Black Arrow Cyber Threat Intelligence Briefing 30 January 2026
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Executive Summary
This week’s review begins with a finding that cyber security failures are increasingly driven by leadership and accountability gaps, not a lack of technology. We look at the cyber risks that leadership teams need to manage, including how artificial intelligence is accelerating the speed, scale and effectiveness of cyber attacks by reshaping malware, phishing and extortion tactics. We report on the emergence of flawed ransomware, where paying a ransom still fails to restore data due to discarded encryption keys, and voice‑led phishing campaigns that guide staff to approve MFA prompts or share one‑time passcodes.
Our review highlights long‑standing security weaknesses left unresolved in financial services, and the dominance of unpatched vulnerabilities as an entry point. We discuss password risks, including where employees create predictable passwords by only tweaking the previous one, and a major breach exposing 149 million credentials from an unsecured dataset.
These risks reinforce that cyber security is not an IT topic, and that leadership teams need to manage the risks across people, operations and technology. Contact us for details of how to address these risks in a proportionate manner with your control providers.
Top Cyber Stories of the Last Week
Cyber Security Failures Stem from Leadership Gaps, Not Technology, Says Former FTSE CISO
Cyber security failures often stem from leadership and accountability gaps rather than a lack of technology, according to former FTSE-250 chief information security officer (CISO) Amy Lemberger of The CISO Hub. Many organisations have extensive security and monitoring tools, but cyber risk is frequently split across IT, compliance and procurement, leaving no senior owner for key trade-offs between security, speed, cost and growth. Appointing a CISO should make risk visible, not make it disappear, and boards need clearer insight into business impact and priorities, not more technical detail.
10 Ways AI Can Inflict Unprecedented Damage in 2026
Experts expect 2026 to be a step change in cyber risk as criminals and hostile states use artificial intelligence to make attacks faster, more convincing, and harder to spot. They warn of more self-adjusting malicious software, automated AI agents moving through networks to find valuable data, and a rise in staff using unauthorised AI tools that can leak sensitive information without oversight. Financial pressure is also set to grow, with ransomware damage forecast to rise from $57bn in 2025 to $74bn in 2026, shifting towards data theft and blackmail rather than simply locking systems.
https://www.zdnet.com/article/10-ways-ai-will-do-unprecedented-damage-in-2026-experts-warn/
Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted
A new ransomware variant called Sicarii has been advertised as a ransomware service since December, but researchers warn its decryption process is fundamentally broken. Even if an organisation pays, the criminals are unlikely to be able to unlock the data because the malware generates a new encryption key for each infected system and then discards the key needed to restore files. Claims suggest it has hit three to six mainly small business victims so far, though this is unverified. The poor quality of the code and odd branding hints at an inexperienced actor, possibly using AI tools, reinforcing why paying ransoms is a high-risk decision.
https://www.darkreading.com/endpoint-security/vibe-coded-sicarii-ransomware-decrypted
Over 100 Organisations Targeted in ShinyHunters Phishing Campaign
Security researchers have linked the cyber attacker group ShinyHunters to a phishing campaign that has prepared attacks against at least 100 organisations across sectors including technology, finance, healthcare and energy. The group uses voice phishing, where victims receive convincing phone calls, to target single sign-on accounts used to access multiple business systems. By combining phone guidance with fake login pages, attackers can capture passwords and persuade staff to approve multi-factor authentication prompts or share one-time passcodes. Some organisations have reported confirmed data breaches, and the criminals claim to have stolen millions of records with extortion demands reported in some cases.
https://www.securityweek.com/over-100-organizations-targeted-in-shinyhunters-phishing-campaign/
77% of Financial Service Organisations Accrued Security Debt in 2025
Veracode’s latest analysis of the financial sector highlights a growing build-up of ‘security debt’, meaning serious software weaknesses have been left unresolved for more than a year. It found 77% of banking, financial services and insurance organisations accrued some level of security debt in 2025, with 63% carrying critical issues. On average, it takes 276 days for firms to fix half of identified weaknesses, almost a month slower than other industries. While third party code makes up 17% of overall debt, it drives more than 82% of the most critical exposure, and takes 50% longer to remediate than in-house code.
Patch or Perish: Vulnerability Exploits Now Dominate Intrusions
According to Cisco Talos, software weaknesses are now the leading way attackers break into organisations, accounting for nearly 40% of intrusions in Q4 2025. Attackers are exploiting newly disclosed issues within hours, especially in internet facing business applications, leaving a very small window to respond. Phishing remains a close second at 32%, often leading to compromised email accounts and follow on scams from trusted addresses. Ransomware fell to 13% of cases, but this may reflect criminal groups consolidating rather than a reduced threat.
https://www.theregister.com/2026/01/29/faster_patching_please_cry_infoseccers/
5 Reasons Why a Password Manager Is More Essential than Ever
Password reuse remains one of the simplest ways for criminals to take over accounts, especially after a data breach where stolen usernames and passwords are circulated and then tried on other services. Password managers reduce this risk by creating unique, random passwords for every account and warning users if their saved details appear in known breaches. They can also help defend against phishing, where convincing fake emails and websites trick people into entering credentials, by only auto filling details on the correct site. Combined with multi factor authentication, they make stronger login security easier to adopt across the organisation.
https://www.makeuseof.com/reasons-why-password-manager-is-more-essential-than-ever/
Password Reuse in Disguise: An Often-Missed Risky Workaround
Near-identical password reuse remains a quietly significant cyber security risk, even in organisations with strong password rules. Staff often make small, predictable tweaks to existing passwords, such as changing a year or adding a character, which can still meet policy requirements but are easier for criminals to guess. This matters at scale: research suggests a 250 person organisation may collectively manage around 47,750 passwords, increasing the number of possible entry points. Attackers use automated tools to test common variations based on credentials leaked in previous breaches, so improving controls should include checks for overly similar passwords and continuous monitoring for breached credentials.
https://thehackernews.com/2026/01/password-reuse-in-disguise-often-missed.html
Data Breach Exposes 149M Login Credentials for Apps Such as Gmail, Instagram, Netflix and More
A major data leak exposed 149 million usernames and passwords across widely used services, including 48 million Gmail logins and millions linked to social media, streaming and financial platforms. The dataset, totalling 96GB, was reportedly left unsecured and publicly accessible, and even included some credentials for government websites. This creates a heightened risk of account takeovers, where criminals reuse stolen email and password pairs to access higher value services such as banking, trading or crypto. Leaders should reinforce two basics: enable two-factor authentication (a second sign-in step) and stop password reuse across accounts.
https://www.phonearena.com/news/data-breach-exposes-login-credentials-for-popular-apps_id177639
‘We’re Losing Massively’: EU Cyber Chief Warns Europe’s Defences Lag
The Chief of ENISA, the EU body responsible for strengthening cyber security across member states, has warned that Europe’s cyber security defences are falling behind the speed and scale of modern cyber attacks, despite rising overall security spending. Recent incidents have disrupted airports, elections and hospitals, while Germany’s Bundesbank reports facing over 5,000 attempted cyber attacks every minute. ENISA’s Chief argues the EU needs a fundamental rethink, not just incremental funding. A proposed expansion of ENISA by 118 staff would take it to roughly 268 people, far smaller than other EU security bodies, and he says even doubling capacity should be seen as the minimum.
https://www.politico.eu/article/we-are-losing-massively-against-hackers-eu-cyber-chief-warns/
Governance, Risk and Compliance
Regulation and financial crime lead UK company concerns - CDR News
Healthy Security Cultures Thrive on Risk Reporting
The cybercrime industry continues to challenge CISOs in 2026 | CSO Online
The human paradox at the center of modern cyber resilience | TechRadar
The Window Of Exposure Is The Real Cybersecurity Problem
UK cyber tests show banks' struggle with cybersecurity basics | American Banker
77% of Financial Service Organizations Accrued Security Debt in 2025 | Security Magazine
Bundesbank hit by 5,000 cyberattacks every minute | Cybernews
Security teams are carrying more tools with less confidence - Help Net Security
Security work keeps expanding, even with AI in the mix - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Osiris ransomware emerges, leveraging BYOVD technique to kill security tools
Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted
Over 100 Organizations Targeted in ShinyHunters Phishing Campaign - SecurityWeek
More criminals are using AI for ransomware attacks, cybersecurity centre warns | CBC News
Voice Phishing Okta Customers: ShinyHunters Claims Credit
Okta users under attack: Modern phishing kits are turbocharging vishing attacks - Help Net Security
Ransomware gang’s slip-up led to data recovery for 12 US firms | CSO Online
Initial access hackers switch to Tsundere Bot for ransomware attacks
How Can CISOs Respond to Ransomware Getting More Violent?
UK production hits 73-year low after tariff battle and cyber attack | Autocar
Cyber Centre releases Ransomware Threat Outlook 2025 to 2027 - Canada.ca
Russian ransomware forum seized by U.S. law enforcement – DataBreaches.Net
Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Group - Infosecurity Magazine
Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware
Ransomware Victims
UK production hits 73-year low after tariff battle and cyber attack | Autocar
Ransomware gang’s slip-up led to data recovery for 12 US firms | CSO Online
London boroughs limping back online months after cyberattack • The Register
ShinyHunters claims 2 Million Crunchbase records; company confirms breach
WorldLeaks Ransomware Group Claims 1.4TB Nike Data Breach - Infosecurity Magazine
ShinyHunters claims Panera Bread in alleged data theft • The Register
Marquis blames ransomware breach on SonicWall cloud backup hack
Phishing & Email Based Attacks
Over 100 Organizations Targeted in ShinyHunters Phishing Campaign - SecurityWeek
Phishing pages can appear after you click on them | Cybernews
News brief: Email scams highlight need for employee vigilance | TechTarget
Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access
The 2025 Phishing Surge Proved One Thing: Chasing Doesn't Work - Security Boulevard
New malware service guarantees phishing extensions on Chrome web store
Open-source AI used for scams, hacking, phishing, and abuse, study finds | Cybernews
Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware
Other Social Engineering
Voice Phishing Okta Customers: ShinyHunters Claims Credit
Okta users under attack: Modern phishing kits are turbocharging vishing attacks - Help Net Security
AML/CFT/Money Laundering/Terrorist Financing/Sanctions
Chinese Money Launderers Drive Global Ecosystem Worth $82bn - Infosecurity Magazine
Artificial Intelligence
10 ways AI can inflict unprecedented damage in 2026 | ZDNET
Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted
More criminals are using AI for ransomware attacks, cybersecurity centre warns | CBC News
AI-powered cyberattack kits are 'just a matter of time' • The Register
AI Security Threats Loom as Enterprise Usage Jumps 91% - Infosecurity Magazine
AI Is Lowering the Cost of Cybercrime—and Raising the Risk for Every Company | Fortune
Open-source AI used for scams, hacking, phishing, and abuse, study finds | Cybernews
Konni hackers target blockchain engineers with AI-built malware
Is your phone committing ad fraud? This AI malware may be responsible - SamMobile
Study: 94% of Experts Say AI Will Drive Cybersecurity Changes
LLMs Hijacked, Monetized in 'Operation Bizarre Bazaar' - SecurityWeek
EU investigates Musk's X over AI deepfake images | AP News
Beware! Fake ChatGPT browser extensions are stealing your login credentials
AI Is Rewriting Compliance Controls and CISOs Must Take Notice
Fake Moltbot AI assistant just spreads malware - so AI fans, watch out for scams | TechRadar
Moltbot is a security nightmare: 5 reasons to avoid using the viral AI agent right now | ZDNET
Crooks are hijacking and reselling AI infrastructure: Report | CSO Online
Undressed victims file class action lawsuit against xAI for Grok deepfakes | CyberScoop
Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup
AI is quietly poisoning itself and pushing models toward collapse - but there's a cure | ZDNET
Trump’s acting cyber chief uploaded sensitive files into a public version of ChatGPT - POLITICO
The open source ecosystem is booming thanks to AI, but hackers are taking advantage | IT Pro
US wants to push its view of AI cybersecurity standards to the rest of the world | CyberScoop
Bots/Botnets
Initial access hackers switch to Tsundere Bot for ransomware attacks
Aisuru botnet sets new record with 31.4 Tbps DDoS attack
Careers, Roles, Skills, Working in Cyber and Information Security
The human paradox at the center of modern cyber resilience | TechRadar
Security now one of the UK’s fastest-growing career paths | Computer Weekly
UK cyber security jobs have tripled since 2021, Socura ONS report reveals
Cloud/SaaS
Cyber Crime, Organised Crime & Criminal Actors
Chinese Money Launderers Drive Global Ecosystem Worth $82bn - Infosecurity Magazine
What motivates hackers and what makes them walk away - Help Net Security
Crooks are hijacking and reselling AI infrastructure: Report | CSO Online
China executes 11 people linked to Myanmar scam operation | China | The Guardian
Data Breaches/Leaks
5 reasons why a password manager is more essential than ever
infostealer malware breach - IT Security Guru
Massive breach exposes 149 million Instagram, Gmail, OnlyFans passwords: How to stay safe? | Mint
Law Firm Investigates Coupang Security Failures After Cyber-Attack - Infosecurity Magazine
Bumble, Panera Bread, CrunchBase, Match Hit by Cyberattacks
Match Group breach exposes data from Hinge, Tinder, OkCupid, and Match
WorldLeaks Ransomware Group Claims 1.4TB Nike Data Breach - Infosecurity Magazine
ShinyHunters claims Panera Bread in alleged data theft • The Register
Nike Probing Potential Security Incident as Hackers Threaten to Leak Data - SecurityWeek
Google agrees to pay $135 million over Android data harvesting claims - Help Net Security
France Fines National Employment Agency €5m Over 2024 Data Breach - Infosecurity Magazine
US Data Breaches Hit Record High but Victim Numbers Decline - Infosecurity Magazine
Trump's cybersecurity chief caught in massive ChatGPT blunder - Raw Story
Data Protection
France Fines National Employment Agency €5m Over 2024 Data Breach - Infosecurity Magazine
Data/Digital Sovereignty
Europe is launching its own social media platform | Cybernews
The Netherlands rethinks its US tech addiction – POLITICO
Denial of Service/DoS/DDoS
Aisuru botnet sets new record with 31.4 Tbps DDoS attack
Encryption
Fraud, Scams and Financial Crime
Chinese Money Launderers Drive Global Ecosystem Worth $82bn - Infosecurity Magazine
Is your phone committing ad fraud? This AI malware may be responsible - SamMobile
LLMs Hijacked, Monetized in 'Operation Bizarre Bazaar' - SecurityWeek
Regulation and financial crime lead UK company concerns - CDR News
Open-source AI used for scams, hacking, phishing, and abuse, study finds | Cybernews
Cybersecurity’s New Business Case: Fraud
A fake romance turns into an Android spyware infection - Help Net Security
China executes 11 people linked to Myanmar scam operation | China | The Guardian
Insider Risk and Insider Threats
The human paradox at the center of modern cyber resilience | TechRadar
How insider threats are growing – And what to do about it | SC Media UK
New CISA Guidance Targets Insider Threat Risks - Infosecurity Magazine
CISA insider-threat warning comes with an ironic twist • The Register
Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup
Internet of Things – IoT
Wearable tech adoption continues as privacy worries grow - Help Net Security
Law Enforcement Action and Take Downs
Russian ransomware forum seized by U.S. law enforcement – DataBreaches.Net
Google Disrupts IPIDEA — One of the World's Largest Residential Proxy Networks
Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup
Four arrested in crackdown on Discord-Based SWATting and doxing
Empire cybercrime market owner pleads guilty to drug conspiracy
Slovakian man pleads guilty to operating darknet marketplace
Linux and Open Source
Open-source malware zeroes in on developer environments - Help Net Security
The open source ecosystem is booming thanks to AI, but hackers are taking advantage | IT Pro
Malvertising
Your phone might be clicking on ads because of these malware-infected apps
Malware
infostealer malware breach - IT Security Guru
Is your phone committing ad fraud? This AI malware may be responsible - SamMobile
Open-source malware zeroes in on developer environments - Help Net Security
Konni hackers target blockchain engineers with AI-built malware
New malware service guarantees phishing extensions on Chrome web store
GhostPoster: 17 malware browser extensions you should delete ASAP | Mashable
Threat Actors Fake BSODs and Trusted Build Tools to Bypass Defenses and Deploy DCRat
What are drive-by download attacks? - Security Boulevard
Attackers use Windows App-V scripts to slip infostealer past enterprise defenses - Help Net Security
Fake Moltbot AI assistant just spreads malware - so AI fans, watch out for scams | TechRadar
Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor
Top antivirus hacked to push out a malicious update - find out if you're affected | TechRadar
Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware
New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector
US charges 31 more suspects linked to ATM malware attacks
Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware
Misinformation, Disinformation and Propaganda
TikTok blocks ‘Epstein’ mentions and anti-Trump videos, users claim | The Independent
Mobile
Is your phone committing ad fraud? This AI malware may be responsible - SamMobile
A WhatsApp bug lets malicious media files spread through group chats | Malwarebytes
Google Warns 2 Billion Android Users—Do Not Save Photos From WhatsApp
Hugging Face abused to spread thousands of Android malware variants
A fake romance turns into an Android spyware infection - Help Net Security
Microsoft: Outlook for iOS crashes, freezes due to coding error
Google agrees to pay $135 million over Android data harvesting claims - Help Net Security
What are phishing messages on phones? - SamMobile - SamMobile
Models, Frameworks and Standards
Government publishes Cyber Security and Resilience Bill | UKAuthority
France Fines National Employment Agency €5m Over 2024 Data Breach - Infosecurity Magazine
AI Is Rewriting Compliance Controls and CISOs Must Take Notice
A first look at NIST’s new cyber AI framework | Freeman Mathis & Gary - JDSupra
Outages
Why the internet kept breaking and taking down your favorite sites in 2025 | ZDNET
Passwords, Credential Stuffing & Brute Force Attacks
5 reasons why a password manager is more essential than ever
Why Using The Same Password For Every Website Is So Dangerous | HuffPost Life
Password Reuse in Disguise: An Often-Missed Risky Workaround
Massive breach exposes 149 million Instagram, Gmail, OnlyFans passwords: How to stay safe? | Mint
149 Million Usernames and Passwords Exposed by Unsecured Database | WIRED
Beware! Fake ChatGPT browser extensions are stealing your login credentials
Regulations, Fines and Legislation
Regulation and financial crime lead UK company concerns - CDR News
Government publishes Cyber Security and Resilience Bill | UKAuthority
UK government to build digital ID in-house • The Register
France Fines National Employment Agency €5m Over 2024 Data Breach - Infosecurity Magazine
US wants to push its view of AI cybersecurity standards to the rest of the world | CyberScoop
Bankruptcy as a National Security Risk | Oxford Law Blogs
Feds Take Their Ball and Go Home From RSAC Conference - Security Boulevard
EU Cybersecurity Shake Up Puts Non EU Rail Tech Under Fresh Scrutiny | Rail News
Social Media
Massive breach exposes 149 million Instagram, Gmail, OnlyFans passwords: How to stay safe? | Mint
Europe is launching its own social media platform | Cybernews
TikTok blocks ‘Epstein’ mentions and anti-Trump videos, users claim | The Independent
Supply Chain and Third Parties
AV vendor disputes security shop's update server claims • The Register
Top antivirus hacked to push out a malicious update - find out if you're affected | TechRadar
Marquis blames ransomware breach on SonicWall cloud backup hack
NHS Issues Open Letter Demanding Improved Cybersecurity Standards - Infosecurity Magazine
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
‘We’re losing massively’: EU cyber chief warns Europe’s defenses lag – POLITICO
UK Cyber Action Plan's promise | Professional Security Magazine
Russia's hybrid war is weakening Europe's cohesion, expert says | Euronews
Preparing for looming national cyber security threats in 2026 and beyond | Federal News Network
Nation State Actors
‘We’re losing massively’: EU cyber chief warns Europe’s defenses lag – POLITICO
Preparing for looming national cyber security threats in 2026 and beyond | Federal News Network
China
Hackers suspected of spying on UK officials' calls for years • The Register
Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor
China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023
Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup
Chinese Money Launderers Drive Global Ecosystem Worth $82bn - Infosecurity Magazine
China executes 11 people linked to Myanmar scam operation | China | The Guardian
Russia
‘We’re losing massively’: EU cyber chief warns Europe’s defenses lag – POLITICO
Russia's hybrid war is weakening Europe's cohesion, expert says | Euronews
SSU thwarts over 14,000 cyberattacks on Ukraine since Russia’s full-scale invasion
Russian ransomware forum seized by U.S. law enforcement – DataBreaches.Net
New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector
Cyberattack on Polish energy grid impacted around 30 facilities
Ubiquiti: The U.S. Tech Enabling Russia's Drone War - HUNTERBROOK
Russia car owners stranded after cyberattack hits Delta app | Cybernews
North Korea
Konni hackers target blockchain engineers with AI-built malware
Long-running North Korea threat group splits into 3 distinct operations | CyberScoop
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Preparing for looming national cyber security threats in 2026 and beyond | Federal News Network
Tools and Controls
5 reasons why a password manager is more essential than ever
Osiris ransomware emerges, leveraging BYOVD technique to kill security tools
Threat Actors Fake BSODs and Trusted Build Tools to Bypass Defenses and Deploy DCRat
Attackers use Windows App-V scripts to slip infostealer past enterprise defenses - Help Net Security
Study: 94% of Experts Say AI Will Drive Cybersecurity Changes
Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access
Security teams are carrying more tools with less confidence - Help Net Security
Security Teams Embrace AI, Just Not at the Scale Marketing Suggests - Infosecurity Magazine
Open-source malware zeroes in on developer environments - Help Net Security
73% of CISOs more likely to consider AI-enabled security solution | CSO Online
Ethical Hackers are Ramping Up AI Adoption, Collaboration: Bugcrowd | MSSP Alert
Secret Service warns domain registration system is major security flaw hackers exploit | CyberScoop
Viral Moltbot AI assistant raises concerns over data security
Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware
AI & the Death of Accuracy: What It Means for Zero-Trust
Security work keeps expanding, even with AI in the mix - Help Net Security
Rethinking Cybersecurity in a Platform World - InfoRiskToday
Other News
UK cyber tests show banks' struggle with cybersecurity basics | American Banker
77% of Financial Service Organizations Accrued Security Debt in 2025 | Security Magazine
Secret Service warns domain registration system is major security flaw hackers exploit | CyberScoop
Why the internet kept breaking and taking down your favorite sites in 2025 | ZDNET
UK Cyber Action Plan's promise | Professional Security Magazine
Majority of family businesses experienced cyberattacks in past two years, report reveals - Spear's
Germany To Strengthen Cyber Countermeasures | Silicon UK Tech
Cyber criminals turn sights on UK vehicle remarketing sector
Shoppers Avoid Stores That Fail to Prioritize Security Measures
What to know about the UK Cyber Action Plan | SC Media UK
EU Cybersecurity Shake Up Puts Non EU Rail Tech Under Fresh Scrutiny | Rail News
Inside Housing - Comment - Cyberattackers are changing, and we need to be ready
The Space Review: When satellites are hacked: the legal gray zone of non-kinetic space attack
Surging Cyberattacks Boost Latin America to Riskiest Region
Operation Winter SHIELD: FBI Issues Cyber Call to Arms - Infosecurity Magazine
Vulnerability Management
Vulnerability exploits now dominate intrusions • The Register
Europe's GCVE Raises Concerns Over Fragmentation Risks
Hand CVE Over to the Private Sector
Vulnerabilities
Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation
Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls
Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected
Everyone’s exploiting a WinRAR bug to drop RATs • The Register
Exploited Zero-Day Flaw in Cisco UC Could Affect Millions
Critical VMware vCenter Server bug under attack • The Register
Why you need Microsoft's new emergency Windows patch - and the black-screen bug to watch for | ZDNET
CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog
Microsoft releases emergency OOB update to fix Outlook freezes
Microsoft investigates Windows 11 boot failures after January updates
'PackageGate' Flaws Open JavaScript Ecosystem to Supply Chain Attacks - SecurityWeek
Critical sandbox escape flaw found in popular vm2 NodeJS library
Organizations Warned of Exploited Linux Vulnerabilities - SecurityWeek
OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution
SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass
Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online
eScan confirms update server breached to push malicious update
Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas
Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.