December 2025
Key cyber trends straight from the desk of Cyber Intelligence
- Cloudflare outage highlights supply chain concentration risks – weeks after a major AWS outage, a significant portion of the internet became unavailable after a change to Cloudflare’s Bot Management System triggered a cascade of failures.
- So what? Nation-state threat actors with intent to sabotage critical systems almost certainly watch major outages closely, and learn from their impact and how we respond. Organisations should use outages as a scenario to test resilience and business continuity plans.
- Cyber extortion actors ‘processify’ operations amid declining payment rates – ransom payment rates have sharply declined over the last few years, and average payment sizes are smaller.
- So what? As large organisations enhance their resilience and choose not to pay, extortion groups are targeting small-to-medium businesses. They are also developing standardised, repeatable workflows for conducting more efficient compromises.
- AI for offensive operations proving increasingly capable – last month, several reports found that threat actors are abusing AI and LLMs in increasingly sophisticated ways, with the intent of increasing the speed and scale of malicious activity.
- So what? Organisations looking to enable AI “defender” agents as a response to AI-powered cyber attacks should be wary of the risks associated with insecure AI deployment, from prompt injection attacks to data spills.
Looking for more insights?
Our intelligence reporting services deliver timely, curated intelligence for your organisation.
The latest from CyberCX
Navigating AI adoption without losing sight of security
AI is moving beyond the hype, with growing investment from organisations of all sizes. However, rapid adoption risks data exposure and regulatory missteps. Learn how organisations can adopt AI with a deliberate, context-aware approach that aligns use cases with evolving regulations and addresses the security challenges unique to these technologies.
A champion for good
At CyberCX, we are deeply committed to using our skills, knowledge and platform to improve the lives of our customers, citizens and communities. We proudly partner with three leading not-for-profit organisations to enhance their cyber resilience and support their missions.
Cyber criminals don’t take holidays
The holiday period is often a prime target for opportunistic threat actors seeking to infiltrate systems and compromise sensitive data – and defenders cannot let their guards down. Learn what your organisation can do to get ahead of cyber incidents and strengthen your defences and resilience for the year ahead.
Combating 5 tips to stay cyber safe on your break
Scammers often take advantage of generosity during the holidays, using fake gift requests or vouchers to trick people. Remind your team to pause before purchasing or sending any form of online gift to help build a culture of cyber resilience across the workplace. Download the Holiday Scams Toolkit, developed in collaboration with Phriendly Phishing.
Side booting with Microsoft Intune
CyberCX Principal Security Consultant Matt Stiles says the endpoint security posture of many organisations relies on users not having privileged access to their own device, access that is highly valuable to an adversary. Find out more in the blog.
Subscribe to Cyber Readout