Black Arrow Cyber Threat Intelligence Briefing 07 November 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week’s stories highlight how AI is reshaping cyber threats, with malicious agents, deepfakes and automated phishing increasing both scale and sophistication. In particular, when AI agents are given their own credentials or identities, this increases the risks that are exploited by attackers. Business leaders must now consider AI-driven risks as part of their core governance responsibilities. Risks are further increased because of the growth of data held by businesses, including redundant or abandoned data.
We also report on the resurgence of classic attack methods like phishing and email compromise, now supercharged by generative AI. Ransomware remains a dominant threat, with attackers exploiting cyber insurance policies and even resorting to physical intimidation. European organisations are particularly exposed, and many still pay ransoms, which encourages repeat targeting. Research shows that business leaders have an inaccurate perception of their organisation’s readiness to recover from an incident.
The key theme here is the need for business leaders to be informed of the current and emerging threats to their business, and to know how to mitigate these risks through a strategy that they govern alongside their other risks. Contact us to discuss how to make this work proportionately in your organisation.
Top Cyber Stories of the Last Week
Enterprises are Not Prepared for a World of Malicious AI Agents
Palo Alto Networks CEO Nikesh Arora warns that most organisations are ill equipped to manage the growing number of AI agents accessing corporate systems. These non-human identities can act like employees, holding credentials and privileges that expand the attack surface. Existing identity and privileged access tools track only a fraction of users, leaving many AI agents unmonitored. This gap will worsen as both legitimate and malicious agents proliferate. A centralised management of user access and permissions is needed to prevent uncontrolled access and misuse.
Source: https://www.zdnet.com/article/enterprises-are-not-prepared-for-a-world-of-malicious-ai-agents/
The Phishing Renaissance, How AI Brought Back the Classics
Classic phishing methods such as credential theft and vendor impersonation are resurging because AI makes personalisation easy. Generative tools remove the grammatical errors that once revealed scams, allowing criminals to adapt tone and context for each target. Deepfakes and voice cloning add realism to social engineering, while business email compromise continues to succeed without malware. Human awareness and layered verification are essential as AI amplifies the effectiveness of old techniques.
Source: https://securityboulevard.com/2025/10/the-phishing-renaissance-how-ai-brought-back-the-classics/
‘Data Sprawl’ Is Now Your Security Team’s Biggest Headache – And It’s Only Going to Get Worse
Growth of data across cloud, hybrid and SaaS environments is overwhelming security teams. One-third of UK organisations saw data volumes surge by 30% or more in the past year and 41% of large enterprises now manage over a petabyte. Around 38% flag redundant or abandoned data as a security risk, while 85% of organisations globally report data loss incidents. The rise of generative AI and weak visibility are exacerbating the issue, and firms should embed privacy-by-design and governance before attackers exploit the chaos.
Old Threats, New Consequences: 90% of Cyber Claims Stem from Email and Remote Access
Insurance data shows that most cyber claims originate from email and remote access breaches. Email accounted for 43% of incidents in 2024, with claim frequency rising 30% year on year. Fraud often begins with inbox compromise or near lookalike domains, and average illicit transfers reached $286,000. Generative AI is accelerating attacker success, highlighting that familiar entry points remain the most costly for organisations.
Survey: Organisations are Too Confident in Their Cyber Resiliency
A global study of 1,773 leaders finds widespread overconfidence in cyber resilience. While 95% believe they can recover from ransomware, 40% were attacked in the past year and only 15% fully restored their data. 45% paid ransoms, with 30% paying over $250,000. 44% report deepfake enabled attacks and many lack clear policies on generative AI. The findings reveal a gap between perceived and actual preparedness.
Thousands Fall Victim to Ransomware as European Attacks Reach Record Highs - Here’s Why They’re So at Risk
Europe now accounts for almost 22% of global victims posted on leak sites since 2024, with more than 2,100 European organisations listed. Exposure is driven by lucrative sectors, GDPR penalties that can encourage payment and geopolitical spillover from the war in Ukraine. Average time from initial access to deployment is 35.5 hours, compressing response windows and increasing operational impact. Intelligence led defence and faster containment are essential.
How Ransomware Attacks Leverage Cyber Insurance Policies
Attackers increasingly search for cyber insurance documents to shape negotiations. Knowledge of limits, coverage and approved vendors allows demands that appear reasonable relative to downtime and costs. Policies should be protected like confidential financial records, with strict access, secure storage, offline copies and staff awareness to prevent leverage during extortion.
Source: https://securityboulevard.com/2025/11/how-ransomware-attacks-leverage-cyber-insurance-policies/
Violent Cybercrime Surges in Europe Amid Big Payouts
Some cyber attackers are pairing online extortion with real world intimidation to force payment. Rising revenues and professionalisation are driving aggression, with threats extending beyond data leaks. Response plans should include physical safety considerations and coordination with law enforcement as pressure tactics escalate.
Source: https://www.theregister.com/2025/11/04/cybercriminals_increasingly_rely_on_violence/
Three of the Biggest Cybercrime Gangs Around Appear to Be Teaming Up - Which Could Be Bad News for All of Us
Scattered Spider, Lapsus$ and ShinyHunters have reportedly united under the new banner “Scattered Lapsus$ Hunters” (SLH). Operating via Telegram, the alliance combines social engineering, credential theft and data-leak extortion into a professionalised “Extortion-as-a-Service” model. The groups seek both profit and notoriety, marking a shift toward cybercrime branding that increases visibility and risk for global enterprises.
Google Says 2026 Will Be the Year AI Supercharges Cybercrime
Google forecasts that by 2026, AI will drive both attacks and defences. Adversaries will automate phishing, deepfakes and prompt injection exploits against large language models. A growing concern is unmonitored bots or scripts with system access that act without oversight; these hidden identities could move data or perform actions unseen by security teams. The report urges strict control, identity tracking and AI-led containment to counter this evolving threat.
Source: https://www.helpnetsecurity.com/2025/11/05/google-cybersecurity-forecast-2026/
Enterprises are Losing Track of the Devices Inside Their Networks
A study of 10 million devices across more than 700 organisations shows that two-thirds are not traditional IT assets such as servers or laptops. Instead, they include extended IoT devices like VoIP phones, cameras, point-of-sale systems and power supplies. On average, firms manage 164 device types, 1,629 vendors and 876 OS versions. With 40% of cameras containing known flaws and 3% exposed online, organisations must urgently regain visibility and control over every connected device.
Source: https://www.helpnetsecurity.com/2025/11/06/enterprise-xiot-devices-risk/
Britain ‘Highly Vulnerable’ to Russian Cyber Attacks, Warns Former Army Chief
Field Marshal Lord Houghton warns that Britain’s cyber defences are not yet fit for purpose and that the nation remains highly vulnerable to hostile cyber activity. Recent breaches affecting the Ministry of Defence and major contractors highlight deep weaknesses. He urges greater investment in AI and autonomous systems to boost military capability and calls for closer coordination between government, industry and the Armed Forces to strengthen resilience.
Source: https://www.telegraph.co.uk/news/2025/11/06/british-army-russian-attack-field-marshal-lord-houghton/
Governance, Risk and Compliance
82 percent of finserv organizations suffered a data breach in the last year - BetaNews
CISO Burnout – Epidemic, Endemic, or Simply Inevitable? - SecurityWeek
Survey: Organizations Are Too Confident in Their Cyber Resiliency - Security Boulevard
Financial services can't shake security debt - Help Net Security
UK’s National Cyber Security Centre Releases 2025 Annual Review | Alston & Bird - JDSupra
Google Forecasts Rise of Cyber-Physical Attacks Targeting Europe - Infosecurity Magazine
Nation-State, Cyber and Hacktivist Threats Pummel Europe
Violent cybercrime surges in Europe amid big payouts • The Register
Firms prioritise AI and cyber security in tackling digital threats - CIR Magazine
The Next Evolution Of Cybersecurity Is Preemptive
Gartner just dropped its 2026 tech trends - and it's not all AI: Here's the list | ZDNET
To maximize their influence, CISOs need diverse skills | TechTarget
CISOs in court: Balancing cyber resilience and legal accountability | Computer Weekly
Threats
Ransomware, Extortion and Destructive Attacks
Cyber loot flows to Russia and its friends | Cybernews
What Makes Ransomware Groups Successful?
Rhysida ransomware exploits Microsoft certificate to slip malware past defenses | CSO Online
Cybersecurity experts charged with running BlackCat ransomware operation | CSO Online
Ransomware attacks are hitting European enterprises at record pace | IT Pro
Leak Site Ransomware Victims Spike 13% in a Year - Infosecurity Magazine
Beware - ransomware gang is tricking victims with fake Microsoft Teams ads | TechRadar
How Ransomware Attacks Leverage Cyber Insurance Policies - Security Boulevard
DragonForce Cartel Emerges as Conti-Derived Ransomware Threat - Infosecurity Magazine
U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud
Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities
Old Linux Kernel flaw CVE-2024-1086 resurfaces in ransomware attacks
Ongoing Ransomware Attacks Exploit Linux Vulnerability, CISA Warns
Wipers from Russia’s most cut-throat hackers rain destruction on Ukraine - Ars Technica
Ukrainian allegedly involved in Conti ransomware attacks faces up to 25 years in jail | CyberScoop
Ransomware Victims
Conduent January 2025 breach impacts 10M+ people
M&S cyberattack cost £136m but retailer ‘regaining momentum’ | News | The Grocer
Results: Cyber attack more than halved M&S first half profits - Retail Gazette
Hackers hit a Swiss bank, claiming 2.5TB of data | Cybernews
How a ransomware gang encrypted Nevada government's systems
Nevada Refused to Pay Cyberattack Ransom as Systems Sat Compromised for Months – DataBreaches.Net
Apache OpenOffice disputes data breach claims by ransomware gang
"Pay up or we share the tapes": Hackers target massage parlour clients in blackmail scheme
Oncology Institute Reports Cybersecurity Incident Impact - TipRanks.com
Phishing & Email Based Attacks
The Phishing Renaissance, How AI Brought Back the Classics - Security Boulevard
Old threats, new consequences: 90% of cyber claims stem from email and remote access | CSO Online
ClickFix malware attacks evolve with multi-OS support, video tutorials
How Phishing Kits Are Evading Detection & Ways to Beat Them | MSSP Alert
Is your business prepared for these growing phishing scams? | TechRadar
“I Paid Twice” Phishing Campaign Targets Booking.com - Infosecurity Magazine
Other Social Engineering
ClickFix malware attacks evolve with multi-OS support, video tutorials
In an AI World, Every Attack is a Social Engineering Attack - Security Boulevard
Is your business ready for a deepfake attack? 4 steps to take before it's too late | ZDNET
Cybercriminals have built a business on YouTube’s blind spots - Help Net Security
UK carriers to block spoofed phone numbers in fraud crackdown
SMS Fraud Losses Set to Decline 11% in 2026 - Infosecurity Magazine
Sora 2 Creates Believable Videos,Reality Checks Needed
AI makes holiday shopping scams harder to spot - BetaNews
Microsoft Warns of 'Payroll Pirates' Hijacking HR SaaS Accounts to Steal Employee Salaries
Fraud, Scams and Financial Crime
Europe's phone networks are drowning in fake calls - Help Net Security
Google Report Reveals How Text Scams Steal Your Data And Money
Cybercriminals have built a business on YouTube’s blind spots - Help Net Security
UK carriers to block spoofed phone numbers in fraud crackdown
SMS Fraud Losses Set to Decline 11% in 2026 - Infosecurity Magazine
AI makes holiday shopping scams harder to spot - BetaNews
Microsoft Warns of 'Payroll Pirates' Hijacking HR SaaS Accounts to Steal Employee Salaries
Experts warn AI tools are fueling a rise in scams targeting older adults - BetaNews
Artificial Intelligence
The Phishing Renaissance, How AI Brought Back the Classics - Security Boulevard
Ransomware Attack on European Organizations Surge as Hackers Leveraging AI-Tools for Attacks
Google says 2026 will be the year AI supercharges cybercrime - Help Net Security
Cybercrime To Hit Critical Supply Chains As AI Amplifies Global Risk, Google Warns | Scoop News
Cybercriminals Armed With AI Often Find Mid-Sized Businesses Are Sitting Ducks | Law.com
Enterprises are not prepared for a world of malicious AI agents | ZDNET
List of AI Tools Promoted by Threat Actors in Underground Forums and Their Capabilities
In an AI World, Every Attack is a Social Engineering Attack - Security Boulevard
Is your business ready for a deepfake attack? 4 steps to take before it's too late | ZDNET
Google uncovers malware using LLMs to operate and evade detection - Help Net Security
Malware Now Uses AI During Execution to Mutate and Collect Data, Google Warns - SecurityWeek
Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data
The cottage industry quietly manipulating chatbots’ replies
Sora 2 Creates Believable Videos,Reality Checks Needed
Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities
Tech groups step up efforts to solve AI’s big security flaw
Microsoft Detects "SesameOp" Backdoor Using OpenAI's API as a Stealth Command Channel
Claude Desktop Extensions Vulnerable to Web-Based Prompt Injection - Infosecurity Magazine
Microsoft: A key OpenAI API is being used for 'espionage' by bad actors | Mashable
AI makes holiday shopping scams harder to spot - BetaNews
Google Threat Report Links AI-powered Malware to DPRK Crypto Theft - Decrypt
Malware
Google uncovers malware using LLMs to operate and evade detection - Help Net Security
New malware uses AI to adapt during attacks, report finds | The Record from Recorded Future News
ClickFix malware attacks evolve with multi-OS support, video tutorials
Weaponized Putty and Teams Ads Deliver Malware Allowing Hackers to Access Network
Chinese APT Uses 'Airstalk' Malware in Supply Chain Attacks - SecurityWeek
Russian hackers abuse Hyper-V to hide malware in Linux VMs
Rhysida ransomware exploits Microsoft certificate to slip malware past defenses | CSO Online
Australia warns of BadCandy infections on unpatched Cisco devices
Fake Solidity VSCode extension on Open VSX backdoors developers
Gootloader malware is back with new tricks after 7-month break
Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors
Russia arrests three suspected Meduza infostealer devs • The Register
Alleged Meduza Stealer malware admins arrested after hacking Russian org
New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea
Russian hackers hit Windows machines via Linux VMs with new custom malware | TechRadar
Mobile
Europe's phone networks are drowning in fake calls - Help Net Security
Google Report Reveals How Text Scams Steal Your Data And Money
Android Malware Mutes Alerts, Drains Crypto Wallets
Backdoored ‘secure’ messaging app leads to more arrests • The Register
Report finds 67% surge in Android mal... - Mobile World Live
Malicious Android apps on Google Play downloaded 42 million times
Xi Jinping jokes about backdoors in Xiaomi smartphones • The Register
Denial of Service/DoS/DDoS
Hacktivist-Driven DDoS Dominates Attacks on Public Sector - Infosecurity Magazine
Internet of Things – IoT
The Hidden Risks of Third-Party IoT Devices: What Organizations Need t - Infosecurity Magazine
Why millions of connected vehicles need automated cyber security | TechRadar
Enterprises are losing track of the devices inside their networks - Help Net Security
An 18-Year-Old Codebase Left Smart Buildings Wide Open
Connected devices may face mandatory security checks before you can use them
Data Breaches/Leaks
82 percent of finserv organizations suffered a data breach in the last year - BetaNews
Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data
Conduent January 2025 breach impacts 10M+ people
Hackers hit a Swiss bank, claiming 2.5TB of data | Cybernews
SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach
Court reimposes original sentence for Capital One hacker | CyberScoop
Lawmakers say stolen police logins are exposing Flock surveillance cameras to hackers | TechCrunch
Washington Post says it is among victims of cyber breach tied to Oracle software | Reuters
Software dev accidentally leaks Australian govt documents | Information Age | ACS
Data breach at major Swedish software supplier impacts 1.5 million
US Congressional Budget Office hit by cybersecurity incident | Reuters
Apache OpenOffice disputes data breach claims by ransomware gang
Media giant Nikkei reports data breach impacting 17,000 people
Hyundai AutoEver America data breach exposes SSNs, drivers licenses
Organised Crime & Criminal Actors
Scattered Spider, ShinyHunters and LAPSUS$ Form Unified Collective - Infosecurity Magazine
DragonForce Cartel Emerges as Conti-Derived Ransomware Threat - Infosecurity Magazine
‘Scamming became the new farming’: inside India’s cybercrime villages | Cybercrime | The Guardian
Cyber surveillance of British businesses | Professional Security Magazine
Operation Chargeback Uncovers €300m Fraud Scheme in 193 Countries - Infosecurity Magazine
Court reimposes original sentence for Capital One hacker | CyberScoop
Nine Arrested in €600M crypto laundering bust across Europe
Russia arrests three suspected Meduza infostealer devs • The Register
Alleged Meduza Stealer malware admins arrested after hacking Russian org
Firms at risk as Japan struggles to keep up with cybercrime amid rise of ransomware - The Mainichi
US Refuses to Sign UN Cybercrime Treaty
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Operation Chargeback Uncovers €300m Fraud Scheme in 193 Countries - Infosecurity Magazine
18 arrested in €300 million global credit card fraud scheme - Help Net Security
Android Malware Mutes Alerts, Drains Crypto Wallets
Hacker steals over $120 million from Balancer DeFi crypto protocol
Nine Arrested in €600M crypto laundering bust across Europe
Google Threat Report Links AI-powered Malware to DPRK Crypto Theft - Decrypt
Insider Risk and Insider Threats
Employees keep finding new ways around company access controls - Help Net Security
Insurance
How Ransomware Attacks Leverage Cyber Insurance Policies - Security Boulevard
Is cyber on the verge of becoming uninsurable? | Insurance Business America
Supply Chain and Third Parties
Cybercrime To Hit Critical Supply Chains As AI Amplifies Global Risk, Google Warns | Scoop News
Chinese APT Uses 'Airstalk' Malware in Supply Chain Attacks - SecurityWeek
Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack
Washington Post says it is among victims of cyber breach tied to Oracle software | Reuters
Software dev accidentally leaks Australian govt documents | Information Age | ACS
Data breach at major Swedish software supplier impacts 1.5 million
Open VSX rotates access tokens used in supply-chain malware attack
Software Supply Chain
Cloud/SaaS
SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach
Microsoft Warns of 'Payroll Pirates' Hijacking HR SaaS Accounts to Steal Employee Salaries
Researchers Just Revealed 4 Big Microsoft Teams Vulnerabilities
With each cloud outage, calls for government action grow louder | CyberScoop
EU and UK organizations ponder resilience after Azure outage • The Register
Hackers Exploit OneDrive.exe Through DLL Sideloading to Execute Arbitrary Code
UK accused of being too slow to regulate cloud services providers
Oracle’s cloud strategy an increasingly risky bet | CIO
Outages
EU and UK organizations ponder resilience after Azure outage • The Register
With each cloud outage, calls for government action grow louder | CyberScoop
Identity and Access Management
Employees keep finding new ways around company access controls - Help Net Security
Linux and Open Source
Russian hackers abuse Hyper-V to hide malware in Linux VMs
Ongoing Ransomware Attacks Exploit Linux Vulnerability, CISA Warns
International Criminal Court dumps Microsoft Office • The Register
Old Linux Kernel flaw CVE-2024-1086 resurfaces in ransomware attacks
Logging in as root on Linux? Here's why that disaster waiting to happen | ZDNET
Passwords, Credential Stuffing & Brute Force Attacks
The Louvre’s video surveillance had a shockingly weak password | Cybernews
Have I Been Pwned adds a billion new passwords to its database - gHacks Tech News
The Worst Password Of 2025 Is '123456' - Make Sure You Don't Use These
What are the most common passwords? No surprises here • The Register
Social Media
Cybercriminals have built a business on YouTube’s blind spots - Help Net Security
Malvertising
Beware - ransomware gang is tricking victims with fake Microsoft Teams ads | TechRadar
Weaponized Putty and Teams Ads Deliver Malware Allowing Hackers to Access Network
Training, Education and Awareness
What keeps phishing training from fading over time - Help Net Security
Study concludes cybersecurity training doesn’t work | KPBS Public Media
Regulations, Fines and Legislation
U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud
Report: 36% of companies do not know whether they are covered by NIS2 directive
Cyber Resilience Act: Overview for affected companies
With each cloud outage, calls for government action grow louder | CyberScoop
Connected devices may face mandatory security checks before you can use them
The US must not endorse Russia and China’s vision for cybersecurity
UK accused of being too slow to regulate cloud services providers
US Refuses to Sign UN Cybercrime Treaty
Trump admin begins developing new cybersecurity strategy
Senate approves new leader for Army Cyber Command - Breaking Defense
Old privacy laws create new risks for businesses - Help Net Security
Models, Frameworks and Standards
Report: 36% of companies do not know whether they are covered by NIS2 directive
Cyber Resilience Act: Overview for affected companies
Old privacy laws create new risks for businesses - Help Net Security
Data Protection
Old privacy laws create new risks for businesses - Help Net Security
Careers, Working in Cyber and Information Security
To maximize their influence, CISOs need diverse skills | TechTarget
Starting Over in Cybersecurity: Advice I Wish I'd Had
Law Enforcement Action and Take Downs
Operation Chargeback Uncovers €300m Fraud Scheme in 193 Countries - Infosecurity Magazine
Europe's phone networks are drowning in fake calls - Help Net Security
Backdoored ‘secure’ messaging app leads to more arrests • The Register
US cybersecurity experts indicted for BlackCat ransomware attacks
Nine Arrested in €600M crypto laundering bust across Europe
Court reimposes original sentence for Capital One hacker | CyberScoop
Ukrainian allegedly involved in Conti ransomware attacks faces up to 25 years in jail | CyberScoop
US Refuses to Sign UN Cybercrime Treaty
Russia arrests three suspected Meduza infostealer devs • The Register
Alleged Meduza Stealer malware admins arrested after hacking Russian org
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Electronic Weapons: Russian Cyber War Against Germany
How nations build and defend their cyberspace capabilities - Help Net Security
Beyond Denial: Toward a Credible Cyber Deterrence Strategy • Stimson Center
Nation State Actors
SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach
Cyber Physical Systems Face Rising Geopolitical Risks
China
Cyber loot flows to Russia and its friends | Cybernews
The US must not endorse Russia and China’s vision for cybersecurity
Chinese APT Uses 'Airstalk' Malware in Supply Chain Attacks - SecurityWeek
Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack
Xi Jinping jokes about backdoors in Xiaomi smartphones • The Register
US Space Force to Use Three Weapons To Jam Chinese Satellites Via Remote Control - Bloomberg
Germany Weighs Paying Deutsche Telekom to Replace Huawei Gear - Bloomberg
Finland to Tighten Huawei Ban in 5G Network on Security Grounds - Bloomberg
China-linked hackers exploited Lanscope flaw as a zero-day in attacks
Russia
Britain ‘highly vulnerable’ to Russian cyber attacks, warns former Army chief
Cyber loot flows to Russia and its friends | Cybernews
Russian hackers hit Windows machines via Linux VMs with new custom malware | TechRadar
The US must not endorse Russia and China’s vision for cybersecurity
Electronic Weapons: Russian Cyber War Against Germany
The cottage industry quietly manipulating chatbots’ replies
Wipers from Russia’s most cut-throat hackers rain destruction on Ukraine - Ars Technica
Russia Wages War On The Internet In Ukraine, But Resistance Is Winning
Ukraine’s Security Service repels over 2,300 enemy cyberattacks in 2025 - Freedom
Offensive Cyber Operations and Combat Effectiveness After Ukraine | Lawfare
NATO's Crossed Swords cyber exercise gets underway in Tallinn | News | ERR
Russia arrests three suspected Meduza infostealer devs • The Register
Alleged Meduza Stealer malware admins arrested after hacking Russian org
Iran
UNK_SmudgedSerpent Targets Academics With Political Lures - Infosecurity Magazine
Iran's 'SmudgedSerpent APT Phishes US Policy Wonks
North Korea
Cyber loot flows to Russia and its friends | Cybernews
U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program
Google Threat Report Links AI-powered Malware to DPRK Crypto Theft - Decrypt
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Nation-State, Cyber and Hacktivist Threats Pummel Europe
Hacktivist-Driven DDoS Dominates Attacks on Public Sector - Infosecurity Magazine
Tools and Controls
Old threats, new consequences: 90% of cyber claims stem from email and remote access | CSO Online
Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection
Russian hackers abuse Hyper-V to hide malware in Linux VMs
NATO's Crossed Swords cyber exercise gets underway in Tallinn | News | ERR
AI Becomes Both Tool and Target in Cybersecurity
Survey: Organizations Are Too Confident in Their Cyber Resiliency - Security Boulevard
Financial services can't shake security debt - Help Net Security
Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks
Russian hackers host secret VMs on Windows | Cybernews
EU and UK organizations ponder resilience after Azure outage • The Register
Enterprises are losing track of the devices inside their networks - Help Net Security
Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities
Vibe coding security risks and how to mitigate them | IT Pro
The Next Evolution Of Cybersecurity Is Preemptive
Browser detection and response fills gaps in security programs | TechTarget
AI can flag the risk, but only humans can close the loop - Help Net Security
Reports Published in the Last Week
UK’s National Cyber Security Centre Releases 2025 Annual Review | Alston & Bird - JDSupra
Other News
Zombie Projects Rise Again to Undermine Security
Louvre delayed Windows security updates ahead of burglary – Computerworld
Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks
International Criminal Court dumps Microsoft Office • The Register
Europe's energy grid faces growing cyber threat • The Register
Europe eyes digital sovereignty sans big tech | TelecomTV
Shipping’s cyber reckoning - Splash247
Ofcom to Boost UK Telecoms Security by Working with Key Countries - ISPreview UK
How can we keep our society and economy cyber secure? - New Statesman
How nations build and defend their cyberspace capabilities - Help Net Security
Totally Exposed at 30,000 Feet - Center for Democracy and Technology
Scottish Government launches refreshed cyber strategy
Cyber Physical Systems Face Rising Geopolitical Risks
Hospitals are running out of excuses for weak cyber hygiene - Help Net Security
The race to defend satellites from cyberattacks - SpaceNews
The Rising Tide of Cyber-Attacks Against the UK Water Sector | Fortra
Vulnerability Management
Zombie Projects Rise Again to Undermine Security
Louvre delayed Windows security updates ahead of burglary | CSO Online
UK dept spent £312M moving to Win 10 as support D-day hits • The Register
SolarWinds-Like Risk Lurks in Popular Installer Tool
Vulnerabilities
Researchers Just Revealed 4 Big Microsoft Teams Vulnerabilities
Update Chrome now: 20 security fixes just landed | Malwarebytes
Two Windows vulnerabilities, one a 0-day, are under active exploitation - Ars Technica
New Attack Combines Ghost SPNs and Kerberos Reflection to Elevate Privileges on SMB Servers
Cisco Warns of Hackers Actively Exploiting ASA and FTD 0-day RCE Vulnerability in the Wild
Old Linux Kernel flaw CVE-2024-1086 resurfaces in ransomware attacks
Australia warns of BadCandy infections on unpatched Cisco devices
Windows Graphics Vulnerabilities Allow Remote Attackers to Execute Arbitrary Code
New GDI Flaws Could Enable Remote Code Execution in Windows - Infosecurity Magazine
Android Update Patches Critical Remote Code Execution Flaw - SecurityWeek
Apple Patches Multiple Critical Vulnerabilities in iOS 26.1 and iPadOS 26.1
Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362
SolarWinds-Like Risk Lurks in Popular Installer Tool
Ongoing Ransomware Attacks Exploit Linux Vulnerability, CISA Warns
Hackers Exploit OneDrive.exe Through DLL Sideloading to Execute Arbitrary Code
Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data
Claude Desktop Extensions Vulnerable to Web-Based Prompt Injection - Infosecurity Magazine
Hackers exploit critical auth bypass flaw in JobMonster WordPress theme
Microsoft: Patch for WSUS flaw disabled Windows Server hotpatching
Critical UniFi OS Vulnerability Enables Remote Code Execution Attacks
Microsoft: October Windows updates trigger BitLocker recovery
AMD confirms some Zen 5 CPUs have a worrying security flaw that could put users at risk | TechRadar
Exploited 'Post SMTP' Plugin Flaw Exposes WordPress Sites to Takeover - SecurityWeek
China-linked hackers exploited Lanscope flaw as a zero-day in attacks
Hackers exploit WordPress plugin Post SMTP to hijack admin accounts
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.