Category: Information Security Buzz

Cybersecurity researchers at VulnCheck have exposed internal conversations between members of the Black Basta ransomware group, revealing rare insights into the groups’ tactics and actionable advice for cybersecurity defenders. The key takeaway? Black Basta generally prioritizes known weaknesses.   Extensive Use…

Read more →

Defense Secretary Pete Hegseth has ordered U.S. Cyber Command to halt all planning against Russia, including offensive digital operations, The Record reports.  The directive, issued towards the end of last week to Cyber Command chief General Timothy Haugh, heralds a…

Read more →

Eighty-six percent of commercial codebases contain vulnerabilities, with 81% harboring high-or-critical-risk vulnerabilities, new research from Black Duck has revealed.   The 2025 Open Source Security and Risk Analysis (OSSRA) report drives home the massive risk posed by outdated and unmonitored open-source…

Read more →

Microsoft has amended recent civil litigation to name key developers of malicious tools designed to bypass AI safeguards, including those in Azure OpenAI Service.   The legal action targets four individuals—Arian Yadegarnia (Iran), Alan Krysiak (UK), Ricky Yuen (Hong Kong), and…

Read more →

Notorious ransomware gang Qilin has claimed responsibility for the 3 February attack on Lee Enterprises, an American media company.  On its data leak site, Qilin claimed to have stolen 350 GB of data, including “investor records, financial arrangements that raise…

Read more →

The landscape of cybersecurity threats presents increasingly dire challenges for organisations worldwide. According to IBM’s 2024 Cost of a Data Breach Report, the global average cost of a data breach has reached an all-time high of $4.88 million, representing a…

Read more →

The Cleveland Municipal Court, including Cleveland Housing Court, will remain closed today, one week after it was hit by a cyber event.  On its Facebook page on 24 February, it said it is currently investigating a cyber incident. Although it…

Read more →

While cybersecurity threats dominate discussions about data protection, physical access security remains a critical, often overlooked aspect of safeguarding data centers. Even the most advanced firewalls and encryption protocols cannot prevent a breach if unauthorized people can directly access servers,…

Read more →

Check Point Research (CPR) has uncovered a sophisticated cyber campaign leveraging a vulnerable Windows driver to disable security protections, evade detection, and deploy malicious payloads.  They identified a large-scale, ongoing attack campaign that abuses a legacy version of the Truesight.sys…

Read more →

The inaugural International AI Safety Report provides a comprehensive insight into General-purpose AI’s current state, future potential, and associated risks. General-purpose AI refers to AI models or systems that can perform a wide variety of tasks, as opposed to Specialized…

Read more →

Windows CE, a decades-old operating system originally designed for embedded systems, remains a crucial component of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) environments.  However, despite its widespread use in human-machine interfaces (HMI), kiosks, and even…

Read more →

Vast numbers of misconfigured Access Management Systems (AMS) across the globe are exposed to the public Internet, researchers from Internet Index Search Solution provider Modat have revealed.  The vulnerabilities, which span a wide range of industries—including critical sectors like construction,…

Read more →

Researchers at Palo Alto Networks have identified a new Linux malware strain dubbed Auto-Color, which uses cunning, advanced stealth techniques to slip through the security nets and maintain persistence on compromised systems.   The malware, first detected in early November last…

Read more →

At a time when artificial intelligence (AI) is reshaping cybersecurity, conventional approaches to passwords and endpoint management are increasingly vulnerable. AI-powered threats are rapidly evolving, leveraging automation and deep learning to crack passwords, slip past authentication measures, and exploit weaknesses…

Read more →

The Trump administration is set to significantly weaken the CHIPS Act by terminating hundreds of employees at the National Institute of Standards and Technology (NIST), the agency responsible for administering the semiconductor incentive program.    President Biden signed the bipartisan CHIPS…

Read more →

Cybersecurity researchers at SentinelLABS have uncovered a new campaign linked to the long-running Ghostwriter operation, targeting Belarusian opposition activists and Ukrainian military and government entities.   The campaign, which entered its active phase in late 2024, is ongoing, with recent malware…

Read more →

AI has become stronger each year as more industries adopt this technology. Superintelligence is on the horizon, so industry professionals must be one step ahead through superalignment. How could U.S. regulations factor into the equation? Here’s what you should know…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has issued a joint Cybersecurity Advisory on Ghost (Cring) ransomware.   The advisory, titled #StopRansomware: Ghost…

Read more →

A botnet made up of more than 130,000 compromised devices is conducting large-scale password-spraying attacks against M365 accounts, exploiting non-interactive sign-ins with Basic Authentication.   This method lets malicious actors bypass modern login protections, evade multi-factor authentication (MFA) enforcement, and remain…

Read more →

Cisco Talos has been actively tracking reports of extensive intrusion attempts targeting multiple major U.S. telecommunications companies. First identified in late 2024 and subsequently confirmed by the US government, this activity is attributed to a highly advanced threat actor known…

Read more →