UK to introduce Under-16 Social Media Ban from Spring 2027

The UK government will introduce a ban o under-16s from major social media platforms, with regulations due before Christmas and enforcement expected in spring 2027. The rules will require platforms to age-check users, meaning new accounts may need ID uploads, facial age scans or other verification methods to prove users are over 16.

The ban is expected to apply to platforms such as Instagram, TikTok, Snapchat, YouTube, Facebook and X, while messaging services such as WhatsApp and Signal are excluded. High-risk features, including livestreaming and contact from strangers, will also face tighter controls for children and, by default, 16- and 17-year-olds.

However, privacy and security experts warn the system could be bypassed with VPNs, while creating new risks around identity documents and biometric data. Critics argue the measures may reduce anonymity online without fully preventing determined under-16s from accessing social platforms.

Ukraine granted access to EU Cybersecurity Reserve

Ukraine can now activate emergency EU cyber support in response to major cyber-attacks and incidents affecting its organisations and businesses. The Council of the EU approved Ukraine’s inclusion in the EU Cybersecurity Reserve on 16 June, despite the country not yet being an EU member state.

Managed by ENISA, the Reserve provides incident response support from 47 trusted private providers, all of which have passed ownership control assessments to confirm they are not controlled by non-EU entities. The initiative is backed by the EU Cyber Solidarity Act, which came into force in February 2025, and forms part of the Digital Europe Work Programme 2025-2027, with €36m allocated to strengthening cyber threat response and reporting.

European Commission Executive Vice-President Henna Virkkunen said Ukraine’s inclusion reinforces collective cyber defences and European solidarity. Moldova, another non-EU state, joined the Reserve in 2024.

FortiBleed exposes 75,000 Fortinet Firewalls in global cyber campaign

A major cyber espionage campaign has reportedly compromised Fortinet firewalls and VPN gateways at huge scale, exposing how trusted perimeter devices can become entry points for attackers. Research suggests threat actors targeted 73,932 firewall URLs across 194 countries, affecting 21,632 unique domains.

The campaign involved extensive credential attacks, including over one billion attempts against FortiGate targets. Attackers allegedly intercepted SSL VPN authentication hashes, cracked them using a 45-GPU cluster and then pivoted into internal Active Directory environments to gain deeper access. Confirmed compromises reportedly affected organisations in Japan, Taiwan, Vietnam, Iraq and Turkey, including a Turkish NATO defence contractor.

The incident highlights the limits of password complexity when credentials are stolen or cracked offline. Organisations should remove public exposure of management interfaces, rotate credentials, enforce MFA, update FortiOS and investigate for backdoors or suspicious admin activity.

Kodak Investigates Data Breach as ShinyHunters Claims Attack

Kodak has confirmed it is investigating a security breach after an unauthorised third party gained temporary access to a limited amount of company data. The company said it has engaged external cyber security experts to determine what information was accessed and copied, while also working with law enforcement.

Kodak said there is currently no threat to its systems or operations, but has not confirmed whether its internal network was breached or how attackers gained access. The ShinyHunters extortion group has claimed responsibility for the incident, alleging it stole more than 2.2 million records containing customer personally identifiable information and internal corporate data.

The group has threatened to leak the data if Kodak does not respond. ShinyHunters has previously claimed attacks against Salesforce customers, Snowflake users and organisations affected by Oracle PeopleSoft data-theft incidents, highlighting the growing risk posed by third-party and enterprise software compromise.

DragonForce Hides Malware Traffic Inside Microsoft Teams Infrastructure

DragonForce ransomware has been observed using a custom Go-based backdoor, known as Backdoor.Turn, to hide command-and-control traffic inside Microsoft Teams relay infrastructure. According to researchers, the malware abuses the TURN protocol used by Teams when direct client connections are unavailable, making malicious traffic appear as if it is linked to trusted Microsoft services.

The attack, seen against a major US services company, likely began through exploitation of an SQL or MSSQL server. Once inside, the attackers created rogue users, changed firewall rules, used vulnerable drivers to disable security tools and deployed DragonForce ransomware after exfiltrating data.

Backdoor.Turn is believed to be the first known malware seen in the wild abusing Microsoft Teams TURN relays for command-and-control. Its capabilities include command execution, network scanning, Active Directory searches, browser credential theft and TLS certificate capture, highlighting DragonForce’s increasingly sophisticated tradecraft.

African Organisations Face Nearly 3,000 Cyber Attacks per Week

African organisations remain under intense cyber pressure, with Check Point Research reporting close to 3,000 attacks per organisation each week in May 2026. This places Africa above the global average of 2,055 weekly attacks and behind only Latin America as the world’s most targeted region.

Angola and Nigeria faced the heaviest assault, recording 4,046 and 3,941 weekly attacks per organisation respectively. Ethiopia, Zimbabwe, Mozambique, Kenya and South Africa also saw sustained activity. While overall attack volumes in Africa fell year-on-year, researchers warned this should not be mistaken for reduced risk, as attackers are adapting their timing and techniques.

Ransomware remains a major concern, with Business Services and Financial Services among the most targeted sectors. Government and telecoms organisations also faced concentrated pressure, while AI is increasing both productivity and risk, particularly through data leakage, phishing, credential theft and faster data exfiltration.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.