Intelligence
Security coverage is falling behind the way attackers behave - Help Net Security
LLMs are automating the human part of romance scams - Help Net Security
Critical Langchain Vulnerability Let attackers Exfiltrate Sensitive Secrets from AI systems
Fighting AI with AI: The Rise of Multi-LLM Orchestrated Cyber Attacks - Security Boulevard
2026 Year of the Worm? AI Is Fueling a Malware Comeback
Widely Used Malicious Extensions Steal ChatGPT, DeepSeek Conversations - Security Boulevard
How FOMO Is Turning AI Into a Cybersecurity Nightmare
The AI balancing act your company can't afford to fumble in 2026 | ZDNET
Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors
AI Browsers the New Trojan Horse? - GovInfoSecurity
OpenAI says prompt injection may never be ‘solved’ for browser agents like Atlas | CyberScoop
Can one state save us from AI disaster? Inside California's new legislative crackdown | ZDNET
As Coders Adopt AI Agents, Security Pitfalls Lurk in 2026
Contrarians No More: AI Skepticism Is on the Rise
AML/CFT/Money Laundering/Terrorist Financing/Sanctions
Ship seized in Finland suspected of cable damage was carrying sanctioned Russian steel | Euronews
U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware
UK law firms get ready for crackdown on money laundering | Financial sector | The Guardian
Malware
Zoom Stealer browser extensions harvest corporate meeting intelligence
DarkSpectre Hackers Infected 8.8 Million Chrome, Edge, and Firefox Users with Malware
2026 Year of the Worm? AI Is Fueling a Malware Comeback
China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware
MacSync Stealer malware bypasses macOS Gatekeeper security warnings | CSO Online
React2Shell under attack: RondoDox Botnet spreads miners and malware
New GlassWorm malware wave targets Macs with trojanized crypto wallets
Security Bite: A note on the growing problem of Apple-notarized malware on macOS - 9to5Mac
Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor
The next cyber battlefield: Preparing federal networks for autonomous malware
Bots/Botnets
React2Shell under attack: RondoDox Botnet spreads miners and malware
RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers
Denial of Service/DoS/DDoS
Pro-Russian group Noname057 claims cyberattack on La Poste services
Internet of Things – IoT
RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers
Top tips to protect your Christmas gifts from cyber-scrooges - GOV.UK
Estonia's cybersecurity authority perceives Chinese drones as major risk | News | ERR
The FCC has probably killed a plan to improve smart home security | The Verge
New York’s incoming mayor bans Raspberry Pi at inauguration • The Register
Data Breaches/Leaks
Customers turn cyber breaches into courtroom battles | Cybernews
Crims punish Wired subscribers by publishing personal info • The Register
The biggest cybersecurity and cyberattack stories of 2025
Condé Nast faces major data breach: 2.3M WIRED records leaked, 40M more at risk
Stolen LastPass backups enable crypto theft through 2025
Sensitive data 'likely taken' in Westminster council cyber attack - BBC News
The Worst Hacks of 2025 | WIRED
Aflac confirms June data breach affecting over 22 million customers
Accused data thief dumped laptop in river to evade justice • The Register
Disney will pay $10 million to settle children's data privacy lawsuit
Korean telco failed at femtocell security, exposed customers • The Register
Korean Air discloses data breach after the hack of its catering and duty-free supplier
Coupang to split $1.17 billion among 33.7 million data breach victims
Apple Got Hacked? - Massive Cyberattack May Have Leaked Sensitive Data from iPhone Maker | IBTimes
European Space Agency confirms breach of "external servers"
French campuses got hacked, attackers claim | Cybernews
Organised Crime & Criminal Actors
2025’s crypto criminals: Making bank while cutting off fingers
How the human harms of cybercrime shook the world in 2025 • The Register
Accused data thief dumped laptop in river to evade justice • The Register
Insight: A scammer's guide: How cybercriminals plot to rob a target in a week | Reuters
Feds are hunting teenage hackers | Fortune
Hacker Who Stole Millions in Seconds Finally Caught – DataBreaches.Net
Illegal streaming grew into an organized, profitable, and dangerous industry - Help Net Security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
2025’s crypto criminals: Making bank while cutting off fingers
How the human harms of cybercrime shook the world in 2025 • The Register
Stolen LastPass backups enable crypto theft through 2025
React2Shell under attack: RondoDox Botnet spreads miners and malware
New GlassWorm malware wave targets Macs with trojanized crypto wallets
Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist - SecurityWeek
An arrest has been made in the Coinbase ransomware breach | Mashable
Hackers drain $3.9M from Unleash Protocol after multisig hijack
Fake GrubHub emails promise tenfold return on sent cryptocurrency
Insurance
New Tech Deployments That Cyber Insurers Recommend for 2026
Supply Chain and Third Parties
The changing role of the MSP: What does this mean for security? | ChannelPro
Korean Air discloses data breach after the hack of its catering and duty-free supplier
Apple Got Hacked? - Massive Cyberattack May Have Leaked Sensitive Data from iPhone Maker | IBTimes
Cloud/SaaS
AI killed the cloud-first strategy: Why hybrid computing is the only way forward now | ZDNET
Airbus to migrate critical apps to a sovereign Euro cloud • The Register
Encryption
Stolen LastPass backups enable crypto theft through 2025
Passwords, Credential Stuffing & Brute Force Attacks
How to Prevent Credential Stuffing Attacks: Detection & Protection Strategies - Security Boulevard
Social Media
1 in 5 YouTube Shorts is AI slop now - and Americans are eating it up | ZDNET
Regulations, Fines and Legislation
The FCC has probably killed a plan to improve smart home security | The Verge
Can one state save us from AI disaster? Inside California's new legislative crackdown | ZDNET
Fears Mount That US Federal Cybersecurity Is Stagnating—or Worse | WIRED
Models, Frameworks and Standards
Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors
Data Protection
What consumers expect from data security - Help Net Security
Careers, Roles, Skills, Working in Cyber and Information Security
Building resilient teams in cyberdefense | Opinion | Compliance Week
Mentorship & Diversity: Shaping the Next Gen of Cyber Experts
The Modern Cyber Workforce | AFCEA International
What Kevin Bacon Can Teach You About Cybersecurity Careers
Law Enforcement Action and Take Downs
Former US cybersecurity professionals plead guilty to BlackCat/ALPHV attacks - SiliconANGLE
Accused data thief dumped laptop in river to evade justice • The Register
Feds are hunting teenage hackers | Fortune
Hacker Who Stole Millions in Seconds Finally Caught – DataBreaches.Net
An arrest has been made in the Coinbase ransomware breach | Mashable
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Cyberwarfare is here – and we must be ready
New German military plan views foreign sabotage as preparation for war – POLITICO
It’s not just Taiwan... Five flashpoints that could spark World War Three in 2026 | The Independent
Navy’s fleet of 4ft boats to protect Britain from Putin
Russian submarine followed spy ship into British waters
Hacking space: Europe ramps up security of satellites – POLITICO
Nation State Actors
China
DarkSpectre Hackers Infected 8.8 Million Chrome, Edge, and Firefox Users with Malware
Chinese state hackers plant malware inside Windows | Cybernews
Cyberhackers Just Turned 150 Browser Extensions Into Viruses - Here's How
It’s not just Taiwan... Five flashpoints that could spark World War Three in 2026 | The Independent
China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware
Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor
Estonia's cybersecurity authority perceives Chinese drones as major risk | News | ERR
MongoBleed (CVE-2025-14847): the US, China, and the EU are among the top exploited GEOs
Russia
New German military plan views foreign sabotage as preparation for war – POLITICO
It’s not just Taiwan... Five flashpoints that could spark World War Three in 2026 | The Independent
Navy’s fleet of 4ft boats to protect Britain from Putin
Russian submarine followed spy ship into British waters
Pro-Russian group Noname057 claims cyberattack on La Poste services
Ship seized in Finland suspected of cable damage was carrying sanctioned Russian steel | Euronews
Finland detains ship and its crew after critical undersea cable damaged | CNN
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
You've been targeted by government spyware. Now what? | TechCrunch
U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware
Tools and Controls
DarkSpectre Hackers Infected 8.8 Million Chrome, Edge, and Firefox Users with Malware
Cyberhackers Just Turned 150 Browser Extensions Into Viruses - Here's How
Forensics and Investigation Is the New Cyber Frontline - Infosecurity Magazine
New Tech Deployments That Cyber Insurers Recommend for 2026
Cybersecurity’s AI Arms Race Is Just Getting Started—Here’s What 2026 Will Bring - ClearanceJobs
Fighting AI with AI: The Rise of Multi-LLM Orchestrated Cyber Attacks - Security Boulevard
Widely Used Malicious Extensions Steal ChatGPT, DeepSeek Conversations - Security Boulevard
How FOMO Is Turning AI Into a Cybersecurity Nightmare
Web Browsing’s Dark Side: Understanding Ransomware over Modern Web Browsers - Security Boulevard
Tabletop exercises look a little different this year • The Register
"Military-grade encryption" is meaningless: decoding VPN buzzwords | Tom's Guide
AI killed the cloud-first strategy: Why hybrid computing is the only way forward now | ZDNET
AI Browsers the New Trojan Horse? - GovInfoSecurity
OpenAI says prompt injection may never be ‘solved’ for browser agents like Atlas | CyberScoop
Windows Event Logs Reveal the Messy Reality Behind 'Sophisticated' Cyberattacks
Reports Published in the Last Week
Other News
"Military-grade encryption" is meaningless: decoding VPN buzzwords | Tom's Guide
Windows Event Logs Reveal the Messy Reality Behind 'Sophisticated' Cyberattacks
Europe has ‘lost the internet’, warns Belgium’s cyber security chief
Remedio CEO: If you don't think like a hacker, you won't win • The Register
When One Vulnerability Breaks the Internet and Millions of Devices Join In - Security Boulevard
These are the cybersecurity stories we were jealous of in 2025 | TechCrunch
Top Sectors Under Cyberattack in 2025 - Security Boulevard
Hacking space: Europe ramps up security of satellites – POLITICO
Radio signals could give attackers a foothold inside air-gapped devices - Help Net Security
British hacker wins visa by infiltrating Australian government website
Vulnerability Management
2025 marks a breakout year for zero-day exploits| Cybernews
Vulnerabilities
RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers
React2Shell under attack: RondoDox Botnet spreads miners and malware
MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
MongoBleed (CVE-2025-14847): the US, China, and the EU are among the top exploited GEOs
'Heartbleed of MongoDB' under active exploit • The Register
Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks
Critical Langchain Vulnerability Let attackers Exfiltrate Sensitive Secrets from AI systems
Critical Zero-Day RCE Flaw in Networking Devices Exposes Over 70,000 Hosts
When One Vulnerability Breaks the Internet and Millions of Devices Join In - Security Boulevard
Critical CVSS 9.8 Flaw Found in IBM API Connect Authentication System
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 26 December 2025
Black Arrow Cyber Threat Intelligence Briefing 26 December 2025:
-Why Hackers Love the Holidays
-Threat Actors Are Hiring Insiders in Banks, Telecoms, and Tech from $3,000 to $15,000 for Access or Data
-Watch Out - Hackers Are Coming After Your Christmas Bonus, as Paychecks Come Under Threat
-Scripted Sparrow Sends Millions of BEC Emails Each Month
-Cybercriminals Flock to a New Unrestricted AI Tool: 10,000 Prompts on the First Day
-Think You Can Beat Ransomware? RansomHouse Just Made It a Lot Harder
-Why Businesses Can No Longer Treat Cyber Security as an IT Problem
-Cyberattack Disrupts France’s Postal Service and Banking During Christmas Rush
-Ministers Confirm Breach at UK Foreign Office but Details Remain Murky
-The NCSC’s Warning to UK Firms: How to Boost Incident Response
-From AI to Cyber Risk, Why IT Leaders Are Anxious Heading into 2026
-Cyber Security Budgets Are Going Up
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week we present insights for business leaders assessing their cyber security controls and practices. Attackers exploit the holiday period when security staff are on leave, while others entice employees to provide unauthorised access to their employer’s systems. We also include developments in business email compromise and research findings on the entry point of malware.
Looking to 2026, the UK’s NCSC warns organisations to be prepared to manage a cyber incident, and business leaders have expressed concern about their cyber security especially in the context of AI, while many are planning to increase their cyber security budgets.
Our recommendation for 2026 is for business leaders to take an informed and objective assessment of their risks, and to check that the cyber security controls in place do indeed address those risks. Business leaders are not expected to be cyber security experts, but they should have a firm grip of the fundamentals to take command of their own security. Contact us to discuss how to do this in a proportionate way.
Thank you for reading our weekly summaries, and we wish you a secure and prosperous 2026.
Top Cyber Stories of the Last Week
Why Hackers Love the Holidays
Attackers often target organisations between Christmas and New Year because offices are quieter and security staffing is reduced. A Semperis survey reported that 52% of ransomware attacks in the last year occurred on a weekend or holiday, and 78% of organisations said they reduce security staff over the holidays. Phishing, ransomware and data theft are common holiday-period tactics, with some intrusions not discovered until weeks later.
Source: https://www.axios.com/2025/12/25/holidays-hackers-corporate-security-teams
Threat Actors Are Hiring Insiders in Banks, Telecoms, and Tech from $3,000 to $15,000 for Access or Data
Threat actors are recruiting employees at banks, telecoms and tech firms via darknet forums to obtain access or data. Offers range from $3,000 to $15,000 and include requests for access to corporate networks, devices, and cloud systems. This approach is positioned as an alternative to attacking a range of organisations and sectors from the outside through brute force attacks or social engineering.
Source: https://cybersecuritynews.com/threat-actors-are-hiring-insiders-in-banks-telecoms/
Watch Out - Hackers Are Coming After Your Christmas Bonus, as Paychecks Come Under Threat
Attackers are targeting payroll and end-of-year payments by calling corporate help desks and impersonating employees to trigger password resets or account changes. The goal is to alter details, so salary payments are redirected. Mitigations include stronger identity verification by support staff, avoiding authentication-factor changes on request, and limiting access to sensitive applications with extra scrutiny for unusual logins.
Scripted Sparrow Sends Millions of BEC Emails Each Month
A business email compromise (BEC) group dubbed Scripted Sparrow is sending an estimated 4 to 6 million bespoke emails per month, posing as executive coaching firms and targeting Accounts Payable teams with spoofed reply chains and invoice-style PDFs. Researchers linked the group to 119 domains, 245 webmail addresses and 256 bank accounts. Recommended actions for organisations include enforcing payment approval steps for all invoices and verifying requests via official internal channels.
Source: https://www.infosecurity-magazine.com/news/scripted-sparrow-millions-bec-each/
Cybercriminals Flock to a New Unrestricted AI Tool: 10,000 Prompts on the First Day
A new AI tool with few built-in safeguards has been found freely available on the dark web. The operators of the tool, called DIG AI, claimed it received 10,000 prompts in the first 24 hours. A security firm reported that testing found it would respond to prompts linked to fraud and creating malicious software.
Source: https://cybernews.com/security/dig-ai-new-cyber-weapon-abused-by-hackers/
Think You Can Beat Ransomware? RansomHouse Just Made It a Lot Harder
RansomHouse is a cyber extortion group that steals sensitive data and extorts money to prevent publication on a leak site. The group has recently added measures that complicate analysis during an incident and can limit the ability to recover without paying. The group introduced a multi-layered encryption update to its double-extortion ransomware-as-a-service (RaaS) model that can hinder incident response timelines and negotiating strategies. Organisations are advised to prioritise behavioural analytics, real-time monitoring, hardened segmentation, and regular backup validation.
Why Businesses Can No Longer Treat Cyber Security as an IT Problem
Cyber security risk is increasingly driven by user behaviour, with research by OpenText finding that over a third of consumer malware is first spotted in the Downloads directory, where users routinely save invoices, installers and documents. These files can look harmless initially, then later pull in ransomware or credential-stealing payloads. AI is also making scams harder to spot by removing the usual warning signs, and deepfakes are being used to approve high-value deals. Security teams are advised to shift from content scanning to behaviour monitoring, unify identity, data and threat signals, and use AI to triage alerts faster.
Cyberattack Disrupts France’s Postal Service and Banking During Christmas Rush
A distributed denial of service (DDoS) attack disrupted France’s national postal service shortly before Christmas, making online services inaccessible and impacting package tracking and online payments. The organisation stated customer data was not affected, but the incident also disrupted its banking arm’s payment approvals, forcing workarounds.
Ministers Confirm Breach at UK Foreign Office but Details Remain Murky
UK ministers confirmed there has been a cyberattack affecting the Foreign Office, with officials stating the investigation began in October and that further detail, including attribution, remains unconfirmed. Media reporting referenced a possible China link and visa-application related data, but ministers did not confirm and said early findings suggest low risk of harm to individuals.
Source: https://www.theregister.com/2025/12/19/uk_foreign_office_hack/
The NCSC’s Warning to UK Firms: How to Boost Incident Response
The UK National Cyber Security Centre (NCSC) is urging organisations to keep incident response plans available offline, including physical copies, because cyberattacks can remove access to email, shared drives, and collaboration tools. Its 2025 Annual Review data shows 429 incidents handled in the first nine months of 2025, with nearly half classed as “nationally significant” versus 89 the year before. The guidance emphasises resilience through offline communications options, tested backups, business leadership preparation, and regular simulation exercises.
Source: https://insight.scmagazineuk.com/the-ncscs-warning-to-uk-firms-how-to-boost-incident-response
From AI to Cyber Risk, Why IT Leaders Are Anxious Heading into 2026
A Veeam survey of 250 senior IT and business decision-makers put cyber security threats as the top expected disruptor for 2026, with nearly half naming security incidents as their main concern. Around 66% ranked AI-generated attacks as the biggest data threat, while roughly half highlighted ransomware. As cloud and Software as a Service (SaaS) spreads, 60% said visibility of where data sits has declined, and only about 29% felt very confident recovering after a zero-day exploit.
Source: https://www.helpnetsecurity.com/2025/12/26/it-planning-cybersecurity-threats-2026/
Cyber Security Budgets Are Going Up
A 2025 KPMG survey found 99% of security leaders plan to increase cyber security budgets over the next two to three years, with 54% expecting increases of 6% to 10%. More than half reported competing internally for funding. Artificial Intelligence (AI) is highlighted as both a driver of risk and investment, with 38% citing AI-powered attacks as a challenge, and organisations reporting use of AI for fraud prevention and detection while skills gaps remain a constraint.
Source: https://securityboulevard.com/2025/12/cybersecurity-budgets-are-going-up-pointing-to-a-boom/
Governance, Risk and Compliance
Cybersecurity Budgets are Going Up, Pointing to a Boom - Security Boulevard
The NCSC’s Warning To UK Firms: How To Boost Incident Response | SC Media UK
Why businesses can no longer treat cybersecurity as an IT problem - The Economic Times
From AI to cyber risk, why IT leaders are anxious heading into 2026 - Help Net Security
Invest in cybersecurity before it's too late - Verdict
What CISOs should know about the SolarWinds lawsuit dismissal | CSO Online
UK CEOs Expect AI, Cyberattacks and Cost Cuts to Dominate 2026
Threats
Ransomware, Extortion and Destructive Attacks
Think you can beat ransomware? RansomHouse just made it a lot harder | CSO Online
RansomHouse upgrades encryption with multi-layered data processing
Former incident responders plead guilty to ransomware attack spree | CyberScoop
Interpol-led action decrypts 6 ransomware strains, arrests hundreds
Ukrainian national pleads guilty to Nefilim ransomware attacks | CyberScoop
Top Ransomware Trends of 2025 - Infosecurity Magazine
Best of 2025: New Akira Ransomware Decryptor Leans on Nvidia GPU Power - Security Boulevard
Ransomware’s New Frontier: How Universities Can Defend Against This Growing Threat | EdTech Magazine
CISA loses key employee behind early ransomware warnings – DataBreaches.Net
Ransomware Victims
‘Sensitive’ data stolen in Westminster City Council cyber attack | Computer Weekly
Club Atlético River Plate ransomware attack | Cybernews
Phishing & Email Based Attacks
Scripted Sparrow BEC Group Sends Millions of Emails Each Month - Infosecurity Magazine
Surge of OAuth Device Code Phishing Attacks Targets M365 Accounts - Security Boulevard
Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers
Five Phishing Red Flags to Remember This Holiday Season - Security Boulevard
US shutters phisherfolk’s $14.6M password-hoarding platform • The Register
Nigeria arrests dev of Microsoft 365 'Raccoon0365' phishing platform
Microsoft's The Top Brand Scammers Use When Phishing For Clicks, Study Shows
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Scripted Sparrow BEC Group Sends Millions of Emails Each Month - Infosecurity Magazine
Other Social Engineering
Scripted Sparrow BEC Group Sends Millions of Emails Each Month - Infosecurity Magazine
Amazon confirms years-long Russian cyberattack against AWS customers' devices | Mashable
Amazon Warns Perncious Fake North Korea IT Worker Threat Has Become Widespread - Security Boulevard
86% Surge in Fake Delivery Websites Hits Shoppers During Holiday Rush - Infosecurity Magazine
Elusive MI6 wannabe must repay £125k to romance scam victim • The Register
Nomani Investment Scam Surges 62% Using AI Deepfake Ads on Social Media
Coordinated Scams Target MENA Region With Fake Online Job Ads - Infosecurity Magazine
Microsoft's The Top Brand Scammers Use When Phishing For Clicks, Study Shows
Fraud, Scams and Financial Crime
86% Surge in Fake Delivery Websites Hits Shoppers During Holiday Rush - Infosecurity Magazine
US Charges 54 in Massive ATM Jackpotting Conspiracy - Infosecurity Magazine
SEC Charges Crypto Firms in $14m Investment Scam - Infosecurity Magazine
Elusive MI6 wannabe must repay £125k to romance scam victim • The Register
Consumer Cyber Risks in 2026 Focus on AI-Driven Scams, Not Hacks - gHacks Tech News
South Korea to require face scans to buy a SIM • The Register
Identity Fraud Among Home Care Workers Puts Patients at Risk
Greater Manchester Police sackings over homeworking 'key jamming' - BBC News
Artificial Intelligence
From AI to cyber risk, why IT leaders are anxious heading into 2026 - Help Net Security
Cybercriminals flock to new unrestricted AI tool | Cybernews
Browser agents don't always respect your privacy choices - Help Net Security
When AI Becomes a Weapon: Former Senior Intelligence Executive Reveals Beijing's CyberWar Playbook
Consumer Cyber Risks in 2026 Focus on AI-Driven Scams, Not Hacks - gHacks Tech News
Nomani Investment Scam Surges 62% Using AI Deepfake Ads on Social Media
UK CEOs Expect AI, Cyberattacks and Cost Cuts to Dominate 2026
FBI says ‘ongoing’ deepfake impersonation of U.S. gov officials dates back to 2023 | CyberScoop
Pen testers accused of 'blackmail' over Eurostar AI flaws • The Register
AML/CFT/Money Laundering/Terrorist Financing/Sanctions
US Shuts Down Crypto Exchange E-Note, Charges Russian Administrator - SecurityWeek
FBI Disrupts Russian Crypto Laundering Hub Enabling Cybercrime - Infosecurity Magazine
2FA/MFA
One-time codes used to hack corporate accounts | CSO Online
Malware
Why businesses can no longer treat cybersecurity as an IT problem - The Economic Times
MacSync macOS Malware Distributed via Signed Swift Application - SecurityWeek
Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits - Help Net Security
North Korean Beavertail malware sparks attacks across financial sector | SC Media
Fake MAS Windows activation domain used to spread PowerShell malware
WebRAT malware spread via fake vulnerability exploits on GitHub
Operation PCPcat Hacked 59,000+ Next.js/React Servers Within 48 Hours
Threat Actors Advertised NtKiller Malware on Dark Web Claiming Terminate Antivirus and EDR Bypass
Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware
ATM jackpotting gang accused of unleashing Ploutus malware • The Register
Bots/Botnets
Massive Android botnet Kimwolf infects millions, strikes with DDoS
DDoS Protection Faces Fresh Challenges As Bot Traffic Reaches New Peak - IT Security Guru
Mobile
Android Attacks—Google Confirms No Fix For 30% Of All Phones
A new Android Trojan can hide inside apps you trust — and this is how it gets to you - PhoneArena
Three things they’re not telling you about mobile app security - SD Times
Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale
South Korea to require face scans to buy a SIM • The Register
Apple and Google allow alternative app stores in Japan • The Register
Uzbek Users Under Attack by Android SMS Stealers
Denial of Service/DoS/DDoS
Massive Android botnet Kimwolf infects millions, strikes with DDoS
DDoS Protection Faces Fresh Challenges As Bot Traffic Reaches New Peak - IT Security Guru
Cyberattack Disrupts France's Postal Service and Banking During Christmas Rush - SecurityWeek
Pro-Russian hackers claim French postal service cyberattack | Euronews
Wave of cyberattacks expose French failure to protect public digital systems
Internet of Things – IoT
Massive Android botnet Kimwolf infects millions, strikes with DDoS
When everything connects, everything’s at risk | ChannelPro
NIST issues guidance on securing smart speakers - Help Net Security
Intruders Can Use Wi-Fi Jammers To Evade Your Home Security - Here's How
Raspberry Pi used in attempt to take over ferry | CSO Online
Data Breaches/Leaks
Hackers stole data in UK government cyberattack, minister confirms | TechRadar
Britain suspects China of involvement in cyberattack on Foreign Office | УНН
China-backed hacker group Storm 1849 accused of UK government cyber attack - Cryptopolitan
Hacks, thefts, and disruption: The worst data breaches of 2025 | TechCrunch
Minister Confirms UK Foreign Office Hacked | Silicon UK
LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds
LastPass Agrees to Reimburse Crypto in Data Breach Settlement
Coupang breach affecting 33.7 million users raises data protection questions
South Korean firm hit with US investor lawsuit over data breach disclosure failures | CSO Online
‘Sensitive’ data stolen in Westminster City Council cyber attack | Computer Weekly
UK: NHS Supplier Confirms Cyber-Attack, Operations Unaffected - Infosecurity Magazine
3.5 Million Affected by University of Phoenix Data Breach - SecurityWeek
Nissan says thousands of customers exposed in Red Hat breach
Coupang says all leaked customer information in data breach has been deleted | The Straits Times
Organised Crime & Criminal Actors
Cybercriminals flock to new unrestricted AI tool | Cybernews
Cybersecurity teams prep for an influx of attacks over the holidays
US Charges 54 in Massive ATM Jackpotting Conspiracy - Infosecurity Magazine
US Shuts Down Crypto Exchange E-Note, Charges Russian Administrator - SecurityWeek
FBI Disrupts Russian Crypto Laundering Hub Enabling Cybercrime - Infosecurity Magazine
574 arrests and USD 3 million recovered in coordinated cybercrime operation across Africa
FBI seized ‘web3adspanels.org’ hosting stolen logins
Nigeria arrests dev of Microsoft 365 'Raccoon0365' phishing platform
Leader of 764 offshoot pleads guilty, faces up to 60 years in jail | CyberScoop
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds
LastPass Agrees to Reimburse Crypto in Data Breach Settlement
US Shuts Down Crypto Exchange E-Note, Charges Russian Administrator - SecurityWeek
FBI Disrupts Russian Crypto Laundering Hub Enabling Cybercrime - Infosecurity Magazine
Insider Risk and Insider Threats
They are offering up to $15k reward for betraying your boss | Cybernews
Supply Chain and Third Parties
Amazon confirms years-long Russian cyberattack against AWS customers' devices | Mashable
Amazon Warns Perncious Fake North Korea IT Worker Threat Has Become Widespread - Security Boulevard
UK: NHS Supplier Confirms Cyber-Attack, Operations Unaffected - Infosecurity Magazine
Nissan says thousands of customers exposed in Red Hat breach
Software Supply Chain
WebRAT malware spread via fake vulnerability exploits on GitHub
Cloud/SaaS
Amazon confirms years-long Russian cyberattack against AWS customers' devices | Mashable
Amazon Warns Perncious Fake North Korea IT Worker Threat Has Become Widespread - Security Boulevard
Microsoft confirms Teams is down and messages are delayed
Cloud security is stuck in slow motion - Help Net Security
Outages
Microsoft confirms Teams is down and messages are delayed
The year the cloud went dark: Inside 2025’s biggest tech outages - The Economic Times
Identity and Access Management
The next big IT security battle is all about privileged access - Help Net Security
Five identity-driven shifts reshaping enterprise security in 2026 - Help Net Security
Encryption
Creating apps like Signal or WhatsApp could be 'hostile activity,' claims UK watchdog | TechRadar
Linux and Open Source
Arch Linux Website Hit by DDoS and Temporarily Limited to IPv6
Passwords, Credential Stuffing & Brute Force Attacks
Malicious extensions in Chrome Web store steal user credentials
Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites
US shutters phisherfolk’s $14.6M password-hoarding platform • The Register
NIS2 Compliance: Maintaining Credential Security - Security Boulevard
Social Media
Nomani Investment Scam Surges 62% Using AI Deepfake Ads on Social Media
Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware
Regulations, Fines and Legislation
South Korean firm hit with US investor lawsuit over data breach disclosure failures | CSO Online
SEC Charges Crypto Firms in $14m Investment Scam - Infosecurity Magazine
What CISOs should know about the SolarWinds lawsuit dismissal | CSO Online
CISA loses key employee behind early ransomware warnings – DataBreaches.Net
Trump formally taps Joshua Rudd to lead NSA, Cyber Command - Nextgov/FCW
2025 reshaped federal cybersecurity, from new mandates to tougher compliance rules
Industry Continues to Push Back on HIPAA Security Rule Overhaul
Head of the US Cyber Security Agency Fails Polygraph Test and Fires Subordinates - Militarnyi
Models, Frameworks and Standards
NIS2 Compliance: Maintaining Credential Security - Security Boulevard
Creating apps like Signal or WhatsApp could be 'hostile activity,' claims UK watchdog | TechRadar
NIST, MITRE announce $20 million research effort on AI cybersecurity | CyberScoop
Britain’s Online Safety Act is reshaping the internet without America’s consent
Industry Continues to Push Back on HIPAA Security Rule Overhaul
NIST issues guidance on securing smart speakers - Help Net Security
Weak enforcement keeps PCI DSS compliance low - Help Net Security
Data Protection
Coupang breach affecting 33.7 million users raises data protection questions
Careers, Roles, Skills, Working in Cyber and Information Security
Building cyber talent through competition, residency, and real-world immersion - Help Net Security
Cybersecurity Interviews Are Risk Assessments in Disguise
Law Enforcement Action and Take Downs
US Shuts Down Crypto Exchange E-Note, Charges Russian Administrator - SecurityWeek
574 arrests and USD 3 million recovered in coordinated cybercrime operation across Africa
Interpol-led action decrypts 6 ransomware strains, arrests hundreds
Former incident responders plead guilty to ransomware attack spree | CyberScoop
US shutters phisherfolk’s $14.6M password-hoarding platform • The Register
FBI seized ‘web3adspanels.org’ hosting stolen logins
Nigeria arrests dev of Microsoft 365 'Raccoon0365' phishing platform
Leader of 764 offshoot pleads guilty, faces up to 60 years in jail | CyberScoop
Elusive MI6 wannabe must repay £125k to romance scam victim • The Register
Ukrainian national pleads guilty to Nefilim ransomware attacks | CyberScoop
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
The cyberwarfare landscape is changing — here’s how to prepare - Nextgov/FCW
German intelligence may be allowed to conduct cyberattacks and sabotage outside the country | УНН
Nation State Actors
CRINK attacks: which nation state hackers will be the biggest threat in 2026? | IT Pro
China
Hackers stole data in UK government cyberattack, minister confirms | TechRadar
Britain suspects China of involvement in cyberattack on Foreign Office | УНН
China-backed hacker group Storm 1849 accused of UK government cyber attack - Cryptopolitan
CRINK attacks: which nation state hackers will be the biggest threat in 2026? | IT Pro
When AI Becomes a Weapon: Former Senior Intelligence Executive Reveals Beijing's CyberWar Playbook
China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager
US adds new models of DJI and other foreign drones to national security risk list | The Independent
FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks
Russia
CRINK attacks: which nation state hackers will be the biggest threat in 2026? | IT Pro
Amazon confirms years-long Russian cyberattack against AWS customers' devices | Mashable
Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers
UK cannot ignore deep-sea threat from Russia, head of Navy warns
German intelligence may be allowed to conduct cyberattacks and sabotage outside the country | УНН
Pro-Russian hackers claim French postal service cyberattack | Euronews
Belgian institutions reportedly hit by cyberattacks linked to pro-Russian hackers
US Shuts Down Crypto Exchange E-Note, Charges Russian Administrator - SecurityWeek
FBI Disrupts Russian Crypto Laundering Hub Enabling Cybercrime - Infosecurity Magazine
Starlink in the crosshairs: How Russia could attack Elon Musk's conquering of space
Iran
CRINK attacks: which nation state hackers will be the biggest threat in 2026? | IT Pro
Iranian Infy APT Resurfaces with New Malware Activity After Years of Silence
North Korea
A Good Year for North Korean Cybercriminals
CRINK attacks: which nation state hackers will be the biggest threat in 2026? | IT Pro
Amazon Warns Perncious Fake North Korea IT Worker Threat Has Become Widespread - Security Boulevard
North Korean Beavertail malware sparks attacks across financial sector | SC Media
Tools and Controls
Cybersecurity Budgets are Going Up, Pointing to a Boom - Security Boulevard
The NCSC’s Warning To UK Firms: How To Boost Incident Response | SC Media UK
Invest in cybersecurity before it's too late - Verdict
Threat Actors Advertised NtKiller Malware on Dark Web Claiming Terminate Antivirus and EDR Bypass
Hackers Using PuTTY for Both Lateral Movement and Data Exfiltration
Cloud security is stuck in slow motion - Help Net Security
UK CEOs Expect AI, Cyberattacks and Cost Cuts to Dominate 2026
Pen testers accused of 'blackmail' over Eurostar AI flaws • The Register
Formal proofs expose long standing cracks in DNSSEC - Help Net Security
New GhostLocker Tool that Uses Windows AppLocker to Neutralize and Control EDR
Greater Manchester Police sackings over homeworking 'key jamming' - BBC News
Other News
Cybersecurity teams prep for an influx of attacks over the holidays
Hackers Using PuTTY for Both Lateral Movement and Data Exfiltration
Raspberry Pi used in attempt to take over ferry | CSO Online
Wave of cyberattacks expose French failure to protect public digital systems
Faith in the internet is fading among young Brits • The Register
The U.K.’s Cybersecurity Refresh | Lawfare
US small businesses are fighting off a wave of cyber attacks | IT Pro
Japan to urge companies to spread cybersecurity costs as attacks mount - Nikkei Asia
Vulnerability Management
LLMs can assist with vulnerability scoring, but context still matters - Help Net Security
Vulnerabilities
Operation PCPcat Hacked 59,000+ Next.js/React Servers Within 48 Hours
Cisco VPNs, Email Services Hit in Separate Threat Campaigns
Formal proofs expose long standing cracks in DNSSEC - Help Net Security
Android Attacks—Google Confirms No Fix For 30% Of All Phones
Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability
China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager
High-severity MongoDB flaw CVE-2025-14847 could lead to server takeover
Hackers Exploiting Three-Year-Old FortiGate Vulnerability to Bypass 2FA on Firewalls
Over 25,000 FortiCloud SSO devices exposed to remote attacks
Roundcube Vulnerabilities Allow Attackers to Execute Malicious Scripts
Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances
Microsoft fixes Message Queuing issue in new update • The Register
Net-SNMP Vulnerability Enables Buffer Overflow and the Daemon to Crash
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 19 December 2025
Black Arrow Cyber Threat Intelligence Briefing 19 December 2025:
-Streisand Effect: Businesses That Pay Ransomware Gangs Are More Likely to Hit the Headlines
-Future of Security Holds Bigger Budgets, New Threats
-The ‘World Is Not Ready’ for AI Cyber Security Risks, Booz Allen CEO Warns
-Phishing Messages and Social Scams Flood Users Ahead of Christmas
-2025’s Top Phishing Trends and What They Mean for Your Security Strategy
-The Agentic Shift: How Autonomous AI Is Reshaping the Global Threat Landscape
-From Open Source to OpenAI: The Evolution of Third-Party Risk
-Shadow Spreadsheets: The Security Gap Your Tools Can’t See
-Financial Times Investigation Raises Questions Over King Gaming Saga
-North Korea Stole a Record $2B in Crypto This Year
-New MI6 Chief Warns of Acute Russian Threat, Urges Tech-Driven Intelligence
-The Things Young Kids Are Using AI for Are Absolutely Horrifying
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week we start with interesting research findings on organisations that pay ransoms, and we look at how organisations are planning to increase their spend on security. We also look at developments by attackers to look out for over the next year, including of course phishing and AI, as well as organisational practices highlighted in the articles that are closely linked to risk exposure.
Addressing these requires a sound understanding of how risks are evolving and the pragmatic and proportionate ways that business leaders can address them. The key is knowing the questions to ask of your control providers, including your IT, with support from impartial specialists.
As we head into the festive season, we thank you for reading our weekly summaries. We wish you a merry and peaceful holiday.
Top Cyber Stories of the Last Week
Streisand Effect: Businesses That Pay Ransomware Gangs Are More Likely to Hit the Headlines
Analysis of LockBit negotiation data suggests organisations that pay ransomware demands are more likely to attract press coverage than those that refuse. Researcher Max Smeets compared reporting on 100 payers with 100 non-payers and found paying did not reduce publicity. The data also shows victims making negotiating errors, including admitting they lacked backups or sharing insurance documents. After Operation Chronos where the US National Crime Agency seized LockBit’s infrastructure, LockBit’s reputation and payments reportedly fell sharply.
Future of Security Holds Bigger Budgets, New Threats
A Marsh survey of 2,200 cyber security leaders found two‑thirds plan to increase cyber-risk prevention investment in 2026, and at least one in four intend to raise spending by more than 25%. 70% experienced at least one third‑party security incident in the past year. Separately, US senators raised concerns about AI‑driven attacks, and analysts warned humanoid robots are currently easy to hack.
The ‘World Is Not Ready’ for AI Cyber Security Risks, Booz Allen CEO Warns
Booz Allen Hamilton CEO Horacio Rozanski warned that advanced artificial intelligence could amplify cyber threats, including network compromise, data theft and ransomware, and argued that trust in models is critical for adoption. He framed US - China competition as a race across technology, adoption and national security use. Rozanski also highlighted the risk of disruption in space, using an example of bank ATMs that rely on GPS information, and pointed to Chinese plans for space-based computing.
Phishing Messages and Social Scams Flood Users Ahead of Christmas
Check Point reported a surge of festive scams, claiming it detected 33,500 unique Christmas-themed phishing emails and over 10,000 seasonal social media ads in the prior 14 days. It said artificial intelligence is improving localisation and brand mimicry, enabling fake e-commerce sites with chatbots and checkout pages, plus deepfake and scripted voice phishing. Check Point also claimed a 100% increase in fake delivery scams in November/December compared with the same period last year.
Source: https://www.infosecurity-magazine.com/news/phishing-messages-social-scams/
2025’s Top Phishing Trends and What They Mean for Your Security Strategy
The article highlights how phishing in 2025 is evolving around authentication and multi-channel lures. It describes tactics designed to defeat or abuse multi-factor authentication, including repeated prompts and real-time interception during sign-in. It also notes attackers moving beyond email into messaging and collaboration tools, while using familiar hooks such as invoices, account warnings and delivery notifications. The article describes approaches such as layered controls, realistic user guidance and monitoring across channels.
The Agentic Shift: How Autonomous AI Is Reshaping the Global Threat Landscape
Control Risks describes an agentic shift where autonomous AI agents can plan, act and adapt with limited human input, changing both defence and offence. It notes automation can improve monitoring and response, but attackers can use agents to accelerate reconnaissance, exploitation and social engineering. Risks include where objectives are delegated to systems that behave unpredictably, and outlines governance, testing and control considerations.
From Open Source to OpenAI: The Evolution of Third-Party Risk
Third‑party risk has expanded from suppliers and open-source dependencies to include cloud services and generative AI. AI features can introduce new external dependencies and data flows, complicating vendor oversight and risk assessment. The article discusses improving visibility into components, strengthening contractual requirements, and continuously monitoring suppliers, arguing that third-party governance should be treated as a business risk discipline, not just a technical exercise.
Source: https://www.securityweek.com/from-open-source-to-openai-the-evolution-of-third-party-risk/
Shadow Spreadsheets: The Security Gap Your Tools Can’t See
“Shadow spreadsheets” are unmanaged files that end up holding operational or sensitive information outside approved systems. Employees use spreadsheets for tracking projects, budgets, access lists and customer data, bypassing access controls, logging and retention policies. Because files are often shared, copied and stored in multiple places, they can expose credentials, personal data and business logic. The article discusses discovery, ownership and governance to bring these files under control.
Financial Times Investigation Raises Questions Over King Gaming Saga
A Financial Times investigation into cyber crime and fraud has prompted scrutiny of due diligence by local authorities in their dealings with a firm called King Gaming. It focuses on how the government of the Isle of Man granted planning permission for a substantial headquarters project by King Gaming; later police executed raids linked to the operation and arrests were made. Court records from China show convictions for investment fraud by individuals connected to a related Isle of Man entity.
North Korea Stole a Record $2B in Crypto This Year
North Korea-linked actors are estimated to have stolen just over $2 billion in cryptocurrency in 2025, a 51% year‑on‑year increase, and about $3.4 billion was stolen globally. DPRK attacks accounted for a record 76% of service compromises, with the February Bybit incident contributing about $1.5 billion. The piece also reports increased targeting of personal wallets (44% of value) and a shift towards recruiter-style social engineering.
Source: https://www.theregister.com/2025/12/18/north_korea_stole_2b_crypto_2025/
New MI6 Chief Warns of Acute Russian Threat, Urges Tech-Driven Intelligence
In her first public speech as MI6 chief, Blaise Metreweli warned of a more acute Russian threat and described a security environment that sits between peace and war. She pointed to hybrid tactics, including cyberattacks on infrastructure and drones appearing over airports and airbases. The article also highlights her emphasis on technology and tradecraft, saying MI6 officers must be as comfortable with code as with human sources and fluent in Python.
Source: https://www.easterneye.biz/new-mi6-chief-warns-russian-threat/
The Things Young Kids Are Using AI for Are Absolutely Horrifying
An Aura report analysing anonymised activity from about 3,000 children aged five to 17 found 42% used AI chatbots specifically for companionship across nearly 90 services. Among those using chatbots for companionship, 37% engaged in conversations depicting violence, including coercion and non-consensual acts. The report says violent conversations peaked among 11-year-olds, with 44% of interactions turning violent, and that sexual or romantic roleplay peaked among 13-year-olds at 63%.
Source: https://futurism.com/future-society/young-kids-using-ai
Governance, Risk and Compliance
How to justify your security investments | CSO Online
News brief: Future of security holds bigger budgets, new threats | TechTarget
The CISO-COO Partnership: Protecting Operational Excellence
The internet in 2025: Bigger, more fragile than ever - and 'fundamentally rewired' by AI | ZDNET
The Budget Effect of a Security Incident - Infosecurity Magazine
Cyber resilience in the UK: learning to take the punches | IT Pro
Trend Micro's 2025 Defenders Survey Report | Trend Micro (US)
Increased workloads, strategic influence and technical focus - CISO predictions for 2026 - BetaNews
Threats
Ransomware, Extortion and Destructive Attacks
RansomHouse RaaS Service Upgraded with Double Extortion Strategy that Steals and Encrypt Data
Clop ransomware targets Gladinet CentreStack in data theft attacks
Researchers see global surge in attacks by new ransomware group “Gentlemen” | Cybernews
The Hidden Risk in Virtualization: Why Hypervisors are a Ransomware Magnet
How CISOs Can Beat the Ransomware Blame Game - Security Boulevard
VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption
Ransomware Victims
JLR cyberattack pushes TCS to standardize security for top clients | Company Business News
Jaguar Land Rover workers’ payroll data stolen in cyber attack
PornHub extorted after hackers steal Premium member activity data
Askul confirms theft of 740k customer records in ransomware attack
Asahi to Launch Cybersecurity Overhaul After Crippling Cyber-Attack - Infosecurity Magazine
Under Armour Sued After Ransomware Group Reports Data Breach (1)
Phishing & Email Based Attacks
New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale
2025’s Top Phishing Trends and What They Mean for Your Security Strategy
OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365 - Infosecurity Magazine
Where does the data stolen in a phishing attack go? | Kaspersky official blog
Russian Phishing Campaign Delivers Phantom Stealer Via ISO Files - Infosecurity Magazine
Inside a purchase order PDF phishing campaign | Malwarebytes
Clipping Scripted Sparrow's wings: Tracking a global phishing ring - Help Net Security
Google Sues Chinese ‘Darcula’ Group Over Alleged Phishing Scheme
New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails
Other Social Engineering
Hackers Are Stealing Microsoft Account Passwords With This Trick
Shut Down And Restart—New Microsoft Attack Beats Passwords, 2FA And Passkeys
ClickFix attacks that bypass cyber controls on the rise | Computer Weekly
New ClickFix 'Word Online' Message Tricks Users into Installing DarkGate Malware
The WhatsApp takeover scam that doesn’t need your password
Deepfakes Expose New Risks in Identity and Digital Trust
Amazon blocked 1,800 suspected DPRK job applicants • The Register
Inside a purchase order PDF phishing campaign | Malwarebytes
Fraud, Scams and Financial Crime
Financial Times investigation raises questions over King Gaming saga | Isle of Man Today
Money Mules Require Banks to Switch from Defense to Offense
European authorities dismantle call center fraud ring in Ukraine
What Is 'NGate'? The Android Phone ATM Scam You Need To Know About
Darkweb Powers Decentralized Financial Crimes
Hacker Busts Startup Running Huge Web of AI-Generated "Influencers" on Instagram
Nomad settles with the FTC over $186M cyberattack • The Register
HMRC Warns of Over 135,000 Scam Reports - Infosecurity Magazine
Myanmar calls on countries to take back citizens held in crackdown on scam centers - ABC News
Singapore Entrepreneur Loses Entire Crypto Portfolio After Downloading Fake Game - Decrypt
Artificial Intelligence
New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale
Cybersecurity Crossed the AI Rubicon: Why 2025 Marked a Point of No Return - Security Boulevard
Deepfakes Expose New Risks in Identity and Digital Trust
The internet in 2025: Bigger, more fragile than ever - and 'fundamentally rewired' by AI | ZDNET
AI-era cybersecurity is 'so dangerous,' CrowdStrike pres. explains
AI breaks the old security playbook - Help Net Security
The agentic shift: how autonomous AI is reshaping the global threat landscape
Chrome, Edge privacy extensions quietly snarf AI chats • The Register
Hacker Busts Startup Running Huge Web of AI-Generated "Influencers" on Instagram
Militant Groups Are Experimenting With AI, and the Risks Are Expected to Grow - SecurityWeek
The Things Young Kids Are Using AI for Are Absolutely Horrifying
NIST releases draft AI cybersecurity framework profile to guide secure AI adoption - SiliconANGLE
What Cyber Defenders Really Think About AI Risk | Trend Micro (US)
I Work at Google in AI Security: Things I Would Never Tell Chatbots - Business Insider
AI is causing all kinds of problems in the legal sector | CyberScoop
AML/CFT/Money Laundering/Terrorist Financing/Sanctions
Europe Targets Kremlin Disinformation, Cyber Networks in New Sanctions Push
EU Sanctions Target Russia’s ‘Shadow Fleet’ Backers and Disinformation Network - The Moscow Times
2FA/MFA
New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale
Your Accounts Can Still Get Hacked, Even Using Multi-Factor Authentication
Malware
Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery - SecurityWeek
New ClickFix 'Word Online' Message Tricks Users into Installing DarkGate Malware
New SantaStealer malware steals data from browsers, crypto wallets
What is driving the rise of infostealer malware? | Computer Weekly
A Browser Extension Risk Guide After the ShadyPanda Campaign
17 Firefox extensions hide malware in icons | Cybernews
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware
Stop clicking “allow” on these pop-ups — they’re more dangerous than malware
Russian Phishing Campaign Delivers Phantom Stealer Via ISO Files - Infosecurity Magazine
Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads
Elastic detects stealthy NANOREMOTE malware using Google Drive as C2
ZnDoor Malware Exploiting React2Shell Vulnerability to Compromise Network Devices
Fake ‘One Battle After Another’ torrent hides malware in subtitles
New BeaverTail Malware Variant Linked to Lazarus Group - Infosecurity Magazine
Fake Zoom malware scam tied to North Korean hackers targets crypto users - CoinJournal
Man jailed for teaching criminals how to use malware
Bots/Botnets
Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks
Mobile
What Is 'NGate'? The Android Phone ATM Scam You Need To Know About
The WhatsApp takeover scam that doesn’t need your password
Android mobile adware surges in second half of 2025 | Malwarebytes
'Cellik' Android RAT Leverages Google Play Store
Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App
The ghosts of WhatsApp: How GhostPairing hijacks accounts | Malwarebytes
WhatsApp users unknowingly link hackers’ devices | Cybernews
Europe's DMA raises new security worries for mobile ecosystems - Help Net Security
‘Completely Deactivate Wi-Fi’—Cyber Agency Warns iPhone And Android Users
Microsoft to block Exchange Online access for outdated mobile devices
Denial of Service/DoS/DDoS
Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks
Internet of Things – IoT
Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks
Is your smart home an easy target? 6 ways experts lock theirs down | ZDNET
Your car’s web browser may be on the road to cyber ruin • The Register
Data Breaches/Leaks
Coupang data breach traced to ex-employee who retained system access
ICO Issues Post Office Public Reprimand Instead of Fine Over Data Breach - IT Security Guru
Featured Chrome Browser Extension Caught Intercepting Millions of Users' AI Chats
Data breach at credit check giant 700Credit affects at least 5.6 million | TechCrunch
PornHub Premium hacked. This is the info they reportedly stole. | Mashable
Analytics provider: We didn't expose stolen smut data • The Register
Data may have been taken in Ombudsman office cyber attack
French Interior Ministry confirms cyberattack on email servers
France arrests suspect tied to cyberattack on Interior Ministry
UK Information Commissioner Investigates Film & TV Worker Data Breach
Personal data breach affects thousands across Channel Islands - BBC News
GDPR failures in Home Office eVisa rollout in spotlight • The Register
SoundCloud confirms breach after member data stolen, VPN access disrupted
NHS tech supplier probes cyberattack on internal systems • The Register
University of Sydney suffers data breach exposing student and staff info
Organised Crime & Criminal Actors
Financial Times investigation raises questions over King Gaming saga | Isle of Man Today
Scammers, spies and triads: inside cyber-crime’s $15tn global empire | FT Film
North Korea stole a record $2B in crypto this year • The Register
Hackers Are Stealing Microsoft Account Passwords With This Trick
Money Mules Require Banks to Switch from Defense to Offense
European authorities dismantle call center fraud ring in Ukraine
Darkweb Powers Decentralized Financial Crimes
Nomad settles with the FTC over $186M cyberattack • The Register
Third Defendant Pleads Guilty in Fantasy Sports Betting Hack Case - Infosecurity Magazine
Myanmar calls on countries to take back citizens held in crackdown on scam centers - ABC News
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
North Korea stole a record $2B in crypto this year • The Register
New SantaStealer malware steals data from browsers, crypto wallets
Nomad settles with the FTC over $186M cyberattack • The Register
Fake Zoom malware scam tied to North Korean hackers targets crypto users - CoinJournal
Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign
Singapore Entrepreneur Loses Entire Crypto Portfolio After Downloading Fake Game - Decrypt
Insider Risk and Insider Threats
Coupang data breach traced to ex-employee who retained system access
Amazon blocked 1,800 suspected DPRK job applicants • The Register
Insurance
What is a Cyber Insurance Managing General Agent?
Supply Chain and Third Parties
JLR cyberattack pushes TCS to standardize security for top clients | Company Business News
From Open Source to OpenAI: The Evolution of Third-Party Risk - SecurityWeek
PornHub Premium hacked. This is the info they reportedly stole. | Mashable
Analytics provider: We didn't expose stolen smut data • The Register
NHS tech supplier probes cyberattack on internal systems • The Register
Software Supply Chain
From Open Source to OpenAI: The Evolution of Third-Party Risk - SecurityWeek
Cloud/SaaS
Elastic detects stealthy NANOREMOTE malware using Google Drive as C2
OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365 - Infosecurity Magazine
US sues ex-Accenture manager over Army cloud security claims • The Register
Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign
NATO's battle for cloud sovereignty: Speed is existential • The Register
Identity and Access Management
Identity risk is changing faster than most security teams expect - Help Net Security
Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign
Encryption
Linux and Open Source
From Open Source to OpenAI: The Evolution of Third-Party Risk - SecurityWeek
Passwords, Credential Stuffing & Brute Force Attacks
New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale
FBI Confirms 630 Million Stolen Passwords — How To Check Yours Now
Social Media
Deepfakes Expose New Risks in Identity and Digital Trust
Hacker Busts Startup Running Huge Web of AI-Generated "Influencers" on Instagram
Privacy risks sit inside the ads that fill your social media feed - Help Net Security
Meta adopts new age-check system to meet global child safety laws
Regulations, Fines and Legislation
Financial Times investigation raises questions over King Gaming saga | Isle of Man Today
Scammers, spies and triads: inside cyber-crime’s $15tn global empire | FT Film
ICO Issues Post Office Public Reprimand Instead of Fine Over Data Breach - IT Security Guru
UK Lords propose ban on VPNs for children | TechRadar
Making cybercrime illegal won't stop it; making cybersec research legal may | CSO Online
Whistleblowers raise ‘extreme’ concern about security of government’s Digital ID | ITV News
Nomad settles with the FTC over $186M cyberattack • The Register
Europe's DMA raises new security worries for mobile ecosystems - Help Net Security
UK surveillance law still full of holes, watchdog warns • The Register
Are Trade Concerns Trumping Cybersecurity?
Trump Administration Turning to Private Firms in Cyber Offensive
Legal protection for ethical hacking is only the first step • The Register
Models, Frameworks and Standards
ICO Issues Post Office Public Reprimand Instead of Fine Over Data Breach - IT Security Guru
UK Lords propose ban on VPNs for children | TechRadar
GDPR failures in Home Office eVisa rollout in spotlight • The Register
NIST releases draft AI cybersecurity framework profile to guide secure AI adoption - SiliconANGLE
Data Protection
ICO Issues Post Office Public Reprimand Instead of Fine Over Data Breach - IT Security Guru
GDPR failures in Home Office eVisa rollout in spotlight • The Register
Careers, Roles, Skills, Working in Cyber and Information Security
EU can’t attract and retain cyber talent: why? | Cybernews
What lies in store for cyber security skills in 2026? | Computer Weekly
Increased workloads, strategic influence and technical focus - CISO predictions for 2026 - BetaNews
The Burnout Nobody Talks About: When “Always-On” Leadership Becomes a Liability - Security Boulevard
Leading Through Ambiguity: Decision-Making in Cybersecurity Leadership - Security Boulevard
Law Enforcement Action and Take Downs
European police busts Ukraine scam call centers - Help Net Security
France arrests suspect tied to cyberattack on Interior Ministry
Third Defendant Pleads Guilty in Fantasy Sports Betting Hack Case - Infosecurity Magazine
Myanmar calls on countries to take back citizens held in crackdown on scam centers - ABC News
Man jailed for teaching criminals how to use malware
France arrests Latvian for installing malware on Italian ferry
Misinformation, Disinformation and Propaganda
EU Sanctions Target Russia’s ‘Shadow Fleet’ Backers and Disinformation Network - The Moscow Times
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
MI6 chief: 'We are operating in space between peace and war' - BBC News
MI6 chief warns of Russian hybrid threats, urges tech focus | EasternEye
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware
The agentic shift: how autonomous AI is reshaping the global threat landscape
Three ways teams can tackle Iran's tangled web of state-sponsored espionage | SC Media
Israel Issues Chilling Cyber Warfare Warning After Iran Attacks
Russia suspected of hacking European ferry with ‘remote control’
Nation State Actors
A ‘whole society’ response to threats to national security
China
Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery - SecurityWeek
A Browser Extension Risk Guide After the ShadyPanda Campaign
The $0 Transaction That Signaled a Nation-State Cyberattack
US has failed to stop massive Chinese cyber campaign, warns senator
React2Shell vuln exploited by China, Iran, Google warns • The Register
China's Ink Dragon hides out in European government networks • The Register
China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear - SecurityWeek
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware
Financial Times investigation raises questions over King Gaming saga | Isle of Man Today
Scammers, spies and triads: inside cyber-crime’s $15tn global empire | FT Film
Google Sues Chinese ‘Darcula’ Group Over Alleged Phishing Scheme
Russia
MI6 chief: 'We are operating in space between peace and war' - BBC News
MI6 chief warns of Russian hybrid threats, urges tech focus | EasternEye
France and Germany Grappling With Nation-State Hacks
Germany accuses Russia of 2024 cyber attack and election disinformation campaign - BBC News
EU Sanctions Target Russia’s ‘Shadow Fleet’ Backers and Disinformation Network - The Moscow Times
Russian Phishing Campaign Delivers Phantom Stealer Via ISO Files - Infosecurity Magazine
Amazon security boss blames Russia's GRU for energy hacks • The Register
Russia suspected of hacking European ferry with ‘remote control’
Amazon disrupts Russian GRU hackers attacking edge network devices
German Parliament Hit By Cyber-Attack During Zelensky Visit
Flaw in Hacktivist Ransomware Lets Victims Decrypt Own Files
Iran
Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery - SecurityWeek
React2Shell vuln exploited by China, Iran, Google warns • The Register
Dormant Iran APT is Still Alive, Spying on Dissidents
Three ways teams can tackle Iran's tangled web of state-sponsored espionage | SC Media
Israel Issues Chilling Cyber Warfare Warning After Iran Attacks
North Korea
North Korea stole a record $2B in crypto this year • The Register
Amazon blocked 1,800 suspected DPRK job applicants • The Register
Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App
Fake Zoom malware scam tied to North Korean hackers targets crypto users - CoinJournal
New BeaverTail Malware Variant Linked to Lazarus Group - Infosecurity Magazine
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Flaw in Hacktivist Ransomware Lets Victims Decrypt Own Files
Militant Groups Are Experimenting With AI, and the Risks Are Expected to Grow - SecurityWeek
Tools and Controls
The Hidden Risk in Virtualization: Why Hypervisors are a Ransomware Magnet
Amazon disrupts Russian GRU hackers attacking edge network devices
A Browser Extension Risk Guide After the ShadyPanda Campaign
From Open Source to OpenAI: The Evolution of Third-Party Risk - SecurityWeek
How to justify your security investments | CSO Online
News brief: Future of security holds bigger budgets, new threats | TechTarget
The Budget Effect of a Security Incident - Infosecurity Magazine
More than half of public vulnerabilities bypass leading WAFs - Help Net Security
5 ways to scour the dark web for your data after Google kills its free report | ZDNET
AI isn't one system, and your threat model shouldn’t be either - Help Net Security
Reports Published in the Last Week
Trend Micro's 2025 Defenders Survey Report | Trend Micro (US)
Other News
How the Hacking World Has Changed: 'All Tech is Political'
CISO Communities – Cybersecurity’s Secret Weapon - SecurityWeek
Shadow spreadsheets: The security gap your tools can’t see
Cybersecurity - indispensable in the defense industry
Most schools underprepared for cybersecurity threats - BetaNews
No more orange juice? Why one ship reveals America's maritime cybersecurity crisis | CSO Online
The soft underbelly of space isn't in orbit, it's on the ground - Help Net Security
Online Attacks Against Women Human Rights Workers Double In Five Years
Vulnerability Management
More than half of public vulnerabilities bypass leading WAFs - Help Net Security
41 Microsoft Zero-Day Warnings — Millions Of Users Face Update Choice
Vulnerabilities
Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery - SecurityWeek
React2Shell vuln exploited by China, Iran, Google warns • The Register
React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors
React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation
Half of exposed React servers remain unpatched amid attacks • The Register
Another bad week for SonicWall as SMA 1000 0-day exploited • The Register
China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear - SecurityWeek
Google and Apple roll out emergency security updates after zero-day attacks | TechCrunch
Emergency fixes deployed by Google and Apple after targeted attacks
Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild
Chrome Security Update - Patch for Critical Vulnerabilities that Enables Remote Code Execution
Hackers are exploiting critical Fortinet flaws days after patch release
Notepad++ fixed updater bugs that allowed malicious update hijacking
Microsoft: December security updates cause Message Queuing failures
Windows Admin Center Vulnerability (CVE-2025-64669) Let Attackers Escalate Privileges
Windows Remote Access Connection Manager Vulnerability Enables Arbitrary Code Execution
New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards
Microsoft RasMan 0-day gets an unofficial patch and exploit • The Register
Recent GeoServer Vulnerability Exploited in Attacks - SecurityWeek
Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw
CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks
JumpCloud Windows Agent Flaw Enables Local Privilege Escalation - Infosecurity Magazine
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 12 December 2025
Black Arrow Cyber Threat Intelligence Briefing 12 December 2025:
-Human-Centric Cyber Risks Surge as AI Enters the Workforce, Report Finds
-Trend Micro Issues Warning Over Rise of 'Vibe Crime' as Cyber Criminals Turn to Agentic AI to Automate Attacks
-What the Rise in Cyber Insurance Claims Reveals About the Vulnerability of UK Businesses
-Nearly Two-Thirds of Organisations to Increase Cyber Security Investments in 2026: Marsh
-When It Comes to Security Resilience, Cheaper Isn’t Always Better
-Cyber Threats Are Evolving Fast - Is Your Leadership Keeping Up?
-A Tale of Two CISOs: Why An Engineering-Focused CISO Can Be a Liability
-Why Small Businesses Can’t Afford to Overlook Cyber Security This Peak Season
-New DroidLock Malware Locks Android Devices and Demands a Ransom
-Push Security Uncovers “ConsentFix”: A New Class of Browser-Native Phishing Attack
-Report Surfaces Multiple Novel Social Engineering Tactics and Techniques
-EU Leaders to Push Defence Readiness Amid Russia ‘Hybrid Attack’ Warnings
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
With our sights on the New Year, our review this week looks at cyber security in 2026 and the risks that we all need to manage. Without doubt, AI is a major factor in that, both when used by organisations without a defined security policy as well as when used maliciously by attackers as described below. There are also some interesting insights from an analysis of cyber insurance claims in our review this week, and we include news of new tactics by attackers through mobile devices and social engineering.
We are clear that cyber security requires business leaders to understand current risks, and to implement aligned controls across people, operations and technology. The evolution of AI and other risks in 2026 further reinforces the need for this business-wide approach, supported by a CISO that can translate between technology and business management. Proportionality is always a key consideration, balancing cost and effectiveness. Contact us to see how to achieve this through a pragmatic and commercially aligned strategy.
Top Cyber Stories of the Last Week
Human-Centric Cyber Risks Surge as AI Enters the Workforce, Report Finds
Research highlights a sharp rise in incidents linked to human behaviour as AI becomes embedded in daily work. Organisations report significant growth in email-driven attacks, social engineering, unsafe behaviour, and mistakes. AI-related incidents and deepfake-enabled fraud are increasing, while shadow AI usage is expanding as employees turn to unsanctioned tools, weakening visibility and control over data and decision-making.
Trend Micro Issues Warning Over Rise of 'Vibe Crime' as Cyber Criminals Turn to Agentic AI to Automate Attacks
Trend Micro warns that so-called vibe crime will accelerate cyber crime by enabling autonomous, end-to-end attack chains powered by agentic AI. Rather than sudden spikes, organisations should expect persistent background activity that scales without human oversight. This evolution reframes cybercrime-as-a-service into a model where AI performs continuous reconnaissance, phishing, fraud, and exploitation.
Source: https://www.itpro.com/security/cyber-crime/trend-micro-vibe-crime-agentic-ai-cyber-crime
What the Rise in Cyber Insurance Claims Reveals About the Vulnerability of UK Businesses
UK cyber insurance claims have surged, reflecting both rising threat activity and weaknesses created by outsourcing, poor oversight, and complex supply chains. Cost-driven decisions can reduce visibility and weaken access controls, increasing exposure. Higher premiums alone are unlikely to fix the problem, with current payouts seen as an early warning of deeper systemic risk without stronger controls and better risk maturity.
Source: https://www.techmonitor.ai/comment-2/cyber-insurance-uk-vulnerabilities?cf-view
Nearly Two-Thirds of Organisations to Increase Cyber Security Investments in 2026: Marsh
Marsh reports that most organisations plan to increase cyber security spending, with many expecting significant budget rises. Third-party risk is a major driver, as a large proportion experienced at least one material supplier-related cyber incident in the past year. UK organisations show particularly strong intent to increase investment to address exposure and resilience gaps.
When It Comes to Security Resilience, Cheaper Isn’t Always Better
Cost-focused procurement can undermine cyber resilience by increasing dependency on fragile suppliers and underinvested controls. Savings achieved through cheaper vendors can be quickly erased by incidents such as ransomware, service disruption, or third-party data compromise. The article argues for procurement incentives that prioritise resilience and continuity, treating cyber security as a core business survival issue rather than a compliance cost.
Cyber Threats Are Evolving Fast - Is Your Leadership Keeping Up?
Effective cyber security depends on leadership, governance, and organisational culture, not just technology. Incidents damage trust, reputation, and revenue, while early executive response often determines the scale of impact. The article stresses the importance of senior ownership, clear communication, and disciplined programme management to translate cyber strategy into consistent, operational outcomes.
A Tale of Two CISOs: Why An Engineering-Focused CISO Can Be a Liability
An engineering-led approach to cyber security can create blind spots by assuming strong preventative controls are sufficient. Risk often shifts into overlooked areas such as permissions, pipelines, and operational processes. A more effective model assumes failure, focuses on limiting blast radius, rehearses response, and aligns people, process, and technology under strong governance.
Source: https://www.darkreading.com/cyber-risk/why-an-engineering-focused-ciso-can-be-a-liability
Why Small Businesses Can’t Afford to Overlook Cyber Security This Peak Season
Peak retail periods attract heightened attacker activity as transaction volumes rise. Phishing, ransomware, and malware campaigns intensify, with seasonal lures proving highly effective. For small businesses, cyber security failures can disrupt sales, expose customer data, and trigger recovery costs, making basic protections essential to protecting revenue during critical trading periods.
New DroidLock Malware Locks Android Devices and Demands a Ransom
DroidLock is a newly identified Android threat that locks devices and demands payment while harvesting sensitive data including messages, contacts, call logs, and recordings. The malware can be remotely controlled and can wipe data or steal lock patterns. Campaigns target Spanish-speaking users and spread through malicious sites offering fake apps that request extensive permissions.
Push Security Uncovers “ConsentFix”: A New Class of Browser-Native Phishing Attack
ConsentFix blends social engineering with open authorisation (OAuth) consent abuse to enable account takeover without requiring traditional login credentials. By operating entirely within the browser and targeting trusted first-party applications, the technique can bypass MFA and endpoint controls. Distribution through search results further reduces reliance on email-based phishing, complicating detection.
Report Surfaces Multiple Novel Social Engineering Tactics and Techniques
Threat researchers report attackers using increasingly creative social engineering techniques to evade controls and deliver malware. Campaigns include legal-themed emails, fake government sites, malicious SVG files, and counterfeit software updates. Information-stealing malware dominates observed threats, while a notable proportion of malicious emails bypass gateway scanning.
EU Leaders to Push Defence Readiness Amid Russia ‘Hybrid Attack’ Warnings
EU leaders will use the December European Council summit to accelerate defence cooperation, boost weapons production for Ukraine, and strengthen protection against cyber and drone attacks. Draft conclusions warn of an intensified hybrid campaign by Russia and Belarus and call for faster resilience measures, shared military capabilities, and new funding. Leaders will also debate long-term support for Ukraine through at least 2027, including use of frozen Russian assets.
Governance, Risk and Compliance
When it comes to security resilience, cheaper isn’t always better | CSO Online
Why small businesses can’t afford to overlook cybersecurity this peak season - Raconteur
Why An Engineering-Focused CISO Can Be a Liability
Are we mistaking regulation for resilience? | Computer Weekly
“Cyber Tax” Warning as Two-Fifths of SMBs Raise Prices After Breach - Infosecurity Magazine
Resilience is the new currency | Professional Security Magazine
Cyber Threats Are Evolving Fast — Are You Keeping Up?
Need for 'attacking mindset' as major cyber hacks up 50 per cent | In Cumbria
Cybersecurity Threats and AI Disruptions Top Concerns for IT Leaders in 2026, Veeam Survey Finds
CISOs are spending big and still losing ground - Help Net Security
Global Cyber Alliance Identifies Five Cybersecurity Forces That Defined 2025 - And Will Shape 2026
Cybersecurity Leaders Put Data Protection and Response at the Top of the 2026 Agenda.
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Payments Surpassed $4.5 Billion: US Treasury - SecurityWeek
Researchers spot 700 percent increase in hypervisor attacks • The Register
Cyber insurance claims in 2024 tripled. UK firms are vulnerable
New DroidLock malware locks Android devices and demands a ransom
Ransomware keeps widening its reach - Help Net Security
Banks paid $370M in ransoms to cybercriminals in 2024 | American Banker
Ransomware IAB abuses EDR for stealthy malware execution
Packer-as-a-Service Shanya Hides Ransomware, Kills EDR
DeadLock Ransomware Uses BYOVD to Evade Security Measures - Infosecurity Magazine
Ransomware Targeting Hyper-V and VMware ESXi Surges as Akira Group Exploits System Vulnerabilities
Akira ransomware: FBI tallies 250 million in payouts – DataBreaches.Net
Ransomware Victim Warning: The Streisand Effect May Apply
Russian hackers debut simple ransomware service • The Register
Ransomware gangs turn to Shanya EXE packer to hide EDR killers
Contractors with hacking records accused of wiping 96 govt databases
FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms
Industrial ransomware attacks rise sharply in Q3 2025
UK ransomware payment ban could ‘significantly shift’ cyber market :: Insurance Day
Ransomware Victims
Banks paid $370M in ransoms to cybercriminals in 2024 | American Banker
NHS taking legal action after patient and staff data stolen in cyber attack | The Independent
Barts Health NHS discloses data breach after Oracle zero-day hack
Industrial ransomware attacks rise sharply in Q3 2025
Cyber attack chaos ahead of Christmas | Westminster Extra
UK Hospital Asks Court to Stymie Ransomware Data Leak
HSE offers €750 to victims of 2021 cyberattack which affected 90,000 people | Irish Independent
Phishing & Email Based Attacks
How phishers hide banking scams behind free Cloudflare Pages | Malwarebytes
New Spiderman phishing service targets dozens of European banks
Novel clickjacking attack relies on CSS and SVG • The Register
AI Is Driving a Shift in Targeted Email Attacks
Other Social Engineering
Push Security Uncovers “ConsentFix”: A New Class of Browser-Native Phishing Attack
Novel clickjacking attack relies on CSS and SVG • The Register
Global Scams, From Southeast Asia's Pig Butchering to Russia's 'Black Widows'
New Vishing Attack Leverages Microsoft Teams Call and QuickAssist to Deploy .NET Malware
ClickFix Style Attack Uses Grok, ChatGPT for Malware Delivery
ClickFix Social Engineering Sparks Rise of CastleLoader Attacks - Infosecurity Magazine
Report Surfaces Multiple Novel Social Engineering Tactics and Techniques - Security Boulevard
Imposter for hire: How fake people can gain very real access | Microsoft Security Blog
Hackers posed as law enforcement to gain Apple Account data
FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms
Crims using social media images in virtual kidnapping scams • The Register
Fraud, Scams and Financial Crime
Global Scams, From Southeast Asia's Pig Butchering to Russia's 'Black Widows'
How phishers hide banking scams behind free Cloudflare Pages | Malwarebytes
Key barrier to online fraud can be bypassed for pennies, say researchers - CNA
California man admits role in $263 million cryptocurrency theft that funded lavish lifestyle
Myanmar's army says it wants to eradicate scam compounds. Is it really doing that? - BBC News
Scam-Busting FCA Firm Checker Tool Given Cautious Welcome - Infosecurity Magazine
‘Report fraud’ service replaces Action Fraud as UK’s official reporting portal
Artificial Intelligence
Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks
Block all AI browsers for the foreseeable future: Gartner • The Register
UK cyber agency warns LLMs will always be vulnerable to prompt injection | CyberScoop
New Prompt Injection Attack via Malicious MCP Servers Let Attackers Drain Resources
OpenAI warns new models pose 'high' cybersecurity risk - CNA
Human-Centric Cyber Risks Surge as AI Enters the Workforce, Report Finds - IT Security Guru
Exclusive | AI Hackers Are Coming Dangerously Close to Beating Humans - WSJ
ClickFix Style Attack Uses Grok, ChatGPT for Malware Delivery
Cybersecurity Threats and AI Disruptions Top Concerns for IT Leaders in 2026, Veeam Survey Finds
NVIDIA research shows how agentic AI fails under attack - Help Net Security
UK NCSC Raises Alarms Over Prompt Injection Attacks - Infosecurity Magazine
LLMs are everywhere in your stack and every layer brings new risk - Help Net Security
Ignoring AI in the threat chain could be a costly mistake, experts warn | CSO Online
Cyber experts warn AI will accelerate attacks and overwhelm defenders in 2026 - BetaNews
AI is accelerating cyberattacks. Is your network prepared?
Latest macOS malware uses trusted search & AI to dupe users
Copilot's No Code AI Agents Liable to Leak Company Data
AI Is Driving a Shift in Targeted Email Attacks
The AMOS infostealer is piggybacking ChatGPT's chat-sharing feature | Kaspersky official blog
It's time to revamp IT security to deal with AI
OpenAI user data was breached, but changing your password won't help - here's why | ZDNET
Tehran and Moscow sign deal on AI, cybersecurity | Iran International
Police Admit AI Surveillance Panopticon Still Has Issues With "Some Demographic Groups"
Brussels attacks Google for ‘unfairly harvesting’ web and YouTube content for AI
Privacy concerns raised as Grok AI found to be a stalker's best friend
Trump Signs Executive Order to Block State AI Regulations - SecurityWeek
AML/CFT/Money Laundering/Terrorist Financing/Sanctions
Predator Spyware Maker Intellexa Evades Sanctions - Infosecurity Magazine
Britain sanctions Russian, Chinese entities over disinfo, cyber threats - CNA
2FA/MFA
Death to one-time text codes: Passkeys are the new hotness • The Register
Android Warning—New Attack Unlocks Your Phone And Steals Your Texts
Malware
Wide Range of Malware Delivered in React2Shell Attacks - SecurityWeek
ClickFix Style Attack Uses Grok, ChatGPT for Malware Delivery
Latest macOS malware uses trusted search & AI to dupe users
New Vishing Attack Leverages Microsoft Teams Call and QuickAssist to Deploy .NET Malware
ClickFix Social Engineering Sparks Rise of CastleLoader Attacks - Infosecurity Magazine
Ransomware IAB abuses EDR for stealthy malware execution
Packer-as-a-Service Shanya Hides Ransomware, Kills EDR
DeadLock Ransomware Uses BYOVD to Evade Security Measures - Infosecurity Magazine
Information stealers are on the rise, are you at risk? | Cyber.gov.au
Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure
Threat Actors Poisoning SEO Results to Attack Organizations With Fake Microsoft Teams Installer
Malicious Microsoft VS Code extensions steal data | Cybernews
'PyStoreRAT' malware uses fake developer tools on GitHub to infect Windows systems - SiliconANGLE
NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
The AMOS infostealer is piggybacking ChatGPT's chat-sharing feature | Kaspersky official blog
Threat Actors Deploying CoinMiner Malware via USB Drives Infecting Workstations
Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT
Malicious VSCode extensions on Microsoft's registry drop infostealers
Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data
MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign
New Mirai Botnet Variant 'Broadside' Actively Attacking Users in the Wild
Bots/Botnets
Bots, bias, and bunk: How to tell what's real on the net • The Register
Analysts Warn of Cybersecurity Risks in Humanoid Robots
'Botnets in physical form' are top humanoid robot risk • The Register
New 'Broadside' Botnet Poses Risk to Shipping Companies - SecurityWeek
New Mirai Botnet Variant 'Broadside' Actively Attacking Users in the Wild
Mobile
New DroidLock malware locks Android devices and demands a ransom
Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features
New malware turns trusted banking apps into phone hijacking tools — how to stay safe | Tom's Guide
Android Warning—New Attack Unlocks Your Phone And Steals Your Texts
ClayRat Android Spyware Expands Capabilities - Infosecurity Magazine
Uneven regulatory demands expose gaps in mobile security - Help Net Security
Internet of Things – IoT
Porsche panic in Russia as cars mysteriously bricked • The Register
Should you be afraid of smart home hacking? 6 ways experts keep their devices protected | ZDNET
Porsche outage in Russia serves as a reminder of the risks in connected vehicle security
Data Breaches/Leaks
Copilot's No Code AI Agents Liable to Leak Company Data
OpenAI user data was breached, but changing your password won't help - here's why | ZDNET
Spain arrests teen who stole 64 million personal data records
NHS taking legal action after patient and staff data stolen in cyber attack | The Independent
US military contractor breach expose employee data | Cybernews
Over 10,000 Docker Hub images found leaking credentials, auth keys
PSNI officer 'felt fear and disbelief' after data breach - BBC News
Users report chaos as Legal Aid Agency stumbles back online • The Register
Contractors with hacking records accused of wiping 96 govt databases
Coupang CEO Resigns Following Major Data Breach Exposing 34 Million Customers - IT Security Guru
Hospice Firm, Eye Care Practice Notifying 520,000 of Hacks
Hackers claim Volkswagen dealer data is for sale | Cybernews
One of Sudan’s last flying airlines breached, say hackers | Cybernews
Organised Crime & Criminal Actors
Global Scams, From Southeast Asia's Pig Butchering to Russia's 'Black Widows'
European cops arrest 193 'violence-as-a-service' suspects • The Register
Contractors with hacking records accused of wiping 96 govt databases
Ex-teen hackers warn parents are clueless as children steal ‘millions’ – DataBreaches.Net
National cybercrime network operating for 14 years dismantled in Indonesia | TechRadar
How old is the average hacker? What does a new research report suggest? (1) – DataBreaches.Net
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
California man admits role in $263 million cryptocurrency theft that funded lavish lifestyle
Threat Actors Deploying CoinMiner Malware via USB Drives Infecting Workstations
Insider Risk and Insider Threats
Human-Centric Cyber Risks Surge as AI Enters the Workforce, Report Finds - IT Security Guru
Insurance
Cyber insurance claims in 2024 tripled. UK firms are vulnerable
UK ransomware payment ban could ‘significantly shift’ cyber market :: Insurance Day
Supply Chain and Third Parties
NHS taking legal action after patient and staff data stolen in cyber attack | The Independent
Barts Health NHS discloses data breach after Oracle zero-day hack
UK Hospital Asks Court to Stymie Ransomware Data Leak
Software Supply Chain
'PyStoreRAT' malware uses fake developer tools on GitHub to infect Windows systems - SiliconANGLE
Malware Discovered in 19 Visual Studio Code Extensions - Infosecurity Magazine
Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data
Cloud/SaaS
New Vishing Attack Leverages Microsoft Teams Call and QuickAssist to Deploy .NET Malware
NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
Swiss Government Sounds The Alarm Bell Over Cloud Storage Security Risks
US charges former Accenture employee with misleading feds on cloud platform’s security - Nextgov/FCW
Microsoft investigates Copilot outage affecting users in Europe
Outages
Cloudflare Outage Caused by React2Shell Mitigations - SecurityWeek
Microsoft investigates Copilot outage affecting users in Europe
Porsche outage in Russia serves as a reminder of the risks in connected vehicle security
Encryption
CISOs Should Be Asking These Quantum Questions Today
Passwords, Credential Stuffing & Brute Force Attacks
New wave of VPN login attempts targets Palo Alto GlobalProtect portals
Over 10,000 Docker Hub images found leaking credentials, auth keys
Death to one-time text codes: Passkeys are the new hotness • The Register
Social Media
EU fines X $140 million over deceptive blue checkmarks
Regulations, Fines and Legislation
Portugal updates cybercrime law to exempt security researchers
UK finally vows to look at 35-year-old Computer Misuse Act • The Register
Are we mistaking regulation for resilience? | Computer Weekly
Briefing: Online Safety Act Parliamentary Petition Debate | Open Rights Group
What 35 years of privacy law say about the state of data protection - Help Net Security
EU fines X $140 million over deceptive blue checkmarks
Defense bill addresses secure phones, AI training, cyber troop mental health | CyberScoop
UK.gov rejects £1.8B digital ID cost, offers no alternative • The Register
Porn company starts new age checks after £1m fine - BBC News
UK Cyber Security and Resilience Bill: pragmatic overhaul or regulatory overload? | Osborne Clarke
UK ransomware payment ban could ‘significantly shift’ cyber market :: Insurance Day
Uneven regulatory demands expose gaps in mobile security - Help Net Security
Trump Signs Executive Order to Block State AI Regulations - SecurityWeek
‘Report fraud’ service replaces Action Fraud as UK’s official reporting portal
UK ICO Demands “Urgent Clarity” on Facial Recognition Bias Claims - Infosecurity Magazine
Models, Frameworks and Standards
OWASP Project Publishes List of Top Ten AI Agent Threats - Security Boulevard
NIST Plans to Build Threat and Mitigation Taxonomy for AI Agents - Security Boulevard
Porn company starts new age checks after £1m fine - BBC News
Briefing: Online Safety Act Parliamentary Petition Debate | Open Rights Group
Data Protection
What 35 years of privacy law say about the state of data protection - Help Net Security
Cybersecurity Leaders Put Data Protection and Response at the Top of the 2026 Agenda.
Careers, Roles, Skills, Working in Cyber and Information Security
Why An Engineering-Focused CISO Can Be a Liability
Why Losing One Security Engineer Can Break Your Defences | SC Media UK
88% of Cybersecurity Professionals Impacted by Skills Gap
Law Enforcement Action and Take Downs
European cops arrest 193 'violence-as-a-service' suspects • The Register
UK ICO Demands “Urgent Clarity” on Facial Recognition Bias Claims - Infosecurity Magazine
US charges former Accenture employee with misleading feds on cloud platform’s security - Nextgov/FCW
California man admits role in $263 million cryptocurrency theft that funded lavish lifestyle
National cybercrime network operating for 14 years dismantled in Indonesia | TechRadar
Spain arrests teen who stole 64 million personal data records
Myanmar's army says it wants to eradicate scam compounds. Is it really doing that? - BBC News
Poland charges Ukrainians found in possession of hacking equipment | Notes From Poland
US extradites Ukrainian accused of hacking for Russia • The Register
Misinformation, Disinformation and Propaganda
Key barrier to online fraud can be bypassed for pennies, say researchers - CNA
Bots, bias, and bunk: How to tell what's real on the net • The Register
UK on frontline of new information war as Russia floods social media with fake videos - The Mirror
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
NATO prepares for hybrid threats: Alliance Commander-in-Chief reveals details | УНН
Chinese cyberspies target VMware vSphere for long-term persistence | CSO Online
Minister to issue sobering warning about Putin's 'cyber army' in the UK | News UK | Metro News
UK calls on Europe to counter Russia's expanding info wars • The Register
When Do Cyber Campaigns Cross a Line? | Lawfare
EU leaders to push defense readiness amid Russia ‘hybrid attack’ warnings – POLITICO
UK launches hybrid fighting force to secure undersea cables • The Register
How Europe can turn the tide on Russia's underwater warfare
China using cyber weapons for societal havoc, chaos in US | The Jerusalem Post
Ukraine’s wartime experience provides blueprint for infrastructure protection - Atlantic Council
Nation State Actors
Have you been targeted by state-sponsored hackers? Apple, Google issue fresh alerts | Cybernews
China
Chinese cyberspies target VMware vSphere for long-term persistence | CSO Online
Britain sanctions Russian, Chinese entities over disinfo, cyber threats - CNA
React2Shell Vulnerability Under Attack From China-Nexus Groups
2 Men Linked to China’s Salt Typhoon Hacker Group Likely Trained in a Cisco ‘Academy’ | WIRED
Trump prioritizing trade with China over cyber war, Salt Typhoon goes unpunished | Cybernews
China using cyber weapons for societal havoc, chaos in US | The Jerusalem Post
As White House moves to send AI chips to China, Trump’s DOJ prosecutes chip smugglers | CyberScoop
China’s Intelligence Chief Outlines Hardline Five-Year Security Plan - StratNews Global
Russia
Russia’s hybrid warfare puts Europe to the test
Britain sanctions Russian, Chinese entities over disinfo, cyber threats - CNA
NATO prepares for hybrid threats: Alliance Commander-in-Chief reveals details | УНН
Minister to issue sobering warning about Putin's 'cyber army' in the UK | News UK | Metro News
EU leaders to push defense readiness amid Russia ‘hybrid attack’ warnings – POLITICO
UK launches hybrid fighting force to secure undersea cables • The Register
How Europe can turn the tide on Russia's underwater warfare
Ukraine’s wartime experience provides blueprint for infrastructure protection - Atlantic Council
US extradites Ukrainian accused of hacking for Russia • The Register
Tehran and Moscow sign deal on AI, cybersecurity | Iran International
Harbadus attacks Andvaria: cyber war game tests Nato defences against Russia | Nato | The Guardian
Cyber Attack on Reporters Without Borders Linked to Russian Security Services
US Warns of Ongoing Pro-Russia Critical Infrastructure Hacks
Porsche outage in Russia serves as a reminder of the risks in connected vehicle security
Aeroflot hack explained: report says infrastructure was nearly destroyed | Cybernews
Cyberattack Reportedly Paralyzes Russia’s Military Registration Database - The Moscow Times
Iran
US Posts $10 Million Bounty for Iranian Hackers - SecurityWeek
Tehran and Moscow sign deal on AI, cybersecurity | Iran International
MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign
North Korea
React2Shell Exploit Campaigns Tied to North Korean Cyber Tactics - Infosecurity Magazine
North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks
Imposter for hire: How fake people can gain very real access | Microsoft Security Blog
Lazarus Group: The $2.1 Billion Cyber Threat and Your Defense Strategy - Security Boulevard
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Danish intelligence classifies Trump’s America as a security risk – POLITICO
Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery
Predator Spyware Maker Intellexa Evades Sanctions - Infosecurity Magazine
Apple, Google Send New Round of Cyber Threat Notifications to Users
Tools and Controls
Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks
Block all AI browsers for the foreseeable future: Gartner • The Register
Researchers spot 700 percent increase in hypervisor attacks • The Register
Ransomware Targeting Hyper-V and VMware ESXi Surges as Akira Group Exploits System Vulnerabilities
When it comes to security resilience, cheaper isn’t always better | CSO Online
Briefing: Online Safety Act Parliamentary Petition Debate | Open Rights Group
New wave of VPN login attempts targets Palo Alto GlobalProtect portals
Ransomware IAB abuses EDR for stealthy malware execution
Packer-as-a-Service Shanya Hides Ransomware, Kills EDR
DeadLock Ransomware Uses BYOVD to Evade Security Measures - Infosecurity Magazine
NVIDIA research shows how agentic AI fails under attack - Help Net Security
Resilience is the new currency | Professional Security Magazine
CISOs are spending big and still losing ground - Help Net Security
US charges former Accenture employee with misleading feds on cloud platform’s security - Nextgov/FCW
Are we mistaking regulation for resilience? | Computer Weekly
Ransomware gangs turn to Shanya EXE packer to hide EDR killers
MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations - SecurityWeek
Harbadus attacks Andvaria: cyber war game tests Nato defences against Russia | Nato | The Guardian
15 years in, zero trust remains elusive — with AI rising to complicate the challenge | CSO Online
Reports Published in the Last Week
Human-Centric Cyber Risks Surge as AI Enters the Workforce, Report Finds - IT Security Guru
Other News
The hidden dynamics shaping who produces influential cybersecurity research - Help Net Security
Analysts Warn of Cybersecurity Risks in Humanoid Robots
'Botnets in physical form' are top humanoid robot risk • The Register
Need for 'attacking mindset' as major cyber hacks up 50 per cent | In Cumbria
Porn Is Being Injected Into Government Websites Via Malicious PDFs
National Crime Agency leaflet given to pupils linked to 'explicit sexual content' - BBC News
Surviving system meltdowns and cyber attacks - Monevator
Cybersecurity’s New Power Dynamics | Goodwin - JDSupra
‘Report fraud’ service replaces Action Fraud as UK’s official reporting portal
How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?
Cyber risk is the most pressing threat to Irish businesses
Fire Stick users receive warning message while illegally streaming as crackdown begins
Aeroflot hack explained: report says infrastructure was nearly destroyed | Cybernews
Why Singapore remains cautious over naming state actors in cyber-attacks - Yahoo News Singapore
Vulnerability Management
Why bug bounty schemes have not led to secure software | Computer Weekly
MITRE shares 2025's top 25 most dangerous software weaknesses
Vulnerabilities
North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks
React2Shell Vulnerability Under Attack From China-Nexus Groups
Cloudflare blames Friday outage on borked React2shell fix • The Register
Wide Range of Malware Delivered in React2Shell Attacks - SecurityWeek
Attacks pinned to critical React2Shell defect surge, surpass 50 confirmed victims | CyberScoop
Microsoft Patches 57 Vulnerabilities, Three Zero-Days - SecurityWeek
Microsoft releases Windows 10 KB5071546 extended security update
Intel, AMD Processors Affected by PCIe Vulnerabilities - SecurityWeek
React2Shell Exploit Campaigns Tied to North Korean Cyber Tactics - Infosecurity Magazine
Intel, AMD Processors Affected by PCIe Vulnerabilities - SecurityWeek
Ivanti Security Update: Patch for Code Execution Vulnerabilities in Endpoint Manager
Adobe Patches Nearly 140 Vulnerabilities - SecurityWeek
Google fixes eighth Chrome zero-day exploited in attacks in 2025
Google Patches Mysterious Chrome Zero-Day Exploited in the Wild - SecurityWeek
Google Fixes Gemini Enterprise Flaw That Exposed Corporate Data - Infosecurity Magazine
Microsoft won’t fix .NET RCE bug affecting enterprise apps • The Register
This 30-year-old app is somehow still one of the biggest security risks on Windows
IBM Patches Over 100 Vulnerabilities - SecurityWeek
Microsoft Outlook Vulnerability Let Attackers Execute Malicious Code Remotely
Maximum-severity XXE vulnerability discovered in Apache Tika
Apache warns of 10.0-rated flaw in Tika metadata toolkit • The Register
Fortinet warns of critical FortiCloud SSO login auth bypass flaws
SAP fixes three critical vulnerabilities across multiple products
Firefox 146 adds Windows backup, improved privacy, and security fixes | PCWorld
Critical Gogs zero-day under attack, 700 servers hacked
Hackers Actively Exploiting ArrayOS AG VPN Vulnerability to Deploy Webshells
Hackers abuse Notepad++ updater | Cybernews
Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups
Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks - SecurityWeek
700+ self-hosted Git instances battered in 0-day attacks • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Advisory 10 December 2025 - Security Updates from Microsoft, SAP, Adobe, Fortinet, Google Android, Ivanti, React.js
Black Arrow Cyber Advisory 10 December 2025 - Security Updates from Microsoft, SAP, Adobe, Fortinet, Google Android, Ivanti, React.js
Executive Summary
This month’s Patch Tuesday brings a very busy close to the year, with Microsoft fixing 57 vulnerabilities, SAP issuing 14 new security notes, Adobe addressing nearly 140 issues, and Google Android resolving 107 flaws including two actively exploited zero days. Fortinet, Ivanti and React have all released targeted updates for critical remotely exploitable weaknesses in network infrastructure, endpoint management and widely used web frameworks. Organisations should prioritise internet facing services, identity and SSO paths, and any platform exposed to untrusted content or code.
Vulnerabilities by Vendor
Microsoft: 57 vulnerabilities, affecting Windows client and server, Office, Azure components, developer tooling (including GitHub Copilot for JetBrains) and PowerShell.
SAP: 14 vulnerabilities, affecting Solution Manager, Commerce Cloud, jConnect, Web Dispatcher and Internet Communication Manager, NetWeaver, Business Objects, S/4HANA Private Cloud, SAPUI5 and Enterprise Search.
Adobe: At least 138 vulnerabilities across ColdFusion, Adobe Experience Manager (AEM), DNG SDK, Acrobat/Reader and Creative Cloud Desktop. ColdFusion and AEM carry multiple critical or high severity issues, including arbitrary code execution and extensive cross site scripting in AEM.
Fortinet: At least 4 vulnerabilities, affecting FortiOS, FortiProxy, FortiWeb and FortiSwitchManager, including two critical flaws in FortiCloud SSO login that allow administrative authentication bypass, plus additional weaknesses in password handling and credential reset flows.
Google Android: 107 vulnerabilities, affecting Android Framework and System components (51 flaws) and kernel and closed source vendor components (56 flaws) across Android 13 to 16. Two high severity issues are under active exploitation, with an additional critical denial of service flaw in the Android Framework and multiple critical elevation of privilege bugs in kernel subcomponents and chipset drivers.
Ivanti: 1 vulnerability, affecting Ivanti Endpoint Manager (EPM) 2024, disclosed as part of Ivanti’s December 2025 security update. Public commentary indicates a critical stored cross site scripting issue that can lead to remote code execution within the management console.
React: 1 vulnerability, affecting React Server Components in React 19 (react-server and related packages) and widely used frameworks that integrate the same protocol. This unauthenticated remote code execution flaw, widely referred to as React2Shell, is already under active exploitation and carries maximum severity. Prioritise updating to the patched React and framework versions recommended in the React advisory, with particular urgency for internet facing applications and multi tenant environments. Please see our specific advisory on this vulnerability for more information: https://www.blackarrowcyber.com/blog/advisory-08-december-2025-react2shell
What’s the risk to me or my business?
The presence of actively exploited zero-days and critical RCE/privilege escalation vulnerabilities across major enterprise platforms significantly elevates the risk of data breaches, lateral movement, malware deployment, and full system compromise.
What can I do?
Black Arrow recommends promptly applying the available security updates for all affected products. Prioritise patches for vulnerabilities that are actively exploited or rated as critical or high severity. Regularly review and update your organisation's security policies and ensure that all systems are running supported and up-to-date software versions.
Sources:
1 Microsoft — https://msrc.microsoft.com/update-guide/releaseNote/2025-Dec
2 SAP — https://support.sap.com/en/my-support/knowledge-base/security-notes-news/december-2025.html
3 Adobe — https://helpx.adobe.com/security.html
4 Fortinet — https://fortiguard.fortinet.com/psirt/FG-IR-25-647
5 Google Android — https://source.android.com/docs/security/bulletin/2025-12-01
6 Ivanti — https://www.ivanti.com/blog/december-2025-security-update
7 React — https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
Black Arrow Cyber Advisory - 08 December 2025 – React2Shell Vulnerability Actively Exploited in Web Technologies
Black Arrow Cyber Advisory - 08 December 2025 – React2Shell Vulnerability Actively Exploited in Web Technologies
Executive summary
A critical security flaw, widely known as React2Shell (CVE-2025-55182), has been identified in a very popular web technology used to build modern online services and software platforms. It has a maximum severity rating and allows attackers to run code on affected servers without needing to log in.
The issue mainly affects organisations that develop and host their own modern web applications using React Server Components and certain versions of Next.js, rather than traditional off the shelf software. However, many SaaS and cloud based services are built on these technologies, so the most realistic risk for many organisations is through their critical third parties and suppliers, rather than their own internal systems.
The vulnerability is already being actively exploited, has been added to CISA’s Known Exploited Vulnerabilities catalogue, and security researchers report tens of thousands of potentially exposed systems and confirmed breaches at multiple organisations.
In practical terms, this is another supply chain and SaaS platform risk that boards and senior leaders should be aware of, particularly where critical business processes rely on externally hosted web applications.
What is the risk to me or my business?
For most organisations who do not carry out development activites, the main concerns are:
Trusted third party services
Business critical SaaS platforms such as HR, payroll, finance, CRM, ticketing, collaboration, sector specific tools, may use the affected web technology as part of their platform. If one of these suppliers is compromised, attackers may be able to access or steal your data held in that service, or disrupt availability.
Customer facing websites and portals built by third parties
Public websites, customer portals and booking or payment systems developed by digital agencies may be using the affected components.
Regulatory and reputational impact:
Exploitation is being linked to capable threat actors and is already being used to steal data at scale. A compromise at a key supplier could still create regulatory reporting, contractual and reputational consequences for your organisation, even if the issue sits in their technology stack.
By contrast, organisations that only use React in the form of older or simple front end websites, or who do not use React based web technologies at all, will likely have limited direct technical exposure. However, almost every organisation consumes multiple SaaS platforms, and those are where the risk is most likely to materialise.
Technical Summary
CVE-2025-55182 (React2Shell): A pre authentication remote code execution vulnerability in React Server Components, caused by unsafe deserialisation of attacker controlled data in the RSC “Flight” protocol.
Affects versions 19.0.0, 19.1.0, 19.1.1 and 19.2.0 of:
react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack
CVE-2025-66478 (Next.js): Tracks the downstream impact on Next.js applications using the App Router, which depend on the vulnerable RSC implementation.
This vulnerability has also been rated as a CVSS 10.0 and can lead to RCE when processing crafted requests in unpatched environments.
Exploitation status
CISA has added CVE-2025-55182 to the KEV catalogue following evidence of active exploitation. Rapid7, Tenable and others note public proof of concept exploits, including a Metasploit module, and rapid adoption by threat actors. Amazon’s security team has observed exploitation attempts by China state linked groups within hours of public disclosure.
Patched versions
React has released fixes in react-server-dom-* versions 19.0.1, 19.1.2 and 19.2.1
Next.js has released patched versions for affected major branches under CVE-2025-66478, and advises upgrading to the latest available release in the relevant major line.
What types of software are most likely to be affected?
Based on current public reporting and vendor advisories, the typical affected services are:
Custom built web applications and portals: Customer portals, online account management, booking systems and ecommerce sites built using modern React and Next.js frameworks.
Modern SaaS and cloud based platforms: Many contemporary SaaS products use these frameworks to build their web dashboards and user interfaces. Where those services have not yet patched, they may be exposed.
Tech and digital firms that develop software as their core business: These organisations are more likely to have adopted the latest React 19 and Next.js capabilities and will be prioritising patching efforts now.
Traditional enterprise software suites and legacy on premises tools are less likely to be using this particular technology stack. The risk profile therefore looks very similar to other supply chain related events: a serious flaw in widely used underlying technology, with real impact flowing through service providers and suppliers.
What can I do?
As the situation is still evolving and technical guidance is being updated frequently, we recommend leadership teams focus on four practical actions, and refer technical teams to the detailed references below.
Understand where you might be exposed indirectly
Identify your most critical SaaS and hosted platforms (for example HR and payroll, finance, CRM, key industry platforms).
Ask suppliers directly whether they have assessed their exposure to React2Shell CVE-2025-55182 and Next.js CVE-2025-66478, and whether they have applied the recommended patches.
Check any externally hosted websites or portals in your name
Where third party developers or agencies maintain your customer facing portals or transactional sites, seek written confirmation that they have reviewed their use of React and Next.js and applied relevant updates where required.
Ensure monitoring and incident response are ready
Ask your internal or external security and IT teams to confirm they are:
Tracking authoritative advisories on React2Shell.
Monitoring for unusual access patterns or alerts on key SaaS platforms and externally facing web applications.
Keep an eye on evolving guidance
This is a fast moving issue, with new detection methods and defensive advice being published by major vendors and government agencies. Leaders should ensure their organisations are:
Following updates from suppliers and cloud providers.
Prepared to act quickly if a critical third party discloses that they have been impacted.
For organisations that do build or host their own web applications, your internal or outsourced development teams should follow the technical instructions in the React and Next.js advisories without delay.
Further details and patches
For technical teams and suppliers, current authoritative sources include:
React: Official security advisory on the critical vulnerability in React Server Components and patched versions: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
Next.js: Security advisory for CVE-2025-66478: https://nextjs.org/blog/CVE-2025-66478
CERT EU: technical advisory on CVE-2025-55182 and recommended updates: https://cert.europa.eu/publications/security-advisories/2025-041/pdf
Tenable: https://www.tenable.com/blog/react2shell-cve-2025-55182-react-server-components-rce
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Intelligence Briefing 05 December 2025
Black Arrow Cyber Threat Intelligence Briefing 05 December 2025:
-Are MSPs the Weakest Link in Your Security Chain?
-Marquis Data Breach Impacts Over 74 US Banks, Credit Unions
-Stealthy Browser Extensions Waited Years Before Infecting 4.3M Chrome, Edge Users With Backdoors and Spyware
-How Financial Institutions Can Future-Proof Their Security Against a New Breed of Cyber Attackers
-Malicious LLMs Empower Inexperienced Hackers with Advanced Tools
-Companies Fear State Attacks More as Threat Landscape Evolves
-Spear Phishing is North Korean Hackers’ Top Tactic: How to Stay Safe
-CISOs, CIOs and Boards: Bridging the Cyber Security Confidence Gap
-Disinformation and Cyber Threats Expand Globally
-Cyber Attacks Among Biggest Risks to Financial Stability, Bank Chief Warns
-NATO May Get 'More Aggressive' in Countering Russia’s Hybrid Attacks, Top Military Official Says
-Ex Teen Hackers Warn Parents Are Clueless as Children Steal 'Millions'
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Recent high profile cyber incidents have highlighted how organisations need to address the risks presented by their third parties, including their managed service provider (MSP), and this week’s review of threat intelligence highlights two impactful examples. We discuss other business risks identified from our review, including the long term tactics of attackers and the malicious use of AI.
These illustrate the need for business leaders to upskill themselves on their cyber literacy, to ask the appropriate challenging questions on the risks to their business. It is important that the upskilling should be from an impartial source, not from a control provider such as the MSP, in order to achieve a broad and objective perspective.
Our review also shows the need for the leadership team to have meaningful conversations with their CISO, and to provide the appropriate support and challenge. Contact us to discuss how we support business leaders and decision makers to understand and manage their cyber risks in a proportionate manner.
Top Cyber Stories of the Last Week
Are MSPs the Weakest Link in Your Security Chain?
A series of incidents affecting Jaguar Land Rover, the Coop Group and Marks and Spencer were linked to compromises at a managed service provider (MSP) where attackers used simple social engineering to obtain helpdesk access. The article notes regulator fines of £14m against a large outsourcer (Capita) and estimates that related breaches could cost close to £2bn, underlining MSPs as high concentration risks.
Source: https://www.techmonitor.ai/technology/cybersecurity/msps-cybersecurity-risk
Marquis Data Breach Impacts Over 74 US Banks, Credit Unions
A ransomware attack on Marquis Software Solutions shows how a breach at a single service provider can affect many financial institutions. The incident exposed data belonging to more than 74 banks and credit unions and over 400,000 individuals. Attackers exploited a SonicWall firewall to steal names, contact details, Social Security numbers and financial account information.
Source: https://www.bleepingcomputer.com/news/security/marquis-data-breach-impacts-over-74-us-banks-credit-unions/
Stealthy Browser Extensions Waited Years Before Infecting 4.3M Chrome, Edge Users With Backdoors and Spyware
A long running campaign by attackers called ‘ShadyPanda’ used legitimate looking Chrome and Edge extensions to build a large user base before adding malicious updates. More than 4.3 million users were affected and several extensions remained available in official stores. The extensions included backdoors, surveillance tools and remote code execution, demonstrating the risk of trusted browser add-ons.
Source: https://www.theregister.com/2025/12/01/chrome_edge_malicious_browser_extensions/
How Financial Institutions Can Future-Proof Their Security Against a New Breed of Cyber Attackers
Financial institutions face increasingly organised adversaries supported by AI, initial access brokers who gain entry to victim organisations, and complex supply chains. Digital footprints have expanded and identity controls remain a common weakness. The article sets out the need for continuous external attack surface monitoring, AI governance, stronger authentication and closer coordination between cyber security, fraud teams and business leaders.
Source: https://securityboulevard.com/2025/12/how-financial-institutions-can-future-proof-their-security-against-a-new-breed-of-cyber-attackers/
Malicious LLMs Empower Inexperienced Hackers With Advanced Tools
Researchers tested large language models (LLMs) used by attackers such as WormGPT 4 and KawaiiGPT, and found they reliably generate working ransomware scripts, lateral movement tooling and polished phishing emails. WormGPT 4 is sold for $50 a month or a $220 lifetime fee, while free KawaiiGPT helps automate phishing and scripting. These LLMs enable inexperienced attackers by generating functional malware and phishing content.
Source: https://www.bleepingcomputer.com/news/security/malicious-llms-empower-inexperienced-hackers-with-advanced-tools/
Companies Fear State Attacks More as Threat Landscape Evolves
Research shows most UK and US cyber security managers are worried about state sponsored attacks, with 23% citing inadequate preparedness for geopolitical escalation as their top concern. Respondents point to rising activity from Russia, Iran, North Korea and China, and 33% believe government support is insufficient. Many fear data loss, reputational harm and supply chain disruption, but 74% are investing in resilience measures.
Source: https://www.infosecurity-magazine.com/news/companies-fear-state-attacks-more/
Spear Phishing Is North Korean Hackers’ Top Tactic: How To Stay Safe
Analysis of recent incidents shows North Korea’s Lazarus Group continues to rely on targeted spear phishing, often using job approaches or academic invitations to gain access to finance, crypto, defence and IT organisations. Lazarus appeared in 31 reports this year, the highest among North Korean groups. The article highlights the need for vigilance, MFA and stronger controls to reduce account compromise.
Source: https://cointelegraph.com/news/spear-phishing-north-korean-hackers-top-tactic-how-to-stay-safe
CISOs, CIOs and Boards: Bridging the Cyber Security Confidence Gap
Survey data shows most board members lack confidence in decisions on cyber investment and struggle to connect technical performance with business outcomes. Security leaders are encouraged to translate blocked threats into avoided financial impact, communicate in risk terms rather than technical language, and demonstrate how identity and resilience measures directly support business goals.
Source: https://securityboulevard.com/2025/12/cisos-cios-and-boards-bridging-the-cybersecurity-confidence-gap/
Disinformation and Cyber Threats Expand Globally
A World Economic Forum survey of 11,000 executives across 116 economies shows cyber insecurity and the adverse outcomes of AI are emerging as leading risks for major economies. Executives warn that AI is increasing attacker capability in social engineering, reconnaissance and exploit development. Many also fear malicious use of AI tools and attacks such as data poisoning.
Source: https://www.infosecurity-magazine.com/news/disinformation-cyberthreats-global/
Cyber Attacks Among Biggest Risks to Financial Stability, Bank Chief Warns
The Bank of England reports cyber attacks are now among the most significant risks to UK financial stability, with firms increasingly citing them alongside geopolitical and economic pressures. The Bank of England’s Governor warns that disruption to digital services or payments could quickly erode confidence in the financial system. Firms are urged to strengthen resilience as dependency on digital infrastructure grows.
Source: https://www.independent.co.uk/news/uk/politics/bank-of-england-jaguar-land-rover-spencer-andrew-bailey-b2876526.html
NATO May Get 'More Aggressive' in Countering Russia’s Hybrid Attacks, Top Military Official Says
NATO is considering more proactive responses to Russian hybrid operations following cyber activity and infrastructure interference across Europe. Its Military Committee chair notes that certain offensive cyber measures may be justified as defensive action. Recent patrols over seabed cables under Baltic Sentry exercises have reduced incidents of damage to the cables, showing how visible deterrence can help counter covert disruption.
Source: https://kyivindependent.com/nato-may-get-more-aggressive-in-countering-russias-hybrid-attacks-top-military-official-tells-ft/
Ex Teen Hackers Warn Parents Are Clueless as Children Steal 'Millions'
The UK National Crime Agency’s ‘Cyber Choices programme’ aims to divert young people away from illegal cyber activity and guide them toward safe, legal and productive uses of their technical skills. Referrals now include children as young as seven, with the average age at 15. Many cases relate to gaming communities and capability development among 10- to 16-year-olds, and former crypto hackers warn that teenagers are making millions from online crime unnoticed by parents or schools.
Source: https://news.sky.com/story/children-as-young-as-seven-caught-hacking-as-former-cybercriminals-warn-its-mainstream-now-13479365
Governance, Risk and Compliance
Disinformation and Cyber-Threats Top Global Exec Concerns - Infosecurity Magazine
CISOs, CIOs and Boards: Bridging the Cybersecurity Confidence Gap - Security Boulevard
Are MSPs the weakest link in your security chain? - Tech Monitor
Insurer pulls back from cyber market amid rising hacks and price war
How headlines can drive change in cyber security | Computer Weekly
12 signs the CISO-CIO relationship is broken — and steps to fix it | CSO Online
Every risk matters: How foresight can save firms before disaster hits - The Standard
Why compliance alone can’t keep pace with today’s cyber threats - Tech Monitor
The Great Disconnect: Unmasking the 'Two Separate Conversations' in Security - SecurityWeek
Sleepless in Security: What’s Actually Keeping CISOs Up at Night - Security Boulevard
Criminals turning bank security systems against themselves
ISC2 Study Finds Cybersecurity Budget Constraints Remain, But Do Not Worsen, While Skill Needs Grow
CISOs are questioning what a crisis framework should look like - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
SonicWall ransomware attacks offer an M&A lesson for CSOs | CSO Online
Cyber insurers brace for more ransomware as soft market drags on | Insurance Business
Deep dive into DragonForce ransomware and its Scattered Spider connection
Zendesk users targeted by Scattered Lapsus$ Hunters hackers and fake support sites | TechRadar
Global ransomware threat rises as soft market persists :: Insurance Day
The Ransomware Holiday Bind: Burnout or Be Vulnerable
Ransomware Moves: Supply Chain Hits, Credential Harvesting
UK Ransomware Payment Ban to Come with Exemptions - Infosecurity Magazine
How a noisy ransomware intrusion exposed a long-term espionage foothold - Help Net Security
Ransomware Victims
Researcher tricks Claude into deploying MedusaLocker ransomware: Exclusive
Weaponizing Claude Skills with MedusaLocker | Cato Networks
E-tailer resumes sales 45 days after ransomware attack • The Register
UPenn joins long list of Clop victims after Oracle EBS raid • The Register
ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm
Phishing & Email Based Attacks
Threat Actors Exploit Calendar Subscriptions for Phishing and Malware - Infosecurity Magazine
North Korea Lazarus Group Tops Cyber Threats with Spear Phishing Attacks
New GhostFrame Phishing Framework Hits Over One Million Attacks - Infosecurity Magazine
Fake Calendly invites spoof top brands to hijack ad manager accounts
How Threat Actors Engineer Attacks to Evade Email Security US | Proofpoint US
SMS Phishers Pivot to Points, Taxes, Fake Retailers – Krebs on Security
Reporters Without Borders Targeted by Russian Hackers - SecurityWeek
Other Social Engineering
Fake Calendly invites spoof top brands to hijack ad manager accounts
SMS Phishers Pivot to Points, Taxes, Fake Retailers – Krebs on Security
North Korea lures engineers to rent identities in fake IT worker scheme
Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera
Fraud, Scams and Financial Crime
How Southeast Asia Became the Scam Capital of the World – The Diplomat
Fake AI-generated shops, ads are flourishing on Facebook | Mashable
Upbit Confirms $37 Million Solana Hack, Pledges Full Customer Reimbursement
Artificial Intelligence
Researcher tricks Claude into deploying MedusaLocker ransomware: Exclusive
AI 2030: The Coming Era of Autonomous Cyber Crime | MSSP Alert
Malicious LLMs empower inexperienced hackers with advanced tools
Weaponized AI Is Changing The Vulnerability Management Game. Now What?
Fake AI-generated shops, ads are flourishing on Facebook | Mashable
Microsoft Issues Warning To Windows 11 Users - This AI Feature Can Install Viruses
Attackers keep finding new ways to fool AI - Help Net Security
Critical PickleScan Vulnerabilities Expose AI Model Supply Chains - Infosecurity Magazine
Japan issues arrest warrant against teen suspected of cyberattack using AI
ChatGPT went down worldwide, conversations dissapeared for users
AML/CFT/Money Laundering/Terrorist Financing/Sanctions
Europol Takes Down Illegal Cryptocurrency Mixing Service - Infosecurity Magazine
Malware
Browser extensions pushed malware to 4.3M Chrome, Edge users • The Register
Threat Actors Exploit Calendar Subscriptions for Phishing and Malware - Infosecurity Magazine
Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors - SecurityWeek
“Sleeper” browser extensions woke up as spyware on 4 million devices | Malwarebytes
Newly discovered malicious extensions could be lurking in enterprise browsers | CSO Online
Microsoft Issues Warning To Windows 11 Users - This AI Feature Can Install Viruses
Dead Man's Switch - Widespread npm Supply Chain Attack Driving Malware Attacks
Contagious Interview campaign expands with 197 npm Ppackages spreading new OtterCookie malware
Glassworm malware returns in third wave of malicious VS Code packages
Iran's 'MuddyWater' Levels Up With MuddyViper Backdoor
The most prominent infostealers and how businesses can protect against them | IT Pro
Bots/Botnets
Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts
Why the Record-Breaking 30 Tbps DDoS Attack Should Concern Every Business | Fortra
Mobile
New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control
Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild
Two Android 0-day bugs patched, plus 105 more fixes • The Register
A new Android malware sneakily wipes your bank account
Predator spyware uses new infection vector for zero-click attacks
CISA Issues Alert on Cyber Threat Actors Spyware Use
Google's new Android 16 upgrades make a strong case for sticking with Pixel or Samsung | ZDNET
India ready to change state-run security app order after outcry | The Straits Times
Israel’s IDF Bans Android Phones—iPhones Now ‘Mandatory’
Feds Warn iPhone And Android Users—Stop Using Your VPN
Denial of Service/DoS/DDoS
Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts
Why the Record-Breaking 30 Tbps DDoS Attack Should Concern Every Business | Fortra
Criminals turning bank security systems against themselves
Internet of Things – IoT
Hundreds of Porsche Owners in Russia Unable to Start Cars After System Failure - The Moscow Times
Four arrested in South Korea over IP camera spying spree • The Register
You've Heard About Smart Home Hacking: Here's How It Works and How Likely It Is - CNET
Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison
Data Breaches/Leaks
Marquis data breach impacts over 74 US banks, credit unions
London cyber attack latest as council confirms some data 'copied and taken away' - My London
OpenAI Confirms Data Breach—Here's Who Is Impacted - Decrypt
Security Leaders Discuss SitusAMC Cyberattack | Security Magazine
Post Office Escapes £1m Fine After Postmaster Data Breach - Infosecurity Magazine
Brsk confirms breach as bidding begins for 230K+ records • The Register
FBI Veteran Says Chinese Cyberattack Monitored Every American Citizen's Movements for Five Years
Attackers stole member data from French Soccer Federation
South Korea's Coupang admits breach exposed 33.7M users • The Register
ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm
OBR drags in cyber bigwig after Budget leak blunder • The Register
Hackers Allegedly Claim Breach of Mercedes-Benz USA Legal and Customer Data
OBR chief Richard Hughes resigns after budget leak investigation | Politics News | Sky News
Organised Crime & Criminal Actors
AI 2030: The Coming Era of Autonomous Cyber Crime | MSSP Alert
Malicious LLMs empower inexperienced hackers with advanced tools
How Southeast Asia Became the Scam Capital of the World – The Diplomat
Global law enforcement actions put pressure on cybercrime networks - Help Net Security
Cybercrime Goes SaaS: Renting Tools, Access, and Infrastructure
Japan issues arrest warrant against teen suspected of cyberattack using AI
Dutch study finds teen cybercrime is mostly just a phase • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Law Enforcement shuts down Cryptomixer in major crypto crime takedown
Europol Takes Down Illegal Cryptocurrency Mixing Service - Infosecurity Magazine
Upbit Confirms $37 Million Solana Hack, Pledges Full Customer Reimbursement
North Korea’s Lazarus Group Suspected in $30M Upbit Hack, Raising Security Alarms
Insider Risk and Insider Threats
North Korea lures engineers to rent identities in fake IT worker scheme
Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera
When Hackers Wear Suits: Protecting Your Team from Insider Cyber Threats
Insurance
Cyber insurers brace for more ransomware as soft market drags on | Insurance Business
Insurer pulls back from cyber market amid rising hacks and price war
Cyber insurance struggles to keep pace with rising exposures | Insurance Business
Cyber risks are growing but businesses are shunning cover
Supply Chain and Third Parties
Marquis data breach impacts over 74 US banks, credit unions
Are MSPs the weakest link in your security chain? - Tech Monitor
Ransomware Moves: Supply Chain Hits, Credential Harvesting
UPenn joins long list of Clop victims after Oracle EBS raid • The Register
MoD updates cyber security requirements for suppliers | UKAuthority
Software Supply Chain
Dead Man's Switch - Widespread npm Supply Chain Attack Driving Malware Attacks
PostHog admits Shai-Hulud 2.0 was its biggest security scare • The Register
Contagious Interview campaign expands with 197 npm Ppackages spreading new OtterCookie malware
Cloud/SaaS
Cybercrime Goes SaaS: Renting Tools, Access, and Infrastructure
'Exploitation is imminent' of max-severity React bug • The Register
Swiss government bans SaaS and cloud for sensitive info • The Register
How Threat Actors Engineer Attacks to Evade Email Security US | Proofpoint US
Outages
ChatGPT went down worldwide, conversations dissapeared for users
Cloudflare blames outage on emergency React2Shell patch
Encryption
The quantum clock is ticking and businesses are still stuck in prep mode - Help Net Security
Q&A on the next big cyber threat: Post-quantum cryptography | SC Media
Passwords, Credential Stuffing & Brute Force Attacks
Ransomware Moves: Supply Chain Hits, Credential Harvesting
Social Media
Fake AI-generated shops, ads are flourishing on Facebook | Mashable
We have to be able to hold tech platforms accountable for fraud
Meta must rein in scammers — or face consequences | The Verge
Regulations, Fines and Legislation
UK's Cyber Bill should be just one part of a wider effort | Computer Weekly
UK Ransomware Payment Ban to Come with Exemptions - Infosecurity Magazine
US Slashes Pay Incentives at Already Weakened Cyber Agency
Five-page draft Trump administration cyber strategy targeted for January release | CyberScoop
GSMA grapples with cybersecurity rules
Models, Frameworks and Standards
NIS2 proposed to be implemented in Swedish Law by “Cybersecurity Act”
NIS2 in the Baltics: Strengthening Cyber Resilience
Data Protection
Post Office Escapes £1m Fine After Postmaster Data Breach - Infosecurity Magazine
Careers, Working in Cyber and Information Security
ISC2 Study Finds Cybersecurity Budget Constraints Remain, But Do Not Worsen, While Skill Needs Grow
Skills Shortages Trump Headcount as Critical Cyber Challenge - Infosecurity Magazine
Law Enforcement Action and Take Downs
Europol Takes Down Illegal Cryptocurrency Mixing Service - Infosecurity Magazine
Global law enforcement actions put pressure on cybercrime networks - Help Net Security
Hybrid attacks against Europe: Russian hacker detained in Poland - CPD | УНН
Japan issues arrest warrant against teen suspected of cyberattack using AI
Four arrested in South Korea over IP camera spying spree • The Register
Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison
Australian Man Sentenced to Prison for Wi-Fi Attacks at Airports and on Flights - SecurityWeek
Dutch study finds teen cybercrime is mostly just a phase • The Register
Misinformation, Disinformation and Propaganda
Disinformation and Cyber-Threats Top Global Exec Concerns - Infosecurity Magazine
Russia’s information war 2025: disinformation as an operational weapon
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
NATO may get 'more aggressive' in countering Russia’s hybrid attacks, top military official says
Russia’s information war 2025: disinformation as an operational weapon
Offensive cyber power is spreading fast and changing global security - Help Net Security
Most Companies Fear State-Sponsored Cyber-Attacks - Infosecurity Magazine
Hybrid attacks against Europe: Russian hacker detained in Poland - CPD | УНН
How a noisy ransomware intrusion exposed a long-term espionage foothold - Help Net Security
Cyber warfare in space: attacks on space systems rose during Gaza conflict, report finds | Euronews
How much should the UK worry about cyberattacks? | British Politics and Policy at LSE
Nation State Actors
Offensive cyber power is spreading fast and changing global security - Help Net Security
Most Companies Fear State-Sponsored Cyber-Attacks - Infosecurity Magazine
Chinese Front Companies Providing Advanced Steganography Solutions for APT Operations
State-sponsored cyber threat fears surge - CIR Magazine
China
Chinese Front Companies Providing Advanced Steganography Solutions for APT Operations
CISA warns of Chinese "BrickStorm" malware attacks on VMware servers
FBI Veteran Says Chinese Cyberattack Monitored Every American Citizen's Movements for Five Years
State-sponsored cyber threat fears surge - CIR Magazine
China Researches Ways to Disrupt Satellite Internet
Nexperia warns carmakers of factory shutdowns amid Dutch-Chinese row
US Telecoms Reject Regulation as Answer to Chinese Hacking
SMS Phishers Pivot to Points, Taxes, Fake Retailers – Krebs on Security
Russia
NATO may get 'more aggressive' in countering Russia’s hybrid attacks, top military official says
Russia’s information war 2025: disinformation as an operational weapon
Hybrid attacks against Europe: Russian hacker detained in Poland - CPD | УНН
Reporters Without Borders Targeted by Russian Hackers - SecurityWeek
Russia blocks Roblox over distribution of LGBT "propaganda"
SpaceX removes Russian cosmonaut from mission over national security concerns | The Independent
Russia blocks FaceTime and Snapchat for alleged use by terrorists
Hundreds of Porsche Owners in Russia Unable to Start Cars After System Failure - The Moscow Times
Iran
Iran's 'MuddyWater' Levels Up With MuddyViper Backdoor
North Korea
We need to finally take the North Korean threat seriously
North Korea lures engineers to rent identities in fake IT worker scheme
Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera
North Korea Lazarus Group Tops Cyber Threats with Spear Phishing Attacks
State-sponsored cyber threat fears surge - CIR Magazine
North Korea Suspected of $30 Million Crypto Hack, Yonhap Says - Bloomberg
North Korean hackers suspected in dozens of cyberattacks over past year
Upbit Confirms $37 Million Solana Hack, Pledges Full Customer Reimbursement
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Pall Mall Process to Define Responsible Commercial Cyber Intrusion - Infosecurity Magazine
Tools and Controls
Are MSPs the weakest link in your security chain? - Tech Monitor
Cyber insurance struggles to keep pace with rising exposures | Insurance Business
ISC2 Study Finds Cybersecurity Budget Constraints Remain, But Do Not Worsen, While Skill Needs Grow
Why compliance alone can’t keep pace with today’s cyber threats - Tech Monitor
How threat intelligence builds shared responsibility in cybersecurity | SC Media
Akamai Study Shows Microsegmentation Boosts Security
Cyber risks are growing but businesses are shunning cover
Key questions CISOs must ask before adopting AI-enabled cyber solutions | CSO Online
Feds Warn iPhone And Android Users—Stop Using Your VPN
CISOs are questioning what a crisis framework should look like - Help Net Security
Other News
Cyber attacks among biggest risks to financial stability, Bank chief warns | The Independent
Police consider corporate manslaughter charges in Post Office scandal - BBC News
How much should the UK worry about cyberattacks? | British Politics and Policy at LSE
UK Warns Small Firms to Boost Cyber Defences Amid Rising Threats | EasternEye
G7 Unveils New Cybersecurity Guidelines
UK national security strategy failing to account for online world | Computer Weekly
Criminals turning bank security systems against themselves
How to build forward-thinking cybersecurity teams for tomorrow | Microsoft Security Blog
North American firms are unprepared for rising risk pressures, HUB warns | Insurance Business
Cybersecurity Through the Telecom Stack: Where Attacks Happen and How to Fight Back
A day in the life of the internet tells a bigger story - Help Net Security
Vulnerability Management
Weaponized AI Is Changing The Vulnerability Management Game. Now What?
Rethinking Vulnerability Management | MSSP Alert
Vulnerabilities
Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation
Microsoft Patched Windows LNK Vulnerability Exploited by Hackers in the Wild as 0-Day
'Exploitation is imminent' of max-severity React bug • The Register
Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild
SonicWall ransomware attacks offer an M&A lesson for CSOs | CSO Online
PoC Exploit Released for Critical Outlook 0-Click Remote Code Execution Vulnerability
Chrome 143 Patches High-Severity Vulnerabilities - SecurityWeek
Critical React, Next.js flaw lets hackers execute code on servers
Critical PickleScan Vulnerabilities Expose AI Model Supply Chains - Infosecurity Magazine
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.
Black Arrow Cyber Threat Intelligence Briefing 28 November 2025
Black Arrow Cyber Threat Intelligence Briefing 28 November 2025:
-M&A Risk: Ransomware Hackers Attack SMBs Being Acquired to Try and Gain Access to Multiple Companies
-CrowdStrike Catches Insider Feeding Information to Hackers
-A Third of Workers Risk Cyber Security Breach by Using Work Devices for Personal Use
-Shadow AI Security Breaches Will Hit 40% of All Companies by 2030, Warns Gartner
-New (ISC)2 Report Finds That Vendor Security Gaps Threaten Critical Infrastructure and Supply Chains
-A Fake Windows Update Screen Is Fooling Windows Users into Installing Malware
-FBI: Cybercriminals Stole $262 Million by Impersonating Bank Support Teams Since January
-Compromised Credentials Responsible for 50% of Ransomware Attacks
-Russian and North Korean Hackers Form Alliances
-Alliances Between Ransomware Groups Tied to Recent Surge in Cybercrime
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week we start with an alert on the cyber security risks of mergers and acquisitions: attackers are found to have entered the networks of companies that are later acquired by another organisation, allowing the attackers to enter the acquiring organisation also.
We highlight insider-risks that business leaders should be aware of, including employees who are bribed by attackers, employees using work devices for personal use, and employees using shadow AI. Attacker tactics in this week’s review include attacks via third parties, fake Windows update screens, impersonating the support teams of banks, and using compromised credentials to inflict ransomware attacks. We also see greater collaboration and alliances by attacker groups.
A key part of building stronger cyber security and resilience is understanding how attackers are evolving their tactics. This threat intelligence empowers you to objectively assess how your organisation is susceptible to these tactics and what you need to do to enhance your own security. We strongly recommend that threat intelligence should feature in your leadership training, your incident response exercise and your governance papers; contact us to discuss how we can help you achieve this in a proportionate way.
Top Cyber Stories of the Last Week
M&A Risk: Ransomware Hackers Attack SMBs Being Acquired to Try and Gain Access to Multiple Companies
Research describes how ransomware actors focus on smaller firms that are likely acquisition targets. By compromising SonicWall devices and leaving backdoors in place, the attackers can pivot into larger enterprises once deals complete, often without the parent organisation realising these assets exist. The pattern underlines the importance of thorough asset discovery, credential hygiene and security reviews before and immediately after acquisitions.
CrowdStrike Catches Insider Feeding Information to Hackers
CrowdStrike confirmed that a now terminated insider secretly shared screenshots of internal systems with cyber attackers called the Scattered Lapsus$ Hunters collective. The hackers say they agreed to pay $25,000 and claim they briefly obtained SSO authentication cookies, but CrowdStrike reports no breach of its systems or customer data. The incident is now with law enforcement and highlights the impact of insider risks faced by organisations.
A Third of Workers Risk Cyber Security Breach by Using Work Devices for Personal Use
A survey of 1,000 Irish office workers finds 31% use work devices for personal tasks, with 32% clicking suspicious links and 22% accessing sensitive documents over public Wi-Fi. High risk behaviour includes 26% entering company data into AI tools, 33% using unauthorised tools and 19% sharing work passwords. Despite this, 73% feel confident spotting cyber threats and 54% in their password security, although 23% of organisations suffered a cyber security breach in the past year and 32% of workers do not receive regular training.
Source: https://businessplus.ie/news/cyber-security-work-devices-personal-use/
Shadow AI Security Breaches Will Hit 40% of All Companies by 2030, Warns Gartner
Gartner warns that 40% of organisations could suffer security breaches through shadow AI by 2030. Staff routinely paste documents or data into unapproved AI tools, risking exposure of customer records, salary information, source code and strategic plans. Surveys cited include one where 90% of security leaders admit using unapproved AI tools and 71% of UK employees do the same. Gartner advises clear AI policies, audits for unsanctioned usage and provision of approved tools with training.
Source: https://www.fortra.com/blog/shadow-ai-security-breaches-will-hit-40-companies-2030-warns-gartner
New (ISC)2 Report Finds That Vendor Security Gaps Threaten Critical Infrastructure and Supply Chains
An (ISC)2 study finds many organisations are worried about supplier risk yet are slow to manage it. Respondents report frequent security deficiencies in vendors, including weak identity controls, lack of compliance certifications and inadequate monitoring. Nearly a third experienced incidents linked to suppliers, yet many only review vendor security annually. The report urges continuous assessment, clearer contractual expectations and closer collaboration across procurement, legal and security teams.
Source: https://www.helpnetsecurity.com/2025/11/25/isc2-vendor-security-gaps-report/
A Fake Windows Update Screen Is Fooling Windows Users into Installing Malware
Researchers uncovered a new ClickFix campaign where full screen fake Windows Update or captcha pages trick users into pasting attacker supplied commands copied to their clipboard. The commands fetch PNG images that hide malware within pixel data, which a .NET Stego Loader decrypts and runs in memory. The attack includes software that runs 10,000 fake functions to hinder analysis by experts.
FBI: Cybercriminals Stole $262 Million by Impersonating Bank Support Teams Since January
The FBI warns that scammers posed as bank support staff in more than 5,100 complaints since January 2025, stealing around $262 million. Criminals convince victims to grant remote access, reveal credentials or approve transactions, then drain accounts or move funds into cryptocurrency. Tactics include spoofed phone numbers, fake support sites and search engine poisoning, prompting the FBI to urge customers to verify contact details and banks to harden customer authentication.
Compromised Credentials Responsible for 50% of Ransomware Attacks
Beazley Security’s Q3 2025 Threat Report shows ransomware surged in August and September, accounting for 26% and 18% of incidents. Akira, Qilin and INC Ransomware made up 65% of cases. The most common entry point was valid compromised credentials used to access VPNs, ahead of exploitation of internet facing systems. SonicWall vulnerabilities were heavily abused, with stolen configuration files expected to fuel future targeted attacks.
Source: https://natlawreview.com/article/compromised-credentials-responsible-50-ransomware-attacks
Russian and North Korean Hackers Form Alliances
Researchers say Russian group Gamaredon and North Korea’s Lazarus Group are collaborating by sharing infrastructure and tools, including command and control servers and the InvisibleFerret malware family. The partnership combines Russian espionage targeting with North Korean financially motivated operations, including past thefts of billions in crypto assets. Analysts warn this alignment could make both campaigns harder to attribute and disrupt.
Source: https://cybersecuritynews.com/russian-and-north-korean-hackers-form-alliances/
Alliances Between Ransomware Groups Tied to Recent Surge in Cybercrime
Data shows a 41% rise in ransomware attacks between September and October, with the ransomware group Qilin responsible for 29% of October incidents, followed by Sinobi and Akira. Ransomware groups such as LockBit 5.0, DragonForce and Qilin are forming alliances that share tools, infrastructure and reputations. North America suffered 62% of attacks, and more than 200 ransomware variants have been seen this year.
Governance, Risk and Compliance
UK cyber attacks will inevitably increase, HP boss warns
A third of workers risk cybersecurity breach by using work devices for personal use
Cybersecurity Is Now a Core Business Discipline - SecurityWeek
Ministers send small businesses cyber threat warning - UKTN
SolarWinds dismissed: what the SEC’s U-turn signals for cyber enforcement | A&O Shearman - JDSupra
Government publishes independent study revealing cost of cyber attacks to UK economy
Political instability is now the defining force behind global business risk | theHRD
Empathy key weapon in cyber fight
We must protect our society against tomorrow's cyber threats - GOV.UK
Root causes of security breaches remain elusive — jeopardizing resilience | CSO Online
Cyber demand grows following high-profile attacks - Insurance Post
UK Budget 2025: Reactions From Tech Leaders - TechRepublic
3 ways CISOs can win over their boards this budget season | CSO Online
The CISO’s greatest risk? Department leaders quitting | CSO Online
Selling to the CISO: An open letter to the cybersecurity industry | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Akira ransomware crew infected enterprise systems during M&A • The Register
Russia-linked crooks bought themselves a bank for Christmas • The Register
Get ready for 2026, the year of AI-aided ransomware • The Register
Compromised Credentials Responsible for 50% of Ransomware Attacks - Beazley
Alliances between ransomware groups tied to recent surge in cybercrime | CSO Online
Scattered Spider alleged members deny TfL charges
Ransomware Attacks Remaking Cyber as National Priority
Ransomware gangs seize a new hostage: your AWS S3 buckets | CSO Online
Scattered Lapsus$ Hunters stress testing Zendesk weak spots • The Register
Piecing Together the Puzzle: A Qilin Ransomware Investigation
Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist
Hackers come for big British retailers | The Observer
UK car production plummets 24% in wake of JLR cyber attack | Autocar
Should we ban ransom payments to cyber attackers?
Ransomware Victims
Akira ransomware crew infected enterprise systems during M&A • The Register
Scattered Spider alleged members deny TfL charges
UK car production plummets 24% in wake of JLR cyber attack | Autocar
Crisis24 shuts down emergency notification system in wake of ransomware attack | CyberScoop
Canon Says Subsidiary Impacted by Oracle EBS Hack - SecurityWeek
Asahi Data Breach Impacts 2 Million Individuals - SecurityWeek
Scottish council still reeling from 2023 ransomware attack • The Register
Report warns councils after 2023 Western Isles cyber-attack | The Herald
NCSC called in as London councils grapple with cyber attacks | IT Pro
London Cyberattacks Confirmed — Security Experts Issue Multiple Warnings
Lessons From the European Airports Ransomware Attack | Lawfare
Phishing & Email Based Attacks
Email blind spots are back to bite security teams - Help Net Security
ClickFix Attack Uses Steganography to Hide Malicious Code in Fake Windows Security Update Screen
Advanced Security Isn't Stopping Old Phishing Tactics
Hackers Replace 'm' with 'rn' in Microsoft(.)com to Steal Users' Login Credentials
Microsoft cracks down on malicious meeting invites - Help Net Security
Phishing Breaks More Defenses Than Ever. Here’s the Fix
Other Social Engineering
ClickFix Attack Uses Steganography to Hide Malicious Code in Fake Windows Security Update Screen
A fake Windows Update screen is fooling Windows users into installing malware
FBI: Cybercriminals stole $262M by impersonating bank support teams
Microsoft cracks down on malicious meeting invites - Help Net Security
JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers
RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware
Fraud, Scams and Financial Crime
FBI: Cybercriminals stole $262M by impersonating bank support teams
Criminal networks industrialize payment fraud operations - Help Net Security
Scammers hacked her phone and stole thousands of pounds - how did they get her details? - BBC News
AI Arms Race: How to Stay Ahead of Generative AI-Powered Fraud | MSSP Alert
New legislation targets scammers that use AI to deceive | CyberScoop
The Destruction of a Notorious Myanmar Scam Compound Appears to Have Been ‘Performative’ | WIRED
Did Myanmar’s Junta Demolish Scam Centers Just for Show? - The New York Times
Artificial Intelligence
Shadow AI Security Breaches will hit 40% of all Companies by 2030, Warns Gartner | Fortra
Get ready for 2026, the year of AI-aided ransomware • The Register
Underground AI models promise to be hackers ‘cyber pentesting waifu’ | CyberScoop
Vibe coding feels magical, but it can sink your business fast - here's how | ZDNET
'Dark LLMs' Aid Petty Criminals, Underwhelm Technically
How Malware Authors Incorporate LLMs to Evade Detection
Anthropic's new warning: If you train AI to cheat, it'll hack and sabotage too | ZDNET
Emerging threat from deepfakes leads to cybersecurity arms race | SC Media
Think your password is safe? AI could break it before you blink - BetaNews
AI Arms Race: How to Stay Ahead of Generative AI-Powered Fraud | MSSP Alert
New legislation targets scammers that use AI to deceive | CyberScoop
New research finds that Claude breaks bad if you teach it to cheat | CyberScoop
Four charged with plotting to sneak Nvidia chips into China • The Register
Google's AI is now snooping on your emails - here's how to opt out | ZDNET
CISOs Get Real About Hiring in the Age of AI
Prompt Injections Loom Large Over ChatGPT Atlas Browser
2FA/MFA
Germany urges default 2FA for webmail providers | Cybernews
Malware
A fake Windows Update screen is fooling Windows users into installing malware
New ShadowV2 botnet malware used AWS outage as a test opportunity
Botnet takes advantage of AWS outage to smack 28 countries • The Register
How Malware Authors Incorporate LLMs to Evade Detection
JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers
Cybercriminals Exploit Browser Push Notifications to Deliver Malware - Infosecurity Magazine
BadAudio malware: How APT24 scaled its cyberespionage through supply chain attacks
ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access
Operation Endgame disrupts Rhadamanthys information-stealing malware
DPRK’s FlexibleFerret Tightens macOS Grip
RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware
WSUS RCE Exploit Used to Deploy ShadowPad Backdoor
Bots/Botnets
New ShadowV2 botnet malware used AWS outage as a test opportunity
Botnet takes advantage of AWS outage to smack 28 countries • The Register
Mobile
New CISA alert: encryption isn't what's failing on Signal and WhatsApp | TechSpot
CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users
Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications | CISA
Scammers hacked her phone and stole thousands of pounds - how did they get her details? - BBC News
Internet of Things – IoT
New ShadowV2 botnet malware used AWS outage as a test opportunity
Botnet takes advantage of AWS outage to smack 28 countries • The Register
Aircraft cabin IoT leaves vendor and passenger data exposed - Help Net Security
Data Breaches/Leaks
The breaches everyone gets hit by (and how to stop them) - Help Net Security
JPMorgan, Citi, Morgan Stanley Client Data May Be Exposed by Vendor's Hack, NYT Reports
Gainsight Expands Impacted Customer List Following Salesforce Security Alert
OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel
Iberia discloses customer data leak after vendor security breach
Council had ‘gaps in cybersecurity’ before ransomware attack
Cox Enterprises discloses Oracle E-Business Suite data breach
183 Million Credentials Misreported as a Gmail Breach - Security Boulevard
Russian and North Korean hackers steal 2TB of data from South Korean banks - Cryptopolitan
Canon Says Subsidiary Impacted by Oracle EBS Hack - SecurityWeek
Asahi Data Breach Impacts 2 Million Individuals - SecurityWeek
Kensington and Chelsea Council cyber attack sees emergency plans initiated - BBC News
NCSC called in as London councils grapple with cyber attacks | IT Pro
US car parts dealer allegedly hit by massive breach | Cybernews
Organised Crime & Criminal Actors
Criminal networks industrialize payment fraud operations - Help Net Security
Ministers send small businesses cyber threat warning - UKTN
Government publishes independent study revealing cost of cyber attacks to UK economy
'Dark LLMs' Aid Petty Criminals, Underwhelm Technically
Alice Guo: Philippines jails 'Chinese spy mayor' for life - BBC News
The Destruction of a Notorious Myanmar Scam Compound Appears to Have Been ‘Performative’ | WIRED
Did Myanmar’s Junta Demolish Scam Centers Just for Show? - The New York Times
Insider Risk and Insider Threats
A third of workers risk cybersecurity breach by using work devices for personal use
Cybersecurity giant CrowdStrike fires insider working with hackers - Cryptopolitan
Human risk: don’t blame the victim, fix the system | TechRadar
Why legal firms must confront insider cyber threats - Tech Monitor
Empathy key weapon in cyber fight
Supply Chain and Third Parties
JPMorgan, Citi, Morgan Stanley Client Data May Be Exposed by Vendor's Hack, NYT Reports
Gainsight Expands Impacted Customer List Following Salesforce Security Alert
Iberia discloses customer data leak after vendor security breach
BadAudio malware: How APT24 scaled its cyberespionage through supply chain attacks
Supply chain sprawl is rewriting security priorities - Help Net Security
Cox Enterprises discloses Oracle E-Business Suite data breach
Google security experts say Gainsight hacks may have left hundreds of companies affected | TechRadar
Canon Says Subsidiary Impacted by Oracle EBS Hack - SecurityWeek
Software Supply Chain
UK Report Proposes Liability For Software Provider Insecurity - Infosecurity Magazine
Cloud/SaaS
New ShadowV2 botnet malware used AWS outage as a test opportunity
Botnet takes advantage of AWS outage to smack 28 countries • The Register
ToddyCat's New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens
MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants
Ransomware gangs seize a new hostage: your AWS S3 buckets | CSO Online
How has cloud flipped the regular security narrative? – Computerworld
China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services
Outages
Internet failure highlighted connected risk – Russell
Encryption
New CISA alert: encryption isn't what's failing on Signal and WhatsApp | TechSpot
Cheap Device Bypasses AMD, Intel Memory Encryption
Quantum encryption is pushing satellite hardware to its limits - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
Compromised Credentials Responsible for 50% of Ransomware Attacks - Beazley
DPRK’s FlexibleFerret Tightens macOS Grip
Hackers Replace 'm' with 'rn' in Microsoft(.)com to Steal Users' Login Credentials
Social data puts user passwords at risk in unexpected ways - Help Net Security
Think your password is safe? AI could break it before you blink - BetaNews
183 Million Credentials Misreported as a Gmail Breach - Security Boulevard
Social Media
Social data puts user passwords at risk in unexpected ways - Help Net Security
Influencers in the crosshairs: How cybercriminals are targeting content creators
Regulations, Fines and Legislation
Should we ban ransom payments to cyber attackers?
Mounting Cyber-Threats Prompt Calls For Economic Security Bill - Infosecurity Magazine
Key provisions of the UK Cyber Resilience Bill Revealed - Infosecurity Magazine
SolarWinds dismissed: what the SEC’s U-turn signals for cyber enforcement | A&O Shearman - JDSupra
The Internet Is on Fire and the FCC Just Walked Away With the Extinguisher
Rights groups accuse ICO of ‘collapse in enforcement activity’
UK data regulator under pressure after failing to regulate public sector effectively - Neowin
NIS2 Directive Explained: Part 2 – Management Bodies Rules | DLA Piper - JDSupra
New legislation targets scammers that use AI to deceive | CyberScoop
Four charged with plotting to sneak Nvidia chips into China • The Register
UK Report Proposes Liability For Software Provider Insecurity - Infosecurity Magazine
Switching to Offense: US Makes Cyber Strategy Changes
Powers to protect us from cyber attacks ‘go too far’
Mobile industry warns patchwork regs are driving up costs • The Register
New York Hospital Cyber Rules to 'Raise the Bar' Nationwide
Models, Frameworks and Standards
Key provisions of the UK Cyber Resilience Bill Revealed - Infosecurity Magazine
NIS2 Directive Explained: Part 2 – Management Bodies Rules | DLA Piper - JDSupra
Data Protection
Rights groups accuse ICO of ‘collapse in enforcement activity’
UK data regulator under pressure after failing to regulate public sector effectively - Neowin
Careers, Working in Cyber and Information Security
Invisible battles: How cybersecurity work erodes mental health | CSO Online
CISOs Get Real About Hiring in the Age of AI
The CISO’s greatest risk? Department leaders quitting | CSO Online
Law Enforcement Action and Take Downs
Operation Endgame disrupts Rhadamanthys information-stealing malware
'Scattered Spider' teens plead not guilty to UK transport hack
Russian Suspected of Cyberattacks on Polish and EU Companies Detained in Krakow - Militarnyi
Alice Guo: Philippines jails 'Chinese spy mayor' for life - BBC News
The Destruction of a Notorious Myanmar Scam Compound Appears to Have Been ‘Performative’ | WIRED
Did Myanmar’s Junta Demolish Scam Centers Just for Show? - The New York Times
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
BadAudio malware: How APT24 scaled its cyberespionage through supply chain attacks
Polish minister warns of ongoing 'cyberwar' with Russia - TRT World
China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services
With Friends Like These: China Spies on Russian IT Orgs
As Space Becomes Warfare Domain, Cyber Is on the Frontlines
Security is not only military—it is societal. Something worth learning from the Scandinavians
Nation State Actors
Political instability is now the defining force behind global business risk | theHRD
Switching to Offense: US Makes Cyber Strategy Changes
China
China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services
With Friends Like These: China Spies on Russian IT Orgs
Four charged with plotting to sneak Nvidia chips into China • The Register
Alice Guo: Philippines jails 'Chinese spy mayor' for life - BBC News
Russia
Polish minister warns of ongoing 'cyberwar' with Russia - TRT World
Russia-linked crooks bought themselves a bank for Christmas • The Register
Russian and North Korean Hackers Form Alliances to Attack Organizations Worldwide
China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services
With Friends Like These: China Spies on Russian IT Orgs
Russian Suspected of Cyberattacks on Polish and EU Companies Detained in Krakow - Militarnyi
Russian and North Korean hackers steal 2TB of data from South Korean banks - Cryptopolitan
Iran
Iranian APT hacks helped direct missile strikes in Israel and the Red Sea | CSO Online
North Korea
Russian and North Korean Hackers Form Alliances to Attack Organizations Worldwide
DPRK’s FlexibleFerret Tightens macOS Grip
Russian and North Korean hackers steal 2TB of data from South Korean banks - Cryptopolitan
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Political instability is now the defining force behind global business risk | theHRD
Security is not only military—it is societal. Something worth learning from the Scandinavians
Tools and Controls
Advanced Security Isn't Stopping Old Phishing Tactics
Root causes of security breaches remain elusive — jeopardizing resilience | CSO Online
MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants
Vibe coding feels magical, but it can sink your business fast - here's how | ZDNET
Recognizing and responding to cyber threats: What differentiates NDR, EDR and XDR | CSO Online
3 ways CISOs can win over their boards this budget season | CSO Online
Security teams want automation but 96 percent face problems implementing it - BetaNews
Other News
Vehicle Hackers Continue Outpacing Cybersecurity Efforts, Expert Says
This tiny Windows shortcut file is a bigger security threat than you think
Ex-CISA officials, CISOs aim to stop the spread of hacklore • The Register
This campaign aims to tackle persistent security myths in favor of better advice | CyberScoop
We must protect our society against tomorrow's cyber threats - GOV.UK
Legacy web forms are the weakest link in government data security | CyberScoop
Vulnerability Management
Around 500 million PCs are holding off upgrading to Windows 11, says Dell | The Verge
Fragmented tooling slows vulnerability management - Help Net Security
What happens when vulnerability scores fall apart? - Help Net Security
Vulnerabilities
SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance - SecurityWeek
Akira's SonicWall Hacks Are Taking Down Large Enterprises
ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access
Critical Vulnerability in Azure Bastion Let Attackers Bypass Authentication and Escalate privileges
Critical Oracle Identity Manager Flaw Under Attack
WSUS RCE Exploit Used to Deploy ShadowPad Backdoor
Prompt Injections Loom Large Over ChatGPT Atlas Browser
ASUS warns of new critical auth bypass flaw in AiCloud routers
CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
Microsoft: Out-of-band update fixes Windows 11 hotpatch install loop
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.