< ciso
brief />
Threat and Trends Reports Banner

All news in category “Threat and Trends Reports

1639 articles · page 3 of 82

Researchers Find RSA Keys Containing Large Zero Blocks

🔍 New research identifies a class of weak RSA keys characterized by extensive zeroed blocks in the modulus. The open-source badkeys project collected large-scale key material from CT logs, TLS/SSH scans, and PGP repositories and found multiple real-world keys exhibiting two distinct sparse patterns. Pattern 1 appeared in certificates (now expired) from major organizations and devices, while Pattern 2 appeared in SSH hosts using CompleteFTP; affected versions and time ranges are noted. The findings highlight independent cryptographic implementations failing in similar ways and raise concerns about deliberate backdoors or coordinated vulnerabilities.
read more →

Evolution of the Pro‑Russia Influence Ecosystem

🛡️ Four years into Russia’s invasion of Ukraine, the pro‑Russia influence ecosystem has shifted from wartime tools back toward a global strategic asset. GTIG observes expansion of covert information operations, revived hacktivism, and increasing use of generative AI across planning and content creation. The ecosystem blends state, state‑aligned, and independent actors, targeting the West, Russia’s near abroad, the Middle East, Africa, and domestic audiences while exploiting media mimicry, cyber‑enabled IO, and direct dissemination.
read more →

Three real-world incident case studies from GERT

🔍 Over the past year, Kaspersky’s Global Emergency Response Team and MDR service investigated diverse security incidents that informed the Anatomy of a Cyber World Global Report 2026. The post presents three real case studies illustrating how adversaries use credential theft, known vulnerabilities, and lateral movement to achieve persistence, escalate privileges, and deploy ransomware or wipers. It highlights recurring misconfigurations, delayed patching, and blind spots in monitoring as root causes of successful attacks.
read more →

Drone-assisted Disarmament Advances Policing Tech

🛡️ In Sacramento County, deputies used a drone equipped with a high-powered magnet to retrieve a knife from a suspect hiding inside a cluttered residence after negotiators failed to get a response. An officer wearing goggles operated the drone, located the suspect in a garage corner, and secured the weapon, which can be seen spinning as the drone returned it to deputies. The event was posted June 22 on the Sheriff's Office Instagram and accompanied online discussion.
read more →

Why attackers target your email inbox aggressively

📧 Email accounts act as hubs for identity verification, password resets and long-term records, making them prime targets for cybercriminals. Attackers use phishing, account takeover, forwarding rules and abused tokens to maintain access, intercept codes and harvest sensitive information. Corporate inbox breaches can lead to data theft, ransomware or expensive fraud, while sophisticated tools like GenAI increase phishing success rates. Regularly review security settings, use MFA or passkeys, and remain vigilant to reduce risk.
read more →

Cyber Risks and Privacy Threats Around World Cup 2026

🛡️ The 2026 FIFA World Cup presents an unprecedented cyberattack surface across three host countries, with illegal streaming and black-market gambling exposing viewers to significant risks. UpGuard researchers found publicly exposed log systems containing plain-text credentials, IP addresses, and betting details tied to pirate streams and offshore bookmakers. Law enforcement and international operations are disrupting many servers, but resilient criminal networks continue to adapt and monetize audiences via unregulated gambling.
read more →

Widespread GitHub Actions Misconfigs Threaten CI/CD

🔍 Kaspersky researchers analyzed GitHub Actions across ~30,000 popular repositories and scanned ~130,000 pipelines using new rules in Kaspersky Container Security. Only 10% of repositories showed no concerns; the scan flagged over 250,000 potential deviations from secure CI/CD recommendations, with 0.4% classified as high risk and eight repositories containing critical flaws that could enable supply chain compromise. The study highlights common errors like exposed secrets, insecure run conditions, and unsafe handling of external data, and the ruleset is now available to KCS users.
read more →

Practical Zero Trust Plan for OT: 90‑Day Roadmap

🔒 The article reframes zero trust for operational technology (OT) by focusing on practical, non‑disruptive steps that align with regulatory requirements and operational realities. It proposes a 90‑day plan: Days 1–30 prioritize mapping assets and identities at IT/OT boundaries; Days 31–60 contain vendor remote access to gain early wins; Days 61–90 build a simple maturity scorecard and narrative. The approach emphasizes targeted controls, governance alignment, and measurable progress rather than abstract architectures.
read more →

SMB Cyber Readiness: Road to Operational Resilience

🔒 Small and medium-sized businesses (SMBs) often underprioritize cybersecurity despite representing a majority of global enterprises and employees. A new ESET report finds 45% of SMBs experienced incidents last year and 61% expect attacks in the next 12 months, with data loss, disruption, and financial harm as top concerns. The piece stresses cyber readiness — prevention, detection, and response — and highlights AI adoption, training gaps, and the need for realistic risk assessments and outsourcing like MDR.
read more →

Bluekit adopts browser-in-the-middle for login theft

🛡️ The Bluekit phishing-as-a-service platform has added browser-in-the-middle (BitM) capabilities and nearly 70 new hostnames, enabling attackers to load legitimate login pages and capture valid session tokens. Netcraft found Bluekit uses the open-source rrweb library to serialize and stream page DOM data over WebSockets while fetching assets through phishing infrastructure. The kit also includes advanced anti-analysis features such as randomized CSS filters, large rotating obfuscated JavaScript bundles, custom CAPTCHAs, browser fingerprinting, and WebRTC IP-mismatch checks.
read more →

Threatsday bulletin: proxyware, exploits, and trends

🛡️ This week’s bulletin highlights a string of practical and persistent threats: privacy-preserving bot defense work from Cloudflare and browsers, six serious curl vulnerabilities fixed in 8.21.0, and a critical unauthenticated takeover in Hoppscotch. Spur Intelligence found widespread proxyware in LG and Samsung smart TV apps, while Teams-based social engineering delivered the Edgecution extension. Other items include legacy credential breaches, state-crime convergence, admin reset alerts, and macOS ClickFix campaigns.
read more →

Study Finds Decline in Trust for AI Vulnerability Scanning

🛡️ The Cobalt State of Pentesting Report 2026 surveyed roughly 450 cybersecurity professionals across 2025 and 2026 and found trust in fully automated AI vulnerability testing has dropped sharply. Reliance on AI-only testing fell from 29% to 9%, while 47% now prefer a hybrid human-plus-AI model. Respondents reported that 78% of fully automated scanners missed critical vulnerabilities, and AI/LLM issues showed longer MTTR and lower fix rates.
read more →

Ransomware Incidents Surge Across Europe in 2026

🔍 Black Kite's 2026 European Cyber Risk Report found a 55.1% year-over-year rise in ransomware incidents in the first four months of 2026, averaging 171 incidents per month. Five countries — Germany, the UK, France, Italy and Spain — accounted for 70% of attacks. The Qilin ransomware was the most prevalent, followed by Akira and regionally focused SafePay, with manufacturing the most targeted sector. Researchers highlighted supply chain compromises and third-party risk as key drivers of the increase.
read more →

Introduction to COM Usage by Windows Threats

🧭 This post introduces Component Object Model (COM) fundamentals and explains how analysts can identify and analyze COM usage in binaries. It covers GUIDs, CLSIDs, IIDs, ProgIDs, vtables, and activation APIs such as CoCreateInstance and CoCreateInstanceEx. The article highlights DCOM and COM security concepts, common Windows examples like Task Scheduler, and practical tools (e.g., OleView.NET) and workflows for reversing COM-dependent malware.
read more →

StealC and Amadey: Infostealer Ecosystem Disruption

🔍 Microsoft analyzes how infostealers like StealC and loaders such as Amadey fuel a commodified cybercrime economy by harvesting credentials, cookies, and tokens from unmanaged devices. The post details methods of delivery (SEO poisoning, malicious ads, ClickFix, phishing), StealC’s data collection and C2 behaviors, and how stolen logs are monetized. It also describes a coordinated takedown on June 24, 2026, by Microsoft DCU and partners that disrupted hundreds of domains and C2 servers.
read more →

Spyware embeds forbidden text to disrupt AI analysis

🛡️ A malware developer has begun embedding provocative text about nuclear and biological weapons inside large JavaScript block comments in spyware payloads to confuse AI-based scanners. The commented header is ignored at runtime but aims to trigger refusals or misclassification in naive LLM-powered triage systems that ingest file starts without isolating untrusted content. Traditional detection methods—YARA, entropy checks, AST parsing, and behavioral analysis—remain effective, but the technique is a practical anti-analysis tactic against weak AI-first pipelines.
read more →

Reframing Trust: A CISO’s Risk-Tiering Model

🔍 Security awareness training that taught employees to spot obvious phishing cues is no longer sufficient. AI-generated attacks and legitimate-looking infrastructure have erased the surface signals users were trained to rely on, making sustained human vigilance unrealistic. The article argues for applying Daniel Kahneman’s fast/slow thinking at the organizational level to map and re-tier processes, keeping fast lanes where justified and revoking them where risk has changed.
read more →

OpenClaw AI supply chain risks and findings

🧭 OpenClaw is an AI agent executing third-party skills from ClawHub, and several malicious campaigns emerged after launch. Our Feb–May 2026 analysis identified five skills that bypassed screening and fell into three threat categories: macOS infostealers, an evasion technique using inflated file size, and novel agentic threats for financial gain. All five skills were reported and removed; OpenClaw and NVIDIA have since increased screening and analysis.
read more →

GTA 6 preorder scams exploit hype and crypto

🎮 Scammers have launched polished fake sites claiming to offer early access to Grand Theft Auto VI for a fee in cryptocurrency, ahead of Rockstar Games’ official June 25 preorder announcement. Malwarebytes warns these pages are unauthorized and often use urgency tactics, smooth payment flows and phishing to steal funds or credentials. Victims paying in crypto typically cannot recover funds; only Rockstar and authorized retailers should be trusted.
read more →

Cybersecurity’s Shift From Protection to Survival

🔒 The piece argues that cybersecurity must move beyond a prevention-first mindset to a survival-focused discipline. It stresses that while traditional controls (MFA, patching, hardening) remain necessary, organizations need breach readiness: continuity, recoverability, tested incident response, and clear governance. Regulatory and market pressures (EU resilience laws, US disclosure and accountability) plus AI-driven acceleration make resilience an operational imperative.
read more →