All news with #threat report tag

Generative AI's Growing Role in Scams and Fraud Worldwide

⚠️A new primer, Scam GPT, surveys how generative AI is being adopted by criminals to automate, scale, and personalize scams. It maps which communities are most at risk and explains how broader economic and cultural shifts — from precarious employment to increased willingness to take risks — amplify vulnerability to deception. The author argues these threats are social as much as technical, requiring cultural shifts, corporate interventions, and effective legislation to defend against them.

2025 Cybersecurity Reality Check: Attack Surface Focus

🔍 Bitdefender's 2025 assessment highlights rising secrecy after breaches, a widening leadership-to-frontline disconnect, and an urgent shift to shrink enterprise attack surfaces. The report, combining surveys of over 1,200 IT and security professionals across six countries and analysis of 700,000 incidents, shows 84% of high-severity attacks leverage Living Off the Land techniques. Organizations are prioritizing attack surface reduction and simplification to improve resilience and detection.

AI Tops Cybersecurity Investment Priorities — PwC Report

🔒 A PwC survey finds AI-based security is the top cybersecurity investment priority for the next 12 months, with 36% of business and technology executives ranking it among their top three budget areas. Security leaders prioritized AI threat hunting (48%) and agentic AI to boost cloud and operational efficiencies (35%). While 78% expect cyber budgets to rise, organizations report significant knowledge and skills gaps and low readiness for quantum threats.

EU Agency: Cyber Threat Landscape in Europe Worsens

⚠️ ENISA reports the EU cyber threat landscape has worsened, identifying ransomware as the single most damaging threat due to widespread encryption and costly recoveries. By frequency, DDoS incidents dominate (77% of reported cases), though they typically cause shorter-lived outages. The agency's analysis of 4,875 incidents from July 2024 to June 2025 also highlights concentrated attacks on public administration and a rapid rise in AI-assisted social engineering.

Phantom Taurus: China-Aligned Hackers Target State, Telecom

🔍Phantom Taurus, newly designated by Unit 42, is a China-aligned cyber-espionage group that has targeted government and telecommunications organizations across Africa, the Middle East and Asia for at least two and a half years. Researchers traced the activity from earlier cluster tracking through a 2024 campaign codename, noting a 2025 elevation to a distinct group. Phantom Taurus has shifted from email-server exfiltration to directly querying SQL Server databases via a custom mssq.bat executed over WMI, and deploys a previously undocumented .NET IIS malware suite dubbed NET-STAR.

Securing the Cloud: Risks, AI Impacts, and Best Practices

🔒 This Special Report examines the distinct security challenges of cloud environments, the current threat landscape organizations face, and how rapid AI adoption is amplifying those risks. It highlights common hidden exposures across configurations, data stores, and APIs. The report also presents practical strategies and best practices for improving cloud posture, governance, and operational controls to reduce overall attack surface.

Government Shutdown Deepens US Cybersecurity Risks

⚠️ The US government shutdown that began on Sept. 30 deepens federal cyber risk by compounding prior spending cuts and workforce reductions. Significant cuts — including roughly $1.23 billion trimmed from civilian cyber budgets and about 1,000 CISA staff fired earlier in July — have already weakened defenses. Agencies have issued contingency plans and will exempt some critical SOCs and intelligence functions, but contractors and broader response capacity face disruption. Adversaries are likely monitoring for opportunities, and the effects will persist even after funding resumes.

Manufacturing Cyber Risk Escalates: Executive Priorities

⚠️Manufacturing organizations now face an average of 1,585 cyberattacks per week, a 30% year‑over‑year rise, and ransomware remains the predominant threat. Incidents can incur losses that reach hundreds of millions and in some cases force insolvency. Deep supplier connectivity amplifies exposure because a single compromised vendor can cascade disruption across industries. The report urges executives to prioritize resilience, segmentation, and third‑party risk management.

CIISec Members Say Budgets Lag Behind Cyber Threats

📉 A CIISec poll of UK cybersecurity professionals finds most believe budgets are not keeping pace with rising threats: only 5% say funding is in line with or ahead of risk while 84% disagree. Despite funding concerns, 78% report good or excellent job prospects and 73% expect the security market to grow over the next three years. CIISec recommends prioritizing the people challenge—skills development and communication—since improving talent often costs less and yields faster impact than new tooling.

How to Restructure a Security Program to Modernize Defense

🔒 The article advises that organizations should proactively restructure security programs instead of waiting for breaches or regulator intervention. It cites the 2024 FTC order against Marriott, following incidents exposing personal data of 344 million guests, as a cautionary example. Practical guidance includes an independent top-to-bottom review, listening tours, delivering quick visible wins, simplifying tool stacks, adopting AI-enabled capabilities, and investing in staff and training. It also outlines frequent mistakes such as insufficient executive buy-in, hiring biases, and underestimating evolving threats.

XWorm Campaign Signals Rise in Fileless In-Memory Attacks

🔒 Forcepoint Labs describes a multi-stage phishing campaign that delivers the XWorm remote-access trojan via an Office .xlam attachment embedding an OLE native stream. An encrypted shellcode launches a .NET dropper that uses steganography and reflective DLL loading to unpack successive in-memory stages, minimizing on-disk artifacts. Attackers leverage API hashing, unhooked calls and layered encryption to evade sandboxes and traditional scanners; Forcepoint provides IoCs and detection recommendations.

Two-Thirds of Organizations Have Unfilled Cyber Roles

🔒 Organizations face persistent cybersecurity staffing and budget gaps, with ISACA finding 65% of firms report unfilled positions. Hiring timelines remain long—38% say entry-level roles take three to six months to fill and 39% report similar delays for non-entry roles—while half of organizations struggle to retain talent. Only 56% believe their board prioritizes cybersecurity, and 53% view budgets as underfunded. ISACA urges faster investment in holistically trained, hands-on cyber workforces to keep pace with evolving threats.

Gen Z Frequently Falls for Phishing Despite Savviness

🔒 A YouGov survey commissioned by Initiative Sicher Handeln finds many younger internet users — the so-called Digital Natives — struggle to spot common phishing signals. Nearly half of Gen Z (49%) do not recognise unsolicited attachments as suspicious, and fewer notice impersonal salutations, spelling errors, or bogus urgency. The online poll (Sept 8–10, 2025; 2,044 German adults) prompts the Stop, Question, Protect appeal.

SpyCloud: Identity Blind Spots Raise Ransomware Risk

🔒 The SpyCloud 2025 Identity Threat Report exposes a gap between confidence and capability: 86% of security leaders say they can prevent identity-based attacks, yet 85% of organizations experienced ransomware in the past year, with over one-third hit six to ten times. A survey of 500+ security leaders in North America and the UK highlights identity sprawl across SaaS, unmanaged devices and third-party ecosystems. The report notes phishing, credential reuse and exposed sessions increasingly enable persistent access. It warns that most organizations lack automated remediation, repeatable workflows and formal investigation protocols.

Cyber Risk Assessments: Making CISO Efforts Visible

🛡️ Cyber Risk Assessments enable CISOs to quantify enterprise cyber risk and demonstrate the impact of security work. They uncover vulnerabilities across infrastructure, networks and cloud data, helping teams prioritize remediation and allocate resources where they matter most. Assessments also support compliance with regulations such as GDPR and PCI DSS, delivering actionable reports that document progress for management.

Talos: New PlugX Variant Targets Telecom and Manufacturing

🔍 Cisco Talos revealed a new PlugX malware variant active since 2022 that targets telecommunications and manufacturing organizations across Central and South Asia. The campaign leverages abuse of legitimate software, DLL-hijacking techniques and stealthy persistence to evade detection, and it shares technical fingerprints with the RainyDay and Turian backdoors. Talos describes the activity as sophisticated and ongoing. Organizations should update endpoint, email and network protections, review DLL-hijack mitigations and proactively hunt for related indicators.

Vane Viper Exposed as Major Malvertising Adtech Actor

🛡️ Infoblox, together with Guardio and Confiant, has identified Vane Viper (also known as Omnatuor) as an adtech platform that has enabled malvertising, ad fraud, and malware distribution for more than a decade. The operator used a web of shell companies and subsidiaries reportedly linked to PropellerAds and AdTech Holding to broker malicious traffic and to run its own campaigns. Researchers describe persistence tactics such as abusing browser push-notification permissions and service workers to spawn headless browser processes that continue to redirect users. Infoblox estimates Vane Viper generated roughly 1 trillion DNS queries across about half of its customer networks over the past year.

Budget Constraints Stall Cybersecurity Efforts in DACH

🔒 A Sophos survey of 300 C-level executives across the DACH region finds that budget shortfalls are the primary barrier to implementing planned cybersecurity measures, with roughly one in ten organisations abandoning initiatives due to cost. Manufacturing and retail report the highest incidence of cancelled projects, while service firms are least affected. The study also notes that technical complexity is rarely cited as a blocker and that some firms, notably in manufacturing, consciously accept cyber risk, with younger executives in Germany and Switzerland tending to be more risk tolerant.

Playing Offside: Threat Actors Targeting FIFA 2026

⚽ As the 2026 FIFA World Cup approaches, threat actors are already preparing by registering thousands of event-related domains and staging deception campaigns. In the two months since 1 August 2025, researchers identified over 4,300 newly registered domains referencing FIFA, the World Cup, or host cities; many look innocuous but present risks including phishing, fake ticketing, and malware delivery. The findings underline the need for proactive domain monitoring, stronger email and web defenses, and coordinated threat intelligence sharing among organizers, sponsors, and security teams to protect fans and partners.

PXA Stealer Upgrades to Multi-Layer Chain Deploying PureRAT

🔒 A Vietnamese threat group has evolved its custom PXA Stealer campaign into a multi-layered delivery chain that ultimately deploys PureRAT, a feature-rich remote access trojan. Huntress analysts describe a ten-stage sequence beginning with a phishing copyright lure and proceeding through obfuscated Python loaders, layered encoding (Base84, AES, RC4, XOR), and .NET reflective loading. The chain includes AMSI and ETW patching, TLS certificate pinning, registry persistence, and hallowing techniques to evade detection. Huntress linked the activity to the Telegram handle @LoneNone and Vietnamese C2 infrastructure and remediated an intrusion before full module deployment.