< ciso
brief />
Threat and Trends Reports Banner

All news in category “Threat and Trends Reports

1642 articles · page 36 of 83

Spam and Phishing Trends and Schemes Observed in 2025

🔒 Kaspersky's anti-phishing systems blocked more than 554 million phishing-link attempts in 2025, while Mail Anti-Virus intercepted nearly 145 million malicious attachments and almost 45% of all email traffic was identified as spam. Scammers refined tactics across ticketing and streaming fraud, messaging-app account takeovers, government impersonation, and KYC harvesting, often using AI-generated content and deepfakes. Messaging platforms such as Telegram and WhatsApp were heavily abused to hijack accounts via phishing and malicious Mini Apps. Users are advised to check URLs carefully, never share verification codes, enable two-factor authentication, and run robust protection like Kaspersky solutions.
read more →

LummaStealer Spike Linked to CastleLoader and ClickFix

🛡️ Bitdefender has identified a sharp increase in LummaStealer infections driven by social‑engineering campaigns that use the ClickFix clipboard trick to deliver the CastleLoader malware. CastleLoader is a heavily obfuscated, script‑based loader that decrypts and executes payloads in memory while adapting persistence and file paths to evade detection. Researchers note a characteristic failed DNS lookup artifact that can aid detection and recommend avoiding pirated or untrusted software and never running PowerShell commands provided by web pages.
read more →

Valentine’s Day 2026 Scams: Rising Phishing & Fraud

💌 Check Point researchers report a sharp rise in Valentine-themed phishing websites, fraudulent online stores, and fake dating platforms that aim to steal personal data and payment information from shoppers and daters ahead of Valentine’s Day 2026. From March–December 2025, new Valentine-related domains averaged 474 per month; registrations jumped to 696 in January 2026, a 44% increase. In the first five days of February researchers detected 152 additional domains, a further 36% rise in the daily average. The trend reflects opportunistic abuse of seasonal demand and last-minute gift shopping.
read more →

WAF Security Test Results 2026: Prevention First Matters

🔒 The WAF Comparison Project 2026 presents the findings of a third annual, real-world evaluation of 14 leading WAF vendors using 1 million legitimate requests and 74,000 malicious payloads. Testers found attackers increasingly employ evasion, payload padding, and zero-day techniques that can bypass signature-based defenses. The report emphasizes a prevention-first strategy — combining proactive filtering, behavioral controls, and continuous tuning — to better protect web apps, APIs, and GenAI workloads.
read more →

CISA 2025 Year in Review: Strengthening Infrastructure

🛡️ CISA released its 2025 Year in Review highlighting major achievements that bolstered national cyber and physical security. The agency published over 1,600 products, triaged more than 30,000 incidents through its 24/7 Operations Center, and blocked billions of malicious connections across federal and critical infrastructure networks. It led 148 exercises engaging 10,000+ participants and issued the Be Air Aware™ guides to address Unmanned Aircraft System threats. The report frames these outcomes as the foundation for 2026 priorities focused on innovation, resilience, and partnership.
read more →

FIRST Forecasts Record CVE Volume in 2026, Warns Teams

🔔 FIRST forecasts a median of approximately 59,427 new CVEs in 2026, with a 90% confidence interval from 30,012 to 117,673. Using a new statistical model built from historical records and publication trends in the NVD and MITRE, the non-profit warns 2026 could be the first year to exceed 50,000 published vulnerabilities. FIRST urges organisations to assess capacity, prioritise ruthlessly, and plan contingency scenarios to allocate resources strategically.
read more →

Purple Teaming Must Evolve: Focus After Detection Now

🛡️ Purple teaming has become transactional and shallow, creating a false sense of security. Standard engagements often highlight the bypass or the “win” without exploring what happens next, leaving invisible omissions that matter most under pressure. Two mature organizations were deeply compromised despite apparent controls, and embedded AI did not change the outcome. The article argues for rehearsal, co-ownership, and a shift to outcome-driven, systems-level thinking.
read more →

CVE Volumes Surge: CISOs Must Prioritize Signal Effectively

🔍 A new forecast from FIRST projects a median of roughly 59,000 CVEs in 2026 and warns that under extreme scenarios the count could approach 118,000, up from about 48,000 in 2025. Experts stress this growth reflects improved discovery and disclosure — more CNAs, bug bounties, and scrutiny of long-neglected code — rather than a sudden rise in attacker capability. Historically, only a small fraction of published CVEs are weaponized: recent data shows fewer than 3,000 had public proof-of-concept exploits and only about 700 showed evidence of exploitation in the wild. The primary challenge for CISOs is separating signal from noise through prioritization, automation, and capacity planning rather than trying to patch every disclosed flaw.
read more →

Attackers Prefer Stealthy Persistence for Extortion

🦠 Picus Security's Red Report 2026 analyzed over 1.1 million malicious files and 15.5 million actions, finding attackers favor stealthy persistence and evasion to silently exfiltrate data for extortion. Process injection accounted for 30% of techniques, while adversaries routed C2 through high-reputation services like OpenAI and AWS and used stolen browser passwords to masquerade as users. The report warns that virtualization/sandbox evasion and increased technique counts make detection more challenging.
read more →

Cyber Threats to the Defense Industrial Base & Supply Chain

🛡️ Google Threat Intelligence Group (GTIG) details persistent, multi-vector cyber threats to the defense industrial base. State-sponsored and hacktivist actors target UAVs and battlefield systems, exploit personnel and hiring processes, and increasingly compromise edge devices and appliances to bypass EDR. The report documents campaigns against messaging apps, Android and Windows malware, and recruitment-themed lures. It also highlights ransomware and supply‑chain risks that can disrupt production and surge capacity.
read more →

Deep Dive: XWorm Phishing Campaign Exploits Excel Files

🔍 FortiGuard Labs observed a phishing campaign delivering a new XWorm RAT variant via malicious Excel attachments that exploit CVE-2018-0802 to execute embedded shellcode. The chain uses an obfuscated HTA and PowerShell to load a fileless .NET module, which downloads a PE in memory and uses process hollowing into Msbuild.exe to run XWorm. The RAT establishes AES-encrypted C2, supports extensive commands and plugins, and enables data theft, remote control, DDoS, and ransomware operations. Fortinet protections including FortiMail, AV, IPS, and Web Filtering are effective against observed indicators.
read more →

From Ransomware to Residency: The Shift to Stealth

🔍 The Picus Red Report 2026 analyzed more than 1.1 million malicious files and 15.5 million adversarial actions across 2025 and finds attackers shifting from disruptive ransomware to long-lived, stealthy residency. Rather than encrypting systems, adversaries focus on credential theft, process injection, sandbox evasion and quiet data exfiltration. The report urges defenders to prioritize behavior-based detection, credential hygiene and continuous adversarial validation to restore visibility.
read more →

January 2026: Global Attacks Rise; Ransomware, GenAI Risk

⚠️ Check Point Research reports a global increase in cyber attacks in January 2026, with organizations experiencing an average of 2,090 attacks per organization per week — a 3% increase from December and 17% above January 2025. The rise is driven by expanding ransomware operations and mounting data‑exposure risks linked to widespread GenAI adoption. Critical sectors are under intensified pressure as threat activity accelerates and adversaries move faster.
read more →

CISA Guide Helps Critical Infrastructure Adopt Secure OT

🔒 CISA released Barriers to Secure OT Communications: Why Johnny Can’t Authenticate to help operational technology (OT) owners, operators, integrators, and manufacturers adopt more secure communications. Based on interviews with stakeholders across Water and Wastewater, Transportation, Chemical, Energy, and Food and Agriculture sectors, the guide explains why insecure legacy industrial protocols persist and how threat actors can impersonate devices or alter messages. It identifies practical barriers—cost and complexity, latency and bandwidth, inspection issues from encryption, and interoperability with legacy products—and offers actionable recommendations to reduce friction and improve usability when procuring, deploying, and maintaining secure OT communications.
read more →

Taxing times: Top IRS scams to watch for in 2026 season

🔍Tax season 2026 brings a renewed surge in IRS-related scams as fraudsters exploit email, text and phone channels to steal refunds and personal data. Scammers impersonate the IRS, tax preparers or software vendors with spoofed logos, domains and caller IDs, and may demand unusual payments or coax victims into filing fraudulent returns. Watch for phishing/smishing/vishing, W-2 fraud, fake tax credits and dishonest preparers. Protect accounts with MFA, consider an IP PIN, file early and report suspicious messages to phishing@irs.gov.
read more →

Language of Risk: Key Cybersecurity Terms for Boards

🔐 Boards and CISOs must share precise terminology to make security decisions aligned with business risk. The article warns that identical words mean different things to security teams and executives, creating confusion around budgets, responsibilities, and resilience. It explains key distinctions—cyber‑risk vs IT risk, compliance vs security—and clarifies operational pairs like incident response, disaster recovery, and business continuity.
read more →

VoidLink Linux Malware Targets Multi-Cloud Environments

🔍 New analysis by Ontinue details VoidLink, a Linux-based command-and-control framework that generates implant binaries for credential theft, data exfiltration and stealthy persistence across cloud and enterprise hosts. The agent fingerprints AWS, GCP, Azure, Alibaba and Tencent environments and adapts its behavior, loading modular plugins for container escape and kernel-level stealth. Researchers identified unusual development artefacts — structured "Phase X:" labels, duplicated numbering, verbose debug logs and embedded documentation — that suggest parts of the implant were written or assisted by a large language model coding agent with limited human review.
read more →

Password guessing without AI: targeted wordlists guide

🔐 Attackers often build highly effective password lists without AI by harvesting organization-specific language from public websites. Tools like CeWL crawl corporate pages to extract terms that users recognize, which attackers then mutate into plausible passwords. This technique explains guidance in NIST SP 800-63B and shows why blocking context-derived and breached passwords is essential.
read more →

From Solo to Squad: Cybersecurity Training in AI Era

🛡️ Infinity Global Services reports a clear shift in cybersecurity training procurement from 2023 to 2025, with organizations moving away from individual course purchases toward team-based subscription models. Technical expertise remains essential, but the rise of AI-driven threats is driving demand for collective, SOC-wide training approaches. The data indicates a 33% decline in solo purchases and a marked increase in squad-level subscriptions, signaling a strategic pivot to collaborative workforce development.
read more →

CISOs: Move Beyond Compliance to Anticipate Risk in 2026

🔒 CISOs entering 2026 should treat compliance as a baseline, not a destination. While frameworks like HIPAA, SOC 2 and ISO 27001 provide essential controls, relying solely on checklists breeds complacency and misses evolving threats such as AI-enabled attacks, third-party failures and future quantum risks. Adopt longer time horizons, scenario-based risk assessments and financial impact modelling to align security with business priorities and secure board support.
read more →