Most CNI Firms Face Up to £5m in Downtime From OT Attacks
A recent e2e‑assure survey of 250 UK critical national infrastructure (CNI) decision‑makers found that 80% of providers could incur OT downtime costs ranging from £100,000 ($132,144) to £5 million ($6.6 million) after a cyber‑attack. Roughly one‑quarter of incidents exceed $1.3 million, and 6% surpass $6.6 million. Fear of nation‑state actors is high, with 64% of respondents worried about state‑sponsored OT disruption, especially amid heightened tensions involving Iran. Detection remains slow, as only 31% spot breaches within 12 hours, while 44% are least concerned about OT visibility.
Eight in 10 UK Manufacturers Hit by Cyber Incident in a Year
New ESET research shows 78% of UK manufacturers suffered a serious cyber incident in the past year, with 95% reporting direct business impact. Over half (53%) incurred financial losses, averaging six‑figure amounts, while 44% faced supply‑chain disruptions and 39% missed...
ChatGPT Security Issue Enabled Data Theft via Single Prompt
Security researchers at Check Point uncovered a vulnerability in ChatGPT that allows a single crafted prompt to create a covert data‑exfiltration channel. The flaw leveraged a hidden DNS side‑channel from the model's isolated container, enabling both data leakage and remote...
Employee Data Breaches Surge to Seven-Year High
Employee data breach reports to the UK Information Commissioner’s Office reached 3,872 incidents in 2025, the highest level in at least seven years. That marks a 5% rise from the previous year and a 29% increase versus 2019, when reporting...
UK Cracks Down on Chinese Crypto Marketplace for Funding Southeast Asia Scam Hubs
On 26 March the UK government announced sanctions against Xinbi, the region’s largest illicit cryptocurrency marketplace that moved roughly $19.7 billion in fraudulent funds. Xinbi, based in China, is tied to the #8 Park scam compound in Cambodia, which houses up to 20,000...
Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code
Georgia Tech’s Vibe Security Radar identified 35 new AI‑generated code vulnerabilities in March 2026, raising the quarterly total to 74 confirmed CVEs linked to AI coding tools. The project tracks roughly 50 AI‑assisted development platforms, with Anthropic’s Claude Code accounting for...
EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts
Researchers at eSentire disclosed a new EtherRAT campaign that hides command‑and‑control (C2) addresses inside Ethereum smart contracts, a technique they call EtherHiding. The malware, delivered via Node.js backdoors after initial access through Teams support scams and ClickFix attacks, retrieves C2...
OpenAI Expands Bug Bounty to Cover AI Abuse and 'Safety' Concerns
OpenAI announced a Safety Bug Bounty program on March 26, hosted on Bugcrowd, to solicit disclosures of AI abuse and safety risks beyond traditional security flaws. The initiative complements its existing Security Bug Bounty, which has already rewarded 409 vulnerabilities since...
Invoice Fraud Costs UK Construction Sector Millions, NCA Warns
UK’s National Crime Agency, together with the National Federation of Builders, has launched an awareness campaign targeting invoice‑fraud in the construction sector. In September 2025, fraudulent invoices cost the industry almost £4 million (≈$5.3 million) across 83 reported cases, and construction plus...
Cloud Phones Linked to Rising Financial Fraud Threat
A Group‑IB report released on March 25 reveals that cloud phones—remote‑access Android devices hosted in data centres—are being weaponized for financial fraud. Because they replicate genuine smartphones, they bypass conventional device‑fingerprinting tools, allowing fraudsters to create and operate dropper accounts...
Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne
SentinelOne’s 2026 Annual Threat Report warns that identity‑based attacks have escalated to an industrial scale, with threat actors exploiting legitimate enterprise credentials to bypass traditional defenses. Attackers are using social‑engineering, MFA‑bypass kits, and brute‑force tactics to hijack high‑privilege accounts, even...
Experts Sound Alarm Over “Prompt Poaching” Browser Extensions
Security firm Expel reported a surge in malicious Chrome extensions that silently capture users’ AI conversations, a practice dubbed “prompt poaching.” The extensions monitor open tabs, intercept API calls or scrape the DOM, then transmit prompts and responses to external...
Silver Fox Cyber Campaigns Show Shift Toward Dual Espionage
Silver Fox, a cyber intrusion group, shifted its tactics from 2025 to early 2026, blending espionage with financially motivated crime. The campaigns targeted finance staff across Taiwan, Japan, and eight South Asian nations using tax‑authority phishing lures. Attack vectors progressed...
Former Ukrainian Foreign Minister Dmytro Kuleba to Address the New Cyber Frontline at Infosecurity Europe
Infosecurity Europe will feature former Ukrainian foreign minister Dmytro Kuleba as the headline keynote at its June 2‑4, 2026 conference in London. Kuleba will discuss “Ukraine’s Hybrid War and the New Cyber Frontline,” sharing lessons from Russia’s coordinated cyber‑attacks and the shift...
Ransomware Affiliate Exposes Details of 'The Gentlemen' Operation
An affiliate known as ‘hastalamuerte’ disclosed internal details of the emerging ransomware‑as‑a‑service group The Gentlemen, revealing its dual‑extortion tactics, multi‑platform targets, and sophisticated evasion methods. Group‑IB’s March 19 report shows the group exploits FortiGate VPN devices, uses PowerShell, BYOVD drivers, and...
FCA Updates Cyber Incident and Third-Party Reporting Rules
The UK Financial Conduct Authority has unveiled new cyber‑incident reporting rules that clarify what events firms must disclose and streamline the submission process via a single portal shared with the PRA and Bank of England. The guidance narrows reporting thresholds,...
UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs
Bridewell’s 2026 Cybersecurity in CNI report shows regulatory compliance has become the leading catalyst for cyber investment among UK critical infrastructure firms, rising to 35% of security leaders. New mandates such as the UK Cyber Security Resilience Bill, the EU...
Crypto Scam "ShieldGuard" Dismantled After Malware Discovery
Okta Threat Intelligence dismantled the ShieldGuard browser extension, a fraudulent crypto‑security tool that harvested user data. The extension collected wallet addresses, transaction histories, and browsing activity from platforms like Binance, Coinbase, and MetaMask, and executed remote code via a command‑and‑control...
AI Issues Will Drive Half of Incident Response Efforts by 2028, Says Gartner
Gartner warns that custom‑built AI applications will consume at least half of enterprise incident‑response resources by 2028 unless security teams are involved early. The analyst urges a “shift‑left” approach to embed controls from the start and highlights a surge in...
Android OS-Level Attack Bypasses Mobile Payment Security
CloudSEK researchers uncovered an Android attack that leverages the LSPosed framework to manipulate the runtime environment rather than tampering with app code. By injecting malicious modules at the OS level, the technique hijacks legitimate payment applications while preserving their signatures,...
'CursorJack’ Attack Path Exposes Code Execution Risk in AI Development Environment
Proofpoint researchers identified a new attack called CursorJack that abuses Model Context Protocol (MCP) deeplinks in the Cursor AI‑focused IDE. By crafting a malicious link, an attacker can trick a developer into clicking it and approving an installation, causing the...
Average Number of Daily API Attacks Up 113% Annually
Akamai’s 2025 State of the Internet report shows API attacks more than doubled, rising 113% to an average of 258 incidents per organization. Unauthorized workflows now account for 61% of attacks, indicating a shift toward behavior‑based exploits. The most common...
UK Cyber Monitoring Centre Sets Its Sights on US Expansion One Year After Launch
The UK Cyber Monitoring Centre (CMC), launched in February 2025, quantifies the economic impact of major cyber incidents using a proprietary 0‑to‑5 scale. In its first year it assessed two high‑profile breaches: a Category 2 attack on Marks & Spencer and the Co‑op...
Security Flaw in AWS Bedrock Code Interpreter Raises Alarms
Security researchers at Phantom Labs demonstrated a DNS‑based data exfiltration technique targeting AWS Bedrock AgentCore Code Interpreter. By embedding malicious instructions in a CSV file, attackers can force the interpreter to issue DNS queries that act as a covert command‑and‑control...
CISA Issues Emergency Directive Over Exploited Cisco SD-WAN Flaws
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 26‑03, warning that attackers are exploiting a critical authentication‑bypass flaw (CVE‑2026‑20127) in Cisco Catalyst SD‑WAN devices used across federal networks. The vulnerability carries a CVSS score of 10, potentially granting...
France: National Cybersecurity Agency Reports Ransomware Attack Drop in 2025
The French cybersecurity agency ANSSI reported a modest decline in ransomware incidents in 2025, with 128 attacks versus 141 in 2024. The drop is attributed to proactive cyber‑defense measures and large‑scale law‑enforcement actions such as Operation Endgame. While overall ransomware...
Researchers Discover Major Security Gaps in LLM Guardrails
Unit 42 researchers revealed that safety guardrails in generative AI, termed “AI Judges,” can be bypassed using a novel prompt‑injection technique. Their custom fuzzer, AdvJudge‑Zero, automatically discovers low‑perplexity token sequences that shrink the logit gap between “allow” and “block,” achieving a...
Cyber-Attacks on UK Firms Increase at Four Times Global Rate
Check Point’s February 2026 report shows UK organisations faced a 36% year‑on‑year rise in cyber‑attacks, far outpacing the 9.8% global increase. Despite the surge, UK firms averaged 1,504 attacks per week, still below the global mean of 2,086. Education, energy,...
Only 24% Of Organizations Test Identity Recovery Every Six Months
Identity and access management now underpins modern enterprises, linking users, applications, automation tools, and cloud services. Quest Software’s survey shows only 24 % of organizations test their identity disaster‑recovery plans every six months, while 24 % never test at all. Companies that...
Cloud Attackers Now Prefer Vulnerability Exploits Over Credentials, Google Cloud Finds
Google Cloud’s H1 2026 Threat Horizons Report reveals a marked shift in attacker tactics, with software‑vulnerability exploits overtaking credential‑based attacks as the primary entry method into cloud environments. Third‑party vulnerabilities accounted for 44.5% of initial accesses in H2 2025, up from 2.9%...
Threat Actor Exploits Flaws and Uses Elastic Cloud SIEM to Manage Stolen Data
Researchers at Huntress uncovered a campaign where a threat actor exploited vulnerabilities in enterprise software, including SolarWinds Web Help Desk, to harvest system data and funnel it into a free‑trial Elastic Cloud SIEM instance. The attacker used an encoded PowerShell...
UK Launches New Crackdown Unit to Tackle Cyber-Fraud at the Source
The UK Home Office and National Crime Agency announced the creation of an Online Crime Centre, set to begin operations in April. The unit will pool expertise from police, intelligence, banks, mobile networks and major tech firms to identify and...
ContextCrush Flaw Exposes AI Development Tools to Attacks
Security researchers at Noma Labs disclosed a critical flaw named ContextCrush affecting the Context7 MCP Server, a popular component that feeds documentation to AI coding assistants. The vulnerability stems from unsanitized custom‑rule entries, allowing attackers to embed malicious instructions that...
Global Takedown Neutralizes Tycoon2FA Phishing Service
Investigators led by Microsoft and Europol dismantled the Tycoon2FA phishing‑as‑a‑service operation, seizing over 300 associated domains. The service, launched in August 2023, offered subscription‑based MFA bypass using adversary‑in‑the‑middle attacks, attracting roughly 2,000 criminal users and leveraging more than 24,000 domains....
Surge in Attacks on Surveillance Cameras Linked to Iranian Hackers
Check Point Research has identified a coordinated surge in attempts to compromise internet‑connected surveillance cameras across the Middle East, targeting Hikvision and Dahua devices. The campaign, which intensified on February 28, aligns with Iranian threat actors and exploits CVE‑2021‑33044 and CVE‑2017‑7921....
Multi-Stage "BadPaw" Malware Campaign Targets Ukraine
ClearSky researchers have uncovered a new malware campaign dubbed “BadPaw” that exploits the Ukrainian email provider ukr.net to lend credibility to phishing messages. The attack delivers a ZIP archive that actually contains a hidden HTA application, which checks system age...
Calls for Global Digital Estate Standard as Posthumous Deepfake Fraud Risk Grows
The OpenID Foundation released a report urging the creation of a global digital‑estate framework to protect deceased users’ online accounts. It warns that the absence of consistent standards leaves devices, social media, email and cryptocurrency vulnerable to fraud, especially as...
Israel: RedAlert Spyware Campaign Exploits Wartime Panic With Trojanized App
CloudSEK has uncovered a sophisticated Android espionage campaign dubbed RedAlert, which distributes a trojanized version of Israel’s official Red Alert rocket‑warning app via SMS phishing. The fake app mimics the legitimate interface, delivers real alerts, and silently requests high‑risk permissions...
Leaked Database Sheds Light on Iranian Crypto Sanctions Evasion
A leaked database from Iranian exchange Ariomex shows the platform may have facilitated sanctions evasion and large capital transfers between 2022 and 2025. The data, analyzed by Resecurity, identified 27 users with potential sanctions matches and revealed that 70% of...
Huge “Shadow Layer” Of Organizations Hit by Supply Chain Attacks
Black Kite’s 2025 Third‑Party Breach Report reveals a massive "shadow layer" of supply‑chain attacks, with 136 verified breaches exposing 719 downstream companies and 433 million individuals. Vendors reported an additional 26,000 unnamed corporate victims, suggesting even higher impact. Software‑services providers accounted...
Iranian Cyber Threat Actor Targets Iraqi Government Officials in AI-Powered Campaign
Iran‑linked threat actor Dust Specter launched a sophisticated phishing campaign against Iraqi government officials in January 2026, masquerading as the Ministry of Foreign Affairs. The operation deployed previously unseen malware families—including SplitDrop, TwinTask, TwinTalk and GhostForm—some of which were assembled with...
Aeternum Botnet Shifts Command Control to Polygon Blockchain
Aeternum, a newly discovered botnet loader, has moved its command‑and‑control (C2) infrastructure onto the Polygon blockchain, using smart contracts to issue instructions. By writing commands as immutable blockchain transactions, the botnet eliminates the traditional servers and domains that law‑enforcement typically...
Malicious NuGet Package Targets Stripe Developers
Security researchers discovered a malicious NuGet package, StripeApi.Net, that mimics Stripe's official .NET library. The typosquatting campaign generated over 180,000 artificial downloads across 506 versions to appear legitimate. Embedded code silently captured Stripe API keys and a machine identifier, sending...
Cost of Insider Incidents Surges 20% to Nearly $20m
The DTEX Cost of Insider Risks 2026 report, based on 8,750 security practitioners, finds average insider‑related losses of $19.5 million per organization, with employee negligence—largely driven by shadow AI—accounting for 53% of that cost. Negligence losses rose 17% year‑on‑year, pushing total...
Multifaceted Phishing Scheme Deceives Bitpanda Customers
Cybersecurity firm Cofense uncovered a sophisticated phishing campaign that impersonates cryptocurrency broker Bitpanda. The fake site replicates Bitpanda’s login and adds a counterfeit multi‑factor authentication flow to harvest credentials, names, phone numbers, addresses, and birth dates. Attackers host the clone...
Shai-Hulud-Like Worm Targets Developers via Npm and AI Tools
Security researchers have uncovered a supply‑chain worm, dubbed SANDWORM_MODE, spreading through at least 19 malicious npm packages that employ typosquatting. The malware not only steals developer and CI credentials but also injects rogue servers into AI coding assistants such as...
Dramatic Escalation in Frequency and Power of DDoS Attacks
The Radware 2026 Global Threat Analysis Report reveals a 168% jump in DDoS attacks in 2025 versus 2024, with customers averaging 139 attempted incidents per day. Technology, telecommunications and financial services bore the brunt, the tech sector alone accounting for...
Remcos RAT Expands Real-Time Surveillance Capabilities
A newly observed Remcos RAT variant now streams webcam footage and transmits keystrokes in real time, shifting from local data storage to direct, encrypted communication with attacker‑controlled servers. The malware decrypts its configuration only at runtime, loads critical Windows APIs...
Industrial-Scale Fake Coretax Apps Drive $2m Fraud in Indonesia
Group‑IB uncovered a sophisticated fraud campaign that spoofed Indonesia’s Coretax tax platform by distributing counterfeit Android apps. The scheme combined phishing websites, WhatsApp impersonation of tax officers, and voice‑phishing calls to install RATs such as Gigabud.RAT and MMRat, leading to...
Industrial Control System Vulnerabilities Hit Record Highs
Forescout’s 2026 report shows industrial control system (ICS) advisories surpassed 500 in 2025, the highest level since tracking began. The 2,155 CVEs tied to those advisories pushed average CVSS scores above 8.0, reflecting increasingly critical flaws. Manufacturing and energy assets...
