In this report, we look back at the 900 million attacks we analyzed in the threat landscape of 2024. Additionally, we offer organizations tactical insights and strategic recommendations for improving defenses this year. From the financial impact of attacks to geopolitical tensions that lead to cyber warfare, cybersecurity is top of mind for enterprise and government organizations in 2025.

In this report, they we anticipate malicious actors will continue their rapid adoption of AI-based tools to augment and assist their online operations across various phases of the attack lifecycle. We expect to see cyber espionage and cyber crime actors continue to leverage deepfakes for identity theft, fraud, and bypassing know-your-customer (KYC) security requirements. As AI capabilities become more widely available throughout 2025, enterprises will increasingly struggle to defend themselves against these more frequent and effective compromises.

SecurityScorecard researchers identified not only a pool of 150 top vendors – based on their detectable market share of products and customers – but also a subset of 15 “heavy hitters” with an even higher market share concentration. In today’s interconnected world, concentrated cyber risk threatens national security and global economies. Much like a precarious house perched on a cliff’s edge, the reliance on a handful of vendors shapes the foundation of our global economy.

That is the purpose of this report is to show you the hours saved, the data aggregated, and the research methodologies laid bare. you’ll find several sections covering some of the bigger mass exploitations of 2022, also known as celebrity vulnerabilities.

In the wake of the Change Healthcare incident, companies are doubling down on efforts to bolster supplier oversight and cybersecurity measures. Every organization must scrutinize its data security practices, assess third- and fourth-party access to sensitive data, and identify critical vendors essential to revenue.

In this fourth annual edition of the Microsoft Digital Defense Report, we draw on our unique vantage point to share insights on how the threat landscape has evolved and discuss the shared opportunities and challenges we all face in securing a resilient online ecosystem which the world can depend on.

In the first half of 2023, Forescout Vedere Labs has published numerous blog posts and reports sharing analyses of prominent vulnerabilities, threat actors and malware. In this report, we look back at the research we published in the period of January 1 to July 31, 2023 (2023 H1) as well as other important events and data that we have not covered in the same period to emphasize the evolution of the threat landscape.

The purpose of our research is to raise awareness of the CISA KEV catalog and understand how many of these vulnerabilities are under active exploitation so that organizations can take action against their risk. In our research, we relied on the CISA KEV catalog, a notable source of information regarding vulnerabilities actively exploited in the wild. We analyzed the common vulnerabilities and exposures (CVEs) using GreyNoise and other resources and found the attack surface in the past and present.

The annual report surveys the threat landscape of 2022, summarizing a year of intelligence produced by Recorded Future’s threat research team, Insikt Group. We analyze global trends and evaluate significant cybersecurity events, geopolitical developments, vulnerability disclosure, and more, providing a broad, holistic view of cyber landscape in 2022.

As we look ahead in this new year, we must acknowledge a threatscape that left us all exhausted from a particularly challenging end to 2021. In our new company’s first threat report, we acknowledge the issue that dominated not only headlines, but the focus of defenders and enterprise security teams. We also look back at the third and fourth quarters of 2021, but let’s first detail our weather of resources available to help you combat Log4j.

The National Cyber Threat Assessment 2023-2024 will help Canadians understand current cyber security trends, and how they are likely to evolve. The NCTA is especially helpful for Canadian decision-makers as the focus is on cyber threats most relevant to Canada.

In the report’s first chapter, we focus on activities of cybercriminals, followed by nation states threats in chapter two. Both groups have greatly increased the sophistication on their attacks which has dramatically increased the impact of their actions.

This report is based on the results of a comprehensive online survey of 225 cybersecurity professionals, to gain more insight into the latest trends, key challenges, and solutions for malware and ransomware security. The respondents range from technical executives to managers and iT security practitioners, representing a balanced cross-section of organizations of varying sizes across multiple industries.

The 2022 A10 Networks DDoS Threat Report provides insights into DDoS activity during the past six months including origins of activity; the growth of DDoS weapons and botnets; the role of malware in the propagation of DDoS weapons and attacks; and the steps organizations can take to protect against such activities.

In this report we take a closer look at how cyber warfare has intensified to become an essential part of the preparation for, and conduct of, actual military conflict. Furthermore, we uncover what the fallout of this will be for governments and enterprises all over the world, even those that are not directly involved in the conflict.

A cyberthreat intelligence brief informed by the latest Microsoft threat data and research. This content offers an expert perspective into the current threat landscape, discussing trending tactics, techniques and strategies used by the world’s most prolific threat actors.

This report incorporates not only the malware zoo, but new analysis for what is being detected in the wild. Also added: statistics detailing the top MITRE ATT&CK techniques observed in Q4 2020 from Criminal/APT groups.

A survey of 200 global security professionals as to their opinions, responses, and outlook of the Solarwinds software chain compromise.

This report assesses corporate perceptions of nation-state cyber-threats. It finds that companies have become more aware of the challenges posed by such threats and are concerned about them; however, their ability to respond to evolving risks may be lacking.

This report covers the cybersecurity threats tied to COVID-19 pandemic observed over the past year, detailing the socioeconomic drivers that contributed to the threat landscape.

This report looks at cybercrime in 2020, going into the changes in cybercrime, nationwide threats, security involving remote work, and how to improve security.