Black Arrow Cyber Threat Intelligence Briefing 24 April 2026
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Our review of cyber security open source intelligence this week includes insights that fall into four key themes.
AI is now a standard part of an attacker’s toolkit, increasing the speed and scale of attacks and amplifying the impact of existing techniques and vulnerabilities. Phishing remains a highly successful and popular route into organisations, including exploiting weaknesses in MFA and trusted business activities. The cyber insurance market is responding to the shifting risks, with insurers tightening terms around AI related risks while claims arising from ransomware, fraud and lawsuits remain prominent. Lastly, various sources are highlighting that businesses need to strengthen their management of cyber risks, including how they plan to respond to an incident.
From our perspective at Black Arrow, we are clear that the response to these developments must be from a leadership team that is upskilled on today’s evolving risks and has worked with impartial experts to assess their risks and controls, and to practice how to protect their business during an incident rather than relying only on the Technology team assurance. Contact us to discuss how to do this in a proportionate manner.
Top Cyber Stories of the Last Week
AI Is Now a ‘Standard Part of the Attacker Toolkit’
Forescout reports that artificial intelligence is now a routine part of cyber criminals’ toolkit, helping them identify weaknesses and speed up attacks. Its research found a sharp rise in AI capability, with all tested models in its latest study performing well at basic vulnerability research, compared with 55% failing a year earlier. The pace is striking: once inside a network, criminals now hand over access to other attackers in a median of 22 seconds, down from more than eight hours in 2022, increasing pressure on organisations to detect and respond far faster.
https://www.itpro.com/security/ai-is-now-a-standard-part-of-the-attacker-toolkit
Every Old Vulnerability Is Now an AI Vulnerability
In March 2026, Microsoft patched an Excel vulnerability that exposed a broader risk created by embedded AI assistants. A malicious spreadsheet could execute hidden code and use Copilot to exfiltrate data without user interaction or warning. The flaw was not new, but AI amplified its impact by acting with the same access as the host application. This means vulnerabilities in applications with embedded AI assistants can carry far greater business risk, highlighting that AI assistants effectively act as privileged systems, amplifying the impact of existing vulnerabilities.
https://www.darkreading.com/vulnerabilities-threats/every-old-vulnerability-ai-vulnerability
New Technology Is Increasing the Speed and Depth of Cyber Attacks
Financial services firms are facing faster, broader cyber attacks as criminals use artificial intelligence to find weaknesses, craft convincing scams and target suppliers as a route into larger organisations. IBM found the finance and insurance sector accounted for 27% of all incidents in 2025, while Kroll reported that 76% of organisations experienced an AI-related security incident over the past two years. In response, banks are tightening supplier checks, improving staff awareness and investing in tools that detect genuine threats more accurately, with regulators placing greater emphasis on operational resilience and rapid recovery.
https://www.ft.com/content/954a44c6-cc11-49dd-b95a-dba61438b532?syn-25a6b1a6=1
The AI Era Demands a Different Kind of CISO
AI is rapidly increasing the speed of cyber attacks, allowing weaknesses to be found and exploited in minutes rather than days or weeks. This is exposing the limits of traditional security checks such as audits, compliance reviews and periodic testing, which only show a snapshot in time. Security leadership is increasingly focused on real‑time visibility of risks, tighter control over who and what can access critical systems and data, and stronger incident response planning.
https://cyberscoop.com/ciso-strategy-ai-real-time-risk-op-ed/
Phishing and MFA Exploitation: Targeting the Keys to the Kingdom
Phishing remained a major route into organisations in 2025, featuring in 40% of incidents, while attackers increasingly bypassed multi‑factor authentication by exploiting weaknesses in how identity controls were implemented and managed. Criminals use convincing emails about routine business tasks such as IT requests, invoices, travel and expenses, often sent from trusted or seemingly internal accounts. Attackers increasingly targeted the controls that manage who is allowed to access systems, with a sharp rise in cases where organisations were fooled into trusting malicious devices, leading to a 178% increase in these types of breaches. The trend highlights how everyday workflows and trusted systems can be turned against an organisation when controls are inconsistent or poorly enforced.
https://blog.talosintelligence.com/phishing-and-mfa-exploitation-targeting-the-keys-to-the-kingdom/
Phishing Reclaims the Top Initial Access Spot, Attackers Experiment with AI Tools
Cisco Talos reports that phishing was the main route into organisations in early 2026, responsible for more than a third of known break-ins, while attacks on internet-facing systems fell from 62% at their peak to 18% after fixes and better detection. Healthcare and public administration were the most targeted sectors, each making up 24% of incidents. Weak multi-factor authentication, used to add a second identity check, remained the most common security gap at 35%. Talos also saw attackers using an AI website builder to create convincing fake login pages and steal credentials.
https://www.helpnetsecurity.com/2026/04/22/cisco-phishing-initial-access-2026/
Surge in Silent Subject Phishing Attacks Targets VIP Users
Cyberproof has reported a rise in phishing emails sent with no subject line, a tactic often targeting senior staff and other high value users. By removing normal warning signs, these messages are more likely to be opened and can also avoid some email security checks. The campaign grew throughout the first quarter of 2026, rising over 13% from January to February and a further 7.0% in March. Messages often include links, QR codes or attachments that lead to fake sign-in pages or harmful software, with attackers also misusing legitimate remote access tools to stay hidden inside organisations.
https://www.infosecurity-magazine.com/news/silent-subject-phishing-campaigns/
Threat Actors Exploiting Trust in Everyday Workflows
Abnormal AI found that email-based cyber attacks are increasingly designed to blend into normal business activity by mimicking trusted suppliers, routine payment requests and familiar internal communications. Its analysis of nearly 800,000 email attacks across more than 4,600 organisations found that 61% of business email compromise incidents involved supplier relationships. Phishing made up 58% of attacks, with many using multi-step web links to evade detection. The findings show that attackers are exploiting trust and everyday working practices, making fraudulent messages far harder to distinguish from legitimate business communication.
https://betanews.com/article/threat-actors-exploiting-trust-in-everyday-workflows/
UK Must Brace for Rise in State-Backed Cyberattacks, Security Chief Says
The UK is facing a growing threat from state-backed cyber attacks, with the National Cyber Security Centre handling around four nationally significant incidents each week. While ransomware remains the most common risk, the most serious attacks are now increasingly linked to hostile governments. Officials also warned that rising geopolitical tensions could trigger large-scale disruptive campaigns, particularly against critical national infrastructure. In response, the government is seeking closer cooperation with AI firms and has committed £90 million over three years to strengthen cyber security, including support for smaller businesses.
https://www.claimsjournal.com/news/national/2026/04/22/337080.htm
CISOs See Gaps in Their Incident Response Playbooks
Sygnia found that more than three quarters of senior security leaders said their organisation had suffered a cyber attack in the past year, yet 73% felt unprepared for the next one. While almost all reported having a formal incident response plan, many still struggle to put it into practice. Common weaknesses include poor coordination between decision makers, limited board and executive involvement, and delays caused by legal or communications concerns. The findings point to the importance of direct business leader involvement in incident response readiness, clearer decision‑making and coordination during attacks, and addressing visibility gaps before an incident occurs.
https://www.ciodive.com/news/cisos-gaps-incident-response-playbooks/817765/
SMEs Say Cyber Resilience Is Lacking Amid Fears Security Is Failing
A survey of 500 UK SMEs suggests cyber security readiness remains weak despite rising threat levels. One in eight businesses reported a past cyber attack, while 52% rated themselves moderately to highly vulnerable to future incidents. Fewer than one in ten provide regular staff awareness training, and less than a third have increased cyber security spending in the past two years. The findings also show limited resilience if operations are disrupted, with one in eight businesses saying they could not survive a full shutdown lasting more than 48 hours, highlighting that gaps in training, preparedness and investment translate directly into business survival risk.
https://www.emergingrisks.co.uk/smes-say-cyber-resilience-is-lacking-amid-fears-security-is-failing/
Insurance Carriers Quietly Back Away from Covering AI Outputs
Insurers are becoming more cautious about covering risks linked to artificial intelligence, with some excluding losses caused by AI generated decisions and others raising premiums. The concern is that many AI systems can produce inconsistent or hard to explain results, making claims harder to assess. Insurance providers are also asking far more detailed questions about how organisations use and control AI. Cover is proving especially difficult for businesses whose products are built around AI, while firms with clear oversight, monitoring and fallback plans are viewed more favourably by insurers.
Ransomware, Fraud, and Lawsuits Drive Cyber Insurance Claims to New Peaks
Cyber insurance provider At-Bay’s 2026 analysis of more than 100,000 policy years shows cyber insurance claims rising, with overall claim frequency up 7% and average losses reaching a record $221,000. Ransomware remained the most costly incident, averaging $508,000, while financial fraud was the most common, making up about 30% of claims. In 2025, 73% of ransomware attacks started through a virtual private network, or VPN, up from 38% two years earlier, while VPNs and remote desktop tools together accounted for 87% of claims. Separate legal claims also increased significantly, adding further cost through lawsuits and business interruption.
https://www.helpnetsecurity.com/2026/04/23/cyber-insurance-claims-report/
Governance, Risk and Compliance
CISOs see gaps in their incident response playbooks | CIO Dive
SMEs say cyber resilience is lacking amid fears security is failing
Ransomware, fraud, and lawsuits drive cyber insurance claims to new peaks - Help Net Security
CISOs reshape their roles as business risk strategists | CSO Online
Oil crisis? IT spending de-coupled from wider war shock • The Register
The AI era demands a different kind of CISO | CyberScoop
Cyber risks still getting lost in translation
Beyond awareness: Human risk management metrics for CISOs | TechTarget
Threats
Ransomware, Extortion and Destructive Attacks
Most Organizations Fail to Fully Recover After Ransomware Attacks
Ransomware, fraud, and lawsuits drive cyber insurance claims to new peaks - Help Net Security
'The Gentlemen' Rapidly Rises to Ransomware Prominence
1 in 3 Ransomware Claims Started with SonicWall in 2025 as VPN Attacks Nearly Double in Two Years
Payouts King ransomware uses QEMU VMs to bypass endpoint security
SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
The Gentlemen Ransomware Expands With Rapid Affiliate Growth - Infosecurity Magazine
Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
Adaptavist Group breach: Ransomware crew claims mega-haul • The Register
Kyber ransomware gang toys with post-quantum encryption on Windows
'Thankful I Got Caught': FBI Arrests Teen Hacker After Massive PowerSchool Breach
Scattered Spider member Tyler Buchanan pleads guilty to major crypto theft
Ransomware’s Next Phase: From Data Encryption to Business Extortion | Silicon UK Tech News
Third ransomware pro pleads guilty to cybercrime U-turn • The Register
Ransomware negotiator admits role in attacks he was hired to resolve - Help Net Security
Ex-FBI lead urges homicide charges against ransomware scum • The Register
Ransomware and Destructive Attack Victims
'Thankful I Got Caught': FBI Arrests Teen Hacker After Massive PowerSchool Breach
Hackers target US banking giants Frost Bank and Citizens Bank | Cybernews
Automotive Ransomware Attacks Double in a Year - Infosecurity Magazine
Ransomware Hits Automotive Data Expert Autovista - SecurityWeek
M&S one year on: turning anticipation into secure by design | Computer Weekly
French govt agency confirms breach as hacker offers to sell data
Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000 - SecurityWeek
Phishing & Email Based Attacks
Surge in Silent Subject Phishing Campaigns Targets VIP Users - Infosecurity Magazine
Threat actors exploiting trust in everyday workflows - BetaNews
Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks - SecurityWeek
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
Phishing and MFA exploitation: Targeting the keys to the kingdom
New iPhone phishing scam involves email sent from Apple servers | Macworld
Watch Out for Unexpected Apple Account Change Emails. It's a Phishing Scam
Cyberattack on French government agency triggers phishing alert - Help Net Security
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Threat actors exploiting trust in everyday workflows - BetaNews
Other Social Engineering
Threat actors exploiting trust in everyday workflows - BetaNews
Microsoft: Teams increasingly abused in helpdesk impersonation attacks
Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks - SecurityWeek
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
US nationals sentenced for aiding North Korea’s tech worker scheme | CyberScoop
North Korea targets macOS users in latest heist • The Register
New iPhone phishing scam involves email sent from Apple servers | Macworld
macOS ClickFix attacks deliver AppleScript stealers • The Register
AI Tools Are Helping Mediocre North Korean Hackers Steal Millions | WIRED
Lazarus Group Uses Fake Meetings to Hijack Crypto Firms | CoinMarketCap
How to spot a North Korean fake in a job interview - Help Net Security
2FA/MFA
Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks - SecurityWeek
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
Phishing and MFA exploitation: Targeting the keys to the kingdom
Artificial Intelligence
UK Government Sound Alarm Over AI Security Risk - IT Security Guru
HR Magazine - Government advises businesses about AI cyber threats
What is Anthopic's Claude Mythos and what risks does it pose? - BBC News
Insurance carriers quietly back away from covering AI outputs | CSO Online
New technology is increasing the speed and depth of cyber attacks
The AI cybersecurity boom may be creating a bigger problem than it solves | Ctech
Anthropic's Mythos AI model sparks fears of turbocharged hacking - Ars Technica
Russia uses AI to hack Europe, Dutch intelligence warns – POLITICO
Cybersecurity in the age of AI means bigger, faster threats | TechTarget
A tsunami of flaws: When frontier AI and Patch Tuesday collide | Computer Weekly
Anthropic’s Claude Is Pumping Out Vulnerable Code, Cyber Experts Warn
AI Tools Are Helping Mediocre North Korean Hackers Steal Millions | WIRED
ECB to Quiz Bankers About Risks of Anthropic’s New AI Model, Source Says
Beyond Mythos: A Defining Moment for Cybersecurity
OpenClaw Exposes the Real Cybersecurity Risks of Agentic AI - Infosecurity Magazine
Anthropic's Mythos model accessed by unauthorized users, Bloomberg News reports | Reuters
OpenAI’s Codex agent fails as an investigator | Cybernews
House lawmakers get a chilling demo of ‘jailbroken’ AI - POLITICO
Time for government, business leaders to figure out AI cybersecurity regulation — Harvard Gazette
Mythos can find the vulnerability. It can't tell you what to do about it. | CyberScoop
Anthropic's Mythos AI System Might Actually Create More Cybersecurity Vulnerabilities
Every Old Vulnerability Is Now an AI Vulnerability
Commercial AI Models Show Rapid Gains in Vulnerability Research - Infosecurity Magazine
How AI companies are quietly becoming the world’s cybersecurity gatekeepers - The Hindu
New artificial intelligence bots could drain nation's cash machines | This is Money
Never put all your eggs in one basket, fintech CTO warns after Anthropic suspends 60+ accounts
UK to build ‘national cyber shield’ to protect against AI cyber threats | Computer Weekly
Bots/Botnets
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
Attackers Exploit DVR Command Injection Flaw to Deploy Botnet - Infosecurity Magazine
New Mirai campaign exploits RCE flaw in EoL D-Link routers
New Mirai variants target routers and DVRs in parallel campaigns - Help Net Security
Researchers link Smartproxy.org IPs to IPIDEA botnet network Google disrupted | Cybernews
Careers, Roles, Skills, Working in Cyber and Information Security
CYBERUK ’26: UK lagging on legal protections for cyber pros | Computer Weekly
What it takes to win that CSO role | CSO Online
CISOs reshape their roles as business risk strategists | CSO Online
The AI era demands a different kind of CISO | CyberScoop
Cloud/SaaS
EU pushes for stronger cloud sovereignty, awards €180 million to four providers - Help Net Security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
AI Tools Are Helping Mediocre North Korean Hackers Steal Millions | WIRED
Lazarus Group Uses Fake Meetings to Hijack Crypto Firms | CoinMarketCap
KelpDAO suffers $290 million heist tied to Lazarus hackers
macOS ClickFix attacks deliver AppleScript stealers • The Register
Are Russian exchanges like Grinex targeted by hackers or spies? - Cryptopolitan
Grinex exchange blames "Western intelligence" for $13.7M crypto hack
Google warns quantum computers could break crypto encryption sooner than expected. | Mashable
China's Apple App Store infiltrated by crypto-stealing wallet apps
Dozens of Malicious Crypto Apps Land in Apple App Store - SecurityWeek
Cyber Crime, Organised Crime & Criminal Actors
Scattered Spider member Tyler Buchanan pleads guilty to major crypto theft
Inside Caller-as-a-Service Fraud: The Scam Economy Has a Hiring Process
The shadowy SIM farms behind those incessant scam texts - and how to stay safe | ZDNET
How Cybercrime Became a Leading Industry in ‘Scambodia’ - WSJ
Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops
Hackers who stole crime tip records now selling them | Cybernews
A single platform powers SIM farm proxy networks across 17 countries - Help Net Security
Data Breaches/Leaks
Hackers who stole crime tip records now selling them | Cybernews
Lovable denies data leak, cites 'intentional behavior' • The Register
Unsecured Perforce Servers Expose Sensitive Data From Major Orgs - SecurityWeek
Data breach at edtech giant McGraw Hill affects 13.5 million accounts
Man gets 30 months for selling thousands of hacked DraftKings accounts
Hacker Jeffrey Epstein claims 400K records stolen from Bol | Cybernews
WhatsApp Leaks User Metadata to Attackers
France's 'Secure' ID agency probes claimed 19M record breach • The Register
Cosmetics giant Rituals confirms data breach of customer membership records | TechCrunch
Crook claims to leak 'video surveillance footage' of firms • The Register
President of German parliament hit by Signal hack, report says – POLITICO
Data Protection
GDPR works, but only where someone enforces it - Help Net Security
Data/Digital Sovereignty
EU pushes for stronger cloud sovereignty, awards €180 million to four providers - Help Net Security
Denial of Service/DoS/DDoS
Four arrested in latest ‘PowerOFF’ DDoS-for-hire takedown | The Record from Recorded Future News
Europol launches Operation PowerOFF — warns 75,000 DDoS users and takes down 53 domains | TechRadar
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility
Mastodon says its flagship server was hit by a DDoS attack | TechCrunch
Encryption
Half of the 6 Million Internet-Facing FTP Servers Lack Encryption - SecurityWeek
Google warns quantum computers could break crypto encryption sooner than expected. | Mashable
Kyber ransomware gang toys with post-quantum encryption on Windows
The race to become quantum-safe | IT Pro
Fraud, Scams and Financial Crime
Ransomware, fraud, and lawsuits drive cyber insurance claims to new peaks - Help Net Security
Inside Caller-as-a-Service Fraud: The Scam Economy Has a Hiring Process
The shadowy SIM farms behind those incessant scam texts - and how to stay safe | ZDNET
How cybercrime became a leading industry in ‘Scambodia’
Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops
A single platform powers SIM farm proxy networks across 17 countries - Help Net Security
How to spot a North Korean fake in a job interview - Help Net Security
Insider Risk and Insider Threats
How to spot a North Korean fake in a job interview - Help Net Security
Insurance
Ransomware, fraud, and lawsuits drive cyber insurance claims to new peaks - Help Net Security
Insurance carriers quietly back away from covering AI outputs | CSO Online
Cyber risks still getting lost in translation
Internet of Things – IoT
Attackers Exploit DVR Command Injection Flaw to Deploy Botnet - Infosecurity Magazine
New Mirai campaign exploits RCE flaw in EoL D-Link routers
New Mirai variants target routers and DVRs in parallel campaigns - Help Net Security
Law Enforcement Action and Take Downs
Four arrested in latest ‘PowerOFF’ DDoS-for-hire takedown | The Record from Recorded Future News
Europol launches Operation PowerOFF — warns 75,000 DDoS users and takes down 53 domains | TechRadar
Scattered Spider member Tyler Buchanan pleads guilty to major crypto theft
British National Admits Hacking Companies and Stealing Millions in Virtual Currency
DraftKings hacker sentenced to prison, ordered to pay $1.4 Million
Man gets 30 months for selling thousands of hacked DraftKings accounts
'Thankful I Got Caught': FBI Arrests Teen Hacker After Massive PowerSchool Breach
Third ransomware pro pleads guilty to cybercrime U-turn • The Register
Ransomware negotiator admits role in attacks he was hired to resolve - Help Net Security
Linux and Open Source
Open source malware sees a 21 percent increase - BetaNews
Malvertising
When PUPs Bite: Huntress Uncovers “weaponised” Adware Exposing 25,000+ Systems
Malware
When PUPs Bite: Huntress Uncovers “weaponised” Adware Exposing 25,000+ Systems
Open source malware sees a 21 percent increase - BetaNews
Formbook Malware Campaign Uses Multiple Obfuscation Techniques - Infosecurity Magazine
Another npm supply chain worm hits dev environments • The Register
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths - Security Boulevard
macOS ClickFix attacks deliver AppleScript stealers • The Register
Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware
Bitwarden NPM Package Hit in Supply Chain Attack - SecurityWeek
New Checkmarx supply-chain breach affects KICS analysis tool
109 Fake GitHub Repositories Used to Deliver SmartLoader and StealC Malware
Mobile
China's Apple App Store infiltrated by crypto-stealing wallet apps
Dozens of Malicious Crypto Apps Land in Apple App Store - SecurityWeek
New iPhone phishing scam involves email sent from Apple servers | Macworld
Android Phones Shown to Have a Major Biometric Security Weakness - Tech Advisor
The History of iOS Exploits: Apple’s Flawed Security Paradigm
Models, Frameworks and Standards
GDPR works, but only where someone enforces it - Help Net Security
UK Commits £90m for Cybersecurity and Pushes for ‘Resilience Pledge’ - Infosecurity Magazine
Passwords, Credential Stuffing & Brute Force Attacks
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
What Makes Credential Stuffing Difficult to Detect? - Security Boulevard
NCSC heralds end of passwords for consumers and pushes secure passkeys | Computer Weekly
Regulations, Fines and Legislation
Social media bans might steer kids into riskier corners of the internet - Help Net Security
Time for government, business leaders to figure out AI cybersecurity regulation — Harvard Gazette
CISA Budget Cuts Could Push More Security Burden onto MSSPs | news | MSSP Alert
EU's New Age Verification App Can Be Hacked Within 2 Minutes, Researchers Claim
Ex-FBI lead urges homicide charges against ransomware scum • The Register
The surveillance law Congress can't quit — and can't explain | CyberScoop
Washington’s 2026 cyber strategy normalises offensive operations | The Strategist
CISA director pick Sean Plankey withdraws his nomination | CyberScoop
Social Media
Social media bans might steer kids into riskier corners of the internet - Help Net Security
Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility
Mastodon says its flagship server was hit by a DDoS attack | TechCrunch
UK probes Telegram, teen chat sites over CSAM sharing concerns
Supply Chain and Third Parties
Threat actors exploiting trust in everyday workflows - BetaNews
Another npm supply chain worm hits dev environments • The Register
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths - Security Boulevard
Bitwarden NPM Package Hit in Supply Chain Attack - SecurityWeek
New Checkmarx supply-chain breach affects KICS analysis tool
109 Fake GitHub Repositories Used to Deliver SmartLoader and StealC Malware
Unsecured Perforce Servers Expose Sensitive Data From Major Orgs - SecurityWeek
Crook claims to leak 'video surveillance footage' of firms • The Register
The US NSA is using Anthropic's Claude Mythos despite supply chain risk
Why the Axios attack proves AI is mandatory for supply chain security | CyberScoop
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
U.K. Forces Counter Covert Russian Submarine Activities, Officials Say - USNI News
The scramble to protect Britain’s undersea cables from sabotage
New undersea cable cutter risks Internet’s backbone - Ars Technica
How Iran Has Excelled at 'Threat Projection' Using Cyber
UK Must Brace for Rise in State-Backed Cyberattacks, Security Chief Says
UK faces ‘perfect storm’ for cybersecurity, says cyber chief - UKTN
Sweden Sees Russia Intensifying Cyber Attacks on Infrastructure
Poland hit by record cyberattacks in 2025 as minister warns of 'digital war'
Government Can’t Win the Cyber War Without the Private Sector - SecurityWeek
Iran claims US used backdoors in networking equipment • The Register
The U.S. must defend the final frontier against cyberattacks - SpaceNews
Seeing the Cyber in Economic Statecraft
Nation State Actors
UK Says Iran, China Drive Regular Significant Cyberattacks
Iran, Russia and China behind most major cyberattacks on UK, security chief warns | The Independent
Cyber chief: UK faces "perfect storm" for cyber security | National Cyber Security Centre
UK intelligence: 100 nations have spyware that can hack Britain – POLITICO
Cheapskate cyber strategy won't stop Beijing's finest • The Register
UK Must Brace for Rise in State-Backed Cyberattacks, Security Chief Says
The U.S. must defend the final frontier against cyberattacks - SpaceNews
Seeing the Cyber in Economic Statecraft
China
UK Says Iran, China Drive Regular Significant Cyberattacks
Iran, Russia and China behind most major cyberattacks on UK, security chief warns | The Independent
Cheapskate cyber strategy won't stop Beijing's finest • The Register
The scramble to protect Britain’s undersea cables from sabotage
New undersea cable cutter risks Internet’s backbone - Ars Technica
UK Must Brace for Rise in State-Backed Cyberattacks, Security Chief Says
Chinese APT Targets Indian Banks, Korean Policy Circles
Russia
UK: Russian Hacking Reaches New Levels of Hostility
Iran, Russia and China behind most major cyberattacks on UK, security chief warns | The Independent
The scramble to protect Britain’s undersea cables from sabotage
U.K. Forces Counter Covert Russian Submarine Activities, Officials Say - USNI News
Russia uses AI to hack Europe, Dutch intelligence warns – POLITICO
Sweden Sees Russia Intensifying Cyber Attacks on Infrastructure
Poland hit by record cyberattacks in 2025 as minister warns of 'digital war'
Sanctioned Grinex halts after $13M crypto hack / The New Voice of Ukraine
Information Warfare: Russians Returning To landlines
North Korea
AI Tools Are Helping Mediocre North Korean Hackers Steal Millions | WIRED
Lazarus Group Uses Fake Meeting Hack
KelpDAO suffers $290 million heist tied to Lazarus hackers
North Korea targets macOS users in latest heist • The Register
UK Must Brace for Rise in State-Backed Cyberattacks, Security Chief Says
How to spot a North Korean fake in a job interview - Help Net Security
Iran
UK Says Iran, China Drive Regular Significant Cyberattacks
Iran, Russia and China behind most major cyberattacks on UK, security chief warns | The Independent
How Iran Has Excelled at 'Threat Projection' Using Cyber
Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility
The thin gray line: Handala, CyberAv3ngers and Iran’s proxy ops | CSO Online
Cybersecurity Risks Related to the Iran War | Dinsmore & Shohl LLP - JDSupra
Iran claims US used backdoors in networking equipment • The Register
Inside ZionSiphon: politically driven malware aims at Israeli water systems
Tools and Controls
Ransomware, fraud, and lawsuits drive cyber insurance claims to new peaks - Help Net Security
What is Anthopic's Claude Mythos and what risks does it pose? - BBC News
New technology is increasing the speed and depth of cyber attacks
The AI cybersecurity boom may be creating a bigger problem than it solves | Ctech
Anthropic’s New Mythos A.I. Model Sets Off Global Alarms - The New York Times
1 in 3 Ransomware Claims Started with SonicWall in 2025 as VPN Attacks Nearly Double in Two Years
CISOs see gaps in their incident response playbooks | CIO Dive
CISOs reshape their roles as business risk strategists | CSO Online
The AI era demands a different kind of CISO | CyberScoop
Half of the 6 Million Internet-Facing FTP Servers Lack Encryption - SecurityWeek
ECB to Quiz Bankers About Risks of Anthropic’s New AI Model, Source Says
Commercial AI Models Show Rapid Gains in Vulnerability Research - Infosecurity Magazine
How AI companies are quietly becoming the world’s cybersecurity gatekeepers - The Hindu
Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware
The Mythos Breach: Why Frontier Models Turn AI Safety Into A Fiduciary Responsibility
Oil crisis? IT spending de-coupled from wider war shock • The Register
Other News
Cyber attacks fuel surge in cargo theft across logistics industry
MacOS Native Tools Enable Stealthy Enterprise Attacks - Infosecurity Magazine
MSSPs Need to Move Beyond Reactive Security | perspective | MSSP Alert
Health care’s biggest cybersecurity vulnerability is structural | STAT
How hackers are helping criminal gangs hijack truck deliveries
Experts say telecoms should include internet security for free | News | ERR
Vulnerability Management
New technology is increasing the speed and depth of cyber attacks
The AI cybersecurity boom may be creating a bigger problem than it solves | Ctech
Anthropic's Mythos AI model sparks fears of turbocharged hacking - Ars Technica
A tsunami of flaws: When frontier AI and Patch Tuesday collide | Computer Weekly
What is Anthopic's Claude Mythos and what risks does it pose? - BBC News
ECB to Quiz Bankers About Risks of Anthropic’s New AI Model, Source Says
Anthropic's Mythos model accessed by unauthorized users, Bloomberg News reports | Reuters
Mythos can find the vulnerability. It can't tell you what to do about it. | CyberScoop
Every Old Vulnerability Is Now an AI Vulnerability
Commercial AI Models Show Rapid Gains in Vulnerability Research - Infosecurity Magazine
NIST to stop rating non-priority flaws due to volume increase
The History of iOS Exploits: Apple’s Flawed Security Paradigm
Vulnerabilities
Unpatched Microsoft Defender Flaw Lets Hackers Gain Admin Access on Windows | Extremetech
Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks
PoC Exploit Released for Windows Snipping Tool NTLM Hash Leak Vulnerability
Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster - SecurityWeek
More Cisco SD-WAN bugs battered in attacks • The Register
New RDP Alert After April 2026 Security Update Warns of Unknown Connections
Android Phones Shown to Have a Major Biometric Security Weakness - Tech Advisor
Microsoft releases emergency updates to fix Windows Server issues
Critical flaw in Protobuf library enables JavaScript code execution
Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case
Apple releases important iOS and iPadOS security fix you need to install now - PhoneArena
Oracle Patches 450 Vulnerabilities With April 2026 CPU - SecurityWeek
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
New Firefox update patches a whopping 271 bugs with help from Claude Mythos | ZDNET
New Mirai variants target routers and DVRs in parallel campaigns - Help Net Security
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution
Microsoft issues emergency update for macOS and Linux ASP.NET threat - Ars Technica
Hackers exploit file upload bug in Breeze Cache WordPress plugin
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.