All news with #threat report tag

Fake CISO Job Offer Used in Long-Game 'Pig-Butchering' Scam

🔒 A seasoned US CISO was targeted in a months-long pig-butchering scam that used a fabricated recruitment process posing as Gemini Crypto, including LinkedIn outreach, SMS, WhatsApp messages and a likely deepfaked video interview. The attackers groomed the target from May–September 2025, offered a fictitious CISO role, and asked him to buy $1,000 in crypto on Coinbase as "training." The candidate declined, documented the exchange, and warned peers; analysts say these long-game social engineering campaigns and malware-laced "test" assignments are increasingly common and financially damaging.

Chinese-speaking Group UAT-8099 Targets IIS Servers

🔐 Cisco Talos recently disclosed activity by a Chinese-speaking cybercrime group tracked as UAT-8099 that compromises legitimate Internet Information Services (IIS) web servers across several countries. The actors use automation, custom malware and persistence techniques to manipulate search results for profit and to exfiltrate sensitive data such as credentials and certificates. Talos notes the group maintains long-term access and actively protects compromised hosts from rival attackers. Organizations should hunt for signs of BadIIS, unauthorized web shells and anomalous RDP/VPN activity and share IOCs promptly.

Confucius Shifts to Python Backdoors Targeting Windows

🛡️ FortiGuard Labs reports that the long-running cyber-espionage group Confucius has shifted tactics against Microsoft Windows users, moving from document stealers like WooperStealer to Python-based backdoors such as AnonDoor. The change, observed between December 2024 and August 2025, favors persistent access and command execution over simple data exfiltration. Researchers describe layered evasion and persistence techniques including DLL side-loading, obfuscated PowerShell, scheduled tasks and stealthy exfiltration to minimize detection. Targeting remains focused in South Asia, particularly Pakistan.

Confucius Espionage: Evolution from Stealer to Backdoor

🔐 FortiGuard Labs documents the Confucius espionage group’s shift from document-stealing malware to a stealthy Python-based backdoor targeting Microsoft Windows. Recent campaigns used spear-phishing with weaponized Office PPSX files, malicious LNK loaders, and staged PowerShell installers to deploy runtimes and execute AnonDoor modules. The actor leveraged DLL side-loading, scheduled tasks, and HKCU registry Load persistence to maintain stealth and periodic execution. Fortinet urges layered defenses, updated signatures, and user training to mitigate these threats.

UAT-8099 Targets High-Value IIS Servers for SEO Fraud

🔍 Cisco Talos details UAT-8099, a Chinese-speaking cybercrime group that compromises reputable IIS servers to conduct SEO fraud and steal high-value credentials, certificates and configuration files. The actors exploit file-upload weaknesses to deploy ASP.NET web shells, enable RDP, create hidden administrative accounts and install VPN/reverse-proxy tools for persistence. They automate operations with custom scripts, deploy Cobalt Strike via DLL sideloading and install multiple BadIIS variants to manipulate search rankings and redirect mobile users to ads or gambling sites. Talos published IoCs, Snort/ClamAV signatures and mitigation guidance.

ENISA: Phishing Drives Most EU Cyber Intrusions in 2024–25

📣 The EU security agency's ENISA Threat Landscape 2025 report, analyzing 4,875 incidents from 1 July 2024 to 30 June 2025, finds phishing was the initial access vector in 60% of intrusions, with vulnerability exploitation at 21%. Botnets and malicious applications accounted for 10% and 8% respectively, and 68% of intrusions led to follow-up malware deployment. ENISA highlights AI-powered phishing exceeded 80% of social engineering globally by early 2025 and warns of attacks aimed at critical digital supply chain dependencies and high-value targets such as outdated mobile and OT systems.

Key Security Metrics CISOs Need for Business Alignment

📊 Measuring security performance is essential for CISOs who must demonstrate how security supports business objectives. The article outlines ten metric categories — including incident response (MTTD/MTTR), vulnerability "window of exposure," security awareness and maturity — and stresses choosing metrics that answer stakeholders' questions. Experts such as Richard Absalom and Frank Kim advise avoiding meaningless measurements and using metrics to prioritize work, allocate resources and communicate security value to the board.

Phishing and Patching: Cyber Basics Still Critical

🔐 Fortinet’s 2025 Global Threat Landscape Report underscores that two fundamentals — protecting against phishing and keeping software up to date — remain the most effective defenses. Attackers are scaling campaigns with automation and generative AI to produce more convincing messages, and they combine email, SMS, and voice techniques to raise success rates. Organizations should strengthen employee training, deploy MFA, and adopt centralized or automated patch management to reduce exposure and limit lateral movement.

Five Essential Cybersecurity Tips for Awareness Month

🔒 October is Cybersecurity Awareness Month, a timely reminder that prevention-first strategies are essential as digital threats evolve rapidly. This piece presents five practical tips organizations and individuals can implement — from user training and multi-factor authentication to regular patching and least-privilege access — and stresses the rising risk of AI-driven attacks and the need for layered defenses.

Case for Multidomain Visibility and Unified Response in SOCs

🔍 The 2025 Unit 42 Global Incident Response Report shows that 84% of investigated incidents involved activity across multiple attack fronts and 70% spanned at least three vectors, underscoring coordinated, multidomain campaigns. Attackers move laterally across cloud, SaaS, IT and OT, exploiting identities, misconfigurations and vulnerabilities. The report recommends unified telemetry, AI-driven behavioral analytics and stronger identity controls to improve detection and accelerate response.

Generative AI's Growing Role in Scams and Fraud Worldwide

⚠️A new primer, Scam GPT, surveys how generative AI is being adopted by criminals to automate, scale, and personalize scams. It maps which communities are most at risk and explains how broader economic and cultural shifts — from precarious employment to increased willingness to take risks — amplify vulnerability to deception. The author argues these threats are social as much as technical, requiring cultural shifts, corporate interventions, and effective legislation to defend against them.

2025 Cybersecurity Reality Check: Attack Surface Focus

🔍 Bitdefender's 2025 assessment highlights rising secrecy after breaches, a widening leadership-to-frontline disconnect, and an urgent shift to shrink enterprise attack surfaces. The report, combining surveys of over 1,200 IT and security professionals across six countries and analysis of 700,000 incidents, shows 84% of high-severity attacks leverage Living Off the Land techniques. Organizations are prioritizing attack surface reduction and simplification to improve resilience and detection.

AI Tops Cybersecurity Investment Priorities — PwC Report

🔒 A PwC survey finds AI-based security is the top cybersecurity investment priority for the next 12 months, with 36% of business and technology executives ranking it among their top three budget areas. Security leaders prioritized AI threat hunting (48%) and agentic AI to boost cloud and operational efficiencies (35%). While 78% expect cyber budgets to rise, organizations report significant knowledge and skills gaps and low readiness for quantum threats.

EU Agency: Cyber Threat Landscape in Europe Worsens

⚠️ ENISA reports the EU cyber threat landscape has worsened, identifying ransomware as the single most damaging threat due to widespread encryption and costly recoveries. By frequency, DDoS incidents dominate (77% of reported cases), though they typically cause shorter-lived outages. The agency's analysis of 4,875 incidents from July 2024 to June 2025 also highlights concentrated attacks on public administration and a rapid rise in AI-assisted social engineering.

Phantom Taurus: China-Aligned Hackers Target State, Telecom

🔍Phantom Taurus, newly designated by Unit 42, is a China-aligned cyber-espionage group that has targeted government and telecommunications organizations across Africa, the Middle East and Asia for at least two and a half years. Researchers traced the activity from earlier cluster tracking through a 2024 campaign codename, noting a 2025 elevation to a distinct group. Phantom Taurus has shifted from email-server exfiltration to directly querying SQL Server databases via a custom mssq.bat executed over WMI, and deploys a previously undocumented .NET IIS malware suite dubbed NET-STAR.

Securing the Cloud: Risks, AI Impacts, and Best Practices

🔒 This Special Report examines the distinct security challenges of cloud environments, the current threat landscape organizations face, and how rapid AI adoption is amplifying those risks. It highlights common hidden exposures across configurations, data stores, and APIs. The report also presents practical strategies and best practices for improving cloud posture, governance, and operational controls to reduce overall attack surface.

Government Shutdown Deepens US Cybersecurity Risks

⚠️ The US government shutdown that began on Sept. 30 deepens federal cyber risk by compounding prior spending cuts and workforce reductions. Significant cuts — including roughly $1.23 billion trimmed from civilian cyber budgets and about 1,000 CISA staff fired earlier in July — have already weakened defenses. Agencies have issued contingency plans and will exempt some critical SOCs and intelligence functions, but contractors and broader response capacity face disruption. Adversaries are likely monitoring for opportunities, and the effects will persist even after funding resumes.

Manufacturing Cyber Risk Escalates: Executive Priorities

⚠️Manufacturing organizations now face an average of 1,585 cyberattacks per week, a 30% year‑over‑year rise, and ransomware remains the predominant threat. Incidents can incur losses that reach hundreds of millions and in some cases force insolvency. Deep supplier connectivity amplifies exposure because a single compromised vendor can cascade disruption across industries. The report urges executives to prioritize resilience, segmentation, and third‑party risk management.

CIISec Members Say Budgets Lag Behind Cyber Threats

📉 A CIISec poll of UK cybersecurity professionals finds most believe budgets are not keeping pace with rising threats: only 5% say funding is in line with or ahead of risk while 84% disagree. Despite funding concerns, 78% report good or excellent job prospects and 73% expect the security market to grow over the next three years. CIISec recommends prioritizing the people challenge—skills development and communication—since improving talent often costs less and yields faster impact than new tooling.

How to Restructure a Security Program to Modernize Defense

🔒 The article advises that organizations should proactively restructure security programs instead of waiting for breaches or regulator intervention. It cites the 2024 FTC order against Marriott, following incidents exposing personal data of 344 million guests, as a cautionary example. Practical guidance includes an independent top-to-bottom review, listening tours, delivering quick visible wins, simplifying tool stacks, adopting AI-enabled capabilities, and investing in staff and training. It also outlines frequent mistakes such as insufficient executive buy-in, hiring biases, and underestimating evolving threats.