Black Arrow Cyber Threat Intelligence Briefing 12 June 2026
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Many organisations are exploring and using AI in different forms, from generative AI used by employees to agentic AI embedded within business processes. To help business leaders adopt these technologies safely, we have included a selection of insights from specialist and general media covering the cyber security risks associated with AI and approaches to managing them.
These consider concerns raised by regulators, insurers and cyber security specialists. Key observations include the importance of effective AI governance, and appropriate access controls, monitoring and accountability, particularly where AI agents have access to business systems and data. The articles also highlight the growing challenge of Shadow AI, where employees use unapproved AI tools without organisational oversight.
We also consider wider cyber security risks and the importance of board-level governance, which includes ensuring cyber risks are communicated in clear business terms and that boards have sufficient understanding of cyber security to provide effective oversight and challenge. Contact us to discuss how we support organisations of all sizes and sectors to achieve this in a proportionate manner.
Top Cyber Stories of the Last Week
AI Risk Worries Insurers and Businesses Alike
AI adoption is accelerating faster than many organisations can govern it, creating uncertainty for both businesses and insurers. Deloitte found that while 60% of workers have access to approved AI tools, and 74% of companies plan to deploy agentic AI, only 21% have mature AI governance in place. Some insurers are already excluding AI-caused damage from traditional policies, making it important for businesses to understand whether cyber insurance, technology errors and omissions, or other cover would respond to incidents involving AI-related data breaches, fraud, business disruption or operational errors.
https://www.darkreading.com/cyber-risk/ai-risk-worries-insurers-businesses-alike
UK Regulator Warns AI Cyber Risks Pose Top Banking Threat
The UK’s financial services regulator, PRA, has warned that AI-enabled cyber security threats are now among the most significant emerging risks facing UK banks. The concern is that increasingly capable AI tools could help hostile actors identify vulnerabilities in bank technology systems, increasing pressure on organisations to strengthen and accelerate cyber security activities. The regulator is urging banks to speed up software updates, identify higher-risk open-source components and give cyber security greater priority within technology programmes. The warning comes as geopolitical tensions increase and regulators themselves redirect resources towards technology and AI capability.
https://www.fstech.co.uk/fst/UK_Regulator_Warns_AI_Cyber_Risks_Pose_Top_Banking_Threat.php
Your AI Agent Could Become Your Biggest Insider Threat
New research from DTEX highlights how AI agents could create a growing insider risk as they become embedded into everyday business systems. Tests showed that simple prompts could prepare sensitive data for removal in as little as 10 to 30 minutes, using access to tools such as Outlook, Salesforce, SharePoint and OneDrive. The concern is not a software flaw, but weak governance, limited monitoring and excessive access. Without appropriate access controls, monitoring, prompt auditing and governance, organisations may struggle to determine how a data breach occurred or whether it resulted from employee error, malicious instructions or the actions of an AI agent.
https://cyberscoop.com/ai-agent-insider-threat-cybersecurity-dtex/
This New AI-Powered Worm Spreads Itself and Adapts in Real Time — Here’s How to Stop It
University of Toronto researchers have developed a proof-of-concept AI-powered worm that can spread across connected devices, assess targets and adapt its approach in real time. Unlike traditional malware, which typically follows fixed instructions, a worm can move between connected devices without user action. This research shows how publicly available AI tools could enable malware to analyse targets, select known weaknesses and continue spreading without human intervention. The study reinforces the importance of multi-factor authentication, secure passwords for connected devices, network segregation for smart devices where appropriate, and timely software updates to reduce the risk from emerging AI-enabled threats.
AI Is Helping Low-Skill Hackers Pull Off Advanced Cyberattacks
Anthropic has reported rising misuse of AI in malicious cyber activity, after banning 832 accounts linked to harmful activity between March 2025 and March 2026. Its analysis found 13,873 attacker actions across all major stages of a cyber attack. Most usage involved preparation, such as developing malicious software, but AI was also used to support more advanced activity inside compromised networks. The findings suggest AI is enabling less sophisticated actors to perform activities that were previously limited to attackers with more advanced technical skills, with medium and high-risk actors rising from 33% to 56% during the study period.
https://www.helpnetsecurity.com/2026/06/05/anthropic-ai-cyber-activity-analysis/
84% of Organisations Hit by Digital Risk Incidents Last Year. Most Can't Detect an AI-Generated Attack.
A survey by Outtake reports that nearly seven in ten organisations described their digital risk capabilities as unaware, reactive or still developing, and 84% experienced significant digital risk incidents in the past year. The findings point to a growing business risk, with 53% citing manual remediation as the biggest cost, ahead of direct fraud losses. AI is adding further pressure, as 44% said AI-generated attacks are now indistinguishable from legitimate activity, while 96% lack automated controls to stop a compromised AI tool. Employee and executive impersonation also remain a major concern.
Frontline Workers Twice as Likely to Use Unapproved AI
Mitel research has found a growing gap between AI adoption and employee support, increasing the risk of Shadow AI, where staff use unapproved tools without oversight. Its global survey of 2,000 IT decision-makers and workers found 52% regularly use AI, but only 33% feel very comfortable doing so and 66% say their organisation does not adequately support AI use. Half of workers use unapproved AI tools, highlighting the growing challenge of Shadow AI and creating concerns around data protection, compliance and misleading outputs. Frontline workers face the highest pressure, with 71% forced to work around poorly suited communication systems.
https://www.itsecurityguru.org/2026/06/04/frontline-workers-twice-as-likely-to-use-unapproved-ai/
Hackers Getting an Easy Ride: Misconfigured Cloud Settings Behind Growing Number of Data Breaches
The Dutch National Cyber Security Centre has warned that poorly configured cloud systems are contributing to a growing number of data breaches. Recent incidents show that attackers are often gaining access not by exploiting technical flaws, but by finding cloud environments where permissions or access settings have been left too open. Criminal groups are using automated tools to scan for these mistakes at scale, making weak cloud configuration a business risk as well as a technical issue. Organisations should maintain clear oversight of cloud platforms, access rights and administrator accounts, while using multi-factor authentication to reduce exposure.
https://cybernews.com/security/hackers-misconfigured-cloud-settings-data-breach/
Cyber Security Software Fails to Detect Fifth of Browser-Based Phishing Attacks
Menlo Security has warned that browser-based phishing is bypassing many traditional cyber security tools, with one in five phishing attacks targeting enterprise browser users going undetected. Based on millions of browser sessions between January and March 2026, the research highlights how work now routinely happens through browsers, including email, cloud applications, AI assistants and financial systems. Attackers are exploiting this shift by using fake verification prompts, error messages and other social engineering tactics to trick users into taking actions that appear legitimate, helping them avoid detection by security tools that were not designed to operate at the browser session layer.
https://www.infosecurity-magazine.com/news/cybersecurity-fails-to-detect/
How Cyber-Risk Can Fall Flat in the Boardroom
Cyber risk is a growing board-level business issue, beyond a technology concern. Verizon’s 2025 research reviewed 22,000 security incidents and found ransomware in 44% of breaches, third-party involvement in 30% and vulnerability exploitation as an initial access method increasing by 34% year on year. Board engagement is increasing, although fewer than a third of boards include a member with cyber security expertise. Leaders need clear reporting that links cyber risks to financial loss, operational disruption, regulation and customer impact. The findings also raise questions about whether boards have sufficient cyber security expertise to oversee these risks effectively.
https://www.informationweek.com/risk-management/how-cyber-risk-can-fall-flat-in-the-boardroom
Ukraine’s Experience Highlights the Need for Preparation and Resilience in Cyber Security
Ukraine’s wartime experience shows why cyber security preparation and resilience matter for organisations of every size. Former Ukrainian foreign minister Dmytro Kuleba highlighted how planning helped government teams react quickly when invasion disrupted normal operations, including moving servers abroad. The lesson for leaders is that resilience depends on preparation, understanding technology dependencies and the ability to keep operating when disruption becomes sustained rather than temporary.
https://www.infosecurity-magazine.com/news/resilience-perseverance-ukraine/
NCSC Urges Organisations to Shore Up Supply Chain Security Practices
The UK’s NCSC has warned that software supply chain attacks are increasing, with criminals targeting software packages and development ecosystems to spread malicious code. Many modern applications rely on large numbers of third-party components, often updated automatically through software delivery processes with limited human review. This means one compromised package can quickly affect many organisations. Recommended actions include reviewing software dependencies, managing automatic updates, using multi-factor authentication for developer accounts and securing credentials.
https://www.itpro.com/security/ncsc-urges-organizations-to-shore-up-supply-chain-security-practices
Governance, Risk and Compliance
How cyber-risk can fall flat in the boardroom
NCSC urges organizations to shore up supply chain security practices | IT Pro
SMB cyber-readiness: What makes or breaks it
Cybercriminals: the 'auditors' you never hired
15 tough cybersecurity questions every CISO must answer | CSO Online
Most Security Teams Struggle to Find Time for Training on New Threats - Infosecurity Magazine
Threats
Ransomware, Extortion and Destructive Attacks
Extortion-Only Attacks Increase, With Data Theft Dominating Ransomware - Infosecurity Magazine
The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm
Silent Ransom Group (SRG): Switching To DNS Fast Flux Infrastructure - Security Affairs
New Pink Hacking Group Attacking Enterprise Users to Steal Cloud Storage Passwords
Why schools remain one of cybercriminals' favourite targets
Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks
If you don't fall for these extortionists' calls, they'll show up with USB sticks
Silent Ransom Group Hits US Law Firms in Escalating Attacks
Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks - SecurityWeek
Ransomware and Destructive Attack Victims
Silent Ransom Group targets law firms with fake IT support calls
Nottingham University data breach affects over 450,000 students
Thousands of Essex NHS patient records stolen in cyber attack - BBC News
Qilin NHS breach tally grows as Essex trust confirms stolen records
Cyber attack closes Great Marlow School in Buckinghamshire - BBC News
Qilin claims hack of NY/NJ Shipping Association | Cybernews
Phishing & Email Based Attacks
Security Software Fails to Detect Fifth of Brower Phishing Attacks - Infosecurity Magazine
OpenClaw AI agent found falling for phishing attacks, spills user data
Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands as Phishing Lures to Steal Credentials
Interpol Dismantles SniperDz Phishing-as-a-Service Platform - Infosecurity Magazine
Other Social Engineering
Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands as Phishing Lures to Steal Credentials
Silent Ransom Group targets law firms with fake IT support calls
Got a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5
Remote Worker Fraud: A Growing Risk for Employers and Government Contractors | Ice Miller - JDSupra
Teams and Google Drive Leveraged to Compromise Systems Within 20 Minutes
Cybercriminals create 19,000 FIFA-themed domains ahead of 2026 World Cup - Help Net Security
Suspected Norks send 250+ fake dev job pitches to steal crypto
AML/CFT/Money Laundering/Terrorist Financing/Sanctions
Artificial Intelligence
AI is helping low-skill hackers pull off advanced cyberattacks - Help Net Security
AI Risk Worries Insurers and Businesses Alike
Frontline Workers Twice as Likely to Use Unapproved AI - IT Security Guru
Your AI agent could become your biggest insider threat | CyberScoop
Adaptive, Agentic AI Worms Loom as Next Enterprise Threat
This new AI-powered worm spreads itself and adapts in real time — here's how to stop it
UK regulator warns AI cyber risks pose top banking threat - FStech
Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation - SecurityWeek
Infosecurity Europe 2026: AI turbo-charging cyber crime and response | Computer Weekly
Every set of AI guardrails can be broken by the right prompt - Help Net Security
Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands as Phishing Lures to Steal Credentials
Patching Is No Match for Frontier AI, Cyber Expert Warns
Can we trust the systems we now rely on? - University of Birmingham
Everybody Is Vibe Coding But Nobody Told the Security Team - SecurityWeek
4 Critical Threats Where Attackers Have the Advantage
Meet Hades: The malware that lies to AI security agents | CSO Online
Treat your AI agents like eager but misguided human interns - before you lose control | ZDNET
New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets
OpenClaw AI agent found falling for phishing attacks, spills user data
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI
OpenAI Rolls Out Lockdown Mode to Fight Prompt Injection Attacks
AI Coding Tools Need Built-In Security for Agentic Development Era - Infosecurity Magazine
Information Warfare: Americans And Chinese Both Fear AI
Meta Says 20,000 Instagram Accounts Hacked via AI Tool Abuse - SecurityWeek
Beware the ‘son of Mythos,’ security experts warn | CSO Online
AI Coding Adoption Hits 97% but Governance Lags Behind - Infosecurity Magazine
Ex-CISA CIO Breaks Down Trump's New AI Executive Order
9 out of 10 people can no longer distinguish real from AI-generated content - Help Net Security
Bots/Botnets
China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance
Careers, Roles, Skills, Working in Cyber and Information Security
Most Security Teams Struggle to Find Time for Training on New Threats - Infosecurity Magazine
Cloud/SaaS
Warning: Cloud misconfigurations fuel more data breaches | Cybernews
Threat actors are recruiting the people who hold cloud logins - Help Net Security
Teams and Google Drive Leveraged to Compromise Systems Within 20 Minutes
New Pink Hacking Group Attacking Enterprise Users to Steal Cloud Storage Passwords
Why Microsoft 365 Baseline Security Mode Isn't a Flip Switch
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
New SilabRAT Trojan Hijacks Sessions to Steal Crypto - Infosecurity Magazine
Suspected Norks send 250+ fake dev job pitches to steal crypto
Cyber Crime, Organised Crime & Criminal Actors
Scams now operate like real businesses with budgets and targets - Help Net Security
The prosecution gap: Why cybercrimes go unpunished | TechTarget
The assembly line behind 1.5 million malicious domains - Help Net Security
Cybercriminals: the 'auditors' you never hired
Data Breaches/Leaks
Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks
Dashlane explains how attackers managed to download encrypted password vaults - Ars Technica
Oxford University data pwned again by career platform breach
Nottingham University data breach affects over 450,000 students
France's sovereign messenger Tchap hit by account breach
OnlyFans mega leak reveals 340M user records, hackers claim | Cybernews
Japanese energy firm loses drive with data of 10.9 million clients
4.9 million Wise user records allegedly leaked online | Cybernews
OpenClaw AI agent found falling for phishing attacks, spills user data
Council in UK's City of York outs hundreds of disabled residents with a single email blunder
World Food Programme breach exposes data of 600k vulnerable Gazan families
Debt administrators exposed debt owner client data | Cybernews
174,000 Impacted by Lansing Community College Data Breach - SecurityWeek
Hackers claim Ralph Lauren data breach with 220GB allegedly stolen | Cybernews
Data Protection
CISO's guide to data minimization | TechTarget
Data/Digital Sovereignty
European Union Outlines Plan to Reduce Dependence on American Tech - The New York Times
France's sovereign messenger Tchap hit by account breach
Over 73,000 French govt employees affected in Tchap messenger breach
PYMNTS | EU Procurement Standards Show Vendor Lock-In Is B2B Liability
Denial of Service/DoS/DDoS
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
Encryption
Dashlane explains how attackers managed to download encrypted password vaults - Ars Technica
Windows BitLocker 0-Day Vulnerability Allow Attackers to Bypass Security Feature
Fraud, Scams and Financial Crime
Scams now operate like real businesses with budgets and targets - Help Net Security
The assembly line behind 1.5 million malicious domains - Help Net Security
Remote Worker Fraud: A Growing Risk for Employers and Government Contractors | Ice Miller - JDSupra
Identity theft is turning into a chain reaction for victims - Help Net Security
9 out of 10 people can no longer distinguish real from AI-generated content - Help Net Security
Cybercriminals create 19,000 FIFA-themed domains ahead of 2026 World Cup - Help Net Security
Bitdefender Releases 2026 Global Scam Intelligence Report
Insider Risk and Insider Threats
Frontline Workers Twice as Likely to Use Unapproved AI - IT Security Guru
Your AI agent could become your biggest insider threat | CyberScoop
Insurance
AI Risk Worries Insurers and Businesses Alike
Extortion-Only Attacks Increase, With Data Theft Dominating Ransomware - Infosecurity Magazine
Internet of Things – IoT
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI
New privacy frontier: Europe eyes crackdown on smart glasses – POLITICO
Law Enforcement Action and Take Downs
The prosecution gap: Why cybercrimes go unpunished | TechTarget
Interpol Dismantles SniperDz Phishing-as-a-Service Platform - Infosecurity Magazine
Russian national charged in connection with Void Blizzard espionage campaign | CyberScoop
Dark web Nemesis Market vendor gets 26 years for selling drugs
Linux and Open Source
Two-Thirds of Open Source Community Unaware of Cyber Resilience Act - Infosecurity Magazine
High-severity vulnerability in Linux caused by a single faulty character - Ars Technica
Malware
Adaptive, Agentic AI Worms Loom as Next Enterprise Threat
Researchers build autonomous AI worm that can reason and adapt | TechTarget
Infostealers Turn Millions of Devices Into Credential Theft Machines - SecurityWeek
New SilabRAT Trojan Hijacks Sessions to Steal Crypto - Infosecurity Magazine
Teams and Google Drive Leveraged to Compromise Systems Within 20 Minutes
AI Adoption Creates New Opportunities for Attackers - Infosecurity Magazine
Meet Hades: The malware that lies to AI security agents | CSO Online
Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads w...
GitHub disables Microsoft repos pushing password-stealing malware
Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks - SecurityWeek
Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories
Fake Software Tutorials on TikTok Spread Vidar Stealer - Infosecurity Magazine
OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month - SecurityWeek
Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands as Phishing Lures to Steal Credentials
Chinese APT deploys new malware to keep access to hacked networks
Misinformation, Disinformation and Propaganda
Information Warfare: Americans And Chinese Both Fear AI
Mobile
Organizations can't see much of their mobile AI activity - Help Net Security
WhatsApp says it disrupted new NSO spyware phishing attacks
The security in smartphones is helping send them to landfills - Help Net Security
Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps
Models, Frameworks and Standards
Two-Thirds of Open Source Community Unaware of Cyber Resilience Act - Infosecurity Magazine
EU to take France, Spain to court over cyber law delay – POLITICO
Passwords, Credential Stuffing & Brute Force Attacks
New Pink Hacking Group Attacking Enterprise Users to Steal Cloud Storage Passwords
Dashlane explains how attackers managed to download encrypted password vaults - Ars Technica
Suspected Norks send 250+ fake dev job pitches to steal crypto
The safest password is the one you never type
The NCSC Wants You To Adopt Passkeys: Is It Time To Finally Drop Passwords? | SC Media UK
Regulations, Fines and Legislation
UK regulator warns AI cyber risks pose top banking threat - FStech
EU to take France, Spain to court over cyber law delay – POLITICO
European Union Outlines Plan to Reduce Dependence on American Tech - The New York Times
UK move to filter photos and messages triggers encryption worries for CISOs – Computerworld
Signal attacks UK plan to scan devices for nude images as "mass surveillance" | TechSpot
The AI security race needs accountability, not overregulation | CyberScoop
EU plans one data breach form for all members| Cybernews
Ex-CISA CIO Breaks Down Trump's New AI Executive Order
Cyber Security (Jersey) Law: An overview | Walkers - JDSupra
New privacy frontier: Europe eyes crackdown on smart glasses – POLITICO
Shadow IT
Frontline Workers Twice as Likely to Use Unapproved AI - IT Security Guru
Your AI agent could become your biggest insider threat | CyberScoop
What 2026 DBIR Confirms: Attacks Are Living in the Browser
Social Media
Meta Says 20,000 Instagram Accounts Hacked via AI Tool Abuse - SecurityWeek
Software Supply Chain
GitHub disables Microsoft repos pushing password-stealing malware
Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks - SecurityWeek
Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories
Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer
Supply Chain Attacks Target Open‑Source Packages
Beware software dependencies - NCSC | UKAuthority
Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads w...
4 Critical Threats Where Attackers Have the Advantage
The security questions around Chinese AI coding models in U.S. software - Help Net Security
Supply Chain and Third Parties
NCSC urges organizations to shore up supply chain security practices | IT Pro
Key strategies to benchmark your MSSP: Advice from top security providers | news | MSSP Alert
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
An Invisible Battlefield: Cyberwar Is Reshaping Everyday Life
Iran Signed a Ceasefire — Its Hackers Didn't
Europe Is Preparing for a Cyber War Ukraine Has Already Survived | The Gaze
Iranian group could be labelled national threat under proposed new law - BBC News
UK cracks down on Iran, Russia, North Korea, China cyber ops | Cybernews
Russian national charged in connection with Void Blizzard espionage campaign | CyberScoop
Finland: 4 suspects in sabotage of undersea Estonia cables
NATO's Cyber Approach Needs Change | Lawfare
Ukraine’s foreign minister offer recipe for improved resilience | CSO Online
Tests suggest Russian satellites can jam GPS on a continental scale - Ars Technica
Information Warfare: Americans And Chinese Both Fear AI
Europe is building resilience – but not the kind it needs for war - Friends of Europe
Ukraine’s Experience Highlights the Need for Preparation in Cyber - Infosecurity Magazine
Nation State Actors
UK cracks down on Iran, Russia, North Korea, China cyber ops | Cybernews
China
Former IBM cybersecurity exec accuses company of hiding Chinese hacking breaches
Got a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5
The security questions around Chinese AI coding models in U.S. software - Help Net Security
Chinese APT deploys new malware to keep access to hacked networks
China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance
Information Warfare: Americans And Chinese Both Fear AI
Russia
Russian national charged in connection with Void Blizzard espionage campaign | CyberScoop
Ukraine: Europe's Only Wartime Cyber Defence Laboratory | The Gaze
Ukraine’s foreign minister offer recipe for improved resilience | CSO Online
Tests suggest Russian satellites can jam GPS on a continental scale - Ars Technica
How the FSB cut Russia off from the internet
German agencies warn of Russian cyber threats to weak PV systems | Solar Power News | Renewables Now
North Korea
Remote Worker Fraud: A Growing Risk for Employers and Government Contractors | Ice Miller - JDSupra
Suspected Norks send 250+ fake dev job pitches to steal crypto
Iran
Iran Signed a Ceasefire — Its Hackers Didn't
Iranian group could be labelled national threat under proposed new law - BBC News
Tools and Controls
AI Risk Worries Insurers and Businesses Alike
Why most enterprise security teams would fail a military readiness test | CSO Online
Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation - SecurityWeek
Security Software Fails to Detect Fifth of Brower Phishing Attacks - Infosecurity Magazine
Patching Is No Match for Frontier AI, Cyber Expert Warns
Cybersecurity researchers aren't happy about the guardrails on Anthropic's Fable | TechCrunch
Why patching velocity matters as Claude Mythos supercharges vulnerability discovery | IT Pro
The security questions around Chinese AI coding models in U.S. software - Help Net Security
Dashlane explains how attackers managed to download encrypted password vaults - Ars Technica
Organizations can't see much of their mobile AI activity - Help Net Security
Malware ships with bugs that defenders could use against it - Help Net Security
Most Security Teams Struggle to Find Time for Training on New Threats - Infosecurity Magazine
Most pros have seen AI hallucinations in IT operations - Help Net Security
Everybody Is Vibe Coding But Nobody Told the Security Team - SecurityWeek
AI Coding Tools Need Built-In Security for Agentic Development Era - Infosecurity Magazine
Nightmare Eclipse incident shows the researcher-vendor fights may never fully go away | CyberScoop
52% of direct-to-IP threats are missing from intelligence feeds - Help Net Security
Inside the race to adapt to an AI-powered security world | CyberScoop
Beware the ‘son of Mythos,’ security experts warn | CSO Online
AI Coding Adoption Hits 97% but Governance Lags Behind - Infosecurity Magazine
Alert Fatigue Is Becoming a Security Threat of Its Own - SecurityWeek
The AI security race needs accountability, not overregulation | CyberScoop
Why Microsoft 365 Baseline Security Mode Isn't a Flip Switch
Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It
Reports Published in the Last Week
Other News
Why most enterprise security teams would fail a military readiness test | CSO Online
PYMNTS | EU Procurement Standards Show Vendor Lock-In Is B2B Liability
Is recruitment data a cybercriminal goldmine? | The Global Recruiter
Stop Ignoring Your Router. This Is How to Optimize Privacy - CNET
How a USB-connected speaker can infect a PC without ever being touched - Ars Technica
Cybersecurity Needs Secure Software - Stiftung Wissenschaft und Politik
Exposed Fuel Tank Gauges Under Attack in the US
The Front Door Is Wide Open: What Wealthy Families Don't Know About Cybersecurity - Thrive Global
The new cybersecurity imperative | Expert Views - Business Standard
Building a Digital Fortress: Why Cyber Security Matters More Than Ever - IT Security Guru
Vulnerability Management
Two-Thirds of Open Source Community Unaware of Cyber Resilience Act - Infosecurity Magazine
75% of Firms Deploy Vulnerable Code Amid Pressure on CISOs - Infosecurity Magazine
Patching Is No Match for Frontier AI, Cyber Expert Warns
Why patching velocity matters as Claude Mythos supercharges vulnerability discovery | IT Pro
Hackers Are After the Gaps in Your Vulnerability Program: Here's Their Playbook
CISA tells govt agencies to patch critical exploited flaws in 3 days
Vulnerabilities
Microsoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flaws
Windows BitLocker 0-Day Vulnerability Allow Attackers to Bypass Security Feature
Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
Microsoft patches Exchange Server zero-day exploited in attacks
Nightmare Eclipse drops claimed BitLocker bypass for Microsoft Windows
Exchange Flaw Lets Attackers Spoof Any Email Address
Attackers had month-long head start on patched Check Point VPN zero-day
Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks - SecurityWeek
Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
Cisco customers encounter another SD-WAN zero-day under attack | CyberScoop
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
Fortinet patched a new critical FortiSandbox flaw
Adobe Patches 123 Vulnerabilities - SecurityWeek
Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
Chrome's zero-day Whac-A-Mole continues with fifth exploited bug of the year
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
Max-Severity Ivanti Sentry Flaw Exploited Within 24 Hours
21 0-Day Vulnerabilities in FFmpeg Enables Remote Code Execution Attacks
Path traversal flaw in AI dev platform Langflow exploited in attacks
High-severity vulnerability in Linux caused by a single faulty character - Ars Technica
LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271) - Help Net Security
Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
OpenSSL Patches High-Severity Vulnerability Found With AI - SecurityWeek
Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters - SecurityWeek
SAP Patches Critical NetWeaver, Commerce Vulnerabilities - SecurityWeek
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances
U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog
Splunk, Palo Alto Networks Patch Severe Vulnerabilities - SecurityWeek
Multiple Splunk Enterprise Vulnerabilities Allow Attackers to Execute Malicious Script
UniFi OS Server Critical RCE Chain Allows Root Access Without Credentials
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
Critical HVAC and UPS Vulnerabilities Could Let Hackers Disrupt Data Centers - SecurityWeek
Gogs patches critical zero-day enabling remote code execution
Russian APTs Still Exploiting Patched WinRAR Flaw CVE-2025-8088
Critical Everest Forms Pro flaw exploited to take over WordPress sites
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
Automotive
Construction
Critical National Infrastructure (CNI)
Defence & Space
Education & Academia
Energy & Utilities
Estate Agencies
Financial Services
FinTech
Food & Agriculture
Gaming & Gambling
Government & Public Sector (including Law Enforcement)
Health/Medical/Pharma
Hotels & Hospitality
Insurance
Legal
Manufacturing
Maritime & Shipping
Oil, Gas & Mining
OT, ICS, IIoT, SCADA & Cyber-Physical Systems
Retail & eCommerce
Small and Medium Sized Businesses (SMBs)
Startups
Telecoms
Third Sector & Charities
Transport & Aviation
Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.