Category: Information Security Buzz

Smiths Group, a multinational engineering business, has disclosed a data breach. The company, which is based in London but employees more than 15,000 people in over 50 countries, published a filing to the London Stock Exchange (LSE) on Tuesday saying…

Read more →

Malicious actors have exploited the rising popularity of DeepSeek AI to distribute two malicious infostealer packages through the Python Package Index (PyPI), impersonating legitimate developer tools for the AI platform.   Researchers at Positive Technologies discovered and reported the campaign, which…

Read more →

CISOs today must decide what is an acceptable risk to their organization. It’s an impossible equation to solve as enterprise attack surfaces are rapidly expanding, necessitating the need for a modernized approach to risk assessment. The most forward-thinking CISOs use…

Read more →

The average time it takes for an attacker to move laterally after gaining initial access – known as breakout time – has plummeted to just 48 minutes, new research from ReliaQuest has revealed.   These results represent a 2% increase in…

Read more →

Security leaders often have a narrow view of human-element breaches, thinking of them as either social engineering or human error, but there’s more to it than that. Breaches that start with a person can be divided into broader categories, including…

Read more →

On January 17TH, 2025, the EU’s Digital Operational Resilience Act (DORA) came into effect. However, a recent survey of 200 UK CISOs from Censuswide found that 43% of the UK financial services industry will miss this compliance deadline despite facing…

Read more →

The US Department of Justice (DoJ) and the Dutch National Police have seized 39 domains linked to a Pakistan-based cybercrime network operated by a group known as Saim Raza, or HeartSender. The sites sold malicious tools to transnational organized crime…

Read more →

As artificial intelligence (AI) continues to transform industries, governments worldwide are racing to implement regulations that ensure its safe and ethical use.   From the EU AI Act to the White House’s Executive Order 14110 on AI, new frameworks set new…

Read more →

In the cybersecurity industry, we tend to look forward. And for good reason: cybersecurity is one of the fastest-moving, most dynamic fields out there. Staying in the fight against cybercriminals relies utterly on not just keeping up with the latest…

Read more →

Global zero-day incidents often reveal the vulnerability of organizations to risks originating from third-party resources. These moments are wake-up calls, highlighting the need for effective third-party risk management (TPRM). However, responding to such events is rarely straightforward. Identifying affected third…

Read more →

API attack traffic rose by 681% over a 12-month period, far outpacing the 321% increase in overall API call volume – a dramatic surge that highlights threat actors’ growing focus on APIs as attack vectors.  This was one of the…

Read more →

Chinese artificial intelligence (AI) startup DeepSeek, which has taken the market by storm, has temporarily limited new user registrations following a large-scale cyberattack that disrupted its services.   According to Reuters, the attack coincided with the company’s AI assistant becoming the…

Read more →

Every year, 28 January marks Data Privacy Day, a global event dedicated to championing the importance of data protection and privacy in our increasingly digital, connected world.   Established by the Council of Europe in 2006, this day commemorates the anniversary…

Read more →

In a newly discovered phishing campaign, malicious actors are using malicious PDF files to target mobile device users in potentially more than 50 countries.   Dubbed the “PDF Mishing Attack,” the campaign exploits the widespread trust in PDFs as a secure…

Read more →

The Federal Trade Commission (FTC) has filed a complaint that GoDaddy has violated Section 5 of the FTC Act pertaining to “unfair methods of competition” through “unfair or deceptive acts or practices.” The complaint details how GoDaddy’s failure to implement…

Read more →

Containerization technologies have transformed how applications are built, deployed, and managed. From speeding up production cycles to enabling seamless scalability, they have become the backbone of mission-critical enterprise applications. Gartner predicts that by 2027, 90% of global organizations will run…

Read more →

At the conclusion of each calendar year, organizations and observers across all industries try to put forward predictions on what the new year might hold, and we at Thales were no exception. In the latest episode of our Thales Security…

Read more →

Age verification laws for adult websites have led to a dramatic surge in VPN usage across the United States, research from vpnMentor’s Cybersecurity and Research Lab has revealed. The research brings into question the efficacy of these laws as users…

Read more →

Enterprises want it all, and they want it now – or at least within a few seconds. They want the benefits that GenAI can bring, like fast content and strategic advice based on data inputs. It’s not surprising that GenAI…

Read more →

Code Intelligence has started 2025 with a bang and captured the interest of the cybersecurity community by announcing ‘Spark,’ their new AI Test Agent, ahead of a launch party later this month. Influential AI-automated software testing company Code Intelligence has…

Read more →