Top news stories this week
- Take down. Microsoft uses UK courts to take down infrastructure used for business email compromise.
- Busted. Law enforcement action against two cybercriminals who used technology for traditional illicit activities.
- Comment con. Scammers use LinkedIn comments for phishing.
- A bad apple a day. Healthcare-related cyberattacks increase patient safety risks.
- Promptly injected. Emerging LLM threats introduces critical security gaps.
- Patch party. Microsoft and others release first security patches of 2026.
1. Microsoft uses UK courts to take down infrastructure used for BEC cases
Two domains used by virtual desktop service ‘RedVDS’ were seized after Microsoft successfully filed legal action against the platform in the UK and US. RedVDs was widelyused to rent virtual machines for malicious activities including phishing campaigns, business email compromises (BECs) and general scamming practices that caused an estimated USD 40 million in losses.
So what?
The use of UK courts to take legal action against cybercrime platforms is setting a precedent. It presents an important sign to threat actors as part of the wider and continued law enforcement efforts against cybercrime groups.
[Researcher: Jenny Eysert]
2. Law enforcement action against two cybercriminals who used technology for traditional illicit activities
A 21-year-old Swedish man was arrested in Iraq for organizing "violence-as-a-service" using the criminal network Foxtrot over digital platforms to recruit minors for violent acts in real life. The gang members are also linked to the criminal organization The Com.
Separately, a Dutch national was sentenced to seven years in prison for compromising port servers in several Dutch cities to smuggle drugs into the country. The criminal used an encrypted service to provide instructions on how to deploy the backdoor malware to a port employee using a USB stick.
So what?
There is increasing overlap between traditional physical criminal activity and the use of cyberspace. Organizations should ensure they are securing physical as well as digital attack vectors.
[Researcher: Milda Petraityte]
3. Scammers use LinkedIn comments for phishing
Scammers are using the LinkedIn comment section on users' posts for fake replies that impersonate the platform, warning of bogus account restrictions due to policy violations. These comments prompt users to click on phishing links to resolve the issue. The links mimic LinkedIn's branding and sometimes use its official URL shortener (lnkd.in) to conceal the phishing link.
So what?
Threat actors exploit fear and authority as psychological triggers to provoke impulsive clicks on phishing links. Organizations must educate employees on phishing, enabling them to stay calm and respond effectively.
[Researcher: Aditya Ganjam Mahesh]
4. Breaches at healthcare providers in Belgium and US increase risks to patients
A Belgian hospital was forced to shut down due to a cyberattack, cancelling scheduled surgery, transferring critical patients and forcing other services such as emergency medical services to operate at reduced capacity.
Separately, sensitive information of over 145,000 individuals was exposed in the US as a result of a data breach at Central Maine Healthcare.
SO WHAT?
Cyberattacks in the healthcare sector not only place individuals at higher risk of fraud due to the exfiltration of sensitive information, but they can also impact patient safety if these attacks lead to operational outages.
[Researcher: Lester Lim]
5. Vulnerability in Microsoft Copilot allows data theft
Security researchers identified a prompt‑injection vulnerability in Microsoft Copilot that enabled attackers to hijack user sessions and silently exfiltrate data with a single click. A patch for the issue has been released, but threat actors are increasingly targeting LLMs for reconnaissance and exploiting weaknesses, expanding the threat landscape.
So What?
Organizations should treat LLMs as part of their core attack surface and proactively reduce risk through robust monitoring and timely patching of LLM‑related vulnerabilities.
[Researcher: Tlhalefo Dikolomela]
6. Microsoft and others release first patches of 2026
Microsoft has released its first Patch Tuesday fixes of 2026. The patches include three zero-days: one of which has been actively exploited, and another that was initially identified in October 2025 and related to compromised modems, for which Microsoft has removed vulnerable drivers. Fortinet, ServiceNow, Trend Micro, and several other organizations also released updates for vulnerabilities.
SO WHAT?
Patch and vulnerability management are still considered key foundational aspects of cybersecurity. It is critical that cyber professionals continue to prioritise timely adoption of released security patches across their organizations.
[Researcher: Steve Ross]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
