Tag: Information Security Buzz

Researchers from Socket have identified an ongoing campaign involving at least seven typosquatted Go packages. These packages impersonate well-known Go libraries and are designed to deploy loader malware on Linux and macOS systems.   Typosquatted packages are malicious software components designed…

Read more →

Cybercriminals are more sophisticated than ever, a new report from CrowdStrike reveals. Breakout times are falling, social engineering is becoming more common and effective, and cyber espionage – particularly that originating in China – is growing increasingly aggressive.   “Our latest…

Read more →

Microsoft Threat Intelligence has warned of a shift in tactics by Silk Typhoon, a Chinese espionage group that is now exploiting vulnerabilities in common IT solutions—including remote management tools and cloud applications—to gain initial access to target entities.   The software…

Read more →

Admins are in a tough position right now. Enterprise ecosystems are expanding, role responsibilities are growing, and hackers are getting smarter. Rather than viewing AI as another potential vulnerability, Hexnode CEO Apu Pavithran argues that admins must embrace it as…

Read more →

A major Microsoft outage on 1 March left tens of thousands unable to access key services like Outlook, Teams, and Office 365 for over three hours. Microsoft has not fully explained the cause but blamed a “problematic code change.”  Timeline…

Read more →

Google has issued an urgent security alert addressing two critical Android vulnerabilities, CVE-2024-43093 and CVE-2024-50302, which are actively being exploited in coordinated attacks targeting devices running Android versions 12 through 15.   The vulnerabilities, patched in the March 2025 Android Security…

Read more →

A new cyber espionage campaign has been uncovered targeting a select group of entities in the United Arab Emirates (UAE), focusing on aviation, satellite communications, and critical transportation infrastructure.   The attack, identified by Proofpoint researchers, used advanced obfuscation techniques and…

Read more →

AI-driven automation and real-time transaction monitoring are the top priorities for organizations seeking to combat fraud, the 2025 Digital Fraud Outlook report published by SEON has revealed. Fraud Budgets Grow, But ROI is Complicated According to the report, 85% of…

Read more →

The Splunk Threat Research Team has uncovered a widespread cyber campaign targeting Internet Service Provider (ISP) infrastructure providers on the West Coast of the United States and in China. Over 4,000 ISP-related IPs were explicitly targeted in this campaign.  The…

Read more →

JFrog a liquid software company and creators of the JFrog Software Supply Chain Platform, has debuted  JFrog ML, a MLOps solution as part of the JFrog Platform designed to enable development teams, data scientists and ML engineers to quickly develop…

Read more →

Cybersecurity information sharing is a crucial element of a strong security culture, and organizations should actively facilitate and encourage it to reduce human risk, a new report from KnowBe4 argues.   Called “Cybersecurity Information Sharing as an Element of Sustainable Security…

Read more →

Cybersecurity researchers at VulnCheck have exposed internal conversations between members of the Black Basta ransomware group, revealing rare insights into the groups’ tactics and actionable advice for cybersecurity defenders. The key takeaway? Black Basta generally prioritizes known weaknesses.   Extensive Use…

Read more →

Defense Secretary Pete Hegseth has ordered U.S. Cyber Command to halt all planning against Russia, including offensive digital operations, The Record reports.  The directive, issued towards the end of last week to Cyber Command chief General Timothy Haugh, heralds a…

Read more →

Eighty-six percent of commercial codebases contain vulnerabilities, with 81% harboring high-or-critical-risk vulnerabilities, new research from Black Duck has revealed.   The 2025 Open Source Security and Risk Analysis (OSSRA) report drives home the massive risk posed by outdated and unmonitored open-source…

Read more →

Microsoft has amended recent civil litigation to name key developers of malicious tools designed to bypass AI safeguards, including those in Azure OpenAI Service.   The legal action targets four individuals—Arian Yadegarnia (Iran), Alan Krysiak (UK), Ricky Yuen (Hong Kong), and…

Read more →

Notorious ransomware gang Qilin has claimed responsibility for the 3 February attack on Lee Enterprises, an American media company.  On its data leak site, Qilin claimed to have stolen 350 GB of data, including “investor records, financial arrangements that raise…

Read more →

The landscape of cybersecurity threats presents increasingly dire challenges for organisations worldwide. According to IBM’s 2024 Cost of a Data Breach Report, the global average cost of a data breach has reached an all-time high of $4.88 million, representing a…

Read more →

The Cleveland Municipal Court, including Cleveland Housing Court, will remain closed today, one week after it was hit by a cyber event.  On its Facebook page on 24 February, it said it is currently investigating a cyber incident. Although it…

Read more →

While cybersecurity threats dominate discussions about data protection, physical access security remains a critical, often overlooked aspect of safeguarding data centers. Even the most advanced firewalls and encryption protocols cannot prevent a breach if unauthorized people can directly access servers,…

Read more →

Check Point Research (CPR) has uncovered a sophisticated cyber campaign leveraging a vulnerable Windows driver to disable security protections, evade detection, and deploy malicious payloads.  They identified a large-scale, ongoing attack campaign that abuses a legacy version of the Truesight.sys…

Read more →