Black Arrow Cyber Threat Intelligence Briefing 03 July 2026
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
In recent weeks, our review of cyber security in the specialist and general media has focused on managing the risks presented by developments in AI. This week, however, our review highlights a greater focus on more traditional threats including email phishing and other social engineering, as well as a reminder of the continued growth in ransomware and the developing tactics of attackers. We also share insights into managing risks from the increasing use of cloud services, SaaS platforms and remote access.
These developments reinforce the need for business leaders to address both cyber security and cyber resilience. This requires cyber security teams to articulate risks in business terms, while business leaders develop sufficient understanding of cyber risk to make informed decisions and engage in informed discussion. Contact us to find out how we support organisations to achieve this in different sectors across the world.
Top Cyber Stories of the Last Week
Inside the Inbox: Why Cybercriminals Want to Break into Your Email Account
Email accounts remain a high-value target because they often provide access to other accounts through password resets, identity verification and connected business systems, including shared drives, finance platforms and customer data. ESET recorded a 36% rise in malicious emails in the second half of 2025 compared with the previous six months, while UK government figures found phishing was the most common form of cyber attack at 38%. Inbox compromise can also support fraud, data theft and ransomware, making strong passwords, multi-factor authentication and regular checks for suspicious forwarding rules important safeguards.
Crafty Phishing Campaigns Auto-Adapt to Victim's Device, OS
Phishing attacks are becoming more targeted, with some campaigns now detecting a victim’s device, browser, language, location and operating system after they click a malicious link. This allows attackers to deliver the most suitable payload, such as different remote access tools for Mac or Windows users, or to mimic trusted brands such as Google, Microsoft Teams, Adobe, DocuSign and Zoom. Cofense warns that this increases the chance of compromise and makes each campaign more profitable, especially where trusted tools are misused to gain remote access.
https://www.darkreading.com/application-security/phishing-campaigns-auto-adapt-victims-device-os
ClickFix Now Cybercriminals' Favourite Malware Delivery Technique
ClickFix has become the leading technique used by cyber criminals to deliver malware, according to ReliaQuest analysis of attacks between 1 March and 31 May 2026. The technique tricks users into pasting attacker-supplied commands into trusted system tools, often through fake verification pages on compromised websites. This can bypass security tools because the action appears to be performed by the user. The threat now affects both Windows and macOS, with attackers adapting to Apple protections by targeting Script Editor to deliver AMOS malware, which steals browser credentials, session cookies, crypto wallets and keychain data.
https://www.infosecurity-magazine.com/news/clickfix-cybercriminals-favorite/
The Agentic AI ‘Lethal Trifecta’: What CISOs Should Know
Agentic AI can combine access to sensitive data, the ability to read untrusted content and permission to act or communicate externally, creating what some experts describe as a “lethal trifecta” of risk. If poorly controlled, AI agents could expose confidential information, change business systems or be manipulated through hidden instructions known as prompt injection. Organisations should map where AI agents have access, restrict permissions by default, monitor behaviour and apply strong identity controls so agents can only perform approved tasks.
https://www.techtarget.com/searchsecurity/tip/The-agentic-AI-lethal-trifecta-What-CISOs-should-know
Ransomware Gangs Find Europe’s Weakest Link in Third-Party Suppliers
Ransomware activity across Europe is rising, with suppliers and service providers increasingly used as routes into larger organisations. Black Kite reviewed 2,066 incidents across 31 countries and found publicly disclosed cases rose 55% between January and April 2026 compared with the same period in 2025. Germany, the UK, France, Italy and Spain accounted for nearly 70% of incidents, while manufacturing represented 28% of cases. The report also found 64 organisations were compromised through third-party incidents, highlighting how one supplier breach can create wider disruption for many connected businesses.
https://www.helpnetsecurity.com/2026/06/26/black-kite-european-cyber-threats-report/
Almost Half of Ransomware Victims Have Data Stolen Before They Can Even Detect an Intrusion
Ransomware attackers are increasingly stealing data before organisations realise they have been breached. ExtraHop’s Global Threat Landscape Report, based on more than 1,800 IT and security leaders, found that 49% of ransomware victims only detected an attack after data had been stolen, up from 31% last year. Attackers are spending an average of 2.5 weeks inside systems before detection, often by using encrypted channels, valid high-privilege accounts and activity that resembles legitimate workflows to avoid raising alarms. Average ransom payments fell from $3.6 million to $2.8 million, but 83% of surveyed victims still paid.
UK Businesses Fear Stigma of Ransomware
Ransomware is likely being significantly underreported by UK businesses, with many organisations reluctant to disclose attacks due to reputational concerns or fear of criticism, particularly where a ransom has been paid. Between April 2025 and March 2026, 323 UK organisations reported ransomware incidents to Report Fraud, with small and medium-sized organisations accounting for 175 cases. Reported losses totalled £270,000, a figure that may understate the true impact.
https://www.computerweekly.com/news/366645146/UK-businesses-fear-stigma-of-ransomware
How Ransomware Syndicates Weaponize Corporate-Style Organisation
Ransomware groups are increasingly operating like organised businesses rather than isolated criminals. Before shutting down in 2025, the ransomware group Black Basta targeted 520 victims across 39 industries and received at least $107 million in bitcoin payments. Leaked chats show structured teams, outsourced services, performance-based pay and tailored ransom demands based on a victim’s size, finances, sensitive data and cyber insurance policy details. Ransomware is estimated to generate around $74 billion globally each year, meaning organisations need to treat incidents as planned business crises, rehearsing decisions before attackers apply pressure through deadlines, disruption and data exposure.
https://cyberscoop.com/ransomware-syndicates-corporate-organization-op-ed/
Beyond the Perimeter: The Shift to Data-Centric Protection
As organisations use more cloud services, SaaS platforms and remote access, the traditional security boundary around the business has largely disappeared. Data now moves across multiple systems, suppliers and devices, making it harder to protect with network controls alone. A stronger approach focuses on the data itself, using clear ownership, encryption, controlled access, monitoring and recovery planning. This helps organisations reduce the impact of breaches, meet regulatory expectations and maintain business continuity when incidents occur.
Cyber Risk Is Having a Greater Financial and Operational Impact on Businesses: Aon
Cyber risk is having a growing financial and operational impact as businesses become more reliant on cloud services, shared infrastructure and third-party software. Aon warns that incidents now extend beyond data breaches, with losses increasingly linked to business interruption, supply chain disruption, reduced revenue and lengthy recovery periods. AI is also changing the risk landscape, increasing attacker capability while providing organisations with more effective tools for threat detection and response.
2026 Cyber Security Assessment: The Gap Between Awareness and Resilience
Bitdefender’s 2026 Cyber Security Assessment, based on 1,200 IT and security professionals across six countries, highlights a gap between cyber risk awareness and practical resilience. While over 51% believe they have full visibility of approved and unapproved AI use, 47% admit visibility is partial or absent. AI risks dominate concern, yet Bitdefender Labs found that 84% of high-severity attacks abused legitimate tools already present inside organisations. The report also found 55% of breached respondents were told to keep incidents confidential, despite believing authorities should have been notified.
https://thehackernews.com/2026/07/2026-cybersecurity-assessment-gap.html
Cyber Risk Falls Flat Without Business Translation
Cyber risk is a board-level business issue, but boards need technical cyber risks translated into financial and operational impact to support effective decision-making. Verizon’s 2025 breach analysis found ransomware was present in 44% of breaches, third parties were involved in 30%, and attacks exploiting weaknesses rose 34% year on year. While 77% of directors now discuss the financial impact of cyber incidents, only 29% of boards include cyber security expertise. Clearer reporting, focused on cost, downtime, regulation and customer impact, helps boards prioritise action and investment.
https://www.informationweek.com/risk-management/cyber-risk-falls-flat-without-business-translation
Governance, Risk and Compliance
Why Cyber Isn't Just A Risk Issue—It’s A Strategic Execution Issue
Beyond the perimeter: The shift to data-centric protection | TechTarget
From Triangle To Pentagon: The Expanding Scope Of Cybersecurity Leadership
Cyberattacks Are Growing Threat to SMEs – but Insurance Protection Is Low: GlobalData
Cyber risk falls flat without business translation
British public won’t tolerate cyber disruption any more | Computer Weekly
Analysts warn banks that cybersecurity is a bigger bank risk than credit | LSE:LLOY
Threats
Ransomware, Extortion and Destructive Attacks
Major Increase in Ransomware Attacks Targeting Europe, Warns Report - Infosecurity Magazine
UK businesses fear stigma of ransomware | Computer Weekly
Ransomware gangs find Europe's weakest link in third-party suppliers - Help Net Security
Ransomware Resilience: What Happens When You Pay the Ransom? | SC Media UK
How ransomware syndicates weaponize corporate-style organization | CyberScoop
Somebody told DeepSeek to build in-browser ransomware and it gleefully complied
Teens who hacked TfL were known to police years before cyber-attack - BBC News
Inside Mistic, the New Stealth Backdoor in Ransomware Intrusions
FortiBleed Password Stealing Attack Linked to INC and Lynx Ransomware Operations
Russian Hackers Accused of Destructive Attack on Jaguar Land Rover - Infosecurity Magazine
19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges
Microsoft: Two ransomware groups hit SharePoint | Cybernews
BlueHammer Vulnerability Exploited in Ransomware Attacks - SecurityWeek
Ex-Huntress analyst claims company insider fed info to a ransomware crim. Social media drama ensues
Ransomware and Destructive Attack Victims
Russian Hackers Accused of Destructive Attack on Jaguar Land Rover - Infosecurity Magazine
Hackers target NATO cyber coalition member with data leak threat | Cybernews
NAIC says public data stolen in ShinyHunters' PeopleSoft breach
Medtronic notifies customers impacted by ShinyHunters data breach
Blackfield ransomware asks Nidec Corporation for $2 million ransom
Phishing & Email Based Attacks
Bluekit phishing kit adopts browser-in-the-middle for login theft
This phishing kit looks more like BEC-as-a-service | CyberScoop
EvilTokens device-code phishing kit totally more evil than we all thought
Crafty Phishing Campaigns Auto-Adapt to Victim's Device, OS
Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials - Help Net Security
Cybersecurity firms targeted by fraudulent OpenAI organization invites
Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware
Hospitality Sector Hit by Phishing Campaign Using Fake Guest Complaint Emails
Inside the inbox: Why cybercriminals want to break into your email account
Business Email Compromise (BEC)/Email Account Compromise (EAC)
This phishing kit looks more like BEC-as-a-service | CyberScoop
EvilTokens device-code phishing kit totally more evil than we all thought
Lessons from the Underground: How to Combat Business Email Compromise
Other Social Engineering
ClickFix Now Cybercriminals' Favorite Malware Delivery Technique - Infosecurity Magazine
Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery
Cybersecurity firms targeted by fraudulent OpenAI organization invites
Social engineering: how scammers manipulate their victims | Kaspersky official blog
SIM-swapping gang busted in international police operation - Help Net Security
Scammers race to cash in on Venezuelan earthquake disaster
SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT
Artificial Intelligence
Somebody told DeepSeek to build in-browser ransomware and it gleefully complied
AI-Generated Workflows Are a Silent Security Disaster
The agentic AI 'lethal trifecta': What CISOs should know | TechTarget
Cybersecurity firms targeted by fraudulent OpenAI organization invites
Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware
Multiple malicious OpenClaw skills found online - including two macOS infostealers | TechRadar
Five Eyes Urges Organizers to Protect Against Cyber Threats
Agentic AI Has an Identity Problem and Attackers Know It
Does Mythos Have You Worried About AI Attacks? Get The Basics Right
AI-generated code risks reach security, legal, and compliance teams - Help Net Security
Red teamers turned Claude Desktop into a double agent to do their evil bidding
New Enterprise-Ready MCP Specification Brings New Security Challenges - SecurityWeek
Clean GitHub repo tricks AI coding agents into running malware
Chinese Open-Weight AI Model Raises Cybersecurity Worries Over Advanced Capabilities | IBTimes
Simplicity and unity will win the fight against AI cyberattacks | ChannelPro
Palo Alto Networks’ AI Misfire Triggers Cyber Dust-Up at Home
282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study
New BioShocking attack manipulates AI browser into data theft
Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data
AI browsers tricked into revealing passwords with a simple method
Anthropic Restores Claude Fable 5 After US Lifts AI Export Restrictions
Why CISOs need to rethink governance in the AI era | perspective | SC Media
Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints
AI is breaking the case for detection-first security | perspective | MSSP Alert
Securing AI agents: When AI tools move from reading to acting | Microsoft Security Blog
NO FAKES Act advances: What CISOs need to know | TechTarget
Bots/Botnets
RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS
RustDuck: The Botnet That's Still Small but Engineering Like It Plans to Grow
Microsoft wants to stop unwanted bots from entering Teams meetings - Help Net Security
Careers, Roles, Skills, Working in Cyber and Information Security
Beyond hiring: tackling the cybersecurity skills gap in the age of AI - New Statesman
Want a big tech job? Startups may be your best shot now - here's why | ZDNET
Cloud/SaaS
Hackers target Microsoft 365 accounts with 81 million login attempts
Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials - Help Net Security
Massive Password Spray Campaign Targeting Azure CLI - SecurityWeek
Microsoft Teams Impersonation Campaign Enables Unauthorized Access Through RMM Abuse
Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds
Microsoft wants to stop unwanted bots from entering Teams meetings - Help Net Security
Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints
Poland busts SIM-swapping gang tied to millions in crypto theft
SIM-swapping gang busted in international police operation - Help Net Security
Cyber Crime, Organised Crime & Criminal Actors
Chinese Framework Powers 200,000 Scam Sites - SecurityWeek
TfL Hackers Were Known To Police For Years | Silicon UK Tech
FBI and IC3 Warns of Surge of Spoofed FIFA Websites by Cybercriminals
Data Breaches/Leaks
FortiBleed Password Stealing Attack Linked to INC and Lynx Ransomware Operations
Hackers Steal Data of 4.38 Million Aflac Japan Customers
Hackers breached DHS information-sharing network, people familiar say - Nextgov/FCW
Hackers target NATO cyber coalition member with data leak threat | Cybernews
NAIC says public data stolen in ShinyHunters' PeopleSoft breach
CMC Releases Analysis and Guidance for Education Sector After Canvas D - Infosecurity Magazine
UK school’s network left wide open for invasion, student found
C2K: New warning to parents over schools cyber attack - BBC News
You have got to be KDDI-ng – Japanese telco exposes 14.2 million managed email credentials
Nissan discloses employee data breach linked to Oracle zero-day attacks
Kubota says hackers had month-long access to network systems
Data/Digital Sovereignty
Denial of Service/DoS/DDoS
RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS
Encryption
What the post-quantum executive order really demands of CISOs | CyberScoop
Fraud, Scams and Financial Crime
Chinese Framework Powers 200,000 Scam Sites - SecurityWeek
FBI and IC3 Warns of Surge of Spoofed FIFA Websites by Cybercriminals
Scammers race to cash in on Venezuelan earthquake disaster
US seizes hundreds of FIFA World Cup illegal streaming domains
What the Numbers Say About FIFA 2026 Cyber Risk
Why Cybersecurity Has Become Central to the Modern Sports Experience | Ice Miller - JDSupra
Amazon fined $2.25M for withholding evidence from fraud victims
WhatsApp will warn users before they message a potential scammer - Help Net Security
Identity and Access Management
Why Continuous Identity Verification Is The Future Of Cybersecurity
New spying threats force rethink of biometric identity checks | Biometric Update
Insider Risk and Insider Threats
Ex-Huntress analyst claims company insider fed info to a ransomware crim. Social media drama ensues
Insurance
Cyberattacks Are Growing Threat to SMEs – but Insurance Protection Is Low: GlobalData
Internet of Things – IoT
Twenty Million US IP Connections Used by Proxy Services - Infosecurity Magazine
Law Enforcement Action and Take Downs
Poland busts SIM-swapping gang tied to millions in crypto theft
19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges
Microsoft uses AI to link two malware operations in racketeering suit
Montenegro police arrest Iranian accused of hacking US universities | Euronews
US seizes hundreds of FIFA World Cup illegal streaming domains
TfL Hackers Were Known To Police For Years | Silicon UK Tech
Linux and Open Source
After Fable 5 ban, Anthropic and 19 organizations launch open source security body - The New Stack
DirtyClone: A Linux Privilege Escalation That Leaves No Trace on Disk
Malware
RustDuck: The Botnet That's Still Small but Engineering Like It Plans to Grow
ClickFix Now Cybercriminals' Favorite Malware Delivery Technique - Infosecurity Magazine
Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery
Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware
Multiple malicious OpenClaw skills found online - including two macOS infostealers | TechRadar
SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT
Inside Mistic, the New Stealth Backdoor in Ransomware Intrusions
Miasma campaign poisons 20-plus npm packages, hunts for developer secrets
119 Edge extensions promised useful tools, instead downloaded malware | Malwarebytes
Veil#Drop Uses Google Blogspot to Deploy PureLog Stealer - Infosecurity Magazine
Ousaban Banking Trojan Targets Iberian Bank Users with Fake PDF Lures
New ChocoPoC malware targets researchers via trojanized PoC exploits
Microsoft uses AI to link two malware operations in racketeering suit
Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds
Clean GitHub repo tricks AI coding agents into running malware
Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability
Mystery hackers use novel SharkLoader dropper against governments, software devs - Help Net Security
Malware-Laced USBs Breach Japanese Military Networks
Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input
Hackers have a new way to disable Mac security software | Macworld
Critical SimpleHelp Vulnerability Exploited for Malware Delivery - SecurityWeek
Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks
Russian APT Deploys 'StockStay' Backdoor Against Ukrainian Targets - SecurityWeek
Telegram-Based Millenium RAT Campaign Infects 60,000 Devices - Infosecurity Magazine
Mobile
AirDrop and Quick Share Flaws Let Nearby Attackers Trigger Crashes and Bypass Checks
Over 5 Billion iPhones And Android Devices Are Vulnerable To This Massive New Threat
Poland busts SIM-swapping gang tied to millions in crypto theft
SIM-swapping gang busted in international police operation - Help Net Security
282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study
Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools - Security Affairs
Even the Secret Service won't use company-issued phones
Models, Frameworks and Standards
ISO 27001 or NIST CSF: Which Is Right for Your Business? - Security Boulevard
UK cybersecurity managers question speed-focused certification programs | SC Media UK
Half the defense base still builds security around compliance - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
Hackers target Microsoft 365 accounts with 81 million login attempts
Bluekit phishing kit adopts browser-in-the-middle for login theft
FortiBleed Password Stealing Attack Linked to INC and Lynx Ransomware Operations
Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials - Help Net Security
Massive Password Spray Campaign Targeting Azure CLI - SecurityWeek
Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds
AI browsers tricked into revealing passwords with a simple method
Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials
You have got to be KDDI-ng – Japanese telco exposes 14.2 million managed email credentials
AI may be good at finding security vulnerabilities, but it can't beat human stupidity
Regulations, Fines and Legislation
Anthropic Restores Claude Fable 5 After US Lifts AI Export Restrictions
The legislative challenges of cybersecurity | IT Pro
The King’s Speech: What CISOs Should Know | SC Media UK
Amazon fined $2.25M for withholding evidence from fraud victims
NO FAKES Act advances: What CISOs need to know | TechTarget
FCC passes new cybersecurity rules for emergency systems, undersea cables | CyberScoop
Supreme Court delivers ‘major win’ for tech privacy in Chatrie ruling | CyberScoop
UK journalists and NGOs risk terrorism prosecutions under new security bill | Middle East Eye
Half the defense base still builds security around compliance - Help Net Security
Software Supply Chain
Miasma campaign poisons 20-plus npm packages, hunts for developer secrets
Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds
Clean GitHub repo tricks AI coding agents into running malware
Mystery hackers use novel SharkLoader dropper against governments, software devs - Help Net Security
New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks
Hiding in Plain Sight: The Geopolitics of Software Supply Chains
Supply Chain and Third Parties
Ransomware gangs find Europe's weakest link in third-party suppliers - Help Net Security
NAIC says public data stolen in ShinyHunters' PeopleSoft breach
Nissan discloses employee data breach linked to Oracle zero-day attacks
Third-Party Breaches Teach Schools a Costly Lesson in Vendor Risk
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Hiding in Plain Sight: The Geopolitics of Software Supply Chains
Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks
Russia's 'Gamaredon' Upgrades Its Arsenal, Requiring New Defenses
'No Ceasefire In Cyberspace:' Israel Says Iran-Linked Cyberattacks Nearly Tripled In June - Benzinga
Iran cyberattacks on Israel surged in 2026, Israeli cyber chief says - CNA
Iranian cyberattacks on Israel have nearly tripled cyber chief says | The Jerusalem Post
Iran, Russia, China Target Water Systems for Sabotage
Russian Water System Hack Attempted to Turn Canada Dry
Four years into Ukraine invasion, Russia turns influence-ops back to US and Europe
New spying threats force rethink of biometric identity checks | Biometric Update
Nation State Actors
Hiding in Plain Sight: The Geopolitics of Software Supply Chains
Iran, Russia, China Target Water Systems for Sabotage
China
Malware-Laced USBs Breach Japanese Military Networks
Iran, Russia, China Target Water Systems for Sabotage
Chinese Open-Weight AI Model Raises Cybersecurity Worries Over Advanced Capabilities | IBTimes
Chinese Framework Powers 200,000 Scam Sites - SecurityWeek
Chinese cybersecurity company claims it’s built a better-than-Mythos bug finder
Russia
Russian Intelligence Services Continue to Target Commercial Messaging Applications | CISA
FBI: Russian hackers now target Signal backup recovery keys
Iran, Russia, China Target Water Systems for Sabotage
Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks
Russian Water System Hack Attempted to Turn Canada Dry
Four years into Ukraine invasion, Russia turns influence-ops back to US and Europe
SSU and FBI Uncover Russian Cyber Espionage Operation Against Officials and Military Personnel
US offers $10 million for info on group behind Signal and WhatsApp hacking spree - Ars Technica
Russian Hackers Accused of Destructive Attack on Jaguar Land Rover - Infosecurity Magazine
Ireland retains out-of-date air navigation systems in response to Russian jamming – The Irish Times
Iran
Iran, Russia, China Target Water Systems for Sabotage
'No Ceasefire In Cyberspace:' Israel Says Iran-Linked Cyberattacks Nearly Tripled In June - Benzinga
Iran cyberattacks on Israel surged in 2026, Israeli cyber chief says - CNA
Iranian cyberattacks on Israel have nearly tripled cyber chief says | The Jerusalem Post
Montenegro police arrest Iranian accused of hacking US universities | Euronews
Major Cybersecurity Failure: Four Largest Iranian Banks Face 3rd Week of Outages
Tools and Controls
UK cybersecurity managers question speed-focused certification programs | SC Media UK
Claude Sonnet 5 includes safeguards against dangerous cyber use - Help Net Security
Anthropic Restores Claude Fable 5 After U.S. Lifts Jailbreak-Linked Export Controls
AI Decline? Confidence Falls in Autonomous Penetration Testing
Cyberattacks Are Growing Threat to SMEs – but Insurance Protection Is Low: GlobalData
Microsoft Teams Impersonation Campaign Enables Unauthorized Access Through RMM Abuse
OpenAI Unveils GPT-5.6 Sol as Its Most Advanced Cybersecurity AI - SecurityWeek
The AI Token Costs That Can Break Cybersecurity - SecurityWeek
Hackers have a new way to disable Mac security software | Macworld
Why Continuous Identity Verification Is The Future Of Cybersecurity
Chinese Open-Weight AI Model Raises Cybersecurity Worries Over Advanced Capabilities | IBTimes
Even the Secret Service won't use company-issued phones
Microsoft uses AI to link two malware operations in racketeering suit
Palo Alto Networks’ AI Misfire Triggers Cyber Dust-Up at Home
Securing AI agents: When AI tools move from reading to acting | Microsoft Security Blog
Confidential Computing In The AI Era
Chinese cybersecurity company claims it’s built a better-than-Mythos bug finder
Other News
Critical infrastructure under attack - NCSC CEO | UKAuthority
UK Healthcare Sector Records Tenfold Increase in Cyber-Attacks - Infosecurity Magazine
Cybersecurity beyond blocking: A call for collaboration
British public won’t tolerate cyber disruption any more | Computer Weekly
Healthcare leaders see a fatal cyber incident as inevitable - Help Net Security
Irish Examiner view: Urgent action needed on cyber threats
When Cyber-Physical Risk Becomes A Life-Safety Threat
To defend against hybrid attacks, governments should team up with the private sector – POLITICO
Vulnerability Management
Linux Foundation Unveils New Open Source Security Project Akrites - SecurityWeek
After Fable 5 ban, Anthropic and 19 organizations launch open source security body - The New Stack
A crucial Windows security certificate just expired - how to check your PC | ZDNET
New Initiative Secures End-of-Life Open Source Software
Vulnerability reports are arriving faster than GitHub can review them - Help Net Security
Modernizing Global Vulnerability Standards For The Age Of AI
Apple Reverses Age-Old Patch Policy to Keep Up With AI
Why patch directives only go so far | CyberScoop
Chinese cybersecurity company claims it’s built a better-than-Mythos bug finder
Vulnerabilities
Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service
New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure - SecurityWeek
Cisco finally confirms attackers exploiting Unified CM flaw
Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed
Adobe patches seven max severity ColdFusion, Campaign flaws
SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation
macOS Flaw Lets Standard Users Disable EDR and MDM - Infosecurity Magazine
Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs
Apple rushed to squash 29 bugs because AI is supercharging hackers - update ASAP | ZDNET
AirDrop and Quick Share Flaws Let Nearby Attackers Trigger Crashes and Bypass Checks
Over 5 Billion iPhones And Android Devices Are Vulnerable To This Massive New Threat
Amazon Q VS Extension Flaw Leads to Cloud Credential Theft
Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters
BlueHammer Vulnerability Exploited in Ransomware Attacks - SecurityWeek
Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands
Chrome 150 fixes nearly 400 security flaws, including 15 critical ones | PCWorld
Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints
Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw
'DirtyClone' Linux Kernel Vulnerability Leads to Root Access - SecurityWeek
Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts
Critical SimpleHelp Vulnerability Exploited for Malware Delivery - SecurityWeek
Synology issues critical fix for MailPlus Server vulnerabilities - Help Net Security
Anonymous researcher drops 0-day 'exploitarium' repo
Researcher Explains Release of Undisclosed Zero-Day Exploits - Infosecurity Magazine
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
Automotive
Construction
Critical National Infrastructure (CNI)
Defence & Space
Education & Academia
Energy & Utilities
Estate Agencies
Financial Services
FinTech
Food & Agriculture
Gaming & Gambling
Government & Public Sector (including Law Enforcement)
Health/Medical/Pharma
Hotels & Hospitality
Insurance
Legal
Manufacturing
Maritime & Shipping
Oil, Gas & Mining
OT, ICS, IIoT, SCADA & Cyber-Physical Systems
Retail & eCommerce
Small and Medium Sized Businesses (SMBs)
Startups
Telecoms
Third Sector & Charities
Transport & Aviation
Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.