Kirsten Doyle

ReliaQuest’s 2026 Annual Threat Report reveals that 2025 saw an unparalleled escalation in AI- and automation-facilitated cyberattacks. Incident data from 2024 was compared to 2025, and ReliaQuest found that threat actors are now faster than ever. To remain ahead of the curve, security practitioners will need to adopt AI in their own defense or be left behind. AI Increased Attack Speeds Dramatically In 2025, AI not only increased attack speeds, but it also did so much more efficiently and intelligently. Malefactors were able to automate and deploy AI to create sophisticated phishing attacks at a scale previously unattainable.  This resulted in achieving lateral movement within as few as four minutes (an…

A UK solicitor is under investigation for allegedly violating client confidentiality and waiving legal privilege after they confessed to uploading their clients’ confidential documents to ChatGPT.   This is in line with a warning issued by the Upper Tribunal that the use of open AI tools in such a manner may violate client confidentiality and waive legal privilege. This is a concern for the legal profession regarding the misuse of AI. In a decision heard in November, but only published recently, the judgment said: “Legal professionals are obliged to ensure that legal arguments which are presented to the First-tier Tribunal or Upper Tribunal are factually…

New evidence indicates that the North Korean state-sponsored Lazarus Group has adopted the infamous Medusa ransomware in its extortion attacks, including those against the healthcare and nonprofit sectors.  The Threat Hunter Team from Symantec and Carbon Black says these attacks have been increasing since Medusa’s launch in 2023 as a “ransomware-as-a-service” (RaaS) tool.   The malware, operated by a cybercrime syndicate named Spearwing, has been used in over 360 known attacks, including against critical sectors, where it encrypts data and threatens to publish the data if a ransom is not paid. Analysis of Medusa’s leak site indicates that recently, attacks have been reported against four US healthcare…

Cyber Risk is now a standing item in most boardrooms. You’ll find it in annual reports, audit committees, and regulatory filings. And still, cyber risk is not being addressed. Not because boards don’t care, or because CISOs are not reporting. But because something fundamental is still not working between security and governance. We posed these three questions to six leading minds in the field of cyber security and risk: What we got back was convergence. But within that convergence were sharp distinctions about governance, AI, trust, financial modeling, and accountability. The Biggest Misunderstanding: Cyber Is Still Treated as an IT Problem Despite years of awareness…

PayPal has disclosed a data breach that exposed some of its customers’ personal information and led to fraudulent transactions.  The company said it happed due to an error in its PayPal Working Capital (“PPWC”) loan application, an offering that gives businesses a cash advance based on their PayPal sales history. Between 1 July and 13 December 2025, the PII of a small number of customers was exposed to bad actors. PayPal added that it has since rolled back the code change responsible for this error. Types of data exposed include, full names, email addresses, phone numbers, mailing addresses, dates of birth, and SSNs. PayPal insisted that no financial account information, login credentials, passwords, and credit card…

Malware-fuelled ATM “jackpotting” attacks are surging across the United States, with the FBI warning that incidents have spiked sharply in 2025.  In a recent alert, the Bureau said it has recorded around 1,900 ATM jackpotting incidents since 2020. Alarmingly, more than 700 of those cases (representing over $20 million in losses) have happened this year alone. The bureau is now urging financial institutions and ATM operators to review their security controls and implement stronger mitigation measures. Bypassing Authentication Entirely At the centre of many of these attacks is the Ploutus family of malware. Ploutus targets the eXtensions for Financial Services (XFS) layer, the software interface that tells…

A bug has been causing Microsoft Copilot to read and summarise users’ confidential emails, and it’s been happening since late January. Microsoft says the issue stems from a code error that bypassed data loss prevention (DLP) policies designed to stop sensitive information from being accessed in the first place. It was first reported by BleepingComputer.  “Users’ email messages with a confidential label applied are being incorrectly processed by Microsoft 365 Copilot chat,” Microsoft said. Copilot Chat (Microsoft’s AI assistant built into Microsoft 365) debuted in September for business customers across Word, Excel, PowerPoint, Outlook, and OneNote. The idea is simple: let users interact with AI agents inside the tools they use every day. But in…

Abnormal has discovered a new phishing kit that allows bad actors to steal usernames and passwords with a toolkit that spoofs live login pages and bypasses multi-factor authentication (MFA) protections. Most phishing kits depend on static HTML clones of login pages, which, while effective, are inherently fragile. Even a small interface update from the brand being impersonated can instantly reveal the deception.  “A new framework called Starkiller (not to be confused with the legitimate BC Security red team tool of the same name) takes a different approach,” Abnormal researchers said. A Commercial-grade Platform It is being sold openly as a commercial-grade cybercrime platform by…

CISA has warned that a critical security vulnerability (CVE-2026-1670) has been identified in four Honeywell CCTV camera models.  “Successful exploitation of this vulnerability could lead to account takeovers and unauthorized access to camera feeds; an unauthenticated attacker may change the recovery email address, potentially leading to further network compromise,” the advisory said. The flaw is classified as “missing authentication for critical function” and has been given a CVSS severity score of 9.8. According to CISA, the vulnerability stems from an unauthenticated API endpoint that lets bad actors remotely change the “forgot password” recovery email address associated with a camera account. CISA advises users to take proactive steps to reduce the…

Security researchers at ESET have uncovered what they describe as the first known case of Android malware abusing generative AI to manipulate a device’s user interface in real time. Dubbed PromptSpy, the newly identified malware family uses Google’s Gemini to analyze on-screen content and dynamically guide malicious actions. While machine learning has previously been used in Android threats (including a recent case discovered by Dr.Web involving ad fraud automation)  this is the first documented instance of GenAI being embedded directly into malware execution flow.  According to the researchers, PromptSpy is the second AI-powered malware they have found, the first one being PromptLock in August last year, which was the first known instance of AI-powered ransomware. Unlike traditional Android malware, which relies on hardcoded…