<p>Just 15 years ago, the median dwell time of a cyberattack — the duration an attacker remains within their victim’s system, spanning from the initial signs of compromise to the moment of detection — was 416 days, according to Mandiant. That metric has steadily decreased over the past decade and a half, falling to 11 days in 2024.</p>
<p>Reasons for dwell time decreases are twofold. Enterprise <a href=”https://www.techtarget.com/searchsecurity/tip/Security-log-management-and-logging-best-practices”>security monitoring, logging and alerting capabilities</a> have become stronger and more effective, while certain attacks — such as ransomware, in which malicious actors attempt to extort victims rapidly — are detected much more quickly. Yet these points are countered by overworked or under-skilled security teams and immature incident response plans, as well as by sophisticated advanced persistent threats that use stealth and <a href=”https://www.techtarget.com/searchsecurity/tip/How-to-prevent-living-off-the-land-attacks”>living-off-the-land techniques</a> to evade detection for long periods.</p>
<p>Cybersecurity is a tale as old as time: As enterprise defenses get stronger, adversaries up the ante on attacks. Rinse and repeat.</p>
<p>As this week’s featured news highlights, attackers continue to improve their speed. Organizations must, in turn, step up their game to monitor, detect and eradicate threats faster than ever before.</p>
<section class=”section main-article-chapter” data-menu-title=”AI revolutionizes cyberattack speed and sophistication”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>AI revolutionizes cyberattack speed and sophistication</h2>
<p>AI is transforming the cyberattack landscape, enabling attackers to accelerate <a href=”https://www.techtarget.com/searchsecurity/tip/How-to-prevent-and-detect-lateral-movement-attacks”>lateral movement</a>, data exfiltration and phishing campaigns, according to a ReliaQuest report. In 2025, lateral movement times dropped 29% to an average of 34 minutes, while data exfiltration times fell to just six minutes — a decrease from four hours in 2024.</p>
<p>ReliaQuest researchers pointed to AI-powered tools such as BoaLoader malware, which they said “reflects the first major convergence of AI-assisted development, social engineering and traditional cybercrime.”</p>
<p>Reports from IBM and Resilience had similar findings, highlighting AI’s role in compressing decision cycles and scaling attacks, while a Sophos report cautioned that fully autonomous AI-driven attacks remain a future threat.</p>
<p><a target=”_blank” href=”https://www.cybersecuritydive.com/news/ai-lateral-movement-phishing-malware-research/813203/” rel=”noopener”><i>Read the full article by Eric Gellar on Cybersecurity Dive</i></a><i>.</i></p>
</section>
<section class=”section main-article-chapter” data-menu-title=”PCI SSC highlights global collaboration in payment security”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>PCI SSC highlights global collaboration in payment security</h2>
<p>The PCI Security Standards Council released its first annual report since its founding in 2006, emphasizing global coordination to address increasingly sophisticated payment security threats and noting the rapid pace of attacks — and the need for organizations to accelerate defenses.</p>
<p>The report outlined initiatives in training, compliance and collaboration to secure mobile, data, device, software and card products, as well as types of attacks payment systems face.</p>
<p>The Council’s efforts include expanding global boards and launching new regional initiatives. However, challenges such as fragmentation and the misuse of AI persist. PCI SSC said it aims to streamline processes and enhance global collaboration to mitigate risks and <a href=”https://www.techtarget.com/searchsecurity/tip/Online-payment-security-best-practices-for-enterprises”>advance payment security</a>.</p>
<p><a target=”_blank” href=”https://www.darkreading.com/cyber-risk/pci-council-threats-payments-systems-speeding-up” rel=”noopener”><i>Read the full article by Arielle Waldman on Dark Reading</i></a><i>.</i></p>
</section>
<section class=”section main-article-chapter” data-menu-title=”Rapid weaponization of vulnerabilities challenges defenders”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Rapid weaponization of vulnerabilities challenges defenders</h2>
<p>Less than 1% of software vulnerabilities were exploited in the wild in 2025, but attackers weaponized flaws faster and on a larger scale, accor
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: