Black Arrow Cyber Threat Intelligence Briefing 20 February 2026
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
There is a significant new attack technique against organisations that use Microsoft 365, bypassing MFA, and Microsoft has also recently fixed a flaw in Copilot Chat that compromised confidential emails. We report on these developments for the attention of business leaders, as well as a government alert on attacks against small and medium sized businesses, and the risks posed when user access is not appropriately managed.
The North Korean military continues to pose as civilians hired by organisations, and a high number of new malware variants are being delivered over encrypted web traffic, making inspection necessary to reliably identify and block them. As in previous weeks, we include information on how attackers are using AI to develop their techniques and malware.
While cyber security risks can be manyfold, the solution is consistently clear. Business leaders should undertake an impartial assessment of their risks against their information and systems, and ensure they have appropriate controls to manage that risk. It is important to not rely on the standard offerings of control providers such as IT, which is why it is important for business leaders to be upskilled on the fundamentals of cyber risk management from impartial experts. Contact us to discuss how to achieve this in a proportionate manner.
Top Cyber Stories of the Last Week
New Phishing Campaign Tricks Employees into Bypassing Microsoft 365 MFA
A new phishing campaign is bypassing Microsoft 365 multi factor authentication by tricking employees into approving a login for a hacker’s device on a genuine Microsoft sign-in page. Emails posing as payment requests, bonus documents or voicemails prompt users to enter a ‘secure authorisation’ code, which actually grants an access token that can keep an attacker signed into services such as Outlook, Teams and OneDrive without repeated login checks. Leaders should ensure only approved applications and devices can be connected, limit unnecessary device sign-ins, and reinforce user awareness of unexpected login prompts, even on trusted domains.
Microsoft Patches Security Flaw That Exposed Confidential Emails to AI
Microsoft has fixed a flaw in Copilot Chat that allowed the AI to summarise confidential emails without proper permission, bypassing controls designed to stop sensitive company information being shared with large language models. The issue, present since late January and patched in early February, affected emails in users’ Sent Items and Drafts even when marked as confidential. The incident reflects wider concerns about AI tools handling organisational data, with Microsoft reporting that over 80% of Fortune 500 firms are deploying AI agents, but only 47% say they have the security controls needed to manage them safely.
SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks, NCSC Boss Warns
The UK NCSC chief Richard Horne has warned that small and medium sized businesses should not assume they are too small to face a cyber attack. Many attackers are not chasing big names; they look for easy opportunities where basic protections are missing, and the impact can be severe. Horne urged SMEs to adopt basic cyber controls including the secure set up of devices, controls on who can access systems, protection against malicious software, timely security updates, and firewalls. The NCSC has also highlighted rising cyber threats in its latest annual review.
https://www.infosecurity-magazine.com/news/sme-cyber-attack-threat-ncsc/
One Stolen Credential Is All It Takes to Compromise Everything
A research report on more than 750 investigations shows how a single stolen login can rapidly open the door to multiple parts of an organisation. Identity weaknesses featured in almost 90% of cases, with attacks often spanning endpoints, networks, cloud services and software as a service platforms. Cloud access is a particular concern: analysis of over 680,000 cloud identities found 99% had excessive permissions, including access unused for 60 days. Attack speed is also rising, with the fastest quarter reaching data exfiltration in 72 minutes, down from 285 minutes in 2024.
https://www.helpnetsecurity.com/2026/02/18/identity-based-cyberattacks-compromise/
Ukrainian Sentenced to 5 Years in Prison for Facilitating North Korean Remote Worker Scheme
US authorities have sentenced Ukrainian national Oleksandr Didenko to five years in prison for helping North Korean operatives secure remote IT jobs at 40 American companies. Over six years, he stole identities, created more than 2,500 fraudulent online accounts, and ran laptop farms in several US states so workers could appear to be based locally. Officials say the operatives earned hundreds of thousands of dollars, with payments helping fund North Korea’s weapons programmes.
https://cyberscoop.com/doj-ukrainian-north-korea-remote-worker-scheme-facilitator-sentenced/
1,500 Percent Increase in New, Unique Malware Highlights Growing Complexity
WatchGuard threat intelligence shows a sharp rise in malicious software, with new variants increasing each quarter in 2025 and jumping 1,548% from Q3 to Q4. Nearly a quarter of detected malware bypassed traditional signature checks, meaning it was effectively new and unknown to defenders. Most blocked malware is now delivered over encrypted (TLS) internet traffic, which can hide threats unless organisations inspect encrypted web traffic. While ransomware activity fell 68% percent year-on-year, record extortion payments suggest fewer but more costly cyber-attacks, underlining the need for layered, proactive cyber security.
A Worrying Dell Zero-Day Flaw Has Reportedly Gone Unpatched for Nearly Two Years – and Chinese Hackers Are Taking Advantage
Dell has patched a critical weakness in RecoverPoint for Virtual Machines (a Dell disaster recovery product for VMware and Hyper-V) where login details were mistakenly left in the software. Google and Mandiant report the flaw was exploited as a previously unknown issue from mid-2024 by a China-linked group, giving attackers unauthorised access and long term control at the highest system level. The group used a new Grimbolt backdoor and a stealth technique to move between systems and stay hidden.
AI Agents Abound, Unbound by Rules or Safety Disclosures
A review of 30 AI agents found rapid growth without clear, consistent safety disclosure. Of the 13 agents showing very high autonomy, only four publicly share any safety evaluation, while 25 provide no detail on safety testing and 23 offer no independent test data. Most of the AI agents reviewed do not publish their underlying code, offering limited independent visibility into how they operate. Many depend on a small number of underlying models from Anthropic, Google and OpenAI, creating complex shared responsibility. Researchers warn some agents ignore signals when sites do not permit automated access.
https://www.theregister.com/2026/02/20/ai_agents_abound_unbound_by/
‘An All-Time High’: Number of Ransomware Groups Exploded in 2025 As Victim Growth Rate Doubled – With Qilin Dominating the Landscape
Searchlight Cyber reports that ransomware reached record levels in 2025, with 7,458 organisations listed on ransomware leak sites and the victim growth rate doubling since 2024. The US was hardest hit with 1,536 disclosed victims, while the UK reported 131. Behind these figures is a fast growing criminal marketplace: 124 active groups operated in 2025, including 73 newcomers, helped by ransomware as a service, where criminals can buy ready made tools and share profits. Artificial intelligence is also being used to create more convincing scam messages that trick staff into clicking.
Ransomware Hackers Targeting Employee Monitoring Software to Access Computers
Huntress has identified two recent attempted ransomware incidents where attackers misused employee monitoring software and an IT remote support tool to gain and maintain access to corporate systems. By blending in with legitimate administrative software, the criminals made their activity harder to spot and ultimately attempted to deploy ransomware. This matters because such monitoring tools are widely used, with around a third of UK firms and roughly 60% of US firms using them, expanding organisations’ exposure. The underlying issues were weak access controls, including compromised VPN accounts.
Low-Skilled Cybercriminals Use AI to Perform "Vibe Extortion" Attacks
Even low skilled criminals are using AI writing tools to run convincing extortion campaigns, a tactic dubbed “vibe extortion”. This matters because AI can enable low skilled attackers to create attacks that sound polished and urgent. Researchers have seen attackers begin searching for newly disclosed weaknesses within 15 minutes of them being announced, and in some cases reduce work that previously took three to four weeks to under 25 minutes. Leaders should prioritise rapid patching, stronger checks for sensitive requests, and tighter control of business AI systems.
https://www.infosecurity-magazine.com/news/cybercriminals-ai-vibe-extortion/
Europe Must Adapt to ‘Permanent’ Cyber and Hybrid Threats, Sweden Warns
Sweden is warning that cyber and hybrid threats, where cyber attacks are combined with economic pressure and influence campaigns designed to erode public trust, are becoming a permanent part of Europe’s security landscape. Speaking at the Munich Cyber Security Conference, a senior Swedish defence official said organisations and governments must plan to operate through sustained disruption, not treat incidents as rare. Sweden is responding through its ‘total defence’ approach, rebuilding civil defence, strengthening national cyber security, and improving coordination through Sweden’s National Cyber Security Centre. The aim is credible deterrence through resilience, supported by closer public and private sector collaboration.
https://therecord.media/sweden-cyber-threats-europe-permanent
Governance, Risk and Compliance
SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks: NCSC Boss War - Infosecurity Magazine
UK.gov launches cyber 'lockdown' campaign as 80% of orgs hit • The Register
Attackers keep finding the same gaps in security programs - Help Net Security
Discipline is the new power move in cybersecurity leadership | CSO Online
Cyber attacks enabled by basic failings, Palo Alto analysis finds | CSO Online
With CISOs stretched thin, re-envisioning enterprise risk may be the only fix | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Why Ransomware Remains One of Cybersecurity’s Most Persistent Threats - Infosecurity Magazine
Ransomware attacks up almost 50 percent in 2025 - BetaNews
LockBit 5.0 ransomware expands its reach across Windows, Linux, and ESXi - Help Net Security
The UK’s Ransomware Strategy: What the UK Government’s Response Signals | Goodwin - JDSupra
Record Number of Ransomware Victims and Groups in 2025 - Infosecurity Magazine
Ransomware gangs are using employee monitoring software as a springboard for cyber attacks | IT Pro
Washington Hotel in Japan discloses ransomware infection incident
Polish authorities arrest alleged Phobos ransomware affiliate | CyberScoop
Negotiating with hackers: The AI in ransomware response
Ransomware Victims
Fintech firm Figure disclosed data breach after employee phishing attack
ShinyHunters allegedly drove off with 1.7M CarGurus records • The Register
Phishing & Email Based Attacks
Best-in-Class 'Starkiller' Phishing Kit Bypasses MFA
New phishing campaign tricks employees into bypassing Microsoft 365 MFA – Computerworld
Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection | CSO Online
Spam Campaign Abuses Atlassian Jira, Targets Government and Corporate Entities | Trend Micro (US)
Microsoft: Anti-phishing rules mistakenly blocked emails, Teams messages
Phishing via Google Tasks | Kaspersky official blog
Fintech firm Figure disclosed data breach after employee phishing attack
Other Social Engineering
Snail mail letters target Trezor and Ledger users in crypto-theft attacks
Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps
ClickFix added nslookup commands to its arsenal for downloading RATs - Security Boulevard
Hackers Use Fake CAPTCHA To Infect Windows PCs - gHacks Tech News
2FA/MFA
Best-in-Class 'Starkiller' Phishing Kit Bypasses MFA
Ongoing Campaign Targets Microsoft 365 to Steal OAuth Tokens and Gain Persistent Access
New phishing campaign tricks employees into bypassing Microsoft 365 MFA – Computerworld
Artificial Intelligence
Microsoft: Anti-phishing rules mistakenly blocked emails, Teams messages
Agentic AI is a priority for 87 percent of security teams - BetaNews
Why are experts sounding the alarm on AI risks? | Cybercrime News | Al Jazeera
Low-Skilled Cybercriminals Use AI to Perform “Vibe Extortion” Attacks - Infosecurity Magazine
Microsoft Patches Security Flaw That Exposed Confidential Emails to AI - Security Boulevard
AI agents abound, unbound by rules or safety disclosures • The Register
What CISOs need to know about the OpenClaw security nightmare | CSO Online
Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations
Infostealer Targets OpenClaw to Loot Victim’s Digital Life - Infosecurity Magazine
Meta and Other Tech Firms Put Restrictions on Use of OpenClaw Over Security Fears | WIRED
PromptSpy: First Android malware to use generative AI in its execution flow - Help Net Security
Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies
API Threats Grow in Scale as AI Expands the Blast Radius - SecurityWeek
Why ‘secure-by-design’ systems are non-negotiable in the AI era | CyberScoop
Over-Privileged AI Drives 4.5 Times Higher Incident Rates - Infosecurity Magazine
Scam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto
AI platforms can be abused for stealthy malware communication
Security at AI speed: The new CISO reality - Help Net Security
UK sets course for stricter AI chatbot regulation - Help Net Security
Ireland now also investigating X over Grok-made sexual images
Turning Moltbook Into a Global Botnet Map
When Cybersecurity Breaks at Scale: What 2026 Will Expose
Safe and Inclusive E‑Society: How Lithuania Is Bracing for AI‑Driven Cyber Fraud
Bots/Botnets
Cloud/SaaS
Phishing via Google Tasks | Kaspersky official blog
CTM360: Lumma Stealer and Ninja Browser malware campaign abusing Google Groups
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Snail mail letters target Trezor and Ledger users in crypto-theft attacks
What Is Cryptojacking? How to Check That Your Computer Isn't Infected
Scam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto
Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps
Crypto Payments to Human Traffickers Surges 85% - Infosecurity Magazine
Cryptojacking Campaign Exploits Driver to Boost Monero Mining - Infosecurity Magazine
Cyber Crime, Organised Crime & Criminal Actors
More Than 40% of South Africans Were Scammed in 2025
Men sentenced to 8 years in $1.3 million computer intrusion and tax fraud scheme - Help Net Security
Nigerian man gets eight years in prison for hacking tax firms
Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions
RAT disguised as an RMM costs crims $300 a month • The Register
Glendale man gets 5 years in prison for role in darknet drug ring
Nigerian man sentenced to 8 years in prison for running phony tax refund scheme | CyberScoop
On The Front Lines Of Cybercrime – Eurasia Review
Data Breaches/Leaks
French Ministry confirms data access to 1.2 Million bank accounts
'Your data is public': Hacker warns victims after leaking 6.8 billion emails online | TechRadar
Over 300 Malicious Chrome Extensions Caught Leaking or Stealing User Data - SecurityWeek
Data breach at fintech firm Figure affects nearly 1 million accounts
Betterment data breach might be worse than we thought - Security Boulevard
Millions of passwords and Social Security numbers exposed
Exposed Database Was Storing More Than 1 Billion Social Security Numbers
Hackers sell stolen Eurail traveler information on dark web
Adidas investigates third-party data breach • The Register
Fintech firm Figure disclosed data breach after employee phishing attack
Canada Goose investigating as hackers leak 600K customer records
Dutch cops arrest man after sending him confidential files • The Register
53% of Gen Z were warned by retailers that their data was compromised - Retail Gazette
Hotel hacker paid 1 cent for luxury rooms, Spanish cops say • The Register
Asahi cyberattack: leak of over 110,000 personal records confirmed - Just Food
Washington Hotel in Japan discloses ransomware infection incident
Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches
Sex toys maker Tenga says hacker stole customer information | TechCrunch
Data/Digital Sovereignty
Washington pushes back against EU’s bid for tech autonomy – POLITICO
Denial of Service/DoS/DDoS
German Rail Giant Deutsche Bahn Hit by Large-Scale DDoS Attack - SecurityWeek
Encryption
Quantum security is turning into a supply chain problem - Help Net Security
Your encrypted data is already being stolen - Help Net Security
Fraud, Scams and Financial Crime
Revealed: 95 billion scam adverts shown to Britons on social media last year | The Independent
More Than 40% of South Africans Were Scammed in 2025
Men sentenced to 8 years in $1.3 million computer intrusion and tax fraud scheme - Help Net Security
Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions
Scam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto
Keenadu backdoor found preinstalled on Android devices, powers Ad fraud campaign
Nigerian man sentenced to 8 years in prison for running phony tax refund scheme | CyberScoop
Identity and Access Management
Identity is the new cyber attack surface | UKAuthority
Survey: Most Security Incidents Involve Identity Attacks - Security Boulevard
Unit 42: Nearly two-thirds of breaches now start with identity abuse | CyberScoop
Over-Privileged AI Drives 4.5 Times Higher Incident Rates - Infosecurity Magazine
Insider Risk and Insider Threats
Infosec exec sold eight zero-day exploit kits to Russia: DoJ • The Register
Internet of Things – IoT
Poland bans Chinese cars from military bases • The Register
Connected and Compromised: When IoT Devices Turn Into Threats
Amazon Scraps Partnership With Surveillance Company After Super Bowl Ad Backlash - SecurityWeek
Apple privacy labels often don't match what Chinese smart home apps do - Help Net Security
Critical infra Honeywell CCTVs vulnerable to auth bypass flaw
Law Enforcement Action and Take Downs
Men sentenced to 8 years in $1.3 million computer intrusion and tax fraud scheme - Help Net Security
Nigerian man gets eight years in prison for hacking tax firms
Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions
Polish authorities arrest alleged Phobos ransomware affiliate | CyberScoop
Former Google Engineers Indicted Over Trade Secret Transfers to Iran
Nigerian man sentenced to 8 years in prison for running phony tax refund scheme | CyberScoop
Dutch cops arrest man after sending him confidential files • The Register
Glendale man gets 5 years in prison for role in darknet drug ring
Linux and Open Source
LockBit 5.0 ransomware expands its reach across Windows, Linux, and ESXi - Help Net Security
Everyone uses open source, but patching still moves too slowly - Help Net Security
Open source registries underfunded as security costs rise • The Register
Malvertising
Threat Actors Exploit Claude Artifacts and Google Ads to Target macOS Users
Malware
1,500 percent increase in new, unique malware highlights growing complexity - BetaNews
Threat Actors Exploit Claude Artifacts and Google Ads to Target macOS Users
Over 300 Malicious Chrome Extensions Caught Leaking or Stealing User Data - SecurityWeek
RAT disguised as an RMM costs crims $300 a month • The Register
CTM360: Lumma Stealer and Ninja Browser malware campaign abusing Google Groups
Infostealer Targets OpenClaw to Loot Victim’s Digital Life - Infosecurity Magazine
Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection | CSO Online
OysterLoader Evolves With New C2 Infrastructure and Obfuscation - Infosecurity Magazine
New 'Foxveil' Malware Loader Leverages Cloudflare, Netlify, and Discord to Evade Detection
Remcos RAT Expands Real-Time Surveillance Capabilities - Infosecurity Magazine
Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies
AI platforms can be abused for stealthy malware communication
ClickFix added nslookup commands to its arsenal for downloading RATs - Security Boulevard
Microsoft alerts on DNS-based ClickFix variant delivering malware via nslookup
Hackers Use Fake CAPTCHA To Infect Windows PCs - gHacks Tech News
New threat actor UAT-9921 deploys VoidLink against enterprise sectors
Cryptojacking Campaign Exploits Driver to Boost Monero Mining - Infosecurity Magazine
Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs
RMM Abuse Explodes as Hackers Ditch Malware
Mobile
Keenadu backdoor found preinstalled on Android devices, powers Ad fraud campaign
PromptSpy: First Android malware to use generative AI in its execution flow - Help Net Security
New Keenadu Android Malware Found on Thousands of Devices - SecurityWeek
ZeroDayRAT spyware targets Android and iOS devices via commercial toolkit | CSO Online
Apple privacy labels often don't match what Chinese smart home apps do - Help Net Security
Public mobile networks are being weaponized for combat drone operations - Help Net Security
Google blocked over 1.75 million Play Store app submissions in 2025
Models, Frameworks and Standards
UK.gov launches cyber 'lockdown' campaign as 80% of orgs hit • The Register
When DORA Goes From Afterthought to Commercial Imperative - IT Security Guru
Businesses urged to “lock the door” on cyber criminals as new government campaign launches - GOV.UK
Cyber Resilience Act: The Fine Line Between SaaS and Digital Products | DLA Piper - JDSupra
EU eyes rollback of key privacy rules, GDPR| Cybernews
Breaking down NIS2: the five main requirements of the updated NIS Directive — Financier Worldwide
How the Cybersecurity and Resilience Bill could impact MSPs | ChannelPro
Passwords to passkeys: Staying ISO 27001 compliant in a passwordless era
Bulgaria's Cybersecurity Act Amendments: Key Changes 2026
Outages
Microsoft Teams outage affects users in United States, Europe
Passwords, Credential Stuffing & Brute Force Attacks
One stolen credential is all it takes to compromise everything - Help Net Security
French Ministry confirms data access to 1.2 Million bank accounts
Millions of passwords and Social Security numbers exposed
Exploitable Flaws Found in Cloud-Based Password Managers
Vulnerabilities in Password Managers Allow Hackers to Change Passwords - Infosecurity Magazine
Password managers' promise that they can't see your vaults isn't always true - Ars Technica
Regulations, Fines and Legislation
When DORA Goes From Afterthought to Commercial Imperative - IT Security Guru
The UK’s Ransomware Strategy: What the UK Government’s Response Signals | Goodwin - JDSupra
EU eyes rollback of key privacy rules, GDPR| Cybernews
Breaking down NIS2: the five main requirements of the updated NIS Directive — Financier Worldwide
How the Cybersecurity and Resilience Bill could impact MSPs | ChannelPro
UK to force social media to remove abusive pics in 48 hours • The Register
Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches
UK sets course for stricter AI chatbot regulation - Help Net Security
Ireland now also investigating X over Grok-made sexual images
US appears open to reversing some China tech bans • The Register
US Reportedly Shelves Plan a Ban TP-Link Routers for Now | PCMag
Bulgaria's Cybersecurity Act Amendments: Key Changes 2026
CISA Navigates DHS Shutdown With Reduced Staff - SecurityWeek
Europe's social media ban wave | Cybernews
Social Media
Revealed: 95 billion scam adverts shown to Britons on social media last year | The Independent
UK to force social media to remove abusive pics in 48 hours • The Register
Europe's social media ban wave | Cybernews
Supply Chain and Third Parties
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs
The Law of Cyberwar is Pretty Discombobulated - Security Boulevard
Venezuela operation relied on little-known cyber center, official says - Breaking Defense
Nation State Actors
China
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
New threat actor UAT-9921 deploys VoidLink against enterprise sectors
If we can’t name China’s cyberattacks, we lose trust in ourselves | The Strategist
US appears open to reversing some China tech bans • The Register
US Reportedly Shelves Plan a Ban TP-Link Routers for Now | PCMag
Poland bans Chinese cars from military bases • The Register
US lawyers file privacy class action against Lenovo • The Register
FBI: Threats from Salt Typhoon are ‘still very much ongoing’ | CyberScoop
Texas sues TP-Link over China links and security vulns • The Register
China-linked crew embedded in US energy networks • The Register
Apple privacy labels often don't match what Chinese smart home apps do - Help Net Security
Russia
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs
Public mobile networks are being weaponized for combat drone operations - Help Net Security
Infosec exec sold eight zero-day exploit kits to Russia: DoJ • The Register
Poland Energy Survives Attack on Wind, Solar Infrastructure
First Starlink, Now Telegram: Russian War Bloggers Sound The Alarm
North Korea
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
Iran
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
Former Google Engineers Indicted Over Trade Secret Transfers to Iran
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Venezuela operation relied on little-known cyber center, official says - Breaking Defense
Tools and Controls
RMM Abuse Explodes as Hackers Ditch Malware
LockBit 5.0 ransomware expands its reach across Windows, Linux, and ESXi - Help Net Security
Exploitable Flaws Found in Cloud-Based Password Managers
Vulnerabilities in Password Managers Allow Hackers to Change Passwords - Infosecurity Magazine
RAT disguised as an RMM costs crims $300 a month • The Register
Identity is the new cyber attack surface | UKAuthority
Survey: Most Security Incidents Involve Identity Attacks - Security Boulevard
Unit 42: Nearly two-thirds of breaches now start with identity abuse | CyberScoop
Microsoft: Anti-phishing rules mistakenly blocked emails, Teams messages
How the rise of the AI ‘agent boss’ is reshaping accountability in IT | IT Pro
Why ‘secure-by-design’ systems are non-negotiable in the AI era | CyberScoop
Ransomware gangs are using employee monitoring software as a springboard for cyber attacks | IT Pro
With CISOs stretched thin, re-envisioning enterprise risk may be the only fix | CSO Online
Microsoft Under Pressure to Bolster Defenses for BYOVD Attacks
Security professionals struggle to spot production risks - BetaNews
Microsoft alerts on DNS-based ClickFix variant delivering malware via nslookup
New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS
Flaws in popular VSCode extensions expose developers to attacks
Cybersecurity Requires Collective Resilience
Redefining risk management | IT Pro
How Security Operations Will Fundamentally Change in 2026
Spain orders NordVPN, ProtonVPN to block LaLiga piracy sites
Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot
Other News
RMM Abuse Explodes as Hackers Ditch Malware
SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks: NCSC Boss War - Infosecurity Magazine
Attackers keep finding the same gaps in security programs - Help Net Security
Dutch defense chief: F-35s can be jailbroken like iPhones • The Register
FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025
Hotel hacker paid 1 cent for luxury rooms, Spanish cops say • The Register
Four new reasons why Windows LNK files cannot be trusted | CSO Online
Exclusive: US plans online portal to bypass content bans in Europe and elsewhere | Reuters
Vulnerability Management
Microsoft Under Pressure to Bolster Defenses for BYOVD Attacks
Everyone uses open source, but patching still moves too slowly - Help Net Security
Notepad++ boosts update security with ‘double-lock’ mechanism
Vulnerabilities
Dell's Hard-Coded Flaw: A Nation-State Goldmine
Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection | CSO Online
Vulnerabilities in Password Managers Allow Hackers to Change Passwords - Infosecurity Magazine
Exploitable Flaws Found in Cloud-Based Password Managers
One threat actor responsible for 83% of recent Ivanti RCE attacks
Critical Microsoft bug from 2024 under exploitation • The Register
Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center
PoC Released for Windows Notepad Vulnerability that Enables Malicious Command Execution
Flaws in popular VSCode extensions expose developers to attacks
Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration - SecurityWeek
Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs
Windows 11 KB5077181 Securiuty Update Causing Some Devices to Restart in an Infinite Loop
Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025 - SecurityWeek
Four new reasons why Windows LNK files cannot be trusted | CSO Online
Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot
Critical infra Honeywell CCTVs vulnerable to auth bypass flaw
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.