Black Arrow Cyber Threat Intelligence Briefing 10 July 2026

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

There is a temptation to focus on AI related news in cyber security at the expense of discussing the evolution of more established attacks and risks. Although this week we include news on the first fully agentic AI ransomware attack, we start by highlighting other ongoing attacks affecting organisations today that are notable for their speed and tactics in order that business leaders can address them. These include attacks on Microsoft 365 accounts and web browsers, as well as attackers impersonating authorities.

The agentic ransomware development is significant, not because the individual attack tactics are new, but because of the speed at which AI can work through challenges to achieve its objective. This, and other developments, highlight the need for business leaders not only to govern cyber security appropriately, based on risk to reduce the likelihood of an attack, but also to ensure that the leadership team understands how the organisation will respond if or when an attack succeeds.

Our recommendation is for the leadership team itself to participate in a tabletop walkthrough of an evolving attack scenario, led by impartial experts who can challenge assumptions and clarify understandings. This is an Incident Response Exercise that is not an IT activity and should not be designed by any control provider; the objective is for all control providers and the leadership to work through the required response across the organisation for situations where controls fail. This is a very impactful exercise; contact us to discuss how we enable organisations to achieve this in a proportionate manner.


Top Cyber Stories of the Last Week

ConsentFix and ClickFix: How Microsoft 365 Accounts Are Hijacked in 3 Seconds

An attack called ConsentFix builds on the ClickFix technique, where criminals trick users into following familiar online instructions that secretly hand over access. In this case, victims are lured through platforms such as Dropbox or DocSend and shown what appears to be a normal Microsoft 365 sign-in process. Dragging the callback link into the browser can expose OAuth tokens, giving criminals access to Microsoft 365 without the password and despite multi-factor authentication. Because the instructions resemble normal online workflows, staff awareness should be reinforced by monitoring endpoints and identities for suspicious behaviour or logins from unexpected locations.

https://www.bleepingcomputer.com/news/security/consentfix-and-clickfix-how-microsoft-365-accounts-are-hijacked-in-3-seconds/

New Ghost Phishing Wave Is Breaking Traditional Email Security

An EvilTokens phishing campaign affecting organisations in the US and Europe exposes a gap in conventional email checks. Its malicious content remains encrypted during initial inspection and appears only after the link opens in the user’s browser. Victims are then guided through Microsoft’s genuine device-code sign-in process and unknowingly authorise access to Microsoft 365 without surrendering their password. Data from 15,000 organisations puts 2026 phishing exposure at 75.6% in consulting, 72.8% in financial services and 71.9% in manufacturing, showing why security teams need visibility into what webpages do after they load.

https://thehackernews.com/2026/07/new-ghost-phishing-wave-is-breaking.html

Hackers Are Posing as Interpol to Target Small Businesses – Here’s What You Need to Know

Small businesses in North America, Europe, Asia and the Middle East are receiving phishing emails that impersonate Interpol cyber crime investigators. The emails claim to contain evidence of suspicious activity and pressure recipients into opening a password-protected file hosted on Proton Drive. Instead, the file contains ransomware that tries to encrypt files found on accessible drives before showing victims a ransom demand. Bitdefender found the campaign targeting sectors including finance, technology, legal services, food, agriculture, pharmaceuticals and media. The ransomware is relatively simple, but small businesses remain attractive targets because security responsibilities often fall to employees without specialist support.

https://www.itpro.com/security/cyber-attacks/hackers-are-posing-as-interpol-to-target-small-business-heres-what-you-need-to-know

Cyber Experts Issue Alert After Two Ransomware Groups Team Up on ‘Unprecedented’ Threat Campaign

Sophos has warned that ransomware groups Vect and TeamPCP are working together in a campaign that combines stolen login details, data theft and ransomware deployment. The partnership, announced in March, shows how cyber criminal groups are increasingly operating like businesses by pooling specialist skills. TeamPCP has compromised trusted open source tools, and Sophos says credentials it obtained have already been used in a Vect ransomware attack. Organisations relying on open source software should keep current records of those tools and check the integrity of third-party updates before rolling them out.

https://www.itpro.com/security/ransomware/cyber-experts-issue-alert-after-two-ransomware-groups-team-up-on-unprecedented-threat-campaign

First Fully Agentic Ransomware Attack Sparks Readiness Concerns

Sysdig has identified what it describes as the first fully AI-led ransomware attack, where an AI agent exploited a known weakness in an internet-facing system, stole credentials and encrypted a production database. The techniques were familiar, but the pace was notable: after an unsuccessful login, the AI adapted and succeeded 31 seconds later. Business leaders do not need a different defensive model, but they have less time to intervene. Organisations should reduce exposure of internet-facing services, fix known weaknesses promptly, protect credentials and ensure response teams can contain intrusions before important systems are affected.

https://www.techtarget.com/searchsecurity/news/366645613/First-fully-agentic-ransomware-attack-sparks-readiness-concerns

The AI Vulnerability Storm Is Here: Is Your Security Program Ready?

The Cloud Security Alliance warns that advanced AI tools could reduce the time between finding a software flaw and exploiting it to just hours. Its report says emerging AI models have already found thousands of serious weaknesses across major operating systems and browsers, creating working attack methods without human guidance. For senior leaders, this changes the risk profile. Patch cycles, incident response and board reporting based on slower, human-led attacks may no longer be realistic. Organisations should identify and segregate critical applications, strengthen basic controls and introduce safe, structured automation to accelerate vulnerability management and incident response.

https://www.techtarget.com/searchsecurity/feature/The-AI-vulnerability-storm-is-here-Is-your-security-program-ready

Enterprise AI Still Smarting from Leaping Before Looking

DigiCert has found that 78% of enterprises using AI have either suffered an AI-related security incident or identified AI-related weaknesses. The survey of 1,001 IT and cyber security leaders in the US, UK and Australia found that the incidents involved unauthorised or incorrectly configured AI agents. While 90% of organisations have discussed AI governance at board level, only half have dedicated budgets and formal programmes, and just 53% can identify which models and source data produced a particular AI decision. This leaves organisations less able to explain unexpected or controversial results.

https://www.theregister.com/security/2026/07/07/enterprise-ai-still-smarting-from-leaping-before-looking/5267353

European Central Bank Demands AI Security ‘Action Plan’

The European Central Bank has given major banks until 31 October 2026 to submit action plans for defending against AI-enabled cyber threats. The regulator warned that AI can identify security weaknesses at speed, making unresolved vulnerabilities more serious for operational resilience. Bank management may therefore need to reconsider technology spending and the people assigned to cyber security. Required actions include faster patching, stronger monitoring and detection, and effective oversight of third parties, with named owners and implementation dates. The ECB also warned that progress in quantum computing threatens traditional encryption and will demand long-term planning and investment.

https://www.computerweekly.com/news/366645712/European-Central-Bank-demands-AI-security-action-plan

SonicWall Research Finds Financial Services Running Overdrawn on Cyber Defences as Attack Intensity Outpaces Every Other Tracked Industry

SonicWall found that financial services faced the highest cyber attack intensity of any sector it tracks in the first half of 2026, with 132,378 intrusion prevention system detections per device, more than double the cross-sector average. The sector also recorded 39,341 malware hits per firewall, second only to healthcare. Many attacks continue to target old, well-understood weaknesses in legacy banking and payment systems. Leaders should examine whether ageing systems and broad access arrangements are leaving known weaknesses unresolved because remediation would interrupt essential services.

https://www.prnewswire.com/news-releases/sonicwall-research-finds-financial-services-running-overdrawn-on-cyber-defenses-as-attack-intensity-outpaces-every-other-tracked-industry-302820310.html

Organisations Struggle to Prioritise Known Cyber Risks

Filigran has found that most organisations are collecting more cyber risk data but still lack a clear view of their exposure. Its research found that 93% struggle to maintain an accurate view of their attack surface, meaning the systems and services that attackers could target, while only 41% have a consolidated view of cyber risk. More information is not producing clearer priorities. Organisations need to combine threat intelligence with evidence of which exposures can actually be exploited. Analysts spend an average of 17 hours a week investigating risks later found to be low priority or not exploitable.

https://www.helpnetsecurity.com/2026/07/03/cyber-risk-exposure-report/

How Faster Cyber Attacks Are Reshaping Enterprise Cyber Security Strategies

CrowdStrike’s 2026 Global Threat Report found that the average time taken for an attacker to move from initial access to stealing or damaging data fell to just 29 minutes in 2025, down from 48 minutes in 2024 and 84 minutes in 2022. Attackers are increasingly “logging in” with stolen usernames and passwords rather than breaking in with malware, making attacks harder to spot. As AI accelerates attacks and vulnerability exploitation, organisations need rapid patching, contextual monitoring of account activity and regularly exercised incident response plans.

https://www.infosecurity-magazine.com/news-features/faster-cyberattacks-reshape/

The Shift Toward Business-Aligned Risk Management

Cyber risk management is most useful when it connects security issues to real business consequences. Senior leaders can make better decisions when a technical severity score is translated into the effect of compromising a payment system handling $2 million each day. Organisations are being encouraged to move away from one-off risk assessments and towards a continuous approach that links threats, controls, likely financial impact and treatment options. This lets leaders compare stronger or alternative controls with insurance, recognising that insurance can offset financial loss but does not restart operations or repair damaged customer confidence and regulatory standing.

https://www.securityweek.com/the-shift-toward-business-aligned-risk-management/



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials

First fully agentic ransomware attack sparks readiness concerns | TechTarget

Criminals Pose as Interpol in Phishing Emails to Deliver Ransomware - Infosecurity Magazine

Cyber experts issue alert after two ransomware groups team up on ‘unprecedented’ threat campaign | IT Pro

Gentlemen Ransomware Expands Global Attack Campaigns

Why this fully agentic ransomware attack is giving researchers nightmares | ZDNET

The Gentlemen Ransomware: What You Need to Know | Fortra

Smooth AI criminal drives 'first' end-to-end agentic ransomware attack

Qilin Dominates Ransomware Market - Infosecurity Magazine

New Avalon Malware Framework Packs CrownX Ransomware Capabilities

Threat Spotlight: ShinyHunters Fast-Tracks Saas Access with Subdomain Impersonation

Q3 Threat Spotlight: How Automation, Customization, and Tooling Signal Next Ransomware Front Runners

Windows is watching: Anti-piracy tool fingers Scattered Spider suspect

Hacked, leaked, and held for ransom: The worst breaches of 2026 so far | TechCrunch

Scattered Spider’s Structure More Like a Cybercrime Collective - Infosecurity Magazine

When Cyberattacks Walk Through the Front Door - Above the Law

US Teenager Arrested In Finland For Scattered Spider Hacks

Ransomware and Destructive Attack Victims

Medtronic Data Breach Impacts 3.8 Million People - SecurityWeek

U.S. Government Agency Paid $1M to Data Extortion Group Kairos

Phishing & Email Based Attacks

ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds

Microsoft 365 Phishing Panel Uses OAuth Device Code Flow to Capture Tokens and Persist Access

Hackers are posing as Interpol to target small businesses – here's what you need to know | IT Pro

New Ghost Phishing Wave Is Breaking Traditional Email Security

Phishing poses as big-brand job interview to steal Google accounts

AnyDesk Phishing Attack Uses Scheduled Task Persistence and Artifact Deletion to Evade Detection

Multi-channel phishing attacks: How to manage the risk | IT Pro

Messaging fraud trends point to smarter attacks, stronger blocking - Help Net Security

Government and Healthcare Are the Weakest Links in Global Email Security

Armored Likho APT Targeting Government, Electric Power Entities - SecurityWeek

Phishing Attacks Targeted Facebook Users With Fake Verification Offer - Infosecurity Magazine

Other Social Engineering

ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds

Microsoft 365 Phishing Panel Uses OAuth Device Code Flow to Capture Tokens and Persist Access

Fake IT support calls on Microsoft Teams push EtherRAT malware

Entra passkey enrollment vishing targets Microsoft 365 users

Multi-channel phishing attacks: How to manage the risk | IT Pro

Messaging fraud trends point to smarter attacks, stronger blocking - Help Net Security

Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts | Malwarebytes

Fake IT bods on Microsoft Teams coax workers into installing malware

The fake report message that ends with a stolen Reddit account - Help Net Security

When Cyberattacks Walk Through the Front Door - Above the Law

Opera rolls out Paste Protect feature to fight ClickFix attacks

Deepfakes and Vishing: What You Need to Know to Stay Protected | The Motley Fool

2FA/MFA

OAuth, guest accounts, and weak MFA drive SaaS risk - Help Net Security

MFA-optional banks leave safe doors (and accounts) wide open for thieves to pillage

Artificial Intelligence

First fully agentic ransomware attack sparks readiness concerns | TechTarget

Warning Over “Industrialized” Cyber-Attacks by Ransomware Gang - Infosecurity Magazine

Cyber experts issue alert after two ransomware groups team up on ‘unprecedented’ threat campaign | IT Pro

JadePuffer ransomware used AI agent to automate entire attack

Why this fully agentic ransomware attack is giving researchers nightmares | ZDNET

The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident - Security Affairs

Bank of England Warns AI Raises Financial Cyber Risks | EasternEye

Enterprise AI still smarting from leaping before looking

Thousands of malicious AI skills found capable of stealing data, running malware - Help Net Security

AI is turning overshared data into a major security risk | perspective | SC Media

European Central Bank demands AI security ‘action plan’ | Computer Weekly

The future of payment fraud could be automated - Help Net Security

Hackers can use 9 of the most popular AI tools to assemble massive botnets - Ars Technica

Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It

Threat Actors Uses Agentic AI to Rapidly Compromise Cloud Target - Infosecurity Magazine

Chinese LLMs Broaden the Gap Between Attackers & Defenders

What an AI ‘cyber nuclear war’ would actually look like | The Independent

How to prioritize AI agent security by business impact - Help Net Security

Indirect Prompt Injection in Web Content Targets AI Agents - Infosecurity Magazine

Dialogflow CX 'Rogue Agent' Flaw Enabled AI Chatbot Data Theft

Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots

Anthropic Details Claude Fable 5 Cybersecurity Safeguards and Jailbreak Framework

Navigating NIST’s New Cybersecurity AI Frontier

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255) - Help Net Security

French nonprofit starts global intelligence and research hub for AI cyber threats | CyberScoop

AI-driven cyber warfare reshapes global defense readiness | native | MSSP Alert

Startup sues Palo Alto Networks' Koi Security, saying an AI-hallucinated report falsely linked it to Chinese espionage

Deepfake CSAM lawsuit against xAI, Grok expands | CyberScoop

AI is making compliance decisions. Can you prove how? | perspective | MSSP Alert

AI-Generated Malware Powers New Armored Likho APT Campaign

China issues 'backdoor' security alert over Anthropic's Claude Code | Reuters

AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers

Bots/Botnets

Hackers can use 9 of the most popular AI tools to assemble massive botnets - Ars Technica

Google, FBI disrupt NetNut botnet spanning 2M devices | Cybernews

Google disrupts Israel-linked proxy network used to spread malware – Middle East Monitor

Careers, Roles, Skills, Working in Cyber and Information Security

CISO's guide to hiring for the right cybersecurity skills | TechTarget

Cloud/SaaS

ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds

Fake IT support calls on Microsoft Teams push EtherRAT malware

Microsoft 365 users fall victim to one-in-a-million password spray attack – Computerworld

UK’s largest businesses dangerously exposed to cloud outages | Computer Weekly

Threat Actors Uses Agentic AI to Rapidly Compromise Cloud Target - Infosecurity Magazine

Entra passkey enrollment vishing targets Microsoft 365 users

OAuth, guest accounts, and weak MFA drive SaaS risk - Help Net Security

Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts | Malwarebytes

Fake IT bods on Microsoft Teams coax workers into installing malware

Threat Spotlight: ShinyHunters Fast-Tracks Saas Access with Subdomain Impersonation

FBI targets TeamPCP after massive supply chain attacks | Cybernews

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Vidar Infostealer Hammers SMBs via Malvertising Campaign

New Malicious Campaign Delivers Vidar Stealer and Monero Crypto Miner - Infosecurity Magazine

Cyber Crime, Organised Crime & Criminal Actors

The future of payment fraud could be automated - Help Net Security

Cybersecurity and the Gap Between Skill and Ability - Schneier on Security

Scattered Spider’s Structure More Like a Cybercrime Collective - Infosecurity Magazine

US Teenager Arrested In Finland For Scattered Spider Hacks

Data Breaches/Leaks

Russia has attacked the United Kingdom – again

Hacked, leaked, and held for ransom: The worst breaches of 2026 so far | TechCrunch

US government says it got hacked — again | TechCrunch

Accenture confirms breach after hacker offers stolen data for sale

Medtronic Data Breach Impacts 3.8 Million People - SecurityWeek

Ransomware and Cyber Extortion in Q1 2026

Hackers claim Deutsche Bank data breach, internal data affected| Cybernews

Data/Digital Sovereignty

Study: Europe's defense runs on American servers - EU Reporter

Fraud, Scams and Financial Crime

The future of payment fraud could be automated - Help Net Security

Messaging fraud trends point to smarter attacks, stronger blocking - Help Net Security

Big Brand Jobs Scam Targets Marketing Pros' Google Accounts

Identity and Access Management

Why Identity is the Anchor of the New Digital Frontier

Secret Double Octopus Releases 2026 State of Identity Security in Financial Organizations Report

The Verification Step Is the New ATO Battleground in 2026

Internet of Things – IoT

Google, FBI disrupt NetNut botnet spanning 2M devices ​ | Cybernews

IoT Security Flounders Amid Churning Risk

Law Enforcement Action and Take Downs

Google, FBI disrupt NetNut botnet spanning 2M devices | Cybernews

US Teenager Arrested In Finland For Scattered Spider Hacks

FBI targets TeamPCP after massive supply chain attacks | Cybernews

Google disrupts Israel-linked proxy network used to spread malware – Middle East Monitor

French Police Dismantle Operation Behind the Already Defunct YggTorrent * TorrentFreak

Windows is watching: Anti-piracy tool fingers Scattered Spider suspect

A hacker's arrest just revealed how Microsoft can track your Windows device - Digital Trends

Vietnam arrests suspects behind HiAnime anime piracy service

Spain arrests suspected hacker linked to Russian hacktivist campaign | CyberScoop

Linux and Open Source

North Korean Hackers Target Open Source Developers in Supply Chain Attacks - SecurityWeek

Malvertising

Vidar Infostealer Hammers SMBs via Malvertising Campaign

New Malicious Campaign Delivers Vidar Stealer and Monero Crypto Miner - Infosecurity Magazine

Malware

Warning Over “Industrialized” Cyber-Attacks by Ransomware Gang - Infosecurity Magazine

Cyber experts issue alert after two ransomware groups team up on ‘unprecedented’ threat campaign | IT Pro

Vidar Infostealer Hammers SMBs via Malvertising Campaign

New Malicious Campaign Delivers Vidar Stealer and Monero Crypto Miner - Infosecurity Magazine

North Korean Hackers Target Open Source Developers in Supply Chain Attacks - SecurityWeek

Fake IT support calls on Microsoft Teams push EtherRAT malware

North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign

Malware authors subvert AI detection systems | CSO Online

FBI targets TeamPCP after massive supply chain attacks | Cybernews

Google disrupts Israel-linked proxy network used to spread malware – Middle East Monitor

Fake IT bods on Microsoft Teams coax workers into installing malware

Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It

A single malware file can outweigh an entire AI dataset - Help Net Security

New Avalon Malware Framework Packs CrownX Ransomware Capabilities

Newly discovered PamStealer isn't your typical macOS malware - Ars Technica

ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API

Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts | Malwarebytes

New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS

Armored Likho APT Targeting Government, Electric Power Entities - SecurityWeek

Chinese hackers develop LONGLEASH malware to expand ORB network

AI-Generated Malware Powers New Armored Likho APT Campaign

BusySnake Stealer Slithers into Critical Infrastructure Networks

Mobile

Europe Confirms Record €4.1B Penalty Against Google for Android Practices

I never use fingerprint or Face ID to unlock my phones. Here’s why

RedWing Android Spyware Sold as a Service on Telegram - Infosecurity Magazine

Models, Frameworks and Standards

The cyber law that could change everything | Computer Weekly

Ireland facing major fines over failure to enact cybersecurity law | Business Post

Navigating NIST’s New Cybersecurity AI Frontier

EU Cybersecurity Act 2 Advances Amid Member States' Concerns Over EU Competence | Jones Day

NCSC Launches Cyber Governance Guidance for Management Boards in NIS2 Organisations

UK Govt Pairs Agentic AI Initiative With Cyber Resilience Pledge

Government's cyber pledge lands 60 signatories, including M&S and, somehow, Capita

Businesses across Britain sign up to Cyber Resilience Pledge as ministers urge firms to strengthen cyber defences - GOV.UK

Outages

UK’s largest businesses dangerously exposed to cloud outages | Computer Weekly

Passwords, Credential Stuffing & Brute Force Attacks

Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials

Russia has attacked the United Kingdom – again

Microsoft 365 users fall victim to one-in-a-million password spray attack – Computerworld

The Verification Step Is the New ATO Battleground in 2026

Regulations, Fines and Legislation

The cyber law that could change everything | Computer Weekly

Ireland facing major fines over failure to enact cybersecurity law | Business Post

Germany plans spy powers to hack attackers | Cybernews

EU Cybersecurity Act 2 Advances Amid Member States' Concerns Over EU Competence | Jones Day

NCSC Launches Cyber Governance Guidance for Management Boards in NIS2 Organisations

Trump Imposed Export Controls on Anthropic. Now the Company is Adding New AI Guardrails to Lift Them | IBTimes

Cybersecurity Mission Creep in the US - Schneier on Security

Shadow IT

The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident - Security Affairs

Social Media

The fake report message that ends with a stolen Reddit account - Help Net Security

Phishing Attacks Targeted Facebook Users With Fake Verification Offer - Infosecurity Magazine

Software Supply Chain

North Korean Hackers Target Open Source Developers in Supply Chain Attacks - SecurityWeek

North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

Warning Over “Industrialized” Cyber-Attacks by Ransomware Gang - Infosecurity Magazine

Cyber experts issue alert after two ransomware groups team up on ‘unprecedented’ threat campaign | IT Pro

FBI targets TeamPCP after massive supply chain attacks | Cybernews

FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials

The GitHub Actions Attack Pattern Your CI Security Scanners Miss

Supply Chain and Third Parties

Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials

The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident - Security Affairs

Why hackers are targeting your digital supply chain, not just your systems


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

What an AI ‘cyber nuclear war’ would actually look like | The Independent

AI-driven cyber warfare reshapes global defense readiness | native | MSSP Alert

NATO 3.0 and energy security: Rebalancing transatlantic defence in Ankara – Middle East Monitor

The US military is not organized for cyber war

Making humanitarian protection visible in cyberspace: The promise of the Digital Emblem - Microsoft On the Issues

Nation State Actors

NATO 3.0 and energy security: Rebalancing transatlantic defence in Ankara – Middle East Monitor

China

What an AI ‘cyber nuclear war’ would actually look like | The Independent

Chinese LLMs Broaden the Gap Between Attackers & Defenders

Chinese hackers develop LONGLEASH malware to expand ORB network

US considers ban on Chinese solar inverters - PV Tech

Suspected Chinese Threat Group Targets Universities - Infosecurity Magazine

Did AI help Palo Alto Networks falsely link the company to China? | Cybernews

Hackers can remotely control Hoymiles solar inverters| Cybernews

Russia

Russia has attacked the United Kingdom – again

BBC Cyber Hack podcast investigates Conti ransomware gang - PodcastingToday

Spain arrests suspected hacker linked to Russian hacktivist campaign | CyberScoop

Alleged pro-Russia hacktivist arrested in Palencia

North Korea

North Korean Hackers Target Open Source Developers in Supply Chain Attacks - SecurityWeek

North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign

North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

Iran

Iran-Linked Hackers Using Modular C&C Framework in Cyberattacks - SecurityWeek

From missiles to malware: Why the Gulf is stepping up its operational resilience | Fortune

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

RedWing Android Spyware Sold as a Service on Telegram - Infosecurity Magazine

What is spyware, and how do you protect yourself? | Proton

Predatorgate victims sue spyware maker Intellexa

European Parliament Member Investigating Spyware Was Hacked With Pegasus

Same government, more victims: Access Now calls for an urgent investigation into hacking of MEP - Access Now

Spain arrests suspected hacker linked to Russian hacktivist campaign | CyberScoop

Alleged pro-Russia hacktivist arrested in Palencia


Tools and Controls

Enterprise AI still smarting from leaping before looking

The Shift Toward Business-Aligned Risk Management - SecurityWeek

North Korean Hackers Target Open Source Developers in Supply Chain Attacks - SecurityWeek

AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers

Organizations struggle to prioritize known cyber risks - Help Net Security

Confidential computing's core trust mechanism is broken. The fix may not exist

Anthropic Details Claude Fable 5 Cybersecurity Safeguards and Jailbreak Framework

Malware authors subvert AI detection systems | CSO Online

Why Identity is the Anchor of the New Digital Frontier

How to prioritize AI agent security by business impact - Help Net Security

Gentlemen Ransomware Expands Global Attack Campaigns

The AI vulnerability storm is here: Is your security program ready? | TechTarget

Detection engineering: A programmatic approach to identifying cyber threats | CSO Online

Evaluating secure enterprise browsers vs. security plugins | TechTarget

Data governance is becoming a security services problem | news | MSSP Alert

Chinese LLMs Broaden the Gap Between Attackers & Defenders

The Verification Step Is the New ATO Battleground in 2026

A hacker's arrest just revealed how Microsoft can track your Windows device - Digital Trends

Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker

Startup sues Palo Alto Networks' Koi Security, saying an AI-hallucinated report falsely linked it to Chinese espionage

AI is making compliance decisions. Can you prove how? | perspective | MSSP Alert

MFA-optional banks leave safe doors (and accounts) wide open for thieves to pillage

Non-interactive SSH attacks dominate after login - Help Net Security

Did AI help Palo Alto Networks falsely link the company to China?​ | Cybernews

The GitHub Actions Attack Pattern Your CI Security Scanners Miss

The NCSC wants to build an AI-powered 'Cyber Shield' to protect the UK from hackers – here’s how it’ll work | IT Pro




Vulnerability Management

Most WordPress sites are outdated, and hackers are noticing | Cybernews

Finding vulnerabilities was never the hard part | CyberScoop

The AI vulnerability storm is here: Is your security program ready? | TechTarget

CISA Reportedly Using Anthropic’s Mythos to Scan Government Software for Flaws - SecurityWeek

Vulnerabilities

Microsoft patches RoguePlanet Defender zero-day vulnerability

Microsoft closes book on Nightmare Eclipse's RoguePlanet zero-day

CVE-2026-0287 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing

Palo Alto Networks Patches 13 Vulnerabilities - SecurityWeek

‘100% of Hide My Email addresses were exploitable’: Apple’s security feature can be duped into supplying the real contact info — and the bug has remained unpatched for over a year | TechRadar

ClamAV 1.5.3 Open-Source Antivirus Fixes Multiple Security Vulnerabilities

Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices

Critical Gitea Flaw Under Active Exploitation, Researchers Warn - SecurityWeek

Critical Vulnerability Exposes GitHub Agentic Workflows to Prompt Injection - SecurityWeek

Chrome 150 Update Patches 27 Vulnerabilities - SecurityWeek

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255) - Help Net Security

Critical Linux KVM vulnerability exposes cloud servers to takeover​ | Cybernews

15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros

CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV

Wireshark 4.6.7 patches a dozen security flaws - Help Net Security


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

  • Automotive

  • Construction

  • Critical National Infrastructure (CNI)

  • Defence & Space

  • Education & Academia

  • Energy & Utilities

  • Estate Agencies

  • Financial Services

  • FinTech

  • Food & Agriculture

  • Gaming & Gambling

  • Government & Public Sector (including Law Enforcement)

  • Health/Medical/Pharma

  • Hotels & Hospitality

  • Insurance

  • Legal

  • Manufacturing

  • Maritime & Shipping

  • Oil, Gas & Mining

  • OT, ICS, IIoT, SCADA & Cyber-Physical Systems

  • Retail & eCommerce

  • Small and Medium Sized Businesses (SMBs)

  • Startups

  • Telecoms

  • Third Sector & Charities

  • Transport & Aviation

  • Web3


Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.

Next
Next

Black Arrow Cyber Threat Intelligence Briefing 03 July 2026