Dataproof Communications

The holiday shopping season is the busiest time of year for online retailers, and increasingly the most dangerous. As traffic surges and customers rush to place orders, cybercriminals use the distraction and volume to blend in. Account Takeover (ATO) attacks spike sharply in November and December, targeting shoppers’ saved payment details, loyalty points, wish-lists, and personal data. Most retailers focus...

By: Jacob Malimban, Intelligence TeamQ3 and Q4 of each year tend to see the most Human Resources (HR) task-related phishing threats, but the specific theme used by threat actors changes based on current events. This has led to the explosion of termination as a phishing lure, particularly during Q3 2025. By exploiting fear, threat actors can lower an employee’s...

The Maturity Gap: The Next Frontier in Threat Intelligence Introduction In Recorded Future’s 2025 State of Threat Intelligence report, 49% of enterprises describe their threat intelligence maturity as advanced — a figure that might surprise anyone who sees how complex this work remains...

The author, Julian-Ferdinand Vögele, thanks Amnesty International's Security Lab for its ongoing reporting on the Intellexa and Predator spyware ecosystem. Today, Security Lab published a related report on Intellexa, which can be found here. Executive Summary Insikt Group identified several individuals and entities linked to Intellexa and its broader network of associated companies. These...

A suspected Iran-linked espionage group tracked as UNC1549 is actively targeting aerospace, defense, and telecommunications organizations across Europe and other regions. The threat actor employs a combination of highly tailored spear-phishing, credential theft from third-party services, and the abuse of virtual desktop infrastructure such as Citrix, VMware, and Azure VDI to gain initial access and move laterally within target...

Key Takeaways CopyCop is scaling AI-driven influence operations globally. The Russian influence network known as CopyCop has created more than 300 fake media websites spanning North America, Europe, and beyond. The operation primarily uses AI-generated content to erode public trust and support for Ukraine. AI has become the new engine of manipulation. The network...

Let’s Encrypt will be reducing the validity period of the certificates we issue. We currently issue certificates valid for 90 days, which will be cut in half to 45 days by 2028. This change is being made along with the rest of the industry, as required by the CA/Browser Forum Baseline Requirements, which set the technical requirements that we must...

At the end of October 2025, Oracle released an emergency security alert addressing CVE-2025-61757, a high-severity authentication-bypass flaw that enables remote code execution in the Identity Manager product of Oracle Fusion Middleware (versions 12.2.1.4.0 and 14.1.2.1.0). Multiple threat actors are already exploiting the vulnerability in the wild, and it was added to CISA’s Known Exploited Vulnerabilities catalog on November 21, 2025.  Oracle Identity Manager is widely deployed across...

In November 2025, data breached from the Zilvia.net Nissan 240SX Silvia and Z Fairlady car forum was leaked. The breach exposed 288k unique email addresses along with usernames, IP addresses and salted MD5 password hashes sourced from the vBulletin based platform. Attempts to contact Zilvia.net about the incident were unsuccessful. - Read more

Key Takeaways Most “AI malware” observed so far falls into the AI malware Maturity Model (AIM3) Levels 1-3 (Experimenting through Optimizing), rather than fully automated campaigns. AI is currently a force multiplier on existing attacker tradecraft, not a source of fundamentally new TTPs. Many “first-ever AI malware” announcements are narrow research demos or PoCs...