All news with #threat report tag

Global Execs Rank Disinformation, AI and Cyber Risks

🧭 Business leaders across 116 economies told the World Economic Forum that misinformation/disinformation, cyber insecurity and the adverse outcomes of AI rank among the top near-term threats to national stability. The WEF’s Executive Opinion Survey 2025 canvassed 11,000 executives, who placed technological risks alongside economic and societal concerns. Respondents flagged AI-driven deepfakes, model exploitation and AI-assisted cyber techniques as amplifiers of both disinformation campaigns and critical-system threats.

Many Germans Neglect Cybersecurity Despite Rising Fraud

🛡️ A BdB survey of 1,057 German adults found that only 54% regularly or occasionally seek information about online security, even as 41% believe they are likely to face online fraud (9% very likely, 32% likely). Nearly a quarter (23%) reported being victims of online fraud in the past two years, yet 82% still consider online banking at home to be safe. BdB CEO Heiner Herkenhoff warns that awareness and basic protective measures significantly reduce the risk of falling for scams.

Researchers Expose Lazarus APT Remote-Worker Scheme Live

🔍 A joint investigation by Mauro Eldritch (BCA LTD), NorthScan, and ANY.RUN captured operators from North Korea's Lazarus Group Famous Chollima working through a network of remote IT contractors. Analysts used long-running sandbox VMs that mimicked real developer laptops to observe live activity without alerting the intruders, recording credential collection, AI-assisted interview tooling, OTP handling, and persistent access via Google Remote Desktop. The study found identity and workstation takeover — not traditional malware — as the primary intrusion method, underscoring significant risks in remote hiring and contractor vetting.

MuddyWater targets Israel with new Fooder and MuddyViper

🛡️ ESET researchers identified a MuddyWater campaign running from 30 September 2024 to 18 March 2025 that primarily targeted organizations in Israel and one confirmed technology victim in Egypt. Operators deployed newly observed custom tools — a reflective loader called Fooder and a C/C++ backdoor named MuddyViper — and abused RMM installers and reverse tunnels. The malware uses Windows CNG for AES-CBC encryption and communicates over HTTPS; operators deliberately minimized hands-on-keyboard activity to hinder detection.

UK and US Security Teams Fear State-Sponsored Cyberattacks

🔒 IO's State of Information Security Report 2025 finds most UK and US cybersecurity professionals fear state-sponsored cyber-attacks, with 23% citing lack of preparedness for geopolitical escalation as their top concern. Surveying 3,000 security managers, IO reports 33% believe governments are not doing enough and many organisations worry about data loss, reputational harm and supply chain disruption. In response, 74% are investing in resilience and 97% are tailoring incident response, beefing up threat intelligence and securing supply chains.

Albiriox Android MaaS Threat Expands in Dark Markets

🛡️ A new Android malware family, Albiriox, has emerged on Russian-speaking cybercrime forums as a Malware-as-a-Service offering full device takeover and real-time fraud capabilities. Cleafy says it already targets more than 400 banking and cryptocurrency applications and combines VNC-style remote control with accessibility-driven UI automation, overlays and black-screen fraud techniques. Initial subscriptions were advertised at $650–$720 per month and the developers promote crypting to evade detection.

Free GreyNoise IP Check to Detect Botnet Participation

🛡 GreyNoise Labs provides a free online IP-check tool that helps users determine whether their home or family public IP has been observed performing malicious scanning or appears in GreyNoise's dataset. The GreyNoise IP Check returns one of three outcomes: clean, suspicious/malicious activity, or traffic consistent with VPN, corporate, or cloud environments, and shows a 90-day activity history when correlations exist. For advanced users, an unauthenticated, rate‑limit‑free JSON API accessible via curl supplies structured data for integration into MDMs, VPN scripts, or network onboarding.

12 Signs the CISO-CIO Relationship Is Broken: Causes & Fixes

🔒 Gartner and industry advisors outline a dozen signs that the CISO–CIO relationship is strained, from overridden recommendations and withheld information to board messaging conflicts and late security involvement in IT initiatives. These dysfunctions lead to misaligned priorities, duplicated technology purchases, and increased security gaps. The piece highlights contributing factors such as competing incentives and differing metrics, and prescribes practical fixes like regular one-on-ones, clarified responsibilities, alignment on enterprise risk and strategy, and a business-enablement approach that offers trade-offs and multiple solutions.

Tomiris Shifts to Public Services for C2 Evasion Tactics

🛡️ Kaspersky researchers report that the Tomiris threat actor has increasingly used legitimate public services such as Telegram and Discord as command-and-control channels to blend malicious traffic with benign activity. The campaign relies on tailored spear-phishing with password-protected RAR attachments, multi-language implants, and open-source C2 frameworks like Havoc and AdaptixC2. Targeting focuses on Russian-speaking governmental and diplomatic entities across Central Asia and Russia, enabling long-term persistence and covert intelligence collection.

Threat Actors Abuse Calendar Subscriptions for Attacks

📅 New research from BitSight reveals that threat actors are exploiting third‑party calendar subscription mechanisms to inject malicious events and notifications directly into users' devices. Attackers are leveraging expired or hijacked domains to host deceptive .ics files and run large‑scale social engineering campaigns that can deliver phishing URLs, attachments, or code execution vectors. While this is not a vulnerability in Google Calendar or iCalendar, the findings expose a neglected security blind spot. Organizations and individuals should strengthen monitoring and protections around calendar subscriptions.

November 2025 security roundup: leaks, ransomware, policing

🔍 In his November roundup, ESET Chief Security Evangelist Tony Anscombe highlights major cybersecurity developments that warrant attention. He draws attention to Wiz's finding that API keys, tokens and other sensitive credentials were exposed in repositories at several leading AI companies, and to a joint advisory revealing the Akira ransomware group's estimated $244 million takings. Tony also flags privacy concerns around X's new location feature, outlines how Australia intends to enforce a proposed under‑16 social media ban, and notes a Europol/Eurojust operation that disrupted malware families including Rhadamanthys.

Empathy-Driven IT Security: Path to Active Compliance

🔐 IT security often meets resistance when guidelines clash with everyday work pressures, causing employees to view measures as obstructive and to bypass them. The article advocates empathetic policy engineering: perform stakeholder analysis, design user-centered policies, and pilot changes with early adopters. Communicate with respect—use tactical empathy, collaborative 'help me to help you' dialogues, and realistic, scenario-based training to boost acceptance and embed secure practices.

Bloody Wolf APT Expands NetSupport Campaign in Central Asia

🔎 Researchers at Group-IB and UKUK have identified a widening campaign by the Bloody Wolf APT that uses streamlined Java-based loaders to deliver NetSupport remote administration software to government targets. The operation, active since late 2023 and observed in Kyrgyzstan from at least June 2025 before spreading to Uzbekistan in early October, relies on convincing PDF lures, spoofed domains and geofenced infrastructure. Simple Java 8 loaders fetch NetSupport over HTTP, add persistence via autorun entries and scheduled tasks, display fake error messages, and include a launch-limit counter to limit execution and avoid detection. The group has shifted from using STRRAT to deploying an older 2013 build of NetSupport Manager and uses a custom JAR generator to mass-produce variants.

ToddyCat toolkit pivots to Outlook and Microsoft tokens

🔒 Kaspersky researchers report that ToddyCat updated its toolkit in late 2024 and early 2025 to target Outlook email data and Microsoft 365 access via OAuth 2.0 tokens. Previously known for compromising internet-facing Microsoft Exchange servers, the group now uses a C++ utility, TCSectorCopy, to copy OST files and parses them with XstReader to read full email archives. When browser-based token extraction was blocked, attackers deployed ProcDump to dump tokens from Outlook memory. Kaspersky released IOCs and technical details to support detection and response.

Retailers Brace for Holiday Fraud, Not Major Breach Spike

🔒 Huntsman Security's analysis of ICO reports from Q3 2024 to Q2 2025 indicates the retail and manufacturing sector experienced only minor seasonal peaks, with 1,381 incidents overall and quarterly counts clustered in the mid-300s. The firm reported 618 breaches caused by brute force, misconfigurations, malware, phishing and ransomware, and urged a shift to continuous assurance so defenses do not drift into vulnerable states. Other vendors cautioned that more than half of recent ransomware incidents occurred on weekends or holidays, while researchers warned of AI-enabled fake e-commerce sites, typosquatted domains and package-tracking scams targeting shoppers.

Care That You Share: Holiday Risks and Mitigations

🛡️ This edition of Talos Threat Source urges a simple behavioral shift: practice care in what, how, and why you share information during the holiday season and beyond. The briefing highlights operational pressures as teams run lean and attackers intensify phishing and supply‑chain campaigns, and it outlines practical changes such as retiring obsolete ClamAV signatures and encouraging feature‑release container tags for better security maintenance. Thoughtful, timely sharing of tips, IOCs, and status updates can materially improve collective resilience when resources are constrained.

ToddyCat APT Targets Outlook Archives and M365 Tokens

🔒 Kaspersky Labs reports that the ToddyCat APT refined its toolkit in late 2024 and early 2025 to harvest Outlook offline archives and Microsoft 365 OAuth tokens in addition to browser credentials. New PowerShell and C++ components — notably TomBerBill and TCSectorCopy — copy browser artifacts and sector‑level OST files while attackers also attempt in‑memory token grabs from Outlook processes to maintain persistent access.

Smishing Triad Expands Phishing Campaigns Targeting Egypt

🔍 Dark Atlas has uncovered a growing cluster of fraudulent domains used by the Chinese-speaking Smishing Triad to impersonate major Egyptian and global service providers, including Fawry, Egypt Post and Careem. Analysts traced malicious infrastructure in AS132203 — linked to Tencent facilities — after examining HTTP headers and running targeted Shodan searches, which revealed additional spoofed pages for brands such as UnionPay and TikTok. The group advertises a configurable smishing kit on Telegram that automates deployment of multilingual phishing templates for delivery, telecom, government and payment services worldwide.

Holiday Cyberthreat Surge 2025: What CISOs Must Know

🛡️ FortiGuard Labs' 2025 holiday analysis documents a marked increase in malicious infrastructure, credential theft, and targeted exploitation of e-commerce systems during the pre-holiday period. Attackers registered tens of thousands of holiday- and retail-themed domains and sold over 1.57 million account records from stealer logs, fueling credential stuffing and account takeover. The report highlights active exploitation of critical flaws in platforms such as Magento, Oracle EBS, and WooCommerce, and emphasizes urgent mitigations: patching, MFA, bot management, domain monitoring, and payment-page integrity checks to reduce fraud and protect customers.

The 2026 Tech Tsunami: AI, Quantum, and Web 4.0 Collide

🌐 Check Point's 2026 analysis warns that an unprecedented convergence of AI, quantum computing, and an immersive Web 4.0 will reshape digital risk. Autonomous systems and hyper-automation will blur boundaries between cloud, networks, and physical infrastructure, expanding attack surfaces and changing the nature of digital trust. The report calls for updated cryptography, enhanced detection, and cross-industry resilience planning.