< ciso
brief />
Threat and Trends Reports Banner

All news in category “Threat and Trends Reports

1639 articles · page 4 of 82

Search-Your-Target Market for Stolen Credentials

🔎 Flare analyzed 470 underground forum posts from January 2025 to June 2026 revealing a growing service layer that lets buyers query massive infostealer-derived credential collections for specific companies, platforms, domains, geographies, or account types. These sellers act as brokers, offering search, deduplication, formatting, and targeted delivery of credentials from databases claiming billions of records. Buyer feedback highlights gaps in quality, freshness, and validity, while the market partially overlaps with Initial Access Brokers and amplifies account takeover risks.
read more →

Legacy Infrastructure Enables AI Agent Hijacking

🔒 This article explains how attackers bypass AI security by exploiting legacy infrastructure that AI agents inherit, such as Active Directory, cloud storage, and unpatched servers. It outlines a staged attack where a CVE-exploited perimeter server leads to credential theft, lateral movement, and compromise of an AI Co-Pilot's knowledge base. The piece urges exposure management that maps dependencies and fixes choke points to protect AI environments.
read more →

Professional athletes, wearables, and privacy risks

🔒 Wearables raise acute privacy concerns for professional athletes because biometric data can directly affect livelihoods. While such data can aid training and injury prevention, access by coaches, teams, or leagues risks misuse in discipline, contract negotiations, and betting markets. Experts warn commercialization could enable gamblers and teams to exploit sensitive signals like sleep or heart rate, and aging or injured players may be most vulnerable. Legal and ethical safeguards remain unresolved.
read more →

Weekly Recap: Browser Bugs, EDR Killers, FortiBleed

📰 This week’s recap highlights recurring attack patterns: abused integrations, poisoned websites, fake tools, and ransomware groups disabling security products. Notable incidents include the large-scale FortiBleed campaign compromising FortiGate devices, the Gentlemen RaaS developing the GentleKiller EDR-killing suite, and active exploitation of a critical Splunk flaw. Mobile and crypto-related malware campaigns also featured prominently.
read more →

Tabletop simulates modern retail ransomware mayhem

🔍 The Semperis-run "Enter the War Room" tabletop at Infosecurity Europe simulated a ransomware and reputational attack on fictional supermarket BlueCart. Red-team operators exploited supplier trust, stolen credentials, weak MFA, and poor network segmentation to access AI supply-chain systems and exfiltrate loyalty data. Attackers combined misinformation, deepfakes, fake orders, and payroll disruption to magnify harm, while defenders focused on out-of-band communications, honeypots, and refusing ransom demands to limit impact.
read more →

Six CISO Strategies to Master Business Risk

🔐 Senior security leaders outline how CISOs must expand beyond technical risk to address business risk, aligning security with profitability, operations, and strategic objectives. They recommend partnering with business owners, mapping security to corporate OKRs, building relationships across functions, and running business-focused tabletop exercises. Formal education in governance and integrating cyber into enterprise risk management are stressed as critical steps to ensure cyber risks are evaluated alongside financial and operational risks.
read more →

INTERPOL: Cybercrime Surge in Asia and South Pacific

🔍 INTERPOL warns of a dramatic rise in cybercrime across Asia and the South Pacific driven by rapid digitalization, organized criminal networks, and uneven cybersecurity maturity. Phishing is identified as the most widespread and costly threat, while ransomware, AI-driven scams, deepfakes, and banking trojans have also surged. Authorities are scaling cross-border cooperation and resilience efforts to counter these threats.
read more →

Prime Day 2026: Surge in Amazon-Themed Scams

🛡️ Check Point Research warns that Amazon Prime Day (June 23–26, 2026) is generating a large pre-event surge in phishing, fake storefronts, and domain-squatting operations. Between December 2025 and May 2026, thousands of Amazon-themed domains were registered, with many already flagged as malicious. Attackers are building multi-TLD campaigns, regional IDN spoofs, and convincing counterfeit product pages to steal credentials and payments.
read more →

Growing detection gaps across non-email collaboration platforms

🔍 New research from KnowBe4 finds cybersecurity leaders increasingly lack confidence in detecting threats on non-email channels like Slack and Microsoft Teams. An Infosecurity Europe 2026 survey of 169 professionals reports that 50% of organizations do not have strong visibility across messaging and social platforms, even as 60% say attacks are moving beyond email. While email remains viewed as the riskiest channel, confidence in stopping email attacks (83%) is far higher than for Teams (61%), social media (51%), SMS/WhatsApp (50%) and Slack (40%).
read more →

Human behavior shapes cybersecurity outcomes

🛰️ Cisco Talos' Threat Source newsletter reflects on how human behavior, context, and competing priorities often override rational security decisions. The piece links a Spielberg film theme to cybersecurity, noting that knowledge alone doesn't ensure action — organizations struggle with budgets, workloads, and urgency. Talos highlights practical controls like segmentation, backups, and MFA, and showcases a new reverse-engineering method that pairs local AI agents with tools like vbdec to accelerate analysis while protecting sensitive binaries.
read more →

ThreatsDay: AI Abuse, Fileless Mac Attacks, and More

📰 This week's ThreatsDay roundup highlights a range of active campaigns and emerging risks, from DoH adoption in Windows Server 2025 to search-hijacking Chrome extensions and fileless macOS infections. Researchers uncovered abuse of shared AI chat features to deliver credential stealers, large-scale WhatsApp booking fraud, and memory-only stealers targeting banks. Vendors and agencies are responding with mitigations, advisories, and new product timelines to address quantum and AI-driven threats.
read more →

Cybercriminals Worried AI Will Displace Roles

🔎 Sophos CTU research finds cybercriminals debating the risks and benefits of AI tools across underground forums, marketplaces and messaging apps. Sellers are offering AI kits for phishing, malware automation, deepfake creation and social engineering, while some threat actors fear losing work to automated toolsets. The research highlights divided views, a spike in discussion after the release of Claude Mythos Preview, and advice for defenders to prioritize patching, MFA and visibility.
read more →

Spyware embeds forbidden text to foil AI analysis

🛡️ At least one malware author is inserting large comment blocks with policy-triggering content about nuclear and biological weapons into JavaScript payloads to disrupt AI-driven analysis. The decoy text sits inside comments so execution is unchanged while early-stage LLM-based triage can be confused or refuse to process the file. Traditional detection methods like YARA rules, entropy checks, and deobfuscation remain effective. This tactic targets naive pipelines that expose untrusted file starts to language models.
read more →

Automating Disassembly with Local AI Agents

🛠️ This blog demonstrates using AI agents to automate a VB6 disassembler by exposing its parsed model through the Windows Running Object Table and providing an operator briefing plus auto-generated prototypes. The agent (Claude Code in the examples) binds to the COM object, runs scripts to extract P-code, reconstruct source, generate call graphs, and export function metadata to SQLite, all locally without uploading binaries. The approach decouples tool features from fixed menus, enables repeatable exhaustive analysis, and preserves sensitive data on the analyst's workstation.
read more →

Cybercrime Escalates Across Asia-Pacific Amid Digitization

🛡️Interpol warns that cybercrime now accounts for 30% of crime in over half of Asia and South Pacific nations, driven by rapid digital adoption. The 2025/2026 Asia and South Pacific Cyberthreat Assessment, covering 18 countries, highlights online scams, infostealers, ransomware, deepfakes and BEC as primary threats. The report notes sharp rises in ransomware, DDoS and deepfake activity, and calls for improved cross-border collaboration and capacity building.
read more →

Employee uploads to AI tools nearly double enterprise risk

📈 The Zscaler 2026 AI Threat Report warns that sensitive enterprise data uploaded to AI and ML applications nearly doubled year-over-year, driven largely by tools like Grammarly and ChatGPT. The report found a 93% increase in enterprise data transfers and identified over 410 million DLP violations tied to ChatGPT and 242 million for Codium, exposing PII, financials, source code and healthcare data. Zscaler recommends inventorying GenAI apps, disabling risky defaults, enforcing zero trust for model interactions and applying inline inspection to protect sensitive information.
read more →

Survey Finds AI Attacks Top Concern for Security Leaders

🔍 A Filigran survey of 168 security leaders at Infosecurity Europe 2026 found AI-powered attacks are the leading worry, cited by 41% of respondents, outpacing supply chain and unknown threats. Teams report alert fatigue as a major time sink, with chasing false positives (26%) and validating risks (25%) common. Trust in threat intelligence and AI decision-making remains low, and only 28% have a continuous exposure management program.
read more →

Top 10 Attack Surface Exposures in 2026

🔍 Intruder analyzed 3,000 internet-facing attack surfaces to identify services that have no business being publicly reachable. Their 2026 Attack Surface Management Index found widespread exposure: 60% had at least one HTTP admin panel exposed, 49% had risky ports/services, 42% had internet-accessible databases, and 30% had publicly accessible files or documentation. The report lists the ten most common exposures and urges a shift from pure patching to active attack surface reduction.
read more →

Lessons from 22,000 Breaches for Incident Preparedness

🔍 The 2026 Verizon DBIR analyzed over 22,000 confirmed breaches across 145 countries and concludes that organizations cannot patch fast enough to prevent every incident. Exploitation of vulnerabilities became the leading initial access vector as critical flaws and their remediation windows grew, while ransomware and third-party breaches surged. The report urges realistic, technical tabletop exercises that rehearse containment, communication, and coordination under time pressure.
read more →

Staffing and AI Shape Modern SOC Challenges

🛡️ The SANS 2026 SOC Survey of 513 security professionals highlights staffing as the top operational challenge for SOCs, with a marked perception gap between practitioners and cyber leaders about hiring and retention. The report shows widespread AI/ML adoption (79%) but limited operational integration (36%), with most teams using vendor tools without customization. It also flags maturity issues in CTI use, OT/IoT coverage, and SOC measurement practices.
read more →