Security Report

The Marsh McLennan and Searchlight Cyber study shows a clear, statistically significant correlation between an organization’s exposure on multiple dark web sources and an increased likelihood of suffering a cyber incident within 12 months. The report highlights that specific indicators—especially Compromised Users and Dark Web Market Listings—carry the largest individual risk multipliers and that combining…

The report documents an increasingly industrialized payment-fraud landscape in 2025, driven by scalable Magecart e-skimmers, large purchase-scam networks, OTP interception, and growing AI enablement that together expand attack surfaces and complicate liability. Recommended defenses emphasize intelligence-driven, cross-functional fusion of CTI and fraud operations, proactive detection, and AI-assisted predictive controls. #Magecart #AcceptCar

The Visa Biannual Threats Report (July–December 2024) details rising payments ecosystem threats—enumeration, provisioning fraud, malicious mobile apps, NFC relay attacks, digital skimming, ransomware, and consumer-targeted scams—while describing Visa PERC’s detection, disruption, and mitigation capabilities. Key metrics include a 22% increase in enumeration transactions, about US$1.1B in follow-on fraud from enumeration over a year, US$357M in…

The 2025 SANS SOC Survey evaluates how modern SOCs are staffed, structured, and equipped, highlighting persistent strengths (widespread 24/7 coverage, strong EDR adoption) alongside recurring gaps (staffing shortages, manual metrics, and uncoordinated AI/ML use). The report emphasizes reactive incident response, widespread SIEM data dumping, and growing—but uneven—cloud and AI integration across vendors and product briefings.…

The 2025 SecurityScorecard Global Third-Party Breach Report analyzes 1,000 breaches and finds that 35.5% of 2024 incidents originated via third parties, a 6.5% rise from 2023, underscoring growing supply‑chain exposure and attacker emphasis on vendor access. The report highlights file transfer software, cloud services, state‑sponsored supply‑chain campaigns (notably linked to Chinese groups), prolific ransomware actors…

The 2025 State of Human Risk report shows that human behavior—not technology gaps—is now the dominant driver of breaches, with attackers leveraging AI-powered phishing, collaboration tools, and credential misuse to bypass traditional defenses. High-impact incidents such as the Change Healthcare breach illustrate the massive financial and operational consequences and underscore the urgent need for Human…

K7Security’s Q2 2025-26 Cyber-Threat-Monitor highlights a 19% global Infection Rate driven by persistent exploitation of legacy flaws (notably MS17-010/EternalBlue), widespread adware and hack-tool prevalence on Windows, and dominant Trojan activity on Android (86%) and macOS (88%). Executive findings emphasize “vulnerability debt,” human-centric phishing, supply-chain and edge-device attacks, and recommendations to prioritize patching, MFA, behavioral detection,…

The Q3 2025 Rapid7 Threat Landscape Report documents accelerating zero-day and mass-exploitation activity, consolidation and innovation among ransomware groups (notably Qilin), increasing supply-chain and nation‑state espionage, and the operationalization of AI for social engineering and evasive malware. Major metrics include 53 newly observed exploited CVEs, 88 active ransomware leak-site groups, and U.S. victims accounting for…

The H1 2025 ESET Threat Report documents rapid shifts in the threat landscape—highlighting the explosive rise of ClickFix social engineering, SnakeStealer’s emergence as the top infostealer, Android adware surges driven by Kaleidoscope, and a dramatic increase in NFC fraud. It also covers coordinated disruptions of Lumma Stealer and Danabot, growing ransomware infighting (including RansomHub and…

The report highlights a clear industry shift toward phishing-resistant, passwordless authentication and shows how identity strategy is increasingly tied to user experience and regulatory requirements. Key stats and trends call out broad passwordless adoption and rising threats like AI-driven social engineering that require adaptive, behavior-based defenses. #Descope #Passkeys

BioCatch’s Global Scams Report 2025 documents a rapid, global escalation in authorized push payment (APP) scams driven by real-time payments, social engineering, and GenAI-enabled scaling, and highlights the industrialization of fraud including trafficked scam compounds. The report pairs regional breakdowns, hard statistics, and a case study to show steep rises in vishing, smishing, romance, and…

The State of SaaS Security 2025 Report documents a sharp rise in SaaS-related incidents despite widespread confidence in protections, highlighting misconfigurations, permission issues, and weak continuous oversight as primary drivers. The report urges a shift to continuous monitoring, clear ownership, and governance for AI-enabled integrations to close the gap between perceived visibility and actual security.…

This Ponemon Institute report, sponsored by OPSWAT, summarizes survey responses from 612 U.S. IT and security practitioners about file security risks, controls, technologies, and AI adoption. Key takeaways include high incident frequency and cost (average $2.7M), dominant insider and file-visibility risks, concern over macro-based and zero-day malware, and increasing use of CDR, DLP, multiscanning, SBOMs,…

Latio’s 2025 AI Security Market Report cuts through marketing-driven confusion to map a fragmented AI security landscape, define four primary use-case categories, and explain the specific risks each category addresses. It highlights how VC-fueled hype has blurred vendor distinctions, stresses that tool choice should be guided by an organization’s risk profile, technology stack, and priorities,…

The GuidePoint / Ponemon 2025 Identity and Access Management (IAM) Maturity Report finds most organizations remain in early-to-mid IAM maturity, with pervasive manual processes, underinvestment in IAM, and 50% of organizations experiencing an identity-based security incident in the prior 12 months. High performers (23% of respondents) show measurable benefits from automation and advanced identity technologies,…