Here is collection of some cyber security trends and predictions for 2025 from various sources:
Pimeän verkon keskustelut paljastavat: Tällaista kyytiä on luvassa vuonna 2025
Keskustelut paljastavat ensi vuoden uhkakuvat.
https://www.is.fi/digitoday/tietoturva/art-2000010908617.html
VPN provider NordVPN has partnered with researchers at NordStellar to predict the cyber threats of 2025. The companies analyzed the largest dark web forums to identify the most talked about and trending topics. These include:
Advanced disinformation services
Stolen digital identities
AI-based social engineering
Smart home vulnerabilities
The state of connected homes is already fragile, NordVPN warns.
Kyberturvallisuuden ja tekoälyn tärkeimmät trendit 2025
https://www.uusiteknologia.fi/2024/11/20/kyberturvallisuuden-ja-tekoalyn-tarkeimmat-trendit-2025/
Security firm Palo Alto Networks has released a comprehensive list of emerging threats and the impact of advances in artificial intelligence (AI) for the coming year. While they present their own risks, they also help malicious actors seek help to exploit the new capabilities of AI.
Cyber infrastructure is focused on one unified security platform
Large amounts of data give an advantage against new entrepreneurs
Businesses are increasingly adopting secure enterprise browsers
In 2025, more attention will be paid to the energy impacts of artificial intelligence
The realities of quantum technology will become clearer in 2025
Security and marketing directors work more closely together
Kyberhyökkäykset ovat entistä laajempia, röyhkeämpiä ja vahingollisempia.
https://www.verkkouutiset.fi/?p=694453#9c1dc2d3
Cybersecurity company Fortinet has published a cyber threat forecast for 2025. According to it, threat actors will continue to rely on many traditional tactics that have been used for decades.
According to the report, the following cyber threats will be increasingly seen around the world starting next year.
Cybercriminals specialize in certain stages of the attack chain
Attacks on cloud environments are becoming more common
Automated hacking tools on dark web sales platforms
Real-life threats become part of attackers’ tactics
Anti-attack groups expand cooperation
A grim forecast for 2025
Security company warns of new-age cyberattacks.
https://www.iltalehti.fi/digiuutiset/a/3ba5142e-f0ee-43fe-8bd2-4468a9d2d5bd
According to security company Fortinet, many cybercriminals are making better attacks than before, which is not a good thing at all. In addition, old protection methods may not be enough as criminals find new ways to attack.
The company’s Fortiguard Labs team has compiled an updated threat forecast report for 2025, which underlines that cyberattacks are becoming more targeted and harmful, for example, as turnkey cyberattack services become more common.
1 Specialization
2 Cloud and artificial intelligence as themes
3 Real-life threats are part of the tactic
Fortinet reminds us that the responsibility for ensuring information security lies with everyone, not just corporate security and IT teams.
– No single organization or security team can prevent cybercrime on its own, it underlines.
Guidance to survive 2025:
Product Security Bad Practices
https://www.cisa.gov/resources-tools/resources/product-security-bad-practices
MITRE shares 2024′s top 25 most dangerous software weaknesses
https://www.bleepingcomputer.com/news/security/mitre-shares-2024s-top-25-most-dangerous-software-weaknesses/
Six password takeaways from the updated NIST cybersecurity framework
https://www.bleepingcomputer.com/news/security/six-password-takeaways-from-the-updated-nist-cybersecurity-framework/
180 Comments
Tomi Engdahl says:
8,000 New WordPress Vulnerabilities Reported in 2024
Nearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes.
https://www.securityweek.com/8000-new-wordpress-vulnerabilities-reported-in-2024/
Tomi Engdahl says:
https://www.securityweek.com/medusa-ransomware-made-300-critical-infrastructure-victims/
Tomi Engdahl says:
Tietokoneviruksia ja kyberhyökkäyksiä – Mikko Hyppönen kertoo uudesta Haittaohjelmamuseosta
https://www.youtube.com/watch?v=C2W–_Yj2Po
Kävin perjantaina Presstekin (Tekniikan toimittajien yhdistys) kanssa tutustumassa WithSecureen ja samalla saimme myös kiertokäynnin uudessa Haittaohjelmataidemuseossa. Oppanamme oli itse Mikko Hyppönen, joka toimii myös museon kuraattorina. Videolla on lyhennetty versio kiertokäynnistämme ja Mikon esittelystä.
Tomi Engdahl says:
https://www.securityweek.com/through-the-lens-of-music-what-cybersecurity-can-learn-from-joni-mitchell/
Tomi Engdahl says:
SecurityWeek
Malware & Threats
Security Operations
Security Architecture
Risk Management
CISO Strategy
ICS/OT
Funding/M&A
Cybersecurity News
Webcasts
Virtual Events
ICS Cybersecurity Conference
Connect with us
Hi, what are you looking for?
SecurityWeek
SecurityWeek
SecurityWeek
Malware & Threats
Cyberwarfare
Cybercrime
Data Breaches
Fraud & Identity Theft
Nation-State
Ransomware
Vulnerabilities
Security Operations
Threat Intelligence
Incident Response
Tracking & Law Enforcement
Security Architecture
Application Security
Cloud Security
Endpoint Security
Identity & Access
IoT Security
Mobile & Wireless
Network Security
Risk Management
Cyber Insurance
Data Protection
Privacy & Compliance
Supply Chain Security
CISO Strategy
Cyber Insurance
CISO Conversations
CISO Forum
ICS/OT
Industrial Cybersecurity
ICS Cybersecurity Conference
Funding/M&A
Cybersecurity Funding
M&A Tracker
Which Security Testing Approach is Right for You?
Uncategorized
Browser Security Under Siege: The Alarming Rise of AI-Powered Phishing
Analysis reveals a 140% increase in browser phishing, including a 130% increase in zero-hour phishing attacks.
https://www.securityweek.com/browser-security-under-siege-the-alarming-rise-of-ai-powered-phishing/
Browser security cannot be ignored. It’s where people spend most of their working day, and it’s where attackers focus most of their attacks.
Statistics come from Menlo Security’s analysis of 750,000 browser-based phishing attacks targeting more than 800 entities detected over the last 12 months. This analysis reveals a 140% increase in browser phishing, including a 130% increase in zero-hour phishing attacks (effectively, a zero-day attack applied to phishing).
The reasons for the growth are multiple: our growing reliance on the browser for much of our daily work, the prevalence of zero-day vulnerabilities, the increasing sophistication of the cybercriminal underworld, and, worryingly, the growing influence of gen-AI. Gen-AI is particularly concerning, both for its use today and its potential use in the future.
“Threat actors have advanced in speed and skills. They are using the same tools and infrastructure as professional engineers,” comments Andrew Harding, VP of security strategy at Menlo Security. “We’re seeing a dangerous combination of zero-day attacks, advanced social engineering techniques, sophisticated phishing techniques, and readily available phishing-as-a-service kits, all designed to infiltrate systems and steal valuable data.”
Tomi Engdahl says:
Blocking DDoS Attacks
Once a DDoS attack is detected, WAFs take action to neutralize it without disrupting legitimate users:
IP Blocking and Blacklisting:Suspicious or confirmed malicious IP addresses are blocked outright, either temporarily or permanently, depending on the severity and WAF configuration.
Request Filtering:WAFs drop malformed or malicious HTTP requests (e.g., oversized headers, invalid payloads) commonly used in Layer 7 DDoS attacks like HTTP floods.
Traffic Redirection:For cloud-hosted websites, WAFs often integrate with CDNs (e.g., Cloudflare, Akamai) to reroute traffic through distributed servers. This spreads the attack load across a global network, reducing the impact on the origin server.
Dynamic Scaling:Cloud-based WAFs can scale resources automatically to absorb volumetric attacks (e.g., SYN floods or UDP floods), ensuring the website remains operational.
Custom Rules and Policies:Administrators can configure WAFs with custom rules tailored to the website’s needs. For instance, blocking requests targeting a specific API endpoint being abused in a DDoS attack.
https://www.facebook.com/share/p/1FzvydZRkM/
Tomi Engdahl says:
https://blog.cloudflare.com/monitoring-and-forensics/
Tomi Engdahl says:
https://blog.cloudflare.com/browser-based-rdp/
Tomi Engdahl says:
https://www.csoonline.com/article/3850791/7-cutting-edge-encryption-techniques-for-reimagining-data-security.html
Tomi Engdahl says:
https://ssd.eff.org/module/how-to-use-signal?fbclid=IwY2xjawJVRHhleHRuA2FlbQIxMQABHelEduO4gTGFvfadY-13W5l_B3uhGqpY6Aw3_VLOtJFeILKsFzNvrMJtKg_aem_6TCIb10hU1Z1Y6HmfAz7cw
Tomi Engdahl says:
https://www.helpnetsecurity.com/2025/03/27/hottest-cybersecurity-open-source-tools-of-the-month-march-2025/
Tomi Engdahl says:
Cloudflare open sources OPKSSH to bring Single Sign-On to SSH
OPKSSH (OpenPubkey SSH) makes it easy to authenticate to servers over SSH using OpenID Connect (OIDC), allowing developers to ditch manually configured SSH keys in favor of identity provider-based access.
https://www.helpnetsecurity.com/2025/03/28/opkssh-sso-ssh/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/new-ubuntu-linux-security-bypasses-require-manual-mitigations/
Tomi Engdahl says:
After Trump’s decree: fight for US funding for Tor, F-Droid and Let’s Encrypt
Following a decree by US President Trump, the Open Technology Fund is no longer receiving funding. That is why the organization is now going to court.
https://www.heise.de/en/news/After-Trump-s-decree-fight-for-US-funding-for-Tor-F-Droid-and-Let-s-Encrypt-10328335.html
Tomi Engdahl says:
Compliance
PCI DSS 4.0.1: A Cybersecurity Blueprint by the Industry, for the Industry
As PCI DSS 4.0.1 comes into force, it shows the power of industry collaboration in cybersecurity.
https://www.securityweek.com/pci-dss-4-0-1-a-cybersecurity-blueprint-by-the-industry-for-the-industry/
Tomi Engdahl says:
https://etn.fi/index.php/opinion/17384-joskus-yksittaeinen-komponentti-voi-olla-vaarallinen-takaovi
Tomi Engdahl says:
Artificial Intelligence
AI Now Outsmarts Humans in Spear Phishing, Analysis Shows
Agentic AI has improved spear phishing effectiveness by 55% since 2023, research shows.
https://www.securityweek.com/ai-now-outsmarts-humans-in-spear-phishing-analysis-shows/
Tomi Engdahl says:
Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools
Google plans to unleash automated AI agents into overtaxed SOCs to reduce the manual workload for cybersecurity investigators.
https://www.securityweek.com/google-targets-soc-overload-with-automated-ai-alert-and-malware-analysis-tools/
Tomi Engdahl says:
Cloud Security
Groucho’s Wit, Cloud Complexity, and the Case for Consistent Security Policy
The greatest security policies in the world are useless if enterprises don’t have a reasonable, consistent, and reliable way to implement them.
https://www.securityweek.com/grouchos-wit-cloud-complexity-and-the-case-for-consistent-security-policy/
Tomi Engdahl says:
Artificial Intelligence
AI Giving Rise of the ‘Zero-Knowledge’ Threat Actor
The rise of zero-knowledge threat actors powered by AI marks a turning point in the business of cybercrime where sophisticated attacks are no longer confined to skilled attackers.
https://www.securityweek.com/ai-giving-rise-of-the-zero-knowledge-threat-actor/
Tomi Engdahl says:
Artificial Intelligence
Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows
Experimental Sec-Gemini v1 touts a combination of Google’s Gemini LLM capabilities with real-time security data and tooling from Mandiant.
https://www.securityweek.com/google-pushing-sec-gemini-ai-model-for-threat-intel-workflows/
Tomi Engdahl says:
Network Security
DNS: The Secret Weapon CISOs May Be Overlooking in the Fight Against Cyberattacks
While often relegated to a purely functional role, DNS offers unparalleled opportunities for preemptive defense against cyberattacks.
https://www.securityweek.com/dns-the-secret-weapon-cisos-may-be-overlooking-in-the-fight-against-cyberattacks/
Tomi Engdahl says:
https://www.uusiteknologia.fi/2025/04/09/isoja-muutoksia-pian-alylaitteiden-tietoturvaan/
https://etn.fi/index.php/opinion/17384-joskus-yksittaeinen-komponentti-voi-olla-vaarallinen-takaovi
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17412-windows-10-tuen-loppuminen-tuo-kissanpaeivaet-verkkorikollisille
Tomi Engdahl says:
SSL/TLS certificate lifespans reduced to 47 days by 2029
https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/
The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029.
The CA/Browser Forum is a group of certificate authorities (CAs) and software vendors, including browser developers, working together to establish and maintain security standards for digital certificates used in Internet communications.
Its members include major CAs like DigiCert and GlobalSign, as well as browser vendors such as Google, Apple, Mozilla, and Microsoft.
With 25 votes for and none against, the CA/Browser Forum has now ruled to shorten the lifespan as follows:
From March 15, 2026, certificate lifespan and DCV will be reduced to 200 days
From March 15, 2027, certificate lifespan and DCV will be reduced to 100 days
From March 15, 2029, the certificate lifespan will be reduced to 47 days and DCV to 10 days
Tomi Engdahl says:
ICS/OT
Rising Tides: Bryson Bort on Cyber Entrepreneurship and the Needed Focus on Critical Infrastructure
Very few people in the cybersecurity industry do not know, or know of, Bryson Bort, CEO/Founder of SCYTHE and the co-founder of ICS Village.
https://www.securityweek.com/rising-tides-bryson-bort-on-cyber-entrepreneurship-and-the-needed-focus-on-critical-infrastructure/
Tomi Engdahl says:
Supply Chain Security
AI Hallucinations Create a New Software Supply Chain Threat
Researchers uncover new software supply chain threat from LLM-generated package hallucinations.
https://www.securityweek.com/ai-hallucinations-create-a-new-software-supply-chain-threat/
Tomi Engdahl says:
MITRE Warns CVE Program Faces Disruption Amid US Funding Uncertainty
MITRE warns of a deterioration of national vulnerability databases and advisories, slowed vendor reaction and limited response operations.
https://www.securityweek.com/mitre-signals-potential-cve-program-deterioration-as-us-gov-funding-expires/
Tomi Engdahl says:
Data Protection
Blockchain, Quantum, and IoT Firms Unite to Secure Satellite Communications Against Quantum Threats
Partisia, Squareroot8, and NuSpace join forces in a global partnership to advance quantum-safe communications.
https://www.securityweek.com/blockchain-quantum-and-iot-firms-unite-to-secure-satellite-communications-against-quantum-threats/
Tomi Engdahl says:
Many Mobile Apps Fail Basic Security—Posing Serious Risks to Enterprises
Top-ranked mobile apps found using hardcoded keys and exposed cloud buckets.
https://www.securityweek.com/many-mobile-apps-fail-basic-security-posing-serious-risks-to-enterprises/
Estimates show the number of people who had personal data compromised increased by 312% from 2023 to 2024.
Zimperium’s zLabs researchers examined 17,333 Android and iOS mobile apps obtained from the official app stores and being used by the firm’s own enterprise customers’ employees. This follows an estimated increase of 312% in the number of individuals who had personal data compromised in 2024: from 419 million in 2023 to 1.7 billion in 2024 (figures from the Identity Theft Resource Center (ITRC).
With personal mobile phones increasingly being used within business environments, these numbers are likely to grow, and the consequent threat to business systems will increase.
The two most common app weaknesses discovered by the researchers include misconfigured use of cloud storage, and use of poor cryptography.
From the mobile apps examined, 83 Android apps (4 from within Google Play Store’s top 100 popularity list) were found to use unprotected or misconfigured cloud storage. In some of the stores the file indexes are world viewable, and in others the content can be accessed without credentials. Since criminals are continuously scanning the internet for such unprotected repositories, this is a serious threat to the data they contain.
Ten Android apps expose credentials to AWS cloud services – allowing attackers to read data and possibly write false data into the store.
“Misconfiguration in cloud storage and exposed credentials is the same as leaving the front door open and saying the house is safe,” comments Boris Cipot, senior security engineer at Black Duck. “This is an open invitation for attackers to steal data simply by exploiting sloppy security configurations or application security.”