The World Economic Forum’s Global Cybersecurity Outlook 2026 highlights a rapidly evolving global cyber risk landscape defined by the accelerating impact of artificial intelligence (AI), geopolitical fragmentation, rising cyber-enabled fraud, and widening disparities in cyber resilience. Cybersecurity is no longer just a technical domain but a strategic economic and societal priority as threats outpace current governance and skill levels. While AI is enabling both defenders and attackers to operate at unprecedented scale, it also introduces new vulnerability classes that organizations are only beginning to address. Geopolitical tensions are reshaping collaboration frameworks, with many organizations adapting strategies to account for state-linked attacks and supply chain pressures. Cyber-enabled fraud is emerging as a top concern for CEOs, often overshadowing traditional threats such as ransomware. Ultimately, the Outlook stresses that strengthening collective cyber resilience through collaboration, governance, and equitable access to resources is essential to mitigate systemic risk in an increasingly interconnected world.

Key Points

LINK https://www.weforum.org/publications/global-cybersecurity-outlook-2026/digest/

CISA Confirms Active Exploitation of Enterprise Software Bugs: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added four enterprise software vulnerabilities to its Known Exploited Vulnerabilities catalog after confirming evidence of in-the-wild exploitation. The affected products include Versa SD-WAN orchestration, Zimbra Collaboration Suite’s webmail interface, the Vite developer tooling framework, and others. All federal agencies must remediate or mitigate these flaws by mid-February 2026 under CISA’s risk directives, reinforcing the urgency for organizations to patch or isolate vulnerable systems to prevent unauthorized access or data exposure. LINK
https://www.bleepingcomputer.com/news/security/cisa-confirms-active-exploitation-of-four-enterprise-software-bugs/

Cisco Fixes Actively Exploited Zero-Day in Unified CM and Webex: Cisco issued patches for an actively exploited zero-day vulnerability (CVE-2026-20045) affecting Unified Communications Manager and Webex Calling Dedicated Instance products. The flaw allows unauthenticated attackers to execute arbitrary commands on affected servers due to improper input validation in HTTP requests, prompting immediate action by administrators to apply updates and reduce exposure to remote compromise. LINK
https://thehackernews.com/2026/01/cisco-fixes-actively-exploited-zero-day.html

SmarterMail Authentication Bypass Now Exploited in the Wild: A high-severity authentication bypass vulnerability in the SmarterMail email platform (CVE-2026-23760) has been observed in active exploitation shortly after its patch release. The flaw allows threat actors to reset administrator passwords via a crafted API call, enabling privileged access and potential follow-on malware deployment if systems remain unpatched. Users are urged to update immediately to the fixed build. LINK
https://thehackernews.com/2026/01/smartermail-auth-bypass-exploited-in.html

Malicious Extensions and Browser Malware Spread Across Major Browsers: Researchers uncovered widespread malicious browser extensions — some hiding JavaScript payloads in images — affecting Chrome, Firefox, and Edge and collectively downloaded by hundreds of thousands of users. These extensions harvest activity data, insert invisible iframes, bypass security headers and facilitate backdoor installations, demonstrating how extension ecosystems remain a prolific vector for malware and fraud. LINK
https://www.techradar.com/pro/security/more-malicious-browser-extensions-uncovered-chrome-firefox-and-edge-all-affected

Critical Vulnerabilities Continue to Surface in Popular Platforms: In addition to active campaigns, multiple critical high-severity flaws are driving risk across enterprise and open-source systems. For example, a maximum-severity remote code execution bug known as “Ni8mare” (CVE-2026-21858) in the n8n automation platform allows unauthenticated attackers to steal API keys and credentials if instances are exposed online, while legacy router and WordPress plugin flaws worsen the threat landscape for unpatched infrastructure. (See security advisories) LINK
https://packetwatch.com/resources/threat-intel/cyber-threat-intelligence-report-01-12-2026/

Fortinet Confirms Active FortiCloud SSO Exploitation: Fortinet has verified that threat actors are actively exploiting a vulnerability in FortiCloud single sign-on (SSO) infrastructure, with targeted attacks aiming to gain initial access to enterprise networks and cloud services, underscoring the urgency of patch application and multifactor authentication enforcement. LINK https://thehackernews.com/2026/01/fortinet-confirms-active-forticloud-sso.html

Kazakhstan Weighs Criminal Liability for Mass Personal Data Leaks: Kazakhstan’s Ministry of Artificial Intelligence and Digital Development has proposed legislation to introduce criminal penalties for mass leaks of personal data and significantly raise administrative fines for information security violations. The draft measures aim to enforce a “zero tolerance” policy on mishandling citizens’ digital data following a series of high-profile breaches in recent years. LINK https://timesca.com/kazakhstan-considere-criminal-liability-for-mass-leaks-of-personal-data/

DLA Piper GDPR Fines and Data Breach Survey Highlights Enforcement Trends: The latest annual survey from global law firm DLA Piper reveals that European GDPR enforcement remains robust, with supervisory authorities issuing approximately €1.2 billion in fines in 2025 and averaging more than 400 daily data breach notifications—an indicator of both increased reporting and regulatory scrutiny across sectors. LINK https://www.theregister.com/2026/01/22/europes_gdpr_cops_dished_out/

Investigative Report on Corruption Published by OCCRP: The Organized Crime and Corruption Reporting Project (OCCRP) published new investigative findings detailing global corruption networks, financial flows, and vulnerabilities exploited by transnational actors, shedding light on systemic risks at the intersection of crime and governance. LINK
https://bsky.app/profile/occrp.org/post/3mck5zyimb524

Ireland Plans Law Enforcement Spyware Oversight: Irish authorities are drawing up plans to regulate the use of spyware by law enforcement, aiming to strike a balance between investigative capabilities and civil liberties amid growing use of surveillance tools in digital investigations. LINK
https://therecord.media/ireland-plans-law-enforcement-spyware

Google and YouTube Settle Privacy Lawsuit: Alphabet’s Google and YouTube have reached a settlement in a class action privacy lawsuit alleging misuse of user data, a development that could have implications for data governance practices across major platforms. LINK https://therecord.media/google-youtube-lawsuit-settle

AI Framework Flaws Expose Enterprise Cloud Risks: Researchers have identified weaknesses in widely used AI framework security models that could be abused to compromise enterprise cloud environments, prompting calls for stronger design and operational controls in AI deployments. LINK https://www.theregister.com/2026/01/20/ai_framework_flaws_enterprise_clouds

UK Government Warns of Ongoing Russian Hacktivist Group Attacks: The UK government issued an alert about continued activity from a Russian hacktivist group targeting infrastructure and public-facing services, reinforcing the need for vigilance across critical sectors. LINK https://www.bleepingcomputer.com/news/security/uk-govt-warns-about-ongoing-russian-hacktivist-group-attacks/?&web_view=true

Canada CIRO Investing Regulator Confirms Data Breach: Canada’s Capital Markets Regulatory Authority confirmed a data breach affecting confidential information, urging affected parties to assess potential risks and notify impacted individuals in compliance with regulatory standards. LINK https://therecord.media/canada-ciro-investing-regulator-confirms-data-breach

FBI Warns Microsoft BitLocker Users to Secure Recovery Keys: The FBI is advising Windows laptop users to safeguard Microsoft BitLocker recovery keys after reports that threat actors are obtaining them through phishing and malware campaigns, potentially enabling full disk access and persistent compromise of business and personal systems. LINK https://hackread.com/fbi-windows-laptops-microsoft-bitlocker-recovery-keys/

LinkedIn DMs Trojanized with Malicious PDF Tools: Researchers have identified a Trojan spread through LinkedIn direct messages that leverages malicious PDF tools to deliver payloads to targets, emphasizing the continued use of professional networks as attack vectors for distributing malware to interconnected enterprise and personal accounts. LINK https://hackread.com/hackers-linkedin-dms-pdf-tools-trojan/

New Zealand Privacy Commissioner Launches Inquiry Into Manage My Health Breach: New Zealand’s Privacy Commissioner has announced a formal inquiry into the Manage My Health cyber-security breach after the patient portal platform notified regulators of a serious incident affecting sensitive healthcare information. The inquiry will assess whether appropriate safeguards were in place and examine the firm’s breach response, including mitigation steps and communication with affected agencies and individuals under the Privacy Act. Health agencies and primary providers are coordinating notifications to patients, and regulators plan to evaluate systemic weaknesses exposed by the breach and what steps must be taken to prevent future incidents involving highly sensitive health data. LINK https://www.privacy.org.nz/tuhono-connect/statements-media-releases/privacy-commissioner-inquiry-into-manage-my-health-breach/

Stolen SagaEVM Funds Traced to Tornado Cash After Exploit: A significant portion of approximately $7 million in crypto stolen in an exploit against the SagaEVM blockchain has been traced to deposits into Tornado Cash, a privacy mixer that obscures transaction trails. Blockchain analytics firm CertiK reports that $6.2 million of the stolen assets—spread across ETH, USDC, yUSD, and tBTC—were moved into the mixer using multiple wallets, complicating efforts to track or recover the funds. The incident underscores ongoing challenges in DeFi security and the use of privacy tools by threat actors to launder large sums post-exploit. LINK https://www.cryptopolitan.com/saga-exploit-land-on-tornado-cash/

Tech Industry Champions China’s Digital Innovation Goals: A senior Chinese government official outlined national priorities for digital transformation, highlighting cybersecurity, data sovereignty, and technological self-reliance as central objectives for the next phase of economic and industrial growth. The policy brief emphasizes greater domestic capacity in secure software and information infrastructure, aligning with broader strategic plans to reduce reliance on foreign technology providers while supporting innovation across AI, cloud computing, and digital services. LINK http://english.scio.gov.cn/pressroom/2026-01/21/content_118292288.html

Under Armour Confirms Awareness of Data Breach Claims After 72M Records Posted Online: Athletic apparel giant Under Armour acknowledged it is aware of claims that data from approximately 72 million customer records was posted online. While the company has not confirmed unauthorized access or systemic compromise, it is investigating the matter, including whether the exposed information originates from its systems. Under Armour emphasized it has not determined the authenticity of the posted data and continues working with security experts to assess potential impacts and necessary mitigation. LINK https://techcrunch.com/2026/01/22/under-armour-says-its-aware-of-data-breach-claims-after-72m-customer-records-were-posted-online/

Voice Phishing Kits Sell Illicitly on Cybercrime Markets, Register Reports: Organized cybercriminals are selling sophisticated voice phishing (vishing) toolkits online, enabling less experienced attackers to mount social engineering campaigns by impersonating trusted entities over phone networks. The proliferation of vishing kits with built-in scripting, spoofing, and automation features represents a worrying evolution in fraud-oriented cyber threats, blurring lines between technical and social attack vectors at scale. LINK https://www.theregister.com/2026/01/22/crims_sell_voice_phishing_kits/

Hackers Exploit Security Testing Apps to Breach Fortune 500 Firms: Cybercriminals are abusing legitimate security testing applications as part of multi-stage intrusion campaigns targeting Fortune 500 companies. By co-opting trusted tools, attackers are bypassing traditional defenses and moving laterally within enterprise environments, prompting renewed focus on monitoring and controlling the use of privileged testing software in production networks. LINK https://www.bleepingcomputer.com/news/security/hackers-exploit-security-testing-apps-to-breach-fortune-500-firms/?&web_view=true

HelpNetSecurity: Geopolitical Tensions Heighten Cyber Risk Landscape: A HelpNetSecurity analysis highlights how geopolitical conflicts are intensifying cyber threat activity, with state-aligned actors and proxy groups increasingly exploiting global tensions to justify offensive cyber operations, influence campaigns, and digital espionage across borders. LINK https://www.helpnetsecurity.com/2026/01/19/cybersecurity-geopolitical-tensions/

TechCrunch: TikTok Users Alarmed Over Immigration Data Collection Concerns: TikTok users have reacted strongly to reports alleging the app collects information related to immigration status and third-party app usage, prompting debates over privacy practices, data minimization, and regulatory scrutiny in multiple jurisdictions. LINK
https://techcrunch.com/2026/01/23/tiktok-users-freak-out-over-apps-immigration-status-collection-heres-what-it-means/

Europol has outlined a practical, risk-based framework to help organisations prioritise post-quantum cryptography (PQC) migration as quantum threats grow. Instead of a “rip and replace” approach, the guidance focuses on scoring systems by risk and effort, so security teams can tackle the highest-impact areas first and build a realistic migration roadmap. LINK (https://www.helpnetsecurity.com/2026/01/22/europol-post-quantum-cryptography-migration/)

Key Points

Generative AI is transforming cybersecurity at unprecedented speed. For UK organisations, it represents a powerful opportunity to modernise Security Operations Centres (SOCs) through intelligent automation, predictive threat detection, and faster decision-making. At the same time, it is enabling a new class of highly sophisticated cyber threats, AI-driven phishing, adaptive malware, and LLM-engineered exploits that challenge traditional defences.

REGISTER HERE

If you would like to sponsor any of our future in person or virtual events then please email us on [email protected]

We hope you enjoyed our email briefing! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our LinkedIn Group.