Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In our 2025 State of the Underground report, we found that 384 unique varieties of malware were sold across the top three criminal forums in 2024, a 10% increase from 349 in 2023, signifying an expansion in the underground malware marketplace. These figures reflect malware explicitly offered for sale (not shared freely), and each distinct version or naming variation is counted independently.

More than 16 billion passwords, cookies and tokens were recently exposed in one of the largest data breaches in history. The scale of the theft, with data from services including Google, Apple, Facebook, Amazon and Microsoft, makes one conclusion clear: credentials are the first step in compromising critical data.

During a recent Advanced Continual Threat Hunt (ACTH) investigation, the Trustwave SpiderLabs Threat Hunt team identified a deceptive campaign that abused fake AI-themed content to lure users into executing a malicious, pre-configured ScreenConnect installer.

Open-source software repositories have become one of the main entry points for attackers as part of supply chain attacks, with growing waves using typosquatting and masquerading, pretending to be legitimate. The JFrog Security Research team regularly monitors open-source software repositories using advanced automated tools, in order to detect malicious packages.

Shared workstations are essential to productivity in manufacturing, but they can also create blind spots in your organization’s security. Inadequate identity verification, poor security practices, and a lack of accountability make them a prime target for ransomware, phishing, and insider attacks. Security leaders often aren’t sure about where to begin when securing shared workstations.

I still remember the soft whir of the server room fans and that faint smell of ozone when we, a team of cybersecurity analysts, traced a spike in traffic to a “harmless” low-code workflow. A store manager had built a nifty dashboard to pull sales numbers. It looked tidy, almost playful – boxes, arrows, green check marks. Under the hood, it was hitting an internal API without proper authentication.

CrowdStrike has been named a Leader in the IDC MarketScape: Worldwide Incident Response Services 2025 Vendor Assessment. We believe this validation reflects CrowdStrike’s strength in delivering rapid, effective response, powered by the AI-native CrowdStrike Falcon platform, frontline breach expertise, and a global 24/7 incident response model designed for today’s most advanced threats.

Today, I’m excited to announce CrowdStrike’s agreement to acquire Onum, a leader in real-time telemetry pipeline management that will extend the CrowdStrike Falcon platform’s data advantage. Onum delivers the real-time data architecture to transform data in motion into high-fidelity intelligence, fueling CrowdStrike Falcon Next-Gen SIEM and powering the agentic SOC. This is a pivotal step forward in our mission to stop breaches.

On August 26, 2025, Nx, the popular build platform with millions of weekly downloads, was compromised with credential-harvesting malware. Using GitGuardian's monitoring data, we analyzed the exfiltrated credentials and reconstructed a fuller scope of exposure.

The old phrase “we’re only human, after all” is what cyber-adversaries are relying upon to gain access to intellectual property, data, and credentials. Adversaries prey on the humanity in us to read an unsolicited email, act out of a sense of urgency, or succumb to their scare tactics. We are bombarded with social engineering scams daily. Why do some of us fall victim while others see through veiled attempts at getting us to relinquish something of value?