#NSBCS.109 - From the desk of the CEO | A strong, shared start to 2026

Written By Shane Bell
 

A Strong, Shared Start to 2026

The start of a new year always brings momentum, and 2026 is no exception.

Across the past 12 months, we’ve seen cyber risk continue to evolve at pace. Attacks are faster, more targeted, and more disruptive. At the same time, expectations on leadership teams have never been higher. Not just to respond, but to be meaningfully prepared.

That reality is shaping how we think, how we invest, and how we support our clients.

One thing remains constant: cyber resilience is not built in isolation. It takes collaboration. Across organisations, industries, partners, and advisors. Much like the saying “It takes a village to raise a child”, building resilience in today’s threat landscape requires shared insight, trusted relationships, and coordinated action. We call this 'One Team, One Mission'.

When incidents occur, clarity, speed, and experience matters. The difference between disruption and resilience is often determined in the earliest moments. Having the right expertise engaged, asking the right questions, and making confident decisions under pressure are paramount.

As we move into 2026, our focus is clear:

  • Staying ahead of emerging threats, not reacting to yesterday’s risks.

  • Continuing to refine our incident response capability, built on real-world experience supporting organisations through hundreds of cyber events.

  • Working closely with our partners and clients, because the best outcomes are achieved when we operate as one team.

A core part of our mission is also making cyber security accessible.

Cyber risk does not discriminate by size or sector. Not-for-profits, small and medium enterprises all face real and growing threats, yet their resources, maturity, and risk exposure can vary significantly. Our role is to meet organisations where they are, providing practical, experience-led support that is proportionate, effective, and aligned to their reality.

That means helping boards and executive teams understand cyber risk in plain language. It means ensuring that smaller organisations and community-focused entities have access to the same depth of expertise and support as larger enterprises. And it means removing unnecessary complexity so cyber becomes a business enabler, not a barrier.

We’re continuing to invest in our people, our intelligence capability, and the partnerships that allow us to deliver rapid, coordinated support when it matters most. Cyber resilience is built through experience, collaboration, and trust and that remains central to how we operate.

2026 is already moving quickly, and we’re ready.

No Steps Backward.

What we read this week

  • Malicious AI Coding Assistant Extension on VS Code Marketplace Delivers Malware - Cybersecurity researchers have identified a fraudulent Visual Studio Code extension named "ClawdBot Agent - AI Coding Assistant," which masquerades as a legitimate AI tool but deploys malware upon installation, compromising user systems. Published on 27 January 2026 and subsequently removed by Microsoft, this extension highlights the risks of unverified marketplace add-ons, with potential for data theft and further exploitation. Organisations are advised to verify extensions through official channels, implement network controls, vconduct regular audits of installed tools to mitigate such threats, and monitor for signs of compromise.

  • State Actors and Cybercriminals Actively Exploiting WinRAR Vulnerability - Russian and Chinese state-sponsored threat actors, alongside financially motivated cybercriminals, have been exploiting a high-severity vulnerability in WinRAR (CVE-2025-8088) since July 2025, enabling path traversal attacks for persistence and data exfiltration. Despite available patches, widespread exploitation continues, targeting compressed archives to bypass security controls. Users should prioritise immediate patching, scan for indicators of compromise, and implement behavioural monitoring to detect anomalous file extractions.

  • WorldLeaks Extortion Group Alleges Theft of 1.4TB Data from Nike - The WorldLeaks extortion group claims to have breached Nike's network, stealing approximately 1.4TB of sensitive corporate data encompassing 188,347 files, including internal documents and source code. Nike is currently investigating the incident, which could expose intellectual property and customer information if leaked. Companies are recommended to enhance network segmentation, deploy advanced threat detection, and prepare incident response plans for ransomware and data extortion scenarios.

  • Chinese Money Launderers Transferred Over $16 Billion in Illicit Crypto - A recent report details how Chinese money laundering networks moved more than $16 billion in illicit cryptocurrency throughout 2025, facilitating criminal activities through decentralised exchanges and obfuscation techniques. These operations underscore the challenges in regulating digital assets, with links to fraud, ransomware, and sanctions evasion. Financial institutions and regulators should strengthen anti-money laundering protocols, leverage blockchain analytics, and collaborate internationally to disrupt such flows.

  • Kimwolf IoT Botnet Infects Millions, Targets Corporate and Government Networks - The Kimwolf botnet has compromised over two million IoT devices, primarily Android TV boxes and digital photo frames, to conduct distributed denial-of-service attacks and proxy malicious traffic, with significant infiltration into corporate and government networks via residential proxy services like IPIDEA. Emerging rapidly since late 2025, it exploits vulnerabilities such as open ADB ports for propagation. Organisations must secure IoT endpoints, monitor for unauthorised devices, and restrict proxy usage to prevent participation in botnet activities.

References
Shane Bell
Next

#NSBCS.108 - From Evidence to Insight: The Role of IOCs in Cyber Investigations