Threat actors stories

New UK cyber bill pushes critical sectors towards continuous offensive security testing as state-backed and criminal threats intensify.

Cyderes appoints Lana Knop as Chief Product Officer to steer post‑Lucidum product strategy and drive a new wave of AI‑powered security services.

Over 70% of major retailers and nearly 60% of wholesalers have exposed credentials, leaving shared supply chains ripe for attack.

Misconfigured cloud training labs on AWS, Google Cloud and Azure expose major firms to live attacks via overly permissive access roles.

Major firms are leaving known, actively exploited cyber flaws unpatched for six months or more, sharply heightening breach risks.

Unicorns beat Global 2000 on core domain security, yet weak registry locks and scant DNS redundancy leave major gaps in cyber defences.

Boards face a widening cyber visibility gap as AI, legacy systems and shadow tools outpace governance, testing resilience and oversight.

Cloudflare warns outdated apps across APAC are choking AI gains, as modernised firms see triple the returns on their AI investments.

Ransomware attacks hit record highs in 2025 as Qilin overtakes LockBit, with victim numbers surging 58% and threat groups multiplying.

Data breaches at Victorian schools and Sydney University expose deep cyber flaws, leaving Australian students vulnerable to long-term threats.

Microsoft again tops global phishing brand list as attackers increasingly mimic big tech services to steal cloud and consumer credentials.

Phishing-as-a-service kits doubled in 2025, now powering 90% of attacks as cyber gangs race to outsmart multifactor checks and filters.

Kyowon outage and an Instagram bug expose entrenched identity security gaps across APAC, from credential hygiene to privileged access.

Microsoft’s first 2026 Patch Tuesday fixes an exploited DWM zero-day, strips decades-old modem drivers and tackles Secure Boot risks.

HP reports a surge in convincing fake software updates and staged prompts that trick users into installing stealthy, rapidly evolving malware.

CybExer warns 2026 will bring “AI wars”, quantum-era encryption risks and stricter cyber insurance demands on organisational readiness.

Makop ransomware pivots to India with RDP brute force, privilege exploits and GuLoader as it leans on basic flaws over bespoke tools.

Proofpoint flags a sharp rise in Microsoft 365 account takeovers via device code phishing, hitting firms from finance to government.

Identity security will become core infrastructure by 2026 as AI‑driven attacks, deepfakes and state hackers overwhelm old perimeter defences.

Ransomware attacks dipped in November, but ClickFix techniques and alliances between groups like Qilin and CL0P drove fresh risks.