Black Arrow Cyber Threat Intelligence Briefing 12 December 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
With our sights on the New Year, our review this week looks at cyber security in 2026 and the risks that we all need to manage. Without doubt, AI is a major factor in that, both when used by organisations without a defined security policy as well as when used maliciously by attackers as described below. There are also some interesting insights from an analysis of cyber insurance claims in our review this week, and we include news of new tactics by attackers through mobile devices and social engineering.
We are clear that cyber security requires business leaders to understand current risks, and to implement aligned controls across people, operations and technology. The evolution of AI and other risks in 2026 further reinforces the need for this business-wide approach, supported by a CISO that can translate between technology and business management. Proportionality is always a key consideration, balancing cost and effectiveness. Contact us to see how to achieve this through a pragmatic and commercially aligned strategy.
Top Cyber Stories of the Last Week
Human-Centric Cyber Risks Surge as AI Enters the Workforce, Report Finds
Research highlights a sharp rise in incidents linked to human behaviour as AI becomes embedded in daily work. Organisations report significant growth in email-driven attacks, social engineering, unsafe behaviour, and mistakes. AI-related incidents and deepfake-enabled fraud are increasing, while shadow AI usage is expanding as employees turn to unsanctioned tools, weakening visibility and control over data and decision-making.
Trend Micro Issues Warning Over Rise of 'Vibe Crime' as Cyber Criminals Turn to Agentic AI to Automate Attacks
Trend Micro warns that so-called vibe crime will accelerate cyber crime by enabling autonomous, end-to-end attack chains powered by agentic AI. Rather than sudden spikes, organisations should expect persistent background activity that scales without human oversight. This evolution reframes cybercrime-as-a-service into a model where AI performs continuous reconnaissance, phishing, fraud, and exploitation.
Source: https://www.itpro.com/security/cyber-crime/trend-micro-vibe-crime-agentic-ai-cyber-crime
What the Rise in Cyber Insurance Claims Reveals About the Vulnerability of UK Businesses
UK cyber insurance claims have surged, reflecting both rising threat activity and weaknesses created by outsourcing, poor oversight, and complex supply chains. Cost-driven decisions can reduce visibility and weaken access controls, increasing exposure. Higher premiums alone are unlikely to fix the problem, with current payouts seen as an early warning of deeper systemic risk without stronger controls and better risk maturity.
Source: https://www.techmonitor.ai/comment-2/cyber-insurance-uk-vulnerabilities?cf-view
Nearly Two-Thirds of Organisations to Increase Cyber Security Investments in 2026: Marsh
Marsh reports that most organisations plan to increase cyber security spending, with many expecting significant budget rises. Third-party risk is a major driver, as a large proportion experienced at least one material supplier-related cyber incident in the past year. UK organisations show particularly strong intent to increase investment to address exposure and resilience gaps.
When It Comes to Security Resilience, Cheaper Isn’t Always Better
Cost-focused procurement can undermine cyber resilience by increasing dependency on fragile suppliers and underinvested controls. Savings achieved through cheaper vendors can be quickly erased by incidents such as ransomware, service disruption, or third-party data compromise. The article argues for procurement incentives that prioritise resilience and continuity, treating cyber security as a core business survival issue rather than a compliance cost.
Cyber Threats Are Evolving Fast - Is Your Leadership Keeping Up?
Effective cyber security depends on leadership, governance, and organisational culture, not just technology. Incidents damage trust, reputation, and revenue, while early executive response often determines the scale of impact. The article stresses the importance of senior ownership, clear communication, and disciplined programme management to translate cyber strategy into consistent, operational outcomes.
A Tale of Two CISOs: Why An Engineering-Focused CISO Can Be a Liability
An engineering-led approach to cyber security can create blind spots by assuming strong preventative controls are sufficient. Risk often shifts into overlooked areas such as permissions, pipelines, and operational processes. A more effective model assumes failure, focuses on limiting blast radius, rehearses response, and aligns people, process, and technology under strong governance.
Source: https://www.darkreading.com/cyber-risk/why-an-engineering-focused-ciso-can-be-a-liability
Why Small Businesses Can’t Afford to Overlook Cyber Security This Peak Season
Peak retail periods attract heightened attacker activity as transaction volumes rise. Phishing, ransomware, and malware campaigns intensify, with seasonal lures proving highly effective. For small businesses, cyber security failures can disrupt sales, expose customer data, and trigger recovery costs, making basic protections essential to protecting revenue during critical trading periods.
New DroidLock Malware Locks Android Devices and Demands a Ransom
DroidLock is a newly identified Android threat that locks devices and demands payment while harvesting sensitive data including messages, contacts, call logs, and recordings. The malware can be remotely controlled and can wipe data or steal lock patterns. Campaigns target Spanish-speaking users and spread through malicious sites offering fake apps that request extensive permissions.
Push Security Uncovers “ConsentFix”: A New Class of Browser-Native Phishing Attack
ConsentFix blends social engineering with open authorisation (OAuth) consent abuse to enable account takeover without requiring traditional login credentials. By operating entirely within the browser and targeting trusted first-party applications, the technique can bypass MFA and endpoint controls. Distribution through search results further reduces reliance on email-based phishing, complicating detection.
Report Surfaces Multiple Novel Social Engineering Tactics and Techniques
Threat researchers report attackers using increasingly creative social engineering techniques to evade controls and deliver malware. Campaigns include legal-themed emails, fake government sites, malicious SVG files, and counterfeit software updates. Information-stealing malware dominates observed threats, while a notable proportion of malicious emails bypass gateway scanning.
EU Leaders to Push Defence Readiness Amid Russia ‘Hybrid Attack’ Warnings
EU leaders will use the December European Council summit to accelerate defence cooperation, boost weapons production for Ukraine, and strengthen protection against cyber and drone attacks. Draft conclusions warn of an intensified hybrid campaign by Russia and Belarus and call for faster resilience measures, shared military capabilities, and new funding. Leaders will also debate long-term support for Ukraine through at least 2027, including use of frozen Russian assets.
Governance, Risk and Compliance
When it comes to security resilience, cheaper isn’t always better | CSO Online
Why small businesses can’t afford to overlook cybersecurity this peak season - Raconteur
Why An Engineering-Focused CISO Can Be a Liability
Are we mistaking regulation for resilience? | Computer Weekly
“Cyber Tax” Warning as Two-Fifths of SMBs Raise Prices After Breach - Infosecurity Magazine
Resilience is the new currency | Professional Security Magazine
Cyber Threats Are Evolving Fast — Are You Keeping Up?
Need for 'attacking mindset' as major cyber hacks up 50 per cent | In Cumbria
Cybersecurity Threats and AI Disruptions Top Concerns for IT Leaders in 2026, Veeam Survey Finds
CISOs are spending big and still losing ground - Help Net Security
Global Cyber Alliance Identifies Five Cybersecurity Forces That Defined 2025 - And Will Shape 2026
Cybersecurity Leaders Put Data Protection and Response at the Top of the 2026 Agenda.
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Payments Surpassed $4.5 Billion: US Treasury - SecurityWeek
Researchers spot 700 percent increase in hypervisor attacks • The Register
Cyber insurance claims in 2024 tripled. UK firms are vulnerable
New DroidLock malware locks Android devices and demands a ransom
Ransomware keeps widening its reach - Help Net Security
Banks paid $370M in ransoms to cybercriminals in 2024 | American Banker
Ransomware IAB abuses EDR for stealthy malware execution
Packer-as-a-Service Shanya Hides Ransomware, Kills EDR
DeadLock Ransomware Uses BYOVD to Evade Security Measures - Infosecurity Magazine
Ransomware Targeting Hyper-V and VMware ESXi Surges as Akira Group Exploits System Vulnerabilities
Akira ransomware: FBI tallies 250 million in payouts – DataBreaches.Net
Ransomware Victim Warning: The Streisand Effect May Apply
Russian hackers debut simple ransomware service • The Register
Ransomware gangs turn to Shanya EXE packer to hide EDR killers
Contractors with hacking records accused of wiping 96 govt databases
FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms
Industrial ransomware attacks rise sharply in Q3 2025
UK ransomware payment ban could ‘significantly shift’ cyber market :: Insurance Day
Ransomware Victims
Banks paid $370M in ransoms to cybercriminals in 2024 | American Banker
NHS taking legal action after patient and staff data stolen in cyber attack | The Independent
Barts Health NHS discloses data breach after Oracle zero-day hack
Industrial ransomware attacks rise sharply in Q3 2025
Cyber attack chaos ahead of Christmas | Westminster Extra
UK Hospital Asks Court to Stymie Ransomware Data Leak
HSE offers €750 to victims of 2021 cyberattack which affected 90,000 people | Irish Independent
Phishing & Email Based Attacks
How phishers hide banking scams behind free Cloudflare Pages | Malwarebytes
New Spiderman phishing service targets dozens of European banks
Novel clickjacking attack relies on CSS and SVG • The Register
AI Is Driving a Shift in Targeted Email Attacks
Other Social Engineering
Push Security Uncovers “ConsentFix”: A New Class of Browser-Native Phishing Attack
Novel clickjacking attack relies on CSS and SVG • The Register
Global Scams, From Southeast Asia's Pig Butchering to Russia's 'Black Widows'
New Vishing Attack Leverages Microsoft Teams Call and QuickAssist to Deploy .NET Malware
ClickFix Style Attack Uses Grok, ChatGPT for Malware Delivery
ClickFix Social Engineering Sparks Rise of CastleLoader Attacks - Infosecurity Magazine
Report Surfaces Multiple Novel Social Engineering Tactics and Techniques - Security Boulevard
Imposter for hire: How fake people can gain very real access | Microsoft Security Blog
Hackers posed as law enforcement to gain Apple Account data
FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms
Crims using social media images in virtual kidnapping scams • The Register
Fraud, Scams and Financial Crime
Global Scams, From Southeast Asia's Pig Butchering to Russia's 'Black Widows'
How phishers hide banking scams behind free Cloudflare Pages | Malwarebytes
Key barrier to online fraud can be bypassed for pennies, say researchers - CNA
California man admits role in $263 million cryptocurrency theft that funded lavish lifestyle
Myanmar's army says it wants to eradicate scam compounds. Is it really doing that? - BBC News
Scam-Busting FCA Firm Checker Tool Given Cautious Welcome - Infosecurity Magazine
‘Report fraud’ service replaces Action Fraud as UK’s official reporting portal
Artificial Intelligence
Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks
Block all AI browsers for the foreseeable future: Gartner • The Register
UK cyber agency warns LLMs will always be vulnerable to prompt injection | CyberScoop
New Prompt Injection Attack via Malicious MCP Servers Let Attackers Drain Resources
OpenAI warns new models pose 'high' cybersecurity risk - CNA
Human-Centric Cyber Risks Surge as AI Enters the Workforce, Report Finds - IT Security Guru
Exclusive | AI Hackers Are Coming Dangerously Close to Beating Humans - WSJ
ClickFix Style Attack Uses Grok, ChatGPT for Malware Delivery
Cybersecurity Threats and AI Disruptions Top Concerns for IT Leaders in 2026, Veeam Survey Finds
NVIDIA research shows how agentic AI fails under attack - Help Net Security
UK NCSC Raises Alarms Over Prompt Injection Attacks - Infosecurity Magazine
LLMs are everywhere in your stack and every layer brings new risk - Help Net Security
Ignoring AI in the threat chain could be a costly mistake, experts warn | CSO Online
Cyber experts warn AI will accelerate attacks and overwhelm defenders in 2026 - BetaNews
AI is accelerating cyberattacks. Is your network prepared?
Latest macOS malware uses trusted search & AI to dupe users
Copilot's No Code AI Agents Liable to Leak Company Data
AI Is Driving a Shift in Targeted Email Attacks
The AMOS infostealer is piggybacking ChatGPT's chat-sharing feature | Kaspersky official blog
It's time to revamp IT security to deal with AI
OpenAI user data was breached, but changing your password won't help - here's why | ZDNET
Tehran and Moscow sign deal on AI, cybersecurity | Iran International
Police Admit AI Surveillance Panopticon Still Has Issues With "Some Demographic Groups"
Brussels attacks Google for ‘unfairly harvesting’ web and YouTube content for AI
Privacy concerns raised as Grok AI found to be a stalker's best friend
Trump Signs Executive Order to Block State AI Regulations - SecurityWeek
AML/CFT/Money Laundering/Terrorist Financing/Sanctions
Predator Spyware Maker Intellexa Evades Sanctions - Infosecurity Magazine
Britain sanctions Russian, Chinese entities over disinfo, cyber threats - CNA
2FA/MFA
Death to one-time text codes: Passkeys are the new hotness • The Register
Android Warning—New Attack Unlocks Your Phone And Steals Your Texts
Malware
Wide Range of Malware Delivered in React2Shell Attacks - SecurityWeek
ClickFix Style Attack Uses Grok, ChatGPT for Malware Delivery
Latest macOS malware uses trusted search & AI to dupe users
New Vishing Attack Leverages Microsoft Teams Call and QuickAssist to Deploy .NET Malware
ClickFix Social Engineering Sparks Rise of CastleLoader Attacks - Infosecurity Magazine
Ransomware IAB abuses EDR for stealthy malware execution
Packer-as-a-Service Shanya Hides Ransomware, Kills EDR
DeadLock Ransomware Uses BYOVD to Evade Security Measures - Infosecurity Magazine
Information stealers are on the rise, are you at risk? | Cyber.gov.au
Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure
Threat Actors Poisoning SEO Results to Attack Organizations With Fake Microsoft Teams Installer
Malicious Microsoft VS Code extensions steal data | Cybernews
'PyStoreRAT' malware uses fake developer tools on GitHub to infect Windows systems - SiliconANGLE
NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
The AMOS infostealer is piggybacking ChatGPT's chat-sharing feature | Kaspersky official blog
Threat Actors Deploying CoinMiner Malware via USB Drives Infecting Workstations
Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT
Malicious VSCode extensions on Microsoft's registry drop infostealers
Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data
MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign
New Mirai Botnet Variant 'Broadside' Actively Attacking Users in the Wild
Bots/Botnets
Bots, bias, and bunk: How to tell what's real on the net • The Register
Analysts Warn of Cybersecurity Risks in Humanoid Robots
'Botnets in physical form' are top humanoid robot risk • The Register
New 'Broadside' Botnet Poses Risk to Shipping Companies - SecurityWeek
New Mirai Botnet Variant 'Broadside' Actively Attacking Users in the Wild
Mobile
New DroidLock malware locks Android devices and demands a ransom
Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features
New malware turns trusted banking apps into phone hijacking tools — how to stay safe | Tom's Guide
Android Warning—New Attack Unlocks Your Phone And Steals Your Texts
ClayRat Android Spyware Expands Capabilities - Infosecurity Magazine
Uneven regulatory demands expose gaps in mobile security - Help Net Security
Internet of Things – IoT
Porsche panic in Russia as cars mysteriously bricked • The Register
Should you be afraid of smart home hacking? 6 ways experts keep their devices protected | ZDNET
Porsche outage in Russia serves as a reminder of the risks in connected vehicle security
Data Breaches/Leaks
Copilot's No Code AI Agents Liable to Leak Company Data
OpenAI user data was breached, but changing your password won't help - here's why | ZDNET
Spain arrests teen who stole 64 million personal data records
NHS taking legal action after patient and staff data stolen in cyber attack | The Independent
US military contractor breach expose employee data | Cybernews
Over 10,000 Docker Hub images found leaking credentials, auth keys
PSNI officer 'felt fear and disbelief' after data breach - BBC News
Users report chaos as Legal Aid Agency stumbles back online • The Register
Contractors with hacking records accused of wiping 96 govt databases
Coupang CEO Resigns Following Major Data Breach Exposing 34 Million Customers - IT Security Guru
Hospice Firm, Eye Care Practice Notifying 520,000 of Hacks
Hackers claim Volkswagen dealer data is for sale | Cybernews
One of Sudan’s last flying airlines breached, say hackers | Cybernews
Organised Crime & Criminal Actors
Global Scams, From Southeast Asia's Pig Butchering to Russia's 'Black Widows'
European cops arrest 193 'violence-as-a-service' suspects • The Register
Contractors with hacking records accused of wiping 96 govt databases
Ex-teen hackers warn parents are clueless as children steal ‘millions’ – DataBreaches.Net
National cybercrime network operating for 14 years dismantled in Indonesia | TechRadar
How old is the average hacker? What does a new research report suggest? (1) – DataBreaches.Net
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
California man admits role in $263 million cryptocurrency theft that funded lavish lifestyle
Threat Actors Deploying CoinMiner Malware via USB Drives Infecting Workstations
Insider Risk and Insider Threats
Human-Centric Cyber Risks Surge as AI Enters the Workforce, Report Finds - IT Security Guru
Insurance
Cyber insurance claims in 2024 tripled. UK firms are vulnerable
UK ransomware payment ban could ‘significantly shift’ cyber market :: Insurance Day
Supply Chain and Third Parties
NHS taking legal action after patient and staff data stolen in cyber attack | The Independent
Barts Health NHS discloses data breach after Oracle zero-day hack
UK Hospital Asks Court to Stymie Ransomware Data Leak
Software Supply Chain
'PyStoreRAT' malware uses fake developer tools on GitHub to infect Windows systems - SiliconANGLE
Malware Discovered in 19 Visual Studio Code Extensions - Infosecurity Magazine
Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data
Cloud/SaaS
New Vishing Attack Leverages Microsoft Teams Call and QuickAssist to Deploy .NET Malware
NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
Swiss Government Sounds The Alarm Bell Over Cloud Storage Security Risks
US charges former Accenture employee with misleading feds on cloud platform’s security - Nextgov/FCW
Microsoft investigates Copilot outage affecting users in Europe
Outages
Cloudflare Outage Caused by React2Shell Mitigations - SecurityWeek
Microsoft investigates Copilot outage affecting users in Europe
Porsche outage in Russia serves as a reminder of the risks in connected vehicle security
Encryption
CISOs Should Be Asking These Quantum Questions Today
Passwords, Credential Stuffing & Brute Force Attacks
New wave of VPN login attempts targets Palo Alto GlobalProtect portals
Over 10,000 Docker Hub images found leaking credentials, auth keys
Death to one-time text codes: Passkeys are the new hotness • The Register
Social Media
EU fines X $140 million over deceptive blue checkmarks
Regulations, Fines and Legislation
Portugal updates cybercrime law to exempt security researchers
UK finally vows to look at 35-year-old Computer Misuse Act • The Register
Are we mistaking regulation for resilience? | Computer Weekly
Briefing: Online Safety Act Parliamentary Petition Debate | Open Rights Group
What 35 years of privacy law say about the state of data protection - Help Net Security
EU fines X $140 million over deceptive blue checkmarks
Defense bill addresses secure phones, AI training, cyber troop mental health | CyberScoop
UK.gov rejects £1.8B digital ID cost, offers no alternative • The Register
Porn company starts new age checks after £1m fine - BBC News
UK Cyber Security and Resilience Bill: pragmatic overhaul or regulatory overload? | Osborne Clarke
UK ransomware payment ban could ‘significantly shift’ cyber market :: Insurance Day
Uneven regulatory demands expose gaps in mobile security - Help Net Security
Trump Signs Executive Order to Block State AI Regulations - SecurityWeek
‘Report fraud’ service replaces Action Fraud as UK’s official reporting portal
UK ICO Demands “Urgent Clarity” on Facial Recognition Bias Claims - Infosecurity Magazine
Models, Frameworks and Standards
OWASP Project Publishes List of Top Ten AI Agent Threats - Security Boulevard
NIST Plans to Build Threat and Mitigation Taxonomy for AI Agents - Security Boulevard
Porn company starts new age checks after £1m fine - BBC News
Briefing: Online Safety Act Parliamentary Petition Debate | Open Rights Group
Data Protection
What 35 years of privacy law say about the state of data protection - Help Net Security
Cybersecurity Leaders Put Data Protection and Response at the Top of the 2026 Agenda.
Careers, Roles, Skills, Working in Cyber and Information Security
Why An Engineering-Focused CISO Can Be a Liability
Why Losing One Security Engineer Can Break Your Defences | SC Media UK
88% of Cybersecurity Professionals Impacted by Skills Gap
Law Enforcement Action and Take Downs
European cops arrest 193 'violence-as-a-service' suspects • The Register
UK ICO Demands “Urgent Clarity” on Facial Recognition Bias Claims - Infosecurity Magazine
US charges former Accenture employee with misleading feds on cloud platform’s security - Nextgov/FCW
California man admits role in $263 million cryptocurrency theft that funded lavish lifestyle
National cybercrime network operating for 14 years dismantled in Indonesia | TechRadar
Spain arrests teen who stole 64 million personal data records
Myanmar's army says it wants to eradicate scam compounds. Is it really doing that? - BBC News
Poland charges Ukrainians found in possession of hacking equipment | Notes From Poland
US extradites Ukrainian accused of hacking for Russia • The Register
Misinformation, Disinformation and Propaganda
Key barrier to online fraud can be bypassed for pennies, say researchers - CNA
Bots, bias, and bunk: How to tell what's real on the net • The Register
UK on frontline of new information war as Russia floods social media with fake videos - The Mirror
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
NATO prepares for hybrid threats: Alliance Commander-in-Chief reveals details | УНН
Chinese cyberspies target VMware vSphere for long-term persistence | CSO Online
Minister to issue sobering warning about Putin's 'cyber army' in the UK | News UK | Metro News
UK calls on Europe to counter Russia's expanding info wars • The Register
When Do Cyber Campaigns Cross a Line? | Lawfare
EU leaders to push defense readiness amid Russia ‘hybrid attack’ warnings – POLITICO
UK launches hybrid fighting force to secure undersea cables • The Register
How Europe can turn the tide on Russia's underwater warfare
China using cyber weapons for societal havoc, chaos in US | The Jerusalem Post
Ukraine’s wartime experience provides blueprint for infrastructure protection - Atlantic Council
Nation State Actors
Have you been targeted by state-sponsored hackers? Apple, Google issue fresh alerts | Cybernews
China
Chinese cyberspies target VMware vSphere for long-term persistence | CSO Online
Britain sanctions Russian, Chinese entities over disinfo, cyber threats - CNA
React2Shell Vulnerability Under Attack From China-Nexus Groups
2 Men Linked to China’s Salt Typhoon Hacker Group Likely Trained in a Cisco ‘Academy’ | WIRED
Trump prioritizing trade with China over cyber war, Salt Typhoon goes unpunished | Cybernews
China using cyber weapons for societal havoc, chaos in US | The Jerusalem Post
As White House moves to send AI chips to China, Trump’s DOJ prosecutes chip smugglers | CyberScoop
China’s Intelligence Chief Outlines Hardline Five-Year Security Plan - StratNews Global
Russia
Russia’s hybrid warfare puts Europe to the test
Britain sanctions Russian, Chinese entities over disinfo, cyber threats - CNA
NATO prepares for hybrid threats: Alliance Commander-in-Chief reveals details | УНН
Minister to issue sobering warning about Putin's 'cyber army' in the UK | News UK | Metro News
EU leaders to push defense readiness amid Russia ‘hybrid attack’ warnings – POLITICO
UK launches hybrid fighting force to secure undersea cables • The Register
How Europe can turn the tide on Russia's underwater warfare
Ukraine’s wartime experience provides blueprint for infrastructure protection - Atlantic Council
US extradites Ukrainian accused of hacking for Russia • The Register
Tehran and Moscow sign deal on AI, cybersecurity | Iran International
Harbadus attacks Andvaria: cyber war game tests Nato defences against Russia | Nato | The Guardian
Cyber Attack on Reporters Without Borders Linked to Russian Security Services
US Warns of Ongoing Pro-Russia Critical Infrastructure Hacks
Porsche outage in Russia serves as a reminder of the risks in connected vehicle security
Aeroflot hack explained: report says infrastructure was nearly destroyed | Cybernews
Cyberattack Reportedly Paralyzes Russia’s Military Registration Database - The Moscow Times
Iran
US Posts $10 Million Bounty for Iranian Hackers - SecurityWeek
Tehran and Moscow sign deal on AI, cybersecurity | Iran International
MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign
North Korea
React2Shell Exploit Campaigns Tied to North Korean Cyber Tactics - Infosecurity Magazine
North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks
Imposter for hire: How fake people can gain very real access | Microsoft Security Blog
Lazarus Group: The $2.1 Billion Cyber Threat and Your Defense Strategy - Security Boulevard
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Danish intelligence classifies Trump’s America as a security risk – POLITICO
Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery
Predator Spyware Maker Intellexa Evades Sanctions - Infosecurity Magazine
Apple, Google Send New Round of Cyber Threat Notifications to Users
Tools and Controls
Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks
Block all AI browsers for the foreseeable future: Gartner • The Register
Researchers spot 700 percent increase in hypervisor attacks • The Register
Ransomware Targeting Hyper-V and VMware ESXi Surges as Akira Group Exploits System Vulnerabilities
When it comes to security resilience, cheaper isn’t always better | CSO Online
Briefing: Online Safety Act Parliamentary Petition Debate | Open Rights Group
New wave of VPN login attempts targets Palo Alto GlobalProtect portals
Ransomware IAB abuses EDR for stealthy malware execution
Packer-as-a-Service Shanya Hides Ransomware, Kills EDR
DeadLock Ransomware Uses BYOVD to Evade Security Measures - Infosecurity Magazine
NVIDIA research shows how agentic AI fails under attack - Help Net Security
Resilience is the new currency | Professional Security Magazine
CISOs are spending big and still losing ground - Help Net Security
US charges former Accenture employee with misleading feds on cloud platform’s security - Nextgov/FCW
Are we mistaking regulation for resilience? | Computer Weekly
Ransomware gangs turn to Shanya EXE packer to hide EDR killers
MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations - SecurityWeek
Harbadus attacks Andvaria: cyber war game tests Nato defences against Russia | Nato | The Guardian
15 years in, zero trust remains elusive — with AI rising to complicate the challenge | CSO Online
Reports Published in the Last Week
Human-Centric Cyber Risks Surge as AI Enters the Workforce, Report Finds - IT Security Guru
Other News
The hidden dynamics shaping who produces influential cybersecurity research - Help Net Security
Analysts Warn of Cybersecurity Risks in Humanoid Robots
'Botnets in physical form' are top humanoid robot risk • The Register
Need for 'attacking mindset' as major cyber hacks up 50 per cent | In Cumbria
Porn Is Being Injected Into Government Websites Via Malicious PDFs
National Crime Agency leaflet given to pupils linked to 'explicit sexual content' - BBC News
Surviving system meltdowns and cyber attacks - Monevator
Cybersecurity’s New Power Dynamics | Goodwin - JDSupra
‘Report fraud’ service replaces Action Fraud as UK’s official reporting portal
How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?
Cyber risk is the most pressing threat to Irish businesses
Fire Stick users receive warning message while illegally streaming as crackdown begins
Aeroflot hack explained: report says infrastructure was nearly destroyed | Cybernews
Why Singapore remains cautious over naming state actors in cyber-attacks - Yahoo News Singapore
Vulnerability Management
Why bug bounty schemes have not led to secure software | Computer Weekly
MITRE shares 2025's top 25 most dangerous software weaknesses
Vulnerabilities
North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks
React2Shell Vulnerability Under Attack From China-Nexus Groups
Cloudflare blames Friday outage on borked React2shell fix • The Register
Wide Range of Malware Delivered in React2Shell Attacks - SecurityWeek
Attacks pinned to critical React2Shell defect surge, surpass 50 confirmed victims | CyberScoop
Microsoft Patches 57 Vulnerabilities, Three Zero-Days - SecurityWeek
Microsoft releases Windows 10 KB5071546 extended security update
Intel, AMD Processors Affected by PCIe Vulnerabilities - SecurityWeek
React2Shell Exploit Campaigns Tied to North Korean Cyber Tactics - Infosecurity Magazine
Intel, AMD Processors Affected by PCIe Vulnerabilities - SecurityWeek
Ivanti Security Update: Patch for Code Execution Vulnerabilities in Endpoint Manager
Adobe Patches Nearly 140 Vulnerabilities - SecurityWeek
Google fixes eighth Chrome zero-day exploited in attacks in 2025
Google Patches Mysterious Chrome Zero-Day Exploited in the Wild - SecurityWeek
Google Fixes Gemini Enterprise Flaw That Exposed Corporate Data - Infosecurity Magazine
Microsoft won’t fix .NET RCE bug affecting enterprise apps • The Register
This 30-year-old app is somehow still one of the biggest security risks on Windows
IBM Patches Over 100 Vulnerabilities - SecurityWeek
Microsoft Outlook Vulnerability Let Attackers Execute Malicious Code Remotely
Maximum-severity XXE vulnerability discovered in Apache Tika
Apache warns of 10.0-rated flaw in Tika metadata toolkit • The Register
Fortinet warns of critical FortiCloud SSO login auth bypass flaws
SAP fixes three critical vulnerabilities across multiple products
Firefox 146 adds Windows backup, improved privacy, and security fixes | PCWorld
Critical Gogs zero-day under attack, 700 servers hacked
Hackers Actively Exploiting ArrayOS AG VPN Vulnerability to Deploy Webshells
Hackers abuse Notepad++ updater | Cybernews
Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups
Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks - SecurityWeek
700+ self-hosted Git instances battered in 0-day attacks • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.