Black Arrow Cyber Threat Intelligence Briefing 05 June 2026
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week’s review of cyber security in the specialist and general media highlights how business leaders can better understand and manage cyber risks, with insights into actions that boards can take to improve security and resilience.
AI remains a prominent theme, continuing a trend we have observed over recent months. Alongside this, we see cyber risks becoming more complex, spanning geopolitical threats, the evolution of ransomware, and security weaknesses that can emerge through routine business and technology changes. We also highlight the recently announced impact of last year’s M&S cyber attack on executive remuneration, illustrating how the consequences of a cyber incident can extend well beyond the initial disruption.
Our advice for business leaders remains consistent: focus on cyber security to reduce the likelihood of an incident, and on cyber resilience to withstand and recover from one. This requires boards to understand cyber risks in business terms, govern them through proportionate controls, and rehearse the leadership response before an incident occurs. Contact us to discuss how these themes can be addressed in your leadership meetings.
Top Cyber Stories of the Last Week
Why Your Board Is Still Not Ready for Cyber Risk - And What Actually Needs To Change
Cyber incidents have ranked as the top global risk for the fifth year running, according to the Allianz Commercial Risk Barometer, yet many boards still overestimate their organisation’s readiness. A key challenge is proving the return on cyber security investment, particularly where risks involve reputation, customer trust and business disruption. Stronger cyber resilience can reduce downtime, support customer retention and strengthen competitive positioning. Boards should treat cyber risk as a core business issue, with clear ownership, measurable reporting, independent assurance and consideration in strategy, mergers and acquisitions.
Execs Must Treat Cyber Threats as Statecraft, ISACA Expert Says
Information Security professional body ISACA has warned that cyber security risk can no longer be treated as a purely technical issue, as cyber, artificial intelligence and geopolitics are now increasingly connected. High profile attacks against commercial organisations have shown that private companies can become targets for state linked groups, sometimes for political rather than financial reasons. Emerging risks include covert foreign IT worker schemes, which can create trusted insider access. Boards should understand where they are exposed, test their crisis response, strengthen HR and supplier checks, and rehearse longer running scenarios involving nation state threats.
https://www.infosecurity-magazine.com/news/execs-cisos-must-treat-cyber/
UK Firms Prioritise AI Threat Preparedness as Cyber Risks Evolve
ManageEngine reports that AI-powered attacks are now the top concern for UK organisations, cited by 43% of respondents, with 41% prioritising investment in AI and advanced threat preparedness. More than three quarters of UK businesses experienced a cyber incident in the past year, above the European average, while 46% pointed to skills shortages as their main operational challenge. Although 94% of incidents are detected within 24 hours, recovery remains slower, with over a quarter taking more than 10 days, highlighting the need to strengthen resilience as threats become more complex.
https://www.infosecurity-magazine.com/news/uk-firms-prioritize-ai-threat/
Nation State Attacks: The Risk to UK Firms
The UK’s National Cyber Security Centre has warned that nation states, particularly China, Iran and Russia, are now behind most significant cyber incidents affecting the UK. These attacks are often focused on disruption, espionage or gaining long-term access, rather than financial gain, meaning ransom payments are unlikely to resolve the issue. Critical sectors such as finance, healthcare, technology, telecoms, energy, water and defence face heightened risk, as do suppliers that provide access to larger organisations. Strong basic controls, regular recovery testing and clear oversight remain essential as geopolitical tensions continue to shape cyber activity.
https://insight.scmagazineuk.com/nation-state-attacks-the-risk-to-uk-firms
The Gentlemen Are Coming for Your Files, and Then Your Network
Microsoft has warned that ransomware called ‘Gentlemen’, developed by a group with the same name, is actively targeting organisations across education, transport, healthcare and financial services worldwide. First seen in mid 2025 and still active in 2026, the ransomware can spread from one compromised machine to others across a network before encrypting files. This means a single breach can quickly become a wider business disruption. ‘Gentlemen’ now operates as ransomware-as-a-service, where criminal affiliates can pay to use the software to carry out attacks. Early detection of unusual access, stolen password use and remote system activity is critical to limiting impact.
Ransomware Groups Grow Revenue by Almost 40% in Q1 2026
Rapid7 has reported that ransomware revenue rose by almost 40% year on year in the first quarter of 2026, reaching an estimated $529.2 million. The growth reflects a more mature criminal market, where ransomware groups can buy ready-made access to organisations through dark web brokers rather than breaking in themselves. Leading groups generated significant revenue, with Qilin estimated at $193 million and Gentlemen at $52 million between July 2025 and March 2026. The findings show how resilient and commercialised cyber crime operations have become.
'The Com' Cyberattacks Support Violence & Sexploitation
Researchers report that ‘The Com’, a loose criminal network linked to groups such as Scattered Spider, combines cyber crime with wider criminal activity, blurring the boundaries between its hacking groups and other criminal networks. The group is largely North American, often young, and recruits through gaming and social media communities. Its activity shows how weak cloud security can create harm beyond the breached organisation, with stolen access and extortion funding further criminal operations. Recent activity may have quietened, but researchers warn the group remains active and continues to evolve its tactics.
https://www.darkreading.com/threat-intelligence/the-com-cyberattacks-violence-sexploitation
What Is Configuration Drift - And Why It’s Your Biggest M365 Security Risk
Configuration drift is a growing Microsoft 365 security risk, particularly for managed service providers overseeing many client environments. It occurs when security settings gradually move away from an agreed baseline through routine changes, such as temporary access exceptions, relaxed sharing controls or admin permissions that are not later removed. These changes can weaken defences without triggering obvious alerts. Continuous monitoring and automated remediation can help identify and correct drift quickly, reducing the risk of incidents and supporting stronger governance across multiple Microsoft 365 tenants.
Supply Chain Risk Is Now a Cyber Resilience Problem
AI demand is putting pressure on the supply of DRAM and NAND, the memory and storage components that underpin backup and recovery infrastructure. As availability tightens and costs rise, cyber resilience strategies that rely on continually adding more hardware may become harder to sustain. More efficient architectures, which reduce the amount of data stored, moved and managed, can lower dependency on scarce components, reduce the number of systems needing protection, and support faster recovery. This makes infrastructure efficiency not just a cost issue, but a strategic cyber security consideration.
https://www.dell.com/en-us/blog/supply-chain-risk-is-now-a-cyber-resilience-problem/
82% of IT Pros Report a Web-Based Security Incident in Past Year – BYOD, SaaS Tools, and Remote Work Policies All Play a Part in Security Resilience
NordLayer reports a clear gap between confidence and reality in web-based security. While 73% of organisations believe they are prepared for attacks through browsers and web applications, 82% experienced an incident in the past year. The risk is growing as businesses rely more heavily on online software, remote working and personal devices. Malware designed to steal login details harvested 1.8 million credentials and 68.8 billion cookies last year, giving attackers a way to access systems by appearing to log in legitimately rather than forcing their way in.
M&S Chief’s Pay Slashed by £3M After Cyberattack Turmoil
The chief executive of UK retailer Marks & Spencer saw his pay fall by more than 40% after a major cyber attack disrupted the retailer’s operations and M&S cancelled its executive bonus scheme. The attack halted online services for weeks, affected card payments in some stores, and contributed to weaker financial performance, resulting in lower bonus and share-based awards for executives. M&S put the total cost at £133.3 million, although more than £100 million has been recovered through insurance.
https://www.cityam.com/ms-pay-slashed-after-cyberattack-turmoil/
Governance, Risk and Compliance
Why Your Board Is Still Not Ready for Cyber Risk
EU organizations buckle under rising compliance pressure - Help Net Security
UK Firms Prioritize AI Threat Preparedness as Cyber Risks Evolve - Infosecurity Magazine
NCSC Urges Immediate Action to Boost Resilience as Uncertainty Persist - Infosecurity Magazine
Building Cyber Resilience For Mission-critical Operations In 2026
6 critical security gaps every CISO must address | CSO Online
Business Leaders Lack Understanding of Threat Intelligence - Infosecurity Magazine
How to Get Boards to Prioritize Cyber Risk Quantification - Infosecurity Magazine
Cybersecurity Staff Prefer CISOs With Real Attack Response Experience - Infosecurity Magazine
CISO burnout: How to prevent contagion across the team | Computer Weekly
Two New Reports Offer Competing Explanations for Cybersecurity's Growing Crisis - SecurityWeek
Lost in translation: Cybersecurity board reporting for CISOs | TechTarget
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware groups grow revenue by almost 40% in Q1 2026 | TechRadar
'The Com' Cyberattacks Support Violence & Sexploitation
The Gentlemen are coming for your files, and then your network | CSO Online
The Gentlemen Ransomware Group Uses Fortinet Exploits, AI, and Custom C2 Frameworks
Pink is the latest goon squad to use fake helpdesk calls to steal creds
'Dumbass' criminal breaks the 'first rule of ransomware club'
Ransomware and Destructive Attack Victims
Inside the Charter data breach: hackers leak 13M+ customer data | Cybernews
Charter Communications data breach affects 4.9 million accounts
M&S chief's pay slashed by £3m after cyberattack turmoil
IKEA faces data leak threat after hackers claim theft of internal code | Cybernews
Carnival Data Breach Exposes Personal Data of Nearly 6 Million Customers
Phishing & Email Based Attacks
Attackers Abuse Shared Content for ChatGPT Phishing Campaign - Infosecurity Magazine
Infostealers are becoming the go-to phishing payload | Malwarebytes
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
ChatGPT prompt injection turns web pages into phishing lures
BTMOB Android malware service generates custom phishing payloads
Threat Actors Deploy Tiflux RMM For Persistent Remote Access
LinkedIn-themed phishing abuses Adobe's A/B testing platform - Help Net Security
There’s a new phishing scam: fake invitations | The Seattle Times
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
Europe's hotel data breach hits 100+ properties | Cybernews
Chinese Cybercrime Group in Spotlight for Record Campaign Pace - SecurityWeek
China's TA4922 Expands Cybercrime Attacks Globally
Signal users targeted in backup-stealing phishing attacks | Malwarebytes
Social Security numbers exposed in Rich Products cyberattack | Cybernews
Other Social Engineering
Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks
Pink is the latest goon squad to use fake helpdesk calls to steal creds
There’s a new phishing scam: fake invitations | The Seattle Times
Chinese Cybercrime Group in Spotlight for Record Campaign Pace - SecurityWeek
Cyber espionage campaign targeted stock exchange executive’s Outlook account
As the 2026 World Cup Looms, a Shadow Tournament of Cyber Fraud Begins | OCCRP
FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins
Five Eyes: China expanding state secret recruitment campaign
5K+ election domains registered ahead of US midterms
2FA/MFA
Microsoft fixes outage affecting MFA setup, MySignIn service
AML/CFT/Money Laundering/Terrorist Financing/Sanctions
Artificial Intelligence
Attackers Abuse Shared Content for ChatGPT Phishing Campaign - Infosecurity Magazine
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
UK Firms Prioritize AI Threat Preparedness as Cyber Risks Evolve - Infosecurity Magazine
145 AI laws passed in 2025 and privacy teams aren't catching a break - Help Net Security
Only 11% of production agents pass the AI agent security bar - Help Net Security
Security of 100 AI Agents Tested and Ranked – What You Need to Know - SecurityWeek
The Gentlemen Ransomware Group Uses Fortinet Exploits, AI, and Custom C2 Frameworks
Russian hacker tricked MAGA Telegram channel with jailbroken AI | TechRadar
Cybersecurity threats from new language models | Max-Planck-Gesellschaft
What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks
Infosecurity Europe: AI-Powered Cybercrime Tools Surge on Dark Web - Infosecurity Magazine
Free AI model powers self-spreading worm in enterprise test network
Commvault says it's time to rethink resiliency as AI crooks leave victims in a 'dark, dead' state
Hugging Face security analysis: ~70,000 live secrets and API keys, private repos, and leaky pics!
UK banks still lack access to Mythos AI model, BoE's Bailey says - CNA
ICO publishes blog on AI-powered cyber threats | A&O Shearman - JDSupra
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android
Cyber threats are becoming 'high level' with AI
President Trump Signs AI Executive Order After Delaying It Over China Concerns - Decrypt
Bots/Botnets
Botnet of 17 Million Devices Dismantled in the Netherlands
Huge Botnet Linked To Russia Infected Over 10 Million Devices Before Being Shut Down
Careers, Roles, Skills, Working in Cyber and Information Security
6 critical security gaps every CISO must address | CSO Online
CISO burnout: How to prevent contagion across the team | Computer Weekly
Cloud/SaaS
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
19.6 Billion Files Are Sitting Open on the Internet. No Password Required
FSB Group Gamaredon Hides Worm in Windows Data Streams - Infosecurity Magazine
Gamaredon APT Hides Malware in Windows Features and Abuses Cloud Platforms for C2
What is configuration drift — And why it’s your biggest M365 security risk | native | MSSP Alert
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Russian hacker tricked MAGA Telegram channel with jailbroken AI | TechRadar
Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content
DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets
Cyber Crime, Organised Crime & Criminal Actors
'The Com' Cyberattacks Support Violence & Sexploitation
Chinese Cybercrime Group in Spotlight for Record Campaign Pace - SecurityWeek
China's TA4922 Expands Cybercrime Attacks Globally
Dutch Raid Fails to Dent Russian Bulletproof Host
Over 1.4 Million Accounts Disrupted in Cybercrime Crackdown - SecurityWeek
Data Breaches/Leaks
19.6 Billion Files Are Sitting Open on the Internet. No Password Required
Hugging Face security analysis: ~70,000 live secrets and API keys, private repos, and leaky pics!
Your OnlyFans may not be private – and neither are your passwords | Cybernews
The worst hacks and breaches of 2026 (so far) | TechCrunch
Europe's hotel data breach hits 100+ properties | Cybernews
Troops’ phones leaked location data to foreign adversaries
Man sent to prison for selling data of 7 millions elderly Americans
23andMe Failed to Stop Months-Long Hack, State Alleges
California AG sues 23andMe over 2023 breach exposing health data
A Fake UK Visa Site Left 100,000 Passports Wide Open. Then Sent Lawyers Instead of a Fix.
Social Security numbers exposed in Rich Products cyberattack | Cybernews
Carnival Data Breach Exposes Personal Data of Nearly 6 Million Customers
Scots affected by Capita cyber attack given route to compensation | Scottish Legal News
Spain arrests doxer leaking sensitive data of govt employees
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
Ultrahuman says recent hack didn't affect passwords or credit cards
GTA cheat service Atlas Menu hacked as attacker alleges screenshot spying
64,000 accounts exposed in breach of GTA V cheat service Atlas Menu - Help Net Security
Hackers just stole health data from Ultrahuman users, and I’m ditching my smart ring because of it
Nightclub Giant RCI Says Data Breach Affects 40,000 Individuals - SecurityWeek
Data Protection
ICO publishes blog on AI-powered cyber threats | A&O Shearman - JDSupra
Data/Digital Sovereignty
Vivre la Linux: Behind France’s bold open source move into digital sovereignty
Denial of Service/DoS/DDoS
Why Your Rate Limits Fail Under Distributed DDoS Attacks - Security Boulevard
New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute
Encryption
Let's Encrypt Unveils Merkle Tree Certificates to Secure the Web Against Quantum Threats
Fraud, Scams and Financial Crime
Russian hacker tricked MAGA Telegram channel with jailbroken AI | TechRadar
As the 2026 World Cup Looms, a Shadow Tournament of Cyber Fraud Begins | OCCRP
FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins
Meta tries to get ahead of scammers before the World Cup begins - Help Net Security
Insurance
Cyber Insurance Rates Are Dropping, but Exclusions Widen
Internet of Things – IoT
Are our cars spying on us? A cybersecurity expert explains how to stay safe
Hacking your car’s dash cam in real time, remotely: tips, tricks, and lazy manufacturers.
How To Reduce Cyber Risks Across Connected Devices And Services
Law Enforcement Action and Take Downs
Botnet of 17 Million Devices Dismantled in the Netherlands
Huge Botnet Linked To Russia Infected Over 10 Million Devices Before Being Shut Down
Man sent to prison for selling data of 7 millions elderly Americans
Dutch Raid Fails to Dent Russian Bulletproof Host
Sextortionist sentenced to 33 years for targeting 145 children
Spain arrests doxer leaking sensitive data of govt employees
Over 1.4 Million Accounts Disrupted in Cybercrime Crackdown - SecurityWeek
European authorities crack down on illegal streaming networks | CyberScoop
Police seize £1.2m of kit from illegal streaming operation - BBC News
DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets
Reporting Cybersecurity Incidents to Law Enforcement- Best Practice
29 Arrests, Nine Crime Groups Dismantled: Another Blow to Illegal Streaming
Linux and Open Source
Organizations Warned of Exploited Linux Kernel Vulnerability - SecurityWeek
Vivre la Linux: Behind France’s bold open source move into digital sovereignty
New CIFSwitch Linux flaw gives root on multiple distributions
19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access - SecurityWeek
Dozens of Red Hat packages backdoored through its official NPM channel - Ars Technica
Shai-Hulud malware infects Red Hat npm packages downloaded 80K times weekly
Malware
Attackers Abuse Shared Content for ChatGPT Phishing Campaign - Infosecurity Magazine
Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks
Infostealers are becoming the go-to phishing payload | Malwarebytes
Android Banking Trojan OverlayPhantom Abuses Accessibility Service to Control Devices
Dozens of Red Hat packages backdoored through its official NPM channel - Ars Technica
Shai-Hulud malware infects Red Hat npm packages downloaded 80K times weekly
Free AI model powers self-spreading worm in enterprise test network
Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels
GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure
Chinese hackers use new Atlas RAT malware in European cyberattacks
Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets
Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content
Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT
Rust-Written IronWorm Hits NPM Supply Chain
Mobile
Russian hacker tricked MAGA Telegram channel with jailbroken AI | TechRadar
Troops’ phones leaked location data to foreign adversaries
BTMOB Android malware service generates custom phishing payloads
Signal users targeted in backup-stealing phishing attacks | Malwarebytes
Mobile security's dirty cupboard: The app layer nobody's watching
Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android
Models, Frameworks and Standards
EU organizations buckle under rising compliance pressure - Help Net Security
145 AI laws passed in 2025 and privacy teams aren't catching a break - Help Net Security
Anthropic to Open Mythos AI to EU's ENISA
ENISA report shows cybersecurity gains across EU critical sectors ...
MSSPs need to look beyond AI compliance badges | perspective | MSSP Alert
Outages
Microsoft fixes outage affecting MFA setup, MySignIn service
Microsoft Exchange Online outage causes email delays, failures
Passwords, Credential Stuffing & Brute Force Attacks
Your OnlyFans may not be private – and neither are your passwords | Cybernews
Pink is the latest goon squad to use fake helpdesk calls to steal creds
Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads - SecurityWeek
Regulations, Fines and Legislation
EU organizations buckle under rising compliance pressure - Help Net Security
145 AI laws passed in 2025 and privacy teams aren't catching a break - Help Net Security
President Trump Signs AI Executive Order After Delaying It Over China Concerns - Decrypt
Executive order sets voluntary cyber reviews for advanced AI | Miami Herald
EO 14390 raises stakes for enterprise cybersecurity | TechTarget
DHS Secretary Markwayne Mullin pinpoints optimal CISA staffing levels | CyberScoop
CISA close to issuing new cyber AI directive | Federal News Network
Social Media
Your OnlyFans may not be private – and neither are your passwords | Cybernews
Five Eyes: China expanding state secret recruitment campaign
LinkedIn-themed phishing abuses Adobe's A/B testing platform - Help Net Security
Software Supply Chain
Rust-Written IronWorm Hits NPM Supply Chain
Supply Chain and Third Parties
Supply Chain Risk Is Now a Cyber Resilience Problem | Dell
Scots affected by Capita cyber attack given route to compensation | Scottish Legal News
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation state attacks: The risk to UK firms | SC Media UK
Why Execs and CISOs Must Treat Cyber Threats as Statecraft - Infosecurity Magazine
Five Eyes: China expanding state secret recruitment campaign
Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets
Plan to toughen protections for subsea internet cables amid heightened Russian activity - GOV.UK
The Pentagon Finally Admits That Location Data Is a Battlefield Problem - Security Affairs
Chinese Hackers Exploit Iran War to Target Maritime and Energy Firms - Infosecurity Magazine
As Global Powers Explore Humanoid Robots, Cyber-Risk Looms
Cyber espionage campaign targeted stock exchange executive’s Outlook account
A Year After Launch, Ukraine’s Tallinn Mechanism Is Becoming a Cybersecurity Hub | The Gaze
Nation State Actors
Nation state attacks: The risk to UK firms | SC Media UK
Why Execs and CISOs Must Treat Cyber Threats as Statecraft - Infosecurity Magazine
As Global Powers Explore Humanoid Robots, Cyber-Risk Looms
China
Are our cars spying on us? A cybersecurity expert explains how to stay safe
Five Eyes: China expanding state secret recruitment campaign
Chinese hackers use new Atlas RAT malware in European cyberattacks
The Green Grid’s Hidden Backdoor: Who Controls Europe's Clean Energy?
Chinese Hackers Exploit Iran War to Target Maritime and Energy Firms - Infosecurity Magazine
Germany, Spain said to push back on European plan to ban Huawei gear
China Uses Dual-Method Cyberattack on Czech Orgs
Chinese Cybercrime Group in Spotlight for Record Campaign Pace - SecurityWeek
China's TA4922 Expands Cybercrime Attacks Globally
China turns its aging camera network into an AI-powered mass surveillance apparatus
Russia
FSB Group Gamaredon Hides Worm in Windows Data Streams - Infosecurity Magazine
Gamaredon APT Hides Malware in Windows Features and Abuses Cloud Platforms for C2
The Green Grid’s Hidden Backdoor: Who Controls Europe's Clean Energy?
Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets
Plan to toughen protections for subsea internet cables amid heightened Russian activity - GOV.UK
Huge Botnet Linked To Russia Infected Over 10 Million Devices Before Being Shut Down
Estonians' will to defend the country remains high, cyberattacks seen as a threat | News | ERR
'Dumbass' criminal breaks the 'first rule of ransomware club'
Russian spy agency says foreign spies turned officials' smartphones into surveillance devices
Russia Says Foreign Spyware Found on High-Ranking Officials' Mobile Phones
North Korea
Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels
Iran
Chinese Hackers Exploit Iran War to Target Maritime and Energy Firms - Infosecurity Magazine
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT
Tools and Controls
Building Cyber Resilience For Mission-critical Operations In 2026
Microsoft under fire for threatening security researcher with criminal investigation | TechCrunch
Two New Reports Offer Competing Explanations for Cybersecurity's Growing Crisis - SecurityWeek
How to Get Boards to Prioritize Cyber Risk Quantification - Infosecurity Magazine
Attackers Abuse Open RDP Ports to Gain Initial Access Into Business Networks
Microsoft quietly removes a blog post claiming Windows 11 offers sufficient security - BetaNews
Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads - SecurityWeek
How To Reduce Cyber Risks Across Connected Devices And Services
Why Your Rate Limits Fail Under Distributed DDoS Attacks - Security Boulevard
What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks
Threat Actors Deploy Tiflux RMM For Persistent Remote Access
Business Leaders Lack Understanding of Threat Intelligence - Infosecurity Magazine
Lost in translation: Cybersecurity board reporting for CISOs | TechTarget
The behavioral signals that sharpen Trojan malware detection - Help Net Security
Known vulnerabilities behind most application security incidents - Help Net Security
How Leading Organizations Are Turning EDR Into Operational Resilience
Raising the Cybersecurity Stakes: Ante up for the Agentic Era - SecurityWeek
Anthropic to Open Mythos AI to EU's ENISA
UK banks still lack access to Mythos AI model, BoE's Bailey says - CNA
Zoom CISO: AI as Security Enabler, Not Role-Replacer
Agent Threat Rules: Open detection rule format for AI agent security threats - Help Net Security
Anthropic ups Glasswing partner count 4x, UK banks snubbed
Hackers Can Weaponize Lenovo Driver to Terminate EDR Processes
Reports Published in the Last Week
Other News
Farage's £5m gift leak 'hack' reported to police by Labour - Essex Live
Microsoft quietly removes a blog post claiming Windows 11 offers sufficient security - BetaNews
ENISA report shows cybersecurity gains across EU critical sectors ...
No Longer Invisible: When Cyber Attacks Go Physical
Security Specialist Warns of Business Aviation Cyberattack Threats | Aviation International News
National cyber shield could be ready in five years | Computer Weekly
Vulnerability Management
IBM and Red Hat believe they have the answer to open source security risks | IT Pro
Vulnerabilities
Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089) - Help Net Security
Microsoft blames unexpected Windows driver updates on caching issue
Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026 - SecurityWeek
Organizations Warned of Exploited Linux Kernel Vulnerability - SecurityWeek
New CIFSwitch Linux flaw gives root on multiple distributions
19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access - SecurityWeek
Oracle's First Monthly Patches Resolve 77 Vulnerabilities - SecurityWeek
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
Recent Palo Alto Networks Vulnerability Exploited for Weeks - SecurityWeek
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
Critical OpenVPN Connect for macOS Vulnerability Let Attackers Execute Arbitrary Commands
Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited
Chrome 148 Update Patches 151 Vulnerabilities - SecurityWeek
The Gentlemen Ransomware Group Uses Fortinet Exploits, AI, and Custom C2 Frameworks
Critical Flowise Flaw Gives Attackers Full Server Control - Infosecurity Magazine
Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets
Acer working to patch max severity zero-days in Wave 7 routers
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
Automotive
Construction
Critical National Infrastructure (CNI)
Defence & Space
Education & Academia
Energy & Utilities
Estate Agencies
Financial Services
FinTech
Food & Agriculture
Gaming & Gambling
Government & Public Sector (including Law Enforcement)
Health/Medical/Pharma
Hotels & Hospitality
Insurance
Legal
Manufacturing
Maritime & Shipping
Oil, Gas & Mining
OT, ICS, IIoT, SCADA & Cyber-Physical Systems
Retail & eCommerce
Small and Medium Sized Businesses (SMBs)
Startups
Telecoms
Third Sector & Charities
Transport & Aviation
Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.