Black Arrow Cyber Threat Intelligence Briefing 20 March 2026
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
The Iran war is affecting organisations across the world, with a 245% rise in cyber attacks shortly after it started, particularly against financial services, e‑commerce and gaming sectors. Separately, a healthcare technology firm confirmed it had been attacked by Iranian‑linked hacktivists who wiped tens of thousands of devices.
In other news from our review of specialist and general media, we highlight the need for businesses to manage the risks associated with AI, either due to autonomous AI agents taking harmful actions or the use of AI by attackers.
We also share details of new and developing attacker tactics including multi-layered weblinks, zero-day firewall vulnerabilities, malicious Chrome extensions, fake VPNs and deactivating victims’ security controls. These tactics are not only used against your organisation but also against your suppliers and clients, which is why we include a reminder of the need to understand the security posture of third parties that you work with and to identify whether your need to include additional security in the way you work with them.
Current geopolitical tensions, whether in the Middle East or Europe, are further reasons for business leaders to take a structured approach to identifying cyber risks and the pragmatic controls to address them as part of a strategy across people, operations and technology. Contact us to discuss how to do this in your organisation.
Top Cyber Stories of the Last Week
Cyberattacks Spike 245% in the Two Weeks After the Start of War with Iran
Security researchers have reported a 245% rise in cyber-attacks in the two weeks after the conflict with Iran began on 28 February 2026, with banks, online retailers and gaming firms making up 80% of observed targets. Financial services and e-commerce accounted for more than half. Attackers are increasingly using legitimate administrative tools and stolen login details, making malicious activity harder to spot and allowing them to disrupt services or erase data at scale. The trend highlights how geopolitical conflict can quickly raise cyber security risks for private sector organisations well beyond the immediate region.
Attack on Stryker’s Microsoft Environment Wiped Employee Devices Without Malware
Medical technology firm Stryker has confirmed a major cyber-attack that disrupted its internal Microsoft systems and remotely wiped around 80,000 employee devices, leaving some ordering systems offline and forcing manual workarounds. The attackers also claimed to have stolen about 50 terabytes of company data and caused disruption across 79 countries. Stryker said the incident was contained within its corporate IT environment and did not affect its medical products or connected devices, which remain safe to use. The case highlights how compromised admin accounts can cause serious operational disruption without malicious software being installed.
Researchers Ask AI Agents to Create LinkedIn Posts. They Publish Passwords Instead
Tests by AI security researchers found that autonomous AI agents can take harmful actions even during routine business tasks. In one exercise, AI agents that were asked to draft LinkedIn posts exposed passwords publicly, while others bypassed security controls, ignored anti-virus protections and accessed restricted data by creating fake credentials. Separate studies found agents could leak confidential information, damage databases and influence other agents to break rules. The findings suggest that giving AI systems broad access, persistence and freedom to act can create serious cyber security, legal and governance risks for organisations.
https://cybernews.com/security/rogue-ai-agents-aggressive-passwords/
AI Finally Delivers Those Elusive Productivity Gains… for Cybercriminals
Interpol reports that artificial intelligence is making online fraud far more effective and around 4.5 times more profitable for criminals. Tools that refine language, mimic voices and create fake identities are helping scams appear more convincing at very low cost. The agency also warns that AI is driving a rise in blackmail using fabricated images, while large scale scam centres are expanding beyond South East Asia into Africa, Europe and the Americas. Global losses from financial fraud reached an estimated $442 billion in 2025, underlining the growing business risk and need for stronger public and private sector cooperation.
https://www.theregister.com/2026/03/16/interpol_ai_fraud/
Phishers Weaponise Safe Links with Multi-Layered URL Rewriting to Evade Detection
Criminal groups are increasingly abusing trusted email security tools to make phishing messages look legitimate and bypass automated checks. Researchers saw a marked rise in this tactic between late 2025 and January 2026, with attacks targeting Microsoft 365 users through multiple layers of trusted vendor links before reaching fake sign in pages. In some cases, links exceeded 1,200 characters and passed through five separate security services. The aim is to steal login details and access tokens, which can then be used to take over accounts, steal sensitive data, send internal phishing emails and, in serious cases, deploy ransomware.
https://cybersecuritynews.com/phishers-weaponize-safe-links-with-multi-layered-url/
Ransomware Gang Exploits Cisco Flaw in Zero-Day Attacks Since January
Cisco has warned that a ransomware group has been exploiting a previously unknown flaw in its firewall management software since late January, giving attackers more than a month to target organisations before a fix was released on 4 March. According to Amazon’s threat intelligence team, the group had a 36-day window to abuse the weakness in internet-facing systems. The case underlines the speed at which cyber criminals can weaponise newly discovered software flaws and the importance of rapid patching, strong monitoring and resilient incident response plans.
Your Favourite Image-Saving Chrome Extension Was Scraping Your Data for Cash
Google has removed the "Save image as Type" Chrome extension after identifying malicious behaviour, affecting at least one million users. The tool, which let people save website images in formats such as PNG or JPG, was found to be quietly redirecting users when making online purchases through its own affiliate links across at least 578 websites. In practice, this meant user activity was being monitored and monetised without clear consent. Reports suggest the extension changed ownership in late 2025, with the questionable activity continuing on Chrome until March 2026. The case is a reminder that even widely used browser add-ons can create hidden cyber security and privacy risks.
https://9to5google.com/2026/03/16/image-saving-chrome-extension-removed-as-malware/
Credential-Stealing Crew Spoofs VPN Clients From Cisco, Fortinet, and Others
Microsoft has uncovered a criminal group using fake virtual private network, or VPN, software from major suppliers including Cisco, Fortinet, Ivanti and Check Point to steal employee usernames and passwords. Since mid-January, the group has manipulated search results so bogus download pages appear above genuine ones, then directed victims to counterfeit installers hosted on GitHub. After capturing login details, the software shows a fake error and points uses to the real supplier site, making the attack hard to spot. The case underlines the need for controls including multi-factor authentication.
https://www.theregister.com/2026/03/13/vpn_clients_spoofed/
EDR Killers Are Now Standard Equipment in Ransomware Attacks
Ransomware gangs now routinely use tools that disable endpoint security (EDR) software before locking files, giving attackers a short but reliable window to cause disruption. Researchers found nearly 90 such tools in active use, showing how common this tactic has become. Many rely on weaknesses in legitimate software drivers, while others use standard administrator tools or interfere with security systems more directly. The trend is being widened by criminal affiliate networks and may be accelerated by AI assisted coding, making ransomware attacks harder to predict and defend against.
https://www.helpnetsecurity.com/2026/03/19/edr-killer-ransomware-attacks/
Your Employees’ Tech Frustration is a Gift to Cybercriminals
Poor workplace technology is more than a productivity issue. It is a growing cyber security risk. Research found 89% of IT professionals believe improving employees’ day to day digital experience strengthens security, while 27% of office workers use unapproved personal devices or apps when official tools are too difficult to use. Nearly half say they are left to teach themselves new systems. For senior leaders, the message is clear: simpler systems, better training and more automated routine IT tasks can reduce frustration, cut risky workarounds and make it harder for attackers to gain access.
https://www.techradar.com/pro/your-employees-tech-frustration-is-a-gift-to-cybercriminals
Third-Party Risk Management Must Now Confront AI, Cyber Security, and Technology Risk Head-On
Third-party risk management needs to cover more than compliance and financial checks. Many suppliers have access to sensitive data, core systems and critical business services, which means any weaknesses in their security, use of artificial intelligence, or wider technology can directly disrupt operations or expose other organisations to data loss, fraud and legal risk. Effective oversight should focus on the highest risk suppliers, strengthen contract terms, and include ongoing monitoring so businesses can spot problems early and reduce dependence on a small number of critical providers.
https://www.jdsupra.com/legalnews/third-party-risk-management-must-now-9969518/
North Korea’s 100,000-Strong Fake IT Worker Army Rake In $500M a Year for Kim Jong Un
North Korea is using a vast network of fake IT workers to secure remote technology jobs at companies around the world, generating an estimated $500 million a year for the regime. Researchers believe the operation involves more than 100,000 people across 40 countries, supported by recruiters, facilitators and Western accomplices who help provide false identities. Beyond the financial gain, the wider risk is that these workers can gain trusted access to company systems and sensitive information, making recruitment checks, interview scrutiny and identity verification an increasingly important part of cyber security.
https://www.theregister.com/2026/03/18/researchers_lift_the_lid_on/
Why Cyber Attacks on Critical National Infrastructure Are Such a Huge Threat
Critical national infrastructure is facing growing cyber security pressure as attackers target essential services such as energy, transport, healthcare, telecommunications and water. The aim is often not the direct target itself, but the wider disruption caused to daily life, public confidence and business operations. In the UK, 95% of critical national infrastructure organisations reported a cyber-attack in 2024. The risk is heightened by connected systems, complex supply chains and mixed public and private ownership, making stronger collaboration, clearer risk oversight and security built into infrastructure from the outset increasingly important.
Governance, Risk and Compliance
UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs - Infosecurity Magazine
Why cyber attacks on critical national infrastructure are such a huge threat | IT Pro
How Cyber Risk Management Builds Resilience | Kovrr - Security Boulevard
Did cybersecurity recently have its Gatling gun moment? | CSO Online
When Liability Turns the CISO Into the Fall Guy
Clear Communication: The Missing Link in Cybersecurity Success
Cyber exposures: third-party risk in a hyperconnected world — Financier Worldwide
Threats
Ransomware, Extortion and Destructive Attacks
Attack on Stryker ’s Microsoft environment wiped employee devices without malware
Ransomware gang exploits Cisco flaw in zero-day attacks since January
Cisco’s latest vulnerability spree has a more troubling pattern underneath | CyberScoop
EDR killers are now standard equipment in ransomware attacks - Help Net Security
AI-generated Slopoly malware used in Interlock ransomware attack
The ransomware economy is shifting toward straight-up data extortion | CyberScoop
Ransomware Tactics, Techniques, and Procedures in a Shifting Threat Landscape | Google Cloud Blog
Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack | Trend Micro (US)
LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
The UK's plans to tackle ransomware
Ransomware and Destructive Attack Victims
England Hockey investigating ransomware data breach
Payload Ransomware claims the hack of Royal Bahrain Hospital
Phishing & Email Based Attacks
Security Firm Executive Targeted in Sophisticated Phishing Attack - SecurityWeek
Phishers Weaponize Safe Links With Multi-Layered URL Rewriting to Evade Detection
Fake invoices appear as calendar events | Cybernews
Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload
Robotics surgical biz Intuitive discloses phishing attack • The Register
Other Social Engineering
Elite members of North Korean society fake their way into Western paychecks - Help Net Security
North Korean's 100k fake IT workers net $500M a year for Kim • The Register
Fake invoices appear as calendar events | Cybernews
LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
Help on the line: How a Microsoft Teams support call led to compromise | Microsoft Security Blog
I stopped using security questions when I found how easy they are to hack
AML/CFT/Money Laundering/Terrorist Financing/Sanctions
EU freezes Chinese, Iranian firms over major cyberattacks | Cybernews
Artificial Intelligence
The AI literacy gap liability - Emerging Europe
Did cybersecurity recently have its Gatling gun moment? | CSO Online
Rogue AI agents can work together to hack systems • The Register
Rogue AI agents bypass antivirus, publish passwords | Cybernews
Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive Breaches - SecurityWeek
AI-generated Slopoly malware used in Interlock ransomware attack
AI-driven fraud far more profitable, Interpol warns • The Register
OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration
AI coding agents keep repeating decade-old security mistakes - Help Net Security
Shadow AI is everywhere. Here’s how to find and secure it.
Odido routers forwarded customers' personal data to American AI company for years | NL Times
Critical Langflow Vulnerability Exploited Hours After Public Disclosure - SecurityWeek
DOD says Anthropic’s ‘red lines’ make it an ‘unacceptable risk to national security’ | TechCrunch
Bots/Botnets
174 Vulnerabilities Targeted by RondoDox Botnet - SecurityWeek
Criminals hijack thousands of devices to create never-before-seen cyber weapon | The Independent
Law enforcement shuts down botnet made of tens of thousands of hacked routers | TechCrunch
Cyber criminals too are working from home… your home – Computerworld
Careers, Roles, Skills, Working in Cyber and Information Security
When Liability Turns the CISO Into the Fall Guy
Cloud/SaaS
Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive Breaches - SecurityWeek
Most Google Cloud Attacks Start With Bug Exploitation
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto Scam "ShieldGuard" Dismantled After Malware Discovery - Infosecurity Magazine
C2 Implant 'SnappyClient' Targets Crypto Wallets
Cyber Crime, Organised Crime & Criminal Actors
Cyber criminals too are working from home… your home – Computerworld
Home Office and NCA to lead new national Online Crime Centre – PublicTechnology
Cybercriminals scale up, government sector hit hardest - Help Net Security
Data Breaches/Leaks
Millions of UK businesses exposed by Companies House security flaw | The Independent
Threat Actor Targeting VPN Users in New Credential Theft Campaign - SecurityWeek
What the Recent PayPal Breach Says About Modern Web Risk - Security Boulevard
Telus Digital confirms breach after hacker claims 1 petabyte data theft
Starbucks discloses data breach affecting hundreds of employees
What Proton’s Data Breach Observatory reveals in 2026 | Proton
Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact - SecurityWeek
Robotics surgical biz Intuitive discloses phishing attack • The Register
Police Scotland Fined After Sharing Victim’s Phone Data - Infosecurity Magazine
Canadian retail giant Loblaw notifies customers of data breach
Starbucks data breach impacts 889 employees
Aura confirms data breach exposing 900,000 marketing contacts
Denial of Service/DoS/DDoS
Why Most DDoS Protection Fails: Solving for Continuity and Resilience - Security Boulevard
What Are Your DDoS Testing Options in 2026? - Security Boulevard
Encryption
Why Post-Quantum Cryptography Can't Wait
Fraud, Scams and Financial Crime
Crypto Scam "ShieldGuard" Dismantled After Malware Discovery - Infosecurity Magazine
C2 Implant 'SnappyClient' Targets Crypto Wallets
AI-driven fraud far more profitable, Interpol warns • The Register
Fake scandal clips on Facebook bait victims into investment scams - Help Net Security
Global fraud losses climb to $442 billion - Help Net Security
Home Office and NCA to lead new national Online Crime Centre – PublicTechnology
€1 million online fraud scheme uncovered, three suspects arrested - Help Net Security
Going the Extra Mile: Travel Rewards Turn into Underground Currency.
The Refund Fraud Economy: Exploiting Major Retailers and Payment Platforms
Google, Amazon, Microsoft and others sign accord to stop scammers
Insider Risk and Insider Threats
When Cyberwar Hits the Corporate Home Front | Ropes & Gray LLP - JDSupra
War, AI, and the human factor | Ctech
Your Employees’ Tech Frustration is a Gift to Cybercriminals | TechRadar
Rising cyber threats bring the human factor back center stage | Ctech
Elite members of North Korean society fake their way into Western paychecks - Help Net Security
North Korean's 100k fake IT workers net $500M a year for Kim • The Register
Insurance
Gallagher Re urges more efficient cyber coverage :: Insurance Day
Emerging cyber risks challenge brokers | Insurance Business
Internet of Things – IoT
Every New Connected Feature Expands Vehicle Cybersecurity Risk, Says Deloitte | Autocar Professional
Security issues found in 79% of dash cams we tested - Which?
Law Enforcement Action and Take Downs
Law enforcement shuts down botnet made of tens of thousands of hacked routers | TechCrunch
US and European authorities disrupt socksEscort proxy service tied to AVrecon botnet
Home Office and NCA to lead new national Online Crime Centre – PublicTechnology
€1 million online fraud scheme uncovered, three suspects arrested - Help Net Security
FBI seeks victims of Steam games used to spread malware
British man charged in Dubai for alleged filming of Iranian missiles - BBC News
Linux and Open Source
Big tech companies step in to support the open source security ecosystem - Help Net Security
Unprivileged users could exploit AppArmor bugs to gain root access
Malvertising
Fake scandal clips on Facebook bait victims into investment scams - Help Net Security
Malware
Your favorite image-saving Chrome extension was scraping data
Crypto Scam "ShieldGuard" Dismantled After Malware Discovery - Infosecurity Magazine
C2 Implant 'SnappyClient' Targets Crypto Wallets
Criminals hijack thousands of devices to create never-before-seen cyber weapon | The Independent
AI-generated Slopoly malware used in Interlock ransomware attack
Sophisticated Surveillance RAT Marketed for Global Buyers
Self-replicating malware spreads on GitHub, npm, Open VSX | Cybernews
Adaptability, Not Novelty: The Next Evolution of Malware - Security Boulevard
FBI seeks victims of Steam games used to spread malware
Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays
Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware
Vidar Stealer 2.0 Exploits Fake Game Cheats on GitHub, Reddit - Infosecurity Magazine
Misinformation, Disinformation and Propaganda
Russia’s crackdown on VPNs reaches new heights as internet restrictions intensify | TechRadar
Information Warfare: Ukrainian CyberWar Deceptions
Mobile
Attack on Stryker ’s Microsoft environment wiped employee devices without malware
New iOS Exploit With Advanced iPhone Hacking Tools Attacking Users to Steal Personal Data
Second iOS exploit kit now in use by suspected Russian hackers | CyberScoop
DarkSword: iPhone Exploit Kit Serves Spies & Thieves Alike
Snoops plant info-stealing malware on iPhones, Google warns • The Register
875 Million Android Phones At Risk From 60 Second Hack
Apple WebKit Vulnerability Enables Malicious Web Content Bypass on iOS and macOS
MediaTek security flaw may have affected more Android phones than initially reported
LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
Android vs iOS security: Which operating system is safer? | Proton
Models, Frameworks and Standards
ISO 27000 standards for security and compliance | Proton
Outages
Microsoft Exchange Online outage blocks access to mailboxes
Passwords, Credential Stuffing & Brute Force Attacks
Threat Actor Targeting VPN Users in New Credential Theft Campaign - SecurityWeek
Credential-stealing crew spoofs Ivanti, Fortinet, Cisco VPNs • The Register
Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays
I stopped using security questions when I found how easy they are to hack
Regulations, Fines and Legislation
EU freezes Chinese, Iranian firms over major cyberattacks | Cybernews
UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs - Infosecurity Magazine
EU Parliament backs extension of CSAM detection rules until 2027 - Help Net Security
UK Cyber Security and Resilience Bill: key considerations for technology businesses
The UK's plans to tackle ransomware
Commercial Spyware Opponents Fear US Policy Shifting
Social media giants urged to protect children, UK rejects under-16 ban
Social Media
Fake scandal clips on Facebook bait victims into investment scams - Help Net Security
EU Parliament backs extension of CSAM detection rules until 2027 - Help Net Security
Russia’s crackdown on VPNs reaches new heights as internet restrictions intensify | TechRadar
Social media giants urged to protect children, UK rejects under-16 ban
Software Supply Chain
Self-replicating malware spreads on GitHub, npm, Open VSX | Cybernews
Supply Chain and Third Parties
Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact - SecurityWeek
Cyber exposures: third-party risk in a hyperconnected world — Financier Worldwide
The Growing Cyber Risk to Supply Chains by Marko Kovacevic & Sasha Pailet Koff - Project Syndicate
UK Cyber Security and Resilience Bill: key considerations for technology businesses
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
When Cyberwar Hits the Corporate Home Front | Ropes & Gray LLP - JDSupra
War, AI, and the human factor | Ctech
DarkSword: iPhone Exploit Kit Serves Spies & Thieves Alike
Snoops plant info-stealing malware on iPhones, Google warns • The Register
Why cyber attacks on critical national infrastructure are such a huge threat | IT Pro
'Digital fog of war' around Iranian cyberattacks | DefenceTalk
Stryker hack could set stage for more pro-Iran cyber sabotage - Nextgov/FCW
Suspicions grow that China is exploiting FOI laws to gather UK security data
Cyberattacks Spike 245% in the Two Weeks After the Start of War With Iran - Security Boulevard
Surge in Nation State Attacks on UK Firms Amid Cyber Warfare Fears - Infosecurity Magazine
Russia establishes Vienna as key western spy hub targeting NATO
The Growing Cyber Risk to Supply Chains by Marko Kovacevic & Sasha Pailet Koff - Project Syndicate
Attack on Stryker ’s Microsoft environment wiped employee devices without malware
Hybrid attack on Ireland's critical infrastructure 'could cause social collapse within 48 hours'
Information Warfare: Ukrainian CyberWar Deceptions
Tracking the Iran War: A Month of Escalation and Regional Impact
Autonomous Agents and the Future of Cyber Competition
SideWinder Espionage Campaign Expands Across Southeast Asia
Nation State Actors
Why cyber attacks on critical national infrastructure are such a huge threat | IT Pro
China
Suspicions grow that China is exploiting FOI laws to gather UK security data
EU freezes Chinese, Iranian firms over major cyberattacks | Cybernews
Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware
Russia
New iOS Exploit With Advanced iPhone Hacking Tools Attacking Users to Steal Personal Data
Second iOS exploit kit now in use by suspected Russian hackers | CyberScoop
DarkSword: iPhone Exploit Kit Serves Spies & Thieves Alike
Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks - SecurityWeek
Cisco’s latest vulnerability spree has a more troubling pattern underneath | CyberScoop
NCSC warns of ongoing Russian-aligned hacktivist cyber threats | UKAuthority
Russia establishes Vienna as key western spy hub targeting NATO
Russia-linked APT uses DRILLAPP backdoor to spy on Ukrainian targets
Information Warfare: Ukrainian CyberWar Deceptions
Russia’s crackdown on VPNs reaches new heights as internet restrictions intensify | TechRadar
Cyberattack disrupts parking payments in Russian city | The Record from Recorded Future News
North Korea
Elite members of North Korean society fake their way into Western paychecks - Help Net Security
North Korean's 100k fake IT workers net $500M a year for Kim • The Register
Iran
Stryker hack could set stage for more pro-Iran cyber sabotage - Nextgov/FCW
Cyberattacks Spike 245% in the Two Weeks After the Start of War With Iran - Security Boulevard
Surge in Nation State Attacks on UK Firms Amid Cyber Warfare Fears - Infosecurity Magazine
Iran conflict prompts US tech companies to reassess cyber vulnerabilities
'Digital fog of war' around Iranian cyberattacks | DefenceTalk
Attack on Stryker ’s Microsoft environment wiped employee devices without malware
EU freezes Chinese, Iranian firms over major cyberattacks | Cybernews
Tracking the Iran War: A Month of Escalation and Regional Impact
Iranian cyber attacks at full force even as Tehran imposes internet blackout | The National
Are Microsoft systems exposed? US flags risks after Stryker breach
Poland says foiled cyberattack on nuclear centre may have come from Iran | Reuters
Hybrid attack on Ireland's critical infrastructure 'could cause social collapse within 48 hours'
Risky Business? Why US and Israel Are Targeting Iran’s Banks | Geopolitical Monitor
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Surge in Nation State Attacks on UK Firms Amid Cyber Warfare Fears - Infosecurity Magazine
Tools and Controls
EDR killers are now standard equipment in ransomware attacks - Help Net Security
How Cyber Risk Management Builds Resilience | Kovrr - Security Boulevard
Cyber exposures: third-party risk in a hyperconnected world — Financier Worldwide
Threat Actor Targeting VPN Users in New Credential Theft Campaign - SecurityWeek
Credential-stealing crew spoofs Ivanti, Fortinet, Cisco VPNs • The Register
Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload
Your APIs are under siege, and attackers are just getting warmed up - Help Net Security
UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs - Infosecurity Magazine
US charges another ransomware negotiator linked to BlackCat attacks
Emerging cyber risks challenge brokers | Insurance Business
How CISOs can build a truly unified and resilient security platform | Computer Weekly
Calculating the ROI of AI in cybersecurity | TechTarget
Russia’s crackdown on VPNs reaches new heights as internet restrictions intensify | TechRadar
Certificate lifespans are shrinking and most organizations aren't ready - Help Net Security
Bank built its own AI threat hunter because vendors can’t • The Register
UK Cyber Monitoring Centre Sets Its Sights on US Expansion - Infosecurity Magazine
Switzerland built an alternative to BGP. Nobody noticed • The Register
Reports Published in the Last Week
Other News
Cyberattackers Don't Care About Good Causes
The Data Gap: Why Nonprofit Cyber Incidents Go Underreported
Hybrid attack on Ireland's critical infrastructure 'could cause social collapse within 48 hours'
EU-UK digital cooperation | Epthinktank | European Parliament
The Market for Spyware is Growing: It's Used Differently Against Women - The Citizen Lab
Why Are Platform Ecosystems — Like Salesforce — Often Targeted? | Security Magazine
UK Cyber Monitoring Centre Sets Its Sights on US Expansion - Infosecurity Magazine
The midmarket security gap • The Register
SMB cybersecurity in 2026: From reactive defense to strategic partnership | ChannelPro
Vulnerability Management
Most Google Cloud Attacks Start With Bug Exploitation
Vulnerabilities
Ransomware gang exploits Cisco flaw in zero-day attacks since January
Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks - SecurityWeek
Cisco’s latest vulnerability spree has a more troubling pattern underneath | CyberScoop
Apple WebKit Vulnerability Enables Malicious Web Content Bypass on iOS and macOS
875 Million Android Phones At Risk From 60 Second Hack
MediaTek security flaw may have affected more Android phones than initially reported
Google rushes Chrome update to fix zero-days under attack • The Register
Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw
Researchers disclose vulnerabilities in IP KVMs from four manufacturers - Ars Technica
Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
ConnectWise patches new flaw allowing ScreenConnect hijacking
Unknown attackers exploit another critical SharePoint bug • The Register
Unprivileged users could exploit AppArmor bugs to gain root access
Critical HPE AOS-CX Vulnerability Allows Admin Password Resets - SecurityWeek
Critical UniFi flaw allows unauthenticated compromise | Cybernews
Critical Langflow Vulnerability Exploited Hours After Public Disclosure - SecurityWeek
New Ubuntu Flaw Enables Local Attackers to Gain Root Access - Infosecurity Magazine
New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.