Category: Information Security Buzz

A Shopify plugin meant to safeguard privacy did the opposite. For over 100 days, it quietly exposed hundreds of online stores to the kind of risk most businesses dread; data theft, full account takeover, and hijacked ad spend.  Ironically, the…

Read more →

A global police operation has dealt a heavy blow to the pro-Russian cybercrime network dubbed NoName057(16), which has been accused of launching disruptive digital attacks in support of Moscow’s war against Ukraine. Between 14 and 17 July, law enforcement agencies…

Read more →

Every year, the security community attends regional conferences, which offer a combination of educational learning, hands-on training, and the opportunity to meet with new and familiar faces. Steelcon takes place in Sheffield in mid-July. This year, the conference marked its…

Read more →

Cyber attacks are rising. Fast.  In the second quarter of 2025, entities around the world faced an average of 1,984 cyber attacks each week.  This was revealed by new research from Check Point.  That’s a 21% increase from the same…

Read more →

Cybercriminals have found a new way to stay hidden in plain sight. They’re using artificial intelligence to cloak phishing sites, fake stores, and malware traps, shielding them from scanners while still reaching real victims. This was revealed by recent research…

Read more →

The infamous cybercrime group known as Scattered Spider is expanding its playbook, and laying the groundwork long before the breach. New findings from Check Point Research reveal a sprawling infrastructure of more than 500 phishing domains, many designed to impersonate…

Read more →

The ransomware crisis continues to deepen. In the first half of 2025, 3,627 attacks were logged worldwide, a 47% jump from the same period last year. But confirmation remains scarce. According to Comparitech, of those incidents, just 445 were publicly…

Read more →

The biggest threat to your business may no longer be malware or ransomware. It’s your people. Or rather, their identities. Between 2023 and the first quarter of 2025, identity-driven threats surged by 156%, now accounting for 59% of all confirmed…

Read more →

Ingram Micro has confirmed a ransomware attack that has forced systems offline and disrupted core services across its global operations. The breach, first reported as an unexplained outage on 3 July has now been linked to the SafePay ransomware group,…

Read more →

Cloud computing has its perks: speed, scalability, and innovation, to name just a few. However, increasing reliance on cloud computing has changed the threat landscape and created substantial points of vulnerability.   The toxic cloud trilogy of cloud workload risks –…

Read more →

Cybersecurity analyst Jeremiah Fowler has discovered an unprotected Amazon S3 database that wasn’t encrypted or password protected and contained some 27,000 records. The records included highly personal information such as driver’s licenses, Medicaid cards, work statements, and bank statements that…

Read more →

The EU AI Act represents a crucial step towards responsible AI development, deployment, and use of AI in the European Union. However, Lamprini Gyftokosta, Director of Artificial Intelligence and Human Rights at Homo Digitalis, raises serious questions about its effectiveness…

Read more →

A new ransomware gang, Arkana Security, is claiming responsibility for an enormous breach at WideOpenWest (WoW), one of the largest cable operators and ISPs in the US.  The malicious actors boasted they had full backend control and even put a…

Read more →

Silicon Valley security provider AppSOC has branded DeepSeek-R1, one of the latest highly advanced artificial intelligence (AI) models to emerge from China, a “high-risk model unsuitable for enterprise use.” They strongly recommend that enterprises not use the DeepSeek-R1 model provided on…

Read more →

Despite Oracle’s denial of a breach affecting its Oracle Cloud federated SSO login servers, Bleeping Computer has confirmed with multiple companies that data samples shared by the threat actor are authentic.  Recently, a threat actor, “rose87168,” claimed to be selling…

Read more →

Five critical security vulnerabilities have been found in the Ingress NGINX Controller for Kubernetes, potentially enabling unauthenticated remote code execution. This exposure puts over 6,500 clusters at immediate risk by making the component accessible via the public internet.  The vulnerabilities,…

Read more →

Rhino Security researchers have identified multiple critical vulnerabilities in Appsmith, an open-source developer platform commonly used for building internal applications. The most severe of these is CVE-2024-55963, which enables unauthenticated attackers to execute arbitrary system commands on servers running default…

Read more →

The cybersecurity landscape is facing a critical turning point as quantum computing (QC) rapidly advances. Delaying the implementation of post-quantum cryptography (PQC) solutions could have devastating consequences for data privacy.   Traditional encryption methods, including RSA and ECC, are on the…

Read more →

A powerful new attack tool, Atlantis AIO, is making it easier than ever for cybercrooks to access online accounts. Designed to perform credential stuffing attacks automatically, Atlantis AIO enables hackers to test millions of stolen usernames and passwords in rapid…

Read more →

The latest email threat landscape report from cybersecurity solutions provider Fortra identifies how stolen personal data is being leveraged to curate very detailed email attacks. Almost all these attacks are social engineering or phishing attacks, often across multiple channels, with…

Read more →