January : Cyber Security Industry News Bulletin

1. AI-Driven Attack Acceleration 

AI is a beautiful yet terrifying beast. Its raw power makes light work for both sides of the Cyber War. Considering how easy it is to gain access to AI resources, it comes as no surprise that threat actors are leveraging “agentic AI” to discover and exploit vulnerabilities. Researchers this month reported “ZombieAgent,” a novel attack targeting LLMs via indirect prompt injection is capable of turning AI into a persistent, stealthy data-collection tool. 

The upside in this budding arms-race, is that AI tools are becoming far more readily available for use by defenders. Security Tooling has been tweaked in response to high-volume AI threats, CISOs are increasingly opting for third-party, specialized AI tools for detection and remediation. 

As if winter wasn’t bad enough, “EvilAI” Campaigns are now a thing. They can be malware campaigns disguising trojans as legitimate AI productivity applications, using signed code to steal browser data and credentials. 

2. High-Profile Incidents and Data Breaches

Nike: Investigated a potential massive data breach where the WorldLeaks group claimed to have stolen 1.4 terabytes of internal data 

Target: Attackers targeted software supply chains, stealing 860 GB of code and developer documentation from US retail chain Target. 

Garner Foods: Targeted by the Play ransomware group, which threatened to release stolen data. 

Jaguar Land Rover (JLR): Continuing to suffer from the 2025 Scattered Spider attack, with operational recovery stretching into early 2026 

Zendesk: Hackers exploited unsecure support portals to generate massive volumes of spam 

AZ Monica Hospital (Belgium): Forced to cancel surgeries and transfer patients due to a ransomware incident. 

3. Emerging Threats and Vulnerabilities

The NCSC has warned that Russian-aligned hacktivist groups have been targeting UK local government and critical national infrastructure with denial-of-service (DDoS) attacks. 

Zero-Click WhatsApp Flaw: A new zero-click vulnerability in WhatsApp for Android allowed targeted attacks via media files in group chats, prompting emergency configuration changes. 

HPE OneView Exploitation: Active exploitation of a high-severity remote code execution flaw (CVE-2025-37164) in HPE OneView exposed infrastructure management platforms. 

4. Regulatory, Geopolitical, and Strategic Shifts

EU Cyber Resilience Act: The European Commission defined “important” and “critical” products under the Act, creating stricter compliance for software and hardware. 

UK Public Sector Plan: The UK Government unveiled a £210m security plan aimed at protecting public services from disruption-focused attacks. 

Machine Identity Crisis: Non-human identities (NHIs) in cloud environments—such as service accounts and API tokens—have become the primary vector for breaches due to excessive privileges.  

5. Shift in Attacker Behaviours

Disruption over Profit: Hacktivist groups (notably aligned with Russian interests) are increasingly focused on, denial-of-service (DoS) attacks on critical infrastructure to cause maximum disruption rather than financial gain. 

Supply Chain Focus: Attackers are prioritizing the infiltration of third-party suppliers (e.g., in the Chinese manufacturing sector) to gain access to major tech firms like Apple.