惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Microsoft Azure Blog
Microsoft Azure Blog
Google Online Security Blog
Google Online Security Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Simon Willison's Weblog
Simon Willison's Weblog
T
Threat Research - Cisco Blogs
C
CXSECURITY Database RSS Feed - CXSecurity.com
L
Lohrmann on Cybersecurity
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Forbes - Security
Forbes - Security
P
Palo Alto Networks Blog
Schneier on Security
Schneier on Security
S
Schneier on Security
T
Tor Project blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
WordPress大学
WordPress大学
The Hacker News
The Hacker News
Hacker News - Newest:
Hacker News - Newest: "LLM"
罗磊的独立博客
Application and Cybersecurity Blog
Application and Cybersecurity Blog
F
Fortinet All Blogs
博客园 - 三生石上(FineUI控件)
小众软件
小众软件
C
Check Point Blog
Stack Overflow Blog
Stack Overflow Blog
Blog — PlanetScale
Blog — PlanetScale
雷峰网
雷峰网
S
Security @ Cisco Blogs
PCI Perspectives
PCI Perspectives
Spread Privacy
Spread Privacy
W
WeLiveSecurity
SecWiki News
SecWiki News
A
About on SuperTechFans
H
Help Net Security
博客园 - 司徒正美
Recent Commits to openclaw:main
Recent Commits to openclaw:main
爱范儿
爱范儿
S
Securelist
M
MIT News - Artificial intelligence
云风的 BLOG
云风的 BLOG
月光博客
月光博客
Jina AI
Jina AI
博客园 - 叶小钗
Vercel News
Vercel News
阮一峰的网络日志
阮一峰的网络日志
Recent Announcements
Recent Announcements
S
Secure Thoughts
The Cloudflare Blog
美团技术团队
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More

www.infosecurity-magazine.com

Just Three Ransomware Gangs Accounted for 40% of Attacks Last Month Google Chrome Rolls Out Protection Against Infostealers Targeting Session Cookies STX RAT Targets Finance Sector With Advanced Stealth Tactics Bitcoin Depot Reports $3.6m Crypto Theft After System Breach Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings Middle East Hack-for-Hire Operation Traced to South Asian Cyber Espionage Group Governance Gaps Emerge as AI Agents Drive 76% Increase in NHIs Google Warns of New Threat Group Targeting BPOs and Helpdesks Google API Keys Quietly Gain Access to Gemini on Android Devices Critical Vulnerability in Ninja Forms Exposes WordPress Sites Anthropic Launches Project Glasswing to Use AI to Find and Fix Critical Software Vulnerabilities US Thwarts DNS Hijacking Network Controlled by Russian APT28 Hackers Claude Discovers Apache ActiveMQ Bug Hidden for 13 Years Iran‑Backed Threat Actors Hit US CNI Providers via Internet‑Facing OT Assets Russian APT28 Hackers Hijack Routers to Steal Credentials, UK Security Agency Warns GPU Rowhammer Attack Enables Privilege Escalation and Full System Compromise GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltration Over $17bn Lost to Cyber Fraud in the Last Year, Warns FBI Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploited New Phishing Platform Used in Credential Theft Campaigns Against C-Suite Execs New 'Storm' Infostealer Remotely Decrypts Stolen Credentials NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts Apple Expands iOS 18 Security Updates Amid DarkSword Threat Researchers Observe Sub-One-Hour Ransomware Attacks GitHub Used as Covert Channel in Multi-Stage Malware Campaign Most CNI Firms Face Up to £5m in Downtime from OT Attacks Google Introduces Android Dev Verification Amid Openness Debate New Venom Stealer MaaS Platform Automates Continuous Data Theft Chinese Hackers Target European Governments in Espionage Campaigns Eight in 10 UK Manufacturers Hit by Cyber Incident in a Year Hackers Hijack Axios npm Package to Spread RATs Maryland Man Charged Over $53m Uranium Finance Crypto Hack Phantom Project Bundles Infostealer, Crypter and RAT For Sale ChatGPT Security Issue Enabled Data Theft via Single Prompt TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets Employee Data Breaches Surge to Seven-Year High NCSC Urges Immediate Patching of F5 BIG-IP Bug Cybercriminals Exploit Tax Season With New Phishing Tactics Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers DeepLoad Malware Combines ClickFix With AI-Generated Code to Avoid Detection Critical Citrix NetScaler Vulnerability Exploited in the Wild ICO Fines UK Nuisance Call Scammers £100,000 European Commission Confirms Cloud Data Breach New Wave of AiTM Phishing Targets TikTok for Business TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack Quantum Computing Threat to Encryption Is Closer Than Expected, Warns Google UK Cracks Down on Chinese Crypto Marketplace for Funding Southeast Asia Scam Hubs Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code Attackers Rapidly Weaponize Critical Oracle WebLogic RCE, Honeypot Study Finds EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts AI Becomes the Top Cybersecurity Priority for Defenders as Criminals Exploit It, PwC Warns OpenAI Expands Bug Bounty to Cover AI Abuse and 'Safety' Concerns Iran-Linked Pay2Key Ransomware Group Re-Emerges Invoice Fraud Costs UK Construction Sector Millions, NCA Warns Cloud Phones Linked to Rising Financial Fraud Threat Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne US: FCC Bans Foreign-Made Routers Over National Security Concerns TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise Experts Sound Alarm Over “Prompt Poaching” Browser Extensions Operation Henhouse Nets Over 500 Arrests in UK Fraud Crackdown RSA Conference: UK NCSC Head Urges Industry to Develop Vibe Coding Safeguards Silver Fox Cyber Campaigns Show Shift Toward Dual Espionage Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities New Npm 'Ghost Campaign' Uses Fake Install Logs to Hide Malware Former Ukrainian Foreign Minister Dmytro Kuleba to Address the New Cyber Frontline at Infosecurity Europe Enterprise Cybersecurity Software Fails 20% of the Time, Warns Absolute Security Russian Initial Access Broker Handed 81-Month Sentence Handala Group Tied to Iranian Hack‑and‑Leak Operations, FBI Reveals Most Cybersecurity Staff Don’t Know How Fast They Could Stop a Cyber-Attack on AI Systems Tycoon2FA Phishing Service Resumes Activity Post-Takedown Trivy Supply Chain Attack Expands With New Compromised Docker Images CISA Orders US Government to Patch Maximum Severity Cisco Flaw Operation Alice Takes Down 370,000+ Dark Web Sites Hackers Exploit Critical Langflow Bug in Just 20 Hours NCA Boss Warns That Teens Are Being “Radicalized” Into Cybercrime Online Ransomware Affiliate Exposes Details of 'The Gentlemen' Operation Financial Brands Targeted in Global Mobile Banking Malware Surge FCA Updates Cyber Incident and Third-Party Reporting Rules AWS Warns Hackers Have Abused Cisco Firewall Zero-Day Since January UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs New Ubuntu Flaw Enables Local Attackers to Gain Root Access Crypto Scam "ShieldGuard" Dismantled After Malware Discovery AI-Enabled Adversaries Compress Time-to-Exploit Following Vulnerability Disclosure Vidar Stealer 2.0 Exploits GitHub, Reddit to Deliver Malware via Fake Game Cheats AI Issues Will Drive Half of Incident Response Efforts by 2028, Says Gartner Android OS-Level Attack Bypasses Mobile Payment Security 'CursorJack’ Attack Path Exposes Code Execution Risk in AI Development Environment Surge in Nation State Attacks on UK Firms Amid Cyber Warfare Fears Average Number of Daily API Attacks Up 113% Annually Aeternum Botnet Shifts Command Control to Polygon Blockchain Leading Semiconductor Supplier Advantest Hit by Ransomware Attack Remcos RAT Expands Real-Time Surveillance Capabilities SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks, NCSC Boss Warns Google Warns of In the Wild Exploit as It Patches New Chrome Zero Day Phorpiex Phishing Delivers Low-Noise Global Group Ransomware BridgePay Confirms Ransomware Attack, No Card Data Compromised New Hacking Campaign Exploits Microsoft Windows WinRAR Vulnerability Labyrinth Chollima Evolves into Three North Korean Hacking Groups Google Disrupts Extensive Residential Proxy Networks
High-Tech Sector Overtakes Finance as Top Target for Cyber-Attacks, Mandiant Reports
Kevin Poireault · 2026-03-23 · via www.infosecurity-magazine.com

The high-tech sector was the most targeted industry for cyber-attacks in 2025, dethroning financial services as the primary focus of threat actors, according to Mandiant’s latest incident response data.

High tech companies accounted for 17% of all Mandiant investigations in 2025, the Google Cloud-owned firm noted in the M-Trends 2026 Report, published on March 23.

In comparison, finance, which led in 2023 and 2024, represented 14.6% of Mandiant investigations over the past year. Business and professional services and healthcare were also heavily targeted, making up 13.3% and 11.9% of all investigations, respectively.

Source: M-Trends 2026, Mandiant, Google Cloud
Source: M-Trends 2026, Mandiant, Google Cloud

Dwell Time Rises from 11 to 14 Days

In 2025, Mandiant and Google Threat Intelligence Group (GTIG) identified 83 malicious cyber campaigns –  focused efforts by one or more threat groups pursuing a single objective – and eight global cyber events – when multiple groups using similar tactics, such as exploiting a new vulnerability.

These cyber events affected organizations across 73 countries.

Out of the 91 incidents, Mandiant investigated 35 campaigns and six global events.

Based on these investigations, Mandiant observed that that the global median dwell time rose from 11 days in 2024 to 14 days in 2025.

Dwell time is calculated as the number of days an attacker is present in a compromised environment before they are detected.

This increase was largely driven by North Korean-linked cyber espionage campaigns and IT worker incidents which both had median dwell times of 122 days, said Mandiant researchers.

Watch now: Inside North Korea's IT Worker Scam - Sophos CISO Shares How to Stay Protected

Global ClickFix Adoption

One of the most active global events was the growing adoption of the ClickFix social engineering technique.

ClickFix involves attackers using a prompt, typically on a phishing page, to convince users to execute PowerShell or other system-level commands under the guise of fixing problems or verifying their legitimacy.

In 2025, Mandiant and GTIG identified dozens of threat clusters incorporating this technique, particularly threat clusters focused on widespread initial access operations.

“Variants of the technique observed in 2025 used a variety of lures, including CAPTCHAs, verifications for video conference and meeting invitations, driver or operating system updates, and enterprise software compliance verification,” said the report.

Read more: What is ClickFix and How to Prevent It

Mandiant Tracks 661 New Threat Clusters and 714 New Malware Families

GTIG and Mandiant began tracking 661 new threat clusters and 714 new malware families in 2025, bringing the total number of tracked threat clusters to more than 5000 and of tracked malware families to more than 6000.

In 2025 investigations, Mandiant encountered 288 threat groups, 205 of which were newly tracked. Both numbers are lower than those observed in 2024.

However, the researchers identified 224 malware families used in investigated campaigns, compared to 205 in 2024.

Those 224 strains include 126 newly tracked families and an additional 98 malware families that were first discovered in prior years.

Initial Access: Exploits Lead, Vishing Surges

Vulnerability exploits represented the most frequently observed initial infection vector for the sixth-year running, comprising 32% of Mandiant investigations in 2025 in which an initial infection vector could be identified.

Meanwhile, voice phishing (vishing) surged to become the second most common initial infection vector (11%), reflecting a shift toward more interactive, human-led attacks.

Email phishing continued its decline, falling from 22% of initial access vectors in Mandiant investigations in 2022 to 6% in 2025.

Additionally, in 2025, most cyber threat actors continued abusing native functionalities in on-premises and cloud environments as well as legitimate tools to reduce opportunities for detection.

Mandiant reported that ransomware operators have shifted their primary objective from data theft to deliberate recovery denial, systematically targeting backup infrastructure, identity services and virtualization management planes.

Read now: Why Ransomware Remains One of Cybersecurity’s Most Persistent and Costly Threats