Black Arrow Cyber Threat Intelligence Briefing 21 November 2025
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week, we have reviewed several articles in the specialist and general media about the risks presented by AI, in particular generative AI. These include employees pasting sensitive information into public tools, and attackers exploiting the functionality of GenAI such as using Claude to almost completely carry out a cyber espionage operation against organisations. Our review also highlights that the more traditional attack vectors remain a risk for organisations, including hijacked VPNs, weak password controls, and phishing.
Our message to business leaders is clear and unchanged, and supported by various sources included in our review this week: Boards must ensure they have a realistic assessment of their readiness to deal with a cyber attack. It is particularly important that business leaders should be part of the readiness and should not consider the response to be IT focused. This requires an upskilled leadership team to command and govern their cyber security; contact us for details of how we support organisations to achieve this in a proportionate way.
Top Cyber Stories of the Last Week
The Trojan Prompt: How GenAI Is Turning Staff into Unwitting Insider Threats
Two evolving risks are emerging relating to generative AI. The first, a “Trojan prompt”, is where staff paste sensitive documents, credentials or API keys into public GenAI tools which often fall outside monitoring by traditional cyber security data loss prevention and monitoring controls. The second is the “Imprompter” attack, where hidden instructions in prompts harvest personal data with close to an 80% success rate. A robust response to these combines clear GenAI governance, user education and hardware level zero trust on endpoints that inspects when data is accessed on the device’s drive itself.
Copy And Paste Cyber Security Warning — 99% Of Enterprises Now at Risk
LayerX’s Browser Security Report finds that sensitive data now often leaves enterprises through copy and paste rather than file uploads. Findings show that 77% of employees paste data into AI tools and 46% into file storage, frequently outside IT control. Browser extensions amplify the risks, with 99% of enterprise users having at least one installed, more than half holding high or critical permissions. 26% are installed outside normal channels (sideloaded), creating major blind spots for security teams.
Google: Threat Groups Will Accelerate Their Use of AI in 2026
Anthropic’s research shows China linked attackers using the generative AI engine Claude to carry out around 80% to 90% of a cyber espionage operation against about 30 organisations, with humans stepping in only at key decision points. Meanwhile, Google’s Cybersecurity Forecast 2026 expects threat groups to adopt AI across reconnaissance, exploitation and malware development, while AI enabled tools can also reshape how cyber security teams defend the organisation.
Source: https://www.msspalert.com/news/google-threat-groups-will-accelerate-their-use-of-ai-in-2026
“We’ve Seen a 30% Increase in Successful Email Scams in the Last Two Years”
Data from At Bay, which insures about 40,000 businesses, shows a 30% increase in successful email scams over two years as attackers use AI to craft convincing, personalised messages. Traditional email security struggles with this variety and speed. Organisations are urged to move towards context aware detection, scrutinise how AI agents are integrated into systems and recognise the new attack surfaces created by rapid AI adoption.
Source: https://www.calcalistech.com/ctechnews/article/lsncr0rtd
“We Are Moments Before the First Real Cyberwar, One in Which Not a Single Shot Is Fired”
The Director General of Israel’s National Cyber Directorate describes three stages of AI and cyber convergence: using AI for cyber defence, protecting AI systems themselves and a future AI versus AI phase where autonomous agents conduct both attacks and defence. Israel is cited as one of the most targeted countries globally. AI driven campaigns are expected to be capable of digitally besieging states, even as constant pressure will force defences to improve.
Source: https://www.calcalistech.com/ctechnews/article/askx8c3bj
Our Industries Are Vulnerable to Cyber Attacks: Boardrooms Must Prioritize Resilience, Not Reaction
A new report by Accenture indicates the challenge faced by organisations defending against AI driven threats. It finds that 88% of UK firms lack the maturity needed as AI accelerates ransomware, deepfakes and data theft. Cyber security is presented as a people and reputation issue as much as a technical one. Boards should embed security into strategy, build cross functional crisis preparations and design business continuity for critical services.
Source: https://www.infosecurity-magazine.com/opinions/boardrooms-must-prioritize/
Overconfidence Is the New Cyber Risk: Immersive’s 2025 Cyber Workforce Benchmark Report Exposes a Global Readiness Illusion
Immersive’s 2025 Cyber Workforce Benchmark Report finds that 94% of organisations feel ready for a major incident, yet in the simulated attacks only 22% of the decisions made were appropriate and average containment times are around 29 hours. Only 41% of organisations involve non technical teams in simulations, leaving a significant readiness gap.
The Hidden Cost of a Hack: Unpacking the Ripple Effect of Cybercrime
Beazley’s risk and resilience research with 3,500 leaders shows 29% of executives now rank cyber as their greatest threat, up from 26% in 2024. The findings highlight that business leaders may not fully appreciate the full lifecycle of incidents, including legal actions, regulatory scrutiny and long term reputational harm. Boards should plan for extended disruption and financial ripple effects, not only initial recovery.
Half of Ransomware Access Due to Hijacked VPN Credentials
Beazley Security reports that ransomware incidents increased in Q3 2025, with Akira, Qilin and INC responsible for about 65% of cases and leak posts rising 11% quarter on quarter. Valid VPN credentials provided initial access in 48% of breaches, up from 38% in Q2, while external service exploits accounted for 23%. Infostealers and credential stuffing attacks against SonicWall SSL VPNs feature heavily, reinforcing the need for phishing resistant MFA, conditional access and continuous vulnerability management.
Source: https://www.infosecurity-magazine.com/news/half-ransomware-access-hijacked/
Half a Million Stolen FTSE 100 Credentials Found on Criminal Sites
Socura and Flare’s “FTSE 100 for Sale” report identifies about 460,000 compromised credentials associated with FTSE 100 staff across cybercrime sites. More than 70,000 credentials relate to financial services, and 28,000 appear in infostealer logs, roughly 280 per company. Weak password practices such as “password” and obvious reuse of passwords persist, underscoring the need for strong policies, phishing resistant MFA, conditional access and proactive leak monitoring.
Source: https://www.infosecurity-magazine.com/news/half-million-stolen-ftse-100/
UK Targets Russian Cyber Gang as £14.7 Billion Attacks Hit British Economy
Sanctions against a cyber crime infrastructure / hosting provider called Media Land and its leader Alexander Volosovik target a Russian hosting provider accused of supporting ransomware, phishing and other criminal campaigns against UK organisations. Cyber attacks are estimated to have cost UK businesses about £14.7 billion in 2024, roughly 0.5% of GDP. The move builds on earlier actions against groups such as Evil Corp and LockBit, aiming to disrupt broader Russia based cyber crime ecosystems.
Source: https://www.easterneye.biz/uk-cybercrime-russian-attack-british-economy/
Cyber-enabled Kinetic Targeting: Iran-linked Actor Uses Cyber Operations to Support Physical Attacks
Amazon’s threat intelligence research describes how Iran-aligned actors integrate cyber operations with physical strikes in what it calls ‘cyber enabled kinetic targeting’. The attack group called Imperial Kitten reportedly accessed a ship’s tracking platform and onboard CCTV before an attempted attack on the same vessel by a Houthi missile. Another group, MuddyWater, is linked to compromised cameras in Israel that were then used to support missile strikes, showing how hacked sensors and live data can guide battlefield decisions.
Governance, Risk and Compliance
Organizations overconfident in dealing with cybersecurity incidents - BetaNews
Holyrood | Everyone’s a target: The importance of cybersecurity in a fast changing world
The growing risks presented by cyber security and data breaches – The Irish News
The hidden cost of a hack: Unpacking the ripple effect of cybercrime | Insurance Business America
Resilience At Risk: Talent and Governance in the Age of AI - Infosecurity Magazine
The realities of CISO burnout and exhaustion | CyberScoop
SEC to Drop Controversial SolarWinds Cyberattack Lawsuit
Unpreparedness for risks a worry for CEOs: Kroll Chief Jacob Silverman - The Economic Times
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware's Fragmentation Reaches a Breaking Point While LockBit Returns
Half of Ransomware Access Due to Hijacked VPN Credentials - Infosecurity Magazine
Russian money launderers bought a bank to disguise ransomware profit | Computer Weekly
The Akira Playbook: How Ransomware Groups Are Weaponizing MFA Fatigue - Security Boulevard
UK's New Cybersecurity Bill Takes Aim at Ransomware Gangs and State-Backed Hackers | Fortra
UK cyber ransom ban risks collapse of essential services
The ransomware payment debate: what it means for organizations | TechRadar
'The Gentlemen' Ransomware Group with Dual-Extortion Strategy Encrypts and Exfiltrates Data
Akira ransomware expands to Nutanix AHV, raising stakes for enterprise security | CSO Online
Cat’s Got Your Files: Lynx Ransomware – The DFIR Report
Ransomware Victims
Oracle Allegedly Breached by Clop Ransomware via E-Business Suite 0-Day Hack
Checkout.com snubs hackers after data breach, to donate ransom instead
Jaguar Land Rover confirms major disruption and £196M cost from September cyberattack
Logitech confirms data breach after Clop extortion attack
Hackers Allegedly Claim Leak of LG Source Code, SMTP, and Hardcoded Credentials
The Washington Post reveals thousands impacted via Oracle-based hack | Cybernews
Everest Ransomware Group Allegedly Exposes 343 GB of Sensitive Data in Major Under Armour Breach
Cornerstone staffing ransomware attack leaks 120,000 resumes, claims Qilin gang | Cybernews
Hacker claims to steal 2.3TB data from Italian rail group, Almaviva
Phishing & Email Based Attacks
Beware! How AI is writing phishing emails that look real | PCWorld
AI Is Supercharging Phishing: Here’s How to Fight Back - SecurityWeek
Beware of Phishing Emails as Spam Filter Alerts Steal Your Email Logins in a Blink
Attackers are using “Sneaky 2FA” to create fake sign-in windows that look real | Malwarebytes
Sneaky2FA PhaaS kit now uses redteamers' Browser-in-the-Browser attack
“We've seen a 30% increase in successful email scams in the last two years” | Ctech
The Tycoon 2FA Phishing Platform and the Collapse of Legacy MFA
Other Social Engineering
Copy And Paste Cybersecurity Warning — 99% Of Enterprises Now At Risk
What to Know About the Billion-Dollar Scam Center Industry - The New York Times
The long conversations that reveal how scammers work - Help Net Security
The Akira Playbook: How Ransomware Groups Are Weaponizing MFA Fatigue - Security Boulevard
Five plead guilty to helping North Koreans infiltrate US firms
Five admit helping North Korea evade sanctions through IT worker schemes
DoJ nets five guilty pleas in Pyongyang’s IT-worker hustle • The Register
US: Five Plead Guilty in North Korean IT Worker Fraud Scheme - Infosecurity Magazine
Almost five-fold increase in reports of online investment ad scams
Convenience culture is breaking personal security - Help Net Security
Scammers sent 166,000 scam texts to NY residents this week in major hack | Mashable
Fraud, Scams and Financial Crime
What to Know About the Billion-Dollar Scam Center Industry - The New York Times
The long conversations that reveal how scammers work - Help Net Security
Don't get ghost tapped: 5 ways to block thieves from scanning your wallet | ZDNET
Almost five-fold increase in reports of online investment ad scams
Convenience culture is breaking personal security - Help Net Security
“We've seen a 30% increase in successful email scams in the last two years” | Ctech
BitQueen jailed as chancellor eyes up her seized £5bn wealth
AI scams surge: how consumers and businesses can stay safe | TechRadar
AI powering transnational crime as Asian gangs move into Pacific - Nikkei Asia
Online safety ‘getting worse’, warns former UK cyber security agency boss | The Standard
Payroll Pirates - Network of Criminal Groups Hijacking Payroll Systems
GenAI and Deepfakes Drive Digital Forgeries and Biometric Fraud - Infosecurity Magazine
UNC2891 Money Mule Network Reveals Full Scope of ATM Fraud Operation - Infosecurity Magazine
Scammers sent 166,000 scam texts to NY residents this week in major hack | Mashable
US announces new strike force targeting Chinese crypto scammers
Artificial Intelligence
Gartner: 40% of Firms to Be Hit By Shadow AI Security Incidents - Infosecurity Magazine
Beware! How AI is writing phishing emails that look real | PCWorld
AI Is Supercharging Phishing: Here’s How to Fight Back - SecurityWeek
Chinese spies used Claude to break into critical orgs • The Register
China’s ‘autonomous’ AI-powered hacking campaign still required a ton of human work | CyberScoop
AI chatbots can now execute cyberattacks almost on their own | Vox
What the Anthropic Report on AI Espionage Means for Security Leaders - Intezer
Anthropic Has Some Key Advice for Businesses in the Aftermath of a Massive AI Cyberattack
The Trojan Prompt: How GenAI is Turning Staff into Unwitting Insider Threats - Security Boulevard
Could years of AI conversations be your biggest security blind spot? | IT Pro
How attackers use patience to push past AI guardrails - Help Net Security
Dark LLMs Are Targeting MSPs’ Customers | MSSP Alert
AI Is Supercharging Disinformation Warfare | Foreign Affairs
Google: Threat Groups Will Accelerate Their Use of AI in 2026 | MSSP Alert
“We are moments before the first real cyberwar, one in which not a single shot is fired | Ctech
Convenience culture is breaking personal security - Help Net Security
AI powering transnational crime as Asian gangs move into Pacific - Nikkei Asia
Shadow AI: the next frontier of unseen risk | TechRadar
Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks
Microsoft Warns Windows 11 AI Can Install Malware
GenAI and Deepfakes Drive Digital Forgeries and Biometric Fraud - Infosecurity Magazine
Foreign Spies Deploying AI in Cyberattacks | Newsmax.com
Agentic AI puts defenders on a tighter timeline to adapt - Help Net Security
How AI can magnify your tech debt - and 4 ways to avoid that trap | ZDNET
Don't ignore the security risks of agentic AI - SiliconANGLE
Cursor Issue Paves Way for Credential-Stealing Attacks
2FA/MFA
The Akira Playbook: How Ransomware Groups Are Weaponizing MFA Fatigue - Security Boulevard
Attackers are using “Sneaky 2FA” to create fake sign-in windows that look real | Malwarebytes
The Tycoon 2FA Phishing Platform and the Collapse of Legacy MFA
Malware
Microsoft Warns Windows 11 AI Can Install Malware
SilentButDeadly - Network Communication Blocker Tool That Neutralizes EDR/AV
North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels
Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT
New npm Malware Campaign Redirects Victims to Crypto Sites - Infosecurity Magazine
Google exposes BadAudio malware used in APT24 espionage campaigns
Why ‘AI-Powered’ Cyber-Attacks Are Not a Serious Threat …Yet - Infosecurity Magazine
LLM-generated malware improving, but not operational (yet) • The Register
RondoDox expands botnet by exploiting XWiki RCE bug left unpatched since February 2025
Google Finds New Malware Backdoors Linked to Iran
Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks
Bots/Botnets
Largest Azure DDoS Attack Powered by Aisuru Botnet - SecurityWeek
RondoDox expands botnet by exploiting XWiki RCE bug left unpatched since February 2025
Mobile
VPN Ban—iPhone And Android ‘Privacy Nightmare’ Is Coming True
Multi-threat Android malware Sturnus steals Signal, WhatsApp messages
Budget Samsung phones shipped with unremovable spyware, say researchers | Malwarebytes
WhatsApp easily exposed 3.5 billion people's phone numbers - GSMArena.com news
CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat
WhatsApp 'Eternidade' Trojan Worms Through Brazil
NSO Group argues WhatsApp injunction threatens existence, future U.S. government work | CyberScoop
Denial of Service/DoS/DDoS
Microsoft Mitigates Record 15.72 Tbps DDoS Attack Driven by AISURU Botnet
Internet of Things – IoT
Cybersecurity risks inside the powertrain: why EVs need defence at the motor level - Just Auto
Data Breaches/Leaks
Half a Million Stolen FTSE 100 Credentials Found on Criminal Sites - Infosecurity Magazine
Schools share blame for PowerSchool mega-hack, say watchdogs • The Register
MoD ‘knew using Excel was risky before Afghan data leak’
Hackers Allegedly Claim Leak of LG Source Code, SMTP, and Hardcoded Credentials
The Washington Post reveals thousands impacted via Oracle-based hack | Cybernews
Everest Ransomware Group Allegedly Exposes 343 GB of Sensitive Data in Major Under Armour Breach
WhatsApp easily exposed 3.5 billion people's phone numbers - GSMArena.com news
Major Urssaf cyberattack in France affects 1.2 million Pajemploi users
Eurofiber admits crooks swiped data from French unit • The Register
Pentagon and soldiers let too many secrets slip on socials • The Register
Organised Crime & Criminal Actors
What to Know About the Billion-Dollar Scam Center Industry - The New York Times
AI powering transnational crime as Asian gangs move into Pacific - Nikkei Asia
Online safety ‘getting worse’, warns former UK cyber security agency boss | The Standard
Payroll Pirates - Network of Criminal Groups Hijacking Payroll Systems
British hacker must repay £4m after hijacking celebrity Twitter accounts - BBC News
Dutch police takes down bulletproof hosting hub linked to 80+ cybercrime cases
CISA Issues New Guidance on Bulletproof Hosting Threat - Infosecurity Magazine
UNC2891 Money Mule Network Reveals Full Scope of ATM Fraud Operation - Infosecurity Magazine
Russian Hacking Suspect Wanted by the FBI Arrested on Thai Resort Island - SecurityWeek
South Korean man sentenced to prison for sending $16K to North Korean hacker | NK News
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
What to Know About the Billion-Dollar Scam Center Industry - The New York Times
BitQueen jailed as chancellor eyes up her seized £5bn wealth
Europol Operation Disrupts $55m in Cryptocurrency for Piracy - Infosecurity Magazine
Wind farm worker sentenced after turning turbines into a secret crypto mine
New npm Malware Campaign Redirects Victims to Crypto Sites - Infosecurity Magazine
Security researcher calls BS on Coinbase breach timeline • The Register
US announces new strike force targeting Chinese crypto scammers
Insider Risk and Insider Threats
The Trojan Prompt: How GenAI is Turning Staff into Unwitting Insider Threats - Security Boulevard
Rogue techie pleads guilty in $862K employer attack • The Register
Wind farm worker sentenced after turning turbines into a secret crypto mine
The Password Was ‘Password’: Why Humans Keep Breaking the Internet
Insurance
What insurers really look at in your identity controls - Help Net Security
Supply Chain and Third Parties
Dark LLMs Are Targeting MSPs’ Customers | MSSP Alert
Cloud/SaaS
Microsoft: Azure hit by 15 Tbps DDoS attack using 500,000 IP addresses
Cloudflare hit by outage affecting Global Network services
And so this is how a tiny Cloudflare update broke huge chunks of the internet | TechSpot
Outages
Cloudflare hit by outage affecting Global Network services
And so this is how a tiny Cloudflare update broke huge chunks of the internet | TechSpot
The internet isn't free: Shutdowns, surveillance and algorithmic risks - Help Net Security
Identity and Access Management
What insurers really look at in your identity controls - Help Net Security
Encryption
VPN Ban—iPhone And Android ‘Privacy Nightmare’ Is Coming True
Dozens of groups call for governments to protect encryption | CyberScoop
Linux and Open Source
5 reasons Kaspersky releasing a Linux antivirus product worries me
Passwords, Credential Stuffing & Brute Force Attacks
Half of Ransomware Access Due to Hijacked VPN Credentials - Infosecurity Magazine
Half a Million Stolen FTSE 100 Credentials Found on Criminal Sites - Infosecurity Magazine
The Password Was ‘Password’: Why Humans Keep Breaking the Internet
The world's most popular passwords are pretty unsurprising - surely we can do better? | TechRadar
Zoomers are officially worse at passwords than 80-year-olds • The Register
Cursor Issue Paves Way for Credential-Stealing Attacks
Social Media
British hacker must repay £4m after hijacking celebrity Twitter accounts - BBC News
Convenience culture is breaking personal security - Help Net Security
Pentagon and soldiers let too many secrets slip on socials • The Register
Regulations, Fines and Legislation
UK's New Cybersecurity Bill Takes Aim at Ransomware Gangs and State-Backed Hackers | Fortra
UK cyber ransom ban risks collapse of essential services
VPN Ban—iPhone And Android ‘Privacy Nightmare’ Is Coming True
Dozens of groups call for governments to protect encryption | CyberScoop
SEC to Drop Controversial SolarWinds Cyberattack Lawsuit
Cyber Operations on Domestic Networks Redux | Lawfare
CISA 2015 Receives Extension - Infosecurity Magazine
ENISA Is Now a CVE Program Root - DataBreachToday
Models, Frameworks and Standards
The UK’s Proposed Cyber Security and Resilience Bill | Hogan Lovells - JDSupra
Careers, Working in Cyber and Information Security
Resilience At Risk: Talent and Governance in the Age of AI - Infosecurity Magazine
Learning Sales Skills Make Security Pros More Effective
The retail sector needs a cybersecurity talent incubator | CyberScoop
Law Enforcement Action and Take Downs
Rogue techie pleads guilty in $862K employer attack • The Register
British hacker must repay £4m after hijacking celebrity Twitter accounts - BBC News
Wind farm worker sentenced after turning turbines into a secret crypto mine
BitQueen jailed as chancellor eyes up her seized £5bn wealth
Europol Operation Disrupts $55m in Cryptocurrency for Piracy - Infosecurity Magazine
Dutch police takes down bulletproof hosting hub linked to 80+ cybercrime cases
UNC2891 Money Mule Network Reveals Full Scope of ATM Fraud Operation - Infosecurity Magazine
Russian Hacking Suspect Wanted by the FBI Arrested on Thai Resort Island - SecurityWeek
US announces new strike force targeting Chinese crypto scammers
South Korean man sentenced to prison for sending $16K to North Korean hacker | NK News
What are the potential punishments and risks of owning a 'dodgy firestick'? | The Standard
Europol Leads Takedown of Thousands of Extremist Gaming Links - Infosecurity Magazine
Misinformation, Disinformation and Propaganda
AI Is Supercharging Disinformation Warfare | Foreign Affairs
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
“We are moments before the first real cyberwar, one in which not a single shot is fired | Ctech
Russia preparing for war against NATO says top General
U.S. Space Force launches new triad of jammers to disrupt Chinese and Russian satellites
UK will not tolerate Chinese spying, minister says after MI5 alert - BBC News
MI5 Warns Lawmakers That Chinese Spies Are Trying to Reach Them via LinkedIn - SecurityWeek
Countries use cyber targeting to plan strikes: Amazon CSO • The Register
Google exposes BadAudio malware used in APT24 espionage campaigns
Iranian Hackers Launch 'SpearSpecter' Spy Operation on Defense & Government Targets
Nation State Actors
“We are moments before the first real cyberwar, one in which not a single shot is fired | Ctech
Countries use cyber targeting to plan strikes: Amazon CSO • The Register
UK's New Cybersecurity Bill Takes Aim at Ransomware Gangs and State-Backed Hackers | Fortra
Foreign Spies Deploying AI in Cyberattacks | Newsmax.com
Palo Alto CEO tips nations to weaponize quantum by 2029 • The Register
Take fight to the enemy, US cyber boss says • The Register
China
Chinese spies used Claude to break into critical orgs • The Register
China’s ‘autonomous’ AI-powered hacking campaign still required a ton of human work | CyberScoop
What the Anthropic Report on AI Espionage Means for Security Leaders - Intezer
AI doesn't just assist cyberattacks anymore - now it can carry them out | ZDNET
Chinese Nation-State Groups Hijacking Software Updates
UK will not tolerate Chinese spying, minister says after MI5 alert - BBC News
MI5 Warns Lawmakers That Chinese Spies Are Trying to Reach Them via LinkedIn - SecurityWeek
Foreign Spies Deploying AI in Cyberattacks | Newsmax.com
U.S. Space Force launches new triad of jammers to disrupt Chinese and Russian satellites
Google exposes BadAudio malware used in APT24 espionage campaigns
Germany lines up new powers to fend off Chinese tech – POLITICO
New WrtHug campaign hijacks thousands of end-of-life ASUS routers
TP-Link accuses rival Netgear of 'smear campaign' • The Register
US announces new strike force targeting Chinese crypto scammers
Russia
Russia preparing for war against NATO says top General
Countries use cyber targeting to plan strikes: Amazon CSO • The Register
UK, US and Australia Sanction Russian Bulletproof Hoster Media Land - Infosecurity Magazine
UK hits Russian cyber gang as £14.7 billion attacks damage economy | EasternEye
U.S. Space Force launches new triad of jammers to disrupt Chinese and Russian satellites
Russian money launderers bought a bank to disguise ransomware profit | Computer Weekly
Russian Hacking Suspect Wanted by the FBI Arrested on Thai Resort Island - SecurityWeek
Russia keeps cutting mobile internet, and people are getting fed up - The Washington Post
Iran
Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks
Iranian Hackers Launch 'SpearSpecter' Spy Operation on Defense & Government Targets
Iran's Cyber Objectives: What Do They Want?
Google Finds New Malware Backdoors Linked to Iran
Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks
North Korea
US: Five Plead Guilty in North Korean IT Worker Fraud Scheme - Infosecurity Magazine
North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels
South Korean man sentenced to prison for sending $16K to North Korean hacker | NK News
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Europol Leads Takedown of Thousands of Extremist Gaming Links - Infosecurity Magazine
Tools and Controls
Half of Ransomware Access Due to Hijacked VPN Credentials - Infosecurity Magazine
Palo Alto kit sees massive surge in malicious activity • The Register
Agentic AI puts defenders on a tighter timeline to adapt - Help Net Security
Fortinet’s delayed alert on actively exploited defect put defenders at a disadvantage | CyberScoop
5 reasons Kaspersky releasing a Linux antivirus product worries me
SilentButDeadly - Network Communication Blocker Tool That Neutralizes EDR/AV
Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT
Vibe coding to vibe hacking: securing software in the AI era | TechRadar
Resilience At Risk: Talent and Governance in the Age of AI - Infosecurity Magazine
VPN Ban—iPhone And Android ‘Privacy Nightmare’ Is Coming True
What insurers really look at in your identity controls - Help Net Security
Cursor Issue Paves Way for Credential-Stealing Attacks
CISO pay is on the rise, even as security budgets tighten | CIO Dive
Other News
Palo Alto kit sees massive surge in malicious activity • The Register
Schools share blame for PowerSchool mega-hack, say watchdogs • The Register
The internet isn't free: Shutdowns, surveillance and algorithmic risks - Help Net Security
Initial Access Brokers (IAB) in 2025 - From Dark Web Listings to Supply Chain Ransomware Events
Hospitals in the cyber crosshairs - POLITICO
Cyber Operations on Domestic Networks Redux | Lawfare
Black Friday as retailers face cyber surge
TV streaming piracy service with 26M yearly visits shut down
Vulnerability Management
Chinese Nation-State Groups Hijacking Software Updates
Threat group reroutes software updates through hacked network gear - Help Net Security
Can a Global, Decentralized System Save CVE Data?
ENISA Is Now a CVE Program Root - DataBreachToday
Cyber Agency Warns of Government Exploits - DevX
Vulnerabilities
Fortinet finally cops to critical bug under active exploit • The Register
Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week - SecurityWeek
New SonicWall SonicOS flaw allows hackers to crash firewalls
Fortinet’s delayed alert on actively exploited defect put defenders at a disadvantage | CyberScoop
Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks
7-Zip RCE flaw (CVE-2025-11001) actively exploited in attacks in the wild
SolarWinds Patches Three Critical Serv-U Vulnerabilities - SecurityWeek
ASUS warns of critical auth bypass flaw in DSL series routers
Google fixed the seventh Chrome zero-day in 2025
W3 Total Cache WordPress plugin vulnerable to PHP command injection
CVE-2025-50165: Critical Flaw in Windows Graphics Component - Security Boulevard
New WrtHug campaign hijacks thousands of end-of-life ASUS routers
ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts
Millions of sites at risk from Imunify360 critical flaw exploit
RondoDox expands botnet by exploiting XWiki RCE bug left unpatched since February 2025
D-Link warns of new RCE flaws in end-of-life DIR-878 routers
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.