Category: Information Security Buzz

Storytelling is one of the most ancient and effective forms of human teaching. Just like prehistoric tales warned of the perils lurking in the wild, modern narratives can teach people about the perils lurking in cyberspace. We recently sat down…

Read more →

The growing momentum behind business innovation, particularly in the realm of AI and data, is increasingly driving how businesses operate, invest, and deliver value. Whilst this may not appear different from previous years, the proliferation of new technologies and tools…

Read more →

The Russia-linked threat actor known as Seashell Blizzard has assigned one of its subgroups to gain initial access to internet-facing infrastructure and establish long-term persistence within targeted entity, a Microsoft report has revealed.  Also dubbed APT44, BlackEnergy Lite, Sandworm, Telebots,…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a new Secure by Design Alert warning about the risks posed by buffer overflow vulnerabilities in software.   The alert, titled “Eliminating Buffer Overflow Vulnerabilities,”…

Read more →

Small and medium-sized businesses are highly vulnerable to Business Email Compromise (BEC) attacks. Threat actors are evolving, exploiting human error and trust while leveraging automation tools and AI. To shed light on this evolving threat, Information Security Buzz spoke with…

Read more →

In the short time since its debut, DeepSeek has made waves in the AI industry, garnering praise as well as scrutiny. The model’s meteoric rise has fueled debate over its claimed efficiency, intellectual property worries, and its general reliability and…

Read more →

Ransomware payments decreased by 35.82% year-over-year (YoY) in 2024, research from Chainalysis has revealed. The blockchain analytics company attributes much of this decrease to increased law enforcement actions, improved international collaboration, and a growing refusal of victims to pay.   While,…

Read more →

The UK and the US have opted not to sign an international agreement on artificial intelligence (AI) at a global summit held in Paris. The declaration—endorsed by multiple countries including France, China, and India—commits to an “open,” “inclusive,” and “ethical”…

Read more →

As IT environments grow increasingly complex, the necessity for advanced security measures at the endpoint level has never been more critical. This year will bring a wave of new challenges and opportunities in cybersecurity. Two prominent trends that will shape…

Read more →

Cybercriminals are rapidly evolving their tactics for exploiting large language models (LLMs), with recent evidence showing a surge in LLMjacking incidents. Since Sysdig TRT first discovered LLMjacking in May 2024,  it says attackers have continuously adapted, targeting new models such…

Read more →

Organizations are increasingly prioritizing compliance due to recent regulatory requirements, such as those from the US Government regarding the sale of software to the US government and the EU’s Digital Operational Resilience Act (DORA).   This was one of the findings…

Read more →

Sectigo has introduced Sectigo PQC Labs, a testing platform developed in collaboration with Crypto4A, a provider of quantum-safe Hardware Security Modules (HSMs).   The platform aims to help companies prepare for the transition to post-quantum cryptography (PQC) by offering a secure…

Read more →

The software industry is full of surprises. From development to user experience, it`s a vast avenue of innovations, problem-solving, and security hurdles, driving to create a better and reliable digital landscape for everyone. We spoke with Paul Davis, Field CISO at JFrog,…

Read more →

Morphisec Threat Labs has uncovered cunning new delivery techniques used by ValleyRAT, a sophisticated multi-stage malware attributed to the Silver Fox APT.   The malware, which primarily targets key roles in finance, accounting, and sales, has evolved with updated tactics, techniques,…

Read more →

For long-time cybersecurity industry veterans, we’re in an age that once we never thought possible; cybersecurity has moved from a backroom, “IT-only” relegation to a top-of-mind business objective. Right where we always thought it should be. However, this new era…

Read more →

A recent security analysis conducted by Qualys, using its AualysTotalAI solution, has raised significant concerns about DeepSeek-RI’s risks, particularly in enterprise and regulatory settings.  The newly released large language model (LLM) has captured global attention with its promise of high…

Read more →

Malware designed to steal credentials from password stores now accounts for 25% of all malware activity—a dramatic threefold increase in this type of threat.  This was one of the findings of Picus Security’s annual cybersecurity analysis, The Red Report 2025.…

Read more →

2024 was a brutal year for data security, with some of the world’s biggest companies suffering breaches that exposed millions of sensitive records.   The attacks were carried out by well-known cybercriminal groups, including Alphv/BlackCat, Qilin, and Rhysida, and shone a…

Read more →

As the UK government rolls out its ambitious AI Opportunity Action Plan to enable greater implementation of new technologies to boost economic growth, it faces a critical challenge: ensuring every industry is prepared for this seismic shift.  Interestingly, both UK…

Read more →

A new threat actor, dubbed Tangerine Turkey by Red Canary’s intelligence team, is attracting attention thanks to its sophisticated use of a Visual Basic Script (VBScript) worm that delivers a crypto mining payload.   First seen in November last year, Tangerine…

Read more →