Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

Looking at various sources in this week’s review, the recurring conclusion is the need for organisations to make sure they understand the risks of AI before and during its use. Examples include a vulnerability in popular business software that allowed abuse by attackers, while organisations are deploying AI faster than their security. AI, and cyber risks in general, are top business risks according to research by the World Economic Forum and Allianz.

From a business leadership perspective, cyber reliance is increasingly important, yet research shows that executives are more likely to fall for a phishing attack. We look at emerging threats to businesses, including stylised QR codes, LinkedIn scams and attackers recruiting insiders to gain entry to targeted organisations. Ransomware remains a primary risk and is at record levels.

We are consistent in our messaging on how business leaders should address these risks. Ensure you have a contemporary understanding of how cyber is evolving, through our weekly threat intelligence briefings and leadership training, and establish a proportionate strategy to address the risks across people, operations and technology. By gaining your own impartial perspective, you will be better placed to govern and challenge others who are designing and maintaining your security controls.

Top Cyber Stories of the Last Week

We’re Moving Too Fast: Why AI’s Race to Market Is a Security Disaster

A critical ServiceNow AI vulnerability demonstrates how weaknesses introduced during rapid AI deployment can lead to serious security failures. The flaw allowed unauthenticated attackers to impersonate administrators and abuse AI agents. Default configurations, weak authentication and limited oversight are common in agentic AI systems, expanding organisational attack surfaces and enabling privilege abuse through automation.

Source: https://securityboulevard.com/2026/01/were-moving-too-fast-why-ais-race-to-market-is-a-security-disaster/

The Speed Mismatch Putting Modern Security At Risk

Attackers now operate at machine speed, while many organisations still rely on quarterly or annual security checks. This gap creates hidden risk, as vulnerabilities can appear and disappear between reviews and be exploited before they are identified. Security validation must move away from periodic checks and keep pace with continuously changing systems and attack activity.

Source: https://www.forbes.com/sites/tonybradley/2026/01/14/the-speed-mismatch-putting-modern-security-at-risk/

New Intelligence Is Moving Faster than Enterprise Controls

Enterprises are deploying AI faster than supporting infrastructure, governance and data controls can keep up, according to NTT research. Only a small proportion of organisations can operate AI at scale, with infrastructure limits and weak data hygiene creating security and reliability risks. The use of unsanctioned AI tools raises concerns around data leakage and inaccurate outputs, while governance maturity varies widely.

Source: https://www.helpnetsecurity.com/2026/01/16/ntt-data-enterprise-ai-governance/

Cyber Risk Enters a New Era as AI and Supply Chains Reshape Global Security

According to the World Economic Forum’s Global Cybersecurity Outlook 2026, AI‑related vulnerabilities surged more than any other cyber risk in 2025. Many organisations reported sensitive data leaking through generative AI tools as adoption outpaces governance, and a significant share of respondents expressed growing concern over attackers’ use of advanced AI capabilities. Uneven cyber security strength across suppliers and regions increases the risk that incidents spread beyond individual organisations, causing wider disruption across connected ecosystems.

Source: https://petri.com/cyber-risk-ai-supply-chains-global-security/

Allianz Risk Barometer 2026: Cyber Remains Top Business Risk but AI Fastest Riser at #2

Cyber incidents remain the top global business risk for the fifth consecutive year, ranked number one by 42% of respondents worldwide, driven largely by ransomware. AI rose from #10 to #2 as adoption accelerates faster than governance, creating operational, legal and reputational risk. Supply chain dependence and third‑party exposure continue to amplify the impact of disruption across businesses of all sizes.

Source: https://www.businesswire.com/news/home/20260114388360/en/Allianz-Risk-Barometer-2026-Cyber-Remains-Top-Business-Risk-but-AI-Fastest-Riser-at-2

Downtime Pushes Resilience Planning into Security Operations

Operational disruption and prolonged downtime caused by security incidents are becoming routine, with recovery often taking days and direct remediation costs reaching millions. These impacts are now prominent in board discussions. In response, research shows that CISOs are increasingly defining success in their role based on recovery and continuity rather than prevention alone, with growing executive expectations and accountability for restoring operations from risks including ransomware, supply chains, insiders and failures in trusted security software.

Source: https://www.helpnetsecurity.com/2026/01/12/absolute-ciso-resilience-planning/

Executives More Likely to Take Phishing Bait than Junior Staff

Yubico data shows over 11% of C‑suite respondents interacted with phishing in the past week, compared to 8.8% of entry‑level staff. Perception gaps persist, with 44% of C‑suite respondents saying they believe their organisation’s cyber security is “very good”, compared with 25% of entry‑level staff. Small businesses show low training and MFA adoption, increasing exposure to AI‑driven social engineering.

Source: https://betanews.com/article/executives-more-likely-to-take-phishing-bait-than-junior-staff/

QR Codes Are Getting Colourful, Fancy, and Dangerous

QR codes are increasingly used by attackers in phishing campaigns known as quishing. Research highlights how stylised QR codes using colours, logos and backgrounds preserve scan reliability while evading traditional URL inspection and email security controls. Industry data shows 22% of QR‑related attacks involve phishing, with state‑sponsored and criminal actors using redirection chains to harvest credentials via mobile devices.

Source: https://www.helpnetsecurity.com/2026/01/15/fancy-qr-codes-phishing-risk/

Convincing LinkedIn Comment-Reply Tactic Used in New Phishing

Attackers are posting fake LinkedIn comment replies impersonating the platform to claim policy violations and drive users to phishing sites. Some campaigns abuse LinkedIn’s own lnkd.in shortener, obscuring destinations. Fake company pages using LinkedIn branding have been identified, with LinkedIn confirming it does not notify users of violations via public comments.

Source: https://www.bleepingcomputer.com/news/security/convincing-linkedin-comment-reply-tactic-used-in-new-phishing/

Cyber Criminals Recruiting Insiders at Specific Organisations

Dark web forums show criminals actively seeking insiders at named organisations to access customer data and internal systems. Listings target crypto firms, consultancies and consumer platforms, offering payments of $3,000–$15,000. Insiders can bypass standard alerts, with researchers citing previous incidents where recruited employees enabled large‑scale data theft and financial loss.

Source: https://www.itpro.com/security/cyber-criminals-recruiting-insiders-at-specific-organizations

Ransomware Activity Surges to Record Levels

Global ransomware activity reached record levels in 2025, with 2,287 victims reported in Q4 alone and 124 active ransomware groups, a 46% year‑on‑year increase. Victim numbers rose 58% as law enforcement pressure fragmented larger groups of attackers into many smaller operators running frequent, repeatable attacks. The US accounted for 55% of victims, but activity remains global and sustained.

Source: https://betanews.com/article/ransomware-activity-surges-to-record-levels/

State-Backed Cyberattacks Are No Longer a Government Problem – They’re Now a Boardroom Priority

State‑backed actors increasingly target private organisations and supply chains rather than governments alone. The UK NCSC handled 204 nationally significant incidents in 12 months, up from 89 the previous year. Smaller suppliers are frequently exploited as backdoors, with resilience, governance and supply chain controls highlighted as practical responses to persistent geopolitical cyber threats.

Source: https://growthbusiness.co.uk/state-backed-cyberattacks-are-no-longer-a-government-problem-theyre-now-a-boardroom-priority-2584268/

Governance, Risk and Compliance

Executives more likely to take phishing bait than junior staff - BetaNews

Businesses in 2026: AI security oh yeah better look at that • The Register

Business leaders see AI risks and fraud outpacing ransomware, says WEF | Computer Weekly

Privacy and Cybersecurity Laws in 2026 Pose Challenges

Downtime pushes resilience planning into security operations - Help Net Security

Cyber Risk Enters a New Era as AI Reshapes Global Security

CISOs flag gaps in third-party risk management - Help Net Security

Enterprise security faces a three-front war: cybercrime, AI misuse, and supply chains - Help Net Security

CISO Succession Crisis Highlights How Turnover Amplifies Risks

Allianz Risk Barometer 2026: Cyber Remains Top Business Risk but AI Fastest Riser at #2

CISO Role Reaches “Inflexion Point” With Executive-Level Titles - Infosecurity Magazine

Technology dominates global risk concerns – Allianz

What insurers expect from cyber risk in 2026 - Help Net Security

The Speed Mismatch Putting Modern Security At Risk

Cybersecurity risk will accelerate this year, fueled in part by AI, says World Economic Forum | CSO Online

Cybersecurity spending keeps rising, so why is business impact still hard to explain? - Help Net Security

It’s the Data, Stupid: Why Cybersecurity Must Go Data-First

Threats

Ransomware, Extortion and Destructive Attacks

The Ransomware Paradox: Why Payments Are Soaring as Attacks “Drop” | MSSP Alert

Ransomware activity surges to record levels - BetaNews

Ransomware activity never dies, it multiplies - Help Net Security

Business leaders see AI risks and fraud outpacing ransomware, says WEF | Computer Weekly

Threat Actors Attacking Systems with 240+ Exploits Before Ransomware Deployment

Ransomware: Tactical Evolution Fuels Extortion Epidemic | SECURITY.COM

Takedowns and arrests didn't slow down ransomware in 2025 | TechRadar

DeadLock ransomware uses smart contracts to evade defenders • The Register

There’s a dangerous new ransomware variant on the block – and cyber experts warn it’s flying under the radar | IT Pro

Ransomware by the Numbers: Count of Victims and Groups Surge

Fog Ransomware Attacking US Organizations Leveraging Compromised VPN Credentials

France swaps alleged ransomware crook for conflict researcher • The Register

Sicarii Ransomware: Truth vs Myth - Check Point Research

MEED | Construction is third most targeted sector by ransomware

Ransomware Victims

South Korean giant Kyowon confirms data theft in ransomware attack

Cyberattack forces Belgian hospitals to cancel surgeries​ | Cybernews

Government statement on 'serious cyber attack' at Nuneaton school | Coventry Live

Belgian hospitals refuse ambulances following cyberattack • The Register

Phishing & Email Based Attacks

Executives more likely to take phishing bait than junior staff - BetaNews

QR codes are getting colorful, fancy, and dangerous - Help Net Security

FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes - SecurityWeek

North Korea turns QR codes into phishing weapons • The Register

FBI Flags Quishing Attacks From North Korean APT

Why can’t companies stop social engineering attacks?

Hackers Use Fake PayPal Notices to Steal Credentials, Deploy RMMs - Infosecurity Magazine

Trellix warns of advanced Facebook phishing using browser-in-the-browser attacks - SiliconANGLE

Facebook login thieves now using browser-in-browser trick

Phishing scammers are posting fake “account restricted” comments on LinkedIn | Malwarebytes

MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors

Why QR Codes Are Education's New Phishing Blind Spot - Security Boulevard

Fake Facebook pop-ups mimic browser window | Cybernews

Browser-in-the-Browser phishing is on the rise: Here's how to spot it - Help Net Security

China spies used Maduro capture as lure to phish US agencies • The Register

Other Social Engineering

QR codes are getting colorful, fancy, and dangerous - Help Net Security

Impersonation Fraud Drives Record $17bn in Crypto Losses - Infosecurity Magazine

Why can’t companies stop social engineering attacks?

Hackers Use Fake PayPal Notices to Steal Credentials, Deploy RMMs - Infosecurity Magazine

Phishing scammers are posting fake “account restricted” comments on LinkedIn | Malwarebytes

Fake Facebook pop-ups mimic browser window | Cybernews

Browser-in-the-Browser phishing is on the rise: Here's how to spot it - Help Net Security

Artificial Intelligence

Businesses in 2026: AI security oh yeah better look at that • The Register

Business leaders see AI risks and fraud outpacing ransomware, says WEF | Computer Weekly

Cyber Risk Enters a New Era as AI Reshapes Global Security

Enterprise security faces a three-front war: cybercrime, AI misuse, and supply chains - Help Net Security

Allianz Risk Barometer 2026: Cyber Remains Top Business Risk but AI Fastest Riser at #2

WEF: Deepfake Face-Swapping Tools Are Creating Critical Risks - Infosecurity Magazine

Top cyber threats to your AI systems and infrastructure | CSO Online

LLMs in Attacker Crosshairs, Warns Threat Intel Firm - SecurityWeek

We’re Moving Too Fast: Why AI’s Race to Market Is a Security Disaster - Security Boulevard

New intelligence is moving faster than enterprise controls - Help Net Security

Cybersecurity risk will accelerate this year, fueled in part by AI, says World Economic Forum | CSO Online

AI-Powered Truman Show Operation Industrializes Investment Fraud - Infosecurity Magazine

Hackers target misconfigured proxies to access paid LLM services

Generative AI in Enterprises: Security Risks Most Companies Are Not Measuring - Security Boulevard

Mac users are being targeted by a fake Grok app, and it's powered by AI - PhoneArena

AI driving serious fraud spike – WEF

What Should We Learn From How Attackers Leveraged AI in 2025?

Your Copilot data can be hijacked with a single click - here's how | ZDNET

AI Agents Are Becoming Authorization Bypass Paths

The quiet way AI normalizes foreign influence | CyberScoop

Malaysia and Indonesia block X over deepfake smut • The Register

U.K. investigation into X over AI deepfakes risks igniting a U.S.-Europe free speech battle | Fortune

Elon Musk calls UK government ‘fascist’ over touted X ban

California AG launches investigation into X’s sexualized deepfakes | CyberScoop

Vibe coding security risks and how to mitigate them | TechTarget

Ofcom continues X probe despite Grok 'nudify' fix • The Register

Bots/Botnets

Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers

GoBruteforcer Botnet Targeting Crypto, Blockchain Projects - SecurityWeek

Careers, Roles, Skills, Working in Cyber and Information Security

We're losing in recruitment | Professional Security Magazine

Cloud/SaaS

New Linux malware targets the cloud, steals creds, then vanishes • The Register

Experts warn this new Chinese Linux malware could be preparing something seriously worrying | TechRadar

New Chinese-Made Malware Framework Targets Linux Cloud Environments - Infosecurity Magazine

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Impersonation Fraud Drives Record $17bn in Crypto Losses - Infosecurity Magazine

Crypto crime hits record levels as state actors move billions - Help Net Security

GoBruteforcer Botnet Targeting Crypto, Blockchain Projects - SecurityWeek

Fintech firm Betterment confirms data breach after hackers send fake crypto scam notification to users | TechCrunch

Betterment Customer Data Accessed in Online Crypto Scam Attack

Cyber Crime, Organised Crime & Criminal Actors

Enterprise security faces a three-front war: cybercrime, AI misuse, and supply chains - Help Net Security

Russia’s Cyber Sanctuary in Transition: Implications for Global Cybercrime | Geopolitical Monitor

Europol Leads Global Crackdown on Black Axe Cybercrime Gang, 34 Arrest - Infosecurity Magazine

The country at the heart of the global scam industry

Exclusive research: Cybersecurity issues may worsen in 2026 | PaymentsSource | American Banker

The New Threats: Attackers Don't Just Break In, They Blend In - The New Stack

We're losing in recruitment | Professional Security Magazine

Why are cybercriminals getting younger? | TechRadar

BreachForums Breach Exposes 324K Cybercriminals

Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages

BreachForums Data Leak Raises Fresh Questions Over Credibility - IT Security Guru

Microsoft disrupts global cybercrime subscription service responsible for millions in fraud losses - Microsoft On the Issues

Data Breaches/Leaks

Russia’s Fancy Bear APT Doubles Down on Global Secrets Theft

France fines telcos €42M for issues leading to 2024 breach • The Register

Fintech firm Betterment confirms data breach after hackers send fake crypto scam notification to users | TechCrunch

California bans data broker reselling health data of millions

After Goldman, JPMorgan Discloses Law Firm Data Breach - SecurityWeek

Sensitive data of Eurail, Interrail travelers compromised in data breach - Help Net Security

BreachForums Data Leak Raises Fresh Questions Over Credibility - IT Security Guru

BreachForums hacking forum database leaked, exposing 324,000 accounts

Manage My Health starts notifying affected practices after major cyber breach | Cybernews

Second health provider, Canopy Health, hit in major cyber attack | RNZ News

Hackers Accessed University of Hawaii Cancer Center Patient Data; They Weren’t Immediately Notified - SecurityWeek

Central Maine Healthcare breach exposed data of over 145,000 people

Instagram denies data breach after password reset emails spark leak claims - SiliconANGLE

Another plastic surgery practice fell prey to a cyberattack with extortion attempt – DataBreaches.Net

Target employees confirm leaked source code is authentic

Threat actor claims the theft of full customer data from Spanish energy firm Endesa

Denial of Service/DoS/DDoS

ICE Agent Doxxing Site DDoS-ed Via Russian Servers - Infosecurity Magazine

Encryption

EU’s Chat Control could put government monitoring inside robots - Help Net Security

Michael Tsai - Blog - UK Child Protections and Messaging Backdoor

WFE Urges Regulators to Balance Quantum Risks With Immediate Cyber Threats - FinanceFeeds

G7 Sets 2034 Deadline for Finance to Adopt Quantum-Safe Systems - Infosecurity Magazine

Fraud, Scams and Financial Crime

Impersonation Fraud Drives Record $17bn in Crypto Losses - Infosecurity Magazine

Cyber Fraud Overtakes Ransomware as Top CEO Concern: WEF  - SecurityWeek

Cyber-Enabled Fraud Is Now One of the Most Pervasive Global Threats, Says New Report > Press releases | World Economic Forum

WEF: Deepfake Face-Swapping Tools Are Creating Critical Risks - Infosecurity Magazine

The country at the heart of the global scam industry

Exclusive research: Cybersecurity issues may worsen in 2026 | PaymentsSource | American Banker

Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages

AI-Powered Truman Show Operation Industrializes Investment Fraud - Infosecurity Magazine

AI driving serious fraud spike – WEF

Microsoft disrupts global cybercrime subscription service responsible for millions in fraud losses - Microsoft On the Issues

Phishing scammers are posting fake “account restricted” comments on LinkedIn | Malwarebytes

Online shoppers at risk as Magecart skimming hits major payment networks | Malwarebytes

Identity and Access Management

AI Agents Are Becoming Authorization Bypass Paths

Insurance

What insurers expect from cyber risk in 2026 - Help Net Security

US regulator tells GM to hit the brakes on customer tracking • The Register

Insider Risk and Insider Threats

Cyber criminals recruiting insiders at specific organizations | IT Pro

Internet of Things – IoT

Is your smart home at risk of being hacked? 6 ways experts lock theirs down | ZDNET

Sorry I'm late for work boss, my car's been hacked | Autocar

Why hacking could be the biggest threat facing automotive | Autocar

Multiple Hikvision Vulnerabilities Let Attackers Cause Device Malfunction Using Crafted Packets

China targets US cybersecurity firms, Tesla's FSD subscription

Law Enforcement Action and Take Downs

Takedowns and arrests didn't slow down ransomware in 2025 | TechRadar

Microsoft disrupts global cybercrime subscription service responsible for millions in fraud losses - Microsoft On the Issues

Europol Leads Global Crackdown on Black Axe Cybercrime Gang, 34 Arrest - Infosecurity Magazine

Dutch cops cuff alleged AVCheck malware kingpin in Amsterdam • The Register

Why are cybercriminals getting younger? | TechRadar

Hacker gets seven years for breaching Rotterdam and Antwerp ports

'Violence-as-a-service' suspect arrested • The Register

Appeal fails for hacker who opened port to coke smugglers • The Register

Illinois man charged with hacking Snapchat accounts to steal nude photos

Linux and Open Source

New Linux malware targets the cloud, steals creds, then vanishes • The Register

Experts warn this new Chinese Linux malware could be preparing something seriously worrying | TechRadar

GoBruteforcer Botnet Targets 50K-plus Linux Servers

New Chinese-Made Malware Framework Targets Linux Cloud Environments - Infosecurity Magazine

Europe Has a New Plan to Break Free from US Tech Dominance

Malware

New Linux malware targets the cloud, steals creds, then vanishes • The Register

Experts warn this new Chinese Linux malware could be preparing something seriously worrying | TechRadar

ValleyRAT_S2 Attacking Organizations to Deploy Stealthy Malware and Extract Financial Details

GoBruteforcer Botnet Targets 50K-plus Linux Servers

Mac users are being targeted by a fake Grok app, and it's powered by AI - PhoneArena

Beware of Weaponized Employee Performance Reports that Deploys Guloader Malware

New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack

How real software downloads can hide remote backdoors | Malwarebytes

Gootloader now uses 1,000-part ZIP archives for stealthy delivery

Dutch cops cuff alleged AVCheck malware kingpin in Amsterdam • The Register

Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces

Misinformation, Disinformation and Propaganda

The quiet way AI normalizes foreign influence | CyberScoop

Mobile

Your phone is sharing data without your knowledge - how to stop it ASAP | ZDNET

Apple iPhone Attacks Confirmed — Experts Warn 'Update Now or Stay Exposed' | IBTimes

Tories want kids off social media and phones out of schools • The Register

Models, Frameworks and Standards

UK government exempting itself from flagship cyber law inspires little confidence • The Register

Parliament Asks Security Pros to Shape Cyber Security and Resilience Bill - Infosecurity Magazine

Michael Tsai - Blog - UK Child Protections and Messaging Backdoor

How the OWASP Application Security Verification Standard Helps Improve Software Security - Security Boulevard

Outages

Investor Lawsuit Over CrowdStrike Outage Dismissed - SecurityWeek

Verizon blames nationwide outage on a "software issue"

Passwords, Credential Stuffing & Brute Force Attacks

Fog Ransomware Attacking US Organizations Leveraging Compromised VPN Credentials

Credential-harvesting attacks by APT28 hit Turkish, European, and Central Asian organizations

Regulations, Fines and Legislation

UK government exempting itself from flagship cyber law inspires little confidence • The Register

Privacy and Cybersecurity Laws in 2026 Pose Challenges

France fines telcos €42M for issues leading to 2024 breach • The Register

The Impact of AI-Enabled Capabilities on the Application of International Law in the Cyber Domain - Lieber Institute West Point

U.K. investigation into X over AI deepfakes risks igniting a U.S.-Europe free speech battle | Fortune

Elon Musk calls UK government ‘fascist’ over touted X ban

California AG launches investigation into X’s sexualized deepfakes | CyberScoop

EU’s Chat Control could put government monitoring inside robots - Help Net Security

Dems pressure Google, Apple to drop X app as international regulators turn up heat | CyberScoop

Ofcom continues X probe despite Grok 'nudify' fix • The Register

The US doesn’t need a Cyber Force: it needs to prioritize cybersecurity

Hill warning: Don’t put cyber offense before defense | CyberScoop

Treat US tech firms the same as Chinese providers say campaigners | UKAuthority

UK backtracks on digital ID requirement for right to work • The Register

US cybersecurity weakened by congressional delays despite Plankey renomination | CSO Online

Social Media

Phishing scammers are posting fake “account restricted” comments on LinkedIn | Malwarebytes

Ofcom continues X probe despite Grok 'nudify' fix • The Register

Browser-in-the-Browser phishing is on the rise: Here's how to spot it - Help Net Security

Trellix warns of advanced Facebook phishing using browser-in-the-browser attacks - SiliconANGLE

Facebook login thieves now using browser-in-browser trick

Tories want kids off social media and phones out of schools • The Register

Instagram says it fixed the issue behind shady password reset emails - Digital Trends

Instagram denies breach amid claims of 17 million account data leak

Supply Chain and Third Parties

Enterprise security faces a three-front war: cybercrime, AI misuse, and supply chains - Help Net Security

Cyber Risk Enters a New Era as AI Reshapes Global Security

CISOs flag gaps in third-party risk management - Help Net Security

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

State-backed cyberattacks are no longer a government problem – they’re now a boardroom priority - Growth Business

The quiet way AI normalizes foreign influence | CyberScoop

Is the US adopting the gray zone cyber playbook? | CyberScoop

Estonia: Small State Security and the International Order

Taiwan Endures Greater Cyber Pressure From China

Nation State Actors

State-backed cyberattacks are no longer a government problem – they’re now a boardroom priority - Growth Business

Cyber Risk Enters a New Era as AI Reshapes Global Security

The quiet way AI normalizes foreign influence | CyberScoop

Crypto crime hits record levels as state actors move billions - Help Net Security

China

New Linux malware targets the cloud, steals creds, then vanishes • The Register

Experts warn this new Chinese Linux malware could be preparing something seriously worrying | TechRadar

China crew abused ESXi zero-days a year before disclosure • The Register

Scope Of Chinese ‘Salt Typhoon’ Hack Keeps Getting Worse, As Trump Dismantles U.S. Cybersecurity Defenses | Techdirt

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

New Chinese-Made Malware Framework Targets Linux Cloud Environments - Infosecurity Magazine

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China bans U.S. and Israeli cybersecurity software over security concerns

Taiwan Endures Greater Cyber Pressure From China

China spies used Maduro capture as lure to phish US agencies • The Register

Treat US tech firms the same as Chinese providers say campaigners | UKAuthority

Russia

Russia’s Fancy Bear APT Doubles Down on Global Secrets Theft

Russia’s Cyber Sanctuary in Transition: Implications for Global Cybercrime | Geopolitical Monitor

Credential-harvesting attacks by APT28 hit Turkish, European, and Central Asian organizations

Russia-linked APT28 targets energy and defense groups tied to NATO | SC Media

Poland was on the verge of large-scale power outages due to Russian cyber sabotage - Minister Gawkowski | УНН

Ukraine's army targeted in new charity-themed malware campaign

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces

ICE Agent Doxxing Site DDoS-ed Via Russian Servers - Infosecurity Magazine

France swaps alleged ransomware crook for conflict researcher • The Register

Estonia: Small State Security and the International Order

North Korea

FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes - SecurityWeek

North Korea turns QR codes into phishing weapons • The Register

FBI Flags Quishing Attacks From North Korean APT

Iran

MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors

Iran cuts Internet nationwide amid deadly protest crackdown

‘Kill Switch’—Iran Shuts Down Starlink Internet For First Time

Trump’s cyber options in Iran - POLITICO

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Cyber Risk Enters a New Era as AI Reshapes Global Security

The quiet way AI normalizes foreign influence | CyberScoop

Venezuelan Oil Industry Is Running on WhatsApp After Cyberattack - Bloomberg

Trump’s cyber options in Iran - POLITICO

Treat US tech firms the same as Chinese providers say campaigners | UKAuthority

Is the US adopting the gray zone cyber playbook? | CyberScoop

How hackers fight back against ICE surveillance tech • The Register

Tools and Controls

Hackers Use Fake PayPal Notices to Steal Credentials, Deploy RMMs - Infosecurity Magazine

CISOs flag gaps in third-party risk management - Help Net Security

Fog Ransomware Attacking US Organizations Leveraging Compromised VPN Credentials

Vibe coding security risks and how to mitigate them | TechTarget

Downtime pushes resilience planning into security operations - Help Net Security

Cybersecurity spending keeps rising, so why is business impact still hard to explain? - Help Net Security

China bans U.S. and Israeli cybersecurity software over security concerns

What insurers expect from cyber risk in 2026 - Help Net Security

The 2 faces of AI: How emerging models empower and endanger cybersecurity | CSO Online

DRAM shortage may drive firewall prices higher: analysts • The Register

Deploying AI agents is not your typical software launch - 7 lessons from the trenches | ZDNET

How the OWASP Application Security Verification Standard Helps Improve Software Security - Security Boulevard

Reports Published in the Last Week

The State of Ransomware in the U.S.: Report and Statistics 2025

Other News

Cybersecurity risk will accelerate this year, fueled in part by AI, says World Economic Forum | CSO Online

The Speed Mismatch Putting Modern Security At Risk

UK establishes Government Cyber Unit to protect against large-scale cyberattacks - SZR | УНН

New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification

Cyber body ISC2 signs on as UK software security ambassador | Computer Weekly

Hedge funds step up cybersecurity spending amid rising threats and regulatory pressure - Hedgeweek

Act Now To Enhance Your Business's Cyber Resilience - British Chambers of Commerce

Cyber Threat Actors Ramp Up Attacks on Industrial Environments - Infosecurity Magazine

The concerning cyber-physical security disconnect | SC Media

The US doesn’t need a Cyber Force: it needs to prioritize cybersecurity

Cyber Threats Loom Over 2026 Winter Olympics

Vulnerability Management

Vulnerabilities Surge, But Messy Reporting Blurs Picture

Vulnerabilities

Hackers Launched 8.1 Million Attack Sessions to React2Shell Vulnerability

China crew abused ESXi zero-days a year before disclosure • The Register

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws

PoC exploit for critical FortiSIEM vulnerability released (CVE-2025-64155) - Help Net Security

Apple iPhone Attacks Confirmed — Experts Warn 'Update Now or Stay Exposed' | IBTimes

Hackers exploit Modular DS WordPress plugin flaw for admin access

Microsoft SQL Server Vulnerability Allows Attackers to Elevate Privileges over a Network

Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking | WIRED

Flipping one bit leaves AMD CPUs open to VM vuln • The Register

Trend Micro Patches Critical Code Execution Flaw in Apex Central - SecurityWeek

CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution

'Most Severe AI Vulnerability to Date' Hits ServiceNow

Adobe Patches Critical Apache Tika Bug in ColdFusion - SecurityWeek

SAP's January 2026 Security Updates Patch Critical Vulnerabilities - SecurityWeek

Broadcom Wi-Fi Chipset Flaw Allows Hackers to Disrupt Networks - SecurityWeek

8000+ SmarterMail Hosts Vulnerable to RCE Attack - PoC Exploit Released

US government told to patch high-severity Gogs security issue or face attack | TechRadar

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.

Executive Summary

January’s security releases are dominated by Microsoft’s Patch Tuesday, which addresses over a hundred CVEs and includes an actively exploited zero-day, alongside SAP fixes containing multiple critical issues and Adobe updates across key Creative Cloud applications plus ColdFusion. The highest risks this month centre on remote code execution, elevation of privilege, and injection flaws affecting business-critical and user-facing systems. Prioritise patching for internet-facing services, identity and access components, and widely deployed endpoint and productivity tooling.

Vulnerabilities by Vendor

• Microsoft[1]: 112 vulnerabilities, affecting Windows, Microsoft 365 and Office, browser components, developer tools, and enterprise services. Prioritise updates addressing actively exploited vulnerabilities and critical remote code execution or privilege escalation paths, especially on internet facing and end user endpoints.

• SAP[2]: 19 vulnerabilities affecting SAP S/4HANA (private cloud and on premise), SAP HANA, SAP NetWeaver (including AS ABAP and Enterprise Portal), RFCSDK, Identity Management, and supporting components. Prioritise critical and high severity fixes first, particularly where systems are exposed to users, integrations, or administrative workflows.

• Adobe[3]: 25 vulnerabilities affecting Creative Cloud applications (including Dreamweaver, InDesign, Illustrator, InCopy, Bridge, and Substance 3D tools) plus ColdFusion. Prioritise updates that address arbitrary code execution, and treat ColdFusion as urgent where it is deployed in production or accessible to untrusted inputs.

What’s the risk to me or my business?

The presence of actively exploited zero-days and critical RCE/privilege escalation vulnerabilities across major enterprise platforms significantly elevates the risk of data breaches, lateral movement, malware deployment, and full system compromise.

What can I do?

Black Arrow recommends promptly applying the available security updates for all affected products. Prioritise patches for vulnerabilities that are actively exploited or rated as critical or high severity. Regularly review and update your organisation's security policies and ensure that all systems are running supported and up-to-date software versions.

Footnotes:
1 Microsoft — https://msrc.microsoft.com/update-guide/releaseNote/2026-Jan
2 SAP — https://support.sap.com/en/my-support/knowledge-base/security-notes-news/january-2026.html
3 Adobe — https://helpx.adobe.com/security.html

Throughout the year in our weekly Cyber Threat Intelligence Briefing, we bring you insights into the evolving cyber risks that your business faces and importantly, what you can do about them. As a business leader, you are not expected to be a cyber expert; you just need a sound grasp of the fundamentals, and an objective assessment of your risks and controls from an impartial expert so you can appropriately challenge your control providers. Proportionality and impartiality are key, and so too is keeping up to date with how the ground is shifting.

Here are five of our focus areas for this year, to help keep your business running in a more secure environment. Other risks such as ransomware and business email compromise remain high on the list too. We discuss these and many others in our weekly threat intelligence email; subscribe today and contact us for impartial expertise on how to address your risks through proportionate security.

1.      Tailored Attacks Using Agentic AI

Agentic AI tools can autonomously design and execute attacks, leveraging resources they identify. We already saw examples in 2025, and this will ramp up in 2026. The result is faster and more potent attacks, tailored to the victim.

What to do: review your controls including vulnerability management, access management, and monitoring and detection. And keep your finger on the pulse through good governance; this includes discussing reports and knowing how to challenge what you see, and keeping abreast of evolving risks through threat intelligence.

2.      Deepfake and Voice AI Become Commonplace

What was considered sophisticated deepfake in 2025 will be commonplace in 2026. Technology has advanced and is more widely used since the infamous $25m deepfake payment fraud in Hong Kong. AI deepfake video and voice will be used increasingly in social engineering attacks for fraudulent payment callbacks, malicious employee recruitment, and other attacks.

What to do: assess your security across your people, operations and technology, because that is what the attacker is doing. Review your controls and processes, including the use of purchase orders and outbound callback checks. Train your people on why the controls exist, how to stick to them, and how to raise a flag if something is unusual such as someone scheduling a work call via WhatsApp.

3.      Break In Through the Supply Chain

When attackers compromise a service provider, such as an MSP or payroll provider, they can access the systems and data of all its customers, including yours. Remember also, it’s about your supply chain, not just your suppliers. For example, consider how readily you click on a SharePoint link in a client email, and whether that email could be sent by an attacker lurking in your client’s systems.

What to do: Check how your third parties identify and mitigate the risk of attacker access. Do this by asking targeted questions, and evaluating the responses including with support from impartial experts. From this, assess what controls you need to have to manage any resulting risks to you.

4.      Regulatory Consequences

Regulators are taking a harder line on penalties after a cyber or data breach. Looking at the published reports by authorities in different countries, they appear increasingly frustrated when breaches harm the public due to organisations failing to implement proportionate security measures. Regulations are tightening, from the EU’s DORA in 2025 to new laws anticipated in countries such as the UK.

What to do: implement proportionate and credible governance over your cyber security; the UK’s Cyber Governance Code of Practice is a good starting point, and note its repeated use of “Gain assurance that…”. This means avoiding ‘compliance theatre’, instead recognising that the true objective is to defend yourself against the attacker, not just the regulator.

5.      Resilience and Security

We see a greater focus on cyber resilience, building on and going beyond the foundations of cyber security. Good security can reduce the frequency and impact of a cyber incident, while cyber resilience requires business leaders to acknowledge evolving attacker tactics and ask ‘Yes, we have some good security, but what do we do if someone still gets through?’. In late 2025 for example, the UK Government wrote to business leaders urging them to prepare for managing a cyber incident.

What to do: get your leadership team together in a workshop, assume an attacker has breached your security, and work through your responses across people, operations and technology. The conversation needs to be run by a skilled cyber specialist who is not a control provider, to freely explore the possibilities. Consider also the paper-and-pen operational processes you will use during an incident, and challenge every assumption by creating an open and collaborative workshop environment.

Subscribe to our weekly Cyber Threat Intelligence Briefing via our website www.blackarrowcyber.com, and contact us to hear how we are supporting clients in various countries and sectors to manage their cyber security risks in a proportionate way.

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

This week’s review of cyber security insights in the specialist and general media includes a look back at 2025 and a look forward to 2026, with recommended focus areas for business leaders. Last year saw an increase in attacks and a greater focus on gaining entry through employees and third parties, and exploiting insufficient controls around access management.

The escalation in risks requires business leaders in 2026 to test their resilience to a cyber attack through rehearsals of the incident response plan. From experience of running many simulations with clients across the world, we strongly recommend the rehearsal should be led by an impartial cyber and business expert to take you and your control providers, including IT, into ‘what if’ scenarios that help to flush out assumptions.

This week, we also include news on attack campaigns for you to be aware of, including fake DocuSign emails and the continued attacks on organisations that rely only on passwords to secure access.

Contact us to discuss how to reflect our threat intelligence briefing in your approach to cyber security, in an impartial and proportionate manner.

Top Cyber Stories of the Last Week

2025 Proved Hackers Aren’t Slowing Down – and Neither Should You

Cyber activity intensified in 2025, with ransomware, espionage, cryptomining and infostealers hitting manufacturing, aerospace and critical infrastructure. Attackers are moving beyond passwords to session token theft, exploiting non-human identities and AI-driven social engineering. The Jaguar Land Rover incident shows third-party compromise can cripple operations. Business leaders should prioritise a Zero Trust model, and encourage staff to pause before clicking and to verify urgent requests before acting.

Source: https://www.phonearena.com/news/2025-proved-hackers-arent-slowing-down-neither-should-you_id177153

Ransomware Attacks Kept Climbing in 2025 as Gangs Refused to Stay Dead

Ransomware victim numbers rose sharply in 2025, with thousands of organisations named on extortion sites. Law enforcement disrupted several major groups, but attackers quickly re-emerged under new brands and affiliations. Entry points increasingly involve social engineering and stolen credentials rather than technical exploits, keeping barriers to entry low. To address this, organisations should prioritise protecting credentials, staff vigilance, and testing recovery plans, recognising that law enforcement action rarely eliminates the threat of attack.

Source: https://www.theregister.com/2026/01/08/ransomware_2025_emsisoft/

Phishing Kits Soared in Popularity Last Year as Rookie Hackers Ramped Up DIY Cyber Attacks

Phishing kits are making large-scale attacks easier, with most high-volume campaigns relying on pre-built tools that support MFA bypass and evasion. QR codes and obfuscated links are increasingly used to avoid detection, enabling less skilled attackers to run sophisticated campaigns. Business leaders should focus on strengthening access controls and authentication, reducing link-clicking behaviour, and ensuring staff recognise QR and MFA-bypass lures as part of routine security awareness.

Source: https://www.itpro.com/security/phishing/phishing-as-a-service-kits-growth-2025-barracuda

Cyber Risk Trends for 2026: Building Resilience, Not Just Defences

Cyber risk in 2026 is shaped by increasingly automated, persistent and intelligent attacks; this requires business leaders to shift their focus to resilience across governance, operations, technology and people. Key pressures include AI-driven social engineering, third-party dependencies, uncertainty around quantum computing risks and geopolitical instability. Priorities include ensuring recovery readiness and clear ownership, strengthening how identity and access are managed, and rehearsing incident response that measures success by time to detect, contain and recover.

Source: https://www.securityweek.com/cyber-risk-trends-for-2026-building-resilience-not-just-defenses/

Cyber Risk in 2026: How Geopolitics, Supply Chains and Shadow AI Will Test Resilience

Geopolitical friction will amplify cyber risk in 2026 due to shifting alliances and sanctions. Employee use of AI tools that are not within the remit of the organisation’s security controls adds unmanaged risks to vulnerability management, incident response and resilience processes. Maritime logistics is a prime target, with resilient shipping relying on real-time monitoring and intelligence-led risk exposure management. Business leaders should embed AI governance and geopolitical awareness into risk planning.

Source: https://www.infosecurity-magazine.com/opinions/geopolitics-supply-chains-shadow/

Average Cyberattack Cost Hits $2.5M as Recovery Lags

A survey of 750 CISOs across the US and UK shows recovery is taking longer and costing more, with average recovery costs at $2.5M. Many organisations face days of downtime and some up to weeks. Fewer organisations now have formal cyber resilience strategies, yet boards still expect zero breaches. Leadership responses include resetting expectations, prioritising rapid recovery, and reducing time to restore operations rather than relying solely on prevention.

Source: https://www.telecomstechnews.com/news/average-cyberattack-cost-hits-2-5m-as-recovery-lags/

New Phishing Attack Impersonate as DocuSign Deploys Stealthy Malware on Windows Systems

Attackers are using fake DocuSign emails to trick staff into launching malware on Windows devices. The campaign is designed to evade common security checks and can run without obvious warning signs. Organisations should confirm their endpoint protections can detect malicious activity triggered through email links or attachments, and ensure staff treat unexpected document-signing requests with caution and verify requests via trusted channels.

Source: https://cybersecuritynews.com/new-phishing-attack-impersonate-as-docusign/

Phishers Exploit Office 365 Users Who Let Their Guard Down

Phishing attacks are increasingly exploiting misconfigured Office 365 tenants allowing attackers to spoof trusted domains and route messages in ways that evade controls. In October 2025 alone, Microsoft reported blocking over 13 million MFA-bypass phishing emails linked to an attack campaign known as Tycoon2FA. To reduce risks, ensure tenant email authentication controls are correctly configured, prioritise phishing-resistant MFA, and treat email-based password resets as a high-risk process.

Source: https://www.darkreading.com/cloud-security/phishers-exploit-office-365-users-guard-down

Dozens of Organisations Fall Victim to Infostealers After Failing to Enforce MFA

Fifty global organisations were compromised after relying on passwords alone to access cloud systems. Attackers used infostealers to harvest stored credentials, including some that were years old, and accessed cloud platforms and exfiltrated large volumes of data, including a reported 139GB from one firm. Business leaders should ensure MFA is enforced for cloud access, reduce reuse of old credentials, and monitor access logs and unusual downloads.

Source: https://www.techradar.com/pro/security/dozens-of-organizations-fall-victim-to-infostealers-after-failing-to-enforce-mfa

Governance, Risk and Compliance

The Big Risks for ’26 – Resilience key in navigating cyber landscape

Cyber Risk Trends for 2026: Building Resilience, Not Just Defenses - SecurityWeek

2025 proved hackers aren’t slowing down – and neither should you - PhoneArena

What European security teams are struggling to operationalize - Help Net Security

Average cyberattack cost hits $2.5M as recovery lags

8 things CISOs can’t afford to get wrong in 2026 | CSO Online

Threats

Ransomware, Extortion and Destructive Attacks

Inside the Cyber Extortion Boom: Phishing Gangs and Crime-as-a-Service - Infosecurity Magazine

New ransomware tactics to watch out for in 2026

Ransomware on the rise: why mid-market firms are in the crosshairs - Raconteur

The Big Risks for ’26 – Resilience key in navigating cyber landscape

Two cybersecurity experts plead guilty to running ransomware operation | CSO Online

Hackers Trapped in Resecurity’s Honeypot During Targeted Attack on Employee Network

Ransomware Victims

Ransomware Hits a Claims Giant: What the Sedgwick Breach Reveals About Modern Extortion Attacks - Security Boulevard

Cyberattack slams Jaguar Land Rover sales| Cybernews

Everest claims large insurance platform Bolttech | Cybernews

Nuneaton school reopening delayed to next week after cyber attack - BBC News

Sedgwick discloses data breach after TridentLocker ransomware attack

Jaguar Land Rover sales slump sharply amid US tariffs and cyber-attack

Cressi diving gear allegedly breached by hackers | Cybernews

Covenant Health data breach after ransomware attack impacted over 478,000 people

Phishing & Email Based Attacks

Phishers Exploit Office 365 Users Who Let Their Guard Down

Inside the Cyber Extortion Boom: Phishing Gangs and Crime-as-a-Service - Infosecurity Magazine

Phishing-as-a-service kits doubled in 2025 as tactics evolve - BetaNews

International Threats: Themes for Regional Phishing Campaigns - Security Boulevard

New Phishing Attack Impersonate as DocuSign Deploys Stealthy Malware on Windows Systems

Microsoft sends warning over new type of phishing attack | Cybernews

Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign

Phishing campaign abuses Google Cloud services to steal Microsoft 365 logins | Malwarebytes

This phishing campaign spoofs internal messages - here's what we know | TechRadar

Cybercriminals use HTML to hide QR code phishing | Cybernews

Phishing kits soared in popularity last year as rookie hackers ramped up DIY cyber attacks | IT Pro

What the Year’s Biggest Phishing Scams Reveal

Pornhub tells users to expect sextortion emails after data exposure | Malwarebytes

Phishing actors exploit complex routing and misconfigurations to spoof domains | Microsoft Security Blog

Hackers target Booking.com users | Cybernews

Email-first cybersecurity predictions for 2026 - Security Boulevard

Fake emails target Cardano users with remote access malware

Other Social Engineering

Hackers target Booking.com users | Cybernews

ClickFix attack uses fake Windows BSOD screens to push malware

Pornhub tells users to expect sextortion emails after data exposure | Malwarebytes

Voice cloning defenses are easier to undo than expected - Help Net Security

I Talked to Cybersecurity Experts After These LinkedIn Scams Almost Fooled Me - CNET

Russian hackers target European hospitality industry with ‘blue screen of death’ malware | The Record from Recorded Future News

Fraud, Scams and Financial Crime

Why governments need to treat fraud like cyberwarfare, not customer service | CyberScoop

Digital wallet fraud: how your bank card can be stolen without it leaving your wallet | Banks and building societies | The Guardian

What the Year’s Biggest Phishing Scams Reveal

FCC finalizes new penalties for robocall violators | CyberScoop

A quarter of a billion spam numbers have been logged - and nuisance calls just keep increasing, despite government crackdown | The Independent

Artificial Intelligence

Cyber Risk In 2026: How Geopolitics, Supply Chains and Shadow AI Will Test Resilience - Infosecurity Magazine

AI security risks are also cultural and developmental - Help Net Security

AI, Quantum, and the New Threat Frontier: What Will Define Cybersecurity in 2026? - Security Boulevard

When AI agents interact, risk can emerge without warning - Help Net Security

In 2026, Hackers Want AI: Threat Intel on Vibe Hacking & HackGPT

Security Experts Dire Warning on AI Agents in 2026

Yes, criminals are using AI to vibe-code malware • The Register

Voice cloning defenses are easier to undo than expected - Help Net Security

EU plans new AI data rules, privacy at risk| Cybernews

Europe looks to AI resilience amid growing risk

NIST Releases Preliminary Draft Cyber AI Profile

AI agents 2026's biggest insider threat: PANW security boss • The Register

Agentic AI Is an Identity Problem and CISOs Will Be Accountable for the Outcome

Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users

ChatGPT's Memory Feature Supercharges Prompt Injection

New Zero-Click Attack Lets ChatGPT User Steal Data - Infosecurity Magazine

Legacy IAM was built for humans — and AI agents now outnumber them 82 to 1 | VentureBeat

Identity becomes the 2026 battleground as AI erases trust signals | SC Media

China moves to rein in 'anthropomorphic' AI chatbots

Government demands Musk's X deals with 'appalling' Grok AI - BBC News

‘Elon Musk is playing with fire:’ All the legal risks that apply to Grok’s deepfake disaster | CyberScoop

UK regulators swarm X after Grok generated nudes from photos • The Register

2FA/MFA

One criminal stole info from 50 orgs thanks to no MFA • The Register

Dozens of Major Data Breaches Linked to Single Threat Actor - SecurityWeek

Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass

Malware

Dozens of organizations fall victim to infostealers after failing to enforce MFA | TechRadar

Dozens of Major Data Breaches Linked to Single Threat Actor - SecurityWeek

New Phishing Attack Impersonate as DocuSign Deploys Stealthy Malware on Windows Systems

2.2M Chrome, Firefox, Edge users impacted by meeting-stealing malware​ | Cybernews

Infostealers Enable Attackers to Hijack Legitimate Business Infrastructure for Malware Hosting

Yes, criminals are using AI to vibe-code malware • The Register

Versatile Malware Loader pkr_mtsi Delivers Diverse Payloads - Infosecurity Magazine

Hackers target Booking.com users | Cybernews

ClickFix attack uses fake Windows BSOD screens to push malware

How attackers are weaponizing open-source package managers [Q&A] - BetaNews

GoBruteforcer Botnet Targets Linux Servers - Infosecurity Magazine

Fake emails target Cardano users with remote access malware

New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code

Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025

Who Benefited from the Aisuru and Kimwolf Botnets? – Krebs on Security

Astaroth banking Trojan spreads in Brazil via WhatsApp worm

Bots/Botnets

The Kimwolf Botnet is Stalking Your Local Network – Krebs on Security

Kimwolf Botnet Hacked 2 Million Devices and Turned User’s Internet Connection as Proxy Node

GoBruteforcer Botnet Targets Linux Servers - Infosecurity Magazine

Who Benefited from the Aisuru and Kimwolf Botnets? – Krebs on Security

Mobile

Digital wallet fraud: how your bank card can be stolen without it leaving your wallet | Banks and building societies | The Guardian

Google fixes critical Dolby Decoder bug in Android January update

HSBC blocks app users for having sideloaded password manager • The Register

Do Smartphone Apps Spy On Your Contacts?

Denial of Service/DoS/DDoS

5 myths about DDoS attacks and protection | CSO Online

New ransomware tactics to watch out for in 2026

Internet of Things – IoT

When the Cloud Rains on Everyone's IoT Parade

Hundreds of British buses have Chinese ‘kill switch’

Data Breaches/Leaks

Experts Trace $35m in Stolen Crypto to LastPass Breach - Infosecurity Magazine

Hackers Allegedly Steal Access Tokens, Confidential Documents From European Space Agency

Hackers claim to hack Resecurity, firm says it was a honeypot

Cybercrook claims to sell critical info about utilities • The Register

NordVPN denies breach claims, says attackers have "dummy data"

Manage My Health hack: New Zealand's worst cybersecurity incidents | RNZ News

Brightspeed investigates breach as crims post data for sale • The Register

More than 100,000 households warned after cyber attack on Kensington and Chelsea Council | The Independent

Covenant Health data breach after ransomware attack impacted over 478,000 people

Leak exposes Knownsec’s role in state cyber targeting | Cybernews

Organised Crime & Criminal Actors

Inside the Cyber Extortion Boom: Phishing Gangs and Crime-as-a-Service - Infosecurity Magazine

In 2026, Hackers Want AI: Threat Intel on Vibe Hacking & HackGPT

Billion-dollar Bitcoin hacker Ilya Lichtenstein thanks Trump for early prison release | The Verge

Alleged cybercrime kingpin arrested and extradited to China, Cambodia says | CNN

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Experts Trace $35m in Stolen Crypto to LastPass Breach - Infosecurity Magazine

Crypto wallet firm Ledger faces new data breach through Global-e partner

Billion-dollar Bitcoin hacker Ilya Lichtenstein thanks Trump for early prison release | The Verge

Coinbase insider who sold customer data to criminals arrested in India

Illegal crypto dealings hit $154B amid surge in state-sponsored threats - Chainalysis report - Cryptopolitan

Fake emails target Cardano users with remote access malware

Insider Risk and Insider Threats

Coinbase insider who sold customer data to criminals arrested in India

AI agents 2026's biggest insider threat: PANW security boss • The Register

Insurance

CISOs Face A Tighter Insurance Market in 2026

Supply Chain and Third Parties

Crypto wallet firm Ledger faces new data breach through Global-e partner

Cyber Risk In 2026: How Geopolitics, Supply Chains and Shadow AI Will Test Resilience - Infosecurity Magazine

Cloud/SaaS

Dozens of organizations fall victim to infostealers after failing to enforce MFA | TechRadar

Cloud file-sharing sites targeted for corporate data theft attacks

When the Cloud Rains on Everyone's IoT Parade

Phishers Exploit Office 365 Users Who Let Their Guard Down

Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign

Phishing campaign abuses Google Cloud services to steal Microsoft 365 logins | Malwarebytes

Phishing attacks exploit misconfigured emails to target Microsoft 365 - Infosecurity Magazine

Europe’s Cloud Debate Is Looking the Wrong Way: It’s Not Concentration – It’s Lock-In |

Identity and Access Management

Agentic AI Is an Identity Problem and CISOs Will Be Accountable for the Outcome

Identity becomes the 2026 battleground as AI erases trust signals | SC Media

Enterprises still aren’t getting IAM right – Computerworld

Legacy IAM was built for humans — and AI agents now outnumber them 82 to 1 | VentureBeat

Encryption

AI, Quantum, and the New Threat Frontier: What Will Define Cybersecurity in 2026? - Security Boulevard

The U.K.’s Plan for Electronic Eavesdropping Poses Cybersecurity Risks | Lawfare

Linux and Open Source

GoBruteforcer Botnet Targets Linux Servers - Infosecurity Magazine

Passwords, Credential Stuffing & Brute Force Attacks

Infostealers Enable Attackers to Hijack Legitimate Business Infrastructure for Malware Hosting

Phishing campaign abuses Google Cloud services to steal Microsoft 365 logins | Malwarebytes

Cryptocurrency theft attacks traced to 2022 LastPass breach

HSBC blocks app users for having sideloaded password manager • The Register

Palo Alto crosswalks hacked due to unchanged default passwords - Boing Boing

Social Media

I Talked to Cybersecurity Experts After These LinkedIn Scams Almost Fooled Me - CNET

BBC Bitesize Launches Media Literacy Series To Help Teens Separate Fact From Fiction Online - IT Security Guru

Regulations, Fines and Legislation

The U.K.’s Plan for Electronic Eavesdropping Poses Cybersecurity Risks | Lawfare

EU plans new AI data rules, privacy at risk| Cybernews

Europe looks to AI resilience amid growing risk

Trump admin lifts sanctions on Predator-linked spyware execs • The Register

Uk Government's Digital ID plan is a ‘huge new cyber risk’ say Tories

Cyber security Bill will introduce mandatory digital ID by stealth, say Tories | Morning Star

Age verification changed the internet in 2025 – here's what it means for your privacy in 2026 | TechRadar

Cybersecurity Act review: What to expect | Epthinktank | European Parliament

Trump pulls US out of international cyber orgs | CyberScoop

US To Leave Global Forum on Cyber Expertise - Infosecurity Magazine

Billion-dollar Bitcoin hacker Ilya Lichtenstein thanks Trump for early prison release | The Verge

China moves to rein in 'anthropomorphic' AI chatbots

Government demands Musk's X deals with 'appalling' Grok AI - BBC News

FCC finalizes new penalties for robocall violators | CyberScoop

Time to restore America’s cyberspace security system | CyberScoop

Nearly half of UK users watch unverified porn | Cybernews

Models, Frameworks and Standards

Uk Government's Digital ID plan is a ‘huge new cyber risk’ say Tories

Cyber security Bill will introduce mandatory digital ID by stealth, say Tories | Morning Star

Cyber Security and Resilience (Network and Information Systems) Bill: call for evidence - UK Parliament

Cybersecurity Act review: What to expect | Epthinktank | European Parliament

NIST Releases Preliminary Draft Cyber AI Profile

Careers, Roles, Skills, Working in Cyber and Information Security

Why cybersecurity cannot hire its way through the AI era | CyberScoop

The Pentagon’s short more than 20,000 cyber pros. Veterans could help fill the gap.

Cybersecurity skills matter more than headcount in the AI era | CSO Online

6 strategies for building a high-performance cybersecurity team | CSO Online

Law Enforcement Action and Take Downs

Billion-dollar Bitcoin hacker Ilya Lichtenstein thanks Trump for early prison release | The Verge

Alleged cybercrime kingpin arrested and extradited to China, Cambodia says | CNN

Two cybersecurity experts plead guilty to running ransomware operation | CSO Online

Founder of spyware maker pcTattletale pleads guilty to hacking and advertising surveillance software | TechCrunch

Misinformation, Disinformation and Propaganda

BBC Bitesize Launches Media Literacy Series To Help Teens Separate Fact From Fiction Online - IT Security Guru

US, observers watch for cyber, disinformation campaigns in wake of Venezuela raid - Defense One

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

A rash of Baltic cable-cutting raises fears of sabotage

Russia Builds Underwater Drone Fleet That Could Target NATO Cables and Pipelines — UNITED24 Media

Leak exposes Knownsec’s role in state cyber targeting | Cybernews

Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025

What is happening to the Internet in Venezuela?

Nation State Actors

Cyber Risk In 2026: How Geopolitics, Supply Chains and Shadow AI Will Test Resilience - Infosecurity Magazine

Illegal crypto dealings hit $154B amid surge in state-sponsored threats - Chainalysis report - Cryptopolitan

China

Leak exposes Knownsec’s role in state cyber targeting | Cybernews

New China-linked hackers breach telcos using edge device exploits

Hundreds of British buses have Chinese ‘kill switch’

China hits Taiwan with 2.6M cyberattacks a day | Cybernews

Taiwan blames Chinese ‘cyber army’ for rise in millions of daily intrusion attempts | CyberScoop

China-linked groups intensify attacks on Taiwan’s critical infrastructure, NSB warns

China moves to rein in 'anthropomorphic' AI chatbots

China’s New Cybersecurity Law Demands Faster Incident Reporting From Companies - gHacks Tech News

Congressional staff emails hacked as part of Salt Typhoon campaign | TechRadar

Russia

A rash of Baltic cable-cutting raises fears of sabotage

Russia Builds Underwater Drone Fleet That Could Target NATO Cables and Pipelines — UNITED24 Media

ClickFix attack uses fake Windows BSOD screens to push malware

Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025

Hackers target Booking.com users | Cybernews

Russian hackers target European hospitality industry with ‘blue screen of death’ malware | The Record from Recorded Future News

Starlink Satellites Might Start Falling Out Of The Sky Due To This New Threat

North Korea

North Korean hackers using QR codes to attack governments and think tanks: FBI | NK News

The Evolution of North Korea – And What To Expect In 2026 | SC Media UK

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

International Threats: Themes for Regional Phishing Campaigns - Security Boulevard

Cyber Risk In 2026: How Geopolitics, Supply Chains and Shadow AI Will Test Resilience - Infosecurity Magazine

Trump suggests US used cyberattacks to turn off lights in Venezuela during strikes - POLITICO

US Action in Venezuela Provokes Cyberattack Speculation

Trump suggests US used cyberattacks to turn off lights in Venezuela during strikes - POLITICO

What is happening to the Internet in Venezuela?

US, observers watch for cyber, disinformation campaigns in wake of Venezuela raid - Defense One

President Trump Orders Divestment in $2.9 Million Chips Deal to Protect US Security Interests - SecurityWeek

Cyberattacks Likely Part of Military Operation in Venezuela

Critics pan spyware maker NSO's transparency claims amid its push to enter US market | TechCrunch

Tools and Controls

Cyber Risk Trends for 2026: Building Resilience, Not Just Defenses - SecurityWeek

Think of executive security as a must-have, not a luxury | SC Media

Logitech caused its mice to freak out by not renewing a certificate | The Verge

Security teams are paying more attention to the energy cost of detection - Help Net Security

How AI is Changing the Incident Response Landscape: What GCs Need to Know | Alston & Bird - JDSupra

The Boardroom Case for Penetration Testing - Security Boulevard

Why cybersecurity cannot hire its way through the AI era | CyberScoop

Age verification changed the internet in 2025 – here's what it means for your privacy in 2026 | TechRadar

HSBC blocks app users for having sideloaded password manager • The Register

Enterprises still aren’t getting IAM right – Computerworld

Legacy IAM was built for humans — and AI agents now outnumber them 82 to 1 | VentureBeat

Yes, criminals are using AI to vibe-code malware • The Register

Legislation, loopholes, and loose ends — what does 2026 hold for the VPN industry? | TechRadar

Lack of training opening up councils to future cyber attacks - BBC News

The Role of Behavioral Analytics in Enhancing Cybersecurity Defense - Security Boulevard

Hackers claim to hack Resecurity, firm says it was a honeypot

Other News

Car brands must go back to cyber security school | Auto Express

Google tops the list of most exploited platforms in the US

Logitech caused its mice to freak out by not renewing a certificate | The Verge

Lack of training opening up councils to future cyber attacks - BBC News

Uk Government's Digital ID plan is a ‘huge new cyber risk’ say Tories

Cyber security Bill will introduce mandatory digital ID by stealth, say Tories | Morning Star

Why schools are at risk from cyber attacks | Education Business

UK government to spend £210m on public sector cyber resilience | Computer Weekly

UK government admits years of cyber policy have failed, announces reset | The Record from Recorded Future News

Vulnerability Management

CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries - SecurityWeek

How attackers are weaponizing open-source package managers [Q&A] - BetaNews

Vulnerabilities

Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass

VMware ESXi zero-days likely exploited a year before disclosure

Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release

Adobe ColdFusion Servers Targeted in Coordinated Campaign - SecurityWeek

Multiple Vulnerabilities in QNAP Tools Let Attackers Obtain Secret Data

Maximum Severity “Ni8mare” Bug Lets Hackers Hijack n8n Servers - Infosecurity Magazine

Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

Cisco switches hit by reboot loops due to DNS client bug

Google fixes critical Dolby Decoder bug in Android January update

Legacy D-Link routers actively exploited in the wild | Cybernews

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

The start of a new year is an opportunity to reflect on the challenges that business leaders need to address as they help their organisations grow in a more secure environment. In this week’s review, we cover which sectors are most at risk and highlight recommended security practices based on cyber insurance claims data.

Business executives continue to rate cyber as their top risk, and we discuss the need for cyber security teams to translate risk into business impact. This week’s highlights include a large-scale campaign using malicious browser extensions to spy on online meetings, affecting over two million users. We also cover the risks of deploying AI in the business without clear controls and guardrails, and the need for business leaders to understand and manage the cyber risks associated with their managed service provider (MSP).

We help our clients take an impartial and proportionate approach to cyber security, based on an understanding of evolving risks, and support executives in leading their own cyber risk management. Contact us to discuss how we do this.

We wish you a prosperous, safe and successful 2026.

Top Cyber Stories of the Last Week

The Six Biggest Security Challenges Coming in 2026

In 2026, businesses face six major security challenges: mandated cyber resilience under new regulations, increasingly sophisticated ransomware, AI-driven phishing and vishing, heightened supply chain risks, emerging threats from agentic AI systems, and growing vulnerability backlogs as exploits accelerate. Practical steps include resilience planning, enforcing MFA, closer supplier checks, tighter controls for agentic AI, and patch prioritisation based on exploitation risk.

Source: https://www.itpro.com/security/the-six-biggest-security-challenges-coming-in-2026

Top Sectors Under Cyber Attack in 2025

A breakdown of significant cyber breaches and incidents in 2025 by industry sector highlights manufacturing ranked first for the fourth year, with finance, professional services, energy, and healthcare also heavily hit. By attack volume, education was the most targeted sector, with government/public and telecoms also seeing elevated rates. Organisations averaged nearly 2,000 weekly attacks, Europe rose by about 22%, and organisations in critical sectors accounted for about 70% of incidents.

Source: https://securityboulevard.com/2025/12/top-sectors-under-cyberattack-in-2025/

Cyber Security Tech Recommended by Cyber Insurer Claims Data

Claims data from cyber‑insurance providers show that investments in six core cyber security technologies reduce losses and influence premiums. These include role‑based access control with frequent auditing, a strong security culture, eliminating outdated legacy systems, strong MFA, zero‑trust models such as SASE, professionally managed detection and response (MDR) services, and immutable backups with restoration practice. The data also showed that payouts due to phishing now make up 49% of claims and remote‑access tools accounted for 80% of initial access vectors in direct ransomware attacks.

Source: https://www.darkreading.com/cyber-risk/cybersecurity-tech-recommended-by-cyber-insurer-claims-data

World Economic Forum Puts Cyber Security on Global Leadership Agenda

The World Economic Forum (WEF) has elevated cyber security to a global leadership priority, with its Davos Annual Meeting framing cyber risk as a top-level policy issue. Fortinet’s Derek Manky noted that the expanding organised cybercrime demands engagement from the boardroom and government, to connect technical realities to economic and geopolitical strategies. WEF attendees discussed initiatives like its Cybercrime Atlas, a bounty programme, and law enforcement/private sector partnerships.

Source: https://www.inforisktoday.com/world-economic-forum-puts-cybersecurity-on-global-leadership-agenda-a-30387

Get Executives on Board With Managing Cyber Risk

Trend Micro’s 2025 Defenders Survey of over 3,000 security professionals shows that the single biggest improvement security teams want is clearer identification of which assets matter most, and which threats are most relevant to the business. Effective governance communication should translate technical risk into business impact, using metrics and financial terms executives understand, yet nearly half only communicate reactively or minimally, often only when required or after major developments, which risks weakening stakeholder trust.

Source: https://www.trendmicro.com/en_us/research/25/l/managing-cyber-risk-with-executives.html

Executives Say Cyber Security Has Outgrown the IT Department

A Rimini Street study finds 54% of executives rank cyber threats as the top external risk; ahead of supply chain and regulation. Organisations are integrating security into enterprise risk management, prioritising business continuity planning, and outsourcing cyber security services. Persistent staffing shortages are influencing vendor choices and driving technology investment strategies.

Source: https://www.helpnetsecurity.com/2025/12/30/rimini-street-security-leadership-strategy-report/

How FOMO Is Turning AI Into a Cyber Security Nightmare

Pressure to deploy AI quickly is pushing organisations to adopt tools before the risks are properly assessed. A 2025 incident involving Drift showed how stolen credentials and overly broad app permissions can be abused to reach data held in services such as Salesforce and Google Workspace. AI programmes need clear definitions, cross-functional risk reviews, testing for how an AI system behaves when things go wrong, tighter limits on what systems can be accessed, and human verification of outputs.

Source: https://www.inc.com/nick-selby/how-fomo-is-turning-ai-into-a-cybersecurity-nightmare/91261473

Condé Nast Faces Major Data Breach: 2.3M WIRED Records Leaked, 40M More at Risk

An attacker called “Lovely” leaked a database of 2.3M subscriber records of WIRED magazine, and threatened to release up to 40M more across Condé Nast brands. The leak includes email addresses and other account details, and includes over 102,000 home addresses.

Source: https://securityaffairs.com/186224/data-breach/conde-nast-faces-major-data-breach-2-3m-wired-records-leaked-40m-more-at-risk.html

Zoom Stealer Browser Extensions Harvest Corporate Meeting Intelligence

Researchers uncovered a large-scale campaign that uses malicious browser extensions to spy on online meetings. 2.2 million users of Chrome, Firefox, and Edge were affected. The extensions, disguised as useful tools, captured sensitive meeting details such as links, IDs, and participant information, from dozens of platforms in real time, enabling corporate espionage and targeted social engineering. The campaign was attributed to DarkSpectre, a threat actor the researchers describe as China-linked.

Source: https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/

‘Help! I Need Money. It’s an Emergency’: Your Child’s Voicemail That Could Be a Scam

Criminal groups are using AI voice cloning to leave urgent messages that imitate a child or close family member and demand money. Very short voice samples, including clips shared online or taken from phone calls, can be sufficient to generate a usable imitation. The scam succeeds by triggering panic and urgency. Practical safeguards include pausing before responding, confirming requests via a trusted number, and agreeing family codewords in advance.

Source: https://www.theguardian.com/money/2025/dec/21/ai-cloned-voicemail-scam-criminals-fraud

The Changing Role of the MSP: What Does This Mean for Security?

Research shows 69% of managed service providers (MSPs) reported two or more breaches in the last 12 months, prompting 81% to boost specialist security hires and 78% to increase defensive spending. Customers are demanding proof of resilience, driving MSPs towards improving their ability to manage the security of their clients’ cyber and IT estates and stronger internal cyber security practices.

Source: https://www.itpro.com/security/the-changing-role-of-the-msp-what-does-this-mean-for-security

Customers Turn Cyber Breaches Into Courtroom Battles

Consumers are being recruited to join group legal actions against firms like M&S and Co‑Op after cyber breaches. Early statements from these organisations suggested there was no evidence at that point of customer data compromise, but this changed as investigations confirmed access, creating potential legal exposure. CISOs play a role in avoiding false certainty, and adopting litigation-aware communications, which should be part of the organisation’s incident management plans to manage risks.

Source: https://cybernews.com/security/customers-take-stand-cybersecurity-new-trial/

Governance, Risk and Compliance

Customers turn cyber breaches into courtroom battles | Cybernews

How 2025 became the year of the cyber hack – and what British businesses face next in 2026 | The Independent

WEF Puts Cybersecurity on the Global Leadership Agenda

Executives say cybersecurity has outgrown the IT department - Help Net Security

Get Executives on board with managing Cyber Risk | Trend Micro (US)

Tabletop exercises look a little different this year • The Register

Forensics and Investigation Is the New Cyber Frontline - Infosecurity Magazine

The changing role of the MSP: What does this mean for security? | ChannelPro

Inside the Biggest Cyber Attacks of 2025 - Security Boulevard

Cyber attacks ‘tipping point’ warning issued after Harrods and M&S targeted | The Independent

CISOs are managing risk in survival mode - Help Net Security

Top Sectors Under Cyberattack in 2025 - Security Boulevard

The six biggest security challenges coming in 2026 | IT Pro

Security coverage is falling behind the way attackers behave - Help Net Security

New Tech Deployments That Cyber Insurers Recommend for 2026

Cyber attacks: 2025 the ‘tipping point’ as JLR and M&S incidents highlight risks | The Standard

Building resilient teams in cyberdefense | Opinion | Compliance Week

All the major cyber attacks in the UK this year: Are they on the rise and what can be done? | The Standard

Europe has ‘lost the internet’, warns Belgium’s cyber security chief

Threats

Ransomware, Extortion and Destructive Attacks

Security coverage is falling behind the way attackers behave - Help Net Security

Best of 2025: Survey: Nearly Half of Data Breaches Involved Third-Party Remote Access - Security Boulevard

U.S. cybersecurity experts plead guilty for ransomware attacks, face 20 years in prison each — group demanded up to $10 million from each victim | Tom's Hardware

Former US cybersecurity professionals plead guilty to BlackCat/ALPHV attacks - SiliconANGLE

All the major cyber attacks in the UK this year: Are they on the rise and what can be done? | The Standard

Web Browsing’s Dark Side: Understanding Ransomware over Modern Web Browsers - Security Boulevard

Ransomware’s new playbook is chaos - Help Net Security

The biggest cybersecurity and cyberattack stories of 2025

Customers turn cyber breaches into courtroom battles | Cybernews

An arrest has been made in the Coinbase ransomware breach | Mashable

How the UK Retail Sector Responded to the Scattered Spider Hack Wave - Infosecurity Magazine

Feds are hunting teenage hackers | Fortune

Ransomware Victims

Crims punish Wired subscribers by publishing personal info • The Register

How the human harms of cybercrime shook the world in 2025 • The Register

Romania’s Oltenia Energy Complex suffers major ransomware attack

The Worst Hacks of 2025 | WIRED

An arrest has been made in the Coinbase ransomware breach | Mashable

Phishing & Email Based Attacks

Security coverage is falling behind the way attackers behave - Help Net Security

Yet another phishing campaign impersonates trusted Google services - here's what we know | TechRadar

Fake GrubHub emails promise tenfold return on sent cryptocurrency

Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware

Other Social Engineering

‘Help! I need money. It’s an emergency’: your child’s voicemail that could be a scam | Scams | The Guardian

New ErrTraffic service enables ClickFix attacks via fake browser glitches

Insight: A scammer's guide: How cybercriminals plot to rob a target in a week | Reuters

What is Vishing? - Security Boulevard

Fraud, Scams and Financial Crime

‘Help! I need money. It’s an emergency’: your child’s voicemail that could be a scam | Scams | The Guardian

Insight: A scammer's guide: How cybercriminals plot to rob a target in a week | Reuters

Nationwide hit with record fine after failing to spot customer’s £27m Covid fraud

LLMs are automating the human part of romance scams - Help Net Security

2025’s crypto criminals: Making bank while cutting off fingers

Fake GrubHub emails promise tenfold return on sent cryptocurrency

Korean telco failed at femtocell security, exposed customers • The Register

Artificial Intelligence

Security coverage is falling behind the way attackers behave - Help Net Security

LLMs are automating the human part of romance scams - Help Net Security

Critical Langchain Vulnerability Let attackers Exfiltrate Sensitive Secrets from AI systems

Fighting AI with AI: The Rise of Multi-LLM Orchestrated Cyber Attacks - Security Boulevard

2026 Year of the Worm? AI Is Fueling a Malware Comeback

Widely Used Malicious Extensions Steal ChatGPT, DeepSeek Conversations - Security Boulevard

How FOMO Is Turning AI Into a Cybersecurity Nightmare

The AI balancing act your company can't afford to fumble in 2026 | ZDNET

Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors

AI Browsers the New Trojan Horse? - GovInfoSecurity

OpenAI says prompt injection may never be ‘solved’ for browser agents like Atlas | CyberScoop

Can one state save us from AI disaster? Inside California's new legislative crackdown | ZDNET

Extremists are using AI voice cloning to supercharge propaganda. Experts say it’s helping them grow | Artificial intelligence (AI) | The Guardian

Cursor CEO warns vibe coding builds 'shaky foundations' and eventually 'things start to crumble’ | Fortune

As Coders Adopt AI Agents, Security Pitfalls Lurk in 2026

Contrarians No More: AI Skepticism Is on the Rise

AML/CFT/Money Laundering/Terrorist Financing/Sanctions

Ship seized in Finland suspected of cable damage was carrying sanctioned Russian steel | Euronews

U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware

UK law firms get ready for crackdown on money laundering | Financial sector | The Guardian

Malware

Zoom Stealer browser extensions harvest corporate meeting intelligence

DarkSpectre Hackers Infected 8.8 Million Chrome, Edge, and Firefox Users with Malware

2026 Year of the Worm? AI Is Fueling a Malware Comeback

China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware

MacSync Stealer malware bypasses macOS Gatekeeper security warnings | CSO Online

React2Shell under attack: RondoDox Botnet spreads miners and malware

New GlassWorm malware wave targets Macs with trojanized crypto wallets

Security Bite: A note on the growing problem of Apple-notarized malware on macOS - 9to5Mac

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

The next cyber battlefield: Preparing federal networks for autonomous malware

Bots/Botnets

React2Shell under attack: RondoDox Botnet spreads miners and malware

RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers

Denial of Service/DoS/DDoS

Pro-Russian group Noname057 claims cyberattack on La Poste services

Internet of Things – IoT

RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers

Top tips to protect your Christmas gifts from cyber-scrooges - GOV.UK

Estonia's cybersecurity authority perceives Chinese drones as major risk | News | ERR

The FCC has probably killed a plan to improve smart home security | The Verge

New York’s incoming mayor bans Raspberry Pi at inauguration • The Register

Data Breaches/Leaks

Customers turn cyber breaches into courtroom battles | Cybernews

Crims punish Wired subscribers by publishing personal info • The Register

The biggest cybersecurity and cyberattack stories of 2025

Condé Nast faces major data breach: 2.3M WIRED records leaked, 40M more at risk

Stolen LastPass backups enable crypto theft through 2025

Sensitive data 'likely taken' in Westminster council cyber attack - BBC News

All the major cyber attacks in the UK this year: Are they on the rise and what can be done? | The Standard

The Worst Hacks of 2025 | WIRED

Aflac confirms June data breach affecting over 22 million customers

Accused data thief dumped laptop in river to evade justice • The Register

Disney will pay $10 million to settle children's data privacy lawsuit

Korean telco failed at femtocell security, exposed customers • The Register

F5, Inc. (FFIV) Faces Securities Class Action Amid Cybersecurity Incident, Questions About Disclosure Timing and Impact on Company's Business - Hagens Berman

Rainbow Six Siege is under siege by hackers, Ubisoft forced to take all servers offline — players randomly received billions of credits, ultra-exclusive skins, and bans or unbans | Tom's Hardware

Korean Air discloses data breach after the hack of its catering and duty-free supplier

Coupang to split $1.17 billion among 33.7 million data breach victims

Apple Got Hacked? - Massive Cyberattack May Have Leaked Sensitive Data from iPhone Maker | IBTimes

European Space Agency confirms breach of "external servers"

French campuses got hacked, attackers claim | Cybernews

Organised Crime & Criminal Actors

2025’s crypto criminals: Making bank while cutting off fingers

How the human harms of cybercrime shook the world in 2025 • The Register

Accused data thief dumped laptop in river to evade justice • The Register

Insight: A scammer's guide: How cybercriminals plot to rob a target in a week | Reuters

Feds are hunting teenage hackers | Fortune

Hacker Who Stole Millions in Seconds Finally Caught – DataBreaches.Net

Illegal streaming grew into an organized, profitable, and dangerous industry - Help Net Security

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

2025’s crypto criminals: Making bank while cutting off fingers

How the human harms of cybercrime shook the world in 2025 • The Register

Stolen LastPass backups enable crypto theft through 2025

React2Shell under attack: RondoDox Botnet spreads miners and malware

New GlassWorm malware wave targets Macs with trojanized crypto wallets

$7 million stolen on Christmas Eve: Chrome extension Trust Wallet compromised by hackers - NotebookCheck.net News

Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist - SecurityWeek

An arrest has been made in the Coinbase ransomware breach | Mashable

Hackers drain $3.9M from Unleash Protocol after multisig hijack

Fake GrubHub emails promise tenfold return on sent cryptocurrency

Hundreds of crypto wallets drained across EVM chains, root cause still unidentified: ZachXBT | The Block

Insurance

New Tech Deployments That Cyber Insurers Recommend for 2026

Supply Chain and Third Parties

The changing role of the MSP: What does this mean for security? | ChannelPro

Korean Air discloses data breach after the hack of its catering and duty-free supplier

Apple Got Hacked? - Massive Cyberattack May Have Leaked Sensitive Data from iPhone Maker | IBTimes

Cloud/SaaS

AI killed the cloud-first strategy: Why hybrid computing is the only way forward now | ZDNET

Airbus to migrate critical apps to a sovereign Euro cloud • The Register

Encryption

Stolen LastPass backups enable crypto theft through 2025

Passwords, Credential Stuffing & Brute Force Attacks

How to Prevent Credential Stuffing Attacks: Detection & Protection Strategies - Security Boulevard

Social Media

1 in 5 YouTube Shorts is AI slop now - and Americans are eating it up | ZDNET

Instagram chief: AI is so ubiquitous 'it will be more practical to fingerprint real media than fake media'

Regulations, Fines and Legislation

The FCC has probably killed a plan to improve smart home security | The Verge

Can one state save us from AI disaster? Inside California's new legislative crackdown | ZDNET

Fears Mount That US Federal Cybersecurity Is Stagnating—or Worse | WIRED

Models, Frameworks and Standards

Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors

Data Protection

What consumers expect from data security - Help Net Security

Careers, Roles, Skills, Working in Cyber and Information Security

Building resilient teams in cyberdefense | Opinion | Compliance Week

Mentorship & Diversity: Shaping the Next Gen of Cyber Experts

The Modern Cyber Workforce | AFCEA International

What Kevin Bacon Can Teach You About Cybersecurity Careers

Law Enforcement Action and Take Downs

U.S. cybersecurity experts plead guilty for ransomware attacks, face 20 years in prison each — group demanded up to $10 million from each victim | Tom's Hardware

Former US cybersecurity professionals plead guilty to BlackCat/ALPHV attacks - SiliconANGLE

Accused data thief dumped laptop in river to evade justice • The Register

Feds are hunting teenage hackers | Fortune

Hacker Who Stole Millions in Seconds Finally Caught – DataBreaches.Net

An arrest has been made in the Coinbase ransomware breach | Mashable

Misinformation, Disinformation and Propaganda

Extremists are using AI voice cloning to supercharge propaganda. Experts say it’s helping them grow | Artificial intelligence (AI) | The Guardian

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Cyberwarfare is here – and we must be ready

New German military plan views foreign sabotage as preparation for war – POLITICO

It’s not just Taiwan... Five flashpoints that could spark World War Three in 2026 | The Independent

Secretive Russian submarine unit 'could be on way to sabotage UK's vital cables' | News UK | Metro News

Navy’s fleet of 4ft boats to protect Britain from Putin

Russian submarine followed spy ship into British waters

Hacking space: Europe ramps up security of satellites – POLITICO

Nation State Actors

China

DarkSpectre Hackers Infected 8.8 Million Chrome, Edge, and Firefox Users with Malware

Chinese state hackers plant malware inside Windows | Cybernews

Cyberhackers Just Turned 150 Browser Extensions Into Viruses - Here's How

It’s not just Taiwan... Five flashpoints that could spark World War Three in 2026 | The Independent

China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

Estonia's cybersecurity authority perceives Chinese drones as major risk | News | ERR

MongoBleed (CVE-2025-14847): the US, China, and the EU are among the top exploited GEOs

Salt Typhoon: Chinese hacking campaign likely infiltrated Australian critical infrastructure, expert warns

Russia

New German military plan views foreign sabotage as preparation for war – POLITICO

It’s not just Taiwan... Five flashpoints that could spark World War Three in 2026 | The Independent

Secretive Russian submarine unit 'could be on way to sabotage UK's vital cables' | News UK | Metro News

Navy’s fleet of 4ft boats to protect Britain from Putin

Russian submarine followed spy ship into British waters

Pro-Russian group Noname057 claims cyberattack on La Poste services

Ship seized in Finland suspected of cable damage was carrying sanctioned Russian steel | Euronews

Finland detains ship and its crew after critical undersea cable damaged | CNN

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Extremists are using AI voice cloning to supercharge propaganda. Experts say it’s helping them grow | Artificial intelligence (AI) | The Guardian

Meet the team that investigates when journalists and activists get hacked with government spyware | TechCrunch

You've been targeted by government spyware. Now what? | TechCrunch

U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware

Tools and Controls

DarkSpectre Hackers Infected 8.8 Million Chrome, Edge, and Firefox Users with Malware

Cyberhackers Just Turned 150 Browser Extensions Into Viruses - Here's How

Forensics and Investigation Is the New Cyber Frontline - Infosecurity Magazine

New Tech Deployments That Cyber Insurers Recommend for 2026

Cybersecurity’s AI Arms Race Is Just Getting Started—Here’s What 2026 Will Bring - ClearanceJobs

Fighting AI with AI: The Rise of Multi-LLM Orchestrated Cyber Attacks - Security Boulevard

Widely Used Malicious Extensions Steal ChatGPT, DeepSeek Conversations - Security Boulevard

How FOMO Is Turning AI Into a Cybersecurity Nightmare

Best of 2025: Survey: Nearly Half of Data Breaches Involved Third-Party Remote Access - Security Boulevard

Web Browsing’s Dark Side: Understanding Ransomware over Modern Web Browsers - Security Boulevard

Tabletop exercises look a little different this year • The Register

"Military-grade encryption" is meaningless: decoding VPN buzzwords | Tom's Guide

AI killed the cloud-first strategy: Why hybrid computing is the only way forward now | ZDNET

AI Browsers the New Trojan Horse? - GovInfoSecurity

OpenAI says prompt injection may never be ‘solved’ for browser agents like Atlas | CyberScoop

Windows Event Logs Reveal the Messy Reality Behind 'Sophisticated' Cyberattacks

Cursor CEO warns vibe coding builds 'shaky foundations' and eventually 'things start to crumble’ | Fortune

As Coders Adopt AI Agents, Security Pitfalls Lurk in 2026

Reports Published in the Last Week

BDO’s 2025 Board Survey

Other News

"Military-grade encryption" is meaningless: decoding VPN buzzwords | Tom's Guide

Windows Event Logs Reveal the Messy Reality Behind 'Sophisticated' Cyberattacks

Europe has ‘lost the internet’, warns Belgium’s cyber security chief

Making a List, Checking it Twice: Avoiding Cyber Attacks During the Holidays | Haynes Boone - JDSupra

Remedio CEO: If you don't think like a hacker, you won't win • The Register

When One Vulnerability Breaks the Internet and Millions of Devices Join In - Security Boulevard

These are the cybersecurity stories we were jealous of in 2025 | TechCrunch

Top Sectors Under Cyberattack in 2025 - Security Boulevard

Hacking space: Europe ramps up security of satellites – POLITICO

Radio signals could give attackers a foothold inside air-gapped devices - Help Net Security

British hacker wins visa by infiltrating Australian government website

Vulnerability Management

2025 marks a breakout year for zero-day exploits| Cybernews

Vulnerabilities

RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers

React2Shell under attack: RondoDox Botnet spreads miners and malware

MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide

MongoBleed (CVE-2025-14847): the US, China, and the EU are among the top exploited GEOs

'Heartbleed of MongoDB' under active exploit • The Register

Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks

Critical Langchain Vulnerability Let attackers Exfiltrate Sensitive Secrets from AI systems

Critical Zero-Day RCE Flaw in Networking Devices Exposes Over 70,000 Hosts

When One Vulnerability Breaks the Internet and Millions of Devices Join In - Security Boulevard

Critical CVSS 9.8 Flaw Found in IBM API Connect Authentication System

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.

 Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

This week we present insights for business leaders assessing their cyber security controls and practices. Attackers exploit the holiday period when security staff are on leave, while others entice employees to provide unauthorised access to their employer’s systems. We also include developments in business email compromise and research findings on the entry point of malware.

Looking to 2026, the UK’s NCSC warns organisations to be prepared to manage a cyber incident, and business leaders have expressed concern about their cyber security especially in the context of AI, while many are planning to increase their cyber security budgets.

Our recommendation for 2026 is for business leaders to take an informed and objective assessment of their risks, and to check that the cyber security controls in place do indeed address those risks. Business leaders are not expected to be cyber security experts, but they should have a firm grip of the fundamentals to take command of their own security. Contact us to discuss how to do this in a proportionate way.

Thank you for reading our weekly summaries, and we wish you a secure and prosperous 2026.

Top Cyber Stories of the Last Week

Why Hackers Love the Holidays

Attackers often target organisations between Christmas and New Year because offices are quieter and security staffing is reduced. A Semperis survey reported that 52% of ransomware attacks in the last year occurred on a weekend or holiday, and 78% of organisations said they reduce security staff over the holidays. Phishing, ransomware and data theft are common holiday-period tactics, with some intrusions not discovered until weeks later.

Source: https://www.axios.com/2025/12/25/holidays-hackers-corporate-security-teams

Threat Actors Are Hiring Insiders in Banks, Telecoms, and Tech from $3,000 to $15,000 for Access or Data

Threat actors are recruiting employees at banks, telecoms and tech firms via darknet forums to obtain access or data. Offers range from $3,000 to $15,000 and include requests for access to corporate networks, devices, and cloud systems. This approach is positioned as an alternative to attacking a range of organisations and sectors from the outside through brute force attacks or social engineering.

Source: https://cybersecuritynews.com/threat-actors-are-hiring-insiders-in-banks-telecoms/

Watch Out - Hackers Are Coming After Your Christmas Bonus, as Paychecks Come Under Threat

Attackers are targeting payroll and end-of-year payments by calling corporate help desks and impersonating employees to trigger password resets or account changes. The goal is to alter details, so salary payments are redirected. Mitigations include stronger identity verification by support staff, avoiding authentication-factor changes on request, and limiting access to sensitive applications with extra scrutiny for unusual logins.

Source: https://www.techradar.com/pro/security/watch-out-hackers-are-coming-after-your-christmas-bonus-as-paychecks-come-under-threat

Scripted Sparrow Sends Millions of BEC Emails Each Month

A business email compromise (BEC) group dubbed Scripted Sparrow is sending an estimated 4 to 6 million bespoke emails per month, posing as executive coaching firms and targeting Accounts Payable teams with spoofed reply chains and invoice-style PDFs. Researchers linked the group to 119 domains, 245 webmail addresses and 256 bank accounts. Recommended actions for organisations include enforcing payment approval steps for all invoices and verifying requests via official internal channels.

Source: https://www.infosecurity-magazine.com/news/scripted-sparrow-millions-bec-each/

Cybercriminals Flock to a New Unrestricted AI Tool: 10,000 Prompts on the First Day

A new AI tool with few built-in safeguards has been found freely available on the dark web. The operators of the tool, called DIG AI, claimed it received 10,000 prompts in the first 24 hours. A security firm reported that testing found it would respond to prompts linked to fraud and creating malicious software.

Source: https://cybernews.com/security/dig-ai-new-cyber-weapon-abused-by-hackers/

Think You Can Beat Ransomware? RansomHouse Just Made It a Lot Harder

RansomHouse is a cyber extortion group that steals sensitive data and extorts money to prevent publication on a leak site. The group has recently added measures that complicate analysis during an incident and can limit the ability to recover without paying. The group introduced a multi-layered encryption update to its double-extortion ransomware-as-a-service (RaaS) model that can hinder incident response timelines and negotiating strategies. Organisations are advised to prioritise behavioural analytics, real-time monitoring, hardened segmentation, and regular backup validation.

Source: https://www.csoonline.com/article/4110472/think-you-can-beat-ransomware-ransomhouse-just-made-it-a-lot-harder.html

Why Businesses Can No Longer Treat Cyber Security as an IT Problem

Cyber security risk is increasingly driven by user behaviour, with research by OpenText finding that over a third of consumer malware is first spotted in the Downloads directory, where users routinely save invoices, installers and documents. These files can look harmless initially, then later pull in ransomware or credential-stealing payloads. AI is also making scams harder to spot by removing the usual warning signs, and deepfakes are being used to approve high-value deals. Security teams are advised to shift from content scanning to behaviour monitoring, unify identity, data and threat signals, and use AI to triage alerts faster.

Source: https://economictimes.indiatimes.com/small-biz/security-tech/security/why-businesses-can-no-longer-treat-cybersecurity-as-an-it-problem/articleshow/126115222.cms

Cyberattack Disrupts France’s Postal Service and Banking During Christmas Rush

A distributed denial of service (DDoS) attack disrupted France’s national postal service shortly before Christmas, making online services inaccessible and impacting package tracking and online payments. The organisation stated customer data was not affected, but the incident also disrupted its banking arm’s payment approvals, forcing workarounds.

Source: https://www.securityweek.com/cyberattack-disrupts-frances-postal-service-and-banking-during-christmas-rush/

Ministers Confirm Breach at UK Foreign Office but Details Remain Murky

UK ministers confirmed there has been a cyberattack affecting the Foreign Office, with officials stating the investigation began in October and that further detail, including attribution, remains unconfirmed. Media reporting referenced a possible China link and visa-application related data, but ministers did not confirm and said early findings suggest low risk of harm to individuals.

Source: https://www.theregister.com/2025/12/19/uk_foreign_office_hack/

The NCSC’s Warning to UK Firms: How to Boost Incident Response

The UK National Cyber Security Centre (NCSC) is urging organisations to keep incident response plans available offline, including physical copies, because cyberattacks can remove access to email, shared drives, and collaboration tools. Its 2025 Annual Review data shows 429 incidents handled in the first nine months of 2025, with nearly half classed as “nationally significant” versus 89 the year before. The guidance emphasises resilience through offline communications options, tested backups, business leadership preparation, and regular simulation exercises.

Source: https://insight.scmagazineuk.com/the-ncscs-warning-to-uk-firms-how-to-boost-incident-response

From AI to Cyber Risk, Why IT Leaders Are Anxious Heading into 2026

A Veeam survey of 250 senior IT and business decision-makers put cyber security threats as the top expected disruptor for 2026, with nearly half naming security incidents as their main concern. Around 66% ranked AI-generated attacks as the biggest data threat, while roughly half highlighted ransomware. As cloud and Software as a Service (SaaS) spreads, 60% said visibility of where data sits has declined, and only about 29% felt very confident recovering after a zero-day exploit.

Source: https://www.helpnetsecurity.com/2025/12/26/it-planning-cybersecurity-threats-2026/

Cyber Security Budgets Are Going Up

A 2025 KPMG survey found 99% of security leaders plan to increase cyber security budgets over the next two to three years, with 54% expecting increases of 6% to 10%. More than half reported competing internally for funding. Artificial Intelligence (AI) is highlighted as both a driver of risk and investment, with 38% citing AI-powered attacks as a challenge, and organisations reporting use of AI for fraud prevention and detection while skills gaps remain a constraint.

Source: https://securityboulevard.com/2025/12/cybersecurity-budgets-are-going-up-pointing-to-a-boom/

Governance, Risk and Compliance

Cybersecurity Budgets are Going Up, Pointing to a Boom  - Security Boulevard

The NCSC’s Warning To UK Firms: How To Boost Incident Response | SC Media UK

Why businesses can no longer treat cybersecurity as an IT problem - The Economic Times

From AI to cyber risk, why IT leaders are anxious heading into 2026 - Help Net Security

Invest in cybersecurity before it's too late - Verdict

What CISOs should know about the SolarWinds lawsuit dismissal | CSO Online

UK CEOs Expect AI, Cyberattacks and Cost Cuts to Dominate 2026

Threats

Ransomware, Extortion and Destructive Attacks

Think you can beat ransomware? RansomHouse just made it a lot harder | CSO Online

RansomHouse upgrades encryption with multi-layered data processing

Former incident responders plead guilty to ransomware attack spree | CyberScoop

Interpol-led action decrypts 6 ransomware strains, arrests hundreds

AI-created ransomware and NFC attacks lead the surge in new cyberattacks - here's how you can stay safe this holidays | TechRadar

Ukrainian national pleads guilty to Nefilim ransomware attacks | CyberScoop

Top Ransomware Trends of 2025 - Infosecurity Magazine

Best of 2025: New Akira Ransomware Decryptor Leans on Nvidia GPU Power - Security Boulevard

Has Ransomware Peaked? FinCEN Data Shows Slight Downward Trend In Incidents. | Ballard Spahr LLP - JDSupra

Ransomware’s New Frontier: How Universities Can Defend Against This Growing Threat | EdTech Magazine

CISA loses key employee behind early ransomware warnings – DataBreaches.Net

Ransomware Victims

‘Sensitive’ data stolen in Westminster City Council cyber attack | Computer Weekly

Club Atlético River Plate ransomware attack | Cybernews

Phishing & Email Based Attacks

Scripted Sparrow BEC Group Sends Millions of Emails Each Month - Infosecurity Magazine

Surge of OAuth Device Code Phishing Attacks Targets M365 Accounts - Security Boulevard

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

Phishing emails and fake adverts flood inboxes this Christmas - and they’re getting harder to detect than ever | TechRadar

Five Phishing Red Flags to Remember This Holiday Season - Security Boulevard

US shutters phisherfolk’s $14.6M password-hoarding platform • The Register

Nigeria arrests dev of Microsoft 365 'Raccoon0365' phishing platform

Microsoft's The Top Brand Scammers Use When Phishing For Clicks, Study Shows

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Scripted Sparrow BEC Group Sends Millions of Emails Each Month - Infosecurity Magazine

Other Social Engineering

Scripted Sparrow BEC Group Sends Millions of Emails Each Month - Infosecurity Magazine

Hackers target your payroll this holiday season with clever social engineering and phone attacks on unsuspecting help desks | TechRadar

Amazon confirms years-long Russian cyberattack against AWS customers' devices | Mashable

Amazon Warns Perncious Fake North Korea IT Worker Threat Has Become Widespread - Security Boulevard

86% Surge in Fake Delivery Websites Hits Shoppers During Holiday Rush - Infosecurity Magazine

Elusive MI6 wannabe must repay £125k to romance scam victim • The Register

Nomani Investment Scam Surges 62% Using AI Deepfake Ads on Social Media

Coordinated Scams Target MENA Region With Fake Online Job Ads - Infosecurity Magazine

Microsoft's The Top Brand Scammers Use When Phishing For Clicks, Study Shows

Fraud, Scams and Financial Crime

Hackers target your payroll this holiday season with clever social engineering and phone attacks on unsuspecting help desks | TechRadar

86% Surge in Fake Delivery Websites Hits Shoppers During Holiday Rush - Infosecurity Magazine

Phishing emails and fake adverts flood inboxes this Christmas - and they’re getting harder to detect than ever | TechRadar

US Charges 54 in Massive ATM Jackpotting Conspiracy - Infosecurity Magazine

SEC Charges Crypto Firms in $14m Investment Scam - Infosecurity Magazine

Elusive MI6 wannabe must repay £125k to romance scam victim • The Register

Consumer Cyber Risks in 2026 Focus on AI-Driven Scams, Not Hacks - gHacks Tech News

South Korea to require face scans to buy a SIM • The Register

Identity Fraud Among Home Care Workers Puts Patients at Risk

Greater Manchester Police sackings over homeworking 'key jamming' - BBC News

Artificial Intelligence

From AI to cyber risk, why IT leaders are anxious heading into 2026 - Help Net Security

Cybercriminals flock to new unrestricted AI tool | Cybernews

AI-created ransomware and NFC attacks lead the surge in new cyberattacks - here's how you can stay safe this holidays | TechRadar

Browser agents don't always respect your privacy choices - Help Net Security

When AI Becomes a Weapon: Former Senior Intelligence Executive Reveals Beijing's CyberWar Playbook

Consumer Cyber Risks in 2026 Focus on AI-Driven Scams, Not Hacks - gHacks Tech News

Nomani Investment Scam Surges 62% Using AI Deepfake Ads on Social Media

UK CEOs Expect AI, Cyberattacks and Cost Cuts to Dominate 2026

Eurostar chatbot security flaws almost left customers exposed to possible security threats | TechRadar

FBI says ‘ongoing’ deepfake impersonation of U.S. gov officials dates back to 2023 | CyberScoop

Pen testers accused of 'blackmail' over Eurostar AI flaws • The Register

AML/CFT/Money Laundering/Terrorist Financing/Sanctions

US Shuts Down Crypto Exchange E-Note, Charges Russian Administrator - SecurityWeek

FBI Disrupts Russian Crypto Laundering Hub Enabling Cybercrime - Infosecurity Magazine

2FA/MFA

One-time codes used to hack corporate accounts | CSO Online

Malware

Why businesses can no longer treat cybersecurity as an IT problem - The Economic Times

MacSync macOS Malware Distributed via Signed Swift Application - SecurityWeek

Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits - Help Net Security

These malicious Google Chrome extensions have stolen data from over 170 sites - find out if you're affected | TechRadar

North Korean Beavertail malware sparks attacks across financial sector | SC Media

Fake MAS Windows activation domain used to spread PowerShell malware

WebRAT malware spread via fake vulnerability exploits on GitHub

Operation PCPcat Hacked 59,000+ Next.js/React Servers Within 48 Hours

Threat Actors Advertised NtKiller Malware on Dark Web Claiming Terminate Antivirus and EDR Bypass

Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

ATM jackpotting gang accused of unleashing Ploutus malware • The Register

Bots/Botnets

Massive Android botnet Kimwolf infects millions, strikes with DDoS

DDoS Protection Faces Fresh Challenges As Bot Traffic Reaches New Peak - IT Security Guru

Mobile

Android Attacks—Google Confirms No Fix For 30% Of All Phones

A new Android Trojan can hide inside apps you trust — and this is how it gets to you - PhoneArena

Three things they’re not telling you about mobile app security - SD Times

Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale

South Korea to require face scans to buy a SIM • The Register

Apple and Google allow alternative app stores in Japan • The Register

Uzbek Users Under Attack by Android SMS Stealers

Denial of Service/DoS/DDoS

Massive Android botnet Kimwolf infects millions, strikes with DDoS

DDoS Protection Faces Fresh Challenges As Bot Traffic Reaches New Peak - IT Security Guru

Cyberattack Disrupts France's Postal Service and Banking During Christmas Rush - SecurityWeek

Pro-Russian hackers claim French postal service cyberattack | Euronews

Wave of cyberattacks expose French failure to protect public digital systems

Internet of Things – IoT

Massive Android botnet Kimwolf infects millions, strikes with DDoS

When everything connects, everything’s at risk | ChannelPro

NIST issues guidance on securing smart speakers - Help Net Security

Intruders Can Use Wi-Fi Jammers To Evade Your Home Security - Here's How

Raspberry Pi used in attempt to take over ferry | CSO Online

Data Breaches/Leaks

Hackers stole data in UK government cyberattack, minister confirms | TechRadar

Britain suspects China of involvement in cyberattack on Foreign Office | УНН

China-backed hacker group Storm 1849 accused of UK government cyber attack - Cryptopolitan

Hacks, thefts, and disruption: The worst data breaches of 2025 | TechCrunch

Minister Confirms UK Foreign Office Hacked | Silicon UK

LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds

LastPass Agrees to Reimburse Crypto in Data Breach Settlement

Coupang breach affecting 33.7 million users raises data protection questions

US insurance giant Aflac says hackers stole personal and health data of 22.6 million people | TechCrunch

South Korean firm hit with US investor lawsuit over data breach disclosure failures | CSO Online

‘Sensitive’ data stolen in Westminster City Council cyber attack | Computer Weekly

UK: NHS Supplier Confirms Cyber-Attack, Operations Unaffected - Infosecurity Magazine

3.5 Million Affected by University of Phoenix Data Breach - SecurityWeek

Nissan says thousands of customers exposed in Red Hat breach

Coupang says all leaked customer information in data breach has been deleted | The Straits Times

Organised Crime & Criminal Actors

Cybercriminals flock to new unrestricted AI tool | Cybernews

Cybersecurity teams prep for an influx of attacks over the holidays

US Charges 54 in Massive ATM Jackpotting Conspiracy - Infosecurity Magazine

US Shuts Down Crypto Exchange E-Note, Charges Russian Administrator - SecurityWeek

FBI Disrupts Russian Crypto Laundering Hub Enabling Cybercrime - Infosecurity Magazine

574 arrests and USD 3 million recovered in coordinated cybercrime operation across Africa

FBI seized ‘web3adspanels.org’ hosting stolen logins

Nigeria arrests dev of Microsoft 365 'Raccoon0365' phishing platform

Leader of 764 offshoot pleads guilty, faces up to 60 years in jail | CyberScoop

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds

LastPass Agrees to Reimburse Crypto in Data Breach Settlement

US Shuts Down Crypto Exchange E-Note, Charges Russian Administrator - SecurityWeek

FBI Disrupts Russian Crypto Laundering Hub Enabling Cybercrime - Infosecurity Magazine

Insider Risk and Insider Threats

Threat Actors are Hiring Insiders in Banks, Telecoms, and Tech from $3,000 to $15,000 for Access or Data

They are offering up to $15k reward for betraying your boss | Cybernews

Supply Chain and Third Parties

Amazon confirms years-long Russian cyberattack against AWS customers' devices | Mashable

Amazon Warns Perncious Fake North Korea IT Worker Threat Has Become Widespread - Security Boulevard

UK: NHS Supplier Confirms Cyber-Attack, Operations Unaffected - Infosecurity Magazine

Nissan says thousands of customers exposed in Red Hat breach

Software Supply Chain

WebRAT malware spread via fake vulnerability exploits on GitHub

Cloud/SaaS

Amazon confirms years-long Russian cyberattack against AWS customers' devices | Mashable

Amazon Warns Perncious Fake North Korea IT Worker Threat Has Become Widespread - Security Boulevard

Microsoft confirms Teams is down and messages are delayed

State actors are abusing OAuth device codes to get full M365 account access - here's what we know | TechRadar

Cloud security is stuck in slow motion - Help Net Security

Outages

Microsoft confirms Teams is down and messages are delayed

The year the cloud went dark: Inside 2025’s biggest tech outages - The Economic Times

Identity and Access Management

State actors are abusing OAuth device codes to get full M365 account access - here's what we know | TechRadar

The next big IT security battle is all about privileged access - Help Net Security

Five identity-driven shifts reshaping enterprise security in 2026 - Help Net Security

Encryption

Creating apps like Signal or WhatsApp could be 'hostile activity,' claims UK watchdog | TechRadar

Linux and Open Source

Arch Linux Website Hit by DDoS and Temporarily Limited to IPv6

Passwords, Credential Stuffing & Brute Force Attacks

Malicious extensions in Chrome Web store steal user credentials

Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites

US shutters phisherfolk’s $14.6M password-hoarding platform • The Register

NIS2 Compliance: Maintaining Credential Security - Security Boulevard

Social Media

Nomani Investment Scam Surges 62% Using AI Deepfake Ads on Social Media

Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

In rare public comments, career DOJ officials offer chilling warnings about online network 764 - ABC News

Regulations, Fines and Legislation

Information Commissioner publishes response to Cyber Security and Resilience (Network and Information Systems) Bill | Practical Law

South Korean firm hit with US investor lawsuit over data breach disclosure failures | CSO Online

SEC Charges Crypto Firms in $14m Investment Scam - Infosecurity Magazine

What CISOs should know about the SolarWinds lawsuit dismissal | CSO Online

CISA loses key employee behind early ransomware warnings – DataBreaches.Net

Trump formally taps Joshua Rudd to lead NSA, Cyber Command - Nextgov/FCW

2025 reshaped federal cybersecurity, from new mandates to tougher compliance rules

Industry Continues to Push Back on HIPAA Security Rule Overhaul

Head of the US Cyber Security Agency Fails Polygraph Test and Fires Subordinates - Militarnyi

Models, Frameworks and Standards

Information Commissioner publishes response to Cyber Security and Resilience (Network and Information Systems) Bill | Practical Law

NIS2 Compliance: Maintaining Credential Security - Security Boulevard

Creating apps like Signal or WhatsApp could be 'hostile activity,' claims UK watchdog | TechRadar

NIST, MITRE announce $20 million research effort on AI cybersecurity | CyberScoop

Britain’s Online Safety Act is reshaping the internet without America’s consent

Industry Continues to Push Back on HIPAA Security Rule Overhaul

NIST issues guidance on securing smart speakers - Help Net Security

Weak enforcement keeps PCI DSS compliance low - Help Net Security

ISACA to lead global credentialing for cyber security maturity model certification framework in the US - TechCentral.ie

Data Protection

Information Commissioner publishes response to Cyber Security and Resilience (Network and Information Systems) Bill | Practical Law

Coupang breach affecting 33.7 million users raises data protection questions

Careers, Roles, Skills, Working in Cyber and Information Security

Building cyber talent through competition, residency, and real-world immersion - Help Net Security

Cybersecurity Interviews Are Risk Assessments in Disguise

Law Enforcement Action and Take Downs

US Shuts Down Crypto Exchange E-Note, Charges Russian Administrator - SecurityWeek

574 arrests and USD 3 million recovered in coordinated cybercrime operation across Africa

Interpol-led action decrypts 6 ransomware strains, arrests hundreds

Former incident responders plead guilty to ransomware attack spree | CyberScoop

US shutters phisherfolk’s $14.6M password-hoarding platform • The Register

FBI seized ‘web3adspanels.org’ hosting stolen logins

Nigeria arrests dev of Microsoft 365 'Raccoon0365' phishing platform

Leader of 764 offshoot pleads guilty, faces up to 60 years in jail | CyberScoop

Elusive MI6 wannabe must repay £125k to romance scam victim • The Register

Ukrainian national pleads guilty to Nefilim ransomware attacks | CyberScoop

ATM Jackpotting ring busted: 54 indicted by DoJ

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

The cyberwarfare landscape is changing — here’s how to prepare - Nextgov/FCW

German intelligence may be allowed to conduct cyberattacks and sabotage outside the country | УНН

Cyber spies use fake New Year concert invites to target Russian military | The Record from Recorded Future News

Nation State Actors

CRINK attacks: which nation state hackers will be the biggest threat in 2026? | IT Pro

China

Hackers stole data in UK government cyberattack, minister confirms | TechRadar

Britain suspects China of involvement in cyberattack on Foreign Office | УНН

China-backed hacker group Storm 1849 accused of UK government cyber attack - Cryptopolitan

State actors are abusing OAuth device codes to get full M365 account access - here's what we know | TechRadar

CRINK attacks: which nation state hackers will be the biggest threat in 2026? | IT Pro

When AI Becomes a Weapon: Former Senior Intelligence Executive Reveals Beijing's CyberWar Playbook

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

US adds new models of DJI and other foreign drones to national security risk list | The Independent

FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks

Russia

State actors are abusing OAuth device codes to get full M365 account access - here's what we know | TechRadar

CRINK attacks: which nation state hackers will be the biggest threat in 2026? | IT Pro

Amazon confirms years-long Russian cyberattack against AWS customers' devices | Mashable

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

UK cannot ignore deep-sea threat from Russia, head of Navy warns

Amazon says Russian-backed threat groups were responsible for five-year-long attacks on edge devices – and it shows a ‘clear evolution in tactics’ | IT Pro

German intelligence may be allowed to conduct cyberattacks and sabotage outside the country | УНН

‘All brakes are off’: Russia’s attempt to rein in illicit market for leaked data backfires | Russia | The Guardian

Pro-Russian hackers claim French postal service cyberattack | Euronews

Belgian institutions reportedly hit by cyberattacks linked to pro-Russian hackers

Cyber spies use fake New Year concert invites to target Russian military | The Record from Recorded Future News

US Shuts Down Crypto Exchange E-Note, Charges Russian Administrator - SecurityWeek

FBI Disrupts Russian Crypto Laundering Hub Enabling Cybercrime - Infosecurity Magazine

Starlink in the crosshairs: How Russia could attack Elon Musk's conquering of space

Iran

CRINK attacks: which nation state hackers will be the biggest threat in 2026? | IT Pro

Iranian Infy APT Resurfaces with New Malware Activity After Years of Silence

North Korea

A Good Year for North Korean Cybercriminals

CRINK attacks: which nation state hackers will be the biggest threat in 2026? | IT Pro

Amazon Warns Perncious Fake North Korea IT Worker Threat Has Become Widespread - Security Boulevard

North Korean Beavertail malware sparks attacks across financial sector | SC Media

Tools and Controls

Cybersecurity Budgets are Going Up, Pointing to a Boom  - Security Boulevard

The NCSC’s Warning To UK Firms: How To Boost Incident Response | SC Media UK

Invest in cybersecurity before it's too late - Verdict

Threat Actors Advertised NtKiller Malware on Dark Web Claiming Terminate Antivirus and EDR Bypass

Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say - Security Boulevard

Hackers Using PuTTY for Both Lateral Movement and Data Exfiltration

Amazon says Russian-backed threat groups were responsible for five-year-long attacks on edge devices – and it shows a ‘clear evolution in tactics’ | IT Pro

Cloud security is stuck in slow motion - Help Net Security

UK CEOs Expect AI, Cyberattacks and Cost Cuts to Dominate 2026

Pen testers accused of 'blackmail' over Eurostar AI flaws • The Register

Formal proofs expose long standing cracks in DNSSEC - Help Net Security

New GhostLocker Tool that Uses Windows AppLocker to Neutralize and Control EDR

Greater Manchester Police sackings over homeworking 'key jamming' - BBC News

Other News

Cybersecurity teams prep for an influx of attacks over the holidays

Hackers Using PuTTY for Both Lateral Movement and Data Exfiltration

America’s official time source slipped as a NIST power failure left key internet servers drifting off atomic accuracy | TechRadar

Raspberry Pi used in attempt to take over ferry | CSO Online

Wave of cyberattacks expose French failure to protect public digital systems

Faith in the internet is fading among young Brits • The Register

The U.K.’s Cybersecurity Refresh | Lawfare

US small businesses are fighting off a wave of cyber attacks | IT Pro

Japan to urge companies to spread cybersecurity costs as attacks mount - Nikkei Asia

What Is 'Spoofing'? How a U.S.-Seized Oil Tanker Reportedly Tried to Evade Detection | Scientific American

Vulnerability Management

LLMs can assist with vulnerability scoring, but context still matters - Help Net Security

Vulnerabilities

Operation PCPcat Hacked 59,000+ Next.js/React Servers Within 48 Hours

Cisco VPNs, Email Services Hit in Separate Threat Campaigns

Formal proofs expose long standing cracks in DNSSEC - Help Net Security

Android Attacks—Google Confirms No Fix For 30% Of All Phones

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

High-severity MongoDB flaw CVE-2025-14847 could lead to server takeover

Hackers Exploiting Three-Year-Old FortiGate Vulnerability to Bypass 2FA on Firewalls

Over 25,000 FortiCloud SSO devices exposed to remote attacks

Roundcube Vulnerabilities Allow Attackers to Execute Malicious Scripts

Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances

Microsoft fixes Message Queuing issue in new update • The Register

Net-SNMP Vulnerability Enables Buffer Overflow and the Daemon to Crash

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

This week we start with interesting research findings on organisations that pay ransoms, and we look at how organisations are planning to increase their spend on security. We also look at developments by attackers to look out for over the next year, including of course phishing and AI, as well as organisational practices highlighted in the articles that are closely linked to risk exposure.

Addressing these requires a sound understanding of how risks are evolving and the pragmatic and proportionate ways that business leaders can address them. The key is knowing the questions to ask of your control providers, including your IT, with support from impartial specialists.

As we head into the festive season, we thank you for reading our weekly summaries. We wish you a merry and peaceful holiday.

Top Cyber Stories of the Last Week

Streisand Effect: Businesses That Pay Ransomware Gangs Are More Likely to Hit the Headlines

Analysis of LockBit negotiation data suggests organisations that pay ransomware demands are more likely to attract press coverage than those that refuse. Researcher Max Smeets compared reporting on 100 payers with 100 non-payers and found paying did not reduce publicity. The data also shows victims making negotiating errors, including admitting they lacked backups or sharing insurance documents. After Operation Chronos where the US National Crime Agency seized LockBit’s infrastructure, LockBit’s reputation and payments reportedly fell sharply.

Source: https://www.computerweekly.com/news/366636266/Streisand-effect-Businesses-that-pay-ransomware-gangs-more-likely-to-hit-the-headlines

Future of Security Holds Bigger Budgets, New Threats

A Marsh survey of 2,200 cyber security leaders found two‑thirds plan to increase cyber-risk prevention investment in 2026, and at least one in four intend to raise spending by more than 25%. 70% experienced at least one third‑party security incident in the past year. Separately, US senators raised concerns about AI‑driven attacks, and analysts warned humanoid robots are currently easy to hack.

Source: https://www.techtarget.com/searchsecurity/news/366636186/News-brief-Future-of-security-holds-bigger-budgets-new-threats

The ‘World Is Not Ready’ for AI Cyber Security Risks, Booz Allen CEO Warns

Booz Allen Hamilton CEO Horacio Rozanski warned that advanced artificial intelligence could amplify cyber threats, including network compromise, data theft and ransomware, and argued that trust in models is critical for adoption. He framed US - China competition as a race across technology, adoption and national security use. Rozanski also highlighted the risk of disruption in space, using an example of bank ATMs that rely on GPS information, and pointed to Chinese plans for space-based computing.

Source: https://www.washingtontimes.com/news/2025/dec/12/world-ready-ai-cybersecurity-risks-booz-allen-ceo-horacio-rozanski/

Phishing Messages and Social Scams Flood Users Ahead of Christmas

Check Point reported a surge of festive scams, claiming it detected 33,500 unique Christmas-themed phishing emails and over 10,000 seasonal social media ads in the prior 14 days. It said artificial intelligence is improving localisation and brand mimicry, enabling fake e-commerce sites with chatbots and checkout pages, plus deepfake and scripted voice phishing. Check Point also claimed a 100% increase in fake delivery scams in November/December compared with the same period last year.

Source: https://www.infosecurity-magazine.com/news/phishing-messages-social-scams/

2025’s Top Phishing Trends and What They Mean for Your Security Strategy

The article highlights how phishing in 2025 is evolving around authentication and multi-channel lures. It describes tactics designed to defeat or abuse multi-factor authentication, including repeated prompts and real-time interception during sign-in. It also notes attackers moving beyond email into messaging and collaboration tools, while using familiar hooks such as invoices, account warnings and delivery notifications. The article describes approaches such as layered controls, realistic user guidance and monitoring across channels.

Source: https://www.bleepingcomputer.com/news/security/2025s-top-phishing-trends-and-what-they-mean-for-your-security-strategy/

The Agentic Shift: How Autonomous AI Is Reshaping the Global Threat Landscape

Control Risks describes an agentic shift where autonomous AI agents can plan, act and adapt with limited human input, changing both defence and offence. It notes automation can improve monitoring and response, but attackers can use agents to accelerate reconnaissance, exploitation and social engineering. Risks include where objectives are delegated to systems that behave unpredictably, and outlines governance, testing and control considerations.

Source: https://www.controlrisks.com/our-thinking/insights/the-agentic-shift-how-autonomous-ai-is-reshaping-the-global-threat-landscape

From Open Source to OpenAI: The Evolution of Third-Party Risk

Third‑party risk has expanded from suppliers and open-source dependencies to include cloud services and generative AI. AI features can introduce new external dependencies and data flows, complicating vendor oversight and risk assessment. The article discusses improving visibility into components, strengthening contractual requirements, and continuously monitoring suppliers, arguing that third-party governance should be treated as a business risk discipline, not just a technical exercise.

Source: https://www.securityweek.com/from-open-source-to-openai-the-evolution-of-third-party-risk/

Shadow Spreadsheets: The Security Gap Your Tools Can’t See

“Shadow spreadsheets” are unmanaged files that end up holding operational or sensitive information outside approved systems. Employees use spreadsheets for tracking projects, budgets, access lists and customer data, bypassing access controls, logging and retention policies. Because files are often shared, copied and stored in multiple places, they can expose credentials, personal data and business logic. The article discusses discovery, ownership and governance to bring these files under control.

Source: https://www.bleepingcomputer.com/news/security/shadow-spreadsheets-the-security-gap-your-tools-cant-see/

Financial Times Investigation Raises Questions Over King Gaming Saga

A Financial Times investigation into cyber crime and fraud has prompted scrutiny of due diligence by local authorities in their dealings with a firm called King Gaming. It focuses on how the government of the Isle of Man granted planning permission for a substantial headquarters project by King Gaming; later police executed raids linked to the operation and arrests were made. Court records from China show convictions for investment fraud by individuals connected to a related Isle of Man entity.

Source: https://www.iomtoday.co.im/news/financial-times-investigation-raises-questions-over-king-gaming-saga-863104

North Korea Stole a Record $2B in Crypto This Year

North Korea-linked actors are estimated to have stolen just over $2 billion in cryptocurrency in 2025, a 51% year‑on‑year increase, and about $3.4 billion was stolen globally. DPRK attacks accounted for a record 76% of service compromises, with the February Bybit incident contributing about $1.5 billion. The piece also reports increased targeting of personal wallets (44% of value) and a shift towards recruiter-style social engineering.

Source: https://www.theregister.com/2025/12/18/north_korea_stole_2b_crypto_2025/

New MI6 Chief Warns of Acute Russian Threat, Urges Tech-Driven Intelligence

In her first public speech as MI6 chief, Blaise Metreweli warned of a more acute Russian threat and described a security environment that sits between peace and war. She pointed to hybrid tactics, including cyberattacks on infrastructure and drones appearing over airports and airbases. The article also highlights her emphasis on technology and tradecraft, saying MI6 officers must be as comfortable with code as with human sources and fluent in Python.

Source: https://www.easterneye.biz/new-mi6-chief-warns-russian-threat/

The Things Young Kids Are Using AI for Are Absolutely Horrifying

An Aura report analysing anonymised activity from about 3,000 children aged five to 17 found 42% used AI chatbots specifically for companionship across nearly 90 services. Among those using chatbots for companionship, 37% engaged in conversations depicting violence, including coercion and non-consensual acts. The report says violent conversations peaked among 11-year-olds, with 44% of interactions turning violent, and that sexual or romantic roleplay peaked among 13-year-olds at 63%.

Source: https://futurism.com/future-society/young-kids-using-ai

Governance, Risk and Compliance

How to justify your security investments | CSO Online

News brief: Future of security holds bigger budgets, new threats | TechTarget

The CISO-COO Partnership: Protecting Operational Excellence

The internet in 2025: Bigger, more fragile than ever - and 'fundamentally rewired' by AI | ZDNET

The Budget Effect of a Security Incident - Infosecurity Magazine

Cyber resilience in the UK: learning to take the punches | IT Pro

Trend Micro's 2025 Defenders Survey Report | Trend Micro (US)

Increased workloads, strategic influence and technical focus - CISO predictions for 2026 - BetaNews

Threats

Ransomware, Extortion and Destructive Attacks

Streisand effect: Businesses that pay ransomware gangs are more likely to hit the headlines | Computer Weekly

RansomHouse RaaS Service Upgraded with Double Extortion Strategy that Steals and Encrypt Data

Clop ransomware targets Gladinet CentreStack in data theft attacks

Researchers see global surge in attacks by new ransomware group “Gentlemen”​ | Cybernews

FBI takes down alleged money laundering service for ransomware groups | The Record from Recorded Future News

The Hidden Risk in Virtualization: Why Hypervisors are a Ransomware Magnet

How CISOs Can Beat the Ransomware Blame Game  - Security Boulevard

VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption

Ransomware Victims

JLR cyberattack pushes TCS to standardize security for top clients | Company Business News

Jaguar Land Rover workers’ payroll data stolen in cyber attack

PornHub extorted after hackers steal Premium member activity data

Askul confirms theft of 740k customer records in ransomware attack

Asahi to Launch Cybersecurity Overhaul After Crippling Cyber-Attack - Infosecurity Magazine

Under Armour Sued After Ransomware Group Reports Data Breach (1)

Phishing & Email Based Attacks

New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale

2025’s Top Phishing Trends and What They Mean for Your Security Strategy

OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365 - Infosecurity Magazine

Where does the data stolen in a phishing attack go? | Kaspersky official blog

Russian Phishing Campaign Delivers Phantom Stealer Via ISO Files - Infosecurity Magazine

Inside a purchase order PDF phishing campaign | Malwarebytes

Clipping Scripted Sparrow's wings: Tracking a global phishing ring - Help Net Security

Google Sues Chinese ‘Darcula’ Group Over Alleged Phishing Scheme

New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails

Other Social Engineering

Hackers Are Stealing Microsoft Account Passwords With This Trick

Shut Down And Restart—New Microsoft Attack Beats Passwords, 2FA And Passkeys

ClickFix attacks that bypass cyber controls on the rise | Computer Weekly

New ClickFix 'Word Online' Message Tricks Users into Installing DarkGate Malware

PureRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading | Trend Micro (US)

The WhatsApp takeover scam that doesn’t need your password

Deepfakes Expose New Risks in Identity and Digital Trust

North Korean infiltrator caught working in Amazon IT department thanks to lag — 110ms keystroke input raises red flags over true location | Tom's Hardware

Amazon blocked 1,800 suspected DPRK job applicants • The Register

Inside a purchase order PDF phishing campaign | Malwarebytes

Fraud, Scams and Financial Crime

Financial Times investigation raises questions over King Gaming saga | Isle of Man Today

Money Mules Require Banks to Switch from Defense to Offense

European authorities dismantle call center fraud ring in Ukraine

What Is 'NGate'? The Android Phone ATM Scam You Need To Know About

The Secret Life Of Parked Domains: The Internet’s Forgotten Real Estate Is Now A Pressing Threat | Scoop News

Darkweb Powers Decentralized Financial Crimes

Hacker Busts Startup Running Huge Web of AI-Generated "Influencers" on Instagram

Nomad settles with the FTC over $186M cyberattack • The Register

HMRC Warns of Over 135,000 Scam Reports - Infosecurity Magazine

Myanmar calls on countries to take back citizens held in crackdown on scam centers - ABC News

Singapore Entrepreneur Loses Entire Crypto Portfolio After Downloading Fake Game - Decrypt

Artificial Intelligence

New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale

The 'world is not ready' for AI cybersecurity risks, Booz Allen CEO Horacio Rozanski warns - Washington Times

Cybersecurity Crossed the AI Rubicon: Why 2025 Marked a Point of No Return - Security Boulevard

Deepfakes Expose New Risks in Identity and Digital Trust

The internet in 2025: Bigger, more fragile than ever - and 'fundamentally rewired' by AI | ZDNET

AI-era cybersecurity is 'so dangerous,' CrowdStrike pres. explains

AI breaks the old security playbook - Help Net Security

The agentic shift: how autonomous AI is reshaping the global threat landscape

Chrome, Edge privacy extensions quietly snarf AI chats • The Register

Hacker Busts Startup Running Huge Web of AI-Generated "Influencers" on Instagram

Militant Groups Are Experimenting With AI, and the Risks Are Expected to Grow - SecurityWeek

The Things Young Kids Are Using AI for Are Absolutely Horrifying

NIST releases draft AI cybersecurity framework profile to guide secure AI adoption - SiliconANGLE

What Cyber Defenders Really Think About AI Risk | Trend Micro (US)

I Work at Google in AI Security: Things I Would Never Tell Chatbots - Business Insider

AI is causing all kinds of problems in the legal sector  | CyberScoop

AML/CFT/Money Laundering/Terrorist Financing/Sanctions

Belgian politicians and finance bosses targeted by Russian intelligence over seized assets | Russia | The Guardian

FBI takes down alleged money laundering service for ransomware groups | The Record from Recorded Future News

Europe Targets Kremlin Disinformation, Cyber Networks in New Sanctions Push

EU Sanctions Target Russia’s ‘Shadow Fleet’ Backers and Disinformation Network - The Moscow Times

2FA/MFA

New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale

Your Accounts Can Still Get Hacked, Even Using Multi-Factor Authentication

Malware

Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery - SecurityWeek

New ClickFix 'Word Online' Message Tricks Users into Installing DarkGate Malware

PureRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading | Trend Micro (US)

New SantaStealer malware steals data from browsers, crypto wallets

What is driving the rise of infostealer malware? | Computer Weekly

A Browser Extension Risk Guide After the ShadyPanda Campaign

17 Firefox extensions hide malware in icons | Cybernews

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

Stop clicking “allow” on these pop-ups — they’re more dangerous than malware

Russian Phishing Campaign Delivers Phantom Stealer Via ISO Files - Infosecurity Magazine

Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads

Elastic detects stealthy NANOREMOTE malware using Google Drive as C2

ZnDoor Malware Exploiting React2Shell Vulnerability to Compromise Network Devices

Fake ‘One Battle After Another’ torrent hides malware in subtitles

New BeaverTail Malware Variant Linked to Lazarus Group - Infosecurity Magazine

Fake Zoom malware scam tied to North Korean hackers targets crypto users - CoinJournal

Man jailed for teaching criminals how to use malware

Bots/Botnets

Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks

Mobile

What Is 'NGate'? The Android Phone ATM Scam You Need To Know About

The WhatsApp takeover scam that doesn’t need your password

Android mobile adware surges in second half of 2025 | Malwarebytes

'Cellik' Android RAT Leverages Google Play Store

Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

The ghosts of WhatsApp: How GhostPairing hijacks accounts | Malwarebytes

WhatsApp users unknowingly link hackers’ devices | Cybernews

Europe's DMA raises new security worries for mobile ecosystems - Help Net Security

‘Completely Deactivate Wi-Fi’—Cyber Agency Warns iPhone And Android Users

Microsoft to block Exchange Online access for outdated mobile devices

Denial of Service/DoS/DDoS

Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks

Internet of Things – IoT

Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks

Is your smart home an easy target? 6 ways experts lock theirs down | ZDNET

Your car’s web browser may be on the road to cyber ruin • The Register

Data Breaches/Leaks

Coupang data breach traced to ex-employee who retained system access

ICO Issues Post Office Public Reprimand Instead of Fine Over Data Breach - IT Security Guru

Featured Chrome Browser Extension Caught Intercepting Millions of Users' AI Chats

Nearly 5.6 million people hit by massive data breach at credit check company — what you need to know | Tom's Guide

Data breach at credit check giant 700Credit affects at least 5.6 million | TechCrunch

PornHub Premium hacked. This is the info they reportedly stole. | Mashable

Analytics provider: We didn't expose stolen smut data • The Register

Data may have been taken in Ombudsman office cyber attack

French Interior Ministry confirms cyberattack on email servers

France arrests suspect tied to cyberattack on Interior Ministry

UK Information Commissioner Investigates Film & TV Worker Data Breach

Personal data breach affects thousands across Channel Islands - BBC News

GDPR failures in Home Office eVisa rollout in spotlight • The Register

SoundCloud confirms breach after member data stolen, VPN access disrupted

NHS tech supplier probes cyberattack on internal systems • The Register

University of Sydney suffers data breach exposing student and staff info

Organised Crime & Criminal Actors

Financial Times investigation raises questions over King Gaming saga | Isle of Man Today

Scammers, spies and triads: inside cyber-crime’s $15tn global empire | FT Film

North Korea stole a record $2B in crypto this year • The Register

Hackers Are Stealing Microsoft Account Passwords With This Trick

Money Mules Require Banks to Switch from Defense to Offense

European authorities dismantle call center fraud ring in Ukraine

Darkweb Powers Decentralized Financial Crimes

Nomad settles with the FTC over $186M cyberattack • The Register

Third Defendant Pleads Guilty in Fantasy Sports Betting Hack Case - Infosecurity Magazine

Myanmar calls on countries to take back citizens held in crackdown on scam centers - ABC News

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

North Korea stole a record $2B in crypto this year • The Register

New SantaStealer malware steals data from browsers, crypto wallets

Nomad settles with the FTC over $186M cyberattack • The Register

Fake Zoom malware scam tied to North Korean hackers targets crypto users - CoinJournal

Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign

Singapore Entrepreneur Loses Entire Crypto Portfolio After Downloading Fake Game - Decrypt

Insider Risk and Insider Threats

Coupang data breach traced to ex-employee who retained system access

North Korean infiltrator caught working in Amazon IT department thanks to lag — 110ms keystroke input raises red flags over true location | Tom's Hardware

Amazon blocked 1,800 suspected DPRK job applicants • The Register

Insurance

What is a Cyber Insurance Managing General Agent?

Supply Chain and Third Parties

JLR cyberattack pushes TCS to standardize security for top clients | Company Business News

From Open Source to OpenAI: The Evolution of Third-Party Risk - SecurityWeek

PornHub Premium hacked. This is the info they reportedly stole. | Mashable

Analytics provider: We didn't expose stolen smut data • The Register

NHS tech supplier probes cyberattack on internal systems • The Register

Software Supply Chain

From Open Source to OpenAI: The Evolution of Third-Party Risk - SecurityWeek

Cloud/SaaS

Elastic detects stealthy NANOREMOTE malware using Google Drive as C2

OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365 - Infosecurity Magazine

US sues ex-Accenture manager over Army cloud security claims • The Register

Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign

NATO's battle for cloud sovereignty: Speed is existential • The Register

Identity and Access Management

Identity risk is changing faster than most security teams expect - Help Net Security

Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign

Encryption

After years of cyberattacks, Microsoft cripples RC4 and forces networks to adopt stronger encryption immediately | TechRadar

Linux and Open Source

From Open Source to OpenAI: The Evolution of Third-Party Risk - SecurityWeek

Passwords, Credential Stuffing & Brute Force Attacks

New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale

FBI Confirms 630 Million Stolen Passwords — How To Check Yours Now

Social Media

Deepfakes Expose New Risks in Identity and Digital Trust

Hacker Busts Startup Running Huge Web of AI-Generated "Influencers" on Instagram

Privacy risks sit inside the ads that fill your social media feed - Help Net Security

Meta adopts new age-check system to meet global child safety laws

Regulations, Fines and Legislation

Financial Times investigation raises questions over King Gaming saga | Isle of Man Today

Scammers, spies and triads: inside cyber-crime’s $15tn global empire | FT Film

ICO Issues Post Office Public Reprimand Instead of Fine Over Data Breach - IT Security Guru

UK Lords propose ban on VPNs for children | TechRadar

Making cybercrime illegal won't stop it; making cybersec research legal may | CSO Online

Whistleblowers raise ‘extreme’ concern about security of government’s Digital ID | ITV News

Nomad settles with the FTC over $186M cyberattack • The Register

The EU prepares ground for wider data retention – and VPN providers are among the targets | TechRadar

Europe's DMA raises new security worries for mobile ecosystems - Help Net Security

UK surveillance law still full of holes, watchdog warns • The Register

Are Trade Concerns Trumping Cybersecurity?

Trump Administration Turning to Private Firms in Cyber Offensive

China Finalises Amendments to the Cybersecurity Law What Businesses Need to Know Before 1 January 2026 | Mayer Brown - JDSupra

Key lawmaker says Congress likely to kick can down road on cyber information sharing law | CyberScoop

Legal protection for ethical hacking is only the first step • The Register

Models, Frameworks and Standards

ICO Issues Post Office Public Reprimand Instead of Fine Over Data Breach - IT Security Guru

UK Lords propose ban on VPNs for children | TechRadar

GDPR failures in Home Office eVisa rollout in spotlight • The Register

NIST releases draft AI cybersecurity framework profile to guide secure AI adoption - SiliconANGLE

Data Protection

ICO Issues Post Office Public Reprimand Instead of Fine Over Data Breach - IT Security Guru

GDPR failures in Home Office eVisa rollout in spotlight • The Register

Careers, Roles, Skills, Working in Cyber and Information Security

EU can’t attract and retain cyber talent: why? | Cybernews

What lies in store for cyber security skills in 2026? | Computer Weekly

Increased workloads, strategic influence and technical focus - CISO predictions for 2026 - BetaNews

The Burnout Nobody Talks About: When “Always-On” Leadership Becomes a Liability - Security Boulevard

Leading Through Ambiguity: Decision-Making in Cybersecurity Leadership - Security Boulevard

Law Enforcement Action and Take Downs

European police busts Ukraine scam call centers - Help Net Security

France arrests suspect tied to cyberattack on Interior Ministry

FBI takes down alleged money laundering service for ransomware groups | The Record from Recorded Future News

Third Defendant Pleads Guilty in Fantasy Sports Betting Hack Case - Infosecurity Magazine

Myanmar calls on countries to take back citizens held in crackdown on scam centers - ABC News

Man jailed for teaching criminals how to use malware

France arrests Latvian for installing malware on Italian ferry

Misinformation, Disinformation and Propaganda

EU Sanctions Target Russia’s ‘Shadow Fleet’ Backers and Disinformation Network - The Moscow Times

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

MI6 chief: 'We are operating in space between peace and war' - BBC News

MI6 chief warns of Russian hybrid threats, urges tech focus | EasternEye

MI6 chief warns 'front line is everywhere' and signals intent to pressure Putin | The Record from Recorded Future News

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

The agentic shift: how autonomous AI is reshaping the global threat landscape

Three ways teams can tackle Iran's tangled web of state-sponsored espionage | SC Media

Israel Issues Chilling Cyber Warfare Warning After Iran Attacks

Russia suspected of hacking European ferry with ‘remote control’

Nation State Actors

A ‘whole society’ response to threats to national security

China

Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery - SecurityWeek

A Browser Extension Risk Guide After the ShadyPanda Campaign

The $0 Transaction That Signaled a Nation-State Cyberattack

US has failed to stop massive Chinese cyber campaign, warns senator

React2Shell vuln exploited by China, Iran, Google warns • The Register

China's Ink Dragon hides out in European government networks • The Register

China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear - SecurityWeek

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

Financial Times investigation raises questions over King Gaming saga | Isle of Man Today

Scammers, spies and triads: inside cyber-crime’s $15tn global empire | FT Film

Google Sues Chinese ‘Darcula’ Group Over Alleged Phishing Scheme

EU security doctrine highlights high-risk dependency on Chinese solar inverters – pv magazine International

China Finalises Amendments to the Cybersecurity Law What Businesses Need to Know Before 1 January 2026 | Mayer Brown - JDSupra

Russia

MI6 chief: 'We are operating in space between peace and war' - BBC News

MI6 chief warns of Russian hybrid threats, urges tech focus | EasternEye

MI6 chief warns 'front line is everywhere' and signals intent to pressure Putin | The Record from Recorded Future News

Belgian politicians and finance bosses targeted by Russian intelligence over seized assets | Russia | The Guardian

France and Germany Grappling With Nation-State Hacks

Germany accuses Russia of 2024 cyber attack and election disinformation campaign - BBC News

EU Sanctions Target Russia’s ‘Shadow Fleet’ Backers and Disinformation Network - The Moscow Times

Russian Phishing Campaign Delivers Phantom Stealer Via ISO Files - Infosecurity Magazine

Amazon security boss blames Russia's GRU for energy hacks • The Register

Denmark says Russia was behind two ‘destructive and disruptive’ cyber-attacks | Denmark | The Guardian

Russia suspected of hacking European ferry with ‘remote control’

Amazon disrupts Russian GRU hackers attacking edge network devices

German Parliament Hit By Cyber-Attack During Zelensky Visit

Flaw in Hacktivist Ransomware Lets Victims Decrypt Own Files

Russian BlueDelta hackers ran phishing campaign against Ukrainian webmail users | The Record from Recorded Future News

Iran

Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery - SecurityWeek

React2Shell vuln exploited by China, Iran, Google warns • The Register

Dormant Iran APT is Still Alive, Spying on Dissidents

Three ways teams can tackle Iran's tangled web of state-sponsored espionage | SC Media

Israel Issues Chilling Cyber Warfare Warning After Iran Attacks

North Korea

North Korea stole a record $2B in crypto this year • The Register

North Korean infiltrator caught working in Amazon IT department thanks to lag — 110ms keystroke input raises red flags over true location | Tom's Hardware

Amazon blocked 1,800 suspected DPRK job applicants • The Register

Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

Fake Zoom malware scam tied to North Korean hackers targets crypto users - CoinJournal

New BeaverTail Malware Variant Linked to Lazarus Group - Infosecurity Magazine

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Flaw in Hacktivist Ransomware Lets Victims Decrypt Own Files

Militant Groups Are Experimenting With AI, and the Risks Are Expected to Grow - SecurityWeek

Tools and Controls

The Hidden Risk in Virtualization: Why Hypervisors are a Ransomware Magnet

Amazon disrupts Russian GRU hackers attacking edge network devices

A Browser Extension Risk Guide After the ShadyPanda Campaign

From Open Source to OpenAI: The Evolution of Third-Party Risk - SecurityWeek

How to justify your security investments | CSO Online

News brief: Future of security holds bigger budgets, new threats | TechTarget

The Budget Effect of a Security Incident - Infosecurity Magazine

Remote work: 'We are seeing more cases of dismissals under technological surveillance, especially in the US'

More than half of public vulnerabilities bypass leading WAFs - Help Net Security

The EU prepares ground for wider data retention – and VPN providers are among the targets | TechRadar

5 ways to scour the dark web for your data after Google kills its free report | ZDNET

AI isn't one system, and your threat model shouldn’t be either - Help Net Security

Reports Published in the Last Week

Trend Micro's 2025 Defenders Survey Report | Trend Micro (US)

Other News

How the Hacking World Has Changed: 'All Tech is Political'

CISO Communities – Cybersecurity’s Secret Weapon - SecurityWeek

Shadow spreadsheets: The security gap your tools can’t see

Cybersecurity - indispensable in the defense industry

Most schools underprepared for cybersecurity threats - BetaNews

No more orange juice? Why one ship reveals America's maritime cybersecurity crisis | CSO Online

The soft underbelly of space isn't in orbit, it's on the ground - Help Net Security

Online Attacks Against Women Human Rights Workers Double In Five Years

Venezuela state oil company blames cyberattack on US after tanker seizure | The Record from Recorded Future News

Vulnerability Management

More than half of public vulnerabilities bypass leading WAFs - Help Net Security

41 Microsoft Zero-Day Warnings — Millions Of Users Face Update Choice

Vulnerabilities

Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery - SecurityWeek

React2Shell vuln exploited by China, Iran, Google warns • The Register

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation

Half of exposed React servers remain unpatched amid attacks • The Register

Another bad week for SonicWall as SMA 1000 0-day exploited • The Register

China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear - SecurityWeek

Google and Apple roll out emergency security updates after zero-day attacks | TechCrunch

Emergency fixes deployed by Google and Apple after targeted attacks

Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

Chrome Security Update - Patch for Critical Vulnerabilities that Enables Remote Code Execution

Hackers are exploiting critical Fortinet flaws days after patch release

Notepad++ fixed updater bugs that allowed malicious update hijacking

Microsoft: December security updates cause Message Queuing failures

Windows Admin Center Vulnerability (CVE-2025-64669) Let Attackers Escalate Privileges

Windows Remote Access Connection Manager Vulnerability Enables Arbitrary Code Execution

New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

Microsoft RasMan 0-day gets an unofficial patch and exploit • The Register

Recent GeoServer Vulnerability Exploited in Attacks - SecurityWeek

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks

JumpCloud Windows Agent Flaw Enables Local Privilege Escalation - Infosecurity Magazine

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

With our sights on the New Year, our review this week looks at cyber security in 2026 and the risks that we all need to manage. Without doubt, AI is a major factor in that, both when used by organisations without a defined security policy as well as when used maliciously by attackers as described below. There are also some interesting insights from an analysis of cyber insurance claims in our review this week, and we include news of new tactics by attackers through mobile devices and social engineering.

We are clear that cyber security requires business leaders to understand current risks, and to implement aligned controls across people, operations and technology. The evolution of AI and other risks in 2026 further reinforces the need for this business-wide approach, supported by a CISO that can translate between technology and business management. Proportionality is always a key consideration, balancing cost and effectiveness. Contact us to see how to achieve this through a pragmatic and commercially aligned strategy.

Top Cyber Stories of the Last Week

Human-Centric Cyber Risks Surge as AI Enters the Workforce, Report Finds

Research highlights a sharp rise in incidents linked to human behaviour as AI becomes embedded in daily work. Organisations report significant growth in email-driven attacks, social engineering, unsafe behaviour, and mistakes. AI-related incidents and deepfake-enabled fraud are increasing, while shadow AI usage is expanding as employees turn to unsanctioned tools, weakening visibility and control over data and decision-making.

Source: https://www.itsecurityguru.org/2025/12/10/human-centric-cyber-risks-surge-as-ai-enters-the-workforce-report-finds/

Trend Micro Issues Warning Over Rise of 'Vibe Crime' as Cyber Criminals Turn to Agentic AI to Automate Attacks

Trend Micro warns that so-called vibe crime will accelerate cyber crime by enabling autonomous, end-to-end attack chains powered by agentic AI. Rather than sudden spikes, organisations should expect persistent background activity that scales without human oversight. This evolution reframes cybercrime-as-a-service into a model where AI performs continuous reconnaissance, phishing, fraud, and exploitation.

Source: https://www.itpro.com/security/cyber-crime/trend-micro-vibe-crime-agentic-ai-cyber-crime

What the Rise in Cyber Insurance Claims Reveals About the Vulnerability of UK Businesses

UK cyber insurance claims have surged, reflecting both rising threat activity and weaknesses created by outsourcing, poor oversight, and complex supply chains. Cost-driven decisions can reduce visibility and weaken access controls, increasing exposure. Higher premiums alone are unlikely to fix the problem, with current payouts seen as an early warning of deeper systemic risk without stronger controls and better risk maturity.

Source: https://www.techmonitor.ai/comment-2/cyber-insurance-uk-vulnerabilities?cf-view

Nearly Two-Thirds of Organisations to Increase Cyber Security Investments in 2026: Marsh

Marsh reports that most organisations plan to increase cyber security spending, with many expecting significant budget rises. Third-party risk is a major driver, as a large proportion experienced at least one material supplier-related cyber incident in the past year. UK organisations show particularly strong intent to increase investment to address exposure and resilience gaps.

Source: https://www.reinsurancene.ws/nearly-two-thirds-of-organisations-to-increase-cybersecurity-investments-in-2026-marsh/

When It Comes to Security Resilience, Cheaper Isn’t Always Better

Cost-focused procurement can undermine cyber resilience by increasing dependency on fragile suppliers and underinvested controls. Savings achieved through cheaper vendors can be quickly erased by incidents such as ransomware, service disruption, or third-party data compromise. The article argues for procurement incentives that prioritise resilience and continuity, treating cyber security as a core business survival issue rather than a compliance cost.

Source: https://www.csoonline.com/article/4101863/when-it-comes-to-security-resilience-cheaper-isnt-always-better.html

Cyber Threats Are Evolving Fast - Is Your Leadership Keeping Up?

Effective cyber security depends on leadership, governance, and organisational culture, not just technology. Incidents damage trust, reputation, and revenue, while early executive response often determines the scale of impact. The article stresses the importance of senior ownership, clear communication, and disciplined programme management to translate cyber strategy into consistent, operational outcomes.

Source: https://www.entrepreneur.com/science-technology/cyber-threats-are-evolving-fast-are-you-keeping-up/498554

A Tale of Two CISOs: Why An Engineering-Focused CISO Can Be a Liability

An engineering-led approach to cyber security can create blind spots by assuming strong preventative controls are sufficient. Risk often shifts into overlooked areas such as permissions, pipelines, and operational processes. A more effective model assumes failure, focuses on limiting blast radius, rehearses response, and aligns people, process, and technology under strong governance.

Source: https://www.darkreading.com/cyber-risk/why-an-engineering-focused-ciso-can-be-a-liability

Why Small Businesses Can’t Afford to Overlook Cyber Security This Peak Season

Peak retail periods attract heightened attacker activity as transaction volumes rise. Phishing, ransomware, and malware campaigns intensify, with seasonal lures proving highly effective. For small businesses, cyber security failures can disrupt sales, expose customer data, and trigger recovery costs, making basic protections essential to protecting revenue during critical trading periods.

Source: https://www.raconteur.net/technology/why-small-businesses-cant-afford-to-overlook-cybersecurity-this-peak-season

New DroidLock Malware Locks Android Devices and Demands a Ransom

DroidLock is a newly identified Android threat that locks devices and demands payment while harvesting sensitive data including messages, contacts, call logs, and recordings. The malware can be remotely controlled and can wipe data or steal lock patterns. Campaigns target Spanish-speaking users and spread through malicious sites offering fake apps that request extensive permissions.

Source: https://www.bleepingcomputer.com/news/security/new-droidlock-malware-locks-android-devices-and-demands-a-ransom/

Push Security Uncovers “ConsentFix”: A New Class of Browser-Native Phishing Attack

ConsentFix blends social engineering with open authorisation (OAuth) consent abuse to enable account takeover without requiring traditional login credentials. By operating entirely within the browser and targeting trusted first-party applications, the technique can bypass MFA and endpoint controls. Distribution through search results further reduces reliance on email-based phishing, complicating detection.

Source: https://www.businesswire.com/news/home/20251211310366/en/Push-Security-Uncovers-ConsentFix-A-New-Class-of-Browser-Native-Phishing-Attack

Report Surfaces Multiple Novel Social Engineering Tactics and Techniques

Threat researchers report attackers using increasingly creative social engineering techniques to evade controls and deliver malware. Campaigns include legal-themed emails, fake government sites, malicious SVG files, and counterfeit software updates. Information-stealing malware dominates observed threats, while a notable proportion of malicious emails bypass gateway scanning.

Source: https://securityboulevard.com/2025/12/report-surfaces-multiple-novel-social-engineering-tactics-and-techniques/

EU Leaders to Push Defence Readiness Amid Russia ‘Hybrid Attack’ Warnings

EU leaders will use the December European Council summit to accelerate defence cooperation, boost weapons production for Ukraine, and strengthen protection against cyber and drone attacks. Draft conclusions warn of an intensified hybrid campaign by Russia and Belarus and call for faster resilience measures, shared military capabilities, and new funding. Leaders will also debate long-term support for Ukraine through at least 2027, including use of frozen Russian assets.

Source: https://www.politico.eu/article/eu-leaders-summit-defense-readiness-russia-hybrid-attack-warnings-ukraine/

Governance, Risk and Compliance

Nearly two-thirds of organisations to increase cybersecurity investments in 2026: Marsh - Reinsurance News

When it comes to security resilience, cheaper isn’t always better | CSO Online

Why small businesses can’t afford to overlook cybersecurity this peak season - Raconteur

Why An Engineering-Focused CISO Can Be a Liability

Are we mistaking regulation for resilience? | Computer Weekly

“Cyber Tax” Warning as Two-Fifths of SMBs Raise Prices After Breach - Infosecurity Magazine

Resilience is the new currency | Professional Security Magazine

Cyber Threats Are Evolving Fast — Are You Keeping Up?

Need for 'attacking mindset' as major cyber hacks up 50 per cent | In Cumbria

Cybersecurity Threats and AI Disruptions Top Concerns for IT Leaders in 2026, Veeam Survey Finds

CISOs are spending big and still losing ground - Help Net Security

Cyber budget cuts are slowing down, but that doesn't mean there's light on the horizon for security teams | IT Pro

Global Cyber Alliance Identifies Five Cybersecurity Forces That Defined 2025 - And Will Shape 2026

Cybersecurity Leaders Put Data Protection and Response at the Top of the 2026 Agenda.

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Payments Surpassed $4.5 Billion: US Treasury - SecurityWeek

Researchers spot 700 percent increase in hypervisor attacks • The Register

Cyber insurance claims in 2024 tripled. UK firms are vulnerable

New DroidLock malware locks Android devices and demands a ransom

Ransomware keeps widening its reach - Help Net Security

Banks paid $370M in ransoms to cybercriminals in 2024 | American Banker

Ransomware IAB abuses EDR for stealthy malware execution

Packer-as-a-Service Shanya Hides Ransomware, Kills EDR

DeadLock Ransomware Uses BYOVD to Evade Security Measures - Infosecurity Magazine

Ransomware Targeting Hyper-V and VMware ESXi Surges as Akira Group Exploits System Vulnerabilities

Akira ransomware: FBI tallies 250 million in payouts – DataBreaches.Net

Ransomware Victim Warning: The Streisand Effect May Apply

Russian hackers debut simple ransomware service • The Register

Ransomware gangs turn to Shanya EXE packer to hide EDR killers

Contractors with hacking records accused of wiping 96 govt databases

FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms

Industrial ransomware attacks rise sharply in Q3 2025

UK ransomware payment ban could ‘significantly shift’ cyber market :: Insurance Day

Ransomware Victims

Banks paid $370M in ransoms to cybercriminals in 2024 | American Banker

NHS taking legal action after patient and staff data stolen in cyber attack | The Independent

Barts Health NHS discloses data breach after Oracle zero-day hack

Industrial ransomware attacks rise sharply in Q3 2025

Cyber attack chaos ahead of Christmas | Westminster Extra

UK Hospital Asks Court to Stymie Ransomware Data Leak

HSE offers €750 to victims of 2021 cyberattack which affected 90,000 people | Irish Independent

IE: HSE confirms second ransomware attack but ‘no evidence’ patient data was stolen – DataBreaches.Net

Phishing & Email Based Attacks

How phishers hide banking scams behind free Cloudflare Pages | Malwarebytes

New Spiderman phishing service targets dozens of European banks

Novel clickjacking attack relies on CSS and SVG • The Register

AI Is Driving a Shift in Targeted Email Attacks

Other Social Engineering

Push Security Uncovers “ConsentFix”: A New Class of Browser-Native Phishing Attack

Novel clickjacking attack relies on CSS and SVG • The Register

Global Scams, From Southeast Asia's Pig Butchering to Russia's 'Black Widows'

New Vishing Attack Leverages Microsoft Teams Call and QuickAssist to Deploy .NET Malware

ClickFix Style Attack Uses Grok, ChatGPT for Malware Delivery

ClickFix Social Engineering Sparks Rise of CastleLoader Attacks - Infosecurity Magazine

Report Surfaces Multiple Novel Social Engineering Tactics and Techniques - Security Boulevard

Imposter for hire: How fake people can gain very real access | Microsoft Security Blog

Hackers posed as law enforcement to gain Apple Account data

FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms

Crims using social media images in virtual kidnapping scams • The Register

Fraud, Scams and Financial Crime

Global Scams, From Southeast Asia's Pig Butchering to Russia's 'Black Widows'

How phishers hide banking scams behind free Cloudflare Pages | Malwarebytes

Key barrier to online fraud can be bypassed for pennies, say researchers - CNA

Russian police bust bank-account hacking gang that used NFCGate-based malware | The Record from Recorded Future News

California man admits role in $263 million cryptocurrency theft that funded lavish lifestyle

Myanmar's army says it wants to eradicate scam compounds. Is it really doing that? - BBC News

Scam-Busting FCA Firm Checker Tool Given Cautious Welcome - Infosecurity Magazine

‘Report fraud’ service replaces Action Fraud as UK’s official reporting portal

Artificial Intelligence

Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

Block all AI browsers for the foreseeable future: Gartner • The Register

UK cyber agency warns LLMs will always be vulnerable to prompt injection | CyberScoop

New Prompt Injection Attack via Malicious MCP Servers Let Attackers Drain Resources

OpenAI warns new models pose 'high' cybersecurity risk - CNA

Human-Centric Cyber Risks Surge as AI Enters the Workforce, Report Finds - IT Security Guru

Exclusive | AI Hackers Are Coming Dangerously Close to Beating Humans - WSJ

ClickFix Style Attack Uses Grok, ChatGPT for Malware Delivery

Cybersecurity Threats and AI Disruptions Top Concerns for IT Leaders in 2026, Veeam Survey Finds

NVIDIA research shows how agentic AI fails under attack - Help Net Security

AI hallucinations and sophisticated cyberattacks: Business tech concerns for next year - Digital Journal

UK NCSC Raises Alarms Over Prompt Injection Attacks - Infosecurity Magazine

LLMs are everywhere in your stack and every layer brings new risk - Help Net Security

Trend Micro issues warning over rise of 'vibe crime' as cyber criminals turn to agentic AI to automate attacks | IT Pro

Ignoring AI in the threat chain could be a costly mistake, experts warn | CSO Online

Cyber experts warn AI will accelerate attacks and overwhelm defenders in 2026 - BetaNews

AI is accelerating cyberattacks. Is your network prepared?

Latest macOS malware uses trusted search & AI to dupe users

Copilot's No Code AI Agents Liable to Leak Company Data

AI Is Driving a Shift in Targeted Email Attacks

The AMOS infostealer is piggybacking ChatGPT's chat-sharing feature | Kaspersky official blog

It's time to revamp IT security to deal with AI

OpenAI user data was breached, but changing your password won't help - here's why | ZDNET

LLM privacy policies keep getting longer, denser, and nearly impossible to decode - Help Net Security

Tehran and Moscow sign deal on AI, cybersecurity | Iran International

Police Admit AI Surveillance Panopticon Still Has Issues With "Some Demographic Groups"

Brussels attacks Google for ‘unfairly harvesting’ web and YouTube content for AI

Privacy concerns raised as Grok AI found to be a stalker's best friend

Trump Signs Executive Order to Block State AI Regulations - SecurityWeek

AML/CFT/Money Laundering/Terrorist Financing/Sanctions

Predator Spyware Maker Intellexa Evades Sanctions - Infosecurity Magazine

Britain sanctions Russian, Chinese entities over disinfo, cyber threats - CNA

UK Sanctions Russian and Chinese Firms Suspected of Being ‘Malign Actors’ in Information Warfare - SecurityWeek

2FA/MFA

Death to one-time text codes: Passkeys are the new hotness • The Register

Android Warning—New Attack Unlocks Your Phone And Steals Your Texts

Malware

Wide Range of Malware Delivered in React2Shell Attacks - SecurityWeek

ClickFix Style Attack Uses Grok, ChatGPT for Malware Delivery

Latest macOS malware uses trusted search & AI to dupe users

New Vishing Attack Leverages Microsoft Teams Call and QuickAssist to Deploy .NET Malware

ClickFix Social Engineering Sparks Rise of CastleLoader Attacks - Infosecurity Magazine

Ransomware IAB abuses EDR for stealthy malware execution

Packer-as-a-Service Shanya Hides Ransomware, Kills EDR

DeadLock Ransomware Uses BYOVD to Evade Security Measures - Infosecurity Magazine

Information stealers are on the rise, are you at risk? | Cyber.gov.au

Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure

Threat Actors Poisoning SEO Results to Attack Organizations With Fake Microsoft Teams Installer

Malicious Microsoft VS Code extensions steal data | Cybernews

'PyStoreRAT' malware uses fake developer tools on GitHub to infect Windows systems - SiliconANGLE

NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems

The AMOS infostealer is piggybacking ChatGPT's chat-sharing feature | Kaspersky official blog

Threat Actors Deploying CoinMiner Malware via USB Drives Infecting Workstations

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT

Malicious VSCode extensions on Microsoft's registry drop infostealers

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign

New Mirai Botnet Variant 'Broadside' Actively Attacking Users in the Wild

Bots/Botnets

Bots, bias, and bunk: How to tell what's real on the net • The Register

Analysts Warn of Cybersecurity Risks in Humanoid Robots

'Botnets in physical form' are top humanoid robot risk • The Register

New 'Broadside' Botnet Poses Risk to Shipping Companies - SecurityWeek

New Mirai Botnet Variant 'Broadside' Actively Attacking Users in the Wild

Mobile

New DroidLock malware locks Android devices and demands a ransom

Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features

New malware turns trusted banking apps into phone hijacking tools — how to stay safe | Tom's Guide

Russian police bust bank-account hacking gang that used NFCGate-based malware | The Record from Recorded Future News

Android Warning—New Attack Unlocks Your Phone And Steals Your Texts

Israel’s Military Bans Android Devices as Targeted Cyberattacks Intensify, Orders To Use Only Iphones - The420.in

ClayRat Android Spyware Expands Capabilities - Infosecurity Magazine

Threat Actors Targeting Messaging Applications | Robinson+Cole Data Privacy + Security Insider - JDSupra

Uneven regulatory demands expose gaps in mobile security - Help Net Security

Internet of Things – IoT

Porsche panic in Russia as cars mysteriously bricked • The Register

Should you be afraid of smart home hacking? 6 ways experts keep their devices protected | ZDNET

Porsche outage in Russia serves as a reminder of the risks in connected vehicle security

Ring's 'Familiar Faces' is here: Why privacy experts worry it's mass surveillance in disguise | ZDNET

Data Breaches/Leaks

UK Reports Worse Data Breaches and Greater Concern for IT Help Desk Risk: RSA ID IQ Report Unveils Top Identity Threats

Copilot's No Code AI Agents Liable to Leak Company Data

OpenAI user data was breached, but changing your password won't help - here's why | ZDNET

Spain arrests teen who stole 64 million personal data records

UK fines LastPass £1.2 million for data breach affecting 1.6 million people | The Record from Recorded Future News

NHS taking legal action after patient and staff data stolen in cyber attack | The Independent

US military contractor breach expose employee data | Cybernews

Over 10,000 Docker Hub images found leaking credentials, auth keys

PSNI officer 'felt fear and disbelief' after data breach - BBC News

Users report chaos as Legal Aid Agency stumbles back online • The Register

Contractors with hacking records accused of wiping 96 govt databases

Coupang CEO Resigns Following Major Data Breach Exposing 34 Million Customers - IT Security Guru

Hospice Firm, Eye Care Practice Notifying 520,000 of Hacks

Hackers claim Volkswagen dealer data is for sale | Cybernews

One of Sudan’s last flying airlines breached, say hackers​ | Cybernews

Organised Crime & Criminal Actors

Trend Micro issues warning over rise of 'vibe crime' as cyber criminals turn to agentic AI to automate attacks | IT Pro

Global Scams, From Southeast Asia's Pig Butchering to Russia's 'Black Widows'

European cops arrest 193 'violence-as-a-service' suspects • The Register

Contractors with hacking records accused of wiping 96 govt databases

Ex-teen hackers warn parents are clueless as children steal ‘millions’ – DataBreaches.Net

National cybercrime network operating for 14 years dismantled in Indonesia | TechRadar

British threat actor ‘Danish Zulfiqar’ rumored to have been arrested and $18.58M crypto assets seized - Cryptopolitan

How old is the average hacker? What does a new research report suggest? (1) – DataBreaches.Net

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

California man admits role in $263 million cryptocurrency theft that funded lavish lifestyle

Threat Actors Deploying CoinMiner Malware via USB Drives Infecting Workstations

British threat actor ‘Danish Zulfiqar’ rumored to have been arrested and $18.58M crypto assets seized - Cryptopolitan

Insider Risk and Insider Threats

Human-Centric Cyber Risks Surge as AI Enters the Workforce, Report Finds - IT Security Guru

KnowBe4 Research Reveals 96% of Organizations Struggle to Secure the Human Element as AI Transforms the NexGen Workforce

Insurance

Cyber insurance claims in 2024 tripled. UK firms are vulnerable

UK ransomware payment ban could ‘significantly shift’ cyber market :: Insurance Day

Supply Chain and Third Parties

Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack | Microsoft Security Blog

NHS taking legal action after patient and staff data stolen in cyber attack | The Independent

Barts Health NHS discloses data breach after Oracle zero-day hack

UK Hospital Asks Court to Stymie Ransomware Data Leak

Software Supply Chain

'PyStoreRAT' malware uses fake developer tools on GitHub to infect Windows systems - SiliconANGLE

Malware Discovered in 19 Visual Studio Code Extensions - Infosecurity Magazine

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

Cloud/SaaS

Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack | Microsoft Security Blog

New Vishing Attack Leverages Microsoft Teams Call and QuickAssist to Deploy .NET Malware

NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems

Swiss Government Sounds The Alarm Bell Over Cloud Storage Security Risks

US charges former Accenture employee with misleading feds on cloud platform’s security - Nextgov/FCW

Microsoft investigates Copilot outage affecting users in Europe

Outages

Cloudflare Outage Caused by React2Shell Mitigations - SecurityWeek

Microsoft investigates Copilot outage affecting users in Europe

Porsche outage in Russia serves as a reminder of the risks in connected vehicle security

Encryption

CISOs Should Be Asking These Quantum Questions Today

Passwords, Credential Stuffing & Brute Force Attacks

New wave of VPN login attempts targets Palo Alto GlobalProtect portals

Over 10,000 Docker Hub images found leaking credentials, auth keys

Death to one-time text codes: Passkeys are the new hotness • The Register

Should you stop logging in through Google and Facebook? Consider these SSO risks vs. benefits | ZDNET

Social Media

EU fines X $140 million over deceptive blue checkmarks

How to prove you're not a deepfake on Zoom: LinkedIn's 'verified' badge is now free for all platforms | ZDNET

Regulations, Fines and Legislation

Portugal updates cybercrime law to exempt security researchers

UK finally vows to look at 35-year-old Computer Misuse Act • The Register

UK fines LastPass £1.2 million for data breach affecting 1.6 million people | The Record from Recorded Future News

Are we mistaking regulation for resilience? | Computer Weekly

UK Unveils Cybersecurity Bill: Major Overhaul for Critical Infrastructure Operators Coming? | Skadden, Arps, Slate, Meagher & Flom LLP - JDSupra

Briefing: Online Safety Act Parliamentary Petition Debate | Open Rights Group

What 35 years of privacy law say about the state of data protection - Help Net Security

EU fines X $140 million over deceptive blue checkmarks

Defense bill addresses secure phones, AI training, cyber troop mental health | CyberScoop

UK.gov rejects £1.8B digital ID cost, offers no alternative • The Register

Porn company starts new age checks after £1m fine - BBC News

UK porn traffic down since beginning of age checks but VPN use up, says Ofcom | Pornography | The Guardian

UK Cyber Security and Resilience Bill: pragmatic overhaul or regulatory overload? | Osborne Clarke

UK ransomware payment ban could ‘significantly shift’ cyber market :: Insurance Day

Uneven regulatory demands expose gaps in mobile security - Help Net Security

Trump Signs Executive Order to Block State AI Regulations - SecurityWeek

‘Report fraud’ service replaces Action Fraud as UK’s official reporting portal

On cyber, Trump’s national security strategy emphasizes industry and regional partners | The Record from Recorded Future News

UK ICO Demands “Urgent Clarity” on Facial Recognition Bias Claims - Infosecurity Magazine

Flipping the NIS2 Switch: What Germany's Implementation Means for 2026 Compliance | Morrison & Foerster LLP - JDSupra

The implementation of the NIS-2 Directive in Germany – What are the deviations from the NIS-2 Directive? | Osborne Clarke

Models, Frameworks and Standards

OWASP Project Publishes List of Top Ten AI Agent Threats - Security Boulevard

NIST Plans to Build Threat and Mitigation Taxonomy for AI Agents - Security Boulevard

Flipping the NIS2 Switch: What Germany's Implementation Means for 2026 Compliance | Morrison & Foerster LLP - JDSupra

UK Unveils Cybersecurity Bill: Major Overhaul for Critical Infrastructure Operators Coming? | Skadden, Arps, Slate, Meagher & Flom LLP - JDSupra

Porn company starts new age checks after £1m fine - BBC News

UK porn traffic down since beginning of age checks but VPN use up, says Ofcom | Pornography | The Guardian

Briefing: Online Safety Act Parliamentary Petition Debate | Open Rights Group

Germany implements NIS2 – What you need to know now, Theresa Ehlen, Lutz Riede, Christoph Werkmeister, Julia Utzerath

The implementation of the NIS-2 Directive in Germany – What are the deviations from the NIS-2 Directive? | Osborne Clarke

Data Protection

What 35 years of privacy law say about the state of data protection - Help Net Security

Cybersecurity Leaders Put Data Protection and Response at the Top of the 2026 Agenda.

Careers, Roles, Skills, Working in Cyber and Information Security

Why An Engineering-Focused CISO Can Be a Liability

Why Losing One Security Engineer Can Break Your Defences | SC Media UK

88% of Cybersecurity Professionals Impacted by Skills Gap

Law Enforcement Action and Take Downs

European cops arrest 193 'violence-as-a-service' suspects • The Register

UK ICO Demands “Urgent Clarity” on Facial Recognition Bias Claims - Infosecurity Magazine

US charges former Accenture employee with misleading feds on cloud platform’s security - Nextgov/FCW

California man admits role in $263 million cryptocurrency theft that funded lavish lifestyle

National cybercrime network operating for 14 years dismantled in Indonesia | TechRadar

Spain arrests teen who stole 64 million personal data records

British threat actor ‘Danish Zulfiqar’ rumored to have been arrested and $18.58M crypto assets seized - Cryptopolitan

Russian police bust bank-account hacking gang that used NFCGate-based malware | The Record from Recorded Future News

Myanmar's army says it wants to eradicate scam compounds. Is it really doing that? - BBC News

Poland charges Ukrainians found in possession of hacking equipment | Notes From Poland

US extradites Ukrainian accused of hacking for Russia • The Register

Misinformation, Disinformation and Propaganda

Key barrier to online fraud can be bypassed for pennies, say researchers - CNA

Bots, bias, and bunk: How to tell what's real on the net • The Register

UK on frontline of new information war as Russia floods social media with fake videos - The Mirror

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

NATO prepares for hybrid threats: Alliance Commander-in-Chief reveals details | УНН

Chinese cyberspies target VMware vSphere for long-term persistence | CSO Online

Minister to issue sobering warning about Putin's 'cyber army' in the UK | News UK | Metro News

UK calls on Europe to counter Russia's expanding info wars • The Register

When Do Cyber Campaigns Cross a Line? | Lawfare

EU leaders to push defense readiness amid Russia ‘hybrid attack’ warnings – POLITICO

UK launches hybrid fighting force to secure undersea cables • The Register

How Europe can turn the tide on Russia's underwater warfare

China using cyber weapons for societal havoc, chaos in US | The Jerusalem Post

Gaps and Seams in the Law of Armed Conflict for AI-Enabled Cyber Operations - Lieber Institute West Point

Ukraine’s wartime experience provides blueprint for infrastructure protection - Atlantic Council

Nation State Actors

Have you been targeted by state-sponsored hackers? Apple, Google issue fresh alerts | Cybernews

Apple, Google issue fresh global alerts over state-backed cyber threats | World News - Business Standard

China

Chinese cyberspies target VMware vSphere for long-term persistence | CSO Online

Britain sanctions Russian, Chinese entities over disinfo, cyber threats - CNA

UK Sanctions Russian and Chinese Firms Suspected of Being ‘Malign Actors’ in Information Warfare - SecurityWeek

React2Shell Vulnerability Under Attack From China-Nexus Groups

2 Men Linked to China’s Salt Typhoon Hacker Group Likely Trained in a Cisco ‘Academy’ | WIRED

Trump prioritizing trade with China over cyber war, Salt Typhoon goes unpunished | Cybernews

China using cyber weapons for societal havoc, chaos in US | The Jerusalem Post

As White House moves to send AI chips to China, Trump’s DOJ prosecutes chip smugglers | CyberScoop

Experts sound alarm on Chinese-made electronics that can be weaponized to trigger blackouts in the US | The Independent

China’s Intelligence Chief Outlines Hardline Five-Year Security Plan - StratNews Global

Russia

Russia’s hybrid warfare puts Europe to the test

Britain sanctions Russian, Chinese entities over disinfo, cyber threats - CNA

UK Sanctions Russian and Chinese Firms Suspected of Being ‘Malign Actors’ in Information Warfare - SecurityWeek

NATO prepares for hybrid threats: Alliance Commander-in-Chief reveals details | УНН

Minister to issue sobering warning about Putin's 'cyber army' in the UK | News UK | Metro News

EU leaders to push defense readiness amid Russia ‘hybrid attack’ warnings – POLITICO

UK launches hybrid fighting force to secure undersea cables • The Register

How Europe can turn the tide on Russia's underwater warfare

Ukraine’s wartime experience provides blueprint for infrastructure protection - Atlantic Council

Russian police bust bank-account hacking gang that used NFCGate-based malware | The Record from Recorded Future News

US extradites Ukrainian accused of hacking for Russia • The Register

Tehran and Moscow sign deal on AI, cybersecurity | Iran International

Harbadus attacks Andvaria: cyber war game tests Nato defences against Russia | Nato | The Guardian

Cyber Attack on Reporters Without Borders Linked to Russian Security Services

Critical Infrastructure at Risk: Pro-Russia Hacktivist Campaigns Against Dams and Water Systems - NS Energy

US Warns of Ongoing Pro-Russia Critical Infrastructure Hacks

Porsche outage in Russia serves as a reminder of the risks in connected vehicle security

Russia allegedly still using Starlink-guided drones in Ukraine, report claims — Starlink Mini strapped to grounded drone points to ongoing issue, despite U.S. DoD claims threat was blunted | Tom's Hardware

Aeroflot hack explained: report says infrastructure was nearly destroyed | Cybernews

Cyberattack Reportedly Paralyzes Russia’s Military Registration Database - The Moscow Times

Iran

US Posts $10 Million Bounty for Iranian Hackers - SecurityWeek

Tehran and Moscow sign deal on AI, cybersecurity | Iran International

MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign

North Korea

Apple, Google issue fresh global alerts over state-backed cyber threats | World News - Business Standard

React2Shell Exploit Campaigns Tied to North Korean Cyber Tactics - Infosecurity Magazine

North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks

Imposter for hire: How fake people can gain very real access | Microsoft Security Blog

Lazarus Group: The $2.1 Billion Cyber Threat and Your Defense Strategy - Security Boulevard

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Danish intelligence classifies Trump’s America as a security risk – POLITICO

Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery

Predator Spyware Maker Intellexa Evades Sanctions - Infosecurity Magazine

Apple, Google Send New Round of Cyber Threat Notifications to Users

Tools and Controls

Nearly two-thirds of organisations to increase cybersecurity investments in 2026: Marsh - Reinsurance News

Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

Block all AI browsers for the foreseeable future: Gartner • The Register

Researchers spot 700 percent increase in hypervisor attacks • The Register

Ransomware Targeting Hyper-V and VMware ESXi Surges as Akira Group Exploits System Vulnerabilities

When it comes to security resilience, cheaper isn’t always better | CSO Online

UK porn traffic down since beginning of age checks but VPN use up, says Ofcom | Pornography | The Guardian

Briefing: Online Safety Act Parliamentary Petition Debate | Open Rights Group

UK fines LastPass £1.2 million for data breach affecting 1.6 million people | The Record from Recorded Future News

New wave of VPN login attempts targets Palo Alto GlobalProtect portals

Ransomware IAB abuses EDR for stealthy malware execution

Packer-as-a-Service Shanya Hides Ransomware, Kills EDR

DeadLock Ransomware Uses BYOVD to Evade Security Measures - Infosecurity Magazine

NVIDIA research shows how agentic AI fails under attack - Help Net Security

Resilience is the new currency | Professional Security Magazine

CISOs are spending big and still losing ground - Help Net Security

Cyber budget cuts are slowing down, but that doesn't mean there's light on the horizon for security teams | IT Pro

US charges former Accenture employee with misleading feds on cloud platform’s security - Nextgov/FCW

Are we mistaking regulation for resilience? | Computer Weekly

Ransomware gangs turn to Shanya EXE packer to hide EDR killers

MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations - SecurityWeek

Harbadus attacks Andvaria: cyber war game tests Nato defences against Russia | Nato | The Guardian

15 years in, zero trust remains elusive — with AI rising to complicate the challenge | CSO Online

Reports Published in the Last Week

Human-Centric Cyber Risks Surge as AI Enters the Workforce, Report Finds - IT Security Guru

KnowBe4 Research Reveals 96% of Organizations Struggle to Secure the Human Element as AI Transforms the NexGen Workforce

Other News

The hidden dynamics shaping who produces influential cybersecurity research - Help Net Security

Analysts Warn of Cybersecurity Risks in Humanoid Robots

'Botnets in physical form' are top humanoid robot risk • The Register

'Cyber security is no longer just an IT issue': QBE urges cross-functional cyber prep | Insurance Business

Need for 'attacking mindset' as major cyber hacks up 50 per cent | In Cumbria

Porn Is Being Injected Into Government Websites Via Malicious PDFs

National Crime Agency leaflet given to pupils linked to 'explicit sexual content' - BBC News

Surviving system meltdowns and cyber attacks - Monevator

Cybersecurity’s New Power Dynamics | Goodwin - JDSupra

‘Report fraud’ service replaces Action Fraud as UK’s official reporting portal

How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?

Cyber risk is the most pressing threat to Irish businesses

Fire Stick users receive warning message while illegally streaming as crackdown begins

Aeroflot hack explained: report says infrastructure was nearly destroyed | Cybernews

Why Singapore remains cautious over naming state actors in cyber-attacks - Yahoo News Singapore

Vulnerability Management

Why bug bounty schemes have not led to secure software | Computer Weekly

MITRE shares 2025's top 25 most dangerous software weaknesses

Vulnerabilities

North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks

React2Shell Vulnerability Under Attack From China-Nexus Groups

Cloudflare blames Friday outage on borked React2shell fix • The Register

Wide Range of Malware Delivered in React2Shell Attacks - SecurityWeek

Attacks pinned to critical React2Shell defect surge, surpass 50 confirmed victims | CyberScoop

Microsoft Patches 57 Vulnerabilities, Three Zero-Days - SecurityWeek

Microsoft releases Windows 10 KB5071546 extended security update

Intel, AMD Processors Affected by PCIe Vulnerabilities - SecurityWeek

React2Shell Exploit Campaigns Tied to North Korean Cyber Tactics - Infosecurity Magazine

Intel, AMD Processors Affected by PCIe Vulnerabilities - SecurityWeek

Ivanti Security Update: Patch for Code Execution Vulnerabilities in Endpoint Manager

Adobe Patches Nearly 140 Vulnerabilities - SecurityWeek

Google fixes eighth Chrome zero-day exploited in attacks in 2025

Google Patches Mysterious Chrome Zero-Day Exploited in the Wild - SecurityWeek

Google Fixes Gemini Enterprise Flaw That Exposed Corporate Data - Infosecurity Magazine

Microsoft won’t fix .NET RCE bug affecting enterprise apps • The Register

This 30-year-old app is somehow still one of the biggest security risks on Windows

IBM Patches Over 100 Vulnerabilities - SecurityWeek

Microsoft Outlook Vulnerability Let Attackers Execute Malicious Code Remotely

Maximum-severity XXE vulnerability discovered in Apache Tika

Apache warns of 10.0-rated flaw in Tika metadata toolkit • The Register

Fortinet warns of critical FortiCloud SSO login auth bypass flaws

SAP fixes three critical vulnerabilities across multiple products

Firefox 146 adds Windows backup, improved privacy, and security fixes | PCWorld

Critical Gogs zero-day under attack, 700 servers hacked

Hackers Actively Exploiting ArrayOS AG VPN Vulnerability to Deploy Webshells

Hackers abuse Notepad++ updater | Cybernews

Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups

Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks - SecurityWeek

700+ self-hosted Git instances battered in 0-day attacks • The Register

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.

Executive Summary

This month’s Patch Tuesday brings a very busy close to the year, with Microsoft fixing 57 vulnerabilities, SAP issuing 14 new security notes, Adobe addressing nearly 140 issues, and Google Android resolving 107 flaws including two actively exploited zero days. Fortinet, Ivanti and React have all released targeted updates for critical remotely exploitable weaknesses in network infrastructure, endpoint management and widely used web frameworks. Organisations should prioritise internet facing services, identity and SSO paths, and any platform exposed to untrusted content or code.

Vulnerabilities by Vendor

• Microsoft: 57 vulnerabilities, affecting Windows client and server, Office, Azure components, developer tooling (including GitHub Copilot for JetBrains) and PowerShell.

• SAP: 14 vulnerabilities, affecting Solution Manager, Commerce Cloud, jConnect, Web Dispatcher and Internet Communication Manager, NetWeaver, Business Objects, S/4HANA Private Cloud, SAPUI5 and Enterprise Search.

• Adobe: At least 138 vulnerabilities across ColdFusion, Adobe Experience Manager (AEM), DNG SDK, Acrobat/Reader and Creative Cloud Desktop. ColdFusion and AEM carry multiple critical or high severity issues, including arbitrary code execution and extensive cross site scripting in AEM.

• Fortinet: At least 4 vulnerabilities, affecting FortiOS, FortiProxy, FortiWeb and FortiSwitchManager, including two critical flaws in FortiCloud SSO login that allow administrative authentication bypass, plus additional weaknesses in password handling and credential reset flows.

• Google Android: 107 vulnerabilities, affecting Android Framework and System components (51 flaws) and kernel and closed source vendor components (56 flaws) across Android 13 to 16. Two high severity issues are under active exploitation, with an additional critical denial of service flaw in the Android Framework and multiple critical elevation of privilege bugs in kernel subcomponents and chipset drivers.

• Ivanti: 1 vulnerability, affecting Ivanti Endpoint Manager (EPM) 2024, disclosed as part of Ivanti’s December 2025 security update. Public commentary indicates a critical stored cross site scripting issue that can lead to remote code execution within the management console.

• React: 1 vulnerability, affecting React Server Components in React 19 (react-server and related packages) and widely used frameworks that integrate the same protocol. This unauthenticated remote code execution flaw, widely referred to as React2Shell, is already under active exploitation and carries maximum severity. Prioritise updating to the patched React and framework versions recommended in the React advisory, with particular urgency for internet facing applications and multi tenant environments. Please see our specific advisory on this vulnerability for more information: https://www.blackarrowcyber.com/blog/advisory-08-december-2025-react2shell

What’s the risk to me or my business?

The presence of actively exploited zero-days and critical RCE/privilege escalation vulnerabilities across major enterprise platforms significantly elevates the risk of data breaches, lateral movement, malware deployment, and full system compromise.

What can I do?

Black Arrow recommends promptly applying the available security updates for all affected products. Prioritise patches for vulnerabilities that are actively exploited or rated as critical or high severity. Regularly review and update your organisation's security policies and ensure that all systems are running supported and up-to-date software versions.

Sources:

1 Microsoft — https://msrc.microsoft.com/update-guide/releaseNote/2025-Dec
2 SAP — https://support.sap.com/en/my-support/knowledge-base/security-notes-news/december-2025.html
3 Adobe — https://helpx.adobe.com/security.html
4 Fortinet — https://fortiguard.fortinet.com/psirt/FG-IR-25-647
5 Google Android — https://source.android.com/docs/security/bulletin/2025-12-01
6 Ivanti — https://www.ivanti.com/blog/december-2025-security-update
7 React — https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

Executive summary

A critical security flaw, widely known as React2Shell (CVE-2025-55182), has been identified in a very popular web technology used to build modern online services and software platforms. It has a maximum severity rating and allows attackers to run code on affected servers without needing to log in. 

The issue mainly affects organisations that develop and host their own modern web applications using React Server Components and certain versions of Next.js, rather than traditional off the shelf software. However, many SaaS and cloud based services are built on these technologies, so the most realistic risk for many organisations is through their critical third parties and suppliers, rather than their own internal systems. 

The vulnerability is already being actively exploited, has been added to CISA’s Known Exploited Vulnerabilities catalogue, and security researchers report tens of thousands of potentially exposed systems and confirmed breaches at multiple organisations. 

In practical terms, this is another supply chain and SaaS platform risk that boards and senior leaders should be aware of, particularly where critical business processes rely on externally hosted web applications.

What is the risk to me or my business?

For most organisations who do not carry out development activites, the main concerns are:

Trusted third party services

Business critical SaaS platforms such as HR, payroll, finance, CRM, ticketing, collaboration, sector specific tools, may use the affected web technology as part of their platform. If one of these suppliers is compromised, attackers may be able to access or steal your data held in that service, or disrupt availability. 

Customer facing websites and portals built by third parties

Public websites, customer portals and booking or payment systems developed by digital agencies may be using the affected components.

Regulatory and reputational impact:

Exploitation is being linked to capable threat actors and is already being used to steal data at scale. A compromise at a key supplier could still create regulatory reporting, contractual and reputational consequences for your organisation, even if the issue sits in their technology stack.

By contrast, organisations that only use React in the form of older or simple front end websites, or who do not use React based web technologies at all, will likely have limited direct technical exposure. However, almost every organisation consumes multiple SaaS platforms, and those are where the risk is most likely to materialise.

Technical Summary

CVE-2025-55182 (React2Shell): A pre authentication remote code execution vulnerability in React Server Components, caused by unsafe deserialisation of attacker controlled data in the RSC “Flight” protocol. 

Affects versions 19.0.0, 19.1.0, 19.1.1 and 19.2.0 of:

• react-server-dom-webpack

• react-server-dom-parcel

• react-server-dom-turbopack 

CVE-2025-66478 (Next.js): Tracks the downstream impact on Next.js applications using the App Router, which depend on the vulnerable RSC implementation.

This vulnerability has also been rated as a CVSS 10.0 and can lead to RCE when processing crafted requests in unpatched environments. 

Exploitation status

CISA has added CVE-2025-55182 to the KEV catalogue following evidence of active exploitation. Rapid7, Tenable and others note public proof of concept exploits, including a Metasploit module, and rapid adoption by threat actors. Amazon’s security team has observed exploitation attempts by China state linked groups within hours of public disclosure.

Patched versions

React has released fixes in react-server-dom-* versions 19.0.1, 19.1.2 and 19.2.1 

Next.js has released patched versions for affected major branches under CVE-2025-66478, and advises upgrading to the latest available release in the relevant major line. 

What types of software are most likely to be affected?

Based on current public reporting and vendor advisories, the typical affected services are:

Custom built web applications and portals: Customer portals, online account management, booking systems and ecommerce sites built using modern React and Next.js frameworks. 

Modern SaaS and cloud based platforms: Many contemporary SaaS products use these frameworks to build their web dashboards and user interfaces. Where those services have not yet patched, they may be exposed. 

Tech and digital firms that develop software as their core business: These organisations are more likely to have adopted the latest React 19 and Next.js capabilities and will be prioritising patching efforts now.

Traditional enterprise software suites and legacy on premises tools are less likely to be using this particular technology stack. The risk profile therefore looks very similar to other supply chain related events: a serious flaw in widely used underlying technology, with real impact flowing through service providers and suppliers.

What can I do?

As the situation is still evolving and technical guidance is being updated frequently, we recommend leadership teams focus on four practical actions, and refer technical teams to the detailed references below.

1. Understand where you might be exposed indirectly

   Identify your most critical SaaS and hosted platforms (for example HR and payroll, finance, CRM, key industry platforms).

   Ask suppliers directly whether they have assessed their exposure to React2Shell CVE-2025-55182 and Next.js CVE-2025-66478, and whether they have applied the recommended patches. 

2. Check any externally hosted websites or portals in your name

   Where third party developers or agencies maintain your customer facing portals or transactional sites, seek written confirmation that they have reviewed their use of React and Next.js and applied relevant updates where required.

3. Ensure monitoring and incident response are ready

   Ask your internal or external security and IT teams to confirm they are:

• Tracking authoritative advisories on React2Shell.

• Monitoring for unusual access patterns or alerts on key SaaS platforms and externally facing web applications. 

4. Keep an eye on evolving guidance

This is a fast moving issue, with new detection methods and defensive advice being published by major vendors and government agencies. Leaders should ensure their organisations are:

• Following updates from suppliers and cloud providers.

• Prepared to act quickly if a critical third party discloses that they have been impacted.

For organisations that do build or host their own web applications, your internal or outsourced development teams should follow the technical instructions in the React and Next.js advisories without delay.

Further details and patches

For technical teams and suppliers, current authoritative sources include:

React: Official security advisory on the critical vulnerability in React Server Components and patched versions: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

Next.js: Security advisory for CVE-2025-66478: https://nextjs.org/blog/CVE-2025-66478

CERT EU: technical advisory on CVE-2025-55182 and recommended updates: https://cert.europa.eu/publications/security-advisories/2025-041/pdf

Rapid7: https://www.rapid7.com/blog/post/etr-react2shell-cve-2025-55182-critical-unauthenticated-rce-affecting-react-server-components/

Tenable: https://www.tenable.com/blog/react2shell-cve-2025-55182-react-server-components-rce

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

Recent high profile cyber incidents have highlighted how organisations need to address the risks presented by their third parties, including their managed service provider (MSP), and this week’s review of threat intelligence highlights two impactful examples. We discuss other business risks identified from our review, including the long term tactics of attackers and the malicious use of AI.

These illustrate the need for business leaders to upskill themselves on their cyber literacy, to ask the appropriate challenging questions on the risks to their business. It is important that the upskilling should be from an impartial source, not from a control provider such as the MSP, in order to achieve a broad and objective perspective.

Our review also shows the need for the leadership team to have meaningful conversations with their CISO, and to provide the appropriate support and challenge. Contact us to discuss how we support business leaders and decision makers to understand and manage their cyber risks in a proportionate manner.

Top Cyber Stories of the Last Week

Are MSPs the Weakest Link in Your Security Chain?

A series of incidents affecting Jaguar Land Rover, the Coop Group and Marks and Spencer were linked to compromises at a managed service provider (MSP) where attackers used simple social engineering to obtain helpdesk access. The article notes regulator fines of £14m against a large outsourcer (Capita) and estimates that related breaches could cost close to £2bn, underlining MSPs as high concentration risks.

Source: https://www.techmonitor.ai/technology/cybersecurity/msps-cybersecurity-risk

Marquis Data Breach Impacts Over 74 US Banks, Credit Unions

A ransomware attack on Marquis Software Solutions shows how a breach at a single service provider can affect many financial institutions. The incident exposed data belonging to more than 74 banks and credit unions and over 400,000 individuals. Attackers exploited a SonicWall firewall to steal names, contact details, Social Security numbers and financial account information.

Source: https://www.bleepingcomputer.com/news/security/marquis-data-breach-impacts-over-74-us-banks-credit-unions/

Stealthy Browser Extensions Waited Years Before Infecting 4.3M Chrome, Edge Users With Backdoors and Spyware

A long running campaign by attackers called ‘ShadyPanda’ used legitimate looking Chrome and Edge extensions to build a large user base before adding malicious updates. More than 4.3 million users were affected and several extensions remained available in official stores. The extensions included backdoors, surveillance tools and remote code execution, demonstrating the risk of trusted browser add-ons.

Source: https://www.theregister.com/2025/12/01/chrome_edge_malicious_browser_extensions/

How Financial Institutions Can Future-Proof Their Security Against a New Breed of Cyber Attackers

Financial institutions face increasingly organised adversaries supported by AI, initial access brokers who gain entry to victim organisations, and complex supply chains. Digital footprints have expanded and identity controls remain a common weakness. The article sets out the need for continuous external attack surface monitoring, AI governance, stronger authentication and closer coordination between cyber security, fraud teams and business leaders.

Source: https://securityboulevard.com/2025/12/how-financial-institutions-can-future-proof-their-security-against-a-new-breed-of-cyber-attackers/

Malicious LLMs Empower Inexperienced Hackers With Advanced Tools

Researchers tested large language models (LLMs) used by attackers such as WormGPT 4 and KawaiiGPT, and found they reliably generate working ransomware scripts, lateral movement tooling and polished phishing emails. WormGPT 4 is sold for $50 a month or a $220 lifetime fee, while free KawaiiGPT helps automate phishing and scripting. These LLMs enable inexperienced attackers by generating functional malware and phishing content.

Source: https://www.bleepingcomputer.com/news/security/malicious-llms-empower-inexperienced-hackers-with-advanced-tools/

Companies Fear State Attacks More as Threat Landscape Evolves

Research shows most UK and US cyber security managers are worried about state sponsored attacks, with 23% citing inadequate preparedness for geopolitical escalation as their top concern. Respondents point to rising activity from Russia, Iran, North Korea and China, and 33% believe government support is insufficient. Many fear data loss, reputational harm and supply chain disruption, but 74% are investing in resilience measures.

Source: https://www.infosecurity-magazine.com/news/companies-fear-state-attacks-more/

Spear Phishing Is North Korean Hackers’ Top Tactic: How To Stay Safe

Analysis of recent incidents shows North Korea’s Lazarus Group continues to rely on targeted spear phishing, often using job approaches or academic invitations to gain access to finance, crypto, defence and IT organisations. Lazarus appeared in 31 reports this year, the highest among North Korean groups. The article highlights the need for vigilance, MFA and stronger controls to reduce account compromise.

Source: https://cointelegraph.com/news/spear-phishing-north-korean-hackers-top-tactic-how-to-stay-safe

CISOs, CIOs and Boards: Bridging the Cyber Security Confidence Gap

Survey data shows most board members lack confidence in decisions on cyber investment and struggle to connect technical performance with business outcomes. Security leaders are encouraged to translate blocked threats into avoided financial impact, communicate in risk terms rather than technical language, and demonstrate how identity and resilience measures directly support business goals.

Source: https://securityboulevard.com/2025/12/cisos-cios-and-boards-bridging-the-cybersecurity-confidence-gap/

Disinformation and Cyber Threats Expand Globally

A World Economic Forum survey of 11,000 executives across 116 economies shows cyber insecurity and the adverse outcomes of AI are emerging as leading risks for major economies. Executives warn that AI is increasing attacker capability in social engineering, reconnaissance and exploit development. Many also fear malicious use of AI tools and attacks such as data poisoning.

Source: https://www.infosecurity-magazine.com/news/disinformation-cyberthreats-global/

Cyber Attacks Among Biggest Risks to Financial Stability, Bank Chief Warns

The Bank of England reports cyber attacks are now among the most significant risks to UK financial stability, with firms increasingly citing them alongside geopolitical and economic pressures. The Bank of England’s Governor warns that disruption to digital services or payments could quickly erode confidence in the financial system. Firms are urged to strengthen resilience as dependency on digital infrastructure grows.

Source: https://www.independent.co.uk/news/uk/politics/bank-of-england-jaguar-land-rover-spencer-andrew-bailey-b2876526.html

NATO May Get 'More Aggressive' in Countering Russia’s Hybrid Attacks, Top Military Official Says

NATO is considering more proactive responses to Russian hybrid operations following cyber activity and infrastructure interference across Europe. Its Military Committee chair notes that certain offensive cyber measures may be justified as defensive action. Recent patrols over seabed cables under Baltic Sentry exercises have reduced incidents of damage to the cables, showing how visible deterrence can help counter covert disruption.

Source: https://kyivindependent.com/nato-may-get-more-aggressive-in-countering-russias-hybrid-attacks-top-military-official-tells-ft/

Ex Teen Hackers Warn Parents Are Clueless as Children Steal 'Millions'

The UK National Crime Agency’s ‘Cyber Choices programme’ aims to divert young people away from illegal cyber activity and guide them toward safe, legal and productive uses of their technical skills. Referrals now include children as young as seven, with the average age at 15. Many cases relate to gaming communities and capability development among 10- to 16-year-olds, and former crypto hackers warn that teenagers are making millions from online crime unnoticed by parents or schools.

Source: https://news.sky.com/story/children-as-young-as-seven-caught-hacking-as-former-cybercriminals-warn-its-mainstream-now-13479365

Governance, Risk and Compliance

Disinformation and Cyber-Threats Top Global Exec Concerns - Infosecurity Magazine

CISOs, CIOs and Boards: Bridging the Cybersecurity Confidence Gap - Security Boulevard

Are MSPs the weakest link in your security chain? - Tech Monitor

Insurer pulls back from cyber market amid rising hacks and price war

How headlines can drive change in cyber security | Computer Weekly

12 signs the CISO-CIO relationship is broken — and steps to fix it | CSO Online

Every risk matters: How foresight can save firms before disaster hits - The Standard

Why compliance alone can’t keep pace with today’s cyber threats - Tech Monitor

How Financial Institutions Can Future-Proof Their Security Against a New Breed of Cyber Attackers - Security Boulevard

The Great Disconnect: Unmasking the 'Two Separate Conversations' in Security - SecurityWeek

Sleepless in Security: What’s Actually Keeping CISOs Up at Night  - Security Boulevard

Criminals turning bank security systems against themselves

ISC2 Study Finds Cybersecurity Budget Constraints Remain, But Do Not Worsen, While Skill Needs Grow

CISOs are questioning what a crisis framework should look like - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

SonicWall ransomware attacks offer an M&A lesson for CSOs | CSO Online

Cyber insurers brace for more ransomware as soft market drags on | Insurance Business

Deep dive into DragonForce ransomware and its Scattered Spider connection

Zendesk users targeted by Scattered Lapsus$ Hunters hackers and fake support sites | TechRadar

Global ransomware threat rises as soft market persists :: Insurance Day

Ransomware spreads into emerging markets, re/insurers prioritise efficiency & margin stability: CyberCube - Reinsurance News

The Ransomware Holiday Bind: Burnout or Be Vulnerable

Ransomware Moves: Supply Chain Hits, Credential Harvesting

UK Ransomware Payment Ban to Come with Exemptions - Infosecurity Magazine

How a noisy ransomware intrusion exposed a long-term espionage foothold - Help Net Security

Ransomware Victims

Researcher tricks Claude into deploying MedusaLocker ransomware: Exclusive

Weaponizing Claude Skills with MedusaLocker | Cato Networks

E-tailer resumes sales 45 days after ransomware attack • The Register

UPenn joins long list of Clop victims after Oracle EBS raid • The Register

ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm

Phishing & Email Based Attacks

Threat Actors Exploit Calendar Subscriptions for Phishing and Malware - Infosecurity Magazine

“Everything that we do with AI that makes our lives better also makes life better for the attackers,” Microsoft exec warns | Ctech

North Korea Lazarus Group Tops Cyber Threats with Spear Phishing Attacks

New GhostFrame Phishing Framework Hits Over One Million Attacks - Infosecurity Magazine

Fake Calendly invites spoof top brands to hijack ad manager accounts

Dangerous Invitations: Russian Threat Actor Spoofs European Security Events in Targeted Phishing Attacks | Volexity

How Threat Actors Engineer Attacks to Evade Email Security US | Proofpoint US

SMS Phishers Pivot to Points, Taxes, Fake Retailers – Krebs on Security

Reporters Without Borders Targeted by Russian Hackers - SecurityWeek

Other Social Engineering

Fake Calendly invites spoof top brands to hijack ad manager accounts

SMS Phishers Pivot to Points, Taxes, Fake Retailers – Krebs on Security

North Korea lures engineers to rent identities in fake IT worker scheme

Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera

Fraud, Scams and Financial Crime

Age of the ‘scam state’: how an illicit, multibillion-dollar industry has taken root in south-east Asia | Cybercrime | The Guardian

How Southeast Asia Became the Scam Capital of the World – The Diplomat

Fake AI-generated shops, ads are flourishing on Facebook | Mashable

Welcome to the new frontier for organized crime: Cambodia's hub for telefraud and cyber scams - Washington Times

Upbit Confirms $37 Million Solana Hack, Pledges Full Customer Reimbursement

Artificial Intelligence

“Everything that we do with AI that makes our lives better also makes life better for the attackers,” Microsoft exec warns | Ctech

Researcher tricks Claude into deploying MedusaLocker ransomware: Exclusive

AI 2030: The Coming Era of Autonomous Cyber Crime | MSSP Alert

Malicious LLMs empower inexperienced hackers with advanced tools

Weaponized AI Is Changing The Vulnerability Management Game. Now What?

Fake AI-generated shops, ads are flourishing on Facebook | Mashable

Microsoft Issues Warning To Windows 11 Users - This AI Feature Can Install Viruses

AI browsers can be hijacked with just a hashtag in a URL, leaving users exposed without noticing anything at all | TechRadar

Attackers keep finding new ways to fool AI - Help Net Security

Critical PickleScan Vulnerabilities Expose AI Model Supply Chains - Infosecurity Magazine

Japan issues arrest warrant against teen suspected of cyberattack using AI

ChatGPT went down worldwide, conversations dissapeared for users

AML/CFT/Money Laundering/Terrorist Financing/Sanctions

Europol Takes Down Illegal Cryptocurrency Mixing Service - Infosecurity Magazine

UK sanctions Russia’s GRU agency and cyber spies over deadly nerve agent attack | The Record from Recorded Future News

Legislation would designate ‘critical cyber threat actors,’ direct sanctions against them | CyberScoop

Malware

Browser extensions pushed malware to 4.3M Chrome, Edge users • The Register

Threat Actors Exploit Calendar Subscriptions for Phishing and Malware - Infosecurity Magazine

Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors - SecurityWeek

“Sleeper” browser extensions woke up as spyware on 4 million devices | Malwarebytes

Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware | CyberScoop

Newly discovered malicious extensions could be lurking in enterprise browsers | CSO Online

Microsoft Issues Warning To Windows 11 Users - This AI Feature Can Install Viruses

Dead Man's Switch - Widespread npm Supply Chain Attack Driving Malware Attacks

Contagious Interview campaign expands with 197 npm Ppackages spreading new OtterCookie malware

Glassworm malware returns in third wave of malicious VS Code packages

Iran's 'MuddyWater' Levels Up With MuddyViper Backdoor

Massive gambling network doubles as hidden C2 and anonymity infrastructure, researchers say - Help Net Security

The most prominent infostealers and how businesses can protect against them | IT Pro

Bots/Botnets

Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts

Why the Record-Breaking 30 Tbps DDoS Attack Should Concern Every Business | Fortra

Mobile

New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control

Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild

Two Android 0-day bugs patched, plus 105 more fixes • The Register

A new Android malware sneakily wipes your bank account

Predator spyware uses new infection vector for zero-click attacks

CISA Issues Alert on Cyber Threat Actors Spyware Use

Google's new Android 16 upgrades make a strong case for sticking with Pixel or Samsung | ZDNET

India ready to change state-run security app order after outcry | The Straits Times

Unraveling Water Saci's New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp | Trend Micro (US)

Israel’s IDF Bans Android Phones—iPhones Now ‘Mandatory’

Feds Warn iPhone And Android Users—Stop Using Your VPN

Denial of Service/DoS/DDoS

Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts

Why the Record-Breaking 30 Tbps DDoS Attack Should Concern Every Business | Fortra

Criminals turning bank security systems against themselves

Internet of Things – IoT

Hundreds of Porsche Owners in Russia Unable to Start Cars After System Failure - The Moscow Times

Four arrested in South Korea over IP camera spying spree • The Register

You've Heard About Smart Home Hacking: Here's How It Works and How Likely It Is - CNET

Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison

Data Breaches/Leaks

Marquis data breach impacts over 74 US banks, credit unions

London cyber attack latest as council confirms some data 'copied and taken away' - My London

OpenAI Confirms Data Breach—Here's Who Is Impacted - Decrypt

Security Leaders Discuss SitusAMC Cyberattack | Security Magazine

Post Office Escapes £1m Fine After Postmaster Data Breach - Infosecurity Magazine

Taliban used discarded UK kit to track down Afghans who worked with west, inquiry hears | Ministry of Defence | The Guardian

Brsk confirms breach as bidding begins for 230K+ records • The Register

FBI Veteran Says Chinese Cyberattack Monitored Every American Citizen's Movements for Five Years

Attackers stole member data from French Soccer Federation

South Korea's Coupang admits breach exposed 33.7M users • The Register

ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm

OBR drags in cyber bigwig after Budget leak blunder • The Register

Hackers Allegedly Claim Breach of Mercedes-Benz USA Legal and Customer Data

OBR chief Richard Hughes resigns after budget leak investigation | Politics News | Sky News

Organised Crime & Criminal Actors

Children as young as seven caught hacking - as former cybercriminals warn 'it's mainstream now' | Money News | Sky News

AI 2030: The Coming Era of Autonomous Cyber Crime | MSSP Alert

Malicious LLMs empower inexperienced hackers with advanced tools

Age of the ‘scam state’: how an illicit, multibillion-dollar industry has taken root in south-east Asia | Cybercrime | The Guardian

How Southeast Asia Became the Scam Capital of the World – The Diplomat

Global law enforcement actions put pressure on cybercrime networks - Help Net Security

Cybercrime Goes SaaS: Renting Tools, Access, and Infrastructure

Welcome to the new frontier for organized crime: Cambodia's hub for telefraud and cyber scams - Washington Times

Japan issues arrest warrant against teen suspected of cyberattack using AI

Dutch study finds teen cybercrime is mostly just a phase • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Law Enforcement shuts down Cryptomixer in major crypto crime takedown

Europol Takes Down Illegal Cryptocurrency Mixing Service - Infosecurity Magazine

Upbit Confirms $37 Million Solana Hack, Pledges Full Customer Reimbursement

North Korea’s Lazarus Group Suspected in $30M Upbit Hack, Raising Security Alarms

Insider Risk and Insider Threats

North Korea lures engineers to rent identities in fake IT worker scheme

Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera

When Hackers Wear Suits: Protecting Your Team from Insider Cyber Threats

Insurance

Cyber insurers brace for more ransomware as soft market drags on | Insurance Business

Insurer pulls back from cyber market amid rising hacks and price war

Cyber insurance struggles to keep pace with rising exposures | Insurance Business

Ransomware spreads into emerging markets, re/insurers prioritise efficiency & margin stability: CyberCube - Reinsurance News

Cyber risks are growing but businesses are shunning cover

Supply Chain and Third Parties

Marquis data breach impacts over 74 US banks, credit unions

Are MSPs the weakest link in your security chain? - Tech Monitor

Ransomware Moves: Supply Chain Hits, Credential Harvesting

UPenn joins long list of Clop victims after Oracle EBS raid • The Register

MoD updates cyber security requirements for suppliers | UKAuthority

Software Supply Chain

Dead Man's Switch - Widespread npm Supply Chain Attack Driving Malware Attacks

PostHog admits Shai-Hulud 2.0 was its biggest security scare • The Register

Contagious Interview campaign expands with 197 npm Ppackages spreading new OtterCookie malware

Cloud/SaaS

Cybercrime Goes SaaS: Renting Tools, Access, and Infrastructure

'Exploitation is imminent' of max-severity React bug • The Register

Swiss government bans SaaS and cloud for sensitive info • The Register

How Threat Actors Engineer Attacks to Evade Email Security US | Proofpoint US

Outages

ChatGPT went down worldwide, conversations dissapeared for users

Cloudflare blames outage on emergency React2Shell patch

Encryption

The quantum clock is ticking and businesses are still stuck in prep mode - Help Net Security

Q&A on the next big cyber threat: Post-quantum cryptography | SC Media

Passwords, Credential Stuffing & Brute Force Attacks

Ransomware Moves: Supply Chain Hits, Credential Harvesting

Compromised Credentials Responsible for 50% of Ransomware Attacks | Robinson+Cole Data Privacy + Security Insider - JDSupra

Social Media

Fake AI-generated shops, ads are flourishing on Facebook | Mashable

We have to be able to hold tech platforms accountable for fraud

Meta must rein in scammers — or face consequences | The Verge

Regulations, Fines and Legislation

UK's Cyber Bill should be just one part of a wider effort | Computer Weekly

UK terror watchdog warns national security plan ignores escalating online threats | Counter-terrorism policy | The Guardian

Legislation would designate ‘critical cyber threat actors,’ direct sanctions against them | CyberScoop

UK Ransomware Payment Ban to Come with Exemptions - Infosecurity Magazine

UK issues £1 million fine to adult platform for failing to comply with age verification rules | TechRadar

US Slashes Pay Incentives at Already Weakened Cyber Agency

Five-page draft Trump administration cyber strategy targeted for January release | CyberScoop

GSMA grapples with cybersecurity rules

Models, Frameworks and Standards

NIS2 proposed to be implemented in Swedish Law by “Cybersecurity Act”

NIS2 in the Baltics: Strengthening Cyber Resilience

Data Protection

Post Office Escapes £1m Fine After Postmaster Data Breach - Infosecurity Magazine

Careers, Working in Cyber and Information Security

ISC2 Study Finds Cybersecurity Budget Constraints Remain, But Do Not Worsen, While Skill Needs Grow

Skills Shortages Trump Headcount as Critical Cyber Challenge - Infosecurity Magazine

Law Enforcement Action and Take Downs

Europol Takes Down Illegal Cryptocurrency Mixing Service - Infosecurity Magazine

Global law enforcement actions put pressure on cybercrime networks - Help Net Security

Hybrid attacks against Europe: Russian hacker detained in Poland - CPD | УНН

Japan issues arrest warrant against teen suspected of cyberattack using AI

Four arrested in South Korea over IP camera spying spree • The Register

Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison

Australian Man Sentenced to Prison for Wi-Fi Attacks at Airports and on Flights - SecurityWeek

Dutch study finds teen cybercrime is mostly just a phase • The Register

Misinformation, Disinformation and Propaganda

Disinformation and Cyber-Threats Top Global Exec Concerns - Infosecurity Magazine

Russia’s information war 2025: disinformation as an operational weapon

Russia blocks Roblox over distribution of LGBT "propaganda"

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

NATO may get 'more aggressive' in countering Russia’s hybrid attacks, top military official says

Russia’s information war 2025: disinformation as an operational weapon

Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware | CyberScoop

Offensive cyber power is spreading fast and changing global security - Help Net Security

Most Companies Fear State-Sponsored Cyber-Attacks - Infosecurity Magazine

Hybrid attacks against Europe: Russian hacker detained in Poland - CPD | УНН

How a noisy ransomware intrusion exposed a long-term espionage foothold - Help Net Security

Cyber warfare in space: attacks on space systems rose during Gaza conflict, report finds | Euronews

How much should the UK worry about cyberattacks? | British Politics and Policy at LSE

Nation State Actors

Offensive cyber power is spreading fast and changing global security - Help Net Security

Most Companies Fear State-Sponsored Cyber-Attacks - Infosecurity Magazine

UK terror watchdog warns national security plan ignores escalating online threats | Counter-terrorism policy | The Guardian

Chinese Front Companies Providing Advanced Steganography Solutions for APT Operations

State-sponsored cyber threat fears surge - CIR Magazine

China

Chinese Front Companies Providing Advanced Steganography Solutions for APT Operations

CISA warns of Chinese "BrickStorm" malware attacks on VMware servers

FBI Veteran Says Chinese Cyberattack Monitored Every American Citizen's Movements for Five Years

State-sponsored cyber threat fears surge - CIR Magazine

China Researches Ways to Disrupt Satellite Internet

Nexperia warns carmakers of factory shutdowns amid Dutch-Chinese row

US Telecoms Reject Regulation as Answer to Chinese Hacking

SMS Phishers Pivot to Points, Taxes, Fake Retailers – Krebs on Security

Russia

NATO may get 'more aggressive' in countering Russia’s hybrid attacks, top military official says

Russia could be behind cyber attacks on British businesses like M&S, Nato general warns | The Independent

Russia’s information war 2025: disinformation as an operational weapon

UK sanctions Russia’s GRU agency and cyber spies over deadly nerve agent attack | The Record from Recorded Future News

Hybrid attacks against Europe: Russian hacker detained in Poland - CPD | УНН

Dangerous Invitations: Russian Threat Actor Spoofs European Security Events in Targeted Phishing Attacks | Volexity

Reporters Without Borders Targeted by Russian Hackers - SecurityWeek

Russia blocks Roblox over distribution of LGBT "propaganda"

SpaceX removes Russian cosmonaut from mission over national security concerns | The Independent

Russia blocks FaceTime and Snapchat for alleged use by terrorists

Hundreds of Porsche Owners in Russia Unable to Start Cars After System Failure - The Moscow Times

Iran

Iran's 'MuddyWater' Levels Up With MuddyViper Backdoor

Iranian hacker group deploys malicious Snake game to target Egyptian and Israeli critical infrastructure | TechRadar

North Korea

We need to finally take the North Korean threat seriously

North Korea lures engineers to rent identities in fake IT worker scheme

Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera

North Korea Lazarus Group Tops Cyber Threats with Spear Phishing Attacks

State-sponsored cyber threat fears surge - CIR Magazine

North Korea Suspected of $30 Million Crypto Hack, Yonhap Says - Bloomberg

North Korean hackers suspected in dozens of cyberattacks over past year

Upbit Confirms $37 Million Solana Hack, Pledges Full Customer Reimbursement

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

UK terror watchdog warns national security plan ignores escalating online threats | Counter-terrorism policy | The Guardian

Pall Mall Process to Define Responsible Commercial Cyber Intrusion - Infosecurity Magazine

Tools and Controls

Are MSPs the weakest link in your security chain? - Tech Monitor

Cyber insurance struggles to keep pace with rising exposures | Insurance Business

ISC2 Study Finds Cybersecurity Budget Constraints Remain, But Do Not Worsen, While Skill Needs Grow

AI browsers can be hijacked with just a hashtag in a URL, leaving users exposed without noticing anything at all | TechRadar

Why compliance alone can’t keep pace with today’s cyber threats - Tech Monitor

How threat intelligence builds shared responsibility in cybersecurity | SC Media

Akamai Study Shows Microsegmentation Boosts Security

Cyber risks are growing but businesses are shunning cover

Key questions CISOs must ask before adopting AI-enabled cyber solutions | CSO Online

Feds Warn iPhone And Android Users—Stop Using Your VPN

CISOs are questioning what a crisis framework should look like - Help Net Security

Other News

Cyber attacks among biggest risks to financial stability, Bank chief warns | The Independent

Police consider corporate manslaughter charges in Post Office scandal - BBC News

How much should the UK worry about cyberattacks? | British Politics and Policy at LSE

UK Warns Small Firms to Boost Cyber Defences Amid Rising Threats | EasternEye

G7 Unveils New Cybersecurity Guidelines

UK national security strategy failing to account for online world | Computer Weekly

Criminals turning bank security systems against themselves

How Financial Institutions Can Future-Proof Their Security Against a New Breed of Cyber Attackers - Security Boulevard

How to build forward-thinking cybersecurity teams for tomorrow | Microsoft Security Blog

North American firms are unprepared for rising risk pressures, HUB warns | Insurance Business

Cybersecurity Through the Telecom Stack: Where Attacks Happen and How to Fight Back

A day in the life of the internet tells a bigger story - Help Net Security

Vulnerability Management

Weaponized AI Is Changing The Vulnerability Management Game. Now What?

Rethinking Vulnerability Management | MSSP Alert

Vulnerabilities

Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

Microsoft Patched Windows LNK Vulnerability Exploited by Hackers in the Wild as 0-Day

'Exploitation is imminent' of max-severity React bug • The Register

Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild

Google fixes Android vulnerabilities "under targeted exploitation" (CVE-2025-48633, CVE-2025-48572) - Help Net Security

SonicWall ransomware attacks offer an M&A lesson for CSOs | CSO Online

PoC Exploit Released for Critical Outlook 0-Click Remote Code Execution Vulnerability

Chrome 143 Patches High-Severity Vulnerabilities - SecurityWeek

Critical React, Next.js flaw lets hackers execute code on servers

Critical PickleScan Vulnerabilities Expose AI Model Supply Chains - Infosecurity Magazine

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

This week we start with an alert on the cyber security risks of mergers and acquisitions: attackers are found to have entered the networks of companies that are later acquired by another organisation, allowing the attackers to enter the acquiring organisation also.

We highlight insider-risks that business leaders should be aware of, including employees who are bribed by attackers, employees using work devices for personal use, and employees using shadow AI. Attacker tactics in this week’s review include attacks via third parties, fake Windows update screens, impersonating the support teams of banks, and using compromised credentials to inflict ransomware attacks. We also see greater collaboration and alliances by attacker groups.

A key part of building stronger cyber security and resilience is understanding how attackers are evolving their tactics. This threat intelligence empowers you to objectively assess how your organisation is susceptible to these tactics and what you need to do to enhance your own security. We strongly recommend that threat intelligence should feature in your leadership training, your incident response exercise and your governance papers; contact us to discuss how we can help you achieve this in a proportionate way.

Top Cyber Stories of the Last Week

M&A Risk: Ransomware Hackers Attack SMBs Being Acquired to Try and Gain Access to Multiple Companies

Research describes how ransomware actors focus on smaller firms that are likely acquisition targets. By compromising SonicWall devices and leaving backdoors in place, the attackers can pivot into larger enterprises once deals complete, often without the parent organisation realising these assets exist. The pattern underlines the importance of thorough asset discovery, credential hygiene and security reviews before and immediately after acquisitions.

Source: https://www.techradar.com/pro/security/ransomware-hackers-attack-smbs-being-acquired-to-try-and-gain-access-to-multiple-companies

CrowdStrike Catches Insider Feeding Information to Hackers

CrowdStrike confirmed that a now terminated insider secretly shared screenshots of internal systems with cyber attackers called the Scattered Lapsus$ Hunters collective. The hackers say they agreed to pay $25,000 and claim they briefly obtained SSO authentication cookies, but CrowdStrike reports no breach of its systems or customer data. The incident is now with law enforcement and highlights the impact of insider risks faced by organisations.

Source: https://www.bleepingcomputer.com/news/security/crowdstrike-catches-insider-feeding-information-to-hackers/

A Third of Workers Risk Cyber Security Breach by Using Work Devices for Personal Use

A survey of 1,000 Irish office workers finds 31% use work devices for personal tasks, with 32% clicking suspicious links and 22% accessing sensitive documents over public Wi-Fi. High risk behaviour includes 26% entering company data into AI tools, 33% using unauthorised tools and 19% sharing work passwords. Despite this, 73% feel confident spotting cyber threats and 54% in their password security, although 23% of organisations suffered a cyber security breach in the past year and 32% of workers do not receive regular training.

Source: https://businessplus.ie/news/cyber-security-work-devices-personal-use/

Shadow AI Security Breaches Will Hit 40% of All Companies by 2030, Warns Gartner

Gartner warns that 40% of organisations could suffer security breaches through shadow AI by 2030. Staff routinely paste documents or data into unapproved AI tools, risking exposure of customer records, salary information, source code and strategic plans. Surveys cited include one where 90% of security leaders admit using unapproved AI tools and 71% of UK employees do the same. Gartner advises clear AI policies, audits for unsanctioned usage and provision of approved tools with training.

Source: https://www.fortra.com/blog/shadow-ai-security-breaches-will-hit-40-companies-2030-warns-gartner

New (ISC)2 Report Finds That Vendor Security Gaps Threaten Critical Infrastructure and Supply Chains

An (ISC)2 study finds many organisations are worried about supplier risk yet are slow to manage it. Respondents report frequent security deficiencies in vendors, including weak identity controls, lack of compliance certifications and inadequate monitoring. Nearly a third experienced incidents linked to suppliers, yet many only review vendor security annually. The report urges continuous assessment, clearer contractual expectations and closer collaboration across procurement, legal and security teams.

Source: https://www.helpnetsecurity.com/2025/11/25/isc2-vendor-security-gaps-report/

A Fake Windows Update Screen Is Fooling Windows Users into Installing Malware

Researchers uncovered a new ClickFix campaign where full screen fake Windows Update or captcha pages trick users into pasting attacker supplied commands copied to their clipboard. The commands fetch PNG images that hide malware within pixel data, which a .NET Stego Loader decrypts and runs in memory. The attack includes software that runs 10,000 fake functions to hinder analysis by experts.

Source: https://www.howtogeek.com/a-fake-windows-update-screen-is-fooling-windows-users-into-installing-malware/

FBI: Cybercriminals Stole $262 Million by Impersonating Bank Support Teams Since January

The FBI warns that scammers posed as bank support staff in more than 5,100 complaints since January 2025, stealing around $262 million. Criminals convince victims to grant remote access, reveal credentials or approve transactions, then drain accounts or move funds into cryptocurrency. Tactics include spoofed phone numbers, fake support sites and search engine poisoning, prompting the FBI to urge customers to verify contact details and banks to harden customer authentication.

Source: https://www.bleepingcomputer.com/news/security/fbi-cybercriminals-stole-262-million-by-impersonating-bank-support-teams-since-january/

Compromised Credentials Responsible for 50% of Ransomware Attacks

Beazley Security’s Q3 2025 Threat Report shows ransomware surged in August and September, accounting for 26% and 18% of incidents. Akira, Qilin and INC Ransomware made up 65% of cases. The most common entry point was valid compromised credentials used to access VPNs, ahead of exploitation of internet facing systems. SonicWall vulnerabilities were heavily abused, with stolen configuration files expected to fuel future targeted attacks.

Source: https://natlawreview.com/article/compromised-credentials-responsible-50-ransomware-attacks

Russian and North Korean Hackers Form Alliances

Researchers say Russian group Gamaredon and North Korea’s Lazarus Group are collaborating by sharing infrastructure and tools, including command and control servers and the InvisibleFerret malware family. The partnership combines Russian espionage targeting with North Korean financially motivated operations, including past thefts of billions in crypto assets. Analysts warn this alignment could make both campaigns harder to attribute and disrupt.

Source: https://cybersecuritynews.com/russian-and-north-korean-hackers-form-alliances/

Alliances Between Ransomware Groups Tied to Recent Surge in Cybercrime

Data shows a 41% rise in ransomware attacks between September and October, with the ransomware group Qilin responsible for 29% of October incidents, followed by Sinobi and Akira. Ransomware groups such as LockBit 5.0, DragonForce and Qilin are forming alliances that share tools, infrastructure and reputations. North America suffered 62% of attacks, and more than 200 ransomware variants have been seen this year.

Source: https://www.csoonline.com/article/4096263/alliances-between-ransomware-groups-tied-to-recent-surge-in-cybercrime.html

Governance, Risk and Compliance

UK cyber attacks will inevitably increase, HP boss warns

A third of workers risk cybersecurity breach by using work devices for personal use

Gartner Survey Finds 90% of Non-Executive Directors Lack a Measure of Confidence in Cybersecurity Value

Cybersecurity Is Now a Core Business Discipline - SecurityWeek

Ministers send small businesses cyber threat warning - UKTN

SolarWinds dismissed: what the SEC’s U-turn signals for cyber enforcement | A&O Shearman - JDSupra

Government publishes independent study revealing cost of cyber attacks to UK economy

Political instability is now the defining force behind global business risk | theHRD

Empathy key weapon in cyber fight

We must protect our society against tomorrow's cyber threats - GOV.UK

Root causes of security breaches remain elusive — jeopardizing resilience | CSO Online

Security Is Fragmenting and Converging at the Same Time — Insights from the Field - Security Boulevard

Cyber demand grows following high-profile attacks - Insurance Post

UK Budget 2025: Reactions From Tech Leaders - TechRepublic

3 ways CISOs can win over their boards this budget season | CSO Online

The CISO’s greatest risk? Department leaders quitting | CSO Online

Selling to the CISO: An open letter to the cybersecurity industry | CSO Online

Threats

Ransomware, Extortion and Destructive Attacks

Akira ransomware crew infected enterprise systems during M&A • The Register

Ransomware hackers attack SMBs being acquired to try and gain access to multiple companies | TechRadar

Russia-linked crooks bought themselves a bank for Christmas • The Register

Get ready for 2026, the year of AI-aided ransomware • The Register

Compromised Credentials Responsible for 50% of Ransomware Attacks - Beazley

Alliances between ransomware groups tied to recent surge in cybercrime | CSO Online

Scattered Spider alleged members deny TfL charges

Ransomware Attacks Remaking Cyber as National Priority

Ransomware gangs seize a new hostage: your AWS S3 buckets | CSO Online

Scattered Lapsus$ Hunters stress testing Zendesk weak spots • The Register

Piecing Together the Puzzle: A Qilin Ransomware Investigation

Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist

Kaspersky / Press release | Kaspersky and VDC Research reveal over $18B in potential losses from ransomware attacks on the global manufacturing industry in 2025

Hackers come for big British retailers | The Observer

UK car production plummets 24% in wake of JLR cyber attack | Autocar

Should we ban ransom payments to cyber attackers?

Ransomware Victims

Akira ransomware crew infected enterprise systems during M&A • The Register

Scattered Spider alleged members deny TfL charges

UK car production plummets 24% in wake of JLR cyber attack | Autocar

Crisis24 shuts down emergency notification system in wake of ransomware attack | CyberScoop

Canon Says Subsidiary Impacted by Oracle EBS Hack  - SecurityWeek

Asahi Data Breach Impacts 2 Million Individuals - SecurityWeek

Scottish council still reeling from 2023 ransomware attack • The Register

Report warns councils after 2023 Western Isles cyber-attack | The Herald

Security expert warns London councils cyber attack 'could be far more serious than being let on' - My London

NCSC called in as London councils grapple with cyber attacks | IT Pro

London Cyberattacks Confirmed — Security Experts Issue Multiple Warnings

Lessons From the European Airports Ransomware Attack | Lawfare

Phishing & Email Based Attacks

Email blind spots are back to bite security teams - Help Net Security

ClickFix Attack Uses Steganography to Hide Malicious Code in Fake Windows Security Update Screen

Advanced Security Isn't Stopping Old Phishing Tactics

Hackers Replace 'm' with 'rn' in Microsoft(.)com to Steal Users' Login Credentials

Microsoft cracks down on malicious meeting invites - Help Net Security

Phishing Breaks More Defenses Than Ever. Here’s the Fix 

Other Social Engineering

ClickFix Attack Uses Steganography to Hide Malicious Code in Fake Windows Security Update Screen

A fake Windows Update screen is fooling Windows users into installing malware

FBI: Cybercriminals stole $262M by impersonating bank support teams

Microsoft cracks down on malicious meeting invites - Help Net Security

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware

Hackers keep pretending to be TechCrunch reporters and tricking companies into revealing sensitive information across email and call schemes | TechRadar

Fraud, Scams and Financial Crime

FBI: Cybercriminals stole $262M by impersonating bank support teams

Criminal networks industrialize payment fraud operations - Help Net Security

Scammers hacked her phone and stole thousands of pounds - how did they get her details? - BBC News

AI Arms Race: How to Stay Ahead of Generative AI-Powered Fraud | MSSP Alert

New legislation targets scammers that use AI to deceive | CyberScoop

The Destruction of a Notorious Myanmar Scam Compound Appears to Have Been ‘Performative’ | WIRED

Did Myanmar’s Junta Demolish Scam Centers Just for Show? - The New York Times

Artificial Intelligence

Shadow AI Security Breaches will hit 40% of all Companies by 2030, Warns Gartner | Fortra

Get ready for 2026, the year of AI-aided ransomware • The Register

Underground AI models promise to be hackers ‘cyber pentesting waifu’  | CyberScoop

Vibe coding feels magical, but it can sink your business fast - here's how | ZDNET

'Dark LLMs' Aid Petty Criminals, Underwhelm Technically

How Malware Authors Incorporate LLMs to Evade Detection

Anthropic's new warning: If you train AI to cheat, it'll hack and sabotage too | ZDNET

Emerging threat from deepfakes leads to cybersecurity arms race | SC Media

Think your password is safe? AI could break it before you blink - BetaNews

AI Arms Race: How to Stay Ahead of Generative AI-Powered Fraud | MSSP Alert

New legislation targets scammers that use AI to deceive | CyberScoop

New research finds that Claude breaks bad if you teach it to cheat | CyberScoop

Four charged with plotting to sneak Nvidia chips into China • The Register

Google's AI is now snooping on your emails - here's how to opt out | ZDNET

CISOs Get Real About Hiring in the Age of AI

Prompt Injections Loom Large Over ChatGPT Atlas Browser

2FA/MFA

Germany urges default 2FA for webmail providers | Cybernews

Malware

A fake Windows Update screen is fooling Windows users into installing malware

New ShadowV2 botnet malware used AWS outage as a test opportunity

Botnet takes advantage of AWS outage to smack 28 countries • The Register

Hackers now hide powerful malware in fake Windows updates that look real enough to fool even cautious users easily today | TechRadar

How Malware Authors Incorporate LLMs to Evade Detection

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

Cybercriminals Exploit Browser Push Notifications to Deliver Malware - Infosecurity Magazine

BadAudio malware: How APT24 scaled its cyberespionage through supply chain attacks

ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access

Operation Endgame disrupts Rhadamanthys information-stealing malware

DPRK’s FlexibleFerret Tightens macOS Grip

RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware

WSUS RCE Exploit Used to Deploy ShadowPad Backdoor

Bots/Botnets

New ShadowV2 botnet malware used AWS outage as a test opportunity

Botnet takes advantage of AWS outage to smack 28 countries • The Register

How your dashcam can be hacked, and how to protect yourself from the attack | Kaspersky official blog

Mobile

New CISA alert: encryption isn't what's failing on Signal and WhatsApp | TechSpot

CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users

Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications​ | CISA

Scammers hacked her phone and stole thousands of pounds - how did they get her details? - BBC News

Internet of Things – IoT

New ShadowV2 botnet malware used AWS outage as a test opportunity

Botnet takes advantage of AWS outage to smack 28 countries • The Register

How your dashcam can be hacked, and how to protect yourself from the attack | Kaspersky official blog

Aircraft cabin IoT leaves vendor and passenger data exposed - Help Net Security

Data Breaches/Leaks

The breaches everyone gets hit by (and how to stop them) - Help Net Security

JPMorgan, Citi, Morgan Stanley Client Data May Be Exposed by Vendor's Hack, NYT Reports

Gainsight Expands Impacted Customer List Following Salesforce Security Alert

OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel

Iberia discloses customer data leak after vendor security breach

EU proposes sweeping reforms to the GDPR, cookie rules, Data Act, and breach reporting | McDermott Will & Schulte - JDSupra

Council had ‘gaps in cybersecurity’ before ransomware attack

Cox Enterprises discloses Oracle E-Business Suite data breach

183 Million Credentials Misreported as a Gmail Breach - Security Boulevard

Russian and North Korean hackers steal 2TB of data from South Korean banks - Cryptopolitan

Canon Says Subsidiary Impacted by Oracle EBS Hack  - SecurityWeek

Asahi Data Breach Impacts 2 Million Individuals - SecurityWeek

Kensington and Chelsea Council cyber attack sees emergency plans initiated - BBC News

Security expert warns London councils cyber attack 'could be far more serious than being let on' - My London

NCSC called in as London councils grapple with cyber attacks | IT Pro

US car parts dealer allegedly hit by massive breach​ | Cybernews

Organised Crime & Criminal Actors

Criminal networks industrialize payment fraud operations - Help Net Security

Ministers send small businesses cyber threat warning - UKTN

Government publishes independent study revealing cost of cyber attacks to UK economy

'Dark LLMs' Aid Petty Criminals, Underwhelm Technically

Alice Guo: Philippines jails 'Chinese spy mayor' for life - BBC News

The Destruction of a Notorious Myanmar Scam Compound Appears to Have Been ‘Performative’ | WIRED

Did Myanmar’s Junta Demolish Scam Centers Just for Show? - The New York Times

Insider Risk and Insider Threats

A third of workers risk cybersecurity breach by using work devices for personal use

Cybersecurity giant CrowdStrike fires insider working with hackers - Cryptopolitan

Human risk: don’t blame the victim, fix the system | TechRadar

Why legal firms must confront insider cyber threats - Tech Monitor

Empathy key weapon in cyber fight

Supply Chain and Third Parties

JPMorgan, Citi, Morgan Stanley Client Data May Be Exposed by Vendor's Hack, NYT Reports

Gainsight Expands Impacted Customer List Following Salesforce Security Alert

Iberia discloses customer data leak after vendor security breach

BadAudio malware: How APT24 scaled its cyberespionage through supply chain attacks

Supply chain sprawl is rewriting security priorities - Help Net Security

Cox Enterprises discloses Oracle E-Business Suite data breach

Google security experts say Gainsight hacks may have left hundreds of companies affected | TechRadar

Canon Says Subsidiary Impacted by Oracle EBS Hack  - SecurityWeek

Software Supply Chain

UK Report Proposes Liability For Software Provider Insecurity - Infosecurity Magazine

Cloud/SaaS

New ShadowV2 botnet malware used AWS outage as a test opportunity

Botnet takes advantage of AWS outage to smack 28 countries • The Register

ToddyCat's New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens

MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants

Fluent Bit vulnerabilities put billions of containers at risk with exploits that could cripple cloud systems across industries | TechRadar

Ransomware gangs seize a new hostage: your AWS S3 buckets | CSO Online

How has cloud flipped the regular security narrative? – Computerworld

China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services

Outages

Internet failure highlighted connected risk – Russell

China simulated a Starlink blockade over Taiwan that uses around 2,000 drones with jammers to create an 'electromagnetic shield' — CCP scientists devise potential plan to cut off satellite internet to the island | Tom's Hardware

Encryption

New CISA alert: encryption isn't what's failing on Signal and WhatsApp | TechSpot

Cheap Device Bypasses AMD, Intel Memory Encryption

Quantum encryption is pushing satellite hardware to its limits - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

Compromised Credentials Responsible for 50% of Ransomware Attacks - Beazley

DPRK’s FlexibleFerret Tightens macOS Grip

Hackers Replace 'm' with 'rn' in Microsoft(.)com to Steal Users' Login Credentials

Social data puts user passwords at risk in unexpected ways - Help Net Security

Think your password is safe? AI could break it before you blink - BetaNews

183 Million Credentials Misreported as a Gmail Breach - Security Boulevard

Social Media

Social data puts user passwords at risk in unexpected ways - Help Net Security

Influencers in the crosshairs: How cybercriminals are targeting content creators

Regulations, Fines and Legislation

Should we ban ransom payments to cyber attackers?

Mounting Cyber-Threats Prompt Calls For Economic Security Bill - Infosecurity Magazine

Key provisions of the UK Cyber Resilience Bill Revealed - Infosecurity Magazine

SolarWinds dismissed: what the SEC’s U-turn signals for cyber enforcement | A&O Shearman - JDSupra

The Internet Is on Fire and the FCC Just Walked Away With the Extinguisher

Rights groups accuse ICO of ‘collapse in enforcement activity’

UK data regulator under pressure after failing to regulate public sector effectively - Neowin

U.K. Cyber Security and Resilience bill set to regulate critical infrastructure suppliers | Article | Compliance Week

NIS2 Directive Explained: Part 2 – Management Bodies Rules | DLA Piper - JDSupra

New legislation targets scammers that use AI to deceive | CyberScoop

Four charged with plotting to sneak Nvidia chips into China • The Register

UK Report Proposes Liability For Software Provider Insecurity - Infosecurity Magazine

Switching to Offense: US Makes Cyber Strategy Changes

Powers to protect us from cyber attacks ‘go too far’

Mobile industry warns patchwork regs are driving up costs • The Register

New York Hospital Cyber Rules to 'Raise the Bar' Nationwide

Models, Frameworks and Standards

Key provisions of the UK Cyber Resilience Bill Revealed - Infosecurity Magazine

EU proposes sweeping reforms to the GDPR, cookie rules, Data Act, and breach reporting | McDermott Will & Schulte - JDSupra

NIS2 Directive Explained: Part 2 – Management Bodies Rules | DLA Piper - JDSupra

U.K. Cyber Security and Resilience bill set to regulate critical infrastructure suppliers | Article | Compliance Week

Data Protection

Civil liberties groups call for inquiry into UK data protection watchdog | Data protection | The Guardian

Rights groups accuse ICO of ‘collapse in enforcement activity’

UK data regulator under pressure after failing to regulate public sector effectively - Neowin

Careers, Working in Cyber and Information Security

Invisible battles: How cybersecurity work erodes mental health | CSO Online

CISOs Get Real About Hiring in the Age of AI

The CISO’s greatest risk? Department leaders quitting | CSO Online

Law Enforcement Action and Take Downs

Operation Endgame disrupts Rhadamanthys information-stealing malware

'Scattered Spider' teens plead not guilty to UK transport hack

Russian Suspected of Cyberattacks on Polish and EU Companies Detained in Krakow - Militarnyi

Alice Guo: Philippines jails 'Chinese spy mayor' for life - BBC News

The Destruction of a Notorious Myanmar Scam Compound Appears to Have Been ‘Performative’ | WIRED

Did Myanmar’s Junta Demolish Scam Centers Just for Show? - The New York Times

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

BadAudio malware: How APT24 scaled its cyberespionage through supply chain attacks

Polish minister warns of ongoing 'cyberwar' with Russia - TRT World

China simulated a Starlink blockade over Taiwan that uses around 2,000 drones with jammers to create an 'electromagnetic shield' — CCP scientists devise potential plan to cut off satellite internet to the island | Tom's Hardware

China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services

With Friends Like These: China Spies on Russian IT Orgs

As Space Becomes Warfare Domain, Cyber Is on the Frontlines

Security is not only military—it is societal. Something worth learning from the Scandinavians

Nation State Actors

Political instability is now the defining force behind global business risk | theHRD

Switching to Offense: US Makes Cyber Strategy Changes

China

China simulated a Starlink blockade over Taiwan that uses around 2,000 drones with jammers to create an 'electromagnetic shield' — CCP scientists devise potential plan to cut off satellite internet to the island | Tom's Hardware

China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services

With Friends Like These: China Spies on Russian IT Orgs

Four charged with plotting to sneak Nvidia chips into China • The Register

TP-Link sues Netgear, claiming misleading statements on national security risks and alleged ties to state-backed cyberattacks | TechRadar

Alice Guo: Philippines jails 'Chinese spy mayor' for life - BBC News

Russia

Russian Hackers Target US Engineering Firm Because of Work Done for Ukrainian Sister City - SecurityWeek

Polish minister warns of ongoing 'cyberwar' with Russia - TRT World

Russia-linked crooks bought themselves a bank for Christmas • The Register

Russian and North Korean Hackers Form Alliances to Attack Organizations Worldwide

China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services

With Friends Like These: China Spies on Russian IT Orgs

Russian Suspected of Cyberattacks on Polish and EU Companies Detained in Krakow - Militarnyi

Russian and North Korean hackers steal 2TB of data from South Korean banks - Cryptopolitan

Iran

Iranian APT hacks helped direct missile strikes in Israel and the Red Sea | CSO Online

North Korea

Russian and North Korean Hackers Form Alliances to Attack Organizations Worldwide

DPRK’s FlexibleFerret Tightens macOS Grip

Russian and North Korean hackers steal 2TB of data from South Korean banks - Cryptopolitan

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Political instability is now the defining force behind global business risk | theHRD

Security is not only military—it is societal. Something worth learning from the Scandinavians

Tools and Controls

Advanced Security Isn't Stopping Old Phishing Tactics

Root causes of security breaches remain elusive — jeopardizing resilience | CSO Online

MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants

Vibe coding feels magical, but it can sink your business fast - here's how | ZDNET

Recognizing and responding to cyber threats: What differentiates NDR, EDR and XDR | CSO Online

3 ways CISOs can win over their boards this budget season | CSO Online

Security teams want automation but 96 percent face problems implementing it - BetaNews

TP-Link sues Netgear, claiming misleading statements on national security risks and alleged ties to state-backed cyberattacks | TechRadar

Other News

Vehicle Hackers Continue Outpacing Cybersecurity Efforts, Expert Says

This tiny Windows shortcut file is a bigger security threat than you think

Ex-CISA officials, CISOs aim to stop the spread of hacklore • The Register

This campaign aims to tackle persistent security myths in favor of better advice | CyberScoop

We must protect our society against tomorrow's cyber threats - GOV.UK

Legacy web forms are the weakest link in government data security | CyberScoop

The Five Eyes Alliance Can’t Afford to Stay Small | Lawfare

Security Is Fragmenting and Converging at the Same Time — Insights from the Field - Security Boulevard

Hackers come for big British retailers | The Observer

Vulnerability Management

Hackers now hide powerful malware in fake Windows updates that look real enough to fool even cautious users easily today | TechRadar

Around 500 million PCs are holding off upgrading to Windows 11, says Dell | The Verge

Fragmented tooling slows vulnerability management - Help Net Security

What happens when vulnerability scores fall apart? - Help Net Security

Vulnerabilities

SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance - SecurityWeek

Akira's SonicWall Hacks Are Taking Down Large Enterprises

Fluent Bit vulnerabilities put billions of containers at risk with exploits that could cripple cloud systems across industries | TechRadar

ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access

Critical Vulnerability in Azure Bastion Let Attackers Bypass Authentication and Escalate privileges

Critical Oracle Identity Manager Flaw Under Attack

WSUS RCE Exploit Used to Deploy ShadowPad Backdoor

Prompt Injections Loom Large Over ChatGPT Atlas Browser

ASUS warns of new critical auth bypass flaw in AiCloud routers

CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability

Microsoft: Out-of-band update fixes Windows 11 hotpatch install loop

Cheap Device Bypasses AMD, Intel Memory Encryption

Grafana warns of max severity admin spoofing vulnerability

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

This week, we have reviewed several articles in the specialist and general media about the risks presented by AI, in particular generative AI. These include employees pasting sensitive information into public tools, and attackers exploiting the functionality of GenAI such as using Claude to almost completely carry out a cyber espionage operation against organisations. Our review also highlights that the more traditional attack vectors remain a risk for organisations, including hijacked VPNs, weak password controls, and phishing.

Our message to business leaders is clear and unchanged, and supported by various sources included in our review this week: Boards must ensure they have a realistic assessment of their readiness to deal with a cyber attack. It is particularly important that business leaders should be part of the readiness and should not consider the response to be IT focused. This requires an upskilled leadership team to command and govern their cyber security; contact us for details of how we support organisations to achieve this in a proportionate way.

Top Cyber Stories of the Last Week

The Trojan Prompt: How GenAI Is Turning Staff into Unwitting Insider Threats

Two evolving risks are emerging relating to generative AI. The first, a “Trojan prompt”, is where staff paste sensitive documents, credentials or API keys into public GenAI tools which often fall outside monitoring by traditional cyber security data loss prevention and monitoring controls. The second is the “Imprompter” attack, where hidden instructions in prompts harvest personal data with close to an 80% success rate. A robust response to these combines clear GenAI governance, user education and hardware level zero trust on endpoints that inspects when data is accessed on the device’s drive itself.

Source: https://securityboulevard.com/2025/11/the-trojan-prompt-how-genai-is-turning-staff-into-unwitting-insider-threats/

Copy And Paste Cyber Security Warning — 99% Of Enterprises Now at Risk

LayerX’s Browser Security Report finds that sensitive data now often leaves enterprises through copy and paste rather than file uploads. Findings show that 77% of employees paste data into AI tools and 46% into file storage, frequently outside IT control. Browser extensions amplify the risks, with 99% of enterprise users having at least one installed, more than half holding high or critical permissions. 26% are installed outside normal channels (sideloaded), creating major blind spots for security teams.

Source: https://www.forbes.com/sites/daveywinder/2025/11/18/copy-and-paste-cybersecurity-warning---99-of-enterprises-now-at-risk/

Google: Threat Groups Will Accelerate Their Use of AI in 2026

Anthropic’s research shows China linked attackers using the generative AI engine Claude to carry out around 80% to 90% of a cyber espionage operation against about 30 organisations, with humans stepping in only at key decision points. Meanwhile, Google’s Cybersecurity Forecast 2026 expects threat groups to adopt AI across reconnaissance, exploitation and malware development, while AI enabled tools can also reshape how cyber security teams defend the organisation.

Source: https://www.msspalert.com/news/google-threat-groups-will-accelerate-their-use-of-ai-in-2026

“We’ve Seen a 30% Increase in Successful Email Scams in the Last Two Years”

Data from At Bay, which insures about 40,000 businesses, shows a 30% increase in successful email scams over two years as attackers use AI to craft convincing, personalised messages. Traditional email security struggles with this variety and speed. Organisations are urged to move towards context aware detection, scrutinise how AI agents are integrated into systems and recognise the new attack surfaces created by rapid AI adoption.

Source: https://www.calcalistech.com/ctechnews/article/lsncr0rtd

“We Are Moments Before the First Real Cyberwar, One in Which Not a Single Shot Is Fired”

The Director General of Israel’s National Cyber Directorate describes three stages of AI and cyber convergence: using AI for cyber defence, protecting AI systems themselves and a future AI versus AI phase where autonomous agents conduct both attacks and defence. Israel is cited as one of the most targeted countries globally. AI driven campaigns are expected to be capable of digitally besieging states, even as constant pressure will force defences to improve.

Source: https://www.calcalistech.com/ctechnews/article/askx8c3bj

Our Industries Are Vulnerable to Cyber Attacks: Boardrooms Must Prioritize Resilience, Not Reaction

A new report by Accenture indicates the challenge faced by organisations defending against AI driven threats. It finds that 88% of UK firms lack the maturity needed as AI accelerates ransomware, deepfakes and data theft. Cyber security is presented as a people and reputation issue as much as a technical one. Boards should embed security into strategy, build cross functional crisis preparations and design business continuity for critical services.

Source: https://www.infosecurity-magazine.com/opinions/boardrooms-must-prioritize/

Overconfidence Is the New Cyber Risk: Immersive’s 2025 Cyber Workforce Benchmark Report Exposes a Global Readiness Illusion

Immersive’s 2025 Cyber Workforce Benchmark Report finds that 94% of organisations feel ready for a major incident, yet in the simulated attacks only 22% of the decisions made were appropriate and average containment times are around 29 hours. Only 41% of organisations involve non technical teams in simulations, leaving a significant readiness gap.

Source: https://www.businesswire.com/news/home/20251117812771/en/Overconfidence-Is-the-New-Cyber-Risk-Immersives-2025-Cyber-Workforce-Benchmark-Report-Exposes-a-Global-Readiness-Illusion

The Hidden Cost of a Hack: Unpacking the Ripple Effect of Cybercrime

Beazley’s risk and resilience research with 3,500 leaders shows 29% of executives now rank cyber as their greatest threat, up from 26% in 2024. The findings highlight that business leaders may not fully appreciate the full lifecycle of incidents, including legal actions, regulatory scrutiny and long term reputational harm. Boards should plan for extended disruption and financial ripple effects, not only initial recovery.

Source: https://www.insurancebusinessmag.com/us/news/cyber/the-hidden-cost-of-a-hack-unpacking-the-ripple-effect-of-cybercrime-557023.aspx

Half of Ransomware Access Due to Hijacked VPN Credentials

Beazley Security reports that ransomware incidents increased in Q3 2025, with Akira, Qilin and INC responsible for about 65% of cases and leak posts rising 11% quarter on quarter. Valid VPN credentials provided initial access in 48% of breaches, up from 38% in Q2, while external service exploits accounted for 23%. Infostealers and credential stuffing attacks against SonicWall SSL VPNs feature heavily, reinforcing the need for phishing resistant MFA, conditional access and continuous vulnerability management.

Source: https://www.infosecurity-magazine.com/news/half-ransomware-access-hijacked/

Half a Million Stolen FTSE 100 Credentials Found on Criminal Sites

Socura and Flare’s “FTSE 100 for Sale” report identifies about 460,000 compromised credentials associated with FTSE 100 staff across cybercrime sites. More than 70,000 credentials relate to financial services, and 28,000 appear in infostealer logs, roughly 280 per company. Weak password practices such as “password” and obvious reuse of passwords persist, underscoring the need for strong policies, phishing resistant MFA, conditional access and proactive leak monitoring.

Source: https://www.infosecurity-magazine.com/news/half-million-stolen-ftse-100/

UK Targets Russian Cyber Gang as £14.7 Billion Attacks Hit British Economy

Sanctions against a cyber crime infrastructure / hosting provider called Media Land and its leader Alexander Volosovik target a Russian hosting provider accused of supporting ransomware, phishing and other criminal campaigns against UK organisations. Cyber attacks are estimated to have cost UK businesses about £14.7 billion in 2024, roughly 0.5% of GDP. The move builds on earlier actions against groups such as Evil Corp and LockBit, aiming to disrupt broader Russia based cyber crime ecosystems.

Source: https://www.easterneye.biz/uk-cybercrime-russian-attack-british-economy/

Cyber-enabled Kinetic Targeting: Iran-linked Actor Uses Cyber Operations to Support Physical Attacks

Amazon’s threat intelligence research describes how Iran-aligned actors integrate cyber operations with physical strikes in what it calls ‘cyber enabled kinetic targeting’. The attack group called Imperial Kitten reportedly accessed a ship’s tracking platform and onboard CCTV before an attempted attack on the same vessel by a Houthi missile. Another group, MuddyWater, is linked to compromised cameras in Israel that were then used to support missile strikes, showing how hacked sensors and live data can guide battlefield decisions.

Source: https://securityaffairs.com/184862/apt/cyber-enabled-kinetic-targeting-iran-linked-actor-uses-cyber-operations-to-support-physical-attacks.html

Governance, Risk and Compliance

Overconfidence Is the New Cyber Risk: Immersive’s 2025 Cyber Workforce Benchmark Report Exposes a Global Readiness Illusion

Organizations overconfident in dealing with cybersecurity incidents - BetaNews

Holyrood | Everyone’s a target: The importance of cybersecurity in a fast changing world

Our Industries Are Vulnerable to Cyber-Attacks: Boardrooms Must Prioritize Resilience, Not Reaction - Infosecurity Magazine

The growing risks presented by cyber security and data breaches – The Irish News

The hidden cost of a hack: Unpacking the ripple effect of cybercrime | Insurance Business America

Resilience At Risk: Talent and Governance in the Age of AI - Infosecurity Magazine

The realities of CISO burnout and exhaustion | CyberScoop

SEC to Drop Controversial SolarWinds Cyberattack Lawsuit

Unpreparedness for risks a worry for CEOs: Kroll Chief Jacob Silverman - The Economic Times

Learning Sales Skills Make Security Pros More Effective

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware's Fragmentation Reaches a Breaking Point While LockBit Returns

Half of Ransomware Access Due to Hijacked VPN Credentials - Infosecurity Magazine

Russian money launderers bought a bank to disguise ransomware profit | Computer Weekly

How Kraken ransomware benchmarks your system first, then encrypts everything without warning, and steals data in the background silently | TechRadar

The Akira Playbook: How Ransomware Groups Are Weaponizing MFA Fatigue  - Security Boulevard

UK's New Cybersecurity Bill Takes Aim at Ransomware Gangs and State-Backed Hackers | Fortra

UK cyber ransom ban risks collapse of essential services

The ransomware payment debate: what it means for organizations | TechRadar

'The Gentlemen' Ransomware Group with Dual-Extortion Strategy Encrypts and Exfiltrates Data

Akira ransomware expands to Nutanix AHV, raising stakes for enterprise security | CSO Online

Cat’s Got Your Files: Lynx Ransomware – The DFIR Report

Ransomware Victims

Oracle Allegedly Breached by Clop Ransomware via E-Business Suite 0-Day Hack

Checkout.com snubs hackers after data breach, to donate ransom instead

Jaguar Land Rover confirms major disruption and £196M cost from September cyberattack

Logitech confirms data breach after Clop extortion attack

Hackers Allegedly Claim Leak of LG Source Code, SMTP, and Hardcoded Credentials

The Washington Post reveals thousands impacted via Oracle-based hack | Cybernews

Everest Ransomware Group Allegedly Exposes 343 GB of Sensitive Data in Major Under Armour Breach

Cornerstone staffing ransomware attack leaks 120,000 resumes, claims Qilin gang | Cybernews

Hacker claims to steal 2.3TB data from Italian rail group, Almaviva

Phishing & Email Based Attacks

Beware! How AI is writing phishing emails that look real | PCWorld

AI Is Supercharging Phishing: Here’s How to Fight Back - SecurityWeek

Beware of Phishing Emails as Spam Filter Alerts Steal Your Email Logins in a Blink

Attackers are using “Sneaky 2FA” to create fake sign-in windows that look real | Malwarebytes

Sneaky2FA PhaaS kit now uses redteamers' Browser-in-the-Browser attack

“We've seen a 30% increase in successful email scams in the last two years” | Ctech

The Tycoon 2FA Phishing Platform and the Collapse of Legacy MFA

State Special Communications warned of a new cyber threat: which emails should not be opened and why | УНН

Other Social Engineering

Copy And Paste Cybersecurity Warning — 99% Of Enterprises Now At Risk

What to Know About the Billion-Dollar Scam Center Industry - The New York Times

The long conversations that reveal how scammers work - Help Net Security

The Akira Playbook: How Ransomware Groups Are Weaponizing MFA Fatigue  - Security Boulevard

Five plead guilty to helping North Koreans infiltrate US firms

Five people plead guilty to helping North Koreans infiltrate US companies as 'remote IT workers' | TechCrunch

Five admit helping North Korea evade sanctions through IT worker schemes

DoJ nets five guilty pleas in Pyongyang’s IT-worker hustle • The Register

US: Five Plead Guilty in North Korean IT Worker Fraud Scheme - Infosecurity Magazine

Almost five-fold increase in reports of online investment ad scams

Convenience culture is breaking personal security - Help Net Security

Scammers sent 166,000 scam texts to NY residents this week in major hack | Mashable

Fraud, Scams and Financial Crime

What to Know About the Billion-Dollar Scam Center Industry - The New York Times

The long conversations that reveal how scammers work - Help Net Security

Don't get ghost tapped: 5 ways to block thieves from scanning your wallet | ZDNET

Almost five-fold increase in reports of online investment ad scams

Convenience culture is breaking personal security - Help Net Security

“We've seen a 30% increase in successful email scams in the last two years” | Ctech

BitQueen jailed as chancellor eyes up her seized £5bn wealth

AI scams surge: how consumers and businesses can stay safe | TechRadar

AI powering transnational crime as Asian gangs move into Pacific - Nikkei Asia

Online safety ‘getting worse’, warns former UK cyber security agency boss | The Standard

Payroll Pirates - Network of Criminal Groups Hijacking Payroll Systems

GenAI and Deepfakes Drive Digital Forgeries and Biometric Fraud - Infosecurity Magazine

UNC2891 Money Mule Network Reveals Full Scope of ATM Fraud Operation - Infosecurity Magazine

U.S. launches Strike Force to stop Southeast Asian scam centers stealing billions in cryptocurrency from Americans every year | TechRadar

6 ‘cyber slaves’ rescued in Myanmar are from Bengal, lured with IT job offers | Kolkata News - The Times of India

Scammers sent 166,000 scam texts to NY residents this week in major hack | Mashable

US announces new strike force targeting Chinese crypto scammers

Artificial Intelligence

Gartner: 40% of Firms to Be Hit By Shadow AI Security Incidents - Infosecurity Magazine

Beware! How AI is writing phishing emails that look real | PCWorld

AI Is Supercharging Phishing: Here’s How to Fight Back - SecurityWeek

Chinese spies used Claude to break into critical orgs • The Register

China’s ‘autonomous’ AI-powered hacking campaign still required a ton of human work  | CyberScoop

AI chatbots can now execute cyberattacks almost on their own | Vox

What the Anthropic Report on AI Espionage Means for Security Leaders - Intezer

Anthropic Has Some Key Advice for Businesses in the Aftermath of a Massive AI Cyberattack

The Trojan Prompt: How GenAI is Turning Staff into Unwitting Insider Threats - Security Boulevard

Could years of AI conversations be your biggest security blind spot? | IT Pro

How attackers use patience to push past AI guardrails - Help Net Security

Dark LLMs Are Targeting MSPs’ Customers | MSSP Alert

AI Is Supercharging Disinformation Warfare | Foreign Affairs

Google: Threat Groups Will Accelerate Their Use of AI in 2026 | MSSP Alert

“We are moments before the first real cyberwar, one in which not a single shot is fired | Ctech

Convenience culture is breaking personal security - Help Net Security

AI powering transnational crime as Asian gangs move into Pacific - Nikkei Asia

ChatGPT, Gemini, and Claude tested under extreme prompts reveal shocking weaknesses no one expected in AI behavior safeguards | TechRadar

Shadow AI: the next frontier of unseen risk | TechRadar

Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks

Microsoft Warns Windows 11 AI Can Install Malware

Perplexity's Comet AI browser may have some concerning security flaws which could let hacker hijack your device | TechRadar

GenAI and Deepfakes Drive Digital Forgeries and Biometric Fraud - Infosecurity Magazine

Foreign Spies Deploying AI in Cyberattacks | Newsmax.com

An "AI Exposure Gap" could be the most worrying security issue your business isn't aware of | TechRadar

Agentic AI puts defenders on a tighter timeline to adapt - Help Net Security

How AI can magnify your tech debt - and 4 ways to avoid that trap | ZDNET

Don't ignore the security risks of agentic AI - SiliconANGLE

Cursor Issue Paves Way for Credential-Stealing Attacks

UK’s infrastructure cyber resilience questioned after first AI-orchestrated attack confirmed | New Civil Engineer

Orange, École Polytechnique Join Forces to Boost AI & Cybersecurity Research for European Digital Sovereignty

2FA/MFA

The Akira Playbook: How Ransomware Groups Are Weaponizing MFA Fatigue  - Security Boulevard

Attackers are using “Sneaky 2FA” to create fake sign-in windows that look real | Malwarebytes

The Tycoon 2FA Phishing Platform and the Collapse of Legacy MFA

Malware

Microsoft Warns Windows 11 AI Can Install Malware

SilentButDeadly - Network Communication Blocker Tool That Neutralizes EDR/AV

MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices - Help Net Security

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT

New npm Malware Campaign Redirects Victims to Crypto Sites - Infosecurity Magazine

Google exposes BadAudio malware used in APT24 espionage campaigns

Why ‘AI-Powered’ Cyber-Attacks Are Not a Serious Threat …Yet - Infosecurity Magazine

LLM-generated malware improving, but not operational (yet) • The Register

RondoDox expands botnet by exploiting XWiki RCE bug left unpatched since February 2025

Google Finds New Malware Backdoors Linked to Iran

Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks

Bots/Botnets

Largest Azure DDoS Attack Powered by Aisuru Botnet - SecurityWeek

RondoDox expands botnet by exploiting XWiki RCE bug left unpatched since February 2025

Mobile

'Unremovable Israeli spyware' on your Samsung phone? Here's what the controversy is all about - Android Authority

VPN Ban—iPhone And Android ‘Privacy Nightmare’ Is Coming True

Multi-threat Android malware Sturnus steals Signal, WhatsApp messages

Budget Samsung phones shipped with unremovable spyware, say researchers | Malwarebytes

WhatsApp easily exposed 3.5 billion people's phone numbers - GSMArena.com news

New Android malware can capture private messages, researchers warn | The Record from Recorded Future News

CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat

WhatsApp 'Eternidade' Trojan Worms Through Brazil

Some Samsung data is being sold by a hacker, but you have nothing to worry about - SamMobile - SamMobile

NSO Group argues WhatsApp injunction threatens existence, future U.S. government work | CyberScoop

Denial of Service/DoS/DDoS

Microsoft Mitigates Record 15.72 Tbps DDoS Attack Driven by AISURU Botnet

A Perfect Storm: DDoS Attack Hits Turkish Luxury Retailer During Fall Collection Launch - Security Boulevard

Internet of Things – IoT

Cybersecurity risks inside the powertrain: why EVs need defence at the motor level - Just Auto

Data Breaches/Leaks

Half a Million Stolen FTSE 100 Credentials Found on Criminal Sites - Infosecurity Magazine

Schools share blame for PowerSchool mega-hack, say watchdogs • The Register

MoD ‘knew using Excel was risky before Afghan data leak’

Hackers Allegedly Claim Leak of LG Source Code, SMTP, and Hardcoded Credentials

The Washington Post reveals thousands impacted via Oracle-based hack | Cybernews

Everest Ransomware Group Allegedly Exposes 343 GB of Sensitive Data in Major Under Armour Breach

WhatsApp easily exposed 3.5 billion people's phone numbers - GSMArena.com news

Major Urssaf cyberattack in France affects 1.2 million Pajemploi users

Eurofiber admits crooks swiped data from French unit • The Register

Pentagon and soldiers let too many secrets slip on socials • The Register

Some Samsung data is being sold by a hacker, but you have nothing to worry about - SamMobile - SamMobile

Organised Crime & Criminal Actors

What to Know About the Billion-Dollar Scam Center Industry - The New York Times

AI powering transnational crime as Asian gangs move into Pacific - Nikkei Asia

Online safety ‘getting worse’, warns former UK cyber security agency boss | The Standard

Payroll Pirates - Network of Criminal Groups Hijacking Payroll Systems

British hacker must repay £4m after hijacking celebrity Twitter accounts - BBC News

Dutch police takes down bulletproof hosting hub linked to 80+ cybercrime cases

CISA Issues New Guidance on Bulletproof Hosting Threat - Infosecurity Magazine

UNC2891 Money Mule Network Reveals Full Scope of ATM Fraud Operation - Infosecurity Magazine

U.S. launches Strike Force to stop Southeast Asian scam centers stealing billions in cryptocurrency from Americans every year | TechRadar

6 ‘cyber slaves’ rescued in Myanmar are from Bengal, lured with IT job offers | Kolkata News - The Times of India

Russian Hacking Suspect Wanted by the FBI Arrested on Thai Resort Island - SecurityWeek

South Korean man sentenced to prison for sending $16K to North Korean hacker | NK News

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

What to Know About the Billion-Dollar Scam Center Industry - The New York Times

BitQueen jailed as chancellor eyes up her seized £5bn wealth

Europol Operation Disrupts $55m in Cryptocurrency for Piracy - Infosecurity Magazine

Wind farm worker sentenced after turning turbines into a secret crypto mine

U.S. launches Strike Force to stop Southeast Asian scam centers stealing billions in cryptocurrency from Americans every year | TechRadar

New npm Malware Campaign Redirects Victims to Crypto Sites - Infosecurity Magazine

Security researcher calls BS on Coinbase breach timeline • The Register

US announces new strike force targeting Chinese crypto scammers

Insider Risk and Insider Threats

The Trojan Prompt: How GenAI is Turning Staff into Unwitting Insider Threats - Security Boulevard

Rogue techie pleads guilty in $862K employer attack • The Register

Wind farm worker sentenced after turning turbines into a secret crypto mine

Five people plead guilty to helping North Koreans infiltrate US companies as 'remote IT workers' | TechCrunch

The Password Was ‘Password’: Why Humans Keep Breaking the Internet

Insurance

What insurers really look at in your identity controls - Help Net Security

What security pros should know about insurance coverage for AI chatbot wiretapping claims - Help Net Security

Supply Chain and Third Parties

Dark LLMs Are Targeting MSPs’ Customers | MSSP Alert

Cloud/SaaS

Microsoft: Azure hit by 15 Tbps DDoS attack using 500,000 IP addresses

Cloudflare hit by outage affecting Global Network services

And so this is how a tiny Cloudflare update broke huge chunks of the internet | TechSpot

Outages

Cloudflare hit by outage affecting Global Network services

And so this is how a tiny Cloudflare update broke huge chunks of the internet | TechSpot

The internet isn't free: Shutdowns, surveillance and algorithmic risks - Help Net Security

Identity and Access Management

What insurers really look at in your identity controls - Help Net Security

Encryption

VPN Ban—iPhone And Android ‘Privacy Nightmare’ Is Coming True

Dozens of groups call for governments to protect encryption  | CyberScoop

Linux and Open Source

5 reasons Kaspersky releasing a Linux antivirus product worries me

Passwords, Credential Stuffing & Brute Force Attacks

Half of Ransomware Access Due to Hijacked VPN Credentials - Infosecurity Magazine

Half a Million Stolen FTSE 100 Credentials Found on Criminal Sites - Infosecurity Magazine

The Password Was ‘Password’: Why Humans Keep Breaking the Internet

The world's most popular passwords are pretty unsurprising - surely we can do better? | TechRadar

Holiday-themed passwords are getting shredded by attackers who know every festive trick people keep repeating across the internet. | TechRadar

Zoomers are officially worse at passwords than 80-year-olds • The Register

Cursor Issue Paves Way for Credential-Stealing Attacks

Social Media

British hacker must repay £4m after hijacking celebrity Twitter accounts - BBC News

Convenience culture is breaking personal security - Help Net Security

Pentagon and soldiers let too many secrets slip on socials • The Register

Regulations, Fines and Legislation

UK's New Cybersecurity Bill Takes Aim at Ransomware Gangs and State-Backed Hackers | Fortra

UK cyber ransom ban risks collapse of essential services

Cyber Security and Resilience (Network and Information Systems) Bill introduced to Parliament | Mayer Brown - JDSupra

VPN Ban—iPhone And Android ‘Privacy Nightmare’ Is Coming True

Dozens of groups call for governments to protect encryption  | CyberScoop

SEC to Drop Controversial SolarWinds Cyberattack Lawsuit

Cyber Operations on Domestic Networks Redux | Lawfare

Information sharing law’s expiration could squander government vulnerability hunting efforts, senator says | CyberScoop

CISA 2015 Receives Extension - Infosecurity Magazine

Lawmakers reintroduce bill to bolster cybersecurity at Securities and Exchange Commission | The Record from Recorded Future News

Opinion | Shutdown left U.S. more vulnerable to cyberattacks from China, others - The Washington Post

Military Objective or Civilian Object? The Italian National Cybersecurity Agency's Status in Case of Armed Conflict - Lieber Institute West Point

ENISA Is Now a CVE Program Root - DataBreachToday

Top Senate Intel Dem warns of ‘catastrophic’ cyber consequences of Trump admin national security firings, politicization | CyberScoop

Models, Frameworks and Standards

The UK’s Proposed Cyber Security and Resilience Bill | Hogan Lovells - JDSupra

Careers, Working in Cyber and Information Security

Resilience At Risk: Talent and Governance in the Age of AI - Infosecurity Magazine

Learning Sales Skills Make Security Pros More Effective

The retail sector needs a cybersecurity talent incubator | CyberScoop

Law Enforcement Action and Take Downs

Rogue techie pleads guilty in $862K employer attack • The Register

British hacker must repay £4m after hijacking celebrity Twitter accounts - BBC News

Wind farm worker sentenced after turning turbines into a secret crypto mine

Five people plead guilty to helping North Koreans infiltrate US companies as 'remote IT workers' | TechCrunch

BitQueen jailed as chancellor eyes up her seized £5bn wealth

Europol Operation Disrupts $55m in Cryptocurrency for Piracy - Infosecurity Magazine

Dutch police takes down bulletproof hosting hub linked to 80+ cybercrime cases

UNC2891 Money Mule Network Reveals Full Scope of ATM Fraud Operation - Infosecurity Magazine

6 ‘cyber slaves’ rescued in Myanmar are from Bengal, lured with IT job offers | Kolkata News - The Times of India

Russian Hacking Suspect Wanted by the FBI Arrested on Thai Resort Island - SecurityWeek

US announces new strike force targeting Chinese crypto scammers

South Korean man sentenced to prison for sending $16K to North Korean hacker | NK News

What are the potential punishments and risks of owning a 'dodgy firestick'? | The Standard

Europol Leads Takedown of Thousands of Extremist Gaming Links - Infosecurity Magazine

Misinformation, Disinformation and Propaganda

AI Is Supercharging Disinformation Warfare | Foreign Affairs

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

“We are moments before the first real cyberwar, one in which not a single shot is fired | Ctech

This is a pre-war situation: Chief of the General Staff of the Polish Armed Forces reacted to sabotage and cyberattacks | УНН

Russia preparing for war against NATO says top General

U.S. Space Force launches new triad of jammers to disrupt Chinese and Russian satellites

UK will not tolerate Chinese spying, minister says after MI5 alert - BBC News

MI5 Warns Lawmakers That Chinese Spies Are Trying to Reach Them via LinkedIn - SecurityWeek

Countries use cyber targeting to plan strikes: Amazon CSO • The Register

Google exposes BadAudio malware used in APT24 espionage campaigns

Iranian Hackers Launch 'SpearSpecter' Spy Operation on Defense & Government Targets

Nation State Actors

“We are moments before the first real cyberwar, one in which not a single shot is fired | Ctech

Countries use cyber targeting to plan strikes: Amazon CSO • The Register

UK's New Cybersecurity Bill Takes Aim at Ransomware Gangs and State-Backed Hackers | Fortra

Foreign Spies Deploying AI in Cyberattacks | Newsmax.com

Palo Alto CEO tips nations to weaponize quantum by 2029 • The Register

CSIS director outlines security threats posed by Russia, China, Iran, India - National | Globalnews.ca

Take fight to the enemy, US cyber boss says • The Register

China

Chinese spies used Claude to break into critical orgs • The Register

China’s ‘autonomous’ AI-powered hacking campaign still required a ton of human work  | CyberScoop

What the Anthropic Report on AI Espionage Means for Security Leaders - Intezer

AI doesn't just assist cyberattacks anymore - now it can carry them out | ZDNET

Chinese Nation-State Groups Hijacking Software Updates

UK will not tolerate Chinese spying, minister says after MI5 alert - BBC News

MI5 Warns Lawmakers That Chinese Spies Are Trying to Reach Them via LinkedIn - SecurityWeek

China-aligned threat actor is conducting widespread cyberespionage campaigns | The Record from Recorded Future News

Foreign Spies Deploying AI in Cyberattacks | Newsmax.com

U.S. Space Force launches new triad of jammers to disrupt Chinese and Russian satellites

Google exposes BadAudio malware used in APT24 espionage campaigns

Opinion | Shutdown left U.S. more vulnerable to cyberattacks from China, others - The Washington Post

Germany lines up new powers to fend off Chinese tech – POLITICO

New WrtHug campaign hijacks thousands of end-of-life ASUS routers

TP-Link accuses rival Netgear of 'smear campaign' • The Register

US announces new strike force targeting Chinese crypto scammers

Russia

This is a pre-war situation: Chief of the General Staff of the Polish Armed Forces reacted to sabotage and cyberattacks | УНН

Russia preparing for war against NATO says top General

Countries use cyber targeting to plan strikes: Amazon CSO • The Register

UK, US and Australia Sanction Russian Bulletproof Hoster Media Land - Infosecurity Magazine

UK hits Russian cyber gang as £14.7 billion attacks damage economy | EasternEye

U.S. Space Force launches new triad of jammers to disrupt Chinese and Russian satellites

Russian money launderers bought a bank to disguise ransomware profit | Computer Weekly

Russian Hacking Suspect Wanted by the FBI Arrested on Thai Resort Island - SecurityWeek

Russia keeps cutting mobile internet, and people are getting fed up - The Washington Post

Russian hackers 'accessed intimate details of thousands of couples at IVF clinics across UK' | News UK | Metro News

This notorious Russian surveillance tech maker has been hacked - could it be the end for Protei? | TechRadar

Major Russian insurer facing widespread outages after cyberattack | The Record from Recorded Future News

Iran

Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks

CSIS director outlines security threats posed by Russia, China, Iran, India - National | Globalnews.ca

Iranian Hackers Launch 'SpearSpecter' Spy Operation on Defense & Government Targets

Iran's Cyber Objectives: What Do They Want?

Google Finds New Malware Backdoors Linked to Iran

Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks

North Korea

Five people plead guilty to helping North Koreans infiltrate US companies as 'remote IT workers' | TechCrunch

US: Five Plead Guilty in North Korean IT Worker Fraud Scheme - Infosecurity Magazine

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

CSIS director outlines security threats posed by Russia, China, Iran, India - National | Globalnews.ca

South Korean man sentenced to prison for sending $16K to North Korean hacker | NK News

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Europol Leads Takedown of Thousands of Extremist Gaming Links - Infosecurity Magazine

Tools and Controls

Half of Ransomware Access Due to Hijacked VPN Credentials - Infosecurity Magazine

Overconfidence Is the New Cyber Risk: Immersive’s 2025 Cyber Workforce Benchmark Report Exposes a Global Readiness Illusion

Palo Alto kit sees massive surge in malicious activity • The Register

Agentic AI puts defenders on a tighter timeline to adapt - Help Net Security

Fortinet’s delayed alert on actively exploited defect put defenders at a disadvantage | CyberScoop

5 reasons Kaspersky releasing a Linux antivirus product worries me

SilentButDeadly - Network Communication Blocker Tool That Neutralizes EDR/AV

Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT

Vibe coding to vibe hacking: securing software in the AI era | TechRadar

Resilience At Risk: Talent and Governance in the Age of AI - Infosecurity Magazine

VPN Ban—iPhone And Android ‘Privacy Nightmare’ Is Coming True

What insurers really look at in your identity controls - Help Net Security

What security pros should know about insurance coverage for AI chatbot wiretapping claims - Help Net Security

Cursor Issue Paves Way for Credential-Stealing Attacks

CISO pay is on the rise, even as security budgets tighten | CIO Dive

New Security Tools Target Growing macOS Threats

Other News

Palo Alto kit sees massive surge in malicious activity • The Register

Schools share blame for PowerSchool mega-hack, say watchdogs • The Register

The internet isn't free: Shutdowns, surveillance and algorithmic risks - Help Net Security

Initial Access Brokers (IAB) in 2025 - From Dark Web Listings to Supply Chain Ransomware Events

Hospitals in the cyber crosshairs - POLITICO

How the classic anime 'Ghost in the Shell' predicted the future of cybersecurity 30 years ago | TechCrunch

Cyber Operations on Domestic Networks Redux | Lawfare

Black Friday as retailers face cyber surge

TV streaming piracy service with 26M yearly visits shut down

Military Objective or Civilian Object? The Italian National Cybersecurity Agency's Status in Case of Armed Conflict - Lieber Institute West Point

Vulnerability Management

Chinese Nation-State Groups Hijacking Software Updates

Threat group reroutes software updates through hacked network gear - Help Net Security

Can a Global, Decentralized System Save CVE Data?

ENISA Is Now a CVE Program Root - DataBreachToday

Cyber Agency Warns of Government Exploits - DevX

Vulnerabilities

Fortinet finally cops to critical bug under active exploit • The Register

Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week - SecurityWeek

New SonicWall SonicOS flaw allows hackers to crash firewalls

Fortinet’s delayed alert on actively exploited defect put defenders at a disadvantage | CyberScoop

Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks

Perplexity's Comet AI browser may have some concerning security flaws which could let hacker hijack your device | TechRadar

7-Zip RCE flaw (CVE-2025-11001) actively exploited in attacks in the wild

SolarWinds Patches Three Critical Serv-U Vulnerabilities - SecurityWeek

ASUS warns of critical auth bypass flaw in DSL series routers

Google fixed the seventh Chrome zero-day in 2025

W3 Total Cache WordPress plugin vulnerable to PHP command injection

WordPress plugin with over a million installs may have a worrying security flaw - here's what we know | TechRadar

CVE-2025-50165: Critical Flaw in Windows Graphics Component - Security Boulevard

New WrtHug campaign hijacks thousands of end-of-life ASUS routers

ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts

Millions of sites at risk from Imunify360 critical flaw exploit

RondoDox expands botnet by exploiting XWiki RCE bug left unpatched since February 2025

D-Link warns of new RCE flaws in end-of-life DIR-878 routers

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.

Executive Summary

We start this week with alerts on emerging attacks for business leaders and employees to act on. A new feature in Microsoft Teams gives attackers an easier route into organisations, while a leading developer of advanced AI systems has found hostile actors using its AI model to conduct real attacks. We also report how LinkedIn is used to bypass corporate email defences through direct, trusted-looking messages.

Once in, whether through these channels or others, attackers continue to deploy ransomware. Small and medium sized organisations are particularly targeted, and we highlight how incidents affect victims both financially and at a human level.

New cyber legislation is being introduced in the UK, while other countries warn of evolving nation-state threats. We also note the unintended consequences of regulatory requirements, where online age-verification data has created valuable targets for attackers. Finally, we flag malware risks in mobile phone applications found even in approved online stores.

Organisations need to understand developments in cyber security and take steps to strengthen resilience. Contact us to discuss how to do this proportionately and pragmatically.

Top Cyber Stories of the Last Week

Microsoft Teams’ New “Chat With Anyone” Feature Exposes Users To Phishing and Malware Attacks

A new feature in Microsoft Teams lets anyone initiate chats using only an email address, expanding opportunities for phishing and malicious file sharing.  Commentators warn that attackers may bypass email defences and impersonate legitimate contacts. Administrators can disable the capability, and the piece recommends pairing configuration changes with training and MFA.

Source: https://cybersecuritynews.com/microsoft-teams-chat-with-anyone-feature/

Chinese Spies Told Claude To Break Into About 30 Critical Orgs. Some Attacks Succeeded

Anthropic identified a Chinese state linked group using its AI model Claude to support intrusions into around 30 high value organisations. Human operators directed strategy, while AI assisted with reconnaissance and coding tasks. The case shows growing attempts to blend human oversight with automated tools to streamline intrusions.

Source: https://www.theregister.com/2025/11/13/chinese_spies_claude_attacks/

5 Reasons Why Attackers Are Phishing Over LinkedIn

LinkedIn phishing is rising as attackers exploit direct messaging to bypass email defences. Compromised accounts from infostealer logs are used to impersonate real professionals, especially in finance and tech. The platform enables easy reconnaissance of roles and access levels. Commentators recommend better browser controls and monitoring of non email channels.

Source: https://www.bleepingcomputer.com/news/security/5-reasons-why-attackers-are-phishing-over-linkedin/

Cyber Insurers Paid Out Over Twice as Much for UK Ransomware Attacks Last Year

A steep rise in ransomware events has driven cyber insurance payouts up by 230%. Insurers report more destructive attacks and increased scrutiny of controls such as patching, backups and incident response before granting cover. While insurance supports recovery, it cannot replace core cyber security hygiene or resilience measures.

Source: https://www.theregister.com/2025/11/11/ransomware_surge_fuels_230_increase/

Large Organisations Aren’t Paying Ransomware Threats Anymore: SMBs Are

Proton, a privacy and security technology provider, reports a shift in attacker focus towards SMBs as large enterprises become less willing to pay. Median ransom payments dropped sharply, while unpatched vulnerabilities remained a leading cause of compromise. SMBs face rising exposure and should prioritise staff awareness, backups and segmentation to limit attacker movement and reduce impact.

Source: https://proton.me/blog/ransomware-threats-smbs

FBI: Akira Gang Has Received Nearly $250 Million in Ransoms

The Akira ransomware group has collected an estimated $244 million since 2023, mainly targeting small and medium sized organisations across multiple sectors. Attackers often exploit weak VPNs, stolen credentials and password spraying, then remove security tools and steal data rapidly. Authorities warn that Akira’s speed and use of legitimate remote access tools demand tighter monitoring and faster patching.

Source: https://therecord.media/akira-gang-received-million

Companies Forced to Make Financial Changes After a Cyberattack

A survey of firms hit by cyberattacks found that 70% of publicly traded companies adjusted earnings or guidance afterwards and 68% saw their stock price affected. Among privately held businesses, 73% diverted budgets away from innovation and growth. Additionally, 92% reported legal, regulatory or compliance consequences such as fines or lawsuits. The research emphasises that recovery from an attack involves far more than restoring systems; it demands financial and strategic overhaul.

Source: https://betanews.com/2025/11/10/companies-forced-to-make-financial-changes-after-a-cyberattack/

Cyberattack Impact on Employees May Be as Serious as Technical Fallout

A survey of 500 Irish businesses found 40% suffered an attack in the past year, with many reporting burnout, stress and increased sick leave. Some saw improved loyalty, but most faced financial harm and ransomware pressures. The report also found that AI related vulnerabilities are rising, yet firms still see AI as beneficial overall.

Source: https://www.breakingnews.ie/ireland/cyberattack-impact-on-employees-may-be-as-serious-as-technical-fallout-1827184.html

UK’s New Cyber Security and Resilience Bill Targets Weak Links in Critical Services

Proposed cyber security legislation in the UK will expand existing regulations to include MSPs, data centres and other essential suppliers. It introduces stricter security duties, 24 hour incident reporting and tougher enforcement powers. Operators of critical services would be required to notify impacted customers quickly and maintain stronger controls across supply chains.

Source: https://www.helpnetsecurity.com/2025/11/12/uk-cyber-security-and-resilience-bill/

Spy Boss Says Authoritarian Nations Ready to Commit ‘High Impact Sabotage’

Australia’s domestic intelligence and national security agency, ASIO, warns that hostile states are preparing for cyber sabotage targeting critical infrastructure. Officials cite recent probes by groups such as Volt Typhoon and Salt Typhoon. The director general urges boards to understand their operational dependencies and prepare for scenarios involving communications, power or water disruptions.

Source: https://www.theregister.com/2025/11/12/asio_cyber_sabotage_warnings/

Online Age Checking Is Creating a Treasure Trove of Data for Hackers

Age verification systems increasingly require photo IDs, selfies and credit card checks, creating sensitive data stores attractive to criminals. Breaches at Discord and the Tea app exposed large volumes of imagery and identity data despite policies stating minimal retention. The article argues that regulators lack sufficient power to enforce deletion, especially when third parties are offshore.

Source: https://theconversation.com/online-age-checking-is-creating-a-treasure-trove-of-data-for-hackers-268586

Google Play Store Hosted 239 Malicious Apps That Were Downloaded 40 Million Times

Researchers found 239 malicious Android apps on Play, totalling around 42 million downloads. Threats included spyware, banking trojans and adware, with detections rising 67% year on year. Google is tightening developer checks, but observers argue that serious malware continues to slip through, leaving users exposed.

Source: https://www.ghacks.net/2025/11/07/google-play-store-hosted-239-malicious-apps-that-were-downloaded-40-million-times/

Android Malware Steals Your Card Details and PIN to Make Instant ATM Withdrawals

A malware strain known as NGate records NFC payment data and PINs, allowing criminals to emulate victims’ cards at cash machines. It spreads through phishing and fake banking apps. Users are advised to avoid unsolicited downloads, use trusted app stores and deploy mobile security tools to reduce risk.

Source: https://www.malwarebytes.com/blog/news/2025/11/android-malware-steals-your-card-details-and-pin-to-make-instant-atm-withdrawals

Governance, Risk and Compliance

The quiet revolution: How regulation is forcing cybersecurity accountability | CyberScoop

Nearly £200 million paid in cyber claims to help UK businesses recover | ABI

Cyberattack impact on employees may be as serious as technical fallout

Three quarters of SMEs unprotected against everyday risks - CIR Magazine

Companies forced to make financial changes after a cyberattack - BetaNews

The changing language of cyber: communicating with the board | IT Pro

Why Cybersecurity Must Shift To Continuous Incident Response

The Professionalised World of Cybercrime and the New Arms Race  - Security Boulevard

Board members of critical services operators will soon be required to undergo cyber security training | The Straits Times

Cyberattacks forcing businesses to correct financial outlooks - CIR Magazine

AI is forcing boards to rethink how they govern security - Help Net Security

Cyber Execs Get Insurance, Legal Counsel Perks Amid Higher Risks

CISOs: More Pressure from Internal Expectations than External Threats | MSSP Alert

CISOs are cracking under pressure - Help Net Security

To get funding, CISOs are mastering the language of money - Help Net Security

Reducing the risk of major cyber incidents in the UK through digital resilience | UKAuthority

Omega Systems’ New Financial Services Report Reveals Mounting Regulatory Pressure and Rising ‘Compliance Fatigue’

Threats

Ransomware, Extortion and Destructive Attacks

Qilin Ransomware Activity Surges as Attacks Target Small Businesses - Infosecurity Magazine

Are SMBs facing increasing ransomware threats? | Proton

Ransomware fuels 230% increase in UK cyber insurance payouts • The Register

Threat Actors Leverage RMM Tools to Deploy Medusa & DragonForce Ransomware

Cyberattacks 'costing the UK economy £14.7 billion' a year

Kraken ransomware benchmarks systems for optimal encryption choice

FBI: Akira gang has received nearly $250 million in ransoms | The Record from Recorded Future News

FBI calls Akira ‘top five’ ransomware variant out of 130 targeting US businesses | CyberScoop

'Ransomvibing' Infests Visual Studio Extension Market

Yanluowang initial access broker pleaded guilty to ransomware attacks

How a CPU spike led to uncovering a RansomHub ransomware attack

Russian Hacking Group Sandworm Deploys New Wiper Malware in Ukraine - Infosecurity Magazine

APT37 hackers abuse Google Find Hub in Android data-wiping attacks

The ransomware payment ban: what’s the potential impact for UK businesses? | TechRadar

Russian pleads guilty, staring at 53 years and $9.2M penalty - Cryptopolitan

Ransomware Victims

Allianz UK confirms Oracle EBS compromise • The Register

Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site - SecurityWeek

Synnovis Finally Issues Breach Notification After 2024 Ransomware Atta - Infosecurity Magazine

Hackers claim to leak Collins Aerospace data | Cybernews

UK economic growth slows due to cyberattack at Jaguar Land Rover

UK NHS Named in Clop Gang's Exploits of Oracle Zero-Days

Bank of England says JLR's cyberattack damaged UK GDP growth • The Register

Washington Post data breach impacts nearly 10K employees, contractors

Government not handing ‘free money’ to JLR after cyber attack, minister insists | Insider Media

GlobalLogic Becomes Latest Cl0p Victim After Oracle EBS Attack - Infosecurity Magazine

Ransomed CTO falls on sword, refuses to pay extortion demand • The Register

DoorDash hit by new data breach in October exposing user information

Phishing & Email Based Attacks

Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks

5 reasons why attackers are phishing over LinkedIn

AI and phishing: a toxic pair | Professional Security Magazine

Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware

New Phishing Attack Leverages Popular Brands to Harvest Login Credentials - Cyber Security News

Google Looks to Dim 'Lighthouse' Phishing Kit

Major phishing attack hits hotels with ingenious new scam that also spreads dangerous malware | TechRadar

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Cyberattacks 'costing the UK economy £14.7 billion' a year

Other Social Engineering

Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks

Attackers upgrade ClickFix with tricks used by online stores - Help Net Security

ClickFix Attacks Against macOS Users Evolving - SecurityWeek

What is FileFix — a ClickFix variation? | Kaspersky official blog

ClickFix may be the biggest security threat your family has never heard of - Ars Technica

5 reasons why attackers are phishing over LinkedIn

Phishers target 5K Facebook advertisers with fake biz pages • The Register

Beware the 'Hi, how are you?' text. It's a scam - here's how it works | ZDNET

This Is the Platform Google Claims Is Behind a 'Staggering’ Scam Text Operation | WIRED

Wanna bet? Scammers are playing the odds better than you are - Help Net Security

Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware

Google goes after massive phishing enterprise behind those spammy USPS messages - Neowin

Fraud, Scams and Financial Crime

Cyberattacks 'costing the UK economy £14.7 billion' a year

Beware the 'Hi, how are you?' text. It's a scam - here's how it works | ZDNET

This Is the Platform Google Claims Is Behind a 'Staggering’ Scam Text Operation | WIRED

Wanna bet? Scammers are playing the odds better than you are - Help Net Security

$7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK

"Vibescamming" is the new online scam everyone’s falling for

Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data

Google goes after massive phishing enterprise behind those spammy USPS messages - Neowin

Google Looks to Dim 'Lighthouse' Phishing Kit

Thousands of Chinese lured abroad and forced to be scammers - now Beijing is cracking down - BBC News

New NCA Campaign Warns Men Off Crypto Investment Scams - Infosecurity Magazine

'Dodgy' Amazon Fire TV sticks are leaving users open to financial fraud | News Tech | Metro News

Improve Collaboration to Hit Back At Rising Fraud, Says techUK - Infosecurity Magazine

Lost iPhone? Don’t fall for phishing texts saying it was found

How Elder Fraud Reveals Gaps in Human-Centric Security

Artificial Intelligence

Survey Surfaces Sharp Rise in Cybersecurity Incidents Involving AI - Security Boulevard

Chinese hackers used Claude for a large-scale cyberattack, alleges Anthropic - Technology News | The Financial Express

"Vibescamming" is the new online scam everyone’s falling for

AI and phishing: a toxic pair | Professional Security Magazine

Cybercriminals Are Now Using AI to Create Shape-Shifting Malware, Google Warns

AI Agents Are Going Rogue: Here's How to Rein Them In

65% of Leading AI Companies Found With Verified Secrets Leaks - Infosecurity Magazine

Advocacy group calls on OpenAI to address Sora 2’s deepfake risks | CyberScoop

Los Alamos researchers warn AI may upend national security - Help Net Security

EU’s leaked GDPR, AI reforms slated by privacy activists • The Register

AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

Military experts warn security hole in most AI chatbots can sow chaos

Execs Say AI Use is Making Companies Vulnerable to Attacks: Survey | MSSP Alert

Many Forbes AI 50 Companies Leak Secrets on GitHub - SecurityWeek

Shadow AI risk: Navigating the growing threat of ungoverned AI adoption - Help Net Security

Legal Reputations at Risk: How AI is Reshaping Cyber Threats in Law – Artificial Lawyer

'Ransomvibing' Infests Visual Studio Extension Market

Autonomous AI could challenge how we define criminal behavior - Help Net Security

Oddest ChatGPT leaks yet: Cringey chat logs found in Google analytics tool - Ars Technica

Malware

Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks

Hackers Exploiting RMM Tools LogMeIn and PDQ Connect to Deploy Malware as a Normal Program

Cybercriminals Are Now Using AI to Create Shape-Shifting Malware, Google Warns

Threat Actors Leverage RMM Tools to Deploy Medusa & DragonForce Ransomware

Infostealers are making this old security practice new again | PCWorld

Hackers Exploit OneDrive.exe Through DLL Sideloading to Execute Arbitrary Code

Hackers Weaponizing Calendar Files as a New Attack Vector Bypassing Traditional Email Defenses

Threat Actors Attacking Outlook and Google Bypassing Traditional Email Defenses

DanaBot malware is back to infecting Windows after 6-month break

Major phishing attack hits hotels with ingenious new scam that also spreads dangerous malware | TechRadar

Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites