2025 IBM X-Force Threat Index: Large-Scale Credential Theft Escalates, Threat Actors Pivot to Stealthier Tactics

Understanding Credential Stuffing: A Growing Cybersecurity Threat

凭证填充攻击利用用户密码复用习惯进行网络入侵，对企业造成财务、声誉和运营风险。通过自动化工具测试被盗凭证以获取非法访问。无密码认证通过生物识别和设备验证等方法消除传统密码漏洞，提升安全性和用户体验。

Cybercriminals adapt their methods to avoid the now stronger security measures of defenders, according to the results of a recent Threat Report. In ransomware attacks, attackers increasingly focus on data theft, they refine BEC fraud (Business Email Compromise) and exploit known vulnerabilities to infiltrate companies worldwide. Arctic Wolf operates one of the largest commercial SOCs worldwide. The report was created on the basis of threat, malw…

Identity-based cyberattacks a third of intrusions, drop infostealers

IBM’s X-Force 2025 Threat Intelligence Index reveals an increase in misuse of valid credentials. Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNE…

Threat Actors Leverage Cascading Shadows Attack Chain to Evade Detection and Hinder Analysis

A sophisticated multi-layered phishing campaign was uncovered, employing a complex attack chain known as “Cascading Shadows” to deliver various malware, including Agent Tesla, XLoader, and Remcos RAT. The attackers’ strategy hinges on using multiple, seemingly simple but strategically layered stages, which not only evade traditional sandbox environments but also complicates analysis by cybersecurity experts. The […] The post Threat Actors Levera…

IBM X-Force: Stealthy attacks on the rise, toolkits targeting AI emerge

Cybercriminals are adopting increasingly stealthy tactics for breaking into networks, while attacks targeting specific AI technologies are an emerging threat. Those are just a couple of the core findings in IBM X-Force’s newly released 2025 X-Force Threat Intelligence Index, which draws from incident response engagements, dark web and other threat intelligence sources to uncover attack trends and patterns. “Obfuscation is becoming an important t…

A new type of infected machine - New DLS emerges for anthrax14

Introduction In 2024, Cyjax observed the emergence of 72 extortion and ransomware group data-leak sites (DLSs). As of mid-April 2025, Cyjax has identified DLSs for 27 new groups this year, as noted in recent blogs on Morpheus, GD LockerSec, Babuk2, Linkc, Anubis,  Arkana, Frag, and RALord. The latest DLS Cyjax has identified is titled ‘anthrax14’, which constitutes one of six new sites identified in April 2025.This group appears to operate indep…