< ciso
brief />
Threat and Trends Reports Banner

All news in category “Threat and Trends Reports

1641 articles · page 40 of 83

Q4 2025 Talos IR: Public-Facing Exploits and Phishing

🔒 Talos Incident Response (Talos IR) reports that in Q4 2025 threat actors again favored exploitation of public-facing applications, appearing in nearly 40% of engagements, while phishing rose to the second-most common initial access vector. Notable exploit activity targeted Oracle E-Business Suite (CVE-2025-61882) and React2Shell (CVE-2025-55182), and attackers rapidly weaponized these flaws close to disclosure. Talos also observed deployment of APT-linked implants such as BadCandy and AquaShell, plus campaigns that targeted Native American tribal organizations for credential harvesting. The report emphasizes timely patching, strong MFA controls, centralized logging, and rapid incident response to limit impact.
read more →

UK Cybersecurity Workforce Surges 194% Between 2021 and 2025

🧑‍💻 Socura used ONS Annual Population Survey data to show the UK cybersecurity workforce nearly tripled — a 194% rise — between December 2021 and June 2025, growing from 28,500 to 83,700 professionals. Cyber is now the fifth fastest-growing occupation and the fastest among roles with at least 20,000 workers. Despite the surge, gaps remain: women make up only 21% of the workforce and regional talent shortages persist.
read more →

Labyrinth Chollima Splits into Three Specialized Adversaries

🔍 CrowdStrike details that LABYRINTH CHOLLIMA has diverged into three distinct DPRK-linked adversaries — GOLDEN CHOLLIMA, PRESSURE CHOLLIMA, and a narrowed espionage-focused LABYRINTH CHOLLIMA. Each subgroup maintains dedicated malware families and targeting priorities: GOLDEN and PRESSURE focus on cryptocurrency and fintech thefts while core LABYRINTH targets industrial, defense, and logistics sectors. Despite operational separation, shared tools and infrastructure point to centralized coordination within the DPRK cyber ecosystem.
read more →

Public Sector Cyber Outlook 2026: Identity and AI Trust

🔒 AI integration has shifted public-sector cybersecurity in 2026, forcing agencies to adopt AI-native detection and autonomous response, continuous identity verification, and secure-by-design AI deployments. Nation-state actors now automate intrusion, deception, and tailored malware, expanding risk to IT, OT and research environments. Agencies must consolidate platforms, accelerate post-quantum planning, and govern AI at mission scale.
read more →

Key Cybersecurity Trends Defining 2026 Risk Landscape

🛡️ The Cyber Security Report 2026 analyzes global attack activity and shows how adversaries are evolving into faster, more automated, and more coordinated operators. It documents AI-driven attacks, expanded ransomware operations, identity abuse, and multi-channel social engineering across hybrid and edge environments. The report highlights the deliberate combination of techniques at scale and outlines defensive priorities to address these integrated threats.
read more →

Zscaler Warns of Rising AI Security Threats as Usage Soars

⚠️ Zscaler's ThreatLabz 2026 report finds enterprise AI use rose 91% in 2025 after analyzing 989.3 billion AI/ML transactions on the Zscaler Zero Trust Exchange. Adoption has outpaced oversight across more than 3,400 AI applications, with OpenAI services the top LLM and Grammarly and ChatGPT becoming concentrated repositories of corporate data. Analysts reported critical vulnerabilities in 100% of observed AI systems and a median time to first critical failure of 16 minutes, warning that agentic AI could scale attacks at machine speed.
read more →

Surge in Malicious Open-Source Packages Raises Alarm

🔔 Sonatype's 2026 State of the Software Supply Chain report warns of a sharp rise in malicious open-source packages, finding 454,648 new malicious components in 2025 across Maven Central, PyPI, npm and NuGet. The vendor says developers downloaded components 9.8 trillion times last year and that threats have evolved from stunts into industrialized, multi-stage supply chain intrusions. The report highlights AI-related risks, typosquatting and namespace mimicry as primary enablers.
read more →

Near-Identical Password Reuse: An Overlooked Urgent Risk

🔐 Near-identical password reuse—small, predictable modifications to existing credentials—regularly bypasses standard complexity and password-history checks, creating a persistent attack vector even in well-managed environments. Attackers weaponize breached credential lists with automated transformations to infer updated passwords quickly. Users favor these tweaks because they are memorable and compliant on the surface. Implement continuous breach monitoring, similarity analysis, and centralized controls such as Specops Password Policy to detect and block overly similar replacements.
read more →

Chinese Money Laundering Networks Drive $82bn Global Shift

🔍 Chainalysis warns that Chinese-language money laundering networks now underpin a rapidly expanding global crypto laundering ecosystem, handling roughly 20% of illicit flows over the past five years. Last year these networks processed an estimated $16bn—about $44m per day—across 1,799+ active wallets. The firm traces the rise from a $10bn market in 2020 to over $82bn last year and identifies six operational typologies, from running point brokers to swapping-as-a-service, which increasingly avoid centralized exchanges and exploit OTC, gambling and mule-based layering services.
read more →

Always-on Privileged Access Risks in Modern Enterprises

🔐 Privileged accounts frequently remain active across enterprises, with a reported 91% of end-users operating at their highest privilege. Analysts link this to legacy governance, fragile integrations, and cumbersome PAM tooling that drives users to bypass controls. The growth of non-human identities—service accounts, APIs, CI/CD pipelines—exacerbates the issue because they authenticate programmatically and rarely expire. That standing access raises risks from accidental outages and data exposure to lateral attacker movement and weakened compliance.
read more →

Essential CISO Skills for 2026: Business, AI, Culture

🛡️ In 2026, CISOs must combine business acumen, AI literacy, and culture-building to enable growth and resilience rather than acting as technical gatekeepers. They need to translate complex AI and model risks into clear financial, operational, and reputational terms for boards while prioritizing cloud-native security and secure use of LLMs. Recommended credentials include (ISC)² CISSP, CCSP, and leadership programs, but practical experience, cross-functional influence, and low-cost learning tactics like peer communities and internal learning loops are often decisive.
read more →

Growing Android Threats in 2026: Fake Apps and NFC Risks

🛡️ In 2025–2026 Android ecosystems saw a sharp rise in malware distributed via sideloading, fake app stores and messaging platforms, alongside a surge in NFC-based cash-out schemes. Kaspersky highlights prolific families such as ClayRat, rising Trojan bankers and preinstalled firmware threats like Triada, and documents social-engineered VPN and relay attacks. The report emphasizes strict mobile hygiene and recommends Kaspersky for Android to detect trojanized APKs, block phishing and mitigate NFC exploits.
read more →

Four Key Problems That Hamper CISOs' Effectiveness

🔒 Many CISOs expect a major cyber incident within the next year but report their organizations are not prepared. The article identifies four primary barriers: teams not empowered to prioritize, failure to keep pace with business AI adoption, limited AI deployment in security, and a widening talent and skills gap. It recommends clear decision criteria, AI-focused governance, and targeted talent strategies to reduce bottlenecks and limit shadow AI risk.
read more →

From Cipher to Fear: Psychology of Modern Ransomware

🔐 Modern ransomware has evolved from a technical encryption problem into a psychology-driven extortion industry where stolen data, legal exposure, and reputation risk are the primary levers. Flare's 2025 analysis documents a fragmented, collaborative attacker ecosystem and a shift to pressure-first tactics like public shaming and identity abuse. Security teams must expand playbooks beyond backups to include legal and communications readiness, targeted configuration audits, and prioritized remediation based on active exploit intelligence.
read more →

ClickFix Uses Signed App-V Scripts to Deploy Amatera

🔒 Blackpoint researchers describe a campaign that chains ClickFix-style fake CAPTCHA prompts with a signed Microsoft App-V script to proxy PowerShell and deliver the Amatera information stealer. Victims are tricked into pasting a command into the Windows Run dialog that abuses SyncAppvPublishingServer.vbs to load an in-memory loader, which pulls configuration from a public Google Calendar and retrieves a PNG containing an encrypted PowerShell payload. The attack targets systems with App-V enabled (Enterprise/Education), relies on manual user interaction, and uses living-off-the-land techniques and trusted services to frustrate detection and automated analysis.
read more →

CTEM in Practice: Prioritizing Exploitable Exposure

🔍 Continuous Threat Exposure Management (CTEM) is a continuous operational model that connects threats, vulnerabilities, and the attack surface to surface truly exploitable exposures. Built around five steps — Scoping, Discovery, Prioritization, Validation, Mobilization — it shifts teams from tool-centric scanning to evidence-based remediation. Prioritized threat intelligence and validation-driven testing align fixes to real adversary behavior and help leadership measure cyber risk reduction.
read more →

Drowning in Spam? Ten Reasons and How to Stop It Now

📧 Inboxes can be overwhelmed by spam and scams for many reasons, from large-scale data breaches and web scraping to updated scam kits and AI-assisted phishing that evade filters. Attackers use these feeds to deliver malspam, impersonate trusted brands, or bury critical alerts through email bombing. Reduce exposure by keeping profiles private, using email-masking services, avoiding replies or unsubscribe links, and deploying reputable security software with layered anti-phishing and anti-spam protections.
read more →

Four Key Challenges Slowing CISOs’ Security Agendas

🛡️ Many CISOs now expect a material breach within the next 12 months, yet four persistent constraints are holding back security agendas: weak empowerment and decision training for teams, difficulty keeping pace with enterprise AI adoption, slow use of AI in security operations, and acute talent and skills shortages. The article draws on surveys from Proofpoint, Cyera, ISC2 and others, and quotes practitioners who recommend clear prioritization criteria, holistic AI risk profiling, and targeted talent strategies to restore momentum.
read more →

New MaaS 'Stanley' enables phishing Chrome extensions

⚠️Researchers at Varonis warn of a new malware‑as‑a‑service named Stanley that sells malicious browser extensions engineered to pass review and appear on the Chrome Web Store. The extensions overlay a full‑screen iframe with attacker-controlled phishing content while leaving the address bar intact, and claim silent auto‑installation on Chromium browsers. Stanley offers subscription tiers, including a Luxe Plan that assists with publishing extensions, and provides operator controls for targeting, notifications, and session correlation.
read more →

Digital Integrity: Why Firewalls and IDS Fall Short

🔐 In a connected business environment, the article argues that conventional perimeter controls like firewalls and intrusion-detection systems are no longer sufficient to protect organisations. It highlights how a $280 billion data-broker industry and billions of daily phishing emails create an expansive, often invisible outbound data flow that enables credible CEO fraud and targeted spear-phishing. The author recommends deploying Security & Privacy Boxes, strengthening employee training, self-hosting sensitive services and adopting a Zero Trust approach to reduce leakage and long-term APT dwell time.
read more →