Black Arrow Cyber Threat Intelligence Briefing 15 May 2026

‍‍Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

‍ ‍Executive Summary

This week’s review of cyber security in the specialist and general media highlights the growing challenge of managing cyber risks due to AI alongside existing security practices. We consider the rapid emergence of agentic and AI-enabled capabilities that are expanding attack surfaces, introducing new vulnerabilities, and accelerating the scale and effectiveness of threats such as phishing and automated exploitation.

Alongside this, the human factor remains central. Social engineering and credential-based attacks continue to be primary entry points, and separately some organisations are allocating cyber risk management responsibilities to employees without training.

We include a report on cyber breaches affecting managed service providers (MSPs) and how economic pressure is influencing how organisations prioritise cyber security, even as breach rates and exposure continue to rise.

At Black Arrow, we consistently see that resilience depends on the organisation’s leadership and governance to align security across people, processes and technology. This week’s themes reinforce the need for organisations to take a balanced and pragmatic approach that evolves with both technological change and the broader threat landscape. Contact us to discuss how to achieve this.


Top Cyber Stories of the Last Week

Vibe Coding Is Causing ‘Thousands’ of Data Security Vulnerabilities

Research into AI-built web applications has raised concerns about how quickly new tools can create business risk when security is not built in from the start. RedAccess reported finding 5,000 web apps created with AI development platforms that had little or no access protection, with 40% allegedly exposing sensitive information such as personal data, financial records and business plans. Several platform providers disputed parts of the findings, saying they lacked enough detail to verify the claims, but the issue highlights the need for governance over AI-created software.

https://uk.pcmag.com/ai/164858/vibe-coding-is-causing-thousands-of-data-security-vulnerabilities-says

NCSC and International Partners Warn of Agentic AI Risks‍ ‍

The UK’s NCSC and international partners have warned that agentic AI, which can act independently across systems and data, brings new risks for organisations. While it can help automate routine tasks, it may also behave unpredictably, expose connected systems to greater risk, or create uncertainty over accountability when things go wrong. The guidance recommends starting with low-risk uses, applying strict access controls, maintaining human oversight, and monitoring activity closely. Until standards mature, organisations should plan for resilience, containment, and the ability to reverse AI-driven actions quickly.‍ ‍

https://www.ukauthority.com/articles/ncsc-and-international-partners-warns-of-agentic-ai-risks

Why Agentic AI Is Security's Next Blind Spot‍ ‍

Agentic AI is already being used in many organisations to automate tasks, access data and take actions, often without security team involvement. The main risk is not the technology itself, but a lack of understanding and control over how these tools are built, what systems they can access and what actions they can take. As teams across the organisation create their own AI agents, permissions can quickly become too broad. Careful configuration, clear ownership and early security involvement are essential to limit exposure while still enabling useful innovation.

https://thehackernews.com/2026/05/why-agentic-ai-is-securitys-next-blind.html

Over Half of MSPs Admit to Being Breached Multiple Times in Past Year

CyberSmart’s 2026 MSP Survey shows that economic pressure is pushing cyber security down the agenda for many smaller businesses, with 46% of MSP customers more focused on rising costs and inflation than cyber risks. This comes despite 75% of MSPs reporting at least one breach in the past year, including 54% breached more than once. AI-enabled threats remain MSPs’ top concern at 49%. The findings indicate that economic pressure is influencing how organisations prioritise cyber security, despite continued exposure to repeated breaches and rising threat levels.‍ ‍

https://www.itsecurityguru.org/2026/05/13/over-half-of-msps-admitted-to-being-breached-multiple-times-in-past-year/

Businesses Ask Non-Specialist Employees to Take On Cyber Security Tasks‍ ‍

Small and medium sized organisations are increasingly relying on non-specialist staff to help manage cyber security, often without clear roles or limited training. Research commissioned by Uswitch Business Broadband found 43% of UK businesses reported a cyber security breach or attack in 2025, while over a third of employees with cyber security responsibilities said this was not part of their original job description. Training gaps remain significant, with 45% receiving only basic training and 16% receiving none. Nearly two-thirds said they had felt out of their depth at least sometimes, indicating gaps in capability as cyber security responsibilities extend beyond specialist roles.

https://www.personneltoday.com/hr/businesses-ask-non-specialist-employees-to-take-on-cybersecurity-tasks/

Poor Employee Awareness and Skills Gap Drive Cyber Security Breaches

Fortinet reports that poor employee awareness remains a major factor in security incidents, cited by 56% of cyber security and IT leaders, while 54% point to a shortage of trained professionals. Familiar attack methods continue to dominate, including malware at 39%, phishing at 36% and password-related breaches at 30%. Although 73% of organisations now see cyber security as a critical priority, only 59% dedicate sufficient budget. The impact is rising, with 52% reporting average losses from cyber incidents of more than $1 million.

https://petri.com/employee-awareness-skills-gap-cybersecurity-breaches/

Increase in Email Attacks Driven by AI and Phishing-as-a-Service

Barracuda Networks reports that AI-assisted deception and ready-made phishing services are increasing both the scale and success of email attacks. Analysis of more than 3.1 billion emails in January 2026 found that one in three messages were malicious or unwanted spam, with phishing making up 48% of malicious email activity. Attackers are increasingly using links and QR codes hidden in trusted document formats, with 70% of malicious PDFs containing QR codes leading to phishing websites. Account takeover also remains a frequent risk, affecting 34% of organisations at least monthly.

https://betanews.com/article/increase-in-email-attacks-driven-by-ai-and-phishing-as-a-service/

QR Code Phishing Was ‘Fastest-Growing’ Form of Email Attacks in Q1, Reports Microsoft Threat Intelligence

Microsoft Threat Intelligence reports that email phishing remains a major threat, detecting around 8.3 billion email-based phishing attempts between January and March 2026. QR code phishing was the fastest-growing method, rising from 7.6 million attacks in January to 18.7 million in March, a 146% increase. These attacks hide harmful links inside scannable codes, often in emails or attachments, to steal login details. Attackers also used fake CAPTCHA checks and confidentiality notices to make malicious emails appear more trustworthy.

https://www.thehindu.com/sci-tech/technology/qr-code-phishing-was-fastest-growing-form-of-email-attacks-in-q1-reports-microsoft-threat-intelligence/article70950498.ece

Cyber Crime Increasingly Coming with Threats of Physical Violence‍ ‍

Cyber criminals are increasingly combining cyber attacks with threats of physical violence to pressure victims into paying. Reported cyber crime in the US reached a record 1,008,597 cases in 2025, with losses rising to $20.8 billion, while UK cyber attacks also hit new highs. Research found that in up to 40% of global ransomware cases, criminals threatened to harm staff, rising to 46% in the US. Attackers are using stolen personal details, including home addresses, to intimidate employees, with some paying others to carry out threats or attacks.

https://www.bbc.co.uk/news/articles/cr71d8vyjv0o

The Evolution of Cyber Risk: Addressing Geopolitical Threats‍ ‍

Geopolitical tensions are reshaping cyber risk, with some attacks now focused on disruption and damage rather than financial gain. IBM has previously estimated that a single data breach can cost more than $4 million, while World Economic Forum research found 65% of respondents see supply chain and third-party weaknesses as their biggest barrier to cyber resilience. As third-party involvement in breaches continues to rise, organisations need tighter control over who can access critical systems, including suppliers and partners, and must plan for incidents where attackers have no incentive to stop.

https://informationsecuritybuzz.com/cyber-risk-addressing-geopolitical-threats/

Europe Is Moving to Block Microsoft, Amazon, and Google from Handling Government Health, Financial, and Legal Data

Europe is considering new rules that could restrict US cloud providers such as Microsoft, Amazon and Google from handling sensitive public sector data, including health, financial and legal records. The proposed Tech Sovereignty Package is aimed at strengthening Europe’s control over critical digital infrastructure and encouraging greater use of European cloud and AI providers. Private companies would remain free to choose their preferred platforms, but the move signals growing concern over reliance on overseas technology suppliers for essential government services.

https://www.techspot.com/news/112362-europe-may-restrict-microsoft-amazon-google-handling-sensitive.html

Britons Build ‘Emergency Stashes’ as Fears over Cyber-Attacks and Power Cuts Grow‍ ‍

New research from Link, the UK’s ATM network, suggests more households are preparing for everyday disruption linked to cyber attacks, power cuts and payment failures. Nearly one in five Britons now keep emergency cash at home, while 47% store tinned food, 49% have battery-powered items such as torches and 37% keep power banks for mobile phones. The trend reflects growing concern that essential services, including electricity, communications and digital payments, may not always be available during a major incident.

https://www.easterneye.biz/uk-emergency-stashes-cyber-attack-fears/

AI Cyber Attack Threatens Global Financial Crisis, Warns International Monetary Fund

The IMF has warned that AI-powered cyber attacks could destabilise the global financial system by disrupting payments, weakening solvency and straining liquidity. The risk is heightened by financial firms’ reliance on shared cloud services, where one weakness can affect many organisations at once. The concern extends beyond banking, as finance, energy, telecoms and public services often depend on the same digital infrastructure. The IMF called for stronger international cooperation, better regulation and greater investment in resilience, including disaster recovery, business continuity and human oversight of AI-enabled security tools.

https://www.computerweekly.com/news/366642863/AI-cyber-attack-threatens-global-financial-crisis-warns-International-Monetary-Fund



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware: Over Half of CISOs Would Consider Paying Ransom to Hackers - Infosecurity Magazine

Reviewing the trends in ransomware attacks in 2026 | Securelist

The State of Ransomware - Q1 2026 - Check Point Research

WannaCry, the ransomware attack that changed the history of cybersecurity‍ ‍

90% of ransomware attacks target SMEs: SK shieldus - The Korea Herald

Who are ShinyHunters? The 'Pay-or-Leak' Gang that Just Left the Canvas Hacked Platform Dark | IBTimes UK

Tables Turned: Gentlemen Ransomware Group Suffers Data Leak

Ransomware and Destructive Attack Victims‍ ‍

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak

Who are ShinyHunters? The 'Pay-or-Leak' Gang that Just Left the Canvas Hacked Platform Dark | IBTimes UK

Ransomware Group Takes Credit for Trellix Hack - SecurityWeek

International cyber attack disrupts swath of universities and schools - BBC News

ShinyHunters claims nearly 9,000 schools affected by Canvas data breach | EdScoop

RansomHouse says it breached Trellix and exposes internal systems

Lapsus$ dumps Vodafone source code online after failed extortion attempt​ | Cybernews

Instructure claims hackers returned stolen Canvas data after an extortion standoff | CyberScoop

West Pharmaceutical says hackers stole data, encrypted systems

Foxconn confirms cyberattack after Nitrogen claims Apple, Nvidia data theft

Ransomware hackers claim breach at Foxconn, a major electronics manufacturer for Apple, Google, and Nvidia | TechCrunch

Phishing & Email Based Attacks‍ ‍

QR code phishing was ‘fastest-growing’ form of email attacks in Q1, reports Microsoft Threat Intelligence - The Hindu

Over 500 Organizations Hit in Years-Long Phishing Campaign - SecurityWeek

When the Breach Gets In Through the CEO's Inbox, Not the Firewall - IT Security Guru

Increase in email attacks driven by AI and phishing-as-a-service - BetaNews

Tech Can't Stop These Threats — Your People Can

Other Social Engineering

QR code phishing was ‘fastest-growing’ form of email attacks in Q1, reports Microsoft Threat Intelligence - The Hindu

When the Breach Gets In Through the CEO's Inbox, Not the Firewall - IT Security Guru

Tech Can't Stop These Threats — Your People Can

Signal adds security warnings for social engineering, phishing attacks

Plymouth radio station closes after 'ruthless' cyber attack | Plymouth Live

Artificial Intelligence ‍ ‍

NCSC and international partners warns of agentic AI risks | UKAuthority‍ ‍

AI cyber attack threatens global financial crisis, warns International Monetary Fund | Computer Weekly

Artificial Intelligence And The End Of Digital Security As We Know It

Why Agentic AI Is Security's Next Blind Spot

PYMNTS | The End of the Artisanal Hack: How AI Industrialized Cybercr…

Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits

Increase in email attacks driven by AI and phishing-as-a-service - BetaNews

Vibe Coding Is Causing ‘Thousands’ of Data Security Vulnerabilities‍ ‍

AI bots account for more than half of all web traffic, with 40% classified as malicious | Engineering and Technology Magazine

Prepare for AI-driven patch correction - NCSC | UKAuthority

ECB Urges Banks to Quickly Prepare for AI-Assisted Cyberattacks

Why Cyber Insurance Faces New AI Liability Risks

Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking - SecurityWeek

Claude Code trust prompt can trigger one-click RCE

Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI | CyberScoop‍ ‍

Critical Microsoft 365 Copilot Vulnerabilities Expose sensitive Information

AI Is Supercharging Cybercrime— And IMF Says Finance May Not Be Ready - Barclays (NYSE:BCS), CrowdStrike - Benzinga

Hackers abuse Google ads, Claude.ai chats to push Mac malware

UK schools blackmailed with sexualised AI deepfakes of pupils, experts warn | The Independent

Ollama vulnerability highlights danger of AI frameworks with unrestricted access | CSO Online

Hugging Face Packages Weaponized With a Single File Tweak

US bank reports itself after AI customer data mishap

Fighting fire with fire: Defending against Mythos-powered cyberattacks | resource | SC Media

What Security Leaders Say About the First AI-Developed Zero-Day Exploit | Security Magazine

Worries About AI’s Risks to Humanity Loom Over the Trial Pitting Musk Against OpenAI’s Leaders - SecurityWeek‍ ‍

White House considers implementing regulations on AI technology | The Jerusalem Post

Google Chrome 'silently' downloads 4GB AI model to your device without permission, report claims — researcher says practice may violate EU law, waste thousands of kilowatts of energy | Tom's Hardware

Experts say Mythos is not a threat, instead it is exposing how vulnerable enterprises already are

AI-Powered Cyberattacks Put MSSPs and SOC Teams Under Pressure | news | MSSP Alert

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

Attackers Use Fake OpenAI Model to Push Credential-Stealing Malware - Security Boulevard

Japan’s PM orders cybersecurity review to defend against Anthropic Mythos

The Mythos Moment: When Hacking Tools Move from “Functional Fixedness” to “Divergent Hacker Thinking” - Security Boulevard

Bots/Botnets ‍ ‍

AI bots account for more than half of all web traffic, with 40% classified as malicious | Engineering and Technology Magazine

NCSC warns of China-linked botnet attacks on UK targets

Careers, Roles, Skills, Working in Cyber and Information Security

The Critical Cyber Skills Every Security Team Still Needs

Computer Misuse Act reform to move forward in National Security Bill | Computer Weekly

UK moves to shield security researchers in cybercrime law overhaul | The Record from Recorded Future News

AI models are getting better at replacing cybersecurity pros on certain tasks

Cloud/SaaS

'PCPJack' cloud worm hijacks TeamPCP hacker infrastructure - iTnews

After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain ‍ ‍

Crypto gang member gets 6.5 years for role in $230 million heist

Why a 2017 Linux bug is now a major concern for the crypto industry

Cyber Crime, Organised Crime & Criminal Actors

Cyber-crime increasingly coming with threats of physical violence - BBC News

Cybersecurity is now where the real heists happen – but are companies ready? - Digital Journal

Cybercrime's Human Trafficking Problem - GovInfoSecurity

Kids as young as 8 are groomed into cybercrime through Minecraft and Roblox: Report - Dexerto

Data after the breach: Economics of the dark web | TechTarget

Police Shut Relaunched Crimenetwork Dark Web Marketplace - Infosecurity Magazine

Data Breaches/Leaks

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak

One in four organizations have exposed MySQL databases - BetaNews

US bank reports itself after AI customer data mishap

Data after the breach: Economics of the dark web | TechTarget

UK water company allowed hackers to lurk undetected for nearly two years, regulator finds | The Record from Recorded Future News

UK fines water supplier $1.3M for exposing data of 664k customers

Dutch lab failed security standards before 850K breach​ | Cybernews‍ ‍

Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft | Trend Micro (US)

Who are ShinyHunters? The 'Pay-or-Leak' Gang that Just Left the Canvas Hacked Platform Dark | IBTimes UK

Ransomware Group Takes Credit for Trellix Hack - SecurityWeek

Lapsus$ dumps Vodafone source code online after failed extortion attempt​ | Cybernews

Tables Turned: Gentlemen Ransomware Group Suffers Data Leak

Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident

Škoda Security Incident Exposes Customers Data From Online Shop

Identity security firm SailPoint discloses GitHub repository breach

GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data

West Pharmaceutical says hackers stole data, encrypted systems

Data/Digital Sovereignty

Europe is moving to block Microsoft, Amazon, and Google from handling government health, financial, and legal data | TechSpot

Vietnam to develop domestic cloud so it can ditch risky overseas operators for government workloads

Encryption ‍ ‍

New BitUnlocker Downgrade Attack on Windows 11 Allows Access to Encrypted Disks in 5 Minutes

60% of MD5 password hashes are crackable in under an hour

Instagram removed end-to-end encryption for DMs. What should users do?

Meta: Lawsuit Claiming WhatsApp Lacks End-to-End Encryption Is Falling Apart | PCMag

Your iPhone RCS chats with Android are encrypted in iOS 26.5: How to verify E2E is enabled | ZDNET

Apple, Google drag cross-platform texting into the encrypted age

Fraud, Scams and Financial Crime

Silent phone call scam in France: how AI voice theft can steal your identity

How AI job scams are destroying people’s hopes | Job hunting | The Guardian

How to detect AI in fraudulent job applicants - Raconteur

Sri Lanka makes 37 arrests as it raids another scam centre

Signal adds security warnings for social engineering, phishing attacks

Your Android phone is about to get much better at blocking scams - Digital Trends

Identity and Access Management

Why Changing Passwords Doesn’t End an Active Directory Breach

How Stealer Logs Lead to Active Directory Incidents

Insider Risk and Insider Threats

When the Breach Gets In Through the CEO's Inbox, Not the Firewall - IT Security Guru

Tech Can't Stop These Threats — Your People Can

Poor Employee Awareness and Skills Gap Drive Cybersecurity Breaches

Cybersecurity Without Awareness Is Like Driving Without Knowing The Rules

Wiping 96 US government databases after being fired may cost ex-hackers two decades in prison​ | Cybernews

Former govt contractor convicted for wiping dozens of federal databases

Insurance

Why Cyber Insurance Faces New AI Liability Risks

Cyber cover needs to get explicit as risk evolution continues unchecked

77 percent of SMEs don’t understand cyber insurance - BetaNews

Internet of Things – IoT

Police equipment can be tracked via Bluetooth. What about your phone, watch and headphones?

Hacking one shared IoT device (e-scooters, e-bikes, cars, chargers, etc.) to rule them all.

China-linked Yarbo fixes robot mower hacking flaw | Cybernews

Law Enforcement Action and Take Downs

Wiping 96 US government databases after being fired may cost ex-hackers two decades in prison​ | Cybernews

Resurrected 'Crimenetwork' Marketplace Taken Down, Administrator Arrested - SecurityWeek

Crypto gang member gets 6.5 years for role in $230 million heist

Former govt contractor convicted for wiping dozens of federal databases

Sri Lanka makes 37 arrests as it raids another scam centre

Met Police Arrest 173 In Live Facial Recognition Trial | Silicon UK

Linux and Open Source

Dirty Frag is a new Linux bug putting your system at risk - and there's no easy fix yet | ZDNET‍ ‍

Dirty Frag: Linux kernel hit by second major security flaw in two weeks | The Record from Recorded Future News‍ ‍

Dirty Frag Exploit Poised to Blow Up on Enterprise Linux Distros

Rushed Patches Follow Broken Embargo on Linux Kernel Vulnerabilities - Infosecurity Magazine

Linux is getting a security wake-up call - why it was inevitable and I'm not worried | ZDNET

Why a 2017 Linux bug is now a major concern for the crypto industry

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

Malvertising

Hackers abuse Google ads, Claude.ai chats to push Mac malware

Malware is now hiding in Google search ads — here's how to protect yourself

Malware

After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets

PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

Mistral AI and TanStack hit in supply chain attack with SLSA-attested malware - Cryptopolitan

Attackers Use Fake OpenAI Model to Push Credential-Stealing Malware - Security Boulevard

Worm rubs out competitor's malware, then takes control

TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms

Official JDownloader site served malware to Windows and Linux users between May 6 and May 7

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

Hackers abuse Google ads, Claude.ai chats to push Mac malware

Malware is now hiding in Google search ads — here's how to protect yourself

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

How Stealer Logs Lead to Active Directory Incidents‍ ‍

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

Official CheckMarx Jenkins package compromised with infostealer

Attackers exploit cPanel CVE-2026-41940 to deploy Filemanager Backdoor

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware - SecurityWeek

Misinformation, Disinformation and Propaganda

The battle for the mind: How Europe can stay safe in the cognitive threat era – European Council on Foreign Relations

Mobile ‍ ‍

Android banking Trojan TrickMo evolves using TON network for C2

Signal adds security warnings for social engineering, phishing attacks

Your Android phone is about to get much better at blocking scams - Digital Trends

Your iPhone RCS chats with Android are encrypted in iOS 26.5: How to verify E2E is enabled | ZDNET

Apple, Google drag cross-platform texting into the encrypted age

Models, Frameworks and Standards

Mapping NIS2 controls to ISO 27001 and NIST CSF for UK SMEs - Security Boulevard

Here’s how NIST is teeing up guidance for securing AI | Federal News Network

What businesses need to know about the update to Cyber Essentials | IT Pro

UK government renews calls to sign Cyber Resilience Pledge | Computer Weekly

Government steps up action to strengthen cyber defences as UK cyber industry continues to grow - GOV.UK

Online Safety Act Failing To Deliver “step Change” For Children

Passwords, Credential Stuffing & Brute Force Attacks

Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft | Trend Micro (US)

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

Why Changing Passwords Doesn’t End an Active Directory Breach

60% of MD5 password hashes are crackable in under an hour

Regulations, Fines and Legislation

Computer Misuse Act reform to move forward in National Security Bill | Computer Weekly

UK moves to shield security researchers in cybercrime law overhaul | The Record from Recorded Future News

2026 Kings Speech - New UK Cyber Security Laws and Broadband Rights for Leaseholders - ISPreview UK

US bank reports itself after AI customer data mishap

UK fines water supplier $1.3M for exposing data of 664k customers

ECB Urges Banks to Quickly Prepare for AI-Assisted Cyberattacks

Online Safety Act Failing To Deliver “step Change” For Children

White House considers implementing regulations on AI technology | The Jerusalem Post

Consultation: Proposals to update our General Statement of Policy under section 105Y of the Communications Act 2003

US govt seeks Instructure testimony on massive Canvas cyberattack

Social Media

Instagram removed end-to-end encryption for DMs. What should users do?

Supply Chain and Third Parties

Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft | Trend Micro (US)

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack | CyberScoop

The Cybersecurity Gap No One Owns: You’re Securing The Wrong Perimeter

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

Foxconn confirms cyberattack after Nitrogen claims Apple, Nvidia data theft

Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident

GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Understanding the Cyber Security Fallout of Geopolitical Tensions

The Evolution Of Cyber Risk: Addressing Geopolitical Threats

Cyberattacks on Poland's Water Plants: A Blueprint for Hybrid Warfare - Security Affairs

Feds urge greater protection of critical infrastructure from Chinese hacks

Britons Build Emergency Stashes Amid Cyber Attack Fears | EasternEye

“Cyberwar is already in Poland,” Polish deputy prime minister says

The battle for the mind: How Europe can stay safe in the cognitive threat era – European Council on Foreign Relations

AI, Cyberwarfare, and Autonomous Weapons: Inside America’s New Military Strategy

Fresh Handala shenanigans prove Iranian hackers don’t care about any ceasefires​ | Cybernews

Cyber Espionage Group Targets Aviation Firms to Steal Map Data

Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia | Trend Micro (US)

Russian Attacks on Polish Water Utilities Use Fear as Weapon

Seedworm: Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign | SECURITY.COM

Nation State Actors

Understanding the Cyber Security Fallout of Geopolitical Tensions

The Evolution Of Cyber Risk: Addressing Geopolitical Threats

State-sponsored actors, better known as the friends you don’t want

Britons Build Emergency Stashes Amid Cyber Attack Fears | EasternEye

State-backed hackers hammer Palo Alto firewall zero-day before patch lands

China

NCSC warns of China-linked botnet attacks on UK targets

Feds urge greater protection of critical infrastructure from Chinese hacks

Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia | Trend Micro (US)

1 Campaign, 2 Targets: China’s Cyber Operations Hit Asian Governments and Dissidents Abroad – The Diplomat

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

Russia

Poland says hackers breached water treatment plants, and the US is facing the same threat | TechCrunch

Cyberattacks on Poland's Water Plants: A Blueprint for Hybrid Warfare - Security Affairs

“Cyberwar is already in Poland,” Polish deputy prime minister says

Russian Attacks on Polish Water Utilities Use Fear as Weapon

Inside Department 4: Russia's secret school for hackers

“Russia is already testing NATO”

Iran

Fresh Handala shenanigans prove Iranian hackers don’t care about any ceasefires​ | Cybernews

Seedworm: Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign | SECURITY.COM

Iran's cyberwar reaches the families of American troops - Asia Times

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Understanding the Cyber Security Fallout of Geopolitical Tensions

The Evolution Of Cyber Risk: Addressing Geopolitical Threats

Google and Amnesty International teamed up to make it harder for spyware vendors to hide | CyberScoop


Tools and Controls‍ ‍

Vibe Coding Is Causing ‘Thousands’ of Data Security Vulnerabilities

Prepare for AI-driven patch correction - NCSC | UKAuthority

CISOs: Align cyber risk communication with boardroom psychology | CSO Online

How Stealer Logs Lead to Active Directory Incidents

Why Cyber Insurance Faces New AI Liability Risks

Cyber cover needs to get explicit as risk evolution continues unchecked

Poor Employee Awareness and Skills Gap Drive Cybersecurity Breaches

Cybersecurity Without Awareness Is Like Driving Without Knowing The Rules

Ollama vulnerability highlights danger of AI frameworks with unrestricted access | CSO Online

Fighting fire with fire: Defending against Mythos-powered cyberattacks | resource | SC Media

The Mythos Moment: When Hacking Tools Move from “Functional Fixedness” to “Divergent Hacker Thinking” - Security Boulevard

Why cyber resilience isn’t just a defence mechanism: How to create a secure foundation for innovation, too | IT Pro

Legacy Security Tools Are Failing Data Protection - Infosecurity Magazine

One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk

The patching treadmill: Why traditional application security is no longer enough | ZDNET

Day Zero Readiness: The Operational Gaps That Break Incident Response

Traditional MDR Is Reaching Its Limit | news | MSSP Alert

Experts say Mythos is not a threat, instead it is exposing how vulnerable enterprises already are

Japan’s PM orders cybersecurity review to defend against Anthropic Mythos

The Browser Is Breaking Your DLP: How Data Slips Past Modern Controls

Is the SOC Obsolete, and We Just Haven’t Admitted It Yet? - SecurityWeek

Daybreak is OpenAI's answer to the AI arms race in cybersecurity | CyberScoop

Your Android phone is about to get much better at blocking scams - Digital Trends

EU says OpenAI offers to open access to cybersecurity model, Anthropic not there yet - CNA

Anthropic’s bug-hunting Mythos was greatest marketing stunt ever, says cURL creator

CISO's guide: How to test an incident response plan | TechTarget

94 percent of cyberattacks use VPNs or residential proxies - BetaNews



Vulnerability Management ‍

Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits

Prepare for AI-driven patch correction - NCSC | UKAuthority

Ollama vulnerability highlights danger of AI frameworks with unrestricted access | CSO Online

Experts say Mythos is not a threat, instead it is exposing how vulnerable enterprises already are

The patching treadmill: Why traditional application security is no longer enough | ZDNET

What Security Leaders Say About the First AI-Developed Zero-Day Exploit | Security Magazine

Daybreak is OpenAI's answer to the AI arms race in cybersecurity | CyberScoop

Closed briefing sets stage for House hearing on Anthropic’s Mythos and cyber risks | CyberScoop

Linux is getting a security wake-up call - why it was inevitable and I'm not worried | ZDNET

Vulnerabilities

Microsoft Patch Tuesday May 2026 - 120 Vulnerabilities Fixed, Including 29 Critical RCE Flaws

Microsoft Teams Vulnerability Allows Hackers to Perform Spoofing Attacks

New BitUnlocker Downgrade Attack on Windows 11 Allows Access to Encrypted Disks in 5 Minutes

Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises - SecurityWeek

Microsoft fixes Windows Autopatch bug installing restricted drivers

Windows BitLocker zero-day gives access to protected drives, PoC released

A security researcher says Microsoft secretly built a backdoor into BitLocker, releases an exploit to prove it | TechSpot

Critical Microsoft 365 Copilot Vulnerabilities Expose sensitive Information

Critical Palo Alto Networks software bug hits exposed firewalls | CSO Online

State-backed hackers hammer Palo Alto firewall zero-day before patch lands

Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 - SecurityWeek

F5 Patches Over 50 Vulnerabilities - SecurityWeek

F5 patches 18-year-old AI-found 'Rift' vulnerability in NGINX web server - iTnews

SAP Patches Critical S/4HANA, Commerce Vulnerabilities - SecurityWeek

Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator

Dirty Frag is a new Linux bug putting your system at risk - and there's no easy fix yet | ZDNET

Dirty Frag: Linux kernel hit by second major security flaw in two weeks | The Record from Recorded Future News

New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials

'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit

Another major Linux security issue uncovered - new Fragnesia flaw allows attackers to run malicious code as root | TechRadar

Adobe Patches 52 Vulnerabilities in 10 Products - SecurityWeek

Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI | CyberScoop

Apple Patches Dozens of Vulnerabilities in macOS, iOS - SecurityWeek

Apple Alerted to macOS Security Vulnerability Uncovered With AI Tool - MacRumors

Broadcom releases VMware Fusion security update for root access bug

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

New critical Exim mailer flaw allows remote code execution

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

18-year-old NGINX vulnerability allows DoS, potential RCE

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

Quest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations

Avada Builder Flaws Expose One Million WordPress Sites - Infosecurity Magazine

Over a million WordPress sites hit in plugin flaw — so patch now or face the consequences | TechRadar

Bug hunter tracks down three serious MCP database flaws, one left unpatched


Sector Specific ‍

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

‍·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping ‍

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation ‍

·       Web3

‍ ‍

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE. ‍

Previous
Previous

Black Arrow Cyber Threat Intelligence Briefing 22 May 2026

Next
Next

Black Arrow Cyber Threat Intelligence Briefing 08 May 2026