All news in category "Threat and Trends Reports"

Affiliates Drive Growth of 'Soulless' Scam Gambling Network

🔍 A surge of polished scam gambling sites has been traced to a Russian affiliate program called Gambler Panel, which provides a turnkey "fake casino" engine, marketing templates, and step-by-step fraud guides. Ads promise $2,500 promo credits and lure users into making ~$100 cryptocurrency "verification" deposits that are then milked through pressured wagering. The program touts up to 70% revenue shares, a large affiliate base, and a Telegram vetting channel.

Education Sector Hit by Rising Cyberattacks in 2025

📚 Check Point Research reports a sharp rise in cyber attacks against the education sector between January and July 2025. Across that period the sector averaged 4,356 attacks per organization each week, representing a 41% year‑over‑year increase. The trend is global, affecting both developed and developing regions and coincides with the back‑to‑school season. Schools and institutions are urged to strengthen defenses and incident preparedness.

August 2025 security roundup with Tony Anscombe highlights

🔒 In the August 2025 edition, ESET Chief Security Evangelist Tony Anscombe highlights major global developments that affect defenders and users alike. Key items include WhatsApp's takedown of 6.8 million scam-linked accounts in H1 2025, the UK government's reversal on an Apple cloud decryption demand, attacks on water facilities in Norway and Poland, and Nigeria's deportation of over 100 foreign nationals tied to a large cybercrime syndicate. He also notes auctions of active police and government email credentials on criminal forums and underscores lessons for resilience, encryption policy, and international cooperation.

Seven Signs Your Organization Needs an MSSP Immediately

🔒 Managed Security Service Providers (MSSPs) deliver continuous monitoring, expert incident response, and threat intelligence to reduce internal workload and close skills gaps. This article outlines seven clear signals—ranging from insufficient protection and crushing alert volumes to no after-hours coverage and burdensome reporting—that indicate an urgent need to engage an MSSP. It stresses evaluating providers on experience, transparency, SLAs, and integration readiness, while noting MSSPs cannot fix weak internal security culture or insider threats.

Password Manager Auto-Fill Flaw, Quantum Risks, Devices

🔒 In this edition of the Smashing Security podcast Graham Cluley and guest Thom Langford examine how some password managers can be tricked into auto-filling secrets into cookie banners via a clickjacking sleight-of-hand. They discuss practical defenses for website owners and hardening steps for users to protect their personal vaults. The episode also covers post-quantum concerns—"harvest-now, decrypt-later"—Microsoft’s 2033 quantum-safe commitment, and device update risks including printers, plus lighter segments like a dodgy URL "shadyfier" and repurposing an iMac G4 as a media hub.

Skills Shortage Threatens Corporate Cybersecurity Resilience

🔒 A recent Accenture report warns that only 34% of companies have a mature cyber strategy and just 13% possess advanced capabilities to defend against AI-driven threats, leaving many organizations exposed. Industry leaders identify a persistent shortage of specialized cybersecurity talent as the central obstacle: 83% of IT leaders say the lack of cyber talent is a major barrier. Experts cite systemic causes beyond pay, including burnout and unsustainable workplace culture, and point to gender imbalance and gaps in vocational training as missed opportunities. Some analysts expect AI to help by automating repetitive tasks and easing staff burnout, but training and structural reforms are still urgently needed.

Preventing Online Bullying as Students Return to School

📚 The online world often mirrors the schoolyard, and bullying can intensify when a new term begins. A 2023 Microsoft study highlights cyberbullying as a top parental concern, with harassment ranging from name‑calling and rumor‑spreading to sextortion and deepfake images. Watch for behavioral changes, keep open, nonjudgmental lines of communication, and review app privacy settings. If abuse occurs, calmly teach children to block, capture evidence and report incidents to platforms and schools.

How to Remove Your Data from People-Search Brokers

🛡️ Data brokers compile extensive personal dossiers and sell them without consent. This guide explains the challenges of locating and removing your information, outlines typical data collected, and describes practical steps to submit opt-out or deletion requests. It recommends tracking requests in a spreadsheet, citing laws like CCPA or GDPR, and repeating removals every 3–6 months or using paid services.

Global Phishing Campaign Distributes UpCrypter Loader

📧 FortiGuard Labs identified a global phishing campaign that uses crafted HTML email attachments and personalized phishing pages to deliver obfuscated JavaScript droppers which stage the UpCrypter loader on Microsoft Windows systems. The attack uses target-specific URL reconstruction, convincing domain and logo spoofing, and prompts victims to run a bundled JavaScript dropper. The dropper decodes and executes a Base64 PowerShell payload that performs anti-analysis checks, loads an MSIL loader directly into memory, and ultimately deploys multiple RATs (PureHVNC, DCRat, Babylon RAT). Organizations should apply layered email filtering, endpoint least-privilege, and script/memory-aware detection to block these artifacts.

Weekly Recap: Password Manager Clickjacking Flaws and Threats

🔒 This week's recap spotlights a DOM-based extension clickjacking technique disclosed by researcher Marek Tóth at DEF CON that affects popular browser password manager plugins. Vendors including Bitwarden, Dashlane, Enpass, KeePassXC-Browser, Keeper, LastPass, NordPass, ProtonPass, and RoboForm issued fixes by August 22. Other leading stories cover legacy Cisco devices exploited for persistent access, an actively exploited Apple 0-day in ImageIO, cloud intrusions leveraging trusted partner relationships, and several high-risk CVEs to prioritize.

Why SIEM Rules Fail — Causes and Practical Fixes in 2025

🔍 The Picus Blue Report 2025, derived from over 160 million real-world attack simulations, found that organizations detected only 1 in 7 simulated attacks, exposing significant detection and response gaps. The report attributes most failures to missing or misrouted telemetry, misconfigured detection rules, and performance bottlenecks that delay or drop alerts. It recommends continuous validation—for example, using Breach and Attack Simulation—to routinely test rules, verify end-to-end log collection, and prioritize fixes so defenses remain effective against current adversary TTPs. Practical steps include regular log-source audits, optimizing rule logic and thresholds, deploying lightweight test filters, and running ongoing simulation-based validations to reduce noise and recover blind spots.

GeoServer Exploits, PolarEdge, Gayfemboy Expand Cybercrime

🛡️ Cybersecurity teams report coordinated campaigns exploiting exposed infrastructure and known flaws to monetize or weaponize compromised devices. Attackers have abused CVE-2024-36401 in GeoServer to drop lightweight Dart binaries that monetize bandwidth via legitimate passive-income services, while the PolarEdge botnet and Mirai-derived gayfemboy expand relay and DDoS capabilities across consumer and enterprise devices. Separately, TA-NATALSTATUS targets unauthenticated Redis instances to install stealthy cryptominers and persistence tooling.

Mesh Messaging Apps: Use Cases, Risks, and Best Practices

📡 Decentralized peer-to-peer "mesh" messaging apps let nearby phones communicate without internet using Bluetooth or Wi‑Fi Direct. Popular and emerging apps — including BitChat, Bridgefy, Briar, and White Mouse — offer offline messaging with varying privacy features and tradeoffs. While useful for disasters, festivals, or local coordination, these tools have limited range, higher battery use, and mixed encryption reliability; favor open-source and independently audited projects.

Linux Backdoor Delivered via Malicious RAR Filenames

🛡️ Trellix researchers describe a Linux-focused infection chain that uses a malicious RAR filename to trigger command execution. The filename embeds a Base64-encoded Bash payload that leverages shell command injection when untrusted filenames are parsed, allowing an ELF downloader to fetch and run an architecture-specific binary. The chain ultimately delivers the VShell backdoor, which runs in memory to evade disk-based detection.

Resurgence of Mirai-Based IoT Malware: Gayfemboy Campaign

🛡️ FortiGuard Labs reports the resurgence of a Mirai-derived IoT malware family, publicly known as “Gayfemboy,” which reappeared in July 2025 targeting vulnerabilities in DrayTek, TP-Link, Raisecom, and Cisco devices. The campaign delivers UPX-packed payloads via predictable downloader scripts named for product families and uses a modified UPX header and architecture-specific filenames to evade detection. At runtime the malware enumerates processes, kills competitors, implements DDoS and backdoor modules, and resolves C2 domains through public DNS resolvers to bypass local filtering. FortiGuard provides AV detections, IPS signatures, and web-filtering blocks; organizations should patch and apply network defenses immediately.

Weak Passwords Fuel Rise in Compromised Accounts in 2025

🔐 The Picus Blue Report 2025 finds that password cracking succeeded in 46% of tested environments, while Valid Accounts (T1078) exploitation achieved a 98% success rate. Many organizations still rely on weak passwords, outdated hashing, and lax internal controls, leaving credential stores exposed. The report urges adoption of widespread MFA, stronger password policies, routine credential-validation simulations, and improved behavioral detection to reduce undetected lateral movement and data theft.

QuirkyLoader Deploys Agent Tesla, AsyncRAT and Keyloggers

🛡️ Researchers disclosed a new .NET-based DLL loader named QuirkyLoader that's been used since November 2024 to deliver information stealers, keyloggers and RATs via email spam. IBM X-Force says attackers send malicious archives from both legitimate providers and self-hosted servers; each archive contains a DLL, an encrypted payload and a real executable used for DLL side-loading. The loader uses process hollowing to inject decrypted payloads into AddInProcess32.exe, InstallUtil.exe or aspnet_wp.exe. Operators compile the .NET DLL with ahead-of-time (AOT) compilation so the resulting binary resembles native C/C++ code and is harder to attribute.

Debunking Cyberbullying Myths: What Parents Should Know

🔍 This article debunks ten common cyberbullying myths that can mislead parents and educators. It cites rising rates of online harassment among US middle- and high-school students and explains why beliefs such as “what happens online stays online” or “remove the tech and you solve it” are false. The piece urges open dialogue, vigilance for behavioral signs, and collaborative plans to support children.

Google research improves Retbleed exploit on Zen 2

🔬 Google researchers demonstrated practical improvements to the Retbleed speculative-execution attack, showing that on AMD Zen 2 CPUs attackers can read arbitrary RAM at roughly 13 KB/s with perfect cache-extraction accuracy. They adapted a modified Speculative ROP technique to evade Spectre v2 mitigations and showed ways to bypass Linux kernel defenses. The exploit still requires prior knowledge of kernel configuration, but common default builds and probing reduce that hurdle, and Google has already restricted Zen 2 in certain cloud workloads.

Ransomware Incidents in Japan: H1 2025 Trends and Analysis

🔒 Cisco Talos identified a roughly 1.4× rise in ransomware incidents in Japan during H1 2025, with 68 confirmed cases versus 48 in the same period last year. Attacks continued to focus on small and medium-sized enterprises, with manufacturing the most affected sector. The report highlights active groups such as Qilin, RansomHub and Hunters International and spotlights the emerging Kawa4096/KaWaLocker family. Talos recommends layered defenses including Cisco Secure Endpoint, Secure Email and Secure Malware Analytics, and publishes IOCs for responders.