Cybereason TTP Briefing Q3 2025: LOLBINs and CVE Exploits Dominate

Cybereason's Q3 2025 TTP Briefing reports that business email compromise and ransomware remain dominant, exploited high-severity CVEs (notably SonicWall CVE-2024-40766 leveraged by 'Akira') have increased, MFA bypass and insider threats are rising, and adversaries are using LOLBINs and credential stealers to evade detection; the report emphasizes urgent patching, phishing-resistant MFA, improved behavioral detection, and incident response planning.