< ciso
brief />
Threat and Trends Reports Banner

All news in category “Threat and Trends Reports

1639 articles · page 7 of 82

Prototype AI-Powered Worm Raises New Security Risks

🔒 Researchers have demonstrated a prototype AI-powered internet worm that autonomously propagates and carries its own local LLM to run on compromised machines. The prototype echoes early theoretical concepts of self-replicating code and shows how generative models can be embedded into malware to extend functionality. This proof-of-concept highlights evolving threats and the need for updated defensive strategies and policy responses.
read more →

Most SOCs See Limited Value from First‑Wave AI

🔎 The SOC-CMM 2026 report shows rapid AI adoption across SOCs but limited perceived value: only about 10% report excellent value while 71% report some or no value. The dominant deployment pattern is the taker model—off‑the‑shelf AI bolted into existing tools—creating fragmented workflows and weak handoffs. The report argues the next wave must be architectural: AI that operates across detection, hunting, investigation, remediation, and threat intel with built‑in governance and institutional knowledge.
read more →

AI tools surge in underground ransomware marketplaces

🔍 Analysis by Halcyon shows a rapid rise in AI-based tools sold across Telegram channels, dark web forums, and underground markets, with posts increasing from 38 in December 2025 to 1,486 by February 2026. The offerings fall into four groups: weaponized LLMs, AI-enabled identity fraud, AI-augmented malware/infrastructure, and jailbroken or stolen AI services. Ransomware operations are professionalising with tiered services, automation and freemium models, lowering the skill barrier for new actors while law enforcement takedowns and better enterprise defenses remain critical.
read more →

Underground Playbook Targets Vulnerability Programs

🛡️ A forum tutorial by an actor named "Hercules" outlines a simple, practical workflow for scanning, validating, exploiting, and monetizing vulnerabilities, blending «legal» disclosure steps with clear illegal options. Flare researchers tracked the post and responses across multiple forums, noting demand for mentorship and the tutorial’s repeat reposting. The write-up highlights use of public tools like Nuclei, emphasizes accessibility for beginners, and explains monetization paths including direct extortion, underground sales, and asset resale. The analysis warns defenders that readable, motivational guides scale criminal capability and underscores the importance of effective vulnerability disclosure programs.
read more →

ThreatsDay bulletin: escalating cyber intrusion trends

🛡️ Cisco patched a high-severity SSRF in Unified Communications Manager, while Russia reported large-scale mobile spyware targeting officials and ongoing investigations. Threat actors continue to distribute VIP Keylogger via layered social engineering and JavaScript loaders, and DriveSurge operates a widespread malware delivery network using ClickFix and FakeUpdates. U.S. sanctions hit major Iranian crypto exchanges; RMM and trusted tools are increasingly abused for persistence and privilege escalation.
read more →

Pre-positioned Cyber Threats Targeting FIFA 2026

🛡️ Check Point Research and Exposure Management tracked a year-long rise in coordinated cyber threats aimed at FIFA World Cup 2026. Attackers have pre-positioned infrastructure across finance, travel and hospitality, and gambling, with active domains, fake apps, and social schemes ready to scale. The report highlights escalating fraud, domain impersonation, mobile-app impersonation, B2B spoofing risks, and potential operational impacts like ransomware and DDoS.
read more →

FIFA World Cup 2026: Rising Cybercrime Threats

🛡️ FortiGuard Labs warns that cybercriminals are actively exploiting FIFA World Cup 2026 demand, registering thousands of themed domains and creating fake ticketing sites, malicious apps, and impersonation accounts to steal credentials and payments. Their research found over 13,000 new tournament-related domains and identified numerous scams across social media, underground forums, and stealer telemetry. Organizations and fans are urged to prepare early and verify official channels.
read more →

Crisis communications playbook for cyber incidents

🛡️ Senior cybersecurity leaders at Infosecurity Europe 2026 urged organisations to prepare concise, practical crisis playbooks that focus on defining the type of incident, roles and decision authority, and responsibilities. They emphasised that playbooks must be adaptable to unfolding realities, and that human factors — fatigue management, clear communication and staff welfare — are as vital as technical response steps.
read more →

Resilience and Self-Reliance in Cyber Conflict

🛡️ Dmytro Kuleba, Ukraine’s former foreign minister, told Infosecurity Europe that preparation, resilience and self-reliance are crucial for cybersecurity professionals facing wartime threats. He cited KyivStar’s rapid recovery from a December 2023 hack and stressed the value of wargaming and muscle-memory incident response. Kuleba warned that innocuous services such as CRMs can be weaponized and urged businesses to distrust products from potential adversaries.
read more →

Enforce First AS to Prevent BGP Path Forgery

🔍 Recent route hijacks exploited unused ASNs and forged AS_PATHs to misdirect traffic and conceal attackers. Cloudflare analyzed incidents reported by Spamhaus and found implausible AS relationships indicating path fabrication, including forged paths that inserted Cloudflare’s ASN. The post explains how enforcing the First AS in an AS_PATH, per RFC 4271 and RFC 7606 guidance, would block such manipulations. Cloudflare also conducted safe tests against Tier 1 peers to measure First AS enforcement and observed variation in vendor and operator behavior.
read more →

AI Applied to Decrypt Medieval Ciphers

🧭 The post considers how historical plaintext-hiding techniques, traditionally done by hand, created patterns such as short key phrases that made ciphers vulnerable to statistical analysis. It argues that modern AI and LLMs, being fundamentally statistical models with some randomness, can exploit ciphertext statistics to reconstruct plaintext. The author notes this capability does not automatically make decryption trivial, but highlights the potential for AI to invert statistical patterns in encrypted text.
read more →

Quantifying Cyber Risk to Engage Boards Effectively

🔍 A panel at Infosecurity Europe 2026 advised that focusing on financial impact is an effective way to communicate cyber risk to boards. Using Cyber Risk Quantification (CRQ) and clear data helps translate technical threats into dollar values that executives understand. BP and NatWest speakers emphasized making outputs simple, trustworthy and aligned to board needs to secure support and decision-making.
read more →

Protecting children's data to prevent long-term identity harm

🔒 Children face lasting identity and privacy risks online from school accounts, gaming profiles, apps and devices. These data can be exploited for fraud or synthetic identity creation, often remaining undetected for years. Parents, schools and vendors all share responsibility; practical steps include data minimization, strong passwords, MFA, privacy settings, parental controls and credit freezes.
read more →

Executives and CISOs Must Treat Cyber as Statecraft

🔒 Bharat Thakrar of ISACA’s London Chapter told Infosecurity Europe 2026 that cyber, AI and geopolitics are now inseparable and warned against treating security as merely an IT problem. He cited breaches like Sony Pictures (2014), Viasat (2022) and Stryker (2026) to show private firms can be legitimate geopolitical targets. Thakrar proposed the Cyber Geopolitical Preparedness and Response (CGPR) framework—assess exposure, evaluate readiness, plan response and continuous monitoring—and urged geopolitical stress‑tests, revamped HR vetting, tighter access controls and predefined executive authorities.
read more →

Assessment of public Wi‑Fi security in Mexico

🔍 Kaspersky analyzed public Wi‑Fi across Mexico City, Guadalajara, and Monterrey ahead of the 2026 World Cup. The team wardrove to log 84,500 signals and 69,500 unique SSIDs, finding about 82% use WPA2/WPA3 but over 10% are unsecured. WPS was enabled on roughly 45% of access points, often even when WPA2/WPA3 was in use, increasing attack risk. The report also warns of other travel threats like malicious QR codes, public USB chargers, NFC/Bluetooth exploits, and evil‑twin networks. Kaspersky recommends using cellular data or an eSIM and a VPN to stay safe when connecting to public networks.
read more →

UK Firms Prioritise AI Threats and Preparedness

🔍 New research from ManageEngine reveals UK IT and business leaders view AI-powered cyber-attacks as their top risk over the next 12 months, with 43% identifying it as the single biggest threat. The survey of 1,500 decision-makers across five European markets shows 41% of UK respondents plan to prioritise spending on tackling AI and advanced threats. Despite strong detection rates, UK organisations report increasing incidents, skills gaps and recovery challenges, alongside rising investment in resilience and governance.
read more →

Gap Between Threat Intelligence and Business Risk

🔍 A new paper from Silobreaker and the SANS Institute warns that business leaders often misunderstand threat intelligence and its value, creating an "intelligence–stakeholder gap." The report, launched at Infosecurity Europe 2026, finds that intelligence outputs can be overlooked or misinterpreted, limiting funding and visibility for intelligence teams. To close the gap, teams must tailor briefings to senior leaders, provide forward-looking exposure analysis, prioritise speed and seek regular stakeholder feedback to ensure intelligence changes decisions and drives risk-informed actions.
read more →

Seven tabletop exercise mistakes that undermine readiness

🛡️ Discussion-based, low-stress simulations let IT, legal, and business leaders walk through hypothetical incidents to test preparedness, but poorly run tabletops can mislead and harm response capabilities. The article outlines seven common mistakes — from lacking clear objectives and testing only familiar scenarios to favoring conceptual scripts over practical ambiguity — and offers expert recommendations to design realistic, business-relevant exercises. Emphasis is placed on including the right stakeholders, introducing technical detail and uncertainty, and aligning scenarios to actual risks and interdependencies to avoid false confidence and reveal true process gaps.
read more →

Weekly recap: PAN-OS, Gogs, GlassWorm takedown

🔔 This week's briefing highlights active exploitation of a PAN-OS GlobalProtect authentication bypass (CVE-2026-0257), a critical unauthenticated RCE in Gogs, and the coordinated takedown of GlassWorm C2 infrastructure. Other notable items include a long-standing Linux LPE (CIFSwitch) patched upstream, CERT-In urging rapid patching timelines, and several AI-enabled and supply-chain aided campaigns increasing attacker speed and reach.
read more →

The Great Messaging Heist: Organized Scam Ecosystem

📩 Kaspersky examines how everyday messaging channels like SMS, WhatsApp, and email are being exploited by organized scam cartels that use speed, familiarity, and AI to trick victims. The research shows average losses of $733 per victim, rapid attack timelines often under 30 minutes, and widespread emotional damage eroding trust in digital communications. The post highlights common schemes, platform distribution, and recommendations to protect yourself.
read more →