< ciso
brief />
Threat and Trends Reports Banner

All news in category “Threat and Trends Reports

1642 articles · page 35 of 83

ZeroDayRAT: Commercial Mobile Spyware Targets Android, iOS

🕵️‍♂️ZeroDayRAT is a commercial mobile spyware platform advertised on Telegram that enables extensive data collection and real-time surveillance on Android and iOS devices. The developer offers a builder to generate malicious binaries and an online or self-hosted control panel that exposes device metadata, GPS location history, accounts and notification previews. Operators can capture keystrokes, SMS (including OTPs), live camera and microphone streams, and perform hands-on remote operations. Additional modules swap clipboard crypto addresses and target mobile payment apps to facilitate direct financial theft.
read more →

Creating a Unified Risk Culture Across Business Domains

🛡️ The article argues organizations must stop managing risk in isolated silos and adopt a single, shared culture across cybersecurity, operations and strategy. It recommends the Organizational Risk Culture Standard (ORCS) and four practical pillars: integrated governance, unified risk intelligence, a common risk appetite and continuous learning. Implementation starts with cross‑functional committees, a common taxonomy, targeted pilots (for example, ransomware response) and risk platforms that give everyone the same view. The goal is faster detection, coordinated response and trust that converts resilience into competitive advantage.
read more →

CISO Julie Chatman on Leadership, Liability, and AI

🔐 Julie Chatman, a former Navy hospital corpsman and FBI cybersecurity leader, explains how security leaders can reclaim authority amid rising risks. She identifies persistent issues—getting buy-in and funding—and new pressures like AI-enabled adaptive attacks and growing personal liability for CISOs. Chatman recommends negotiating D&O or individual coverage, shifting formal risk ownership to business owners, and communicating in plain language to build partnerships. She also emphasizes mentoring, practical leadership, and evolving awareness training for AI threats.
read more →

SIEM Buyer’s Guide: Selecting Effective Security Tools

🔒 This guide helps security teams evaluate and select a Security Information and Event Management (SIEM) solution by outlining key selection criteria and practical trade-offs. It covers operational models (SaaS vs on-premises), analytics and AI/ML capabilities, log collection and parsing, alerting and role-based access, compliance requirements and ecosystem integrations. The guide also discusses pricing models and highlights vendors such as Splunk, Microsoft Sentinel and IBM QRadar to help start vendor research and pilot selection.
read more →

Google Groups Used to Deliver Lumma Stealer & Ninja Browser

🔒 CTM360 reports attackers are abusing Google Groups and Google-hosted redirectors to distribute credential-stealing malware, leveraging over 4,000 malicious groups and 3,500 hosted URLs to target organizations worldwide. The campaign uses industry-focused posts and shortened or Docs/Drive redirect links to lure victims and deliver OS-specific payloads. On Windows, victims receive a padded archive that reconstructs an AutoIt-based loader and a memory-resident Lumma infostealer; on Linux, users are served a trojanized Chromium-branded "Ninja Browser" with covert extensions and silent persistence. CTM360 advises inspecting redirect chains, blocking IoCs, auditing browser extensions, and monitoring scheduled tasks and endpoint activity.
read more →

Microsoft Details DNS-Based ClickFix Variant Targeting Users

🔍 Microsoft disclosed a DNS-based evolution of the ClickFix social-engineering tactic that coerces victims into running nslookup via the Windows Run dialog to retrieve a second-stage payload. The initial cmd.exe command queries a hard-coded external DNS server and extracts the Name: response to execute the next stage. The staged payload downloads a ZIP from azwsappdev[.]com, runs a malicious Python script, drops a VBScript that launches ModeloRAT, and establishes persistence via a Startup LNK.
read more →

QR Codes as an Attack Vector: Phishing, Deep Links

🔐 Unit 42 investigates the rising misuse of QR codes for phishing, in‑app deep‑link exploitation, and direct distribution of malicious Android APKs. Their telemetry shows an average of over 11,000 malicious QR-code detections per day, driven by tactics that mask destinations and exploit mobile app behavior. The report highlights QR shorteners, custom deep links, and APK hosting as key evasive techniques and recommends user education plus deployment of decoding and filtering controls such as Advanced URL Filtering and Prisma Browser to improve visibility and block threats.
read more →

Munich Security Index 2026: G7 Rank Cyber-Attacks Highest

🛡️ The Munich Security Index (MSI) 2026, released as the Munich Security Conference opened on 13 February, reports that G7 countries identified cyber-attacks as their top national risk for 2025, marking the second consecutive year at the summit of concerns. The survey found particularly high cyber-risk perception in Germany (75%), the UK (74%) and Japan (70%). In contrast, the BICS grouping now prioritizes climate change, with cyber-threats falling to eighth place.
read more →

The Foundation Problem: Accountability in Cybersecurity

🔧 Cybersecurity suffers not from a true talent shortage but from a leadership and accountability gap. Many organizations recruit for experience instead of building it, accept surface‑level post‑mortems, and allow technical debt to accumulate into risk. Fixing this requires structured training, persistent follow‑through, and translating technical debt into business terms so leaders can demand action.
read more →

Why Key Management Is the Weakest Link in Crypto Operations

🔐 Key management — the lifecycle discipline governing key generation, storage, rotation and destruction — has become the weakest operational link as organizations race toward post-quantum and AI-driven systems. While public debate centers on algorithms, real failures stem from long-lived keys, unclear ownership, manual rotation and untested recovery. AI pipelines and autonomous agents amplify these risks, so teams must adopt short-lived, purpose-bound keys, automated rotation and practiced cryptographic incident response.
read more →

Five Key Trends Reshaping the SIEM Market for 2025

🔍 Modern SIEM platforms have evolved far beyond simple log collection, embedding AI/ML, XDR, and SOAR to enable real-time detection, automated remediation, and analyst workspaces. Convergence with XDR and SOAR is creating unified platforms that reduce complexity and accelerate response, while many SMBs opt for MDR instead of maintaining full SIEM deployments. Economic shifts and AI compute costs are changing cloud vs. on-prem trade-offs, and vendors are consolidating functionality through M&A and bundling.
read more →

Top Cybersecurity Documentaries for Security Leaders

🎬 This curated list highlights notable documentaries that explore hacker culture, cybercrime, surveillance, and the internet's infrastructure from the mid‑1980s to the mid‑2020s. It features landmark films such as Citizenfour, Zero Days, and profiles of figures including Steve Wozniak, Marcus Hutchins, and Ross Ulbricht. Several entries are freely available, and the compilation is recommended for security leaders seeking historical context and practical insights for training and strategy.
read more →

Why Identity Recovery Is Central to Cyber Resilience

🔐 Ransomware has shifted boardroom and security priorities by showing that identity compromise can block recovery even after applications and data are restored. Security leaders now treat identity recovery as a designed capability, emphasizing immutable backups, automated restoration for Active Directory, and isolated backup platforms. Vendors such as Cognizant and Rubrik are positioning integrated services that combine orchestration, rapid recovery, and compliance-ready reporting to shorten downtime and reduce attacker re-entry risk.
read more →

Winter Olympics 2026: Ticket, Streaming and Merch Scams

🔒 Kaspersky researchers have identified a surge in scams targeting fans of the Winter Olympics 2026 in Italy. Fraudsters exploit high demand for tickets and merchandise, using phishing sites that clone official vendors and fake online stores to steal payment and personal data. Bogus streaming services lure viewers with “free” or cheap access while requesting credit-card details or redirecting to ads and malware. Users should buy only through official channels, verify URLs, avoid unsolicited links, and deploy a robust security solution such as Kaspersky Premium to block phishing, dangerous sites, and card skimmers.
read more →

AMOS Infostealer Targets macOS via AI App Supply Chain

🔒 Flare and other researchers describe the AMOS macOS infostealer and its use of AI-focused distribution channels to harvest credentials and crypto data. Recent ClawHavoc activity shows attackers poisoning the popular OpenClaw skill marketplace to bundle AMOS into seemingly legitimate add-ons. Campaigns also abused search-engine SEO, fraudulent GitHub repositories, and one-line Terminal installers, enabling rapid credential and session theft at scale.
read more →

ThreatsDay Bulletin: Access Abuse and Quiet Persistence

📝 This week’s bulletin spotlights attackers favoring reliable tradecraft—misusing trusted tools and simple entry points while executing deliberate, long‑dwell post‑compromise activity. Microsoft fixed a Notepad Markdown command‑injection (CVE‑2026‑20841) and LayerX disclosed a 0‑click RCE risk in Claude Desktop Extensions. Emerging stealers (LTX, Marco), evolving loaders (GuLoader, RenEngine), and data‑theft ransomware trends raise operational risk. Defenders must detect misuse of legitimate access and anomalous in‑system behavior.
read more →

The CTEM Divide: 84% of Security Programs Falling Behind

🔍 A 2026 market study of 128 senior enterprise security decision-makers reveals a stark divide: just 16% of organizations have operationalized Continuous Threat Exposure Management (CTEM), yet those early adopters report 50% better attack surface visibility, 23-point higher solution adoption, and consistently stronger threat awareness. While 87% of leaders acknowledge CTEM's importance, most struggle to convert awareness into practice amid competing priorities and organizational inertia. The research links rising attack rates to asset and domain complexity and concludes that only continuous, CTEM-driven programs can close the visibility gap at scale.
read more →

Ephemeral Infrastructure Paradox: Strengthen Identity

🔒 Modern cloud environments create vast numbers of short-lived machine identities that outnumber humans and often remain unmanaged. The author argues that traditional, ticket-driven identity governance is inadequate for ephemeral workloads and supply-chain tooling, exposing organizations to “zombie” service accounts and credential theft. The recommended response is a shift to cryptographic workload identity (e.g., SPIFFE and workload attestation), elimination of long-lived static credentials via short-lived tokens and OIDC Federation, and automated entitlement pruning using CIEM to restore least-privilege without slowing engineering velocity.
read more →

Rapid Drop in Time-to-Exploit from N-Day Vulnerabilities

🔒 Flashpoint reports that the median time between disclosure and exploitation fell 94% over five years, from 745 days in 2020 to 44 days in 2025. The vendor attributes the decline to rapid weaponization of researcher proof-of-concept code and the growing use of n-day exploits, which now represent over 80% of CVEs in its VulnDB KEV list. Attackers are combining turnkey exploits with mass-scanning tools to achieve large-scale compromise in hours. Limited asset inventories and a 'CVE blind spot' from vulnerabilities lacking CVE IDs further shrink defenders' remediation window.
read more →

Developers as an Emerging Attack Vector in Software

🔐 Developers and the tools they rely on are increasingly targeted as attackers move beyond exploiting application bugs to compromising developer workflows and ecosystems. Threats include typosquatting, malicious open-source packages, compromised plugins, supply-chain hijacks and fake employees who gain insider access. AI increases the scale and plausibility of social engineering, code changes and malicious package recommendations. Security leaders should combine identity hygiene, least-privilege, secrets management, whitelists and continuous hands-on developer training to reduce risk.
read more →