Black Arrow Cyber Threat Intelligence Briefing 03 April 2026
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
We have reviewed the specialist and general media over the past week to help raise the awareness of business leaders regarding evolving cyber security risks. We start with heightened activity by Iran-aligned attackers who use password-spraying to gain access to Microsoft 365 accounts, and use various techniques to deploy destructive malware. In separate news, North Korean attackers gained access to a widely used business software to establish long-term access to multiple organisations. We also highlight the need for business leaders to review their approach to removing legitimate tools that are not required by the organisation, and reducing the opportunity for attackers to misuse them.
Research on the impact of a cyber incident highlights that most businesses believe they could not survive more than three days of downtime, while other research finds that most organisations do not trust their cyber security vendors. This underlines the need for business leaders to upskill on cyber security, and to use that knowledge to ensure that their risks and controls are appropriately addressed. We recommend the upskilling should be through an impartial specialist source to reduce the risks of shared blind spots; contact us to find out how we support business leaders to be confident in governing their own security.
Top Cyber Stories of the Last Week
Iran Targets M365 Accounts with Password-Spraying Attacks
Check Point Research has identified a campaign of password spraying against Microsoft 365 accounts, affecting more than 300 organisations in Israel and more than 25 in the UAE, with activity also seen in the US, Europe and Saudi Arabia. Password spraying is a technique where attackers try common or weak passwords across many accounts to gain access. The activity came in three waves during March and focused heavily on infrastructure in cities recently hit by missile attacks, suggesting an effort to gather sensitive information linked to missile strike response and damage assessment.
https://www.theregister.com/2026/03/31/iran_password_spraying_m365/
Iran Deploys 'Pseudo-Ransomware,' Revives Pay2Key Operations
Iran is increasingly blending state-backed operations with criminal tactics, using the revived Pay2Key ransomware group to target high impact US organisations. Researchers say some attacks are not true extortion attempts but destructive campaigns disguised as ransomware, making them harder to identify and respond to. Iran is also reportedly offering cyber criminals a larger share of profits, raising payouts from 70% to 80% for attacks aligned to its political aims. This mix of disruption, financial crime and political intent increases legal, financial and operational risk for organisations, particularly where sanctions exposure may be involved. Business leaders should, as part of their governance, ensure appropriate security controls are maintained to help prevent and detect such attacks.
https://www.darkreading.com/threat-intelligence/iran-pseudo-ransomware-pay2key-operations
North Korea Hackers Suspected of Attack on Widely Used Software Tool
Hackers linked to North Korea are suspected of compromising Axios, a widely used software package with tens of millions of weekly downloads. Google analysts said the breach could have far‑reaching implications because other popular packages rely on Axios, warning that hundreds of thousands of stolen secrets may now be circulating and could enable further ransomware, extortion and cryptocurrency‑theft operations. The attackers gained control of a maintainer account and published two backdoored versions of the package, prompting security firms to advise developers that systems using those versions should be considered compromised. The incident underlines how a compromise in a widely used software package can have broad, ripple‑effect consequences across many organisations.
https://techxplore.com/news/2026-04-north-korea-hackers-widely-software.html
Most Businesses Couldn’t Survive Three Days Downtime
Veeam reports that business resilience remains fragile, with 76% of organisations saying they could not survive more than three days of downtime. Although 47% expect a serious data breach or cyber attack, only 32% believe they are very likely to fully recover critical data and operations. Ransomware tops the list of feared threats at 67%, while 38% of boards have never formally discussed newer AI related risks such as data leaks or unsafe automation. The impact is not only financial, with 57% of leaders reporting burnout or resignations after major incidents.
https://betanews.com/article/most-businesses-couldnt-survive-three-days-downtime/
Cyber Security and Operational Resilience: A Board-Level Imperative
Cyber security and operational resilience are now core boardroom issues as attacks become more frequent, more disruptive and more costly. Since the pandemic, cyber attacks have more than doubled, and average losses from major incidents have risen fourfold since 2017 to $2.5 billion. In one recent case, a ransomware attack on a major healthcare payments provider caused nationwide disruption and more than $1.5 billion in costs. At the same time, tougher rules in the EU, UK and US are making boards more directly accountable for oversight, response planning, third party risk and accurate public reporting.
https://www.jdsupra.com/legalnews/cybersecurity-and-operational-2897791/
95% of Organisations Don’t Trust Their Cyber Security Vendors
Sophos reports a widespread trust gap in the cyber security market, with 95% of organisations saying they do not fully trust their cyber security vendors. The research also found that 79% struggle to judge the trustworthiness of new suppliers, while 62% find it difficult even with existing providers. This lack of confidence is having a business impact, with 51% reporting greater anxiety about the risk of a serious cyber incident. Independent checks, certifications and clear communication during incidents were identified as the strongest foundations for building trust.
https://betanews.com/article/95-percent-of-organizations-dont-trust-their-cybersecurity-vendors/
3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)
Attackers are increasingly avoiding malicious software and instead misusing the trusted tools already built into an organisation’s systems, making harmful activity much harder to spot. Analysis of more than 700,000 serious incidents found that 84% involved legitimate tools being used in this way. On a standard Windows 11 device, hundreds of built in tools may be available, with research suggesting up to 95% of access to higher risk tools is unnecessary. This leaves organisations exposed because security monitoring alone can struggle to separate normal administrative activity from an active cyber attack. Organisations should review their approach to hardening their systems, to reduce the opportunity for attackers to misuse legitimate tools that are not required by the organisation.
https://thehackernews.com/2026/04/3-reasons-attackers-are-using-your.html
The Company’s Biggest Security Hole Lived In the Breakroom
An apparently low risk connected coffee machine became the entry point for a serious data breach after being placed on a secure corporate network with its default password unchanged, outdated software and no basic protections. Investigators found the device was quietly sending data to attackers whenever it was used. The incident reflects a wider pattern, with researchers warning that internet connected devices are increasingly linked to breaches because they are often overlooked, poorly monitored and treated as harmless. A similar case at a North American casino led to 10GB of data being stolen through a connected fish tank.
https://www.theregister.com/2026/04/02/pwned/
The Next Cyber Security Crisis Isn’t Breaches - It’s Data You Can’t Trust
As organisations rely more heavily on data and AI to guide financial, operational and strategic decisions, the greater risk may be not stolen data, but data that is inaccurate, altered or no longer reliable. Even small changes can lead to flawed outcomes, while weak ownership, poor access controls and inconsistent handling of sensitive information can blur the line between trusted and compromised data. Stronger governance, clear accountability and better tracking of changes are becoming essential, not just for security teams but for leadership, as regulators and cyber insurers raise expectations.
https://www.securityweek.com/the-next-cybersecurity-crisis-isnt-breaches-its-data-you-cant-trust/
New Criminal Service Plans to Monetise Data Stolen by Ransomware Gangs
A new criminal service is aiming to turn data stolen in ransomware incidents into a more valuable asset by organising large, unstructured datasets into searchable information for sale or extortion. This could increase pressure on organisations, support follow-on crimes such as fraud and business email compromise where attackers impersonate trusted contacts, and potentially enable direct blackmail of individuals. Experts say the model is not yet proven at scale, as cyber criminals still favour high-volume attacks that deliver quicker returns, but it signals continued innovation in the cyber crime economy.
https://therecord.media/new-criminal-service-plans-to-monetize-ransomware-data
Nearly Half a Million Mobile Customers of Lloyds Banking Group Affected by Security Incident
A software error at Lloyds Banking Group briefly exposed transaction details for up to 447,936 mobile banking customers across Lloyds, Halifax and Bank of Scotland. The issue lasted for less than five hours on 12 March and affected customers who viewed their transaction lists at almost exactly the same time. In some cases, exposed information included payment amounts, dates, references and National Insurance numbers. Lloyds said no unauthorised transactions were possible and no financial losses have been identified, although £139,000 has been paid to 3,625 customers for distress and inconvenience. The incident is a reminder that business leaders should ensure robust testing of software and also maintain strong incident‑response readiness to prevent and manage data exposure during faults.
Governance, Risk and Compliance
Cyberthreat level remains high – attacks becoming more targeted and complex
Most businesses couldn’t survive three days downtime - BetaNews
More Confident, More Tooled, More Breached: The Security Gap Isn’t Closing | news | MSSP Alert
Attackers Are Scaling. Defenders Are Still Missing the Basics | perspective | MSSP Alert
Meta Lawsuit Dismissal: WhatsApp Security Chief Not Done Fighting - Business Insider
Why silence is no longer a security strategy | TechRadar
Trust, friction, and ROI: A CISO's take on making security work for the business - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Iran-Linked Pay2Key Ransomware Group Re-Emerges - Infosecurity Magazine
TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM | Trend Micro (US)
Ransomware in 2025: Blending in is the strategy
Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware
Ransomware and Destructive Attack Victims
European Commission Confirms Cloud Data Breach - Infosecurity Magazine
ShinyHunters claims the hack of the European Commission
Co-Op Chief Steps Down As Hack Leads To £125m Loss
St Anne's School in Southampton closed after cyber attack - BBC News
Qilin Ransomware allegedly breached chemical manufacturer giant Dow Inc
Marquis bank data breach exposes 672,000 in ransomware attack | Fox News
Ransomware group claims it stole data from Monmouth University | EdScoop
Hasbro cyberattack delays orders, weeks-long recovery | Cybernews
Phishing & Email Based Attacks
Dutch Police discloses security breach after phishing attack
New Wave of AiTM Phishing Targets TikTok for Business - Infosecurity Magazine
CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
New EvilTokens service fuels Microsoft device code phishing attacks
How businesses can defend themselves against the rise of ‘phishing as a service’ | TechRadar
Cybercriminals Exploit Tax Season With New Phishing Tactics - Infosecurity Magazine
Other Social Engineering
New ClickFix Variant Uses Rundll32 and WebDAV to Evade PowerShell Detection
New EvilTokens service fuels Microsoft device code phishing attacks
Don't open that WhatsApp message, Microsoft warns • The Register
New macOS Infinity Stealer uses Nuitka Python payload and ClickFix
Another worrying macOS malware scheme has been discovered — here's how to stay safe | TechRadar
3 red flags that job posting is a scam - and how to verify safely | ZDNET
Invoice Fraud Costs UK Construction Sector Millions, NCA Warns - Infosecurity Magazine
AML/CFT/Money Laundering/Terrorist Financing/Sanctions
UK sanctions Xinbi marketplace linked to Asian scam centers
Artificial Intelligence
AI is the Top Cyber Priority for Defenders as Criminals Exploit it - Infosecurity Magazine
TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM | Trend Micro (US)
Breaking out: Can AI agents escape their sandboxes? - Help Net Security
Critical Flaw in Langflow AI Platform Under Attack
AI Shrinks Cyberattack Exploit Time From Years to Days
Security leaders say the next two years are going to be 'insane' | CyberScoop
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust - SecurityWeek
AI Cyberattacks Call for Company Preparation to Limit Fallout
Why 'Emerging Threats' Are Harder to Prioritize in the AI Era
The Real Risk of Vibecoding | Trend Micro (US)
Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
Shadow AI 'double agents' are outpacing security visibility | TechRadar
Mercor says it was 'one of thousands' hit in LiteLLM attack • The Register
Claude Code leak used to push infostealer malware on GitHub
MP victim of AI deepfake fails to get answers from Big Tech • The Register
Latest Anthropic Miscue Puts AI and Cyber Firms at Odds
Bots/Botnets
4 IoT botnets generated attack traffic exceeding 30Tbps - Mobile Europe
Reddit declares war on bad bot activity - Help Net Security
Careers, Roles, Skills, Working in Cyber and Information Security
The human cost of cybersecurity and what we should do about it | TechRadar
Meta Lawsuit Dismissal: WhatsApp Security Chief Not Done Fighting - Business Insider
Are hackers better off staying legal? The answer may surprise you | Cybernews
How to Grow Your Cybersecurity Skills, According to Experts | Security Magazine
How dyslexic thinking strengthens cyber security | BCS
Cloud/SaaS
European Commission Confirms Cloud Data Breach - Infosecurity Magazine
ShinyHunters claims the hack of the European Commission
Iran targets M365 accounts with password-spraying attacks • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
GitHub Used as Covert Channel in Multi-Stage Malware Campaign - Infosecurity Magazine
Maryland Man Charged Over $53m Uranium Finance Crypto Hack - Infosecurity Magazine
Cyber Crime, Organised Crime & Criminal Actors
Are hackers better off staying legal? The answer may surprise you | Cybernews
UK sanctions Xinbi marketplace linked to Asian scam centers
Russia arrests suspected owner of LeakBase cybercrime forum
Data Breaches/Leaks
48 Hours: The Window Between Infostealer Infection and Dark Web Sale - Security Boulevard
European Commission suffered a cyberattack - hackers stole data | УНН
Hackers steal EU Commission cloud data | Cybernews
Dutch Police discloses security breach after phishing attack
Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers - Infosecurity Magazine
Mercor says it was 'one of thousands' hit in LiteLLM attack • The Register
OkCupid settles claims it shared user photos with a facial recognition company | The Verge
Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
Marquis bank data breach exposes 672,000 in ransomware attack | Fox News
Hightower Holding Data Breach Impacts 130,000 - SecurityWeek
Smith & Co Solicitors in Ipswich faces data breach | Ipswich Star
Ajax silenced hacker who found 2017 data breach| Cybernews
Healthcare tech firm CareCloud says hackers stole patient data
Ajax football club hack exposed fan data, enabled ticket hijack
Denial of Service/DoS/DDoS
4 IoT botnets generated attack traffic exceeding 30Tbps - Mobile Europe
Fraud, Scams and Financial Crime
Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers
UK sanctions Xinbi marketplace linked to Asian scam centers
Financial groups lay out a plan to fight AI identity attacks - Help Net Security
ICO Fines UK Nuisance Call Scammers £100,000 - Infosecurity Magazine
3 red flags that job posting is a scam - and how to verify safely | ZDNET
Invoice Fraud Costs UK Construction Sector Millions, NCA Warns - Infosecurity Magazine
Identity and Access Management
Internet of Things – IoT
4 IoT botnets generated attack traffic exceeding 30Tbps - Mobile Europe
Vehicle Cybersecurity Threats Grow in Era of Connected Vehicles
Don’t count on government guidance after a smart home breach - Help Net Security
The company's biggest security hole lived in the breakroom • The Register
Your Streaming Device Could Be Spying For Hackers, According To The FBI
India Set to Ban Sale of Hikvision, TP-Link, CCTV Products From April
Law Enforcement Action and Take Downs
Alleged RedLine malware developer extradited to United States
Russia arrests suspected owner of LeakBase cybercrime forum
Linux and Open Source
How AI has suddenly become much more useful to open-source developers | ZDNET
Malware
48 Hours: The Window Between Infostealer Infection and Dark Web Sale - Security Boulevard
Fake Claude Code source downloads actually delivered malware • The Register
North Korean hackers compromise major software used by thousands of companies | NK News
Backdooring of JavaScript Library Axios Tied to North Korea
Hackers Hijack Axios npm Package to Spread RATs - Infosecurity Magazine
New Venom Stealer MaaS Platform Automates Continuous Data Theft - Infosecurity Magazine
GitHub Used as Covert Channel in Multi-Stage Malware Campaign - Infosecurity Magazine
New macOS Infinity Stealer uses Nuitka Python payload and ClickFix
New ClickFix Variant Uses Rundll32 and WebDAV to Evade PowerShell Detection
Backdoored Telnyx PyPI package pushes malware hidden in WAV audio
Malware Is Sleeping on the Blockchain, and It's Already Infected Dozens of Global Targets
The FBI Just Named 18 Popular Routers Targeted By A Massive Malware Operation
Phantom Project Bundles Infostealer, Crypter and RAT For Sale - Infosecurity Magazine
Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
Remcos RAT Infection Chain Hides Behind Obfuscated Scripts and Trusted Windows Binaries
Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
New 'Storm' Infostealer Remotely Decrypts Stolen Credentials - Infosecurity Magazine
vSphere and BRICKSTORM Malware: A Defender's Guide | Google Cloud Blog
Alleged RedLine malware developer extradited to United States
CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels
New CrystalRAT malware adds RAT, stealer and prankware features
Huge numbers of web stores are facing attack from this dangerous new malware | TechRadar
Mobile
Nearly half a Million mobile customers of Lloyds Banking Group affected by a security incident
FBI Warns of Data Security Risks From China-Made Mobile Apps - SecurityWeek
'NoVoice' Android malware on Google Play infected 2.3 million devices
Coruna iOS exploit framework linked to Triangulation attacks
Android Developer Verification Rollout Begins Ahead of September Enforcement
WhatsApp warns users of fake app used to distribute spyware | The Record from Recorded Future News
Passwords, Credential Stuffing & Brute Force Attacks
48 Hours: The Window Between Infostealer Infection and Dark Web Sale - Security Boulevard
Iran targets M365 accounts with password-spraying attacks • The Register
Regulations, Fines and Legislation
UK defining stronger energy cybersecurity rules after Poland attack – pv magazine International
ICO Fines UK Nuisance Call Scammers £100,000 - Infosecurity Magazine
FCC's Router Ban Quietly Places an Expiration Date on Home Internet Security | PCMag
US router ban is ‘industrial policy' not better infosec • The Register
If You Buy a New Router, It Might ‘Turn Into a Pumpkin’ Next Year - CNET
Former NSA chiefs worry American offensive edge in cybersecurity is slipping | CyberScoop
Home router ban is unserious political manoeuvring - Verdict
Social Media
New Wave of AiTM Phishing Targets TikTok for Business - Infosecurity Magazine
Meta Lawsuit Dismissal: WhatsApp Security Chief Not Done Fighting - Business Insider
Reddit declares war on bad bot activity - Help Net Security
Software Supply Chain
North Korean hackers compromise major software used by thousands of companies | NK News
North Korean Attackers Compromise Popular Web Tool | Silicon UK
The Hidden Blast Radius of the Axios Compromise - Socket
Hackers Hijack Axios npm Package to Spread RATs - Infosecurity Magazine
Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069
Supply Chain and Third Parties
The external pressures redefining cybersecurity risk | CSO Online
North Korean hackers compromise major software used by thousands of companies | NK News
Backdooring of JavaScript Library Axios Tied to North Korea
The Hidden Blast Radius of the Axios Compromise - Socket
Hackers Hijack Axios npm Package to Spread RATs - Infosecurity Magazine
Famous Telnyx Pypi Package compromised by TeamPCP - Security Boulevard
Backdoored Telnyx PyPI package pushes malware hidden in WAV audio
TeamPCP’s attack spree slows, but threat escalates with ransomware pivot - Help Net Security
TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM | Trend Micro (US)
Mercor says it was 'one of thousands' hit in LiteLLM attack • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Wartime Usage of Compromised IP Cameras Highlight Their Danger
Information sharing of cyber threats vital to national security - Defence Connect
Europe's Power Grid Faces Hybrid Warfare Threat
National Cyber Resilience Demands Unified Defense
'Cyber Power' Drives Modern Geopolitical Conflict
Iran's hackers are on the offensive against the US and Israel - Ars Technica
European-Chinese geopolitical issues drive renewed cyberespionage campaign | CyberScoop
Telecom Sleeper Cells: Nation-State Threats Below the Radar
How History Shapes Nation-State Cyber Conflict
Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains
Former NSA chiefs worry American offensive edge in cybersecurity is slipping | CyberScoop
The Perils of Privatized Cyberwarfare | Lawfare
Nation State Actors
Information sharing of cyber threats vital to national security - Defence Connect
China
FBI Warns of Data Security Risks From China-Made Mobile Apps - SecurityWeek
Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure - SecurityWeek
China-linked Red Menshen APT deploys stealthy BPFDoor implants in telecom networks
European-Chinese geopolitical issues drive renewed cyberespionage campaign | CyberScoop
FCC's Router Ban Quietly Places an Expiration Date on Home Internet Security | PCMag
NCSC warns of messaging app targeting public sector | UKAuthority
Telcos targeted by threat actor ‘sleeper cells’ – report | TelecomTV
Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains
If You Buy a New Router, It Might ‘Turn Into a Pumpkin’ Next Year - CNET
Home router ban is unserious political manoeuvring - Verdict
Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign
India Set to Ban Sale of Hikvision, TP-Link, CCTV Products From April
Russia
NCSC warns of messaging app targeting public sector | UKAuthority
CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels
Russia targets VPNs used by millions in Putin’s latest internet crackdown | The Independent
Top EU officials’ Signal group chat shut down over hacking fears – POLITICO
Russia arrests suspected owner of LeakBase cybercrime forum
Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware
North Korea
North Korean hackers compromise major software used by thousands of companies | NK News
Backdooring of JavaScript Library Axios Tied to North Korea
The Hidden Blast Radius of the Axios Compromise - Socket
Hackers Hijack Axios npm Package to Spread RATs - Infosecurity Magazine
Iran
Europe's Power Grid Faces Hybrid Warfare Threat
Iranian hackers, Handala, claim to compromise FBI Director Kash Patel’s personal data | CyberScoop
Iran-Linked Pay2Key Ransomware Group Re-Emerges - Infosecurity Magazine
Iran Deploys 'Pseudo-Ransomware,' Revives Pay2Key Operations
NCSC warns of messaging app targeting public sector | UKAuthority
Wartime Usage of Compromised IP Cameras Highlight Their Danger
Iran's hackers are on the offensive against the US and Israel - Ars Technica
Iran targets M365 accounts with password-spraying attacks • The Register
FBI Confirms Kash Patel Email Hack as US Offers $10M Reward for Hackers - SecurityWeek
Iranian hackers breach FBI director's personal email, and post his CV and photos online
Hidden Battle…Iran Conflict Shows How Digital Fight is Ingrained in Warfare
Why U.S. Special Operations Forces Will Focus More On The Cyber Domain
Cyber Warfare 101: Bluff Don’t Tell - CEPA
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Information sharing of cyber threats vital to national security - Defence Connect
The Perils of Privatized Cyberwarfare | Lawfare
A New Cyber Service is Not the Answer > The Cyber Defense Review > Article View
Former NSA chiefs worry American offensive edge in cybersecurity is slipping | CyberScoop
Why U.S. Special Operations Forces Will Focus More On The Cyber Domain
Tools and Controls
More Confident, More Tooled, More Breached: The Security Gap Isn’t Closing | news | MSSP Alert
95 percent of organizations don’t trust their cybersecurity vendors - BetaNews
Security boffins harvest bumper crop of API keys from web • The Register
The Forgotten Endpoint: Security Risks of Dormant Devices
Russia targets VPNs used by millions in Putin’s latest internet crackdown | The Independent
Security leaders say the next two years are going to be 'insane' | CyberScoop
The Real Risk of Vibecoding | Trend Micro (US)
DMARC Policies in the Age of AI-Driven Impersonation | Proofpoint US
AI agents are about to overtake cybersecurity - for better, or worse? - SiliconANGLE
This privacy-first chatbot is taking off - here's why and how to try it | ZDNET
Germany urges citizens to back up data on World Backup Day | Cybernews
Enterprises are all in on AI for security but budgets aren’t keeping pace - Verdict
How AI has suddenly become much more useful to open-source developers | ZDNET
Leak reveals Anthropic’s ‘Mythos,’ a powerful AI model aimed at cybersecurity use cases | CSO Online
Trust, friction, and ROI: A CISO's take on making security work for the business - Help Net Security
Agentic GRC: Teams Get the Tech. The Mindset Shift Is What's Missing.
GPT Can’t Trace an Attack Chain. A Purpose-Built Cybersecurity LLM Can. - Security Boulevard
Free VPNs leak your data while claiming privacy
Malware detectors trained on one dataset often stumble on another - Help Net Security
Other News
3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)
Cyberthreat level remains high – attacks becoming more targeted and complex
Your router is about to stop getting security updates - here's what to do
Security precautions to consider while traveling through airports
Critical Infrastructure at Risk | Security Insider
The House Article | Government needs to take cyber security in our energy system seriously
Have telcos invested enough in security? | TelecomTV
UK manufacturers under cyber fire with 80% reporting attacks • The Register
Eight in 10 UK Manufacturers Hit by Cyber Incident in a Year - Infosecurity Magazine
Vulnerability Management
Security leaders say the next two years are going to be 'insane' | CyberScoop
EU wants to support bedrock cyber vulnerability program, top official says - Nextgov/FCW
Rethinking Vulnerability Management Strategies
Vulnerabilities
A critical Windows security fix puts legacy hardware on borrowed time – Computerworld
Windows is finally fixing a years-old security hole in April | PCWorld
New Windows 11 emergency update fixes preview update install issues
F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild - SecurityWeek
Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks
Exploitation of Critical Fortinet FortiClient EMS Flaw Begins - SecurityWeek
Cisco Patches Critical and High-Severity Vulnerabilities - SecurityWeek
Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
Rapid Exploitation of CVE-2026-21962 Hits Oracle WebLogic - Infosecurity Magazine
Urgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data
Critical Fortinet Forticlient EMS flaw now exploited in attacks
Fortinet hit by another exploited cybersecurity flaw | CSO Online
Google fixes fourth Chrome zero-day exploited in attacks in 2026
Critical Vulnerability in Claude Code Emerges Days After Source Leak - SecurityWeek
Critical Flaw in Langflow AI Platform Under Attack
BIND Updates Patch High-Severity Vulnerabilities - SecurityWeek
Apple issues urgent lock screen warnings for unpatched iPhones and iPads
Hackers Actively Exploiting Critical WebLogic RCE Vulnerabilities in Attacks
Hackers Compromised 700+ Next.js Hosts by Exploiting React2Shell Vulnerability
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
CISA Flags Critical PTC Vulnerability That Had German Police Mobilized - SecurityWeek
TP-Link Patches High-Severity Router Vulnerabilities - SecurityWeek
TrueConf zero-day vulnerability exploited to target government networks - Help Net Security
New Progress ShareFile flaws can be chained in pre-auth RCE attacks
OpenSSH 10.3 patches five security bugs and drops legacy rekeying support - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.