All news in category “Threat and Trends Reports”

🔍 Identity has fragmented across SaaS, on‑prem, IaaS, PaaS and unmanaged apps, creating an invisible mass of ungoverned accounts and non‑human identities the author calls identity dark matter. Traditional IAM and IGA address only the nearly managed half of this universe, while APIs, bots, service accounts and agent‑AI remain unobserved and ungoverned. Orchid Security recommends shifting from configuration‑based controls to Identity Observability: collect telemetry from every application, unify audit trails, and extend governance across managed, unmanaged, and agent‑AI identities to achieve measurable visibility and faster response.

🔒 Building a high-performing cybersecurity team requires deliberate hiring, clear mission alignment, and empowered leadership. Veteran security leaders advise assembling a balanced mix of ambitious innovators and dependable 'rock stars,' promoting diverse backgrounds, and giving teams targeted training, tools, and AI-enabled analytics. They emphasize strong prioritization, business-focused communication skills, and appointing deputies to scale leadership, speed decision-making, and sustain operational resilience.

🔍 Organizations often overemphasize detection and response at the expense of thorough investigation. While IDS, firewalls, and response teams are essential to stop immediate damage, investigation provides the root-cause insights—examining exploited vulnerabilities, attacker entry paths, and post-compromise activity—that prevent recurrence. Investing in deep packet inspection and forensic analysis turns incidents into learning opportunities and strengthens long-term resilience.

🛡️ DDoS attacks are widespread and varied, yet persistent myths can lead organizations to underprepare. This article debunks five common misconceptions — that attacks only hit large companies, that DDoS is always high-volume flooding, that NGFWs or cloud-only solutions are sufficient, and that AI/ML is unnecessary — and explains modern multivector and application-layer tactics. Defenders are advised to deploy hybrid, AI-enabled, and stateless mitigation to protect availability.

🧠 New survey shows cybersecurity roles are causing widespread stress and burnout. Object First polled 500 IT and security professionals and found 84% feel uncomfortably stressed and 78% fear being personally blamed after incidents. The pressure is pushing many to seek new jobs, worsening staffing shortages and increasing organizational risk. Recommended actions include building a blame-free culture, reducing alert noise, and investing in mental-health and resilience resources.

⚠ Forked IDEs based on Microsoft VSCode (such as Cursor, Windsurf, Google Antigravity and Trae) retain hardcoded extension recommendations that point to Microsoft's Visual Studio Marketplace. Because these forks use OpenVSX instead, several recommended publisher namespaces were unclaimed, enabling attackers to register them and publish malicious extensions. Supply-chain researchers at Koi claimed affected namespaces and uploaded inert placeholders while coordinating with the Eclipse Foundation to secure the registry.

🛡️ VVS Stealer is a Python-based credential-stealing malware distributed as a PyInstaller package and protected with Pyarmor obfuscation in BCC mode to hinder analysis. It targets Discord tokens and browser-stored credentials, injects malicious JavaScript into the Discord client, and exfiltrates data via Discord webhooks. The sample persists by copying itself to the Windows startup folder and displays fake error messages to evade detection.

🛡️ The Organizational Risk Culture Standard (ORCS) provides a practical framework to turn cyber intentions into daily behavior that reduces silence, speeds detection and improves decision-making. It stresses that most cyber failures stem from cultural drift—not code—especially in VUCAD (volatile, uncertain, complex, ambiguous, digitized) environments. The article translates ORCS into ten actionable dimensions, outlines a five‑level maturity path and prescribes measurable KCIs and a first 90‑day plan leaders can use to embed lasting habits.

🔒 This week's recap highlights persistent, trust‑based attacks that quietly exploited updates, extensions, sessions, and messages to scale impact across IoT, browsers, and collaboration platforms. A nine‑month RondoDox campaign leveraged React2Shell for RCE in React Server Components, while a supply‑chain compromise of Trust Wallet extensions exposed GitHub secrets and Chrome Web Store keys, enabling roughly $8.5M in crypto theft. Newly observed groups like DarkSpectre abused legitimate extensions to reach millions of users, and well‑resourced actors reused successful trust vectors rather than relying on one‑off exploits.

🔎 Elliptic's analysis shows Chinese-language darknet marketplaces on Telegram have expanded to unprecedented scale, despite Telegram's early‑2025 takedowns of two major sites. The current leading platforms, Tudou Guarantee and Xinbi Guarantee, are estimated to facilitate nearly $2 billion per month in money‑laundering and illicit commerce. They traffic in stolen data, scam infrastructure, fake investment sites, AI deepfake tools, and a wide range of illegal services that directly enable large-scale "pig butchering" romance and investment scams.

🔐 Cybersecurity in 2025 is framed as an architectural challenge rather than a set of isolated controls. This contributed report surveys shifts across authentication, endpoint and network security, software supply chains, SaaS data governance, AI-driven defenses, and human risk. It highlights hardware‑backed authentication, passkeys, binary-level verification, and network telemetry as pivotal controls. Vendors stress speed, visibility, and provable trust as the operational priorities.

🐍 Researchers disclosed a new Python-based information stealer called VVS Stealer that harvests Discord tokens, account data and browser credentials. The malware, sold on Telegram with subscription and one-time tiers, is obfuscated with Pyarmor and packaged via PyInstaller to hinder analysis. It persists by adding itself to the Windows Startup folder and shows fake "Fatal Error" pop-ups. VVS injects into Discord and uses a downloaded obfuscated JavaScript payload to monitor traffic via the Chrome DevTools Protocol for session hijacking.

🔐 Federated Identity Management (FIM) enables a single authentication to span multiple applications or organizations, letting users sign in once and reuse identity assertions across services. It improves user experience and resilience while introducing architectural complexity, potential vendor lock-in, and additional service costs. Implementations commonly rely on cloud identity providers such as Google, Microsoft, or Okta and use protocols like SAML, OAuth 2.0, and OpenID Connect.

🔒 A Qualys survey and analysis of roughly 44 million public-cloud VMs highlights widespread misconfiguration: 45% of AWS, 63% of GCP and 70% of Azure instances showed issues. Respondents reported breaches and identified misconfigured services as a leading cloud risk. Experts cite neglected logging, monitoring and MFA, rushed M&A integrations and understaffed small firms as common causes. The piece recommends concrete controls — from Infrastructure as Code and continuous scanning to private networking and least-privilege — to reduce exposure.

🔍 Attack Surface Management often produces growing inventories and alerts, but visibility alone rarely demonstrates reduced incidents. The author argues organizations should shift ROI assessment from raw discovery counts to outcome metrics such as mean time to asset ownership, reduction in unauthenticated, state-changing endpoints, and time to decommission after ownership loss. Making ownership and exposure duration visible across teams accelerates remediation and makes ASM defensible in budget reviews.

🔍 Unit 42 provides a detailed technical analysis of VVS stealer, a Python-based malware family that targets Discord users and Chromium/Firefox browsers to exfiltrate tokens, credentials, and browser data. The report explains distribution as PyInstaller packages protected with Pyarmor (observed v9.1.4) and documents the deobfuscation steps used to recover bytecode, AES keys, and encrypted strings. It summarizes runtime behaviors including Discord client injection via modified Electron files, webhook-based exfiltration, persistence in %APPDATA%, and sample indicators defenders can monitor.

🛡️ ISC2’s 2025 Cybersecurity Workforce Study of 16,029 professionals finds that skills shortages have overtaken headcount as the primary concern for security teams. Budget constraints leave 33% of respondents unable to adequately staff and 29% unable to afford skilled hires, while 88% reported at least one incident linked to skills gaps. The report highlights rapidly accelerating AI adoption—69% are at some adoption stage—and stresses capability development, targeted training, and realistic workload expectations over simple headcount increases.

🛡️ Third-party risk is a growing enterprise threat underscored by recent supply-chain attacks, including the June 2024 compromise of TeamViewer by APT29. The article argues organizations often depend on hundreds or thousands of vendors with limited transparency, immature security practices, and hidden subcontractors, which makes traditional vendor assessments a weak defense. It proposes the musk oxen strategy: collective intelligence-sharing, coordinated remediation support, and joint negotiation to strengthen common weak links and reduce systemic risk.

🔒 2025 saw a convergence of large-scale breaches, state-aligned intrusions, and rapidly maturing AI-enabled attacks that reshaped the threat landscape. High-profile incidents included the ByBit $1.5B Ethereum heist, Clop exploitation of Oracle zero-days, and mass data-theft campaigns targeting Salesforce and adult platforms. Attackers amplified impact with terabit-scale DDoS, developer supply-chain abuse, and social-engineering techniques such as ClickFix and help-desk compromises. Organizations raced to patch zero-days, lock down developer pipelines, and defend against AI-powered malware and novel prompt-injection vectors.

📄 IT leaders are preparing strategies for 2026 that prioritize agility, flexibility, and measurable business outcomes. The January 2026 Enterprise Spotlight, produced by editors from CIO, Computerworld, CSO, InfoWorld, and Network World, synthesizes trends and technologies — from cloud-native operations and automation to cybersecurity and workforce enablement — expected to drive IT agendas. It outlines practical priorities, investment areas, and the metrics organizations should track to deliver tangible results.