CRD #23

CRD #23
Photo by Boitumelo / Unsplash
The Cybersecurity Research Digest cuts through the marketing fluff and bias to bring you relevant and objective insights on cybersecurity stats and trends, all backed by empirical data.

This post features highlights from trustworthy research sources released between May 20 and June 30, 2025, followed by a list of all monitored reports.


TL;DR

  • SOC struggles persist despite reported efficiency gains from AI, with tool sprawl and data silos still widespread
  • CVE volumes surged in 2024, with a 61% overall increase and major spikes in Linux and macOS vulns
  • Living-off-the-land techniques dominate intrusions, with 84% of attacks leveraging built-in admin tools
  • Corporate-targeted fraud increased by 26%, driven by phishing, account takeover, and deepfake-enabled scams
  • Hiring managers prioritize general IT knowledge, teamwork and problem-solving over technical cybersecurity skills

SOC challenges persist — is AI making a difference?

Studies reviewed by CRD this year often come with a recurring theme: constant struggles inside most security operations centers (SOCs). The keywords are tool sprawl, alert fatigue, poor data integration, and the resulting human toll — leading to burnout and high staff turnover. 

Splunk’s latest survey of over 2,000 security professionals confirms this picture. Nearly half (46%) of respondents say they now spend more time maintaining tools than actually defending against threats. Additionally, data accessibility remains a key issue, with 78% reporting their security tools are dispersed and disconnected, highlighting the longstanding challenge of siloed architectures.

As expected, AI is perceived as the solution. According to the report, 59% already see moderate or significant efficiency gains from using AI. Furthermore, security-specific AI solutions are seen to outperform general-purpose LLMs — 63% of respondents say domain-specific models have significantly or extremely improved their security operations.

While optimism around AI is growing, trust levels still vary. According to the report, 11% of respondents say they fully trust AI in security operations, and 61% express partial trust — notably high figures given the typically risk-averse nature of security teams.

Security team trust in AI for critical security operations (Splunk)

Trust likely depends on how security teams define “AI” — and definitions remain vague. "Truly" agentic AI, where models act and make critical operational decisions autonomously without human oversight, still appears largely aspirational. Furthermore, as the initial hype subsides, it would not be surprising to see reports that AI-based solutions often add complexity rather than clarity in practice, becoming another system to integrate, monitor, and manage.

The underlying problems — overworked teams, fragmented data, and persistent skills shortages — haven't gone away so far. It is also telling that, even as AI adoption rises, the perceived core skills needed for the future SOC remain largely the same.

"Today’s biggest skills gaps are also the most important for the future" (Splunk)

CVEs in 2024: growth in critical flaws; increases re: Linux and macOS

Analysis of 2024 vulnerability data shows that last year brought new records, not just in volume but also in severity. Compared to 2023, the total volume of CVEs grew by 61%, with a significant increase in critical (+37%) and exploited (+96%) vulnerabilities.

Other notable increases in exploitation stats related to user-facing software: Chrome saw an 1840% jump in exploited CVEs, while Microsoft Office followed with +433%. Furthermore, Linux vulnerabilities jumped an unprecedented 967% (3,329 cases), while macOS vulnerabilities increased by 95% year over year (508 cases).

The analysis of last year's CVEs also underscored that attackers increasingly target fewer but higher-impact flaws. Thus, exploitation risk (not just vulnerability count) is the key metric to watch in 2025. In our view, the analysis also signals that operating systems historically perceived as more secure than Windows are now under heightened scrutiny and attack, and must be fully integrated into corporate patching and monitoring practices.

Living-off-the-land techniques dominate modern intrusions

Breaching networks do not necessarily require leveraging software vulnerabilities. New managed detection and response (MDR) telemetry reveals a clear trend: attackers increasingly rely on living-off-the-land (LOTL) techniques that abuse legitimate tools already present in the environment. In a dataset of over 700,000 incidents, 84% of major attacks leveraged LOTL methods — marking a major pivot away from malware-heavy approaches.

Attackers increasingly abuse common admin tools like PowerShell, WMI, RDP, and PsExec — widely used in IT environments — to operate undetected, escalate privileges, and exfiltrate data without deploying traditional malware nor triggering security alerts. This is a growing blind spot in many organizations' threat models — one that demands renewed focus on behavioral detection, context-aware alerting, and reducing unnecessary exposure to high-risk admin utilities.

New realities in corporate-targeted fraud

Fraud targeting companies — particularly via call centers — continues to rise, increasingly enabled by low-cost AI tools. According to new data from a major voice authentication firm, enterprise-targeted fraud grew by 26% between 2023 and 2024.

Fraud rate growth (at 1 in x call center calls) (Pindrop)

According to the data, most prevalent techniques are:

  • Phishing, where attackers elicit sensitive data like login credentials;
  • Account takeover, often involving credential resets, fund transfers, or card issuance;
  • First-party fraud, in which legitimate users misrepresent themselves for personal gain;
  • Account opening fraud, involving fake identities.
Most dominant fraud types (Pindrop)

Deepfake use in company-targeted fraud calls is also climbing fast, with a marked increase recorded across consecutive quarters through 2024 — signalling a shift toward more sophisticated, AI-enabled deception techniques, and stimulating the market for related detection solutions.

Continuous growth of machine-generated voice calls (% of total volume) (Pindrop)

Most security teams to grow; general IT skills and certifications lead hiring criteria

A global survey of 929 security hiring managers highlights both optimism and friction in early-career cybersecurity hiring. While 62% of organizations plan to grow their cybersecurity teams, persistent gaps remain between expectations and candidate readiness.

Certifications and hands-on experience continue to outweigh formal cybersecurity education — 90% of respondents would hire candidates with IT experience alone, and 89% say a certification is often more valuable than a degree (note: this is data from a certification provider).

Internships (55%) and apprenticeships (46%) are regarded as central hiring channels, especially in sectors like government, telecom, and healthcare. There’s also growing openness to recruiting outside the traditional CS/IT talent pool, with a quarter of hiring managers identifying strong candidates from unrelated academic backgrounds.

Despite high concern about reduction of a company's workforce due to employees leaving and not being replaced (58%), most teams report having the budget to both invest in talent development (75%) and expand headcount (73%).

Hiring managers increasingly value non-technical attributes such as teamwork and problem-solving over hard technical skills. Yet, a skills-expectation gap remains: for example, cloud security is expected knowledge, but only 18% believe entry-level hires can actually execute on it.

These figures likely vary across sectors, regions, and role types. And to balance the narrative above, anecdotally, frustration still appears common among senior information security professionals, who often cite rigid hiring processes, bureaucratic delays, and limited budgets as persistent barriers.


Reports monitored: May 20 - June 30

To take a deeper dive in the topics most relevant for you, find below a list of all the monitored research reports (51) that were published during the observed period.

Title Organisation(s) Topic(s)
Featured reports
State of Security 2025: The Stronger, Smarter SOC of the Future Splunk SOC / SIEM
2024 Software Vulnerability Report Action1 CVEs/ software vulnerabilities
2025 Cybersecurity Assessment Report Bitdefender Threat perceptions / MDR data
2025 Cybersecurity Hiring Trends ICS2 hiring
Pindrop 2025 Voice Intelligence and Security Report PinDrop voice threats
Other reports monitored
2025 Data Threat Report Thales data security / GenAI / general
Navigating Cyber 2025 FS-ISAC finance / F-ISAC
One in five Dutch companies harmed by cyberattacks in 2024 ABN AMRO Netherlands / general
2025 State of Small Business Survey Verizon SMBs / US
2025 Hybrid Cloud Security Survey Gigamon hybrid cloud security
Cyber Trends and Insights in the Marine Environment (CTIME) report U.S. Coast Guard Cyber Command maritime / US
SANS 2025 Cyber Threat Intelligence (CTI) Survey SANS Institute CTI
State of IT: Security Survey Salesforce general security perceptions
State of Cybersecurity Report 2025 Wipro general security perceptions
Iris' 1st Annual Identity & Cybersecurity Concerns Survey* Iris (Generali Global Assistance) consumers / concerns
AI Data Security and Compliance Buyer Behavior Survey Kiteworks AI data security
Arctic Wolf Trends Report 2025 Arctic Wolf general / threats / incident response / readiness
Zscaler ThreatLabz 2025 Phishing Report Zscaler phishing
Global Maritime Cyber Threat Report H2 2024 Marlink maritime
2025 Worldwide Threat Assessment Defense Intelligence Agency (DIA) overall threat intelligence / US
Careless Clicks: Could Your Team Spot a Cyber Attack? Skillcast phishing
Gen Q1/2025 Threat Report Gen phishing / scams
State of IT Security for SMBs in 2025 Devolutions SMBs
2025 State of SIEM Report CardinalOps SIEM
How Much Cyber Loss Can Be Prevented By Using Zero Trust Solutions? Zscaler zero trust / historical analysis
‘AI agents: The new attack surface. A global survey of security, IT professionals and executives. SailPoint AI agents / survey
2025 Cloud Security Report CheckPoint cloud / CISO perspectives
Q1 2025 Threat Insights Report Fastly bots
Blancco 2025 State of Data Sanitization Report Blancco data sanitisation
The State of Cloud Runtime Security ARMO cloud security tools
The Battle in the Dark 2025 Signicat identity fraud
Voice of SecOps 2025 - Cybersecurity & AI: Promises, Pitfalls – and Prevention Paradise Deep Instinct secops / AI
2025 LevelBlue Spotlight Report for Healthcare LevelBlue healthcare
Arelion DDoS Threat Landscape Report 2025 Arelion DDoS
2025 Cyber Survey: Application Security at a Breaking Point Radware app security
44% of people encounter a mobile scam every single day, Malwarebytes finds Malwarebytes scams / mobile
How Analyzing 700,000 Security Incidents Helped Our Understanding of Living Off the Land Tactics Bitdefender LoTL
2025 Healthcare IT Landscape Report Omega Systems healthcare / general
2025 Komprise IT Survey: AI, Data & Enterprise Risk Komprise AI / data risk
Tool Sprawl & Threat Mitigation Survey Barracuda Networks tool sprawl
2025 EY Global Cybersecurity Leadership Insights Study Ernst & Young (EY) security leader perspectives
Extreme Resilience Isn’t Optional—It’s Operational Absolute resilience / general
Prowler’s State of Cloud Security Report 2025 Prowler cloud
The Mind of the CISO: Closing the gap between reaction and readiness: Trellix CISO perspective / threat intel
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM Sumo Logic SIEM / leader perspectives
CISO’s guide to mastering the risk and potential of AI NTT General GenAI trends
AI Security Readiness: Insights from 100 Cloud Architects, Engineers, and Security Leaders Wiz AI use in the cloud
CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of AI and Tightening Regulation CSC AI / CISO perspectives
2025 Medical Device Cybersecurity Index RunSafe medical devices
Cyber Threat Intelligence Report 2025 Bridewell CTI
Sophos State of Ransomware report Sopohos ransomware
State of Cybersecurity Resilience 2025 Accenture security perceptions

About

evisec's Cybersecurity Research Digest provides security leaders verified strategic insights via a carefully curated weekly summary of evidence-led, unbiased and objective cybersecurity research publications. Read more about our service here.


✉️ Suggestions or want to collaborate? Get in touch via LinkedIn or email (henry@evisec.xyz)