Getty Images/iStockphoto
News brief: Attackers gain speed in cybersecurity race
Check out the latest security news from the Informa TechTarget team
Just 15 years ago, the median dwell time of a cyberattack -- the duration an attacker remains within their victim's system, spanning from the initial signs of compromise to the moment of detection -- was 416 days, according to Mandiant. That metric has steadily decreased over the past decade and a half, falling to 11 days in 2024.
Reasons for dwell time decreases are twofold. Enterprise security monitoring, logging and alerting capabilities have become stronger and more effective, while certain attacks -- such as ransomware, in which malicious actors attempt to extort victims rapidly -- are detected much more quickly. Yet these points are countered by overworked or under-skilled security teams and immature incident response plans, as well as by sophisticated advanced persistent threats that use stealth and living-off-the-land techniques to evade detection for long periods.
Cybersecurity is a tale as old as time: As enterprise defenses get stronger, adversaries up the ante on attacks. Rinse and repeat.
As this week's featured news highlights, attackers continue to improve their speed. Organizations must, in turn, step up their game to monitor, detect and eradicate threats faster than ever before.
AI revolutionizes cyberattack speed and sophistication
AI is transforming the cyberattack landscape, enabling attackers to accelerate lateral movement, data exfiltration and phishing campaigns, according to a ReliaQuest report. In 2025, lateral movement times dropped 29% to an average of 34 minutes, while data exfiltration times fell to just six minutes -- a decrease from four hours in 2024.
ReliaQuest researchers pointed to AI-powered tools such as BoaLoader malware, which they said "reflects the first major convergence of AI-assisted development, social engineering and traditional cybercrime."
Reports from IBM and Resilience had similar findings, highlighting AI's role in compressing decision cycles and scaling attacks, while a Sophos report cautioned that fully autonomous AI-driven attacks remain a future threat.
PCI SSC highlights global collaboration in payment security
The PCI Security Standards Council released its first annual report since its founding in 2006, emphasizing global coordination to address increasingly sophisticated payment security threats and noting the rapid pace of attacks -- and the need for organizations to accelerate defenses.
The report outlined initiatives in training, compliance and collaboration to secure mobile, data, device, software and card products, as well as types of attacks payment systems face.
The Council's efforts include expanding global boards and launching new regional initiatives. However, challenges such as fragmentation and the misuse of AI persist. PCI SSC said it aims to streamline processes and enhance global collaboration to mitigate risks and advance payment security.
Rapid weaponization of vulnerabilities challenges defenders
Less than 1% of software vulnerabilities were exploited in the wild in 2025, but attackers weaponized flaws faster and on a larger scale, according to a report from VulnCheck.
Researchers tracked more than 14,400 exploits tied to 10,500 CVEs, a 16.5% increase from 2024, partly driven by AI-generated proof-of-concept code, much of which was nonfunctional.
This surge complicates defenders' ability to prioritize threats, as AI-generated data overwhelms efforts to identify legitimate risks.
More than 50% of ransomware-linked CVEs stemmed from zero-day vulnerabilities. React2Shell (CVE-2025-55182) and a Microsoft SharePoint flaw (CVE-2025-53770) were among the most exploited vulnerabilities, highlighting the urgency for faster mitigation.
Accelerating cyberthreats: AI and speed reshape security challenges
In 2025, cybercriminals dramatically reduced breakout times, averaging 29 minutes, with the fastest intrusion lasting just 27 seconds, according to CrowdStrike's "2026 Global Threat Report."
Attackers increasingly exploited legitimate credentials, bypassing traditional defenses and blending into normal activity, with 82% of intrusions being malware-free. Unmanaged devices, such as VPNs and personal devices, were prime targets, especially for China-backed groups.
AI emerged as both a weapon and an attack surface, enabling faster reconnaissance, phishing and exploitation. Threat actors also targeted vulnerabilities in AI tools, injecting malicious prompts and exploiting platforms.
Read the full article by Jai Vijayan on Dark Reading.
Editor's note: An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.
Sharon Shea is executive editor of TechTarget Security.
