This week’s cybersecurity landscape was dominated by the FBI’s urgent warning regarding “quishing”—a sophisticated QR code phishing campaign by North Korean group Kimsuky that bypasses traditional email filters and multi-factor authentication.
The group is specifically targeting policy experts, NGOs, and academics by embedding malicious QR codes in emails. Because these codes are images, they bypass most corporate email filters, and once scanned, they redirect users to mobile-optimized phishing pages that can steal session tokens, allowing hackers to bypass Multi-Factor Authentication (MFA) entirely.
What to watch for:
• Spoofed Senders: Emails appearing to be from HR, IT, or external partners (embassies, journalists) asking you to scan a code to access a “secure document” or “questionnaire.”
• The Mobile Pivot: Attacks often try to move you from your laptop to your personal phone, where we have fewer security protections.
• Fake Logins: Be wary of any QR code that leads to a Microsoft 365, Okta, or Google login page.
Our Policy: Never scan a QR code in an email to log into a work account. If you receive a QR code you weren’t expecting, please report it via the [Report Phishing] button or contact IT directly.
This alert coincided with the release of the 2026 Allianz Risk Barometer, which ranked cyber incidents as the top global business threat for the fifth consecutive year, with AI-driven risks rising sharply to the second spot.
On the regulatory and defense front, the Department of Homeland Security launched a new $115 million drone and counter-drone office to secure major upcoming events like the 2026 FIFA World Cup, while CISA added a critical, unpatched vulnerability in the Gogs Git service to its “Known Exploited” list following widespread active attacks.
Rounding out the week, the European Space Agency (ESA) confirmed a massive data exposure involving over 700GB of scientific and contractor data, highlighting the persistent vulnerability of high-value research institutions to state-sponsored and criminal intrusion.