CRD #23

Henry Rõigas

30 Jun 2025 — 8 min read

The Cybersecurity Research Digest cuts through the marketing fluff and bias to bring you relevant and objective insights on cybersecurity stats and trends, all backed by empirical data.

This post features highlights from trustworthy research sources released between May 20 and June 30, 2025, followed by a list of all monitored reports.

TL;DR

SOC struggles persist despite reported efficiency gains from AI, with tool sprawl and data silos still widespread
CVE volumes surged in 2024, with a 61% overall increase and major spikes in Linux and macOS vulns
Living-off-the-land techniques dominate intrusions, with 84% of attacks leveraging built-in admin tools
Corporate-targeted fraud increased by 26%, driven by phishing, account takeover, and deepfake-enabled scams
Hiring managers prioritize general IT knowledge, teamwork and problem-solving over technical cybersecurity skills

SOC challenges persist — is AI making a difference?

Studies reviewed by CRD this year often come with a recurring theme: constant struggles inside most security operations centers (SOCs). The keywords are tool sprawl, alert fatigue, poor data integration, and the resulting human toll — leading to burnout and high staff turnover.

Splunk’s latest survey of over 2,000 security professionals confirms this picture. Nearly half (46%) of respondents say they now spend more time maintaining tools than actually defending against threats. Additionally, data accessibility remains a key issue, with 78% reporting their security tools are dispersed and disconnected, highlighting the longstanding challenge of siloed architectures.

As expected, AI is perceived as the solution. According to the report, 59% already see moderate or significant efficiency gains from using AI. Furthermore, security-specific AI solutions are seen to outperform general-purpose LLMs — 63% of respondents say domain-specific models have significantly or extremely improved their security operations.

While optimism around AI is growing, trust levels still vary. According to the report, 11% of respondents say they fully trust AI in security operations, and 61% express partial trust — notably high figures given the typically risk-averse nature of security teams.

Security team trust in AI for critical security operations (Splunk)

Trust likely depends on how security teams define “AI” — and definitions remain vague. "Truly" agentic AI, where models act and make critical operational decisions autonomously without human oversight, still appears largely aspirational. Furthermore, as the initial hype subsides, it would not be surprising to see reports that AI-based solutions often add complexity rather than clarity in practice, becoming another system to integrate, monitor, and manage.

The underlying problems — overworked teams, fragmented data, and persistent skills shortages — haven't gone away so far. It is also telling that, even as AI adoption rises, the perceived core skills needed for the future SOC remain largely the same.

"*Today’s biggest skills gaps are also the most important for the future*" (Splunk)

CVEs in 2024: growth in critical flaws; increases re: Linux and macOS

Analysis of 2024 vulnerability data shows that last year brought new records, not just in volume but also in severity. Compared to 2023, the total volume of CVEs grew by 61%, with a significant increase in critical (+37%) and exploited (+96%) vulnerabilities.

Other notable increases in exploitation stats related to user-facing software: Chrome saw an 1840% jump in exploited CVEs, while Microsoft Office followed with +433%. Furthermore, Linux vulnerabilities jumped an unprecedented 967% (3,329 cases), while macOS vulnerabilities increased by 95% year over year (508 cases).

The analysis of last year's CVEs also underscored that attackers increasingly target fewer but higher-impact flaws. Thus, exploitation risk (not just vulnerability count) is the key metric to watch in 2025. In our view, the analysis also signals that operating systems historically perceived as more secure than Windows are now under heightened scrutiny and attack, and must be fully integrated into corporate patching and monitoring practices.

Living-off-the-land techniques dominate modern intrusions

Breaching networks do not necessarily require leveraging software vulnerabilities. New managed detection and response (MDR) telemetry reveals a clear trend: attackers increasingly rely on living-off-the-land (LOTL) techniques that abuse legitimate tools already present in the environment. In a dataset of over 700,000 incidents, 84% of major attacks leveraged LOTL methods — marking a major pivot away from malware-heavy approaches.

Attackers increasingly abuse common admin tools like PowerShell, WMI, RDP, and PsExec — widely used in IT environments — to operate undetected, escalate privileges, and exfiltrate data without deploying traditional malware nor triggering security alerts. This is a growing blind spot in many organizations' threat models — one that demands renewed focus on behavioral detection, context-aware alerting, and reducing unnecessary exposure to high-risk admin utilities.

New realities in corporate-targeted fraud

Fraud targeting companies — particularly via call centers — continues to rise, increasingly enabled by low-cost AI tools. According to new data from a major voice authentication firm, enterprise-targeted fraud grew by 26% between 2023 and 2024.

Fraud rate growth (at 1 in x call center calls) (Pindrop)

According to the data, most prevalent techniques are:

Phishing, where attackers elicit sensitive data like login credentials;
Account takeover, often involving credential resets, fund transfers, or card issuance;
First-party fraud, in which legitimate users misrepresent themselves for personal gain;
Account opening fraud, involving fake identities.

Deepfake use in company-targeted fraud calls is also climbing fast, with a marked increase recorded across consecutive quarters through 2024 — signalling a shift toward more sophisticated, AI-enabled deception techniques, and stimulating the market for related detection solutions.

Continuous growth of machine-generated voice calls (% of total volume) (Pindrop)

Most security teams to grow; general IT skills and certifications lead hiring criteria

A global survey of 929 security hiring managers highlights both optimism and friction in early-career cybersecurity hiring. While 62% of organizations plan to grow their cybersecurity teams, persistent gaps remain between expectations and candidate readiness.

Certifications and hands-on experience continue to outweigh formal cybersecurity education — 90% of respondents would hire candidates with IT experience alone, and 89% say a certification is often more valuable than a degree (note: this is data from a certification provider).

Internships (55%) and apprenticeships (46%) are regarded as central hiring channels, especially in sectors like government, telecom, and healthcare. There’s also growing openness to recruiting outside the traditional CS/IT talent pool, with a quarter of hiring managers identifying strong candidates from unrelated academic backgrounds.

Despite high concern about reduction of a company's workforce due to employees leaving and not being replaced (58%), most teams report having the budget to both invest in talent development (75%) and expand headcount (73%).

Hiring managers increasingly value non-technical attributes such as teamwork and problem-solving over hard technical skills. Yet, a skills-expectation gap remains: for example, cloud security is expected knowledge, but only 18% believe entry-level hires can actually execute on it.

These figures likely vary across sectors, regions, and role types. And to balance the narrative above, anecdotally, frustration still appears common among senior information security professionals, who often cite rigid hiring processes, bureaucratic delays, and limited budgets as persistent barriers.

Reports monitored: May 20 - June 30

To take a deeper dive in the topics most relevant for you, find below a list of all the monitored research reports (51) that were published during the observed period.

Title	Organisation(s)	Topic(s)
Featured reports
State of Security 2025: The Stronger, Smarter SOC of the Future	Splunk	SOC / SIEM
2024 Software Vulnerability Report	Action1	CVEs/ software vulnerabilities
2025 Cybersecurity Assessment Report	Bitdefender	Threat perceptions / MDR data
2025 Cybersecurity Hiring Trends	ICS2	hiring
Pindrop 2025 Voice Intelligence and Security Report	PinDrop	voice threats
Other reports monitored
2025 Data Threat Report	Thales	data security / GenAI / general
Navigating Cyber 2025	FS-ISAC	finance / F-ISAC
One in five Dutch companies harmed by cyberattacks in 2024	ABN AMRO	Netherlands / general
2025 State of Small Business Survey	Verizon	SMBs / US
2025 Hybrid Cloud Security Survey	Gigamon	hybrid cloud security
Cyber Trends and Insights in the Marine Environment (CTIME) report	U.S. Coast Guard Cyber Command	maritime / US
SANS 2025 Cyber Threat Intelligence (CTI) Survey	SANS Institute	CTI
State of IT: Security Survey	Salesforce	general security perceptions
State of Cybersecurity Report 2025	Wipro	general security perceptions
Iris' 1st Annual Identity & Cybersecurity Concerns Survey*	Iris (Generali Global Assistance)	consumers / concerns
AI Data Security and Compliance Buyer Behavior Survey	Kiteworks	AI data security
Arctic Wolf Trends Report 2025	Arctic Wolf	general / threats / incident response / readiness
Zscaler ThreatLabz 2025 Phishing Report	Zscaler	phishing
Global Maritime Cyber Threat Report H2 2024	Marlink	maritime
2025 Worldwide Threat Assessment	Defense Intelligence Agency (DIA)	overall threat intelligence / US
Careless Clicks: Could Your Team Spot a Cyber Attack?	Skillcast	phishing
Gen Q1/2025 Threat Report	Gen	phishing / scams
State of IT Security for SMBs in 2025	Devolutions	SMBs
2025 State of SIEM Report	CardinalOps	SIEM
How Much Cyber Loss Can Be Prevented By Using Zero Trust Solutions?	Zscaler	zero trust / historical analysis
‘AI agents: The new attack surface. A global survey of security, IT professionals and executives.	SailPoint	AI agents / survey
2025 Cloud Security Report	CheckPoint	cloud / CISO perspectives
Q1 2025 Threat Insights Report	Fastly	bots
Blancco 2025 State of Data Sanitization Report	Blancco	data sanitisation
The State of Cloud Runtime Security	ARMO	cloud security tools
The Battle in the Dark 2025	Signicat	identity fraud
Voice of SecOps 2025 - Cybersecurity & AI: Promises, Pitfalls – and Prevention Paradise	Deep Instinct	secops / AI
2025 LevelBlue Spotlight Report for Healthcare	LevelBlue	healthcare
Arelion DDoS Threat Landscape Report 2025	Arelion	DDoS
2025 Cyber Survey: Application Security at a Breaking Point	Radware	app security
44% of people encounter a mobile scam every single day, Malwarebytes finds	Malwarebytes	scams / mobile
How Analyzing 700,000 Security Incidents Helped Our Understanding of Living Off the Land Tactics	Bitdefender	LoTL
2025 Healthcare IT Landscape Report	Omega Systems	healthcare / general
2025 Komprise IT Survey: AI, Data & Enterprise Risk	Komprise	AI / data risk
Tool Sprawl & Threat Mitigation Survey	Barracuda Networks	tool sprawl
2025 EY Global Cybersecurity Leadership Insights Study	Ernst & Young (EY)	security leader perspectives
Extreme Resilience Isn’t Optional—It’s Operational	Absolute	resilience / general
Prowler’s State of Cloud Security Report 2025	Prowler	cloud
The Mind of the CISO: Closing the gap between reaction and readiness:	Trellix	CISO perspective / threat intel
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM	Sumo Logic	SIEM / leader perspectives
CISO’s guide to mastering the risk and potential of AI	NTT	General GenAI trends
AI Security Readiness: Insights from 100 Cloud Architects, Engineers, and Security Leaders	Wiz	AI use in the cloud
CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of AI and Tightening Regulation	CSC	AI / CISO perspectives
2025 Medical Device Cybersecurity Index	RunSafe	medical devices
Cyber Threat Intelligence Report 2025	Bridewell	CTI
Sophos State of Ransomware report	Sopohos	ransomware
State of Cybersecurity Resilience 2025	Accenture	security perceptions

About

evisec's Cybersecurity Research Digest provides security leaders verified strategic insights via a carefully curated weekly summary of evidence-led, unbiased and objective cybersecurity research publications. Read more about our service here.

✉️ Suggestions or want to collaborate? Get in touch via LinkedIn or email (henry@evisec.xyz)