Cyber·Monitoring
Ivanti Patches Critical Sentry Vulnerabilities Enabling Root-Level Remote Code Execution
🇺🇸 Global — Ivanti Sentry is deployed by enterprises worldwide, primarily in the US· Global10 Jun
9 reportsPROPCASCY
MediumAI Refreshed
Developing event. Generated by AI and subject to further corroboration and review.
DevelopingLow impactAI Refreshed
Central Bank of Libya Isolates Systems Following Cyber Attack
Occurred 9 Jun 2026·Detected 14 Jun 2026·
🇱🇾 Tripoli, Libya2 reports
CyberPolitical RiskCyber
Libya's Central Bank disclosed a cyber incident affecting some of its systems in Tripoli. The bank isolated impacted components while reporting that core banking services continue to operate. Technical investigations are ongoing, with no confirmed indicators of customer account impact, data compromise, or quantified loss. Two independent mainstream-media outlets corroborate the basic incident facts. The event occurred in a JWC-listed jurisdiction of active conflict and political instability, carrying latent political-risk and cyber treaty considerations, though no named insured or commercial asset linkage has been established.
AI-generated from linked source reports. See our correction policy.
Impact verdict
Low impact. LOW. Two independent mainstream-media reports corroborate the basic incident facts, and the Central Bank's own statement frames the event as contained, with core banking services operating. Sovereign cyber incidents in active-conflict jurisdictions carry latent political-risk and potential financial-institution or cyber treaty exposure, but absent any quantified loss, named insured linkage, or service outage affecting market participants, insured severity remains low.
View assessment methodologyHow we grade what we know -- Known · Reported · Uncertain. Methodology →
Intelligence ledger
Each line expands in place to its underlying sourced claim.
Known23 lines
Central Bank of Libya experienced a cyber incident affecting some of its systems▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Affected systems were isolated following the attack▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Core banking services continue to operate▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Technical investigations are ongoing▾
structured lineknown
No separate sourced-claim record is available for this line yet.
The event occurred in a JWC-listed jurisdiction of active conflict and political instability.▾
jwc_active_conflict_jurisdictioncontext onlypolitical_risk
Market relevance: JWC listing elevates latent political-risk and sovereign-cyber treaty considerations, independent of direct insured linkage.
Two independent mainstream-media outlets corroborate the basic incident facts.▾
cbl_two_mainstream_corroborationcontextvalid from 15 Jun 2026, 05:14Cyber
Market relevance: Corroboration threshold met; supports developing lifecycle and source reliability for severity assessment.
Supersession history: 1 prior/revised claim rows.
The incident affected Central Bank of Libya systems in Tripoli.▾
cbl_location_tripolicontextvalid from 14 Jun 2026, 03:42Political Risk
Market relevance: Location confirms sovereign-institution context; relevant for political-risk treaty geographic scoping.
The incident occurred in a JWC-listed jurisdiction of active conflict and political instability.▾
cbl_jurisdiction_jwc_listed_conflictlatent exposurevalid from 14 Jun 2026, 03:42Political Risk
Market relevance: Active-conflict jurisdiction elevates latent political-risk considerations alongside cyber treaty exposure.
Libya is a JWC-listed jurisdiction of active conflict and political instability, raising latent political-risk considerations for the cyber incident.▾
libya_jwc_listed_conflict_jurisdictioncontextualvalid from 15 Jun 2026, 05:14Political Risk
Market relevance: JWC listing elevates political-risk and sanctions overlays on cyber and financial-institution cover in the jurisdiction.
The incident occurred in a JWC-listed jurisdiction of active conflict and political instability.▾
cbl_jwc_active_conflict_jurisdictionlatent political riskPolitical Risk
Market relevance: JWC active-conflict listing elevates latent political-violance and sovereign credit considerations; relevant to political-risk treaty and trade credit markets.
“JWC-listed jurisdiction of active conflict and political instability” — Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
The incident occurred in a JWC-listed area of active conflict and political instability.▾
cbl_jwc_active_conflict_contextcontextualvalid from 9 Jun 2026, 00:00Political Risk
Market relevance: Adds political risk and war/cyber aggregation context
Supersession history: 1 prior/revised claim rows.
Libya's Central Bank disclosed a cyber incident affecting some of its systems in Tripoli.▾
cbl_cyber_incident_disclosedcontext onlyvalid from 14 Jun 2026, 03:42cyber
Market relevance: Sovereign cyber incident in JWC-listed jurisdiction carries latent political-risk and cyber treaty considerations.
“استنفار مصرفي بعد هجوم سيبراني على أنظمة «المركزي» الليبي” — Asharq Al-Awsat (Arabic) · 10 Jun 2026, 14:57 · mainstream media
“تحقيقات فنية مستمرة بعد تعرض بعض أنظمة مصرف ليبيا المركزي لحادث سيبراني مع استمرار الخدمات الأساسية” — Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
Supersession history: 1 prior/revised claim rows.
Two independent mainstream-media outlets corroborate the basic incident facts.▾
two_independent_mainstream_corroborationcontext onlyvalid from 15 Jun 2026, 05:14cyber
Market relevance: Dual-source corroboration supports 'developing' lifecycle classification under evidence threshold.
The Central Bank of Libya experienced a cyber incident affecting some of its systems.▾
cbl_cyber_incident_occurredlatent exposurevalid from 14 Jun 2026, 03:42Political Risk
Market relevance: Sovereign cyber incident at a central bank in a JWC-listed conflict jurisdiction; latent political-risk and cyber treaty relevance.
“استنفار مصرفي بعد هجوم سيبراني على أنظمة «المركزي» الليبي” — Asharq Al-Awsat (Arabic) · 10 Jun 2026, 14:57 · mainstream media
“تحقيقات فنية مستمرة بعد تعرض بعض أنظمة مصرف ليبيا المركزي لحادث سيبراني” — Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
Supersession history: 1 prior/revised claim rows.
Technical investigations are ongoing.▾
technical_investigation_ongoingcontext onlyvalid from 14 Jun 2026, 03:42cyber
Market relevance: Open investigation may yield additional indicators; no current quantitative impact.
Affected systems were isolated following the cyber incident.▾
affected_systems_isolatedcontext onlyvalid from 14 Jun 2026, 03:42cyber
Market relevance: Isolation suggests containment posture; no market-disrupting outage identified.
“تحقيقات فنية مستمرة بعد تعرض بعض أنظمة مصرف ليبيا المركزي لحادث سيبراني مع استمرار الخدمات الأساسية” — Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
Event lifecycle status is developing following corroboration threshold being met.▾
cbl_lifecycle_developingcontextvalid from 15 Jun 2026, 05:14Cyber
Market relevance: Developing status signals active monitoring; not yet matured to peak or resolving.
Source · 18 Jun 2026, 03:13
Supersession history: 1 prior/revised claim rows.
The Central Bank of Libya isolated impacted systems following the attack.▾
cbl_systems_isolatedlatent exposurevalid from 14 Jun 2026, 03:42Cyber
Market relevance: Containment framing supports low insured-severity banding; reduces likelihood of sustained outage.
Supersession history: 1 prior/revised claim rows.
Technical investigations into the incident are ongoing.▾
cbl_technical_investigation_ongoinglatent exposurevalid from 14 Jun 2026, 03:42Cyber
Market relevance: Open investigation may surface new facts affecting severity assessment.
Supersession history: 1 prior/revised claim rows.
Technical investigations into the cyber incident are ongoing.▾
cbl_investigation_ongoingstatusvalid from 9 Jun 2026, 00:00Cyber
Supersession history: 1 prior/revised claim rows.
Core banking services at the Central Bank of Libya continue to operate despite the cyber incident.▾
cbl_core_services_operatingoperationalvalid from 14 Jun 2026, 03:42Cyber
Market relevance: Continuity of core services limits systemic banking-disruption exposure at this stage.
“استنفار مصرفي بعد هجوم سيبراني على أنظمة «المركزي» الليبي” — Asharq Al-Awsat (Arabic) · 10 Jun 2026, 14:57 · mainstream media
Technical investigations into the Central Bank of Libya cyber incident are ongoing.▾
cbl_investigations_ongoingcontextualvalid from 15 Jun 2026, 05:14Cyber
Market relevance: Open investigation; severity and attribution not yet established.
A banking sector alert was issued following the cyberattack on the Central Bank's systems.▾
cbl_banking_sector_alert_issuedcontext onlyvalid from 15 Jun 2026, 05:14Cyber
Market relevance: Sector-wide alert indicates precautionary posture; no insured outage quantified.
“استنفار مصرفي بعد هجوم سيبراني على أنظمة «المركزي» الليبي” — Asharq Al-Awsat (Arabic) · 10 Jun 2026, 14:57 · mainstream media
Reported20 lines
No confirmed indicators that customer accounts were affected▾
structured linereported
No separate sourced-claim record is available for this line yet.
No confirmed indicators that customer accounts were affected.▾
no_confirmed_customer_account_impactcontext onlyvalid from 14 Jun 2026, 03:42cyber
Market relevance: Absence of confirmed customer-account impact limits retail-banking loss exposure.
The event occurred in Libya, a JWC-listed jurisdiction of active conflict and political instability.▾
cbl_jurisdiction_jwc_listedlatent exposurePolitical Risk
Market relevance: JWC listing affects war/terrorism and political-risk treaty wordings; elevates latent exposure consideration.
The cyber incident reportedly prompted a banking sector alert in Libya.▾
cbl_banking_sector_alertcontextvalid from 9 Jun 2026, 00:00Cyber
“استنفار مصرفي بعد هجوم سيبراني على أنظمة «المركزي» الليبي” — Asharq Al-Awsat (Arabic) · 10 Jun 2026, 14:57 · mainstream media
Supersession history: 1 prior/revised claim rows.
Event occurred in Libya, a JWC-listed jurisdiction of active conflict and political instability, providing latent political-risk context for cyber treaty considerations.▾
cbl_jurisdiction_conflict_contextlatent exposurePolitical Risk
Market relevance: Sovereign in JWC-listed active-conflict jurisdiction with latent political-risk overlay.
The incident occurred in a JWC-listed jurisdiction of active conflict and political instability.▾
cbl_jurisdiction_active_conflictcontextualPolitical Risk
Market relevance: Active-conflict JWC listing underwrites latent political-risk and sovereign-credit considerations.
Supersession history: 1 prior/revised claim rows.
The incident occurred in a JWC-listed area of active conflict and political instability.▾
libya_jwc_active_conflict_jurisdictioncontextual risk signalPolitical Risk
Market relevance: Raises latent political-risk, war, and sovereign-credit considerations; relevant to political-risk and trade-credit treaties.
No confirmed indicators that customer accounts were affected.▾
cbl_no_customer_account_impactlatent exposurevalid from 14 Jun 2026, 03:42Cyber
Market relevance: Absence of confirmed customer impact reduces third-party liability and notification cost considerations.
No confirmed indicators that customer accounts were affected have been reported.▾
cbl_no_customer_account_impact_reportedfactvalid from 9 Jun 2026, 00:00Cyber
No confirmed indicators that customer accounts were affected have been reported.▾
cbl_no_customer_account_impact_confirmedlatent exposurevalid from 14 Jun 2026, 03:42Cyber
Market relevance: Absence of confirmed customer-account impact limits liability and notification-driven exposure pathways for now.
“تحقيقات فنية مستمرة بعد تعرض بعض أنظمة مصرف ليبيا المركزي لحادث سيبراني مع استمرار الخدمات الأساسية” — Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
Supersession history: 1 prior/revised claim rows.
No confirmed indicators that customer accounts were affected by the Central Bank of Libya cyber incident have been reported.▾
cbl_no_confirmed_customer_account_impactcontextualvalid from 15 Jun 2026, 05:14Cyber
Market relevance: Absence of confirmed customer-account impact limits the near-term third-party liability signal for financial-institution cover.
Supersession history: 1 prior/revised claim rows.
No quantified financial loss has been disclosed.▾
cbl_no_quantified_losslatent exposureCyber
Market relevance: Absence of quantified loss floors insured-severity banding at low; economic-only figures would not alter this.
No named insured or commercial asset linkage has been established between this incident and London specialty insurance exposures.▾
no_named_insured_or_asset_linkagecontext onlycyber
Market relevance: Without insured linkage, treaty and direct exposure cannot be quantified from this event alone.
“No commercial or insured asset losses are identified.” — Asharq Al-Awsat (Arabic) · 10 Jun 2026, 14:57 · mainstream media
No named insured or commercial asset linkage to the Central Bank of Libya incident has been established.▾
cbl_no_named_insured_linkagelatent exposurePolitical Risk
Market relevance: Absence of named insured linkage caps insured-severity banding at low absent further evidence.
Supersession history: 1 prior/revised claim rows.
Libya has minimal London specialty insurance market exposure, and no commercial or insured asset losses have been identified in connection with the incident.▾
libya_minimal_london_market_exposurecontextualvalid from 15 Jun 2026, 05:14Political Risk
Market relevance: Limited London market footprint in the jurisdiction caps the realistic insured-loss envelope absent a named insured.
“دولة ذات تعرض ضئيل لسوق التأمين المتخصص في لندن” — Asharq Al-Awsat (Arabic) · 10 Jun 2026, 14:57 · mainstream media
Libya is assessed as having minimal London specialty insurance market exposure, with no identified commercial or insured asset losses.▾
cbl_london_market_exposure_minimalcontextualvalid from 15 Jun 2026, 05:14Political Risk
Market relevance: Minimal direct London Market exposure limits near-term treaty and direct facultative impact.
Core banking services continue to operate per the bank's statement.▾
core_services_operatingcontext onlyvalid from 14 Jun 2026, 03:42cyber
Market relevance: Continuity of core services limits direct financial-institution treaty exposure from this incident alone.
Core banking services continue to operate despite the incident.▾
cbl_core_services_operationallatent exposurevalid from 14 Jun 2026, 03:42Cyber
Market relevance: Continuity of core services limits potential business-interruption severity; material to cyber and political-risk treaty exposure assessment.
Supersession history: 1 prior/revised claim rows.
The Central Bank of Libya stated that core banking services continue to operate despite the cyber incident.▾
cbl_core_services_continuingcontextualvalid from 14 Jun 2026, 03:42Cyber
Market relevance: Continuity of core services is the bank's own framing and reduces the immediate insured-severity signal.
Supersession history: 1 prior/revised claim rows.
Core banking services at the Central Bank of Libya continue to operate.▾
cbl_core_services_continuestatusvalid from 14 Jun 2026, 03:42Cyber
Market relevance: Continued core services argue against immediate systemic banking disruption and limit severity bands.
Supersession history: 1 prior/revised claim rows.
Uncertain22 lines
Nature and origin of the attack (ransomware, DDoS, state-sponsored, etc.)▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Extent of data compromise or financial loss▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Identity of the threat actor▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Whether the incident will trigger regulatory or sovereign credit implications▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Nature and origin of the attack (e.g., ransomware, DDoS, state-sponsored) is not confirmed in available reporting.▾
attack_vector_uncertaincontext onlycyber
Market relevance: Attack-vector uncertainty limits precision of treaty exposure assessment.
The nature and origin of the attack (e.g., ransomware, DDoS, state-sponsored) remain unconfirmed.▾
cbl_attack_vector_unknownlatent exposureCyber
Market relevance: Attack vector would shape whether war/terrorism exclusions, state-actor carve-outs, or political-violence triggers apply.
Supersession history: 1 prior/revised claim rows.
Nature and origin of the attack (e.g., ransomware, DDoS, state-sponsored, other) remain unconfirmed.▾
cbl_attack_nature_uncertaincontextCyber
Supersession history: 1 prior/revised claim rows.
The identity of the threat actor has not been reported.▾
cbl_threat_actor_unknownlatent exposurevalid from 14 Jun 2026, 03:42Cyber
Market relevance: Attribution uncertainty affects war/hostile-act exclusion analysis on cyber and political-risk covers.
Supersession history: 1 prior/revised claim rows.
No quantified loss, data compromise figure, or named insured linkage has been established for the Central Bank of Libya cyber incident.▾
cbl_no_quantified_loss_or_named_insuredcontextualCyber
Market relevance: Absence of quantified loss or named insured linkage supports low insured severity at this stage.
The threat actor has not been publicly identified or attributed.▾
cbl_threat_actor_unattributedcontext onlyvalid from 15 Jun 2026, 05:14Cyber
Market relevance: Attribution would inform war/exclusion clauses and political-violence treaty wording.
Supersession history: 1 prior/revised claim rows.
The nature and origin of the attack (ransomware, DDoS, state-sponsored, or other) has not been disclosed.▾
cbl_attack_vector_uncertaincontextCyber
Market relevance: Affects potential aggregation and attribution scenarios
Identity of the threat actor has not been disclosed or confirmed.▾
cbl_threat_actor_uncertaincontext onlyCyber
Market relevance: Threat actor identity drives war/cyber exclusion and accumulation considerations.
The extent of any data compromise or financial loss has not been confirmed.▾
cbl_data_compromise_uncertainlatent exposureCyber
Market relevance: Unconfirmed data exposure limits cyber liability severity estimation; remains an open item.
Supersession history: 1 prior/revised claim rows.
Extent of data compromise or financial loss is not quantified in available reporting.▾
data_compromise_or_financial_loss_uncertaincontext onlycyber
Market relevance: Absence of quantified loss caps severity banding under insured-industry framing.
Extent of data compromise or financial loss has not been quantified or confirmed.▾
cbl_loss_extent_uncertainlossCyber
Supersession history: 1 prior/revised claim rows.
No quantified financial loss, data compromise, or named insured linkage has been established for the Central Bank of Libya cyber incident.▾
cbl_loss_or_data_compromise_unquantifiedcontextualvalid from 15 Jun 2026, 05:14Cyber
Market relevance: Without quantified loss or data compromise, insured severity remains low and speculative.
The extent of any data compromise or financial loss has not been disclosed.▾
cbl_data_loss_unknownlossCyber
Market relevance: Without quantified loss, insured severity cannot be banded above low; remains contingent on investigation outcome.
“Extent of data compromise or financial loss” — Al Jazeera Arabic · 9 Jun 2026, 13:57 · mainstream media
Extent of data compromise, financial loss, or insured impact has not been quantified in public reporting.▾
cbl_loss_quantum_unknowncontext onlyvalid from 15 Jun 2026, 05:14Cyber
Market relevance: No loss quantum available; cyber and political-risk treaty severity cannot be banded upward on economic-only evidence.
Extent of any data compromise or financial loss has not been disclosed.▾
cbl_data_or_financial_loss_extent_unknowncontextual risk signalCyber
Market relevance: No quantified loss prevents insured-severity banding; relevant to cyber, financial-institution, and political-risk treaty monitoring.
Extent of any data compromise or financial loss is not known.▾
cbl_data_financial_loss_uncertaincontext onlyCyber
Market relevance: Quantified loss not available; cannot map to insured severity banding.
Whether the incident will trigger regulatory action, sanctions, or sovereign credit implications is uncertain.▾
cbl_regulatory_or_sovereign_credit_implications_uncertaincontextual risk signalPolitical Risk
Market relevance: Potential secondary effects on trade-credit, political-risk, and financial-institution lines if regulatory or credit actions materialize.
Whether the incident will trigger regulatory, sanctions, or sovereign credit implications is not yet known.▾
cbl_no_regulatory_credit_implication_knowncontext onlyPolitical Risk
Market relevance: Regulatory or sovereign credit actions could affect political risk and trade credit exposures.
Geographic Zone Matches
2 active matches
- Libya (12nm coastal buffer)Rule-basedConfidence 100%
- JWC Listed AreasRule-basedConfidence 100%
Geographic zone matches are RiskEvents spatial/analytical indicators, not coverage determinations or Lloyd's official classifications.
Affected countries
🇱🇾 Libya
Latest developments
- Two independent outlets report a disclosed cyber incident at Libya's Central Bank. — Al Jazeera Arabic
- Central Bank isolated affected components as a containment measure. — Al Jazeera Arabic
- Core banking services remain operational, per reporting. — Al Jazeera Arabic
- Technical investigations continue. — Al Jazeera Arabic
- No confirmed indicators of customer account impact have been reported. — Al Jazeera Arabic
- Attack vector and origin remain unconfirmed. — Al Jazeera Arabic
- No data-compromise or financial-loss figures have been confirmed. — Al Jazeera Arabic
- Libya is a JWC-listed jurisdiction of active conflict, framing the event's political-risk context. — Al Jazeera Arabic
Timeline
Status Change15 Jun 2026, 05:14
Status changed to developing
evidence_trigger: corroboration >= 2
signal -> developing
Corroboration15 Jun 2026, 05:14
A cyberattack has hit the systems of Libya's Central Bank, prompting a banking sector alert. The article reports disrupted central bank operations in Libya, a country with minimal London specialty insurance market exposure. No commercial or insured asset losses are identified.
Source: Asharq Al-Awsat (Arabic) (Mainstream Media) · View source
Initial Detection14 Jun 2026, 03:42
Initial Detection
Libya's Central Bank disclosed a cyber attack on some of its systems, prompting isolation measures while core services continue. No confirmed indicators of customer account impact were reported. Technical investigations are ongoing, with the event occurring in a JWC-listed area of active conflict and political instability.
تحقيقات فنية مستمرة بعد تعرض بعض أنظمة مصرف ليبيا المركزي لحادث سيبراني مع استمرار الخدمات الأساسية
Source: Al Jazeera Arabic (Mainstream Media) · View source
Lloyd's classifications
Tracking this kind of risk? Get an email when Cyber events escalate.
Get alerts