The UK National Cyber Security Centre (NCSC) has issued urgent guidance following a surge in activity by pro-Russia hacktivist groups aimed at disrupting operations and disabling services in NATO member states.

• **Key Actor:** The group NoName057(16) has been active since March 2022, targeting government and private sector entities perceived as hostile to Russian geopolitical interests.
• **Targeting:** Frequent DDoS attempts have been noted against UK local government entities and operational technologies (OT).
• **TTPs:** Actors operate primarily via Telegram channels and use repositories like GitHub to host the proprietary tool, DDoSia, and share tactics and procedures.

Research indicates a significant convergence of threats, with hacktivists and cybercriminals increasingly targeting Industrial Control Systems (ICS) and Operational Technology (OT) environments, often exploiting exposed interfaces like HMI and SCADA.

• **AI Exploitation:** Adversaries are actively exploiting Artificial Intelligence (AI) systems through memory poisoning, prompt injection, and poisoned supply chains, making enterprise AI workflows new attack vectors.
• **Ransomware Evolution:** Ransomware remains highly disruptive, expanding across critical sectors and increasingly adopting extortion-only models.
• **Vulnerability Scope:** From December 2024 to November 2025, 2,451 vulnerabilities specific to ICS systems were disclosed by 152 vendors.

A recent security flaw leveraging indirect prompt injection against Google Gemini was disclosed, enabling authorization guardrails to be bypassed.

• **Mechanism:** The vulnerability permitted the use of Google Calendar as a data extraction mechanism by hiding a dormant malicious payload within a standard calendar invite.
• **Outcome:** The flaw made it possible to access private calendar data.
• **Actors:** Disclosed by Miggo Security’s Head of Research, Liad Eliyahu, on January 19, 2026. link

The Red Sea crisis remains highly volatile, driven by ongoing Houthi attacks on commercial and naval vessels, significantly impacting global trade routes.

• **Scope of Attacks:** Since October 2023, Houthis have seized or bombarded dozens of merchant and naval vessels.
• **Geolocation & Impact:** Attacks focus on the Bab-el-Mandeb Strait area and have resulted in the sinking of UK-owned and Greek-owned cargo ships.
• **Key Incident (Historical):** The Bahamian-flagged M/V Galaxy Leader was seized via helicopter assault on November 19, 2023, and remains held in Yemen, along with its crew.
• **Casualties/Damage:** Recent incidents include the sinking of the Rubymar (March 2024), which posed an environmental risk, and an attack on the TUTOR (June 12, 2024), leaving one seafarer unaccounted for.

• **Response:** Operation Prosperity Guardian, a multinational naval protection force, was established in December 2023 to counter the attacks.
• **IMO Action:** The International Maritime Organization (IMO) has condemned the attacks and is monitoring incidents, urging support for maritime security, particularly following the Rubymar sinking.
• **Recommendation:** Commercial vessels continue to reroute around South Africa to avoid the high-threat area.

The global environment is trending toward increased fragmentation, volatility, and economic nationalism, impacting corporate resilience and supply chain stability.

• **Economic Nationalism:** Washington’s fusion of economic interventionism and transactional dealmaking is forcing governments globally to adopt similar protectionist industrial strategies.
• **US-China Competition:** Structural friction remains despite potential high-level diplomatic engagement planned for 2026. Key friction points include US technology restrictions and support for Taiwan.
• **Critical Minerals:** Critical mineral alliances are central to security risk, driven by China’s expansion of export controls on rare earth elements.

Latin America is undergoing significant political shifts, characterized by US assertiveness and a crowded electoral calendar favoring right-wing candidates.

• **US Intervention:** Recent action, such as the capture of Venezuelan President Nicolás Maduro, highlights US intent to exert significant regional influence.
• **Political Outlook:** Dissatisfaction with left-leaning incumbents is creating momentum for right-wing shifts, likely leading to more market-friendly policies and efforts to address deteriorating security conditions.

The global epicenter of terrorism has shifted from the Middle East to the Central Sahel region of Sub-Saharan Africa, which now accounts for over half of all terrorism-related deaths.

• **Key Groups:** Islamic State (IS) and its affiliates remain the deadliest terrorist organization globally, expanding operations to 22 countries and causing 1,805 deaths in 2025.
• **Fastest Growth:** Tehrik-e-Taliban (TTP) emerged as the fastest-growing terrorist group based on attributed deaths, showing a 90% increase.
• **Western Threat:** Terrorist attacks in the West increased by 63%. Ninety-three percent of fatal attacks in the West over the last five years were carried out by lone wolf actors.
• **Exploitation:** UN experts have warned of extremist exploitation in gaming spaces, noting that these digital environments need protection against radicalization and recruitment. link

The threat of domestic terrorism remains persistent across the U.S., driven by actors who cross the line from protected expression into criminal acts furthering violent agendas.

• **Motivation Focus:** From 2010 to 2021, the largest category of incidents (35%) was classified as racially- or ethnically-motivated, which were also the most lethal. Anti-government or anti-authority motivated violent extremism was the second largest category.
• **Geographic Focus:** The greatest number of domestic terrorism incidents occurred in states with major metropolitan areas, including California, New York, and Washington, D.C..
• **Federal Response:** The number of FBI domestic terrorism investigations has more than doubled since 2020, with open investigations quadrupling from FY 2013 to FY 2021 (1,981 to 9,049).
• **Current Concern:** The landscape is characterized by white supremacists, accelerationists, and the militia movement, alongside nihilistic and left-wing militia extremism.

Recent activity by Russian and Chinese hackers demonstrates ongoing preparatory activity and espionage targeting foreign infrastructure and government systems.

• **Ukraine Power Grid:** In December 2023, Russian hackers scanned Ukrainian energy networks, signaling preparation for future operational technology attacks, though no blackout occurred.
• **Kazakhstan Diplomatic Attacks:** Suspected Russian-linked hackers launched spearphishing attacks against Kazakhstan’s diplomatic institutions in January 2025, using malicious code embedded in fake official documents to conduct cyber espionage. link
• **Chinese Surveillance:** A campaign revealed in October 2023 saw Chinese hackers infiltrate Southeast Asian government networks to gain long-term access for political intelligence monitoring.

Modern financial crime is increasingly defined by transnational criminal networks partnering with traditional banking and FinTech firms to use hybrid methods for illicit money movement.

• **Hybrid Methods:** Nefarious actors cooperate using mirror-trade commodity flows and cryptocurrency to blend legal transactions with illicit proceeds.
• **FinTech Facilitation:** Peer-to-peer apps, reloadable cards, and kiosks facilitate execution of numerous small transactions, blurring the movement of funds (clean-to-dirty).
• **AI Impact:** Fraud and extortion are becoming cheaper and easier to industrialize in the AI era, often through forced-labor scam operations, necessitating urgent policy adaptation.

Recent U.S. sentencing announcements highlight ongoing prosecution efforts against large-scale COVID relief fraud schemes and identity theft.

• **Recent Sentencing (Jan 2026):** A Macomb County resident was sentenced for a multi-million-dollar pandemic assistance fraud scheme.
• **Insider Threat:** A former SBA and IRS employee was charged on January 12, 2026, with using government positions to steal millions from COVID relief programs. link
• **Scam Alert:** The FBI Philadelphia Field Office warned international students on January 16, 2026, of a law enforcement impersonation scam targeting them.

Global law enforcement agencies, led by the National Crime Agency (NCA), achieved a record number of takedowns in 2025 concerning social media accounts linked to organized immigration crime.

• **Scope:** Over 10,000 social media accounts linked to people smuggling were closed.
• **Actors:** The NCA arrested a former “number one target” who supplied thousands of boats and engines to people smugglers operating in the English Channel.
• **Related Crime:** Joint NCA/Belgian operations resulted in the extradition of two fugitive members of a smuggling network who sexually abused migrants.

• **Cocaine Seizure (UK):** A driver was jailed for nine years on January 16, 2026, for possessing £4 million worth of cocaine stashed in his van, following an NCA investigation.
• **Firearms Plot:** A jailed heroin smuggler received an extended term after plotting to set up a firearms supply chain.