< ciso
brief />
Tag Banner

All news with #threat report tag

542 articles · page 12 of 28

Resilience in the AI Era: Google's Call at MSC 2026

🔒 At the 62nd Munich Security Conference, Kent Walker (President, Google & Alphabet) argued that fragmented defenses are inadequate against AI-accelerated cyber threats and the near-term risk from cryptographically relevant quantum computing. Google highlighted GTI findings that adversaries are automating reconnaissance and producing hyper-realistic phishing, and showcased the Ukrainian startup LetsData, which uses AI to scan multilingual media and detect InfoOps at scale. To scale defender advantages, Google launched the Gemini Startup Forum: Cybersecurity and promotes deployment options such as Google Distributed Cloud Air-Gapped for sovereign, secure use of its infrastructure. Walker urged governments, industry, and vendors to adopt a full-stack, collaborative approach—breaking silos and modernizing procurement—to build shared digital resilience.
read more →

Unit 42 2026 Global Incident Response Report Findings

⚠️ The Unit 42 2026 Global Incident Response Report analyzes over 750 major incidents across 50+ countries and reveals attackers are moving faster and leveraging trusted identities and integrations. The report documents AI-driven acceleration—some intrusions advanced from initial access to exfiltration in as little as 72 minutes—and shows identity weaknesses in nearly 90% of cases. It recommends reducing exposure, tightening identity controls, and increasing response speed.
read more →

What CISOs Need to Know About OpenClaw Risks and Mitigations

⚠️ OpenClaw is an open‑source AI‑agent orchestration tool that runs locally, integrates with common chat apps and can use any LLM backend, driving rapid adoption. Researchers have found widespread exposed instances, critical authentication‑bypass flaws, plaintext credentials in the ClawHub marketplace and hundreds of malicious skills enabling credential theft and remote code execution. Experts urge enterprises to ban or tightly restrict use, enforce least privilege, MFA, endpoint segmentation and continuous telemetry if pilots are allowed.
read more →

GTIG AI Threat Tracker: Distillation and Integration

🛡️ Google Threat Intelligence Group (GTIG) reports rising adversarial use of AI in Q4 2025, including widespread model extraction, AI-augmented reconnaissance, social engineering, and trials of agentic tooling. GTIG and Google DeepMind detected and mitigated numerous extraction attempts, protected internal reasoning traces, and disabled abusive assets in real time. The update describes AI-enabled proofs-of-concept (for example HONESTCUE and COINBAIT), abuses of shareable chat outputs, underground proxy toolkits, and published IOCs to support defenders.
read more →

ThreatsDay Bulletin: Access Abuse and Quiet Persistence

📝 This week’s bulletin spotlights attackers favoring reliable tradecraft—misusing trusted tools and simple entry points while executing deliberate, long‑dwell post‑compromise activity. Microsoft fixed a Notepad Markdown command‑injection (CVE‑2026‑20841) and LayerX disclosed a 0‑click RCE risk in Claude Desktop Extensions. Emerging stealers (LTX, Marco), evolving loaders (GuLoader, RenEngine), and data‑theft ransomware trends raise operational risk. Defenders must detect misuse of legitimate access and anomalous in‑system behavior.
read more →

North Korean Hackers Use Deepfake Meetings to Target Crypto

🛡️ Mandiant attributes a targeted campaign to North Korean financially motivated group UNC1069, which combines social engineering, deepfake video and macOS malware to steal cryptocurrency and credentials. The attackers hijacked a cryptocurrency executive’s Telegram account to build trust, then sent a calendar invite to a faux Zoom meeting hosted on attacker infrastructure. During the call a purported deepfake of the executive appeared and a ClickFix ruse persuaded victims to run commands, enabling deployment of backdoors and information-stealers.
read more →

Valentine’s Day 2026 Scams: Rising Phishing & Fraud

💌 Check Point researchers report a sharp rise in Valentine-themed phishing websites, fraudulent online stores, and fake dating platforms that aim to steal personal data and payment information from shoppers and daters ahead of Valentine’s Day 2026. From March–December 2025, new Valentine-related domains averaged 474 per month; registrations jumped to 696 in January 2026, a 44% increase. In the first five days of February researchers detected 152 additional domains, a further 36% rise in the daily average. The trend reflects opportunistic abuse of seasonal demand and last-minute gift shopping.
read more →

WAF Security Test Results 2026: Prevention First Matters

🔒 The WAF Comparison Project 2026 presents the findings of a third annual, real-world evaluation of 14 leading WAF vendors using 1 million legitimate requests and 74,000 malicious payloads. Testers found attackers increasingly employ evasion, payload padding, and zero-day techniques that can bypass signature-based defenses. The report emphasizes a prevention-first strategy — combining proactive filtering, behavioral controls, and continuous tuning — to better protect web apps, APIs, and GenAI workloads.
read more →

CISA 2025 Year in Review: Strengthening Infrastructure

🛡️ CISA released its 2025 Year in Review highlighting major achievements that bolstered national cyber and physical security. The agency published over 1,600 products, triaged more than 30,000 incidents through its 24/7 Operations Center, and blocked billions of malicious connections across federal and critical infrastructure networks. It led 148 exercises engaging 10,000+ participants and issued the Be Air Aware™ guides to address Unmanned Aircraft System threats. The report frames these outcomes as the foundation for 2026 priorities focused on innovation, resilience, and partnership.
read more →

Attackers Prefer Stealthy Persistence for Extortion

🦠 Picus Security's Red Report 2026 analyzed over 1.1 million malicious files and 15.5 million actions, finding attackers favor stealthy persistence and evasion to silently exfiltrate data for extortion. Process injection accounted for 30% of techniques, while adversaries routed C2 through high-reputation services like OpenAI and AWS and used stolen browser passwords to masquerade as users. The report warns that virtualization/sandbox evasion and increased technique counts make detection more challenging.
read more →

From Ransomware to Residency: The Shift to Stealth

🔍 The Picus Red Report 2026 analyzed more than 1.1 million malicious files and 15.5 million adversarial actions across 2025 and finds attackers shifting from disruptive ransomware to long-lived, stealthy residency. Rather than encrypting systems, adversaries focus on credential theft, process injection, sandbox evasion and quiet data exfiltration. The report urges defenders to prioritize behavior-based detection, credential hygiene and continuous adversarial validation to restore visibility.
read more →

January 2026: Global Attacks Rise; Ransomware, GenAI Risk

⚠️ Check Point Research reports a global increase in cyber attacks in January 2026, with organizations experiencing an average of 2,090 attacks per organization per week — a 3% increase from December and 17% above January 2025. The rise is driven by expanding ransomware operations and mounting data‑exposure risks linked to widespread GenAI adoption. Critical sectors are under intensified pressure as threat activity accelerates and adversaries move faster.
read more →

2025 Q4 DDoS Report: Record 31.4 Tbps Attack and Botnet

🛡️ Cloudflare's 24th Quarterly DDoS Threat Report documents a record-setting 2025 capped by a 31.4 Tbps attack and a late-December campaign from the Aisuru-Kimwolf botnet. The firm observed a 121% year-over-year surge in DDoS activity, averaging 5,376 mitigations per hour and a tripling of network-layer assaults to 34.4 million. Hyper-volumetric HTTP floods—largely from infected Android TVs—peaked above 200 Mrps and targeted telcos, gaming, and AI providers, while Cloudflare's autonomous defenses automatically detected and mitigated these incidents.
read more →

ThreatsDay: Codespaces RCE, AI Cloud Escalation & Trends

🔔 This ThreatsDay bulletin assembles concise signals — from GitHub Codespaces RCE vectors to mapped AsyncRAT C2 infrastructure — that show adversaries are streamlining access and persistence. It spotlights BYOVD kernel driver abuse in ransomware playbooks, an AI-assisted cloud intrusion reaching admin in minutes, and a CISA list expanding to 59 actively exploited CVEs. Defenders should prioritize developer workflow hardening, credential rotation, and rapid patching.
read more →

Global SystemBC Botnet Active on Over 10,000 Systems

🛡️ Silent Push links the long-running SystemBC malware to more than 10,000 infected IP addresses worldwide, including hosts tied to government sites. SystemBC acts as a multi-platform SOCKS5 proxy, turning compromised machines into relays that help attackers hide infrastructure and maintain persistence, often appearing before ransomware is deployed. Researchers found infections concentrated in data centres, uncovered a Perl-based Linux variant undetected by 62 antivirus engines, and observed reliance on abuse-tolerant hosting for C2 operations.
read more →

Leaked Non-Human Identities: A DevOps Risk Report Overview

🔐 In late 2025, Flare researchers discovered over 10,000 Docker Hub images containing exposed production secrets — from API keys and cloud tokens to CI/CD credentials and AI model access tokens. The report frames non-human identities — tokens, service accounts and workload identities — as persistent, highly privileged artifacts that often outlive their creators and bypass traditional controls. It highlights incidents including the Snowflake breach, a long-lived Home Depot GitHub token exposure, and a Red Hat GitLab compromise, and urges teams to adopt automated secret scanning, short-lived credentials, and continuous monitoring of public registries.
read more →

New Technical Markers Expose Expanded ShadowSyndicate

🔍 Group-IB researchers have linked dozens of servers to the ShadowSyndicate cybercrime cluster through reused OpenSSH fingerprints and recurring access keys, exposing a larger, consistently managed malicious infrastructure. The cluster, first documented in 2023, continues to deploy and transfer servers between internal clusters while retaining overlapping keys that enable attribution. Analysts identified at least 20 command-and-control nodes supporting commercial red-team frameworks and open-source post-exploitation tools and observed ties to multiple ransomware affiliates. Group-IB recommends ingesting indicators of compromise, monitoring repeated MFA failures and unusual login activity, and tracking activity in frequently used autonomous systems.
read more →

AI Drives Rapid Doubling of Phishing Attacks in 2025

📨 Cofense reports that security filters caught a phishing email every 19 seconds in 2025 — more than double the 2024 rate of one every 42 seconds — as AI enables faster, larger-scale campaigns. The vendor's report, The New Era of Phishing: Threats Built in the Age of AI, warns that actors now use AI to generate highly personalized, polymorphic and multi-channel phishing that adapts per victim. It also highlights a 105% rise in remote access tool detections, a 19-fold spike in abuse of .es domains, and a 204% increase in email-delivered malware, urging post-delivery behavioral analysis and human validation.
read more →

Identities Targeted as Cybercriminals Shift Tactics Now

🔐 The Eye Security 2026 State of Incident Response Report finds that cyberattacks on companies are increasingly undetected and that attackers are shifting from technical exploitation to abusing existing access and credentials, with damage often occurring within minutes. The study reports passwords were involved in 97% of tracked incidents and that BEC accounted for over 70% of cases, with phishing initiating 40% of those intrusions. It also highlights the rise of Ransomware-as-a-Service, access broker marketplaces, and the commercialization of insider access, identifying industrial, construction, and transport firms as particularly affected based on 630 European incidents analyzed from 2023–2025.
read more →

Microsoft: Python-based infostealers targeting macOS

⚠ Microsoft warns that information-stealing campaigns are expanding beyond Windows to target Apple macOS by leveraging cross-platform languages like Python and abusing trusted distribution platforms. Since late 2025, attackers have used malvertising and Google Ads to redirect users to fake sites that employ ClickFix lures and DMG installers to deploy families such as Atomic macOS Stealer (AMOS), MacSync, and DigitStealer. Campaigns use fileless execution, native macOS utilities, and AppleScript to harvest browser credentials, session cookies, iCloud Keychain items, and developer secrets. Organizations are urged to train users on malvertising and fake installers, monitor Terminal and iCloud Keychain access, and inspect network egress for POSTs to newly registered or suspicious domains.
read more →