< ciso
brief />
Threat and Trends Reports Banner

All news in category “Threat and Trends Reports

1641 articles · page 20 of 83

Automated Magic Packet Generation from BPF Filters

🛡️ Cloudflare demonstrates an automated method to reverse-engineer classic BPF socket filters and generate the exact “magic” packets that trigger stealthy Linux backdoors. By combining symbolic execution with the Z3 theorem prover and translating the resulting constraints into concrete byte values, the approach reduces manual analysis of complex BPF bytecode from hours or days to seconds. The team uses scapy to assemble crafted packets and has open-sourced the filterforge tool to accelerate threat research and detection.
read more →

FBI: Americans Lost $21B to Cybercrime in 2025 - Record High

📈 The FBI reports U.S. victims lost a record $21 billion to cyber-enabled crime in 2025, a 26% rise from 2024, as the Internet Crime Complaint Center (IC3) logged more than one million complaints. Losses were led by investment fraud, business email compromise, tech-support scams, and data breaches, while cryptocurrency-related fraud topped $11 billion. The report includes 22,300 AI-related scam complaints totaling $893 million and shows seniors over 60 suffered disproportionately. The FBI says proactive interventions, including 3,900 Financial Fraud Kill Chain actions and Operation Level Up, helped freeze $679 million and alert thousands of likely victims; it urges verification before sending funds and reporting incidents to ic3.gov.
read more →

Five Practical Steps to Strengthen Attack Resilience

🔒 ASM provides continuous visibility that answers a core question for IT security teams: what can attackers reach right now? The article presents five practical steps: comprehensive discovery across external, internal, digital, physical, and human surfaces; focusing on the attack vectors that most often break resilience; and shifting from periodic scans to continuous exposure management cycles. It stresses risk-based prioritization using CVSS, exploit probability, and asset criticality, and advocates integrating ASM with detection, response, and recovery while leveraging automation to reduce blind spots.
read more →

Five Steps to Strengthen Supply Chain Security & Resilience

🔒 Supply chain attacks now bypass traditional defenses by exploiting trusted vendors, open-source components, cloud services, and MSP tools, creating cascading impact across distributed environments. Map and inventory all dependencies, classify them by criticality, and continuously evaluate supplier posture using SBOMs, patch cadence, and incident response readiness. Apply Zero Trust controls: MFA, least privilege, segmentation, and just-in-time access, and centralize unified telemetry across endpoints, identity, network, email, and backups to detect anomalies faster. Finally, design recovery playbooks, immutable backups, and automated restore testing to shorten downtime when compromise occurs.
read more →

Five Ways to Strengthen Identity Security and Resilience

🔒 This article outlines five practical steps to harden identity security across human, machine, and workload identities and to build attack resilience through least privilege and continuous validation. It recommends prioritizing MFA for high‑privilege accounts, deploying PAM to control administrative access, inventorying all identity types, and establishing real‑time behavior validation. The guidance emphasizes quick wins—enforce MFA for privileged users immediately and expand to all users within 30 days—to reduce credential‑based breaches and limit lateral movement.
read more →

GPUBreach: GPU Rowhammer Enables Full System Compromise

🔒 Researchers at the University of Toronto demonstrated GPUBreach, a GPU-targeted Rowhammer technique that flips bits in GDDR6 to corrupt GPU page tables and subvert device memory controls. An unprivileged CUDA kernel can obtain arbitrary read/write access to GPU memory and then exploit NVIDIA driver flaws to escalate to CPU privileges and spawn a root shell. The work, due at IEEE S&P 2026, includes technical materials and shows impacts from key leakage to ML model manipulation.
read more →

The Industrialization of Cybercrime and Its Costs Worldwide

🔒 In the latest episode of Brass Tacks: Talking Cybersecurity, Joe Robertson interviews Jürgen Stock, former INTERPOL secretary general, about how cybercrime has matured into a scalable, low‑risk, high‑profit industry. They outline an underground economy of specialized services—malware creation, access brokerage, extortion, laundering—often sold with support and guarantees. Stock warns that individuals, businesses, and critical infrastructure are all at risk, and that disciplined cyber hygiene, preparedness, and public–private cooperation remain the most effective defenses.
read more →

Telehealth Risks in 2026: Medical Data and AI Scams

🔒 Telehealth offers fast, convenient access to care but creates persistent medical records that are highly valuable to criminals. Stolen health data — from diagnoses and prescriptions to insurance IDs and test results — often fetches far more than payment or social-login credentials and enables extortion, fraud, and identity theft. The rise of AI-driven fake clinics and diagnostic tools makes realistic phishing and data-harvesting sites easier to create. Protect yourself by using a dedicated medical email, avoiding social sign-in, enabling 2FA, using clinic-provided encrypted portals, and keeping health devices patched.
read more →

Talos Takes: 2025 Ransomware Trends and Vulnerabilities

🔒 Talos analysts Amy Ciminnisi and Pierre Cadieux review the ransomware and vulnerability patterns that shaped 2025. They emphasize persistent campaigns against the manufacturing sector, increased targeting of management infrastructure, and the rise of stealthy living-off-the-land techniques that evade traditional controls. The hosts explain how to spot the difference between a system administrator and a threat actor and outline steps organizations can take to move beyond reactive defenses toward a more resilient, proactive security posture.
read more →

FBI: Over $17.7bn Lost to Cyber Fraud in US During 2025

🛡️ The FBI's 2025 Internet Crime Report shows US victims lost more than $17.7 billion to internet-enabled fraud, with the Internet Crime Complaint Center (IC3) receiving over one million complaints in 2025. Cryptocurrency investment scams were the single largest source of financial loss at $7.2 billion, followed by Business Email Compromise and fake tech support schemes. The report also highlights nearly $893 million lost to AI-enabled fraud and 22,364 AI-related complaints, warning that synthetic content and deepfakes are increasingly abused to perpetrate scams.
read more →

Hidden Cost of Recurring Credential Incidents and Costs

🛡️ The Hacker News highlights that while headline breaches attract investment, recurring credential incidents—account lockouts, reused or exposed passwords, and frequent resets—impose persistent operational costs. Forrester estimates resets can account for up to 30% of helpdesk tickets, at roughly $70 each, and IBM’s 2025 report cites a $4.4M average breach cost. Poorly designed password policies and mandatory periodic resets often make the problem worse by prompting insecure user behavior. Practical measures include user-friendly, robust policies, breached-password screening, and shifting away from arbitrary expiration windows; vendors such as Specops Password Policy are presented as tools that detect exposed credentials and reduce incident volume.
read more →

Weaponizing SaaS Notification Pipelines for Phishing

🔔 Cisco Talos observed a rise in campaigns that weaponize SaaS notification pipelines in collaboration platforms to deliver phishing and credential‑harvesting lures. Attackers embed malicious content in GitHub commit messages and in user‑configurable Jira project fields so automated notifications, signed by the platforms, bypass SPF, DKIM, and DMARC checks. Talos describes this as a Platform‑as‑a‑Proxy (PaaP) abuse and recommends moving to Zero‑Trust, instance‑level verification, and API telemetry to detect and block these attacks.
read more →

Talos 2025 Review: Rapid Exploits and Legacy Risks

🔍 Talos' 2025 Year in Review highlights a marked shift in attacker behavior driven by both newly disclosed flaws and long-entrenched components. In the final weeks of 2025 React/React2Shell surged to the top of exploit activity, followed by legacy targets such as PHPUnit and Log4j. Agentic AI accelerated the creation and deployment of proofs-of-concept and exploit kits, dramatically reducing attacker time-to-exploit. Talos urges organizations to prioritize identity-adjacent systems and management planes for patching and mitigation.
read more →

Supply Chain Security Moves to Boardroom Priority Now

🔒 Supply chain security has shifted from a technical concern to a board-level business priority, driven by high-profile incidents and emerging regulation such as the European Cyber Resilience Act. CSOs must confront pervasive open-source risk—highlighted by Log4Shell—and adopt SBOMs, tooling and processes that reduce false positives. Automation, integration with developer workflows and rapid supplier communication are essential to limit fines and protect customer trust.
read more →

Engineering Fairness in Multi-tenant SIEM Platforms

🔎 While reviewing five popular SIEM solutions for a security awards panel, the author observed consistent marketing claims—24/7 SOCs, AI-driven detections, integrations and SLA promises—but a notable omission: how vendors manage multi-tenancy. The piece explains the engineering risk of the “noisy neighbor” effect in shared cloud stacks and shows how poor isolation can produce ingestion latency, delayed detection and violated SLAs. It recommends concrete architectural controls—admission control, fair-share scheduling and resource partitioning—and urges buyers to demand transparency or opt for dedicated clusters when compliance or performance require strict isolation.
read more →

Modern Kubernetes Threats and Identity-focused Attacks

🔒 Unit 42 details how widespread Kubernetes attacks—driven by identity theft and exposed services—enable escalation from containers into cloud backends. The report highlights stolen service account tokens and the rapid exploitation of React2Shell (CVE-2025-55182), showing how attackers extract mounted tokens and cloud credentials. Practical mitigations include strict RBAC, short-lived projected tokens, runtime telemetry, and API audit logging. Unit 42 maps these behaviors to MITRE ATT&CK and provides detection examples.
read more →

Why Simple Breach Monitoring Is No Longer Enough in 2026

🔒 Organizations must move beyond checkbox breach monitoring to defend against fast-moving infostealers. Ran Geva (CEO, Webz.io & Lunar) warns that monthly scans and reliance on MFA, EDR, or zero-trust alone often miss stolen credentials, session cookies, and stealer logs. With 4.17 billion compromised credentials observed in 2025 and high breach costs, enterprises need continuous, forensic-grade monitoring, automated triage, and integrations that can reset credentials and invalidate sessions quickly.
read more →

How SOCs Close the Gap on Multi-OS Cyberattacks Fast

🔒 Enterprise attacks now traverse Windows, macOS, Linux and mobile, but many SOC workflows remain fragmented by platform, creating slower validation, fragmented evidence, and more escalations. The piece recommends making cross-platform analysis part of early triage, keeping investigations in one unified sandbox workflow (for example ANY.RUN Sandbox), and turning consolidated visibility into faster response. These steps reduce tool switching, standardize response, and deliver measurable efficiency gains.
read more →

Weekly Recap: Axios Supply-Chain, Chrome Zero-Day, and More

⚡ This week’s incidents include a supply-chain compromise of the popular Axios npm package by actors attributed to North Korea (UNC1069) and an actively exploited Chrome zero-day (CVE-2026-5281) in the Dawn/WebGPU component. Other notable events include active exploitation of Fortinet FortiClient EMS, a TrueConf update-integrity bypass, and an accidental large code leak from Anthropic’s Claude development. Organizations should treat developer tooling, CI/CD, and dependencies as part of the attack surface and apply patches and integrity checks promptly.
read more →

Fixing Authentication: Resilient Interoperable Systems

🔐 Authentication is breaking at critical front lines because a fragmented mix of cards, readers, middleware and identity platforms rarely interoperate under real-world pressure. This brittle stack allows downgrades, fallback paths and patch regressions to undermine even passwordless and FIDO2 deployments, producing outages and safety risks in healthcare, government and aerospace. The article outlines three architectural shifts — modular secure elements, reader‑agnostic middleware and a unified credential ecosystem — and a five-point CISO action plan to remove weak fallbacks, require downgrade transparency, harden patching, embed interoperability in contracts and run constrained high‑value pilots.
read more →