International Cyber Expo International Cyber Expo
  • About Us
Saturday, 11 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Surge in zero-day exploits identified in Forescout’s latest threat report

by Guru Writer
August 5, 2025
in Featured
Surge in zero-day exploits identified in Forescout’s latest threat report
Share on FacebookShare on Twitter

Forescout Technologies, Inc. today released its 2025H1 Threat Review, an analysis of more than 23,000 vulnerabilities and 885 threat actors across 159 countries worldwide during the first half of 2025. Among the key findings: ransomware attacks are averaging 20 incidents per day, zero-day exploits increased 46 percent, and attackers increasingly targeting non-traditional equipment, such as edge devices, IP cameras and BSD servers. These footholds are often used for lateral movement across IT, OT, and IoT environments, allowing threat actors to pivot deeper into networks and compromise critical systems.  

“We’re seeing attackers gain initial access through overlooked IoT devices or infostealers, then use lateral movement to pivot across IT, OT, and IoT environments,” said Sai Molige, Senior Manager of Threat Hunting at Forescout Technologies. “Our ValleyRAT hunt, which uncovered the Chinese threat actor Silver Fox targeting healthcare systems, is a prime example. These attackers exploit blind spots to quietly escalate access. The Forescout 4D Platform™ is purpose-built to detect hidden entry points, continuously assess their risk, and disrupt lateral movement before adversaries reach critical systems.” 

“You can’t defend critical infrastructure with yesterday’s tools. Security today must be continuous, proactive, and device-agnostic. Forescout delivers the only platform that secures all devices — IT, OT, IoT and IoMT — across every environment, so organizations can protect what matters most,” added Barry Mainz, CEO of Forescout.  

Forescout Research – Vedere Labs H1 2025 Threat Review Key Findings: 

Exploits shift to older vulnerabilities and unconventional devices, zero days increase 

  • 47% of newly exploited vulnerabilities were originally published before 2025. 
  • Published vulnerabilities rose 15%, with 45% rated high or critical. 
  • Zero-day exploitation increased 46%, and CVEs added to CISA KEV jumped 80%. 
  • Modbus accounted for 57% of OT protocol traffic in Forescout honeypots. 
  • Ransomware actors increasingly targeted non-traditional equipment, such as edge devices, IP cameras and BSD servers, which often lack EDR, making them ideal entry points for undetected lateral movement and underscoring the need for integrated detection solutions. 

Ransomware rises 36% year over year, with 3,649 documented attacks in H1 

  • Attacks grew in frequency to 608 per month, or roughly 20 per day.                                              
  • The U.S. was the top target, accounting for 53% of all incidents. 
  • The top sectors targeted were services, manufacturing, technology, retail and healthcare. 
  • New attack vectors included IP cameras and BSD systems, amplifying lateral movement across enterprise environments. 

Healthcare is under siege, averaging two healthcare breaches per day 

  • In the first half of 2025, the healthcare sector emerged as the most impacted vertical for data breaches. 
  • Nearly 30 million individuals were affected by breaches in H1 2025. 
  • 76% of breaches stemmed from hacking or IT incidents. 
  • 62% of breaches involved data stored on network servers; 24% were on email systems. 
  • Forescout identified trojanized DICOM imaging software delivering malware directly to patient systems. 

 

Lines blur between hacktivists and state-sponsored actors 

  •  Forescout tracked 137 threat actor updates in H1 2025, with 40% attributed to state-sponsored groups and 9% as hacktivists. The remaining 51% were cybercriminals, such as ransomware groups.  
  • Iran-affiliated groups like GhostSec and Arabian Ghosts targeted programmable logic controllers (PLCs) linked to Israeli media and water systems. 
  • CyberAv3ngers amplified unverified claims before major OT attacks in 2023–2024, echoing similar tactics now under a new identity: APT IRAN. 
  • APT IRAN, CyberAv3ngers and other Iranian hacktivist personas form a continuum of Iranian threats to OT/ICS. 

 “Hacktivist operations are no longer just symbolic or isolated. They’re evolving into coordinated campaigns targeting critical infrastructure with real-world consequences,” said Daniel dos Santos, Head of Research at Forescout. “What we’re seeing from Iranian-aligned groups is a shift toward more aggressive, state-influenced disruption tactics masked as activism. As geopolitical tensions escalate, these actors are becoming faster, louder and harder to attribute, and that makes their threat even more urgent for defenders to address.” 

Forescout recommends the following steps to reduce risk and build cyber resiliency 

  • Use agentless discovery to identify and monitor all connected assets—IT, OT, IoT and healthcare systems. 
  • Regularly assess for vulnerabilities, apply patches, disable unused services and enforce strong, unique credentials with MFA. 
  • Segment networks to isolate device types and limit lateral movement in case of compromise. 
  • Encrypt all sensitive data in transit and at rest, especially PII, PHI and financial information. 
  • Deploy threat detection tools that ingest data from EDR, IDS and firewalls while enabling detailed logging of user and system activity. 
ShareTweet
Previous Post

Identity Security: The New Perimeter for Cloud Security Companies Using CNAPP

Next Post

Jen Easterly Joins Huntress Strategic Advisory Board

Recent News

Cyber Shield

UK Government Unveils AI Powered Cyber Shield to Strengthen National Cyber Defense

July 10, 2026
KnowBe4 phishing by industry

Healthcare, Hospitality and Construction Named UK’s Most Phishing-Prone Industries

July 10, 2026
hand typing on keyboard

CitrixBleed 2 exploited in repeatable attack chain culminating in DragonForce ransomware, researchers find

July 9, 2026
malware

Huntress Uncovers ‘Vibe-Coded’ Malware Used to Map Active Directory Environments

July 8, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol