Articles about cybersecurity

New research from business risk specialist Panaseer shows that major breaches are being caused by toxic combinations -- overlapping risks that compound and amplify each other, until they form a critical vulnerability.

The company analyzed 20 major breaches that have occurred over the past five years. In 14 of the 20 cases, it found clear evidence of compounding risks forming toxic combinations that magnified the overall impact.

Continue reading →

A new study from OpenText of nearly 1,800 global IT and security leaders shows a false sense of confidence in ransomware readiness.

The report shows that 95 percent of respondents say they’re confident in their ransomware recovery -- yet only 15 percent of those attacked have fully recovered their data.

Continue reading →

Security leaders estimate that, on average, cyber incidents cost their organization $3.7 million, with 46 percent suffering from an outage or disruption to their services as a consequence of attacks.

A new survey from Red Canary of 550 security leaders, from the US, UK, New Zealand, Australia, and the Nordic countries, finds that SOC teams continue to struggle with the challenges of securing cloud environments, identities, and AI technologies amid evolving threats.

Continue reading →

Not quite how The Killers put it, but a new report shows Human workers remain the most consistent point of attack for cybercriminals, with shadow IT and AI-driven social engineering providing attackers with both new tools and new targets.

The 2025 Global Threat Intelligence Report from Mimecast reveals key trends, including the rise of smarter, AI-powered phishing and social engineering cyberattacks, and threat groups increasingly using trusted services to evade detection and reach targets. Mimecast’s analysis finds that phishing accounts for 77 percent of all attacks up from 60 percent in 2024 with attackers likely leveraging more AI tools.

Continue reading →

Many of the recent wave of high-profile cyberattacks can be traced back to the theft of a single set of credentials which have allowed the attacker to access and move within a corporate network.

A new report from Flashpoint looks at the rise of large-scale information-stealing malware campaigns and how ‘infostealer’ malware has been a key enabler, responsible for the theft of over 1.8 billion corporate and personal email accounts, passwords, cookies, and other sensitive data.

Continue reading →

A new report reveals a 40 percent (quarter-over-quarter) increase in evasive, advanced malware. The data highlights encrypted channels as adversaries' favored attack vector using Transport Layer Security (TLS), the encryption protocol behind most secure web traffic.

The study from WatchGuard Technologies, which provides cybersecurity for MSPs, shows 70 percent of all malware is now delivered via encrypted connections, the findings highlight attackers’ increasing reliance on obfuscation and stealth, and the need for organizations to improve visibility into encrypted traffic and adopt flexible protection strategies.

Continue reading →

The frequency of ransomware attacks has dropped from eight incidents per organization to five or six incidents in the last year, but at the same time the average ransomware payment has surged by more than a million dollars, from $2.5M to $3.6M.

A new Global Threat Landscape report from ExtraHop, based on research by Censuswide, finds threat actors are shifting away from broad, indiscriminate attacks to a more targeted approach that yields better results.

Continue reading →

A new survey finds 60 percent of surveyed UK and US cybersecurity leaders now admit that security risks originating from third parties and supply chain partners are ‘innumerable and unmanageable.’

The study from IO (which used to be ISMS online) shows 97 percent of cybersecurity leaders say they’re confident in their breach response, with 61 percent describing themselves as ‘very confident.’ Yet, that confidence contrasts dramatically with 61 percent of leaders who say their organization has suffered a third-party or supply chain attack in the past 12 months.

Continue reading →

Among all of the various forms of cyberattack phishing attempts delivered by email are still one of the most common.

What’s more AI is making these attacks more effective, because you can no longer rely on looking out for dodgy grammar or other signs that a message may not be what it seems.

Continue reading →

Artificial intelligence is transforming the way that many areas of business operate. But with the benefits also come new risks to corporate data.

We spoke to Rohan Sathe, CEO and co-founder of Nightfall AI, to find out how AI risks exposing sensitive information and what companies can do to protect themselves.

Continue reading →

New data from BlackFog shows publicly disclosed ransomware attacks continued to set new records in the third quarter of this year, with 270 attacks -- a 36 percent increase compared to the same quarter in 2024 (198 attacks). This also represents a 335 percent increase since Q3 2020, underscoring the continued rise in attacks over the last five years.

Between July and September, publicly disclosed attacks were attributed to 54 ransomware groups. As in Q2, the Qilin ransomware gang was the most active, responsible for 20 incidents during the period. Notably, approximately 40 percent (107) of reported attacks have not yet been attributed to any known ransomware group.

Continue reading →

New research looking at high pressure extortion scams reveals that Gen Z is being particularly impacted by AI-powered threats. All mobile users are at risk, however, with one in three having been targeted by an extortion scam, often threatening to expose pictures or browsing history, and nearly one in five falling victim.

The research from Malwarebytes shows a distinct target profile for extortion. 69 percent of victims and 64 percent of targets are Gen Z or Millennial (compared 52 percent of victims and 40 percent of targets of other types of scams). 65 percent of victims and 60 percent of targets are male (vs. 48 percent/45 percent)

Continue reading →

Scams and fraud are an ever present threat on the internet and the rise of AI means that they’re getting harder to spot with the old giveaways of bad grammar and dodgy attachments largely eliminated.

Google is announcing a range of new tools and initiatives to help people remain safe online. These include improved app features, new account recovery tools and better education and awareness programs.

Continue reading →

The latest OS Malware Index from Sonatype shows a 140 percent surge in open source malware as attackers target data and trusted dependencies.

The index is compiled from analysis of 34,319 open source malware packages discovered by Sonatype across major open source registries including npm, PyPI, Hugging Face, and more. This quarter’s count brings the total number of malicious packages Sonatype has discovered to 877,522 since 2019.

Continue reading →

However good your defenses, cyberattacks can still happen. However, in many cases, the aftermath can be worse than the attack itself, as enterprises struggle to calm nerves and reassure staff, customers, and shareholders.

We spoke with Daniel Tobok, CEO of incident response specialist CYPFER, to discuss how organizations can recover from a cyberattack and why the leadership's response is vital.

Continue reading →