All news in category “Threat and Trends Reports”

🤖 The 2025 State of AI Data Security Report shows AI is widespread in business operations while oversight remains limited. Produced by Cybersecurity Insiders with Cyera Research Labs, the survey of 921 security and IT professionals finds 83% use AI daily yet only 13% have strong visibility into how systems handle sensitive data. The report warns AI often behaves as an ungoverned non‑human identity, with frequent over‑access and limited controls for prompts and outputs.

🛡️ ESET researchers identified a MuddyWater campaign running from 30 September 2024 to 18 March 2025 that primarily targeted organizations in Israel and one confirmed technology victim in Egypt. Operators deployed newly observed custom tools — a reflective loader called Fooder and a C/C++ backdoor named MuddyViper — and abused RMM installers and reverse tunnels. The malware uses Windows CNG for AES-CBC encryption and communicates over HTTPS; operators deliberately minimized hands-on-keyboard activity to hinder detection.

🔒 IO's State of Information Security Report 2025 finds most UK and US cybersecurity professionals fear state-sponsored cyber-attacks, with 23% citing lack of preparedness for geopolitical escalation as their top concern. Surveying 3,000 security managers, IO reports 33% believe governments are not doing enough and many organisations worry about data loss, reputational harm and supply chain disruption. In response, 74% are investing in resilience and 97% are tailoring incident response, beefing up threat intelligence and securing supply chains.

🛡️ Zero-day attacks exploit software vulnerabilities that are unknown to the vendor, enabling attackers to compromise systems before patches are available. They target high-value platforms such as operating systems, web browsers, enterprise applications, and IoT devices, often using spear-phishing or zero-click techniques. Because signature-based tools frequently miss novel exploits, effective defense requires rapid patching, behavior-based detection (EDR, NDR, XDR), network segmentation, and investigative analysis of packet-level data to detect, contain, and learn from incidents.

🛡 GreyNoise Labs provides a free online IP-check tool that helps users determine whether their home or family public IP has been observed performing malicious scanning or appears in GreyNoise's dataset. The GreyNoise IP Check returns one of three outcomes: clean, suspicious/malicious activity, or traffic consistent with VPN, corporate, or cloud environments, and shows a 90-day activity history when correlations exist. For advanced users, an unauthenticated, rate‑limit‑free JSON API accessible via curl supplies structured data for integration into MDMs, VPN scripts, or network onboarding.

🛡️ The hiring pipeline is being exploited by sophisticated threat actors who create fake personas—complete with fabricated resumes, AI-generated videos, and stolen identities—to secure privileged remote roles inside organizations. Once hired these imposters can exfiltrate data, plant backdoors, or extort employers, making the risk especially acute for MSPs that manage multiple clients. Strengthening HR verification, staged access provisioning, hardware-based MFA, network segmentation, and ongoing security awareness training are essential to mitigate this insider impersonation threat.

🔒 Security leaders must shift from gatekeeper to partner, embedding practical risk controls early in product lifecycles so teams can deliver fast without exposing the business. By defining business-language risk tolerances, standardizing identity and logging, and automating guardrails in CI/CD and infrastructure-as-code, governance becomes an accelerator rather than a bottleneck. Pre-vetted, secure-by-default templates, runtime shielding and risk-based telemetry make the secure path easier for developers while preserving production resilience.

🔐 A new wave of the self‑replicating npm worm, dubbed Sha1‑Hulud: The Second Coming, impacted over 800 packages and 27,000 GitHub repositories, targeting API keys, cloud credentials, and repo authentication data. The campaign backdoored packages, republished malicious installs, and created GitHub Actions workflows for command‑and‑control while dynamically installing Bun to evade Node.js defenses. GitGuardian reported hundreds of thousands of exposed secrets; PyPI was not affected.

🔒 Professionals routinely share work-related details on platforms such as LinkedIn, GitHub and consumer networks like Instagram and X, creating a public intelligence trove that attackers readily exploit. Job titles, project names, vendor relationships, commit metadata and travel plans are commonly weaponised into spearphishing, BEC and deepfake-enabled schemes. Organisations should emphasise security awareness, implement clear social media policies, enforce MFA and password managers, actively monitor public accounts and run red-team exercises to validate controls.

🔒 Gartner and industry advisors outline a dozen signs that the CISO–CIO relationship is strained, from overridden recommendations and withheld information to board messaging conflicts and late security involvement in IT initiatives. These dysfunctions lead to misaligned priorities, duplicated technology purchases, and increased security gaps. The piece highlights contributing factors such as competing incentives and differing metrics, and prescribes practical fixes like regular one-on-ones, clarified responsibilities, alignment on enterprise risk and strategy, and a business-enablement approach that offers trade-offs and multiple solutions.

📅 New research from BitSight reveals that threat actors are exploiting third‑party calendar subscription mechanisms to inject malicious events and notifications directly into users' devices. Attackers are leveraging expired or hijacked domains to host deceptive .ics files and run large‑scale social engineering campaigns that can deliver phishing URLs, attachments, or code execution vectors. While this is not a vulnerability in Google Calendar or iCalendar, the findings expose a neglected security blind spot. Organizations and individuals should strengthen monitoring and protections around calendar subscriptions.

🔍 In his November roundup, ESET Chief Security Evangelist Tony Anscombe highlights major cybersecurity developments that warrant attention. He draws attention to Wiz's finding that API keys, tokens and other sensitive credentials were exposed in repositories at several leading AI companies, and to a joint advisory revealing the Akira ransomware group's estimated $244 million takings. Tony also flags privacy concerns around X's new location feature, outlines how Australia intends to enforce a proposed under‑16 social media ban, and notes a Europol/Eurojust operation that disrupted malware families including Rhadamanthys.

📧 Darktrace warns of a major increase in Black Friday-themed phishing, reporting a 620% spike in the weeks before the 2025 sales and forecasting a further 20–30% rise during Black Friday week. The firm highlights three primary tactics: brand impersonation, fake marketing domains and generative AI-generated adverts. Amazon was the most impersonated brand, and other US retailers were also targeted. Consumers are advised to verify senders and avoid clicking suspicious links.

🔒 Remote Privileged Access Management (RPAM) provides a cloud-native approach to securing privileged accounts beyond traditional perimeters, enabling administrators, contractors and third-party vendors to connect securely from any device or location. RPAM enforces least-privilege, Just-in-Time access and multi-factor authentication while recording detailed session logs without relying on VPNs. By supporting zero-trust principles and scalable deployments, RPAM reduces attack surface and streamlines compliance.

☁ IT leaders must align business goals, governance, and security to realize multicloud benefits while managing complexity. This report outlines five core challenges — including visibility, compliance, and developer productivity — and provides guidance on securing multicloud deployments. It also examines ROI strategies and a practical checklist to maximize value and efficiency.

🔒 This article identifies seven security practices that have become obsolete in modern, cloud-first and hybrid workplaces. Contributors including Amit Basu, George Gerchow and others warn against relying on perimeter defenses, legacy VPNs, SMS-based 2FA and on-premises SIEMs, and caution about overreliance on EDR or compliance-only programs. It recommends shifting to Zero Trust, SASE, continuous monitoring and active security awareness to close visibility gaps and reduce risk.

🔐 IT security often meets resistance when guidelines clash with everyday work pressures, causing employees to view measures as obstructive and to bypass them. The article advocates empathetic policy engineering: perform stakeholder analysis, design user-centered policies, and pilot changes with early adopters. Communicate with respect—use tactical empathy, collaborative 'help me to help you' dialogues, and realistic, scenario-based training to boost acceptance and embed secure practices.

🔒 Singaporean researchers demonstrated how inexpensive offline dashcams can be weaponized into a self‑propagating surveillance network. They identified common weaknesses — default or hardcoded Wi‑Fi credentials, exposed services (FTP/RTSP), MAC‑spoofing and replay attacks — that allow attackers to download video, audio, timestamps and GPS metadata. The team showed mass compromise is feasible and offered mitigation steps for vendors and drivers.

🔒 Huntsman Security's analysis of ICO reports from Q3 2024 to Q2 2025 indicates the retail and manufacturing sector experienced only minor seasonal peaks, with 1,381 incidents overall and quarterly counts clustered in the mid-300s. The firm reported 618 breaches caused by brute force, misconfigurations, malware, phishing and ransomware, and urged a shift to continuous assurance so defenses do not drift into vulnerable states. Other vendors cautioned that more than half of recent ransomware incidents occurred on weekends or holidays, while researchers warned of AI-enabled fake e-commerce sites, typosquatted domains and package-tracking scams targeting shoppers.

🔍 This week's briefing highlights resurgent Mirai variants, AI-enabled malware, and large-scale social engineering and laundering operations. Security vendors reported ShadowV2 and RondoDox infecting IoT devices, while researchers uncovered the QuietEnvelope mail-server backdoors and a Retell AI API flaw enabling automated deepfake calls. Regulators and vendors are pushing fixes, bans, and protocol upgrades as defenders race to close gaps.