Threat actors stories

Leak-site posts surge 22% to 2,638 in Q1 2026 as ReliaQuest flags The Gentlemen's rise, fake claims and shifting extortion tactics.

Check Point and Flashpoint warn AI is speeding up exploit development, shrinking patch windows and forcing defenders to rethink first-line protections.

AI tools are speeding up vulnerability hunting and could help lower-skilled hackers exploit flaws far sooner, Flashpoint has warned.

Anthropic and OpenAI take rival paths on AI cyber tools, as one keeps access tightly restricted while the other widens vetted user access.

Google Cloud expands AI security with new agents, Wiz integrations and fraud defences as it targets faster, more automated cyber attacks.

Sysdig says companies are increasingly leaning on automated defence as AI-driven attacks accelerate, with machine identities now dominating cloud access.

Team Cymru unveils Total Insights Feeds, a single-stream threat intelligence framework blending internet-wide scoring, context and automated risk tagging.

GuidePoint says ransomware attacks stayed elevated in Q1 as The Gentlemen surged, construction became a top target and extortion-only tactics spread.

ReliaQuest says suspected former Black Basta operators are bombarding staff with emails and posing as IT support in Microsoft Teams to reach senior executives.

Proofpoint says mailbox rule abuse is becoming a routine Microsoft 365 takeover tactic, helping attackers hide alerts, hijack threads and drive fraud.

Synack launches AI-driven assessment to expose overlooked attack surface gaps as offensive tools speed up vulnerability discovery.

Booking.com tells some customers to watch for phishing after suspicious activity exposed reservation details, contact data and messages linked to bookings.

AI-driven bots and machine accounts are exposing long-running identity security gaps across Australian and New Zealand organisations, experts warn.

TCCA urges industry to align on international standards as 4G and 5G broadband systems expand the cyber risk for mission critical communications.

China-linked TA416 returns to spying on European diplomats and later expands attacks to Middle Eastern government targets after Iran conflict.

Vulnetix expands AI coding defences as Australia's first Global CVE Numbering Authority, opening vulnerability tools to developers nationwide.

Cloudflare and WatchGuard urge organisations to rethink cloud defences as rising identity attacks, AI risks and quantum threats expose weak spots.

Experts warn firms must improve visibility and backup resilience as automated ransomware campaigns and hidden SaaS and AI assets widen exposure.

Entrust joins forces with Chillisoft to bolster ANZ cyber defences, blending identity, education and quantum-ready security expertise.

DTEX warns North Korean operatives are using false identities to secure Australian tech jobs, with some applicants aided by AI and deepfakes.