Back when nation-state threat actors were primarily targeting large government agencies, government contractors, and large companies, security through obscurity was a legitimate strategy. In years past, betting that attackers wouldn’t bother with smaller targets was a feasible way of operating.
It’s feasible no longer. Hackers are better equipped than ever before, thanks in part to artificial intelligence (AI)-enabled tools and ransomware kits made accessible to virtually anyone via the dark web. This has contributed to increasingly sophisticated attacks against agencies and companies of all sizes—not just the largest ones. Now, observes Jason Rolleston, general manager of Broadcom’s Enterprise Security Group, “They’re going after everybody.”
Read more…
Source: Symantec
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Principles for the Secure Integration of Artificial Intelligence in Operational Technology
December 3, 2025
Since the public release of ChatGPT in November 2022, artificial intelligence (AI) has been integrated into many facets of human society. For critical infrastructure owners and operators, AI can potentially be used to increase efficiency and productivity, enhance decision-making, save costs, and improve customer experience. Despite the many benefits, integrating AI into operational technology (OT) environments ...
- Google patches 107 Android flaws, including two being actively exploited
December 2, 2025
Google has patched 107 vulnerabilities in Android in its December 2025 Android Security Bulletin, including two high-severity flaws that are being actively exploited. The December updates are available for Android 13, 14, 15, and 16. Android vendors are notified of all issues at least a month before publication, but that doesn’t always mean the patches ...
- NHS Highland staff ‘poor practice’ sparks fears of heightened risk of a major cyber attack
December 1, 2025
NHS Highland is at heightened risk of falling prey to a major cyber attack in part due to “poor practice” by some staff members. The warning, contained in a report to the board assessing risk levels faced in a range of areas against what is deemed an acceptable level of risk, comes as the busy ...
- The Dual-Use Dilemma of AI: Malicious LLMs
November 25, 2025
A fundamental challenge with large language models (LLMs) in a security context is that their greatest strengths as defensive tools are precisely what enable their offensive power. This issue is known as the dual-use dilemma, a concept typically applied to technologies like nuclear physics or biotechnology, but now also central to AI. Any tool powerful enough ...
- CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse
November 24, 2025
CISA has ordered US federal agencies to patch against an actively exploited Oracle Identity Manager (OIM) flaw within three weeks – a scramble made more urgent by evidence that attackers may have been abusing the bug months before a fix was released. The flaw, tracked as CVE-2025-61757 and now sitting in CISA’s Known Exploited Vulnerabilities catalog, ...
- Understanding the future of offensive AI in cybersecurity
November 19, 2025
As we step into an era where artificial intelligence (AI) plays an increasingly significant role in cybersecurity, discussions surrounding its offensive capabilities are becoming more prominent. A recent report by Anthropic—a leading AI research lab—has sparked the latest conversation on this topic, with questions raised about their claim that an AI-assisted attack they observed was ...