Cyber (In)Securities – Issue 115 – Holiday Edition

Posted on by Cyan Staff

Contents:

News

  1. Does Desktop AI Come With a Side of Risk?
  2. UK Online Safety Act comes into force
  3. Microsoft Teams Vishing Spreads DarkGate RAT
  4. ConnectOnCall breach exposes health data of over 910,000 patients
  5. Android Zero-Day Exploited in Spyware Campaigns, Amnesty International Points to Cellebrite
  6. US needs to do more make cyber attackers pay, Trump adviser says
  7. Rhode Island confirms data breach after Brain Cipher ransomware attack
  8. DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages
  9. Windows kernel bug now exploited in attacks to gain SYSTEM privileges
  10. Rydox cybercrime marketplace seized by law enforcement, suspected admins arrested
  11. Clop ransomware claims responsibility for Cleo data theft attacks
  12. Winnti hackers target other threat actors with new Glutton PHP backdoor
  13. IOCONTROL Cyberweapon Used to Target Infrastructure in the US and Israel
  14. 390,000 WordPress accounts stolen from hackers in supply chain attack
  15. Russian authorities block Viber messaging app
  16. Iran-linked crew used custom ‘cyberweapon’ in US critical infrastructure attacks
  17. With ‘TPUXtract,’ Attackers Can Steal Orgs’ AI Models
  18. FTC warns of online task job scams hooking victims like gamblin
  19. IoT Cloud Cracked by ‘Open Sesame’ Over-the-Air Attack
  20. New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection
  21. Experts Discovered the First Mobile Malware Families Linked to Russia’s Gamaredon
  22. ‘Dubai Police’ Lures Anchor Wave of UAE Mobile Attack
  23. North Korea’s fake IT worker scam hauled in at least $88 million over six years
  24. US Bitcoin ATM Operator Byte Federal Suffered a Data Breach
  25. 336K Prometheus Instances Exposed to DoS, ‘Repojacking’

STATISTICS & INSIGHTS powered by Evisec

CyAN Member Op Eds and Articles

  1. Staying Ahead in Cybersecurity: A Lifelong Learning Journey:
  2. CyAN Mentorship Program

The Year in Focus: A Look Back at 2024 and Ahead to 2025

  1. The Global Implications of AI in Cybersecurity (Pt. 2)
  2. The top cybersecurity stories from 2024
  3. The 7 most in-demand cybersecurity skills today
  4. Businesses plagued by constant stream of malicious emails
  5. Zero Days Top Cybersecurity Agencies’ Most-Exploited List
  6. NCSC Annual Review 2024
  7. Black Hat Europe: Chaos Puts Cybersecurity in the Hot Seat
  8. 2024 Threat Hunting Report
  9. MITRE shares 2024’s top 25 most dangerous software weaknesses
  10. Forecasting Data Security and Compliance Trends in 2025
  11. How to Stay Safe From the Biggest Cybersecurity Threats of 2025 
  12. From Europe to South Africa: Where Is the World on Cyber Defense?
  13. Bolster resilience against 2025 cyber threats
  14. Emerging Cybersecurity Threats May Come From Unexpected Sources as Teens and AI-Savvy Employees May Perpetrate More Attacks Next Year
  15. 2025 Forecast Report for Managing Private Content Exposure
  16. The top cybersecurity predictions for businesses in 2025

Events

News:

Does Desktop AI Come With a Side of Risk?

https://www.darkreading.com/application-security/does-desktop-ai-risk

The rise of desktop AI tools is revolutionising workflows but introduces substantial security risks. Attackers can manipulate AI to create deepfakes, enhance phishing campaigns, or access sensitive enterprise data through poorly secured systems. Experts highlight growing concerns over AI’s potential for data exfiltration and malware deployment, particularly when tools lack governance or monitoring. To mitigate these risks, organisations must establish strict usage policies, adopt proactive monitoring, and integrate AI-aware security solutions. Balancing innovation with robust safeguards is essential as AI tools become embedded across industries.

UK Online Safety Act comes into force

https://nationaltechnology.co.uk/UK_Online_Safety_Act_Comes_Into_Force.php

The UK’s Online Safety Act, now in effect, marks a significant step in regulating online content to protect users, particularly children. Platforms are mandated to remove harmful content, enforce age verification, and implement stronger safeguards against illegal activities. Critics argue it poses risks to encryption and free speech, while supporters praise its focus on accountability. The Act empowers Ofcom to issue hefty fines for non-compliance, pushing tech companies to prioritise safety. As online threats evolve, the Act reflects a growing global trend towards stricter digital governance to create safer online environments.

Microsoft Teams Vishing Spreads DarkGate RAT

https://www.darkreading.com/cyberattacks-data-breaches/vishing-via-microsoft-teams-spreads-darkgate-rat

Cybercriminals are exploiting Microsoft Teams to deliver the DarkGate Remote Access Trojan (RAT) in a new phishing campaign. Attackers use social engineering to trick users into opening malicious attachments, often disguised as legitimate meeting invitations or updates. Once installed, DarkGate enables data theft, key-logging, and remote control of infected systems. Security experts warn that hybrid work environments and reliance on communication platforms increase risks. Organisations are urged to implement stronger email and collaboration app security measures, train employees on phishing threats, and adopt zero-trust principles to mitigate these sophisticated attacks.

ConnectOnCall breach exposes health data of over 910,000 patients

https://www.bleepingcomputer.com/news/security/connectoncall-breach-exposes-health-data-of-over-910-000-patients/

A data breach at ConnectOnCall has compromised the sensitive health records of over 910,000 patients, exposing names, medical information, and contact details. The incident was traced to vulnerabilities in third-party systems, a growing target for cybercriminals seeking high-value data. Experts note that healthcare organisations face increased pressure to secure complex supply chains and address gaps in vendor management. This breach underscores the critical importance of encrypting data, continuous monitoring, and conducting rigorous audits of external partners to prevent cascading risks in healthcare ecosystems.

Android Zero-Day Exploited in Spyware Campaigns, Amnesty International Points to Cellebrite

https://www.securityweek.com/android-zero-day-exploited-in-serbian-spyware-campaigns-amnesty-international-points-to-cellebrite/

An Android zero-day vulnerability is being actively exploited in spyware campaigns, with Amnesty International linking the activity to Cellebrite tools. The campaigns target individuals through sophisticated spyware that enables remote data extraction, surveillance, and device control. These attacks highlight the risks posed by commercial spyware and their role in human rights violations, particularly against journalists and activists. Experts call for stronger regulations and ethical oversight in the spyware industry, emphasising the urgent need for patching vulnerabilities and protecting at-risk individuals from exploitation.

US needs to do more make cyber attackers pay, Trump adviser says

https://www.itnews.com.au/news/us-needs-to-do-more-make-cyber-attackers-pay-trump-adviser-says-613931

Trump’s pick for national security adviser, Representative Mike Waltz, has called for the US to take stronger action to hold cyber attackers accountable, particularly state-backed actors. The remarks underscore frustrations over escalating ransomware attacks, espionage campaigns, and critical infrastructure breaches with insufficient deterrence. Waltz advocates for a mix of offensive cyber measures, stronger international coordination, and tougher economic sanctions to curb attackers’ activities. The call highlights ongoing debates about balancing cyber defence and retaliation as threats grow more sophisticated, demanding proactive US leadership on the global stage.

Rhode Island confirms data breach after Brain Cipher ransomware attack

https://www.bleepingcomputer.com/news/security/rhode-island-confirms-data-breach-after-brain-cipher-ransomware-attack/

Rhode Island has confirmed a significant data breach following a ransomware attack by the Brain Cipher group, compromising sensitive information. The breach affected state systems, disrupting services and exposing personal data, though officials have not specified the full extent. Cybercriminals reportedly exploited vulnerabilities to deploy the ransomware, encrypting files and demanding payment for decryption. Experts stress the importance of regular patching, robust incident response plans, and ransomware resilience strategies to minimise future risks. The incident highlights ongoing challenges in protecting state infrastructure amid rising ransomware threats.

DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages

https://thehackernews.com/2024/12/deceptionads-delivers-1m-daily.html

A new malvertising campaign called DeceptionAds is delivering over 1 million daily impressions across 3,000 compromised websites by tricking users with fake CAPTCHA pages. These deceptive ads lure victims into clicking malicious content under the guise of verifying their identity, enabling attackers to distribute malware or steal data. Security researchers warn that these ads exploit gaps in online advertising platforms to evade detection. Organisations are urged to deploy ad blockers, scrutinise web traffic, and prioritise endpoint protection to mitigate such risks. The incident underscores growing threats in online ad ecosystems.

Windows kernel bug now exploited in attacks to gain SYSTEM privileges

https://www.bleepingcomputer.com/news/security/windows-kernel-bug-now-exploited-in-attacks-to-gain-system-privileges/

A critical Windows kernel vulnerability is being actively exploited to grant attackers SYSTEM-level privileges, allowing full control over targeted devices. The flaw, identified as a zero-day, enables threat actors to escalate privileges, bypassing security measures to install malware, exfiltrate data, or disrupt operations. Exploitation of this bug underscores the urgency for prompt patching and heightened monitoring. Experts recommend applying security updates immediately and deploying behavioural detection tools to identify suspicious activity. The incident highlights the persistent risk of unpatched vulnerabilities in enterprise systems.

Rydox cybercrime marketplace seized by law enforcement, suspected admins arrested

https://www.bitdefender.com/en-us/blog/hotforsecurity/rydox-cybercrime-marketplace-seixed-by-law-enforcement-suspected-admins-arrested

International law enforcement has dismantled the Rydox cybercrime marketplace, a hub for stolen credentials, malware, and hacking tools. The operation led to the seizure of servers, arrests of suspected administrators, and disruption of over 3,000 illicit transactions. Rydox had facilitated cybercriminal activities, enabling attacks like ransomware, fraud, and phishing campaigns. Authorities credit global collaboration for the takedown and stress the importance of sustained efforts to combat such underground platforms. This action serves as a warning to cybercriminals while highlighting ongoing challenges in tackling dark web operations.

Clop ransomware claims responsibility for Cleo data theft attacks

https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-responsibility-for-cleo-data-theft-attacks/

Clop ransomware operators have claimed responsibility for exploiting vulnerabilities in Cleo’s file transfer software, leading to significant data breaches. Targeting third-party systems enabled attackers to access sensitive customer and business data, once again underscoring the risks of supply chain vulnerabilities. Experts warn that organisations relying on external platforms must adopt rigorous monitoring, patching, and vendor security assessments. As ransomware gangs like Clop evolve their tactics, businesses must prioritise proactive defences to protect against increasingly coordinated supply chain attacks.

Winnti hackers target other threat actors with new Glutton PHP backdoor

https://www.bleepingcomputer.com/news/security/winnti-hackers-target-other-threat-actors-with-new-glutton-php-backdoor/

The Winnti Group, a Chinese state-sponsored hacking collective, has unveiled the Glutton PHP backdoor, a rare tool aimed at compromising competing threat actors. This strategic move enables Winnti to steal malware, exploit toolkits, and gather intelligence on rival campaigns. Analysts suggest this highlights rising competition among APT groups, with espionage tactics turning inward. The use of customised backdoors underscores Winnti’s advanced capabilities and the ongoing evolution of nation-state cyber warfare. Organisations must remain vigilant, as such tools could eventually be repurposed against broader targets.

IOCONTROL Cyberweapon Used to Target Infrastructure in the US and Israel

https://securityaffairs.com/171980/malware/iocontrol-cyberweapon-targets-us-isreael.html

IOCONTROL, a newly identified cyberweapon, has been deployed in targeted attacks against critical infrastructure in the US and Israel. This sophisticated tool, linked to state-sponsored threat actors, allows attackers to manipulate industrial systems, causing operational disruptions. Security experts highlight the growing risk to energy grids, water systems, and other essential services, particularly as geopolitical tensions rise. Mitigating such risks requires real-time monitoring, stronger segmentation, and collaboration between public and private sectors to safeguard infrastructure from advanced cyber capabilities.

390,000 WordPress accounts stolen from hackers in supply chain attack

https://www.bleepingcomputer.com/news/security/390-000-wordpress-accounts-stolen-from-hackers-in-supply-chain-attack/

A supply chain attack has compromised over 390,000 WordPress accounts, exposing sensitive credentials and enabling widespread exploitation. Hackers infiltrated third-party plugins to distribute malicious code, underscoring ongoing vulnerabilities in WordPress’s ecosystem. This incident highlights the critical need for robust supply chain management, regular plugin updates, and stringent vetting of third-party tools. Security professionals recommend organisations adopt real-time monitoring and implement zero-trust principles to mitigate the risks posed by increasingly sophisticated supply chain attacks.

Russian authorities block Viber messaging app

https://kyivindependent.com/russian-authorities-block-viber-messaging-app/

Russian authorities have blocked access to Viber, a widely used messaging app, in what analysts describe as another attempt to tighten control over digital communications. The move aligns with broader efforts to stifle encrypted messaging platforms that enable private conversations, particularly amid geopolitical tensions. Critics argue this restricts citizens’ digital freedoms, forcing reliance on state-approved services more susceptible to surveillance. The situation highlights the ongoing battle between security, privacy, and state control, underscoring the importance of decentralised and secure communication tools globally.

Iran-linked crew used custom ‘cyberweapon’ in US critical infrastructure attacks

https://www.theregister.com/2024/12/13/iran_cyberweapon_us_attacks/

An Iran-linked hacking group has deployed a custom cyberweapon to target critical infrastructure in the US, highlighting the escalation of nation-state cyberattacks. The tool exploits vulnerabilities in industrial systems, causing operational disruptions and posing a significant risk to public services. Security experts emphasise the importance of monitoring industrial control systems (ICS) and implementing strict access controls. This incident underscores the growing geopolitical cyber conflict and the urgent need for fortified defences to safeguard critical assets against advanced nation-state tactics.

With ‘TPUXtract,’ Attackers Can Steal Orgs’ AI Models

https://www.darkreading.com/vulnerabilities-threats/tpuxtract-attackers-steal-ai-models

Attackers have developed TPUXtract, a tool designed to extract AI models stored on specialised hardware, such as Tensor Processing Units (TPUs). By targeting machine learning infrastructure, cybercriminals can steal proprietary algorithms, leading to intellectual property theft and competitive disadvantages. Experts warn that organisations deploying AI must strengthen hardware-level protections, encrypt models, and implement stringent access controls. As AI becomes central to innovation, safeguarding models against theft is crucial to maintaining trust, competitive advantage, and the integrity of machine learning systems.

FTC warns of online task job scams hooking victims like gambling

https://www.bleepingcomputer.com/news/security/ftc-warns-of-online-task-job-scams-hooking-victims-like-gambling/

The FTC has issued a warning about online task job scams that mimic gambling addiction, tricking victims into repetitive payments with promises of large returns. Scammers use psychological manipulation to hook users, often demanding upfront “fees” to continue participating. Victims lose substantial sums, highlighting the need for greater awareness and financial literacy. Experts recommend avoiding platforms with unclear payment structures and reporting suspicious activities. This trend reflects the growing sophistication of online fraud, emphasising the importance of regulatory action and digital safety education.

IoT Cloud Cracked by ‘Open Sesame’ Over-the-Air Attack

https://www.darkreading.com/ics-ot-security/iot-cloud-cracked-open-sesame-attack

A newly discovered attack, dubbed ‘Open Sesame,’ targets IoT cloud systems using over-the-air (OTA) updates to gain unauthorised access. By exploiting weak authentication and update mechanisms, attackers can infiltrate devices, manipulate configurations, and exfiltrate sensitive data. Security experts stress the importance of implementing cryptographic signatures, strong update protocols, and zero-trust principles to mitigate such risks. As IoT adoption grows, this incident highlights the urgent need for manufacturers and businesses to prioritise secure OTA processes and device lifecycle management.

New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection

https://thehackernews.com/2024/12/new-linux-rootkit-pumakit-uses-advanced.html

PUMAKIT, a sophisticated new Linux rootkit, employs advanced stealth techniques to remain hidden from traditional detection tools. It buries itself deep in kernel processes, enabling attackers to maintain persistent access while evading monitoring systems. Security researchers note that PUMAKIT can manipulate logs and mask malicious activities, making it particularly dangerous for Linux-based infrastructure. Experts recommend kernel-level visibility, proactive threat hunting, and adopting real-time anomaly detection to identify and neutralise stealth rootkits before they cause irreparable damage.

Experts Discovered the First Mobile Malware Families Linked to Russia’s Gamaredon

https://securityaffairs.com/171949/apt/gamaredon-used-two-new-android-spyware-tools.html

Researchers have identified the first mobile malware families linked to Russia’s Gamaredon hacking group, marking an expansion of their operations. Targeting Android devices, these malware strains enable surveillance, data exfiltration, and communication interception, primarily against Ukrainian targets. The discovery highlights Gamaredon’s growing capabilities and evolving focus on mobile platforms as part of broader geopolitical campaigns. Security experts urge organisations to implement mobile threat detection, enforce strict app permissions, and ensure devices are regularly patched to counter emerging nation-state threats.

‘Dubai Police’ Lures Anchor Wave of UAE Mobile Attacks

https://www.darkreading.com/cyberattacks-data-breaches/dubai-police-lures-uae-mobile-attacks

Cybercriminals are impersonating Dubai Police in a wave of mobile attacks targeting UAE residents. The phishing campaign uses convincing messages and fake apps to steal credentials, banking information, and personal data. The attackers exploit public trust in official authorities, making the scams highly effective. Experts warn users to verify all messages, avoid clicking on unverified links, and only download apps from trusted sources. This incident underscores the importance of public awareness and mobile security solutions to counter increasingly sophisticated social engineering attacks.

North Korea’s fake IT worker scam hauled in at least $88 million over six years

https://www.theregister.com/2024/12/13/doj_dpkr_fake_tech_worker_indictment/

North Korea has reportedly earned $88 million by running an elaborate fake IT worker scam over six years. Cyber operatives posed as freelance IT professionals to secure jobs with international companies, gaining access to systems and siphoning funds. The campaign highlights the risks of remote work environments and insufficient identity verification processes. Experts stress the importance of rigorous background checks, multi-factor authentication, and monitoring suspicious activities to mitigate insider threats. This operation reflects North Korea’s resourceful tactics in funding its cyber operations.

US Bitcoin ATM Operator Byte Federal Suffered a Data Breach

https://securityaffairs.com/171941/data-breach/us-bitcoin-atm-operator-byte-federal-suffered-a-data-breach.html

Byte Federal, a prominent Bitcoin ATM operator, has confirmed a data breach exposing sensitive customer information. Attackers exploited vulnerabilities in third-party systems, underscoring the growing risks of supply chain attacks in the cryptocurrency sector. Leaked data includes transaction records, names, and contact details, potentially enabling identity theft and fraud. Security experts recommend implementing stronger encryption, regular security audits, and tighter vendor management to protect financial ecosystems. The incident highlights the ongoing challenges in safeguarding crypto services against evolving cyber threats.

336K Prometheus Instances Exposed to DoS, ‘Repojacking’

https://www.darkreading.com/cloud-security/336k-prometheus-instances-exposed-dos-repojacking

Over 336,000 Prometheus instances are exposed online, leaving systems vulnerable to denial-of-service (DoS) attacks and ‘repojacking,’ where attackers manipulate repositories to inject malicious code. Misconfigurations and poor access controls have exacerbated these risks, exposing sensitive credentials and system metrics. Experts urge organisations to secure their instances with robust authentication, access restrictions, and continuous monitoring. This incident serves as a stark reminder of the need for secure deployment practices, particularly as misconfigured tools remain prime targets for opportunistic attackers.

STATISTICS & INSIGHTS powered by Evisec:

Highlights from last week’s cybersecurity research by evisec

📈 Incident severity on the rise: Official UK data reveals a 32% increase in “significant” cyber incidents, echoing similar trends reported by other nations.

💸 Security budgets and training gaps: Organizations dedicate 12.5% of IT budgets to security, with larger enterprises leveraging automation to reduce staffing needs. Yet, only 53% prioritize security training, leaving human error as an unaddressed weakness.

😌 Job satisfaction tied to leadership: Leadership commitment to security is the top driver of workforce satisfaction, with communication and strategic alignment valued far more than technical expertise for CISOs.

For deeper insights—including the ongoing tug-of-war between security and productivity as well as perceptions on GenAI—check out the Cybersecurity Research Digest 👇

Read more and subscribe for regular updates: https://evisec.xyz/crd-13/

CyAN Member Op Eds and Articles:

Kim: Staying Ahead in Cybersecurity: A Lifelong Learning Journey

https://www.linkedin.com/pulse/staying-ahead-cybersecurity-lesson-lifelong-learning-mcdonald-zobvc

In this thought-provoking reflection, CyAN VP Kim Chandler McDonald dives into the relentless pace of cybersecurity and what it takes to stay ahead of the curve. As attackers get smarter, faster, and more creative, professionals must meet the challenge with curiosity, adaptability, and collaboration—not just technical know-how. Kim reminds us that cybersecurity is ultimately about people: asking the right questions, listening actively, and communicating clearly to foster trust and innovation. As we head into 2025, the message is clear—lifelong learning and community-driven action are the keys to keeping us all a step ahead.

CyAN Mentorship Program

https://cybersecurityadvisors.network/mentorship/

At CyAN, we believe mentorship is a powerful tool to nurture future leaders and strengthen our global community. Our structured three-month mentorship program offers professional guidance, international networking opportunities, and real-world insights tailored to support graduate students and early-career professionals. By connecting with experienced CyAN members, mentees gain invaluable skills and perspectives to advance their careers. If you’re ready to grow, learn, and thrive alongside experts in cybersecurity and trust & safety, we encourage you to join this transformative opportunity.

The Year in Focus: A Look Back at 2024 and Ahead to 2025

The Global Implications of AI in Cybersecurity (Pt. 2)

https://jirif.substack.com/p/the-global-implications-of-ai-in

AI is transforming global cybersecurity, amplifying both defence capabilities and attack sophistication. On one hand, AI-powered tools enable faster threat detection, real-time response, and predictive analysis, improving cyber resilience for organisations worldwide. Conversely, attackers are leveraging AI for automated phishing, deepfake creation, and malware evolution, increasing the scale and precision of cyberattacks. The article highlights the need for international cooperation to address AI-driven threats and establish ethical frameworks. Balancing innovation with security remains vital as AI continues reshaping the cybersecurity landscape globally.

The top cybersecurity stories from 2024

https://www.weforum.org/stories/2024/12/must-read-stories-cybersecurity-2024

AI-driven threats dominated 2024, with deepfakes, automated phishing, and ransomware-as-a-service reaching unprecedented heights. Critical infrastructure saw increased targeting through state-sponsored espionage, while regulatory debates over digital sovereignty intensified worldwide. The report calls for stronger public-private partnerships, innovation in workforce development, and holistic resilience to tackle rising cyber challenges. As 2025 looms, collaboration remains key to addressing global cybersecurity fragmentation.

The 7 most in-demand cybersecurity skills today

https://www.csoonline.com/article/3615797/the-most-in-demand-cybersecurity-skills-today.html

Cloud security, AI expertise, and zero-trust architectures led the demand for cybersecurity skills in 2024. Organisations are also seeking professionals skilled in incident response, secure software development, and threat intelligence. Beyond technical ability, strong communication and risk management are now critical for aligning security efforts with executive priorities. The report stresses that bridging skill gaps through upskilling, collaboration, and diverse talent acquisition will define organisational resilience in the years ahead.

Businesses plagued by constant stream of malicious emails

https://www.helpnetsecurity.com/2024/12/09/malicious-emails-inboxes/

Businesses faced a relentless onslaught of malicious emails in 2024, with AI-powered phishing, ransomware, and QR code attacks bypassing traditional defences. Cybercriminals are crafting increasingly tailored campaigns, exploiting human error as the weakest link. Experts emphasise multi-layered email security, advanced threat monitoring, and employee awareness training as essential safeguards. As email remains a primary attack vector, organisations must continually adapt to outpace attackers exploiting evolving tactics.

Zero Days Top Cybersecurity Agencies’ Most-Exploited List

https://www.databreachtoday.com/zero-days-top-cybersecurity-agencies-most-exploited-list-a-26884

Zero-day exploits surged in 2024, with attackers weaponising unknown vulnerabilities to infiltrate systems before patches could be applied. Healthcare, energy, and finance sectors faced disproportionate targeting, revealing gaps in proactive defence. Global cybersecurity agencies emphasise the importance of faster patch deployment, real-time threat hunting, and collaboration between governments and enterprises. Staying ahead of zero-day risks will require aggressive vulnerability management and streamlined defence strategies in 2025.

NCSC Annual Review 2024

https://www.ncsc.gov.uk/collection/ncsc-annual-review-2024

The NCSC’s 2024 Annual Review highlights the growing complexity of cyber threats, including state-sponsored espionage, ransomware, and AI-enhanced attacks. Critical infrastructure and supply chains remain particularly vulnerable, requiring coordinated efforts to bolster resilience. The report prioritises threat intelligence sharing, sector-wide collaboration, and proactive defences to combat emerging risks. As cyber incidents grow in scale and sophistication, fostering awareness and preparedness across all levels will be essential for 2025 and beyond.

Black Hat Europe: Chaos Puts Cybersecurity in the Hot Seat

https://www.databreachtoday.com/black-hat-europe-chaos-puts-cybersecurity-in-hot-seat-a-27026

At Black Hat Europe 2024, experts warned that AI and automation have escalated cyber threats to unprecedented levels. Zero-day exploits, smarter phishing, and faster ransomware attacks are outpacing traditional defences. Sessions called for proactive measures: behavioural analytics, AI-powered detection tools, and stronger public-private collaboration. Attendees stressed the urgency of resilience strategies to mitigate evolving risks and emphasised cyber awareness as a key weapon in today’s high-stakes security landscape.

2024 Threat Hunting Report (PDF)

https://dbac8a2e962120c65098-4d6abce208e5e17c2085b466b98c2083.ssl.cf1.rackcdn.com/2024-threat-hunting-report-insights-to-outsmart-modern-adversaries-pdf-2-w-14396.pdf

CrowdStrike’s 2024 report reveals a sharp rise in stealthy attacks, including living-off-the-land techniques, supply chain compromises, and AI-driven threats. Adversaries—particularly state actors and ransomware groups—are evading detection with increasingly sophisticated methods. Proactive threat hunting, behavioural analysis, and rapid response are critical to identifying and neutralising hidden threats. With attack surfaces expanding, organisations must embrace advanced detection tools and resilient strategies to stay ahead in 2025’s evolving cyber battlefield.

MITRE shares 2024’s top 25 most dangerous software weaknesses

https://www.bleepingcomputer.com/news/security/mitre-shares-2024s-top-25-most-dangerous-software-weaknesses

MITRE’s 2024 list exposes persistent software weaknesses, including improper input validation, authentication failures, and out-of-bounds writes. These flaws enable attacks like remote code execution, privilege escalation, and data breaches, often due to insecure coding practices. The report urges developers to integrate automated testing, secure development frameworks, and rigorous security reviews throughout the software lifecycle. Tackling these weaknesses is critical to reducing exploit opportunities and improving software resilience globally.

Forecasting Data Security and Compliance Trends in 2025

https://www.kiteworks.com/cybersecurity-risk-management/forecasting-data-security-and-compliance-trends-in-2025

Stricter regulations and advanced cyber threats are reshaping data security and compliance priorities for 2025. Organisations are moving towards zero-trust frameworks, enhanced encryption, and improved oversight of third-party data sharing. With compliance landscapes growing more complex globally, balancing security with innovation is a challenge. Experts stress the importance of automation, robust governance, and data visibility to meet regulatory demands and safeguard sensitive information against emerging cyber risks.

How to Stay Safe From the Biggest Cybersecurity Threats of 2025

https://www.privateinternetaccess.com/blog/future-cyber-attacks/

Cybersecurity threats in 2025 will grow more sophisticated as cybercriminals exploit AI, cloud vulnerabilities, and IoT devices. Experts urge individuals and organisations to adopt layered defences, including multi-factor authentication, robust endpoint protection, and zero-trust frameworks. Remote work and expanding attack surfaces increase the urgency for encrypted communications, regular updates, and strong cyber hygiene. Staying ahead of evolving threats will require vigilance, awareness, and proactive strategies to safeguard against breaches in a hyperconnected digital landscape.

From Europe to South Africa: Where Is the World on Cyber Defense?

https://www.govtech.com/blogs/lohrmann-on-cybersecurity/from-europe-to-south-africa-where-is-the-world-on-cyber-defense

Global regions are advancing cyber defence strategies to address unique challenges, but disparities persist. Europe leads with regulatory benchmarks like the EU Cyber Resilience Act, while South Africa grapples with modernising its defences amid rising infrastructure attacks. Public-private collaboration is increasing, but resource gaps hinder progress in vulnerable economies. Experts stress prioritising threat intelligence, incident response readiness, and workforce upskilling to bridge the divides. Strengthening cyber resilience globally will be essential to combat escalating, borderless digital threats.

Bolster resilience against 2025 cyber threats

https://www.theregister.com/2024/11/27/bolster_resilience_against_2025_cyber

As cyber threats evolve, businesses must prioritise resilience through proactive security frameworks. Emerging risks, such as AI-driven attacks, advanced ransomware, and supply chain vulnerabilities, demand agile defences and robust incident response planning. Experts recommend adopting automated detection tools, zero-trust architectures, and comprehensive workforce training to mitigate risks. Real-time monitoring and adaptive security strategies will be critical in safeguarding operations, maintaining business continuity, and fostering trust as cybercriminal tactics become more sophisticated in 2025.

Emerging Cybersecurity Threats May Come From Unexpected Sources as Teens and AI-Savvy Employees May Perpetrate More Attacks Next Year

https://www.businesswire.com/news/home/20241203444204/en/Emerging-Cybersecurity-Threats-May-Come-From-Unexpected-Sources-as-Teens-and-AI-Savvy-Employees-May-Perpetrate-More-Attacks-Next-Year

Unexpected threats in 2025 are predicted to arise from tech-savvy teenagers and AI-proficient employees, as the accessibility of AI lowers barriers to entry. This trend risks an uptick in insider threats, including automated phishing, malware deployment, and social engineering. Organisations must prepare by enhancing employee training, implementing insider risk detection systems, and securing AI deployments. Experts highlight the need for proactive monitoring and awareness as unconventional actors—driven by curiosity, pranks, or malice—reshape the threat landscape in unexpected ways.

2025 Forecast Report for Managing Private Content Exposure Risk

https://www.kiteworks.com/report-2025-forecast-for-managing-private-content-exposure-risk

The 2025 forecast warns of increasing risks from private content exposure, fuelled by cloud misconfigurations, insider threats, and sophisticated cyber breaches. As regulatory frameworks tighten, organisations face mounting pressure to enhance data security and visibility. Experts advocate for zero-trust principles, end-to-end encryption, and robust access controls to mitigate vulnerabilities. AI-powered tools will play a dual role—assisting defenders while empowering attackers. Proactive strategies are essential to safeguard sensitive information and manage growing compliance demands in the digital landscape.

The top cybersecurity predictions for businesses in 2025

https://securitybrief.com.au/story/the-top-cybersecurity-predictions-for-businesses-in-2025

Cybersecurity challenges in 2025 will escalate with AI-powered attacks, quantum computing advances, and deepfake-driven scams. Ransomware will grow more targeted and disruptive, while supply chain vulnerabilities remain a primary entry point for attackers. Experts urge businesses to adopt zero-trust architectures, prioritise proactive threat hunting, and invest in continuous workforce training. As cybercriminal tactics evolve, organisations must embrace agility and resilience to stay ahead, ensuring operational security and safeguarding trust in an increasingly unpredictable digital future.

Events (CyAN-Organized or -Supported):

AI Global Everything will be held from 4th to 6th February 2025 in Dubai, U.A.E.

GITEX AFRICA, Marrakesh, Morocco: 14 – 16 April, 2025

GISEC: the 14th edition of Middle East & Africa’s Cybersecurity Event to be held from 6th to 8th May 2025, at Dubai Word Trade Center, Dubai, UAE

The Cyber Outstanding Security Performance Awards (Cyber OSPAs), May 8, London, UK – Entry form: https://www.thecyberospas.com/enter/

MaTeCC 2025