< ciso
brief />
Threat and Trends Reports Banner

All news in category “Threat and Trends Reports

1641 articles · page 32 of 83

SLH Offers $500–$1,000 Per Call to Recruit Female Vishing

⚠️ Scattered LAPSUS$ Hunters (SLH) is reportedly paying $500–$1,000 upfront per call to recruit women for voice phishing campaigns against IT help desks, Dataminr says. The group provides pre-written scripts and leverages advanced social engineering techniques, including MFA prompt bombing and SIM swapping, to gain access. Actors then deploy tunneling tools, residential proxies and legitimate file-sharing services to move laterally, escalate privileges, and exfiltrate data, with some intrusions resulting in ransomware.
read more →

Five Ways Broken Triage Raises Business Risk and Remediation

🛡️ Triage often increases organizational risk when investigators make decisions without execution evidence, when outcomes vary by analyst seniority, or when manual steps and escalations slow response. The article outlines five specific failures—lack of early evidence, seniority-dependent quality, slow time-to-decision, over-escalation, and repetitive manual work—and recommends execution-driven fixes such as using ANY.RUN interactive sandboxing to produce fast, observable behavior that enables evidence-backed verdicts, reduces rework, and shortens MTTR.
read more →

App Exploits Surge as AI Accelerates Vulnerability Use

⚠️ IBM X-Force warns of a 44% increase in attacks exploiting public-facing applications in 2025, driven by missing authentication controls and AI-enabled vulnerability scanning. Vulnerability exploitation accounted for 40% of incidents, while ransomware and extortion groups grew 49% year over year. The report highlights AI is speeding reconnaissance and exploitation and that supply chain compromises have nearly quadrupled since 2020.
read more →

Unmasking Agent Tesla: Multi-Stage Campaign Analysis

🔍 This Fortinet analysis dissects a recent multi-stage campaign deploying Agent Tesla, which targets Windows users with credential theft and keylogging. The chain uses spearphishing with RAR attachments containing obfuscated JSE loaders that fetch encrypted PowerShell scripts and reflectively load .NET assemblies in memory. Operators leverage process hollowing, virtualization and sandbox checks, and SMTP-based exfiltration to minimize detection. Fortinet telemetry and cross-product protections are highlighted to help organizations mitigate the threat.
read more →

Manual Data Transfers Threaten National Security Readiness

🔒 More than half of national security organizations still rely on manual processes to transfer sensitive data, the CYBER360 report warns. The article highlights how human-dependent transfers introduce delays, audit gaps, and exploitable seams that adversaries can weaponize. It urges adoption of automated, policy-driven controls—centered on Zero Trust, data-centric protection, and cross-domain solutions—to restore speed, accountability, and mission resilience.
read more →

Boards Want Risk Signals, Not Just Cybersecurity Metrics

🔍Boards and security leaders must shift reporting from raw counts to risk signals that map to exposure, trajectory, and consequence. Metrics such as mean time to detect and mean time to contain translate technical activity into business impact and serve as proxies for loss avoided. Experts warn that countable metrics can obscure structural risk, near misses, and changing assumptions that boards must know. AI has not created new board-level metrics but amplifies visibility and governance gaps that directors need signaled.
read more →

Inside Business Email Compromise: Tactics and Real Costs

📧 Business email compromise (BEC) is a targeted fraud where attackers impersonate executives, vendors, or partners to trick employees into wiring funds or revealing sensitive data. Last year BEC caused $2.7 billion in losses and increasingly uses techniques like AI-based voice/text cloning, QR-code scams, and conversation hijacking. These attacks often require no malware, relying instead on reconnaissance and trust. Defenses include multi-factor verification, approval tiers, employee training, and advanced email authentication and detection.
read more →

Types of Ransomware Attacks and Detection Methods Overview

🔒 This article profiles major ransomware varieties — including crypto, double extortion, encryptionless, locker, scareware and Ransomware-as-a-Service — and explains how they operate. It outlines common detection approaches such as behavioral, signature, heuristic, and deception techniques. The piece also situates ransomware within the broader malware landscape and describes how Huntress’ 24/7 human-led monitoring and containment reduce risk.
read more →

Locking Down Endpoint Vulnerabilities Across Laptops and IoT

🔒 Attackers frequently exploit common endpoint weaknesses—exposed Remote Desktop Protocol (RDP), sophisticated phishing, abused Remote Monitoring and Management (RMM) tools, and unpatched software—to gain access and persist. The article shows how brute-force RDP, AI-enhanced phishing, and misconfigured RMMs enable lateral movement and stealthy persistence. Implement MFA, regular patching, EDR, RMM audits, and user training to reduce risk.
read more →

1Campaign Cloaking Service Enables Malicious Google Ads

🛡️ 1Campaign is a cloaking service that helps threat actors run malicious Google Ads by passing automated screening and serving benign pages to security researchers while exposing real users to phishing and crypto-drainer content. According to Varonis, the platform offers a dashboard for targeting by geography, ISP, and device, and assigns fraud risk scores to filter out cloud-based and researcher traffic. It also includes a Google Ads launcher that aids operators in bypassing policy checks and impersonating brands, allowing malicious ads to remain online until manually reported.
read more →

Preventing Business Email Compromise: Practical Steps

🔒Business email compromise (BEC) is a high-impact social engineering threat that targets organizations' financial and identity workflows. The article outlines pragmatic defenses: enforce MFA, validate DMARC/DKIM/SPF, deploy advanced phishing and spoofing filters, and maintain continuous security awareness training with simulated attacks. It also recommends dual-approval for large transfers, stricter help-desk verification, and monitoring for anomalies such as mailbox forwarding rules, impossible-travel logins, and last-minute bank-detail changes to accelerate detection and response.
read more →

Recognizing Red Flags of Business Email Compromise

🔎 Business Email Compromise (BEC) exploits social engineering and subtle technical deception to manipulate employees and bypass controls. Attackers use domain tweaks, display-name spoofing, urgent off-hours requests, and impersonation to pressure finance, HR, or operations into transfers or data disclosure. Inspect headers and SPF/DKIM/DMARC, enforce MFA, run phishing simulations, and maintain a strict verification culture.
read more →

Cost of Insider Incidents Surges Driven by Shadow AI

🔍 DTEX's Cost of Insider Risks 2026 report, produced with the Ponemon Institute, finds employee negligence — driven in part by shadow AI — caused 53% of the average $19.5m loss per organization. Malicious incidents accounted for $4.7m and phishing-related 'outsmarted' employees $4.5m. The study warns undocumented AI, personal webmail and file sharing create exposure and urges behavioral intelligence, identity-centric controls and AI governance to reduce incidents.
read more →

Bring the Fight to the Edge: Time-Based OT Defense

🔍 Recent joint research from Palo Alto Networks, Siemens and the Idaho National Laboratory shows that most OT-impacting attacks originate in IT and manifest at the IT–OT edge. Analysts found attackers dwell an average of 185 days in precursor phases, producing detectable signals like credential abuse, reconnaissance and protocol misuse. The paper recommends edge-focused telemetry and an OT SOC-driven active defense to detect and disrupt threats before operational impact.
read more →

AI Speeds Attacker Breakouts to Minutes, ReliaQuest Finds

🔍 ReliaQuest's Annual Cyber‑Threat Report 2026 found attackers are using AI and automation to reduce average breakout time to 34 minutes (29% faster than 2024), with the fastest lateral movement recorded at four minutes and the quickest exfiltration at six minutes. The firm says 80% of ransomware groups used automation or AI last year. Defenders can respond faster using agentic AI, achieving average containment in four minutes versus 16 hours without automation, and should prioritise visibility, inventory management and stronger identity controls.
read more →

Prioritizing Identity Risk by Context, Not Ticket Volume

🔐 Most identity programs still triage work like IT ticket queues—by volume, noise, or failed control checks—an approach that breaks when environments are increasingly non-human and partially onboarded. Identity risk is a function of controls posture, hygiene, business context, and intent; missing controls matter differently depending on what an identity can access. Hygiene failures such as orphan, local, or dormant accounts create low-effort paths for attackers and autonomous agents. Orchid builds an identity graph from telemetry, scores contextual risk, ranks toxic combinations, and sequences remediation to reduce real exposure rather than just shrink a findings list.
read more →

AI-enabled Cyber Attacks Nearly Double in 2025 - CrowdStrike

⚠️ CrowdStrike's Global Threat Report 2026 warns that AI-enabled cyber-attacks rose 89% in 2025 as adversaries used machine learning and LLMs to scale and refine phishing, disinformation and malware operations. Researchers observed LLMs producing multilingual, convincing phishing lures and automating campaign creation, while some actors embedded prompting into malware (eg, LameHug) for reconnaissance. CrowdStrike recommends strong identity controls, AI-focused awareness training and threat-intel monitoring to mitigate the accelerating threat.
read more →

Time to Rethink CISO Reporting Lines and Biases Today

🔍 Security leaders remain largely removed from top executive decision-making despite growing prominence. IANS Research and Artico Search’s 2026 State of the CISO Benchmark Report finds 64% of CISOs still report into IT while only 11% report to the CEO. Experts argue that such arrangements can create conflicts of interest as CIO incentives favor efficiency and delivery over enterprise risk reduction. Many urge giving CISOs independence, a clear seat at the table, and reporting aligned to enterprise risk owners.
read more →

The Evasive Adversary: Faster, Quieter, Cloud-Focused

🛡️ CrowdStrike reports that adversaries shifted in 2025 from expanding toolsets to prioritizing evasion, using AI to refine phishing, malware scripts, and reconnaissance while favoring malware-free techniques that blend with legitimate user activity. AI-enabled attacks rose 89% year over year and malware-free methods accounted for 82% of detections. Supply chain compromises, rapid zero-day weaponization, and cloud-focused intrusions amplified stealth, with big-game ransomware groups moving to remote encryption and credential abuse to minimize detection.
read more →

CrowdStrike 2026 Global Threat Report Findings Overview

🔍 The CrowdStrike 2026 Global Threat Report reviews 2025 as the year of the evasive adversary, detailing how attackers shifted to subtle, trust-based techniques across endpoint, identity, SaaS, and cloud environments. Adversaries accelerated operations using AI and exploited AI systems themselves, while supply chain compromises and zero-day usage rose markedly. The report highlights rapid breakout times, a high rate of malware-free intrusions, and significant increases in state-nexus activity, offering prioritized insights for defenders.
read more →