All news in category "Threat and Trends Reports"

Oversharing Risks: Employees Posting Too Much Online

🔒 Professionals routinely share work-related details on platforms such as LinkedIn, GitHub and consumer networks like Instagram and X, creating a public intelligence trove that attackers readily exploit. Job titles, project names, vendor relationships, commit metadata and travel plans are commonly weaponised into spearphishing, BEC and deepfake-enabled schemes. Organisations should emphasise security awareness, implement clear social media policies, enforce MFA and password managers, actively monitor public accounts and run red-team exercises to validate controls.

12 Signs the CISO-CIO Relationship Is Broken: Causes & Fixes

🔒 Gartner and industry advisors outline a dozen signs that the CISO–CIO relationship is strained, from overridden recommendations and withheld information to board messaging conflicts and late security involvement in IT initiatives. These dysfunctions lead to misaligned priorities, duplicated technology purchases, and increased security gaps. The piece highlights contributing factors such as competing incentives and differing metrics, and prescribes practical fixes like regular one-on-ones, clarified responsibilities, alignment on enterprise risk and strategy, and a business-enablement approach that offers trade-offs and multiple solutions.

Threat Actors Abuse Calendar Subscriptions for Attacks

📅 New research from BitSight reveals that threat actors are exploiting third‑party calendar subscription mechanisms to inject malicious events and notifications directly into users' devices. Attackers are leveraging expired or hijacked domains to host deceptive .ics files and run large‑scale social engineering campaigns that can deliver phishing URLs, attachments, or code execution vectors. While this is not a vulnerability in Google Calendar or iCalendar, the findings expose a neglected security blind spot. Organizations and individuals should strengthen monitoring and protections around calendar subscriptions.

November 2025 security roundup: leaks, ransomware, policing

🔍 In his November roundup, ESET Chief Security Evangelist Tony Anscombe highlights major cybersecurity developments that warrant attention. He draws attention to Wiz's finding that API keys, tokens and other sensitive credentials were exposed in repositories at several leading AI companies, and to a joint advisory revealing the Akira ransomware group's estimated $244 million takings. Tony also flags privacy concerns around X's new location feature, outlines how Australia intends to enforce a proposed under‑16 social media ban, and notes a Europol/Eurojust operation that disrupted malware families including Rhadamanthys.

Three Black Friday Phishing Scams to Watch in 2025

📧 Darktrace warns of a major increase in Black Friday-themed phishing, reporting a 620% spike in the weeks before the 2025 sales and forecasting a further 20–30% rise during Black Friday week. The firm highlights three primary tactics: brand impersonation, fake marketing domains and generative AI-generated adverts. Amazon was the most impersonated brand, and other US retailers were also targeted. Consumers are advised to verify senders and avoid clicking suspicious links.

Adopting Remote Privileged Access: The Shift to RPAM

🔒 Remote Privileged Access Management (RPAM) provides a cloud-native approach to securing privileged accounts beyond traditional perimeters, enabling administrators, contractors and third-party vendors to connect securely from any device or location. RPAM enforces least-privilege, Just-in-Time access and multi-factor authentication while recording detailed session logs without relying on VPNs. By supporting zero-trust principles and scalable deployments, RPAM reduces attack surface and streamlines compliance.

Making the Most of Multicloud: Strategy and Security

☁ IT leaders must align business goals, governance, and security to realize multicloud benefits while managing complexity. This report outlines five core challenges — including visibility, compliance, and developer productivity — and provides guidance on securing multicloud deployments. It also examines ROI strategies and a practical checklist to maximize value and efficiency.

Seven Security Practices That Should Be Retired Now

🔒 This article identifies seven security practices that have become obsolete in modern, cloud-first and hybrid workplaces. Contributors including Amit Basu, George Gerchow and others warn against relying on perimeter defenses, legacy VPNs, SMS-based 2FA and on-premises SIEMs, and caution about overreliance on EDR or compliance-only programs. It recommends shifting to Zero Trust, SASE, continuous monitoring and active security awareness to close visibility gaps and reduce risk.

Empathy-Driven IT Security: Path to Active Compliance

🔐 IT security often meets resistance when guidelines clash with everyday work pressures, causing employees to view measures as obstructive and to bypass them. The article advocates empathetic policy engineering: perform stakeholder analysis, design user-centered policies, and pilot changes with early adopters. Communicate with respect—use tactical empathy, collaborative 'help me to help you' dialogues, and realistic, scenario-based training to boost acceptance and embed secure practices.

Researchers Expose Widespread Dashcam Botnet Risk to Privacy

🔒 Singaporean researchers demonstrated how inexpensive offline dashcams can be weaponized into a self‑propagating surveillance network. They identified common weaknesses — default or hardcoded Wi‑Fi credentials, exposed services (FTP/RTSP), MAC‑spoofing and replay attacks — that allow attackers to download video, audio, timestamps and GPS metadata. The team showed mass compromise is feasible and offered mitigation steps for vendors and drivers.

Retailers Brace for Holiday Fraud, Not Major Breach Spike

🔒 Huntsman Security's analysis of ICO reports from Q3 2024 to Q2 2025 indicates the retail and manufacturing sector experienced only minor seasonal peaks, with 1,381 incidents overall and quarterly counts clustered in the mid-300s. The firm reported 618 breaches caused by brute force, misconfigurations, malware, phishing and ransomware, and urged a shift to continuous assurance so defenses do not drift into vulnerable states. Other vendors cautioned that more than half of recent ransomware incidents occurred on weekends or holidays, while researchers warned of AI-enabled fake e-commerce sites, typosquatted domains and package-tracking scams targeting shoppers.

ThreatsDay: AI Malware, Voice Scam Flaws, and IoT Botnets

🔍 This week's briefing highlights resurgent Mirai variants, AI-enabled malware, and large-scale social engineering and laundering operations. Security vendors reported ShadowV2 and RondoDox infecting IoT devices, while researchers uncovered the QuietEnvelope mail-server backdoors and a Retell AI API flaw enabling automated deepfake calls. Regulators and vendors are pushing fixes, bans, and protocol upgrades as defenders race to close gaps.

How Parents Can Protect Children from Doxxing Online

🛡️ Doxxing is the deliberate public exposure of someone's personal information online, and for children it can cause serious emotional harm and physical safety risks. Parents should reduce the personal data their kids share, review privacy settings and disable geolocation. Protect accounts with unique passwords stored in a password manager and enable multifactor authentication. If doxxing occurs, document evidence, report to platforms and authorities, and provide calm, nonjudgmental support to your child.

Choosing the Best Cloud Security Posture Management Tools

🔒 Cloud security posture management (CSPM) combines threat intelligence, continuous detection, and automated remediation to find and fix cloud misconfigurations that can expose data. Customers—not cloud providers—are responsible for configuring and protecting workloads, so organizations must select CSPM that delivers multicloud visibility, integrated data security, and policy-driven automated remediation. Modern offerings increasingly fold CSPM into broader CNAPP and SSE suites from vendors such as Wiz, Palo Alto Networks, Tenable, and CrowdStrike, making coverage, integration, and operational model critical factors in vendor selection.

Care That You Share: Holiday Risks and Mitigations

🛡️ This edition of Talos Threat Source urges a simple behavioral shift: practice care in what, how, and why you share information during the holiday season and beyond. The briefing highlights operational pressures as teams run lean and attackers intensify phishing and supply‑chain campaigns, and it outlines practical changes such as retiring obsolete ClamAV signatures and encouraging feature‑release container tags for better security maintenance. Thoughtful, timely sharing of tips, IOCs, and status updates can materially improve collective resilience when resources are constrained.

ToddyCat APT Targets Outlook Archives and M365 Tokens

🔒 Kaspersky Labs reports that the ToddyCat APT refined its toolkit in late 2024 and early 2025 to harvest Outlook offline archives and Microsoft 365 OAuth tokens in addition to browser credentials. New PowerShell and C++ components — notably TomBerBill and TCSectorCopy — copy browser artifacts and sector‑level OST files while attackers also attempt in‑memory token grabs from Outlook processes to maintain persistent access.

FBI: $262M Lost to ATO Fraud as AI Phishing Escalates

🔐 The FBI warns that cybercriminals impersonating banks and payment services have caused over $262 million in losses this year through account takeover (ATO) fraud and more than 5,100 complaints. Attackers use phishing, SEO poisoning, calls and SMS to harvest credentials and MFA/OTP codes, then transfer funds to intermediary accounts and convert proceeds to cryptocurrency. The advisory highlights growing use of AI-generated phishing and holiday-themed scams and urges vigilance, unique passwords, URL checks and stronger authentication.

New ClickFix Attacks Use Fake Windows Update Lures

🛡️Huntress warns of an evolved ClickFix campaign that uses a convincing full‑screen Windows Update splash and steganographic PNGs to trick employees into pasting and running commands. Those commands deliver loaders that in turn deploy LummaC2 and Rhadamanthys infostealers. The firm reports a 313% increase in ClickFix incidents over six months and noted multiple active lure domains even after the Nov 13 Operation Endgame takedown. Primary mitigation advice is to disable the Windows Run dialog via Registry or GPO and pair user awareness with endpoint monitoring and EDR.

Smishing Triad Expands Phishing Campaigns Targeting Egypt

🔍 Dark Atlas has uncovered a growing cluster of fraudulent domains used by the Chinese-speaking Smishing Triad to impersonate major Egyptian and global service providers, including Fawry, Egypt Post and Careem. Analysts traced malicious infrastructure in AS132203 — linked to Tencent facilities — after examining HTTP headers and running targeted Shodan searches, which revealed additional spoofed pages for brands such as UnionPay and TikTok. The group advertises a configurable smishing kit on Telegram that automates deployment of multilingual phishing templates for delivery, telecom, government and payment services worldwide.

Telecom Security Reboot: Making Zero Trust Operational

🔒 Telecom operators must abandon perimeter assumptions and adopt a zero trust mindset that treats verification as continuous rather than a one-time event. This shift is organizational as much as technical, requiring unified IT/OT policies, least-privilege access and microsegmentation to limit lateral movement. The article recommends pragmatic steps — wrapping legacy systems with secure gateways and centralized authentication — and aligning controls with frameworks such as NIST and NIS2, while tracking concrete KPIs in the first 180 days.