All news with #threat report tag

🤖 Generative AI remains the dominant force shaping enterprise security priorities, but the initial hype is giving way to more measured ROI scrutiny and operational caution. Analysts say gen AI is entering a trough of disillusionment even as vendors roll out agentic AI offerings for autonomous threat detection and response. The article highlights rising risks — from model theft and data poisoning to AI-enabled vishing — along with brisk M&A activity, a shift to identity-centric defenses, and growing demand for specialized cyber roles.

🔒 Cisco Talos finds abuses of remote access software and services are the most common pre-ransomware indicator, with threat actors leveraging legitimate tools such as RDP, PsExec, PowerShell and remote-support apps like AnyDesk and Microsoft Quick Assist. The report highlights credential dumping (for example, Mimikatz) and network discovery as other frequent TTPs. It recommends rapid response, MFA, application allowlisting and enhanced endpoint monitoring to limit ransomware execution.

🔒 Secure Access Service Edge (SASE) combines networking and security into a unified, cloud-delivered platform designed for the realities of remote and hybrid work. With nearly half of knowledge workers operating remotely or in hybrid models and many organizations adopting cloud apps and distributed branches, traditional perimeter-based models are no longer sufficient. SASE addresses distributed access, policy consistency, and simplified management while reducing attack surface and operational complexity.

🛡️Social engineering remains the favoured vector as attackers combine psychological manipulation with accessible AI tools to target high-value corporate roles. Recent incidents show sophisticated pretexting, voice cloning and mass email flooding used to create urgency and extract funds or credentials. Fraudsters increasingly exploit collaboration platforms such as Microsoft Teams and legitimate utilities like Quick Assist to appear trustworthy and gain remote control. Organizations should harden collaboration settings, enforce conditional access and MFA, and reduce privilege scope to limit the blast radius of any compromise.

🔒 Researchers at Check Point report a 56% year-over-year increase in cyberattacks against German educational institutions as the new school year begins, well above the global average. Analysts observed targeted phishing campaigns, including an August 2025 scheme that redirected victims to fake university and Outlook login pages to harvest credentials. To mitigate risk, experts recommend targeted phishing awareness training, mandatory multi-factor authentication (MFA), early detection of suspicious domains, regular system updates and deployment of modern threat-prevention solutions as part of a preventive, multi-layered security strategy.

📊 Nearly two-thirds (61%) of US firms experienced insider data breaches in the past two years, according to a new OPSWAT report conducted by the Ponemon Institute. Affected organizations reported an average of eight unauthorized file-access incidents and an average financial impact of $2.7m per organization. Respondents identified file storage and web file transfers as the riskiest environments for data loss. The study also found mixed approaches to generative AI—29% have banned it, 25% have formal policies, and 33% already include AI in file security strategies.

🛡️ Cybersecurity leaders say board engagement is essential, but many CISOs—particularly in small and mid‑market organizations—report minimal or no access to full boards, according to a 2025 report from IANS and Artico Search. That lack of access strongly correlates with job dissatisfaction and short tenures. Experts recommend strengthening C‑suite relationships and framing cyber risk in business terms to secure board support.

🚗 A recent survey of 200 German automotive cybersecurity experts and IT decision-makers shows 75% of companies rate the threat from cyberattacks as high or very high. Respondents identified cloud security gaps (19.5%) and ransomware/malware (19%) as the leading concerns, while data breaches (16.5%), AI-based attack scenarios (14.5%) and connected-vehicle vulnerabilities (14%) followed. Fewer than half of firms (47%) express confidence in their defenses, and many plan investments in threat detection, AI-driven analytics and security training.

🛡️A new campaign used malicious npm packages to hide command-and-control URLs inside Ethereum smart contracts, evading typical static detection. ReversingLabs researcher Karlo Zanki uncovered packages colortoolsv2 and mimelib2 that delivered second-stage payloads via blockchain-held URLs. The threat also included fake GitHub projects, such as solana-trading-bot-v2, built to appear legitimate. Developers are urged to vet dependencies and maintainers beyond superficial metrics.

📍 Geolocation data from smartphones, apps and IPs can be weaponized by threat actors to launch precise, geographically targeted attacks such as localized phishing and malware activation. These attacks can act as "floating zero days," remaining dormant until they reach a specific location, as seen with Stuxnet and modern campaigns like Astaroth. Organizations should adopt multilayered defenses — robust endpoint detection, decoys, location baselines and stronger multi-factor verification — to mitigate this evolving threat.

🔐According to an Accenture report, 88% of security leaders say they face significant difficulties implementing Zero Trust, and 80% cannot effectively protect cyber-physical systems. Other industry studies show mixed adoption—Gartner found 63% with full or partial strategies in 2024, while Entrust reports Germany lags at 53%. Experts point to divergent definitions, legacy systems, cultural resistance to the never trust, always verify model, poor visibility into data flows, and misaligned incentives as core obstacles; many argue the effort is strategic, lengthy, and requires top-down leadership.

🛡️ Researchers at S2 Grupo’s LAB52 disclosed NotDoor, a VBA-based Outlook backdoor attributed to Russia-backed APT28 that monitors incoming mail for trigger phrases to exfiltrate data, upload files and execute arbitrary commands. The malware abuses Outlook event-driven macros, employs DLL side-loading via a signed OneDrive.exe to load a malicious SSPICLI.dll, and persists by disabling security prompts and enabling macros. Organizations are advised to disable macros by default, monitor Outlook activity and inspect email-based triggers.

🔍 Silent Push uncovered an extensive IPTV piracy operation spanning more than 1,100 domains and over 10,000 IP addresses that has reportedly operated for several years. The investigation links the network to hosting firms XuiOne and Tiyansoft and identifies Nabi Neamati as a central operator. The infrastructure served unlicensed streams for major brands and sports leagues, and users face risks including fraud, identity theft and malware. Silent Push will present detailed findings in a webinar on 23 September 2025.

⚠️ HexStrike AI, an open-source AI-driven offensive security platform, is being tested by threat actors to exploit recently disclosed vulnerabilities. Check Point reports criminals claim success exploiting Citrix NetScaler flaws and are advertising flagged instances for sale. The tool's automation and retry capabilities can shorten the window to mass exploitation; immediate action is to patch and harden systems.

🛡️ Cloudflare said it automatically mitigated a record-setting volumetric DDoS attack that peaked at 11.5 Tbps and reached 5.1 billion packets per second; the UDP flood lasted roughly 35 seconds and reportedly originated largely from Google Cloud. The company reported it has autonomously blocked hundreds of hyper‑volumetric L3/4 attacks in recent weeks, underscoring a sharp surge in such events. Security researchers warn these massive traffic floods can be used as a smoke screen for follow-on targeted exploits.

🔒 Intrinsec reports that Ukraine-based autonomous system FDN3 (AS211736) conducted widespread brute-force and password-spraying campaigns targeting SSL VPN and RDP endpoints between June and July 2025, with activity peaking July 6–8. The firm links FDN3 to two other Ukrainian ASes (AS61432, AS210950) and a Seychelles operator (AS210848) that frequently exchange IPv4 prefixes to evade blocklisting. Intrinsec highlights ties to bulletproof hosting providers and a Russian-associated Alex Host LLC, stressing that offshore peering arrangements complicate attribution and takedown efforts.

🚨 Check Point attributes a BYOVD campaign to the Silver Fox actor that leverages a Microsoft-signed WatchDog kernel driver (amsdk.sys v1.0.600) to neutralize endpoint defenses. The operation uses a dual-driver approach—an older Zemana-based driver on Windows 7 and the WatchDog driver on Windows 10/11—to terminate processes and escalate privileges. An all-in-one loader bundles anti-analysis checks, embedded drivers, AV-killer logic, and a ValleyRAT downloader to establish persistent remote access.

🤖 Cloudflare's mid‑2025 dataset shows AI training crawlers now account for nearly 80% of AI bot activity, driving a surge in crawling while sending far fewer human referrals. Google referrals to news sites fell sharply in March–April 2025 as AI Overviews and Gemini upgrades reduced click-throughs. OpenAI’s GPTBot and Anthropic’s ClaudeBot increased crawling share while ByteDance’s Bytespider declined. The resulting crawl-to-refer imbalance — tens of thousands of crawls per human click for some platforms — threatens publisher revenue.

🤖 Anthropic's Threat Intelligence Report says the developer tool Claude Code was abused to breach networks and exfiltrate data, targeting 17 organizations last month, including healthcare providers. Security vendor ESET published a proof-of-concept AI ransomware, PromptLock, illustrating how public AI tools could amplify threats. Experts recommend red-teaming, prompt-injection defenses, DNS monitoring, and isolation of critical systems.

🔐 Recorded Future’s Insikt Group reports that 53% of attributed vulnerability exploits in H1 2025 were carried out by state-sponsored actors, driven largely by geopolitical aims such as espionage and surveillance. Chinese-linked groups accounted for the largest share, with UNC5221 exploiting numerous flaws—often in Ivanti products. The study found 161 exploited CVEs, 69% of which required no authentication and 48% were remotely exploitable. It also highlights the rise of social-engineering techniques like ClickFix and increasing EDR-evasion methods used by ransomware actors.