Black Arrow Cyber Threat Intelligence Briefing 08 May 2026
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week’s review of cyber security in the specialist and general media highlights employees and the risks they bring to their employer’s security. Research cited this week reports that cyber is the top global people risk, including employees sharing sensitive company information when using AI, and employees enabling attacks by falling for phishing emails and other malicious communications. At Black Arrow, we address this in our work with our clients, where we use our expertise and qualifications in HR and cyber security to strengthen the role that employees play in protecting their organisations.
In our review this week, we also look deeper at the evolution of ransomware, including toolkits used by attackers and insights into the prevalence of ransomware attacks. We further highlight the risks and misuse of AI, which has led bank executives to flag cyber security as their top risk.
At Black Arrow, we are consistent in our messaging that cyber security can only be achieved by aligned controls across people, operations and technology, as reinforced by insights from this week’s review. Contact us to discuss how to address this in a pragmatic way.
Top Cyber Stories of the Last Week
Cyber is the Number One Global “People Risk,” Says Marsh
Marsh’s 2026 People Risks report, based on interviews with more than 4,500 HR and risk professionals across 26 markets, ranks cyber related challenges as the leading global people risk. Weak cyber threat awareness, shortages in cyber and AI skills, poor understanding of AI risks and mishandling of data all feature in the top 10 concerns. These issues can increase the likelihood of cyber attacks, disrupt operations, damage trust and slow business progress, while 40% of respondents with effective people risk management initiatives reported improved workforce productivity, and 36% saw faster progress on strategic initiatives such as AI adoption.
https://www.infosecurity-magazine.com/news/cyber-number-one-global-people/
Employees Are Now More Dangerous to Their Company than External Hackers
Orange Cyberdefense reports that internal security risks now account for 57% of incidents, up from 47% in less than a year, overtaking external hacking for the first time. Employee misuse has risen sharply from 29% to 45%, often linked to unapproved tools such as public AI apps where sensitive information may be shared. Staff devices were involved in 53% of incidents, while identity attacks, where criminals use stolen login details, increased from 10% to 17%. Organisations should tighten access controls and multi-factor authentication to help reduce this growing risk.
Your Employees Know What Phishing Looks Like. They’re Still Getting Fooled. Here’s Why.
AI is making phishing emails and messages harder to spot, with 72% of surveyed workers saying attempts are more convincing than a year ago and 66% believing AI could impersonate a colleague. The risk is not simply lack of training. Employees often recognise the warning signs, but still click or respond when rushing, multitasking or working after hours. Nearly 70% check work messages outside normal hours, increasing exposure when attention is lower. Organisations should review response expectations, approval processes and communication habits so staff have clear, normal opportunities to pause and verify unusual requests.
Nearly Half of Initial Access Attacks Start with One Human Mistake
Attackers are continuing to exploit everyday human behaviour, with ClickFix attacks accounting for 47% of initial access incidents observed over the past year. These attacks present users with a fake technical problem, such as a broken verification check or failed update, then guide them into running a harmful command that appears to fix it. The approach requires no advanced flaw or complex exploit, just pressure, trust and a desire to stay productive. For organisations, this highlights the need to treat human risk as a continuous cyber security priority, supported by monitoring for unusual user activity.
86% of Phishing Attacks are AI Driven, KnowBe4 Research Finds
KnowBe4 reports that phishing is becoming more sophisticated, with 86% of attacks now AI driven. Over the past six months, calendar invite phishing rose by 49%, Microsoft Teams attacks increased by 41%, and the use of tools to steal Microsoft 365 login details surged by 139%. Attackers are also moving beyond email, using multiple channels at once and impersonating internal teams, seen in 30% of attacks in early 2026. This highlights a growing need to protect people, collaboration tools and AI systems together.
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
A phishing campaign active since at least April 2025 has affected more than 80 organisations, mainly in the US, by tricking victims into installing legitimate remote access tools. The emails impersonated the US Social Security Administration and used compromised websites to avoid basic email filtering. Once installed, the tools gave attackers ongoing access to devices, including the ability to view screens, transfer files and return later. Because the software is legitimate and digitally signed, traditional security tools may not flag the activity as suspicious.
https://thehackernews.com/2026/05/phishing-campaign-hits-80-orgs-using.html
Researchers Discover New All-in-One ‘Bluekit’ Phishing Kit Capable of Bypassing Enterprise 2FA Protocols and Emulating 40+ Global Brands
Bluekit is a new phishing platform that makes it easier for criminals to launch convincing attacks at scale. It can imitate more than 40 global brands, automate campaign setup, alert attackers when data is stolen and use AI to draft tailored phishing emails. More concerningly, it can steal active browser sessions, which may allow attackers to bypass multi-factor authentication by appearing to be a legitimate user. Its rapid development reinforces the value of phishing-resistant authentication, such as hardware security keys, alongside regular staff awareness testing.
MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
Rapid7 has linked a Microsoft Teams based credential theft campaign to Iranian state-backed attackers posing as a ransomware group. The incident used screen sharing and fake IT support tactics to trick staff into revealing passwords and approving multi-factor authentication requests. Rather than encrypting files, the attackers focused on stealing data and keeping long-term access through remote management tools. The case highlights a growing trend where state-linked groups use criminal ransomware brands and widely available cyber crime tools to hide their involvement and slow down response efforts.
https://thehackernews.com/2026/05/muddywater-uses-microsoft-teams-to.html
Only One in Nine Ransomware Attacks Is Made Public
Ransomware appears to be significantly under-reported, with BlackFog identifying 2,160 undisclosed attacks in the first quarter, compared with just 264 publicly disclosed incidents. The average ransom demand exceeded $1 million, with victims across 97 countries. Healthcare was the most targeted sector, accounting for 27% of reported attacks, followed by government and technology. Logistics saw a 200% year-on-year increase. The findings also show that stolen data was involved in 96% of attacks, highlighting the growing risk of sensitive information being taken before disruption is even visible.
https://betanews.com/article/only-one-in-nine-ransomware-attacks-is-made-public/
Five Eyes Spook Shops Warn Rapid Rollouts of Agentic AI Are Too Risky
Five Eyes security agencies (UK, US, Canada, Australia and New Zealand) have warned that rapid adoption of agentic AI, where systems can take actions on behalf of users, could create new risks across critical infrastructure and defence. Their joint guidance highlights 23 risks and more than 100 recommended safeguards, noting that these systems often rely on multiple tools, data sources and permissions. If poorly controlled, they could be exploited to alter contracts, approve payments or delete audit records. Organisations are advised to adopt agentic AI gradually, starting with low-risk tasks and maintaining strong human oversight.
AI Speeds Flaw Discovery, Forcing Rapid Updates, UK NCSC Warns
The UK National Cyber Security Centre (NCSC) has warned that artificial intelligence is accelerating the discovery of weaknesses in software, increasing the likelihood of a surge in urgent security updates. Skilled attackers can now find and exploit flaws faster, creating pressure for organisations to update systems quickly across cloud, supplier and internal technology environments. Priority should be given to internet-facing systems, critical security tools and older technologies that no longer receive updates. Where possible, automatic updates should be enabled, supported by clear risk-based processes to decide what must be fixed first.
Bank Executives Cite Economy, Cyber Security Risks as Top Concerns
Bank executives are increasingly concerned about economic uncertainty and cyber security risk, with IntraFi’s Q1 2026 survey of 409 US bank leaders finding 29% cited cyber security and fraud as their top concern for the year ahead. Many pointed to criminals’ growing use of artificial intelligence, where software can be used to create more convincing scams or automate attacks. A possible economic downturn was also a major worry, cited by 56% as either the biggest or second biggest concern.
North Korea Stole 76% of All Crypto Taken in 2026
North Korea-linked hackers accounted for 76% of all cryptocurrency stolen by cyber criminals in 2026 up to the end of April, according to TRM Labs. Two attacks alone drained $577 million from decentralised finance platforms, despite representing only 3% of recorded incidents. The group has reportedly stolen more than $6 billion from crypto protocols since 2017, with its share of theft rising sharply each year. The incidents highlight the scale and sophistication of long‑planned intrusion activity, as well as weaknesses in complex digital finance platforms.
https://coinmarketcap.com/academy/article/north-korea-crypto-theft-76-percent-2026
Governance, Risk and Compliance
Cyber is the Number One Global “People Risk,” Says Marsh - Infosecurity Magazine
UK business breach rate stuck at 43%... blame the phishing • The Register
Almost half of UK businesses hit by cyber attacks | Computer Weekly
UK Cyber Resilience Plateaus as AI and Supply Chain Risks Rise | SC Media UK
Cyber still dominates global risk thinking – Marsh
Skills Gap Top CISO Concern, Says New SANS Survey
Bank Executives Cite Economy, Cybersecurity Risks as Top Concerns
How CISOs should utilize data security posture management to inform risk | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Only one in nine ransomware attacks is made public - BetaNews
Ransomware victims increase 389 percent fueled by AI - BetaNews
Two new extortion crews are speedrunning the Scattered Spider playbook | CyberScoop
Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks
MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
Iranian cyber espionage disguised as a Chaos Ransomware attack
Qilin Ransomware Enumerates RDP Authentication History on a Compromised Server
Cybersecurity pros jailed for ransomware attacks linked to ALPHV BlackCat | Cybernews
How safe is your money from cyber attack?
Conti, Akira ransomware affiliate given 8-year sentence | The Record from Recorded Future News
Karakurt Ransomware Negotiator Sentenced to Prison - SecurityWeek
Ransom Attacks up, but Payments Headed Down as Cyber Becomes Top of Mind
Five Years On: Lessons Learned From the Colonial Pipeline Cyber-Attack - Infosecurity Magazine
Member Of Russian Ransomware Group Sentenced To Prison – Eurasia Review
Two cybersecurity pros get prison time for helping ransomware gang - Help Net Security
Ransomware and Destructive Attack Victims
Five Years On: Lessons Learned From the Colonial Pipeline Cyber-Attack - Infosecurity Magazine
Instructure confirms data breach, ShinyHunters claims attack
Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats - SecurityWeek
Sandhills Medical Says Ransomware Breach Affects 170,000 - SecurityWeek
Cushman & Wakefield confirms vishing cyberattack
DOJ says ransomware gang tapped into Russian government databases | TechCrunch
Phishing & Email Based Attacks
86% of Phishing Attacks are AI Driven, KnowBe4 Research Finds - IT Security Guru
Cyber is the Number One Global “People Risk,” Says Marsh - Infosecurity Magazine
Email threat landscape: Q1 2026 trends and insights | Microsoft Security Blog
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
ConsentFix v3 Automates OAuth Abuse to Bypass MFA and Hijack Azure Accounts - Security Boulevard
Attackers Deploy AiTM Phishing Pages to Access SharePoint, HubSpot, and Google Workspace
Microsoft Flags Mass Phishing Campaign Using Fake Compliance Emails - Infosecurity Magazine
The Mimecast Portal BEC risk: how attackers stay in the inbox after a password reset | TechFinitive
30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign
Fake SSA Emails Drive Venomous#Helper Phishing Campaign - Infosecurity Magazine
Attackers Abuse Amazon SES to Send Authenticated Phishing Emails That Bypass Security
Education Sector Under Attack From State Espionage, Spear-Phishing, and Supply Chain Attacks
Business Email Compromise (BEC)/Email Account Compromise (EAC)
The Mimecast Portal BEC risk: how attackers stay in the inbox after a password reset | TechFinitive
Other Social Engineering
Cyber is the Number One Global “People Risk,” Says Marsh - Infosecurity Magazine
ConsentFix v3 Automates OAuth Abuse to Bypass MFA and Hijack Azure Accounts - Security Boulevard
Nearly Half of Initial Access Attacks Start With One Human Mistake | perspective | MSSP Alert
Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks
Hugging Face, ClawHub Abused for Malware Distribution - SecurityWeek
Fake background remover spreads password-stealing malware | Cybernews
You’ve hired a fraudulent employee. What comes next? | HR Dive
DigiCert breached via malicious screensaver file - Help Net Security
Romance fraudsters fleeced UK victims of £102M in 2025
InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise | Trend Micro (US)
ClickFix campaign uses fake macOS utilities lures to deliver infostealers | Microsoft Security Blog
Your job search is getting riskier, says LinkedIn - 9 ways to tell real listings from scams | ZDNET
Cushman & Wakefield confirms vishing cyberattack
2FA/MFA
ConsentFix v3 Automates OAuth Abuse to Bypass MFA and Hijack Azure Accounts - Security Boulevard
The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed
Attacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA
Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs | CSO Online
Artificial Intelligence
Five Eyes warn agentic AI is too dangerous for rapid rollout • The Register
86% of Phishing Attacks are AI Driven, KnowBe4 Research Finds - IT Security Guru
New Bluekit phishing service includes an AI assistant, 40 templates
UK cyber security agency warns of AI-driven 'patch wave' - iTnews
The AI Vulnerability Storm Is Here. Is Your Security Program Breach Ready? - Security Boulevard
AI speeds flaw discovery, forcing rapid updates, UK NCSC warns
AI Adoption Outpaces Safety Policies, Leaving Organizations Exposed - Infosecurity Magazine
Your AI Agents Are Already Inside the Perimeter. Do You Know What They're Doing?
UK Cyber Resilience Plateaus as AI and Supply Chain Risks Rise | SC Media UK
If AI's So Smart, Why Does It Keep Deleting Production Databases?
AI digs up decades of code debt. Patch up. • The Register
Shadow AI risks deepen as 31% of users get no employer training - Help Net Security
We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is
Malicious OpenClaw DeepSeek Skill Exploits Agentic AI Workflows to Deliver RAT and Stealer
Hugging Face, ClawHub Abused for Malware Distribution - SecurityWeek
How safe is your money from cyber attack?
Cyber talent harder to find as AI reshapes threat landscape - CNA
Europe’s laws ‘ill-equipped’ to deal with superhacking AI, lawmakers warn – POLITICO
Does Anthropic's Claude Mythos break the cyber insurance underwriting model? | Insurance Times
Malicious PyTorch Lightning update hits AI supply chain security
Mythos is 'very heightened risk': JPMorganChase's Jamie Dimon | American Banker
One in four MCP servers opens AI agent security to code execution risk - Help Net Security
British mathematician hands OpenClaw agent a credit card
Why Chrome may have quietly downloaded a 4GB file to your PC - and how to get rid of it | ZDNET
Met Police face criticism for using AI to spy on their own officers - Help Net Security
AI-BOMs replace SBOMs as way to track AI agents and bots • The Register
India orders infosec red alert in case Mythos sparks crime
When AI Starts Making Decisions, Cybersecurity Becomes A Governance Issue | Scoop News
Careers, Roles, Skills, Working in Cyber and Information Security
CISOs step up to the security workforce challenge | CSO Online
Cyber talent harder to find as AI reshapes threat landscape - CNA
Anthropic’s Mythos and the global cybersecurity gap - Rest of World
Skills Gap Top CISO Concern, Says New SANS Survey
Cloud/SaaS
ConsentFix v3 Automates OAuth Abuse to Bypass MFA and Hijack Azure Accounts - Security Boulevard
Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks
Attackers Deploy AiTM Phishing Pages to Access SharePoint, HubSpot, and Google Workspace
Azure AD Conditional Access Bypassed Through Phantom Device Registration and PRT Abuse
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
North Korea Stole 76% of All Crypto Taken in 2026 | CoinMarketCap
Darkhub Hacking-for-Hire Portal Advertises Crypto Fraud, Message Interception, and Monitoring
Police dismantles 9 crypto scam centers, arrests 276 suspects
Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M
New FEMITBOT Network Uses Telegram Mini Apps to Push Crypto Fraud and Android Malware
Cyber Crime, Organised Crime & Criminal Actors
Darkhub Hacking-for-Hire Portal Advertises Crypto Fraud, Message Interception, and Monitoring
Police dismantles 9 crypto scam centers, arrests 276 suspects
Europol Busts Albanian Scam Call Centers in Major Online Fraud Case - Infosecurity Magazine
French prosecutors link 15-year-old to gov mega-breach • The Register
Data Breaches/Leaks
French prosecutors link 15-year-old to gov mega-breach • The Register
Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats
Trellix Source Code Breach Highlights Supply Chain Threats
Instructure hacker claims data theft from 8,800 schools, universities
Police statement 10 months after Glasgow City Council cyber attack | Glasgow Times
A DOD contractor’s API flaw exposed military course data and service member records | CyberScoop
Sandhills Medical Says Ransomware Breach Affects 170,000 - SecurityWeek
Denial of Service/DoS/DDoS
Canonical Says Ubuntu Infrastructure Is Facing Cross-Border DDoS Attack
New Cisco DoS flaw requires manual reboot to revive devices
Encryption
Agent’s claims on WhatsApp access spark security concerns
What to Know About Quantum Computing and Your Cybersecurity Progr
Fraud, Scams and Financial Crime
Romance fraudsters fleeced UK victims of £102M in 2025
Darkhub Hacking-for-Hire Portal Advertises Crypto Fraud, Message Interception, and Monitoring
You’ve hired a fraudulent employee. What comes next? | HR Dive
Police dismantles 9 crypto scam centers, arrests 276 suspects
Europol Busts Albanian Scam Call Centers in Major Online Fraud Case - Infosecurity Magazine
Your job search is getting riskier, says LinkedIn - 9 ways to tell real listings from scams | ZDNET
Insider Risk and Insider Threats
1 in 8 workers say selling company logins is justifiable
You’ve hired a fraudulent employee. What comes next? | HR Dive
Cyber is the Number One Global “People Risk,” Says Marsh - Infosecurity Magazine
Employees are now more dangerous to their company than external hackers | TechRadar
Nearly Half of Initial Access Attacks Start With One Human Mistake | perspective | MSSP Alert
Why Trained Employees Are Still Falling for Phishing Attacks
Insurance
How cyber insurance helped with breach recovery -- or not | TechTarget
Does Anthropic's Claude Mythos break the cyber insurance underwriting model? | Insurance Times
Law Enforcement Action and Take Downs
US ransomware negotiators get 4 years in prison over BlackCat attacks
Police dismantles 9 crypto scam centers, arrests 276 suspects
Europol Busts Albanian Scam Call Centers in Major Online Fraud Case - Infosecurity Magazine
French prosecutors link 15-year-old to gov mega-breach • The Register
A Ransomware Negotiator Was Working for a Ransomware Gang - Schneier on Security
Conti, Akira ransomware affiliate given 8-year sentence | The Record from Recorded Future News
Karakurt Ransomware Negotiator Sentenced to Prison - SecurityWeek
Police statement 10 months after Glasgow City Council cyber attack | Glasgow Times
Member Of Russian Ransomware Group Sentenced To Prison – Eurasia Review
Two cybersecurity pros get prison time for helping ransomware gang - Help Net Security
Russian hacker pleads guilty to cyberattacks on US, Ukrainian oil and gas facilities
Linux and Open Source
The Evolution of Open Source Malware: From Volume to Trust Abuse
Canonical Says Ubuntu Infrastructure Is Facing Cross-Border DDoS Attack
New stealthy Quasar Linux malware targets software developers
Malware
Malicious OpenClaw DeepSeek Skill Exploits Agentic AI Workflows to Deliver RAT and Stealer
Hugging Face, ClawHub Abused for Malware Distribution - SecurityWeek
Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs | CSO Online
Fake background remover spreads password-stealing malware | Cybernews
ClickFix campaign uses fake macOS utilities lures to deliver infostealers | Microsoft Security Blog
New Deep#Door RAT uses stealth and persistence to target Windows
1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom - SecurityWeek
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack - Ars Technica
The Evolution of Open Source Malware: From Volume to Trust Abuse
New FEMITBOT Network Uses Telegram Mini Apps to Push Crypto Fraud and Android Malware
New stealthy Quasar Linux malware targets software developers
New MicroStealer Malware Actively Attacking Telecom & Education Sectors
China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
North Korean APT Targets Yanbian Gamers via Trojanized Platform - Infosecurity Magazine
Mobile
Attacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA
Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs | CSO Online
New FEMITBOT Network Uses Telegram Mini Apps to Push Crypto Fraud and Android Malware
Critical Android vulnerability CVE-2026-0073 fixed by Google
Critical Android Zero-Click Vulnerability Grants Remote Shell Access
Passwords, Credential Stuffing & Brute Force Attacks
1 in 8 workers say selling company logins is justifiable
Fake background remover spreads password-stealing malware | Cybernews
The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed
Microsoft Edge Stores All Saved Passwords in Cleartext Process Memory at Launch
The Passwordless Future Has a Password Problem - Security Boulevard
Syncing passkeys to Google defeats the whole point of passkeys
I'm a cyber security expert - 60% of the public are making this dangerous mistake
Regulations, Fines and Legislation
Europe’s laws ‘ill-equipped’ to deal with superhacking AI, lawmakers warn – POLITICO
Kids can bypass some age checks with a drawn-on mustache • The Register
UK age-gating plans risk breaking the internet, privacy groups warn
Brussels reissues its Huawei warning, and prepares to make it stick
US lists offensive cyberattacks in counterterrorism strategy - Nextgov/FCW
Social Media
30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign
Vimeo confirms breach via third-party vendor impacts 119K users
Supply Chain and Third Parties
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack - Ars Technica
UK Cyber Resilience Plateaus as AI and Supply Chain Risks Rise | SC Media UK
1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom - SecurityWeek
Trellix Source Code Breach Highlights Supply Chain Threats
DigiCert breached via malicious screensaver file - Help Net Security
Vimeo confirms breach via third-party vendor impacts 119K users
A DOD contractor’s API flaw exposed military course data and service member records | CyberScoop
Instructure Breach Exposes Schools' Vendor Dependence
Education Sector Under Attack From State Espionage, Spear-Phishing, and Supply Chain Attacks
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware
MuddyWater hackers use Chaos ransomware as a decoy in attacks
MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
Russian cyberattacks against Ukraine may be considered war crimes - CCD | УНН
War is not just missiles, defence experts warn Britons
How Iranian Cyber Intrusions Unfold Inside Enterprise Networks
Small Defense Firms Lack Network Data to Stop Nation-State Hackers - Infosecurity Magazine
Nation State Actors
Small Defense Firms Lack Network Data to Stop Nation-State Hackers - Infosecurity Magazine
China
FBI: China's hacker-for-hire ecosystem 'out of control' • The Register
China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists
Brussels reissues its Huawei warning, and prepares to make it stick
Chinese spy group caught lurking in Poland, Asia networks • The Register
Police dismantles 9 crypto scam centers, arrests 276 suspects
Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M
China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
EU moves to ban high-risk inverters from China over cybersecurity threats | Euronews
Russia
Russian cyberattacks against Ukraine may be considered war crimes - CCD | УНН
Russian hacker pleads guilty to cyberattacks on US, Ukrainian oil and gas facilities
DOJ says ransomware gang tapped into Russian government databases | TechCrunch
Russia disrupts mobile internet as Kremlin scales back Victory Day parade | The Independent
North Korea
North Korea Stole 76% of All Crypto Taken in 2026 | CoinMarketCap
You’ve hired a fraudulent employee. What comes next? | HR Dive
North Korean APT Targets Yanbian Gamers via Trojanized Platform - Infosecurity Magazine
Iran
Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware
MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
Iranian cyber espionage disguised as a Chaos Ransomware attack
How Iranian Cyber Intrusions Unfold Inside Enterprise Networks
Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
FBI: China's hacker-for-hire ecosystem 'out of control' • The Register
Tools and Controls
UK Cyber Resilience Plateaus as AI and Supply Chain Risks Rise | SC Media UK
US ransomware negotiators get 4 years in prison over BlackCat attacks
How cyber insurance helped with breach recovery -- or not | TechTarget
Azure AD Conditional Access Bypassed Through Phantom Device Registration and PRT Abuse
AI digs up decades of code debt. Patch up. • The Register
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
RMM Tools Fuel Stealthy Phishing Campaign
Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha
Windows Remote Desktop Leaves Behind Image Fragments Attackers Can Stitch Into Screenshots
Security’s Blind Spot: The Threats Hiding In “Low-Severity” Alerts
The Passwordless Future Has a Password Problem - Security Boulevard
Mythos is 'very heightened risk': JPMorganChase's Jamie Dimon | American Banker
India orders infosec red alert in case Mythos sparks crime
When AI Starts Making Decisions, Cybersecurity Becomes A Governance Issue | Scoop News
Amazon SES increasingly abused in phishing to evade detection
How CISOs should utilize data security posture management to inform risk | CSO Online
Understanding Digital Forensics After A Cyber Incident
Europe’s laws ‘ill-equipped’ to deal with superhacking AI, lawmakers warn – POLITICO
Microsoft fixes Remote Desktop warnings displaying incorrectly
Tape's strategic role in modern data protection | TechTarget
After dissing Anthropic for limiting Mythos, OpenAI restricts access to Cyber, too | TechCrunch
Financial Services Industry Collaborates to Test Real-World Cyber Readiness
Other News
Windows Remote Desktop Leaves Behind Image Fragments Attackers Can Stitch Into Screenshots
UK: Education Sector Faces Surge in Cyber Breaches - Infosecurity Magazine
Cybercriminals Are Now Coming After Freight Cargo. And They’re Doing a Great Job.
CISA tells critical organizations to prepare for cyber outages | Federal News Network
Cyberattacks against universities becoming ‘more prevalent’
Physical Cargo Theft Gets a Boost From Cybercriminals
Vulnerability Management
The AI Vulnerability Storm Is Here. Is Your Security Program Breach Ready? - Security Boulevard
AI speeds flaw discovery, forcing rapid updates, UK NCSC warns
AI digs up decades of code debt. Patch up. • The Register
Security’s Blind Spot: The Threats Hiding In “Low-Severity” Alerts
Oracle Debuts Monthly Critical Security Patch Updates - SecurityWeek
Why every organization should make it easy to report security flaws
Vulnerabilities
cPanel zero-day exploited for months before patch release (CVE-2026-41940) - Help Net Security
Over 40,000 Servers Compromised in Ongoing cPanel Exploitation - SecurityWeek
Critical cPanel exploited: 'Millions' of sites could be hit • The Register
Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
Exploit Cyber-Frenzy Threatens Millions via cPanel Vulnerability
Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940
MOVEit automation flaws could enable full system compromise
Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks - SecurityWeek
Ivanti customers confront yet another actively exploited zero-day | CyberScoop
Cisco Patches High-Severity Vulnerabilities in Enterprise Products - SecurityWeek
SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. Patch them now
Linux 'Copy Fail' flaw lets anyone hijack system privileges. Update ASAP | PCWorld
'Copy Fail' is a real Linux security crisis wrapped in AI slop | CyberScoop
New Linux 'Dirty Frag' zero-day gives root on all major distros
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution
Google Chrome 148 Released with 127 Security Fixes, Three Critical Vulnerabilities Patched
Apache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCE
New Cisco DoS flaw requires manual reboot to revive devices
Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover - SecurityWeek
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
Weaver E-cology critical bug exploited in attacks since March
Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft - SecurityWeek
Malicious PyTorch Lightning update hits AI supply chain security
Critical Android Zero-Click Vulnerability Grants Remote Shell Access
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.