Attacks, Threats, and Vulnerabilities
Top 5 GenAI Tools Vulnerable to Man-in-the-Prompt Attack, Billions Could Be Affected (LayerX) LayerX researchers have identified a new class of exploit that directly targets these tools through a previously overlooked vector: the browser extension.
China’s Covert Capabilities | Silk Spun From Hafnium (SentinelOne) China-linked hackers used patented spyware tech from front companies tied to Hafnium, exposing gaps in cyber threat attribution.
Behind Random Words: DoubleTrouble Mobile Banking Trojan Revealed (Zimperium) DoubleTrouble Trojan infiltrates mobile devices via Discord, stealing credentials with advanced features like screen capture and keylogging. Zimperium's defenses detect and protect against this evolving threat.
Trends
Ransomware Risk Report (Semperis) Annual global study reveals state of ransomware risk across multiple countries and industries, plus expert insights into increasing business resilience.
New HackerOne Research Reveals How The Top 15% of CISOs Gain the Security Edge (HackerOne) While nearly 94% of CISOs are familiar with crowdsourced security, the report identifies a striking gap: only 15% are unlocking its full potential through the comprehensive adoption of its three main services: bug bounties, vulnerability disclosure programs (VDPs), and third-party pentesting.
Keyfactor Finds Nearly Half of Enterprises Unprepared for Quantum Cybersecurity Threats (BusinessWire) Insights from 450 cybersecurity leaders reveal urgent PQC readiness gaps — and the business advantage of early action
New research uncovers four security challenges caused by unmanaged AI access (1Password Blog) 1Password commissioned a survey of 200 North American security leaders that highlights four critical challenges and what security leaders should consider to secure today’s AI-augmented workforce.
2025 Annual Threat Report (N-able) SMBs in the crosshairs
Marketplace
Sonatype Appoints Cybersecurity Veteran Bhagwat Swaroop as CEO (Sonatype) Sonatype appoints Bhagwat Swaroop to Chief Executive Officer as Wayne Jackson transitions to Executive Chairman.
Products, Services, and Solutions
Intel 471 Launches Verity471, Game-Changing Cyber Intelligence Platform Featuring New Threat Exposure Modules (BusinessWire) Verity471 platform offers operational cyber threat intelligence solutions out of the box, designed to shatter the pattern of reactive cyber defense
From Detection to Decision: How Vectra AI Reduces Noise and Provides Comprehensive Coverage for Modern Attacks (Vectra AI) A snapshot of detection trends, alert noise, and identity-driven threats, showing how AI and custom detections improve signal clarity across the SOC.
Orca Security Expands Runtime Protection to Hybrid and Private Clouds (BusinessWire) CNAPP pioneer delivers unprecedented visibility and threat prevention from public cloud to on-premises workloads, solving massive challenges for customers
Technologies, Techniques, and Standards
Introducing Unit 42’s Attribution Framework (Unit 42) Peel back the layers on Unit 42's Attribution Framework. We offer a rare inside view into the system used to ultimately assign attribution to threat groups. Peel back the layers on Unit 42's Attribution Framework. We offer a rare inside view into the system used to ultimately assign attribution to threat groups.
Legislation, Policy, and Regulation
Plankey nomination for CISA director advances to Senate floor (The Record) Sean Plankey’s nomination to direct the Cybersecurity and Infrastructure Security Agency advanced out of committee on Wednesday after languishing for several months, bringing him one step closer to confirmation.
Army Secretary forces West Point to rescind appointment given to Easterly (CyberScoop) The United States Military Academy abruptly ended the appointment of Jen Easterly to a high-profile academic position in West Point’s Department of Social Sciences, according to a memorandum issued Wednesday by the Secretary of the Army.
