The Zscaler Zero Trust Exchange houses the largest security data set in the world, collected from over 300 trillion signals and 160 billion daily transactions - more than 15x the volume of Google searches each day. (more available)

This AT&T Cybersecurity Insights report is the third in a series that highlights the need for security in a new compute paradigm underpinned by 5G and edge. (more available)

A recent Authentication Security Strategy survey by Enzoic and Redmond magazine revealed insights into the way that passwords are currently being used in various organizations, and what the future looks like regarding this ubiquitous authentication method. (more available)

The State of Pentesting: 2020 report assesses which web application security vulnerabilities can be found reliably using machines and which require human expertise to manually identify. (more available)

This report will give a snapshot of 2020’s mobile threat landscape and dive into emerging trends we anticipate carrying into 2021. (more available)

This report is based on in-depth analysis of roughly 20,000 confirmed threats detected across our customers' environments, this research arms security leaders and their teams with actionable insights into the malicious activity and techniques we observe most frequently. (more available)

We do two very important and timely things in this report. We first explore ways to measure exploitability for individual vulnerabilities—and far more importantly—entire organizations. (more available)

Using RiskRecon’s assessment information, explanatory models are built to demonstrate the value of technical information in predicting measures of risk at varying levels of greater technical insight. (more available)

Part 2 of The Cloud Impact Study looks at the importance of security as a significant driver for cloud transformation, as well as how security and data protection concerns present a challenge that acts as the primary barrier to cloud transformation. (more available)

This report looks at the malware used by a group called Sunburst. It gives a detailed timeline of attacks, and the code used in them. (more available)

This sixth volume of the Prioritization to Prediction series combines vulnerability data from Kenna’s customers with additional intelligence from Fortinet and others. (more available)

This edition of the State of the Internet (SOTI)/Security report series focuses on the retail and hospitality sectors. An extensive review of how credential abuse attacks are carried out from both a methodology perspective and a volumetric angle is given. (more available)

This article offers a glimpse into the inner workings of the Interplanetary Storm botnet, provides an exhaustive technical analysis of the Golang-written binaries along with an overview of the protocol internals and finally, some attribution information. (more available)

This study captures and analyzes a large set of information about phishing attacks, in order to better understand how much phishing is taking place, where it is taking place, and to see if the data suggests better ways to fight phishing. (more available)

This report from Kaspersky explains changes in the threat landscape for industrial automation systems for the first half of 2020. It goes in detail on the variety of malware, the main threat sources, regional differences, and more. (more available)

A survey of over 1,000 US and UK IT professionals on the challenges to having the necessary in-house expertise to achieve a strong cybersecurity posture. (more available)

Akamai examines the attack trends in the media sector over a 24-month period. This research is based on data gathered during regular Akamai operations and is based on a large volume of real events. (more available)

The third annual report from Hacker One on the state of the hacker/security testing community. Data is drawn from Hacker One’s community of bug bounty registrants and subscribing platforms. (more available)

The annual report on trends in malware and hacked website from the incident response and malware research teams at GoDaddy Security /Sucuri. (more available)

A combination of data from RiskIQ’s internet telemetry network and thought analysis, this report covers changes related to the COVID-19 pandemic, organization’s public attack surface, mobile threats, and the importance of JavaScript as an attack vector. (more available)

RiskIQ scans mobile application stores and analyzes the apps presented for potential malware and other threats. This annual threat report covers the security posture of the mobile ecosystem, identifying threat actions, and making time comparisons. (more available)