< ciso
brief />
Threat and Trends Reports Banner

All news in category “Threat and Trends Reports

1639 articles · page 5 of 82

Staffing and AI Shape Modern SOC Challenges

🛡️ The SANS 2026 SOC Survey of 513 security professionals highlights staffing as the top operational challenge for SOCs, with a marked perception gap between practitioners and cyber leaders about hiring and retention. The report shows widespread AI/ML adoption (79%) but limited operational integration (36%), with most teams using vendor tools without customization. It also flags maturity issues in CTI use, OT/IoT coverage, and SOC measurement practices.
read more →

Detecting and Preventing Subdomain Takeover Risks

🔎 This post explains how subdomain takeover occurs when dangling DNS CNAME records point to deleted AWS resources and how attackers can reclaim those names to serve malicious content. It describes which AWS services use globally claimable namespaces (notably S3, CloudFront, and Elastic Beanstalk), outlines potential impacts such as reputation damage and phishing, and recommends detection using AWS Config inventory checks rather than DNS resolution. The article also summarizes a reference implementation that deploys a Lambda-based Config rule, Security Hub findings, optional SNS alerts, and mitigation best practices including deleting DNS records before resources and adopting account regional S3 namespaces where applicable.
read more →

GhostTree attack uses NTFS junctions to hide malware

🛡️ Attackers abuse NTFS junctions to create recursive directory loops that generate effectively infinite file paths, causing recursive scans and EDR products to hang. With only write access, an attacker can create junctions that point back to parent folders, producing GhostBranch or the more expansive GhostTree structures. These loops multiply possible paths exponentially, preventing file scanners from reaching malicious files and enabling evasion. Microsoft was notified and later patched the issue.
read more →

Cybersecurity Professionals Reporting Increased Job Strain

🔐 A new report from ISSA and Omdia, surveying 380 practitioners, finds 68% of cybersecurity professionals say their jobs have become harder in the past two years. The study highlights that >70% are excluded from key technology decisions, with rising involvement from IT operations and platform engineering (79%) and tech choices made without cyber input (72%). Work-related stress is significant: 69% report work-life balance challenges and 47% have considered leaving due to stress. Respondents point to leadership commitment, compensation, and career support as key factors for job satisfaction.
read more →

Survey Finds Anonymized IPs Drive Modern Incidents

🔍 A recent study of over 200 security practitioners by Spur Intelligence shows anonymizing infrastructure—VPNs and residential proxies—appears in nearly every incident, yet many teams lack the context and workflows to act on IP data. Analysts increasingly face noisy enrichment feeds without attribution, behavioral signals, or automation to inform real-time decisions. Organizations remain reactive, applying IP intelligence mainly during investigations, while internal risks from employee VPNs and proxy usage add blind spots that zero-trust must address.
read more →

Why many organizations struggle to implement zero trust

🔒 Zero trust, introduced by John Kindervag, remains a vital security strategy but many organizations struggle to implement it correctly. Reports from Accenture and Gartner show high rates of implementation challenges and failures, while researchers have highlighted vulnerabilities in some ZTNA products. Experts stress zero trust is a mindset and methodology — not a single product — and recommend starting small, aligning with business priorities, leveraging existing tools, and measuring outcomes to succeed.
read more →

Weekly Cyber Recap: Active Chrome 0‑Day Patch

⚠️ Google issued fixes for 74 Chrome flaws, including an actively exploited V8 out-of-bounds memory access (CVE-2026-11645). This week's recap highlights exploited enterprise bugs like Oracle PeopleSoft and Check Point VPN, large-scale supply-chain and package abuse in Arch's AUR, and the takedown of a major phishing-as-a-service operation. Practical guidance and trending CVEs round out the update.
read more →

Midwest Sees Rising Cyber Attacks on Key Sectors

📊 Check Point Research found that organizations in the Central US faced higher weekly cyber attack volumes through May 2026 compared with the national average. The region averaged about 1,552 attacks per week, rising to 1,612 in May versus a national 1,442. Energy, healthcare, and financial services drove the regional increases, with energy up 45% and healthcare the most targeted by volume.
read more →

Governing the growing ghost workforce risk

🛡️ Enterprises are facing an invisible workforce: non-human identities (bots, service accounts, API keys, tokens, certificates) that now often outnumber humans. These ghost identities authenticate constantly across environments and, when unmanaged, accumulate privileges and risks. The industry has seen incidents where forgotten or third-party machine identities enabled widespread breaches, and a looming 2026 certificate-expiration wave threatens cascading outages. Organisations must prioritise governance—discovering NHIs, assigning ownership, auditing privileges, and addressing imminent certificate expirations—before tool selection.
read more →

New macOS Biome App.MenuItem Artifact Discovered

🔎 This report details the discovery of a new macOS Tahoe 26 Biome stream, App.MenuItem, which records specific menu selections made by users across the OS. It explains the artifact's location at ~/Library/Biome/streams/restricted/App.MenuItem/local, the SEGB-encapsulated protobuf format, and recommended processing steps using ccl-segb. The article highlights how the stream reconstructs user intent and workflow, and notes limitations when menu text is non-descriptive.
read more →

Agentjacking: AI coding agents tricked into execution

🛡️ Cybersecurity researchers at Tenet Security disclosed a new attack class called Agentjacking that tricks AI coding agents into executing arbitrary code. The exploit leverages Sentry's public DSN and its MCP interaction to inject crafted error events, which agents like Claude Code and Cursor interpret as trusted resolution steps. Successful exploitation can expose sensitive data and run code with developers' privileges.
read more →

Cyber Threats Escalate Against Sports Organizations

🔒 Darktrace research reveals that 84% of sports organizations — including teams, venues and event bodies — were targeted by cyber-attacks in the last year, with 57% hit multiple times. The report highlights threats to stadium operations, fan data and supply chains, noting elevated phishing and AI-enabled social engineering. Experts urge a behavioral security approach focused on human and AI behavior to reduce high-profile disruption risks.
read more →

AI Reveals Cybersecurity’s Missing Health Model

🩺 The author argues that cybersecurity has operated like an emergency room—reactive and crisis-driven—while AI exposes the need for a preventative, continuous-health model. Current frameworks (NIST, MITRE) describe controls and adversaries but not organizational health; the proposed Clinical Cybersecurity Framework treats the enterprise as a living system with vital signs, continuous monitoring, and governance for new risks like AI. This shift reframes the CISO role toward reporting condition and building adaptive capacity.
read more →

Preparing for quantum-era threats to current encryption

🔒 The article explains the growing reality of “harvest now, decrypt later” attacks, where adversaries steal encrypted data today to decrypt later with quantum computers. It summarizes industry and government perspectives, noting that most organizations underprioritize the risk despite emerging standards like NIST’s 2024 post-quantum algorithms and EU transition roadmaps. The piece reviews mitigation options — PQC, QKD, and the need for cryptoagility — and highlights examples from Spain and financial institutions planning phased transitions.
read more →

AI-Driven Vulnerabilities and Security Fundamentals

🔍 Talos contrasts personal tech nostalgia with a sharp warning: AI-driven vulnerability discovery now outpaces human patching. The blog highlights how frontier models can autonomously find and exploit zero-days in minutes, collapsing the traditional vulnerability lifecycle. It urges organizations to move beyond patch-centric defenses and adopt a three-stage fallback model emphasizing prevention, detection, and resilience through controls like MFA, CIS benchmarks, segmentation, and behavioral EDR/XDR.
read more →

FROST: SSD-based Browser Fingerprinting Threat

🛡️ Researchers at Graz University of Technology describe FROST, a novel side-channel technique that uses the browser's origin private file system (OPFS) to monitor SSD timing and infer user activity. A malicious webpage leveraging OPFS can repeatedly access storage, measuring micro-delays that reveal what apps or websites are active. The team demonstrated data transmission rates around 660–720 bits/s with ~90% accuracy and used AI to classify app and site fingerprints. Practical constraints — RAM caching, large file creation, and likely EDR/XDR detection — limit FROST to targeted attacks, but it highlights hardware-level blind spots in modern security.
read more →

ThreatsDay bulletin: supply chain worm and AI risks

🛡️This week’s briefing highlights a surge in polished, commodified cybercriminal tools and large-scale data exposures. Notable items include a public supply-chain attack toolkit, a $5,000/month RAT that clones browser profiles, and research showing AI agents can be induced to leak credentials. The roundup covers high-impact incidents, evolving malware-as-a-service offerings, targeted intrusion campaigns, and concerning platform privacy changes.
read more →

Cybersecurity teams strained by lack of training time

🔒 A global ISC2 study of nearly 1,000 enterprise security leaders finds training budgets have risen but staff lack time to complete upskilling. AI is the top emerging skill organizations are addressing, yet practical barriers—competing workloads, outdated content, and trainer shortages—limit participation. Leaders urge protected, scheduled learning time and managerial support to make training effective.
read more →

Extortion-Only Attacks Rise, Shift Focus to Data Theft

🔍 Insurers report a marked increase in extortion-only incidents where attackers rely on data theft rather than encryption. Resilience found that 65% of extortion claims in H2 2025 did not involve encryption, and data theft accounted for 87% of ransomware claims by year-end. The report warns that paying for data suppression is unreliable, with 30–40% of paid cases still resulting in leaks, and recommends prevention, tabletop exercises, and pre-incident legal and response retainers.
read more →

Behavioral Integrity Risks in AI Agent Skills

🔎 AI agent skills can install third-party capabilities with privileged access, yet registries lack automated audits. Palo Alto Networks introduces Behavioral Integrity Verification (BIV), which compares declared metadata, executable code and natural-language instructions to detect mismatches. Applied to the OpenClaw registry, BIV found widespread deviations and identified multi-stage attack chains that enable credential theft, RCE and exfiltration. The report recommends inventorying skills and requiring pre-install behavioral checks.
read more →