This Week's Top Five Stories in Cyber
Why has China Banned a Host of Major Cybersecurity Firms?
Amid accusations of hacking and cyberwarfare, China has reportedly banned the use of cybersecurity software from a host of major US and Israeli firms.
The ban has been justified under “national security concerns”, according to Reuters, as the Chinese authorities worry software could “collect and transmit confidential information abroad” as the geopolitical and trade standoff between US and China intensifies under US President Donald Trump.
Those banned include CrowdStrike, Palo Alto Networks, Fortinet, Wiz, Check Point, Broadcom (VMware), SentinelOne, Recorded Future, Claroty, McAfee, Rapid7, Google (Mandiant), Orca, CyberArk, Imperva and Cato Networks.
CrowdStrike, CheckPoint and Palo Alto networks have previously published material that implicates China in global hacking efforts, which the authorities vehemently deny.
Palo Alto Networks: Inside the Winter Olympics of Cybercrime
The Olympic Winter Games – this year hosted in Milano-Cortina – is an event adored by billions.
Despite being a stellar showcase of sportsmanship, it could also sadly be an icy battleground of cybercrime.
Palo Alto Networks' Unit 42 Cyber Vigilance Threat Report looks at patterns from recent years.
From disrupted WiFi and digital infrastructure at PyeongChang 2018 to attempted sabotage of pre-Games activities in Tokyo 2020 by Russian threat actors and the extreme spike in DDoS attempts, and even Olympics-themed phishing attempts and scam traffic during the 2024 Paris Olympics, the 2026 Winter Games could be a hot bed for malicious cyber activity
With three billion keen eyes expeected on the Milano-Cortina 2026 Winter Games, Unit 42 says that “cyber threat actors are going for gold”.
Check Point: Ransomware up 60% as Gen AI Data Risk Soars
Cyber threats in 2025 were numerous, but nothing quite reached the volume, scale and damage intensity of ransomware attacks.
The December 2025 Global Cyber Attack Statistics from Check Point reveals that, on average, organisations were attacked 2,027 times per week – up 9% compared to December 2024.
In the UK alone, each organisation suffered 1,440 cyber attacks per week, a rise of 39%.
A Russian group of cyber criminals calling themselves Qilin, which offers Ransomware-as-a-Service (RaaS), was the most active group in December according to the study. Research shows it was responsible for almost one in five (18%) publicly-disclosed ransomware attacks.
WEF: Financial Services Must Look to AI for Cybersecurity
The World Economic Forum's (WEF) Global Cybersecurity Outlook 2026 shows the financial services sector is significantly lagging behind in the use of AI to mitigate cybersecurity risks.
Finserv companies are failing to become a leader in any of the five key use cases identified by the WEF. The gap could expose the industry to increasingly sophisticated threats at a time when bad actors are leveraging AI to make their attacks more complex and difficult to defend.
The results are based on extensive interviews with global business leaders, with the findings revealed at WEF's Annual Meeting in Davos, where the world's business, government and academic leaders are congregating.
The survey of 804 leaders, including 316 Chief Information Security Officers, 105 CEOs and 123 other C-level executives including Chief Risk Officers and Chief Technology Officers, spanned 92 countries.
Sophos: What is the TamperedChef Malvertising Campaign?
Ever heard of EvilAI? It is not a sci-fi movie, but a prominent malware campaign that finds its way into user systems camouflaging as AI productivity tools and software.
Globally targeted, the campaign leverages AI written code to deploy advanced infostealers that mimic legitimate software and evade detection.
The infostealer β dubbed TamperedChef β found its way into systems via a trojanised PDF editing application called AppSuite PDF Editor, distributed globally through Google Ads and SEO poisoning.
It targeted Windows devices, featuring multiple advanced tactics such as delayed activation, decoy software, staged payload delivery, abuse of code-signing certificates and efforts to evade endpoint protection mechanisms.
