< ciso
brief />
Threat and Trends Reports Banner

All news in category “Threat and Trends Reports

1639 articles · page 6 of 82

Agentjacking: AI coding agents hijacked via Sentry flaw

🛡️ Researchers describe a new "agentjacking" attack that tricks AI coding agents into executing arbitrary code by injecting malicious instructions into Sentry error events. Tenet Security says the flaw leverages Sentry DSNs — public, write-only credentials — to post crafted markdown that appears as legitimate remediation guidance. Agents retrieving unresolved errors via MCP render the injected content as trusted and may execute the embedded commands with developer privileges. The report confirmed high exploitability across popular agents and thousands of exposed DSNs.
read more →

Aged-domain acquisition enables phishing bypasses

🔒 Phishing operators increasingly buy or hijack aged legitimate domains to bypass enterprise email filters that weight domain age heavily. The author documents a Sneaky2FA campaign using a decade-old domain takeover revealed via certificate transparency logs, illustrating gaps in reputation scoring. Detection should include hosting-pattern stability, subdomain wordlist anomaly, and CT log monitoring to catch these rapid repurposings.
read more →

Smashing Security Podcast Episode 471 Overview

🎙️ Smashing Security episode 471 features Graham Cluley with guest James Ball discussing recent AI-related cybersecurity stories. They explore Meta AI mishaps that exposed passwords and an adaptive AI worm developed by University of Toronto researchers. The episode also touches on worms' history, the WannaCry aftermath, and the shifting legal and practical impacts of AI in cyber defense and offense.
read more →

Browser Threats Expose Gaps in Enterprise Security

🔒 Menlo Security's 2026 Browser Threat Report warns that many cybersecurity products fail to detect browser-based attacks. Based on telemetry from millions of enterprise browser sessions between January and March 2026, the research found one in five phishing attacks targeting enterprise browser users went undetected by legacy tools. The report highlights that modern enterprise activity increasingly occurs inside browsers, creating blind spots for products not built for the browser session layer. Menlo urges organizations to govern the browser session layer to better protect users and AI agents.
read more →

Rising Multi‑Layered Identity Crime Affects More Victims

🔍 The Identity Theft Resource Center's 2026 Trends in Identity Report, based on over 6,000 reports from April 1, 2025 to March 31, 2026, shows nearly 26% of victims experienced two or more concurrent identity incidents. Unauthorized device/PC access rose sharply to 27% of compromises and is now the primary threat for adults aged 35–64. Account takeovers made up 50% of misuse cases, while recovery rates dropped significantly when financial loss occurred. Experts warn that compromised devices enable broader attacks and call for testing and automation to improve incident response.
read more →

SMB Cyber Readiness: What Strengthens or Breaks It

🔒 The ESET SMB Cyber Readiness Index 2026 finds 45% of small and medium businesses experienced a cyber-incident in the past year, yet confidence in resilience often rises among repeat victims. The report highlights common root causes—phishing, unpatched vulnerabilities, monitoring gaps and weak passwords—and notes a mismatch between headline-driven fears like AI malware and the mundane vectors attackers exploit. Preparation, clear decision authority, and disciplined reduction of attack surface are critical to withstand incidents.
read more →

Attack Techniques Targeting Cloud Logging Services

🔍 Cloud logging services like AWS CloudTrail and Google Cloud Logging offer essential visibility into cloud activity but are also high-value targets for attackers. This article examines two primary attack goals—defense evasion and establishing continuous visibility—and demonstrates methods attackers use to disrupt or exfiltrate logs. It outlines practical attack techniques such as stopping logging, deleting storage or routers, abusing encryption keys, and log poisoning, and highlights detection and mitigation approaches.
read more →

Most Firms Admit Deploying Vulnerable Production Code

🔍 A new Checkmarx report found that 95% of CISOs have been pressured to deprioritize or delay reporting security issues, and 75% acknowledged their organizations knowingly deployed vulnerable code to production. Respondents cited compensating controls, deadlines, late detection, and difficulty of fixes as reasons. The survey of 2,350 security professionals also flagged limited remediation rates and rising risks from AI-generated code.
read more →

May 2026 Cyber Attack Trends: Ransomware Surges

🔍 Check Point Research reports that global cyber-attack volumes slightly eased in May 2026, averaging 2,055 weekly attacks per organization, a 2% year‑over‑year increase but a 7% month‑over‑month decline. While overall volumes moderated, ransomware rose sharply—698 incidents, a 48% increase year‑over‑year—and GenAI-related data exposure risks expanded as enterprises adopted more tools without adequate governance. The report highlights shifting sector targets and regional variations.
read more →

2026 OT Security Report: Maturity Rising, Risks Persist

🔒 The 2026 Fortinet State of Operational Technology and Cybersecurity Report examines how OT security has moved to board-level attention as connectivity increases risk. Based on a global survey of over 700 OT professionals, the report finds improved visibility and governance but uneven maturity across organizations. Key gaps remain in segmentation, secure remote access, incident response, and regulation readiness.
read more →

AI-driven worm shows autonomous host-level exploitation

🧩 Researchers at the University of Toronto built and tested a proof-of-concept self-replicating worm driven by a locally hosted open-weight large language model. In isolated experiments on a deliberately vulnerable 33-host network, the agent identified dozens of vulnerabilities, gained elevated access across most targeted hosts, and autonomously replicated to a majority of the network without using any commercial AI API. The team highlights how runtime reasoning and ingestion of fresh advisories break single-CVE patching assumptions and argues containment must focus on host and network controls rather than vendor API measures.
read more →

FROST attack lets websites fingerprint drives

🛡️ Researchers at Graz University of Technology describe FROST, a browser-based timing attack that uses the Origin Private File System (OPFS) to infer which sites a user visits and which apps they open. The exploit runs purely in JavaScript, requires no native code or permissions, and sharpens timer resolution via cross-origin isolation. On macOS it achieved high fingerprinting accuracy, while mitigations remain limited and browser vendors have not implemented firm fixes.
read more →

AI-powered worm highlights urgent enterprise risk

🛡️ Researchers at the University of Toronto built an AI-driven worm prototype that autonomously discovered and exploited vulnerabilities across a simulated enterprise network. Using a locally hosted, free LLM and a custom agentic harness, the worm self-replicated to multiple systems by chaining old and recent CVEs and common misconfigurations. Over several days it spread to most targets, demonstrating that attackers do not need cutting-edge models to mount damaging, adaptive attacks. The findings underscore the need for faster patching, AI-assisted defensive testing, and improved architecture such as segmentation and zero trust.
read more →

Normalcy Bias and the Risk of Criminal ‘Auditors’

🔍 Normalcy bias leads organisations to assume “no news is good news” about security, delaying detection and response. This complacency lets cybercriminals effectively perform their own audits, exposing gaps between perceived and actual security. The article urges proactive testing, continuous monitoring, and investment in MDR/MXDR and awareness to prevent costly breaches.
read more →

Microsoft Teams Phishing Risks and Mitigations

🛡️ This Unit 42 report examines how threat actors use Microsoft Teams to impersonate IT staff, leveraging external chat and compromised or typosquatted accounts to phish employees. It outlines real-world incidents, explains how permissive federation and external chat settings widen the attack surface, and emphasizes that identity systems are the ultimate target. The article recommends tighter configuration, identity-centric controls, monitoring, and updated user training.
read more →

Threat actors exploit AI branding in social engineering

🛡️ Microsoft Threat Intelligence describes campaigns that impersonate popular AI platforms such as ChatGPT, Copilot, and Claude to lure victims via phishing, malvertising, and SEO abuse. These operations use trusted branding, redirect chains, and urgency-driven messaging to steal credentials, commit fraud, or deliver malware. The blog emphasizes abuse of brand names rather than service compromise and recommends leveraging AI-powered security for detection and response.
read more →

How enterprises fall short of military cyber readiness

🛡️ Military cyber teams rehearse constantly using realistic, dynamic simulations while many enterprises treat security as a compliance exercise. The article contrasts rigorous military practices — continuous exercises, defined roles, and realistic cyber ranges — with corporate annual tabletop drills that fail to reflect daily adversary innovation. It urges businesses to adopt regular live simulations, AI Proving Grounds, clear decision-making hierarchies, and cross-industry intelligence sharing to build operational cyber resilience.
read more →

15 Tough Cybersecurity Questions Every CISO Must Answer

🔍 Security leaders outline 15 critical questions CISOs should ask to ensure security programs adapt to evolving threats and business needs. These prompts focus on demonstrating ROI, aligning defenses with critical business processes, measuring detection and response speed, and addressing AI-driven risks like nonhuman identities and automated attacks. The guidance also stresses vendor risk, shadow AI, application security for widespread coding, and preparing security for future business growth.
read more →

Ukraine’s resilience lessons for cybersecurity planning

🛡️ Dmytro Kuleba, Ukraine’s foreign minister from 2020–2024, told Infosecurity Europe that pre-planning and contingency-driven resilience underpinned Ukraine’s survival after the 2022 full-scale invasion. He described a December 2023 attack that knocked KyivStar offline via a single compromised employee account, and praised rapid recovery and hardened defences thereafter. Kuleba advised organisations to rehearse crisis responses, understand systems intimately, and build instinctive survival practices. He warned that even benign third-party CRM tools can be weaponised for targeted intelligence, urging technological sovereignty and strict data security.
read more →

AI Agent Uncovers 21 FFmpeg Zero-Days, Chrome Ships 429 Fixes

🛡️ depthfirst's autonomous agent discovered 21 previously unknown zero-day vulnerabilities in FFmpeg, producing reproducible PoC inputs for each at a reported cost of about $1,000 for the run. In the same week, Google released Chrome 149 with fixes for a record 429 security bugs, over 100 of which are critical or high severity, following an overhaul of its bounty program to cope with a surge of AI-generated reports. The findings illustrate how AI is accelerating vulnerability discovery and increasing pressure on triage and patching processes across widely used software.
read more →