All news with #threat report tag

🔒 Quorum Cyber's 2026 Global Cyber Risk Outlook for Higher Education reports a 63% rise in recorded incidents between Nov 2023–Oct 2024 and Nov 2024–Oct 2025, increasing from 260 to 425. Across 67 countries, data breaches rose 73%, hacktivism 75% and ransomware 21%. FunkSec, Cl0p, INC and Nova were the most prolific groups. The report urges intelligence-led vulnerability management, dark web monitoring, robust backups and regular incident response exercises.

🔒 Talos IR’s Q1 2026 analysis finds phishing reemerged as the top initial access vector, with public administration and health care tied as the most targeted sectors. Investigations documented abuse of AI-enabled services like Softr to build credential-harvesting pages and the first observed intrusion by Crimson Collective exploiting exposed developer secrets. Pre-ransomware activity rose but no encryptions occurred due to early mitigation. Talos emphasizes properly configured MFA, patching, and centralized logging.

⚠️ Richard Horne, CEO of the NCSC, warned at the tenth annual CYBERUK in Glasgow that the UK faces a “perfect storm” driven by rising geopolitical tensions and rapid AI-led technological change. He said nationally significant incidents remain broadly steady since the NCSC's last review, but the most serious threats now originate from nation states — notably Russia, China and Iran. The briefing urged organisations to shift from a prevention-only posture to a resilience mindset and to ensure fundamentals such as full visibility, 24/7 monitoring and correct configuration are in place.

🔒 CrowdStrike's Falcon Cloud Security delivered a 264% return on investment over three years, according to a Forrester Total Economic Impact™ study. By unifying cloud posture management and runtime protection on a single platform, organizations gained real-time cross-domain context, runtime controls, and AI-assisted triage that improved detection and response. The study quantified $13.8 million in benefits with payback in under six months and reported reductions in multicloud tooling costs, investigation time, and false positives.

🕵️ Ofcom has opened an investigation under the UK's Online Safety Act after receiving evidence that Telegram is being used to share child sexual abuse material (CSAM). The regulator says its probe followed reports from the Canadian Centre for Child Protection and its own assessment. Ofcom is also examining teen chat services Teen Chat and Chat Avenue, and has separately scrutinised X over AI-generated nonconsensual explicit content. Where breaches are found, Ofcom can seek fines up to £18 million or 10% of qualifying worldwide revenue and, in serious cases, request court orders to disrupt or block services in the UK.

🔍 An IDC Business Value study shows organizations that standardized on the CrowdStrike Falcon platform realized a 441% return on investment over three years, with average payback in four months. Interviewed customers reported replacing five tools on average, reducing false positives by 86% (from 33% to 5%), and improving security operations efficiency by 44% after consolidating telemetry and workflows on the unified platform. The study attributes these gains to automated triage, AI-assisted investigation, and reduced alert noise, which together lower operational burden and accelerate response.

🔒 Check Point Research reports that the Gentlemen ransomware-as-a-service operation has claimed over 320 victims since mid-2025, including 240 incidents in 2026, while access to a live C2 server revealed a botnet of more than 1,570 likely corporate victims. The group targets internet-facing devices (VPNs, firewalls) and can encrypt entire networks within hours, focusing on manufacturing, technology and an increasing number of healthcare organizations. Organizations should prioritize patching, MFA, segmentation, proactive detection, and reliable offline backups to reduce exposure.

🔐 The article argues that modern ransomware operates like an industry, with affiliates, suppliers, marketplaces and subscription services coordinating long before a ransom note appears. It cites the March 2024 Change Healthcare incident and disputes between affiliates and operators to illustrate franchise dynamics. It details technical enablers such as BYOVD EDR killers and emerging AI-assisted tooling, and urges defenders to map actors, tools and supply‑chain exposure rather than treat incidents as isolated break‑ins.

🚨 Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S., said it is suspending operations after reporting a $13.74 million theft it attributes to Western intelligence agencies. The company alleges the attack, which it says demonstrates unprecedented technical sophistication, stole over 1 billion rubles from user accounts on April 15, 2026. Blockchain investigators at Elliptic, TRM Labs, and Chainalysis report the funds were rapidly routed to TRON and Ethereum addresses and swapped into non‑freezable tokens, complicating asset recovery.

🔍 Cisco Talos’ Q1 2026 vulnerability pulse shows steady Known Exploited Vulnerabilities (KEVs) overall, while networking equipment comprised roughly 20% of KEV-related flaws and may rise further. Overall CVE disclosures climbed in Q1, with March being the steepest month, and Talos flagged 121 CVEs with AI relevance. The report stresses persistent patch-management gaps, growing software supply chain compromises, and a surge in abuse of the n8n automation platform where exposed webhooks are weaponized to deliver malware and fingerprint devices.

📧 In Q1 2026, Check Point Research found Microsoft was the most impersonated brand in phishing campaigns, accounting for 22% of brand impersonation attempts. Apple (11%), Google (9%), Amazon (7%) and LinkedIn (6%) followed, reflecting attackers’ focus on both enterprise and consumer ecosystems tied to identity, devices and payments. The report underscores a persistent trend: threat actors exploit trusted brands to harvest credentials and gain initial access to personal and corporate environments.

🔒 A new report from Halcyon warns that ransomware has become the fastest-growing and most disruptive cyber threat to the automotive sector, accounting for 44% of attacks on carmakers in 2025 after incidents more than doubled that year. The vendor links the surge to connected vehicle platforms, OTA update mechanisms, cloud services and insecure third-party suppliers. Recommended mitigations include patching edge devices, deploying phishing-resistant MFA, hardening EDR, maintaining immutable offline backups and enforcing supplier security requirements.

🔒 Google Threat Intelligence reports a sharp rise in data leak site (DLS) activity targeting Germany, with German victim posts growing 92% in 2025—triple the European average. Attackers have shifted focus to the digitized industrial base and the Mittelstand, exploiting mid‑tier DLS groups such as SAFEPAY and Qilin. GTI observed forum recruitment and extortion tactics traced to actors like Sarcoma. Caveats note that DLS counts often reflect failed negotiations and are one signal among many; GTI recommends proactive third‑party risk management, multifactor authentication, and endpoint hardening.

⚠️ Cisco Talos details how attackers are misusing the AI workflow automation platform n8n to run sophisticated phishing and malware campaigns. Between October 2025 and March 2026, researchers observed a sharp increase in emails containing n8n webhook URLs that serve dynamic HTML payloads and CAPTCHA-protected bait to initiate downloads. These flows mask malicious payloads behind trusted domains and have been used to deploy modified RMM tools and to fingerprint recipients. Talos urges behavioral detection, IOC sharing, and AI-enhanced email defenses to mitigate this abuse.

🔍 Talos' 2025 Year in Review documents state-sponsored activity from China, Russia, North Korea, and Iran, each pursuing different goals such as espionage, disruption, and financial gain. Despite varied motives, adversaries consistently exploit both newly disclosed and long-known vulnerabilities, and rely on identity-based access and stealthy persistence. Notable examples include rapid exploitation and web shells from China, geopolitically timed campaigns and common malware families from Russia, North Korean social-engineering and a $1.5B crypto theft, and Iran's mix of visible disruption and stealthy APT activity such as ShroudedSnooper. Defenders are urged to prioritise patching, identity security, network visibility, and hunts for long-term presence.

🛡️ Quantum computing is moving from theoretical risk to an imminent threat that undermines current cryptographic protections. Advances in algorithms and reduced qubit requirements mean timelines once measured in decades are now years, prompting Gartner in late 2025 to elevate Post-Quantum Cryptography migration to a board-level priority ahead of 2030. Organizations must inventory sensitive assets, prioritize store-now-decrypt-later risks, and begin crypto-agility planning immediately.

🔒 Vice Admiral Thomas Daum warned that hybrid attacks on Germany's critical infrastructure and Bundeswehr forces abroad have risen noticeably since 2022. At NATO's Locked Shields exercise he cited targeted intrusions against Bundeswehr data centres, alleged phone tapping of deployed personnel and disinformation campaigns in Lithuania. Authorities suspect state actors including Russia, China, Iran and North Korea, while energy firms, banks and local authorities remain at risk.

🔒 Researchers report that the JanelaRAT malware, a modified BX RAT, extensively targeted banks and financial services across Latin America, with telemetry showing 14,739 attack attempts in Brazil and 11,695 in Mexico during 2025. The trojan steals banking and cryptocurrency credentials, captures keystrokes, screenshots and system metadata, and uses custom title-bar detection to trigger actions on matched sites. Attackers shifted delivery from VBScript ZIPs to rogue MSI installers and DLL side-loading, often installing a malicious Chromium extension for persistence and data exfiltration. Vendors including Kaspersky, KPMG, and Zscaler documented multi-stage chains and robust C2 capabilities.

🔍 German authorities have identified the operator of the notorious GandCrab ransomware as Danii Shchukin, who used the aliases UNKN and Unknown and is believed to have led the GandCrab/Revi group. Europol has added Shchukin and an associate, Anatoly Kravchuk, to its most-wanted list amid allegations of organized and commercial extortion dating to 2019. German police say Shchukin is accused in 130 cases, with €1.9 million paid in 25 incidents and total economic damage estimated at €35.4 million; both suspects are believed to be in Russia but could be operating in other countries.

🔍 In March 2026, Check Point Research reported a modest moderation in global cyber attack volumes, with an average of 1,995 weekly attacks per organization — down 4% month over month and 5% year over year. Despite the dip, activity remains historically elevated, driven by automation, attack surface growth, and risks tied to cloud adoption and GenAI. The report also highlights a notable rebound in ransomware activity and continuing exposure for critical sectors.