< ciso
brief />
Tag Banner

All news with #threat report tag

542 articles · page 6 of 28

World Quantum Day 2026: Preparing for PQC Migration

🛡️ Quantum computing is moving from theoretical risk to an imminent threat that undermines current cryptographic protections. Advances in algorithms and reduced qubit requirements mean timelines once measured in decades are now years, prompting Gartner in late 2025 to elevate Post-Quantum Cryptography migration to a board-level priority ahead of 2030. Organizations must inventory sensitive assets, prioritize store-now-decrypt-later risks, and begin crypto-agility planning immediately.
read more →

German military warns: Hybrid attacks on infrastructure

🔒 Vice Admiral Thomas Daum warned that hybrid attacks on Germany's critical infrastructure and Bundeswehr forces abroad have risen noticeably since 2022. At NATO's Locked Shields exercise he cited targeted intrusions against Bundeswehr data centres, alleged phone tapping of deployed personnel and disinformation campaigns in Lithuania. Authorities suspect state actors including Russia, China, Iran and North Korea, while energy firms, banks and local authorities remain at risk.
read more →

JanelaRAT Targets Latin American Banks, 14,739 Hits

🔒 Researchers report that the JanelaRAT malware, a modified BX RAT, extensively targeted banks and financial services across Latin America, with telemetry showing 14,739 attack attempts in Brazil and 11,695 in Mexico during 2025. The trojan steals banking and cryptocurrency credentials, captures keystrokes, screenshots and system metadata, and uses custom title-bar detection to trigger actions on matched sites. Attackers shifted delivery from VBScript ZIPs to rogue MSI installers and DLL side-loading, often installing a malicious Chromium extension for persistence and data exfiltration. Vendors including Kaspersky, KPMG, and Zscaler documented multi-stage chains and robust C2 capabilities.
read more →

German police identify GandCrab leader on Europol list

🔍 German authorities have identified the operator of the notorious GandCrab ransomware as Danii Shchukin, who used the aliases UNKN and Unknown and is believed to have led the GandCrab/Revi group. Europol has added Shchukin and an associate, Anatoly Kravchuk, to its most-wanted list amid allegations of organized and commercial extortion dating to 2019. German police say Shchukin is accused in 130 cases, with €1.9 million paid in 25 incidents and total economic damage estimated at €35.4 million; both suspects are believed to be in Russia but could be operating in other countries.
read more →

March 2026 Cyber Threat Landscape: Ransomware Rebounds

🔍 In March 2026, Check Point Research reported a modest moderation in global cyber attack volumes, with an average of 1,995 weekly attacks per organization — down 4% month over month and 5% year over year. Despite the dip, activity remains historically elevated, driven by automation, attack surface growth, and risks tied to cloud adoption and GenAI. The report also highlights a notable rebound in ransomware activity and continuing exposure for critical sectors.
read more →

Talos Takes: 2025 Ransomware Trends and Vulnerabilities

🔒 Talos analysts Amy Ciminnisi and Pierre Cadieux review the ransomware and vulnerability patterns that shaped 2025. They emphasize persistent campaigns against the manufacturing sector, increased targeting of management infrastructure, and the rise of stealthy living-off-the-land techniques that evade traditional controls. The hosts explain how to spot the difference between a system administrator and a threat actor and outline steps organizations can take to move beyond reactive defenses toward a more resilient, proactive security posture.
read more →

FBI: Over $17.7bn Lost to Cyber Fraud in US During 2025

🛡️ The FBI's 2025 Internet Crime Report shows US victims lost more than $17.7 billion to internet-enabled fraud, with the Internet Crime Complaint Center (IC3) receiving over one million complaints in 2025. Cryptocurrency investment scams were the single largest source of financial loss at $7.2 billion, followed by Business Email Compromise and fake tech support schemes. The report also highlights nearly $893 million lost to AI-enabled fraud and 22,364 AI-related complaints, warning that synthetic content and deepfakes are increasingly abused to perpetrate scams.
read more →

Talos 2025 Review: Rapid Exploits and Legacy Risks

🔍 Talos' 2025 Year in Review highlights a marked shift in attacker behavior driven by both newly disclosed flaws and long-entrenched components. In the final weeks of 2025 React/React2Shell surged to the top of exploit activity, followed by legacy targets such as PHPUnit and Log4j. Agentic AI accelerated the creation and deployment of proofs-of-concept and exploit kits, dramatically reducing attacker time-to-exploit. Talos urges organizations to prioritize identity-adjacent systems and management planes for patching and mitigation.
read more →

BKA Identifies REvil Leaders Behind 130 Attacks in Germany

🕵️ Germany's Federal Criminal Police Office (BKA) has named the alleged primary operators of the REvil (aka Sodinokibi) ransomware ring as Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk. Shchukin, widely known by aliases including UNKN and Oneiilk2, is accused of acting as a group leader while Kravchuk is alleged to have served as a developer. The BKA links the two to 130 attacks in Germany, €1.9 million in paid ransoms across 25 cases, and total losses exceeding €35.4 million, situating the announcement within earlier international actions that disrupted REvil.
read more →

Key cyber industry trends from RSA Conference 2026

🤖 RSA 2026 highlighted a rapid, industry-wide shift toward AI-driven security, with CISOs clustering into three archetypes—proactive, curious/confused, and blissfully ignorant. Vendors stressed the need to build AI foundations (data/context engines, control planes, execution layers) and then layer agents atop them. Microsoft, legacy security vendors, and AI-native startups all showcased approaches, while pricing, governance, and evolving threats remain open challenges.
read more →

Talos 2025 Year in Review: Identity, AI, and Speed

🔒 The Cisco Talos 2025 Year in Review, discussed by Christopher Marshall and Peter Bailey, highlights accelerating attacker speed and a shift toward identity as the primary battleground. The report shows rapid weaponization of new flaws alongside persistent exploitation of legacy, end-of-life infrastructure, and a sharp rise in fraudulent device registration. Defenders are urged to prioritize identity controls, visibility, lifecycle discipline, and secure AI governance to keep pace.
read more →

Most UK CNI Firms Face Up to £5m OT Downtime Costs

🔒 A survey by e2e-assure of 250 UK critical national infrastructure (CNI) cybersecurity decision-makers found 80% of organisations expect operational technology (OT) downtime costs between £100,000 and £5m, with 23% reporting incidents exceeding £1m and 6% above £5m. Nearly two-thirds said they fear nation-state attacks, and the vendor warned attackers commonly pivot from IT into exposed OT environments. Respondents also highlighted limited OT visibility and supply-chain risks that hinder detection, response and remediation efforts.
read more →

CERT-UA Impersonation Campaign Distributes AGEWHEEZE RAT

📢 CERT-UA disclosed a phishing campaign in which attackers impersonated the agency to distribute a remote access trojan, AGEWHEEZE, via a password-protected ZIP hosted on Files.fm sent March 26–27, 2026. Emails, some originating from incidents@cert-ua.tech, targeted state bodies, medical centers, security firms, educational institutions, financial organizations and developers, urging installation of a purported "protection tool." The Go-based RAT communicates with 54.36.237.92 over WebSockets, supports extensive remote commands and persistence mechanisms, but CERT-UA reports only a handful of personal device infections and provided remediation assistance.
read more →

Legitimate Access Drives Modern Intrusions, Report Says

🔐 Blackpoint Cyber's 2026 Annual Threat Report finds that routine, legitimate access paths — not software exploits — increasingly enable intrusions. Across thousands of 2025 investigations, SSL VPN abuse (32.8%) and misuse of legitimate RMM tools (30.3%) were dominant initial access vectors, with ScreenConnect implicated in most rogue RMM cases. Social-engineering campaigns such as fake CAPTCHA and ClickFix-style prompts drove 57.5% of incidents, while Adversary-in-the-Middle phishing facilitated session reuse after MFA in about 16% of cloud compromises. The report urges treating remote access as high-risk and strengthening inventories, installation controls, and conditional access to reduce these blended, legitimate-looking intrusions.
read more →

Google VRP 2025 Year in Review: Growth and Milestones

🛡️ In 2025 Google’s Vulnerability Reward Program (VRP) celebrated its 15th anniversary and awarded over $17 million to more than 700 researchers worldwide — a 40%+ increase versus 2024. The year introduced a standalone AI VRP, extended Chrome rewards for AI features, and launched a patch rewards program for OSV-SCALIBR. Multiple bugSWAT events and the ESCAL8 conference generated hundreds of reports and significant payouts. Google reaffirms its commitment to collaboration, transparency, and continued events in 2026.
read more →

Axios supply-chain compromise adds malicious dependency

⚠️ Google Threat Intelligence Group (GTIG) observed a supply-chain attack on 2026-03-31 where attackers introduced a malicious dependency, plain-crypto-js, into legitimate axios releases (1.14.1 and 0.30.4). The package contains an obfuscated Node.js dropper (SILKBELL) that installs the multi-platform WAVESHAPER.V2 backdoor on Windows, macOS, and Linux. GTIG attributes the activity to UNC1069 and publishes IOCs and remediation steps for affected developers and organizations.
read more →

Phantom Stealer: .NET Infostealer Hits European Firms

🔍Phantom Stealer, a .NET-based infostealer sold as part of a commercial cybercrime toolkit, harvests browser credentials, cookies, saved passwords, autofill and payment card details as well as messaging and email session data from infected systems. Group-IB observed a sustained phishing campaign between November 2025 and January 2026 that targeted logistics, manufacturing and technology organizations across Europe in five waves. Emails impersonated an equipment trading company and carried archive attachments with obfuscated JavaScript droppers or malicious executables. Indicators such as SPF failures, missing DKIM, reused templates and consistent spelling mistakes pointed to automated, template-driven stealer-as-a-service activity, with stolen data exfiltrated via messaging platforms, SMTP and FTP.
read more →

Espionage Campaigns Targeting Southeast Asian Government

🔎 Unit 42 identified converging cyberespionage clusters that targeted a Southeast Asian government between June and August 2025. The investigation found three simultaneous activity clusters—Stately Taurus, CL-STA-1048, and CL-STA-1049—using USB-propagated worms, multiple RATs, and stealthy loaders to establish persistent access and exfiltrate data. Unit 42 links tooling and TTPs to China-aligned actors and recommends layered defenses including Cortex XDR and Advanced WildFire.
read more →

Talos Year in Review: Identity, Vulnerabilities, and Trends

🔒 The Talos 2025 Year in Review synthesizes Cisco telemetry, incident response cases, and Talos research into a free, cross‑functional report highlighting identity-focused attacks, supply‑chain risks, and phishing trends. Key findings include React2Shell as the most targeted CVE, ToolShell ranking third, and Qilin as the dominant ransomware variant. The report warns that attackers increasingly compromise network infrastructure — especially ADCs and management platforms — to bypass MFA and escalate across environments, and recommends prioritizing patching and treating these devices as identity control points.
read more →

AI Named Top Cybersecurity Priority as Threats Rise

🔒 A PwC report finds AI is now the top cybersecurity investment priority for defenders as criminals rapidly weaponize generative models. The firm's Annual Threat Dynamics 2026 study warns adversaries are using AI to accelerate malware development, automate reconnaissance and scale social engineering, including via dark‑web LLMs. PwC cites agentic tools like ReaperAI being repurposed in real campaigns, but also stresses that AI can empower defenders with faster detection, automated containment and intelligence‑led decision‑making when embedded into security strategies.
read more →