cyberattacks

Cybercriminals are increasingly using sophisticated identity-based attacks (phishing, social engineering, leveraging compromised credentials) to gain access as trusted users and move laterally across systems undetected.

We spoke to Cristian Rodriguez, field CTO, Americas at CrowdStrike, about the company’s recent research into these attacks and now organizations can defend against them.

The manufacturing industry is the most targeted industry for cyberattacks and this has has now been the case for four consecutive years.

A new study from KnowBe4 shows that this combined with the manufacturing sector’s expanding digital footprint is putting operations, intellectual property, and economic resilience at risk from critical vulnerabilities.

New research from Bitdefender shows that 84 percent of high severity attacks are using Living off the Land (LOTL) techniques, exploiting legitimate tools used by administrators.

One of the findings is that the netsh.exe tool -- used for network configuration -- management is the most frequently abused tool, appearing in a third of major attacks. While checking firewall configurations is a logical initial step for attackers, this clearly demonstrates how data analysis can spotlight trends that human operators might instinctively disregard.

AI-powered phishing campaigns are bypassing traditional defenses as threat actors flood inboxes with polymorphic phishing, spoofed brands, and new malware families.

New research from the Cofense Phishing Defense Center (PDC) has tracked one malicious email every 42 seconds. Many of these were part of polymorphic phishing attacks that mutate in real-time in order to bypass traditional filters.

Only four percent of organizations worldwide have achieved the 'mature' level of readiness required to effectively withstand today's cybersecurity threats, even as hyperconnectivity and AI introduce new complexities for security practitioners.

The latest Cybersecurity Readiness Index from Cisco shows 86 percent of organizations faced AI-related security incidents last year. However, only 49 percent of respondents are confident their employees fully understand AI related threats, and 48 percent believe their teams fully grasp how malicious actors are using AI to execute sophisticated attacks.

According to a new study, 79 percent of respondents say their organization is making changes to its cybersecurity budget. Of these, 71 percent say their security budgets are increasing, with the average budget at $24 million.

However, the report from Optiv, with research by the Ponemon Institute, also shows 66 percent of the more than 600 respondents report cybersecurity incidents have increased in the past year, up from 61 percent in 2024.

When used legitimately, HTML attachments in emails enable organizations to share content, such as newsletters or invitations, that display properly when opened in an email client or web browser.

But a new report from Barracuda reveals that 23 percent of HTML attachments are malicious, making them the most weaponized text file type. Overall more than three-quarters of the malicious files detected overall were HTML, and 24 percent of email messages overall are now unwanted or malicious spam.

Malicious actors are increasingly exploiting email to impersonate brands, launch phishing campaigns, and spread false information -- often using sophisticated methods made simpler by emerging technologies.

A new report from Valimail shows that email continues to be the most exploited attack vector for cybercriminals and disinformation campaigns, with artificial intelligence dramatically increasing the sophistication of these threats.

Organizations are increasingly faced with complex DDoS attacks that disrupt operations, increase latency, and compromise network security.

Security solutions company Gcore is launching 'Super Transit', which is not a big van but a cutting-edge DDoS protection and acceleration feature, designed to safeguard enterprise infrastructure while delivering lightning-fast connectivity.

Ransomware attacks reached a historic high in the first quarter of this year, with 2,063 victims reported, a 102 percent increase compared to the previous year.

The report from GuidePoint Security also records a record high number of active threat groups, with 70 identified in Q1, reflecting a 55.5 percent year-on-year rise.

New findings from threat protection platform BlackFog show the first quarter of 2025 has seen record-breaking numbers of publicly disclosed ransomware attacks, marking a 45 percent increase compared to Q1 of 2024.

Analysis of ransomware activity in the period from January to March saw records set each month. Both January and February set new monthly records for disclosed attacks, with increases from 2024 of 22 percent and 36 percent, respectively while March recorded the largest number of disclosed attacks since BlackFog began tracking in 2020, with 107 attacks -- an 81 percent increase compared with March 2024.

A new report highlights how growing reliance on digital technologies across Europe, combined with geopolitical tensions and sophisticated threat actors, is creating a perfect storm that could put energy stability at risk and lead to the lights going out.

The study from security awareness training platform KnowBe4 shows the average number of cyberattacks against utilities more than doubled between 2020 and 2022. Specifically across Europe, cyber threats to the energy sector have surged, driven by an epidemic of under-reporting and lack of detection, with recent attacks disrupting operations, compromising sensitive data, and highlighting the urgent need for stronger cybersecurity measures.

Despite still being in its infancy, it would be hard to overstate the impact that AI has already had on the cybersecurity landscape.

Not only has AI made it infinitely easier and faster to develop a wide range of traditional attacks -- such as phishing, business email compromise and malware -- it has also opened the door to novel strategies and threats. Worse yet, they allow threat actors to develop significantly more targeted and sophisticated attacks, regardless of their knowledge level or skill.

A new survey of 350 UK and US utility operators reveals that 62 percent of water, water treatment and electricity companies have been affected by cyberattacks in the last 12 months.

The study from Semperis finds that nearly 60 percent of attacks were carried out by nation-state groups

As organizations race to deliver apps at an unprecedented pace, the rise of freely available AI tools with sophisticated capabilities has made it easier than ever for threat actors to effortlessly reverse-engineer, analyze, and exploit applications at an alarming scale.

A new report from Digital.ai shows that 83 percent of applications are under constant attack, a nearly 20 percent increase from last year, with attack rates surging across all industries.