< ciso
brief />
Threat and Trends Reports Banner

All news in category “Threat and Trends Reports

1641 articles · page 38 of 83

OfferUp scams surge: common frauds and protection guidance

🔒 OfferUp users face a range of scams — from counterfeit goods and overpayment ruses to account takeovers, phishing links and empty-box deliveries. The platform provides 48-hour Purchase Protection for qualified on-app purchases but excludes off‑app and cash transactions. Follow advised safeguards: stay in-app, avoid third-party payments, meet at Community Meetup Spots and protect verification codes and personal data.
read more →

Going Fully Passwordless in Hybrid AD and Entra ID

🔐 The article provides a practical, technical roadmap for eliminating passwords in hybrid Active Directory and Microsoft Entra ID environments. It emphasizes the prerequisite triangle of cloud Kerberos trust, device registration, and Conditional Access, then compares architectural choices like Windows Hello for Business, FIDO2 keys, and phone sign-in. The author presents phased migration steps, common troubleshooting patterns, and recovery best practices to help organizations move securely toward Zero Trust.
read more →

Identities Targeted as Cybercriminals Shift Tactics Now

🔐 The Eye Security 2026 State of Incident Response Report finds that cyberattacks on companies are increasingly undetected and that attackers are shifting from technical exploitation to abusing existing access and credentials, with damage often occurring within minutes. The study reports passwords were involved in 97% of tracked incidents and that BEC accounted for over 70% of cases, with phishing initiating 40% of those intrusions. It also highlights the rise of Ransomware-as-a-Service, access broker marketplaces, and the commercialization of insider access, identifying industrial, construction, and transport firms as particularly affected based on 630 European incidents analyzed from 2023–2025.
read more →

Top Dynamic and Static Application Security Testing Tools

🔒 Application security now demands both static code analysis and runtime testing to secure the software supply chain. This article reviews leading SAST and DAST tools that help developers find vulnerabilities early and in running applications, covering deployment models, CI/CD and IDE integrations, and features like secret scanning, IAST, managed services, and compliance checks. Vendors highlighted include Checkmarx, Fortify, Acunetix, Veracode, and others.
read more →

Why Smart People Fall for Phishing: Psychological Tactics

🧠 Unit 42 examines why phishing remains effective despite advanced defenses, highlighting the role of human psychology, cognitive bias and AI-enabled deception. The article outlines a three-stage attack model—The Bait, The Hook and The Catch—and common social engineering tactics such as urgency, authority and distraction. It urges a zero-trust mindset, continuous education and a simple habit: pause and verify before acting.
read more →

Massive Citrix NetScaler Scans Use Residential Proxies

🔎 GreyNoise observed a coordinated reconnaissance campaign from Jan 28–Feb 2 that used tens of thousands of residential proxies to discover Citrix NetScaler/Citrix Gateway login panels and enumerate product versions. Over 63,000 distinct IPs launched 111,834 sessions, with roughly 64% appearing as residential ISP addresses and the remainder linked to a single Azure IP. The scans concentrated on /logon/LogonPoint/index.html and the EPA artifact /epa/scripts/win/nsepa_setup.exe, indicating pre‑exploitation mapping and version‑specific probing. GreyNoise recommends monitoring anomalous UA strings, flagging EPA artifact access, restricting internet‑facing Gateways, and disabling version disclosure.
read more →

Retiring OT Experts Create Cybersecurity Knowledge Loss

🏭 The imminent retirement of experienced OT staff is causing a widespread loss of institutional knowledge that directly threatens operational continuity and cybersecurity in industrial environments. Successors often inherit undocumented legacy systems, hidden VLANs, bespoke protocol tweaks and undocumented routing rules that were never captured in official diagrams. That mismatch increases the risk of outages during modernization, lengthens implementation timelines and can unintentionally expand the attack surface through misconfigured segmentation or firewalls. Prioritizing structured knowledge transfer, thorough documentation and OT-aware security practices helps reduce single points of failure and vendor dependence.
read more →

Three Disruptive Cyber Trends Impacting Financial Services

🔍 The financial sector saw cyber incidents more than double in 2025 (864 → 1,858), driven by three dominant trends: surging DDoS campaigns, a sharp rise in data breaches and leaks, and the commercialization of cybercrime-as-a-service. These threats exploited weaknesses in cloud security, identity governance, and third-party risk. Banks and fintechs must accelerate adoption of layered defenses, continuous monitoring, and stronger vendor controls to maintain resilience.
read more →

Cloud Outages Ripple Through Identity and Operations

🔐 Recent large-scale cloud outages affecting providers like AWS, Azure, and Cloudflare have shown how failures in shared infrastructure can incapacitate identity flows and halt business-critical systems. Even when an identity provider remains operational, failures in datastores, DNS, control planes, or load balancers can block authentication and authorization. Organizations should deliberately design resilience—using multi-cloud or controlled on-prem options and predictable degraded modes such as cached attributes or precomputed decisions—to avoid total access collapse.
read more →

Shai-Hulud and the Rise of Active Supply-Chain Worms

🐛 The article warns that modern software supply chains are increasingly vulnerable, highlighting incidents like Shai-Hulud, React2Shell, and XZ Utils as examples of threats that evolved from passive typosquatting to active, worm-like propagation. Once onboard, these worms harvest developer credentials to push infected packages and can trigger destructive dead-man wipes if analyzed. CISOs are urged to end implicit trust in CI/CD identities, break down security silos, adopt cross-functional monitoring, and prepare for AI-driven and polyglot supply-chain attacks.
read more →

Multi-stage PDF phishing uses Dropbox to harvest logins

📄 Forcepoint researchers describe a multi-stage phishing campaign that uses attached PDFs to redirect victims through cloud-hosted content to a fake Dropbox sign-in page. Attackers exploit spoofed or compromised senders and trusted services to bypass filters and authentication checks like SPF, DKIM, and DMARC. If credentials are entered they’re exfiltrated to attacker-controlled infrastructure for account takeover and fraud. The campaign succeeds because each step appears legitimate in isolation, exploiting habitual trust in PDFs and mainstream cloud services.
read more →

Infostealers Expand to macOS, Python, and Platform Abuse

🛡️ Microsoft Defender Experts report a cross-platform surge in infostealers that now target macOS, leverage Python toolchains, and abuse trusted platforms and utilities to deliver credential-stealing malware at scale. Since late 2025, macOS campaigns such as DigitStealer, MacSync, and AMOS have used social engineering, malicious DMGs, AppleScript, and fileless execution to harvest browser credentials, keychain secrets, developer keys, and crypto wallets. Phishing campaigns have delivered Python-based stealers like PXA Stealer, while platform-abuse activity has weaponized WhatsApp and fake PDF installers to propagate Eternidade Stealer and malicious Crystal PDF installers. Microsoft outlines Defender XDR detections, hunting queries, and mitigations to help organizations detect, contain, and remediate these evolving threats.
read more →

Practical Value of Cyberthreat Attribution in Defense

🔎 Analysts often stop at sandboxing and blocklisting, but that approach fails against targeted, multi-stage intrusions. Attribution — linking artifacts to known groups — enables defenders to find related tools, tactics and IOCs and to prioritize remediation. Using the Kaspersky Threat Intelligence Portal, the article shows how TTP correlation, YARA rules and SIEM signatures can accelerate containment and reduce false positives.
read more →

CTM360 Warns of Global Surge in Fake HYIP Investment Scams

🔍 CTM360 reports a global uptick in fraudulent High‑Yield Investment Programs (HYIPs) that promise implausible, guaranteed returns. Their WebHunt telemetry identified 4,200+ HYIP sites and 485+ incidents in December 2025, showing persistent, scalable activity. Two dominant variants — crypto trading and forex/stock trading facades — use polished interfaces, fake performance and recycled templates. Scams spread via paid social ads, Telegram, WhatsApp and referral schemes; many sites use fake licenses and KYC delays to freeze withdrawals before vanishing.
read more →

Human Risk Management: Rethinking Security Training

🧠Human Risk Management reframes employee training as measurable behavioral risk reduction rather than a compliance checkbox. HRM tools integrate with email and identity systems to detect risky actions in real time and deliver immediate, contextual remediation such as micro-learning, automated controls, or role-specific simulations. Vendors like Fable Security, KnowBe4 and Mimecast combine standard SAT content with AI-driven nudges to improve real-world digital hygiene.
read more →

How risk culture makes cyber teams predictive and resilient

🔍 Forecasting in cybersecurity is framed as disciplined habits and clear choices rather than guesswork. The author argues teams trapped in constant incident mode must build a risk culture where weak signals and near misses are captured, named, and acted on without fear. Practical steps include lightweight near-miss logs, explicit decision rights, concise behavioral standards, and a steady operating rhythm of weekly reviews, monthly scenario practices and quarterly tests to shift from reflexive response to proactive foresight.
read more →

Weekly Cyber Recap: Proxy Botnet and Office Zero‑Day

🛡️ Google disrupted the IPIDEA residential proxy network by seizing or sinkholing command-and-control domains, cutting operators' ability to route traffic and reducing millions of exit nodes that had been recruited via bundled SDKs or monetization lures. Microsoft released an out‑of‑band patch for an actively exploited Office zero‑day (CVE-2026-21509), while Ivanti fixed two EPMM RCEs. CERT Polska attributed destructive intrusions against Polish energy assets to Static Tundra, and criminals were observed hijacking exposed LLM endpoints for resale and lateral access. Researchers also documented new modular frameworks, open BYOB C2 repositories, and continued exploitation of web platforms and DevOps tooling.
read more →

Non-Human Identities: The Overlooked Security Risk in 2026

🔐 Non-human identities — service accounts, API keys, automation credentials and AI agents — are proliferating across cloud environments and often sit outside governance, creating high-risk blind spots. The author recounts finding a dormant Azure service account with owner-level access and dozens of similar accounts, and cites industry data showing machine-to-human ratios of up to 500:1. He recommends continuous discovery, strict least-privilege defaults, elimination of static credentials and automated rotation to reduce this primary breach vector.
read more →

Watch for Winter Olympics Scams and Cyberthreats in 2026

⚠️ Cybercriminals commonly exploit major sporting events like the Milano‑Cortina 2026 Winter Olympics, using phishing, fake ticketing and streaming sites, rogue apps, SEO poisoning, QR-code scams and AI-driven deepfakes to steal data or money. Fans should purchase only from official ticket and merchandise channels, use the official Olympics app, and avoid pirated streams and unsolicited offers. Protect devices with reputable anti‑malware, avoid public Wi‑Fi or use a VPN, and be cautious with links, QR codes and marketplace listings.
read more →

Army Signal Officer to Insurance CSO: Hensley’s Cyberplan

🔐 Barry Hensley, a retired U.S. Army Colonel and former Signal Officer, now serves as CSO of Brown & Brown, leading efforts to protect client networks and sensitive data. He notes that organizational awareness of cyber risk has grown, but effective investment and calibrated risk tolerance often lag, especially under budget constraints. Hensley highlights threats such as ransomware and ideologically motivated attacks, the rising role of AI in both offense and defense, and the critical need to manage third- and fourth-party risk while retaining motivated security talent.
read more →