< ciso
brief />
Tag Banner

All news with #threat report tag

542 articles · page 9 of 28

Cyber-Attacks on UK Firms Rise Nearly Fourfold YoY

📈 The February 2026 Check Point Global Threat Intelligence report found UK organisations saw fewer weekly attacks per organisation (1,504) than the global average (2,086), but a 36% year‑on‑year increase — nearly four times the global 9.8% rise. Education, energy & utilities, government, healthcare and financial services were among the most frequently targeted UK sectors. Ransomware remained acute, with 49 active groups and a plurality of victims attributed to Qilin, Clop and The Gentlemen. The report also warned that widespread, unmanaged GenAI use is elevating inadvertent data‑exposure risk, with one in 31 prompts judged high risk.
read more →

ESET Threat Intelligence Emerges as Strategic Game-Changer

🔍 ESET positions its threat intelligence and telemetry as essential tools for organizations facing increasingly sophisticated cyber threats, including AI-enabled attacks and convincing deepfakes. ESET Telemetry reports a 12% decline in overall detections in India (Jan–Aug 2025), but ransomware surged 70% from H2 2024 to H1 2025 and phishing remains the most common vector. The vendor bundles endpoint, XDR, identity protection, MDR, and analyst-driven APT reporting to help CIOs and CISOs stay ahead.
read more →

KadNap Botnet Hijacks Edge Routers Using DHT P2P Network

🛡️ Cybersecurity researchers at Black Lotus Labs have identified a novel malware family, KadNap, that has infected over 14,000 edge devices — primarily Asus routers — since first observed in August 2025. KadNap uses a custom Kademlia-based DHT to conceal its control infrastructure and build a resilient peer-to-peer botnet. Infected devices are being offered as resident proxies by a service named Doppelgänger, complicating attribution and abuse tracking.
read more →

Cloud Threat Horizons: Emerging Cloud Exploitation Risk

⚠️ The Cloud Threat Horizons report from Google Cloud's Office of the CISO warns that AI-assisted exploitation has compressed the window from vulnerability disclosure to active attacks from weeks to days. In H2 2025, third-party software flaws became the leading initial access vector, surpassing weak credentials. The report urges automated defenses, identity-based controls, and tamper-resistant logging to improve forensic readiness.
read more →

X Suspended 800M Accounts in 2024; Manipulation Remains

🛡️ X told British MPs it suspended 800 million accounts in 2024 for breaching rules on platform manipulation and spam. Company government affairs executive Wifredo Fernández said Russia was the most active state-backed manipulator, followed by Iran and China, and that efforts to influence elections and 'flood the zone' persist. Despite Elon Musk's prior pledge to purge bots, X acknowledges hundreds of millions of inauthentic accounts are removed annually, raising concerns about uncaught actors and moderation practices.
read more →

Cloud Attackers Favor Exploits Over Credential Theft

🔐 Google Cloud's H1 2026 Threat Horizons Report finds that in the second half of 2025 threat actors shifted from credential-based access to exploiting unpatched third-party software. Third-party software entry rose to 44.5% of primary vectors (up from 2.9%), while credential abuse declined to 27.2%. Google highlights React2Shell (CVE-2025-55182) as a heavily exploited RCE and recommends automated defenses, stronger identity controls and WAF protections to mitigate rapid post-disclosure attacks.
read more →

KadNap botnet hijacks ASUS routers for proxy abuse

🔒 KadNap is a newly observed botnet that compromises primarily ASUS routers and other edge devices to assemble a distributed proxy network. Since August 2025 it has grown to roughly 14,000 nodes and uses a modified Kademlia Distributed Hash Table (DHT) protocol to conceal command-and-control infrastructure and complicate takedowns. Infections begin when a malicious script (aic.sh) is fetched from 212.104.141.140, which installs an ELF binary named kad and establishes persistence via a cron job that runs every 55 minutes. Researchers at Black Lotus Labs link KadNap to the Doppelganger/Faceless proxy service that sells access to infected devices, and Lumen has blocked related traffic on its network while preparing indicators of compromise.
read more →

Global Cyber Attacks Stay Near Record Levels in Feb 2026

⚠️ Check Point Research reports that global cyber attack volumes remained near record highs in February 2026, with an average of 2,086 weekly attacks per organization—a 9.6% year‑over‑year increase and effectively flat month‑to‑month (-0.2%). While ransomware activity eased versus the same period last year, overall attack volumes grew due to automation, expanding digital footprints, and persistent exposure risks tied to enterprise GenAI use. The findings point to a sustained, high‑pressure threat environment that demands continuous risk management.
read more →

Chinese-Nexus APT Activity Targeting Qatar Amid Tensions

🔎 Check Point Research observed increased activity by Chinese-nexus APT groups targeting Qatar following the recent Middle East escalation. Within a day of Operation Epic Fury's launch, the Camaro Dragon actor attempted to deploy a PlugX variant against Qatari targets. Attackers leveraged the conflict in their lures and demonstrated rapid adaptation to breaking events. The campaign highlights elevated regional cyber risk and the need for vigilant defenses.
read more →

WEF Global Cybersecurity Outlook 2026: CISO Takeaways

🤖 The World Economic Forum’s Global Cybersecurity Outlook 2026 warns that AI is accelerating the cyber arms race: 94% of leaders expect it to be the top change driver and 87% say AI vulnerabilities are the fastest‑growing risk. The report notes organizations are improving AI tool security evaluation (from 37% to 64%), yet CEOs and CISOs display different risk priorities. It also highlights widening resilience gaps across organization sizes and calls for harmonized regulation and stronger public‑private collaboration.
read more →

AI Security Dominates IT-Harvest's Cyber 150 Cohort

🔐 IT-Harvest has published its 2026 Cyber 150 list, noting that AI security vendors make up 22% of the cohort. The annual ranking highlights mid-sized cybersecurity firms (50–500 staff) chosen on funding, 2025 growth and market traction. 33 companies were classified as AI security, including fast growers like Tenex.ai (318% growth) and well-funded names such as 7AI and Noma Security. The list also shows broad category distribution and geographic concentration in the US and Israel.
read more →

The Dirty Dozen: Active Ransomware Groups Today 2026

🔒Ransomware-as-a-service (RaaS) has driven a rise in financially motivated attacks, combining double and triple extortion, data theft, and growing use of AI. Law enforcement disruptions have fragmented the marketplace and helped spawn new players such as Akira, BlackCat, and RansomHub. Attackers exploit unpatched VPNs, open RDP, phishing, and zero-day flaws to hit healthcare, manufacturing, education, telecom and critical infrastructure.
read more →

Chinese-linked CL-UNK-1068 Targets Asian Critical Sectors

🛡️ Palo Alto Networks Unit 42 attributes a years-long espionage campaign against high-value organizations in South, Southeast and East Asia to a previously undocumented cluster dubbed CL-UNK-1068. The actor uses a mixed toolkit of custom malware, modified open-source utilities and living-off-the-land binaries to operate on both Windows and Linux. Intrusions commonly begin with web server exploits and web shells, followed by credential theft and targeted file harvesting. Researchers observed novel exfiltration methods—archiving with WinRAR, Base64-encoding via certutil, and printing the encoded output to the web shell to avoid direct file transfer.
read more →

Ransomware Shift: From Loud Disruption to Stealth Tactics

🔒 Ransomware operators are shifting from noisy, disruptive attacks to covert, long-term intrusions focused on data theft and extortion. Picus Security's Red-Teaming report—based on simulations and analysis of 1.1 million malware files and 15.5 million MITRE-mapped actions—finds most common techniques aim to remain undetected. Adversaries increasingly chain vulnerabilities, route C2 through trusted services like OpenAI and AWS, and favor persistence over immediate encryption, though some vendors dispute a reduction in overall activity.
read more →

Microsoft: Hackers Using AI at Every Stage of Attacks

🤖 Microsoft’s Threat Intelligence report warns that threat actors are increasingly using generative AI across all stages of cyberattacks to accelerate execution and lower technical barriers. Attackers employ models to draft phishing lures, generate realistic fake identities and resumes, produce or debug malware, and scaffold infrastructure. Groups like Jasper Sleet and Coral Sleet have used AI in remote IT worker schemes, while operators test jailbreaking and agentic techniques. Microsoft advises treating these campaigns as insider risks and strengthening identity controls, credential monitoring, and protections around AI systems.
read more →

AI-Assisted Automation Enables Large-Scale Password Spraying

🔐 Fortinet investigated recent reports of AI-assisted attacks and found no exploitation of FortiGate vulnerabilities; attackers instead exploited exposed management ports and weak single-factor credentials using automated password spraying. The novel concern is that conversational AI prompts and cloud resources can now automate target discovery, credential guessing, vulnerability assessment, and exploitation at scale with no coding required. Fortinet stresses defense-in-depth and rapid remediation.
read more →

Zero-Day Exploits on Enterprise Software Reach Record High

🛡️ Google Threat Intelligence Group (GTIG) analysis found 90 zero-day vulnerabilities were actively exploited in 2025, and attackers are increasingly focusing on enterprise technology. Enterprise software and appliances accounted for 43 (48%) of tracked zero-days, with security and networking appliances most frequently targeted. End-user platforms still comprised 52% of exploits overall, led by Microsoft Windows, while mobile OS targeting rose and browser-based zero-days fell to a historic low. GTIG recommends segmentation, least-privilege architectures and continuous monitoring to detect and respond to threats.
read more →

Zero-day Exploits Hit Enterprises Faster and Harder

⚠️ Google’s GTIG tracked 90 zero-day vulnerabilities in 2025, finding nearly half targeted enterprise technologies such as security appliances, VPNs, networking gear, and enterprise software. The report highlights that Chinese-linked actors increased their use of zero-days and that commercial surveillance vendors now outpaced state-backed groups. Defenders face shrinking response windows as exploit sharing, faster public-to-exploit timelines, and emerging AI accelerate attacks.
read more →

Patch, Track, Repeat: 2025 CVE Retrospective Summary

📌 Cisco Talos' 2025 retrospective finds 48,196 CVEs (≈132 per day) and highlights persistent root causes—XSS, SQL injection, and insecure deserialization—responsible for roughly 10,000 vulnerabilities. Known Exploited Vulnerabilities rose ~30% to 241, with many affecting network devices and an expanded vendor set of 99, underscoring patching and supply-chain visibility challenges. The author stresses prioritized patch management, accurate asset inventories, and compensating controls (microsegmentation, network isolation, enhanced monitoring) for unpatchable systems, and also notes a near-doubling of AI-related CVEs.
read more →

GTIG: 90 Zero-Day Exploits Observed in 2025, Enterprise Hit

🔐 Google Threat Intelligence Group (GTIG) reports 90 zero-day vulnerabilities were actively exploited in 2025, a 15% increase from 2024. Nearly half targeted enterprise products such as security appliances, networking gear, VPNs, and virtualization platforms. Memory-safety issues comprised 35% of exploited flaws, and commercial spyware vendors overtook state actors as the top zero-day consumers. Google recommends reducing attack surface, continuous monitoring, and rapid patching to detect and contain exploitation.
read more →