Black Arrow Cyber Threat Intelligence Briefing 23 January 2026
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Our review this week starts with a number of emerging attacks that business leaders should be aware of involving LinkedIn and LastPass. We report how AI is able to develop advanced malware within one week, while classic attacks remain a real risk due to poor password choices by employees. In response to these and other developments, business leaders are treating cyber as one of their top risks, while governments are addressing the risk of concentrated reliance on a small number of technology providers.
We include calls to action for business leaders to review their security, including frequent security assessments. We also focus on rehearsing how to manage a cyber incident where our point of view is clear: the objective is to consider the possibility of a successful attack rather than a walkthrough of a showcase scenario by your control provider; therefore, the rehearsal should be led by an impartial expert to help flush out incorrect assumptions by your leadership team and security providers.
Contact us to discuss how to apply these insights in a proportionate manner in your organisation’s cyber risk management strategy.
Top Cyber Stories of the Last Week
A New LinkedIn Phishing Scam Is Targeting Executives Online – Make Sure You Don’t Fall for This
ReliaQuest has identified a sophisticated phishing campaign on LinkedIn that targets senior executives and IT administrators using convincing fake job ads and project invitations. Messages include a download link to a compressed file disguised as a business document, such as a product roadmap or project plan. Opening it quietly installs a remote access trojan, a type of malware that gives criminals ongoing access to a device and enables data theft. The campaign highlights that phishing is no longer limited to email, with social media and other everyday platforms increasingly used to reach high value targets.
LastPass Warns of Phishing Campaign Attempting to Steal Master Passwords
LastPass is warning of a widespread phishing email campaign, first seen on 19 January, that impersonates the company and pressures recipients to click a link within 24 hours to back up their password vault before maintenance. The link leads to a fake login page designed to steal the user’s master password, which can give criminals access not only to LastPass but also to many other accounts stored in the vault. With around 33 million users and more than 100,000 business customers, LastPass says it will never ask for a master password or demand urgent action by email.
https://www.infosecurity-magazine.com/news/lastpass-phishing-master-passwords/
VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun
Check Point Research has identified VoidLink as the first clearly documented example of a highly capable malware framework built largely using artificial intelligence, likely by a single actor. Researchers were able to access the developer’s infrastructure due to poor security that exposed planning documents and source code showing the tool moved from concept to a working implant in under a week. This illustrates how AI can dramatically speed up the creation of sophisticated malicious software, potentially making complex cyber attacks more accessible and harder to defend against.
https://research.checkpoint.com/2026/voidlink-early-ai-generated-malware-framework/
Analysis of 6 Billion Passwords Shows Stagnant User Behaviour
A review of 6 billion leaked passwords from 2025 shows user behaviour has barely improved, with ‘123456’, ‘admin’ and ‘password’ still among the most commonly stolen credentials. ‘Admin’ and ‘password’ are often default logins on business systems, connected devices and industrial equipment, and leaving them unchanged can provide criminals with direct access to critical services. The study also found many passwords are only slightly more complex but remain predictable, and that most were stolen by password stealing malware. This reinforces the need for stronger sign-in controls and regular checks for exposed credentials.
https://www.securityweek.com/analysis-of-6-billion-passwords-shows-stagnant-user-behavior/
For Cyber Risk Assessments, Frequency Is Essential
Regular cyber security risk assessments give leadership a clear view of real exposure, not just headline threats. They help teams spot weaknesses early, focus investment on the most critical systems and data, and meet regulatory duties such as GDPR. Data deserves particular attention because, once stolen, it cannot be recovered like infrastructure. Recent findings show one in ten cloud data sets are accessible to all employees, increasing the potential impact of ransomware. Microsoft also reports over 99% of compromised accounts lacked multi factor authentication, a key control that adds a second step to logins.
https://www.csoonline.com/article/4117003/cyber-risk-assessments-risk-assessment-helps-cisos.html
Most SMBs Aren’t Set Up to Survive a Major Cyberattack – Here’s What Needs to Be Done
Vodafone Business research suggests more than 10% of UK organisations might not survive a major cyber attack. Nearly two-thirds (63%) say their risk has increased over the past year, and 71% of leaders believe at least one employee would fall for a phishing email, where criminals trick staff into revealing information or approving payments. Basic protections are still often missing: staff reuse work passwords across up to 11 personal accounts, and only 45% of firms have given all employees basic cyber awareness training. Encouragingly, 89% say recent high-profile attacks have made them more alert, while 70% are now more wary of AI-driven impersonation during video calls.
63% of IT Leaders Say Firms Overestimate Cyber Recovery
Dell research highlights a growing gap between how confident leaders feel about recovering from a cyber attack and how ready their organisations really are. While 99% of firms claim to have a cyber resilience strategy, 63% of IT leaders say executives are overconfident, and 57% did not recover as effectively as planned in their most recent incident or rehearsal. Regular recovery testing makes a material difference, with a 55% success rate for organisations testing monthly or more, versus 35% for less frequent testing. Dell urges boards to treat recovery as a core priority, balancing investment between prevention and recovery.
https://cybernews.com/security/hidden-resilience-debt-half-firms-unready-cyberattacks/
Cyber Risks Among CEOs’ Top Worries Amid Weak Short Term Growth Outlook
PwC’s 29th Global CEO Survey of 4,454 chief executives across 95 countries and territories shows cyber risk is now one of CEOs’ top concerns, alongside economic volatility and geopolitical conflict. Nearly a third (31%) say their organisation is highly or extremely exposed to significant financial loss from cyber threats in the next year, up from 24% in 2024. In response, 84% plan to strengthen enterprise-wide cyber security, while concerns about data privacy (38%) and responsible use of AI (37%) highlight growing risks to stakeholder trust.
https://www.infosecurity-magazine.com/news/cyber-risks-among-ceos-top-worries/
Global Tensions Are Pushing Cyber Activity Toward Dangerous Territory
Rising geopolitical tensions are driving more state backed cyber activity that can disrupt essential services. 72% of IT leaders fear nation state capabilities could escalate into cyber war, with power and water systems most at risk. Past incidents show the impact, including a 2016 attack that cut electricity for six hours and left over one million people without power, plus a 2025 intrusion that opened a Norwegian dam floodgate. Alongside disruption, AI-made misinformation is spreading rapidly online. The World Economic Forum warns that sovereignty and supply chain control are shaping choices, including AWS launching a European Sovereign Cloud.
https://www.helpnetsecurity.com/2026/01/19/cybersecurity-geopolitical-tensions/
UK Firms’ Cyber Security Budget Set for Major Increase
KPMG’s Global Tech Report 2026 finds UK organisations are making cyber security their biggest area for budget growth over the next 12 months, driven by geopolitical tensions and high profile data breaches. More than half of UK firms (57%) plan to increase cyber security spending by over 10%, well ahead of the global figure. The focus is shifting from buying tools to building cyber resilience, meaning protecting the most important systems and data, fixing the basics, and assigning clear accountability. The UK Government has also proposed new cyber security legislation in response to the rising threat.
https://www.uktech.news/cybersecurity/uk-firms-cybersecurity-budget-set-for-major-increase-20260122
Europe’s GDPR Cops Dished Out €1.2B in Fines Last Year as Data Breaches Piled Up
DLA Piper’s latest survey shows GDPR enforcement continuing at scale, with fines topping £1 billion (€1.2 billion) in 2025 and reaching €7.1 billion (£6.2 billion) since the rules began in May 2018. More concerning for business leaders is the sharp rise in incident reporting: regulators received an average of 443 personal data breach notifications a day from late January 2025, up 22 percent year on year and the first time the daily total has exceeded 400. With new reporting laws increasing expectations and speed, organisations need stronger cyber defences and operational resilience.
https://www.theregister.com/2026/01/22/europes_gdpr_cops_dished_out/
Governance, Risk and Compliance
CISOs Rise in Rank as Cyber Risk Reaches the Boardroom | MSSP Alert
Cyber Breaches, Compliance and Reputation Top UK Corporate Concerns - Infosecurity Magazine
Cyber Risks Among CEOs’ Top Worries Amid Weak Short Term Growth - Infosecurity Magazine
Most SMBs aren't set up to survive a major cyberattack - here's what needs to be done | TechRadar
Rising AI threats drive 82% of firms to boost cybersecurity budgets - Cryptopolitan
63% of IT leaders say firms overestimate cyber recovery| Cybernews
Cyber fraud most pervasive global threat for CEOs: report
Cyber attack would wipe out over 10% of UK businesses – Vodafone
Comms Business - Cyber attack would put one in 10 firms out of business
BoE: UK finservs still lacking on basic cybersecurity • The Register
UK firms' cybersecurity budget set for major increase - UKTN
Cybersecurity Is More Than Technical. It’s A Financial Issue
Ransomware gangs extort victims by citing compliance violations | CSO Online
For cyber risk assessments, frequency is essential | CSO Online
Privacy teams feel the strain as AI, breaches, and budgets collide - Help Net Security
9 strategic imperatives every business leader must master to survive and thrive in 2026 | ZDNET
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware 2026: Attacks Surge Despite Gang Takedowns
Ransomware attacks showed a 45 percent increase in 2025 - BetaNews
Researchers Uncovered LockBit’s 5.0 Latest Affiliate Panel and Encryption Variants
New Osiris ransomware reveals sophisticated tactics and experienced attackers - SiliconANGLE
Ransomware gangs extort victims by citing compliance violations | CSO Online
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
New PDFSider Windows malware deployed on Fortune 100 firm's network
Crims hit the easy button for IT helpdesk scams • The Register
DeadLock ransomware abuses Polygon blockchain to rotate proxy servers quietly - CoinJournal
Law enforcement tracks ransomware group blamed for massive financial losses - Help Net Security
INC ransomware opsec fail allowed data recovery for 12 US orgs
Leader of ransomware crew pleads guilty to four-year crime spree | CyberScoop
Ransomware Victims
New PDFSider Windows malware deployed on Fortune 100 firm's network
Cyber fallout continues as M&S CTO exits months after ransomware attack - InternetRetailing
Grubhub confirms breach linked to Salesforce attacks | Cybernews
Ransomware attack on Ingram Micro impacts 42,000 individuals
72.7M Under Armour accounts hit in alleged ransomware leak • The Register
Cyber security update | London Borough of Hammersmith & Fulham
RansomHub claims alleged breach of Apple partner Luxshare - Help Net Security
Phishing & Email Based Attacks
From Phishing to Reconnaissance: How Attackers Are Weaponizing Generative AI - GovInfoSecurity
LastPass Warns of Fake Maintenance Messages Targeting Users' Master Passwords
You Got Phished? Of Course! You're Human...
Domain spoofing used in 90 percent of top phishing attacks - BetaNews
Zendesk ticket systems hijacked in massive global spam wave
Irish university lost €2.3 million from cyber attack, report reveals | Crime World
Phishing and Spoofed Sites Remain Primary Entry Points For Olympics - Infosecurity Magazine
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Other Social Engineering
LastPass Warns of Fake Maintenance Messages Targeting Users' Master Passwords
Crims hit the easy button for IT helpdesk scams • The Register
'Contagious Interview' Attack Now Delivers Backdoor Via VS Code
What’s a browser-in-browser attack? The key traits to know | PCWorld
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
Phishing and Spoofed Sites Remain Primary Entry Points For Olympics - Infosecurity Magazine
2FA/MFA
One-time SMS links that never expire can expose personal data for years - Help Net Security
Artificial Intelligence
VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point Research
From Phishing to Reconnaissance: How Attackers Are Weaponizing Generative AI - GovInfoSecurity
Rising AI threats drive 82% of firms to boost cybersecurity budgets - Cryptopolitan
For the price of Netflix, crooks can rent AI crime ops • The Register
Cyber risk keeps winning, even as AI takes over - Help Net Security
Why CEOs and CISOs are split on AI-driven cyber risk | Invezz
Businesses are deploying AI agents faster than safety protocols can keep up, Deloitte says | ZDNET
New Android malware uses AI to click on hidden browser ads
AI Risks a Key Driver Behind Cyber Insurance Growth, Evolution | MSSP Alert
Privacy teams feel the strain as AI, breaches, and budgets collide - Help Net Security
Microsoft & Anthropic MCP Servers At Risk of RCE, Cloud Takeovers
A new European standard outlines security requirements for AI - Help Net Security
ChatGPT Health Raises Big Security, Safety Concerns
Gemini AI assistant tricked into leaking Google Calendar data
Pentagon's Use of Grok Raises AI Security Concerns
Curl shutters bug bounty program to stop AI slop • The Register
Bots/Botnets
RondoDox botnet exploits critical HPE OneView bug • The Register
ISP Sinkholes Kimwolf Servers Amid Eruption of Bot Traffic
Cloud/SaaS
Azure Identity Token Flaw Exposes Windows Admin Center to Tenant-Wide Breaches
Hackers exploit security testing apps to breach Fortune 500 firms
'Damn Vulnerable' Training Apps Leave Vendors' Clouds Exposed
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto
Cyber Crime, Organised Crime & Criminal Actors
For the price of Netflix, crooks can rent AI crime ops • The Register
Researchers Gained Access to Hacker Domain Server Using Name Server Delegation - Cyber Security News
Malware control panels could give experts the tools they need to spy on hackers | TechRadar
Cybercriminals speak the language young people trust - Help Net Security
Data Breaches/Leaks
750,000 Impacted by Data Breach at Canadian Investment Watchdog - SecurityWeek
Vastaamo hack: My darkest secrets were revealed to the world - BBC News
Grubhub confirms breach linked to Salesforce attacks | Cybernews
Ransomware attack on Ingram Micro impacts 42,000 individuals
When Space Isn’t Safe: Inside the European Space Agency’s Massive Cyberattack - Security Boulevard
UStrive security lapse exposed personal data of its users, including children | TechCrunch
DOGE shared Social Security data to unauthorized server, according to court filing | CNN Politics
Attackers claim theft of 183M records from major oil company | Cybernews
Data Protection
Europe’s GDPR cops dished out €1.2B in fines last year • The Register
Denial of Service/DoS/DDoS
Fresh alert warns of pro-Russia hackers targeting UK groups in cyber attacks
UK NCSC warns of Russia-linked hacktivists DDoS attacks
Encryption
Chinese military says it is developing over 10 quantum warfare weapons | South China Morning Post
A new framework helps banks sort urgent post-quantum crypto work from the rest - Help Net Security
Ireland explores legal spyware, encryption-breaking powers • The Register
Fraud, Scams and Financial Crime
Cyber fraud most pervasive global threat for CEOs: report
Banks: Even strict security measures may not protect customers from fraud | News | ERR
Irish university lost €2.3 million from cyber attack, report reveals | Crime World
Peruvian Loan Scam Harvests Cards and PINs via Fake Applications - Infosecurity Magazine
Insurance
AI Risks a Key Driver Behind Cyber Insurance Growth, Evolution | MSSP Alert
SMEs looking for cover as cyber risks mount
Internet of Things – IoT
Smart home hacking is a serious threat - but here's how experts actually stop it | ZDNET
Canada’s new EV deal with China prompts cybersecurity questions
TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking - SecurityWeek
Law Enforcement Action and Take Downs
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
Ukraine–Germany operation targets Black Basta, Russian leader wanted
Access broker caught: Jordanian pleads guilty to hacking 50 companies
Law enforcement tracks ransomware group blamed for massive financial losses - Help Net Security
Tennessee Man Pleads Guilty to Repeatedly Hacking Supreme Court’s Filing System - SecurityWeek
Linux and Open Source
Old Attack, New Speed: Researchers Optimize Page Cache Exploits - SecurityWeek
Malvertising
TamperedChef Malvertising Campaign Drops Malware via Fake PDF Manuals - Infosecurity Magazine
Malware
VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point Research
Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto
More malicious browser extensions uncovered - Chrome, Firefox, and Edge all affected | TechRadar
PDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR Evasion
New PDFSider Windows malware deployed on Fortune 100 firm's network
840,000+ users hit by malicious browser extensions. Uninstall these ASAP! | PCWorld
TamperedChef Malvertising Campaign Drops Malware via Fake PDF Manuals - Infosecurity Magazine
ISP Sinkholes Kimwolf Servers Amid Eruption of Bot Traffic
'Contagious Interview' Attack Now Delivers Backdoor Via VS Code
Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts
Malicious GhostPoster browser extensions found with 840,000 installs
Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations
Attackers are getting stealthier – how can defenders stay ahead? | TechRadar
New PixelCode Attack Smuggles Malware via Image Pixel Encoding
New Multi-Stage Windows Malware Disables Microsoft Defender Before Dropping Malicious Payloads
Credential-stealing Chrome extensions target enterprise HR platforms
Misinformation, Disinformation and Propaganda
Mainland deals with almost 4,000 cyber attacks from Taiwan in 2025-Xinhua
China says highly concerned about EU's cybersecurity package reportedly targeting China-Xinhua
Mobile
New Android malware uses AI to click on hidden browser ads
One-time SMS links that never expire can expose personal data for years - Help Net Security
Turn off this Pixel feature now - it could be leaking your background audio | ZDNET
Android’s new feature lets you see what happened after a break-in - Android Authority
Models, Frameworks and Standards
Europe’s GDPR cops dished out €1.2B in fines last year • The Register
EU Cyber Resilience Act: Key 2026 milestones toward CRA compliance | Hogan Lovells - JDSupra
EU Unveils Proposed Update to Cybersecurity Act - Infosecurity Magazine
EU tightens cybersecurity rules for tech supply chains - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
LastPass Warns of Fake Maintenance Messages Targeting Users' Master Passwords
Analysis of 6 Billion Passwords Shows Stagnant User Behavior - SecurityWeek
Account Compromise Surged 389% in 2025, Says eSentire - Infosecurity Magazine
Passwords are still a problem for UK businesses - what next? | TechRadar
Regulations, Fines and Legislation
Europe’s GDPR cops dished out €1.2B in fines last year • The Register
EU Cyber Resilience Act: Key 2026 milestones toward CRA compliance | Hogan Lovells - JDSupra
EU Unveils Proposed Update to Cybersecurity Act - Infosecurity Magazine
EU tightens cybersecurity rules for tech supply chains - Help Net Security
A new European standard outlines security requirements for AI - Help Net Security
Europe Readies Law to Eject Chinese Equipment From Telecoms
Starmer stares down social media ban barrel in latest U-turn • The Register
MPs question regulators’ capacity to meet cyber security demands
Beijing pledges to defend tech crown jewels against EU cyber rules – POLITICO
Social Media
Starmer stares down social media ban barrel in latest U-turn • The Register
Meta urges Australia to rethink 'blanket' social media ban for teens
Supply Chain and Third Parties
EU Cyber Resilience Act: Key 2026 milestones toward CRA compliance | Hogan Lovells - JDSupra
EU Commission publishes Cybersecurity Act revision proposal
Grubhub confirms breach linked to Salesforce attacks | Cybernews
Training, Education and Awareness
Hackers exploit security testing apps to breach Fortune 500 firms
Exposed training apps are showing up in active cloud attacks - Help Net Security
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Global tensions are pushing cyber activity toward dangerous territory - Help Net Security
Chinese military says it is developing over 10 quantum warfare weapons | South China Morning Post
From battlefield to courtroom - Emerging Europe
Former sailor sentenced to 16 years for selling information about US Navy ships to China | Euronews
US Cyberattack Blacks Out Venezuela, Leads to Maduro’s Capture in 2026 – DataBreaches.Net
Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities - The New York Times
Nation State Actors
Global tensions are pushing cyber activity toward dangerous territory - Help Net Security
China
VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point Research
MI5 to move cables away from China mega-embassy over spy fears
Chinese military says it is developing over 10 quantum warfare weapons | South China Morning Post
China-linked hackers exploited Sitecore zero-day for initial access
Cybersecurity Firms React to China's Reported Software Ban - SecurityWeek
Uncovered: Secret room beneath Chinese embassy that poses threat to City
China-linked APT UAT-8837 targets North American critical infrastructure
UK approves China plan for mega embassy in London despite spy fears | Reuters
Beijing pledges to defend tech crown jewels against EU cyber rules – POLITICO
Canada’s new EV deal with China prompts cybersecurity questions
Former sailor sentenced to 16 years for selling information about US Navy ships to China | Euronews
Russia
Fresh alert warns of pro-Russia hackers targeting UK groups in cyber attacks
UK NCSC warns of Russia-linked hacktivists DDoS attacks
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
Ukraine–Germany operation targets Black Basta, Russian leader wanted
A new cybersecurity course for military personnel has been launched in "Army+" | УНН
North Korea
'Contagious Interview' Attack Now Delivers Backdoor Via VS Code
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
Iran
Hackers target Iran’s state TV to air footage supporting exiled crown prince | The Independent
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Global tensions are pushing cyber activity toward dangerous territory - Help Net Security
Trump “Precision Cyber” Meant 150 Planes Bombing Venezuelan Infrastructure to Rubble | flyingpenguin
Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities - The New York Times
Tools and Controls
More malicious browser extensions uncovered - Chrome, Firefox, and Edge all affected | TechRadar
Rising AI threats drive 82% of firms to boost cybersecurity budgets - Cryptopolitan
63% of IT leaders say firms overestimate cyber recovery| Cybernews
UK firms' cybersecurity budget set for major increase - UKTN
For cyber risk assessments, frequency is essential | CSO Online
AI Risks a Key Driver Behind Cyber Insurance Growth, Evolution | MSSP Alert
Why CEOs and CISOs are split on AI-driven cyber risk | Invezz
Mandiant pushes organizations to dump insecure NTLMv1 by releasing a way to crack it – Computerworld
The internet's oldest trust mechanism is still one of its weakest links - Help Net Security
North Korea-Linked Hackers Target Developers via Malicious VS Code Projects
Passwords are still a problem for UK businesses - what next? | TechRadar
SMEs looking for cover as cyber risks mount
Privacy teams feel the strain as AI, breaches, and budgets collide - Help Net Security
Other News
Most SMBs aren't set up to survive a major cyberattack - here's what needs to be done | TechRadar
The internet's oldest trust mechanism is still one of its weakest links - Help Net Security
One in 10 UK Firms “Unlikely to Survive” Serious Cyber Incident - Infosecurity Magazine
Reinventing transformation - UKTN
When the Olympics connect everything, attackers pay attention - Help Net Security
Why Higher Ed CIOs Must Rethink Cybersecurity
British Army to spend £279 million on permanent cyber regiment base - Help Net Security
Confusion and fear send people to Reddit for cybersecurity advice - Help Net Security
Ports central to EU cybersecurity | News | Port Strategy
Best of British: UK's infosec envoys are mostly US firms • The Register
Insurance CEOs bullish on growth but flag cyber as top constraint - KPMG | Insurance Business
Vulnerability Management
Zero-Day Exploits Surge, 30% of Flaws Attacked Before Disclosure - Infosecurity Magazine
Experts welcome EU-led alternative to MITRE's vulnerability tracking scheme | IT Pro
Curl shutters bug bounty program to stop AI slop • The Register
Vulnerabilities
Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) - Help Net Security
Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex
More Problems for Fortinet: Critical FortiSIEM Flaw Exploited
Fortinet admins report patched FortiGate firewalls getting hacked
Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations
New research shows Bluetooth devices are at risk of hijack - Trusted Reviews
Azure Identity Token Flaw Exposes Windows Admin Center to Tenant-Wide Breaches
Microsoft issues emergency patch for latest Windows bugs - grab it ASAP | ZDNET
Zoom fixed critical Node Multimedia Routers flaw
Microsoft & Anthropic MCP Servers At Risk of RCE, Cloud Takeovers
Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers
ACME Flaw in Cloudflare allowed attackers to reach origin servers
RondoDox botnet exploits critical HPE OneView bug • The Register
CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution
Oracle Critical Security Patch - 337 Vulnerabilities Patched Across Product Families
China-linked hackers exploited Sitecore zero-day for initial access
SmarterMail auth bypass flaw now exploited to hijack admin accounts
Critical Appsmith Flaw Enables Account Takeovers - Infosecurity Magazine
GitLab patches major security flaw - here's what we know | TechRadar
TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking - SecurityWeek
RealHomes CRM Plugin Flaw Affected 30,000 WordPress Sites - Infosecurity Magazine
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.