Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In its 2025 State of the Underground report, Bitsight TRACE found that ransomware activity continued to escalate in 2024, with a 25% increase in unique victims listed on leak sites and a 53% increase in the number of ransomware group-operated leak sites. The report also observed a 43% increase in data breaches shared on underground forums, with nearly one in five victims based in the United States. These findings highlight a continued upward trend in cyberattack activity.

In 2025, 36 years after the first ransomware attack was recorded, actors continue to zero in on the public sector, and there is no evidence they will slow down any time soon. In fact, our numbers suggest that ransomware attacks against government organizations are ramping up, causing crippling service outages, massive data loss, reputational damage, public distrust, and financial harm.

A new threat campaign, codenamed BrickStorm and attributed to a China nexus group tracked as UNC5221, has security researchers sounding the alarm. This is a highly sophisticated espionage operation, and its most staggering feature is the adversary’s patience. The astonishing average time they remain inside a victim’s network before being detected is well over a year—393 days to be exact.

Arctic Wolf Labs has identified and analyzed a new malware loader we’re calling Caminho, a Brazilian-origin Loader-as-a-Service (LaaS) operation employing Least Significant Bit (LSB) steganography to conceal.NET payloads within image files hosted on legitimate platforms.

Cybercriminals are taking stealth to new levels. According to WatchGuard Technologies’ latest Internet Security Report, evasive malware attacks jumped 40% in Q2 2025, driven by a sharp rise in threats delivered over encrypted connections. While Transport Layer Security (TLS) encryption is essential for protecting users, attackers are increasingly exploiting it to conceal malicious payloads and evade traditional detection methods.

Law firms are getting hit with ransomware at an alarming rate, and most don’t realize how exposed they actually are until it’s too late. The American Bar Association reports that 29% of law firms experienced a successful security breach in 2023. The average ransom demand for professional services firms runs between $200,000 and $500,000.

Ransomware is the gift that keeps on giving… and taking. I’ve been tracking ransomware for almost nine years now, and I’ve seen it progress from simple and annoying malware to an organization-ending threat for many. I’m not big on pushing FUD (Fear, Uncertainty and Doubt), so when I say that it is one of the biggest cyberthreats to organizations in the small and medium-sized business space, I am not exaggerating.

How do you find an adversary who lives where you can't easily look? A recent CISA advisory on the state-sponsored actor "Salt Typhoon" highlights this exact challenge. These actors aren't just breaking in; they're moving in. They persist on network edge devices like routers and firewalls—critical infrastructure that often sits outside the view of traditional endpoint security. From this vantage point, they capture traffic, steal credentials, and plan their next move.

Oct 16, 2025 How AI is Transforming Application Security Testing Read More Natalie Tischler Oct 14, 2025 Veracode Named a Leader in Gartner Magic Quadrant for AST for 11th Consecutive Time Read More Joe Ariganello Oct 9, 2025 The Business Case for Investing in AppSec Tools Read More Natalie Tischler.