< ciso
brief />
Threat and Trends Reports Banner

All news in category “Threat and Trends Reports

1641 articles · page 31 of 83

Data Center Modernization Urgent in the AI Era and Energy

🔍 Enterprises are re-evaluating data center strategies as AI adoption, rising energy costs and regulatory pressure reshape requirements. Many organizations are bringing workloads back from public clouds and investing in modern on-premises or private cloud models to regain control, ensure compliance and optimize efficiency. Edge, IoT and AI inference add new location, latency and power demands, forcing hybrid decisions that balance performance with geopolitical and economic realities.
read more →

Kubernetes security: strengthening cluster defenses

🔒 New Kubernetes clusters are probed and often attacked within minutes, with honeypots run by Palo Alto Networks, Wiz and Aqua Security showing initial compromise attempts in roughly twenty minutes and repeated automated scans against container ports. The platform's permissive defaults and complex model make standard cloud controls insufficient. Organizations should adopt Kubernetes-specific controls: harden and automate RBAC, isolate workloads with network and namespace policies, store secrets in dedicated key management services, perform regular audits, and train developers on platform-specific threats and secure CI/CD practices.
read more →

Iran's Cyber Capabilities: What Defenders Should Know

🔍 Iran’s cyber ecosystem combines state-aligned clusters, deniable operators, and hacktivists linked to IRGC and MOIS. These actors pursue espionage, disruption and destructive operations—DDoS, pseudo-ransomware, and wipers—often paired with information operations and coordinated amplification. Activity is intensifying amid the current crisis and is expected to broaden across the Middle East, the United States, and other regions.
read more →

Monthly Security Roundup — February 2026 Highlights

🔒 In February 2026 ESET Chief Security Evangelist Tony Anscombe highlights a series of notable incidents: widespread misuse of commercial generative AI, a novel Android malware campaign, increased ATM jackpotting, and destructive attacks against critical infrastructure. Researchers tied more than 600 compromised FortiGate devices in 55 countries to exposed management ports and weak credentials, while ESET documented PromptSpy, the first known Android malware abusing generative AI for context-aware UI manipulation. The FBI warned US ATM operators about a rise in jackpotting, and ESET analyzed a DynoWiper case targeting an energy company. Businesses are urged to strengthen access controls, enforce MFA, close exposed management ports, and improve monitoring for GenAI-related abuse.
read more →

Why Application Security Should Begin at the Load Balancer

🔐 The article contends that application security must start at the load balancer, which serves as the primary traffic entry and trust boundary rather than just a performance device. The author describes consulting cases across finance, healthcare, SaaS and retail where permissive edge settings enabled downgrade attacks, bot floods, and long-term technical debt. Recommended controls include enforcing modern TLS, sanitizing requests, applying bot and rate controls at the edge, and integrating the load balancer with downstream WAFs and security tools to reduce incident scope and operational cost.
read more →

Accelerating Data Center Modernization for AI Era Now

🔍 Data center modernization has become a strategic imperative as organizations accelerate deployment of AI and other compute-intensive applications. Success requires coordinated investment across servers, storage, networking, software, and security, and strong partnerships with vendors and integrators. IT leaders need clear roadmaps, measurable milestones, and solutions that balance performance, cost, and operational resilience to enable rapid, secure adoption.
read more →

Accelerating Data Center Modernization for AI Readiness

⚙️Data centers must evolve quickly to support AI workloads and deliver measurable business outcomes. This Spotlight report explains the technical and organizational shifts required to bring infrastructure into the AI age, spanning servers, storage, high-performance computing, networking, software, and security. IT leaders will find actionable guidance on roadmaps, partner selection, and prioritization to accelerate modernization and reduce deployment risk.
read more →

Mobile App Permissions Still Matter: Protect Your Privacy

🔒 App permissions determine which data and device features an app can access, and many users accept prompts without considering the consequences. The article, by Phil Muncaster, explains how modern Android and iOS versions surface sensitive permissions at runtime and distinguishes between benign “normal” permissions and higher-risk “dangerous” ones. It highlights particularly sensitive requests — accessibility, background location, SMS/call logs and overlay — and recommends using Allow once or While using, regularly auditing permissions via App Privacy Report or Privacy Dashboard, and installing apps only from reputable stores.
read more →

Ransomware Shift: Stealthy, Long-Term Access Tactics

🔒 Picus Security's annual red-teaming report finds ransomware operators shifting from noisy encryption to stealthy, long-term access, favoring persistence, defense evasion and data exfiltration. The firm reports a 38% drop in encryption as attackers prioritize double-extortion and silent leaks, often routing C2 traffic through trusted services like OpenAI and AWS. Experts urge stronger identity controls, monitoring of third-party integrations, and detections tuned to persistence and exfiltration.
read more →

Cyber Resilience Requires People, Skills, and Training

🛡️ The 2025 Global Cybersecurity Skills Gap Report shows that human risk and workforce shortages—not technology alone—are driving frequent, costly breaches: in 2024, 86% of organizations experienced at least one breach and 28% reported five or more. Awareness deficits, phishing, and skills gaps account for most incidents, so training must be preventive, continuous, and role-based. Fortinet pairs security products with a broad training and certification program to help organizations close these gaps and improve detection, response, and recovery.
read more →

Darktrace: 32M High-Confidence Phishing Emails in 2025

📧 Darktrace detected more than 32 million high-confidence phishing emails in 2025, signaling a major escalation in identity-driven attacks and automated campaigns. Over 8.2 million of those targeted VIPs, while 1.6 million originated from newly created domains and 1.2 million included malicious QR codes. The vendor reported 70% of phishing passed DMARC, 41% were spear-phishing and 38% used novel social-engineering techniques, highlighting attackers’ growing sophistication and emphasis on credential compromise.
read more →

Threatsday Bulletin: Speed, Deception, and New Vectors

🔔 Recent signals show attackers moving faster and hiding in plain sight. Kali Linux added an integration with Anthropic's Claude via the Model Context Protocol to translate natural-language prompts into technical commands, enabling AI-assisted command execution in a red‑team distro. Censys analyzed ResidentBat, an Android spyware implant used for mass surveillance that exfiltrates audio, messages and files. Alongside Bitpanda-themed phishing, ClickFix-based macOS stealers, ActiveMQ-enabled LockBit intrusions and a widespread WinRAR patch lag, these developments underscore shrinking breakout times, improved cloaking and persistent patching gaps that defenders must address.
read more →

Ransomware Payment Rate Falls to Record Low in 2025

🔒 Chainalysis reports that the proportion of ransomware victims who paid extortionists fell to a record low of 28% in 2025, even as claimed attacks rose sharply. The blockchain intelligence firm says total on-chain ransomware receipts currently total $820 million and may approach or exceed $900 million as more events are attributed. While total payment counts remained relatively stable, the median ransom surged 368% to $59,556, and analysts flagged growing fragmentation and several high-impact breaches.
read more →

Ransomware Payments Fall to Record Low as Attacks Rise

🔒 Chainalysis reports the ransomware victim payment rate fell to 28% in 2025, an all-time low, even as claimed attacks rose about 50% year-over-year. On-chain ransomware receipts totaled $820 million so far and may approach $900 million, while the median ransom jumped to $59,556, up 368% from 2024. Analysts point to improved incident response, regulatory scrutiny, law enforcement actions, and market fragmentation. The report also notes 85 active extortion groups and that initial access brokers earned roughly $14 million in 2025.
read more →

87% of Orgs Have Exploitable Vulnerabilities in Prod

🔍 A new DataDog State of DevSecOps report finds 87% of organizations run at least one exploitable software vulnerability in production, affecting roughly 40% of services. Vulnerabilities are most prevalent in Java (59%), .NET (47%) and Rust (40%). After accounting for runtime and contextual factors, only 18% of critical dependency CVEs remain critical, with .NET seeing a 98% downgrade rate. The report urges contextual prioritization to reduce alert noise and operator burnout.
read more →

CrowdStrike: AI Drives Faster Network Breakouts in 2025

⚠️ CrowdStrike's latest Global Threat Report finds that in 2025 attackers required an average of just 29 minutes to gain full network access, a roughly 65% acceleration from the prior year. The fastest measured breakout dropped to 27 seconds, and some intrusions began exfiltrating data within four minutes of initial access. Researchers link the shift to a steep rise in AI-assisted operations — attackers using AI grew 89% — citing examples such as the LLM-based malware Lamehug, AI-generated credential-extraction scripts, and AI-crafted identities used for insider-style campaigns. Adam Meyers warns defenders must be faster than attackers as AI compresses the window between intent and execution.
read more →

Prepare Now for Post-Quantum Cryptography Migration

🔐 The article warns that patient adversaries follow a "Harvest Now, Decrypt Later" strategy and urges organizations to begin Post-Quantum Cryptography (PQC) migration immediately to protect long-lived data. It prescribes a five-phase migration framework—Preparation, Diagnosis, Planning, Execution, and Continuous Monitoring—and recommends hybrid deployments to retain compatibility. Practical guidance covers asset inventories, risk prioritization (Mosca's Theorem), vendor engagement, and adopting cryptographic agility with references to ML-KEM, TLS, and NIST/CISA guidance.
read more →

Rethinking the Human Layer: Farmers vs. Mercenaries

🛡️ Employees are commonly labeled "the last line of defense," but this article argues that such expectations misplace responsibility. The real human layer is the trained security team—CISOs, SOC analysts and threat hunters—whose capacity is being consumed by high false-positive volumes and noisy user-reporting. Organizations should reduce alert noise, improve tooling and restore analyst capacity rather than relying on broader awareness programs.
read more →

Steaelite RAT Unifies Data Theft and Ransomware Tools

⚠️ Steaelite is a browser-based remote access trojan marketed on underground forums that consolidates remote access, credential harvesting, data exfiltration, and a planned ransomware module into a single management pane. Researchers at BlackFog say the toolkit includes live screen streaming, webcam and microphone access, password recovery, Defender-disable capabilities, and persistence options, and it’s been available since last November. The seller offers access as malware-as-a-service (about $200/month), and defenders are urged to prioritize stopping data exfiltration over relying solely on perimeter defenses.
read more →

Variations of ClickFix technique and evolving delivery

🔒 The Kaspersky Team outlines evolving variations of the ClickFix social‑engineering technique, where attackers trick users into executing malicious commands on their own machines. Recent campaigns abuse legitimate utilities such as mshta.exe, nslookup and the legacy Finger protocol, and have used platforms like TikTok, Pastebin and fake extension pages to prompt victims to run code. Observed payloads include infostealers and remote access trojans such as ModeloRAT. Organizations are advised to prioritize user awareness and robust endpoint and XDR controls to mitigate these risks.
read more →