Government Agencies Falling Victim to Ransomware Daily, Warns Study
Government organizations are targeted by attackers who know agencies cannot afford disruption to public services
Studies provide evidence on cyber threats, vulnerabilities, defensive controls, and user behavior, helping assess security risks and protections.
Search across headline titles and summaries.
Background for this topic.
Study in this tag covers systematic research, measurement, evaluation, or analysis of information-security technologies, threats, and practices. It may include experiments on attack techniques, assessments of defensive controls, surveys of security behavior, analysis of incidents, or research into vulnerabilities and privacy risks. The relevant question is usually what evidence the work provides, how broadly its findings apply, and whether its methods support reproducible conclusions.
For practitioners, studies can reveal exploitable conditions, estimate how often a weakness occurs, or test whether a control detects and contains attacks under realistic conditions. Interpret results cautiously when samples are small, environments are artificial, or a claimed vulnerability has not been independently validated. Research involving telemetry, users, or personal data also raises privacy and ethical requirements. Useful findings should translate into specific actions, such as prioritizing vulnerability remediation, changing configurations, improving detection logic, or revising secure-development and risk-assessment practices.
Weekly headline count for the current query.
Government organizations are targeted by attackers who know agencies cannot afford disruption to public services
Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them
Researchers ran 281 of the most popular free VPN apps on the Google Play Store through a new testing system and found that many fail at the basics people install a VPN for, i.e., keeping their traffic private and secure
An AI coding assistant that refuses to answer a dangerous request in its chat box can answer it anyway if the same request is broken into small, ordinary-looking steps inside a code editor. That is the finding of a new study of GitHub Copilot by researchers Abhishek Kumar and Carsten Maple
Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from researchers at the Hong Kong University of Science and Technology
A U.S. government agency paid $1M to Kairos, a group focused on data theft and extortion rather than ransomware, Ransom-ISAC reports. A new case study from Ransom-ISAC reconstructs a complete data-extortion incident involving a U.S. government body and a threat actor called Kairos, using a leaked negotiation transcript and blockchain tracing of the ransom payment. […]
A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left
Researchers tested 444 AI chatbot apps for iPhone and found that 282 of them, nearly two-thirds, exposed paid AI access through their network traffic
Cobalt study finds 20-percentage-point drop in number of organizations relying solely on AI automation for testing
New ReliaQuest study reveals the six ways AI is practically being used in attacks today
SANS Institute study finds few SOCs have built AI into defined workflows, despite widespread adoption
ISSA study finds most security professionals feel challenged by colleagues’ involvement in cyber
A study by the University of Toronto shows how artificial intelligence can power autonomous worms capable of tailoring attacks against Windows, Linux and IoT devices. A group of researchers from the University of Toronto has demonstrated how open-source artificial intelligence models can be used to create a new category of computer worms capable of autonomously […]
A new Silobreaker and SANS Institute paper examines the ‘Intelligence-Stakeholder Gap’ and what organizations must do to achieve business buy-in on threat intelligence
Study: Monitoring Vendor Risk Remains Much Harder Than Onboarding Third PartiesHealthcare organizations are getting better vetting third-party vendors, including suppliers of medical devices, software and other products. But once these vendors are on board, healthcare firms still struggle with monitoring their security posture and ensuring they keep their promises.
ISC2 survey of cybersecurity professionals suggests that staff want their information security leaders to have experienced reacting to a significant cyber incident
A 5-year study on the Ransomware Economy found that 30,515 exposed databases were hit by ransom attacks, causing massive damage despite victims never paying. Database extortion doesn’t look like the ransomware stories that usually grab headlines. There’s no slick branding, no leak-site countdown, no gang posting memes on Telegram. In most cases, there’s just a […]
Semperis study finds 74% of organizations believe AI will increase attacks on identity infrastructure
Study Finds Standard Safety Tests Miss Most Agentic AI ThreatsResearchers from Stanford, MIT, Carnegie Mellon and others found that most production AI agents are vulnerable to attacks that unfold across multi-step actions. The study warns that memory, tool access and agent coordination create failure modes traditional chatbot safety testing cannot see.
Tightening Budgets and AI-Enabled Attacks Stretch State Cyber DefensesState CISO confidence has collapsed, with just 22% saying their data is protected from cyberthreats. The 2026 NASCIO-Deloitte study points to AI-enabled attacks, third-party vendor risk and the worst budget picture in years as states rethink how they defend public data.