The GreyNoise 2025 Mass Internet Exploitation Report provides security leaders, SOC analysts, vulnerability managers, and threat intelligence teams with actionable insights. Attackers are industrializing reconnaissance and exploitation. Security teams must adapt. This report provides the intelligence needed to prioritize, respond, and defend against the next wave of mass exploitation.

This report gives a detailed analysis of key adversarial behaviors, techniques, and trends we saw in 2024, highlighting the escalating risks that non-enterprise businesses and managed service providers (MSPs) need to be aware of This analysis will empower organizations of all sizes to strengthen their defenses against modern cyber threats by giving them actionable insights into a constantly evolving threat landscape.

In the second quarter of 2023 GreyNoise researchers observed a substantial change in the behavior of some regular internet scanning idioms. Inventory scans—where both benign and malicious actors perform regular checks for a given technology or specific vulnerability being present—significantly reduced in frequency and scale. These targeted attacks threaten to circumvent existing defense capabilities and expose organizations to a new wave of disruptive breaches. Defenders must evolve in response.

In this year’s Hacker-Powered Security Report: Financial Services, we look at what drives ethical hackers, where they focus their energies, and what they’re doing to help financial services companies improve their security profile. In the past year, the hacking community has found over 65,000 customer vulnerabilities. Financial services continues to be among the most popular industries for ethical hackers to work on, and vulnerabilities in web applications are by far the most commonly reported issues in the industry

In this report we share runZero’s observations from our unique perspective as an applied security research team. Our goal is to provide insight into how the security landscape is changing, and recommendations on what you can do to get ahead of these changes.

This research aims to equip cloud security professionals, DevOps, DevSecOps, CISOs, and development leaders with valuable insights and practical recommendations for safeguarding their cloud environments, and in doing so, help to secure the cloud for everyone. In some ways, our study confirmed what is already widely known: attackers are constantly scanning the Internet for lucrative opportunities.

Dragos started the Year in Review to highlight significant trends in the OT cybersecurity community. This year’s report aims to go further by offering practitioners and leaders the most up-to-date data, along with perspectives from the field, to help them better defend critical infrastructure around the world. These perspectives are focused on providing actionable insights that have been tried and tested to help organizations effectively defend against and respond to industrial cyber threats.

As we look ahead in this new year, we must acknowledge a threatscape that left us all exhausted from a particularly challenging end to 2021. In our new company’s first threat report, we acknowledge the issue that dominated not only headlines, but the focus of defenders and enterprise security teams. We also look back at the third and fourth quarters of 2021, but let’s first detail our weather of resources available to help you combat Log4j.

Our latest Trellix Threat Lab Research Report includes our findings from Q4 2021, our identification of a multi-stage espionage attack on high-ranking government officials, and our recent analysis of cyberattacks targeting Ukraine and the newly identified HermeticWiper during Q1.

This report is an in-depth analysis of tens of thousands of threats detected across our customers’ environments, this research arms security leaders and their teams with a unique understanding of the threats they’re facing.

A review of 180 engagements performed by Rapid7 consulting, supplemented by a survey of questions given to all Rapid7 consulting customers. Addresses lessons learned from this events.

A report derived from NTT’s managed SOC service, seeking to identify modern and emerging trends observed across industries and regions.

An analysis of threat actors and key action patterns based upon CrowdStrike’s threat hunting human analyst team over the first half of 2019.

A necessary pillar of an effective cyber defense strategy is the capability to detect and mitigate threats at the earliest stages of the cyber kill chain. While internal and perimeter security solutions are critical to your security program, external threat intelligence gives you the ability to defend forward by eliminating threats outside the wire. This ebook is designed to provide a framework for security professionals on how to conduct effective external threat hunting on the dark web.

This specialized report offers insights into the Healthcare industry and the gaps in policies and procedures that could lead to damaging cyber events within the industry.

This report examines a wide range of cyberattack detections and trends from a sample of 354 Vectra customers with more than 3 million devices and workloads per month from nine different industries. This report takes a multidisciplinary approach that spans all strategic phases of the attack lifecycle.

A Report to Congress Pursuant to the National Defense Authorization Act for Fiscal Year 2000, as Amended

This brief but important report offers information into the events and data from the holiday shopping season of 2018.

From the report, “With its customer base of over 4,000 organizations, Alert Logic has first-hand insight into the state of threat detection and response. Drawing from more than a billion security anomalies, millions of security events, and over a quarter million verified security incidents from April 2017 to June 2018, our research has identified five key insights that every business leader, IT leader, and IT practitioner should be aware of: 1. The initial phases of the cyber killchain are merging to accelerate targeted attacks 2. Industry and size are no longer reliable predictors of threat risk 3. Attack automation and “spray and pray” techniques are aiming at everything with an IP address 4. Cryptojacking is now rampant 5. Web applications remain the primary point of initial attack” Read on to find out more.

This report offers the following highlights - Case study of a Fortune 50 organization breached via social media, Deep dive into each layer of the new attack chain, A detailed look at impersonation accounts and hijacked accounts, a new staple in the attack lifecycle, Tactics, techniques, and procedures (TTPs) used by the modern attacker on social media, Recommendations and best practices for updating your security posture.

This report offers insight into cyberattack behavior in the manufacturing industry. It discusses the severity of attacks, botnets, and other important issues related to the manufacturing industry.