Cybercrime is 'industrializing deception'

NordVPN-linked research flagged a campaign that abused a legacy FCKeditor vulnerability to seize more than 1,300 domains and identified a Chinese-language actor operating roughly 800 fraudulent e‑commerce sites. (techradar.com) NordVPN said its Threat Protection Pro blocked over 4.5 million malicious domains tied to scams, phishing and fake shops between March and October 2025. (technewsday.com) Infoblox intelligence found about 800,000 registered domains vulnerable to a “Sitting Ducks” DNS misconfiguration and reported roughly 70,000 of those were subsequently hijacked by threat actors. (thehackernews.com) Cloudflare’s 2026 Threat Report says the company blocks an average of 230 billion threats per day, documented an AI-driven supply‑chain attack that compromised “hundreds” of corporate tenants, and recorded DDoS traffic spikes up to 31.4 Tbps. (techradar.com) Microsoft Threat Intelligence observed phishing campaigns exploiting complex mail routing and spoofing misconfigurations since May 2025, including use of kits tied to Tycoon2FA that impersonate internal HR and password‑reset messages to harvest credentials. (microsoft.com) Legal observers outline rising post‑breach exposures — regulatory inquiries, customer litigation and directors-and‑officers claims — while a Business Times legal primer lists multiple real‑world scenarios where cyber incidents triggered downstream liability for organisations. (businesstimes.com.sg) Federal procurement guidance already treats cyber‑supply‑chain controls as lease acquisition considerations via GSA Acquisition Letter MV‑2022‑06, and contract‑law specialists say lease addenda are increasingly specifying cyber‑insurance minima, incident‑notification timelines and indemnity/“additional insured” wording for landlords. (gsa.gov)