< ciso
brief />
Threat and Trends Reports Banner

All news in category “Threat and Trends Reports

1642 articles · page 34 of 83

Board Accountability for Cyber Risk and Training Gaps

🔒 Cybersecurity has shifted from a technical issue to a board-level business and financial risk, yet many directors remain underprepared to govern it. The 2025 Cybersecurity Skills Gap Global Research Report shows 96% of organizations call cybersecurity a business priority, but only 49% of leaders believe boards fully understand the risks, particularly as AI reshapes threats. Persistent skills and awareness gaps correlate with higher breach frequency and costs, and training programs are often reactive rather than embedded as continuous governance.
read more →

Millions of Chrome Extensions Leak Users' Browsing History

🔍 A security researcher using the pseudonym Q Continuum discovered 287 Chrome extensions that send users' browsing history and related metadata to remote servers. The investigator ran an automated pipeline that launched Chrome in Docker, installed extensions, visited test sites, and captured outgoing traffic to reveal risky behavior across VPNs, proxy tools, coupon and PDF add‑ons, and browser utilities. Many extensions request broad cross‑site host permissions and transmit data in obfuscated or encrypted formats (Base64, ROT47, LZ‑String, even AES‑256 wrapped in RSA‑OAEP), which makes detection harder and can enable corporate espionage or credential harvesting when cookies are included.
read more →

Internal and External Threat Intelligence for Security

🔍 Threat intelligence isn't the problem—it's the type and context. Security teams need both internal intelligence (signals and telemetry from inside their environment) and external intelligence (attacker activity, campaigns, and indicators) because each alone gives an incomplete picture. Many organizations ingest multiple generic, fragmented, and delayed feeds that confuse rather than clarify risk, causing critical decisions to be based on underrefined data. Integrating and enriching feeds with internal telemetry turns raw alerts into prioritized, actionable insights.
read more →

Cybersecurity Priorities for 2026: Resilience by Design

🧭In 2026 cybersecurity shifts from episodic defense to continuous operational resilience. Regulation, geopolitics and AI now shape architecture and controls, forcing cryptographic agility, continuous Zero Trust decisioning and lifecycle security across cloud and supply chains. Organizations must make attacker intelligence unreliable through deception, Automated Moving Target Defense and Continuous Threat Exposure Management while embedding AI into detection, response and governance.
read more →

Discipline as the New Power Move in Cybersecurity Leadership

🧭 Under tight budgets, CISOs should shift from acquiring tools to allocating capital, prioritizing investments that maximize risk reduction per dollar. This requires renegotiating contracts, automating routine workflows, consolidating overlapping tools and reorganizing teams around value domains to free capacity for higher-impact initiatives. By quantifying trade-offs and presenting outcomes in financial terms, leaders earn faster trust from the board while maintaining security posture.
read more →

OWASP Smart Contract Top 10 2026: Governance Risk Focus

🔒 CredShields led the release of the OWASP Smart Contract Top 10 2026, an impact-weighted risk framework built from structured analysis of 2025 smart contract incidents that produced hundreds of millions in losses. The ranking highlights that governance and privilege failures—not just code bugs—drive the most severe on-chain compromises, naming access control, business logic, oracle manipulation, flash loan–facilitated attacks, and proxy/upgradeability vulnerabilities among the top risks. CredShields’ exploit intelligence platforms, SolidityScan and Web3HackHub, supported the aggregation and methodology informing the list.
read more →

13 Questions CISOs Should Ask Third-Party Vendors Now

🔒 Increasing reliance on third-party IT and software significantly expands an organization’s attack surface, and security leaders must act before incidents force their involvement. The article provides a focused checklist of 13 practical questions for CISOs covering evidence of controls (e.g., SOC 2 Type II, ISO/IEC 27001), change management, identity posture, and workflow validation. It stresses independent testing, clear contractual responsibilities, timely incident notification, and rigorous handling of OAuth and API integrations to reduce supply-chain risk.
read more →

Palo Alto: Rapid Attacks Exploit Basic Security Failings

🚨 Palo Alto Networks' Unit 42 reports that cyberattacks are accelerating: the fastest incidents moved from initial access to data exfiltration in 72 minutes, down from nearly five hours in 2024, and AI is compressing reconnaissance, phishing, scripting and execution timelines. Yet most breaches traced to basic failures such as weak authentication, limited real‑time visibility, and misconfigurations. Identity and trust issues featured in 90% of incidents, and Unit 42 found excessive permissions across 99% of 680,000 cloud identities. In response, Palo Alto launched Unit 42 Managed XSIAM 2.0 to provide end‑to‑end onboarding, threat hunting and faster automated response.
read more →

Operational Cost of Fragmented SOCs: Unify Now or Lose

🔍 New research from Microsoft and Omdia exposes how tool sprawl, manual triage, and alert overload are stretching security operations to a breaking point. SOC teams report using an average of 10.9 consoles, manually ingesting data frequently, and leaving roughly 42% of alerts uninvestigated. The study argues that unification, targeted automation, and governable AI-integrated workflows—centered on identity-to-endpoint controls—are essential to restore analyst capacity and reduce business risk.
read more →

5 Million Apps Revealed: Secrets Hidden in JavaScript

🔍 Intruder scanned 5 million applications for secrets in built JavaScript bundles and found over 42,000 exposed tokens across 334 secret types. Many were active, high-risk credentials — including 688 repository tokens (GitHub/GitLab) and API keys for project management tools like Linear, some granting full access to private repos and CI/CD secrets. Traditional scanners, SAST, and DAST missed many of these because the secrets were introduced during build and lived only in bundled front-end code. The research highlights the urgent need for SPA spidering and explicit bundle scanning to prevent production leaks.
read more →

AI Enables Low-Skilled Cybercriminals' 'Vibe Extortion'

🤖 Unit 42 of Palo Alto Networks found that low-skilled cybercriminals are using LLMs to script extortion campaigns, a technique researchers call vibe extortion. In one case, an intoxicated attacker recorded a threat video and read an AI-generated script verbatim, gaining a professional tone despite lacking technical skill. The report warns that AI is acting as a force multiplier—speeding reconnaissance, crafting convincing lures, and automating extortion tasks—raising risk even from unsophisticated actors and urging immediate mitigations.
read more →

Sharp Rise in Ransomware Targeting Industrial Systems

🔐 Researchers at Dragos warn of a marked increase in ransomware groups targeting industrial organizations in 2025, tracking 119 distinct groups — a 49% rise from 2024. The firm reports 3,300 industrial victims last year, with manufacturing and transportation most affected, followed by oil & gas, electricity and communications. Dragos attributes many compromises to abuse of legitimate credentials via VPNs, vendor tunnels and infostealers, and highlights an average OT dwell time of 42 days. The report also names three new threat groups: Sylvanite, Azurite and Pyroxene.
read more →

ZeroDayRAT toolkit sells cross-platform mobile spyware

📱 ZeroDayRAT is a commercially marketed, cross-platform spyware toolkit distributed openly via Telegram that targets Android and iOS devices. iVerify traced initial activity to 2 February and found the offering includes an APK for Android, an iOS payload, a web-based management panel, documentation, and customer support channels. The malware harvests messages, call logs, contacts, location, photos, files, notifications, and enumerates accounts across popular services, enabling sustained surveillance and potential financial theft. Infection relies on social engineering—sideloading or iOS provisioning profiles—so iVerify recommends mobile EDR, stricter controls on unauthorized installs, and detection across BYOD and managed fleets.
read more →

Unit 42 2026 Global Incident Response Report Findings

⚠️ The Unit 42 2026 Global Incident Response Report analyzes over 750 major incidents across 50+ countries and reveals attackers are moving faster and leveraging trusted identities and integrations. The report documents AI-driven acceleration—some intrusions advanced from initial access to exfiltration in as little as 72 minutes—and shows identity weaknesses in nearly 90% of cases. It recommends reducing exposure, tightening identity controls, and increasing response speed.
read more →

Reimagining the CISO Role as Enterprise Risk Grows

🔍 A majority of enterprise CISOs now report their roles are 'no longer fully manageable' as responsibilities expand without commensurate resources, the 2026 State of the CISO Benchmark Report found. Beyond traditional security functions, many CISOs oversee business risk, IT operations, third-party management, and emerging domains like AI governance, creating a mismatch between accountability and authority. Experts call for structural change: redesigning the role, distributing ownership, and granting board-level authority so CISOs act as risk executives rather than operational catch-alls. Without such shifts, organizations risk delayed initiatives, eroded resilience, and executive burnout.
read more →

Guiding Children on Posting Selfies: Risks and Advice

📷 This article examines whether parents should allow children to post selfies online, arguing that prohibition rarely works and parental guidance is a more effective approach. It details specific harms — from predator grooming and AI-enabled sextortion (via nudifier tools) to identity theft, cyberbullying and long-term reputational damage — and highlights correlations between heavy social-media use and worsening adolescent mental health. Practical recommendations include open communication, using privacy settings and geolocation controls, selective follower approval, routine digital clean-ups and household screen-time rules, while urging parents to model responsible sharing and reduce their own “sharenting.”
read more →

OysterLoader: Updated C2 Infrastructure and Obfuscation

🛡️ OysterLoader has continued to evolve into early 2026, refining its command-and-control infrastructure and obfuscation methods. The C++ loader—also tracked as Broomstick and CleanUp—is typically delivered via fraudulent sites impersonating IT tools like PuTTY and WinSCP and often arrives as a signed MSI. Its multi-stage chain uses a TextShell packer, a bespoke LZMA decompression routine, dynamic API hashing and a revised three-step C2 protocol that encodes JSON with a non-standard Base64 alphabet and per-message random shifts to hinder analysis.
read more →

Weekly Recap: Add-in Hijack, Zero-Days, and Cloud Abuse

🔒 This weekly recap shows how small, trusted gaps are becoming major entry points — from a hijacked Outlook add-in (AgreeTo) turned into a phishing kit that stole over 4,000 Microsoft credentials to multiple actively exploited zero-days in Chrome and Apple platforms. It also covers a critical BeyondTrust RCE under active exploitation, new Linux botnet activity abusing SSH, and cloud-focused campaigns targeting exposed Docker, Kubernetes, and Redis instances. Attackers are combining legacy techniques, cloud misconfigurations, and AI assistance to scale access and persistence.
read more →

UK Cyber Threat Shifts from Ransomware to Disruption

🔍 In 2025 the UK became the most targeted country in Europe, and the nature of attacks shifted dramatically. Where ransomware once dominated, attackers prioritized disruption over monetization, altering tactics and intent. Many organizations that hardened defenses for extortion found those assumptions outdated and exposures increased. Detection, response and business-continuity strategies must be reevaluated.
read more →

Crypto Payments Fueling Human Trafficking Networks

💸 Chainalysis reports that cryptocurrency inflows linked to human trafficking surged 85% year-on-year, generating hundreds of millions in revenue. The analysis identifies four crypto-driven trafficking types—international escort services, labor placement agents, prostitution networks and CSAM vendors—often coordinated via Telegram and Chinese-language money laundering (CMLN) networks. Key indicators include large stablecoin conversions, cross-border transfers and concentrated fund flows to trafficking hubs.
read more →