Black Arrow Cyber Threat Intelligence Briefing 26 June 2026
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
In our review of cyber security threat intelligence this week, we start with details of emerging and evolving threats. The ransomware group called The Gentlemen, which we referenced earlier this month, has developed a toolkit that disables victims’ security tools before encrypting data, while another group called ShinyHunters is increasingly seen using stolen credentials and trusted third-party access paths to reach victims.
Business leaders are recognising the risks from these and other tactics: we report that 65% of organisations believe a serious cyber attack could threaten their survival, and we include perspectives on the need for business leaders to convert this awareness into preparation for an attack, including as the risks accelerate due to AI and the routes of entry widen beyond emails to include other communications channels.
The next steps for business leaders are clear: take an impartial look at what needs to be protected and the risks, and establish controls to address those risks through a structured framework. The key is achieving objectivity and proportionality, by an upskilled leadership team working with impartial experts to define the required security contributions from the organisation’s control providers across technology, people and operations. Contact us to discuss how we can support you in achieving this.
Top Cyber Stories of the Last Week
GentleKiller Framework Disables Victims' Security Software
ESET has identified GentleKiller, a toolkit used by The Gentlemen ransomware group to disable victims’ security tools before data is encrypted. The framework targets more than 400 processes across around 48 security products, including major endpoint protection platforms. It abuses trusted but flawed software drivers to gain deep system access and disable security software before encrypting data. The group has built at least eight variants and offers affiliates a 90% share of ransom payments, reflecting a more organised and service-driven ransomware model.
https://www.infosecurity-magazine.com/news/gentlekiller-gentlemen-ransomware/
What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks
Recent ShinyHunters breaches show that attackers no longer need malicious software or unknown software flaws to cause major harm. Incidents linked to organisations including the University of Nottingham, DentaQuest, 7-Eleven, Medtronic and Wynn Resorts point to a growing focus on stolen logins, MFA fatigue attacks and trusted third-party access. Once criminals gain valid credentials or digital tokens, which act like temporary access passes, their activity can look legitimate. For senior leaders, this reinforces the need to treat identity and access as a core cyber security risk, not just an IT control.
https://www.securityweek.com/what-the-latest-shinyhunters-breaches-reveal-about-modern-cyberattacks/
Experts Warn: Passwords Still Winning Despite Passwordless Push
Passwords remain the most widely exploited attack surface despite growing adoption of passwordless technology. Since the start of 2025, more than 16 billion passwords have been compromised globally, while credential abuse now accounts for 22% of breaches. Brute force attacks, where criminals repeatedly try login combinations, have almost tripled in the past year. Passkeys and phishing-resistant authentication offer stronger protection, but adoption remains uneven due to legacy systems, user change challenges and inconsistent platform support. For many organisations, passwords and passkeys will need careful governance side by side for some time.
What 22,000 Breaches Teach Us About Incident Preparedness
Verizon’s 2026 Data Breach Investigations Report reviewed more than 22,000 confirmed breaches across 145 countries and highlights a growing gap between attack speed and organisational readiness. Ransomware appeared in 48% of breaches, while incidents involving suppliers or service providers rose by 60%. Exploitation of software vulnerabilities became the leading route into organisations, with critical fixes taking a median of 43 days. The findings reinforce the need for organisations to strengthen vulnerability management, third-party risk management and regular incident response exercises that test operational disruption, supplier failures and executive decision making before a real breach occurs.
The AI Shift in Cyber Risk: Why Leaders Must Act Now
Five Eyes cyber security agencies have warned that artificial intelligence is rapidly changing cyber risk, with the impact expected to intensify in months rather than years. AI is helping attackers move faster, increasing the speed, scale and complexity of threats, while also offering defenders stronger tools to spot weaknesses and respond earlier. For senior leaders, cyber risk is a core business issue linked to operational continuity, market confidence and reputation. Priorities include reducing unnecessary system access, patching faster, addressing outdated technology, strengthening access controls and testing incident response plans before disruption occurs.
https://www.ncsc.gov.uk/news/the-ai-shift-in-cyber-risk-why-leaders-must-act-now
Why Knowing the Risk Isn’t the Same as Being Ready for It
UK businesses are more aware of cyber security risk than ever, but many remain underprepared. The latest Cyber Security Breaches Survey found only 19% of businesses ran staff training in the past year. Firebrand research also found just 27% of UK organisations are fully prepared for AI-powered cyber attacks, while nearly half experienced at least one attack in the past 12 months. The cost of the most disruptive breach commonly fell between £100,000 and £199,999 once downtime, recovery, regulatory exposure and reputational damage were included. The findings highlight the importance of regular training and recognised cyber security certification to strengthen organisational resilience.
https://www.emergingrisks.co.uk/why-knowing-the-risk-isnt-the-same-as-being-ready-for-it/
Confidence Lacks in Threat Detection Across Non-Email Channels Like Slack and Teams
KnowBe4 research found that many organisations lack confidence in detecting threats across workplace messaging and collaboration tools. In a survey of 169 cyber security professionals at Infosecurity Europe 2026, 50% said they lacked strong confidence in spotting threats across channels such as Slack, Microsoft Teams, social media and WhatsApp, while 60% said cyber attacks were already moving beyond email. Phishing emails remained the biggest perceived threat, selected by 61% of respondents. Training was also inconsistent, with just 41% regularly covering non-email threats.
https://www.infosecurity-magazine.com/news/threat-detection-across-nonemail/
Repeated Cyber Disruption Costing SMEs Up to €3.4Bn Annually
New research from telecoms provider eir Business estimates that cyber attacks cost Irish SMEs up to €3.4 billion each year, with much of the impact driven by repeated everyday disruption rather than major one-off breaches. The report found that SMEs with stronger cyber preparedness reduced annual downtime from more than 30 days to around five. It also found that a structured data management strategy reduced the likelihood of experiencing an attack from 40% to 24%.
https://www.techcentral.ie/repeated-cyber-disruption-costing-smes-up-to-e3-4bn-annually/
Businesses Are Expecting Catastrophic Cyber Incidents: 65% Think a Serious Cyber Attack Could Threaten Survival
Databarracks reports that 65% of organisations now believe a serious cyber attack could threaten their survival, following a series of high-profile cyber incidents. Cyber incidents remain the leading cause of IT downtime and data loss for the fourth year running, with 30% citing them as their biggest cause of downtime and 43% of large organisations reporting data loss. The proportion of organisations reporting AI-enabled attacks more than doubled to 25%. Encouragingly, 59% of ransomware victims recovered from backups, while only 18% paid a ransom.
Professional Services Firms the ‘Flavour of the Month’ for Cyber Attacks
Professional services firms, particularly law firms, are currently a prominent target for cyber attacks due to the sensitive client information they hold, including merger activity, trade secrets and employment matters. Attackers are increasingly using phishing and social engineering to trick staff into granting remote access, then quietly stealing data for extortion rather than encrypting systems. The risk is not limited to large firms, with organisations of all sizes exposed. Strong response planning, clear decision-making roles and a culture where staff report mistakes quickly are essential to responding effectively and reducing the impact of an incident.
https://www.cityam.com/professional-services-firms-the-flavour-of-the-month-for-cyberattacks/
Only 7% of Companies Are Ready for the AI Agents They Deployed
Veeam reports that although 88% of organisations are now running or piloting AI agents, only 7% are fully prepared to manage the risks of the AI agents they have deployed. Many are relying on poor quality or fragmented data, while responsibility for oversight is often unclear. The report warns that AI agents acting on poor-quality data can repeat errors across thousands of decisions before they are detected. The report also highlights widespread use of unapproved AI tools by employees, with only a quarter of organisations providing approved options for everyone.
https://www.helpnetsecurity.com/2026/06/23/ai-trust-gap-research/
Stressors, AI Forcing Changes to Cyber Security Teams
A new ISSA and Omdia survey highlights growing pressure on cyber security leaders, with 68% of cyber security and IT professionals saying their role is harder than two years ago. More than half cite rising complexity, heavier workloads and more overwhelming threats. AI is adding to the challenge, particularly through shadow AI, where employees adopt AI tools without the security team's knowledge, reducing visibility and control. At the same time, 37% already use AI to support cyber security work and 46% plan to, while demand for fractional cyber security leaders is increasing as organisations seek expert guidance without a full-time appointment.
https://www.darkreading.com/cybersecurity-operations/stressors-ai-changes-cybersecurity-teams
Threats
Ransomware, Extortion and Destructive Attacks
The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes
The Human Cost of Ransomware: Why CISOs Must Think Beyond Technology - Infosecurity Magazine
What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks - SecurityWeek
What 22,000 breaches teach us about incident preparedness | CSO Online
New 'Mistic' RAT Opens Door to Several Ransomware Families - SecurityWeek
INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023
ShinyHunters Targets Oracle PeopleSoft Customers Through Critical Zero-day
New Prinz Eugen ransomware prioritizes recent files for encryption
Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Espionage - Infosecurity Magazine
INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific
Ransomware and Destructive Attack Victims
How 100 Romanian hospitals switched to pen and paper to defeat a national cyber-attack - BBC News
Novo Nordisk Breach Exposes Software Development Pipeline Risk
Amazon’s One Medical hit by data breach claims | Cybernews
Phishing & Email Based Attacks
Confidence Lacks in Threat Detection Across Non-Email Channels - Infosecurity Magazine
EvilTokens Hides Its Attack Flow in the Browser, Exposing Static Analysis Gaps
Phishing hides in routine Microsoft 365 workflows - Help Net Security
INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific
Other Social Engineering
He Thought He Was Secure; His Phone Number Was Stolen Anyway
New macOS ClickFix attack silently mounts DMGs to push infostealer
Gizmodo readers hit with ClickFix malware prompts after account compromise
2FA/MFA
He Thought He Was Secure; His Phone Number Was Stolen Anyway
Artificial Intelligence
Only 7% of companies are ready for the AI agents they deployed - Help Net Security
Change your cyber risk strategy to meet AI threats, Five Eyes countries warn CSOs | CSO Online
Society has ‘months, not years’ to prepare for major AI cyberthreats – PublicTechnology
Trust is the target: the new AI-era supply-chain attacks
Anthropic's Mythos AI broke into almost all NSA classified systems in hours
Spy agencies say AI can help combat AI cyber risks. But don’t forget the basics
The AI shift in cyber risk: why leaders must act now | National Cyber Security Centre
Get Ready for a Catastrophic Leak That Reveals All Your Messages and Search History
A public Sentry key is all it takes to hijack Claude Code, Cursor, and Codex - The New Stack
Stressors, AI Forcing Changes to Cybersecurity Teams
Hundreds of AI-powered iOS apps found exposing credentials - Help Net Security
Stop Your Legacy Infrastructure from Hijacking Your AI Agents
AI Is Making Attacks Cheaper, Faster and More Covert, Says ReliaQuest - Infosecurity Magazine
Cybercriminals Are Worried About AI Taking Their Jobs Too - Infosecurity Magazine
Microsoft links Mastra AI supply chain attack to North Korean hackers
Every AI Agent Is an Identity. Most Organizations Don't Treat Them That Way
Cybersecurity was built for predictable systems. AI changes the rules | CSO Online
Researchers Trick AI Browsers Into Leaking Credentials - Infosecurity Magazine
More Malicious OpenClaw Skills Threaten AI Supply Chain
Amateur Hacker Used Claude And OpenAI Agents To Hack 14 Companies
When Information Becomes the Attack Surface - Understanding AI Agent Traps - SecurityWeek
Forget Data Leakage: Shadow AI's Real Threat Is Access Control
AI risks triggering ‘catastrophic’ phone network blackouts
Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps - SecurityWeek
Police risk being outwitted by criminals using AI, says Met chief
macOS Backdoor Uses Prompt Injection to Evade AI Triage - Infosecurity Magazine
The New Energy War: Why The AI Grid Is The New Battleground
AI Shopping Agents Pose Novel Liability, Authorization Risks
PYMNTS | AI Is Now the Threat Banks Must Plan Around
Most teams will ship AI-written infrastructure code with little review - Help Net Security
Bots/Botnets
15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown - SecurityWeek
Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices
Careers, Roles, Skills, Working in Cyber and Information Security
Stressors, AI Forcing Changes to Cybersecurity Teams
Cloud/SaaS
Phishing hides in routine Microsoft 365 workflows - Help Net Security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Microsoft finds USB worm that steals cryptocurrency through clipboard hijacking and Tor
Cyber Crime, Organised Crime & Criminal Actors
Cybercriminals Are Worried About AI Taking Their Jobs Too - Infosecurity Magazine
Algerian man charged with running two cybercrime marketplaces | CyberScoop
One-two punch delivered in global operation disrupts cybercrime "assembly line" - Ars Technica
In a first, a court takedown goes after two cybercrime tools at once | CyberScoop
Europol Disrupts StealC and Amadey Malware Infrastructure in Operation Endgame
Police risk being outwitted by criminals using AI, says Met chief
Civilians behind international police probe into Russian cybercriminals - National | Globalnews.ca
Data Breaches/Leaks
Get Ready for a Catastrophic Leak That Reveals All Your Messages and Search History
124 Million Unique Passwords Exposed In New Infostealer Log Dataset
Klue Hack Leads to Data Breach Across Multiple Cybersecurity Companies
FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
24 Billion Stolen Credentials Exposed in Massive Data Leak - Security Affairs
Amazon’s One Medical hit by data breach claims | Cybernews
Hackers claim they stole a million records belonging to Canada Life users | Cybernews
Klue OAuth breach victim list grows as Icarus hackers claim attack
LastPass suffers another data breach, but this time your password vault is safe - Digital Trends
Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps - SecurityWeek
Texas govt data breach exposes over 3 million driver’s licenses
I Traced My Leaked Email Address to the Dark Web. Here's How It Got There
HCRG Care Group cyber attack leaves patient 'fuming' - BBC News
Texas Parks & Wildlife Data Breach Affects 3 Million Individuals - SecurityWeek
Xsolis Data Breach Affects 1.4 Million Individuals - SecurityWeek
Data Protection
Britain's privacy watchdog quits after 'poor judgment' admission
Encryption
Trump Orders US to Speed Quantum Adoption, Boost Cyber Defenses
Trump Signs Executive Order Accelerating Post-Quantum Cryptography Migration - SecurityWeek
Fraud, Scams and Financial Crime
Imposter Scams Cost Americans $3.5 Billion in 2025 - and It's Getting Worse
Inside the dark web: Stolen identities for 95¢, malware, and scams-for-hire | Malwarebytes
GTA 6 Scams Emerge as Pre-Orders Open - Infosecurity Magazine
Warning over Grand Theft Auto VI scam which could drain bank accounts - Birmingham Live
INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific
Identity and Access Management
How World Cup Password Trends Can Increase Active Directory Risk - Infosecurity Magazine
Internet of Things – IoT
How Chinese cars became a national security issue in Israel | Ctech
Residential proxy SDKs are hiding in LG and Samsung smart TV apps - Help Net Security
Law Enforcement Action and Take Downs
Scattered Spider members plead guilty to hacking Transport for London
Algerian man charged with running two cybercrime marketplaces | CyberScoop
In a first, a court takedown goes after two cybercrime tools at once | CyberScoop
Europol Disrupts StealC and Amadey Malware Infrastructure in Operation Endgame
15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown - SecurityWeek
Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites
Civilians behind international police probe into Russian cybercriminals - National | Globalnews.ca
Nathan Austad Pleads Guilty in DraftKings Hacking Scheme, Gets 18 Months
DraftKings hacker 'Snoopy' sentenced to 18 months in prison
Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices
Police risk being outwitted by criminals using AI, says Met chief
Linux and Open Source
Linux users face a Microsoft Secure Boot headache - here's the painkiller | ZDNET
Open-source security is posing challenges governments can't easily solve | CyberScoop
Backporting bug fixes is dead, Project Valkey now sends in the bots - The New Stack
Malware
124 Million Unique Passwords Exposed In New Infostealer Log Dataset
FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
New 'Mistic' RAT Opens Door to Several Ransomware Families - SecurityWeek
Hackers Impersonate Node.js Installer in Google Ads to Deploy Infostealer Malware
macOS Backdoor Uses Prompt Injection to Evade AI Triage - Infosecurity Magazine
AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network
4,300+ Outdated Routers Hijacked in Stealthy Spy Infrastructure by AryStinger malware
Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices
One-two punch delivered in global operation disrupts cybercrime "assembly line" - Ars Technica
Europol Disrupts StealC and Amadey Malware Infrastructure in Operation Endgame
Microsoft finds USB worm that steals cryptocurrency through clipboard hijacking and Tor
New macOS ClickFix attack silently mounts DMGs to push infostealer
Gizmodo readers hit with ClickFix malware prompts after account compromise
A CISO's guide to infostealers: Prevention and detection | TechTarget
Japan defense forces used USB drives with China-linked virus: Nikkei investigation - Nikkei Asia
Malicious Edge extension abuses Native Messaging as bridge to malware
ShapedPlugin update flow hacked to infect WordPress sites
Mobile
He Thought He Was Secure; His Phone Number Was Stolen Anyway
Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps - SecurityWeek
Hundreds of AI-powered iOS apps found exposing credentials - Help Net Security
Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
Google sets timeline for Android developer verification enforcement - Help Net Security
Companies are profiling you from your smartphone use - how to stop them | ZDNET
WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool
The 10-step phone security tune-up you should run every year - and why | ZDNET
Outages
Parts of the internet go down after major network outage | News Tech | Metro News
One Railway Radio Outage Stopped Trains Across Germany and Nobody Knew Why
Passwords, Credential Stuffing & Brute Force Attacks
124 Million Unique Passwords Exposed In New Infostealer Log Dataset
FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
NCSC Urges Fortinet Customers to Tackle FortiBleed Fallout - Infosecurity Magazine
24 Billion Stolen Credentials Exposed in Massive Data Leak - Security Affairs
Klue says hackers stole credential from 2022 that led to customer data breaches | TechCrunch
Experts Warn: Passwords Still Winning Despite Passwordless Push - IT Security Guru
How World Cup Password Trends Can Increase Active Directory Risk - Infosecurity Magazine
A Glimpse into the “Search Your Target” Market for Stolen Credentials
Regulations, Fines and Legislation
How the social media ban could reshape how all of us use the internet - BBC News
Open-source security is posing challenges governments can't easily solve | CyberScoop
Circumvention tool or essential security software? The shifting role of VPNs in the UK | TechRadar
Reality check: Could the UK's social media ban lead to VPN restrictions? | TechRadar
The UK’s social media ban for under-16s has just empowered big tech | Taylor Lorenz | The Guardian
From PGP to Mythos: a brief history of export controls that didn't stop anyone | TechCrunch
Trump Signs Executive Order Accelerating Post-Quantum Cryptography Migration - SecurityWeek
Britain's privacy watchdog quits after 'poor judgment' admission
Shadow IT
Forget Data Leakage: Shadow AI's Real Threat Is Access Control
Social Media
How the social media ban could reshape how all of us use the internet - BBC News
Software Supply Chain
'Cordyceps': Malicious Pull Requests Threaten CI/CD Workflows
Supply Chain and Third Parties
Klue Supply Chain Breach Exposes Salesforce Data At Several Security Firms
Klue OAuth breach victim list grows as Icarus hackers claim attack
Trust is the target: the new AI-era supply-chain attacks
What 22,000 breaches teach us about incident preparedness | CSO Online
LastPass suffers another data breach, but this time your password vault is safe - Digital Trends
Microsoft links Mastra AI supply chain attack to North Korean hackers
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
The UK is unprepared for Putin's cyber war. But one European country has the answer
The New Energy War: Why The AI Grid Is The New Battleground
Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Espionage - Infosecurity Magazine
Nation State Actors
China
How Chinese cars became a national security issue in Israel | Ctech
Russia
The UK is unprepared for Putin's cyber war. But one European country has the answer
Civilians behind international police probe into Russian cybercriminals - National | Globalnews.ca
North Korea
Microsoft links Mastra AI supply chain attack to North Korean hackers
Iran
Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Espionage - Infosecurity Magazine
Tools and Controls
What 22,000 breaches teach us about incident preparedness | CSO Online
Circumvention tool or essential security software? The shifting role of VPNs in the UK | TechRadar
Reality check: Could the UK's social media ban lead to VPN restrictions? | TechRadar
FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
Anthropic's Mythos AI broke into almost all NSA classified systems in hours
The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes
macOS Weaknesses Chained to Silently Disable Endpoint Security Agents - SecurityWeek
AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network
4,300+ Outdated Routers Hijacked in Stealthy Spy Infrastructure by AryStinger malware
WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool
Rolling out AI agents? 4 ways to move fast and furious - but with extreme caution | ZDNET
Every AI Agent Is an Identity. Most Organizations Don't Treat Them That Way
Why Frontier AI makes prioritization the most important part of your CTEM program
Companies are discarding the logs they need to catch a breach - Help Net Security
One intrusion, two cyberattackers: Uncovering parallel threat activity | Microsoft Security Blog
Mythos discovers 'Squidbleed,' a memory leak that's gone undetected since Clinton era
Security testing was built for a slower world - Help Net Security
Why MSSPs need to focus on reducing cyber risk, not adding complexity | ChannelPro
Most teams will ship AI-written infrastructure code with little review - Help Net Security
Don't panic, prepare: A cyber expert's advice on the Mythos hype
Healthcare staff enraged after a day off turned out to be a phishing test | Cybernews
Other News
How 100 Romanian hospitals switched to pen and paper to defeat a national cyber-attack - BBC News
Forget traffic lights, Google's reCAPTCHA may ask for hand gestures - Help Net Security
Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
Hundreds of Belgian organisations hit by cyber attack
One intrusion, two cyberattackers: Uncovering parallel threat activity | Microsoft Security Blog
Why MSSPs need to focus on reducing cyber risk, not adding complexity | ChannelPro
What are the cyber threats to the 2026 Fifa World Cup? | Computer Weekly
Legacy kit behind vast majority of cyber attacks on utilities | IT Pro
Vulnerability Management
What 22,000 breaches teach us about incident preparedness | CSO Online
Open-source security is posing challenges governments can't easily solve | CyberScoop
Windows 10 losing security support in October – 6 ways to solve the problem - Which?
Why Frontier AI makes prioritization the most important part of your CTEM program
Microsoft extends Windows 10's extra security updates program to October 2027 for free
Dozens of America's largest companies have no simple way to report security flaws
Vulnerabilities
The hits keep on coming for Cisco vulnerabilities
Cisco SD-WAN Zero-Day Exploited Months Before Patching - SecurityWeek
Cisco Unified CM Flaw CVE-2026-20230 Actively Exploited in the Wild
In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw
Curl Fixes a 25-Year-Old Bug in Its Largest CVE Release Yet - Security Affairs
FFmpeg fixes PixelSmash flaw in widely used video decoder
Chrome 149 Update Resolves 18 Severe Vulnerabilities - SecurityWeek
Update Chrome to patch critical browser security flaws | Malwarebytes
ShinyHunters Targets Oracle PeopleSoft Customers Through Critical Zero-day
Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253) - Help Net Security
Critical Ubiquiti Vulnerabilities in Attackers' Crosshairs - SecurityWeek
Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin
Your old iPhone may have a security flaw Apple can’t fix - Digital Trends
Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
Automotive
Construction
Critical National Infrastructure (CNI)
Defence & Space
Education & Academia
Energy & Utilities
Estate Agencies
Financial Services
FinTech
Food & Agriculture
Gaming & Gambling
Government & Public Sector (including Law Enforcement)
Health/Medical/Pharma
Hotels & Hospitality
Insurance
Legal
Manufacturing
Maritime & Shipping
Oil, Gas & Mining
OT, ICS, IIoT, SCADA & Cyber-Physical Systems
Retail & eCommerce
Small and Medium Sized Businesses (SMBs)
Startups
Telecoms
Third Sector & Charities
Transport & Aviation
Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.