Monday , July 13 2026

5 most dangerous new attack techniques

Cyber experts from the SANS Institute have revealed the five most dangerous new attack techniques being used by attackers including cyber criminals and nation-state actors. They were presented in a session at the RSA Conference in San Francisco, where a panel of SANS analysts explored emerging Tactics, Techniques, and Procedures (TTPs) and advised organizations on how to prepare for them.

The SANS Institute is a leading cybersecurity training, certifications, degrees, and resources company that aims to empower cybersecurity professionals with practical skills and knowledge.

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh. In an advisory CIRT said, the campaign has been observed globally,...
Read More
CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

The session, titled The Five Most Dangerous New Attack Techniques, featured four prominent SANS panelists to provide actionable insights to help security leaders understand and stay ahead of evolving threats. The five emerging cyber-attack vectors the speakers covered were adversarial AI, ChatGPT-powered social engineering, third-party developer, SEO, and paid advertising attacks.

Adversarial AI attacks

With adversarial AI attacks, threat actors are manipulating AI tools to amplify the velocity of ransomware campaigns and identify zero-day vulnerabilities within complex software, said Stephen Sims, SANS fellow and offensive cyber operations curriculum lead. From streamlining malware coding processes to democratizing social engineering, adversarial AI has changed the game for attackers, he added. In response, organizations need to deploy an integrated defense-in-depth security model that provides layered protections, automates critical detection and response actions, and facilitates effective incident-handling processes.

ChatGPT-powered social engineering

As for ChatGPT-powered social engineering, threat actors are leveraging generative AI to exploit human risk – targeting the vulnerabilities of individual employees to breach their wide organization’s network, including their families, according to Heather Mahalik, SANS fellow.

This development means that users are now more easily attackable than ever, and all it takes is one wrong click on a malicious file to put not only an entire company at immediate risk, but the victim’s livelihood as well, Mahalik said. This widened attack surface requires organizations to foster a culture of cyber vigilance across every fabric of their enterprise to ensure employees are cognizant of ChatGPT-related attacks.

Third-party developer attacks

The next most dangerous attack technique explored was third-party developer attacks (also known as software supply chain attacks) chiefly a rise of targeted attacks on third-party software developers to infiltrate enterprise networks through the supply chain, said Dr. Johannes Ullrich, SANS Technology Institute college dean of research. This played out significantly in the 2022 LastPass breach, where a threat actor exploited third-party software vulnerabilities to bypass existing controls and access privileged environments. For organizations across sectors, the attack underscored the criticality of effectively working in tandem with software developers to align security architectures, share threat intelligence, and navigate evolving attack techniques, Ullrich said.

SEO attacks and paid advertising attacks

SEO attacks are another dangerous, emerging attack method, as are paid advertising attacks, said Katie Nickels, SANS certified instructor. New SEO and advertising attacks (also called malvertising) are leveraging fundamental marketing strategies to gain initial access to enterprise networks, according to Nickels. In these instances, threat actors are exploiting SEO keywords and paid advertisements to trick victims into engaging spoofed websites, downloading malicious files, and allowing remote user access.

These attacks signify proactiveness on behalf of malicious attackers, who are increasingly pivoting away from traditional attack techniques that have become easier to defend against, Nickels said. These two attack vectors heighten the importance of incorporating scalable user awareness training programs tailored to new threats.

Attackers thrive on diversification of their techniques

The attacks outlined have become all the more prevalent, sophisticated, and harder to detect, John Davis, director UK and Ireland, SANS Institute, EMEA, tells CSO. “All are part of a larger trend in which the efforts and attack techniques used by hackers are increasingly complex and targeted.”

The sheer scale of cybercrime today, and the boldness of attackers, is hard for many business leaders to fathom – 450,000 new pieces of malware are detected each day, and 3.4 billion phishing emails hit inboxes – he adds. “No wonder so many businesses are struggling to keep the doors and windows firmly closed amid a raging storm. These audacious new threats teach us that hackers thrive on diversification of their techniques. No wonder we’re seeing established ransomware groups make layoffs, while Ransomware-as-a-Service (RaaS) gathers momentum.”

The good news is that even the smallest and youngest of businesses can defend against these attacks, Davis says. “Awareness, vigilance, and education are vital weapons and our most critical line of defense. Ultimately, if we’re to shore up the best defenses in an “always on” hacker world, it’s vital we stay ahead of the curve and keep shape shifting the approach, whatever the threat.”

Check Also

CLI

Azure CLI Password Spray Impacts 78 Microsoft Accounts in 81M+ Attempts

Cybersecurity researchers have warned of a “massive, ongoing, automated password spray attack” aimed at Microsoft’s …