Our Scans · (FS.8.07) Cybersecurity · Weekly Summary

• [New] Researchers from Cisco Talos and Google have uncovered new malware techniques used by North Korean threat actors, including EtherHiding, which leverages public blockchains for command and control. Black Arrow Cyber Consulting
• [New] The breakneck speed of AI development and the rise of phishing, deepfakes, and an exponential increase in ransomware attacks, mean institutions and businesses across the globe face an increasing cybersecurity threat, with universities firmly in the firing line. Ellucian
• [New] When used thoughtfully, AI can help combat fraud threats; it has several promising applications in fraud detection, including bank-transaction monitoring, spam-messaging filtering, harmful-content blocking, and malware detection. Morningstar, Inc.
• [New] The Clop ransomware group is conducting a mass exploitation of multiple vulnerabilities on Oracle's E-Business Suite, a platform used for businesses with tools to manage a firm's financial, supply chain and human resources functions. Politico
• [New] Over 90% of organizations expect to increase cybersecurity funding over 2026, but earmarking more money for protection only works if it's being spent on the right resources. The AI Journal
• [New] Microsoft's report highlights extortion, ransomware, and targeted intrusion campaigns as dominant threat vectors, and underscores that extortion and ransomware now account for a majority of high-impact incidents observed in enterprise environments. News, Events, Advertising Options
• [New] Microsoft processes more than 100 trillion signals daily, blocks around 4.5 million new malware attempts, analyses 38 million identity risk detections, and screens 5 billion emails each day for potential threats. SecurityBrief Australia
• [New] State actors continue to pose a significant threat to U.K. and global cybersecurity, supported by an evolving cyber intrusion sector. Industrial Cyber
• [New] Prompt Injection Attacks Spike by 540% in 2025 Cybersecurity firm HackerOne has released a report revealing a staggering 540% increase in prompt injection vulnerability reports in 2025. Medium
• [New] By developing post-quantum cryptography, cybersecurity experts at Wells Fargo Bank & Co., Accenture PLC and DigiCert hope to prepare companies for the migration to quantum-based cybersecurity. SiliconANGLE
• [New] Cybersecurity in 2025 is not just about firewalls and phishing filters - it's about navigating a threat landscape shaped by AI, automation, and increasingly sophisticated adversaries. Medium
• [New] Major tech and cybersecurity incidents continue to surface, including vulnerabilities in Google Chrome, Redis, and Salesforce, along with widespread data breaches at DraftKings and Doctors Imaging Group. Medium
• [New] Characterized by a shift from reactive to proactive defences, 2026 will see agents operating on a new front in the war against phishing, ransomware and data theft. Forbes
• [New] The tightening of enforcement across a growing number of sectors, and the mandatory reporting of ransomware payments (and the pending outright prohibition in the UK), will shift demonstrable cyber security from a nice-to-have to a must have in 2026. Huntsman
• The U.S. Chamber of Commerce's Small Business Index survey revealed that 60% of small business owners - who mostly run companies with fewer than 100 employees - said cybersecurity threats are a top concern. International Association of Better Business Bureaus
• As we look toward 2026, cloud systems are becoming more sophisticated and secure, and advancements in AI and cybersecurity are shaping enterprise strategies. CloudTweaks
• 90% of Malaysian organizations are facing cybersecurity burnout, driven by escalating threats, resource shortages, and unclear strategies. BusinessToday
• Investors now prioritize cybersecurity-focused protocols (e.g., MPC-based key management) and decentralized insurance platforms to mitigate state-sponsored risks. Ainvest
• Despite the escalating threat and growing sophistication of cyberattacks, Moody's said, many organizations are failing to consistently implement critical cybersecurity measures, such as daily backups of data and multi-factor authentication for network access. Insurance Journal
• While modern software systems often rely on a complex network of third-party vendors and suppliers, many organizations fail to rigorously assess third-party cybersecurity practices or manage open-source software risks, which can leave them exposed to supply chain attacks. Insurance Journal
• The crypto cybersecurity crisis is no longer a hypothetical - it is a $4 billion annual threat with cascading effects on global markets. Ainvest
• Crypto sector faces $4 B annual cybersecurity threats, with $2.17 B stolen in H1 2025, including Bybit's $1.5 B hack linked to North Korea. Ainvest

Last updated: 23 October 2025