State-sponsored hackers from Russia and North Korea are collaborating on shared infrastructure, marking a significant shift in cyber geopolitics. Security researchers have uncovered evidence suggesting that Gamaredon, a Russia-aligned advanced persistent threat (APT) group, and Lazarus, North Korea’s primary cyber…
Category: EN
Microsoft Warns of Security Risks in New Agentic AI Feature
Microsoft is sounding the alarm on critical security considerations as it introduces agentic AI capabilities to Windows through experimental features like Copilot Actions. The company is rolling out a new agent workspace feature in private preview that establishes isolated environments…
Major US Banks Impacted by SitusAMC Hack
Hackers stole corporate data such as accounting records and legal agreements, but did not deploy file-encrypting ransomware. The post Major US Banks Impacted by SitusAMC Hack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
CISA: Spyware and RATs used to target WhatsApp and Signal Users
CISA warns that threat actors are actively using commercial spyware and RATs to target users of mobile messaging apps WhatsApp and Signal. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of threat actors using commercial spyware and remote…
Four Ways AI Is Being Used to Strengthen Democracies Worldwide
Democracy is colliding with the technologies of artificial intelligence. Judging from the audience reaction at the recent World Forum on Democracy in Strasbourg, the general expectation is that democracy will be the worse for it. We have another narrative. Yes,…
WhatsApp closes loophole that let researchers collect data on 3.5B accounts
A weak spot in WhatsApp’s API allowed researchers to scrape data linked to 3.5 billion registered accounts, including profile photos and “about” text. This article has been indexed from Malwarebytes Read the original article: WhatsApp closes loophole that let researchers…
CISA warns spyware crews are breaking into Signal and WhatsApp accounts
Attackers sidestep encryption with spoofed apps and zero-click exploits to compromise ‘high-value’ mobile users CISA has warned that state-backed snoops and cyber-mercenaries are actively abusing commercial spyware to break into Signal and WhatsApp accounts, hijack devices, and quietly rummage through…
Fake “Windows Update” screens fuels new wave of ClickFix attacks
A convincing (but fake) “Windows Update” screen can be the perfect lure for tricking users into infecting their computers with malware. Add a multi-stage delivery chain with some offbeat techniques, and infostealer operators have everything they need to slip past…
The Dual-Use Dilemma of AI: Malicious LLMs
The line between research tool and threat creation engine is thin. We examine the capabilities of WormGPT 4 and KawaiiGPT, two malicious LLMs. The post The Dual-Use Dilemma of AI: Malicious LLMs appeared first on Unit 42. This article has…
Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware
Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information stealer known as StealC V2. “This ongoing operation, active for at least six months, involves implanting malicious .blend files on platforms…
3 SOC Challenges You Need to Solve Before 2026
2026 will mark a pivotal shift in cybersecurity. Threat actors are moving from experimenting with AI to making it their primary weapon, using it to scale attacks, automate reconnaissance, and craft hyper-realistic social engineering campaigns. The Storm on the Horizon…
Russian spy ship theories sink after Orkney blackout traced to wind farm fault
Timing of Yantar’s visit sparked gossip, but engineers point to a misbehaving protection system Cock-up beats conspiracy most of the time, but that didn’t stop Orkney residents wondering if a Russian warship caused their two-hour power cut.… This article has…
AI and Deepfake-Powered Fraud Skyrockets Amid Identity Fraud Stagnation
In its latest annual identity fraud report, Sumsub observed a “sophistication shift” in global fraud trends This article has been indexed from www.infosecurity-magazine.com Read the original article: AI and Deepfake-Powered Fraud Skyrockets Amid Identity Fraud Stagnation
Italian Police Raid Amazon Sites In Customs Probe
Police in Italy raid Amazon headquarters in Milan and Bergamo logistics centre in ongoing probe over customs and tax evasion charges This article has been indexed from Silicon UK Read the original article: Italian Police Raid Amazon Sites In Customs…
640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack
The new self-replicating worm iteration has destructive capabilities, erasing home directory contents if it cannot spread to more repositories. The post 640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack appeared first on SecurityWeek. This article has been indexed…
NSFOCUS Receives International Recognition: 2025 Global Competitive Strategy Leadership for AI-Driven Security Operation
SANTA CLARA, Calif., Nov 25, 2025 – Recently, NSFOCUS Generative Pre-trained Transformer (NSFGPT) and Intelligent Security Operations Platform (NSFOCUS ISOP) were recognized by the internationally renowned consulting firm Frost & Sullivan and won the 2025 Global Competitive Strategy Leadership for…
Nevada’s Trojan Download, Penn’s 1.2M Donor Breach, and the Malware That Kills Your Defenses First
In Nevada, a state employee downloaded what looked like a harmless tool from a search ad. The file had been tampered with, and that single moment opened the door to months of silent attacker movement across more than 60 agencies. …
Mounting Cyber-Threats Prompt Calls For Economic Security Bill
MPs in the UK want a new economic security regime to tackle cyber and related threats This article has been indexed from www.infosecurity-magazine.com Read the original article: Mounting Cyber-Threats Prompt Calls For Economic Security Bill
Comcast To Pay $1.5m Over Vendor Data Breach
Comcast settlement with US FCC sees it pay $1.5m fine after breach of debt collection firm leaked thousands of customers’ personal data This article has been indexed from Silicon UK Read the original article: Comcast To Pay $1.5m Over Vendor…
Microsoft cracks down on malicious meeting invites
Phishing is shifting into places people rarely check. Meeting invites that plant themselves on calendars can survive long after the malicious email is gone. That leaves a quiet opening for attackers. Microsoft has updated Defender for Office 365 so that…