Category: Information Security Buzz

FCC Chairman Brendan Carr has announced the creation of a new Council on National Security within the agency, which he says aims at strengthening US defenses against foreign technology threats — particularly those from China.  According to the FCC, the…

Read more →

As APIs become more integral to both everyday digital services and complex AI systems, concerns over their security are growing — and not without good reason. APIs are the connective tissue of modern software, but without strong governance, they can…

Read more →

The latest threat landscape report from ReliaQuest has unearthed some concerning findings regarding the critical threats faced by the hospitality and recreation sector. These include identifying a 43% increase in ransomware attacks, the discovery that 44% of phishing emails contained…

Read more →

Over 23,000 organizations may be at risk following a supply chain attack affecting tj-actions/changed-files GitHub Action, say researchers at StepSecurity.    GitHub Actions is a CI/CD service that allows developers to automate software builds and testing. Workflows run in response to…

Read more →

A major security flaw has been found in RSA encryption keys used across the internet. Researchers discovered that about one in 172 online certificates are at risk due to a mathematical weakness.  The issue mainly affects Internet of Things (IoT)…

Read more →

In 2024, vulnerability disclosures hit an all-time high, with over 30,000 vulnerabilities recorded in the National Vulnerability Database (NVD). Unfortunately, we can expect these numbers to continue rising as the use of open source, GenAI, and software overall is ever-growing.…

Read more →

In a recent investigation, Tenable researchers explored how DeepSeek, a large language model (LLM) built by a Chinese company, can be exploited to generate malware, including keyloggers and ransomware, despite its initial refusal to engage in harmful activities.  Unlike popular…

Read more →

Microsoft Threat Intelligence has discovered a new variant of XCSSET, a sophisticated modular macOS malware that targets Xcode projects. The malware was found in the wild during routine threat hunting and is the first known XCSSET variant to surface since…

Read more →

Industrial cybersecurity firm Dragos has revealed that a small electric and water utility in Massachusetts was breached by a sophisticated Chinese Advanced Persistent Threat (APT) group for over 300 days.  The attack targeted Littleton Electric Light and Water Departments (LELWD),…

Read more →

OpenAI has officially called on US lawmakers to exempt it from complying with state-level AI regulations, instead urging a unified approach under federal AI rules. It argues that a consistent, nationwide framework is critical to maintain US leadership in AI…

Read more →

The NHS is investigating claims made by a whistleblower regarding a security flaw at Medefer, an online healthcare provider working with the NHS. The whistleblower alleged that a flaw in the company’s application programming interface (API) exposed NHS patient data.…

Read more →

Google’s Threat Analysis Group (TAG) and Mandiant have uncovered a sophisticated espionage campaign linked to China-nexus threat actors, targeting vulnerable Juniper routers used in enterprise and government networks worldwide. This discovery highlights the ongoing risks posed by state-sponsored attacks against…

Read more →

In a joint advisory, US federal agencies have issued a cybersecurity warning about a sharp increase in attacks by Medusa ransomware, urging business leaders and IT teams to act immediately to protect their organizations.  The Federal Bureau of Investigation (FBI),…

Read more →

Kansas-based Sunflower Medical Group disclosed to authorities on 7th March that they had suffered a data breach compromising the personal and confidential information of 220,968 individuals.  In a statement on their website entitled ‘Notice of a Data Security Incident,’ Sunflower provided…

Read more →

Last month, employees at the UK-based engineering firm, Arup, were tricked by a deepfake video of the company’s CFO into transferring $25 million to cybercriminals. This isn’t an anomaly. It’s further proof that social engineering has become cybersecurity’s most costly…

Read more →

New research has revealed that although 86% of employees believe they can confidently identify phishing emails, nearly half have fallen for scams.   The study, conducted by KnowBe4, surveyed professionals in the UK, USA, Germany, France, Netherlands, and South Africa and…

Read more →

The House of Representatives has passed a bill that mandates contractors working with the federal government implement vulnerability disclosure policies (VDPs) in alignment with NIST guidelines.    The Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025, introduced by Chairwoman Nancy Mace…

Read more →

Elon Musk confirmed yesterday that social media platform X was hit by a “massive cyberattack” affecting users since Monday, causing issues like the inability to view posts or profiles properly. “There was (still is) a massive cyberattack against ,” he…

Read more →

A phishing email pretending to be from Binance, offering people the chance to claim newly created TRUMP coins, has turned out to be a phishing lure.   Cofense is warning that if victims follow the email’s instructions and download what is…

Read more →

YouTube was forced to release a statement last week warning users that fraudulent artificial intelligence (AI)- generated videos depicting their CEO Neal Mohan announcing changes in monetization were in circulation. The deepfake videos were sent out as private videos to…

Read more →