< ciso
brief />
Threat and Trends Reports Banner

All news in category “Threat and Trends Reports

1641 articles · page 39 of 83

When responsible disclosure becomes unpaid labor: governance

🔒 Responsible disclosure expects timely, respectful responses, but many researchers now face months-long silence, disputed severity, or shifting scope that turn cooperative reports into unpaid, uncertain work. When maintainers lack resources or formal processes, reporters are pushed into a gray zone of public disclosure, legal escalation, or ethically ambiguous actions. CISOs should treat disclosure as an operational function: set SLAs, clarify triage criteria, offer non-cash recognition, and fund critical open-source dependencies to reduce adversarial outcomes. These steps help preserve trust, lower regulatory and reputational risk, and improve patching outcomes.
read more →

Manufacturing Reimagined: Tech Trends and Impact in 2026

🏭 This Enterprise Spotlight outlines how emerging technologies — from AI and extended reality to edge computing and digital twins — are reshaping manufacturing operations, workforce interactions, and product lifecycles. The February 2026 issue brings together editorial insight, case studies, and practical frameworks to guide CIOs and plant leaders through adoption and scaling. It emphasizes data governance, interoperability, and measurable ROI as critical enablers for responsible transformation.
read more →

Emerging Technologies Reshaping Modern Manufacturing

🛠️ Emerging technologies — from AI and quantum computing to extended reality (XR), edge computing and digital twins — are driving profound change in manufacturing, improving efficiency, safety and innovation. This special report examines how these advances will fundamentally alter operations, competitiveness and value creation across industrial sectors. It highlights practical use cases, adoption challenges and strategic considerations for responsible integration.
read more →

Crypto wallets received a record $158B in illicit funds

🔒 TRM Labs reports illegal cryptocurrency flows hit a record $158 billion in 2025, reversing a three-year decline. The firm attributes the 145% surge to increased sanctions-linked activity, expanded nation-state adoption (notably Russia, Iran, and Venezuela), and improved attribution that surfaced previously uncounted flows. Hacks, scams, and ransomware drove major losses, including $2.87 billion from 150 hacks and about $35 billion sent to fraud schemes, while laundering shifted from mixers to cross-chain bridges. TRM's 2026 crypto crime report aggregates on-chain tracing and intelligence to quantify these trends.
read more →

Labyrinth Chollima Splits into Three North Korean Groups

🛡️ CrowdStrike reports that the long-running North Korean-linked operator Labyrinth Chollima has fragmented into three distinct teams: Labyrinth Chollima, Golden Chollima and Pressure Chollima. All three trace their roots to the legacy KorDLL framework but now employ separate evolved frameworks (Hoplight, Jeus, MataNet/TwoPence) and divergent toolsets. CrowdStrike assesses with high confidence that Labyrinth remains focused on espionage while Golden and Pressure have largely shifted to cryptocurrency-targeted activity, though shared code and infrastructure indicate ongoing centralized coordination.
read more →

January 2026 security roundup with Tony Anscombe — Lessons

🛡️ January brought several high-impact incidents that underline persistent enterprise risks. ServiceNow patched a critical AI-driven vulnerability (CVE-2025-12420) that could let unauthenticated actors impersonate admins on its AI platform. Unsecured Zendesk systems were abused for a large spam campaign, while the World Economic Forum reports cyber-fraud has overtaken ransomware as CEOs' top worry. Nike is also probing an alleged theft of 1.4 TB of data.
read more →

Defending Against ShinyHunters Branded SaaS Extortion

🔐 Mandiant is tracking a notable expansion of ShinyHunters-branded extortion campaigns that use evolved vishing and victim-branded credential harvesting to compromise SSO credentials and enroll unauthorized devices into corporate MFA. These intrusions exploit social engineering — not product vulnerabilities — to pivot into cloud SaaS environments and perform bulk exports and administrative abuse. The post provides prioritized containment, hardening, logging, and detection guidance, and urges adoption of phishing-resistant MFA such as FIDO2 security keys and passkeys.
read more →

Badges, Bytes and Blackmail: Law Enforcement Trends

🛡️ Orange Cyberdefense compiled a dataset of 418 publicly reported law enforcement actions from 2021 to mid-2025 to clarify how agencies address cybercrime. The study shows extortion (including ransomware), malware, and hacking are the most targeted offenses, while arrests (29%), takedowns (17%) and charges (14%) are the predominant responses. The U.S. DOJ and FBI are most visible, with extensive public–private collaboration supporting operations.
read more →

NCA and NatWest Warn Businesses of Invoice Fraud Risks

⚠️ NatWest and the UK's National Crime Agency (NCA) have launched a joint awareness campaign to highlight rising invoice fraud affecting businesses, including BEC and payment redirection. The initiative warns that fraudsters impersonate suppliers, intercept emails and pressure victims into urgent payments that are then diverted. Guidance urges businesses to Check, Verify, Never transfer funds until payment details are independently confirmed. The campaign also stresses that Accounts Payable and Finance teams are frequent targets of these schemes.
read more →

Human Risk Management: Rethinking Security Training

🔒Security awareness training (SAT) increasingly fails to reduce real-world human risk, even as organizations spend billions and meet regulatory mandates like HIPAA, GDPR, and PCI. The article argues that firms should move from knowledge-focused SAT to human risk management (HRM), which measures actual user behavior through email, web, and IAM integrations and targets the riskiest users. Leading vendors such as Fable Security, KnowBe4, and Mimecast bundle SAT content into HRM platforms and use AI to deliver personalized micro-learning, simulations, and behavioral nudges that aim to create lasting habit change.
read more →

Russian Cyber Threats to the 2026 Winter Olympics Overview

🔐 This Unit 42 analysis outlines the evolving Russian cyber threat to the Milano Cortina 2026 Winter Olympics, framing Russia’s IOC exclusion as a geopolitical grievance that raises the risk of disruptive operations. It reviews historical GRU-linked campaigns against prior Games and projects plausible scenarios ranging from destructive OT malware to AI-driven deepfakes and V2X manipulation. The report recommends zero‑trust visibility, IoT anomaly detection, telemetry verification, and micro‑segmentation to reduce operational impact.
read more →

Threat Source: Resilience, trends, and hard truths

📰 Hazel Burton opens this Threat Source newsletter by acknowledging how difficult it can be to stay engaged with the news and suggests small, human respites—like the U.K. show Taskmaster—to remind readers creativity and levity persist under pressure. On the technical side, Cisco Talos Incident Response’s Q4 2025 report shows exploitation of public-facing applications remains the leading initial access vector (down from 62% to ~40%), while phishing and credential harvesting rose and ransomware incidents fell to 13% with Qilin still common. The newsletter urges rapid patching, correct MFA configuration and monitoring, and comprehensive logging to detect suspicious activity.
read more →

2026 Data Security Index: Securing AI and Sensitive Data

🔒 The 2026 Microsoft Data Security Index explores how organizations can harness generative AI while protecting sensitive information and maintaining productivity. Based on responses from more than 1,700 security leaders, the report highlights three priorities: consolidating fragmented tools into unified platforms, managing AI-driven workflows securely, and leveraging generative AI to strengthen security operations. It recommends practical approaches using Microsoft Purview for continuous discovery and governance and Microsoft Security Copilot for automated investigation with human oversight.
read more →

Roblox Mod Downloads Becoming Major Infostealer Risk

🛡️Infostealer-laden Roblox “mods” and gaming downloads are a growing initial-access vector, commonly distributed through YouTube videos, Discord invites, GitHub repos, and cloud links. Within seconds these malicious executables harvest browser-saved passwords, session cookies, OAuth tokens, VPN credentials, SSH keys, and crypto wallets. Victims often run them on family or home PCs, enabling attackers to acquire corporate SSO access, bypass MFA with valid tokens, and move laterally. Identity compromise — not software exploits — is the primary enterprise threat.
read more →

Identities in Focus as Cybercriminals Shift Tactics Worldwide

🔐 The State of Incident Response Report 2026 from Eye Security finds cybercriminals increasingly exploiting legitimate credentials rather than breaking systems. Identity-based attacks now dominate, with 97% of incidents involving passwords and Business Email Compromise making up over 70% of cases. Ransomware remains a major threat as RaaS and access-broker marketplaces lower barriers. Analysis of 630 European incidents (2023–2025) shows many breaches begin with phishing, misconfigured internet-facing systems, or social engineering, and can go undetected for weeks.
read more →

Ransomware Data Leaks Surge in Q4 2025 Despite Fewer Groups

🔐 ReliaQuest analysis shows ransomware data leaks rose sharply in Q4 2025, with posts on leak sites up 50% quarter-on-quarter and 40% year-on-year. The researchers found fewer active ransomware groups overall, but top-tier RaaS operators increased their output and speed of execution. Qilin, Akira and Sinobi were the most prolific, with Qilin claiming 450+ victims. ReliaQuest urges stronger controls such as MFA and improved data-exfiltration monitoring to reduce impact.
read more →

ThreatsDay: Small Shifts, Big Cybersecurity Risks Ahead

🔎 This week's ThreatsDay bulletin highlights quiet but meaningful shifts where familiar tools and trusted platforms are repurposed to breach access, steal data, or launder funds. Law enforcement seized the RAMP forum while threat actors pivot to alternatives, creating operational churn and new exposures. Guidance from CISA on post‑quantum cryptography and urgent patches for Linux and Dormakaba systems underscore near‑term priorities amid rising phishing, supply‑chain, and ransomware activity.
read more →

US Data Breaches Hit Record High in 2025; Victims Drop

📈 The Identity Theft Resource Center (ITRC) reports a record 3,332 US data "compromises" in 2025, a 5% rise from 2024. Despite the higher incident count, individual victims fell to 279 million from 1.4 billion, driven by the absence of large-scale "mega breaches" seen in 2023. Financial services was the hardest-hit sector with 739 compromises (22%). The ITRC warned that opaque breach notices—70% lacked attack type—undermine consumer protection and urged Zero Trust, stronger identity verification and greater transparency.
read more →

UK Cyber Threat Shift: Disruption Replaces Ransomware

⚠️ The UK threat landscape changed markedly in 2025: the country became the most targeted in Europe, receiving about 16% of recorded attacks. The dominant intent shifted from monetization to disruption, with defacement comprising nearly half of incidents and overtaking ransomware as the primary concern. Many organizations that built defenses around extortion found their threat models misaligned. Security teams must broaden detection, harden web-facing assets, and update incident response playbooks to address disruption-focused adversaries.
read more →

Global survey of 100 energy sites finds widespread OT risks

🔍 A study by OMICRON based on multi-year deployments of its StationGuard IDS across more than 100 substations, power plants, and control centers found pervasive cybersecurity and operational shortcomings. Passive network monitoring exposed unpatched PAC devices, undocumented external connections, weak segmentation, and incomplete asset inventories—issues often visible within 30 minutes of connection. The findings emphasize the need for protocol-aware, network-level detection and automated asset discovery to meet frameworks such as IEC 62443 and NIST.
read more →