All news in category “Threat and Trends Reports”

🛡️ Doxxing is the deliberate public exposure of someone's personal information online, and for children it can cause serious emotional harm and physical safety risks. Parents should reduce the personal data their kids share, review privacy settings and disable geolocation. Protect accounts with unique passwords stored in a password manager and enable multifactor authentication. If doxxing occurs, document evidence, report to platforms and authorities, and provide calm, nonjudgmental support to your child.

🔒 Cloud security posture management (CSPM) combines threat intelligence, continuous detection, and automated remediation to find and fix cloud misconfigurations that can expose data. Customers—not cloud providers—are responsible for configuring and protecting workloads, so organizations must select CSPM that delivers multicloud visibility, integrated data security, and policy-driven automated remediation. Modern offerings increasingly fold CSPM into broader CNAPP and SSE suites from vendors such as Wiz, Palo Alto Networks, Tenable, and CrowdStrike, making coverage, integration, and operational model critical factors in vendor selection.

🛡️ This edition of Talos Threat Source urges a simple behavioral shift: practice care in what, how, and why you share information during the holiday season and beyond. The briefing highlights operational pressures as teams run lean and attackers intensify phishing and supply‑chain campaigns, and it outlines practical changes such as retiring obsolete ClamAV signatures and encouraging feature‑release container tags for better security maintenance. Thoughtful, timely sharing of tips, IOCs, and status updates can materially improve collective resilience when resources are constrained.

🔒 Kaspersky Labs reports that the ToddyCat APT refined its toolkit in late 2024 and early 2025 to harvest Outlook offline archives and Microsoft 365 OAuth tokens in addition to browser credentials. New PowerShell and C++ components — notably TomBerBill and TCSectorCopy — copy browser artifacts and sector‑level OST files while attackers also attempt in‑memory token grabs from Outlook processes to maintain persistent access.

🔐 The FBI warns that cybercriminals impersonating banks and payment services have caused over $262 million in losses this year through account takeover (ATO) fraud and more than 5,100 complaints. Attackers use phishing, SEO poisoning, calls and SMS to harvest credentials and MFA/OTP codes, then transfer funds to intermediary accounts and convert proceeds to cryptocurrency. The advisory highlights growing use of AI-generated phishing and holiday-themed scams and urges vigilance, unique passwords, URL checks and stronger authentication.

🛡️Huntress warns of an evolved ClickFix campaign that uses a convincing full‑screen Windows Update splash and steganographic PNGs to trick employees into pasting and running commands. Those commands deliver loaders that in turn deploy LummaC2 and Rhadamanthys infostealers. The firm reports a 313% increase in ClickFix incidents over six months and noted multiple active lure domains even after the Nov 13 Operation Endgame takedown. Primary mitigation advice is to disable the Windows Run dialog via Registry or GPO and pair user awareness with endpoint monitoring and EDR.

🔍 Dark Atlas has uncovered a growing cluster of fraudulent domains used by the Chinese-speaking Smishing Triad to impersonate major Egyptian and global service providers, including Fawry, Egypt Post and Careem. Analysts traced malicious infrastructure in AS132203 — linked to Tencent facilities — after examining HTTP headers and running targeted Shodan searches, which revealed additional spoofed pages for brands such as UnionPay and TikTok. The group advertises a configurable smishing kit on Telegram that automates deployment of multilingual phishing templates for delivery, telecom, government and payment services worldwide.

🔒 Telecom operators must abandon perimeter assumptions and adopt a zero trust mindset that treats verification as continuous rather than a one-time event. This shift is organizational as much as technical, requiring unified IT/OT policies, least-privilege access and microsegmentation to limit lateral movement. The article recommends pragmatic steps — wrapping legacy systems with secure gateways and centralized authentication — and aligning controls with frameworks such as NIST and NIS2, while tracking concrete KPIs in the first 180 days.

⚠️ Cybersecurity researchers report a JackFix campaign that uses fake Windows Update pop-ups on cloned adult sites to trick users into running mshta.exe and PowerShell commands. According to Acronis and Huntress, the attack chain leverages obfuscation, privilege escalation and can deploy multiple stealers including Rhadamanthys, RedLine and Vidar. Organizations are advised to train users and consider disabling the Windows Run box via Group Policy or Registry changes to reduce risk.

🛡️ FortiGuard Labs' 2025 holiday analysis documents a marked increase in malicious infrastructure, credential theft, and targeted exploitation of e-commerce systems during the pre-holiday period. Attackers registered tens of thousands of holiday- and retail-themed domains and sold over 1.57 million account records from stealer logs, fueling credential stuffing and account takeover. The report highlights active exploitation of critical flaws in platforms such as Magento, Oracle EBS, and WooCommerce, and emphasizes urgent mitigations: patching, MFA, bot management, domain monitoring, and payment-page integrity checks to reduce fraud and protect customers.

🌐 Check Point's 2026 analysis warns that an unprecedented convergence of AI, quantum computing, and an immersive Web 4.0 will reshape digital risk. Autonomous systems and hyper-automation will blur boundaries between cloud, networks, and physical infrastructure, expanding attack surfaces and changing the nature of digital trust. The report calls for updated cryptography, enhanced detection, and cross-industry resilience planning.

⚠️ 2026 will reshape SOC priorities as adversaries adopt AI to scale evasive attacks, creating urgent challenges across detection, triage, and proving business value. The piece identifies three critical problems: increasingly evasive threats, alert overload and analyst burnout, and the need to quantify ROI for security investments. It recommends interactive malware analysis to reveal full attack chains, real-time threat intelligence to enrich alerts and speed triage, and continuous, measurable intelligence (API/SDK-driven) to turn SOC activity into demonstrated business value.

🔍 Sumsub’s 2025 Identity Fraud Report finds that global identity fraud attempts fell slightly to 2.2%, but highly sophisticated attacks rose 180%. These multi-vector schemes combine synthetic identities, AI-driven deepfakes, layered social engineering, device tampering and cross-channel manipulation, making them far harder to detect. The report warns organisations to replace manual controls with real-time behavioural and telemetry analysis to counter this shift from quantity to quality in fraud.

🔒 Social media influencers are increasingly attractive targets for cybercriminals who hijack trusted accounts to distribute scams, malware and fraudulent offers. Attackers use spearphishing, credential stuffing, brute-force attacks and SIM swapping, and AI is making those lures more convincing. Compromised accounts may be sold or used to push crypto and investment scams, exfiltrate follower data or extort victims. Practical defences include long, unique passwords, app-based 2FA, phishing awareness, device separation and up-to-date security software.

🛡️ Organizations should rebuild security frameworks when they fail to sense environmental change, respond effectively to incidents, or support proactive risk management. Experts recommend a dynamic sensing-and-response capability, routine reviews (biannual heavy reviews with interim cursory checks), and deliberate integration of NIST baselines with industry-specific controls. Key warning signs include any breach, chronic alert overload, negative KRIs/KPIs, endpoint and AI gaps, and a compliance-only posture that ignores business risk. Rebuilds are also warranted after major business or regulatory shifts or when incremental fixes no longer suffice.

🚨 Trend Micro warns agentic AI will increasingly automate attacks next year, with state-backed actors leading innovation before cybercriminals adopt the approach. Researchers say agentic systems — capable of taking autonomous actions — could chain discovery, exploitation and persistence steps, enabling less-skilled operators to run complex intrusions. The firm urges defenders to treat agents as privileged users and apply least-privilege, monitoring and assume-breach practices.

🔐 Multicloud adoption improves flexibility but introduces security and visibility risks unless managed centrally. Establish a central authority to define strategy, enforce policies and select cross-cloud tools, while implementing unified governance backed by identity management and automation. Treat every environment as a single trust boundary, enforce least privilege, and correlate telemetry for a unified detection-and-response posture. Limit access with short-lived sessions, recording and DLP to reduce attack surface and support auditability.

🔐 A Trend Micro report warns that ransomware groups are shifting from on-premises targets to cloud object storage, particularly AWS S3, by abusing integrated encryption and key management. Attackers probe configurations from AWS-managed KMS keys to customer-provided and external key stores to encrypt or irreversibly lock data. The report urges hardening S3 settings, enforcing least privilege, enabling versioning and Object Lock, and isolating backups.

🛡️ Cybersecurity work creates a relentless, always-on pressure that erodes mental health, driving sleep loss, anxiety and burnout. The piece outlines how constant alerts, moral responsibility for failures and siloed teams amplify errors and organizational risk. It calls for concrete changes—from individual boundaries and therapy to organizational psychological safety—and industry shifts such as integrating wellness into ISO and NIST frameworks.

🔍 Check Point's Harmony Mobile Detection Team discovered a broad Android adware campaign on Google Play that operated as a persistent background advertising engine. Masquerading as benign utilities and emoji editors, the apps continued running after closure or reboot, quietly consuming battery and mobile data. The campaign, dubbed GhostAd, comprised at least 15 related apps, with five still available at discovery.