All news in category “Threat and Trends Reports”

🔐 In a connected business environment, the article argues that conventional perimeter controls like firewalls and intrusion-detection systems are no longer sufficient to protect organisations. It highlights how a $280 billion data-broker industry and billions of daily phishing emails create an expansive, often invisible outbound data flow that enables credible CEO fraud and targeted spear-phishing. The author recommends deploying Security & Privacy Boxes, strengthening employee training, self-hosting sensitive services and adopting a Zero Trust approach to reduce leakage and long-term APT dwell time.

🔎 Security researchers at Fortra’s Intelligence and Research Experts (FIRE) uncovered a Telegram and WhatsApp marketplace called HaxorSEO offering over 1,000 backlinks on pre-compromised, legitimate domains. Operators install webshells and inject backlinks that point to phishing or malware sites, advertising SEO metrics like PA, DA and DR to sell effectiveness. Listings cost as little as $6 each and can help fraudulent pages outrank genuine services. Users are advised to bookmark sensitive login pages and verify domains before entering credentials.

🌐 In Q4 2025 Cloudflare observed over 180 Internet disruptions worldwide driven by government-directed shutdowns, submarine cable cuts, power failures, extreme weather, military action, and technical faults at operators and hyperscalers. Significant incidents included a Tanzania shutdown, multiple fiber and submarine cable outages affecting Haiti, Pakistan, Cameroon and the Dominican Republic, and catastrophic cyclone damage in Sri Lanka and Indonesia. Several provider-side and hyperscaler incidents also reduced availability for many sites and applications, while two Cloudflare-specific outages impacted service for subsets of customers. Verified anomalies and outage details are tracked in Cloudflare Radar and available via the Radar API.

⚡ This weekly recap highlights shifting attack patterns and urgent fixes: an incomplete patch in Fortinet firewalls (CVE-2025-59718/59719) is being actively abused, while the VoidLink Linux malware appears largely produced with AI assistance. Researchers also disclosed a critical GNU InetUtils telnetd flaw (CVE-2026-24061) that can yield root shells. Other notable trends include vishing campaigns targeting major IdPs, malvertising that crashes browsers to deliver a Python RAT, and supply-chain/package compromises; administrators should prioritize exploitable, public-PoC, and KEV-class vulnerabilities.

🔐 As AI accelerates adoption and threat automation, CISOs foresee 2026 as a turning point for governance, resilience, and identity-centric defense. Leaders expect boards to elevate AI and quantum risk, vendors to deliver secure-by-design products, and SOCs to consolidate telemetry and automate responses. Small and mid-size firms will face intensified targeting, making tailored security services essential.

🔒 Cybercriminals now operate like businesses—highly specialized, service-oriented, and ROI-driven—using models such as RaaS and initial access brokers to scale attacks. This industrialization, amplified by AI and automation, forces a shift from reactive detection to proactive prevention and identity-first controls. CISOs must prioritize governance, supply-chain resilience, defensive automation, and strategic partnerships to manage risk amid talent and budget shortfalls.

🔐 Cyber security should begin in childhood, not only as a late-stage workforce specialization. The piece argues that threat actors target schools, hospitals, municipalities and small businesses as aggressively as large enterprises, and that waiting for workforce pipelines to mature leaves communities exposed. Early, practical education—covering ransomware awareness, phishing resistance, hands-on skills and teacher training—reduces immediate risk and strengthens future talent pools.

🔒 A growing body of evidence shows insider threats are a systemic and underestimated risk: a Bitkom survey found 48% of German companies attribute data theft, espionage or sabotage to employees. Insiders hold legitimate access and institutional knowledge, enabling subtle misuse that often evades technical controls. Effective protection requires shifting from isolated tools to a holistic, human-centred approach that combines culture, governance and clear ownership of risk.

🔐 Security engineering teams are builders who design services, automate processes, and optimize deployments to support central security organizations and their stakeholders. They must pair deep technical fluency — understanding the full IT environment, containers, CI/CD, and operational telemetry — with product ownership to build and operate what they create. Emphasizing developer experience (DevX) reduces friction and increases adoption of security controls. Equally important are collaboration, influence, and soft skills such as prioritization, adaptability, and continuous learning to sustain a resilient practice.

🔍 Cisco Talos stresses the simple but essential advice: know your environment, and pay attention to reconnaissance rather than dismissing it as noise. Researchers disclosed patched vulnerabilities in Foxit PDF Editor, Epic Games Store, and MedDream PACS, including privilege escalation, use‑after‑free, and XSS that could enable code execution or unauthorized access. The newsletter also covers active phishing and ransomware activity and provides telemetry on prevalent malware. Organizations should patch affected products, enhance detection for recon patterns, and apply layered defenses.

🔐 Most of this week's threats exploited trusted systems and routine workflows rather than new techniques, achieving access with low friction and high persistence. Incidents ranged from targeted spear‑phishing that delivered the FALSECUB backdoor to widespread malvertising campaigns distributing .NET RATs and the TamperedChef infostealer. Google Project Zero detailed a multi‑stage Pixel zero‑click chain, vendors disclosed DLL side‑loading and WSL abuse, and supply‑chain exposures and large reconnaissance sweeps were widely observed. Administrators should prioritize patching, plugin hygiene, and tightening automated support and supply‑chain controls.

🌐 At the World Economic Forum in Davos, Fortinet highlighted that cybercrime has evolved into a transnational economic system driven by specialization, automation, and AI. Leaders emphasized an acute imbalance: attackers benefit from low-risk, high-reward models while defenders are hindered by fragmented collaboration, jurisdictional limits, and a widening skills gap. Participants called for scaling structured, incentive-driven collaboration and validated community intelligence, together with targeted training and technology investment, to shift the economics in favor of defenders.

🤝 At Davos, Fortinet argues that cybercrime has evolved into an economic system sustained by specialized markets such as ransomware collectives and Cybercrime-as-a-Service. Attackers are leveraging automation and AI to scale and personalize campaigns, while defenders remain constrained by fragmented jurisdictions, voluntary sharing, and an enduring skills gap. The piece calls for scalable, incentive-driven collaboration, trusted reporting, expert validation, and stronger law enforcement partnerships to shift the economics in favor of defenders.

🔍 VulnCheck’s State of Exploitation 2026 report finds 28.96% of known exploited vulnerabilities (KEVs) were exploited before or on the day they were disclosed, up from 23.6% in 2024. In 2025 the firm observed exploitation of 884 vulnerabilities — a 15% year‑over‑year increase — across hundreds of vendors and products. Network edge devices (191 KEVs), content management systems (163) and open source software (129) were the most targeted, while operating systems saw the highest share of zero‑day and one‑day exploits. The report also notes time‑to‑exploitation patterns remained consistent and that ransomware attribution often lagged initial exploit disclosures.

🔒 Vodafone Business polled 1,000 senior UK leaders and found 89% are more alert to cyber threats after high-profile breaches, yet 10% said their organisations would likely not survive a similar incident. The survey highlights poor preparedness — only 45% confirmed basic cyber-awareness training and staff commonly reuse passwords across personal accounts. Leaders also warned that AI-enabled deepfakes complicate detection and response. Policymakers and telcos have introduced a second Fraud Sector Charter to harden networks, verify SMS sender IDs, enable traceback for suspicious calls and improve threat sharing and victim support.

⚠️ Unit 42 details a technique where seemingly benign webpages call trusted LLM APIs from the browser to generate malicious JavaScript dynamically and execute it at runtime. Carefully engineered prompts can bypass model safety guardrails and return credential-harvesting code that assembles in-browser into personalized phishing pages. Because payloads are served via trusted domains and differ per visit, this approach defeats many static and network-based detectors, making runtime behavioral analysis the most effective mitigation.

🔒 Apple Pay's convenience has made it a target for social-engineering scams; attackers generally manipulate users rather than exploit the platform's tokenization or biometric defenses. The article outlines common schemes — phishing/smishing, marketplace and overpayment/refund frauds, fake receipts, unsolicited payments, and evil‑twin Wi‑Fi — and highlights red flags like requests for 2FA codes. Recommended defenses include enabling Stolen Device Protection, turning on card notifications, using chargeback-eligible cards, and employing a VPN on public networks.

🔒 Palo Alto Networks' assessment identifies phishing and spoofed websites as the primary initial access vectors for the Milano-Cortina 2026 Winter Games. Researchers highlight business email compromise (BEC) as central to these campaigns, noting 76% of observed phishing relied on BEC to exploit trust among staff, partners and suppliers. The report warns that ransomware groups, nation-state actors and hacktivists will target ticketing, payment systems and APIs, and it advises basic vigilance, supplier vetting and reputable purchasing to reduce consumer risk.

🔒 A convincing, routine text claiming an unpaid toll demonstrates how even cautious people can fall for phishing. A well-known security expert admitted to repeatedly failing internal simulations, showing that distraction, emotional context, and timing defeat training. Flare's analysis of 8,627 underground conversations describes a mature phishing economy — PhaaS platforms, AI tools like PhishGPT, turnkey kits, and resilient infrastructure. The practical lesson: build habits, add friction, and pause before you click.

☁️ The 2026 State of Cloud Security Report, based on a survey of 1,163 senior cybersecurity leaders, identifies a growing "complexity gap" between cloud growth and defensive capability. It cites three drivers: fragmented defenses, understaffed teams, and threats operating at machine speed, and quantifies readiness shortfalls across detection, response, and visibility. Respondents favor consolidation — 64% would design security around a single-vendor platform to improve integration, accelerate response, and reduce operational friction.