SOCRadar’s Dark Web Research into Major Underground Markets of 2025

Posted in Commentary with tags on January 15, 2026 by itnerd

The SOCRadar threat research team will publish its Annual Dark Web Report, a structured view of illicit activity observed across major underground markets during 2025.

This includes the most impacted industries, U.S. targeting trends, the economy behind the dark web, the scale of stealer impacts, as well as AI democratization. 

Some key findings include: 

  • The U.S. is the primary target across multiple threat types, accounting for 41.42% of ransomware attacks which is a drop from 53.30% in 2024.
  • Public Administration is the most exposed industry on the Dark Web, indicating sustained pressure on government institutions through data leaks.
  • In 2025, Akira took the first place in terms of activity with 8.35% of ransomware attacks.
  • Deepfake, voice manipulation, and pentesting tools now openly available without dark web access, eliminating vetting barriers previously limiting access to well-resourced actors.

Furthermore, this research breaks down the value of regional credit cards, the market behind vulnerability exploits (the costs for low-end and mid-tier vulns increased, but high-end ones decreased), as well as the impact of stolen data (Facebook seeing 93.2M accounts among stolen logs). 

The report is here: SOCRadar Annual Dark Web Report 2025

Leave a comment »

Ransomware Victims and Threat Groups Surge to Record Levels, GuidePoint Security Finds

Posted in Commentary with tags on January 15, 2026 by itnerd

GuidePoint Security announced today the release of the GuidePoint Research and Intelligence Team’s (GRIT) annual Ransomware & Cyber Threat Report.

The GRIT 2026 Ransomware & Cyber Threat Report provides exclusive in-depth research, insights and analysis on a year of record-breaking ransomware activity, examining who cybercriminals are targeting (and why), the top tactics threat actors are using and how shifting ransomware group dynamics are redefining the threat landscape.

Findings from this year’s report include:

  • Ransomware victim numbers hit a new all-time high. 2,287 ransomware victims were posted in Q4 2025 alone — the largest number recorded in a single quarter since the report’s inception.
  • The number of threat groups has reached record levels. 124 distinct ransomware groups were active in 2025, the highest ever recorded and a 46% year-over-year increase.
  • The United States remains a top geographic target for ransomware attacks. In 2025, more than half (55%) of ransomware victims were based in the U.S.
  • A new RaaS leader has emerged. Qilin’s activity levels in 2025 were the highest of any group ever observed.
  • The Manufacturing industry was most heavily impacted by ransomware, accounting for 14% of attacks. The Technology (9%) and Retail/Wholesale (7%) industries followed closely behind.
  • High ransomware activity levels should continue in 2026. December 2025 was the most active month for claimed ransomware victims on record with 814 successful attacks — a 42% year-over-year increase.

The report also explores the growing use of AI in ransomware attacks, examines the impact of zero-day vulnerabilities on ransomware and takes an in-depth look at major ransomware operators throughout the year, including an analysis of ransomware payments made to the Qilin and Akira groups.

The GRIT 2026 Ransomware & Cyber Threat Report is based on data obtained from publicly available resources, vendor threat research, internal incident response case data and open-source intelligence collected from illicit forums and marketplaces.

Leave a comment »

Team Cymru and OpenCTI Partner to Supercharge Threat Intelligence With Global Visibility

Posted in Commentary with tags on January 14, 2026 by itnerd

Team Cymru today announced a strategic partnership and integration with OpenCTI, the widely adopted open-source threat intelligence platform developed by Filigran. The collaboration brings Team Cymru’s Pure Signal intelligence and Scout capabilities directly into OpenCTI, enabling defenders to access global visibility, instant enrichment, and automated threat-hunting workflows without ever leaving the platform.

The integration transforms the analyst experience by replacing manual lookups with immediate clarity. Alerts can now be enriched on demand with global context, allowing analysts to quickly determine whether an IP is a controller, VPN endpoint, proxy, or part of a broader campaign. This greatly accelerates triage and response by delivering decision-ready intelligence within the analyst’s existing workflow rather than forcing them to pivot across tools. Teams can also shift from reactive operations to proactive threat hunting, using automated playbooks to continuously uncover emerging malicious infrastructure, such as ransomware or DPRK-aligned activity, as soon as adversaries establish it.

By fusing internal incident data with Team Cymru’s global perspective on NetFlow-derived insights, infrastructure classifications, and traffic patterns, organizations gain a more complete understanding of threats and the entities behind them. The integration further enables dynamic indicator generation by automatically converting complex Scout search results into STIX indicators, allowing immediate monitoring, alerting, and sharing across the OpenCTI ecosystem. In practical terms, the collaboration equips analysts with the equivalent of expanding their view from only the cameras inside their building to the entire city’s traffic camera network, offering visibility into threats long before they arrive at the door.

From Filigran’s perspective, the partnership enhances both operational value and the broader open-source intelligence community. “The strength of the threat-intelligence community comes from openness and collaboration. Integrating Team Cymru’s Pure Signal with OpenCTI empowers defenders everywhere with richer context and faster analytic workflows, all while preserving the transparency and extensibility of our platform. We are proud to partner with an organization committed to elevating the global security ecosystem,” said Samuel Hassine, CEO and Co-Founder of Filigran.

This partnership underscores Team Cymru’s commitment to delivering actionable visibility that helps organizations move from reactive response to proactive, intelligence-driven defense. The integration is available now for all OpenCTI users. For configuration details and onboarding guidance, visit https://www.team-cymru.com/opencti

Leave a comment »

The CCTS Annual Report Is Out…. And Rogers Leads The Way In A Bad Way…. Again….

Posted in Commentary with tags on January 14, 2026 by itnerd

The Commission for Complaints for Telecom-Television Services or CCTS has released its annual report which you can read here. But if you don’t have time to read the report, here’s the highlights.

  • The commission accepted  23,647 complaints. This covers all telco services such as phone, wireless, TV, Internet.
  • Rogers leads the way in a bad way with 6485 of those complaints being attributed to them. Another fun fact is that this is also a 16.6 per cent increase of last year.
  • Telus received 4904 complaints this year. That’s a 78 per cent increase from last year.
  • Bell had complaints 3966, which is a slight drop from last year at 0.2 per cent.
  • Freedom Mobile had 940 complaints which accounts for a 6.2 per cent increase from last year.

That kind of implies that Canadians as a whole are not happy with Canadian telcos. But Rogers and TELUS really need to step up their game as TELUS had a substantial increase in complaints year over year. Rogers had a significant increase as well. That doesn’t mean Bell can rest on the fact that they had a slight decrease. Clearly they have work to do. And Freedom isn’t exactly home free either as their complaints increased as well.

Hopefully Canadian telcos pay attention to this and up their respective games when it comes to customer service so that their customers are much happier than they are right now.

Leave a comment »

SafeBreach releases 2026 State of the Breach Report 

Posted in Commentary with tags on January 14, 2026 by itnerd

SafeBreach has released its 2026 State of the Breach Report, analyzing results from millions of real-world attack simulations conducted by large, global enterprises over a 12-month period using the SafeBreach Exposure Validation Platform.

The report provides never-before-seen insights about how enterprises fared against 2025’s high-profile threats by examining how security controls actually performed under real attack conditions, moving beyond traditional metrics such as alerts generated, patches applied, or tools deployed. Drawing on more than 1.8 million high-fidelity simulations executed throughout 2025, the data shows where modern enterprise defenses are performing well, where threats continue to evade controls, and how outcomes differ across industries, threat actors, and MITRE ATT&CK techniques.

Key findings show that attacks like ransomware were consistently prevented, while stealthy, identity-driven campaigns continue to evade enterprise defenses. The data highlights persistent gaps in credential abuse, post-compromise activity, and lateral movement, with more than 60% of organizations exposing harvestable credentials during testing. The report also finds that industries with integrated, centralized security stacks demonstrate stronger resilience, while fragmented IT/OT and endpoint-heavy environments fail regardless of budget or tool count.

You can read the report here: https://www.safebreach.com/white-papers/safebreach-2026-state-of-the-breach-report/

Leave a comment »

Guest Post: ChatGPT Health Promises Safety and Clarity – But at What Price to Your Privacy?

Posted in Commentary with tags on January 14, 2026 by itnerd

By Stefanie Schappert

AI health assistants are here to stay, and they may provide real value in helping people interpret complicated medical information, but consumers should understand exactly what that means before inviting those tools into their most sensitive digital lives. What are the data risks consumers need to know before plunging headfirst into this new era of healthcare?

ChatGPT Health: Insight vs Exposure in AI-Driven Healthcare

Health data is already among the most sensitive personal information people have, and with the introduction of ChatGPT Health last week, users will undoubtedly be pouring their medical data into the AI chatbot with the same verve they have since ChatGPT was first launched in November 2022. 

But should they? 

The amount of sensitive information users freely and regularly post into ChatGPT (and other popular AI chatbots) is astounding.  

A study last January found that nearly one in ten workers regularly exposed their own companies’ sensitive data when using AI. 

And when thousands of ChatGPT conversations were leaked via search engines last August, the conclusion was that people pretty much share everything with AI, literally. 

So when OpenAI introduced its ChatGPT Health to the public, tech and health experts began sounding the warning bells about privacy and security issues, as well as the limits of AI’s accuracy.  

This makes it crucial to understand where information is going and how it’s being used, especially when the data in question includes deeply sensitive details such as medical history or chronic conditions.

“Designed to Support, Not Replace, Medical Care”

OpenAI touts ChatGPT Health as a “dedicated experience” intended to help people understand lab results, prepare for doctor visits, track fitness and wellness trends, or compare insurance options, marking a significant shift in how consumers interact with AI. 

“Health is already one of the most common ways people use ChatGPT,” OpenAI said in the announcement, noting that 230 million people worldwide ask the bot health and wellness questions every week.

Users can now upload and connect Health not only to medical records, but also to wellness apps – such as Apple Health, Function, and MyFitnessPal – creating a complete individual health profile, the likes of which we have never seen before. 

Traditionally, health data has been scattered across many devices and platforms – a hospital portal here, a fitness tracker there, a PDF of bloodwork in your inbox. 

But now, health data will be woven together into new AI-generated interpretations and summaries, all stored within a single system.

Not just storing medical records, Health will aggregate and interpret them, creating narratives, patterns, and insights – a fundamental departure from how most people think about their medical data. 

This matters because the value of health data isn’t just in its raw form; it’s what can be inferred and contextualized from it. 

Derived insights, health trends over time, connections between symptoms and test results, and personalized explanations can prove more revealing than the “data points” themselves. 

People may also consent to sharing individual data points, for example, a symptom or lab result,  without understanding the new meaning that emerges once those data points are combined.

AI algorithms developed from aggregated data have already proven that, in the wrong hands,  could easily lead to AI biases, workplace, or societal discrimination, impacting such variables as individual treatment plans or health insurance premiums, among many others. 

Understanding the Privacy Tradeoffs

On the technical side, OpenAI says ChatGPT Health builds on its existing security architecture with additional, layered protections, including purpose-built encryption and isolation to keep health conversations protected and compartmentalized.

Users can also enable multi-factor authentication, review or delete Health memories, and revoke access to connected apps at any time, according to OpenAI.

With layered, end-to-end encryption, health conversations are isolated and not used to train models, the company further states.

Still, privacy critics have pointed out that when users upload medical records into an AI service – even one with promises of encryption and compartmentalization – they may effectively remove traditional privacy protections that would otherwise apply in regulated healthcare settings.

One expert recently told The Record that giving an AI access to electronic medical records can strip those records of the legal safeguards they enjoy under rules like HIPAA, which lays out how Protected Health Information (PHI) is processed, stored, transmitted, and secured.

“ChatGPT is only bound by its own disclosures and promises, so without any meaningful limitation on that, like regulation or a law, ChatGPT can change the terms of its service at any time,” explained Sara Geoghegan, senior counsel at the Electronic Privacy Information Center.

Because health data remains among the most valuable targets for hackers, any system that aggregates medical records, wellness data, and AI-generated health insights – especially on a single platform – can significantly increase the amount of data exposed in the event of a breach.

From a cybersecurity perspective, aggregation also concentrates value, making AI health platforms especially attractive targets for attackers seeking high-impact data rather than isolated records.

The tradeoff – insight versus exposure – is destined to be the burning question we face moving forward.

One thing is certain: weighing insight vs. exposure is no longer theoretical – it is now the defining moment of AI-driven healthcare.

ABOUT THE AUTHOR

Stefanie Schappert, a senior journalist at Cybernews, is an accomplished writer with an M.S. in cybersecurity, immersed in the security world since 2019.  She has a decade-plus experience in America’s #1 news market working for Fox News, Gannett, Blaze Media, Verizon Fios1, and NY1 News.  With a strong focus on national security, data breaches, trending threats, hacker groups, global issues, and women in tech, she is also a commentator for live panels, podcasts, radio, and TV. Earned the ISC2 Certified in Cybersecurity (CC) certification as part of the initial CC pilot program, participated in numerous Capture-the-Flag (CTF) competitions, and took 3rd place in Temple University’s International Social Engineering Pen Testing Competition, sponsored by Google.  Member of Women’s Society of Cyberjutsu (WSC), Upsilon Pi Epsilon (UPE) International Honor Society for Computing and Information Disciplines. 

Leave a comment »

SIOS Technology VP of Customer Experience Cassius Rhue Shares 2026 IT Predictions

Posted in Commentary with tags on January 14, 2026 by itnerd

 SIOS Technology Corp. today announced its 2026 technology predictions from Cassius Rhue, Vice President of Customer Experience. Rhue forecasts that high availability will expand far beyond uptime, becoming a core enabler of cybersecurity resilience, hybrid cloud operations, AI reliability, and simplified IT management.

“By 2026, IT admins will require clustering tools for high availability and disaster recovery that provide far greater visibility and control across increasingly complex environments,” said Rhue. “Hybrid cloud, cybersecurity pressures, and AI-driven workloads are fundamentally reshaping what organizations expect from HA and DR platforms.”

Key 2026 Predictions Include:

  • Hybrid and Multicloud Strategies Gain Momentum – Hybrid and Multicloud solutions have become a more proven option to help organizations balance performance, cost, and resilience while avoiding vendor lock-in.  More enterprises will continue to consider and adopt hybrid and multicloud architectures in 2026. As a result, HA solutions that can seamlessly operate across diverse infrastructures will become indispensable to modern IT strategies.
  • Cybersecurity Will Redefine the Role of High Availability – The rising wave of cybersecurity threats is transforming how enterprises view HA clustering. In 2026, HA will not only be about achieving 99.99% uptime—it will also serve as a vital tool for maintaining security resilience. More organizations will use HA clusters to enable rapid, low-risk patching and updates, ensuring systems remain both highly available and protected against emerging threats.
  • High Availability Focuses on Ease of Use to Meet Growing IT Admin Needs – As IT administrators and generalists are given increasing responsibility for managing complex high availability (HA) application environments, the demand for intuitive, automated HA solutions will surge. In 2026, IT teams will favor platforms that do not require specialized HA skills, minimize manual configuration and simplify cluster management. Vendors that prioritize ease of use, automation, and guided workflows will stand out as the market evolves toward accessibility for non-specialist admins.
  • DevOps teams will increasingly integrate high availability clustering into application planning to reduce deployment risk – Clustering tools with robust APIs, automation hooks, and real-time observability will allow rapid updates without interrupting production services. DevOps engineers will use clusters to test patches against active workloads, reducing the risk and degree of change. HA becomes a built-in feature of the delivery process—not an afterthought.
  • Continuous Availability: The New Foundation for Trusted AI – AI and ML workloads will run more frequently on distributed clusters and GPU-intensive systems, where downtime creates costly disruptions. In 2026, IT admins will demand high availability solutions that simplify complex AI stacks and expose full visibility into data, storage, and node health. Continuous availability becomes a prerequisite for AI reliability and trust.
  • Observability Becomes Essential for Complex IT Environments – As IT infrastructures expand across on-premises, cloud, hybrid, and multi-cloud environments, visibility into application performance and health and interdependencies of the elements of the IT stack will become mission-critical. In 2026, observability will emerge as a key differentiator for HA solutions, allowing IT teams to identify and resolve issues before they impact uptime. The most successful HA platforms will provide deep insights across the full stack—from hardware to application layer.
  • Consolidation of Virtual Application Environments Drives Up Complexity and Need for Easy-to-Manage HA – As enterprises consolidate onto virtualized platforms, IT admins will manage more mission-critical workloads per host. HA clustering will provide automated and intelligent failover across hypervisors without requiring deep virtualization expertise. Growing cybersecurity pressures will drive adoption of cluster-based patch automation to protect large pools of VMs simultaneously. Virtualized environments won’t just run clusters—they will depend on them.
  • Growing need for Automated Disaster Recovery – By 2026, high availability and disaster recovery IT admins will expect clustering tools to support disaster recovery locations with automate failover, verify replication integrity, and give full visibility into the entire application stack—including networking, storage, and cloud resources. Frequent cyber incidents will force DR teams to apply patches and recover systems rapidly, with clusters minimizing downtime during failover. Disaster recovery becomes proactive, not reactive.

Leave a comment »

RunSafe Security Appoints Bob Lyle as Chief Revenue Officer

Posted in Commentary with tags on January 14, 2026 by itnerd

RunSafe Security today announced the appointment of Bob Lyle as Chief Revenue Officer (CRO). Lyle brings more than 30 years of experience in cybersecurity, software, and high-technology markets and will lead RunSafe’s global revenue growth as the company scales adoption of its embedded software security platform, including patented runtime protection and build-time SBOM generation.

In his role, Lyle will oversee RunSafe’s sales execution, go-to-market strategy, customer expansion, and strategic partnerships, supporting continued growth across enterprise, government, and critical infrastructure markets. His appointment comes as RunSafe experiences growing demand from government, enterprise, and critical infrastructure customers facing software supply chain risks.

Lyle joins RunSafe from Medcrypt, where he served as Chief Revenue Officer. Previously, he served as CRO of MergeBase, which was acquired by Finite State, and Cybeats, where he helped grow the company from its first customers to an initial public offering on the Canadian Securities Exchange (CSE: CYBT). Earlier in his career, Lyle co-founded and served as CEO of Valona Labs, a mobile device security startup acquired by HMD Global in 2020.

In addition to his startup leadership, Lyle has held executive roles at Qualcomm, Samsung, Motorola, and Absolute, spanning both venture-backed and public technology companies. Lyle also serves as Chair of the GSMA’s Device Security Group (DSG), and has acted as Deputy Chair or Chair continuously since 2019.

Leave a comment »

GrowthPal secures $2.6M to boost AI-driven M&A

Posted in Commentary with tags on January 14, 2026 by itnerd

For most companies, inorganic growth depends on timing, context, and access. Yet M&A deal origination from mid-market and early stage companies, has changed little in decades, still driven by banker networks, static databases, and fragmented research workflows. Buyers often see only what is already on the market, while high-quality, off-market opportunities remain hidden. GrowthPal, co-founded by Maneesh Bhandari, Shalu Mitruka and Amaresh Shirsat, was built to change this dynamic. Today, the company announced a $2.6 million funding round to accelerate its AI-powered M&A copilot for deal sourcing and execution.

The round was led by Ideaspring Capital with participation from prominent angel investors globally. The new capital will support product development and expand GrowthPal’s presence across the US and international markets as demand grows for faster, more programmatic approaches to inorganic growth.

The announcement comes as M&A teams face increasing pressure to do more with less. Corporate development teams are leaner, timelines are compressed, and competition for quality assets is intensifying. While platforms like PitchBook, D&B, Datasite, and Tracxn have made company data more accessible, they largely stop at aggregation. GrowthPal addresses a different need by applying AI-driven reasoning to help teams identify which companies actually matter, based on strategic intent, sector context, and readiness to transact.

GrowthPal’s platform acts as an intelligent M&A copilot. When a buyer defines a growth objective – like acquiring a specific capability or entering a new geography – the system translates that goal into a structured acquisition thesis. Its AI agents then scan an enriched database of more than four million technology companies using signals from public filings, web activity, hiring trends, funding history, and other indicators. The result is a short list of precision-fit, often off-market targets that align closely with the buyer’s mandate, rather than broad lists of loosely relevant companies.

The company was founded to address a structural gap in the market. While more than a million meaningful startups exist globally, fewer than one percent scale successfully, often due to lack of timely exits or strategic partnerships. At the same time, many acquirers struggle to find the right targets efficiently, particularly for transactions under $70 million that fall below the focus of traditional investment banks. GrowthPal was created to connect these two sides by making deal sourcing proactive, discreet, and data-driven.

GrowthPal has already supported more than 42 completed M&A transactions and facilitated over 210 LOI-stage conversations across North America, Europe, Asia, and Latin America. Clients include large and mid-market enterprises, fast-growing startups, private equity-backed firms, and corporate development teams across sectors such as IT services, SaaS, fintech, and vertical software. In one case, a single client closed seven acquisitions within 18 months using the platform.

The broader M&A landscape is increasingly shaped by data abundance and decision scarcity. Teams have more information than ever, yet struggle to turn it into conviction. As acquisitions become a core growth lever for companies of all sizes, the ability to reason across signals, context, and intent is becoming a competitive advantage.

Looking ahead, GrowthPal plans to extend its intelligence deeper into the transaction lifecycle, supporting valuation reasoning, deal structuring, and preparation for negotiations. The company’s long-term vision is to become the system of intelligence that helps teams make better M&A decisions earlier, with greater confidence and clarity, starting from discovery and extending through execution.

Leave a comment »

Guest Post: 115 CVEs Mark One of the Biggest January Patch Tuesdays Yet

Posted in Commentary with tags on January 13, 2026 by itnerd

By Tyler Reguly, Associate Director, Security R&D, Fortra

CISOs this month should be paying a lot of attention to CVE-2026-21265 and the guidance associated with it. More specifically, they should be looking at the Windows Secure Boot certificate expiration and CA Updates that Microsoft published June 26, 2025. When the Secure Boot certificates expire in June of this year, organizations that haven’t prepared will not only find Secure Boot no longer operational, but they may also find that Windows boot manager and Secure Boot vulnerabilities have become an issue. It is important to note that the document is not a single page, but contains a multitude of links – including an entire deployment playbook for IT professionals. With less than half a year to prepare, it is time to ensure that environments and teams are prepared for this update.

One of the more interesting updates this month is the Windows Agere Soft Modem Driver elevation of privilege (CVE-2023-31096). It is not often that you see a CVE from 3 years ago show up, but Microsoft is finally cleaning up a problem that has been around for a while. This driver ships with Microsoft Windows, but according to a post about this vulnerability, the driver has been EOL since 2016. The solution to this vulnerability is simply to remove the impacted drivers, agrsm64.sys and agrsm.sys, from systems.

If you’re a fan of statistics, here’s one for you. Microsoft moved away from the security bulletin system in February of 2017 and ushered in the new era of security guidance. Last year, January 2025, saw the largest January Patch Tuesday under this new system with 162 CVEs. This year, we see the third largest January Patch Tuesday with 115 CVEs. For those wondering, 2022 had the second largest January Patch Tuesday with 127 CVEs. This is also only the third time that we’ve seen more than 100 CVEs under the security guidance system. We’re sitting above the average 89 CVEs that we’ve seen over the 9 January Patch Tuesdays that we’ve had under the new system.

Leave a comment »

« Older Entries
Newer Entries »