Ransomware attacks targeting utilities have surged by 42% over the past year, with spear phishing playing a major role in 81% of cases, according to a ReliaQuest study spanning November 2023 to October 2024. Analyzing data from its GreyMatter platform and dark web activity, ReliaQuest found that utilities like water and energy systems are disproportionately affected. Their critical role in infrastructure makes them prime targets for cybercriminals.

As another year comes to an end, it’s not only Santa who brings presents for those on his nice list. These days, it’s quite common for well-known firms to publish their annual roundups of the most notable events that have taken place in the cybersecurity landscape, together with predictions of what can we expect in next twelve months.

On December 16, 2024, BeyondTrust published a security advisory outlining a vulnerability impacting their Remote Support (RS) and Privileged Remote Access (PRA) software. The flaw, CVE-2024-12356, is a critical severity command injection vulnerability. If successfully exploited it can allow an unauthenticated remote threat actor to execute underlying operating system commands within the context of the site user.

As the threat landscape of cybersecurity continues to evolve, enterprises now find themselves spending countless hours on identifying and mitigating potential threats while managing overwhelming amounts of data. But one persistent problem for security teams is the flood of false positives alerts that indicate possible threats but turn out to be benign. Not only do these waste valuable time and resources, but they also contribute to alert fatigue, reducing the overall threat detection ability of teams.

Organizations worldwide struggle with complex regulatory requirements. AI in compliance management emerges as a powerful solution to simplify these challenges. Modern businesses face unprecedented pressure to maintain rigorous compliance standards across multiple domains. AI for compliance transforms how companies approach regulatory requirements. Traditional methods consume significant resources and expose organizations to substantial risks.

Adversaries are advancing faster than ever, exploiting the growing complexity of business IT environments. In this high-stakes threat landscape, generative AI (GenAI) is a necessity. With organizations grappling with skills shortages, sophisticated adversaries and operational complexity, 64% of security professionals have already kicked off their GenAI purchase journey.

We’re thrilled to announce a new partnership with OVHcloud, a leading global cloud provider! This collaboration brings industry-leading security solutions to OVHcloud users, empowering them to confidently scale their applications.

As 2024 comes to a close, we went around the room and asked some of Trustwave’s top executives what cybersecurity issues and technology they saw playing a prominent role in 2025. Here is the latest installment. As we look ahead to 2025, the landscape of cyber threats continues to evolve, presenting new challenges for cybersecurity professionals.

Cybersecurity is a vital concern for organisations, but many security strategies fall short: recent research shows that 44% of UK companies are lacking in basic cybersecurity skills. The consequences of poor security go far beyond the direct impacts of cyberattacks, and the benefits of effective security are numerous as well.

Threat actors are using voice phishing (vishing) attacks via Microsoft Teams in an attempt to trick victims into installing the DarkGate malware, according to researchers at Trend Micro. “The attacker used social engineering to manipulate the victim to gain access and control over a computer system,” Trend Micro says.