Category: www.infosecurity-magazine.com

Barracuda observed a big spike in spam emails generated using AI tools, making up the majority detected in April 2025 This article has been indexed from www.infosecurity-magazine.com Read the original article: AI Now Generates Majority of Spam and Malicious Emails

Read more →

Upgraded GodFather banking malware now uses on-device virtualization to hijack apps, enabling real-time fraud This article has been indexed from www.infosecurity-magazine.com Read the original article: GodFather Malware Upgraded to Hijack Legitimate Mobile Apps

Read more →

ClickFix techniques are enabling threat actors to bypass defenses using tools like MSHTA, says ReliaQuest This article has been indexed from www.infosecurity-magazine.com Read the original article: ClickFix Helps Infostealers Use MHSTA for Defense Evasion

Read more →

The new Cyber Growth Action Plan aims to support the UK’s cyber industry, including the development of innovative new technologies and startups This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Government Publishes Plan to Boost Cyber…

Read more →

The group positions itself “not just as a ransomware group, but as a full-service cybercrime platform”, according to Cybereason This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware Group Qilin Offers Legal Counsel to Affiliates

Read more →

Payment processor Paddle has agreed to settle with the FTC over allegations related to tech support scams This article has been indexed from www.infosecurity-magazine.com Read the original article: Paddle Pays $5m to Settle Tech Support Scam Allegations

Read more →

New SEO poisoning attacks identified, using Hacklink to hijack search rankings and inject malicious links into sites This article has been indexed from www.infosecurity-magazine.com Read the original article: Hacklink Marketplace Fuels Surge in Covert SEO Poisoning Attacks

Read more →

23andMe has been fined over £2m by the UK ICO for failing to adequately protect genetic data This article has been indexed from www.infosecurity-magazine.com Read the original article: UK ICO Fines 23andMe £2.3m for Data Protection Failings

Read more →

Phishing campaign targeting Taiwan has been identified, using tax-themed emails and malware like Winos and HoldingHands This article has been indexed from www.infosecurity-magazine.com Read the original article: Taiwan Hit by Sophisticated Phishing Campaign

Read more →

WatchTowr has found three vulnerabilities in the Sitecore Experience Platform, used by HSBC and L’Oréal This article has been indexed from www.infosecurity-magazine.com Read the original article: Chained Flaws in Enterprise CMS Provider Sitecore Could Allow Remote Code Execution

Read more →

Microsoft’s Sovereign Cloud solutions are designed to ensure European cloud data is stored and processed in Europe This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Promises to Keep European Cloud Data in Europe

Read more →

New City of London Police data reveals British men and women lost over £100m to romance fraudsters in 2024 This article has been indexed from www.infosecurity-magazine.com Read the original article: Brits Lose £106m to Romance Fraud in a Year

Read more →

Cyber-attacks using HijackLoader and DeerStealer have been identified exploiting phishing tactics via ClickFix This article has been indexed from www.infosecurity-magazine.com Read the original article: Threat Actors Target Victims with HijackLoader and DeerStealer

Read more →

Operation DEEP Sentinel has shut down Archetyp Market, the longest-running dark web drug marketplace This article has been indexed from www.infosecurity-magazine.com Read the original article: Archetyp Market Shut Down in Europe-wide Law Enforcement Operation

Read more →

Nessus users should update patches as soon as possible This article has been indexed from www.infosecurity-magazine.com Read the original article: Tenable Fixes Three High-Severity Flaws in Vulnerability Scanner Nessus

Read more →

Trend Micro identified a novel “wipe mode” included in Anubis ransomware to prevent file recovery, increasing pressure on victims to give in to demands This article has been indexed from www.infosecurity-magazine.com Read the original article: Anubis Ransomware Adds File-Wiping Capability

Read more →

Some 36% of Grafana instances are vulnerable to account takeover bug, putting DevOps teams at risk This article has been indexed from www.infosecurity-magazine.com Read the original article: Over a Third of Grafana Instances Exposed to XSS Flaw

Read more →

Canadian airline WestJet is investigating a cyber-attack that struck on June 13 This article has been indexed from www.infosecurity-magazine.com Read the original article: WestJet Investigates Cyber-Attack Impacting Customers

Read more →

Jen Easterly and Ciaran Martin called for a universal, vendor-neutral cyber threat actor naming system This article has been indexed from www.infosecurity-magazine.com Read the original article: Former CISA and NCSC Heads Warn Against Glamorizing Threat Actor Names

Read more →

This is the first forensic evidence that journalists’ devices have been infected with Paragon’s Graphite spyware This article has been indexed from www.infosecurity-magazine.com Read the original article: European Journalists Targeted by Paragon Spyware, Citizen Lab Confirms

Read more →

A CISA advisory urged all software vendors and downstream customers to check if they are impacted by unpatched versions of the SimpleHelp RMM tool This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware Gang Exploits SimpleHelp RMM…

Read more →

Researchers have found a flaw in Microsoft 365 Copilot that allows the exfiltration of sensitive corporate data with a simple email This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft 365 Copilot: New Zero-Click AI Vulnerability Allows…

Read more →

The cybersecurity provider also implemented recent fixes in Chromium that affected its Prisma Access Browser This article has been indexed from www.infosecurity-magazine.com Read the original article: Palo Alto Networks Patches Series of Vulnerabilities

Read more →

The new NIST guidance sets out 19 example implementations of zero trust using commercial, off-the-shelf technologies This article has been indexed from www.infosecurity-magazine.com Read the original article: NIST Publishes New Zero Trust Implementation Guidance

Read more →

Europol warns of “vicious circle” of data breaches and cybercrime This article has been indexed from www.infosecurity-magazine.com Read the original article: Europol Says Criminal Demand for Data is “Skyrocketing”

Read more →

Erie Insurance reveals suspected network breach and ongoing outage This article has been indexed from www.infosecurity-magazine.com Read the original article: Phishing Alert as Erie Insurance Reveals Cyber “Event”

Read more →

The legislation aims to expand the federal government’s role in helping healthcare providers protect and respond to cyber-attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Congress Introduces Bill to Strengthen Healthcare Cybersecurity

Read more →

Interpol-coordinated Operation Secure led to 32 arrests, including the suspected ringleader of a cybercriminal organization This article has been indexed from www.infosecurity-magazine.com Read the original article: 20,000 Asian IPs and Domains Dismantled in Infostealer Crackdown

Read more →

An ISC2 study found that 90% of security hiring managers would consider entry-level candidates with only previous IT work experience This article has been indexed from www.infosecurity-magazine.com Read the original article: Hands-On Skills Now Key to Landing Your First Cyber…

Read more →

The products affected by the issues are part of the Salesforce OmniStudio suite, including FlexCards and Data Mappers This article has been indexed from www.infosecurity-magazine.com Read the original article: Researcher Finds Five Zero-Days and 20+ Misconfigurations in Salesforce Cloud

Read more →

Malwarebytes claims 44% of mobile users are exposed to scams every day This article has been indexed from www.infosecurity-magazine.com Read the original article: Half of Mobile Users Now Face Daily Scams

Read more →

Microsoft has patched two zero days this month, one of which is being exploited in the wild This article has been indexed from www.infosecurity-magazine.com Read the original article: Two Microsoft Zero-Days for Admins to Fix in June Patch Tuesday

Read more →

Microsoft has patched two zero days this month, one of which is being exploited in the wild This article has been indexed from www.infosecurity-magazine.com Read the original article: Two Microsoft Zero Days for Admins to Fix in June Patch Tuesday

Read more →

Android Enterprise has introduced features for mobile security, device management and user productivity in its latest update This article has been indexed from www.infosecurity-magazine.com Read the original article: Android Enterprise Rolls Out Security and Productivity Updates

Read more →

A ransomware attack on Mastery Schools, Philadelphia, has compromised personal information of 37,031 individuals, exposing sensitive data This article has been indexed from www.infosecurity-magazine.com Read the original article: Mastery Schools Notifies 37,031 of Major Data Breach

Read more →

The financial sector was the industry most targeted by distributed denial-of-service (DDoS) attacks in 2024, with a peak in October This article has been indexed from www.infosecurity-magazine.com Read the original article: DDoS Attacks on Financial Sector Surge in Scale and…

Read more →

SentinelOne revealed details of two new intrusion attempts by China-nexus actors This article has been indexed from www.infosecurity-magazine.com Read the original article: SentinelOne Warns Cybersecurity Vendors of Chinese Attacks

Read more →

UNFI says it is investigating unauthorized network activity, and that some operations are affected This article has been indexed from www.infosecurity-magazine.com Read the original article: Wholesale Food Giant UNFI Admits Security Breach

Read more →

New PathWiper malware targeted Ukrainian critical infrastructure, using legitimate tools for cyber-attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: New Wiper Malware Targets Ukrainian Infrastructure

Read more →

Vulnerability in PayU CommercePro plugin allows account hijacking on thousands of WordPress sites This article has been indexed from www.infosecurity-magazine.com Read the original article: PayU Plugin Flaw Allows Account Takeover on 5000 WordPress Sites

Read more →

A new Trump Executive Order limits the use of cybersecurity-related sanctions only against foreign malicious actors This article has been indexed from www.infosecurity-magazine.com Read the original article: Trump Administration Revises Cybersecurity Rules, Replaces Biden and Obama Orders

Read more →

The Justice Department has filed a civil forfeiture complaint alleging North Korean IT workers amassed $7m+ This article has been indexed from www.infosecurity-magazine.com Read the original article: US Tries to Claw Back $7m Taken by North Korean IT Workers

Read more →

The FBI says mainly Chinese-made IoT devices pose a threat from Badbox 2.0 malware This article has been indexed from www.infosecurity-magazine.com Read the original article: FBI Warns Smart Home Users of Badbox 2.0 Botnet Threat

Read more →

The ransomware group combines IT vendor impersonation and phishing frameworks like Evilginx to breach its targets This article has been indexed from www.infosecurity-magazine.com Read the original article: Scattered Spider Uses Tech Vendor Impersonation and Phishing Kits to Target Helpdesks

Read more →

Experts at Infosecurity Europe 2025 highlighted a range of major industry trends, from advanced social engineering techniques to vulnerability exploits This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Top Six Cyber Trends CISOs Need to Know

Read more →

2017 ransomware attack on shipping company A P Moller Maersk marked a turning point for the cybersecurity industry, according to its former CISO Adam Banks This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Cybersecurity Lessons From…

Read more →

Engagement with ransomware actors doesn’t necessarily mean payment; it’s about getting the best outcomes, a leading negotiator had argued This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Ransomware Victims Urged to Engage to Take Back Control

Read more →

During Infosecurity Europe 2025, Nick Woodcraft, from the UK Government, shared his experience in implementing measures to protect domains within the .gov.uk DNS namespace This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: DNS Hijacking, A Major…

Read more →

A panel of CISOs at Infosecurity Europe urged their peers to use risk management and clear communication to tame a chaotic cyber landscape This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Know Your Audience to Make…

Read more →

Sophisticated nation-state and cybercriminal groups are using insiders to infect targets via hardware devices, despite a lack of reporting of this threat This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Threat Actors Weaponizing Hardware Devices to…

Read more →

Malicious actors are making more use of AI in attacks, even as governments look to boost AI investments This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Defenders and Attackers are Locked in an AI Arms Race

Read more →

At Infosecurity Europe 2025, Axonius’ Jon Ridyard proposed seven best practices to build mature vulnerability management processes This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Seven Steps to Building a Mature Vulnerability Management Program

Read more →

Endpoint and network security is still essential, even as malicious actors turn to supply chains, identities and AI This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Securing Endpoints is Still Vital Amid Changing Threats

Read more →

Moving to cloud-native architecture and modern platforms is allowing enterprises to automate operations and improve security This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025 Cloud-Native Technology Prompts New Security Approaches

Read more →

Experts argue the case for “communities of support” to boost SMB cyber-resilience This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Cybersecurity Support Networks Too Fragmented for SMBs, Say Experts

Read more →

Experts argue that CISOs should avoid product duplication and simplify their language to ensure budget is spent wisely This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Simplicity Should Guide Cybersecurity Purchasing Decisions

Read more →

Agentic AI systems could threaten security and data privacy, unless organizations test each model and component This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Concern Grows Over Agentic AI Security Risks

Read more →

The attacks on UK retailers are “a wake-up call” for the industry, said River Island’s Information Security Officer This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: UK Retail Hack Was ‘Subtle, Not Complex,’ Says River Island…

Read more →

A phishing campaign spoofing Booking.com has been observed targeting hospitality sector, using ClickFix to install malware This article has been indexed from www.infosecurity-magazine.com Read the original article: Phishing Campaign Uses Fake Booking.com Emails to Deliver Malware

Read more →

Sophos has uncovered a scheme planting malicious code in 130+ GitHub repositories, targeting hackers and gamers This article has been indexed from www.infosecurity-magazine.com Read the original article: Widespread Campaign Targets Cybercriminals and Gamers

Read more →

Stolen devices are a bigger cause of data loss than stolen credentials or ransomware, according to a new Blancco study This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Device Theft Causes More Data Loss Than Ransomware

Read more →

Startups at Infosecurity Europe focus on attack surface management and improving security data, even as some new vendors avoid AI-led marketing This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Startups Focus on Visibility and Governance, not…

Read more →

Rapid7 found that 56% of all compromises in Q1 2025 resulted from the theft of valid account credentials with no MFA in place This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Majority of Compromises Caused by…

Read more →

Resellers and channel partners can add value, fill gaps in security teams and offer expertise in niche markets This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Channel Bridges Security Skills Gap

Read more →

Effective cybersecurity played a key role Ukraine drone attack on Russian strategic bombers, a leading government security expert has claimed This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Good Cybersecurity Enabled Ukraine’s Surprise Attack on Russia,…

Read more →

CISA is facing $495m budget cut, losing 1000 employees and reducing staff to 2324 This article has been indexed from www.infosecurity-magazine.com Read the original article: Trump Budget Plan to Cut Nearly 1000 Jobs at Cyber Agency CISA

Read more →

CISOs should demand more of their vendors and use regulation as an ally to persuade board members to accelerate the transition to post-quantum safety This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Demand More of Your…

Read more →

Malware campaign used fake DocuSign pages to deploy NetSupport RAT through clipboard manipulation This article has been indexed from www.infosecurity-magazine.com Read the original article: Fake Docusign Pages Deliver Multi-Stage NetSupport RAT Malware

Read more →

Abnormal AI found that engagement rates with VEC attacks globally is “worrisomely high”, overtaking BEC in the EMEA region This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: VEC Attacks Alarmingly Effective at Driving Engagement

Read more →

Risk Ledger found that 90% of UK professionals view supply chain cyber incidents as a top concern for 2025 This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Half of Firms Suffer Two Supply Chain Incidents in…

Read more →

Two local information disclosure flaws in Linux crash-reporting tools have been identified exposing system data to attackers This article has been indexed from www.infosecurity-magazine.com Read the original article: New Linux Vulnerabilities Expose Password Hashes via Core Dumps

Read more →

A new malware campaign targeting Windows and Linux systems has been identified, deploying tools for evasion and credential theft This article has been indexed from www.infosecurity-magazine.com Read the original article: Sophisticated Malware Campaign Targets Windows and Linux Systems

Read more →

Wiz finds new threat group running cryptojacking campaign via exploited and misconfigured DevOps assets This article has been indexed from www.infosecurity-magazine.com Read the original article: Cryptojacking Campaign Targets DevOps Servers Including Nomad

Read more →

Semperis will host an immersive ransomware simulation focused on water utilities during Infosecurity Europe 2025 This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Ransomware Drill to Spotlight Water Utility Cyber Risks in ‘Operation 999’

Read more →

A report on the dark web marketplace Russian Market showed Acreed has emerged as the leading infostealer This article has been indexed from www.infosecurity-magazine.com Read the original article: Acreed Emerges as Dominant Infostealer Threat Following Lumma Takedown

Read more →

Dutch, US and Finnish investigators have taken cybercrime service AVCheck offline This article has been indexed from www.infosecurity-magazine.com Read the original article: Dutch Police Lead Shut Down of Counter AV Service AVCheck

Read more →

Australian firms with an annual turnover of AUS $3m are now required to report any payments to ransomware groups to authorities This article has been indexed from www.infosecurity-magazine.com Read the original article: Mandatory Ransomware Payment Disclosure Begins in Australia

Read more →

Five major banking associations in the US claim the new SEC cyber incident disclosure rule puts a strain on their resources This article has been indexed from www.infosecurity-magazine.com Read the original article: US Banks Urge SEC to Repeal Cyber Disclosure…

Read more →

The FBI provided details of Funnull’s malicious activities, selling infrastructure to criminal groups to facilitate cryptocurrency fraud in the US This article has been indexed from www.infosecurity-magazine.com Read the original article: FBI Flags Philippines Tech Company Behind Crypto Scam Infrastructure

Read more →

The UK MoD has unveiled a new Cyber and Electromagnetic Command, which will focus on offensive cyber operations and “electromagnetic warfare” capabilities This article has been indexed from www.infosecurity-magazine.com Read the original article: UK MoD Launches New Cyber Warfare Command

Read more →

Security teams should use vulnerability context alongside KEV lists to prioritize patching, OX argued This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Urged to Enrich KEV Catalog with More Contextual Data

Read more →

The firm’s remote monitoring management tool, ScreenConnect, has reportedly been patched This article has been indexed from www.infosecurity-magazine.com Read the original article: ConnectWise Confirms Hack, “Very Small Number” of Customers Affected

Read more →

Fullscreen Browser-in-the-Middle attacks are making it harder for users to detect malicious websites This article has been indexed from www.infosecurity-magazine.com Read the original article: New Browser Exploit Technique Undermines Phishing Detection

Read more →

Fortinet has identified a new Windows RAT operating stealthily on compromised systems with advanced evasion techniques This article has been indexed from www.infosecurity-magazine.com Read the original article: Malware Analysis Reveals Sophisticated RAT With Corrupted Headers

Read more →

A threat actor has used ASUS routers’ legitimate features to create persistent backdoors that survive firmware updates and reboots This article has been indexed from www.infosecurity-magazine.com Read the original article: Thousands of ASUS Routers Hijacked in Stealthy Backdoor Campaign

Read more →

A new EY report found that cybersecurity teams are a major vehicle for business growth, and CISOs should push for a seat at the top table This article has been indexed from www.infosecurity-magazine.com Read the original article: Cybersecurity Teams Generate…

Read more →

EasyDMARC found that just 7.7% of the world’s top 1.8 million email domains have implemented the most stringent DMARC policy This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Over 90% of Top Email Domains Vulnerable to…

Read more →

Two NHS England trusts could see highly sensitive patient records exposed This article has been indexed from www.infosecurity-magazine.com Read the original article: Ivanti Vulnerability Exploit Could Expose UK NHS Data

Read more →

A spoofed Bitdefender site has been used in a malicious campaign distributing VenomRAT and other malware, according to DomainTools This article has been indexed from www.infosecurity-magazine.com Read the original article: Fake Bitdefender Site Spreads Trio of Malware Tools

Read more →

This is the first time Czech authorities have officially called out a nation-state over a cyber-attack This article has been indexed from www.infosecurity-magazine.com Read the original article: Czech Republic Accuses China of Government Hack

Read more →

A flaw in OneDrive File Picker has exposed millions to data overreach through excessive OAuth permissions This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft OneDrive Flaw Exposes Users to Data Overreach Risks

Read more →

Adidas revealed that customer contact information, including names, emails and phone numbers were accessed by an unauthorized party This article has been indexed from www.infosecurity-magazine.com Read the original article: Adidas Customer Data Stolen in Third-Party Attack

Read more →

A Vietnam-nexus hacking group distributes infostealers and backdoors via social media ads promoting fake AI generator websites This article has been indexed from www.infosecurity-magazine.com Read the original article: Vietnam-Nexus Hackers Distribute Malware Via Fake AI Video Generator Websites

Read more →

A newly-discovered Russian group, Void Blizzard, has successfully compromised organizations in critical industries, Microsoft warned This article has been indexed from www.infosecurity-magazine.com Read the original article: New Russian State Hacking Group Hits Europe and North America

Read more →

A targeted cyber-attack on an MSP exploited flaws in remote management tools, resulting in ransomware deployment and data theft This article has been indexed from www.infosecurity-magazine.com Read the original article: DragonForce Ransomware Leveraged in MSP Attack Using RMM Tool

Read more →

A novel attack exploited machine learning models on PyPI, using zipped Pickle files to deliver infostealer malware This article has been indexed from www.infosecurity-magazine.com Read the original article: Malicious Machine Learning Model Attack Discovered on PyPI

Read more →

Former UK government minister Rory Stewart and NCSC Director of Operations Paul Chichester will explore the growing link between geopolitics and cybersecurity This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Rory Stewart and Paul Chichester to…

Read more →

The audit of the NVD will be conducted by the US Department of Commerce’s Office of Inspector General This article has been indexed from www.infosecurity-magazine.com Read the original article: US Government Launches Audit of NIST’s National Vulnerability Database

Read more →

Cisco Talos reported that a Chinese group has deployed web shells and malware in local government networks post-exploitation This article has been indexed from www.infosecurity-magazine.com Read the original article: Chinese Hackers Exploit Cityworks Flaw to Target US Local Governments

Read more →

A joint advisory from the US, UK, Australia and others highlights the importance of SIEM/SOAR platforms and overcoming implementation challenges This article has been indexed from www.infosecurity-magazine.com Read the original article: Governments Urge Organizations to Prioritize SIEM/SOAR Adoption

Read more →