In this first cybersecurity roundup of 2026, we look at recent incidents, emerging vulnerabilities, and the evolving threat landscape. As always, no sector is immune. Read the latest below:
Cyber-attacks in the news
Secondary school closes due to cyberattack
A cyber-attack forced a secondary school in Nuneaton, Warwickshire, to close on Monday, 12th January. It was reported that the attack affected the school’s IT systems, prompting a precautionary shut down that affected around 1,400 pupils and staff.
The attack meant the school remained closed for the rest of the week. Students were advised not to access school IT systems while external specialists investigated the incident.
Microsoft zero-day actively exploited
Microsoft has released patches for CVE-2026-21509 after a newly disclosed Office zero-day vulnerability that can be exploited to bypass security features.
The attack is said to have been discovered by Microsoft’s security researchers, but no information about the malicious activity has been disclosed yet.
Essentially, the flaw allows attackers to execute code with full system privileges when users open malicious Office documents delivered via convincing phishing emails. Organisations have been urged to apply patches immediately and, where this isn’t possible, strengthen email filtering, disable Office macros and enhance monitoring for suspicious Office activity.
Data stolen in cyber-attack on West London Council
Kensington and Chelsea Council was recently targeted by a cyberattack, which may have exposed the personal details of hundreds of thousands of residents. Authorities quickly detected and contained the attack, working with Westminster and Hammersmith councils and the NCSC. Checks on files affecting vulnerable individuals were prioritised, though a full review could take months. The council has warned households to be vigilant against scams using stolen information.
VMware vulnerability
Part of the US Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency (CISA), has added a critical out-of-bounds write flaw in Broadcom’s VMware vCenter Server (CVE-2024-37079) to its known exploited vulnerabilities catalogue, after active exploitation was detected.
Successful attacks can allow remote code execution and full control over affected vCenter systems, enabling lateral movement across virtualised environments. The vulnerability is network-accessible and requires no user interaction, making it especially dangerous. CISA has advised all affected organisations to prioritise patching the flaw immediately, segment network access, monitor traffic and audit logs.
The cybersecurity landscape
NHS open letter demands improved cybersecurity from suppliers
The NHS has announced plans to work proactively with suppliers to improve cybersecurity resilience across health and social care, building on last year’s voluntary supply chain charter. The initiative follows growing ransomware threats and aligns with the Cyber Security and Resilience Bill and the Government Cyber Action Plan.
NHS England plans to engage with suppliers to discuss key controls and risks, focusing on collaboration rather than audits, to strengthen resilience across the sector. Health and social care organisations are expected to maintain patched systems, enforce multi-factor authentication, monitor critical IT infrastructure, secure immutable backups, and conduct board-level exercises.
UK Government cybersecurity speech at insurance conference
In January, Digital Minister Liz Lloyd spoke at the BIBA insurance conference, stressing that cyber resilience underpins national security, economic stability and growth. Lloyd highlighted key initiatives,including the Cyber Security and Resilience Bill, the Government Cyber Action Plan, and the Cyber Governance Code of Practice. She emphasised board-level cyber risk, Early Warning Service adoption and Cyber Essentials across supply chains. She also noted the role of cyber insurance in supporting recovery,reducing disruption and complementing security measures, particularly for SMEs.
NCSC warning over hacktivist groups
The UK’s National Cyber Security Centre (NCSC) has issued a warning that Russian-aligned hacktivist groups are actively disrupting UK organisations and online services, predominantly through denial‑of‑service(DoS/DDoS) attacks aimed at taking down websites and critical infrastructure.These groups are ideologically motivated and initiate campaigns against local government, public services, and operators of essential systems. The alert from the NCSC emphasises that even technically simple attacks can cause significant disruption and urges organisations to strengthen their service resilience and DoS defences.
Research suggests over 10% of businesses wouldn’t survive a cyber-attack
A recent survey by Vodafone Business found that over 10% of companies fear they could fail after a major cyberattack, and 71% of leaders expect at least one employee to fall for phishing. Poor password hygiene, including re-use across multiple personal accounts, was highlighted as a major concern, along with:
-
Only 45% confirmed that staff had undergone basic cyber-awareness training
-
28% of UK organisations were categorised as ‘at risk’
-
63% of leaders reported their risk of attack has risen in the last 12 months
Threat landscape snapshot
These attacks and insights into the current cybersecurity landscape highlight that cyber threats are increasingly diverse, opportunistic,and high-impact, demonstrating that no sector is immune and that attackers will exploit both technical vulnerabilities and human factors.
For channel partners supporting clients, resilience is a priority: ensure systems are patched and monitored, access is secured, and recovery plans are prepared. Emphasis should also be placed on awareness and training, safeguarding sensitive data, managing supply chain risk and adopting layered protections that combine preventive measures with rapid response capabilities.
At Brigantia, our select portfolio enables channel partners to address the challenges discussed in this article. Find the list of vendors here, or get in touch with our team to discuss your security offering.
