cyberattacks

New data from BlackFog shows publicly disclosed ransomware attacks continued to set new records in the third quarter of this year, with 270 attacks -- a 36 percent increase compared to the same quarter in 2024 (198 attacks). This also represents a 335 percent increase since Q3 2020, underscoring the continued rise in attacks over the last five years.

Between July and September, publicly disclosed attacks were attributed to 54 ransomware groups. As in Q2, the Qilin ransomware gang was the most active, responsible for 20 incidents during the period. Notably, approximately 40 percent (107) of reported attacks have not yet been attributed to any known ransomware group.

However good your defenses, cyberattacks can still happen. However, in many cases, the aftermath can be worse than the attack itself, as enterprises struggle to calm nerves and reassure staff, customers, and shareholders.

We spoke with Daniel Tobok, CEO of incident response specialist CYPFER, to discuss how organizations can recover from a cyberattack and why the leadership's response is vital.

A new report from Cork Protection looks at the security challenges facing small and medium-sized businesses (SMBs), backed up by comment from a range of industry leaders. Challenges include an asymmetric threat landscape, defined by the misuse of artificial intelligence and relentless exploitation of human vulnerabilities.

Among the findings are that AI-powered adversaries are launching automated, sophisticated campaigns at unprecedented scale. Also the financial fallout of a breach now extends far beyond ransom, often resulting in business-ending costs.

A new global study of over 800 senior IT leaders reveals the concerns of IT leaders as they struggle with the rising complexity of recovery planning to cope with the aftermath of cyberattacks.

The survey from infrastructure specialist 11:11 Systems finds that 82 percent of respondents have experienced at least one significant cyberattack, while 57 percent endured two or more attacks within the past year.

The Scattered Spider group seems to have switched from high-profile attacks on UK retailers to new campaigns targeting the insurance sector. The group has recently been linked to ransomware incidents affecting US-based Philadelphia Insurance and Erie Insurance, which operates in both the UK and the US.

We spoke to Danny Howett, technical director at global cybersecurity consultancy CyXcel, to discuss why insurance is such an attractive target and some practical steps insurers can take to shore up their defences against increasingly organised cybercriminals.

A new report from Illumio, based on a survey of over 1,100 IT and cybersecurity decision makers, finds that almost 90 percent of leaders have detected a security incident involving lateral movement within the past 12 months.

Each incident involving lateral movement resulted in a global average of over seven hours of downtime. Alert fatigue, along with limited and fragmented visibility, especially across hybrid environments, are two of the top challenges to detecting lateral movement.

A new report from AI-powered managed extended detection and response company Ontinue shows a sharp rise in MFA-bypassing identity attacks in the first half of the year.

These attacks are using token replay abuse with roughly 20 percent of live incidents involving adversaries reusing stolen refresh tokens to bypass MFA, even after password resets.

Phishing has overtaken all other vectors as the leading entry point for ransomware, cited by 35 percent of affected organizations, up sharply from 25 percent in 2024.

This is one of the findings of a new report from SpyCloud which also shows that 85 percent of organizations were affected by ransomware at least once in the past year, with nearly a third (31 percent) reporting six to 10 ransomware events in the last year.

With cyber threats becoming more numerous and ever more sophisticated, it’s becoming more critical than ever for organizations to prioritize targeted threats, optimize their existing defensive capabilities and proactively reduce their exposure.

One-time security assessments are looking increasingly inadequate. We spoke to CyberProof CEO Tony Velleca to discuss how organizations can effectively implement a Continuous Threat Exposure Management (CTEM) strategy to improve their protection.

Last month Bitdefender revealed that 70 percent of UK CISO have faced pressure to conceal security incidents, cyberattacks and breaches.

But compliance training specialist Skillcast is warning that this could risk regulatory penalties and erode trust. The concern is heightened by escalating threats, with 612,000 UK businesses and 61,000 UK charities reporting a cyber breach or attack in the past year, with the average cost of the most disruptive breach reaching £3,550 ($4,790) for businesses and £8,690 ($11,730) for charities.

New research from NETSCOUT looking at the DDoS attack landscape shows that this method has evolved into a precision-guided weapon of geopolitical influence capable of destabilizing critical infrastructure.

Based on monitoring of more than eight million DDoS attacks globally in the first half of 2025, the study shows hacktivist groups like NoName057(16) have orchestrated hundreds of coordinated strikes each month, targeting the communications, transportation, energy, and defence sectors.

Cybercriminals increasingly favor malicious URLs over attachments, as they are easier to disguise and more likely to evade detection, according to the latest report from Proofpoint.

These links are embedded in messages, buttons, and even inside attachments like PDFs or Word documents to entice clicks that initiate credential phishing or malware downloads.

Threat actors are favoring smaller, persistent attacks under 100,000 requests per second according to a new report. This shift signals a growing dependence on automated, generative AI-enhanced attack tools, reflecting the democratization of DDoS capabilities among loosely coordinated threat actors and new actors entering the scene.

The report from Radware also shows web DDoS attacks rose 39 percent over the second half of 2024. The second quarter set a record with a 54 percent quarter-on-quarter spike.

Adversaries are weaponizing GenAI to scale operations and accelerate cyberattacks -- as well as increasingly targeting the autonomous AI agents reshaping enterprise operations. This is among the findings of CrowdStrike’s 2025 Threat Hunting Report.

The report reveals how threat actors are targeting tools used to build AI agents -- gaining access, stealing credentials, and deploying malware -- a clear sign that autonomous systems and machine identities have become a key part of the enterprise attack surface.

According to new research from Radware 83 percent of credential stuffing campaigns include explicit API-targeting techniques.

The report shows a shift in credential stuffing attacks, underscoring a fundamental transformation from volume-based attacks leveraging a series of repeated password attempts to more sophisticated, multi-stage infiltration techniques.