< ciso
brief />
Threat and Trends Reports Banner

All news in category “Threat and Trends Reports

1641 articles · page 19 of 83

OX Security: Critical Risk Spike in AI-Driven Development

🔍 OX Security analyzed 216 million security findings from 250 organizations over a 90‑day period and found that while raw alert volume rose 52% year‑over‑year, prioritized critical risk increased nearly 400%. The ratio of critical findings to alerts nearly tripled, from 0.035% to 0.092%. The report links the surge to AI-assisted development and stresses that business context now often outweighs traditional technical severity.
read more →

German military warns: Hybrid attacks on infrastructure

🔒 Vice Admiral Thomas Daum warned that hybrid attacks on Germany's critical infrastructure and Bundeswehr forces abroad have risen noticeably since 2022. At NATO's Locked Shields exercise he cited targeted intrusions against Bundeswehr data centres, alleged phone tapping of deployed personnel and disinformation campaigns in Lithuania. Authorities suspect state actors including Russia, China, Iran and North Korea, while energy firms, banks and local authorities remain at risk.
read more →

Mailbox Rule Abuse in Microsoft 365: A Rising Threat

🔒 Security researchers report a rise in attackers abusing mailbox rules inside Microsoft 365 accounts to maintain post-compromise access, exfiltrate data and manipulate communications. The Proofpoint analysis found that roughly 10% of breached accounts in Q4 2025 had malicious rules created within seconds of takeover. Rules are often given minimal or nonsensical names and configured to delete messages or move them to low-visibility folders to evade detection. Defensive steps include disabling external auto-forwarding, enforcing MFA, monitoring OAuth and promptly removing malicious rules and revoking sessions.
read more →

Manufacturing Cybersecurity: Complexity Surges in 2025

🔒 The global manufacturing sector entered 2025 confronting one of the most aggressive cyber threat environments in its history. Digital transformation, smart factories, and interconnected supply chains have expanded operational reach but introduced unprecedented attack surfaces, making ransomware and supply-chain compromises a primary concern. According to the Manufacturing Threat Landscape 2025 report, incidents rose sharply year over year, placing manufacturing at the center of global ransomware activity and forcing organizations to reassess defenses and incident readiness.
read more →

Securing Manufacturing Operations Against Ransomware in 2026

🔒 Modern manufacturing is increasingly targeted by fast, high-impact cyberattacks: Clorox production lines went dark in 2023 and a global automaker halted factories across five countries in 2025 from stolen credentials. Ransomware incidents against manufacturers rose 56% in 2025, with average European demands exceeding $1.16 million. The analysis highlights structural weaknesses—legacy OT, credential sprawl, and inadequate segmentation—and recommends pragmatic, non-disruptive defenses to protect operations without causing downtime.
read more →

Protecting Privacy and Security in Smart Sex-Toy Apps

🔒 This article explains privacy and security risks associated with smart sex‑toy apps and companion services, focusing on realistic threats such as data collection, account compromise, and server-side access rather than rare remote device takeovers. It outlines practical mitigations — create anonymous accounts, avoid social logins, limit app permissions, use a strong unique password with two‑factor authentication, and keep software updated. The guidance emphasizes minimizing shared personal data and avoiding identifiable media to reduce risks like stalking, blackmail, and targeted profiling.
read more →

The Collapse of the Patch Window: Rapid Exploitation

🔍 In this Talos Threat Perspective episode, Hazel Burton explores how vulnerabilities are being converted into working exploits far faster than before. Where remediation once took weeks or months, weaponization now occurs in days, hours, and sometimes immediately after disclosure, helped by proof-of-concept code, automation, and AI-assisted tooling such as demonstrated with React2Shell. Attackers are targeting what is exposed, accessible, and valuable, compressing the defender's patch window and forcing new approaches to risk prioritization.
read more →

Analysis: CISA KEV Data Reveals Limits of Human Security

🔍Analysis of more than one billion CISA KEV remediation records across 10,000 organizations over four years shows defensive operations have hit a human ceiling. Time-to-Exploit averages negative seven days while vulnerability volume rose 6.5× since 2022. Qualys identifies a Manual Tax and recommends shifting to autonomous, closed-loop Risk Operations Centers that measure Risk Mass rather than raw CVE counts.
read more →

Why Zero-Trust Often Fails at the Traffic Layer in Practice

🔒 Organizations often implement strong identity and access controls but miss enforcement at the traffic layer. During incidents these gaps—across ingress paths, load balancers, CDNs, and APIs—allow traffic to bypass identity checks. Common failures include weak TLS and cipher baselines, fragmented ingress, and half‑implemented mutual TLS. Effective programs treat traffic handling as the primary enforcement point through standardized ingress, request normalization, and consistent end-to-end telemetry.
read more →

Recovery Scams Target Fraud Victims for Second Strike

⚠️Recovery fraud preys on people already defrauded, with criminals posing as recovery firms, regulators or law enforcement to charge upfront fees or collect bank and crypto details. Scammers often use 'sucker lists' to identify vulnerable victims and pressure them into untraceable payments or rushed decisions. Never pay fees in advance; verify claims independently and report incidents to the appropriate authorities.
read more →

The Threat Hunter’s Gambit: Skills, Signals, and Risks

🔍 William Largent frames threat hunting as a discipline akin to strategy games, where pattern recognition, prediction, and spotting feints reveal an adversary's intent. Cisco Talos warns of a growing Platform-as-a-Proxy (PaaP) tactic in which attackers weaponize legitimate SaaS notification pipelines such as GitHub and Jira to deliver authenticated phishing that circumvents SPF, DKIM, and DMARC. Because users habitually trust system-generated alerts, defenders should adopt zero‑trust controls, ingest SaaS API logs into SIEMs, and require out‑of‑band verification for high-risk actions.
read more →

ThreatsDay: Hybrid P2P Botnet and Old Flaws Resurface

🛡️ A concise roundup of the week's notable incidents: a resilient hybrid variant of Phorpiex combines HTTP C2 polling with a P2P protocol to survive takedowns, while a 13‑year‑old chainable flaw in Apache ActiveMQ (CVE-2026-34197) can yield stealthy RCE if left unpatched. Industry data show record cyber‑fraud losses and a spike in AI‑assisted DDoS tactics. Multiple supply‑chain and platform abuses—from trojanized developer tools to malicious PyPI packages and SaaS notification phishing—underscore the need to patch, audit, and harden AI integrations.
read more →

Weak at the Seams: Cybersecurity's Systemic Resilience Gap

🔧 A former industrial automation engineer turned CISO argues that cybersecurity is fragmented across regulators, vendors, auditors and insurers, creating dangerous seams where correlated failures can cascade beyond organizational boundaries. Despite rising spending, tool proliferation and compliance-focused programs fail to measure or build true resilience, leaving handoffs and interfaces as persistent blind spots. High-profile incidents such as the July 2024 CrowdStrike outage show defensive tools and routine updates can themselves become systemic failure vectors, and the industry must design for graceful degradation rather than audit checkboxes.
read more →

March 2026 Cyber Threat Landscape: Ransomware Rebounds

🔍 In March 2026, Check Point Research reported a modest moderation in global cyber attack volumes, with an average of 1,995 weekly attacks per organization — down 4% month over month and 5% year over year. Despite the dip, activity remains historically elevated, driven by automation, attack surface growth, and risks tied to cloud adoption and GenAI. The report also highlights a notable rebound in ransomware activity and continuing exposure for critical sectors.
read more →

Operationalizing Cisco Talos Year in Review Findings

🔍 The Cisco Talos Year in Review synthesizes vast telemetry and Talos IR casework into practical intelligence for defenders. Incident responders should use the report to build realistic tabletop scenarios, validate detections, and stress-test IR plans focusing on dominant TTPs such as valid account abuse, credential dumping, and MFA bypasses. Map findings to MITRE ATT&CK and prioritize vulnerabilities and detections accordingly. It also highlights evolving phishing themes and nascent AI-enabled threats that should shape training and threat-hunting priorities.
read more →

Governance Gaps as AI Agents Drive 76% NHI Increase

⚠ The SANS Institute warns that rapid adoption of agentic AI is outpacing security controls, driving a 76% rise in non-human identities (NHIs) such as service accounts, API keys and automation bots. Based on interviews with more than 500 security professionals for the 2026 State of Identity Threats & Defenses Survey, SANS identified widespread credential hygiene failings and a surge in agent-linked NHIs that can double or triple in number. The report highlights that many organizations do not rotate machine credentials on a 90-day cycle and lack coordinated AI governance, and recommends secrets vaults, automated rotation and scoped least-privilege access to mitigate risk.
read more →

Patch Window Collapses as Exploits Rapidly Accelerate

⚠️ Rapid7's Cyber Threat Landscape Report shows confirmed exploitation of newly disclosed high- and critical-severity vulnerabilities surged 105% year-over-year, while median time to CISA KEV inclusion fell to 5.0 days and mean time-to-exploit dropped to 28.5 days. Industry observers cite the industrialization of cybercrime and the use of AI to speed discovery and exploit development. Experts warn that patches increasingly act as roadmaps for attackers, and urge adoption of secure-by-design, aggressive pre-release testing, and faster isolation or rebuild capabilities to counter the collapsing patch window.
read more →

Weak at the Seams: Cybersecurity's Systemic Fragility

⚠️ Organizations are increasingly exposed to systemic cyber risk as digital transformation stitches industries, vendors and platforms together, creating interconnected failure modes that compliance regimes and siloed tools fail to capture. The author—an experienced CISO with an industrial automation background—argues for shifting focus from checkbox-driven audits to architectural resilience and graceful degradation, tying security spend to measurable business survivability rather than isolated tool maturity.
read more →

Botnet DDoS Escalation: AI, IoT, and Multiterabit Threats

📈 NETSCOUT’s ATLAS platform recorded more than 8 million DDoS attacks across 203 countries during the second half of 2025, revealing a decisive shift toward multiterabit capacity and AI-enabled operations. IoT-based botnets such as Aisuru and TurboMirai variants produced demonstration floods up to 30Tbps and 4Gpps, while dark-web LLMs and conversational interfaces lowered the barrier for complex, multivector campaigns. Persistent pressure on DNS root servers and NTP services highlighted the importance of globally distributed, intelligence-driven defenses.
read more →

Are $30,000 AI GPUs Better at Cracking Passwords Today?

🔒 Specops compared two flagship AI accelerators, the Nvidia H200 and AMD MI300X, against the consumer RTX 5090 using Hashcat benchmarks for MD5, NTLM, bcrypt, SHA-256 and SHA-512. The RTX 5090 outperformed both AI GPUs across all tested algorithms, often by wide margins, meaning the expensive AI hardware does not translate to superior password-cracking performance. Price-to-performance was stark: the H200 costs at least ten times an RTX 5090 yet delivers lower hash rates. The practical risk remains weak or reused credentials; long passphrases, breached-password detection, and MFA are the recommended mitigations.
read more →