Category: Information Security Buzz

The Olympics have traditionally been a major attack vector for cyber disruption, espionage, and financially motivated attacks.   The 2018 Winter Olympic Games in PyeongChang saw the Olympic Destroyer malware used to disrupt Wi-Fi, ticket, and venue systems during the opening…

Read more →

The Everest ransomware group has claimed responsibility for the breach against the global information management and storage firm Iron Mountain, stating that it stole approximately 1.4 terabytes of the firm’s internal and customer data.   The claims were made through the group’s posts on the…

Read more →

Attackers have hijacked the update mechanism of Notepad++, one of the world’s most popular open-source text editors, delivering  malware to targeted users over a period of six months.  In an advisory, developer Don Ho discussed how bad actors weaponized his two-decade-old project between June and December last year.  An…

Read more →

In 2025, attackers didn’t only target traditional areas of vulnerability; they went after those with the least defense and the most rapid change. These include new AI technologies, web applications, and operational technology (OT) for industries such as healthcare, manufacturing, energy, government, and finance.   In fact, attacks against OT protocol rose by…

Read more →

Microsoft has warned that information-stealing attacks are rapidly expanding beyond Windows to target Apple macOS environments using cross-platform languages such as Python.  The software giant’s Defender Security Research Team has observed macOS-targeted infostealer campaigns using social engineering techniques like ClickFix since late 2025 to distribute disk…

Read more →

Cybersecurity spend is projected to reach $183 billion by 2028, but that growth masks a dangerous misconception. Many midmarket organizations equate rising IT budgets with improved security, assuming that broad spending on technology automatically translates to better protection. However, this…

Read more →

A Shopify plugin meant to safeguard privacy did the opposite. For over 100 days, it quietly exposed hundreds of online stores to the kind of risk most businesses dread; data theft, full account takeover, and hijacked ad spend.  Ironically, the…

Read more →

A global police operation has dealt a heavy blow to the pro-Russian cybercrime network dubbed NoName057(16), which has been accused of launching disruptive digital attacks in support of Moscow’s war against Ukraine. Between 14 and 17 July, law enforcement agencies…

Read more →

Every year, the security community attends regional conferences, which offer a combination of educational learning, hands-on training, and the opportunity to meet with new and familiar faces. Steelcon takes place in Sheffield in mid-July. This year, the conference marked its…

Read more →

Cyber attacks are rising. Fast.  In the second quarter of 2025, entities around the world faced an average of 1,984 cyber attacks each week.  This was revealed by new research from Check Point.  That’s a 21% increase from the same…

Read more →

Cybercriminals have found a new way to stay hidden in plain sight. They’re using artificial intelligence to cloak phishing sites, fake stores, and malware traps, shielding them from scanners while still reaching real victims. This was revealed by recent research…

Read more →

The infamous cybercrime group known as Scattered Spider is expanding its playbook, and laying the groundwork long before the breach. New findings from Check Point Research reveal a sprawling infrastructure of more than 500 phishing domains, many designed to impersonate…

Read more →

The ransomware crisis continues to deepen. In the first half of 2025, 3,627 attacks were logged worldwide, a 47% jump from the same period last year. But confirmation remains scarce. According to Comparitech, of those incidents, just 445 were publicly…

Read more →

The biggest threat to your business may no longer be malware or ransomware. It’s your people. Or rather, their identities. Between 2023 and the first quarter of 2025, identity-driven threats surged by 156%, now accounting for 59% of all confirmed…

Read more →

Ingram Micro has confirmed a ransomware attack that has forced systems offline and disrupted core services across its global operations. The breach, first reported as an unexplained outage on 3 July has now been linked to the SafePay ransomware group,…

Read more →

Cloud computing has its perks: speed, scalability, and innovation, to name just a few. However, increasing reliance on cloud computing has changed the threat landscape and created substantial points of vulnerability.   The toxic cloud trilogy of cloud workload risks –…

Read more →

Cybersecurity analyst Jeremiah Fowler has discovered an unprotected Amazon S3 database that wasn’t encrypted or password protected and contained some 27,000 records. The records included highly personal information such as driver’s licenses, Medicaid cards, work statements, and bank statements that…

Read more →

The EU AI Act represents a crucial step towards responsible AI development, deployment, and use of AI in the European Union. However, Lamprini Gyftokosta, Director of Artificial Intelligence and Human Rights at Homo Digitalis, raises serious questions about its effectiveness…

Read more →

A new ransomware gang, Arkana Security, is claiming responsibility for an enormous breach at WideOpenWest (WoW), one of the largest cable operators and ISPs in the US.  The malicious actors boasted they had full backend control and even put a…

Read more →

Silicon Valley security provider AppSOC has branded DeepSeek-R1, one of the latest highly advanced artificial intelligence (AI) models to emerge from China, a “high-risk model unsuitable for enterprise use.” They strongly recommend that enterprises not use the DeepSeek-R1 model provided on…

Read more →