The Israeli spyware maker must pay $444,719 in compensatory damages to Meta and $167.25m in punitive damages This article has been indexed from www.infosecurity-magazine.com Read the original article: NSO Group Hit with $168m Fine for WhatsApp Pegasus Spyware Abuse
Category: EN
Passkeys Set to Protect GOV.UK Accounts Against Cyber-Attacks
The UK government has announced that it will be replace its current SMS verification system with passkeys by the end of 2025 This article has been indexed from www.infosecurity-magazine.com Read the original article: Passkeys Set to Protect GOV.UK Accounts Against…
Microsoft to say NO to passwords and to shut down Authenticator App
For years, tech companies have been advocating for a shift toward passwordless login systems, citing the reduced security risks associated with traditional passwords. Now, in a major move, Microsoft, the American software behemoth, is on track to completely eliminate password-based…
Top 10 Cloud Security Mitigation Tactics
As businesses continue to migrate operations and data to the cloud, securing cloud environments has become more critical than ever. Cloud security threats are dynamic and complex, making proactive mitigation tactics essential to protect sensitive data, ensure compliance, and maintain…
Ox Security lands a fresh $60M to scan for vulnerabilities in code
As “vibe coding” gains in popularity and tech companies push devs in their employ to embrace generative AI tools, a platform that scans for vulnerabilities in AI-generated code has raised a fresh round of funding. Ox Security, which models risk…
Curl project founder snaps over deluge of time-sucking AI slop bug reports
Lead dev likens flood to ‘effectively being DDoSed’ Curl project founder Daniel Stenberg is fed up with of the deluge of AI-generated “slop” bug reports and recently introduced a checkbox to screen low-effort submissions that are draining maintainers’ time.… This…
AppSignal Raises $22 Million for Application Monitoring Solution
Application performance monitoring provider AppSignal has raised $22 million in a Series A funding round led by Elsewhere Partners. The post AppSignal Raises $22 Million for Application Monitoring Solution appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
BlueVoyant introduces Continuous Optimization for Microsoft Security
BlueVoyant launched its Continuous Optimization for Microsoft Security (COMS) offering. COMS improves security outcomes, helps customers stay ahead of cyber threats, and minimizes technology costs by drawing on BlueVoyant’s expertise with the Microsoft Security stack. The Microsoft Security suite provides…
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization
Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat…
Iranian Cyber Actors Impersonate Model Agency in Suspected Espionage Operation
A suspected Iranian espionage campaign impersonated a model agency site for data collection, including fictitious models as possible social engineering lures. The post Iranian Cyber Actors Impersonate Model Agency in Suspected Espionage Operation appeared first on Unit 42. This article…
DragonForce: Emerging Hybrid Cyber Threat in the 2025 Ransomware Landscape
DragonForce has swiftly risen as a formidable player in 2025, embodying a hybrid threat that blends ideological ambiguity with ruthless opportunism. First identified in December 2023 with the debut of its “DragonLeaks” dark web portal, DragonForce may trace its origins…
Lampion Banking Malware Uses ClickFix Lures to Steal Banking Credentials
Unit 42 researchers at Palo Alto Networks, a highly targeted malicious campaign orchestrated by the threat actors behind the Lampion banking malware has been uncovered. Active since at least 2019, Lampion is an infostealer notorious for extracting sensitive banking information.…
Researchers Simulate DPRK’s Largest Cryptocurrency Heist Through Compromised macOS Developer and AWS Pivoting
Security researchers at Elastic have recreated the intricate details of the February 21, 2025, ByBit cryptocurrency heist, where approximately 400,000 ETH-valued at over a billion dollars-was stolen. Attributed to North Korea’s elite cyber unit, TraderTraitor, this attack exploited a trusted…
State of ransomware in 2025
Kaspersky researchers review ransomware trends for 2024, analyze the most active groups and forecast how this threat will evolve in 2025. This article has been indexed from Securelist Read the original article: State of ransomware in 2025
UK Cyber Insurance Claims Second Highest on Record
Marsh says ransomware drove cyber insurance claims to second highest on record in 2024 This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Cyber Insurance Claims Second Highest on Record
UK Government Warns Retail Attacks Must Serve as a “Wake-up Call”
UK government minister Pat McFadden said during CYBERUK that the incidents affecting M&S, Co-op and Harrods show that cybersecurity is a necessity This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Government Warns Retail Attacks Must Serve…
Mirai Botnet Actively Targeting GeoVision IoT Devices for Command Injection Exploits
The Akamai Security Intelligence and Response Team (SIRT) has identified active exploitation of command injection vulnerabilities in discontinued GeoVision Internet of Things (IoT) devices. The vulnerabilities, tracked as CVE-2024-6047 and CVE-2024-11120, were initially disclosed in June and November 2024, respectively,…
NSO Group must pay WhatsApp over $167M in damages for attacks on its users
NSO Group must pay WhatsApp over $167M in damages for a 2019 hack targeting 1,400+ users, per U.S. jury ruling after a five-year legal battle. A U.S. jury ordered NSO Group to pay WhatsApp over $167M for using Pegasus spyware…
Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day
At least two ransomware groups exploited the Windows zero-day CVE-2025-29824 before it was patched by Microsoft. The post Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Actively exploited FreeType flaw fixed in Android (CVE-2025-27363)
Google has released fixes for a bucketload of Android security vulnerabilities, including a FreeType flaw (CVE-2025-27363) that “may be under limited, targeted exploitation.” About CVE-2025-27363 CVE-2025-27363 is an out of bounds write vulnerability in FreeType, an open-source software library that…