< ciso
brief />
Tag Banner

All news with #threat report tag

542 articles · page 2 of 28

Survey Finds AI Attacks Top Concern for Security Leaders

🔍 A Filigran survey of 168 security leaders at Infosecurity Europe 2026 found AI-powered attacks are the leading worry, cited by 41% of respondents, outpacing supply chain and unknown threats. Teams report alert fatigue as a major time sink, with chasing false positives (26%) and validating risks (25%) common. Trust in threat intelligence and AI decision-making remains low, and only 28% have a continuous exposure management program.
read more →

Lessons from 22,000 Breaches for Incident Preparedness

🔍 The 2026 Verizon DBIR analyzed over 22,000 confirmed breaches across 145 countries and concludes that organizations cannot patch fast enough to prevent every incident. Exploitation of vulnerabilities became the leading initial access vector as critical flaws and their remediation windows grew, while ransomware and third-party breaches surged. The report urges realistic, technical tabletop exercises that rehearse containment, communication, and coordination under time pressure.
read more →

Staffing and AI Shape Modern SOC Challenges

🛡️ The SANS 2026 SOC Survey of 513 security professionals highlights staffing as the top operational challenge for SOCs, with a marked perception gap between practitioners and cyber leaders about hiring and retention. The report shows widespread AI/ML adoption (79%) but limited operational integration (36%), with most teams using vendor tools without customization. It also flags maturity issues in CTI use, OT/IoT coverage, and SOC measurement practices.
read more →

Midwest Sees Rising Cyber Attacks on Key Sectors

📊 Check Point Research found that organizations in the Central US faced higher weekly cyber attack volumes through May 2026 compared with the national average. The region averaged about 1,552 attacks per week, rising to 1,612 in May versus a national 1,442. Energy, healthcare, and financial services drove the regional increases, with energy up 45% and healthcare the most targeted by volume.
read more →

Summer travel phishing surges; hospitality attacks rise

📈 Check Point Research warns of a sharp seasonal surge in travel-related cyberattacks ahead of summer 2026, with the hospitality sector experiencing a 24% year-over-year increase in weekly attacks and a 122% rise over three years. The team found nearly 50,000 new travel-related domains in May 2026—many linked to coordinated bulk-registration campaigns—and active phishing sites impersonating major booking platforms to harvest credentials and payments. Travelers are urged to verify domains, use credit cards, enable two-factor authentication, and avoid clicking links in unsolicited messages.
read more →

Analysis: The Gentlemen ransomware group's evolution

🔎 A new PRODAFT report traces The Gentlemen (aka Phantom Mantis) from an affiliate of multiple RaaS families to an independent, enterprise-focused extortion operation led by a Russian-speaking actor tracked as LARVA-368. Active since March 2025 and claiming 478 victims, the group uses AI, diverse tooling, multi-platform ransomware, and aggressive affiliate incentives while targeting VPNs, firewalls, VMware, and other internet-facing systems.
read more →

ThreatsDay bulletin: supply chain worm and AI risks

🛡️This week’s briefing highlights a surge in polished, commodified cybercriminal tools and large-scale data exposures. Notable items include a public supply-chain attack toolkit, a $5,000/month RAT that clones browser profiles, and research showing AI agents can be induced to leak credentials. The roundup covers high-impact incidents, evolving malware-as-a-service offerings, targeted intrusion campaigns, and concerning platform privacy changes.
read more →

China-linked JDY botnet accelerates enterprise risk

🔍 Lumen’s Black Lotus Labs reports a China-linked botnet called JDY has grown to over 1,500 compromised SOHO and IoT devices used to rapidly discover and fingerprint internet-facing systems after public vulnerability disclosures. The activity, tied to nation-state actors including Volt Typhoon, enables persistent, distributed reconnaissance that can evade geofencing and IP-reputation controls. Researchers warn this marks a shift toward industrialized pre-exploitation scanning and undermines traditional perimeter patch and monitoring assumptions.
read more →

Rising Multi‑Layered Identity Crime Affects More Victims

🔍 The Identity Theft Resource Center's 2026 Trends in Identity Report, based on over 6,000 reports from April 1, 2025 to March 31, 2026, shows nearly 26% of victims experienced two or more concurrent identity incidents. Unauthorized device/PC access rose sharply to 27% of compromises and is now the primary threat for adults aged 35–64. Account takeovers made up 50% of misuse cases, while recovery rates dropped significantly when financial loss occurred. Experts warn that compromised devices enable broader attacks and call for testing and automation to improve incident response.
read more →

May 2026 Cyber Attack Trends: Ransomware Surges

🔍 Check Point Research reports that global cyber-attack volumes slightly eased in May 2026, averaging 2,055 weekly attacks per organization, a 2% year‑over‑year increase but a 7% month‑over‑month decline. While overall volumes moderated, ransomware rose sharply—698 incidents, a 48% increase year‑over‑year—and GenAI-related data exposure risks expanded as enterprises adopted more tools without adequate governance. The report highlights shifting sector targets and regional variations.
read more →

2026 OT Security Report: Maturity Rising, Risks Persist

🔒 The 2026 Fortinet State of Operational Technology and Cybersecurity Report examines how OT security has moved to board-level attention as connectivity increases risk. Based on a global survey of over 700 OT professionals, the report finds improved visibility and governance but uneven maturity across organizations. Key gaps remain in segmentation, secure remote access, incident response, and regulation readiness.
read more →

Chinese APT UNC5221 uses new backdoors to persist

🛡️ Volexity researchers attribute prolonged intrusions to the Chinese espionage group UNC5221 (aka VerdantBamboo), which used the Brickstorm backdoor plus previously undocumented malware Plenet and AgentPSD to maintain access. The actor compromised an MSP and victim systems, remaining undetected for at least 18 months and returning after remediation. Plenet is a cross-platform .NET backdoor; AgentPSD is a Python reverse shell used as fallback persistence.
read more →

AI tools surge in underground ransomware marketplaces

🔍 Analysis by Halcyon shows a rapid rise in AI-based tools sold across Telegram channels, dark web forums, and underground markets, with posts increasing from 38 in December 2025 to 1,486 by February 2026. The offerings fall into four groups: weaponized LLMs, AI-enabled identity fraud, AI-augmented malware/infrastructure, and jailbroken or stolen AI services. Ransomware operations are professionalising with tiered services, automation and freemium models, lowering the skill barrier for new actors while law enforcement takedowns and better enterprise defenses remain critical.
read more →

Pre-positioned Cyber Threats Targeting FIFA 2026

🛡️ Check Point Research and Exposure Management tracked a year-long rise in coordinated cyber threats aimed at FIFA World Cup 2026. Attackers have pre-positioned infrastructure across finance, travel and hospitality, and gambling, with active domains, fake apps, and social schemes ready to scale. The report highlights escalating fraud, domain impersonation, mobile-app impersonation, B2B spoofing risks, and potential operational impacts like ransomware and DDoS.
read more →

FIFA World Cup 2026: Rising Cybercrime Threats

🛡️ FortiGuard Labs warns that cybercriminals are actively exploiting FIFA World Cup 2026 demand, registering thousands of themed domains and creating fake ticketing sites, malicious apps, and impersonation accounts to steal credentials and payments. Their research found over 13,000 new tournament-related domains and identified numerous scams across social media, underground forums, and stealer telemetry. Organizations and fans are urged to prepare early and verify official channels.
read more →

Police dismantle fake ID marketplace aiding smugglers

🔍 French and Spanish authorities dismantled an online marketplace selling counterfeit identity documents used by migrant smuggling rings across the EU. On May 27, police arrested a suspect in Alicante and seized document-production equipment and about 800 fake European IDs from an apartment rented under a false name. Europol said the platform provided forged physical and digital documents to facilitate border evasion, fraudulent residence claims, and secondary movements within the Schengen Area.
read more →

AI-Driven Cybercrime Tools Surge Over 3800%

🔍 Halcyon research reveals a dramatic rise in AI-powered cybercrime tooling across underground markets, jumping from 38 mentions in December to 1,486 in February. Cynthia Kaiser, SVP of Halcyon’s Ransomware Research Center, detailed four product categories: weaponized LLMs, AI-enabled identity fraud, AI-augmented malware/infrastructure, and jailbroken or stolen AI services. She warned that automated distribution, freemium models and redundant channels have lowered the financial barrier to entry and increased resilience against takedown efforts.
read more →

Weedhack campaign targets Minecraft players via YouTube

🛡️ McAfee Labs reports a MaaS campaign called Weedhack that has been active since January 2026, using SEO poisoning and YouTube videos to trick Minecraft users into downloading malicious JAR files. The malware chain begins with a trojanized client and leverages the Ethereum blockchain for C2 resolution, ultimately delivering remote access and information-stealing payloads. The service is offered free and as a paid tier, enabling widespread abuse, account theft, and cyberbullying against younger victims.
read more →

UK Firms Prioritise AI Threats and Preparedness

🔍 New research from ManageEngine reveals UK IT and business leaders view AI-powered cyber-attacks as their top risk over the next 12 months, with 43% identifying it as the single biggest threat. The survey of 1,500 decision-makers across five European markets shows 41% of UK respondents plan to prioritise spending on tackling AI and advanced threats. Despite strong detection rates, UK organisations report increasing incidents, skills gaps and recovery challenges, alongside rising investment in resilience and governance.
read more →

Weekly recap: PAN-OS, Gogs, GlassWorm takedown

🔔 This week's briefing highlights active exploitation of a PAN-OS GlobalProtect authentication bypass (CVE-2026-0257), a critical unauthenticated RCE in Gogs, and the coordinated takedown of GlassWorm C2 infrastructure. Other notable items include a long-standing Linux LPE (CIFSwitch) patched upstream, CERT-In urging rapid patching timelines, and several AI-enabled and supply-chain aided campaigns increasing attacker speed and reach.
read more →