< ciso
brief />
Threat and Trends Reports Banner

All news in category “Threat and Trends Reports

1639 articles · page 8 of 82

Six critical security gaps every CISO must address

🔒 CISOs admit many organizations remain underprotected, with surveys showing gaps in data protection, incident preparedness, and resourcing. As adversaries adopt automation and AI, security programs must close six core gaps: perception, speed versus attackers, business‑security alignment, skills, AI security, and legacy systems. Experts urge CISOs to shift toward resilience, accelerate operations with automation and CTEM, and invest in workforce and governance.
read more →

DDoS-as-a-Service: Evolution of a Paid Market

🔍 DDoS attacks are increasingly packaged and sold as polished online services, lowering barriers for would-be attackers and reshaping the underground market. Flare researchers compared DDoS-related underground activity from early 2023 and early 2026, finding a marked rise in service ads, actors, and professionalized offerings. Ads now emphasize panels, APIs, botnet backing, pricing tiers, and reseller programs, while public mitigations report multi-terabit attacks. The market’s shift toward productized services means defenders must assume easier access to disruptive capabilities.
read more →

Shadow AI and the Rise of Vibe‑Coded Application Risk

🔎 Shadow AI now describes employees building full applications with AI and publishing them without IT or security involvement. Red Access' Shadow Builders report found over 380,000 public assets on vibe‑coding platforms, with more than 2,000 exposing sensitive corporate or personal data. Existing security controls miss these builds because the entire lifecycle — OAuth grants, data movement, and publishing — occurs inside web sessions that traditional tools only partially observe.
read more →

Chinese-linked Hackers Exploit Middle East Conflict

🔎 ESET warns that China-aligned APT groups have been exploiting the Middle East war to target maritime, energy and political organizations, while continuing global espionage aligned with Beijing’s strategic priorities. The report covers October 2025–March 2026 and highlights activity against Syria, Central and South America, and an attempted intrusion into an AI and robotics firm in South Korea. Russia-aligned actors focused on Ukraine and destructive campaigns, while Iran-aligned activity shifted to proxy and hacktivist actions amid internet disruptions.
read more →

SEC 10-K Cybersecurity Trends and Governance 2025

📝 This article analyzes the new SEC 10-K cybersecurity disclosure section (1.C) across the top 200 S&P companies, summarizing governance, reporting lines, standards, and trends between 2024 and 2025. It highlights that the CISO remains the principal cybersecurity role, with the CIO commonly as the reporting executive and audit committees most frequently overseeing cyber risk. The piece also reviews common practices such as TPRM, proactive testing, human-centric training, AI risks, and the author’s AI-assisted data collection and analysis methods.
read more →

Monthly security roundup: May 2026 highlights

🎥 ESET Chief Security Evangelist Tony Anscombe reviews major cybersecurity stories from May 2026, focusing on industrial control system intrusions, an AI-directed data theft, a Google-reported AI-developed zero-day, and crypto kiosk scams. He outlines attack vectors such as weak passwords and internet-exposed systems, notes the partial failure of an IT-to-OT escalation, and previews mitigation advice for defenders. Watch Tony’s video for practical recommendations and refer to the April edition for additional context.
read more →

Less Panic Patching, More Precision in Remediation

🔍 This edition of Threat Source argues for smarter patch prioritization, pairing CVSS severity with EPSS likelihood to focus scarce operations on vulnerabilities being actively exploited. It contrasts centralized KEV visibility with emerging decentralized GCVE enrichment and highlights Cisco Talos' new open-source EvidenceForge for generating realistic synthetic logs to train defenders. The newsletter also summarizes recent incidents, vulnerability research, and tooling updates.
read more →

Malicious Packages Move Beyond Classic Typosquatting

🔍 Sonatype's analysis of 4,309 malicious open source packages shows attackers favor naming-variant tactics over simple misspellings. 91% used suffixes, prefixes, embedded terms and dependency-confusion patterns to appear as plausible plugins, configs or SDKs. These packages often perform host and secrets exfiltration, droppers and backdoors, converting routine installs into compromise. Security teams are urged to scrutinize framework-adjacent components and assess publisher and campaign behavior, as typo detection alone is insufficient.
read more →

ThreatsDay bulletin: emerging cloud, supply chain risks

📰 This ThreatsDay roundup highlights widespread C2 infrastructure, supply-chain trojanization, exploitation trends, and emerging AI security features. It covers a large regional C2 footprint in the Middle East, an AKS privilege escalation fix, a DAEMON Tools supply-chain compromise added to CISA's KEV, and Apple’s PQC code disclosures. The bulletin also details law firm targeting by SRG, fake installers spreading a Deno RAT, PureLogs phishing, and a spike in DACH cyberattacks.
read more →

LayerX Report Reveals Concentrated Enterprise AI Risk

🔍 The LayerX Security State of AI Usage Report 2026 finds enterprise AI risk is concentrated among a small set of power users and a few dominant platforms, while usage fragments across personal accounts, browser extensions, embedded copilots, and connectors. The study shows ChatGPT still dominates conversations, Copilot M365 is growing, and consumer AI like Gemini is often used via personal accounts. Shadow AI now spans a long tail of under-the-radar tools and extensions that evade corporate visibility and governance.
read more →

Attack Surface and Cyber Risks for FIFA 2026

📘 The 2026 FIFA World Cup spans 39 days across 16 host cities in three nations, creating a vast temporary tournament network layered on existing stadium and municipal infrastructure. This assessment warns of high likelihoods for disruptive intrusions, large-scale fraud and politically motivated DDoS and hack-and-leak operations. Key drivers include Iran-nexus disruptive campaigns, pro-Russian hacktivist DDoS activity and financially motivated cybercrime targeting fans and the hospitality ecosystem.
read more →

Industrialized exploitation and defenders’ response

🔎 Adversarial AI has transformed targeted attacks into high-speed, automated campaigns that no longer require elite technical operators. Existing security architectures—fragmented, tool-heavy, and visibility-poor—fail to show defenders the chained attack paths attackers can exploit. The author argues for shifting from vulnerability counting to Exposure Management, prioritizing remediation by real exploitability and mapping environments as attacker-seen networks. Defenders retain an advantage if they synthesize cross-boundary telemetry and continuously assess validated attack paths to critical assets.
read more →

AI-Enabled Sanctions Evasion Raises Governance Risks

🛡️ New RUSI research warns that adversaries, notably North Korea and Iran, are moving from AI-assisted to AI-enabled sanctions evasion and proliferation financing. The report highlights AI’s ability to mass-produce fraudulent documents, automate shell-company administration, and analyze blockchain flows to evade detection. Experts urge enterprises to adopt behavior-based analytics, defensive AI, stronger identity verification and updated training to counter these evolving threats.
read more →

Data-Only Extortion Rising in the Cyber Threat Economy

🔍 This Unit 42 report examines the growing shift from ransomware encryption to data-theft and extortion-only attacks, profiling threat actors, techniques, and sectors most affected. It highlights drivers such as improved backups, faster exfiltration, and regulatory pressures that make disclosure risk financially coercive. The briefing also warns of AI-accelerated attacks and offers prioritized defensive recommendations for DLP, SaaS posture, identity resilience, supply chain integrity, and AI preparedness.
read more →

FBI 2025 Internet Crime Report Highlights and Trends

📰 The FBI's 2025 Internet Crime Report has been published, offering a range of statistics and findings on cybercrime trends. The author notes they only recently became aware of the report and references associated press releases and news articles. The post, dated May 27, 2026, points readers to additional coverage and commentary on the report's contents.
read more →

Reframing Burnout as a Cybersecurity Risk

🛡️ Cybermindz warns that burnout among cyber professionals should be treated as a measurable operational risk rather than only a wellness concern. Their survey of 101 practitioners found frequent burnout and high emotional exhaustion, while their iRest® training study across 275 participants showed improved sleep, reduced exhaustion and lower attrition risk. Founder Peter Coroneos argues a risk-based framing can secure resources and support resilience.
read more →

UK firms boost cyber budgets amid rising AI risks

🔒 More than two-thirds of UK businesses plan to increase cybersecurity spending over the next 12 months as AI adoption and geopolitical uncertainty reshape budgets. The Q1 2026 Barclays Business Prosperity Index found 68% of leaders expect higher cyber investment and 46% say new technologies raise their exposure. Large firms have led the increase, with average cyber spend hitting £505,000 so far in 2026, and cloud, cyber and AI account for 44% of planned tech budgets.
read more →

Chinese PhaaS Grow More Sophisticated, Live Theft

🛡️ Google researchers report a rapid rise in Chinese phishing-as-a-service (PhaaS) operations that have shifted from static password harvesting to real-time credential interception and tokenization. These services use encrypted messaging protocols like RCS and iMessage to deliver convincing lures and employ live admin panels to capture OTPs and bypass MFA. Platforms also monetize stolen payment details via digital wallet provisioning and increasingly leverage AI to generate unique phishing pages and evade detection.
read more →

2026 Cloud Security Report: Closing the AI Gap

🔒 The 2026 Cloud Security Report finds AI adoption has surged into production, but security architectures are lagging. While many organizations have updated strategies, few possess the architectural capability to enforce them, leaving AI systems and data exposed. The report calls for unified hybrid security architectures delivering consistent visibility, policy enforcement, and runtime controls across cloud, SaaS, and on-premises environments.
read more →

Vulnerabilities Surpass Credentials as Top Breach Entry

🔍 Verizon’s 2025 DBIR finds exploited vulnerabilities were the initial cause in 31% of breaches, overtaking credential abuse at 13%. The report highlights slower remediation: only 26% of critical CISA KEVs were fully fixed, with median patch time rising to 43 days. Analysts warn AI-driven exploit development, sprawling supply chains, and growing vulnerability volumes are worsening the threat landscape, urging risk-based continuous patching and stronger identity controls.
read more →