Deepfakes, workforce fraud and phishing incidents on the rise across businesses

Half of businesses have reported a growth in deepfake and AI-generated fraud, alongside rising biometric spoofs and counterfeit ID fraud attempts, according to the 2025 State of Identity Fraud Report, released today by AuthenticID.
The report analyzes internal proprietary data anonymized from AuthenticID's identity verification and fraud detection technology. When paired with insights from annual fraud surveys of both fraud and technology professionals as well as consumers in North America, the report offers a comprehensive view of the fraud landscape.
Remote employees work longer hours

In findings that rather seem to contradict the wisdom of President Trump's return to office mandate for government employees, a new report from Cloudbrink shows that 'work from anywhere' employees actually put in longer hours than their nine to five counterparts.
Analysis of usage data from thousands of users of Cloudbrink's Personal SASE service shows heavy transfer of data on Fridays and heavy usage starting at 7:00 am and continuing to 7:00 pm. The report concludes that employees are working quite a bit outside the office, but could be even more productive if technical challenges could be reduced.
New tools help prevent leaks of personal data

One of the risks AI teams face is sensitive data lurking where it shouldn't be -- risks that are increasing as the volume unstructured data grows across all industries, a situation made worse still by GenAI.
Unstructured data management specialist Komprise is launching new sensitive data detection and mitigation capabilities to help organizations prevent the leakage of PII and other sensitive data to AI and reduce the risk of potentially ruinous data breaches.
AI-powered Chrome extensions are watching you…

It's not exactly Big Brother, but a new analysis of Chrome extensions from Incogni reveals that 67 percent collect user data, and 41 percent collect personally identifiable information (PII), including sensitive details like credit card numbers, passwords, and location data.
Extensions like Grammarly, which make writing almost anything effortless, or Vetted, which act as online shopping assistants, are quickly becoming essentials of everyday life. But because many users trust Google's ecosystem, they also assume that third-party extensions vetted through the Chrome Web Store are equally safe.
AI use drives APIs to become the main attack surface

A new report reveals that APIs have emerged as the predominant attack surface over the past year, with AI being the biggest driver of API security risks.
The survey from Wallarm, of 200 US-based enterprise leaders on AI and API security, finds over 53 percent report engaging in multiple AI deployments. These deployments are primarily enabled by API technology, cementing APIs as the foundation of enterprise AI adoption. However, while AI integration drives rapid API adoption across industries, it also introduces unique risks.
The role of private clouds in enterprise data strategy [Q&A]

As AI reshapes business operations, companies are facing new challenges around cost uncertainty, security, and data integrity. The rise of hybrid cloud strategies -- combining private clouds with public infrastructure -- is becoming a key approach to addressing these concerns.
While enterprises focus on cost control, safeguarding sensitive corporate data, and preventing AI-driven data leakage, they are also trying to leverage LLMs to exploit data in the public cloud while retaining sensitive data in private clouds that they control.
Enterprises consider ditching Oracle Java over cost worries

The percentage of organizations considering alternatives to Oracle Java has jumped significantly from 72 percent in 2023 to 88 percent today.
The Azul 2025 State of Java Survey and Report finds 99 percent of enterprises are using Java. The top reasons given for considering a migration away from Oracle Java include cost (42 percent), preference for open-source (40 percent), Oracle sales tactics (37 percent), uncertainty created by ongoing changes to pricing and licensing (36 percent), and restrictive Oracle policies (33 percent).
A third of companies don't know who is managing their AI risks

While 51 percent of organizations rely on their security teams to manage AI risks, 33 percent say that they either lack a dedicated role or are unsure who holds responsibility for AI risk management.
A new report from Wing Security and the Cloud Security Alliance also highlights that only 44 percent of organizations prioritize protecting all their sanctioned applications, while a mere 17 percent include unsanctioned ones as a priority.
Cloud and hybrid environments present weak spots for ransomware attackers

The increased connectivity of business systems and devices is making it harder for organizations to defend against ransomware attacks according to a new report.
The study from Illumio, with research conducted by the Ponemon Institute, shows organizations perceive the cloud and endpoints as being the most vulnerable, and 34 percent say a lack of visibility across hybrid environments makes it difficult to respond to ransomware attacks.
Data breaches are top privacy concern for consumers

Fears of a data breach dominate consumer concerns, with 64 percent naming breaches as their top privacy worry.
A new report, based on responses from almost 2,500 people around the world, released by Acronis to mark this year's Data Privacy Day, shows that in spite of heightened awareness 25 percent of respondents have experienced data theft or loss and 12 percent remain unsure if they've been breached, underlining the hidden nature of many cyberattacks.
DeepSeek -- the Chinese AI that sparked a stock market panic

Today has seen millions of dollars wiped off US market tech stocks by the launch of DeepSeek, the latest Chinese AI that threatens US dominance in the sector.
This is partly because DeepSeek can run on much less powerful hardware than rivals such as OpenAI's o1. DeepSeek also says that its v3 model, released in December, cost less than $6 million to train, less than a tenth of what Meta spent on its most recent system.
Critical infrastructure security incidents up over 600 percent since 2022

Reported security incidents in critical infrastructure worldwide have grown by 668 percent since 2022 according to a new report from Forescout.
There have been 10 percent more incidents for critical infrastructure sectors than in 2023 and more than half of all incidents (57 percent) affected critical infrastructure sectors. Network infrastructure devices (routers, firewalls, VPNs, etc.) are the second largest category and increased from three percent (2022) to 11 percent (2023) and now 14 percent (2024).
Software-as-a-Service breaches surge 300 percent

A new report from Obsidian Security reveals an unprecedented 300 percent year-on-year increase in SaaS breaches between September 2023 and 2024.
This surge comes as organizations increasingly rely on SaaS applications with current spend on SaaS in the hundreds of billions, or approximately $8,700 per employee for tools such as Workday, Google Workspace, ServiceNow, and Office 365.
High-profile cyberattacks prompt boost in crisis simulation budgets

Following a number of high-profile cybersecurity incidents in 2014 CISOs are reassessing their organization's readiness to manage a potential chaos of a full-scale cyber crisis.
New data from Hack The Box shows many CISOs -- based on a sample of 200 across the UK and US -- are concerned about their organization's ability to handle a cyber crisis. This is down to a number of reasons, the rising volume of cyber incidents (31 percent), lack of incident response planning (20 percent), and a lack of realistic, stress-tested crisis simulations (19 percent).