Black Arrow Cyber Threat Intelligence Briefing 13 February 2026
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
We start this week with some actions for business leaders to address new and emerging threats including malicious Outlook add-ins and Chrome extensions disguised as AI chatbots, as well as an evolution of classic payroll fraud. We also report on how attackers, once in your system, are increasingly using data leak sites on the dark web to force victims to pay.
AI, as expected, is proving to be an escalating risk. We include a number of examples used by attackers including deepfake fraud, hidden instructions that manipulate AI, and data poisoning. AI is also empowering criminals to conduct traditional attacks more successfully. This information highlights that organisations to consider their entire ecosystem in their threat modelling to identify the necessary cyber controls, which should consider security as well as the minimum standards for regulatory compliance.
We finish with an article written by one of our Directors for the magazine of the Institute of Chartered Accountants of Scotland (ICAS), on the value of the UK Government’s Cyber Governance Code of Practice.
Contact us to discuss how to apply these insights in your security strategy in a pragmatic and proportionate manner.
Top Cyber Stories of the Last Week
‘Dead’ Outlook Add-In Hijacked to Phish 4,000 Microsoft Office Store Users
Researchers at Koi Security found that an abandoned Outlook add-in called AgreeTo was taken over and used to steal Microsoft account log-in details from around 4,000 users. The abandoned add‑in relied on an external website to load its content when used; the attacker took over that website and replaced it with a fake Microsoft login page to gain access to the user’s Outlook. This allowed the attacker to access the user’s emails by using previously granted permissions.
30+ Chrome Extensions Disguised as AI Chatbots Steal Users’ API Keys, Emails, Other Sensitive Data
More than 30 malicious Chrome extensions disguised as AI chatbot tools have been found stealing sensitive information from at least 260,000 users. The extensions share the same code and link back to a single operator in a campaign called AiFrame. Some use embedded web pages to mimic trusted tools, allowing them to harvest browsing data, login details, API keys, and even Gmail messages and drafts.
https://www.theregister.com/2026/02/12/30_chrome_extensions_ai/
Payroll Pirates Are Conning Help Desks to Steal Workers’ Identities and Redirect Paychecks
Binary Defense investigated a December 2025 incident where criminals redirected a physician’s salary by manipulating a help desk, exploiting people and weak internal processes rather than breaking through technical defences. After gaining access to a shared email mailbox, the attacker phoned the help desk, claimed they were locked out and needed urgent access, and persuaded staff to reset the password and multi-factor authentication. They then used the organisation’s own virtual desktop system so activity looked normal, accessed the Workday payroll platform, and changed bank details. This was only spotted when the physician was not paid.
https://www.theregister.com/2026/02/11/payroll_pirates_business_social_engineering/
Naming and Shaming: How Ransomware Groups Tighten the Screws on Victims
Ransomware groups are increasingly using data leak sites on the dark web to pressure organisations into paying, by stealing information and threatening to publish it publicly. These sites often release a small sample, such as emails or contracts, then use deadlines and public exposure to force rapid decisions, even before leaders have full clarity on what was taken. The impact can spread beyond the initial victim, with stolen data reused for fraud, phishing, and attacks on customers and partners. Paying a ransom does not guarantee recovery or confidentiality, and some victims are targeted again within months.
LummaStealer Infections Surge After CastleLoader Malware Campaigns
LummaStealer, a criminal malware‑as‑a‑service operation disrupted in May 2025 when authorities seized 2,300 malicious domains, is scaling up again. Activity resumed in July 2025 and grew sharply between December 2025 and January 2026. Infections are increasingly spread through ClickFix pages that show fake verification prompts and trick users into running a PowerShell command, which silently installs LummaStealer to capture passwords, browser data, and other sensitive information.
Devilish Devs Spawn 287 Chrome Extensions to Flog Your Browser History to Data Brokers
A security researcher has identified 287 Google Chrome extensions, with an estimated 37.4 million installations, that allegedly share users’ browsing histories with more than 30 organisations. Browsing history is a record of websites visited and can reveal sensitive interests or activities; even when anonymised, it can often be linked back to individuals. Many of the extensions present as harmless tools while requesting broad access that is not clearly justified, with privacy policies that may obscure how data is used. The findings highlight the need for tighter controls over browser add-ons and clearer user awareness.
https://www.theregister.com/2026/02/11/security_researcher_287_chrome_extensions_data_leak/
AI Threat Modelling Must Include Supply Chain, Agents, and Human Risk
Palo Alto Networks reports that 99% of organisations suffered at least one attack on an AI system in the past year, underscoring that AI risk is not solved by strengthening cloud infrastructure alone. Effective protection must cover the wider ecosystem including the third party software and data used to build and run AI, as well as the automated AI agents that can take actions on behalf of staff, and the people who approve changes. When agents have broad permissions, attackers can manipulate what they read and influence what they do without obvious signs of hacking. These risks can be better managed through strong governance, strict access controls and better monitoring.
https://cyberscoop.com/ai-threat-modeling-beyond-cloud-infrastructure-op-ed/
Deepfake Fraud Taking Place on an Industrial Scale, Study Finds
Deepfake fraud is now happening at industrial scale, with inexpensive AI tools making it easy to create convincing fake video and voice that impersonate trusted people such as journalists, politicians or company leaders. The AI Incident Database has logged more than a dozen recent cases, and researchers estimate fraud and manipulation have been the largest category of reported incidents in 11 of the past 12 months. The impact is real: a finance officer at a Singaporean multinational transferred nearly $500,000 after a fake video call, while UK consumers are estimated to have lost £9.4bn to fraud in the nine months to November 2025.
Supply Chain Attacks Now Fuel a ‘Self-Reinforcing’ Cybercrime Economy
Group-IB warns that criminals are increasingly using supply chain attacks as an industrial-scale route of entry into many organisations, by compromising trusted suppliers, service providers, or widely used software components. The report describes a self-reinforcing cycle where stolen login details and abused sign-in permissions are used to gain access to cloud business services; the attacker then moves across connected partners before deploying ransomware or extortion. Over the next year, Group-IB expects attacks to speed up through AI tools that scan suppliers. It is also expected that identity-based intrusions will increasingly replace traditional malware; these can be harder to spot because attackers appear to be legitimate users.
https://www.theregister.com/2026/02/12/supply_chain_attacks/
These 4 Critical AI Vulnerabilities Are Being Exploited Faster than Defenders Can Respond
Researchers warn that companies are rolling out AI faster than they can secure it, and several major weaknesses currently have no reliable fix. Attackers can manipulate AI agents to carry out cyber attacks, including tricking AI tools using hidden instructions, poisoning training data very cheaply, and using deepfake audio or video to impersonate executives. Studies show prompt‑based attacks work against 56% of large AI models, training data can be poisoned using just 250 malicious documents for about $60, and deepfake scams have already enabled major fraud.
https://www.zdnet.com/article/ai-security-threats-2026-overview/
Those 'Summarise With AI' Buttons May Be Lying to You
Microsoft has found that some ‘Summarise with AI’ buttons on websites hide instructions designed to influence the answers given by AI assistants. These hidden prompts can quietly steer the assistant toward recommending a particular company or source. Microsoft detected 50 such attempts across 31 companies in 14 industries, meaning senior decision makers could receive biased advice without realising it. This works by pre‑filling prompts and, in some cases, storing them using the assistant’s memory feature.
https://www.darkreading.com/cyber-risk/summarize-ai-buttons-may-be-lying
Which Cyber Security Terms Your Management Might Be Misinterpreting
Clear, shared language between the CISO and the Board is essential because common cyber security terms are often misunderstood, leading to misdirected spending and false confidence. Cyber risk is a business risk tied to continuity, financial loss, and reputation, not just an IT uptime issue. Compliance only proves minimum standards at a point in time and does not equal safety. Leaders should distinguish weaknesses from threats and the resulting business risk, and avoid assuming recovery plans alone cover a cyber attack. Zero-trust and cloud security also require long term process change, not a product purchase.
https://www.kaspersky.co.uk/blog/language-of-risk-key-cybersecurity-terms-for-the-board/30035/
Follow the Code
The UK government’s Cyber Governance Code of Practice is becoming an important framework for business leaders as cyber‑attacks rise. It contains clear actions to help achieve proportionate and evidence-based governance, avoiding ‘compliance theatre’. Leaders are expected to improve their own cyber literacy, understand the business impact of a cyber incident, and to challenge the evidence provided to them including from control providers in IT. Two high value elements are realistic incident rehearsals, and quarterly reviews of cyber metrics. The Code complements established cyber security frameworks and standards, and supports wider governance regimes. Boards are encouraged to discuss adopting the Code and to use specialist expertise to strengthen their oversight.
Governance, Risk and Compliance
Supply chain breaches fuel cybercrime cycle, report says • The Register
69% of CISOs open to career move — including leaving role entirely | CSO Online
Attackers are moving at machine speed, defenders are still in meetings - Help Net Security
Schrödinger's cat and the enterprise security paradox | CSO Online
Security in the Dark: Recognizing the Signs of Hidden Information - SecurityWeek
CISOs to pour 2026 budgets into AI as cybersecurity priorities shift | Ctech
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Groups May Pivot Back to Encryption as Data Theft Tactics Falter - SecurityWeek
Reynolds ransomware uses BYOVD to disable security before encryption
Naming and shaming: How ransomware groups tighten the screws on victims
Nitrogen’s ransomware can’t be decrypted — even by Nitrogen – DataBreaches.Net
Black Basta Ransomware Actors Embeds BYOVD Defense Evasion Component with Ransomware Payload Itself
Interlock Ransomware Actors New Tool Exploiting Gaming Anti-Cheat Driver 0-Day to Disable EDR and AV
Phorpiex Phishing Delivers Low-Noise Global Group Ransomware - Infosecurity Magazine
Attackers Weaponizing Windows Shortcut File to Deliver Global Group Ransomware
As ransomware recedes, a new more dangerous digital parasite rises | ZDNET
From Ransomware to Residency: Inside the Rise of the Digital Parasite
Crazy ransomware gang abuses employee monitoring tool in attacks
FTC warns poor cybersecurity leaves consumers open to ransomware | Cybernews
0APT ransomware group rises swiftly with bluster, along with genuine threat of attack | CyberScoop
Under-reporting masks scale of ransomware crisis, ESET warn
Italian university La Sapienza hit by massive IT outage
Ransomware Victims
Payments platform BridgePay confirms ransomware attack behind outage
BridgePay Confirms Ransomware Attack, No Card Data Compromised - Infosecurity Magazine
Phishing & Email Based Attacks
Surge in AI-Driven Phishing Attacks and QR Code Quishing in 2025 Spam and Phishing Report
Phorpiex Phishing Delivers Low-Noise Global Group Ransomware - Infosecurity Magazine
‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users – Computerworld
Flickr moves to contain data exposure, warns users of phishing
Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign
Other Social Engineering
Surge in AI-Driven Phishing Attacks and QR Code Quishing in 2025 Spam and Phishing Report
Payroll pirates conned the help desk, stole employee’s pay • The Register
DPRK IT Workers Use Stolen LinkedIn Identities to Secure Remote Employment
EDR, Email, and SASE Miss This Entire Class of Browser Attacks
Digital squatters are weaponizing your muscle memory to steal passwords | Cybernews
State-sponsored cyber spies directly target defense industry employees across West | Cybernews
Dating online this Valentine’s Day? Here’s how to spot an AI romance scam - Digital Trends
A new wave of romance scams is washing across the internet—here's how to stay safe
2FA/MFA
Police arrest seller of JokerOTP MFA passcode capturing tool
Artificial Intelligence
Surge in AI-Driven Phishing Attacks and QR Code Quishing in 2025 Spam and Phishing Report
Deepfake fraud taking place on an industrial scale, study finds | Deepfake | The Guardian
Google says hackers are abusing Gemini AI for all attacks stages
42,900 OpenClaw Exposed Control Panels and Why You Should Care - Security Boulevard
These 4 critical AI vulnerabilities are being exploited faster than defenders can respond | ZDNET
30+ Chrome extensions disguised as AI chatbots steal secrets • The Register
Those 'Summarize With AI' Buttons May Be Lying to You
AI threat modeling must include supply chains, agents, and human risk | CyberScoop
Attackers are moving at machine speed, defenders are still in meetings - Help Net Security
OpenClaw's Gregarious Insecurities Make Safe Usage Difficult
Moltbook: Cutting Through the AI Hype to the Real Security Risks - IT Security Guru
AI agents behave like users, but don't follow the same rules - Help Net Security
Living off the AI: The Next Evolution of Attacker Tradecraft - SecurityWeek
North Korean Hackers Use Deepfake Video Calls to Target Crypto Firms - Infosecurity Magazine
Your AI browser is a cybersecurity threat you’re not prepared for
Security professionals express concern over OpenClaw - SD Times
Threat Actors Weaponize ChatGPT, Grok and Leverages Google Ads to Distribute macOS AMOS Stealer
Why your AI doctor doesn't follow HIPAA: The hidden risks of medical chatbots | CyberScoop
Cloud teams are hitting maturity walls in governance, security, and AI use - Help Net Security
Indian police commissioner wants ID cards for AI agents • The Register
AI hacking platform WormGPT has user data leaked, attackers claim | Cybernews
VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code - Infosecurity Magazine
Bots/Botnets
DDoS deluge: Brit biz battered by record botnet blitz • The Register
Kimwolf Botnet Swamps Anonymity Network I2P – Krebs on Security
New Linux botnet SSHStalker uses old-school IRC for C2 comms
Careers, Roles, Skills, Working in Cyber and Information Security
69% of CISOs open to career move — including leaving role entirely | CSO Online
Survey: Widespread Adoption of AI Hasn't Yet Reduced Cybersecurity Burnout - Security Boulevard
What happens when cybersecurity knowledge walks out the door - Help Net Security
Cloud/SaaS
AI threat modeling must include supply chains, agents, and human risk | CyberScoop
VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code - Infosecurity Magazine
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
Sovereign infrastructure spend to triple in Europe as fifth of workloads stay local | IT Pro
EU capitals say deleting US tech is not realistic – POLITICO
Cloud teams are hitting maturity walls in governance, security, and AI use - Help Net Security
Security teams are paying for sprawl in more ways than one - Help Net Security
Why organizations need cloud attack surface management | TechTarget
The invisible breach: how SaaS supply chains became cybersecurity’s new weak link
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
North Korean Hackers Use Deepfake Video Calls to Target Crypto Firms - Infosecurity Magazine
Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
North Korean hackers use new macOS malware in crypto-theft attacks
Cyber Crime, Organised Crime & Criminal Actors
Supply chain breaches fuel cybercrime cycle, report says • The Register
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
Police arrest seller of JokerOTP MFA passcode capturing tool
On the Front Lines of Cybercrime - Africa Defense Forum
Data Breaches/Leaks
30+ Chrome extensions disguised as AI chatbots steal secrets • The Register
Handful of breaches expose most patient data in UK | Cybernews
UK blames legacy IT for incomplete data protection progress • The Register
Nearly 17,000 Volvo staff dinged in supplier breach • The Register
South Korea Blames Coupang Data Breach on Management Failure, Not Sophisticated Attack
Security researcher finds 287 Chrome extensions leaking data • The Register
Why your AI doctor doesn't follow HIPAA: The hidden risks of medical chatbots | CyberScoop
Odido data breach exposes personal info of 6.2 million customers
AI hacking platform WormGPT has user data leaked, attackers claim | Cybernews
Flickr Security Incident Tied to Third-Party Email System - SecurityWeek
European Governments Breached in Zero-Day Attacks Targeting Ivanti - Infosecurity Magazine
Budget leak bigger than thought, says NCSC - www.rossmartin.co.uk
Polish hacker charged seven years after massive Morele.net data breach
Fairphone denies any hack behind suspicious emails - Android Authority
Data Protection
UK blames legacy IT for incomplete data protection progress • The Register
Data/Digital Sovereignty
Sovereign infrastructure spend to triple in Europe as fifth of workloads stay local | IT Pro
EU capitals say deleting US tech is not realistic – POLITICO
Denial of Service/DoS/DDoS
DDoS deluge: Brit biz battered by record botnet blitz • The Register
Encryption
"Encrypt It Already" Campaign Pushes Big Tech on E2E Encryption
Fraud, Scams and Financial Crime
Deepfake fraud taking place on an industrial scale, study finds | Deepfake | The Guardian
Payroll pirates conned the help desk, stole employee’s pay • The Register
Fake Dubai Crown Prince tracked to Nigerian mansion after $2.5M romance scam
'Digital squatting' hits new levels as hackers target brand domains | TechRadar
Dating online this Valentine’s Day? Here’s how to spot an AI romance scam - Digital Trends
A new wave of romance scams is washing across the internet—here's how to stay safe
FTC warns poor cybersecurity leaves consumers open to ransomware | Cybernews
60% of Financial Cyberattacks Begin with Stolen Logins: UAE Cyber Security Council
Fugitive behind $73M 'pig butchering' scheme gets 20 years in prison
Identity and Access Management
Why identity recovery is now central to cyber resilience | CSO Online
Insider Risk and Insider Threats
AI threat modeling must include supply chains, agents, and human risk | CyberScoop
DPRK IT Workers Use Stolen LinkedIn Identities to Secure Remote Employment
Internet of Things – IoT
Hackers Are Targeting Your Smart Home. Here's How to Stop Them | PCMag
'Dodgy boxes': Irish homes warned after major global cyberattack targets Android-enabled TVs
What Organizations Need to Change When Managing Printers
Law Enforcement Action and Take Downs
Police arrest seller of JokerOTP MFA passcode capturing tool
Fugitive behind $73M 'pig butchering' scheme gets 20 years in prison
Dutch authorities seized one of Windscribe VPN's servers – here's everything we know | TechRadar
Polish hacker charged seven years after massive Morele.net data breach
Man pleads guilty to hacking nearly 600 women’s Snapchat accounts
Linux and Open Source
New Linux botnet SSHStalker uses old-school IRC for C2 comms
Malvertising
Social Media Platforms Earn Billions from Scam Ads - Infosecurity Magazine
Malware
‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users – Computerworld
LummaStealer infections surge after CastleLoader malware campaigns
30+ Chrome extensions disguised as AI chatbots steal secrets • The Register
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
Kimwolf Botnet Swamps Anonymity Network I2P – Krebs on Security
Shai-hulud: The Hidden Costs of Supply Chain Attacks
Over 1,800 Windows Servers Compromised by BADIIS Malware in Large-Scale SEO Poisoning Campaign
Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
North Korean hackers use new macOS malware in crypto-theft attacks
VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code - Infosecurity Magazine
Threat Actors Weaponize ChatGPT, Grok and Leverages Google Ads to Distribute macOS AMOS Stealer
Cybercriminals Use Malicious Cybersquatting Attacks to Distribute Malware and Hijack Data
Malicious 7-Zip site distributes installer laced with proxy tool
Chinese-Made Malware Kit Targets Chinese-Based Edge Devices - Infosecurity Magazine
Sophisticated Cyber Attack Targets Wedding Industry With Teams-Based Malware Delivery
APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities
Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign
RATs in the Machine: Inside a Pakistan-Linked Three-Pronged Cyber Assault on India - SecurityWeek
Misinformation, Disinformation and Propaganda
From disinformation to espionage – Russia’s hybrid actions against Poland
Mobile
Security teams are paying for sprawl in more ways than one - Help Net Security
Google says 1 billion Android users need to buy a new phone now - PhoneArena
Germany warns of Signal account hijacking targeting senior figures
ZeroDayRAT spyware grants attackers total access to mobile devices
Is spyware hiding on your phone? How to find out and remove it - fast | ZDNET
Fairphone denies any hack behind suspicious emails - Android Authority
Models, Frameworks and Standards
Outages
Microsoft 365 outage takes down admin center in North America
Passwords, Credential Stuffing & Brute Force Attacks
First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials
60% of Financial Cyberattacks Begin with Stolen Logins: UAE Cyber Security Council
Digital squatters are weaponizing your muscle memory to steal passwords | Cybernews
Your router's default password is probably on a public database
Your browser extensions can see every password you type
Regulations, Fines and Legislation
Why your AI doctor doesn't follow HIPAA: The hidden risks of medical chatbots | CyberScoop
Cybersecurity Information Sharing Act of 2015 Reauthorized Through September 2026 – DataBreaches.Net
Social Media
Social Media Platforms Earn Billions from Scam Ads - Infosecurity Magazine
DPRK IT Workers Impersonating Individuals Using Real LinkedIn Accounts to Apply for Remote Roles
Man pleads guilty to hacking nearly 600 women’s Snapchat accounts
Discord Is Threatening To Restrict Your Account Unless You Provide ID And Facial Scans
Flickr moves to contain data exposure, warns users of phishing
TikTok under EU pressure to change its addictive algorithm - Help Net Security
Fears about TikTok’s policy changes point to a deeper problem in the tech industry
Supply Chain and Third Parties
AI threat modeling must include supply chains, agents, and human risk | CyberScoop
Supply chain breaches fuel cybercrime cycle, report says • The Register
Shai-hulud: The Hidden Costs of Supply Chain Attacks
Security teams are paying for sprawl in more ways than one - Help Net Security
Cloud teams are hitting maturity walls in governance, security, and AI use - Help Net Security
The invisible breach: how SaaS supply chains became cybersecurity’s new weak link
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
State-sponsored cyber spies directly target defense industry employees across West | Cybernews
Google Warns of 'Relentless' Cyber Siege on Defense Industry
State-sponsored hackers targeting defence sector employees, Google says | Espionage | The Guardian
EU Commission commits €347m to submarine cable security ...
Grey Zone Warfare - The Statesman
State spies snooping on Signal users, Germany warns | Cybernews
Singapore spent 11 months evicting suspected telco spies • The Register
Nation State Actors
German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists
Hackers Linked to State Actors Target Signal Messages of Military Officials and Journalists
China
Google: China's APT31 used Gemini to plan US cyberattacks • The Register
Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
Palo Alto Chose Not to Tie China to Hacking Campaign on Retaliation Fear: Sources
Chinese cyberspies breach Singapore's four largest telcos
Singapore spent 11 months evicting suspected telco spies • The Register
Senator doesn't trust telcos on Salt Typhoon mitigations • The Register
Chinese-Made Malware Kit Targets Chinese-Based Edge Devices - Infosecurity Magazine
China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
8.7 billion records spilled: Inside the massive Chinese data leak | Cybernews
Russia
The world’s default productivity tool is becoming a national security liability | Computer Weekly
State-sponsored hackers targeting defence sector employees, Google says | Espionage | The Guardian
EU Commission commits €347m to submarine cable security ...
From disinformation to espionage – Russia’s hybrid actions against Poland
Thwarted Winter Olympics hack highlights growing cyber exposure for major events | Insurance Times
Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign
Top Putin General Vladimir Alexeyev Behind U.S. Election Meddling Shot in Moscow
Russia tries to block WhatsApp, Telegram in communication blockade
North Korea
DPRK IT Workers Impersonating Individuals Using Real LinkedIn Accounts to Apply for Remote Roles
North Korean Hackers Use Deepfake Video Calls to Target Crypto Firms - Infosecurity Magazine
North Korean hackers use new macOS malware in crypto-theft attacks
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities
RATs in the Machine: Inside a Pakistan-Linked Three-Pronged Cyber Assault on India - SecurityWeek
State-sponsored cyber spies directly target defense industry employees across West | Cybernews
Google Warns of 'Relentless' Cyber Siege on Defense Industry
State-sponsored hackers targeting defence sector employees, Google says | Espionage | The Guardian
Tools and Controls
Reynolds ransomware uses BYOVD to disable security before encryption
Survey: Widespread Adoption of AI Hasn't Yet Reduced Cybersecurity Burnout - Security Boulevard
Interlock Ransomware Actors New Tool Exploiting Gaming Anti-Cheat Driver 0-Day to Disable EDR and AV
Crazy ransomware gang abuses employee monitoring tool in attacks
Security in the Dark: Recognizing the Signs of Hidden Information - SecurityWeek
Dutch authorities seized one of Windscribe VPN's servers – here's everything we know | TechRadar
What Organizations Need to Change When Managing Printers
"Encrypt It Already" Campaign Pushes Big Tech on E2E Encryption
Microsoft Copilot Security Has a Blind Spot — And It’s at Runtime - Security Boulevard
Ransomware crews abuse bossware to blend into networks • The Register
CISOs to pour 2026 budgets into AI as cybersecurity priorities shift | Ctech
Organizations Urged to Replace Discontinued Edge Devices - SecurityWeek
Other News
NCSC Issues Warning Over “Severe” Cyber-Attacks Targeting CNI - Infosecurity Magazine
Cyberattacks emerges as “material transaction risk” for PE | Insurance Business
Cyber risk is becoming a hold-period problem for private equity firms - Help Net Security
European Commission Investigating Cyberattack - SecurityWeek
‘Prepare for blackouts’: Ed Miliband’s net zero revolution is a hacker’s dream
A case of when, not if – the reality of Cyber-attacks | London City Hall
Rising threats require a battle-tested electricity system for Europe, says Eurelectric report
How Emerging Threats Are Forcing A Reboot Of Defence Industrial Base Security Policy | Scoop News
Vulnerability Management
CVEs set to hit record high levels in 2026 - BetaNews
FIRST Forecasts Record-Breaking 50,000+ CVEs in 2026 - Infosecurity Magazine
Time to Exploit Plummets as N-Day Flaws Dominate - Infosecurity Magazine
New Data Tool Helps Orgs Prioritize Exploited Flaws Smarter
Google says 1 billion Android users need to buy a new phone now - PhoneArena
Upgrade Now: Microsoft Issues Security Warning to Those Still on Windows 10
Infosec researchers mull curious case of Telnet ancient flaw • The Register
Organizations Urged to Replace Discontinued Edge Devices - SecurityWeek
Vulnerabilities
Microsoft just patched 6 zero-days, but you might want to hold off updating - here's why | ZDNET
Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms
Chrome 145 Patches 11 Vulnerabilities - SecurityWeek
Cisco Meeting Management Vulnerability Let Remote Attacker Upload Arbitrary Files
F5 Patches Critical Vulnerabilities in BIG-IP, NGINX, and Related Products
SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers
Apple Patches iOS Zero-Day Exploited in 'Extremely Sophisticated Attack' - SecurityWeek
Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices
Windows Notepad is now complex enough to have a serious security flaw | PCWorld
Windows 11 Notepad flaw let files execute silently via Markdown links
Microsoft begins Secure Boot certificate update for Windows devices - Help Net Security
Chipmaker Patch Tuesday: Over 80 Vulnerabilities Addressed by Intel and AMD - SecurityWeek
BeyondTrust warns of critical RCE flaw in remote support software
Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution
Critical Fortinet FortiClientEMS flaw allows remote code execution
Claude Desktop Extensions 0-Click RCE Vulnerability Exposes 10,000+ Users to Remote Attacks
Ivanti EPMM exploitation: Researchers warn of "sleeper" webshells - Help Net Security
83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure
Hackers breach SmarterTools network using flaw in its own software
Ransomware group breached SmarterTools via flaw in its SmarterMail deployment - Help Net Security
Dutch data watchdog caught up in Ivanti zero-day attacks • The Register
WordPress plugin with 900k installs vulnerable to critical RCE flaw
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.