Threat actors continue to exploit #vulnerabilities in #security appliances, such as #firewalls and #VPN concentrators, to gain initial access. Not only #zerodays disclosed in 2025, but also old vulnerabilities remediated years ago, but left unpatched
The Netskope Threat Labs Report for #Retail 2025 is out! 📢
⛈️ 95% of organizations use #genAI apps ⛈️ 57% of DLP violations are for regulated data ⛈️ 81% #chatGPT is the most used genAI app ⛈️ 11% of #malware downloads come from OneDrive
The Netskope Threat Labs Report for Australia 🇦🇺 is out! 📣
⛈️ 9.9% of #malware come from GitHub ⛈️ Google most impersonated brand for #phishing ⛈️ 87% of organizations use #genAI apps ⛈️ 42% of data policy violations concern Intellectual property
The @Netskope Threat Labs Report focused on #ShadowAI and #AgenticAI is out!
⛈️ 89% of orgs use at least one #genAI app ⛈️ 7.6% of people use at least one app ⛈️ 7 apps are used in the typical org ⛈️ 8.2GB of data is uploaded on average to genAI apps
After the timelines, here we go with the #cyberattacks statistics for February 2025 where I analyzed 231 events, in a #threat landscape where the majority of #attacks were driven by #cybercrime, carried out via #malware, and initiated through #phishing#cybersec
After the September 2024 campaign, Netskope Threat Labs discovered a new version of the XWorm #malware, introducing new features such as process protection and enhanced anti-analysis capabilities.
Against all odds, I continue to (not so) regularly update my blog hackmageddon.com. I have been quite busy lately, but hope to catch up during the Summer break.
In the meantime enjoy the 1-15 February 2025 #cyberattacks timeline
Netskope Threat Labs has discovered a campaign from the Silver Fox threat actor, using fake installers disguised as legitimate software, including WPS Office, Sogou, and DeepSeek, to deliver the Sainbox RAT and Hidden #rootkit to Chinese-speaker users.
The 16-30 January #cyberattacks timeline is out with 107 events and a #threat landscape dominated by #malware and #ransomware. #phishing emails continued to lead the initial access techniques.
#Threat actors continue to exploit legitimate #cloud apps. In this campaign discovered by the Netskope Threat Labs, #phishing pages are hosted on Glitch, and Telegram is abused to exfiltrate credentials and bypass MFA.
The @Netskope Threat Labs for Europe 2025 🇪🇺 is out!
🌩️ #GitHub is the top #cloud app for #malware downloads (16%) 🌩️ Adobe is the most impersonated brand for #phishing (29%) 🌩️ 57% of #DLP violations concern regulated data 🌩️ 91% of orgs use #GenAI apps
One of the most surprising trends from the Netskope Cloud and Threat Report 2025 is that #GitHub has surpassed Microsoft #OneDrive as the most exploited #cloud app for delivering #malware.
I summarised the findings in a blog post for Infosec Magazine.
The Netskope Threat Labs Report for #Healthcare 2025 is out!
⛈️ 13% of #malware downloads come from GitHub ⛈️ 88% of organizations use #genAI apps ⛈️ #ChatGPT is the most used app with 81% ⛈️ 81% of data policy violations are related to regulated data
💀 #Cybercrime accounted for 70% of the events 💀 #Malware continued to lead the Attack Techniques chart with 28% 💀 #Phishing led the Initial Attack Vectors with 17%
And finally the last #cyberattacks timeline for 2024 is out! (December H2 - I know I am a little late!). #Malware continued to dominate the #threat landscape and #phishing was, once again, the preferred method for initial access.
The 1-15 December 2024 #cyberattacks timeline is out with 115 events and a #threat landscape dominated by #malware. #Cybercrime continues to be the main motivation, and #phishing the main initial access vector.
⛈️ 4.7 out of 1000 users click on #phishing links ⛈️ 40% of phishing targets #cloud apps ⛈️ 20% of #malware downloads come from #GitHub ⛈️ 95% use #genAI, with an average of 10 apps
The #cyberattacks statistics for November 2024 are out with 245 events characterized primarily by #cybercrime (72%) and #malware attacks (26.8%). #Phishing continued to be the main initial access vector (14.9%)
🚨 SEO poisoning and fake CAPTCHAs are here to stay! @Netskope Threat Labs found that attackers have been distributing malicious PDFs across 260+ domains and 4,000+ keywords to steal credit card data and deliver the Lumma Stealer #malware
