Black Arrow Cyber Threat Intelligence Briefing 29 May 2026
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
Continuing the theme from recent weeks, our review of current cyber news in the media considers how organisations can use AI more securely by being aware of the risks and the need for stronger governance and oversight.
We highlight that this starts from the top of the organisation, including how the leadership uses AI, how they understand the risks to their core systems, and how they can fulfil regulatory and accountability responsibilities where AI agent failures cause disruption or harm. We also report on messaging from the UK’s NCSC on the need for organisations to strengthen their security in the face of escalating risks.
Alongside AI risks, traditional cyber risks remain: we include a reminder that phishing and vulnerability exploits are top cyber threats (which are also empowered by AI), alongside third-party risks.
While the threat landscape shifts and evolves, the actions required from business leaders remain consistent: ensure an objective and complete understanding of your risks, and an unbiased assessment of how your controls address those risks. Contact us to discuss how to achieve this proportionately.
Top Cyber Stories of the Last Week
Could Your CEO Be the Weakest Link When It Comes to AI Security? New Study Warns Execs Are ‘Knowingly Bypassing Safeguards Because the Perceived Benefits Outweigh the Risks’
New research from TrustedTech highlights a growing risk around unapproved AI use, with 62% of senior leaders admitting to using tools outside company controls, double the rate of wider employees. More than a quarter said they would continue using AI even if it was banned, despite many being concerned about staff doing the same. The risk is greater at leadership level because executives often have access to sensitive financial, HR, customer and legal data. The findings highlight how behaviour at senior level can undermine governance and increase organisational risk as AI adoption accelerates.
Companies Built AI into Core Systems Before Figuring Out How to Govern It
Check Point reports that 70% of organisations now use generative AI in live environments, while 64% have AI agents in pilot or production. In some cases, these agents have privileged access to core systems, increasing exposure to security incidents. More than half of organisations have already experienced at least one AI-related security issue, including unapproved AI use, AI-generated phishing, deepfake content and sensitive data leaks. Yet only 5% have visibility of the AI tools and services being used, leaving many organisations unable to consistently govern access, data flows and risk.
https://www.helpnetsecurity.com/2026/05/28/check-point-genai-security-controls-report/
When Your Biggest Security Risk Has Never Signed a Contract
As AI agents, systems that can act independently on behalf of an organisation, become embedded in business processes, accountability is moving from policy into law. UK and EU regimes increasingly expect a named senior leader to show reasonable oversight when agent failures cause disruption or harm. Responsibility cannot simply be assigned on paper. Senior sponsors need enough practical understanding to supervise the agents they own, supported by formal training that links legal accountability with meaningful operational control.
https://www.computerweekly.com/opinion/When-your-biggest-security-risk-has-never-signed-a-contract
The AI Phishing Revolution: From Spray-and-Pray to Autonomous Operations
AI is reshaping phishing from broad, low-effort scams into targeted, always-on campaigns. Attackers can now create convincing, personalised emails in under five minutes, operate across email, text, voice and collaboration tools, and adapt their approach when a target does not respond. Some attacks also bypass multi-factor authentication by tricking users into approving legitimate-looking login requests. With AI reducing the skill and cost needed to run these campaigns, organisations face a shift where attacks operate continuously and adapt in real time, making traditional, user-focused defences increasingly less effective.
Bosses Blinded by Confidence about Shadow AI Use by Workers
Okta research found that 58% of organisations experienced an AI-related security incident or near miss in the past year, despite 90% of executives feeling confident they can see how AI is being used. The gap is driven by “shadow AI”, where employees use unapproved tools outside company oversight. More than half of knowledge workers admitted doing this, including 55% in the UK. Some also shared confidential documents, HR information or even login details, increasing business risk. The findings suggest a disconnect between leadership visibility and actual AI usage, increasing exposure to data leakage and governance challenges as adoption grows.
68% of UK Firms Plan to Increase Cyber Spending as AI Risks Rise
Barclays reports that 68% of UK business leaders expect to increase cyber security spending over the next 12 months, as AI adoption and geopolitical uncertainty reshape technology priorities. Despite this, fewer than three in 10 firms are confident they could respond effectively to a major cyber incident. Average cyber security spend has reached £505,000 so far in 2026, rising to £1.3m among large businesses. Key concerns include loss of sensitive data or intellectual property, disruption to operations, loss of revenue and damage to customer trust.
https://www.infosecurity-magazine.com/news/uk-firms-cyber-spending-ai-risks/
Preparing for Severe Cyber Threat: Why Leaders Must Act Now
The NCSC has warned that severe cyber threats are becoming a credible risk for organisations delivering the UK’s critical services, including financial services, health, energy, transport, and communications. These attacks can cause extended downtime, financial loss, reputational damage and risks to public safety. With technologies such as advanced AI increasing the speed and scale of attacks, leaders are being urged to plan beyond prevention. Building resilience means identifying critical systems, preparing for degraded operations, rehearsing recovery plans and ensuring key decisions are understood before a major incident occurs.
https://www.ncsc.gov.uk/blogs/preparing-for-severe-cyber-threat-why-leaders-must-act-now
The UK’s Top Spy Says the Window to Stay Ahead of China and Russia Is Narrowing and Cyber Security Needs to Become ‘10 Times More Urgent’
GCHQ has warned that the UK and its allies have a narrowing window to stay ahead of growing cyber and intelligence threats from China and Russia. The agency’s director said warfare is becoming increasingly driven by data, artificial intelligence and automation, while Russia is intensifying activity against critical infrastructure, democratic processes, supply chains and public trust. The warning highlights the increasing pressure on organisations to strengthen supply chain resilience, protect data and manage access controls as part of a more urgent approach to cyber security.
UK Spy Chief Labels AI ‘Unstoppable Force’ with Offensive, Defensive Ramifications for Cyberspace
GCHQ has warned that artificial intelligence is reshaping cyber security, creating both new opportunities and risks. Anne Keast-Butler, head of the UK intelligence agency, described AI as an “unstoppable force” that can be used to find weaknesses in critical technology and to support activity below the level of traditional warfare. GCHQ is developing an AI powered cyber shield to strengthen national defences, while warning that countries including China and Russia are using AI, data and automation to enhance cyber and hybrid threats.
https://cyberscoop.com/gchq-warns-ai-cyber-warfare-threats/
Phishing Most Prevalent Cyber Attack, Confirms UK Survey
New UK government research shows cyber attacks remain a persistent risk, affecting 43% of businesses and 28% of charities in the past year. Phishing, where criminals trick people into sharing information or clicking harmful links, remains the most common attack, impacting 38% of businesses and 25% of charities. Larger organisations face higher exposure, with 69% reporting an incident. Despite this, only around 30% conduct cyber risk assessments, while just 25% of businesses and 19% of charities have formal response plans. Supply chain oversight also remains limited, leaving many organisations exposed through partners and providers.
Security Experts Caution MFA Alone Can No Longer Stop Threat Actors
Security researchers are warning that multi factor authentication is no longer enough on its own to stop account takeover attempts. New phishing services can steal Microsoft 365 access tokens, which allow criminals to access Outlook, Teams and OneDrive without needing a password or another login check. One service, Kali365, costs from $250 for 30 days and gives even less skilled attackers ready-made templates, dashboards and AI generated messages. This shift highlights how attackers are bypassing traditional authentication controls, reflecting a move toward identity-focused risks such as token misuse and anomalous account activity rather than reliance on login-based protections alone.
To Pay, or Not to Pay: 58% of CISOs Say They Would Pay the Ransom for Their Data
A survey of 750 CISOs in the US and UK found that 58% would be willing to pay a ransom to end a ransomware incident, despite official guidance advising against it. In practice, fewer organisations appear to pay, with IDC reporting that 37% of affected companies did so last year. Paying does not guarantee recovery, with some organisations receiving incomplete data restoration and only 60% of SMEs in one survey recovering all or part of their data after payment. The findings highlight the operational and recovery risks of ransomware, where payment does not guarantee data restoration and can still result in prolonged disruption.
Lessons for Organisations from the Verizon 2026 Data Breach Investigations Report
Verizon’s 2026 Data Breach Investigations Report highlights how many breaches still stem from gaps in basic cyber security controls. Based on more than 31,000 incidents and 22,000 confirmed breaches across 145 countries, the report found vulnerability exploitation was the leading route into organisations, accounting for 31% of breaches. Ransomware remained a major issue, appearing in 48% of breaches, while third party involvement also featured in 48%. The report also points to rising risks from employee use of unauthorised AI tools, with sensitive internal information being uploaded outside corporate control.
https://www.helpnetsecurity.com/2026/05/25/lessons-from-verizon-dbir-2026-findings/
Governance, Risk and Compliance
68% of UK Firms Plan to Increase Cyber Spending as AI Risks Rise - Infosecurity Magazine
The readiness paradox: Why a false sense of cyber confidence is becoming a liability | CyberScoop
UK businesses accelerate cyber and AI investment amidst geopolitical tensions | WebWire
Preparing for severe cyber threat: why leaders must act now | National Cyber Security Centre
Developing An Executive Cybersecurity Strategy When Director Duties Extend To The Home Router
Threats
Ransomware, Extortion and Destructive Attacks
Why pure extortion is replacing traditional ransomware - Security Affairs
To pay, or not to pay: 58% of CISOs say they would pay the ransom for their data | CSO Online
The Hidden Ransomware Economy Running on Exposed Databases
Ransomware Actors Show Up In Person to Steal Law Firm Data
The Gentlemen is Making Its Mark in the Ransomware World - Security Boulevard
Law enforcement shuts down VPN service used by two dozen ransomware gangs | TechCrunch
Payload Ransomware Uses ChaCha20 and Curve25519 ECDH to Encrypt Windows Files
More Australian firms are panicking and paying ransoms | The North West Star | Mt Isa, QLD
Ransomware and Destructive Attack Victims
Charter confirms data breach after ShinyHunters extortion threat
MyPillow appears on Play ransomware leak site
Phishing & Email Based Attacks
Phishing most prevalent cyber attack, confirms UK survey | ICAEW
Microsoft 365 users targeted by new phishing threat that bypasses MFA - Help Net Security
FBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts — no password required
The AI Phishing Revolution - IT Security Guru
AI-Powered Phishing Puts MSSPs on the Defensive: Barracuda | news | MSSP Alert
Inside business email compromise attack: Real-world examples | TechTarget
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
Chinese Threat Actors Shift to Live Credential Interception - Infosecurity Magazine
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Inside business email compromise attack: Real-world examples | TechTarget
Other Social Engineering
MFA Prompt Bombing: Why Your Second Factor Isn't Saving You
700+ education and tech websites hijacked in huge ClickFix malware campaign | Malwarebytes
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
Iranian Hackers Using Fake Job Sites to Breach Defense Firms
Thousands of Fake FIFA Domains Target World Cup Fans - Infosecurity Magazine
FBI director Kash Patel’s brand website taken offline after malware reports
2FA/MFA
Security experts caution MFA alone can no longer stop threat actors | CSO Online
Microsoft 365 users targeted by new phishing threat that bypasses MFA - Help Net Security
FBI warns about fast-growing phishing kit targeting Microsoft 365 users | CyberScoop
MFA Prompt Bombing: Why Your Second Factor Isn't Saving You
AML/CFT/Money Laundering/Terrorist Financing/Sanctions
Two arrested for facilitating pro-Russia cyberattacks, violating EU sanctions | NL Times
Artificial Intelligence
Turns out the C-suite loves shadow AI - Help Net Security
Companies built AI into core systems before figuring out how to govern it - Help Net Security
When your biggest security risk has never signed a contract | Computer Weekly
Bosses blinded by confidence about shadow AI use by workers
The AI Phishing Revolution - IT Security Guru
ECB convenes banks over AI cybersecurity risks from Mythos
AI guardrails stripped from Meta and Google models in minutes
European AI adoption hits 99% with regulated data driving most policy violations - Help Net Security
GCHQ draws up plans for world-first national AI cyber defence system | The Standard
Frontier AI models collapse under multi-turn AI attacks, Cisco finds - Help Net Security
‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems - SecurityWeek
Defenders Fall Behind, as AI Rewrites the Rules of a Data Breach
Fake Gemini and Claude Code Sites Spread Infostealers - Infosecurity Magazine
The Growing Cybersecurity Risks To The Supply Chain In The AI Era
GPU mining malware spreads via SEO poisoning, AI chatbots
Why AI Could Make Cybersecurity One of the Hottest Jobs in Tech - ClearanceJobs
Cisco used AI to write security incident reports, with mixed results
Nimbus Manticore Expanded Attacks With AI-Assisted Malware and Fake Zoom Installers
Fake ChatGPT and Claude installers on GitHub are dropping Deno RAT malware - Help Net Security
Trump Postpones Signing AI Security Order Over Parts He Disliked
OpenAI heralds cybersecurity, election interference safeguard plans for 2026 midterms | CyberScoop
Anthropic Says a Mythos-Class AI Model Will Be Available Soon - CNET
Bots/Botnets
Canadian Man Arrested for Operating Kimwolf Botnet - SecurityWeek
GlassWorm Botnet Disrupted - SecurityWeek
Careers, Roles, Skills, Working in Cyber and Information Security
Why AI Could Make Cybersecurity One of the Hottest Jobs in Tech - ClearanceJobs
Amid fears of AI killing tech jobs, companies race to fill cybersecurity roles - Sherwood News
One Job That Is Growing in the A.I. Era? Cybersecurity Experts. - The New York Times
Why Burnout in Cybersecurity Demands Risk-Based Response - Infosecurity Magazine
Cloud/SaaS
Microsoft 365 users targeted by new phishing threat that bypasses MFA - Help Net Security
FBI warns about fast-growing phishing kit targeting Microsoft 365 users | CyberScoop
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
GPU mining malware spreads via SEO poisoning, AI chatbots
Jailbroken Gemini helped Russian-speaking fraudster target MAGA crypto users
Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
Cyber Crime, Organised Crime & Criminal Actors
Ghost hackers: the cybersecurity mystery that nobody has solved | TechCrunch
First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
Dutch authorities dismantle hosting network allegedly used for cyberattacks and disinformation
Canadian Man Arrested for Operating Kimwolf Botnet - SecurityWeek
One Telecom Provider Hosted Most of the Middle East ’s Active C2 Infrastructure
Netherlands seizes 800 servers of hosting firm enabling cyberattacks
Former US execs plead guilty to aiding tech support scammers
Data Breaches/Leaks
Hacker claims to leak massive WhatsApp database before vanishing from forums | Cybernews
Defenders Fall Behind, as AI Rewrites the Rules of a Data Breach
46k plaintext passwords pwned in Myspace93 breach
German hospitals targeted in massive cyberattack
Victims 'violated' after South Staffs Water's data breach - BBC News
OnlyFans mega leak reveals 340M user records, hackers claim | Cybernews
UK luxury car drivers' data may be exposed after Mercedes data leak claim | Cybernews
340 Million OnlyFans Profiles Allegedly Rebuilt from Leaks
Trump Mobile site leaks customer data as phone finally ships
7-Eleven data breach exposes personal information of 185,000 people
DocketWise Data Breach Impacts 143,000 - SecurityWeek
Data Protection
European AI adoption hits 99% with regulated data driving most policy violations - Help Net Security
Data/Digital Sovereignty
How a 900% Surge in Cyberattacks Is Forcing Europe to Rethink Its Tech Sovereignty — UNITED24 Media
Dutch Government just said no to an American firm buying the keys to their digital State
Denial of Service/DoS/DDoS
Why the Surge in DDoS Attacks Should Worry Security Leaders - Infosecurity Magazine
Encryption
Texas AG sues Meta over claims that WhatsApp doesn't provide end-to-end encryption - Ars Technica
‘Q-Day’ could be cybersecurity’s Armageddon | The Week
Apple open-sources quantum-resistant encryption code | CyberScoop
Fraud, Scams and Financial Crime
Jailbroken Gemini helped Russian-speaking fraudster target MAGA crypto users
Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet
Is your phone bill higher? 200+ Android apps might secretly be stealing money from you - PhoneArena
Thousands of Fake FIFA Domains Target World Cup Fans - Infosecurity Magazine
Security Leaders Should Prepare for World Cup Scams | Security Magazine
Fake Streams, Counterfeit Merch & Scams: How Fraudsters Target F1 Fans - Infosecurity Magazine
Insider Risk and Insider Threats
Turns out the C-suite loves shadow AI - Help Net Security
Bosses blinded by confidence about shadow AI use by workers
Why ‘shadow AI’ could become an expensive headache for businesses
Internet of Things – IoT
This Is Where Your Doorbell Camera's Security Footage Actually Goes
Law Enforcement Action and Take Downs
First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
Admins of Bulletproof Hosting Service Used by Russian Hackers Arrested in Netherlands - SecurityWeek
Dutch authorities dismantle hosting network allegedly used for cyberattacks and disinformation
Netherlands seizes 800 servers of hosting firm enabling cyberattacks
GlassWorm Botnet Disrupted - SecurityWeek
Two arrested for facilitating pro-Russia cyberattacks, violating EU sanctions | NL Times
Romanian Hacker Gets Nearly 5 Years in US Prison Over Network Intrusion
Canadian Man Arrested for Operating Kimwolf Botnet - SecurityWeek
Former US execs plead guilty to aiding tech support scammers
Dutch police arrests suspect linked to Ajax football club hack
Linux and Open Source
A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale | WIRED
Dirty Frag, Copy Fail, Fragnesia: The start of a worrisome Linux security trend
Hackers Hide Linux Payload Under SSH-Like Filename During Package Installation
Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects - SecurityWeek
Shai-Hulud Hackers TeamPCP: Lucky or Skilled Operators?
China-Linked Hackers Target Southeast Asian Edge Routers With Custom Linux Implant
Malware
‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems - SecurityWeek
Hackers Hide Linux Payload Under SSH-Like Filename During Package Installation
GPU mining malware spreads via SEO poisoning, AI chatbots
700+ education and tech websites hijacked in huge ClickFix malware campaign | Malwarebytes
Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users
China-Linked Hackers Target Southeast Asian Edge Routers With Custom Linux Implant
GlassWorm Botnet Disrupted - SecurityWeek
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
Fake Gemini and Claude Code Sites Spread Infostealers - Infosecurity Magazine
Fake ChatGPT and Claude installers on GitHub are dropping Deno RAT malware - Help Net Security
Megalodon chums the waters in 5.5K+ GitHub repo poisonings
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
Attackers Move Past Typosquatting to Realistic Package Impersonation - Infosecurity Magazine
Shai-Hulud Hackers TeamPCP: Lucky or Skilled Operators?
Nimbus Manticore Expanded Attacks With AI-Assisted Malware and Fake Zoom Installers
FBI director Kash Patel’s brand website taken offline after malware reports
Supply Chain Attack Targets Laravel-Lang Packages with Credential Stealer
MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
Iranian APT Targets Aviation, Software Companies With Updated Tools - SecurityWeek
Scammers are Exploiting GTA 6 Hype to Spread Malware | Extremetech
Chinese APTs Share Linux Backdoor in Telco Attacks
Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
Misinformation, Disinformation and Propaganda
Dutch authorities dismantle hosting network allegedly used for cyberattacks and disinformation
Mobile
Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users
Is your phone bill higher? 200+ Android apps might secretly be stealing money from you - PhoneArena
BTMOB Android RAT Spreads Through No-Code Builder Tooling - Infosecurity Magazine
Outages
Downtime has become a $600 billion business problem - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
The Credential Crisis: How Stolen Credentials Defeat Modern Security - SecurityWeek
Why businesses still get password management wrong | TNW Deals
Typed the wrong macOS password? That brief pause isn't a glitch | Macworld
Regulations, Fines and Legislation
ECB convenes banks over AI cybersecurity risks from Mythos
'We cannot regulate cyber threats away,' top lawyer warns
Trump Postpones Signing AI Security Order Over Parts He Disliked
Minister Lloyd cyber security speech at the New Statesman - GOV.UK
Restoring CISA is one issue many lawmakers can agree on | Federal News Network
Shadow IT
Turns out the C-suite loves shadow AI - Help Net Security
Bosses blinded by confidence about shadow AI use by workers
Why ‘shadow AI’ could become an expensive headache for businesses
Social Media
46k plaintext passwords pwned in Myspace93 breach
Software Supply Chain
‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems - SecurityWeek
A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale | WIRED
Hackers Hide Linux Payload Under SSH-Like Filename During Package Installation
Over 5,500 GitHub Repositories Infected in 'Megalodon' Supply Chain Attack - SecurityWeek
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
Megalodon chums the waters in 5.5K+ GitHub repo poisonings
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
The Growing Cybersecurity Risks To The Supply Chain In The AI Era
Shai-Hulud Hackers TeamPCP: Lucky or Skilled Operators?
Supply Chain and Third Parties
‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems - SecurityWeek
The Growing Cybersecurity Risks To The Supply Chain In The AI Era
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
UK Spy Chief Warns China Is Closing Cyber Gap With West
Cyber warfare is outpacing global legal accountability - The Hindu
How concerned should CIOs be with geopolitics? | CIO
Nation State Actors
China
UK Spy Chief Warns China Is Closing Cyber Gap With West
Chinese Threat Actors Shift to Live Credential Interception - Infosecurity Magazine
China-Linked Hackers Target Southeast Asian Edge Routers With Custom Linux Implant
Chinese APTs Share Linux Backdoor in Telco Attacks
Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
Russia
Russia 'relentlessly targeting' critical infrastructure, democracy - GCHQ - BBC News
Admins of Bulletproof Hosting Service Used by Russian Hackers Arrested in Netherlands - SecurityWeek
Two arrested for facilitating pro-Russia cyberattacks, violating EU sanctions | NL Times
Experts question Nigel Farage’s Russian phone-hacking claims
North Korea
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
Iran
Iranian Hackers Using Fake Job Sites to Breach Defense Firms
Nimbus Manticore Expanded Attacks With AI-Assisted Malware and Fake Zoom Installers
MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
Iranian APT Targets Aviation, Software Companies With Updated Tools - SecurityWeek
The LA Metro Attack Wasn't Hacktivism. It Was a State Operation With a Costume On.
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
How concerned should CIOs be with geopolitics? | CIO
A nation on a hard drive: Inside the rise of digital embassies – POLITICO
Tools and Controls
Security experts caution MFA alone can no longer stop threat actors | CSO Online
Anthropic's Claude Mythos Preview Uncovers 10,000+ 0-Days in Project Glasswing
Microsoft 0-day feud escalates as researcher threatens another Windows exploit dump
MFA Prompt Bombing: Why Your Second Factor Isn't Saving You
Preparing for severe cyber threat: why leaders must act now | National Cyber Security Centre
The Next-Gen Flipper Zero Looks Even More Powerful Than Expected
Project Glasswing by Anthropic didn't just find the bugs. It also found the real vuln | Ctech
Why businesses still get password management wrong | TNW Deals
Why Burnout in Cybersecurity Demands Risk-Based Response - Infosecurity Magazine
Cybersecurity Evolution: Perimeter Defense to AI-Native Security
Apple open-sources quantum-resistant encryption code | CyberScoop
European AI adoption hits 99% with regulated data driving most policy violations - Help Net Security
Amid fears of AI killing tech jobs, companies race to fill cybersecurity roles - Sherwood News
One Job That Is Growing in the A.I. Era? Cybersecurity Experts. - The New York Times
Cisco used AI to write security incident reports, with mixed results
Anthropic adds 28 security and compliance integrations for Claude - Help Net Security
For CISOs, dawn of OpenAI Daybreak brings good and bad news | TechTarget
Claude now reviews and fixes vulnerabilities as you write code - Help Net Security
Other News
Tech giants need oversight to protect national security
Farage under mounting pressure to prove Russian hack claim | Nigel Farage | The Guardian
Water, the Soft Underbelly of Critical Infrastructure
OT attacks shift from recon to physical control, raising stakes | TechTarget
A nation on a hard drive: Inside the rise of digital embassies – POLITICO
Cyber attacks are ‘inevitable’, warns NHS comms lead | PR Week UK
Experts question Nigel Farage’s Russian phone-hacking claims
Scottish social enterprise supports national cyber efforts | Computer Weekly
Vulnerability Management
Anthropic's Claude Mythos Preview Uncovers 10,000+ 0-Days in Project Glasswing
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
Microsoft Threatens Researcher Over Bug Reports, Triggers Cybersecurity Uproar
Three-Quarters of Firms Knowingly Ship Vulnerable Code, Says Checkmarx - Infosecurity Magazine
NIST’s CVE Shift Raises the Bar for Vulnerability Prioritization | perspective | MSSP Alert
Why some security fixes never reach your vulnerability dashboard | CSO Online
Verizon 2026 DBIR: 6 key takeaways for CISOs | TechTarget
Project Glasswing by Anthropic didn't just find the bugs. It also found the real vuln | Ctech
Anthropic to release Mythos-class models to the public
Why CISA Accepting KEV Nominations Is So Important | Security Magazine
Cisco refines its risk-based vulnerability disclosure for the AI era - Help Net Security
Vulnerabilities
Microsoft patches two zero-day flaws in Defender | CSO Online
SharePoint Has a New RCE Flaw. If You Haven't Patched Yet, Go Do That.
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure - SecurityWeek
CVE-2026-9082: Drupal's Highly Critical SQL Injection Flaw Is Already Under Active Attack
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
700+ education and tech websites hijacked in huge ClickFix malware campaign | Malwarebytes
Gitea Vulnerability Exposed 30,000 Deployments to Attacks - SecurityWeek
New Gogs 0-Day Vulnerability Lets Attackers Run Malicious Code on the Server Remotely
KnowledgeDeliver flaw exploited as a zero-day to install web shells
Dirty Frag, Copy Fail, Fragnesia: The start of a worrisome Linux security trend
Notepad++ fixes critical vulnerabilities that can lead to malware | Cybernews
Trend Micro warns of Apex One zero-day exploited in the wild
Ubiquiti patches three max severity UniFi OS vulnerabilities
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
Automotive
Construction
Critical National Infrastructure (CNI)
Defence & Space
Education & Academia
Energy & Utilities
Estate Agencies
Financial Services
FinTech
Food & Agriculture
Gaming & Gambling
Government & Public Sector (including Law Enforcement)
Health/Medical/Pharma
Hotels & Hospitality
Insurance
Legal
Manufacturing
Maritime & Shipping
Oil, Gas & Mining
OT, ICS, IIoT, SCADA & Cyber-Physical Systems
Retail & eCommerce
Small and Medium Sized Businesses (SMBs)
Startups
Telecoms
Third Sector & Charities
Transport & Aviation
Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.