< ciso
brief />
Tag Banner

All news with #threat report tag

542 articles · page 7 of 28

Russia Arrests Suspected Owner of LeakBase Forum in Rostov

🔒 Russian police in the Rostov region arrested a Taganrog resident accused of owning and administering the cybercrime forum LeakBase. The forum, launched in 2021 and linked to the ARES threat group, grew to over 142,000 members and was used to trade stolen databases, exploits, and illicit services. In March 2026 authorities from the FBI and 14 other countries dismantled the site during Operation Leak, seizing the domain and preserving the forum database and logs as evidence.
read more →

2025 Threat Trends: Talos and Splunk Double-Header

🔍 In this episode of Talos Takes, Amy is joined by William Largent (Cisco Talos) and Lou Stella (Splunk) for a double-header review of the newly released Cisco Talos 2025 Year in Review and the Splunk Top 50 Cybersecurity Threats. The conversation draws on Cisco telemetry, Talos original research, and Talos Incident Response engagements to move beyond headlines and identify actionable trends. Highlights include the professionalization of ransomware-as-a-service, the persistent exploitation of decade-old vulnerabilities, and practical guidance to help defenders prioritize mitigations and shrink their attack surface for the year ahead.
read more →

Coruna iOS Exploit Kit Reuses 2023 Triangulation Code

⚠️ Coruna, an iPhone exploit kit, repurposes an updated kernel exploit originally used in the 2023 Operation Triangulation campaign, according to Kaspersky. The kit targets iOS 13.0–17.2.1 devices with five full exploit chains and 23 exploits, fingerprinting Safari visitors and selecting tailored Mach-O loaders and payloads. Kaspersky warns the actively maintained, modular codebase now enables mass exploitation and broader criminal reuse, increasing risk to unpatched users.
read more →

Iran-Linked Pay2Key Ransomware Re-Emerges with Evasion

🔒 Security researchers warn that the Iran-linked Pay2Key ransomware group has re-emerged with enhanced evasion, execution and anti-forensics capabilities. A Halcyon and Beazley Security analysis of a recent US healthcare provider incident describes interactive access via TeamViewer, credential theft with Mimikatz, LaZagne and ExtPassword, and host discovery using Advanced IP Scanner and ns.exe. Operators used the AD console (dsa.msc) to blend in, deployed an SFX payload (abc.exe) to encrypt systems within three hours, and removed a 'No Defender' toolkit to hide tracks. Report authors found no clear evidence of data exfiltration and warn defenders to monitor this unpredictable, politically motivated threat.
read more →

Spammers Abuse Yandex Surveys to Host Phishing Campaigns

⚠️ Kaspersky researchers have observed threat actors abusing Yandex Surveys to host phishing content and evade email filters by leveraging the platform's legitimate domain reputation. Attackers embed fraudulent pitches and malicious links in rich-text survey blocks, add official-looking logos, then hide interface elements with invisible padding; Kaspersky Premium blocked about 2,200 such messages in January and over 32,000 in February. Recipients who follow the links land on polished giveaway pages that harvest personal data, wallet addresses, or payments.
read more →

Cloud Phones Fuel Rising Financial Fraud and Detection Gaps

📱 A new Group-IB report highlights how remote-access cloud phones — real Android devices hosted in data centres and accessed over the internet — have evolved from social-media automation into infrastructure for financial crime. Fraudsters use these devices to create and manage dropper accounts, often bypassing conventional device-based controls. Because instances present realistic hardware identifiers and sensor data, traditional fingerprinting often fails, prompting recommendations for multi-layered detection that combines device, network intelligence and behavioral analytics.
read more →

Hackers Exploit Identity Systems at Industrial Scale

🔐 The SentinelOne Annual Threat Report for 2026 warns that attackers are executing identity-based compromises at industrial scale, abusing legitimate enterprise accounts and identity systems. These intrusions often bypass or subvert MFA — including through readily available MFA-bypass kits and coercive push attacks — leaving traditional defenses blind. The report also highlights fake-persona recruitment campaigns, including deepfake-enabled interviews, and warns of administrative account takeovers that can disable MFA organization-wide.
read more →

North America Cyber Risk in 2026: Concentration and Repeat

🔍 The North America threat landscape hardened in 2025, with incidents becoming more concentrated, repeated and driven by persistent adversaries. Publicly recorded incidents were dominated by the United States, which accounted for roughly 93% of cases. The report highlights three dynamics shaping risk, including a stable, competitive extortion economy, recurring attack patterns, and predictable windows of opportunity. Organizations should expect pressure over surprise into 2026 and adjust defenses accordingly.
read more →

6 Key Trends Reshaping the Identity and Access Market

🔐 The IAM market is shifting from traditional login and MFA toward treating identity as a security control plane, driven by demand for phishing-resistant authentication and stronger governance for non-human accounts. Buyers are prioritizing FIDO2/passkeys, biometrics, and controls for service accounts, API keys, and AI agents. Regulatory change, managed services, and vendor consolidation are reshaping architectures and procurement decisions.
read more →

Global DDoS Attacks Double, Peak Volumes Soar in 2025

🛡️Gcore's semiannual Radar report found that registered DDoS attacks doubled in the second half of 2025 versus the first half, rising to about 2.25 million incidents and bringing the year total to 3.42 million. Peak attack throughput jumped to 12 Tbit/s compared with 2.2 Tbit/s in 2024. Network-layer volumetric strikes made up 82% of events—about three quarters lasting under a minute and 84% using UDP floods—while the remaining 18% were longer, targeted application-layer attacks against APIs, authentication and backend systems. Technology, financial services and gaming firms were the most frequently targeted sectors.
read more →

Tycoon2FA Phishing Service Resumes After Disruption

🔁 Tycoon2FA, a phishing-as-a-service platform disrupted by Europol and Microsoft on March 4, has returned to pre-takedown activity levels within days. CrowdStrike observed a brief decline to about 25% of normal volumes on March 4–5, 2026, before activity rebounded and cloud compromise remediations returned to early-2026 levels. The service continues to use similar TTPs targeting Microsoft 365 and Gmail, exploiting redirection, URL shorteners, and compromised domains. CrowdStrike warns that without arrests or physical seizures, operators can quickly recover and replace impacted infrastructure.
read more →

Faster Attacks and Recovery Denial Reshape Ransomware Risk

🔒 Mandiant's M‑Trends 2026 report, released at the RSA Conference, finds attackers compressing attack timelines, collaborating more, and increasingly targeting the systems organizations rely on for recovery. Hand-offs between initial access and secondary operators now occur in seconds, voice-based social engineering and token harvesting are on the rise, and ransomware actors emphasize recovery denial by attacking backups, identity, and virtualization control planes. The report urges faster triage, behavioral detection, stronger identity governance, and expanded telemetry to reduce dwell time and mitigate impact.
read more →

High-Tech Sector Becomes Top Cyberattack Target in 2025

🔍 Mandiant's M-Trends 2026 report finds the high-tech sector overtook finance as the most targeted industry in 2025, accounting for 17% of incident response investigations. The report also records a global median dwell time increase to 14 days and highlights widespread adoption of the ClickFix social-engineering technique. Analysts observed a surge in vishing and a strategic ransomware shift toward deliberate recovery denial, with attackers specifically targeting backups, identity services and virtualization management planes.
read more →

Varonis Atlas: End-to-End AI Security for Enterprises

🔒 Varonis today announced general availability of Varonis Atlas, an end-to-end AI security platform that discovers, assesses, tests, and enforces controls across AI systems and the data they access. The platform integrates AI inventory, AI-SPM, pentesting, runtime guardrails, monitoring, AIDR, and third-party risk into a single solution built on the Varonis Data Security Platform. Atlas emphasizes data-aware security, customer-owned telemetry, and compliance reporting to help enterprises govern AI at scale.
read more →

M-Trends 2026 — Data, Insights, and Response Guidance

🔒 M-Trends 2026 synthesizes findings from over 500,000 hours of Mandiant incident response in 2025 to profile evolving adversary tactics, techniques, and procedures and highlight defender gaps. The report calls out rising median dwell time, a collapse in the hand-off window between initial access brokers and secondary operators, and a shift toward voice phishing and edge-device persistence. It concludes with prioritized recommendations to strengthen identity controls, isolate critical control planes, extend telemetry retention, and adopt behavior-based detection.
read more →

Beers with Talos Breaks Down 2025 Year in Review Highlights

🔍 The Beers with Talos B team (Hazel, Bill, Joe and Dave) reviews the 2025 Talos Year in Review and highlights the most consequential cyber trends of the year. They discuss the rapid weaponization of newly disclosed vulnerabilities, widespread identity abuse, evolving ransomware tactics, and a notable rise in APT investigations. The conversation also addresses cyber activity tied to the situation in the Middle East and offers practical priorities for defenders heading into the coming year.
read more →

2025 Talos Year in Review — Speed, Scale, Staying Power

🔍 Cisco Talos’ 2025 Year in Review analyzes how adversaries increased the speed and scale of operations, creating sustained pressure on defenders. The report highlights three central themes: rapid exploitation of both newly disclosed and long-standing CVEs, attackers targeting the architecture of trust (identity and device controls), and deliberate focus on centralized systems and shared frameworks to amplify impact. Talos emphasizes prioritized mitigations—timely patching, stronger identity controls, and resilience for shared components—and directs readers to the full, ungated report for detailed telemetry and actionable guidance.
read more →

FBI: Handala Hackers Use Telegram for Malware C2 Operations

🔐 The FBI warns that Iranian-linked actors, including Handala and a state-associated Homeland Justice group, are using Telegram as command-and-control infrastructure in Windows malware campaigns. Attackers employ social engineering to install malware that exfiltrates screenshots and files from journalists, dissidents, and opposition groups worldwide. The alert followed the seizure of four clearnet domains and references prior disruptive operations such as Handala's attack on Stryker.
read more →

Behavioral XDR, Threat Intel Nab North Korean Fake Hire

🔎 Behavioral analytics and threat intelligence combined to identify a suspected North Korea-linked fake IT worker within 10 days of hire. LevelBlue SpiderLabs and Cybereason XDR flagged geolocation anomalies, unmanaged device access, and use of Astrill VPN, triggering a high-severity alert and timely account revocation. Organizations should enforce EntraID Conditional Access, manage endpoints, and maintain software baselines to detect such insider threats.
read more →

Insider Threats Surge as AI and Remote Work Expand Risk

🚨 Insider threats are rising again: the Mimecast State of Human Risk Report found 42% of organizations saw increases in both malicious and negligent insider incidents, with an average of six insider-driven incidents per month at an estimated cost of $13.1 million per incident. Two-thirds of surveyed IT leaders expect insider-related data loss to grow over the next 12 months. Experts warn the insider perimeter now includes contractors, fraudulent hires, and AI agents, and they recommend adaptive, behavior-driven controls, coordinated legal/HR response plans, and extending protections to nonhuman identities to reduce risk.
read more →