< ciso
brief />
Tag Banner

All news with #threat report tag

542 articles · page 3 of 28

DDoS-as-a-Service: Evolution of a Paid Market

🔍 DDoS attacks are increasingly packaged and sold as polished online services, lowering barriers for would-be attackers and reshaping the underground market. Flare researchers compared DDoS-related underground activity from early 2023 and early 2026, finding a marked rise in service ads, actors, and professionalized offerings. Ads now emphasize panels, APIs, botnet backing, pricing tiers, and reseller programs, while public mitigations report multi-terabit attacks. The market’s shift toward productized services means defenders must assume easier access to disruptive capabilities.
read more →

ThreatsDay bulletin: emerging cloud, supply chain risks

📰 This ThreatsDay roundup highlights widespread C2 infrastructure, supply-chain trojanization, exploitation trends, and emerging AI security features. It covers a large regional C2 footprint in the Middle East, an AKS privilege escalation fix, a DAEMON Tools supply-chain compromise added to CISA's KEV, and Apple’s PQC code disclosures. The bulletin also details law firm targeting by SRG, fake installers spreading a Deno RAT, PureLogs phishing, and a spike in DACH cyberattacks.
read more →

ESET APT Activity Report Q4 2025–Q1 2026

📄 ESET summarizes notable APT activity observed between October 2025 and March 2026, highlighting China-, Iran-, North Korea-, and Russia-aligned operations alongside unattributed clusters. The report illustrates geopolitical drivers behind campaigns, describes new tooling and supply-chain compromises such as a trojanized axios package, and notes destructive incidents impacting critical infrastructure. ESET confirms protections by its products and notes the report reflects a subset of its Threat Intelligence.
read more →

Data-Only Extortion Rising in the Cyber Threat Economy

🔍 This Unit 42 report examines the growing shift from ransomware encryption to data-theft and extortion-only attacks, profiling threat actors, techniques, and sectors most affected. It highlights drivers such as improved backups, faster exfiltration, and regulatory pressures that make disclosure risk financially coercive. The briefing also warns of AI-accelerated attacks and offers prioritized defensive recommendations for DLP, SaaS posture, identity resilience, supply chain integrity, and AI preparedness.
read more →

FBI 2025 Internet Crime Report Highlights and Trends

📰 The FBI's 2025 Internet Crime Report has been published, offering a range of statistics and findings on cybercrime trends. The author notes they only recently became aware of the report and references associated press releases and news articles. The post, dated May 27, 2026, points readers to additional coverage and commentary on the report's contents.
read more →

Fraud Schemes Target Formula 1 Fans Worldwide

🚨 A Bitdefender report warns that cybercriminals have built extensive ecosystems to scam Formula 1 fans, exploiting the sport’s fast-moving digital culture. Scams include counterfeit merchandise, fake grand prix tickets, illegal streaming apps and boxes, social media fraud and distribution of infostealer malware. Fans may also be coerced into botnets for DDoS attacks. Bitdefender urges vigilance and recommends anti-phishing and antivirus tools to reduce risk.
read more →

AI-Enabled Attacks Shift from Labs to Live Threats

🛡️ Check Point Research’s March–April 2026 Threat Landscape Digest documents that AI-powered attacks have moved from experimental and state-sponsored exercises into routine criminal deployment. The report details a campaign in Mexico where a single operator used commercial AI to compromise nine government agencies, leveraging persistent jailbreaks, weaponized agent configuration files, and commodified attack platforms like EvilTokens. It warns that stolen AI provider keys, rapid exploit timelines, and shadow AI use create urgent operational and supply-chain risks for organizations.
read more →

ThreatsDay bulletin: evolving threats and trends

🛡️ This week's ThreatsDay bulletin highlights a string of notable cybersecurity developments, from 47 zero-day exploits revealed at Pwn2Own Berlin 2026 to active Linux rootkit evolution. It summarizes warnings about agentic AI, targeted intrusions using AI agents, and advisories on token and dependency leaks. The report also covers nation-state tensions, ransomware activity, encrypted communications, and campaigns abusing identity recovery flows.
read more →

Verizon DBIR: Exploitation Replaces Credential Abuse

🔍 Verizon's latest DBIR reports that vulnerability exploitation has become the top initial access vector, accounting for 31% of breaches compared with 13% for credential abuse. The study links this shift to slower patching—only 26% of CISA KEV critical flaws were fully remediated—and a larger backlog of critical vulnerabilities. It also warns that threat actors may be using AI to scale discovery and exploitation, and highlights rising supply-chain incidents, increased shadow AI adoption, and persistent human-factor risks.
read more →

DACH Threats 2025: Hacktivism and Ransomware Surge

🔍 Check Point found a 124% rise in hacktivism and ransomware across Germany, Austria, and Switzerland in 2025, with Germany accounting for roughly 82% of incidents. Defacement and DDoS drove the volume—66% of events—while ransomware comprised nearly 30%, led by Akira, Qilin, and Safepay. The report highlights identity weaknesses, exposed remote services, and insufficient patching as primary enablers, and recommends MFA, patch discipline, credential monitoring, and reduced public attack surface.
read more →

Pwn2Own Berlin 2026: $1.3M Awarded for 47 Zero-Days

🔒 At Pwn2Own Berlin (May 14–16), researchers uncovered 47 zero-day vulnerabilities and shared almost $1.3 million in prize money, with Devcore taking $505,000. The enterprise-focused competition targeted AI databases, coding agents, LLM toolchains and NVIDIA products. Notable wins included exploits against VMware ESXi, Microsoft Exchange, SharePoint and a sandbox escape on Microsoft Edge. ZDI will disclose the findings to vendors, who have 90 days to patch.
read more →

Tycoon2FA Uses Device-Code Phishing to Hijack M365 Accounts

🔐 The Tycoon2FA phishing kit now exploits OAuth device-code flows and misuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. eSentire found the kit rebuilt after a March takedown, adding obfuscation layers, a 230-vendor blocklist, and extensive anti-analysis checks to evade detection. Attackers trick victims into pasting device codes at microsoft.com/devicelogin, granting OAuth tokens and full access to email, calendar and cloud storage.
read more →

Ransomware Escalates: Rising Risk of Physical Threats

🔒 Ransomware campaigns are increasingly paired with explicit threats of physical harm, with a Semperis study finding 40% of incidents involved intimidation and 46% in the US. Reported tactics include threatening notes left at homes, phone calls reciting staff addresses and identity details, and extortionists recruiting local actors to carry out violence. The FBI and vendors warn of a growing pattern — described as violence-as-a-service — and advise organisations to treat employee data as critically sensitive and update incident response plans to manage physical-threat scenarios.
read more →

April 2026 Cyber Threats Spike: Ransomware and GenAI Risks

📈 April 2026 saw a sharp rebound in global cyber activity, with organizations averaging 2,201 weekly attacks — a 10% month‑over‑month rise and 8% year‑over‑year. Check Point Research attributes the surge to automation, expanded cloud and GenAI exposures and attackers exploiting larger digital footprints. Education, Government and Telecommunications were among the hardest hit. Ransomware incidents and GenAI data leakage risks intensified across regions.
read more →

AI-Developed Zero-Day Used in First Known Exploitation

🛡️ Google disclosed detection of an unknown threat actor using a zero-day exploit likely developed with an AI model, marking the first observed malicious application of AI for vulnerability discovery and exploit generation. GTIG said the exploit was a Python script implementing a 2FA bypass in a widely used open-source web administration tool and contained hallmarks of LLM-generated code. Google worked with the vendor to patch the flaw, disabled malicious assets, and linked the activity to a broader set of AI-enabled abuse campaigns including the Android backdoor PromptSpy.
read more →

TrickMo C Moves Android C2 to TON Blockchain Network

📡 ThreatFabric has identified a new Android banking trojan variant, TrickMo C, that shifts its command-and-control channel into The Open Network (TON) blockchain by resolving operator endpoints as .adnl identities. The malicious APK embeds a native TON proxy and routes its HTTP client through a loopback port, while any remaining clearnet queries are sent via DNS-over-HTTPS. This design makes conventional domain takedowns ineffective and helps conceal malicious traffic as legitimate TON application activity.
read more →

Fake Claude Code Installer Steals Browser Credentials

🔒 Ontinue detailed a campaign distributing a previously undocumented information stealer via fake Claude Code install pages that hijack Chromium browsers to bypass App-Bound Encryption and exfiltrate cookies, passwords and payment data from developer workstations. The lure substituted the canonical Anthropic host for an attacker-controlled domain while /install.ps1 returned a verbatim genuine installer, letting automated scanners see benign PowerShell. A native helper is reflectively injected into browser processes to invoke the IElevator2 COM interface and extract encryption keys, while the PowerShell layer handles persistence, collection and C2 communications. Defenders are urged to enforce constrained PowerShell, enable script block logging and block newly registered domains.
read more →

AI-Driven Exploitation: Evolving Threats and Access Risks

🔍 Google Threat Intelligence Group (GTIG) reports a rapid shift from nascent AI-enabled operations to industrial-scale use of generative models by threat actors. Based on Mandiant incident response, Gemini telemetry, and GTIG research, the report documents AI-assisted zero-day exploit development, autonomous malware like PROMPTSPY, and advanced obfuscation techniques. It highlights supply chain targeting of AI environments, anonymized premium LLM access, and specific interest from PRC- and DPRK-linked clusters. The report also outlines mitigations and defensive AI uses.
read more →

AI-Enabled Attack: First Recorded AI-Driven Zero-Day

🔍 Google’s Threat Intelligence Group (GTIG) reports the first observed case of cybercriminals using AI to discover and weaponize a zero-day, targeting a popular open-source web-based system administration tool to bypass two-factor authentication. GTIG worked with the vendor to close the flaw and disrupt the campaign. Forensic analysis of the Python exploit showed AI-like traits—structured docstrings, Pythonic formatting, and a hallucinated CVSS score. Google noted the attackers did not use Gemini or Anthropic Mythos.
read more →

Q1 2026 Ransomware: Fewer Groups, Greater Risk Worldwide

🔒 Check Point Research's Q1 2026 report finds ransomware volume near historic highs while activity consolidates around a smaller set of dominant groups. The top 10 operators now claim 71% of victims, led by Qilin, The Gentlemen, and LockBit. Consolidation raises individual incident impact and shifts attacker geography and target patterns. Defenders should prioritize prevention, exposure management, and network/cloud access controls to limit exploitation.
read more →