Black Arrow Cyber Threat Intelligence Briefing 13 March 2026
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Cyber security is based on risk management and governance; we start this week with research on the views of business and security leaders on how effective that governance is. We also share insights on an impactful incident where Iranian attackers accessed an organisation’s Microsoft Intune platform and remotely wiped large numbers of the victim’s Windows devices. The Middle East conflict also highlights the challenges with cyber insurance coverage and war exclusions.
The second half of our briefing includes developments in attacker tactics, from fake versions of familiar apps to AI-driven malware and exploiting poor password choices of employees, highlighting again that employees are at the front line of cyber security and are vital to safeguarding the organisation.
These threats and the required actions require business leaders to have their own clear and objective understanding of their organisation’s risk and the options for security controls spanning people, operations and technology. Credible and informed governance underpins all of this. Contact us to discuss how to achieve this, proportionate to your profile.
Top Cyber Stories of the Last Week
Only 30 Minutes per Quarter on Cyber Risk: Why CISO-Board Conversations Are Falling Short
New research suggests many boards are not spending enough time on cyber risk, with most security leaders given just 30 minutes each quarter and only 30% of boards describing the relationship as strong and collaborative. While 95% of security leaders report to the board regularly, discussions often stay at a high level and do not explore future risks such as artificial intelligence, which can both power more advanced cyber attacks and create new business exposures. Boards often stop short of experiencing cyber risk directly, with fewer than half participating in tabletop exercises or crisis simulations, indicating that reporting still focuses more on the current state than on preparing directors for what comes next.
The Who, What, and Why of the Attack That Has Shut Down Stryker’s Windows Network
A US‑based healthcare technology company, Stryker, has suffered a major cyber disruption after a pro-Iranian hacking group claimed responsibility for wiping large numbers of the company’s Windows systems. Reports suggest attackers may have used Microsoft Intune to issue deletion commands across Stryker’s Windows network, while other reports indicated that the erased devices displayed the Handala Hack logo, a group aligned with Iran’s Ministry of Intelligence. Stryker says it has found no evidence of ransomware or traditional malware; the attackers framed the attack as retaliation for recent US and Israeli military action.
Insights: Increased Risk of Wiper Attacks
Organisations face a heightened risk of disruptive cyber attacks linked to the conflict with Iran, with attackers reportedly gaining access to networks using legitimate corporate user credentials and then deleting servers and workstations. Israeli authorities have already reported several cases where operations were disrupted in this way. To manage this risk, organisations should reduce always-on administrator access, strengthen multi-factor authentication, tightly control high impact actions, monitor for unusual remote wipe activity and keep secure offline backups. Regular staff training is also essential, as email deception remains a common entry point.
https://unit42.paloaltonetworks.com/handala-hack-wiper-attacks/
Iran Plots 'Infrastructure Warfare' Against US Tech Giants
Iran has identified nearly 30 facilities linked to major US technology companies as potential targets, according to reporting from Iranian state‑affiliated media, including Amazon, Google, IBM, Microsoft, Nvidia, Oracle and Palantir across Bahrain, Israel, Qatar and the UAE. The move follows reported strikes on three Amazon Web Services data centres in the region, which disrupted some cloud services and forced several providers to activate disaster recovery plans. For business leaders, this highlights how geopolitical conflict can quickly affect digital services, supply chains and operational resilience far beyond the immediate area.
https://www.theregister.com/2026/03/11/iran_threatens_us_tech_companies/
Middle East Conflict Tests Cyber War Exclusions, S&P Warns
S&P Global Ratings has warned that rising cyber activity linked to the Middle East conflict could expose weaknesses in cyber insurance, particularly where policy wording struggles to separate acts of war from criminal activity. Recent incidents have mainly caused disruption rather than major insured losses, but the risk of more damaging attacks remains. The agency also noted that cyber insurance premiums could more than double by the end of the decade. For leaders, the concern is clear: a single large-scale event could disrupt multiple organisations at once and leave uncertainty over what is actually covered.
New Windows Malware Impersonates Everyday Apps to Infect Your Computer
Microsoft has warned of a Windows malware campaign that tricks people into downloading fake versions of familiar apps such as Adobe, Teams, Zoom and Google Meet through convincing phishing emails and counterfeit PDF prompts. The malicious software can appear legitimate because it looks digitally signed, a feature many people associate with trust. Once installed, the fake applications deploy remote monitoring and management tools, and create a secondary copy of the application as a Windows service to maintain persistence in the victim’s systems. The campaign is a reminder of the need to control software downloads, and to treat unexpected email attachments and update prompts with caution.
https://www.bgr.com/2119188/windows-malware-impersonates-signed-apps-infect-computer/
Cyber Attacks on UK Firms Increase at Four Times Global Rate
UK organisations are facing a sharp rise in cyber attacks, with incidents up 36% year on year in February 2026, compared with 9.8% globally. Education, energy, government, healthcare and financial services were among the hardest hit sectors. Ransomware, where criminals lock systems or data until a payment is made, remains a serious threat. At the same time, growing use of generative AI is increasing the risk of sensitive business information being accidentally exposed through employee prompts.
https://www.infosecurity-magazine.com/news/cyberattacks-uk-firms-increase/
Why Cyber Security Threats Are Growing
Organisations are facing a fast-growing cyber security threat as attacks become cheaper, faster and more convincing, particularly with the rise of artificial intelligence. The average global cost of a single data breach is about $4.4 million, while reported losses in the United States exceeded $10 million between March 2024 and February 2025. New tactics such as realistic fake audio and video, used to impersonate senior executives, are increasing fraud risks. For leadership teams, the message is clear: cyber security must be treated as a business resilience issue, supported by stronger authentication practices, employee training and greater awareness of how AI-enabled deception can bypass traditional defences.
https://time.com/7382979/cybersecurity-threats-are-growing/
The Human Side of Password Security That Tools Can’t Fix
Weak and reused passwords remain one of the easiest ways for attackers to gain access, and the problem is often human behaviour rather than a lack of technology. Annual training alone is rarely enough, so organisations should reinforce simple, practical guidance throughout the year. Stronger habits are most effective when backed by approved password managers, longer unique passphrases, and multi-factor authentication, which adds a second check to confirm identity. Leaders should also ensure existing security tools are fully enabled, as many already include stronger password controls that are not being used.
https://www.msspalert.com/perspective/the-human-side-of-password-security-that-tools-cant-fix
Credential Stuffing in 2025 – How Combolists, Infostealers and Account Takeover Became an Industry
Stolen usernames and passwords remain one of the most common ways into organisations, contributing to around a fifth of confirmed data breaches over the last three years. Criminal groups now treat account takeover as a low cost, high volume business, using malware to harvest login details and automated tools to test them across multiple services. Recent incidents affected more than 20,000 Australian pension accounts, while one major US healthcare breach caused a $22 million ransom payment and an estimated $872 million in disruption costs. The clearest safeguard is strong multi-factor authentication, which requires more than a password to gain access.
Microsoft: Hackers Abusing AI at Every Stage of Cyber Attacks
Microsoft reports that criminals are now using artificial intelligence to speed up and scale cyber attacks at almost every stage, from research and convincing scam emails to malicious software and follow-on activity after access is gained. The technology helps less skilled attackers work faster by producing text, code and fake online identities, while human operators choose the targets and direct the attack. The wider risk is that AI is lowering the barrier to entry, making established tactics easier to deliver at greater volume and with more convincing social engineering.
Microsoft Warns North Korean Threat Groups Are Scaling Up Fake Worker Schemes With Generative AI
Microsoft reports that North Korean groups are using generative AI to make fake remote worker schemes faster, more convincing and harder to detect. AI is helping them build realistic online identities, tailor job applications, mimic internal communications in multiple languages and even alter photos for identity documents. In some cases, it is also being used after hiring to draft credible messages, answer technical questions and produce code. Microsoft warns this could increase the scale and success of fraud, espionage and data theft against global organisations.
https://cyberscoop.com/microsoft-north-korea-ai-operations/
Google Threat Intelligence Group Warns Enterprise Systems Increasingly Targeted by Zero-Day Exploits
Google reports that attackers continued to exploit previously unknown software flaws at a high rate in 2025, with 90 cases tracked during the year. The focus is shifting away from consumer software towards business systems such as networking equipment, security tools and virtualisation platforms that help run corporate IT. Mobile devices were also targeted more often, rising from 9 cases in 2024 to 15 in 2025. The report warns that commercial surveillance firms are now playing a larger role in these attacks and that attackers may increasingly use AI tools to automate reconnaissance, vulnerability discovery and exploit development.
Threats
Ransomware, Extortion and Destructive Attacks
Majority of cyber insureds refuse to pay ransomware: Coalition :: Insurance Day
Initial cyber ransom demands grew by 47% in 2025 | Insurance Times
Revealed - what's changing about cyber claims | Insurance Business
Termite ransomware breaches linked to ClickFix CastleRAT attacks
Ransomware record year | Professional Security Magazine
Insights: Increased Risk of Wiper Attacks
Destructive Activity Targeting Stryker Highlights Emerging Supply Chain Risks - Security Boulevard
Is cyberattack on U.S. health care firm the next phase of the Iran war? - National | Globalnews.ca
Stryker flags disruption to orders, manufacturing a day after cyberattack - CNA
Phobos Ransomware admin faces up to 20 years after guilty plea
Russian Ransomware Operator Pleads Guilty in US - SecurityWeek
The people behind cyber extortion are often in their forties - Help Net Security
Ransomware and Destructive Attack Victims
US Medical Equipment Maker Disabled In Hack Claimed By Iran
bne IntelliNews - Hacker group Handala claims cyber attack on US medical firm Stryker Corporation
How an Iranian-backed group crippled Stryker’s Irish HQ with a ‘wiper’ cyberattack
Crims hit EV charger firm ELECQ, steal customer contact data • The Register
INC Ransomware Group Holds Healthcare Hostage in Oceania
Phishing & Email Based Attacks
Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes
Microsoft Teams phishing targets employees with A0Backdoor malware
Signed Malware Masquerading as Teams, Zoom Apps Drops RMM Backdoors
Attackers use AiTM phishing kit, typosquatted domains to hijack AWS accounts - Help Net Security
New ‘BlackSanta’ EDR killer spotted targeting HR departments
HR, recruiters targeted in year-long malware campaign - Help Net Security
EU court adviser says banks must immediately refund phishing victims
Phishers hide scam links with IPv6 trick in “free toothbrush” emails | Malwarebytes
Phishing scammers weaponize ICE ragebait | PCWorld
Other Social Engineering
Termite ransomware breaches linked to ClickFix CastleRAT attacks
Microsoft spots ClickFix scam spreading Lumma infostealer • The Register
Fake Claude Code install guides push infostealers in InstallFix attacks
ClickFix Campaign Uses Fake VCs on LinkedIn to Deliver Malware to Crypto and Web3 Professionals
Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer
'InstallFix' Attacks Spread Fake Claude Code Sites
Researchers uncover AI-powered vishing platform - Help Net Security
EU court adviser says banks must immediately refund phishing victims
SIM Swaps Expose a Critical Flaw in Identity Security - SecurityWeek
Compromised WordPress Sites Deliver ClickFix Attacks - Infosecurity Magazine
2FA/MFA
Where Multi-Factor Authentication Stops and Credential Abuse Starts
Artificial Intelligence
Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes
AI-Driven Insider Risk Now a “Critical Business Threat,” Report Warns - Infosecurity Magazine
Microsoft: Hackers abusing AI at every stage of cyberattacks
Fake Claude Code install guides push infostealers in InstallFix attacks
CISOs in a Pinch: A Security Analysis of OpenClaw | Trend Micro (US)
AI is supercharging cloud cyberattacks - and third-party software is the most vulnerable | ZDNET
Most executives have no idea how many employees are actually using AI | IT Pro
AI has overtaken stolen passwords as the top identity threat, report says - BetaNews
Iran war: AI-fueled cyberattacks are escalating. Here's what to know
Agentic attack chains advance as infostealers flood criminal markets - Help Net Security
Researchers uncover AI-powered vishing platform - Help Net Security
Nation-State Actor Embraces AI Malware Assembly Line
Nation-State Hackers Play the Vibes - InfoRiskToday
AI Adoption Is Forcing Security Teams to Rethink Browser Defense - Security Boulevard
FBI says even in an AI-powered world, security basics still matter | CyberScoop
AI on the battlefield: How is the US integrating AI into its military?
AI is transforming modern warfare. It also wants to dismantle the rules | The Independent
'InstallFix' Attacks Spread Fake Claude Code Sites
5 Inconvenient Truths: How Agentic AI Breaks Your Security Playbook | SECURITY.COM
AI agent hacked McKinsey chatbot for read-write access • The Register
GhostClaw Mimic as OpenClaw to Steal Everything from Developers
Europe unites to build sovereign cloud and AI infrastructure to stop reliance on US
Anthropic forms institute to study long-term AI risks facing society - Help Net Security
The Fallout Over OpenAI's Pentagon Deal Is Growing - Business Insider
OpenAI robotics leader resigns over concerns about surveillance and autonomous weapons | Fortune
Privacy risks of agentic oversharing on the Web | Brave
Trump’s cyber strategy emphasizes offensive operations, deregulation, AI | CSO Online
Bots/Botnets
KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet
Cloud/SaaS
Cloud Attackers Now Prefer Vulnerability Exploits Over Credentials - Infosecurity Magazine
AI is supercharging cloud cyberattacks - and third-party software is the most vulnerable | ZDNET
Attackers use AiTM phishing kit, typosquatted domains to hijack AWS accounts - Help Net Security
Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool
Google: Cloud attacks exploit flaws more than weak credentials
'Overly Permissive' Salesforce Cloud Configs in the Crosshairs
Hundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign - SecurityWeek
Middle East Conflict Highlights Cloud Resilience Gaps
UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
Cloud to ground: Iran puts foreign data centres on the front line | The Strategist
Salesforce issues new security alert tied to third customer attack spree in six months | CyberScoop
Europe unites to build sovereign cloud and AI infrastructure to stop reliance on US
Threat Actor Exploits Flaws and Uses Elastic Cloud SIEM to Manage Stol - Infosecurity Magazine
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
US contractor's son arrested over alleged $46M crypto theft • The Register
Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
ClickFix Campaign Uses Fake VCs on LinkedIn to Deliver Malware to Crypto and Web3 Professionals
Fake CleanMyMac site installs SHub Stealer and backdoors crypto wallets | Malwarebytes
Fake GitHub tools are wiping wallets of Windows users | Cybernews
FBI arrests suspect linked to $46M crypto theft from US Marshals
Hackers Use Fake CleanMyMac Site to Deploy SHub Stealer and Hijack Crypto Wallets
UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
Crypto Gets National Security Status In New US Cyber Strategy
Cyber Crime, Organised Crime & Criminal Actors
Iran MOIS Colludes With Criminals to Boost Cyberattacks
Cybercrime isn't just a cover for Iran's government goons • The Register
Data Breaches/Leaks
'Overly Permissive' Salesforce Cloud Configs in the Crosshairs
Hundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign - SecurityWeek
Scattered Spider attack on TfL affected 10 million people | Computer Weekly
Michelin Confirms Data Breach Linked to Oracle EBS Attack - SecurityWeek
GhostClaw Mimic as OpenClaw to Steal Everything from Developers
Crims hit EV charger firm ELECQ, steal customer contact data • The Register
Cal AI allegedly breached, hackers expose user data | Cybernews
Ericsson US discloses data breach after service provider hack
Data/Digital Sovereignty
Europe unites to build sovereign cloud and AI infrastructure to stop reliance on US
Denial of Service/DoS/DDoS
Teen crew caught selling DDoS attack tools - Help Net Security
Encryption
Swiss e-vote snafu leaves 2,048 ballots unreadable • The Register
Fraud, Scams and Financial Crime
That attractive online ad might be a malware trap - Help Net Security
A global investment scam is spreading across Facebook, WhatsApp, and more - what to look for | ZDNET
EU law advisor wants cybercrime protections fast-tracked • The Register
Signal warns users to be vigilant in spate of phishing attacks | Cybernews
Ghanain man pleads guilty to role in $100 million fraud ring
Dutch police start publicly shaming scammers into submission • The Register
EU court adviser says banks must immediately refund phishing victims
UK Launches New Crackdown Unit to Tackle Cyber-Fraud at the Source - Infosecurity Magazine
Identity and Access Management
AI has overtaken stolen passwords as the top identity threat, report says - BetaNews
SIM Swaps Expose a Critical Flaw in Identity Security - SecurityWeek
Insider Risk and Insider Threats
AI-Driven Insider Risk Now a “Critical Business Threat,” Report Warns - Infosecurity Magazine
Insurance
Majority of cyber insureds refuse to pay ransomware: Coalition :: Insurance Day
Revealed - what's changing about cyber claims | Insurance Business
Internet of Things – IoT
Crims hit EV charger firm ELECQ, steal customer contact data • The Register
DJI will pay $30K to the man who accidentally hacked 7,000 Romo robovacs | The Verge
Law Enforcement Action and Take Downs
Teen crew caught selling DDoS attack tools - Help Net Security
Dutch police start publicly shaming scammers into submission • The Register
UK Launches New Crackdown Unit to Tackle Cyber-Fraud at the Source - Infosecurity Magazine
Phobos Ransomware admin faces up to 20 years after guilty plea
Russian Ransomware Operator Pleads Guilty in US - SecurityWeek
Ghanain man pleads guilty to role in $100 million fraud ring
US contractor's son arrested over alleged $46M crypto theft • The Register
FBI arrests suspect linked to $46M crypto theft from US Marshals
Age Verification Laws Are Multiplying Like a Virus, and Your Linux Computer Might be Next
Police dismantles online gambling ring exploiting Ukrainian women
Linux and Open Source
Malvertising
A global investment scam is spreading across Facebook, WhatsApp, and more - what to look for | ZDNET
Malware
Browser extensions can install malware, researchers say | Cybernews
That attractive online ad might be a malware trap - Help Net Security
Hackers Use Fake CleanMyMac Site to Deploy SHub Stealer and Hijack Crypto Wallets
New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network
Fake Claude Code install guides push infostealers in InstallFix attacks
Agentic attack chains advance as infostealers flood criminal markets - Help Net Security
Microsoft spots ClickFix scam spreading Lumma infostealer • The Register
Crooks compromise WordPress sites, spread infostealers • The Register
Microsoft Teams phishing targets employees with A0Backdoor malware
Signed Malware Masquerading as Teams, Zoom Apps Drops RMM Backdoors
HR, recruiters targeted in year-long malware campaign - Help Net Security
Iran-linked MuddyWater deploys Dindoor malware against U.S. organizations
Massive GitHub malware operation spreads BoryptGrab stealer
Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft
Credential Stuffing in 2025 - How Combolists, Infostealers and Account Takeover Became an Industry
New 'Zombie ZIP' technique lets malware slip past security tools
ClickFix Campaign Uses Fake VCs on LinkedIn to Deliver Malware to Crypto and Web3 Professionals
Fake GitHub tools are wiping wallets of Windows users | Cybernews
UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
Nation-State Actor Embraces AI Malware Assembly Line
Nation-State Hackers Play the Vibes - InfoRiskToday
Compromised WordPress Sites Deliver ClickFix Attacks - Infosecurity Magazine
Over 100 GitHub Repositories Distributing BoryptGrab Stealer - SecurityWeek
Wikipedia hit by self-propagating JavaScript worm that vandalized pages
Chinese state hackers target telcos with new malware toolkit
Misinformation, Disinformation and Propaganda
Twitter suspended 800 million accounts last year — so why does manipulation remain so rampant?
Mobile
Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
Feds take notice of iOS vulnerabilities exploited under mysterious circumstances - Ars Technica
Government iPhone Exploits Reach Cybercriminals - DevX
New BeatBanker Android malware poses as Starlink app to hijack devices
Signal warns users to be vigilant in spate of phishing attacks | Cybernews
Spyware disguised as emergency-alert app sent to Israelis • The Register
A major security flaw could affect 1 in 4 Android phones - here's how to check yours | ZDNET
SIM Swaps Expose a Critical Flaw in Identity Security - SecurityWeek
You should lock your SIM card before someone else does
Models, Frameworks and Standards
EU Cyber Resilience Act: European Commission publishes draft guidance | Hogan Lovells - JDSupra
Germany Implements NIS2, Expanding Cybersecurity Obligations
EU NIS2 directive implemented into Polish law by president
Passwords, Credential Stuffing & Brute Force Attacks
Credential Stuffing in 2025 - How Combolists, Infostealers and Account Takeover Became an Industry
Cloud Attackers Now Prefer Vulnerability Exploits Over Credentials - Infosecurity Magazine
The Human Side of Password Security That Tools Can’t Fix | perspective | MSSP Alert
AI has overtaken stolen passwords as the top identity threat, report says - BetaNews
Google: Cloud attacks exploit flaws more than weak credentials
Where Multi-Factor Authentication Stops and Credential Abuse Starts
FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
Regulations, Fines and Legislation
EU Cyber Resilience Act: European Commission publishes draft guidance | Hogan Lovells - JDSupra
EU law advisor wants cybercrime protections fast-tracked • The Register
EU court adviser says banks must immediately refund phishing victims
CVE program funding secured, easing fears of repeat crisis | CSO Online
Germany Implements NIS2, Expanding Cybersecurity Obligations
EU NIS2 directive implemented into Polish law by president
Age Verification Laws Are Multiplying Like a Virus, and Your Linux Computer Might be Next
Crypto Gets National Security Status In New US Cyber Strategy
Anthropic sues the Pentagon after being labeled a threat to national security | Fortune
Trump’s cyber strategy emphasizes offensive operations, deregulation, AI | CSO Online
DHS CISO, deputy CISO exit amid reported IT leadership overhaul | FedScoop
White House Cybersecurity Strategy Is Light on Details, Big on Consequences
Social Media
Twitter suspended 800 million accounts last year — so why does manipulation remain so rampant?
A global investment scam is spreading across Facebook, WhatsApp, and more - what to look for | ZDNET
ClickFix Campaign Uses Fake VCs on LinkedIn to Deliver Malware to Crypto and Web3 Professionals
Software Supply Chain
AI is supercharging cloud cyberattacks - and third-party software is the most vulnerable | ZDNET
Over 100 GitHub Repositories Distributing BoryptGrab Stealer - SecurityWeek
Supply Chain and Third Parties
AI is supercharging cloud cyberattacks - and third-party software is the most vulnerable | ZDNET
UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
Michelin Confirms Data Breach Linked to Oracle EBS Attack - SecurityWeek
Ericsson US discloses data breach after service provider hack
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Cyberattacks and Unpredictable Targeting Remain an Iran Risk
Insights: Increased Risk of Wiper Attacks
Iran war: Is Europe prepared for the fallout?
Securing Critical Infrastructure in a Time of War
Chinese Nexus Actors Shift Focus to Qatar Amid Iranian Conflict
Hybrid warfare and Europe’s democratic resilience - Decode39
War spreads into cyberspace after Iran-linked hackers hit medtech giant Stryker - Help Net Security
Iran war: What role is cyber warfare played in Iran? - BBC News
Middle East conflict tests cyber war exclusions, S&P warns | Insurance Business
Heightened risk of severe cyberattacks amid Middle East conflict: S&P - Reinsurance News
AI on the battlefield: How is the US integrating AI into its military?
AI is transforming modern warfare. It also wants to dismantle the rules | The Independent
Submarine cables move to the center of critical infrastructure security debate - Help Net Security
How Chinese Hackers Reached America’s Surveillance Infrastructure - Security Boulevard
5 Actions Critical for Cybersecurity Leadership During International Conflicts - Security Boulevard
OpenAI robotics leader resigns over concerns about surveillance and autonomous weapons | Fortune
This spy tool has been quietly stealing data for years - Help Net Security
Defence secretary John Healey is losing sleep over our uncertain world
Nation State Actors
Nation-State Actor Embraces AI Malware Assembly Line
Nation-State Hackers Play the Vibes - InfoRiskToday
China
Chinese Nexus Actors Shift Focus to Qatar Amid Iranian Conflict
How Chinese Hackers Reached America’s Surveillance Infrastructure - Security Boulevard
Google: Spyware vendors, China-linked spies led 0-day abuse • The Register
Spyware suppliers exploit more zero-days than nation states | Computer Weekly
The New U.S. Cyber Strategy Misreads China’s Threat | Council on Foreign Relations
Chinese state hackers target telcos with new malware toolkit
Chinese Cyber Threat Lurks In Critical Asian Sectors for Years
China’s CERT warns OpenClaw can inflict nasty wounds • The Register
China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks
Russia
Hybrid warfare and Europe’s democratic resilience - Decode39
Signal issues scam warning to users after hackers target officials - BBC News
Russia-linked hackers appear on Iran war’s cyber front, but their impact is murky - Nextgov/FCW
This spy tool has been quietly stealing data for years - Help Net Security
Russian gang claims breach of US power grid cooperative | Cybernews
Phobos Ransomware admin faces up to 20 years after guilty plea
Russian Ransomware Operator Pleads Guilty in US - SecurityWeek
North Korea
UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
Iran
War spreads into cyberspace after Iran-linked hackers hit medtech giant Stryker - Help Net Security
Iran war: What role is cyber warfare played in Iran? - BBC News
Middle East conflict tests cyber war exclusions, S&P warns | Insurance Business
Heightened risk of severe cyberattacks amid Middle East conflict: S&P - Reinsurance News
Cyberattacks and Unpredictable Targeting Remain an Iran Risk
Iran conflict drives heightened espionage activity against Middle East targets | Proofpoint US
Iran war: AI-fueled cyberattacks are escalating. Here's what to know
Global business on alert for Iranian cyber-attack threat
Middle East Conflict Fuels Opportunistic Cyber Attacks - Security Boulevard
Iran plots 'infrastructure warfare' against US tech giants • The Register
Insights: Increased Risk of Wiper Attacks
Iran war: Is Europe prepared for the fallout?
Securing Critical Infrastructure in a Time of War
Iran-linked APT targets US critical sectors with new backdoors - Help Net Security
Iran MOIS Colludes With Criminals to Boost Cyberattacks
Cybercrime isn't just a cover for Iran's government goons • The Register
Middle East Conflict Highlights Cloud Resilience Gaps
Cloud to ground: Iran puts foreign data centres on the front line | The Strategist
bne IntelliNews - Hacker group Handala claims cyber attack on US medical firm Stryker Corporation
Destructive Activity Targeting Stryker Highlights Emerging Supply Chain Risks - Security Boulevard
The who, what, and why of the attack that has shut down Stryker's Windows network - Ars Technica
Is cyberattack on U.S. health care firm the next phase of the Iran war? - National | Globalnews.ca
Stryker flags disruption to orders, manufacturing a day after cyberattack - CNA
Iran war will bring wave of 'low-level cyber activity,' says intelligence group | StateScoop
Europol warns of elevated terrorism threat in EU amid Iran conflict
GPS Attacks Near Iran Are Wreaking Havoc on Delivery and Mapping Apps | WIRED
Iran's Cyber-Kinetic War Doctrine Takes Shape
Iran-linked hackers target IP cameras across Israel and Gulf states for military intelligence
Russia-linked hackers appear on Iran war’s cyber front, but their impact is murky - Nextgov/FCW
Chinese Nexus Actors Shift Focus to Qatar Amid Iranian Conflict
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
Spyware suppliers exploit more zero-days than nation states | Computer Weekly
Tools and Controls
Majority of cyber insureds refuse to pay ransomware: Coalition :: Insurance Day
Revealed - what's changing about cyber claims | Insurance Business
Survey: CISOs Continue to Struggle to Strike Right Risk Balance - Security Boulevard
Microsoft warns of new signed malware which deploys remote monitoring tools as backdoors | TechRadar
Threat Actor Exploits Flaws and Uses Elastic Cloud SIEM to Manage Stol - Infosecurity Magazine
AI is getting scary good at finding hidden software bugs - even in decades-old code | ZDNET
More AI tools, more burnout! New research explains why - Help Net Security
This VPN ban is edging ever closer, and here's what it means for your privacy
Why AI Security Is Emerging as the Fourth Pillar of Cybersecurity - IT Security Guru
After the Panic, the Reality of Claude Code Security
OpenAI’s GPT-5.4 doubles down on safety as competition heats up - Help Net Security
Bug bounties are broken, and the best security pros are moving on - Help Net Security
Scientists have found a way to hide data in plain sight, and hackers can’t touch it - Digital Trends
Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
Other News
Submarine cables move to the center of critical infrastructure security debate - Help Net Security
Defence secretary John Healey is losing sleep over our uncertain world
UK Launches New Crackdown Unit to Tackle Cyber-Fraud at the Source - Infosecurity Magazine
Swiss e-vote snafu leaves 2,048 ballots unreadable • The Register
Vulnerability Management
Cloud Attackers Now Prefer Vulnerability Exploits Over Credentials - Infosecurity Magazine
Google GTIG: 90 zero-day flaws exploited in 2025 as enterprise targets grow
Spyware suppliers exploit more zero-days than nation states | Computer Weekly
CVE program funding secured, easing fears of repeat crisis | CSO Online
AI is getting scary good at finding hidden software bugs - even in decades-old code | ZDNET
Vulnerabilities
Critical Microsoft Excel bug weaponizes Copilot Agent • The Register
Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution
Microsoft Patches 83 CVEs in March Update
Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices
Fortinet, Ivanti, Intel Patch High-Severity Vulnerabilities - SecurityWeek
Splunk, Zoom Patch Severe Vulnerabilities - SecurityWeek
Chrome 146 Update Patches Two Exploited Zero-Days - SecurityWeek
Apple issues emergency fixes for Coruna flaws in older iOS versions
Apple Updates Legacy iOS Versions to Patch Coruna Exploits - SecurityWeek
FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
SAP Patches Critical FS-QUO, NetWeaver Vulnerabilities - SecurityWeek
Adobe Patches 80 Vulnerabilities Across Eight Products - SecurityWeek
Cisco Patches High-Severity IOS XR Vulnerabilities - SecurityWeek
WordPress membership plugin bug exploited to create admin accounts
Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
Critical Nginx UI flaw CVE-2026-27944 exposes server backups
HPE warns of critical AOS-CX flaw allowing admin password resets
Critical defect in Java security engine poses serious downstream security risks | CyberScoop
Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
Critical SQL Injection bug in Ally plugin threatens 400,000+ WordPress sites
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.