Category: Information Security Buzz

Malware designed to steal credentials from password stores now accounts for 25% of all malware activity—a dramatic threefold increase in this type of threat.  This was one of the findings of Picus Security’s annual cybersecurity analysis, The Red Report 2025.…

Read more →

2024 was a brutal year for data security, with some of the world’s biggest companies suffering breaches that exposed millions of sensitive records.   The attacks were carried out by well-known cybercriminal groups, including Alphv/BlackCat, Qilin, and Rhysida, and shone a…

Read more →

As the UK government rolls out its ambitious AI Opportunity Action Plan to enable greater implementation of new technologies to boost economic growth, it faces a critical challenge: ensuring every industry is prepared for this seismic shift.  Interestingly, both UK…

Read more →

A new threat actor, dubbed Tangerine Turkey by Red Canary’s intelligence team, is attracting attention thanks to its sophisticated use of a Visual Basic Script (VBScript) worm that delivers a crypto mining payload.   First seen in November last year, Tangerine…

Read more →

Smiths Group, a multinational engineering business, has disclosed a data breach. The company, which is based in London but employees more than 15,000 people in over 50 countries, published a filing to the London Stock Exchange (LSE) on Tuesday saying…

Read more →

Malicious actors have exploited the rising popularity of DeepSeek AI to distribute two malicious infostealer packages through the Python Package Index (PyPI), impersonating legitimate developer tools for the AI platform.   Researchers at Positive Technologies discovered and reported the campaign, which…

Read more →

CISOs today must decide what is an acceptable risk to their organization. It’s an impossible equation to solve as enterprise attack surfaces are rapidly expanding, necessitating the need for a modernized approach to risk assessment. The most forward-thinking CISOs use…

Read more →

The average time it takes for an attacker to move laterally after gaining initial access – known as breakout time – has plummeted to just 48 minutes, new research from ReliaQuest has revealed.   These results represent a 2% increase in…

Read more →

Security leaders often have a narrow view of human-element breaches, thinking of them as either social engineering or human error, but there’s more to it than that. Breaches that start with a person can be divided into broader categories, including…

Read more →

On January 17TH, 2025, the EU’s Digital Operational Resilience Act (DORA) came into effect. However, a recent survey of 200 UK CISOs from Censuswide found that 43% of the UK financial services industry will miss this compliance deadline despite facing…

Read more →

The US Department of Justice (DoJ) and the Dutch National Police have seized 39 domains linked to a Pakistan-based cybercrime network operated by a group known as Saim Raza, or HeartSender. The sites sold malicious tools to transnational organized crime…

Read more →

As artificial intelligence (AI) continues to transform industries, governments worldwide are racing to implement regulations that ensure its safe and ethical use.   From the EU AI Act to the White House’s Executive Order 14110 on AI, new frameworks set new…

Read more →

In the cybersecurity industry, we tend to look forward. And for good reason: cybersecurity is one of the fastest-moving, most dynamic fields out there. Staying in the fight against cybercriminals relies utterly on not just keeping up with the latest…

Read more →

Global zero-day incidents often reveal the vulnerability of organizations to risks originating from third-party resources. These moments are wake-up calls, highlighting the need for effective third-party risk management (TPRM). However, responding to such events is rarely straightforward. Identifying affected third…

Read more →

API attack traffic rose by 681% over a 12-month period, far outpacing the 321% increase in overall API call volume – a dramatic surge that highlights threat actors’ growing focus on APIs as attack vectors.  This was one of the…

Read more →

Chinese artificial intelligence (AI) startup DeepSeek, which has taken the market by storm, has temporarily limited new user registrations following a large-scale cyberattack that disrupted its services.   According to Reuters, the attack coincided with the company’s AI assistant becoming the…

Read more →

Every year, 28 January marks Data Privacy Day, a global event dedicated to championing the importance of data protection and privacy in our increasingly digital, connected world.   Established by the Council of Europe in 2006, this day commemorates the anniversary…

Read more →

In a newly discovered phishing campaign, malicious actors are using malicious PDF files to target mobile device users in potentially more than 50 countries.   Dubbed the “PDF Mishing Attack,” the campaign exploits the widespread trust in PDFs as a secure…

Read more →

The Federal Trade Commission (FTC) has filed a complaint that GoDaddy has violated Section 5 of the FTC Act pertaining to “unfair methods of competition” through “unfair or deceptive acts or practices.” The complaint details how GoDaddy’s failure to implement…

Read more →

Containerization technologies have transformed how applications are built, deployed, and managed. From speeding up production cycles to enabling seamless scalability, they have become the backbone of mission-critical enterprise applications. Gartner predicts that by 2027, 90% of global organizations will run…

Read more →