The 2025 WiCyS Cyber Talent Study, analyzed by skillrex using an N2K diagnostic mapped to the NICE Framework, evaluates 604 WiCyS members and finds the community outperforming peers across most NICE Categories and many Specialty Areas. The report shows a roughly 4‑point composite advantage (~10%), highlights strong leadership and governance capabilities and measurable gains from targeted training, and identifies specific skill gaps to guide future WiCyS programs. #WiCyS #skillrex
Category: Security Report
Black Duck’s “The Global State of DevSecOps: Balancing AI Usage and Risk in 2025” finds that organizations have achieved high deployment velocity but are accumulating security debt because of manual processes, tool sprawl, and overwhelming false positives that slow development. The report also describes AI as a double-edged sword—widely adopted and improving secure coding for many, yet introducing new risks and shadow-AI governance gaps that demand developer-centric workflow integration and formal AI governance. #BlackDuck #GitHubCopilot
Comcast Business’s 2025 Threat Report analyzes 34.6 billion events (including 19.5B botnet resource-development events, 9.7B drive-by compromises, 4.7B phishing attempts, and 44,069 DDoS events) to map evolving attacker tactics such as proxy abuse, living-off-the-land techniques, and AI-enabled social engineering. It urges organizations to adopt multi-layered, AI-augmented defenses—prioritizing patching, phishing-resistant MFA, proactive threat hunting, and managed 24/7 SOC services—to reduce exposure and build enterprise resilience. #SocGholish #ComcastBusiness
The 2025 State of Cloud Security Report highlights escalating challenges in cloud security, including rising data exposure, vulnerabilities, and attack paths exacerbated by AI adoption. It underscores the importance of managing neglected assets, securing Kubernetes environments, and controlling identity and access to mitigate evolving threats. #OrcaResearchPod #APT29 #Log4Shell #Spring4Shell #KubernetesSecurity #AIvulnerabilities
The 2025 State of Application Security report reveals critical gaps in AppSec practices, highlighting delays in product launches, frequent false positives, and under-resourced teams facing mounting pressure. Organizations are increasingly open to outsourcing AppSec to expert partners like Cypress Data Defense to strengthen security without compromising innovation. #AppSec #OWASPTop10 #CypressDataDefense
The 2025 Norton Cyber Safety Insights Report highlights the increasing interaction of children with AI and the troubling rise of cyberbullying, particularly in the U.S. The report also provides key statistics on cyberbullying perpetrators, AI usage among kids, and practical advice for parents to protect their children online. #Cyberbullying #AICompanionship
The 2025 State of Shadow AI Report reveals the widespread and persistent use of unsanctioned AI applications in enterprises, highlighting critical security risks, especially related to tools like OpenAI and low-security-rated apps such as Jivrus Technologies and Happytalk. It emphasizes the urgent need for real-time discovery, governance, and remediation strategies to manage shadow AI exposure, particularly in small and mid-sized organizations. #ShadowAI #OpenAI #RecoSecurity
The State of Trusted Open Source report reveals that most vulnerabilities lie outside the top 20 most popular open source projects, highlighting the security challenges in the “longtail” of less-visible images. Speedy remediation, compliance-driven adoption, and the growing importance of AI-related stacks like Python are key themes shaping modern open source security. #Chainguard #FIPS #Python #OpenSourceLongtail
The 2025 Cybersecurity M&A and Capital Markets Report highlights a record $119 billion in strategic activity with significant growth in AI security investments, multiple billion-dollar acquisitions, and a dynamic market shift toward AI-driven defense solutions. The report underscores AI’s transformative impact on cybersecurity offense and defense, with rapid vendor emergence and evolving governance challenges representing the central focus for future security strategies. #AISecurity #CyberArk #Wiz #MomentumCyber
Aon’s 2025 Global Cyber Risk Report highlights a 22% rise in cyber incident frequency in 2024 alongside a significant 77% decline in average ransomware payouts, emphasizing improved cyber preparedness and insurance market stability. The report underscores evolving threats, systemic risks, the impact on key industries, and the buyer-friendly cyber insurance environment enhanced by advanced controls and broader coverage. #Ransomware #CyberInsurance #CrowdStrike #ChangeHealthcare
The 2025 NetDiligence Cyber Claims Study analyzes over 10,000 cyber claims from 2020-2024, highlighting ransomware and business email compromise as leading causes of loss, with escalating incident costs and ransom demands. Small to medium enterprises (SMEs) represent the majority of claims, while large companies bear a disproportionately high cost impact. #Ransomware #BusinessEmailCompromise #NetDiligence
The Zscaler ThreatLabz 2025 VPN Risk Report reveals a significant shift in cybersecurity strategies as 81% of organizations plan to adopt zero trust models by 2026, driven by increasing VPN vulnerabilities and user dissatisfaction. It highlights the rise of AI-powered attacks exploiting VPN flaws, growing ransomware risks, and the urgent need to replace legacy VPNs with modern, secure access architectures. #ZscalerThreatLabz #PulseSecureVPN #IvantiVPN #ZeroTrust
The Imperva API Threat Report 2025 reveals that APIs have become the primary target for sophisticated cyberattacks, with over 40,000 incidents recorded in just six months. Key threats include business-logic abuse, data scraping, and application-layer DDoS attacks, emphasizing the urgent need for behavior-driven, adaptive API security measures. #ImpervaAPIThreatReport #BusinessLogicAbuse #ApplicationLayerDDoS
The Sophos Annual Threat Report 2025 reveals ransomware remains the top threat to small and midsized businesses, with compromised network edge devices and evolving social engineering tactics posing significant risks. Key findings include rising costs of attacks, increased business email compromise, and the exploitation of unpatched vulnerabilities like CVE-2024-40711. #SophosAnnualThreatReport #CVE202440711
This report uncovers the rapid, widespread adoption of Model Context Protocol (MCP) servers in enterprises, highlighting significant security risks due to lack of visibility and widespread use of unofficial servers with credential access. The 2,200% growth in MCP servers over 13 months, with 86% operating locally on developer endpoints, exposes thousands of non-human identities and enterprise services to potential compromise. #ModelContextProtocol #ClutchSecurity