Full Report
The trends that emerged in January offer useful clues about the risks and priorities that security teams are likely to contend with throughout the year
Analysis Summary
# Main Topic
Threat landscape intelligence derived from trends observed in January, providing early indicators for security risks and priorities for the remainder of the year.
## Key Points
- The shift in CEO priorities shows that cyber-fraud has officially displaced ransomware as the primary concern globally, according to the World Economic Forum.
- A severe, unauthenticated AI-driven security vulnerability was discovered and patched at ServiceNow.
- Unsecured Zendesk support systems were successfully leveraged to facilitate a massive, global spam campaign.
- A major ransomware incident involved the alleged exfiltration of 1.4 TB of data from Nike's systems.
## Threat Actors
- Specific threat actors were not detailed for the ServiceNow or Zendesk incidents, but they were utilized by bad actors for a massive spam campaign.
- A specific ransomware gang is implicated in the data theft against Nike (attribution not specified).
## TTPs
- **AI Vulnerability Exploitation (ServiceNow):** Attackers could potentially pose as system administrators without authentication via the vulnerability.
- **Abuse of Support Systems:** Hijacking Zendesk ticket systems to launch spam campaigns.
- **Ransomware/Extortion:** Theft and claimed exfiltration of large volumes of data (1.4 TB scenario).
## Affected Systems
- **ServiceNow:** Affected by CVE-2025-12420, an AI-driven security vulnerability in their platform.
- **Zendesk:** Support systems found to have security gaps allowing abuse for spamming operations.
- **Nike:** Victim of a recent ransomware/extortion incident involving data theft.
## Mitigations
- **ServiceNow Patching:** Required immediate patching for CVE-2025-12420 to prevent unauthenticated remote admin takeover of the AI platform.
- **Zendesk Configuration:** Need to secure support systems to prevent abuse for secondary malicious campaigns like spamming.
- **General Ransomware Defense:** Continued focus on preventing the data exfiltration associated with ransomware attacks.
## Conclusion
Security teams should prioritize addressing weaknesses that enable high-impact fraud vectors, as CEO concern indicates this financial crime category is now leading the threat landscape. Critical focus areas include patching severe vulnerabilities in core platforms like ServiceNow, securing third-party support systems (Zendesk), and maintaining vigilance against advanced ransomware extortion tactics.