< ciso
brief />
Tag Banner

All news with #threat report tag

542 articles · page 10 of 28

2025 Zero-Day Review: Enterprise Rise and CSV Growth

🛡️ Google Threat Intelligence Group's 2025 review found 90 zero-day vulnerabilities exploited in the wild, down from 2023 but above 2024. Enterprise technologies accounted for a record 48% of zero-days, driven by attacks on networking and security appliances, while browser exploitation fell to historic lows. GTIG highlights growing involvement of commercial surveillance vendors and expanded financially motivated use of zero-days. Defenders are urged to prioritize segmentation, inventory, and rapid mitigation.
read more →

Cyber Fallout After the Strikes: Signal, Noise, Next Steps

⚠️ FortiGuard Labs reports a surge of regional cyber activity in the 24–48 hours following U.S.-Israeli strikes on Iranian targets, including defacements, broadcast intrusions, Telegram claims, and internet disruptions, but no confirmed large-scale destructive campaign tied directly to the strikes. Many observed events appear to be psychological operations, hacktivist signaling, or opportunistic exploitation of geopolitical noise rather than coordinated state-level retaliation. The report warns that access is often pre-positioned and that activations can be delayed, so organizations should harden basic controls and preparedness now. Recommended actions include enabling MFA, automating patching, isolated backups, segmentation, active monitoring, and exercising incident response playbooks.
read more →

Leaked Ariomex Database Suggests Iranian Sanctions Evasion

🔍 Resecurity analysed a leaked Ariomex database covering 2022–2025 and concluded the exchange's records suggest potential sanctions evasion and large capital transfers linked to actors inside Iran. The review covered 11,826 verified users, identified 27 potential sanctions matches and found about 7,710 Iran-linked accounts, with roughly 70% of volume in Tether and Tron. Resecurity flagged mechanisms such as shell accounts, stablecoin routing and intermediary wallets and said it will assist regulators.
read more →

Coruna: Powerful iOS Exploit Kit and Its Proliferation

🔍 Google Threat Intelligence Group describes Coruna, a sophisticated iOS exploit kit containing five full exploit chains and 23 exploits that target iOS 13.0 through 17.2.1. The kit combines WebKit RCEs, PAC/PPL bypasses, and a root-capable loader called PlasmaLoader that exfiltrates financial data and cryptocurrency wallet information. GTIG observed deployments by both suspected state-backed and financially motivated actors and added affected domains to Safe Browsing. Users are urged to update iOS or enable Lockdown Mode if updates are not possible.
read more →

2026 Cloudflare Threat Report: Rise of High-Trust Attacks

🔍 The 2026 Cloudflare Threat Report from Cloudforce One documents a shift from brute-force intrusion toward high-trust exploitation, introducing a new metric: the Measure of Effectiveness (MOE). The report identifies eight trends — including AI-driven attack automation, token theft that neutralizes MFA, weaponized cloud tooling, and record-setting hyper-volumetric DDoS — that favor speed and throughput over sophistication. It urges organizations to adopt autonomous, real-time defenses and previews an upgraded automated threat-events command center to help harden the connective tissue of modern networks.
read more →

Seven Key Factors Driving the Cybersecurity Skills Gap

🔐 The article summarizes seven factors limiting organizations' ability to build sustainable cybersecurity talent pipelines and cites World Economic Forum data showing only 14% of organizations feel they have the required people and skills. Contributors highlight constrained budgets and rising burnout, the rapid emergence of AI and other technologies, and misaligned employer–candidate expectations as core drivers. Additional issues include outdated processes, training mismatches, strategy disconnects, and failures to simplify and scale operations. Experts recommend internal upskilling, using managed services and automation, and framing the skills gap as a clear business risk to leadership.
read more →

Google Warns Iran Will Launch Global Cyber-Attacks

⚠ John Hultquist, chief analyst of Google’s Threat Intelligence Group, warned that Iran will "absolutely" respond to recent US and Israeli air strikes with cyber-attacks targeting a broad array of organisations across the Middle East and beyond. He said the focus will shift from well-defended states like Israel to nations with less mature security, expanding the global attack surface. Hultquist highlighted the blurred lines between state actors, criminal groups and hacktivist fronts, noting the likely use of ransomware and proxy operations by the IRGC to obfuscate attribution. The UK’s NCSC has advised organisations with Middle East ties to urgently review and strengthen their cybersecurity posture.
read more →

Hybrid Middle East Conflict Sparks Global Cyber Surge

🌐 A sharp escalation in the Middle East has entered a hybrid phase combining military strikes with large-scale cyber operations following joint Israeli–US strikes on Iran on 28 February 2026. CloudSek reported a sweeping cyber campaign that reduced Iran's internet to roughly 4% of normal capacity, disrupting government services, media and parts of energy and aviation. Security firm Halcyon warns of rising DDoS, hacktivist and ransomware activity and urges organisations to increase monitoring, enforce multi-factor authentication and maintain offline backups against supply-chain and regional spillover risks.
read more →

Weekly Recap: SD-WAN 0-Day, Critical CVEs & Trends

⚡ The week's highlights show attackers exploiting critical infrastructure, cloud APIs, AI tooling, and consumer devices. Cisco SD‑WAN zero‑day (CVE‑2026‑20127) is being actively exploited to gain administrative access, while a string of high‑severity CVEs across vendors requires immediate attention. Misuse of trusted services — from Google Sheets and Gemini to autonomous AI agents — combined with exposed keys, is enabling stealthy, scalable access. Organizations should prioritize patching, tighten access to AI and cloud keys, and use continuous testing to validate defenses.
read more →

Ransomware revenues fall despite surge in victims globally

🔒 Chainalysis reports that total ransomware cryptocurrency payments fell 8% year-on-year to $820m in 2025, even as the number of victims surged 50% to make 2025 the most active year on record. Payment rates dropped from 63% in 2024 to 29% in 2025, while the median ransom rose 368% to $59,556. The firm attributes these shifts to improved incident response, global disruption of infrastructure and laundering networks, cryptographic flaws in strains like VolkLocker, and fragmentation of ransomware-as-a-service into numerous smaller groups.
read more →

Ransom Payments Fall as Incidents Rise, Chainalysis Finds

🔍 Chainalysis reports ransomware actors collected $820 million in 2025, a 28% decline from 2024 despite a roughly 50% rise in reported attacks year-over-year. Analysts attribute the drop to broader adherence to guidance discouraging ransom payments and to legal risks associated with payouts. At the same time, the average ransom payment jumped 368% to nearly $60,000, suggesting individual victims who do pay are settling for much larger sums to prevent data resale or exposure.
read more →

Europol 'Project Compass' Leads to 30 Arrests in Europe

🔎 Europol-led Operation Compass has resulted in 30 arrests and linked 179 suspects to The Com, a decentralized cybercrime collective that targets children and teenagers. Launched in January 2025 and coordinated with law enforcement from 28 countries, the action identified 62 victims and directly safeguarded four. Investigators mapped multiple subgroups—Offline Com, Cyber Com, and (S)extortion Com—that facilitate violence, intrusions, and sexual exploitation.
read more →

How Google Addresses Critical Security Topics, 2026

🛡️ Royal Hansen, VP Engineering at Google, outlines how Google Cloud is confronting emergent cybersecurity risks as AI reshapes the threat landscape. He emphasizes AI-powered malware, supply-chain and training-data poisoning, and governance challenges tied to loss-of-control of AI infrastructure. Google is advancing controls—tamper-proof provenance, model-level protections, Identity and Access Management, and treating prompts like code—while rolling out agentic workflows to augment SOC teams. The post also consolidates recent threat intelligence, incident responses, and practitioner resources.
read more →

APT37 Ruby Jumper Campaign Expands Toolkit and USB Methods

🔎 APT37 has launched the 'Ruby Jumper' campaign using removable-media infection tools to compromise air‑gapped systems, researchers at Zscaler ThreatLabz found. The actor abused malicious .LNK shortcuts to run a PowerShell stager that extracts multiple embedded payloads and deploys a new implant, Restleaf, which uses Zoho WorkDrive for C2. Additional undocumented tools—SnakeDropper, ThumbSBD, VirusTask and FootWine—enable in‑memory execution, USB propagation and staged exfiltration.
read more →

ScarCruft Campaign Uses Zoho WorkDrive and USB Implants

🔒 In December 2025, Zscaler ThreatLabz exposed the Ruby Jumper campaign linking North Korea's ScarCruft to a novel multi-stage intrusion that abuses cloud storage and removable media. The attack begins with a malicious LNK that launches PowerShell to extract an embedded decoy document and multiple payloads, including the in-memory loader RESTLEAF. RESTLEAF uniquely leverages Zoho WorkDrive for C2 to fetch shellcode and stage follow-on components, while SNAKEDROPPER, THUMBSBD, and VIRUSTASK enable persistence, surveillance, and propagation to air-gapped systems via USB.
read more →

Trojanized Gaming Tools Spread Java RAT, Evade Detection

🎮 Microsoft Threat Intelligence warns that threat actors are distributing trojanized gaming utilities via browsers and chat platforms to deliver a Java-based remote access trojan (RAT). A malicious downloader stages a portable Java runtime and executes a jd-gui.jar, leveraging PowerShell and LOLBins like cmstp.exe for stealth and self-deletion while configuring Microsoft Defender exclusions. Persistence is achieved with a scheduled task and a startup script named world.vbs, and the final payload phones home to 79.110.49[.]15 for command-and-control.
read more →

Aeternum Botnet Shifts C2 to Polygon Blockchain Control

⛓️ A newly discovered loader named Aeternum relocates botnet command-and-control onto the Polygon blockchain, researchers at Qrator Research Lab report. Infected machines retrieve instructions written as on-chain transactions and poll more than 50 RPC endpoints instead of contacting centralized servers or domains. The seller offers native C++ builds and a web dashboard that writes commands to smart contracts, creating a low-cost, resilient C2 channel that complicates traditional takedowns and shifts defensive emphasis to edge filtering and proactive DDoS mitigation.
read more →

Darktrace: 32M High-Confidence Phishing Emails in 2025

📧 Darktrace detected more than 32 million high-confidence phishing emails in 2025, signaling a major escalation in identity-driven attacks and automated campaigns. Over 8.2 million of those targeted VIPs, while 1.6 million originated from newly created domains and 1.2 million included malicious QR codes. The vendor reported 70% of phishing passed DMARC, 41% were spear-phishing and 38% used novel social-engineering techniques, highlighting attackers’ growing sophistication and emphasis on credential compromise.
read more →

Ransomware Payment Rate Falls to Record Low in 2025

🔒 Chainalysis reports that the proportion of ransomware victims who paid extortionists fell to a record low of 28% in 2025, even as claimed attacks rose sharply. The blockchain intelligence firm says total on-chain ransomware receipts currently total $820 million and may approach or exceed $900 million as more events are attributed. While total payment counts remained relatively stable, the median ransom surged 368% to $59,556, and analysts flagged growing fragmentation and several high-impact breaches.
read more →

Ransomware Payments Fall to Record Low as Attacks Rise

🔒 Chainalysis reports the ransomware victim payment rate fell to 28% in 2025, an all-time low, even as claimed attacks rose about 50% year-over-year. On-chain ransomware receipts totaled $820 million so far and may approach $900 million, while the median ransom jumped to $59,556, up 368% from 2024. Analysts point to improved incident response, regulatory scrutiny, law enforcement actions, and market fragmentation. The report also notes 85 active extortion groups and that initial access brokers earned roughly $14 million in 2025.
read more →