Black Arrow Cyber Threat Intelligence Briefing 02 January 2026
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
The start of a new year is an opportunity to reflect on the challenges that business leaders need to address as they help their organisations grow in a more secure environment. In this week’s review, we cover which sectors are most at risk and highlight recommended security practices based on cyber insurance claims data.
Business executives continue to rate cyber as their top risk, and we discuss the need for cyber security teams to translate risk into business impact. This week’s highlights include a large-scale campaign using malicious browser extensions to spy on online meetings, affecting over two million users. We also cover the risks of deploying AI in the business without clear controls and guardrails, and the need for business leaders to understand and manage the cyber risks associated with their managed service provider (MSP).
We help our clients take an impartial and proportionate approach to cyber security, based on an understanding of evolving risks, and support executives in leading their own cyber risk management. Contact us to discuss how we do this.
We wish you a prosperous, safe and successful 2026.
Top Cyber Stories of the Last Week
The Six Biggest Security Challenges Coming in 2026
In 2026, businesses face six major security challenges: mandated cyber resilience under new regulations, increasingly sophisticated ransomware, AI-driven phishing and vishing, heightened supply chain risks, emerging threats from agentic AI systems, and growing vulnerability backlogs as exploits accelerate. Practical steps include resilience planning, enforcing MFA, closer supplier checks, tighter controls for agentic AI, and patch prioritisation based on exploitation risk.
Source: https://www.itpro.com/security/the-six-biggest-security-challenges-coming-in-2026
Top Sectors Under Cyber Attack in 2025
A breakdown of significant cyber breaches and incidents in 2025 by industry sector highlights manufacturing ranked first for the fourth year, with finance, professional services, energy, and healthcare also heavily hit. By attack volume, education was the most targeted sector, with government/public and telecoms also seeing elevated rates. Organisations averaged nearly 2,000 weekly attacks, Europe rose by about 22%, and organisations in critical sectors accounted for about 70% of incidents.
Source: https://securityboulevard.com/2025/12/top-sectors-under-cyberattack-in-2025/
Cyber Security Tech Recommended by Cyber Insurer Claims Data
Claims data from cyber‑insurance providers show that investments in six core cyber security technologies reduce losses and influence premiums. These include role‑based access control with frequent auditing, a strong security culture, eliminating outdated legacy systems, strong MFA, zero‑trust models such as SASE, professionally managed detection and response (MDR) services, and immutable backups with restoration practice. The data also showed that payouts due to phishing now make up 49% of claims and remote‑access tools accounted for 80% of initial access vectors in direct ransomware attacks.
Source: https://www.darkreading.com/cyber-risk/cybersecurity-tech-recommended-by-cyber-insurer-claims-data
World Economic Forum Puts Cyber Security on Global Leadership Agenda
The World Economic Forum (WEF) has elevated cyber security to a global leadership priority, with its Davos Annual Meeting framing cyber risk as a top-level policy issue. Fortinet’s Derek Manky noted that the expanding organised cybercrime demands engagement from the boardroom and government, to connect technical realities to economic and geopolitical strategies. WEF attendees discussed initiatives like its Cybercrime Atlas, a bounty programme, and law enforcement/private sector partnerships.
Get Executives on Board With Managing Cyber Risk
Trend Micro’s 2025 Defenders Survey of over 3,000 security professionals shows that the single biggest improvement security teams want is clearer identification of which assets matter most, and which threats are most relevant to the business. Effective governance communication should translate technical risk into business impact, using metrics and financial terms executives understand, yet nearly half only communicate reactively or minimally, often only when required or after major developments, which risks weakening stakeholder trust.
Source: https://www.trendmicro.com/en_us/research/25/l/managing-cyber-risk-with-executives.html
Executives Say Cyber Security Has Outgrown the IT Department
A Rimini Street study finds 54% of executives rank cyber threats as the top external risk; ahead of supply chain and regulation. Organisations are integrating security into enterprise risk management, prioritising business continuity planning, and outsourcing cyber security services. Persistent staffing shortages are influencing vendor choices and driving technology investment strategies.
Source: https://www.helpnetsecurity.com/2025/12/30/rimini-street-security-leadership-strategy-report/
How FOMO Is Turning AI Into a Cyber Security Nightmare
Pressure to deploy AI quickly is pushing organisations to adopt tools before the risks are properly assessed. A 2025 incident involving Drift showed how stolen credentials and overly broad app permissions can be abused to reach data held in services such as Salesforce and Google Workspace. AI programmes need clear definitions, cross-functional risk reviews, testing for how an AI system behaves when things go wrong, tighter limits on what systems can be accessed, and human verification of outputs.
Source: https://www.inc.com/nick-selby/how-fomo-is-turning-ai-into-a-cybersecurity-nightmare/91261473
Condé Nast Faces Major Data Breach: 2.3M WIRED Records Leaked, 40M More at Risk
An attacker called “Lovely” leaked a database of 2.3M subscriber records of WIRED magazine, and threatened to release up to 40M more across Condé Nast brands. The leak includes email addresses and other account details, and includes over 102,000 home addresses.
Zoom Stealer Browser Extensions Harvest Corporate Meeting Intelligence
Researchers uncovered a large-scale campaign that uses malicious browser extensions to spy on online meetings. 2.2 million users of Chrome, Firefox, and Edge were affected. The extensions, disguised as useful tools, captured sensitive meeting details such as links, IDs, and participant information, from dozens of platforms in real time, enabling corporate espionage and targeted social engineering. The campaign was attributed to DarkSpectre, a threat actor the researchers describe as China-linked.
‘Help! I Need Money. It’s an Emergency’: Your Child’s Voicemail That Could Be a Scam
Criminal groups are using AI voice cloning to leave urgent messages that imitate a child or close family member and demand money. Very short voice samples, including clips shared online or taken from phone calls, can be sufficient to generate a usable imitation. The scam succeeds by triggering panic and urgency. Practical safeguards include pausing before responding, confirming requests via a trusted number, and agreeing family codewords in advance.
Source: https://www.theguardian.com/money/2025/dec/21/ai-cloned-voicemail-scam-criminals-fraud
The Changing Role of the MSP: What Does This Mean for Security?
Research shows 69% of managed service providers (MSPs) reported two or more breaches in the last 12 months, prompting 81% to boost specialist security hires and 78% to increase defensive spending. Customers are demanding proof of resilience, driving MSPs towards improving their ability to manage the security of their clients’ cyber and IT estates and stronger internal cyber security practices.
Source: https://www.itpro.com/security/the-changing-role-of-the-msp-what-does-this-mean-for-security
Customers Turn Cyber Breaches Into Courtroom Battles
Consumers are being recruited to join group legal actions against firms like M&S and Co‑Op after cyber breaches. Early statements from these organisations suggested there was no evidence at that point of customer data compromise, but this changed as investigations confirmed access, creating potential legal exposure. CISOs play a role in avoiding false certainty, and adopting litigation-aware communications, which should be part of the organisation’s incident management plans to manage risks.
Source: https://cybernews.com/security/customers-take-stand-cybersecurity-new-trial/
Governance, Risk and Compliance
Customers turn cyber breaches into courtroom battles | Cybernews
WEF Puts Cybersecurity on the Global Leadership Agenda
Executives say cybersecurity has outgrown the IT department - Help Net Security
Get Executives on board with managing Cyber Risk | Trend Micro (US)
Tabletop exercises look a little different this year • The Register
Forensics and Investigation Is the New Cyber Frontline - Infosecurity Magazine
The changing role of the MSP: What does this mean for security? | ChannelPro
Inside the Biggest Cyber Attacks of 2025 - Security Boulevard
Cyber attacks ‘tipping point’ warning issued after Harrods and M&S targeted | The Independent
CISOs are managing risk in survival mode - Help Net Security
Top Sectors Under Cyberattack in 2025 - Security Boulevard
The six biggest security challenges coming in 2026 | IT Pro
Security coverage is falling behind the way attackers behave - Help Net Security
New Tech Deployments That Cyber Insurers Recommend for 2026
Cyber attacks: 2025 the ‘tipping point’ as JLR and M&S incidents highlight risks | The Standard
Building resilient teams in cyberdefense | Opinion | Compliance Week
Europe has ‘lost the internet’, warns Belgium’s cyber security chief
Threats
Ransomware, Extortion and Destructive Attacks
Security coverage is falling behind the way attackers behave - Help Net Security
Former US cybersecurity professionals plead guilty to BlackCat/ALPHV attacks - SiliconANGLE
Web Browsing’s Dark Side: Understanding Ransomware over Modern Web Browsers - Security Boulevard
Ransomware’s new playbook is chaos - Help Net Security
The biggest cybersecurity and cyberattack stories of 2025
Customers turn cyber breaches into courtroom battles | Cybernews
An arrest has been made in the Coinbase ransomware breach | Mashable
How the UK Retail Sector Responded to the Scattered Spider Hack Wave - Infosecurity Magazine
Feds are hunting teenage hackers | Fortune
Ransomware Victims
Crims punish Wired subscribers by publishing personal info • The Register
How the human harms of cybercrime shook the world in 2025 • The Register
Romania’s Oltenia Energy Complex suffers major ransomware attack
The Worst Hacks of 2025 | WIRED
An arrest has been made in the Coinbase ransomware breach | Mashable
Phishing & Email Based Attacks
Security coverage is falling behind the way attackers behave - Help Net Security
Yet another phishing campaign impersonates trusted Google services - here's what we know | TechRadar
Fake GrubHub emails promise tenfold return on sent cryptocurrency
Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware
Other Social Engineering
New ErrTraffic service enables ClickFix attacks via fake browser glitches
Insight: A scammer's guide: How cybercriminals plot to rob a target in a week | Reuters
What is Vishing? - Security Boulevard
Fraud, Scams and Financial Crime
Insight: A scammer's guide: How cybercriminals plot to rob a target in a week | Reuters
Nationwide hit with record fine after failing to spot customer’s £27m Covid fraud
LLMs are automating the human part of romance scams - Help Net Security
2025’s crypto criminals: Making bank while cutting off fingers
Fake GrubHub emails promise tenfold return on sent cryptocurrency
Korean telco failed at femtocell security, exposed customers • The Register
Artificial Intelligence
Security coverage is falling behind the way attackers behave - Help Net Security
LLMs are automating the human part of romance scams - Help Net Security
Critical Langchain Vulnerability Let attackers Exfiltrate Sensitive Secrets from AI systems
Fighting AI with AI: The Rise of Multi-LLM Orchestrated Cyber Attacks - Security Boulevard
2026 Year of the Worm? AI Is Fueling a Malware Comeback
Widely Used Malicious Extensions Steal ChatGPT, DeepSeek Conversations - Security Boulevard
How FOMO Is Turning AI Into a Cybersecurity Nightmare
The AI balancing act your company can't afford to fumble in 2026 | ZDNET
Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors
AI Browsers the New Trojan Horse? - GovInfoSecurity
OpenAI says prompt injection may never be ‘solved’ for browser agents like Atlas | CyberScoop
Can one state save us from AI disaster? Inside California's new legislative crackdown | ZDNET
As Coders Adopt AI Agents, Security Pitfalls Lurk in 2026
Contrarians No More: AI Skepticism Is on the Rise
AML/CFT/Money Laundering/Terrorist Financing/Sanctions
Ship seized in Finland suspected of cable damage was carrying sanctioned Russian steel | Euronews
U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware
UK law firms get ready for crackdown on money laundering | Financial sector | The Guardian
Malware
Zoom Stealer browser extensions harvest corporate meeting intelligence
DarkSpectre Hackers Infected 8.8 Million Chrome, Edge, and Firefox Users with Malware
2026 Year of the Worm? AI Is Fueling a Malware Comeback
China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware
MacSync Stealer malware bypasses macOS Gatekeeper security warnings | CSO Online
React2Shell under attack: RondoDox Botnet spreads miners and malware
New GlassWorm malware wave targets Macs with trojanized crypto wallets
Security Bite: A note on the growing problem of Apple-notarized malware on macOS - 9to5Mac
Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor
The next cyber battlefield: Preparing federal networks for autonomous malware
Bots/Botnets
React2Shell under attack: RondoDox Botnet spreads miners and malware
RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers
Denial of Service/DoS/DDoS
Pro-Russian group Noname057 claims cyberattack on La Poste services
Internet of Things – IoT
RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers
Top tips to protect your Christmas gifts from cyber-scrooges - GOV.UK
Estonia's cybersecurity authority perceives Chinese drones as major risk | News | ERR
The FCC has probably killed a plan to improve smart home security | The Verge
New York’s incoming mayor bans Raspberry Pi at inauguration • The Register
Data Breaches/Leaks
Customers turn cyber breaches into courtroom battles | Cybernews
Crims punish Wired subscribers by publishing personal info • The Register
The biggest cybersecurity and cyberattack stories of 2025
Condé Nast faces major data breach: 2.3M WIRED records leaked, 40M more at risk
Stolen LastPass backups enable crypto theft through 2025
Sensitive data 'likely taken' in Westminster council cyber attack - BBC News
The Worst Hacks of 2025 | WIRED
Aflac confirms June data breach affecting over 22 million customers
Accused data thief dumped laptop in river to evade justice • The Register
Disney will pay $10 million to settle children's data privacy lawsuit
Korean telco failed at femtocell security, exposed customers • The Register
Korean Air discloses data breach after the hack of its catering and duty-free supplier
Coupang to split $1.17 billion among 33.7 million data breach victims
Apple Got Hacked? - Massive Cyberattack May Have Leaked Sensitive Data from iPhone Maker | IBTimes
European Space Agency confirms breach of "external servers"
French campuses got hacked, attackers claim | Cybernews
Organised Crime & Criminal Actors
2025’s crypto criminals: Making bank while cutting off fingers
How the human harms of cybercrime shook the world in 2025 • The Register
Accused data thief dumped laptop in river to evade justice • The Register
Insight: A scammer's guide: How cybercriminals plot to rob a target in a week | Reuters
Feds are hunting teenage hackers | Fortune
Hacker Who Stole Millions in Seconds Finally Caught – DataBreaches.Net
Illegal streaming grew into an organized, profitable, and dangerous industry - Help Net Security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
2025’s crypto criminals: Making bank while cutting off fingers
How the human harms of cybercrime shook the world in 2025 • The Register
Stolen LastPass backups enable crypto theft through 2025
React2Shell under attack: RondoDox Botnet spreads miners and malware
New GlassWorm malware wave targets Macs with trojanized crypto wallets
Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist - SecurityWeek
An arrest has been made in the Coinbase ransomware breach | Mashable
Hackers drain $3.9M from Unleash Protocol after multisig hijack
Fake GrubHub emails promise tenfold return on sent cryptocurrency
Insurance
New Tech Deployments That Cyber Insurers Recommend for 2026
Supply Chain and Third Parties
The changing role of the MSP: What does this mean for security? | ChannelPro
Korean Air discloses data breach after the hack of its catering and duty-free supplier
Apple Got Hacked? - Massive Cyberattack May Have Leaked Sensitive Data from iPhone Maker | IBTimes
Cloud/SaaS
AI killed the cloud-first strategy: Why hybrid computing is the only way forward now | ZDNET
Airbus to migrate critical apps to a sovereign Euro cloud • The Register
Encryption
Stolen LastPass backups enable crypto theft through 2025
Passwords, Credential Stuffing & Brute Force Attacks
How to Prevent Credential Stuffing Attacks: Detection & Protection Strategies - Security Boulevard
Social Media
1 in 5 YouTube Shorts is AI slop now - and Americans are eating it up | ZDNET
Regulations, Fines and Legislation
The FCC has probably killed a plan to improve smart home security | The Verge
Can one state save us from AI disaster? Inside California's new legislative crackdown | ZDNET
Fears Mount That US Federal Cybersecurity Is Stagnating—or Worse | WIRED
Models, Frameworks and Standards
Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors
Data Protection
What consumers expect from data security - Help Net Security
Careers, Roles, Skills, Working in Cyber and Information Security
Building resilient teams in cyberdefense | Opinion | Compliance Week
Mentorship & Diversity: Shaping the Next Gen of Cyber Experts
The Modern Cyber Workforce | AFCEA International
What Kevin Bacon Can Teach You About Cybersecurity Careers
Law Enforcement Action and Take Downs
Former US cybersecurity professionals plead guilty to BlackCat/ALPHV attacks - SiliconANGLE
Accused data thief dumped laptop in river to evade justice • The Register
Feds are hunting teenage hackers | Fortune
Hacker Who Stole Millions in Seconds Finally Caught – DataBreaches.Net
An arrest has been made in the Coinbase ransomware breach | Mashable
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Cyberwarfare is here – and we must be ready
New German military plan views foreign sabotage as preparation for war – POLITICO
It’s not just Taiwan... Five flashpoints that could spark World War Three in 2026 | The Independent
Navy’s fleet of 4ft boats to protect Britain from Putin
Russian submarine followed spy ship into British waters
Hacking space: Europe ramps up security of satellites – POLITICO
Nation State Actors
China
DarkSpectre Hackers Infected 8.8 Million Chrome, Edge, and Firefox Users with Malware
Chinese state hackers plant malware inside Windows | Cybernews
Cyberhackers Just Turned 150 Browser Extensions Into Viruses - Here's How
It’s not just Taiwan... Five flashpoints that could spark World War Three in 2026 | The Independent
China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware
Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor
Estonia's cybersecurity authority perceives Chinese drones as major risk | News | ERR
MongoBleed (CVE-2025-14847): the US, China, and the EU are among the top exploited GEOs
Russia
New German military plan views foreign sabotage as preparation for war – POLITICO
It’s not just Taiwan... Five flashpoints that could spark World War Three in 2026 | The Independent
Navy’s fleet of 4ft boats to protect Britain from Putin
Russian submarine followed spy ship into British waters
Pro-Russian group Noname057 claims cyberattack on La Poste services
Ship seized in Finland suspected of cable damage was carrying sanctioned Russian steel | Euronews
Finland detains ship and its crew after critical undersea cable damaged | CNN
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
You've been targeted by government spyware. Now what? | TechCrunch
U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware
Tools and Controls
DarkSpectre Hackers Infected 8.8 Million Chrome, Edge, and Firefox Users with Malware
Cyberhackers Just Turned 150 Browser Extensions Into Viruses - Here's How
Forensics and Investigation Is the New Cyber Frontline - Infosecurity Magazine
New Tech Deployments That Cyber Insurers Recommend for 2026
Cybersecurity’s AI Arms Race Is Just Getting Started—Here’s What 2026 Will Bring - ClearanceJobs
Fighting AI with AI: The Rise of Multi-LLM Orchestrated Cyber Attacks - Security Boulevard
Widely Used Malicious Extensions Steal ChatGPT, DeepSeek Conversations - Security Boulevard
How FOMO Is Turning AI Into a Cybersecurity Nightmare
Web Browsing’s Dark Side: Understanding Ransomware over Modern Web Browsers - Security Boulevard
Tabletop exercises look a little different this year • The Register
"Military-grade encryption" is meaningless: decoding VPN buzzwords | Tom's Guide
AI killed the cloud-first strategy: Why hybrid computing is the only way forward now | ZDNET
AI Browsers the New Trojan Horse? - GovInfoSecurity
OpenAI says prompt injection may never be ‘solved’ for browser agents like Atlas | CyberScoop
Windows Event Logs Reveal the Messy Reality Behind 'Sophisticated' Cyberattacks
Reports Published in the Last Week
Other News
"Military-grade encryption" is meaningless: decoding VPN buzzwords | Tom's Guide
Windows Event Logs Reveal the Messy Reality Behind 'Sophisticated' Cyberattacks
Europe has ‘lost the internet’, warns Belgium’s cyber security chief
Remedio CEO: If you don't think like a hacker, you won't win • The Register
When One Vulnerability Breaks the Internet and Millions of Devices Join In - Security Boulevard
These are the cybersecurity stories we were jealous of in 2025 | TechCrunch
Top Sectors Under Cyberattack in 2025 - Security Boulevard
Hacking space: Europe ramps up security of satellites – POLITICO
Radio signals could give attackers a foothold inside air-gapped devices - Help Net Security
British hacker wins visa by infiltrating Australian government website
Vulnerability Management
2025 marks a breakout year for zero-day exploits| Cybernews
Vulnerabilities
RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers
React2Shell under attack: RondoDox Botnet spreads miners and malware
MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
MongoBleed (CVE-2025-14847): the US, China, and the EU are among the top exploited GEOs
'Heartbleed of MongoDB' under active exploit • The Register
Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks
Critical Langchain Vulnerability Let attackers Exfiltrate Sensitive Secrets from AI systems
Critical Zero-Day RCE Flaw in Networking Devices Exposes Over 70,000 Hosts
When One Vulnerability Breaks the Internet and Millions of Devices Join In - Security Boulevard
Critical CVSS 9.8 Flaw Found in IBM API Connect Authentication System
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.