cyberattacks

New research from internet service provider Beaming shows UK businesses were targeted more than 791,600 times last year and attackers are focused on systems that facilitate remote work and data storage, turning them into high-risk entry points.

Remote desktop and VPN services saw sustained, automated probing throughout 2025. These are the primary targets for ransomware groups who use stolen credentials to infiltrate and encrypt corporate networks to cause total business lockout.

The financial services sector has now overtaken healthcare as the industry with the highest number of data compromises.

New research from Alta Technologies analyzed information from the Identity Theft Resource Center 2024 Data Breach Report to determine which industries experienced the highest number of data breaches in 2024. shows the industry, which includes jobs such as accountants, bankers, and financial analysts, experienced 737 data compromises throughout 2024. Since 2018, healthcare had previously been the most attacked industry.

In 2025, the number of known phishing-as-a-service (PhaaS) kits doubled in number, increasing the pressure on security teams trying to defend against this ever-evolving threat.

A new report from Barracuda shows new players such as Whisper 2FA and GhostFrame introduced inventive and evasive tools and tactics, including a suite of techniques to prevent analysis of their malicious code, while established groups such as Mamba and Tycoon also continued to evolve and thrive.

Attackers will always use tactics that are proven to work and with more business turning to SaaS for their systems obviously these apps are on the cybercriminal’s radar.

We spoke to Martin Vigo, lead offensive security researcher at SaaS security company AppOmni, to explore the reasons why SaaS apps are such fertile ground for attackers.

Attacks on operational technology (OT) are growing more automated and indiscriminate, Forescout Research- Vedere Labs’ latest honeypot analysis shows just how aggressively adversaries are probing industrial systems.

New data shows industrial routers are now the most attacked devices in OT environments, drawing 67 percent of all malicious activity in Forescout’s 90-day honeypot analysis.

The latest Threat Insights Report from HP Threat Research reveals how attackers are refining campaigns with professional-looking animations and purchasable malware services.

The report provides an analysis of real-world cyberattacks, helping organizations keep up with the latest techniques cybercriminals use to evade detection and breach PCs in the fast-changing cybercrime landscape.

A growing sense of unease is gripping boardrooms as 88 percent of cybersecurity and information security leaders surveyed at UK and US organizations now express concern about state-sponsored cyberattacks.

The research from IO shows organizations are increasingly aware of the strategic nature of cyber risk and that the geopolitical threat is increasing, with 33 percent of organizations surveyed concerned about an expanded threat landscape targeting their own systems.

Most ransomware attacks occur during weekends and holidays, times of distraction or disruption when the majority of SOCs are not adequately staffed.

A new report from Semperis finds that 52 percent of surveyed organizations in the US, UK, France, Germany, Italy, Spain, Singapore, Canada, Australia and New Zealand were targeted at holidays or weekends.

A new study from Cohesity finds 70 percent of publicly traded companies have reported adjusting earnings or financial guidance after a cyberattack.

Among the impacts 68 percent say they observed an impact on their stock price, while 73 percent of privately held firms redirected budgets from innovation and growth initiatives.

A new report from digital trust provider DigiCert highlights an unprecedented surge in distributed denial-of-service (DDoS) attacks that reached ‘internet tsunami’ scale, with two events peaking at 2.4 Tbps (terabits per second) and 3.7 Tbps respectively.

Attack traffic increasingly originates from regions where digital infrastructure is outpacing regulation, with Vietnam, Russia, Colombia, and China ranking among the top five sources.

Security leaders estimate that, on average, cyber incidents cost their organization $3.7 million, with 46 percent suffering from an outage or disruption to their services as a consequence of attacks.

A new survey from Red Canary of 550 security leaders, from the US, UK, New Zealand, Australia, and the Nordic countries, finds that SOC teams continue to struggle with the challenges of securing cloud environments, identities, and AI technologies amid evolving threats.

Not quite how The Killers put it, but a new report shows Human workers remain the most consistent point of attack for cybercriminals, with shadow IT and AI-driven social engineering providing attackers with both new tools and new targets.

The 2025 Global Threat Intelligence Report from Mimecast reveals key trends, including the rise of smarter, AI-powered phishing and social engineering cyberattacks, and threat groups increasingly using trusted services to evade detection and reach targets. Mimecast’s analysis finds that phishing accounts for 77 percent of all attacks up from 60 percent in 2024 with attackers likely leveraging more AI tools.

Many of the recent wave of high-profile cyberattacks can be traced back to the theft of a single set of credentials which have allowed the attacker to access and move within a corporate network.

A new report from Flashpoint looks at the rise of large-scale information-stealing malware campaigns and how ‘infostealer’ malware has been a key enabler, responsible for the theft of over 1.8 billion corporate and personal email accounts, passwords, cookies, and other sensitive data.

A new survey finds 60 percent of surveyed UK and US cybersecurity leaders now admit that security risks originating from third parties and supply chain partners are ‘innumerable and unmanageable.’

The study from IO (which used to be ISMS online) shows 97 percent of cybersecurity leaders say they’re confident in their breach response, with 61 percent describing themselves as ‘very confident.’ Yet, that confidence contrasts dramatically with 61 percent of leaders who say their organization has suffered a third-party or supply chain attack in the past 12 months.

Among all of the various forms of cyberattack phishing attempts delivered by email are still one of the most common.

What’s more AI is making these attacks more effective, because you can no longer rely on looking out for dodgy grammar or other signs that a message may not be what it seems.