You know that feeling when you open your feed on a Thursday morning and it’s just… a lot? Yeah. This week delivered. We’ve got hackers getting creative in ways that are almost impressive if you ignore the whole “crime” part, ancient vulnerabilities somehow still ruining people’s days, and enough supply chain drama to fill a season of television nobody asked for.

Not all bad though. Some threat actors got exposed with receipts, a few platforms finally tightened things up, and there’s research in here that’s genuinely worth your time. Grab your coffee and keep scrolling.

That’s a wrap for this week. If anything here made you pause, good. Go check your patches, side-eye your dependencies, and maybe don’t trust that app just because it’s sitting in an official store. The basics still matter more than most people want to admit.

We’ll be back next Thursday with whatever fresh chaos the internet cooks up. Until then, stay sharp and keep your logs close. See you on the other side.

The UK faces a “perfect storm” for cybersecurity as the next decade will be defined by a combination of geopolitical tensions and high-seed technological evolution.

Speaking at the tenth annual CYBERUK conference in Glasgow, Richard Horne, CEO of the UK’s National Cyber Security Centre (NCSC), said that the meeting of rapid technological change driven by developments in AI and geopolitical tensions are giving rise to a period of “tumultuous uncertainty”. 

The NCSC had dealt with 204 “national significant” cyber incidents at the time of its last annual review, published in October 2026. Today, Horne said the number of incidents remained “fairly steady”.

Most Serious Cyber Threats Come from Nation States

Ransomware attacks continue to be the most prevalent threat to most firms. However, Horne warned that the majority of “nationally significant” threats the NCSC deals with originate directly from nation states.

Speaking to Infosecurity, Jamie Collier, lead threat intelligence advisor, (Europe), Google Threat Intelligence Group (GTIG), said the firm’s research shows that the UK is currently “navigating a complex and blended threat landscape where nation-state actors pursue very different strategic goals.” This he said, makes it difficult to compare them side-by-side.

In his speech at CYBERUK, Horne outlined how Russia, China and Iran continue to target both UK firms and individuals with their different tactics and objectives.

He noted that China’s intelligence and military agencies now display an “eye-watering level of sophistication” in their cyber operations.

In August 2025, the NCSC published a joint advisory alongside twelve allied agencies publicly linking three China-based companies to a global campaign targeting critical networks, overlapping with what industry tracks as Salt Typhoon.

China-nexus activity is often quieter and persistent, especially compared to the likes of Russian threat actors. They have typically moved away from traditional targets to focus on edge infrastructure like routers and VPNs, explained Collier.

Meanwhile, Iran is “almost certainly” using cyber activities to support the repression of British individuals on our streets who are seen as a threat to the regime, Horne said.

The NCSC has previously warned about an increase in targeted attacks against individuals using social media messaging apps.

Martin Riley, CTO at cybersecurity services firm Bridewell, told Infosecurity that Iran is “the shifting piece.”

The Handala wiper activity in March, which compromised Stryker’s Microsoft Intune environment and remotely wiped devices at a key UK NHS supplier, “shows the direction of travel,” Riley noted.

“UK organizations should expect more direct Iranian or Iran-aligned targeting in the months ahead, not less,” he added.   

Regarding Russia, Horne’s analysis noted that cyber lessons are being learned in the theatre of war with Ukraine.

“The tactics and techniques honed in conflict are now being directed at states it considers hostile,” Horne said.

The NCSC and its partners, including the National Protective Security Authority, are observing sustained Russian hybrid activity targeting assets across the UK and Europe.

Collier noted, “Russia remains the most visible and disruptive threat, characterized by a mix of sophisticated espionage and a surge in pro-Russia hacktivist activity.”

While this is cause for concern, Bridewell’s data found that the current Russian cyber effort remains heavily concentrated on Ukraine and on espionage against government and policy targets, with pro-Russia hacktivist noise on the margins.

“Direct targeting of UK operational technology (OT) and critical national infrastructure (CNI) by Russian state actors is not what we are seeing in volume right now,” said Bridewell’s Riley.

GTIG’s Collier said their analysis shows Russia move toward tactical, frontline objectives.

“This includes targeting the mobile devices and battlefield applications used by individual soldiers to gain immediate military advantages. This shows a Russian cyber apparatus that has become much more disciplined and integrated into traditional military operations,” he said.

UK Preparedness Under the Spotlight

The readiness of UK organizations against sustained nation-state attacks is uncertain. Anthony Young, CEO at Bridewell cautioned that the majority or businesses are “not well prepared.”

“Most organizations are still struggling to get basic security controls in place and have full visibility across their estate. At a time of heightened security budgets are being squeezed like never before therefore CISO’s are having to do more with less and most are still starting from a relatively low level of maturity,” he told Infosecurity.

Horne urged for a “cultural shift” within organizations to prepared for cyber risks, calling for everyone “whether they sit on the board or the IT help desk” to be part of the cybersecurity mission.

Young said, “Execs across organizations need to start to stand up, stop putting lip service to cybersecurity and actually invest for the long term.”

If a nation state was to undertake a sustained attack on the UK today, Young said he would be “very worried.”

“We have the right people and skills to be able to respond fast as a country but if we focused on actually improving cyber properly as a country we would be in a lot better position,” Young concluded.

Meanwhile, Rob Demain, CEO, e2e-assure cautioned that if organizations don’t evolve how they are detecting and responding to threats over the next 12 months, then they will soon become “significantly under prepared.”

Collier said for cybersecurity leaders, the most critical shift is moving from a prevention-only mindset to a resilience mindset.

“Organizations have to assume adversaries can gain initial access and focus on making their environment as difficult as possible for intruders to navigate,” he said.

AI, a Cause for Concern

Following the release of Anthropic’s Claude Mythos frontier AI model, which promises to identify and fix software vulnerabilities at speed, the UK government sent an open letter to business leaders urging them to plan for such AI models to rapidly increase over the next year.

The letter also encouraged businesses to take cybersecurity seriously and deploy cyber hygiene methods.

During CYBERUK, Horne said, “Frontier AI is rapidly enabling discovery and exploitation of existing vulnerabilities at scale, illustrating how quickly it will expose where fundamentals of cyber security are still to be addressed.”

Demain highlighted that zero-day attacks are becoming more common and real across all business sizes and industries as a result of advancements in AI.

Although the threats and technologies are changing, we still need to ensure the basics are correct, he added.

“Basics such as full visibility across all environments, 24/7 monitoring, and correct technological configuration are still some of the easiest ways to remain a hard target for threat actors, even with the threats from AI looming,” he said.

The rush to adopt AI in enterprise environments is not only creating new security vulnerabilities, but is also reviving old security failures, a top Mandiant executive has warned.

Speaking to Infosecurity during Google Cloud Next 26, Jurgen Kutscher, VP of Mandiant Consulting, part of Google Cloud, said that AI deployment in enterprises is often accompanied by a neglect of basic security controls.

“A lot of the old problems are new again,” Kutscher said. “We’ve seen enterprises really worried about new AI threats like large language model poisoning while forgetting the most basic security controls.”

Mandiant Red Team Reveals Cybersecurity Failings 

Kutscher said Mandiant’s red team has uncovered real security failures caused by this mismanagement during simulated real‑world attacks, in which testers adopt the tactics of genuine adversaries to probe organizations’ defenses.

During red-team engagements, he has seen AI-enabled environments where an attacker could change data classifications, allowing them to bypass protections like data loss protection (DLP) solutions.

Furthermore, Kutscher was “surprised” to find even simple mistakes such as unencrypted communication streams.

“For instance, we observed an unencrypted communication stream between the AI and the browser when working with a financial company,” he said, underscoring how basic hygiene was being overlooked.

In multiple engagements, Mandiant red teamers were able to social-engineer initial access and then rely on the AI to perform follow-on actions, including exfiltration and policy changes.

“Once we’re inside, we’ve had the AI do the rest for us, including data theft and everything. And I’m talking about authorized AI deployments, not event shadow AI cases, where employees have deployed AI workflows without the company’s oversight,” Kutscher said.

Organizations should build AI security governance processes as soon as possible.  

He emphasized that creating policies and governance is easier than cleaning up uncontrolled AI usage after the fact. He recommended revisiting secure architecture and performing red-team validation to ensure critical assets are truly segmented.

While recognizing AI’s power for defense, Kutscher urged CISOs not to assume AI adoption absolves them of basic cybersecurity responsibilities.

“It’s possible that these mistakes partly come from the fact that CISOs aren’t always involved in the deployment of AI workflows, among many other reasons, I don’t want to speculate, but the lack of basic security controls around AI workflow deployments is there and it’s a significant risk,” he concluded.