All news in category “Threat and Trends Reports”

🔐 Bruce Schneier and a broad group of security scientists warn that internet voting is fundamentally insecure and that no known or foreseeable technology can make it safe for public elections. They criticize persistent claims from vendors and advocates—specifically naming Bradley Tusk and the Mobile Voting Foundation—for promoting misleading assurances. The letter calls on election officials and policymakers to reject online voting and stick with proven, auditable processes.

🔒 Exposure management has emerged because organizations often identify risk but cannot translate insight into timely, safe action. From the moment an exposure is discovered and is reachable, exploitable, and known, the remediation clock starts — environments change, dependencies multiply, and attackers adapt faster. Manual workflows, unclear ownership, and fear of disruption extend exposure windows, making exposure management essential to reduce attack surface and operational risk.

🔍 Gartner's introduction of Exposure Assessment Platforms (EAPs) reframes vulnerability management toward Continuous Threat Exposure Management, prioritizing attacker reachability over raw CVE counts. The article outlines how EAPs consolidate discovery across cloud, on-prem, and identity layers, contextualize exposures by exploitability and business impact, and integrate with workflows to track remediation lifecycles. It contrasts legacy vendors with native EAP providers and highlights XM Cyber as an example of attack-graph-based modeling driving the new evaluation criteria.

🔍 Regular cyber risk assessments are essential for identifying vulnerabilities, prioritizing remediation, and documenting security progress for leadership. CISOs receive actionable insights about exposed data, authentication gaps, and compliance obligations (for example, GDPR and PCI DSS). Analyses show one in ten cloud datasets is broadly accessible and more than 99% of compromised accounts lacked MFA. Typical assessments take two to four hours and deliver prioritized, immediately actionable recommendations.

🔒 Removable media remains a persistent enterprise risk, enabling both data exfiltration and device-borne intrusion whenever USB drives connect to endpoints. The article highlights evolving threats — including MUSTANG PANDA’s USBFect campaigns (2023–2025) and late-2025 coinminer infections — and high-profile insider exfiltration cases. CrowdStrike recommends a dual approach using Falcon Data Protection to stop sensitive data from leaving endpoints and Falcon Device Control to block or restrict untrusted devices, both delivered via the single Falcon sensor to simplify deployment and reduce operational overhead.

🔒 Third Party Risk Management (TPRM) is a strategic program that helps organizations identify, assess, and control risks arising from external vendors and service providers. Core elements include risk identification and assessment, contract management, continuous monitoring and audits, and employee training. Compliance drivers such as SOC 2 and GDPR make robust TPRM essential to prevent legal and reputational damage. Integrating TPRM into enterprise risk frameworks and using automation improves consistency and oversight.

🧠 Check Point Research reports that the VoidLink Linux cloud malware framework displays clear evidence of being developed predominantly with AI assistance. The actor used an AI-centric IDE, TRAE, and its assistant TRAE SOLO to produce specification documents, sprint plans, and large portions of source code, which reached a working state within days. Exposed development artifacts — including TRAE helper files and an open directory of source and docs — allowed researchers to match generated specs to the recovered code and reproduce the development workflow, leading Check Point to conclude this is a notable example of AI-driven malware development.

🔒 PwC’s 29th Global CEO Survey of 4,454 executives finds cyber risk among the top threats as CEOs lose confidence in short-term growth. Nearly a third (31%) see high or extreme exposure to potential financial loss from cyber attacks, and 84% plan enterprise-wide cybersecurity improvements. PwC recommends investing in data, processes and responsible AI to help preserve stakeholder trust.

🔍 Group-IB's January report argues that AI has created a new 'fifth wave' of cybercrime by turning advanced skills into inexpensive, scalable services that make attacks cheaper and faster. Analysts documented low-cost synthetic identity kits, deepfake-as-a-service subscriptions and biometric datasets sold for as little as $5, plus subscription dark LLMs. The firm highlights agentized phishing that automates lure creation, delivery and campaign adaptation and the rise of self-hosted dark LLMs used to generate scams, malware and exploit code.

🔒 Orphan accounts — abandoned human, service, and AI‑agent identities — create persistent, unseen access across applications, platforms, assets, and cloud consoles. These dormant accounts often evade traditional IAM and IGA tools due to integration gaps, unclear ownership, and proliferation of non‑human identities. Continuous identity audit using application telemetry and a unified audit trail can detect, flag, and automatically remediate or decommission orphaned accounts. Orchid positions its Identity Audit as connective evidence to inform IAM decisions.

🔐 Intruder's research scanned roughly 5 million web applications and identified over 42,000 exposed tokens across 334 secret types, revealing widespread leakage in front-end JavaScript bundles. The report shows how traditional path-and-regex scanners, many SAST tools, and some DAST deployments miss secrets introduced during build and deployment, especially in SPAs. High-impact findings included active GitHub/GitLab personal access tokens, project-management API keys, and hundreds of live webhooks; Intruder developed automated SPA secrets detection to close these gaps.

🔒 Modern security must treat identity as the perimeter rather than the network. As remote work and cloud adoption dissolved traditional edges, attackers increasingly target credentials — a trend underscored by reports from Verizon, Microsoft and Okta — making identity the primary attack surface. Organizations must adopt Zero Trust identity controls such as MFA, SSO, RBAC, PAM, device trust and continuous, adaptive monitoring, and treat identity lifecycle and privilege management as core infrastructure.

🔐 Two 2025 analyses by NordPass and Comparitech show that simple numeric strings like '123456' continue to dominate leaked password lists worldwide. Across 44 countries, 25% of the top 1,000 passwords are purely numeric, while predictable entries such as 'admin', '12345678' and '12345' remain widespread, including in the US and UK. Security advice is clear: change weak or reused passwords, use a reputable password manager, and enable two‑factor authentication or passkeys to reduce account takeover risk. Organizations should combine technical controls with user training to mitigate large‑scale exposure.

⚠️ Organizations should treat the Y2K38 'Epochalypse' as an actionable vulnerability with a fixed deadline: 19 January 2038 at 03:14:07 UTC. Caused by 32‑bit signed Unix epoch counters overflowing, it can roll devices back to 1901 and disrupt payments, medical equipment, industrial control, and certificate validation. Effective mitigation requires a comprehensive inventory, vendor coordination, isolated testing, and migration to 64‑bit time or replacement.

🔒 Resecurity researchers have identified a sophisticated backdoor called PDFSIDER, delivered via DLL side-loading from a trojanized, digitally signed PDF utility. The malware embeds the Botan crypto library and uses AES-256-GCM for an encrypted C2 channel, executing commands via cmd.exe entirely in memory and returning output over anonymous pipes. It performs anti-VM and debugger checks, exfiltrates data (including over DNS/53), and is assessed as targeted tradecraft that evades many AV and EDR products.

⚠️ Recent analysis highlights that major DevOps SaaS platforms (e.g., GitHub, Jira, Azure DevOps) experienced widespread incidents in 2024–2025, with critical outages and degraded-service hours increasing sharply year‑over‑year. The piece argues the Shared Responsibility model leaves customers ultimately accountable for their data, and that native provider backups often create single points of failure with limited restore flexibility. It recommends multi‑layered, immutable backups, cross‑restore capability, defined RTO/RPOs, and continuous recovery testing to reduce financial, operational, and compliance risk.

🔍 Organizational culture — not the tools — is the decisive factor in security outcomes. The piece identifies three interrelated layers: observable (policies, controls, visible behaviors), non-observable (beliefs, biases, risk perception) and implicit (unspoken norms and power dynamics) that together determine whether controls work in practice. It uses high-profile breaches and a deep dive into a mid-sized financial firm to show how misaligned incentives, leadership signals and psychological safety can nullify even well-built technical defenses, and prescribes culture audits, leadership modeling, integrated DevSecOps and incentive changes to effect durable improvement.

🔒 A Nardello & Co. survey of 250 senior leaders at UK enterprises (turnover ≥£250m) finds cyber-related breaches are the top risk for 2026: 58% ranked them highest and around three-quarters doubt their ability to manage such incidents. About 20% reported a breach in the past two years. Compliance (37%) and financial crime (30%) are rising concerns amid stronger enforcement, including the UK's new Failure to Prevent Fraud offense. The report also flags readiness gaps: only 44% conduct pre‑hire screening, 48% provide anonymous whistleblowing and 59% deliver regular compliance training.

🔒 As CISOs prepare for 2026, seven pragmatic projects can strengthen defenses against evolving threats. Priorities include transforming identity and access to cover human and non-human agents and reinforcing email security. Organizations should leverage AI for vulnerability discovery and security automation, enforce enterprise AI governance, adopt a zero-trust-by-default posture, and unify data governance to reduce shadow data and compliance gaps.

🔍 Cybersecurity researchers disclosed an XSS vulnerability in the web-based control panel used by operators of the StealC information stealer. By exploiting it they collected system fingerprints, monitored active sessions, and stole session cookies from the infrastructure itself, according to CyberArk researcher Ari Novick. The panel's leaked source code and the stealer's distribution through the YouTube Ghost Network and other lures amplified the operational insights researchers gained. Full technical details were withheld to avoid enabling copycats.