Are we human or are we security risk?


Not quite how The Killers put it, but a new report shows Human workers remain the most consistent point of attack for cybercriminals, with shadow IT and AI-driven social engineering providing attackers with both new tools and new targets.
The 2025 Global Threat Intelligence Report from Mimecast reveals key trends, including the rise of smarter, AI-powered phishing and social engineering cyberattacks, and threat groups increasingly using trusted services to evade detection and reach targets. Mimecast’s analysis finds that phishing accounts for 77 percent of all attacks up from 60 percent in 2024 with attackers likely leveraging more AI tools.
How infostealers have changed the cybersecurity landscape


Many of the recent wave of high-profile cyberattacks can be traced back to the theft of a single set of credentials which have allowed the attacker to access and move within a corporate network.
A new report from Flashpoint looks at the rise of large-scale information-stealing malware campaigns and how ‘infostealer’ malware has been a key enabler, responsible for the theft of over 1.8 billion corporate and personal email accounts, passwords, cookies, and other sensitive data.
Supply chain security risks are becoming unmanageable


A new survey finds 60 percent of surveyed UK and US cybersecurity leaders now admit that security risks originating from third parties and supply chain partners are ‘innumerable and unmanageable.’
The study from IO (which used to be ISMS online) shows 97 percent of cybersecurity leaders say they’re confident in their breach response, with 61 percent describing themselves as ‘very confident.’ Yet, that confidence contrasts dramatically with 61 percent of leaders who say their organization has suffered a third-party or supply chain attack in the past 12 months.
How AI is driving email phishing and how to beat the threat [Q&A]

Q3 ransomware attacks up 36 percent year-on-year


New data from BlackFog shows publicly disclosed ransomware attacks continued to set new records in the third quarter of this year, with 270 attacks -- a 36 percent increase compared to the same quarter in 2024 (198 attacks). This also represents a 335 percent increase since Q3 2020, underscoring the continued rise in attacks over the last five years.
Between July and September, publicly disclosed attacks were attributed to 54 ransomware groups. As in Q2, the Qilin ransomware gang was the most active, responsible for 20 incidents during the period. Notably, approximately 40 percent (107) of reported attacks have not yet been attributed to any known ransomware group.
Recovering and rebuilding trust after a cyberattack [Q&A]


However good your defenses, cyberattacks can still happen. However, in many cases, the aftermath can be worse than the attack itself, as enterprises struggle to calm nerves and reassure staff, customers, and shareholders.
We spoke with Daniel Tobok, CEO of incident response specialist CYPFER, to discuss how organizations can recover from a cyberattack and why the leadership's response is vital.
SMBs vulnerable to AI-powered cyberattacks and complacent about ransomware


A new report from Cork Protection looks at the security challenges facing small and medium-sized businesses (SMBs), backed up by comment from a range of industry leaders. Challenges include an asymmetric threat landscape, defined by the misuse of artificial intelligence and relentless exploitation of human vulnerabilities.
Among the findings are that AI-powered adversaries are launching automated, sophisticated campaigns at unprecedented scale. Also the financial fallout of a breach now extends far beyond ransom, often resulting in business-ending costs.
IT leaders struggle with the complexity of recovering from cyberattacks


A new global study of over 800 senior IT leaders reveals the concerns of IT leaders as they struggle with the rising complexity of recovery planning to cope with the aftermath of cyberattacks.
The survey from infrastructure specialist 11:11 Systems finds that 82 percent of respondents have experienced at least one significant cyberattack, while 57 percent endured two or more attacks within the past year.
Premium target -- why insurance companies are so attractive to hackers [Q&A]


The Scattered Spider group seems to have switched from high-profile attacks on UK retailers to new campaigns targeting the insurance sector. The group has recently been linked to ransomware incidents affecting US-based Philadelphia Insurance and Erie Insurance, which operates in both the UK and the US.
We spoke to Danny Howett, technical director at global cybersecurity consultancy CyXcel, to discuss why insurance is such an attractive target and some practical steps insurers can take to shore up their defences against increasingly organised cybercriminals.
90 percent of organizations face attacks involving lateral movement


A new report from Illumio, based on a survey of over 1,100 IT and cybersecurity decision makers, finds that almost 90 percent of leaders have detected a security incident involving lateral movement within the past 12 months.
Each incident involving lateral movement resulted in a global average of over seven hours of downtime. Alert fatigue, along with limited and fragmented visibility, especially across hybrid environments, are two of the top challenges to detecting lateral movement.
New attack tactics look to bypass MFA and target security blindspots


A new report from AI-powered managed extended detection and response company Ontinue shows a sharp rise in MFA-bypassing identity attacks in the first half of the year.
These attacks are using token replay abuse with roughly 20 percent of live incidents involving adversaries reusing stolen refresh tokens to bypass MFA, even after password resets.
Phishing is now the main entry point for ransomware


Phishing has overtaken all other vectors as the leading entry point for ransomware, cited by 35 percent of affected organizations, up sharply from 25 percent in 2024.
This is one of the findings of a new report from SpyCloud which also shows that 85 percent of organizations were affected by ransomware at least once in the past year, with nearly a third (31 percent) reporting six to 10 ransomware events in the last year.
Why one-time security assessments are no longer sufficient [Q&A]


With cyber threats becoming more numerous and ever more sophisticated, it’s becoming more critical than ever for organizations to prioritize targeted threats, optimize their existing defensive capabilities and proactively reduce their exposure.
One-time security assessments are looking increasingly inadequate. We spoke to CyberProof CEO Tony Velleca to discuss how organizations can effectively implement a Continuous Threat Exposure Management (CTEM) strategy to improve their protection.
Concealing cyberattacks risks penalties and harms trust


Last month Bitdefender revealed that 70 percent of UK CISO have faced pressure to conceal security incidents, cyberattacks and breaches.
But compliance training specialist Skillcast is warning that this could risk regulatory penalties and erode trust. The concern is heightened by escalating threats, with 612,000 UK businesses and 61,000 UK charities reporting a cyber breach or attack in the past year, with the average cost of the most disruptive breach reaching £3,550 ($4,790) for businesses and £8,690 ($11,730) for charities.
DDoS attacks dominate threats to critical infrastructure


New research from NETSCOUT looking at the DDoS attack landscape shows that this method has evolved into a precision-guided weapon of geopolitical influence capable of destabilizing critical infrastructure.
Based on monitoring of more than eight million DDoS attacks globally in the first half of 2025, the study shows hacktivist groups like NoName057(16) have orchestrated hundreds of coordinated strikes each month, targeting the communications, transportation, energy, and defence sectors.
Recent Headlines
Most Commented Stories
BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.
© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.