AI-Powered Cyberattacks Accelerate Threat Landscape, Verizon Report Reveals Hackers are leveraging artificial intelligence (AI) to exploit software vulnerabilities at unprecedented speeds, shrinking the window for defensive action from months to mere hours, according to Verizon’s 2026 Data Breach Investigations Report. The analysis of over 31,000 security incidents found that 31% of all breaches now begin with vulnerability exploitation surpassing stolen credentials for the first time as the leading attack vector. The report highlights how generative AI is being weaponized across the entire attack lifecycle, from targeting victims to crafting malware and automating exploits. Threat actors are using AI to rapidly identify and exploit known flaws, forcing organizations to adapt their defenses at machine speed. Verizon’s Chief Information Security Officer, Nasrin Rezai, emphasized the urgency of countering these threats, stating, “We need to fight AI with AI.” Beyond external attacks, the report flags shadow AI unauthorized AI tool usage by employees as the third most common non-malicious insider action contributing to data loss. Workers are increasingly submitting sensitive source code and structured data into unapproved AI platforms, creating new risks for accidental exposure. The rise of AI-driven threats is also reflected in automated bot activity, which has surged by 20% monthly while human-driven web traffic remains stagnant. This trend suggests a future where bot-related attacks could dominate the threat landscape. Security experts, including Patrick Munch of vulnerability management firm Mondoo, note that manual remediation processes remain a critical weakness. The report found that 62% of security teams still rely on manual fixes, with only 2% fully automated and just 9% confident in their ability to patch critical vulnerabilities in time. The gap between detecting and addressing threats continues to widen, underscoring the need for faster, AI-driven defense strategies.

New Malware Strains Exploit Network Devices for DDoS and Crypto Mining On March 6, 2026, security researchers uncovered two previously undetected malware strains CondiBot and Monaco targeting Linux-based routers, IoT devices, and enterprise network equipment. Both strains evaded major threat intelligence platforms, including VirusTotal and ThreatFox, until their discovery. CondiBot, a Mirai-based DDoS botnet, infects devices by cycling through multiple file transfer utilities (wget, curl, tftp, ftpget) to deliver its payload. Once executed, it disables reboot utilities, registers with a command-and-control (C2) server, and awaits attack commands. The malware includes 32 attack modules an expansion from earlier variants and actively kills competing botnets to monopolize system resources. A new internal identifier, "QTXBOT," suggests a possible fork or separate development group. Monaco, written in Go 1.24.0, brute-forces weak SSH credentials to deploy Monero cryptocurrency mining software on compromised servers, routers, and IoT devices. Unlike CondiBot, it focuses on stealthy resource exploitation rather than DDoS attacks. Researchers from Eclypsium noted that these campaigns reflect a broader trend: financially motivated threat actors are increasingly targeting network infrastructure, a tactic once dominated by nation-state groups. The 2025 Verizon Data Breach Investigation Report highlighted an 8x increase in exploits targeting network devices, with a median patching time of 30 days far slower than the zero-day exploit window. Google Threat Intelligence Group further reported that 25% of all zero-day exploits in 2025 targeted network and security systems. A critical challenge is the visibility gap in enterprise security. Most endpoint detection tools cannot monitor embedded firmware in network appliances, allowing attackers to operate undetected for extended periods. CondiBot’s persistence mechanisms including hardware watchdog manipulation make infections difficult to remove without physical intervention. The emergence of these strains underscores the growing threat to network infrastructure, where unpatched devices and weak credentials create prime targets for both DDoS and cryptojacking operations.

FBI Network Breach Targets Surveillance Systems Hackers have reportedly compromised an FBI network used to manage wiretaps and foreign intelligence surveillance warrants, according to a CNN report citing an anonymous source. The breach was confirmed by an FBI spokesperson, who stated that the bureau detected and addressed "suspicious activities" on its systems, though no further details were provided. The incident marks the latest in a string of high-profile cyberattacks on U.S. government agencies and corporations. Last year, Chinese hackers infiltrated the U.S. Treasury and the National Nuclear Security Administration, while Russian operatives stole sealed court records. Separately, a Chinese state-linked group, Salt Typhoon, breached at least 200 U.S. companies, including major telecommunications providers like AT&T, Verizon, Lumen, Charter Communications, and Windstream. The FBI has not disclosed the extent of the breach or the identity of the attackers, but the incident underscores ongoing cybersecurity threats to critical U.S. infrastructure.

Credential-Based Attacks Dominate as Cybercriminals Exploit Identity Vulnerabilities The 2025 Verizon Data Breach Investigations Report reveals a stark shift in cyberattack tactics: 88% of basic web application breaches now involve stolen credentials, often serving as the sole entry point for attackers. This trend underscores a critical weakness in enterprise security identity has become the primary attack surface, with legacy access controls failing to keep pace. Human behavior remains a key enabler. 63% of employees admit to bypassing privileged access controls to avoid cumbersome authentication processes, highlighting how high-friction security measures inadvertently create workarounds that attackers exploit. Despite recognizing the risks, many organizations delay modernizing access systems due to concerns over cost and operational disruption. ### Why Legacy Credentials Are a Prime Target Attackers favor credential-based breaches because they provide stealthy, low-effort access to sensitive systems. Common attack vectors include: - Infostealer malware and phishing/social engineering to harvest credentials. - Cloning or theft of low-security proximity cards, which grant physical access to facilities, shared workstations, and printers escalating into broader network breaches. - Unattended endpoints, where stolen credentials enable lateral movement without triggering security alerts. ### Modern Solutions Exist but Adoption Lags Advancements in access control technology offer stronger protections, yet many organizations hesitate to adopt them: - Mobile credentials leverage encrypted, device-bound authentication, making cloning nearly impossible while improving user convenience. - FIDO authentication eliminates phishable passwords by using cryptographic keys stored on user devices, paired with biometrics or PINs aligning with Zero Trust principles. - Dual-technology readers allow gradual migration from legacy systems, reducing disruption during upgrades. Despite these options, misconceptions about modernization costs and complexity persist, leaving organizations exposed. ### A Phased Approach to Reducing Risk To bridge the gap between security needs and operational realities, experts recommend three key strategies: 1. Assess the Current Environment Conduct a comprehensive audit of physical and logical access controls to identify high-risk vulnerabilities. For example, proximity cards used for single sign-on (SSO) pose a greater threat than those limited to door access, due to their broader attack surface. 2. Align Stakeholders on a Phased Rollout Secure buy-in from physical security, IT, and cybersecurity teams to prioritize upgrades. Deploying dual-technology readers that support both legacy and modern credentials allows for incremental adoption while minimizing disruption. 3. Prioritize Employee Experience Pilot new solutions with small user groups, focusing on streamlined authentication (e.g., mobile credentials for doors, workstations, and SSO). Gather feedback on usability and vendor support to refine the rollout. ### The Cost of Inaction With the average data breach costing $4.4 million, delaying access control modernization is a growing liability. As attackers refine credential-based tactics, organizations clinging to outdated systems face unnecessary exposure while phased, strategic upgrades can reduce risk without derailing operations. The shift to modern identity security is no longer optional; it’s a necessity for defending against evolving threats.

Verizon Customers Targeted in Sophisticated Fraud Scheme Involving Fake IDs and Stolen PINs A Massachusetts family fell victim to a coordinated fraud scheme after hackers gained access to their Verizon account, using stolen credentials to purchase thousands of dollars in Apple devices at two retail locations. Laura and Eric Roppolo, residents of Holland, Massachusetts, first noticed irregularities when they received an early payment receipt referencing an unfamiliar card number. Days later, they discovered unauthorized purchases of iPhones and Apple Watches at Russell Cellular stores an authorized Verizon retailer in Danvers and Malden, towns they had never visited. The breach disrupted the family’s finances for over a week, freezing their bank accounts and halting direct deposits. Verizon confirmed that its two-step verification process requiring a government-issued ID and a PIN was followed at both stores, suggesting the suspect used a fake ID and somehow obtained the Roppolos’ PIN. How the PIN was compromised remains unclear, though authorities suspect phishing, mail theft, or eavesdropping on phone conversations as potential vectors. Malden Police identified a suspect captured on security footage at both stores during the fraudulent transactions. Investigators are working to confirm the individual’s identity, while the Roppolos have raised concerns about broader security vulnerabilities that could enable similar attacks. The case highlights the growing sophistication of fraud schemes targeting telecom accounts, where stolen personal data is leveraged to bypass verification protocols.

Exploited Vulnerabilities Surge as Top Initial Access Vector in 2025 Breaches Verizon’s latest Data Breach Investigations Report, analyzing over 22,000 breaches from October 2024 to October 2025, reveals a sharp rise in exploited vulnerabilities as the leading initial access method. Exploits accounted for 31% of breaches up from 20% the prior year highlighting the growing challenge of vulnerability management amid an overwhelming volume of unpatched flaws. Organizations struggled to keep pace, with only 26% of critical vulnerabilities in CISA’s Known Exploited Vulnerabilities (KEV) catalog fully remediated in 2025, down from 38% in 2024. The median patching time also worsened, stretching to 43 days nearly two weeks longer than the previous year’s 32 days. Meanwhile, the median number of KEV vulnerabilities requiring patches per organization rose from 11 to 16. As of February 2025, CISA’s KEV catalog listed over 1,500 CVEs, with 65% exploited in the past year. The most common weaknesses included out-of-bounds reads, heap-based buffer overflows, use-after-free flaws, external control of file paths, and incompatible resource access. Financially motivated attacks dominated, comprising 88% of breaches, while state-affiliated espionage made up the remainder. Ransomware remained a persistent threat, involved in 48% of breaches (up from 44% in 2024). However, ransom payments declined, with 69% of victims refusing to pay, and the median payment dropping from $150,000 to $140,000. Researchers noted challenges in tracking ransomware due to threat actors fabricating or recycling breach claims for notoriety. Despite data inconsistencies, ransomware’s prevalence showed no signs of slowing, reinforcing its status as a pervasive and adaptable cybersecurity threat.

Shadow AI and Vulnerability Exploits Dominate Latest Cybersecurity Threats, Verizon Report Finds A surge in unauthorized AI use by employees dubbed "shadow AI" is exposing organizations to significant insider risks, according to Verizon’s latest Data Breach Investigations Report (DBIR). The study, analyzing over 22,000 global breaches, reveals that 45% of professionals regularly use AI at work, with 67% of those accessing tools like ChatGPT, Claude, or coding platforms via personal, unauthorized accounts. This marks a fourfold increase in non-malicious insider actions compared to last year. Employees are feeding sensitive data into these platforms at an alarming rate: 28% of data loss prevention violations involved source code, while images, documents, and proprietary research were also uploaded. In 3.2% of cases, workers shared technical documentation, risking intellectual property exposure. The trend has prompted calls for stricter enterprise asset controls and the adoption of AI Bills of Materials (AI-BOMs), which track model configurations and provenance to help detect tampering or misuse. Beyond shadow AI, the report highlights a resurgence in vulnerability exploitation as the top breach cause, surpassing credential abuse (down 13% from 2024). Patching remains sluggish, with critical vulnerabilities from CISA’s Known Exploited Vulnerabilities (KEV) catalog remediated at just 26% down from 38% in 2025. The median time to resolve vulnerabilities also rose to 43 days, up from 32 days the prior year, despite a 50% increase in critical flaws requiring attention. Ransomware continued its dominance, appearing in 48% of breaches (up from 44%), though victim payments declined. Only 31% of organizations paid ransoms, with the median demand dropping to $139,875 from $150,000. The findings underscore persistent gaps in both human-driven risks and technical defenses.

Third-Party Risk Emerges as a Top Cybersecurity Threat in 2025 The 2025 Verizon Data Breach Investigations Report reveals a sharp rise in third-party breaches, now accounting for nearly 30% of all incidents double the rate from the previous year. Once treated as a compliance formality, third-party risk has become a primary attack vector, with attackers systematically exploiting trusted connections to infiltrate secure networks. Organizations now rely on hundreds or thousands of third-party integrations, creating sprawling ecosystems where a single weak link can compromise the entire chain. In Europe, 96% of major financial firms reported third-party breaches in the past year, while 97% were impacted through fourth parties vendors of their vendors. The problem is structural: security teams must defend environments they do not own or fully control, leaving them blind to real-time threats. Traditional third-party risk programs built on point-in-time assessments, questionnaires, and external scoring are ill-equipped to counter modern attacks. These methods document risk but fail to detect active compromises as they unfold. By the time a breach is discovered, attackers have already moved laterally through trusted pathways, forcing organizations into reactive incident response. The shift is driven by AI-powered adversaries, which map trust relationships, identify vulnerabilities, and launch automated, large-scale attacks in minutes. Meanwhile, enterprises accelerate third-party integrations with AI-driven workflows, expanding the attack surface faster than security teams can monitor. Manual defenses cannot keep pace with machine-speed threats. To close the gap, organizations must adopt an intelligence-led approach, moving from periodic assessments to continuous monitoring of their extended ecosystem. Key priorities include: - Mapping digital and third-party exposure to understand risk. - Detecting reconnaissance and targeting activity at the earliest stages. - Hardening AI systems against manipulation and abuse. - Tailoring intelligence to the organization’s specific risk profile. - Aligning IT, security, legal, and leadership for rapid, coordinated response. As third-party ecosystems grow and AI-driven attacks accelerate, outdated governance models are no longer sufficient. The most effective defenses will prioritize real-time threat detection and disruption, treating third-party risk not as a compliance exercise, but as a critical attack path demanding proactive, intelligence-driven security.

Ransomware Dominates Breaches, Shifting Cybersecurity Focus to Identity Resilience Ransomware remains a dominant threat, accounting for 44% of all breaches in 2025, according to Verizon’s Data Breach Investigations Report. The impact is even more severe for small and midsize businesses (SMBs), where ransomware plays a role in nearly 90% of breaches, compared to 39% for large organizations. Attackers increasingly target privileged accounts and identity infrastructure, such as Active Directory, to escalate access and lock out legitimate users within minutes. Even after data restoration, a compromised identity layer can prolong recovery, leaving organizations unable to regain control of their systems. As a result, identity recovery has become a cornerstone of cyber resilience. Identity systems are deeply embedded in authentication and access workflows, making their recovery critical to preventing reinfection. Security leaders now prioritize secure restoration to ensure attackers cannot re-enter compromised environments. The issue has escalated to board-level concern, with regulators and cyber insurers demanding tested recovery plans, immutable backups, and defined recovery time objectives (RTOs). Frameworks like GDPR and CCPA impose penalties for prolonged downtime, pushing organizations to adopt recovery engineering a structured, automated approach that aligns technical recovery with business priorities. Key capabilities for resilience include: - Identity resilience: Immutable backups and automated recovery for identity systems. - Zero-trust architecture: Least-privilege access and continuous authentication to limit attack spread. - Automated orchestration: Reducing manual steps to accelerate response times. - Regulatory readiness: Integrating compliance validation into resilience planning. - AI-ready protection: Securing data environments against autonomous threats with fast rollback capabilities. - Backup platform isolation: Treating backups as a separate security domain for minimal viable recovery. Companies like Cognizant and Rubrik are addressing these challenges with integrated solutions. Rubrik offers immutable storage, ransomware recovery, and Active Directory restoration, while Cognizant provides orchestration and domain expertise to align recovery with business continuity and compliance needs. Together, they aim to strengthen cyber resilience through a unified, service-based model.

A vulnerability was found in Verizon's Call Filter feature, permitting customers to access call logs of other Verizon users due to an unsecured API request. Discovered by Evan Connelly in February 2025, it was addressed by Verizon within a month. The issue stemmed from an API endpoint that did not verify if the phone number in the JWT payload matched the number whose call logs were retrieved, thus allowing users to view others' call histories. This security lapse presented risks particularly to high-profile individuals, with the potential to map out their daily routines and personal networks through call metadata.

Insider Threats Drive Rising Costs of Data Breaches, Reports Highlight Risks from Employee Departures A growing body of research underscores the severe financial and operational risks posed by insider threats particularly when employees leave an organization. According to IBM’s Cost of a Data Breach Report 2025, the global average cost of a data breach reached $4.44 million, with malicious insider attacks incurring even higher losses at $4.92 million. Even unintentional insider errors carried a significant price tag, averaging $3.62 million. The risk of data loss escalates during employee departures, whether voluntary or involuntary. Verizon’s 2025 Data Breach Investigations Report found that privilege misuse where insiders abuse legitimate access remains a leading cause of breaches, driven by financial motives, espionage, or personal grievances. While not all incidents are malicious, many stem from misunderstandings over data ownership, weak bring-your-own-device (BYOD) policies, or employees transferring work-related materials to personal devices. Voluntary resignations introduce unique challenges. Some departing employees may unknowingly retain sensitive data, while others deliberately exfiltrate proprietary information such as client lists, source code, or product formulas to gain a competitive edge at a new employer. The risk intensifies with involuntary terminations. Cyberhaven’s 2024 Insider Risk Report revealed a 720% surge in data exfiltration in the 24 hours preceding a layoff, as disgruntled employees may sabotage systems, sell access to hackers, or leak confidential data. The nature of the threat varies by role, with high-level access increasing potential damage. Common targets of exfiltration include customer data, intellectual property, and design files, often transferred via personal cloud storage, removable media, or generative AI tools. Remote employees are more likely to use unsecured methods like Bluetooth or AirDrop, further complicating detection. With insider threats accounting for a substantial share of breaches, organizations face a dual challenge: mitigating both accidental exposure and deliberate misuse of access particularly during periods of workforce transition.

6.8 Billion Credentials Leaked in One of History’s Largest Data Dumps A threat actor known as Addka72424 has released a staggering 6.8 billion email-password pairs one of the largest credential dumps ever recorded freely available on underground forums. Unlike a single breach, this dataset is a compilation of stolen credentials from dozens of prior incidents, stitched together into a searchable, weaponized database. Security researchers have confirmed its authenticity, warning that the leak provides cybercriminals with an unprecedented attack surface for credential-stuffing campaigns. ### The Scale and Mechanics of the Leak The dataset is not the result of a new breach but rather an aggregation of years of compromised data, deduplicated and repackaged for maximum utility. Credential stuffing where attackers automate login attempts using stolen credentials remains a highly effective attack vector due to widespread password reuse. Even a <1% success rate across 6.8 billion records could compromise tens of millions of accounts, granting access to email, banking, corporate VPNs, and cloud services. ### Who Is Behind the Attack? The identity of Addka72424 remains unknown, but their motives appear to blend notoriety-seeking with disruption of the underground data economy. By releasing the dataset for free rather than selling it they may be attempting to undermine paid credential markets while establishing dominance in hacking circles. Similar tactics were seen in the 2019 "Collection #1" leak, which exposed 773 million unique emails. ### The Credential Reuse Crisis The leak arrives as organizations already struggle with stolen credentials as the top initial attack vector, responsible for nearly 50% of data breaches (per Verizon’s 2024 report). Despite repeated warnings, password reuse remains rampant 85% of users admit to reusing passwords across sites (Bitwarden, 2023). Enterprises face heightened risk when employees use corporate emails for third-party services, as breaches in those services can expose credentials used to probe internal systems. ### Regulatory and Security Implications The leak triggers urgent compliance concerns, particularly under GDPR (72-hour breach notification) and SEC cybersecurity disclosure rules (4-day reporting for material incidents). Organizations must assess exposure, enforce password resets, and accelerate multi-factor authentication (MFA) adoption though MFA remains underutilized, with only 37% of Azure AD accounts protected (Microsoft, 2023). ### A Broken Authentication System The incident underscores the fundamental flaws of password-based security, long deemed obsolete by experts. While passkey standards (FIDO Alliance) offer a promising alternative, adoption remains slow. Until then, the 6.8 billion leaked credentials serve as a stark reminder that no password is truly private and defenses must assume breach as the baseline.

The True Cost of a Data Breach vs. Penetration Testing: A Financial Reality Check In 2025, the global average cost of a data breach reached $4.44 million, with U.S. organizations facing an even steeper $10.22 million per incident, according to IBM. By contrast, penetration testing (pentesting) typically ranges from $5,000 to $30,000, with complex engagements exceeding $100,000 making proactive security assessments a fraction of the potential financial fallout from a breach. The disparity stems from the nature of the costs involved. A breach triggers reactive spending: incident response, forensics, legal fees, regulatory fines, downtime, customer churn, and reputational damage. A pentest, however, is a proactive investment a scoped security assessment that includes manual attack simulations, evidence-backed findings, and remediation guidance. While no test guarantees immunity, the financial gap between prevention and recovery is stark. IBM’s 2025 report also highlights that organizations leveraging security AI and automation saved $1.9 million per breach compared to those that didn’t, while weak AI governance and access controls correlated with higher risks. Meanwhile, Verizon’s 2025 Data Breach Investigations Report (DBIR) found that credential abuse (22%), vulnerability exploitation (20%), and ransomware (44% of breaches) remain dominant attack vectors precisely the threats pentesting aims to uncover before attackers do. ### What Drives Pentest Costs? Pricing varies based on several factors: - Scope: Number of apps, hosts, endpoints, and integrations. - Test type: Web, API, cloud, mobile, or network assessments. - Depth: Authenticated testing (critical for identifying misuse paths) vs. unauthenticated scans. - Methodology: Manual validation (required for business logic flaws and chained attacks) vs. automated tools. - Reporting: Compliance mapping, evidence documentation, and retesting. Guidance from Google, OWASP, and FedRAMP emphasizes that effective pentesting goes beyond automated scanning, requiring manual work to identify complex vulnerabilities. For example, FedRAMP mandates detailed attack narratives, evidence, and remediation steps not just scanner output. ### When Does Pentesting Pay Off? The ROI becomes clear when comparing costs: - A $15,000 pentest vs. a $4.44 million global breach. - A $30,000 test vs. a $10.22 million U.S. breach. - Even a $60,000 assessment pales next to major incident recovery costs. The decision hinges on business impact: - Is the system internet-facing, multi-tenant, or tied to customer data? - Would a breach disrupt revenue, compliance, or trust? - Does the asset require depth (e.g., SaaS platforms, APIs, healthcare systems) or just light validation? For low-risk assets, a smaller engagement may suffice. For revenue-critical, regulated, or high-exposure systems, deeper manual testing is the smarter choice. The key is aligning the test’s rigor with the level of business risk not just opting for the cheapest option.

Retail Cyberattacks Surge in 2025, with Espionage on the Rise The retail sector faced a sharp increase in cyber incidents in 2025, with 997 security breaches recorded by Verizon 806 of which involved confirmed data disclosure. This marks a significant rise from 2024, when 837 incidents and 419 confirmed breaches were reported. The 2026 Verizon Data Breach Investigations Report highlights that system intrusion, web application attacks, and social engineering accounted for 95% of all retail breaches, mirroring trends from the previous year. External threat actors dominated, making up 99% of incidents, while 85% were financially motivated. However, espionage-driven attacks surged, rising from 1% in 2023 and 9% in 2024 to 19% in 2025. The most commonly compromised data included internal information (84%), credentials (26%), and secrets (20%). The leading attack vectors in retail were exploitation of vulnerabilities (42%), credential abuse (14%), and phishing (9%). Verizon’s findings are based on 31,000 real-world security incidents across 145 countries, with 22,000 confirmed breaches analyzed. The report underscores the growing sophistication of cyber threats targeting the retail industry.

Verizon’s 2026 DBIR: Vulnerability Exploitation Dominates Data Breaches as AI Accelerates Attacks Verizon’s latest Data Breach Investigations Report (DBIR) reveals a sharp rise in cyber threats, with 31,000 security incidents analyzed in 2025 over 22,000 confirmed breaches, nearly double the previous year’s total. The report highlights unpatched vulnerabilities as the leading attack vector, responsible for 31% of breaches, surpassing credential abuse (13%), which previously topped the list. Threat actors are increasingly leveraging AI to expedite exploitation, shrinking the defense window from months to mere hours. Verizon warns that this rapid weaponization strains security teams, while median patching times have worsened, rising to 43 days in 2025 from 32 days in 2024. Organizations patched only 26% of critical flaws in CISA’s Known Exploited Vulnerabilities (KEV) catalog last year, down from 38% in 2024, with the number of critical vulnerabilities requiring remediation increasing by 50%. Ransomware remained a dominant threat, involved in 48% of breaches (up from 44%), though median ransom payments fell below $140,000, with only 31% of victims paying. Third-party risks also surged, contributing to 48% of breaches a 60% increase as reliance on external software and services expanded attack surfaces. Only 23% of third-party cloud providers fully remediated missing or misconfigured MFA, with half resolving issues within a month. AI’s role in cyberattacks is growing, with threat actors using generative AI for targeting, initial access, and malware development. The report notes that attackers employed AI in 15 documented techniques on average, with some leveraging up to 50. Meanwhile, shadow AI unauthorized use of generative AI services remains a concern, as 67% of users access non-corporate AI tools from work devices, and 45% of employees are regular AI users, up from 15% last year. Human factors persisted as a major weakness, with 62% of breaches involving human error or social engineering, which accounted for 16% of incidents. Mobile phishing attacks saw a 40% higher success rate than email-based campaigns. The findings underscore a critical gap in proactive security, as organizations struggle to address vulnerabilities before exploitation particularly as AI reshapes the threat landscape.

Verizon Report Reveals Alarming Surge in Data Breaches as Disclosure Gaps Widen Verizon’s 2025 Data Breach Investigations Report documented over 12,000 breaches in the past year nearly 34 incidents daily highlighting the escalating scale of cyber threats. However, security researcher Troy Hunt, founder of Have I Been Pwned, warns that breached organizations are increasingly withholding disclosure, leaving victims unaware of exposures. While dark web monitoring services are often marketed as a defense against hidden threats, Hunt clarifies that most compromised data surfaces not on the dark web but on publicly accessible hacker forums and markets. These services function by cross-referencing user-provided details (such as email addresses, phone numbers, or credit card information) against a database of known breaches, alerting users if their data appears in new leaks. The infrastructure behind these tools is robust, with contributions from law enforcement agencies including the FBI, which feeds compromised passwords into Have I Been Pwned as well as infosec industry collaborations and even direct tips from hackers. Once leaked, stolen data rarely remains hidden for long, circulating widely across underground and clear-web platforms. Despite the lack of control individuals have over breaches, the rapid dissemination of exposed data enables monitoring services to provide early warnings though gaps in corporate transparency continue to undermine broader cybersecurity efforts.

Verizon's network was breached by Chinese hackers codenamed Salt Typhoon, who targeted high-profile individuals including Donald Trump and JD Vance. Officials suggest this breach could have allowed access to private communications and metadata, raising concerns about potential influence operations or espionage. Although the full extent of the data accessed is unclear, metadata alone could reveal sensitive information about the individuals' contacts and communication patterns. This incident showcases the susceptibility of telecommunications infrastructures to sophisticated cyber espionage and its potential implications on national security.

Chinese state-sponsored hackers, identified as Salt Typhoon, penetrated Verizon's network with the intention of obtaining sensitive phone communications, including those involving Donald Trump and J.D. Vance, potentially affecting the upcoming 2024 US presidential election. The breach may have compromised metadata about communications and possibly exposed unencrypted voice or text conversations. The security incident signifies a substantial espionage threat by harvesting information that could be used for influence operations.

Ransomware Surges in Africa, Driven by Cybersecurity Gaps and Financial Incentives Ransomware malicious software that locks or encrypts a victim’s data until a ransom is paid remains one of the most damaging cyber threats globally, with Africa emerging as a key target in 2024. According to an Interpol report, South Africa and Egypt reported over 12,000 and 17,000 ransomware detections, respectively, highlighting the continent’s vulnerability. A Sophos report revealed that 71% of South African organizations hit by ransomware in early 2025 paid the demanded sum to recover their data. However, the true cost extends beyond payments, encompassing revenue losses from downtime, operational disruptions, and reputational harm. Attackers often target critical infrastructure such as power grids, healthcare systems, and financial networks where service interruptions create maximum pressure to comply. When victims refuse, cybercriminals frequently escalate threats by leaking sensitive data. Africa’s cybersecurity gap fuels this trend. Many organizations lack dedicated resources, skilled personnel, or robust infrastructure to defend against attacks. Weak security controls including poor password practices, unmonitored networks, and insufficient intrusion detection allow hackers to exploit vulnerabilities. Human error, particularly through phishing emails, remains a leading entry point, with employees unknowingly downloading malicious attachments or clicking compromised links. Ransomware tools are increasingly commodified, sold by professional hackers to lower-skilled criminals, expanding the threat landscape. Attackers demand untraceable cryptocurrency payments, often employing double extortion tactics demanding ransom while threatening to publish stolen data on the dark web or social media. Groups like Medusa amplify pressure by publicly shaming victims, while leaked credentials fuel further phishing scams and breaches. Verizon’s 2025 Data Breach Report noted a 37% year-over-year increase in ransomware attacks, underscoring widespread unpreparedness. Experts emphasize the need for proactive measures, including strong access controls, network monitoring, regular backups, and employee training. Business continuity and disaster recovery plans are critical to minimizing downtime, while external cybersecurity expertise and cyber insurance can mitigate residual risks. Despite no foolproof defense, organizations are urged to adopt layered security strategies to reduce exposure. The rise in attacks reflects both the financial incentives for cybercriminals and the persistent gaps in Africa’s cyber resilience.

The Vermont Office of the Attorney General reported on February 8, 2024, that Verizon Communications experienced a data breach on or around September 21, 2023. The breach involved unauthorized access to employee personal information, potentially affecting individuals' names, Social Security numbers, dates of birth, and compensation information. The number of individuals affected has not been disclosed.

A hacker obtained a database that included the full name, email address, corporate ID numbers, and phone number of hundreds of Verizon employees. The hackers confirmed that gained access to a Verizon internal tool that shows employee’s information, and wrote a script to query and scrape the database after convincing a Verizon employee to give them remote access to their corporate computer. The hackers demanded $250,000 as a reward for not leaking their entire employee database.

Specialists at the Kromtech Security Research Centre have uncovered a fresh Verizon breach that revealed private and delicate information on internal networks. Server logs and internal system credentials are among the many documents that have been leaked; the vast collection of papers was discovered on an unprotected Amazon S3 bucket. The archive appears to make reference to internal systems used by Verizon Wireless, called Distributed Vision Services (DVS). DVS is a middleware system that the business uses to transfer data from back-end systems to front-end applications that employees and staff in call centres and stores utilise. 129 Outlook messages with internal conversations within the Verizon Wireless domain were found in another folder, and other folders included secret internal Verizon information.

Verizon suffered from a security breach that exposed 14 million customer accounts. A hacker obtained a database that included names, addresses, account records and account PIN numbers. The database and its terabytes of internal information were discovered without any real protection, according to cybersecurity company UpGuard, by one of its researchers.

A vulnerability in Verizon’s in Verizon’s online customer service system. The exposed information included only user IDs, phone numbers, and device names.

On July 20, 2017, the Montana Department of Justice reported a data breach involving Verizon. The breach occurred due to unauthorized access to payment card and reservation information through Sabre Hospitality Solutions’ system. The breach was first accessed on August 10, 2016, and the last access was recorded on March 9, 2017, affecting 2 individuals. The unauthorized access resulted in the potential compromise of sensitive customer information, posing risks to their financial and personal data.

KrebsOnSecurity claims that information that was exposed during a Verizon Enterprise Solutions security breach is accessible to cybercriminals. Verizon Enterprise is selling the records of 1.5 million of its customers; the full archive is being offered for $100,000, but purchasers can also purchase a bundle of 100,000 records for $10,000. Additionally, the hackers provided knowledge regarding Verizon security holes that probably made it possible to breach one of the company's systems. Representatives from Verizon Enterprise have acknowledged the website's data breach and the existence of the vulnerability that the attackers used, which has since been addressed by the company's experts. The business stated that no further data or customer-specific proprietary network information was accessed by the hackers.

Vickery found a Verizon database set up for public access with no password or other form of verification. The database contains enormous amounts of data and metadata for DVR, VOD, and Fios Hydra services, as well as private Verizon encryption and authentication keys (PSKs), access tokens, and password hashes. Vickery quickly notified Verizon about the cybersecurity vulnerability after seeing the incorrectly configured database. The alert was instantly raised, but it took the corporation weeks to fix the problem. Verizon's data was offered for sale on a darknet forum for $100,000. Additionally, the crooks sold details on the firm's cybersecurity weaknesses.