About 47% of organizations have experienced a data breach or cyberattack over the past 12 months that involved a third-party accessing their network, according to Imprivata and the Ponemon Institute.

Reports by Google Cloud and Trellix indicate there is growing collaboration between nation-state actors and cybercriminal networks for help with initial access and the use of custom malware sold on underground forums.

RansomHub RaaS actors leveraged now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network's domain controller as part of their post-compromise strategy.

In 75% of the ransomware incidents Huntress observed in 2024, threat actors used remote access Trojans (RATs), while 17.3% of attacks featured abused of remote monitoring and management tools like ConnectWise ScreenConnect, TeamViewer and LogMeIn.

In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. Of those malicious apps, 5,200 could subvert multi-factor authentication (MFA).

Organizations might want to think twice before using the Chinese generative AI (GenAI) DeepSeek in business applications, after it failed a barrage of 6,400 security tests that demonstrate a widespread lack of guardrails in the model.

Ransomware payments fell by 35% in 2024, from $1.25 billion in 2023 to about $814 million, according to a Chainalysis report. This decline in payments occurred even though there was a rise in ransomware attacks during the second half of the year.

Infostealers continued to grow in popularity on the cybercrime underground last year, with credentials from password stores appearing in 29% of malware samples analyzed by Picus Security.

Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized either on or before the day their CVEs were disclosed.

The new feature seeks to improve the security of the supply-chain, as hijacking developer accounts and pushing malicious updates to widely used but abandoned projects is a common scenario in the open-source space.