
Brief #122: CrowdStrike npm Attack, SonicWall Cloud Breach, ChatGPT Zero-Click
Ransomware payments dropped to $115K median but hit 44% of all breaches. Cybersecurity pros can't find jobs despite 10+ years experience.
The Mandos Brief
Signals from 8,525 products and 3,279companies, plus the CISO buyer take — ten minutes, every Monday.
Archive

Ransomware payments dropped to $115K median but hit 44% of all breaches. Cybersecurity pros can't find jobs despite 10+ years experience.

AI agents now exploit zero-days in under 10 minutes while energy sector attacks surge 586%. Web3 hackers earn millions as traditional security salaries lag behind.

Colombian malware campaign using SVG files went completely undetected by all antivirus engines. C-suite executives show dangerous overconfidence compared to frontline security teams.

Netskope files IPO with $707M ARR amid cybersecurity M&A surge. Industry training decline leaves newcomers struggling despite credentials and certs.

Initial Access Brokers surge 90% targeting smaller US companies. Machine identities now outnumber humans 80 while most orgs lack AI security controls.

LayerX researchers expose "Man-in-the-Prompt" attacks turning AI assistants into hacking copilots. CISA releases zero trust microsegmentation guidance as Python skills become mandatory for 50%+ of cyber jobs.

RomCom exploits WinRAR zero-day for malware deployment. North Korean UNC4899 steals millions in cryptocurrency through sophisticated cloud attacks.

Auto-Color backdoor exploits SAP NetWeaver via CVE-2025-31324 targeting US chemicals company. Cursor IDE vulnerability enables full RCE through prompt injection attacks.

Scattered Spider resurfaces with $592M in damages across 11 major attacks. Nigerian cybercrime ring targets aviation execs with six-figure BEC losses.
Subscribe to The Mandos Brief: weekly market intelligence backed by 9,000+ tracked products and 3,200+ vendors. Ten minutes, every Monday.