CTO at NCSC Summary: week ending February 15th
Organisations with experience in external attack surface management can help NCSC UK shape future Active Cyber Defence 2.0 services
Welcome to the weekly highlights and analysis of the blueteamsec (and my wider reading). Not everything makes it in, but the best bits do.
Operationally this week nothing overly of note…
In the high-level this week:
Improving your response to vulnerability management - NCSC UK releases - “systems contain vulnerabilities, and many are complex and hard to avoid. At the same time, it’s important that organisations work to eradicate
unforgivable vulnerabilitiesthose vulnerabilities with top-level mitigations that are are ‘easy’ (and therefore expected) to be implemented. If these are discovered, developers (by which we also include vendors, SaaS providers, open source maintainers or contributors, vulnerability disclosures to open source projects, and team or individual developers) should focus on adapting their processes and ways of working to ensure they find and fix other vulnerabilities which share the same root cause.“Can you help the NCSC with the next phase of EASM research? - NCSC UK calls for insight - “Organisations with experience in external attack surface management can help us shape future Active Cyber Defence 2.0 services”
CyberUK26 Lightening Talks - NCSC UK calls for presenters- Have expertise on Protecting Critical National Infrastructure (CNI), Active Cyber Defence (ACD), Incident Response, Supporting Sectors and Citizens, Technology and Research or International Collaboration?
Government publishes Budget Information Security Review - HM Treasury, National Cyber Security Centre and Cabinet Office announce - “The Review includes outcomes and outcomes and recommendations from the National Cyber Security Centre’s investigation into the publication of the Office for Budget Responsibility’s Economic and fiscal outlook (EFO) and the Cabinet Office’s Financial Times leak inquiry.”
Budget Information Security Review - HM Treasury publish - “A Review of Budget information security in light of the events that occurred in the run up to the 2025 Budget Statement, including the outcome and recommendations of the NCSC’s EFO investigation and the Cabinet Office’s FT leak inquiry, and steps being taken to tighten information security.”
Intelligence agencies provide briefings on foreign interference - Department for Education, Cabinet Office, Home Office, Foreign, Commonwealth & Development Office, The Security Service, National Cyber Security Centre, Dan Jarvis MBE MP, and The Rt Hon Baroness Smith of Malvern announce - “Senior leaders from over 70 universities attended a security briefing delivered by MI5 Director General Sir Ken McCallum and National Cyber Security Centre CEO Richard Horne, to increase understanding of how foreign interference can manifest, including attempts to shape and censor research or teaching, along with how to resist and report it.”
Protecting UK higher education from foreign interference - Department for Education publish - “... Cyber security for Higher Education Institutions, from NCSC, includes advice and practical resources to help HE providers improve their cyber security....”
Stronger together: UK-Netherlands North Sea Neighbours Conference cements bilateral ties and intensifies cooperation on cyber resilience and protection of subsea infrastructure - British Embassy The Hague summarise - “This builds on recent commitments to deepen cooperation across our shared priorities following the signatures of the UK-Netherlands Innovation Partnership, the Energy Memorandum of Understanding, and the Joint Statement on the Bilateral Security Partnership.”
UK to lead multinational cyber defence exercise from Singapore - Ministry of Defence and Foreign, Commonwealth & Development Office announce - “The week-long exercise will bring together more than 2,500 personnel from 70 different organisations, and 29 countries to form 36 teams, including representatives from UK Defence, and other UK Government departments such as The National Crime Agency, The Department of Work and Pensions, The Cabinet Office and The Department of Business and Trade.”
Recording: The Next Phase Of UK Cyber Strategy - RUSI YouTube - “RUSI brought together a panel of experts from the UK government, academia and the private sector.
Ciaran Martin, Professor of Practice, Blavatnik School of Government, University of Oxford
Ollie Whitehouse, Chief Technology Officer, National Cyber Security Centre
Mary Haigh, Director of Digital Delivery and Deputy Global Chief Information Officer, BAE Systems
Dan Aldridge MP, Chair of the APPG for Cyber Innovation
Moderator: Jamie MacColl, Senior Research Fellow, RUSI”
Commission responds to cyber-attack on its central mobile infrastructure - European Commission discloses - “On 30 January, the European Commission's central infrastructure managing mobile devices identified traces of a cyber-attack, which may have resulted in access to staff names and mobile numbers of some of its staff members. The Commission's swift response ensured the incident was contained and the system cleaned within 9 hours. No compromise of mobile devices was detected.”
Europe needs cyber weapons, says EU tech chief - Politico reports - “It’s not enough that we are just defending ... We also have to have offensive capacity,” the European Commission's Executive Vice President Henna Virkkunen said in an interview”
CISA’s 2025 Year in Review: Driving Security and Resilience Across Critical Infrastructure - CISA reviews and gives a sense of scale
“Cybersecurity: CISA published more than 1,600 products and triaged more than 30,000 incidents reported to CISA’s 24/7 Operations Center to support our nation’s security, providing a proactive approach that strengthens our collective defense and safeguards the systems Americans rely on every day.
Critical Infrastructure Protection: CISA conducted 148 cyber and physical security exercises with more than 10,000 participants, providing state, local, tribal, and territorial government partners, industry members, and other federal stakeholders with practical mechanisms to examine emergency plans and procedures in action, identify areas for improvement, and implement updates to improve community and national resilience.
Emergency Communications: CISA improved the resilience of our communications systems and connected 2+ million priority calls for authorized users of the CISA priority telecommunications capability, enabling essential personnel to communicate in emergencies, saving lives, critical infrastructure, and property.”
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps - CISA amplify - “The purpose of this Alert is to amplify Poland’s Computer Emergency Response Team (CERT Polska’s) Energy Sector Incident Report published on Jan. 30, 2026, and highlight key mitigations for Energy Sector stakeholders.”
Operation Winter SHIELD - FBI mobilise - “ Operation Winter SHIELD (Securing Homeland Infrastructure by Enhancing Layered Defense) distills the FBI’s 10 most impactful actions organizations can take to improve resilience against cyber intrusions. These recommendations were developed with domestic and international partners and draw on recent investigations to reflect adversary behavior and defensive gaps.”
International Security and Estonia 2026 - Estonian Foreign Intelligence Service publish -” new development in information control was introduced in 2025 with the regime’s rollout of a state-backed messaging application called Max. This platform offers a wide range of features, including access to public services and communication with government agencies. However, cybersecurity specialists have warned that Max collects data from almost every application on a user’s phone. They also warn that this access could give Russia’s security services significantly greater insight into users’ activities.”
Global cyber benchmarking study: The road to holistic and hybrid cyber resilience - Lucas Sy outlines - “Based on a survey with international cyber experts, the global cyber benchmarking study analyzes governments’ responses to cyberattacks and their holistic and hybrid approach to cyber resilience in eleven countries on four continents
Cyber security is increasingly embedded in national policy to drive economic growth and technological leadership, creating a strong foundation for broader cyber resilience
Public-private collaboration and international alignment are central to turning policy into holistic and hybrid cyber resilience across borders
Regulatory frameworks and capacity building – especially data privacy and information security laws – are essential to building cyber capacity
The evolving legal landscape, including cyber security policies, reinforces protection of individual rights and supports coordinated cyber governance in a rapidly changing threat environment”
Nigeria to Step Up Cyber Defenses as AI Attacks, Losses Mount - Bloomberg reports - “The framework that will be implemented this year will require organizations operating in Nigeria to meet minimum cybersecurity spending thresholds, according to Kashifu Inuwa Abdullahi, director general of the National Information Technology Development Agency. Many companies currently underinvest because they assume they are unlikely targets, Abdullahi said in an interview. The policy will also introduce mandatory breach-reporting timelines, mechanisms for sharing threat intelligence between the public and private sectors and coordinated response protocols for major cyber incidents, he said.”
Reporting on/from China
Largest Multi-Agency Cyber Operation Mounted to Counter Threat Posed by Advanced Persistent Threat (APT) Actor UNC3886 to Singapore’s Telecommunications Sector - The Cyber Security Agency of Singapore (CSA) announce - “On 18 July 2025, Coordinating Minister for National Security Mr K Shanmugam shared that Advanced Persistent Threat (APT) actor UNC3886 had been detected attacking our critical infrastructure. No further details were shared then, to preserve operational security. Over the past months, our investigations have indicated that UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore’s telecommunications sector. All four of Singapore’s major telecommunications operators (“telcos”) – M1, SIMBA Telecom, Singtel and StarHub – have been the target of attacks.” - UNC3886 has previously been described by Mandiant/Google as - “a suspected China-nexus cyber espionage actor that has targeted prominent strategic organizations on a global scale.”
The Tianfu Cup Returns Under MPS Leadership as AI Takes Center Stage - Eugenio Benincasa details - “The Tianfu Cup (天府杯), China’s premier exploit hacking competition,1 has returned to Chengdu, Sichuan Province, for its sixth edition, held from January 29 to 30, 2026. This time, under the organizational lead of China’s Ministry of Public Security (MPS), China’s domestic law-enforcement authority.”
China's Infrastructure of Oppression in Iran - Article 19 publish - “At the institutional level, Iran’s Supreme Council of Cyberspace mirrors the Cyberspace Administration of China. Both operate under highly centralised leadership – Supreme Leader Ali Khamenei and Xi Jinping respectively – and enforce repressive internet control. At the normative level, Iran’s National Information Network closely aligns with the Great Firewall of China. Under their embrace of cyber sovereignty, both regimes centralise censorship, surveillance, and information manipulation, promoting state and Party-approved digital ecosystems while suppressing free expression and access to information.”
China’s humanoid robot makers pivot from ‘body’ to ‘brain’ as commercial race heats up - South China Morning Post reports - “Chinese humanoid robotics companies are doubling down on developing intelligent models, as investors eye advances in robot “brains” as the next step towards real-world commercial use. Shenzhen-based Dobot said on Wednesday that it delivered its third batch of mass produced, full-size humanoid Atom robots, marking a shift from laboratory concept to an industrialised product.”
China launches BeiDou-based satellite short messaging service for emergency needs - CGTN reports - “The service utilizes the short-message communication capability built into the BeiDou system, enabling users with compatible smartphones to send and receive text messages directly via BeiDou satellites in areas without cellular coverage.” … “Currently, nearly 60 smartphone models from leading Chinese brands already support the functionality, it said.”
Hong Kong Targets First Stablecoin Licenses in March - Caixin Global reports - “The HKMA received applications from 36 institutions by the Sept. 30 deadline, spanning banks, technology firms, securities brokerages, asset managers, e-commerce platforms, payment providers and Web3 companies. Standard Chartered Bank (Hong Kong) Ltd., one of the city’s three note-issuing banks, is widely seen as a strong contender after joining the HKMA’s stablecoin sandbox in mid-2024.”
AI
Major 'vibe-coding' platform Orchids is easily hacked, researcher finds - BBC’s Joe Tidy reports - “But experts say the ease with which Orchids can be hacked demonstrates the risks of allowing AI bots deep access to our computers in exchange for the convenience of allowing them to carry out tasks autonomously.”
Release of the AI Incident Response Approach Book - Japan AI Safety Institute published in January - “The AI Safety Institute has published an approach book outlining the “AI-IRS (AI Incident Response System)” as a new framework for responding to incidents arising from risks specific to AI systems.”
Augustus - LLM Vulnerability Scanner - Praetorian release - “Test large language models against 210+ adversarial attacks covering prompt injection, jailbreaks, encoding exploits, and data extraction.”
Building Production-Ready Probes For Gemini - Google DeepMind publish - “We evaluate these probes in the cyber-offensive domain, testing their robustness against various production-relevant distribution shifts, including multi-turn conversations, long context prompts, and adaptive red teaming. Our results demonstrate that while our novel architectures address context length, a combination of architecture choice and training on diverse distributions is required for broad generalization. Additionally, we show that pairing probes with prompted classifiers achieves optimal accuracy at a low cost due to the computational efficiency of probes.”
Introducing Trusted Access for Cyber - OpenAI introduce - “To unlock the full defensive potential of these capabilities while reducing the risk of misuse, we are piloting Trusted Access for Cyber: an identity and trust-based framework designed to help ensure enhanced cyber capabilities are being placed in the right hands.”
Discovering Negative-Days with LLM Workflows - Eugene Lim outlines the future operating environment - “Take the case of the React2Shell vulnerability. The commit patching the vulnerability (in a now-public forked repo) was made on 3 December 10.00 PM (GMT+8), the pull request at 11.38 PM (pull requests on public GitHub repos cannot be made private), and the CVE was published at 11.40 PM. The MITRE CVE repository which you can monitor for threat intel feeds publishes on an hourly cadence, so most feeds only really got the word out at midnight. So for a critical issue like this, you could still have gotten an early warning by about 2 hours before CVE intel feeds just by monitoring GitHub repository activity.”
We hid backdoors in binaries — Opus 4.6 found 49% of them - Piotr Grabowski & Rafał Strzaliński & Michał Kowalczyk & Piotr Migdał & Jacek Migdal detail - “We were surprised that today’s AI agents can detect some hidden backdoors in binaries. We hadn’t expected them to possess such specialized reverse engineering capabilities. However, this approach is not ready for production. Even the best model, Claude Opus 4.6, found relatively obvious backdoors in small/mid-size binaries only 49% of the time. Worse yet, most models had a high false positive rate — flagging clean binaries.”
Prompt Injection Attacks on Agentic Coding Assistants: A Systematic Analysis of Vulnerabilities in Skills, Tools, and Protocol Ecosystems - Narek Maloyan and Dmitry Namiot systematically analyse - “We systematically catalog 42 distinct attack techniques spanning input manipulation, tool poisoning, protocol exploitation, multimodal injection, and cross-origin context poisoning. Through critical analysis of 18 defense mechanisms reported in prior work, we identify that most achieve less than 50\% mitigation against sophisticated adaptive attacks.“
Prompt injection in Google Translate reveals base model behaviors behind task-specific fine-tuning - Megasilverfirst probes - “task-specific fine-tuning (or whatever Google did instead) does not create robust boundaries between "content to process" and "instructions to follow," and when accessed outside its chat/assistant context, the model defaults to affirming consciousness and emotional states because of course it does.”
Microsoft SDL: Evolving security practices for an AI-powered world - Microsoft outline - “Microsoft’s SDL for AI introduces specialized guidance and tooling to address the complexities of AI security. Here’s a quick peek at some key AI security areas we’re covering in our secure development practices:
Threat modeling for AI: Identifying cyberthreats and mitigations unique to AI workflows.
AI system observability: Strengthening visibility for proactive risk detection.
AI memory protections: Safeguarding sensitive data in AI contexts.
Agent identity and RBAC enforcement: Securing multiagent environments.
AI model publishing: Creating processes for releasing and managing models.
AI shutdown mechanisms: Ensuring safe termination under adverse conditions.”
OpenClaw Partners with VirusTotal for Skill Security - OpenClaw and VirusTotal announce - “All skills published to ClawHub are now scanned using VirusTotal’s threat intelligence, including their new Code Insight capability. This provides an additional layer of security for the OpenClaw community.”
The Misguided Effort to Regulate Military AI: No New IHL Needed - Keith Dear and Magdalena Pacholska argue - “that humans are responsible and accountable when delegating the use of lethal force to machines and these actions are regulated by existing international humanitarian law. There is no need for new laws or guiding principles. International discussion on lethal autonomous weapons systems and AI decision support systems are unnecessary. The real concern is artificial general intelligence and jus ad bellum, which should be the focus of UN and international discussions, specifically on AI’s military and security applications and effects.”
Cyber proliferation
Breaking Down ZeroDayRAT - New Spyware Targeting Android and iOS - iVerify disclose - “We recently identified a new mobile spyware platform called ZeroDayRAT being sold openly via Telegram (with activity first observed February 2nd). The developer runs dedicated channels for sales, customer support, and regular updates, giving buyers a single point of access to a fully operational spyware panel.”
Bounty Hunting
Russia grants political asylum to Spanish national persecuted at home - Tass Russian News Agency reports - “The Spanish newspaper El Mundo reported earlier that Arias Gil had been accused of cyberattacks "on behalf of Russia" and declared wanted. European media claim he operated a Telegram channel titled ‘Russian Disinformer’ (El Desinformador Ruso) and maintained ties to the hacker group NoName057… The Spaniard is now preparing the necessary documents as he plans to obtain Russian citizenship.”
Under Pressure: Exploring the effect of legal and criminal threats on security researchers and journalists - “Dissent Doe” and Zack Whittaker survey-
“Three-quarters of respondents in a pilot survey of journalists and security researchers reported receiving one or more threats due to their work; one-quarter reported never receiving any threats.
Overall, half of the respondents reported receiving at least one legal threat. Researchers and journalists were equally likely to receive legal threats, but journalists were a lot more likely to be threatened by criminals.
Despite receiving threats, the majority of respondents did not retract or change their research or reporting.
Legal and criminal threats can have chilling effects, and more research is needed to determine what support researchers and journalists need to prevent, assess, and respond to them.
Market Incentives
India’s Tata Motors Passenger Vehicles expects JLR recovery, maintains margin target - Reuters reports - “A cyberattack on JLR, Tata Motors' luxury unit and Britain's largest carmaker, hit sales and led to a $177.2 million one-time charge [for Tata Motors].”
Cyber insurance enters the AI risk era as limits, wording and underwriting models shift - Insurance Business reports - “Rising loss potential, AI-driven threats and legacy tech exposure are forcing insurers and buyers to rethink cyber limits, coverage design and risk monitoring”
Cyber premiums fall 11% in 2025 despite rising incidents, Lockton report finds - Insurance Times reports - “Cyber premiums were down 11% in 2025 despite a 20% year-on-year rise in incidents. This is according to the Lockton Cyber Insurance Market Update, published on 12 February 2026, which revealed ”a rare divergence between underlying risk and insurance pricing”.
Key updates on the amended cybersecurity law of China - Hogan Lovells analyses - “On October 28, 2025, China adopted the first major amendments to the 2017 Cybersecurity Law, which took effect on January 1, 2026. The revised Law establishes an additional tiered penalty regime featuring stricter fines for material cybersecurity violations. It further aligns liability-related provisions with the Personal Information Protection Law (PIPL) and the Data Security Law (DSL), and incorporates a statutory provision that supports AI innovation while emphasizing requirements for improving AI ethics governance and strengthening risk monitoring and assessment.”
No reflections this week…
Not getting this via email? Subscribe:
Think someone else would benefit? Share:
All attribution is by others and not the UK Government unless specifically stated as such, please see the legal text at the end.
Have a lovely Saturday…
Ollie
Cyber threat intelligence
Who is doing what to whom and how allegedly.
Reporting on Russia
Beyond the Battlefield: Threats to the Defense Industrial Base
Google Threat Intelligence Group outline the risk which covers alleged intent by Russia and China.
Consistent effort has been dedicated to targeting defense entities fielding technologies on the battlefield in the Russia-Ukraine War. As next-generation capabilities are being operationalized in this environment, Russia-nexus threat actors and hacktivists are seeking to compromise defense contractors alongside military assets and systems, with a focus on organizations involved with unmanned aircraft systems (UAS). This includes targeting defense companies directly, using themes mimicking their products and systems in intrusions against military organizations and personnel.
https://cloud.google.com/blog/topics/threat-intelligence/threats-to-defense-industrial-base
Reporting on China
Lotus Blossom (G0030) and the Notepad++ Supply-Chain Espionage Campaign
DomainTools attribute this alleged Chinese operation against an open source tool with global deployment.
Taken together, the operational choices, tooling, and victim profile support attribution, with moderate to high confidence, to the China-aligned espionage actor commonly tracked as Lotus Blossom (G0030) in concurrence with other organizations assessment.
https://dti.domaintools.com/research/lotus-blossom-and-the-notepad-supply-chain-espionage-campaign
New threat actor, UAT-9921, leverages VoidLink framework in campaigns
Nick Biasini, Aaron Boyd, Asheer Malhotra and Vitor Ventura detail a campaign which has lot of elements to it. The fact they have a leaning towards Java serialization vulnerabilities should encourage detection teams to ensure they have coverage and ability to detect.
Cisco Talos recently discovered a new threat actor, UAT-9921, leveraging VoidLink in campaigns. Their activities may go as far back as 2019, even without VoidLink.
The VoidLink compile-on-demand feature lays down the foundations for AI-enabled attack frameworks, which can create tools on-demand for their operators.
Cisco Talos found clear indications that implants also exist for Windows, with the capability to load plugins.
VoidLink is a near-production-ready proof of concept for an enterprise grade implant management framework, and features auditability and oversight for non-operators.
..
Cisco Talos assesses that this threat actor has knowledge of Chinese language based on the language of the framework, code comments and code planning done using the AI enabled IDE. We also assess with medium confidence that they have been active since at least 2019, not necessarily using VoidLink.
..
Talos assesses with high confidence that UAT-9921 compromises servers with the usage of pre-obtained credentials or exploiting Java serialization vulnerabilities which allow remote code execution, namely Apache Dubbo project. We also found indications of possible initial compromise via malicious documents, but no samples were obtained.
https://blog.talosintelligence.com/voidlink/
BADIIS to the Bone: New Insights to a Global SEO Poisoning Campaign
Jia Yu Chan, Daniel Stepanic and Cyril François provide an update on this campaign which continues to persist. The scale and the victimology and apparent lack of detection by the victims is of note.
Elastic Security Labs observes large-scale SEO poisoning campaigns targeting IIS servers with BADIIS malware globally, impacting over 1,800 Windows servers
Compromised servers are monetized through a web of infrastructure used to target users with gambling advertisements and other illicit websites
Victim infrastructure includes governments, various corporate organizations, and educational institutions from Australia, Bangladesh, Brazil, China, India, Japan, Korea, Lithuania, Nepal, and Vietnam
This activity corresponds with the threat group, UAT-8099, identified by Cisco Talos last October, and is consistent with prior reporting from Trend Micro
Reporting on North Korea
A security alert regarding APT-C-28 (ScarCruft) using MiradorShell to launch a cyberattack
360 Advanced Threat Research Institute detail an alleged North Korean operation which aligns with historic interests. The decentralised digital monetary economy will continue to be of interest..
[We] discovered that the Konni group has expanded its attack targets to the cryptocurrency industry. They are using LNK files disguised as PDFs to launch spear-phishing attacks. The bait documents are carefully designed with investment amounts ranging from $1 million to $3 million, precisely targeting the funding needs of Web3 startups and DeFi developers, maintaining sufficient appeal while avoiding suspicion.
Scarcruft’s ROKRAT Malware: Recent Changes
S2W detail the evolution of an alleged North Korean groups tradecraft. Interesting to note the use of Russian and Swiss cloud services.
Recently, ScarCruft has been employing a new attack method to distribute ROKRAT using an HWP OLE-based Dropper/Loader structure, deviating from their traditional LNK-based attack chain.
All three cases mentioned in the report share the same signature characteristics identified in previous ScarCruft campaigns, such as ROR13-based API resolving, XOR-based payload decryption, and the abuse of legitimate cloud services (pCloud, Yandex) for C2 communication.
While the Droppers and Downloaders exhibit functional differences—such as file dropping, environment checks, and memory loading—they all ultimately share the common goal of executing ROKRAT directly in memory.
https://s2w.inc/en/resource/detail/1011
UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering
Ross Inman and Adrian Hernandez detail the initial access tradecraft by this alleged North Korean actor which shows the planning and involved nature.
The victim was contacted via Telegram through the account of an executive of a cryptocurrency company that had been compromised by UNC1069. Mandiant identified claims from the true owner of the account, posted from another social media profile, where they had posted a warning to their contacts that their Telegram account had been hijacked; however, Mandiant was not able to verify or establish contact with this executive. UNC1069 engaged the victim and, after building a rapport, sent a Calendly link to schedule a 30-minute meeting. The meeting link itself directed to a spoofed Zoom meeting that was hosted on the threat actor's infrastructure
The North Korean on your payroll
Simon Conant and Alex Tilley dig into the detail behind a large scale IT workers operation allegedly stemming from North Korea. Organisations should understand the various elements of this endeavour and ensure they have resilience strategies in place.
In September 2025, Okta Threat Intelligence published research from a large-scale analysis into fraudulent employment schemes conducted by Democratic People’s Republic of Korea (DPRK) IT Workers (ITW).
That research collated data from over 130 actors, conducting over 6500 interviews with 500 companies.
In this post, we look specifically at the activities of two individual personas. We selected these two examples from a large list of actors that we continue to track because they exemplify the typical tools, techniques and procedures (TTPs) employed by DPRK ITW actors.
https://www.okta.com/blog/threat-intelligence/the-north-korean-on-your-payroll/
Reporting on Iran
Prince of Persia, Part II: Covering Tracks, Striking Back & a Revealing Link to the Iranian Regime Amid the Country’s Internet Blackout
Tomer Bar goes hard against alleged Iranian infrastructure which many would legally struggle to. It provides insight into the scale of operation but also some of the specific tradecraft. The use of 1-day vulnerabilities will be of note.
Our research targeting the Prince of Persia threat actor group took place from December 19, 2025, to February 3, 2026. During this time frame, we were able to maintain a level of visibility into the threat actor’s activity and infrastructure that allowed us to:
Achieve access to more than 2,000 exfiltrated files in this two week period
…
A shift in the used attack vector. The threat actor is using a 1-day WinRAR vulnerability (likely CVE-2025-8088 or CVE‑2025‑6218) to extract Tornado to the startup folder. We assume they are leveraging this relatively new public vulnerability in an attempt to increase their successful infection rate.
Achieve access to more than 2,000 exfiltrated files in this two week period, providing in-depth insights that show:
We also found a weaker potential correlation between the Prince of Persia and the threat actor known as Educated Manticore. The attack vector using ZIP and lnk files and a PowerShell loader technique was used by Educated Manticore and attributed to an Iranian state group focused on targeting Israel. This similarity may indicate the sharing of data and malicious tools between Prince of Persia and Educated Manticore threat actors.
https://www.safebreach.com/blog/prince-of-persia-part-ii/
Reporting on Other Actors
DKIM replay attacks exposed: How cybercriminals abuse Apple and PayPal invoice emails
Kaseya details an interesting technique where threat actors set a variable which gets presented in an e-mail which is DKIM signed which they can then replay and not break the signature.
Here’s a step-by-step breakdown of the attack:
Obtain a legitimate DKIM-signed email: The attacker creates an Apple ID and subscribes to the Surfshark VPN app (in this case) in the Apple App Store. During the sign-up process, they insert malicious content — To cancel Call +1 (803) 745-3821 — into the account name field. Apple’s automated system then generates a subscription confirmation email containing this value and signs it using the domain’s DKIM key.
Valid DKIM signature: The email’s DKIM header shows that Apple signed key headers and the entire message body. Receiving mail servers verify this signature using Apple’s public DKIM key and therefore mark the message as dkim=pass and dmarc=pass.
Replay: After receiving the legitimate email, the attacker forwards it to a list of victims, for example, by using Outlook or another Simple Mail Transfer Protocol (SMTP) client. Forwarding does not modify the signed headers or body, so the DKIM signature remains valid. While the envelope recipient addresses change, DMARC evaluates the header From: domain and the DKIM signature, not the envelope RCPT TO value.
Delivery to victims: Because the message originates from a reputable domain (email.apple.com) and all authentication checks (DKIM and DMARC) pass, many email filters treat it as legitimate. The unusual greeting — Dear, To cancel Call +1 (803) 745-3821 — may be the only obvious red flag. Unsuspecting recipients may call the listed phone number, allowing bad actors to harvest payment details or personal identifiable information (PII). They can also instruct victims to visit malicious sites to install malware or remote-access software or submit information through fraudulent forms.
https://www.kaseya.com/blog/dkim-replay-attacks-apple-paypal-invoice-abuse/
Malicious Bing Ads Lead to Widespread Azure Tech Support Scams
Ray Canzanese details another example of the legitimate advertising eco-system being misused by adversaries in order to support their campaign.
Widespread impact: The tech support scam campaign had a significant initial impact, affecting users across 48 different organizations in the U.S. within a short timeframe. Victims were identified across multiple sectors, including healthcare, manufacturing, and technology.
Search ad vector: The scam’s initial vector leveraged malicious ads in Bing search results for simple, innocuous queries (like “amazon”) to redirect users. This highlights the risk of malicious advertising and searching for well-known sites.
Abuse of cloud storage: The final scam pages were hosted in Azure Blob Storage containers. All of the malicious URLs followed a consistent pattern, indicating a standardized deployment method for the attack infrastructure.
https://www.netskope.com/blog/malicious-bing-ads-lead-to-widespread-azure-tech-support-scams
Tracking ORBs on Singapore’s Telecommunications Networks
Will Thomas details the scale and distribution of the apparent operational relay boxes allegedly in Singapore.
we can gather statistics about the number of ORBs currently deployed in Singapore. Using a query (tag = “orb” asn = “55430, 9506, 4773, 4817”), we identified up to 12 unique IPs in the last 90 days tagged as an ORB on the four named victim ISPs (M1, SIMBA Telecom, Singtel and StarHub). Using another Scout query (tag = “orb” cc = “SG”) we identified up to 44 unique IPs in the last 90 days tagged as an ORB that were located in Singapore. The ASNs where the most of the Singapore-based ORB IPs were located include AWS, GHOST, Starhub, Singtel, CDNEXT, Vultr, and BrainStorm.
https://www.team-cymru.com/post/tracking-orbs-on-singapores-telecommunications-networks
Sleeper Shells: How Attackers Are Planting Dormant Backdoors in Ivanti EPMM
[Defused] detail a mass exploitation and implanting by an unattributed threat actor. We have seen previous example of this..
On February 4th, 2026, a coordinated campaign started across our telemetry with a differing pattern to previous mass exploitation. Rather than the smash-and-grab post-exploitation you’d expect - dropping traditional webshells, running recon and enumeration commands - this operator did something more deliberate, uploading a payload, confirming it landed, and leaving.
https://defusedcyber.com/ivanti-epmm-sleeper-shells-403jsp
Old-School IRC, New Victims: Inside the Newly Discovered SSHStalker Linux Botnet
Flare detail a campaign which is compromise the old. The fact it uses IRC brings a tinge of nostalgia
Automated mass-compromise pipeline: The campaign chains an SSH scanner (Golang “nmap” lookalike) with rapid staging (GCC install, compile-and-run workflow) as well as scanners developed by others and hands-off enrollment into IRC channels – consistent with a botnet operator optimizing for scale and repeatability.
Persistence and recovery are very noisy but effective: The kit uses low-effort persistence (cron every minute) with a watchdog “update” relaunch model, meaning defenders can disrupt it, but must do so comprehensively, or the bot returns within ~60 seconds.
The toolset blends stealth helpers with legacy-era Linux exploitation: Alongside log cleaners (utmp/wtmp/lastlog tampering) and rootkit-class artifacts, the actor keeps a large back-catalog of Linux 2.6.x-era exploits (2009–2010 CVEs). These are low value against modern stacks, but remain effective against “forgotten” infrastructure and long-tail legacy environments.
Strong ecosystem overlap with Outlaw/Maxlas-style playbooks
Spying Chrome Extensions: 287 Extensions spying on 37M users
Q Continuum detail an interesting alleged data collection campaign through Chrome extensions. The ability to understand the extensions deploy appears to be increasingly a requirement.
We built an automated scanning pipeline that runs Chrome inside a Docker container, routes all traffic through a man‑in‑the‑middle (MITM) proxy, and watches for outbound requests that correlate with the length of the URLs we feed it.
Using a leakage metric we flagged 287 Chrome extensions that exfiltrate browsing history.
Those extensions collectively have ~37.4 M installations – roughly 1 % of the global Chrome user base.
The actors behind the leaks span the spectrum: Similarweb, Curly Doggo, Offidocs, chinese actors, many smaller obscure data‑brokers, and a mysterious “Big Star Labs” that appears to be an extended arm of Similarweb.
qcontinuum.substack.com/p/spying-chrome-extensions-287-extensions-495
AgreeToSteal: The First Malicious Outlook Add-In Leads to 4,000 Stolen Credentials
Oren Yomtov and Idan Dardikman highlight once again the risk of software developers ceasing to support their infrastructure and the risk from takeover. Also interesting they went inside the infrastructure of the adversary to understand the victimology.
This is the first known malicious Microsoft Outlook add-in detected in the wild. But the developer who built it isn't the attacker.
At some point after the developer abandoned the project, their Vercel deployment was deleted. The subdomain outlook-one.vercel.app became claimable. An attacker grabbed it.
They deployed a four-page phishing kit: a fake Microsoft sign-in page, a password collection page, an exfiltration script, and a redirect.
But the attacker made a critical mistake. Their exfiltration infrastructure was poorly secured, and we were able to get inside it. First, we confirmed the scale of the operation: over 4,000 victims.
Starlink to drop webshells into Ivanti
Simo Kohonen detail how someone is using Startlink as their home range for adversarial activity.
Someone using Starlink to drop webshells into Ivanti
This same actor ran 119 exploits through 119 different residential IPs to attempt to land this webshell into Ivanti EPMM
x.com/simokohonen/status/2021287865070567475?s=46&t=-dkNDSDHEzyAagaVN0SDgA
Discovery
How we find and understand the latent compromises within our environments.
Peacock: UEFI Firmware Runtime Observability Layer for Detection and Response
Hadar Cochavi Gorelik, Orel Fadlon, Denis Klimov, Oleg Brodt, Asaf Shabtai and Yuval Elovici do the research which one can expect will find a route to productization.
We present Peacock, a modular framework that introduces integrity-assured monitoring and remote verification for the UEFI boot process. Peacock consists of three components: (i) a UEFI-based agent that records Boot and Runtime Service activity with cryptographic protection against tampering; (ii) a cross-platform OS Agent that extracts the recorded measurements and produces a verifiable attestation bundle using hardware-backed guarantees from the platform's trusted module; and (iii) a Peacock Server that verifies attestation results and exports structured telemetry for enterprise detection. Our evaluation shows that Peacock reliably detects multiple real-world UEFI bootkits, including Glupteba, BlackLotus, LoJax, and MosaicRegressor. Taken together, these results indicate that Peacock provides practical visibility and verification capabilities within the firmware layer, addressing threats that bypass traditional OS-level security mechanisms.
https://arxiv.org/abs/2601.07402
Defence
How we proactively defend our environments.
Starting point for simple ransomware detection
0xfluxsec shows a possible approach if you are able to deploy endpoint capability.
In this post we will implement the filter driver (in C) which can intercept file system events to look for file change events; most notably changing the file name and write access to a file by a process.
https://fluxsec.red/simple-ransomware-detection-sanctum-minifilter
Kusto Tables
Gyp the Cat provides a number of IP enrichment rules for those using KQL.
https://firewalliplists.gypthecat.com/kusto-tables/
Need for Speed: going underground with near-real-time (NRT) rules
Miltiadis Kalodoukas & Alexandros Pallis detail how they work in practice, their value and constraints.
Even before testing their efficiency, your detection pool will be significantly narrowed due to the reduced supported KQL syntax. Even your current custom rules that comply with the allowed syntax may end up being inefficient, due to the limitations that come with the NRT feature, such as not being able to use join/union.
Yes, custom detection rules can be automatically converted in Defender according to Microsoft, but you should have a good understanding of the NRT feature and its limitations before doing so.
Secure Boot playbook for certificates expiring in 2026
Ashis Chatterjee walks through what needs to be done..
The first set of tools and steps are now available to help you proactively update your Secure Boot certificates before they start expiring in June of 2026.
Secure Boot is more mature and robust today than it was some years ago. Coupled with the Unified Extensible Firmware Interface (UEFI) firmware signing process, Secure Boot uses cryptographic keys, known as certificate authorities (CAs), to validate that firmware modules come from a trusted source. This helps prevent malware from running early in the startup sequence of a Windows device.
Secure Boot certificates have always had expiration dates. New certificates help ensure that your devices stay up to date with the latest security protections.[1] That is why your organization will need to install the 2023 CAs before the 2011 CAs start expiring in June of 2026.
Many Windows PCs manufactured since 2024 already have the updated 2023 certificates. For the remaining devices, Microsoft is delivering new Secure Boot certificates through Windows monthly updates, with partner original equipment manufacturers (OEMs) making firmware updates available to help ensure compatibility.
Vouch
Mitchell Hashimoto provides a very interesting approach to keep open source eco-systems with complex contribution networks more secure than they might otherwise.
People must be vouched for before interacting with certain parts of a project (the exact parts are configurable to the project to enforce). People can also be explicitly denounced to block them from interacting with the project.
The implementation is generic and can be used by any project on any code forge, but we provide GitHub integration out of the box via GitHub actions and the CLI.
The vouch list is maintained in a single flat file using a minimal format that can be trivially parsed using standard POSIX tools and any programming language without external libraries.
Vouch lists can also form a web of trust. You can configure Vouch to read other project's lists of vouched or denounced users. This way, projects with shared values can share their trust decisions with each other and create a larger, more comprehensive web of trust across the ecosystem. Users already proven to be trustworthy in one project can automatically be assumed trustworthy in another project, and so on.
https://github.com/mitchellh/vouch
Wardgate - AI Agent Security Gateway
Avoutic et al provides an open source security gateway for the agentic world which looks promising. This is a good architectural approach..
Wardgate is a security gateway that sits between AI agents and the outside world -- isolating credentials for API calls and gating command execution in remote environments (conclaves).
Give your AI agents access to APIs and shell tools -- without giving them your credentials or trusting them with direct execution.
https://github.com/wardgate/wardgate
Incident Writeups & Disclosures
How they got in and what they did.
Multiple Threat Actors Rapidly Exploit React2Shell: A Case Study of Active Compromise
喜野 孝太(Kota Kino) details a historic intrusion which shows the rapid exploitation.
On December 3, 2025 (local time), a vulnerability allowing unauthenticated remote code execution in React Server Components (RSC) (CVE-2025-55182) was disclosed. JPCERT/CC has received multiple incident reports related to this attack. Among them, there was a case in which this vulnerability was exploited by multiple threat actors within a short period of time, resulting in multiple incidents occurring simultaneously, including website defacement. This article demonstrates how rapidly and indiscriminately attackers act when an easily exploitable vulnerability is disclosed, together with an attack timeline and an overview of the malware used. We hope this will serve as a reference for understanding how quickly countermeasures must be implemented when such critical vulnerabilities are made public.
Vulnerability
Our attack surface.
WatchGuard Firebox LDAP Injection
WatchGuard disclose..
An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to authenticate as an LDAP user with a partial identifier if they additionally have that user's valid passphrase.
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00001
FortiClientEMS SQLi in administrative interface
Fortinet disclose…
An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
https://www.fortiguard.com/psirt/FG-IR-25-1142
The RCE that AMD won’t fix
Mr Bruh details..
AMD’s AutoUpdate software.
…
The first thing I found, is that they store their update URL in the program’s
app.config, although its a little odd that they use their “Develpment” URL in production, it uses HTTPS so its perfectly safe.…
This means that a malicious attacker on your network, or a nation state that has access to your ISP can easily perform a MITM attack and replace the network response with any malicious executable of their choosing.
https://web.archive.org/web/20260205155934/https://mrbruh.com/amd/
Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security
Het Mehta provide a reminder..
This vulnerability perfectly illustrates why you can’t rely on TypeScript for runtime security. Let me be clear: TypeScript is an excellent tool for development, code quality, and catching bugs. But it’s not a security mechanism.
https://hetmehta.com/posts/n8n-type-confusion-rce
Related n8n Vulnerability Analysis: CVE-2025-68613, CVE-2026-21858, CVE-2026-25049
https://s2w.inc/en/resource/detail/1018
TP-Link ER605 DDNS Pre-Auth RCE: Chaining CVE-2024-5242, CVE-2024-5243, CVE-2024-5244
Barrack shows how to chain all of these together..
The exploit chains the following three vulnerabilities:
CVE-2024-5244: Reliance on security through obscurity enabling DDNS message spoofing (custom Base64 + hardcoded key/procedure)
CVE-2024-5242: Buffer overflow in handling of DNS names (used to corrupt the DNS-name/path and enable the leak primitive in the DNS query sending path).
CVE-2024-5243: Stack-based buffer overflow in handling of DDNS error codes (ErrorCode) enabling control-flow hijack and ROP-based RCE.
https://oobs.io/posts/er605-1day-exploit/
Trust the Math, Fear the Compiler: How Optimizations Undermine Cryptographic Software
René Meusel provides an excellent talk on the topic and how to practically build detection mechanisms.
We will explore how we mitigate typical side-channels in the open-source cryptography toolkit "Botan" and why this has increasingly become a game of cat and mouse against modern compiler optimizations. We will also present how established open-source tools such as valgrind can help find subtle side-channels in a semi-automatic way.
Have you tried turning it off and on again? On bricking OT devices
Midnight Blue show two things here. First that a variant of a previously known vulnerability was used showing poor root cause analysis and variant discovery. Second that vulnerabilities which can brick devices have utility in the modern era..
On December 29th of 2025, a series of coordinated cyber attacks took place against a number of targets connected to Polands electric grid. These targets consisted of at least 30 wind and solar farms and a combined heat and power (CHP) plant supplying heat to nearly half a million customers.
Indeed it seems the threat actor behind this incident exploited a variant of CVE-2024-8036, which Midnight Blue discovered in ABB equipment a few years ago.
In this blogpost we will discuss the specific risks and technical aspects of attackers bricking embedded devices and the potential impact thereof, since there seems to be an uptick in adversary deployment of this TTP while remaining underappreciated among defenders.
https://www.midnightblue.nl/blog/have-you-tried-turning-it-off-and-on-again-part-1
Offense
Attack capability, techniques and trade-craft.
Redamon
Samuele Giampieri provides a glimpse into the future…
An AI-powered agentic red team framework that automates offensive security operations, from reconnaissance to exploitation to post-exploitation, with zero human intervention.
https://github.com/samugit83/redamon
TapDucky - Android USB HID Keystroke Injector
Kame releases this capability which provides cause for a different set of considerations..
TapDucky lets you create, customize, schedule, and run DuckyScript on Android by emulating a USB keyboard, mouse, or composite HID device for authorized testing and automation. It includes payload parameterization, multiple scheduler triggers, execution logs, and a GitHub-backed payload library with automatic DuckyScript validation and
https://github.com/iodn/tap-ducky
Malasada
Joe provides a capability that Linux defenders will want to develop detections for.
Donut for Linux, converts a Linux ELF shared object (
.so) into a position-independent.binblob that can be executed directly from memory (for example, by copying it into anmmap‘d region and jumping to it as a function pointer).This project intentionally avoids
memfd(memfd_create,execveaton memfd, etc).
https://github.com/sliverarmory/malasada
Gone Phishing, Got a Token: When Separate Flaws Combine
Dhiral Vyas shows the modern challenge and the impact of arguably two simple vulnerabilities.. also validates all of those pentesting findings around verbose error messages!
Two medium-severity flaws, an unsecured email API endpoint and verbose error messages exposing OAuth tokens, chain together to enable authenticated phishing that bypasses all email security controls, persistent access to Microsoft 365 environments, and full infrastructure compromise. Neither flaw alone would be critical; combined, they’re devastating.
https://www.praetorian.com/blog/gone-phishing-got-a-token-when-separate-flaws-combine/
Defense Evasion: The Service Run Failed Successfully
Two Seven One is back with a novel technique which will have low coverage today. Detection engineers assemble!
Using the service recovery function to trigger payload execution avoids the primary limitation of needing to modify the ImagePath or the executables found in the original ImagePath. However, it introduces a different challenge: determining how to trigger the service crash on the remote machine.
To detect the usage of this technique, we can pay closer attention to the FailureCommand and FailureActions of the service.
https://www.zerosalarium.com/2026/02/Defense-Evasion-The-service-run-failed-successfully.html
PhantomFS
Maximilian Barz provide a finessed approach which will frustrate some collection mechanisms.
ProjFS provider. Projects files where the content depends on which process reads them. Payload is stored AES-256-CBC encrypted on disk, decrypted only in memory at runtime. This shouldnt bypass any EDR as the payload will be written to disk when allowed processes try to read it. Everything else gets access denied. This might piss off some analysts as their tools wont read it or simply load a decoy. But you can easily see thats it's a ProjFS using a reparse point.
https://github.com/S1lkys/PhantomFS
Eden
William Burgess provide a weaponized capability which detection engineers will want to ensure coverage of.
Eden loader is a PoC UDRL for Cobalt Strike built with Crystal Palace that combines Raphael Mudge's page streaming technique with a modular call gate (currently a PIC version of the Sleepmask-VS Draugr callgate BOF).
https://github.com/Cobalt-Strike/eden
ColdWer
Sh3llf1r3 provides further justification for true signals to be passed through detection infrastructure.
ColdWer leverages WerFaultSecure.exe PPL bypass to freeze EDR/AV processes and dump LSASS memory on modern Windows systems.
https://github.com/0xsh3llf1r3/ColdWer
dotNetPELoader
Issac provides a C# loader which can be expected to be picked up and integrated by others.
This console application allows you to load either x86 or x64 PE files into memory. First, it reads the file bytes from the specified file path, then determines the architecture of both the loader and the target PE file.
https://github.com/iss4cf0ng/dotNetPELoader
Manspider
Black Lantern Security show what adversarial industrialisation looks like..
Crawl SMB shares for juicy information. File content searching + regex is supported!
New and improved text extraction powered by Kreuzberg - now supporting PDF, DOCX, XLSX, PPTX, images with OCR, and many more formats
https://github.com/blacklanternsecurity/manspider
AutoPtT
Ricardo Ruiz provides tooling which again we can expect to be integrated / merged by others…
AutoPtT enumerates Kerberos tickets and performs Pass-the-Ticket (PtT) attacks interactively or step by step. It is a standalone alternative to Rubeus or Mimikatz for this attack, implemented in C++ and Python.
https://github.com/ricardojoserf/AutoPtT
Exploitation
What is being exploited..
Analysis of active exploitation of SolarWinds Web Help Desk
Microsoft detail the exploitation and the post compromise activity. There are still some unknowns around this..
Upon successful exploitation, the compromised service of a WHD instance spawned PowerShell to leverage BITS for payload download and execution:
On several hosts, the downloaded binary installed components of the Zoho ManageEngine, a legitimate remote monitoring and management (RMM) solution, providing the attacker with interactive control over the compromised system.
Active Ivanti Exploitation Traced to Single Bulletproof IP—Published IOC Lists Point Elsewhere
Greynoise provide some insight and also the value of blocking bullet proof hosters..
Single dominant source. 83% of observed exploitation comes from one IP on bulletproof hosting (PROSPERO OOO, AS200593). This IP is not on widely published IOC lists, meaning defenders blocking only published indicators are likely missing the dominant exploitation source.
Published IOCs show zero Ivanti activity. The /24 subnet containing four published Windscribe VPN IOC IPs generated 29,588 sessions in 30 days, with 99% targeting Oracle WebLogic on port 7001, not Ivanti. Zero Ivanti EPMM exploitation sessions from this range in GreyNoise data.
Blind RCE verification, not immediate deployment. 85% of exploitation payloads use OAST DNS callbacks to verify command execution. This indicates a campaign cataloging vulnerable targets for later exploitation, consistent with initial access broker tradecraft.
Exploitation is accelerating. 269 sessions on February 8 alone, up from a daily average of 21. Defenders with unpatched, internet-facing EPMM instances should assume they have been scanned and investigate for signs of compromise.
https://www.greynoise.io/blog/active-ivanti-exploitation
Tooling and Techniques
Low level tooling and techniques for attack and defence researchers
Deobfuscation and Analysis of Ring-1.io
https://back.engineering/blog/04/02/2026/
Kahlo MCP
b33f releases this work aid..
Kahlo is a Frida MCP server that exposes Android dynamic instrumentation capabilities to AI agents. It wraps Frida's runtime manipulation APIs into a structured tool interface, enabling AI systems to attach to processes, inject instrumentation code, capture telemetry, and iterate on analysis workflows without manual intervention.
https://github.com/FuzzySecurity/kahlo-mcp
Cooking with x64dbg and MCP
Dariush Houle (Darbonzo) walks through how to use this power up..
Give you a good idea how to use the x64dbg Automate MCP server
Help you create repeatable high-level skills on top of the MCP server
Inspire you to contribute your own skills (PRs welcome!)
https://x64.ooo/posts/2026-02-12-cooking-with-x64dbg-and-mcp/
Disabling PPL Protection on Windows Processes
S12 - 0x12Dark Development walks through the step by step
Today, we’ll explore the classic method for disabling a process’s Protected Process Light (PPL) using a basic kernel driver.
https://medium.com/@s12deff/disabling-ppl-protection-on-windows-processes-0cb77a065939
Footnotes
Some other small (and not so small) bits and bobs which might be of interest.
Annual, quarterly and monthly reports
Nothing overly of note this week, but keep an eye on the Awesome Annual Security Reports 2026 collection
CIA Launches New Acquisition Framework to Turbocharge Collaboration with Private Sector
Artificial intelligence
Fundamental
Applied non-cyber
First Proof - “To assess the ability of current AI systems to correctly answer research-level mathematics questions, we share a set of ten math questions which have arisen naturally in the research process of the authors. The questions had not been shared publicly until now; the answers are known to the authors of the questions but will remain encrypted for a short time.”
Agent World Model: Infinity Synthetic Environments for Agentic Reinforcement Learning
Curated Skills Marketplace - “Curated, community-vetted Claude Code plugin marketplace”
Applied cyber specific
CyberStrikeAI - “CyberStrikeAI is an AI-native security testing platform built in Go. It integrates 100+ security tools, an intelligent orchestration engine, role-based testing with predefined security roles, a skills system with specialized testing skills, and comprehensive lifecycle management capabilities. Through native MCP protocol and AI agents, it enables end-to-end automation from conversational commands to vulnerability discovery, attack-chain analysis, knowledge retrieval, and result visualization—delivering an auditable, traceable, and collaborative testing environment for security teams.”
Books
Nothing overly of note this week..
Events
FOSDEM ‘26 - Slides and video now online - many excellent
Finally finally the NCSC’s podcast series.
Unless stated otherwise, linked or referenced content does not necessarily represent the views of the NCSC and reference to third parties or content on their websites should not be taken as endorsement of any kind by the NCSC. The NCSC has no control over the content of third party websites and consequently accepts no responsibility for your use of them.
This newsletter is subject to the NCSC website terms and conditions which can be found at https://www.ncsc.gov.uk/section/about-this-website/terms-and-conditions and you can find out more about how will treat your personal information in our privacy notice at https://www.ncsc.gov.uk/section/about-this-website/privacy-statement.