Black Arrow Cyber Threat Intelligence Briefing 03 July 2026

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

In recent weeks, our review of cyber security in the specialist and general media has focused on managing the risks presented by developments in AI. This week, however, our review highlights a greater focus on more traditional threats including email phishing and other social engineering, as well as a reminder of the continued growth in ransomware and the developing tactics of attackers. We also share insights into managing risks from the increasing use of cloud services, SaaS platforms and remote access.

These developments reinforce the need for business leaders to address both cyber security and cyber resilience. This requires cyber security teams to articulate risks in business terms, while business leaders develop sufficient understanding of cyber risk to make informed decisions and engage in informed discussion. Contact us to find out how we support organisations to achieve this in different sectors across the world.


Top Cyber Stories of the Last Week

Inside the Inbox: Why Cybercriminals Want to Break into Your Email Account

Email accounts remain a high-value target because they often provide access to other accounts through password resets, identity verification and connected business systems, including shared drives, finance platforms and customer data. ESET recorded a 36% rise in malicious emails in the second half of 2025 compared with the previous six months, while UK government figures found phishing was the most common form of cyber attack at 38%. Inbox compromise can also support fraud, data theft and ransomware, making strong passwords, multi-factor authentication and regular checks for suspicious forwarding rules important safeguards.

https://www.welivesecurity.com/en/cybersecurity/inside-inbox-cybercriminals-want-break-email-account/

Crafty Phishing Campaigns Auto-Adapt to Victim's Device, OS

Phishing attacks are becoming more targeted, with some campaigns now detecting a victim’s device, browser, language, location and operating system after they click a malicious link. This allows attackers to deliver the most suitable payload, such as different remote access tools for Mac or Windows users, or to mimic trusted brands such as Google, Microsoft Teams, Adobe, DocuSign and Zoom. Cofense warns that this increases the chance of compromise and makes each campaign more profitable, especially where trusted tools are misused to gain remote access.

https://www.darkreading.com/application-security/phishing-campaigns-auto-adapt-victims-device-os

ClickFix Now Cybercriminals' Favourite Malware Delivery Technique

ClickFix has become the leading technique used by cyber criminals to deliver malware, according to ReliaQuest analysis of attacks between 1 March and 31 May 2026. The technique tricks users into pasting attacker-supplied commands into trusted system tools, often through fake verification pages on compromised websites. This can bypass security tools because the action appears to be performed by the user. The threat now affects both Windows and macOS, with attackers adapting to Apple protections by targeting Script Editor to deliver AMOS malware, which steals browser credentials, session cookies, crypto wallets and keychain data.

https://www.infosecurity-magazine.com/news/clickfix-cybercriminals-favorite/

The Agentic AI ‘Lethal Trifecta’: What CISOs Should Know

Agentic AI can combine access to sensitive data, the ability to read untrusted content and permission to act or communicate externally, creating what some experts describe as a “lethal trifecta” of risk. If poorly controlled, AI agents could expose confidential information, change business systems or be manipulated through hidden instructions known as prompt injection. Organisations should map where AI agents have access, restrict permissions by default, monitor behaviour and apply strong identity controls so agents can only perform approved tasks.

https://www.techtarget.com/searchsecurity/tip/The-agentic-AI-lethal-trifecta-What-CISOs-should-know

Ransomware Gangs Find Europe’s Weakest Link in Third-Party Suppliers

Ransomware activity across Europe is rising, with suppliers and service providers increasingly used as routes into larger organisations. Black Kite reviewed 2,066 incidents across 31 countries and found publicly disclosed cases rose 55% between January and April 2026 compared with the same period in 2025. Germany, the UK, France, Italy and Spain accounted for nearly 70% of incidents, while manufacturing represented 28% of cases. The report also found 64 organisations were compromised through third-party incidents, highlighting how one supplier breach can create wider disruption for many connected businesses.

https://www.helpnetsecurity.com/2026/06/26/black-kite-european-cyber-threats-report/

Almost Half of Ransomware Victims Have Data Stolen Before They Can Even Detect an Intrusion

Ransomware attackers are increasingly stealing data before organisations realise they have been breached. ExtraHop’s Global Threat Landscape Report, based on more than 1,800 IT and security leaders, found that 49% of ransomware victims only detected an attack after data had been stolen, up from 31% last year. Attackers are spending an average of 2.5 weeks inside systems before detection, often by using encrypted channels, valid high-privilege accounts and activity that resembles legitimate workflows to avoid raising alarms. Average ransom payments fell from $3.6 million to $2.8 million, but 83% of surveyed victims still paid.

https://www.techradar.com/pro/security/almost-half-of-ransomware-victims-have-data-stolen-before-they-can-even-detect-an-intrusion

UK Businesses Fear Stigma of Ransomware

Ransomware is likely being significantly underreported by UK businesses, with many organisations reluctant to disclose attacks due to reputational concerns or fear of criticism, particularly where a ransom has been paid. Between April 2025 and March 2026, 323 UK organisations reported ransomware incidents to Report Fraud, with small and medium-sized organisations accounting for 175 cases. Reported losses totalled £270,000, a figure that may understate the true impact.

https://www.computerweekly.com/news/366645146/UK-businesses-fear-stigma-of-ransomware

How Ransomware Syndicates Weaponize Corporate-Style Organisation

Ransomware groups are increasingly operating like organised businesses rather than isolated criminals. Before shutting down in 2025, the ransomware group Black Basta targeted 520 victims across 39 industries and received at least $107 million in bitcoin payments. Leaked chats show structured teams, outsourced services, performance-based pay and tailored ransom demands based on a victim’s size, finances, sensitive data and cyber insurance policy details. Ransomware is estimated to generate around $74 billion globally each year, meaning organisations need to treat incidents as planned business crises, rehearsing decisions before attackers apply pressure through deadlines, disruption and data exposure.

https://cyberscoop.com/ransomware-syndicates-corporate-organization-op-ed/

Beyond the Perimeter: The Shift to Data-Centric Protection

As organisations use more cloud services, SaaS platforms and remote access, the traditional security boundary around the business has largely disappeared. Data now moves across multiple systems, suppliers and devices, making it harder to protect with network controls alone. A stronger approach focuses on the data itself, using clear ownership, encryption, controlled access, monitoring and recovery planning. This helps organisations reduce the impact of breaches, meet regulatory expectations and maintain business continuity when incidents occur.

https://www.techtarget.com/searchsecurity/tip/Beyond-the-perimeter-The-shift-to-data-centric-protection

Cyber Risk Is Having a Greater Financial and Operational Impact on Businesses: Aon

Cyber risk is having a growing financial and operational impact as businesses become more reliant on cloud services, shared infrastructure and third-party software. Aon warns that incidents now extend beyond data breaches, with losses increasingly linked to business interruption, supply chain disruption, reduced revenue and lengthy recovery periods. AI is also changing the risk landscape, increasing attacker capability while providing organisations with more effective tools for threat detection and response.

https://www.reinsurancene.ws/cyber-risk-is-having-a-greater-financial-and-operational-impact-on-businesses-aon/

2026 Cyber Security Assessment: The Gap Between Awareness and Resilience

Bitdefender’s 2026 Cyber Security Assessment, based on 1,200 IT and security professionals across six countries, highlights a gap between cyber risk awareness and practical resilience. While over 51% believe they have full visibility of approved and unapproved AI use, 47% admit visibility is partial or absent. AI risks dominate concern, yet Bitdefender Labs found that 84% of high-severity attacks abused legitimate tools already present inside organisations. The report also found 55% of breached respondents were told to keep incidents confidential, despite believing authorities should have been notified.

https://thehackernews.com/2026/07/2026-cybersecurity-assessment-gap.html

Cyber Risk Falls Flat Without Business Translation

Cyber risk is a board-level business issue, but boards need technical cyber risks translated into financial and operational impact to support effective decision-making. Verizon’s 2025 breach analysis found ransomware was present in 44% of breaches, third parties were involved in 30%, and attacks exploiting weaknesses rose 34% year on year. While 77% of directors now discuss the financial impact of cyber incidents, only 29% of boards include cyber security expertise. Clearer reporting, focused on cost, downtime, regulation and customer impact, helps boards prioritise action and investment.

https://www.informationweek.com/risk-management/cyber-risk-falls-flat-without-business-translation



Threats

Ransomware, Extortion and Destructive Attacks

Major Increase in Ransomware Attacks Targeting Europe, Warns Report - Infosecurity Magazine

UK businesses fear stigma of ransomware | Computer Weekly

Almost half of ransomware victims have data stolen before they can even detect an intrusion | TechRadar

Self-destructing Mistic backdoor linked to access broker selling corporate footholds to ransomware gangs

Ransomware gangs find Europe's weakest link in third-party suppliers - Help Net Security

Ransomware Resilience: What Happens When You Pay the Ransom? | SC Media UK

How ransomware syndicates weaponize corporate-style organization | CyberScoop

Somebody told DeepSeek to build in-browser ransomware and it gleefully complied

‘Every hour ransomware goes undetected drastically increases its potential blast radius’: Hackers are breaching networks and laying low for longer – and nearly half of firms don’t realize until data is stolen | IT Pro

Teens who hacked TfL were known to police years before cyber-attack - BBC News

Inside Mistic, the New Stealth Backdoor in Ransomware Intrusions

FortiBleed Password Stealing Attack Linked to INC and Lynx Ransomware Operations

Russian Hackers Accused of Destructive Attack on Jaguar Land Rover - Infosecurity Magazine

19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges

Microsoft: Two ransomware groups hit SharePoint | Cybernews

BlueHammer Vulnerability Exploited in Ransomware Attacks - SecurityWeek

Ex-Huntress analyst claims company insider fed info to a ransomware crim. Social media drama ensues

Ransomware and Destructive Attack Victims

Russian Hackers Accused of Destructive Attack on Jaguar Land Rover - Infosecurity Magazine

Hackers target NATO cyber coalition member with data leak threat​ | Cybernews

NAIC says public data stolen in ShinyHunters' PeopleSoft breach

Medtronic notifies customers impacted by ShinyHunters data breach

Blackfield ransomware asks Nidec Corporation for $2 million ransom

Phishing & Email Based Attacks

Bluekit phishing kit adopts browser-in-the-middle for login theft

This phishing kit looks more like BEC-as-a-service | CyberScoop

EvilTokens device-code phishing kit totally more evil than we all thought

Crafty Phishing Campaigns Auto-Adapt to Victim's Device, OS

Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials - Help Net Security

Cybersecurity firms targeted by fraudulent OpenAI organization invites

Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware

Hospitality Sector Hit by Phishing Campaign Using Fake Guest Complaint Emails

Inside the inbox: Why cybercriminals want to break into your email account

Business Email Compromise (BEC)/Email Account Compromise (EAC)

This phishing kit looks more like BEC-as-a-service | CyberScoop

EvilTokens device-code phishing kit totally more evil than we all thought

Lessons from the Underground: How to Combat Business Email Compromise

Other Social Engineering

ClickFix Now Cybercriminals' Favorite Malware Delivery Technique - Infosecurity Magazine

Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery

Cybersecurity firms targeted by fraudulent OpenAI organization invites

Social engineering: how scammers manipulate their victims | Kaspersky official blog

SIM-swapping gang busted in international police operation - Help Net Security

Scammers race to cash in on Venezuelan earthquake disaster

SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT

Wallpaper Engine puts an end to .exe wallpapers after malware spreads on the Steam Workshop - PC Guide

This Common Travel Convenience Is Becoming One of Scammers’ Favorite Tools, According to Cybersecurity Experts

Artificial Intelligence

Somebody told DeepSeek to build in-browser ransomware and it gleefully complied

Companies keep bolting AI onto their products, and the security bill is coming due - Help Net Security

AI-Generated Workflows Are a Silent Security Disaster

The agentic AI 'lethal trifecta': What CISOs should know | TechTarget

Cybersecurity firms targeted by fraudulent OpenAI organization invites

Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware

Multiple malicious OpenClaw skills found online - including two macOS infostealers | TechRadar

Five Eyes Urges Organizers to Protect Against Cyber Threats

Agentic AI Has an Identity Problem and Attackers Know It

Does Mythos Have You Worried About AI Attacks? Get The Basics Right

AI-generated code risks reach security, legal, and compliance teams - Help Net Security

Red teamers turned Claude Desktop into a double agent to do their evil bidding

New Enterprise-Ready MCP Specification Brings New Security Challenges - SecurityWeek

Clean GitHub repo tricks AI coding agents into running malware

Chinese Open-Weight AI Model Raises Cybersecurity Worries Over Advanced Capabilities | IBTimes

Simplicity and unity will win the fight against AI cyberattacks | ChannelPro

Palo Alto Networks’ AI Misfire Triggers Cyber Dust-Up at Home

282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study

New BioShocking attack manipulates AI browser into data theft

Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data

AI browsers tricked into revealing passwords with a simple method

Anthropic Restores Claude Fable 5 After US Lifts AI Export Restrictions

Why CISOs need to rethink governance in the AI era | perspective | SC Media

Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

AI is breaking the case for detection-first security | perspective | MSSP Alert

Securing AI agents: When AI tools move from reading to acting | Microsoft Security Blog

NO FAKES Act advances: What CISOs need to know | TechTarget

Why businesses are choosing cheap Chinese AI models over AI giants | Artificial Intelligence News - Business Standard

Bots/Botnets

RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS

RustDuck: The Botnet That's Still Small but Engineering Like It Plans to Grow

Microsoft wants to stop unwanted bots from entering Teams meetings - Help Net Security

Careers, Roles, Skills, Working in Cyber and Information Security

Beyond hiring: tackling the cybersecurity skills gap in the age of AI - New Statesman

Want a big tech job? Startups may be your best shot now - here's why | ZDNET

Cloud/SaaS

Hackers target Microsoft 365 accounts with 81 million login attempts

Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials - Help Net Security

Massive Password Spray Campaign Targeting Azure CLI - SecurityWeek

Microsoft Teams Impersonation Campaign Enables Unauthorized Access Through RMM Abuse

Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds

Microsoft wants to stop unwanted bots from entering Teams meetings - Help Net Security

Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

Poland busts SIM-swapping gang tied to millions in crypto theft

SIM-swapping gang busted in international police operation - Help Net Security

Cyber Crime, Organised Crime & Criminal Actors

Chinese Framework Powers 200,000 Scam Sites - SecurityWeek

TfL Hackers Were Known To Police For Years | Silicon UK Tech

FBI and IC3 Warns of Surge of Spoofed FIFA Websites by Cybercriminals

Data Breaches/Leaks

FortiBleed Password Stealing Attack Linked to INC and Lynx Ransomware Operations

Unnamed hackers steal stolen data from Icarus hackers responsible for Klue supply chain hack — and yes, it's as confusing as it sounds | TechRadar

Hackers Steal Data of 4.38 Million Aflac Japan Customers

Hackers breached DHS information-sharing network, people familiar say - Nextgov/FCW

Hackers target NATO cyber coalition member with data leak threat​ | Cybernews

NAIC says public data stolen in ShinyHunters' PeopleSoft breach

CMC Releases Analysis and Guidance for Education Sector After Canvas D - Infosecurity Magazine

UK school’s network left wide open for invasion, student found

C2K: New warning to parents over schools cyber attack - BBC News

You have got to be KDDI-ng – Japanese telco exposes 14.2 million managed email credentials

Nissan discloses employee data breach linked to Oracle zero-day attacks

Kubota says hackers had month-long access to network systems

Data/Digital Sovereignty

Digital sovereignty at the UN: Inside the global push to replace US cloud giants with open-source tech | ZDNET

Denial of Service/DoS/DDoS

RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS

Encryption

Preparing for Q-Day: New Executive Orders Address Quantum Innovation and Post-Quantum Cryptography | K&L Gates LLP - JDSupra

What the post-quantum executive order really demands of CISOs | CyberScoop

Fraud, Scams and Financial Crime

Chinese Framework Powers 200,000 Scam Sites - SecurityWeek

FBI and IC3 Warns of Surge of Spoofed FIFA Websites by Cybercriminals

Scammers race to cash in on Venezuelan earthquake disaster

US seizes hundreds of FIFA World Cup illegal streaming domains

What the Numbers Say About FIFA 2026 Cyber Risk

Why Cybersecurity Has Become Central to the Modern Sports Experience | Ice Miller - JDSupra

Amazon fined $2.25M for withholding evidence from fraud victims

WhatsApp will warn users before they message a potential scammer - Help Net Security

Identity and Access Management

Why Continuous Identity Verification Is The Future Of Cybersecurity

New spying threats force rethink of biometric identity checks | Biometric Update

Insider Risk and Insider Threats

Ex-Huntress analyst claims company insider fed info to a ransomware crim. Social media drama ensues

Insurance

Cyberattacks Are Growing Threat to SMEs – but Insurance Protection Is Low: GlobalData

Internet of Things – IoT

Twenty Million US IP Connections Used by Proxy Services - Infosecurity Magazine

Law Enforcement Action and Take Downs

Poland busts SIM-swapping gang tied to millions in crypto theft

19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges

Microsoft uses AI to link two malware operations in racketeering suit

Montenegro police arrest Iranian accused of hacking US universities | Euronews

US seizes hundreds of FIFA World Cup illegal streaming domains

TfL Hackers Were Known To Police For Years | Silicon UK Tech

Linux and Open Source

After Fable 5 ban, Anthropic and 19 organizations launch open source security body - The New Stack

DirtyClone: A Linux Privilege Escalation That Leaves No Trace on Disk

Malware

RustDuck: The Botnet That's Still Small but Engineering Like It Plans to Grow

ClickFix Now Cybercriminals' Favorite Malware Delivery Technique - Infosecurity Magazine

Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery

Self-destructing Mistic backdoor linked to access broker selling corporate footholds to ransomware gangs

Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware

Multiple malicious OpenClaw skills found online - including two macOS infostealers | TechRadar

SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT

Inside Mistic, the New Stealth Backdoor in Ransomware Intrusions

Miasma campaign poisons 20-plus npm packages, hunts for developer secrets

119 Edge extensions promised useful tools, instead downloaded malware | Malwarebytes

Veil#Drop Uses Google Blogspot to Deploy PureLog Stealer - Infosecurity Magazine

Ousaban Banking Trojan Targets Iberian Bank Users with Fake PDF Lures

New ChocoPoC malware targets researchers via trojanized PoC exploits

Microsoft uses AI to link two malware operations in racketeering suit

Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds

Clean GitHub repo tricks AI coding agents into running malware

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Mystery hackers use novel SharkLoader dropper against governments, software devs - Help Net Security

Malware-Laced USBs Breach Japanese Military Networks

Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input

Hackers have a new way to disable Mac security software | Macworld

Critical SimpleHelp Vulnerability Exploited for Malware Delivery - SecurityWeek

Microsoft takes down over 100 malicious Edge extensions hiding malware in images and fonts | TechRadar

Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse

Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks

Chinese APT CL-STA-1062 Expands Attacks on Southeast Asian Critical Infrastructure With Custom Malware

Russian APT Deploys 'StockStay' Backdoor Against Ukrainian Targets - SecurityWeek

Telegram-Based Millenium RAT Campaign Infects 60,000 Devices - Infosecurity Magazine

Mobile

AirDrop and Quick Share Flaws Let Nearby Attackers Trigger Crashes and Bypass Checks

Over 5 Billion iPhones And Android Devices Are Vulnerable To This Massive New Threat

Poland busts SIM-swapping gang tied to millions in crypto theft

SIM-swapping gang busted in international police operation - Help Net Security

282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study

Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools - Security Affairs

Even the Secret Service won't use company-issued phones

Russia uses Cellebrite to break into human rights activist’s phone, even after cancellation of contract | CyberScoop

Models, Frameworks and Standards

ISO 27001 or NIST CSF: Which Is Right for Your Business? - Security Boulevard

UK cybersecurity managers question speed-focused certification programs | SC Media UK

Half the defense base still builds security around compliance - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

Hackers target Microsoft 365 accounts with 81 million login attempts

Bluekit phishing kit adopts browser-in-the-middle for login theft

FortiBleed Password Stealing Attack Linked to INC and Lynx Ransomware Operations

Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials - Help Net Security

Massive Password Spray Campaign Targeting Azure CLI - SecurityWeek

Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds

AI browsers tricked into revealing passwords with a simple method

Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

You have got to be KDDI-ng – Japanese telco exposes 14.2 million managed email credentials

AI may be good at finding security vulnerabilities, but it can't beat human stupidity

Regulations, Fines and Legislation

Anthropic Restores Claude Fable 5 After US Lifts AI Export Restrictions

Metropolitan Police chief warns against law updates amid substantial tech expansion | Computer Weekly

The legislative challenges of cybersecurity | IT Pro

The King’s Speech: What CISOs Should Know | SC Media UK

Amazon fined $2.25M for withholding evidence from fraud victims

Preparing for Q-Day: New Executive Orders Address Quantum Innovation and Post-Quantum Cryptography | K&L Gates LLP - JDSupra

NO FAKES Act advances: What CISOs need to know | TechTarget

Trump’s New AI Frontier: The Executive Order Regulating Frontier AI Models | Foley Hoag LLP - Security, Privacy and the Law - JDSupra

FCC passes new cybersecurity rules for emergency systems, undersea cables | CyberScoop

Supreme Court delivers ‘major win’ for tech privacy in Chatrie ruling | CyberScoop

UK journalists and NGOs risk terrorism prosecutions under new security bill | Middle East Eye

Half the defense base still builds security around compliance - Help Net Security

Software Supply Chain

Miasma campaign poisons 20-plus npm packages, hunts for developer secrets

Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds

Clean GitHub repo tricks AI coding agents into running malware

Mystery hackers use novel SharkLoader dropper against governments, software devs - Help Net Security

New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks

Hiding in Plain Sight: The Geopolitics of Software Supply Chains

Supply Chain and Third Parties

Ransomware gangs find Europe's weakest link in third-party suppliers - Help Net Security

Unnamed hackers steal stolen data from Icarus hackers responsible for Klue supply chain hack — and yes, it's as confusing as it sounds | TechRadar

NAIC says public data stolen in ShinyHunters' PeopleSoft breach

Nissan discloses employee data breach linked to Oracle zero-day attacks

Third-Party Breaches Teach Schools a Costly Lesson in Vendor Risk


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Hiding in Plain Sight: The Geopolitics of Software Supply Chains

Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse

Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks

Russia's 'Gamaredon' Upgrades Its Arsenal, Requiring New Defenses

'No Ceasefire In Cyberspace:' Israel Says Iran-Linked Cyberattacks Nearly Tripled In June - Benzinga

Iran cyberattacks on Israel surged in 2026, Israeli cyber chief says - CNA

Iranian cyberattacks on Israel have nearly tripled cyber chief says | The Jerusalem Post

Iran, Russia, China Target Water Systems for Sabotage

Russian Water System Hack Attempted to Turn Canada Dry

Four years into Ukraine invasion, Russia turns influence-ops back to US and Europe

New spying threats force rethink of biometric identity checks | Biometric Update

Nation State Actors

Hiding in Plain Sight: The Geopolitics of Software Supply Chains

Iran, Russia, China Target Water Systems for Sabotage

China

Malware-Laced USBs Breach Japanese Military Networks

Iran, Russia, China Target Water Systems for Sabotage

Chinese APT CL-STA-1062 Expands Attacks on Southeast Asian Critical Infrastructure With Custom Malware

Chinese Open-Weight AI Model Raises Cybersecurity Worries Over Advanced Capabilities | IBTimes

Chinese Framework Powers 200,000 Scam Sites - SecurityWeek

Chinese cybersecurity company claims it’s built a better-than-Mythos bug finder

Russia

Russian Intelligence Services Continue to Target Commercial Messaging Applications | CISA

FBI: Russian hackers now target Signal backup recovery keys

Iran, Russia, China Target Water Systems for Sabotage

Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse

Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks

Russian Water System Hack Attempted to Turn Canada Dry

Four years into Ukraine invasion, Russia turns influence-ops back to US and Europe

SSU and FBI Uncover Russian Cyber Espionage Operation Against Officials and Military Personnel

US offers $10 million for info on group behind Signal and WhatsApp hacking spree - Ars Technica

SBU neutralizes over 16,000 Russian cyberattacks, cyber incidents since 2022, largely targeting media

Russian Hackers Accused of Destructive Attack on Jaguar Land Rover - Infosecurity Magazine

Ireland retains out-of-date air navigation systems in response to Russian jamming – The Irish Times

Russia uses Cellebrite to break into human rights activist’s phone, even after cancellation of contract | CyberScoop

Iran

Iran, Russia, China Target Water Systems for Sabotage

'No Ceasefire In Cyberspace:' Israel Says Iran-Linked Cyberattacks Nearly Tripled In June - Benzinga

Iran cyberattacks on Israel surged in 2026, Israeli cyber chief says - CNA

Iranian cyberattacks on Israel have nearly tripled cyber chief says | The Jerusalem Post

Montenegro police arrest Iranian accused of hacking US universities | Euronews

Major Cybersecurity Failure: Four Largest Iranian Banks Face 3rd Week of Outages


Tools and Controls

Less than one in ten of cybersecurity pros trust AI testing tools to find vulnerabilities, with over three-quarters say their AI vulnerability scanning tools missed critical flaws | TechRadar

UK cybersecurity managers question speed-focused certification programs | SC Media UK

Claude Sonnet 5 includes safeguards against dangerous cyber use - Help Net Security

Anthropic Restores Claude Fable 5 After U.S. Lifts Jailbreak-Linked Export Controls

AI Decline? Confidence Falls in Autonomous Penetration Testing

Cyberattacks Are Growing Threat to SMEs – but Insurance Protection Is Low: GlobalData

Microsoft Teams Impersonation Campaign Enables Unauthorized Access Through RMM Abuse

OpenAI Unveils GPT-5.6 Sol as Its Most Advanced Cybersecurity AI - SecurityWeek

The AI Token Costs That Can Break Cybersecurity - SecurityWeek

Hackers have a new way to disable Mac security software | Macworld

Why Continuous Identity Verification Is The Future Of Cybersecurity

78% of Security Teams Experience Critical False Negatives From Automated Scanning Tools as AI Struggles to Detect and Resolve Vulnerabilities

It's looking like a hot, messy summer for security teams as AI finds countless previously hidden vulns

Chinese Open-Weight AI Model Raises Cybersecurity Worries Over Advanced Capabilities | IBTimes

Even the Secret Service won't use company-issued phones

Microsoft uses AI to link two malware operations in racketeering suit

Palo Alto Networks’ AI Misfire Triggers Cyber Dust-Up at Home

Securing AI agents: When AI tools move from reading to acting | Microsoft Security Blog

Confidential Computing In The AI Era

Russia uses Cellebrite to break into human rights activist’s phone, even after cancellation of contract | CyberScoop

Chinese cybersecurity company claims it’s built a better-than-Mythos bug finder



Vulnerability Management

Less than one in ten of cybersecurity pros trust AI testing tools to find vulnerabilities, with over three-quarters say their AI vulnerability scanning tools missed critical flaws | TechRadar

Linux Foundation Unveils New Open Source Security Project Akrites - SecurityWeek

After Fable 5 ban, Anthropic and 19 organizations launch open source security body - The New Stack

A crucial Windows security certificate just expired - how to check your PC | ZDNET

New Initiative Secures End-of-Life Open Source Software

It's looking like a hot, messy summer for security teams as AI finds countless previously hidden vulns

Vulnerability reports are arriving faster than GitHub can review them - Help Net Security

Modernizing Global Vulnerability Standards For The Age Of AI

Apple Reverses Age-Old Patch Policy to Keep Up With AI

Why patch directives only go so far | CyberScoop

Chinese cybersecurity company claims it’s built a better-than-Mythos bug finder

Vulnerabilities

Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service

New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure - SecurityWeek

Cisco finally confirms attackers exploiting Unified CM flaw

Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed

Oracle E-Business Suite was under attack via critical flaw before the public exploit code was even released

Adobe patches seven max severity ColdFusion, Campaign flaws

AirDrop and Quick Share vulnerabilities affect protocols on five billion devices as fixes begin - Help Net Security

SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation

macOS Flaw Lets Standard Users Disable EDR and MDM - Infosecurity Magazine

Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs

Apple rushed to squash 29 bugs because AI is supercharging hackers - update ASAP | ZDNET

AirDrop and Quick Share Flaws Let Nearby Attackers Trigger Crashes and Bypass Checks

Over 5 Billion iPhones And Android Devices Are Vulnerable To This Massive New Threat

Amazon Q VS Extension Flaw Leads to Cloud Credential Theft

Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters

BlueHammer Vulnerability Exploited in Ransomware Attacks - SecurityWeek

Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands

Chrome 150 fixes nearly 400 security flaws, including 15 critical ones | PCWorld

Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

'DirtyClone' Linux Kernel Vulnerability Leads to Root Access - SecurityWeek

Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts

Critical SimpleHelp Vulnerability Exploited for Malware Delivery - SecurityWeek

Critical Unauthenticated Remote Code Execution in Splunk Enterprise (CVE-2026-20253) - Security Boulevard

Synology issues critical fix for MailPlus Server vulnerabilities - Help Net Security

Anonymous researcher drops 0-day 'exploitarium' repo

Researcher Explains Release of Undisclosed Zero-Day Exploits - Infosecurity Magazine


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

  • Automotive

  • Construction

  • Critical National Infrastructure (CNI)

  • Defence & Space

  • Education & Academia

  • Energy & Utilities

  • Estate Agencies

  • Financial Services

  • FinTech

  • Food & Agriculture

  • Gaming & Gambling

  • Government & Public Sector (including Law Enforcement)

  • Health/Medical/Pharma

  • Hotels & Hospitality

  • Insurance

  • Legal

  • Manufacturing

  • Maritime & Shipping

  • Oil, Gas & Mining

  • OT, ICS, IIoT, SCADA & Cyber-Physical Systems

  • Retail & eCommerce

  • Small and Medium Sized Businesses (SMBs)

  • Startups

  • Telecoms

  • Third Sector & Charities

  • Transport & Aviation

  • Web3


Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.

Next
Next

Black Arrow Cyber Advisory 30 June 2026: Attackers Abuse Trusted Platform Invitations to Impersonate Organisations