Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Data poisoning is a type of attack targeting machine learning systems. It involves introducing false or misleading data into a training dataset. This can lead to flawed or malicious outputs from the model. Imagine a machine learning system trained to distinguish between cats and dogs. If poisoned data featuring mislabeled images is fed into it, the system could start making mistakes. It might misidentify a cat as a dog or vice versa.

In December 2024, a routine software update concealed a global threat. Attackers from the Lazarus Group, based in North Korea, infiltrated trusted development tools, compromising hundreds of victims worldwide. This sophisticated campaign, code-named “Phantom Circuit,” targeted cryptocurrency and technology developers, employing advanced obfuscation techniques through proxy servers in Hasan, Russia.

Account takeover of a third-party service provider may put millions of airline users worldwide at risk.

73% of educational institutions in the UK have sustained at least one cyberattack or breach in the past five years, according to researchers at ESET. Additionally, a fifth of these organizations said they’ve experienced three or more cyberattacks. 43% of the organizations surveyed cited phishing attacks as their top concern.

14 years in prison and a $200,000 fine. That’s what it cost a Michigan chemist caught stealing trade secrets from Coca-Cola and Eastman Chemical Company. And no, she wasn’t an outsider—she was a trusted Principal Engineer with legitimate access to these technologies worth $120 million in development costs . Every year, companies fall victim and lose billions to corporate espionage attacks, with many attacks going undetected for months or even years.

A new survey by cybersecurity vendor Netwrix found that 84% of healthcare organizations spotted a cyberattack in the past twelve months, with phishing attacks accounting for 63% of these incidents. “Phishing was the most common type of incident experienced on premises, similar to other industries,” Netwrix says. “Account compromise topped the list for cloud attacks: 74% of healthcare organizations that spotted a cyberattack reported user or admin account compromise.”

A strong reputation is vital for business success, influencing customer loyalty and spending decisions. When a brand’s reputation is damaged, customers often turn to competitors, which can reduce key metrics like lifetime customer value. Trust is central to a brand’s reputation. Customers expect their personal data to be secure, pricing to be fair, and services to be reliable. However, bot attacks undermine this trust.

It was in January 2025 when a disaster leakage of data was leaked having more than 15,000 configuration files carrying VPN credentials leaked from FortiGate devices spread on several devices. It depicts acute problems inside organizations using the products by Fortinet about a higher need for an excellent security approach. The Belsen Group, the hacking collective carried out this attack by taking advantage of the zero-day vulnerability known as CVE-2022-40684.

Welcome to the 20th edition of the Cloudflare DDoS Threat Report, marking five years since our first report in 2020. Published quarterly, this report offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the fourth quarter of 2024 and look back at the year as a whole.