Black Arrow Cyber Threat Intelligence Briefing 10 July 2026
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
There is a temptation to focus on AI related news in cyber security at the expense of discussing the evolution of more established attacks and risks. Although this week we include news on the first fully agentic AI ransomware attack, we start by highlighting other ongoing attacks affecting organisations today that are notable for their speed and tactics in order that business leaders can address them. These include attacks on Microsoft 365 accounts and web browsers, as well as attackers impersonating authorities.
The agentic ransomware development is significant, not because the individual attack tactics are new, but because of the speed at which AI can work through challenges to achieve its objective. This, and other developments, highlight the need for business leaders not only to govern cyber security appropriately, based on risk to reduce the likelihood of an attack, but also to ensure that the leadership team understands how the organisation will respond if or when an attack succeeds.
Our recommendation is for the leadership team itself to participate in a tabletop walkthrough of an evolving attack scenario, led by impartial experts who can challenge assumptions and clarify understandings. This is an Incident Response Exercise that is not an IT activity and should not be designed by any control provider; the objective is for all control providers and the leadership to work through the required response across the organisation for situations where controls fail. This is a very impactful exercise; contact us to discuss how we enable organisations to achieve this in a proportionate manner.
Top Cyber Stories of the Last Week
ConsentFix and ClickFix: How Microsoft 365 Accounts Are Hijacked in 3 Seconds
An attack called ConsentFix builds on the ClickFix technique, where criminals trick users into following familiar online instructions that secretly hand over access. In this case, victims are lured through platforms such as Dropbox or DocSend and shown what appears to be a normal Microsoft 365 sign-in process. Dragging the callback link into the browser can expose OAuth tokens, giving criminals access to Microsoft 365 without the password and despite multi-factor authentication. Because the instructions resemble normal online workflows, staff awareness should be reinforced by monitoring endpoints and identities for suspicious behaviour or logins from unexpected locations.
New Ghost Phishing Wave Is Breaking Traditional Email Security
An EvilTokens phishing campaign affecting organisations in the US and Europe exposes a gap in conventional email checks. Its malicious content remains encrypted during initial inspection and appears only after the link opens in the user’s browser. Victims are then guided through Microsoft’s genuine device-code sign-in process and unknowingly authorise access to Microsoft 365 without surrendering their password. Data from 15,000 organisations puts 2026 phishing exposure at 75.6% in consulting, 72.8% in financial services and 71.9% in manufacturing, showing why security teams need visibility into what webpages do after they load.
https://thehackernews.com/2026/07/new-ghost-phishing-wave-is-breaking.html
Hackers Are Posing as Interpol to Target Small Businesses – Here’s What You Need to Know
Small businesses in North America, Europe, Asia and the Middle East are receiving phishing emails that impersonate Interpol cyber crime investigators. The emails claim to contain evidence of suspicious activity and pressure recipients into opening a password-protected file hosted on Proton Drive. Instead, the file contains ransomware that tries to encrypt files found on accessible drives before showing victims a ransom demand. Bitdefender found the campaign targeting sectors including finance, technology, legal services, food, agriculture, pharmaceuticals and media. The ransomware is relatively simple, but small businesses remain attractive targets because security responsibilities often fall to employees without specialist support.
Cyber Experts Issue Alert After Two Ransomware Groups Team Up on ‘Unprecedented’ Threat Campaign
Sophos has warned that ransomware groups Vect and TeamPCP are working together in a campaign that combines stolen login details, data theft and ransomware deployment. The partnership, announced in March, shows how cyber criminal groups are increasingly operating like businesses by pooling specialist skills. TeamPCP has compromised trusted open source tools, and Sophos says credentials it obtained have already been used in a Vect ransomware attack. Organisations relying on open source software should keep current records of those tools and check the integrity of third-party updates before rolling them out.
First Fully Agentic Ransomware Attack Sparks Readiness Concerns
Sysdig has identified what it describes as the first fully AI-led ransomware attack, where an AI agent exploited a known weakness in an internet-facing system, stole credentials and encrypted a production database. The techniques were familiar, but the pace was notable: after an unsuccessful login, the AI adapted and succeeded 31 seconds later. Business leaders do not need a different defensive model, but they have less time to intervene. Organisations should reduce exposure of internet-facing services, fix known weaknesses promptly, protect credentials and ensure response teams can contain intrusions before important systems are affected.
The AI Vulnerability Storm Is Here: Is Your Security Program Ready?
The Cloud Security Alliance warns that advanced AI tools could reduce the time between finding a software flaw and exploiting it to just hours. Its report says emerging AI models have already found thousands of serious weaknesses across major operating systems and browsers, creating working attack methods without human guidance. For senior leaders, this changes the risk profile. Patch cycles, incident response and board reporting based on slower, human-led attacks may no longer be realistic. Organisations should identify and segregate critical applications, strengthen basic controls and introduce safe, structured automation to accelerate vulnerability management and incident response.
Enterprise AI Still Smarting from Leaping Before Looking
DigiCert has found that 78% of enterprises using AI have either suffered an AI-related security incident or identified AI-related weaknesses. The survey of 1,001 IT and cyber security leaders in the US, UK and Australia found that the incidents involved unauthorised or incorrectly configured AI agents. While 90% of organisations have discussed AI governance at board level, only half have dedicated budgets and formal programmes, and just 53% can identify which models and source data produced a particular AI decision. This leaves organisations less able to explain unexpected or controversial results.
European Central Bank Demands AI Security ‘Action Plan’
The European Central Bank has given major banks until 31 October 2026 to submit action plans for defending against AI-enabled cyber threats. The regulator warned that AI can identify security weaknesses at speed, making unresolved vulnerabilities more serious for operational resilience. Bank management may therefore need to reconsider technology spending and the people assigned to cyber security. Required actions include faster patching, stronger monitoring and detection, and effective oversight of third parties, with named owners and implementation dates. The ECB also warned that progress in quantum computing threatens traditional encryption and will demand long-term planning and investment.
https://www.computerweekly.com/news/366645712/European-Central-Bank-demands-AI-security-action-plan
SonicWall Research Finds Financial Services Running Overdrawn on Cyber Defences as Attack Intensity Outpaces Every Other Tracked Industry
SonicWall found that financial services faced the highest cyber attack intensity of any sector it tracks in the first half of 2026, with 132,378 intrusion prevention system detections per device, more than double the cross-sector average. The sector also recorded 39,341 malware hits per firewall, second only to healthcare. Many attacks continue to target old, well-understood weaknesses in legacy banking and payment systems. Leaders should examine whether ageing systems and broad access arrangements are leaving known weaknesses unresolved because remediation would interrupt essential services.
Organisations Struggle to Prioritise Known Cyber Risks
Filigran has found that most organisations are collecting more cyber risk data but still lack a clear view of their exposure. Its research found that 93% struggle to maintain an accurate view of their attack surface, meaning the systems and services that attackers could target, while only 41% have a consolidated view of cyber risk. More information is not producing clearer priorities. Organisations need to combine threat intelligence with evidence of which exposures can actually be exploited. Analysts spend an average of 17 hours a week investigating risks later found to be low priority or not exploitable.
https://www.helpnetsecurity.com/2026/07/03/cyber-risk-exposure-report/
How Faster Cyber Attacks Are Reshaping Enterprise Cyber Security Strategies
CrowdStrike’s 2026 Global Threat Report found that the average time taken for an attacker to move from initial access to stealing or damaging data fell to just 29 minutes in 2025, down from 48 minutes in 2024 and 84 minutes in 2022. Attackers are increasingly “logging in” with stolen usernames and passwords rather than breaking in with malware, making attacks harder to spot. As AI accelerates attacks and vulnerability exploitation, organisations need rapid patching, contextual monitoring of account activity and regularly exercised incident response plans.
https://www.infosecurity-magazine.com/news-features/faster-cyberattacks-reshape/
The Shift Toward Business-Aligned Risk Management
Cyber risk management is most useful when it connects security issues to real business consequences. Senior leaders can make better decisions when a technical severity score is translated into the effect of compromising a payment system handling $2 million each day. Organisations are being encouraged to move away from one-off risk assessments and towards a continuous approach that links threats, controls, likely financial impact and treatment options. This lets leaders compare stronger or alternative controls with insurance, recognising that insurance can offset financial loss but does not restart operations or repair damaged customer confidence and regulatory standing.
https://www.securityweek.com/the-shift-toward-business-aligned-risk-management/
Governance, Risk and Compliance
The Shift Toward Business-Aligned Risk Management - SecurityWeek
How Faster Cyber-Attacks Are Reshaping Cybersecurity Strategy - Infosecurity Magazine
You Don’t Get Out Of A Cybersecurity Mess By Writing A Check
Organizations struggle to prioritize known cyber risks - Help Net Security
Immunology And Cybersecurity: Nature's Lessons About Adaptive Defense
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
First fully agentic ransomware attack sparks readiness concerns | TechTarget
Criminals Pose as Interpol in Phishing Emails to Deliver Ransomware - Infosecurity Magazine
Gentlemen Ransomware Expands Global Attack Campaigns
Why this fully agentic ransomware attack is giving researchers nightmares | ZDNET
The Gentlemen Ransomware: What You Need to Know | Fortra
Smooth AI criminal drives 'first' end-to-end agentic ransomware attack
Qilin Dominates Ransomware Market - Infosecurity Magazine
New Avalon Malware Framework Packs CrownX Ransomware Capabilities
Threat Spotlight: ShinyHunters Fast-Tracks Saas Access with Subdomain Impersonation
Q3 Threat Spotlight: How Automation, Customization, and Tooling Signal Next Ransomware Front Runners
Windows is watching: Anti-piracy tool fingers Scattered Spider suspect
Hacked, leaked, and held for ransom: The worst breaches of 2026 so far | TechCrunch
Scattered Spider’s Structure More Like a Cybercrime Collective - Infosecurity Magazine
When Cyberattacks Walk Through the Front Door - Above the Law
US Teenager Arrested In Finland For Scattered Spider Hacks
Ransomware and Destructive Attack Victims
Medtronic Data Breach Impacts 3.8 Million People - SecurityWeek
U.S. Government Agency Paid $1M to Data Extortion Group Kairos
Phishing & Email Based Attacks
ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
Microsoft 365 Phishing Panel Uses OAuth Device Code Flow to Capture Tokens and Persist Access
Hackers are posing as Interpol to target small businesses – here's what you need to know | IT Pro
New Ghost Phishing Wave Is Breaking Traditional Email Security
Phishing poses as big-brand job interview to steal Google accounts
AnyDesk Phishing Attack Uses Scheduled Task Persistence and Artifact Deletion to Evade Detection
Multi-channel phishing attacks: How to manage the risk | IT Pro
Messaging fraud trends point to smarter attacks, stronger blocking - Help Net Security
Government and Healthcare Are the Weakest Links in Global Email Security
Armored Likho APT Targeting Government, Electric Power Entities - SecurityWeek
Phishing Attacks Targeted Facebook Users With Fake Verification Offer - Infosecurity Magazine
Other Social Engineering
ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
Microsoft 365 Phishing Panel Uses OAuth Device Code Flow to Capture Tokens and Persist Access
Fake IT support calls on Microsoft Teams push EtherRAT malware
Entra passkey enrollment vishing targets Microsoft 365 users
Multi-channel phishing attacks: How to manage the risk | IT Pro
Messaging fraud trends point to smarter attacks, stronger blocking - Help Net Security
Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts | Malwarebytes
Fake IT bods on Microsoft Teams coax workers into installing malware
The fake report message that ends with a stolen Reddit account - Help Net Security
When Cyberattacks Walk Through the Front Door - Above the Law
Opera rolls out Paste Protect feature to fight ClickFix attacks
Deepfakes and Vishing: What You Need to Know to Stay Protected | The Motley Fool
2FA/MFA
OAuth, guest accounts, and weak MFA drive SaaS risk - Help Net Security
MFA-optional banks leave safe doors (and accounts) wide open for thieves to pillage
Artificial Intelligence
First fully agentic ransomware attack sparks readiness concerns | TechTarget
Warning Over “Industrialized” Cyber-Attacks by Ransomware Gang - Infosecurity Magazine
JadePuffer ransomware used AI agent to automate entire attack
Why this fully agentic ransomware attack is giving researchers nightmares | ZDNET
Bank of England Warns AI Raises Financial Cyber Risks | EasternEye
Enterprise AI still smarting from leaping before looking
Thousands of malicious AI skills found capable of stealing data, running malware - Help Net Security
AI is turning overshared data into a major security risk | perspective | SC Media
European Central Bank demands AI security ‘action plan’ | Computer Weekly
The future of payment fraud could be automated - Help Net Security
Hackers can use 9 of the most popular AI tools to assemble massive botnets - Ars Technica
Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It
Threat Actors Uses Agentic AI to Rapidly Compromise Cloud Target - Infosecurity Magazine
Chinese LLMs Broaden the Gap Between Attackers & Defenders
What an AI ‘cyber nuclear war’ would actually look like | The Independent
How to prioritize AI agent security by business impact - Help Net Security
Indirect Prompt Injection in Web Content Targets AI Agents - Infosecurity Magazine
Dialogflow CX 'Rogue Agent' Flaw Enabled AI Chatbot Data Theft
Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots
Anthropic Details Claude Fable 5 Cybersecurity Safeguards and Jailbreak Framework
Navigating NIST’s New Cybersecurity AI Frontier
Attackers using Langflow flaw for credential harvesting (CVE-2026-55255) - Help Net Security
French nonprofit starts global intelligence and research hub for AI cyber threats | CyberScoop
AI-driven cyber warfare reshapes global defense readiness | native | MSSP Alert
Deepfake CSAM lawsuit against xAI, Grok expands | CyberScoop
AI is making compliance decisions. Can you prove how? | perspective | MSSP Alert
AI-Generated Malware Powers New Armored Likho APT Campaign
China issues 'backdoor' security alert over Anthropic's Claude Code | Reuters
AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers
Bots/Botnets
Hackers can use 9 of the most popular AI tools to assemble massive botnets - Ars Technica
Google, FBI disrupt NetNut botnet spanning 2M devices | Cybernews
Google disrupts Israel-linked proxy network used to spread malware – Middle East Monitor
Careers, Roles, Skills, Working in Cyber and Information Security
CISO's guide to hiring for the right cybersecurity skills | TechTarget
Cloud/SaaS
ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
Fake IT support calls on Microsoft Teams push EtherRAT malware
Microsoft 365 users fall victim to one-in-a-million password spray attack – Computerworld
UK’s largest businesses dangerously exposed to cloud outages | Computer Weekly
Threat Actors Uses Agentic AI to Rapidly Compromise Cloud Target - Infosecurity Magazine
Entra passkey enrollment vishing targets Microsoft 365 users
OAuth, guest accounts, and weak MFA drive SaaS risk - Help Net Security
Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts | Malwarebytes
Fake IT bods on Microsoft Teams coax workers into installing malware
Threat Spotlight: ShinyHunters Fast-Tracks Saas Access with Subdomain Impersonation
FBI targets TeamPCP after massive supply chain attacks | Cybernews
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Vidar Infostealer Hammers SMBs via Malvertising Campaign
New Malicious Campaign Delivers Vidar Stealer and Monero Crypto Miner - Infosecurity Magazine
Cyber Crime, Organised Crime & Criminal Actors
The future of payment fraud could be automated - Help Net Security
Cybersecurity and the Gap Between Skill and Ability - Schneier on Security
Scattered Spider’s Structure More Like a Cybercrime Collective - Infosecurity Magazine
US Teenager Arrested In Finland For Scattered Spider Hacks
Data Breaches/Leaks
Russia has attacked the United Kingdom – again
Hacked, leaked, and held for ransom: The worst breaches of 2026 so far | TechCrunch
US government says it got hacked — again | TechCrunch
Accenture confirms breach after hacker offers stolen data for sale
Medtronic Data Breach Impacts 3.8 Million People - SecurityWeek
Ransomware and Cyber Extortion in Q1 2026
Hackers claim Deutsche Bank data breach, internal data affected| Cybernews
Data/Digital Sovereignty
Study: Europe's defense runs on American servers - EU Reporter
Fraud, Scams and Financial Crime
The future of payment fraud could be automated - Help Net Security
Messaging fraud trends point to smarter attacks, stronger blocking - Help Net Security
Big Brand Jobs Scam Targets Marketing Pros' Google Accounts
Identity and Access Management
Why Identity is the Anchor of the New Digital Frontier
Secret Double Octopus Releases 2026 State of Identity Security in Financial Organizations Report
The Verification Step Is the New ATO Battleground in 2026
Internet of Things – IoT
Google, FBI disrupt NetNut botnet spanning 2M devices | Cybernews
IoT Security Flounders Amid Churning Risk
Law Enforcement Action and Take Downs
Google, FBI disrupt NetNut botnet spanning 2M devices | Cybernews
US Teenager Arrested In Finland For Scattered Spider Hacks
FBI targets TeamPCP after massive supply chain attacks | Cybernews
Google disrupts Israel-linked proxy network used to spread malware – Middle East Monitor
French Police Dismantle Operation Behind the Already Defunct YggTorrent * TorrentFreak
Windows is watching: Anti-piracy tool fingers Scattered Spider suspect
A hacker's arrest just revealed how Microsoft can track your Windows device - Digital Trends
Vietnam arrests suspects behind HiAnime anime piracy service
Spain arrests suspected hacker linked to Russian hacktivist campaign | CyberScoop
Linux and Open Source
North Korean Hackers Target Open Source Developers in Supply Chain Attacks - SecurityWeek
Malvertising
Vidar Infostealer Hammers SMBs via Malvertising Campaign
New Malicious Campaign Delivers Vidar Stealer and Monero Crypto Miner - Infosecurity Magazine
Malware
Warning Over “Industrialized” Cyber-Attacks by Ransomware Gang - Infosecurity Magazine
Vidar Infostealer Hammers SMBs via Malvertising Campaign
New Malicious Campaign Delivers Vidar Stealer and Monero Crypto Miner - Infosecurity Magazine
North Korean Hackers Target Open Source Developers in Supply Chain Attacks - SecurityWeek
Fake IT support calls on Microsoft Teams push EtherRAT malware
North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign
Malware authors subvert AI detection systems | CSO Online
FBI targets TeamPCP after massive supply chain attacks | Cybernews
Google disrupts Israel-linked proxy network used to spread malware – Middle East Monitor
Fake IT bods on Microsoft Teams coax workers into installing malware
Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It
A single malware file can outweigh an entire AI dataset - Help Net Security
New Avalon Malware Framework Packs CrownX Ransomware Capabilities
Newly discovered PamStealer isn't your typical macOS malware - Ars Technica
ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API
Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts | Malwarebytes
New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS
Armored Likho APT Targeting Government, Electric Power Entities - SecurityWeek
Chinese hackers develop LONGLEASH malware to expand ORB network
AI-Generated Malware Powers New Armored Likho APT Campaign
BusySnake Stealer Slithers into Critical Infrastructure Networks
Mobile
Europe Confirms Record €4.1B Penalty Against Google for Android Practices
I never use fingerprint or Face ID to unlock my phones. Here’s why
RedWing Android Spyware Sold as a Service on Telegram - Infosecurity Magazine
Models, Frameworks and Standards
The cyber law that could change everything | Computer Weekly
Ireland facing major fines over failure to enact cybersecurity law | Business Post
Navigating NIST’s New Cybersecurity AI Frontier
EU Cybersecurity Act 2 Advances Amid Member States' Concerns Over EU Competence | Jones Day
NCSC Launches Cyber Governance Guidance for Management Boards in NIS2 Organisations
UK Govt Pairs Agentic AI Initiative With Cyber Resilience Pledge
Government's cyber pledge lands 60 signatories, including M&S and, somehow, Capita
Outages
UK’s largest businesses dangerously exposed to cloud outages | Computer Weekly
Passwords, Credential Stuffing & Brute Force Attacks
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
Russia has attacked the United Kingdom – again
Microsoft 365 users fall victim to one-in-a-million password spray attack – Computerworld
The Verification Step Is the New ATO Battleground in 2026
Regulations, Fines and Legislation
The cyber law that could change everything | Computer Weekly
Ireland facing major fines over failure to enact cybersecurity law | Business Post
Germany plans spy powers to hack attackers | Cybernews
EU Cybersecurity Act 2 Advances Amid Member States' Concerns Over EU Competence | Jones Day
NCSC Launches Cyber Governance Guidance for Management Boards in NIS2 Organisations
Cybersecurity Mission Creep in the US - Schneier on Security
Shadow IT
Social Media
The fake report message that ends with a stolen Reddit account - Help Net Security
Phishing Attacks Targeted Facebook Users With Fake Verification Offer - Infosecurity Magazine
Software Supply Chain
North Korean Hackers Target Open Source Developers in Supply Chain Attacks - SecurityWeek
North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets
Warning Over “Industrialized” Cyber-Attacks by Ransomware Gang - Infosecurity Magazine
FBI targets TeamPCP after massive supply chain attacks | Cybernews
FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials
The GitHub Actions Attack Pattern Your CI Security Scanners Miss
Supply Chain and Third Parties
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
Why hackers are targeting your digital supply chain, not just your systems
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
What an AI ‘cyber nuclear war’ would actually look like | The Independent
AI-driven cyber warfare reshapes global defense readiness | native | MSSP Alert
NATO 3.0 and energy security: Rebalancing transatlantic defence in Ankara – Middle East Monitor
The US military is not organized for cyber war
Nation State Actors
NATO 3.0 and energy security: Rebalancing transatlantic defence in Ankara – Middle East Monitor
China
What an AI ‘cyber nuclear war’ would actually look like | The Independent
Chinese LLMs Broaden the Gap Between Attackers & Defenders
Chinese hackers develop LONGLEASH malware to expand ORB network
US considers ban on Chinese solar inverters - PV Tech
Suspected Chinese Threat Group Targets Universities - Infosecurity Magazine
Did AI help Palo Alto Networks falsely link the company to China? | Cybernews
Hackers can remotely control Hoymiles solar inverters| Cybernews
Russia
Russia has attacked the United Kingdom – again
BBC Cyber Hack podcast investigates Conti ransomware gang - PodcastingToday
Spain arrests suspected hacker linked to Russian hacktivist campaign | CyberScoop
Alleged pro-Russia hacktivist arrested in Palencia
North Korea
North Korean Hackers Target Open Source Developers in Supply Chain Attacks - SecurityWeek
North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign
North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets
Iran
Iran-Linked Hackers Using Modular C&C Framework in Cyberattacks - SecurityWeek
From missiles to malware: Why the Gulf is stepping up its operational resilience | Fortune
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
RedWing Android Spyware Sold as a Service on Telegram - Infosecurity Magazine
What is spyware, and how do you protect yourself? | Proton
Predatorgate victims sue spyware maker Intellexa
European Parliament Member Investigating Spyware Was Hacked With Pegasus
Spain arrests suspected hacker linked to Russian hacktivist campaign | CyberScoop
Tools and Controls
Enterprise AI still smarting from leaping before looking
The Shift Toward Business-Aligned Risk Management - SecurityWeek
North Korean Hackers Target Open Source Developers in Supply Chain Attacks - SecurityWeek
AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers
Organizations struggle to prioritize known cyber risks - Help Net Security
Confidential computing's core trust mechanism is broken. The fix may not exist
Anthropic Details Claude Fable 5 Cybersecurity Safeguards and Jailbreak Framework
Malware authors subvert AI detection systems | CSO Online
Why Identity is the Anchor of the New Digital Frontier
How to prioritize AI agent security by business impact - Help Net Security
Gentlemen Ransomware Expands Global Attack Campaigns
The AI vulnerability storm is here: Is your security program ready? | TechTarget
Detection engineering: A programmatic approach to identifying cyber threats | CSO Online
Evaluating secure enterprise browsers vs. security plugins | TechTarget
Data governance is becoming a security services problem | news | MSSP Alert
Chinese LLMs Broaden the Gap Between Attackers & Defenders
The Verification Step Is the New ATO Battleground in 2026
A hacker's arrest just revealed how Microsoft can track your Windows device - Digital Trends
Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker
AI is making compliance decisions. Can you prove how? | perspective | MSSP Alert
MFA-optional banks leave safe doors (and accounts) wide open for thieves to pillage
Non-interactive SSH attacks dominate after login - Help Net Security
Did AI help Palo Alto Networks falsely link the company to China? | Cybernews
The GitHub Actions Attack Pattern Your CI Security Scanners Miss
Reports Published in the Last Week
Secret Double Octopus Releases 2026 State of Identity Security in Financial Organizations Report
Other News
New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions
NCA Issues Warning to Parents As Shared Child Photos Exploited by AI - Infosecurity Magazine
UAE thwarts ‘sophisticated’ cyberattacks targeting financial sector – Middle East Monitor
US Army websites defaced with pro-Kurdish sentiments, insults to Trump | CyberScoop
Vulnerability Management
Most WordPress sites are outdated, and hackers are noticing | Cybernews
Finding vulnerabilities was never the hard part | CyberScoop
The AI vulnerability storm is here: Is your security program ready? | TechTarget
CISA Reportedly Using Anthropic’s Mythos to Scan Government Software for Flaws - SecurityWeek
Vulnerabilities
Microsoft patches RoguePlanet Defender zero-day vulnerability
Microsoft closes book on Nightmare Eclipse's RoguePlanet zero-day
CVE-2026-0287 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing
Palo Alto Networks Patches 13 Vulnerabilities - SecurityWeek
ClamAV 1.5.3 Open-Source Antivirus Fixes Multiple Security Vulnerabilities
Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices
Critical Gitea Flaw Under Active Exploitation, Researchers Warn - SecurityWeek
Critical Vulnerability Exposes GitHub Agentic Workflows to Prompt Injection - SecurityWeek
Chrome 150 Update Patches 27 Vulnerabilities - SecurityWeek
Attackers using Langflow flaw for credential harvesting (CVE-2026-55255) - Help Net Security
Critical Linux KVM vulnerability exposes cloud servers to takeover | Cybernews
15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros
CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware
Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS
CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
Wireshark 4.6.7 patches a dozen security flaws - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
Automotive
Construction
Critical National Infrastructure (CNI)
Defence & Space
Education & Academia
Energy & Utilities
Estate Agencies
Financial Services
FinTech
Food & Agriculture
Gaming & Gambling
Government & Public Sector (including Law Enforcement)
Health/Medical/Pharma
Hotels & Hospitality
Insurance
Legal
Manufacturing
Maritime & Shipping
Oil, Gas & Mining
OT, ICS, IIoT, SCADA & Cyber-Physical Systems
Retail & eCommerce
Small and Medium Sized Businesses (SMBs)
Startups
Telecoms
Third Sector & Charities
Transport & Aviation
Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.