All news with #threat report tag

Young Europeans’ Digital Aspirations and Future Skills

🔍 Janice Richardson, researcher and Council of Europe expert, reflects on Google’s Future Report, based on more than 7,000 teens from seven EU countries. She highlights young people’s use of the internet for learning, cultural exploration and creative problem solving, noting strong critical thinking and pragmatic attitudes toward algorithms. Richardson stresses closing the digital literacy gap and equipping teachers and parents to support safe, balanced online engagement.

Whisper 2FA Drives Nearly One Million Phishing Attacks

🛡️ Whisper 2FA has emerged as a highly active phishing kit, responsible for almost one million attacks since July 2025, according to Barracuda. The platform leverages AJAX to create a live relay between victims and attackers, repeatedly capturing passwords and MFA codes until a valid token is obtained. Campaigns impersonate services like DocuSign, Adobe and Microsoft 365 and use urgent lures such as invoices or voicemail notices. Rapid evolution, dense obfuscation and anti-debugging measures make detection and analysis increasingly difficult.

German Logistics Vulnerable to Widespread Cyberattacks

🔒 A recent Sophos survey reports that nearly 80% of German logistics companies have experienced cyberattacks, with incidents frequently occurring at interfaces with customers and suppliers. Forty percent of respondents noted impacts from supply-chain security failures. While many firms now embed IT security requirements in partner contracts, enforcement and regular checks are often missing. The human factor and understaffed security teams remain key vulnerabilities.

Outsourced IT Helpdesks: Closing a Critical Security Gap

📞 Outsourced helpdesks are increasingly targeted by vishing and other social‑engineering campaigns. Attackers can exploit service‑desk privileges to reset passwords, disable MFA, enroll devices or elevate access, enabling lateral movement. Clients should require evidence of ISO 27001 compliance, enforce least‑privilege, strict caller authentication and continuous, scenario‑based agent training. Technical controls such as caller ID spoofing detection, deepfake audio checks and MFA on helpdesk tools — combined with MDR monitoring — help close this gap.

Legacy Windows Protocols Enable Network Credential Theft

🔒 Resecurity warns that legacy Windows name-resolution protocols continue to expose organisations to credential theft when attackers share the same local network. By poisoning LLMNR and NBT-NS broadcasts using tools such as Responder, attackers can capture usernames, domain context and password hashes without exploiting a software vulnerability. Recommended mitigations include disabling these protocols via Group Policy, blocking UDP 5355, enforcing SMB signing, reducing NTLM, and monitoring for anomalous traffic.

TA585 Deploys MonsterV2 Malware With Sophisticated Delivery

🔍 Proofpoint researchers uncovered TA585, a cybercriminal group that operates its own phishing, delivery and malware infrastructure rather than outsourcing. The actor distributes MonsterV2, a subscription-based RAT/stealer/loader that avoids CIS systems and offers modules like HVNC. Early 2025 campaigns used ClickFix social engineering and compromised sites with fake CAPTCHAs to filter victims and deliver payloads, and organisations should train users to spot ClickFix and restrict PowerShell for non-admins.

Fortinet Strengthens Global Cybercrime Collaboration

🔒 Fortinet underscores its leadership within the World Economic Forum’s Cybercrime Atlas, promoting cross-sector intelligence sharing and coordinated disruption to combat cybercriminal networks. The 2025 Impact Report, released ahead of the WEF Annual Meeting on Cybersecurity 2025, details operational support for INTERPOL-led Operations Serengeti and Serengeti 2.0 and quantifies arrests, takedowns, and recovered illicit funds. Fortinet stresses the need for accountability at scale and continued expansion of collaborative capacity-building.

Beyond Security Awareness: Proactive Threat Hunting

🔍 Security Awareness Month highlights the human side of defense but by itself it cannot sustain long-term resilience. The author argues organizations must pair awareness with proactive threat hunting and a structured Continuous Threat Exposure Management (CTEM) program to find misconfigurations, exposed credentials, and excessive privileges before attackers can exploit them. He outlines a three-step readiness model: collect attacker-centric data, map attack paths with a digital twin, and prioritize remediation by business impact.

UK NCSC Reports 130% Rise in National Cyber Incidents

🔐 The UK’s National Cyber Security Centre (NCSC) reported 204 nationally significant incidents between September 2024 and August 2025, a 130% increase on the prior year’s 89 incidents. In total the agency received 1,727 incident tips and elevated 429 to cyber incidents requiring support, including 18 Category 2 “highly significant” events. NCSC leaders warned attackers are improving and urged businesses to harden defences and prioritise preparedness to sustain operations during attacks.

CISOs Must Rethink Tabletop Exercises and Readiness

⚠️ The Cytactic 2025 State of Cyber Incident Response Management report found that 57% of significant incidents involved attack types the security team had not rehearsed. The finding suggests many tabletop exercises focus on dramatic, familiar scenarios like ransomware rather than the subtle, realistic tactics adversaries commonly use. Reported failures include misplaced burner phones and stale contact lists, illustrating gaps in basic readiness. Experts recommend regularly refreshing tailored simulations, roleplaying smaller breaches, and practicing communications and logistics to build practical muscle memory.

Attackers Exploit ScreenConnect Features for Network Access

🔒 DarkAtlas researchers warn that APT groups are leveraging legitimate RMM platforms to gain initial access, increasingly favoring ScreenConnect as it evades basic detection. Attackers abuse features like unattended access, VPN, REST API and file transfer, deploy in-memory installers that leave little disk artefacts, and register persistent services such as ScreenConnect.WindowsClient.exe. Defenders should monitor invite links, config files, in-memory activity and specific event IDs for effective DFIR.

Weekly Recap: WhatsApp Worm, Oracle 0-Day and Ransomware

⚡This weekly recap covers high-impact incidents and emerging trends shaping enterprise risk. Significant exploitation of an Oracle E-Business Suite zero-day (CVE-2025-61882) and linked payloads reportedly affected dozens of organizations, while a GoAnywhere MFT flaw (CVE-2025-10035) enabled multi-stage intrusions by Storm-1175. Other highlights include a WhatsApp worm, npm-based phishing chains, an emerging ransomware cartel, AI abuse, and a prioritized list of critical CVEs.

Astaroth Banking Trojan Uses GitHub to Stay Operational

🔒 Cybersecurity researchers warn of a recent campaign delivering the Astaroth banking trojan that leverages GitHub repositories to host hidden configurations and regain functionality after C2 takedowns. The attack, concentrated in Brazil and across Latin America, begins with a DocuSign-themed phishing message that drops an LNK file which executes obfuscated JavaScript, retrieves an AutoIt loader and ultimately injects a Delphi-based DLL. Astaroth monitors browser activity for banking and cryptocurrency sites, exfiltrates credentials via Ngrok, and employs steganography, anti-analysis checks, and persistent LNK-based startup execution to maintain stealth and resilience.

Navigating Public Sector Cybersecurity: AI and Zero Trust

🔒 As CSO for Google Public Sector, the post frames an urgency-driven approach to modern government security, emphasizing AI-powered threat detection, Zero Trust engineering, and a shared responsibility model. It highlights how Google Security Operations (FedRAMP High), fused threat intelligence from VirusTotal and Mandiant, and fast incident response strengthen mission continuity. The piece stresses that legacy defenses are insufficient against AI-enhanced adversaries and calls for proactive, intelligence-led modernization.

Hidden Text Salting in Emails and Strategic Cyber Decisions

🧯 Cisco Talos warns of extensive abuse of CSS to insert hidden “salt” — extraneous characters, comments and markup — into email preheaders, headers, attachments and bodies to evade detection. This hidden text salting technique is significantly more common in spam and malicious mail than in legitimate messages, undermining both signature and ML-based defenses. Talos advises detecting concealed content and, crucially, stripping or normalising that salt before passing messages to downstream engines, while also urging attention to longer-term strategic decision-making in cyber defense.

Closing the Cloud Security Gap: Key Findings 2025 Report

🔒 The 2025 Unit 42 Global Incident Response Report shows that nearly a third of incidents investigated in 2024 were cloud-related, with 21% of cases directly impacting cloud assets. The article stresses the importance of the shared responsibility model and full, dynamic visibility to manage resource sprawl, misconfigurations and complex cloud-native architectures. It highlights identity misuse and overpermissioned accounts as frequent attack vectors and urges least privilege, credential rotation and robust logging. Palo Alto Networks recommends unified posture and response through Cortex Cloud and integration with Cortex XSIAM to reduce noise and automate remediation.

ClayRat Android Spyware Uses Fake Apps to Spread in Russia

📱 A new Android spyware campaign known as ClayRat has been observed targeting users in Russia through fake app installers and Telegram channels. Operators impersonate popular apps such as WhatsApp, TikTok, Google Photos, and YouTube to trick victims into sideloading APKs or running lightweight droppers that reveal hidden encrypted payloads. Once active, the malware requests default SMS status and can exfiltrate SMS, call logs, notifications, device details, take photos, and even send messages or place calls while automatically propagating to contacts. Zimperium reports roughly 600 samples and 50 droppers detected in the last 90 days, with continuous obfuscation to evade defenses.

Protecting Your Car from Hacking: Practical Guidance 2025

🚗 Modern vehicles increasingly rely on interconnected electronics and external services, creating multiple remote attack vectors — from CAN, LIN and OBD ports to Wi‑Fi, Bluetooth and cellular links. The article notes that attackers now often target manufacturer servers (e.g., Toyota’s 2024 data loss) and references UN R155/R156 and ISO/SAE 21434. It describes vehicle risk categories, practical buyer and setup checks, and step‑by‑step advice if you suspect a compromise.

LockBit, DragonForce and Qilin Form Ransomware Cartel

🚨 Three major ransomware-as-a-service operators — LockBit, DragonForce, and Qilin — announced a coalition in early September aimed at coordinating attacks and stabilizing market conditions after recent law enforcement disruptions. The groups signaled intentions to reduce intra-group conflicts, share resources, and protect affiliate revenue, and LockBit explicitly authorized targeting certain critical infrastructure sectors. ReliaQuest researchers reviewed forum posts and communications but have not yet observed joint operations or a combined leak site.

September 2025 Cyber Threats: Ransomware and GenAI Rise

🔍 In September 2025, global cyber-attack volumes eased modestly, with organizations facing an average of 1,900 attacks per organization per week — a 4% decline from August but a 1% increase year-over-year. Beneath this apparent stabilization, ransomware activity jumped sharply (up 46%), while emerging GenAI-related data risks expanded rapidly, changing attacker tactics. The report warns that evolving techniques and heightened data exposure are creating a more complex and consequential threat environment for organizations worldwide.