threat

More than one in three organizations (37 percent) say AI-driven attacks forced them to adjust their security approach over the past year according to a new report from Netwrix.

The global survey of 2,150 IT and security professionals from 121 countries finds 30 percent say their business uses AI and must now protect it like any other critical system. Compliance is catching up too, 29 percent report auditors now require proof of data security and privacy in AI-based systems.

A new report reveals an increasing disconnect between cybersecurity and compliance priorities and organizational capacity to address them.

The study from Secureframe, based on a survey of 255 security, compliance, and IT professionals, finds security teams are carrying unprecedented responsibility with insufficient resources, manual compliance work is consuming critical time, and the absence of verifiable security credentials is directly impacting revenue.

New research from the Zimperium zLabs team reveals a sharp rise in mobile threats tied to the holiday shopping season.

The report shows that mishing (mobile phishing) remains the most widespread and effective mobile attack vector. Smishing messages and fake delivery alerts impersonating trusted retail and logistics brands surged up to fourfold during the 2024 holiday shopping period, with attackers using urgency-driven messages like ‘Your package is delayed, click here’ to trick users into revealing credentials or downloading malicious apps.

Trellix has published its latest CyberThreat Report: October 2025, highlighting a clear rise in the use of AI-powered tools and malware by cybercriminals.

Drawing on global threat intelligence gathered between April and September 2025, the report explores how automation, geopolitics, and AI are reshaping modern attack methods.

The agentic AI ecosystem, powered by large language models (LLMs), is creating a new class of cybersecurity risks according to a new report.

The study from Radware finds AI agents can act autonomously, access tools and private resources, and interoperate between one another. As enterprises turn to AI agents, there is a need to govern and secure this new emerging layer of digital infrastructure.

Cybersecurity professionals are sounding the alarm, not about increasingly sophisticated cyber threats, but about something far more human --  distraction.

New research from KnowBe4 shows distraction (43 percent) and lack of security awareness training (41 percent) are identified as the primary reasons employees fall victim to cyberattacks, rather than sophistication of the attacks themselves.

Lenovo’s customer service AI chatbot Lena was recently found to contain a critical vulnerability that could allow attackers to steal session cookies and run malicious code.

Cybernews researchers discovered that with just one maliciously crafted prompt, the AI could be manipulated into exposing sensitive data. Lenovo has since fixed the issue, but the case shows how chatbots can create fresh risks when not properly secured.

Threat actors are favoring smaller, persistent attacks under 100,000 requests per second according to a new report. This shift signals a growing dependence on automated, generative AI-enhanced attack tools, reflecting the democratization of DDoS capabilities among loosely coordinated threat actors and new actors entering the scene.

The report from Radware also shows web DDoS attacks rose 39 percent over the second half of 2024. The second quarter set a record with a 54 percent quarter-on-quarter spike.

New analysis of recent high-profile breaches and global threat patterns, reveals a cybersecurity landscape dominated by AI-enhanced attacks, organized cybercrime, and rapid exploitation of zero-day vulnerabilities.

The research, from compliance automation platform Secureframe, shows critical infrastructure, healthcare, and financial services have become primary targets as threat actors evolve faster than traditional defenses.

While 92 percent of respondents to a new survey say collaboration and information sharing are either 'absolutely crucial' or 'very important' in the fight against cyber threats, the results tell a different story when it comes to the adoption of this practice.

The study from Cyware, conducted among cybersecurity professionals at the RSA Conference 2025, finds only 13 percent say their current automation between cyber threat intelligence (CTI) and SecOps tools is working well. Nearly 40 percent day they struggle to coordinate data across critical security tools like Threat Intelligence Platforms (TIPs), SIEMs, and vulnerability management platforms.

Artificial intelligence (AI) is transitioning from an emerging technology to a business mainstay. While many businesses are already reaping the benefits of strategic AI implementation, others are adopting AI solutions without first considering how to integrate the tools strategically. While some AI tools offer tangible gains in automation and efficiency, others overpromise and underdeliver, leading to costly investments with little return.

Distinguishing marketing buzz from real-world impact is critical for businesses looking to make AI a true driver of operational success. Despite AI’s potential, many businesses fall into common pitfalls that prevent them from realizing the full value of innovative technology. From unclear objectives to poor integration and security risks, these challenges can turn AI from a competitive advantage into an expensive mistake.

Analysis of almost 93,000 threats detected within more than 308 petabytes of security telemetry by Red Canary shows infostealer malware infections on the rise across both Windows and macOS platforms.

Used to gather identity information and other data at scale, in 2024 LummaC2 was the most prevalent stealer detected in 2024, operating under a malware-as-a-service model, and selling for anywhere from $250 per month to a one-time payment of $20,000.

The cybersecurity landscape is constantly evolving and organizations need to stay up to date if they're to adequately protect themselves.

At the end of last year, O'Reilly released its 2024 State of Security survey, which analyzes the threats that concern frontline practitioners most, the projects they're implementing to safeguard systems and infrastructure, the skills companies are hiring for, and more.

A new survey reveals that the financial industry has faced a surge in attacks, with 64 percent of respondents reporting cybersecurity incidents in the past 12 months.

The study from Contrast Security finds 71 percent of respondents reported zero-day attacks as the key concern to safeguarding applications and APIs, followed by dwell time (43 percent) and lack of visibility into the application layer (38 percent).

The state of high-profile cyber incidents in recent years has highlighted the fact that defenses need to be kept up to date to provide adequate protection.

AI and machine learning have the potential to transform security operations to enhance protection against emerging threats. We spoke to Gurucul CEO Saryu Nayyar to get her view on how protection technologies are evolving and why this is so crucial.