Namibia’s Cyber Security Incident Response Team (NAM-CSIRT) recorded 535,204 cyber vulnerabilities between October and December 2025, representing a 4.28% decline compared to the previous quarter.
According to quarterly statistics released by the Communications Regulatory Authority of Namibia (CRAN), a total of 195,661 cyber events were detected during the same period, marking a 50.94% drop from July to September 2025.
The report found that the most common vulnerabilities were linked to misconfigured or outdated systems, underscoring the need for regular system updates and improved cyber hygiene.
“During the period October to December 2025, NAM-CSIRT detected a total of 535,204 cyber vulnerabilities across various domains and IP addresses within the Namibian cyber landscape. This represents a 4.28% decrease compared to the previous quarter. The top ten vulnerabilities identified primarily relate to misconfigured or outdated services, highlighting the importance of proper system maintenance and security updates,” said CRAN Executive for Communications and Consumer Relations, Mufaro Nesongano.
Despite the overall decline in vulnerabilities and cyber events, NAM-CSIRT reported a rise in phishing attempts and cyber-enabled fraud, with attackers increasingly exploiting public trust and organisational weaknesses.
The report also highlighted the growing sophistication of fraudulent websites designed to impersonate legitimate organisations.
Emerging ransomware groups, including Genesis and Benzona, were identified as rising threats. Genesis targets organisations using advanced encryption and lateral movement techniques, while Benzona operates a double-extortion model, encrypting systems and exfiltrating sensitive data to pressure victims into paying ransoms.
“Another emerging ransomware operation identified in late 2025 is Benzona, which demonstrates a rapidly maturing operational capability. The group operates under a double-extortion model, encrypting victim systems while simultaneously exfiltrating sensitive data to pressure organisations into paying a ransom,” Nesongano said.
NAM-CSIRT has also been strengthening regional cooperation and capacity-building efforts. In November 2025, the team participated in the SADC Cyber Drill and the AfricaCERT meeting in Lesotho, as part of efforts to establish the SADC Regional Computer Incident Response Team (SR-CIRT).
