Password reuse just became a lot more dangerous. In what may be one of the largest credential-harvesting operations ever documented, threat actors have compiled 3.5 terabytes of stolen login data—now labeled the “Synthient Stealer Log Threat Data”—and it’s been added to Have I Been Pwned (HIBP). The dataset includes 183 million unique email addresses, each paired with the passwords and websites where they were stolen. For the average person juggling dozens of logins across apps an...| Enterprise Security Tech
When high-profile campaigns by groups like LAPSUS$ and Scattered Spider make headlines, they often leave the strong impression of technical wizardry: zero-days, clever malware, intricate breaches. But according to research from Flashpoint , that narrative misses the more profound evolution underway. Gone are the days when data extortion simply meant bulk-stealing databases: the playbook has matured to target the single most vulnerable link in modern enterprise security— human identity and...| Enterprise Security Tech
In what many in the cybersecurity world feared might happen, the global ransomware threat has begun to rev back into gear. According to research from NCC Group , after a sustained slide in attack volume, September saw a 28 % month-on-month increase in ransomware incidents—421 attacks globally, up sharply from lower levels in the preceding months. The Anatomy of the Surge While 421 attacks is still below half a thousand, the increase is significant primarily for what it signals: a potential...| Enterprise Security Tech
In a twist that might surprise even seasoned CISOs, the fourth annual Global Ransomware Survey from OpenText reveals a paradox: businesses are increasingly confident in their ability to bounce back from ransomware — yet at the same time, they’re quietly admitting that the real threats are multiplying and shifting in ways they’re only beginning to grasp. Confidence vs. Reality According to the survey of roughly 1,800 security practitioners and business leaders, 95 % of respondents say...| Enterprise Security Tech
A Russian-linked hacking group notorious for espionage against Western governments has returned with a faster, stealthier, and more aggressive malware campaign—this time disguised as a simple “I’m not a robot” CAPTCHA. Google’s Threat Intelligence Group (GTIG) has identified a new, modular malware suite developed by ColdRiver —also tracked as Star Blizzard , Callisto , and UNC4057 —that replaces the group’s previous toolset known as LostKeys . According to GTIG’s October 20 ...| Enterprise Security Tech
The public sector’s digital ramparts are buckling under the pressure of increasingly sophisticated ransomware — and 2025 is proving to be a watershed year. According to fresh intelligence gathered by the cyber-defence unit of Trustwave SpiderLabs (a division of Trustwave, now under LevelBlue), nearly 200 government or public-service entities around the globe have already been hit by ransomware so far this year. These attacks aren’t isolated incidents of data theft —they’re orchestra...| Enterprise Security Tech
