IMF warns AI cyber attacks could trigger global financial crisis

The International Monetary Fund (IMF) has warned that AI-powered cyber attacks could trigger a worldwide financial crisis if organisations fail to strengthen their cyber resilience. According to the IMF, the growing use of shared cloud infrastructure across banking, energy, telecommunications and public services means a single successful attack could create widespread disruption across multiple sectors at once.

The warning follows mounting concern around Anthropic’s AI model Mythos, which has demonstrated the ability to identify software vulnerabilities at scale. Regulators and cybersecurity experts fear increasingly advanced AI models could allow even non-experts to exploit weaknesses faster and more effectively than ever before.

Bank of England governor Andrew Bailey recently warned that AI could “crack the whole cyber risk world open”, while the IMF stressed that cyber threats “do not respect borders”, leaving emerging economies particularly exposed.

The organisation urged businesses to improve governance, visibility, business continuity planning and cyber hygiene, warning that attackers are already leveraging AI to scale operations at unprecedented speed.

Microsoft releases fixes for 120 security flaws in May Patch Tuesday

Microsoft’s May 2026 Patch Tuesday has delivered security updates for 120 vulnerabilities across Windows, Microsoft Office and other products, including 17 classified as Critical. While no zero-day vulnerabilities were disclosed this month, several flaws carry significant risk and should be prioritised by IT and security teams.

Among the most concerning are multiple remote code execution vulnerabilities affecting Microsoft Office, Word and Excel. Many of these flaws can be triggered simply by opening or previewing malicious files, making phishing campaigns and weaponised attachments a major concern for organisations.

Other notable vulnerabilities include a Windows GDI flaw exploitable through malicious EMF files, a SharePoint Server remote code execution vulnerability enabling authenticated attackers to execute code remotely, and a Windows DNS Client flaw where crafted DNS responses could allow remote compromise.

The Patch Tuesday release comes amid a broader wave of vendor advisories from Adobe, Apple, Cisco, Fortinet, Google, Ivanti, Palo Alto Networks and SAP, highlighting the relentless pace of vulnerability disclosure across the cybersecurity landscape. Organisations are strongly advised to prioritise patching, review exposed systems and ensure robust vulnerability management processes are in place.

South Africa records world’s highest cyberattack rate amid growing identity security concerns

South African organisations are facing escalating cybersecurity pressures after new research revealed the country recorded the highest global rate of cyberattacks in 2026. According to researchers, 36% of South African organisations experienced cyber incidents, while many businesses still lack the visibility and identity controls needed to defend against increasingly sophisticated threats.

The report found that 79% of organisations do not have complete oversight of user identities and access permissions, creating significant exposure around privileged accounts, password security and third-party access. At the same time, 71% of organisations have yet to implement a Zero Trust strategy, despite identity increasingly becoming the primary attack surface for cybercriminals.

Credential theft, phishing and password-based attacks continue to target sectors such as financial services, where large volumes of sensitive customer data make organisations attractive targets.

While many businesses plan to increase cybersecurity spending and explore AI-driven security capabilities, experts warn that investment alone will not solve the issue without stronger identity governance, visibility and access management foundations.

ICO fines South Staffordshire Water £963,900 following major cyberattack and data exposure

The UK Information Commissioner’s Office (ICO) has fined South Staffordshire Water Plc and parent company South Staffordshire Plc £963,900 after a cyberattack exposed the personal data of more than 633,000 customers and employees. The regulator said the breach highlighted “serious failures” in the organisation’s cybersecurity and data protection practices.

According to the ICO, attackers initially gained access through a phishing attack before deploying malware that remained undetected for almost 20 months. Between May and July 2022, threat actors escalated privileges across the network and obtained domain administrator access before the compromise was finally discovered following IT performance issues.

The exposed data included names, addresses, contact details, dates of birth, bank account information, customer credentials and employee HR records, including National Insurance numbers.

The ICO identified several major security failings, including poor vulnerability management, outdated systems such as Windows Server 2003, inadequate monitoring coverage and insufficient controls to prevent privilege escalation. The regulator said these weaknesses left customers and employees vulnerable for nearly two years.

The case serves as another reminder that weak cyber hygiene, legacy infrastructure and poor visibility continue to create significant operational, regulatory and reputational risk for organisations handling sensitive data.

Foxconn confirms cyberattack as Nitrogen ransomware group claims major data theft

Electronics manufacturing giant Foxconn has confirmed that several of its North American facilities were impacted by a cyberattack, following claims from the Nitrogen ransomware group that it stole more than eight terabytes of sensitive company data.

According to researchers, the attackers claim to have exfiltrated over 11 million files, including alleged technology schematics linked to major global firms. Foxconn has not confirmed the extent of the breach or validated the attackers’ claims, but stated that cybersecurity response measures were immediately activated to maintain production and delivery operations.

Nitrogen is a double-extortion ransomware group that emerged in 2024 and has increasingly targeted manufacturing, industrial and supply chain organisations. Rather than focusing solely on large enterprises, the group often attacks smaller or mid-sized suppliers with weaker security controls, allowing threat actors to disrupt wider supply chains indirectly.

Security researchers recently linked Nitrogen to Bring Your Own Vulnerable Driver (BYOVD) techniques, where attackers exploit legitimate but vulnerable drivers to disable endpoint security tools and evade detection.

The incident highlights the growing cyber risk facing global manufacturing and technology supply chains, where operational disruption, intellectual property theft and third-party compromise remain major concerns.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.