Black Arrow Cyber Threat Intelligence Briefing 01 May 2026
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
As reported cyber attacks continue to rise, it is unsurprising that business leaders see cyber risk as their top threat. This week’s research shows that 60% of financial services organisations view cyber attacks and outages as their biggest operational risk, alongside the UK Government urging organisations to prepare to manage and operate during cyber disruption. We also highlight changes to the UK Government’s Cyber Essentials scheme, which now emphasise ongoing control rather than point‑in‑time assessment and could see some certificate holders fail on reassessment.
Artificial intelligence is also increasing cyber risk, through factors such as inadequate cyber threat literacy among employees and the amplification of insufficient cyber hygiene, as well as accelerating the pace at which vulnerabilities are identified and exploited. We report on striking figures, including more than 2.8 billion credentials stolen last year; a sharp rise in infostealer malware on Apple macOS devices; and the continued prevalence of phishing and third‑party attacks. Finally, we examine wider developments, from China’s use of covert hacker networks to European efforts to strengthen data and technology sovereignty.
The way to manage the impact of these developments requires a sound business leadership understanding of risks and how to maintain proportionate controls that enable the organisation to grow. Contact us to discuss how to achieve this.
Top Cyber Stories of the Last Week
Cyber Attacks Now the Top Operational Risk for 60% of Financial Organisations
A survey of around 150 senior compliance experts found that 60% of financial services organisations now see cyber attacks or system outages as their biggest operational risk this year, far ahead of supply chain disruption or staff shortages at 10%. While most say their organisation has measures in place to manage the risk, 13% are not confident in their ability to address disruption. The findings also highlight concern that criminals are using artificial intelligence faster than firms and regulators can respond, signalling to business leaders the need for sustained vigilance and continuous improvement as cyber threats evolve in scale and sophistication.
Get Ready to be Attacked - NCSC
The UK’s National Cyber Security Centre (NCSC) has warned that UK organisations of national significance, including financial services, health, energy and transport, face a growing risk from severe cyber threats that could disrupt essential services, cause financial loss and affect public safety. It says advanced attackers are increasingly targeting nationally significant organisations, while technologies such as frontier AI may increase the speed and scale of attacks. The guidance highlights that cyber resilience is a leadership responsibility, requiring critical systems to be mapped, disruption plans tested, and recovery arrangements rehearsed before an incident occurs.
https://www.ukauthority.com/articles/get-ready-to-be-attacked-ncsc
UK Cyber Essentials Overhaul Could Trigger Instant Certification Failures
Changes to the UK Cyber Essentials scheme that tighten enforcement and widen scope could increase the risk of instant certification failure for organisations with inconsistent day‑to‑day controls. Failing to apply high-risk or critical security updates and patches within 14 days can now trigger automatic failure. Enforcement of multi‑factor authentication is also applied more strictly across cloud services where MFA is available, while the updated scope clarifies that cloud services hosting organisational data or services cannot be excluded. This increases the likelihood that overlooked systems, legacy applications or active but overlooked accounts create compliance gaps. For business leaders, the update highlights that Cyber Essentials is increasingly a test of ongoing operational discipline rather than a point‑in‑time exercise.
Cyber Threat Literacy, AI Disruption Top Risks to an Organisation’s People
Marsh’s 2026 People Risks report identifies insufficient cyber threat literacy as the leading people risk for organisations, reflecting the continued role of human error in cyber losses. Phishing and social engineering continue to succeed by tricking employees into disclosing log‑in details, enabling ransomware attacks and data breaches. The report also warns that rapid adoption of artificial intelligence without adequate employee training is increasing risk. For business leaders, the findings highlight that cyber resilience depends as much on leadership-led training, communication and support for employees as on technology investments.
https://www.insurancejournal.com/news/national/2026/04/30/867782.htm
AI Rush Is Reviving Old Cyber Security Mistakes, Mandiant VP Warns
Mandiant has warned that rapid AI adoption is causing organisations to overlook basic cyber security controls. Its testing teams, who simulate real attacker behaviour, found AI environments where attackers could alter data classifications, bypass data loss prevention tools that stop sensitive information leaving the business, and use unencrypted communication links. In some cases, once initial access was gained through social engineering, where people are manipulated into granting access, AI systems carried out further actions including data theft and policy changes. Mandiant’s warning highlights the need for governance, secure design and independent testing that keeps pace with AI deployment.
https://www.infosecurity-magazine.com/news/ai-old-cybersecurity-mistakes/
Deepfake Era Demands Proof-Based Security, Not Just Awareness
Deepfake and voice cloning attacks are making it harder for employees to trust what they see or hear, particularly when requests appear to come from senior executives. Research found that 77% of fraud professionals say deepfake attacks are increasing, yet only 7% believe their organisations are well prepared. High-risk actions, such as payments, password resets or access changes, should rely on agreed verification steps through trusted channels, not on a single call, video meeting or message. This reduces pressure on staff and makes fraud prevention a consistent business process.
Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side
AI tools such as Anthropic’s Claude Mythos Preview could significantly increase the speed and scale of vulnerability discovery, exposing flaws faster than traditional testing approaches. However, faster discovery risks overwhelming organisations that lack clear ownership, centralised tracking and consistent prioritisation of remediation efforts. Without effective processes to assign responsibility, assess business impact and verify that fixes have been applied, organisations may simply accumulate a larger backlog of unresolved security issues. The findings highlight that operational readiness for remediation has not kept pace with advances in AI‑driven vulnerability discovery.
https://thehackernews.com/2026/04/mythos-changed-math-on-vulnerability.html
Over 2.8 Billion Credentials Stolen in 2025 as Ransomware Evolves
A report identified 2.86 billion compromised credentials in 2025, with business cloud and login services accounting for more than 30% of exposed data. Attackers are increasingly logging in using stolen credentials rather than exploiting technical weaknesses. The report also highlights risks from unsanctioned AI tools, where employees may unknowingly expose confidential data, and a sharp rise in infostealer malware on Apple macOS devices, from fewer than 1,000 cases in 2024 to over 70,000 in 2025. Ransomware activity remains highly active, with 147 groups recorded. The findings highlight identity compromise, unsanctioned AI use and reliance on legacy defences as central factors shaping the evolving ransomware threat.
https://betanews.com/article/over-2-8-billion-credentials-stolen-in-2025-as-ransomware-evolves/
A Sneaky Cyber Enemy Is Creeping into Our Browsers and Password Managers
KELA reports that almost 4 million devices were exposed to infostealer malware last year, leading to around 350 million compromised login details. Infostealers are malicious tools that quietly collect sensitive data such as browser cookies, passwords and local files, often without obvious signs on the device. Windows users remain heavily targeted, but attacks on Apple devices are rising as adoption grows in corporate environments. The risk is significant because stolen browser sessions can sometimes let criminals access accounts without needing a password or multi-factor authentication.
The Behavioural Shift: Why Trusted Relationships Are the Newest Attack Surface
An analysis of almost 800,000 email attacks across more than 4,600 organisations shows how attackers exploit trust and routine business processes rather than technical weaknesses. Phishing remains the most common method at 58% of attacks, and business email compromise 11%. Over 20% of phishing attacks hide harmful web pages behind redirect chains. Invoice fraud accounts for 42% of campaigns in North America and procurement related scams 41% in EMEA. The findings highlight that trusted workflows and supplier interactions have become a key attack surface, reinforcing the need for verification controls within routine business processes.
Threat Actors Ditch ‘Spray and Pray’ Attacks in Shift to Targeted Exploitation
Cyber criminals are moving away from broad, high-volume ‘spray and pray’ attacks and focusing on fewer organisations where they can cause greater disruption. SonicWall reported a 20% rise in compromised UK organisations last year, despite overall ransomware volumes falling by 87%. Smaller businesses appear especially exposed, with ransomware involved in 88% of SMB breaches compared with 39% for larger enterprises. Outdated technology remains a major risk, with one decade-old camera weakness linked to 67 million attempted UK attacks. AI-enabled attacks also rose by 89%, while attackers can remain undetected for an average of 181 days.
A Dozen Allied Agencies Say China Is Building Covert Hacker Networks out of Everyday Routers
Allied cyber agencies have warned that China-linked hackers are increasingly using everyday devices, including home office routers and smart devices, to build hidden networks for cyber attacks. These networks disguise where activity is coming from and can support spying, malware delivery and information theft. One example, known as Raptor Train, infected 200,000 devices worldwide. The warning highlights China‑linked hackers are moving away from running their own small, dedicated attack servers, and instead are hijacking vast numbers of ordinary internet‑connected devices to form large, hidden attack networks. This makes detection harder and reinforces the need for strong device management, monitoring and basic cyber security controls.
https://cyberscoop.com/china-nexus-covert-networks-advisory/
What’s Behind Europe’s Efforts to Ditch US Software in Favour of Sovereign Tech
European governments are reassessing dependence on US technology as concerns grow over data access, legal control and resilience. US federal law, called the 2018 CLOUD Act, means US providers may be required to hand over data even when it is stored overseas, increasing worries around sensitive information such as health records. France is moving its Health Data Hub from Microsoft Azure to a sovereign cloud provider, while the European Commission has awarded a €180 million tender to European cloud firms. However, alternatives still face scale and adoption challenges, particularly where private sector buyers continue to favour established US providers.
Governance, Risk and Compliance
Get ready to be attacked - NCSC | UKAuthority
Cyber threats challenge global business resilience
Cyber Attacks Emerge As Top Risk For Professional Firms In 2026 - Minutehack
Cyber attacks now the top operational risk for 60% of financial organisations - TechCentral.ie
Cyber Insurance Data Gives CISOs New Ammo for Budget Talks - SecurityWeek
Cyber Threat Literacy, AI Disruption Top Risks to an Organization’s People
The cyber security of British business is a matter of national security - Dan Jarvis
Nearly half of cybersecurity pros want to quit - here's why | ZDNET
Cybersecurity professional getting more work and less pay • The Register
Threats
Ransomware, Extortion and Destructive Attacks
Trigona ransomware attacks use custom exfiltration tool to steal data
Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitation | IT Pro
Feuding Ransomware Groups Leak Each Other's Data
New BlackFile extortion group linked to surge of vishing attacks
RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace
ShinyHunters exploit Anodot incident to target Vimeo
Critical Flaw Turns Vect Ransomware into Data Destroying Wiper - Infosecurity Magazine
Do not pay VECT ransom: recovery is impossible | Cybernews
Scattered Spider co-conspirator pleads guilty | CSO Online
Ransomware and Destructive Attack Victims
Udemy Data Breach - ShinyHunters Claims Compromise of 1.4M User Records
Over 2.8 billion credentials stolen in 2025 as ransomware evolves - BetaNews
ADT confirms data breach after ShinyHunters leak threat
ShinyHunters claim they have cruise giant Carnival’s booty • The Register
Checkmarx Confirms Data Stolen in Supply Chain Attack - SecurityWeek
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden - Ars Technica
Medtronic Confirms Data Breach After ShinyHunters Claims - Infosecurity Magazine
Ransomware attacks affect 2 senior care providers
Pitney Bowes the latest victim of ShinyHunters’ breach-spree • The Register
Mystery Around Venezuelan Cyberattack Deepens, with New Discovery of "Highly Destructive" Wiper
Phishing & Email Based Attacks
AI Phishing Is No. 1 With a Bullet for Cyberattackers
The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface - SecurityWeek
7 Reasons Smishing Is More Effective Than Phishing
Robinhood account creation flaw abused to send phishing emails
Kuse Web App Abused to Host Phishing Document | Trend Micro (US)
Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software
Business Email Compromise (BEC)/Email Account Compromise (EAC)
The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface - SecurityWeek
Other Social Engineering
The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface - SecurityWeek
7 Reasons Smishing Is More Effective Than Phishing
Crime crew impersonates help desk, abuses Teams chats • The Register
Threat actor uses Microsoft Teams to deploy new “Snow” malware
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
New BlackFile extortion group linked to surge of vishing attacks
Helping Romance Scam Victims Require a Proactive Approach
AML/CFT/Money Laundering/Terrorist Financing/Sanctions
Money launderer for crypto thieves given 5-year sentence | The Record from Recorded Future News
Money launderer linked to $230M crypto heist gets 70 months in prison
Artificial Intelligence
AI Phishing Is No. 1 With a Bullet for Cyberattackers
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
Deepfake era demands proof-based security, not just awareness | TechTarget
AI Rush is Reviving Old Cybersecurity Mistakes, Mandiant VP Warns - Infosecurity Magazine
Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side
UK firms accelerate ‘sovereign AI’ plans amid concerns over dependence on overseas tech | IT Pro
Cyber Threat Literacy, AI Disruption Top Risks to an Organization’s People
Board Oversight of AI: Do Boards Need AI Experts?
Researchers Uncover 10 In-the-Wild Indirect Prompt Injection Attacks - Infosecurity Magazine
Six AI Vulnerabilities, Three Attack Patterns, One Dangerous Service Gap | perspective | MSSP Alert
Attack of the killer script kiddies | The Verge
AI bot attacks increase 10-fold, report reveals | The Independent
77% of IT managers say their AI agents are out of control - 5 ways to rein in yours | ZDNET
30 ClawHub skills secretly turn AI agents into crypto swarm • The Register
Learning from the Vercel breach: Shadow AI & OAuth sprawl
Vercel Confirms April 2026 Security Incident Linked To Third-party AI Tool
How indirect prompt injection attacks on AI work - and 6 ways to shut them down | ZDNET
Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?
Mythos access by Discord group reveals real danger of AI-powered hacking | Fortune
How to fix cybersecurity's agentic AI identity crisis | TechTarget
Chinese Cybersecurity Firm's AI Hacking Claims Draw Comparisons to Claude Mythos - SecurityWeek
Mythos Is a Wake-Up Call for DDoS Defense - Security Boulevard
AI Models Can Attack, But Can They Defend? Simbian Says Not Yet | news | MSSP Alert
Bots/Botnets
UK warns of Chinese hackers using proxy networks to evade detection
China-linked threat actors use consumer device botnets to evade detection, warn UK and partners
China-Backed Hackers Are Industrializing Botnets
Careers, Roles, Skills, Working in Cyber and Information Security
Nearly half of cybersecurity pros want to quit - here's why | ZDNET
Cybersecurity professional getting more work and less pay • The Register
Cyber Hiring in 2026: Talent Gap or Expectation Problem? - ClearanceJobs
Cloud/SaaS
Vercel Confirms April 2026 Security Incident Linked To Third-party AI Tool
Hybrid clouds have two attack surfaces – so watch both • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Money launderer for crypto thieves given 5-year sentence | The Record from Recorded Future News
26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases
European police dismantles €50 million crypto investment fraud ring
How the U.S.-China cold war went crypto - Cryptopolitan
Cyber Crime, Organised Crime & Criminal Actors
Money launderer for crypto thieves given 5-year sentence | The Record from Recorded Future News
French police arrest 21-year-old "HexDex" hacker over 100 alleged data breaches
Inside an OPSEC Playbook: How Threat Actors Evade Detection
Scattered Spider co-conspirator pleads guilty | CSO Online
Data Breaches/Leaks
Udemy Data Breach - ShinyHunters Claims Compromise of 1.4M User Records
Researchers Track 2.9 Billion Compromised Credentials - Infosecurity Magazine
Learning from the Vercel breach: Shadow AI & OAuth sprawl
A sneaky cyber enemy is creeping into our browsers and password managers | Cybernews
Vercel Confirms April 2026 Security Incident Linked To Third-party AI Tool
ADT confirms data breach after ShinyHunters leak threat
ShinyHunters claim they have cruise giant Carnival’s booty • The Register
Checkmarx Confirms Data Stolen in Supply Chain Attack - SecurityWeek
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden - Ars Technica
Personal data of almost entire Dutch town stolen in cyberattack
French police arrest 21-year-old "HexDex" hacker over 100 alleged data breaches
Discord users breach access controls to reach Anthropic’s Mythos model - Digital Trends
Medtronic Confirms Data Breach After ShinyHunters Claims - Infosecurity Magazine
Hacker with a special interest in breaching sports institutions ends behind bars - Help Net Security
UK Biobank Breach: Health Data of 500,000 Listed for Sale in China - Infosecurity Magazine
Ransomware attacks affect 2 senior care providers
U.S. utility giant Itron discloses a security breach
Data Protection
U.S. companies hit with record fines for privacy in 2025 | CyberScoop
Data/Digital Sovereignty
UK firms accelerate ‘sovereign AI’ plans amid concerns over dependence on overseas tech | IT Pro
The push for digital sovereignty: What CISOs need to know | TechTarget
What’s behind Europe’s efforts to ditch US software in favor of sovereign tech | TechCrunch
Germany fights US “cyber dominance” with sovereignty checklist | Cybernews
The European Commission is turning Google Search into a privacy and national-security risk
Denial of Service/DoS/DDoS
Mythos Is a Wake-Up Call for DDoS Defense - Security Boulevard
MP Sir David Davis's website shut down in suspected cyber attack - BBC News
Encryption
The 2026 MSSP Blueprint: Navigating the Quantum Countdown | native | MSSP Alert
Fraud, Scams and Financial Crime
French police arrest 21-year-old "HexDex" hacker over 100 alleged data breaches
Money launderer for crypto thieves given 5-year sentence | The Record from Recorded Future News
Money launderer linked to $230M crypto heist gets 70 months in prison
European police dismantles €50 million crypto investment fraud ring
Helping Romance Scam Victims Require a Proactive Approach
US Busts Myanmar Ring Targeting US Citizens in Financial Fraud
Insider Risk and Insider Threats
Cyber Threat Literacy, AI Disruption Top Risks to an Organization’s People
Insurance
Cyber Insurance Data Gives CISOs New Ammo for Budget Talks - SecurityWeek
Internet of Things – IoT
A Quarter of Healthcare Organizations Report Medical Device Attacks - Infosecurity Magazine
Attackers could disable all of a city's public EV chargers • The Register
Law Enforcement Action and Take Downs
Money launderer linked to $230M crypto heist gets 70 months in prison
US Sanctions Target Cambodian Scam Network Leaders - Infosecurity Magazine
European police dismantles €50 million crypto investment fraud ring
Hackers arrested for hijacking and selling 610,000 Roblox accounts
French police arrest 21-year-old "HexDex" hacker over 100 alleged data breaches
US Busts Myanmar Ring Targeting US Citizens in Financial Fraud
Hacker with a special interest in breaching sports institutions ends behind bars - Help Net Security
Scattered Spider co-conspirator pleads guilty | CSO Online
Chinese national extradited to US for pandemic-era Silk Typhoon attacks | CyberScoop
Linux and Open Source
12-year-old Pack2TheRoot bug lets Linux users gain root privileges
Critical Pack2TheRoot Vulnerability Let Attackers Gain Root Access or Compromise the System
AI's not going to kill open source code security • The Register
Linux cryptographic code flaw offers fast route to root • The Register
Malware
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
A sneaky cyber enemy is creeping into our browsers and password managers | Cybernews
Crime crew impersonates help desk, abuses Teams chats • The Register
Threat actor uses Microsoft Teams to deploy new “Snow” malware
Checkmarx Confirms Data Stolen in Supply Chain Attack - SecurityWeek
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden - Ars Technica
Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2
GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions
Widely Used Browser Extensions Selling User Data - Infosecurity Magazine
Vidar Rises to Top of Chaotic Infostealer Market
Unwary Chinese Hackers Hardcoded Credentials into Backdoors
20-Year-Old Malware Rewrites History of Cyber Sabotage
Pre-Stuxnet Sabotage Malware 'Fast16' Linked to US-Iran Cyber Tensions - SecurityWeek
Mobile
26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases
Another spyware maker caught distributing fake Android snooping apps | TechCrunch
This hidden SIM flaw lets spies track your location, and using a VPN can't help | TechRadar
New Android spyware Morpheus linked to Italian surveillance firm
Models, Frameworks and Standards
UK Cyber Essentials overhaul could trigger instant certification failures - BetaNews
DORA and the Practical Test of Operational Resilience - IT Security Guru
ENISA updates framework to enhance EU member state cybersecurity capabilities » Iraqi News Agency
Outages
Microsoft says Outlook.com outage is causing sign‑in failures
Passwords, Credential Stuffing & Brute Force Attacks
Over 2.8 billion credentials stolen in 2025 as ransomware evolves - BetaNews
Researchers Track 2.9 Billion Compromised Credentials - Infosecurity Magazine
Official SAP npm packages compromised to steal credentials
Regulations, Fines and Legislation
Proton CEO: Age checks turn internet into ID checkpoint • The Register
The European Commission is turning Google Search into a privacy and national-security risk
U.S. companies hit with record fines for privacy in 2025 | CyberScoop
EU waves through age-check app to keep kids safe online • The Register
Latest spy power reauthorization bill leaves critics unimpressed | CyberScoop
The Iran Factor In Trump’s Cyber Strategy – Analysis – Eurasia Review
Social Media
ShinyHunters exploit Anodot incident to target Vimeo
Supply Chain and Third Parties
The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface - SecurityWeek
Why supply chain resilience is under the spotlight | IT Pro
Official SAP npm packages compromised to steal credentials
Ongoing supply-chain attack targets security, dev tools • The Register
Checkmarx Confirms Data Stolen in Supply Chain Attack - SecurityWeek
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden - Ars Technica
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
How Big a Threat Are Iranian-Backed Cyberattacks? | The New Yorker
Compromised everyday devices power Chinese cyber espionage operations - Help Net Security
The New Rules Of War Have No Rules
Is the Middle East Conflict Opening a Digital Front in Europe? | The Gaze
Cyberwar Without Borders: How Iran’s Digital Offensive Is Reaching Europe | The Gaze
Cyberwar brings frontline to heart of European infrastructure - SWI swissinfo.ch
UK in talks with telecoms industry on undersea cable threat
Pre-Stuxnet Sabotage Malware 'Fast16' Linked to US-Iran Cyber Tensions - SecurityWeek
NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
Locked Shields 2026 united the power of 41 nations to defend cyberspace CCDCOE
Golden Dome weapons to attack enemy missiles with new high-tech interceptors, lasers, cyberattacks
FCC adds mobile hotspots to router ban • The Register
Chinese Hackers Spied On Cuban Embassy As US Prepared Blockade
Nation State Actors
The New Rules Of War Have No Rules
Cyberwar brings frontline to heart of European infrastructure - SWI swissinfo.ch
UK in talks with telecoms industry on undersea cable threat
Locked Shields 2026 united the power of 41 nations to defend cyberspace CCDCOE
China
UK in talks with telecoms industry on undersea cable threat
Chinese Cybersecurity Firm's AI Hacking Claims Draw Comparisons to Claude Mythos - SecurityWeek
China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks - SecurityWeek
FCC adds mobile hotspots to router ban • The Register
Unwary Chinese Hackers Hardcoded Credentials into Backdoors
Chinese national extradited to US for pandemic-era Silk Typhoon attacks | CyberScoop
UK warns of Chinese hackers using proxy networks to evade detection
China-linked threat actors use consumer device botnets to evade detection, warn UK and partners
China-Backed Hackers Are Industrializing Botnets
Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software
New GopherWhisper APT group abuses Outlook, Slack, Discord for comms
Chinese Hackers Spied On Cuban Embassy As US Prepared Blockade
EU bans funding for energy projects using Chinese inverters - PV Tech
Russia
UK in talks with telecoms industry on undersea cable threat
Incomplete Windows Patch Opens Door to Zero-Click Attacks - SecurityWeek
Microsoft patch fell short. New Windows flaw exploited • The Register
RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks
Germany Caught Up in Likely Russian Signal Phishing
Internet censorship index reveals Russia’s lead and widespread content blocking
North Korea
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
Iran
The New Rules Of War Have No Rules
How Big a Threat Are Iranian-Backed Cyberattacks? | The New Yorker
Is the Middle East Conflict Opening a Digital Front in Europe? | The Gaze
Cyberwar Without Borders: How Iran’s Digital Offensive Is Reaching Europe | The Gaze
Pre-Stuxnet Sabotage Malware 'Fast16' Linked to US-Iran Cyber Tensions - SecurityWeek
The Iran Factor In Trump’s Cyber Strategy – Analysis – Eurasia Review
Iranian Cyber Group Handala Targets US Troops in Bahrain - SecurityWeek
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
The New Rules Of War Have No Rules
Golden Dome weapons to attack enemy missiles with new high-tech interceptors, lasers, cyberattacks
Mystery Around Venezuelan Cyberattack Deepens, with New Discovery of "Highly Destructive" Wiper
Tools and Controls
Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side
Cyber threats challenge global business resilience
Cyber Insurance Data Gives CISOs New Ammo for Budget Talks - SecurityWeek
Mythos sniffs out your bugs, can't fix your bloody idiots • The Register
DORA and the Practical Test of Operational Resilience - IT Security Guru
Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?
Glasswing Secured the Code. The Rest is on You
Cyber pros say unauthorized Mythos access is a sign of things to come | Cybernews
Mythos access by Discord group reveals real danger of AI-powered hacking | Fortune
“Mythos-like hacking, open to all”: Industry reacts to OpenAI’s GPT 5.5 - The New Stack
AI Models Can Attack, But Can They Defend? Simbian Says Not Yet | news | MSSP Alert
Google Favors General‑Purpose Gemini Models Over Cybersecurity‑Specif - Infosecurity Magazine
Remote Desktop security beefed up with hard-to-read messages • The Register
Shadow code: The hidden threat for enterprise IT | TechTarget
Cyber Threat Literacy, AI Disruption Top Risks to an Organization’s People
Vercel Confirms April 2026 Security Incident Linked To Third-party AI Tool
Vercel attack fallout expands to more customers and third-party systems | CyberScoop
Mythos Is a Wake-Up Call for DDoS Defense - Security Boulevard
Hybrid clouds have two attack surfaces – so watch both • The Register
Open source models can find bugs as well as Mythos • The Register
Myth Or Mythos? The Illusion Of Advantage In The AI Cybersecurity Race
The Hidden Tax on Security: How Data Costs Are Eating Your Controls Budget - Security Boulevard
Locked Shields 2026 united the power of 41 nations to defend cyberspace CCDCOE
FS cybersecurity experts gather for “industry first” training exercise - FStech
Other News
Cyber Attacks Emerge As Top Risk For Professional Firms In 2026 - Minutehack
Cyber attacks now the top operational risk for 60% of financial organisations - TechCentral.ie
The cyber security of British business is a matter of national security - Dan Jarvis
UK in talks with telecoms industry on undersea cable threat
FS cybersecurity experts gather for “industry first” training exercise - FStech
Why are top university websites serving porn? It comes down to shoddy housekeeping. - Ars Technica
BT has now blocked over a billion clicks to malicious websites, says NCSC | Computer Weekly
Experts warn offshore wind could face risks from drones, sabotage and cyber attacks | Aberdeen Live
Army extends cyber awareness challenge and privacy training to five years | Stars and Stripes
Vulnerability Management
Open source models can find bugs as well as Mythos • The Register
Microsoft updates the Windows Update Experience • The Register
5 ways your Windows updates are about to get a lot less painful | ZDNET
Everything Runs on Software. None of It Is Secure.
Vulnerabilities
Firestarter malware survives Cisco firewall updates, security patches
SonicWall Urges Immediate Patching of Firewall Vulnerabilities - SecurityWeek
Vulnerabilities Patched in CrowdStrike, Tenable Products - SecurityWeek
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
Incomplete Windows Patch Opens Door to Zero-Click Attacks - SecurityWeek
OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years - SecurityWeek
No Patch for New PhantomRPC Privilege Escalation Technique in Windows - SecurityWeek
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
April KB5083769 Windows 11 update causes backup software failures
12-year-old Pack2TheRoot bug lets Linux users gain root privileges
Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks
Critical Pack2TheRoot Vulnerability Let Attackers Gain Root Access or Compromise the System
Critical bug in CrowdStrike LogScale let attackers access files
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
Linux cryptographic code flaw offers fast route to root • The Register
Chrome 147, Firefox 150 Security Updates Rolling Out - SecurityWeek
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
cPanel's authentication bypass bug is being exploited in the wild, CISA warns | CyberScoop
Hackers are actively exploiting a bug in cPanel, used by millions of websites | TechCrunch
Firefox bug CVE-2026-6770 enabled cross-site tracking and Tor fingerprinting
Nessus Agent Vulnerability on Windows Enables Arbitrary Code Execution with SYSTEM Privileges
Critical GitHub Vulnerability Exposed Millions of Repositories - SecurityWeek
New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions
New Linux ‘Copy Fail’ flaw gives hackers root on major distros
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.