Tag: www.infosecurity-magazine.com

Bipartisan support grows in Congress to extend Cybersecurity Information Sharing Act for 10 years This article has been indexed from www.infosecurity-magazine.com Read the original article: Senators Urge Cyber-Threat Sharing Law Extension Before Deadline

Read more →

IBM warns of infostealer surge as attackers automate credential theft and adopt AI to generate highly convincing phishing emails en masse This article has been indexed from www.infosecurity-magazine.com Read the original article: Identity Attacks Now Comprise a Third of Intrusions

Read more →

Microsoft has blocked fraud worth $4bn as threat actors ramp up AI use This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Thwarts $4bn in Fraud Attempts

Read more →

MITRE will be able to keep running the CVE program for at least the next 11 months This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Throws Lifeline to CVE Program with Last-Minute Contract Extension

Read more →

Sophos found that compromise of network edge devices, such as VPN appliances, accounted for 30% of incidents impacted SMBs in 2024 This article has been indexed from www.infosecurity-magazine.com Read the original article: Network Edge Devices the Biggest Entry Point for…

Read more →

A UK Law firm has been fined £60,000 after data stolen during a 2022 cyber-attack was published on the dark web This article has been indexed from www.infosecurity-magazine.com Read the original article: ICO Issues Merseyside-Based Law Firm £60,000 Fine After…

Read more →

Hertz has confirmed a data breach exposing customer data after a zero-day attack targeting file transfer software from Cleo Communications This article has been indexed from www.infosecurity-magazine.com Read the original article: Hertz Data Breach Exposes Customer Information in Cleo Zero-Day…

Read more →

NVISO discovered new variants of the BRICKSTORM backdoor, initially designed for Linux, on Windows systems This article has been indexed from www.infosecurity-magazine.com Read the original article: China-Backed Hackers Exploit BRICKSTORM Backdoor to Spy on European Businesses

Read more →

Study reveals 92% of mobile apps use insecure cryptographic methods, exposing millions to data risks This article has been indexed from www.infosecurity-magazine.com Read the original article: 92% of Mobile Apps Found to Use Insecure Cryptographic Methods

Read more →

Security community reacts with shock at US government’s decision not to renew MITRE contract for CVE database This article has been indexed from www.infosecurity-magazine.com Read the original article: Chaos Reigns as MITRE Set to Cease CVE and CWE Operations

Read more →

DataDome warns that DYI bots are snapping up driving test places en masse This article has been indexed from www.infosecurity-magazine.com Read the original article: Scalper Bots Fueling DVSA Driving Test Black Market

Read more →

Security community reacts with shock at US government’s decision not to renew MITRE contract for CVE database This article has been indexed from www.infosecurity-magazine.com Read the original article: Chaos Reins as MITRE Set to Cease CVE and CWE Operations

Read more →

Posing as potential employers, Slow Pisces hackers conceal malware in coding challenges sent to cryptocurrency developers on LinkedIn This article has been indexed from www.infosecurity-magazine.com Read the original article: North Korean Hackers Exploit LinkedIn to Infect Crypto Developers with Infostealers

Read more →

Regulatory compliance and data protection were the biggest cybersecurity challenges cited by UK financial organizations, according to a Bridewell survey This article has been indexed from www.infosecurity-magazine.com Read the original article: Compliance Now Biggest Cyber Challenge for UK Financial Services

Read more →

Pentesting firm Cobalt has found that organizations fix less than half of exploited vulnerabilities, with just 21% of generative AI flaws addressed This article has been indexed from www.infosecurity-magazine.com Read the original article: Organizations Found to Address Only 21% of…

Read more →

Thales report reveals bots now account for 51% of all web traffic, surpassing human activity This article has been indexed from www.infosecurity-magazine.com Read the original article: Bot Traffic Overtakes Human Activity as Threat Actors Turn to AI

Read more →

A UK man has been sentenced to over eight years for masterminding £100m phishing platform LabHost This article has been indexed from www.infosecurity-magazine.com Read the original article: LabHost Phishing Mastermind Sentenced to 8.5 Years

Read more →

Flaw in SureTriggers plugin allows unauthenticated users to create admin accounts on WordPress sites This article has been indexed from www.infosecurity-magazine.com Read the original article: Major WordPress Plugin Flaw Exploited in Under 4 Hours

Read more →

Through the SYS Initiative, Prodaft is offering a secure, anonymous channel for individuals to share information about ongoing cybercrime activities This article has been indexed from www.infosecurity-magazine.com Read the original article: Prodaft Offers “No Judgment” Deal to Buy Dark Web…

Read more →

ResolverRAT targets healthcare organizations using advanced evasion techniques and social engineering This article has been indexed from www.infosecurity-magazine.com Read the original article: New Malware ResolverRAT Targets Healthcare and Pharma Sectors

Read more →

CA/Browser Forum members have voted in favor of shortening TLS/SSL certificate lifespans to 47 days This article has been indexed from www.infosecurity-magazine.com Read the original article: Digital Certificate Lifespans to Fall to 47 Days by 2029

Read more →

The US government has implemented a program that applies export controls on data transactions to certain countries of concern, including China and Russia This article has been indexed from www.infosecurity-magazine.com Read the original article: US Blocks Foreign Governments from Acquiring…

Read more →

Experts have warned that threat actors could hijack AI hallucinations in “slopsquatting” attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: AI Hallucinations Create “Slopsquatting” Supply Chain Threat

Read more →

The NVD program manager has announced undergoing process improvements to catch up with its growing vulnerability backlog This article has been indexed from www.infosecurity-magazine.com Read the original article: NVD Revamps Operations as Vulnerability Reporting Surges

Read more →

Experts at the Google Cloud Next event set out how security teams need to adapt their focuses in the wake of trends such as rising cyber-attacks and advances in AI This article has been indexed from www.infosecurity-magazine.com Read the original…

Read more →

Rockwell Automation, Hitachi Energy and Inaba Denki Sangyo have products affected by critical vulnerabilities carrying severity ratings as high as 9.9 This article has been indexed from www.infosecurity-magazine.com Read the original article: Cyble Urges Critical Vulnerability Fixes Affecting Industrial Systems

Read more →

Google Cloud’s Sandra Joyce said that Chinese state actors’ advanced techniques and ability to stay undetected pose huge challenges This article has been indexed from www.infosecurity-magazine.com Read the original article: Google Cloud: China Achieves “Cyber Superpower” Status

Read more →

Google Cloud announced a number of security products designed to reduce complexity for security leaders This article has been indexed from www.infosecurity-magazine.com Read the original article: Google Cloud: CISOs Demand Simplified Security Tools Amid Growing Tech Complexity

Read more →

The Cyber Security Breaches Survey 2025 has been released by the UK Home Office and DSIT today, reporting a slight decline in incidents compared to 2024 report This article has been indexed from www.infosecurity-magazine.com Read the original article: Over 40%…

Read more →

A new Android malware campaign uses fake Google Play pages to distribute the SpyNote Trojan This article has been indexed from www.infosecurity-magazine.com Read the original article: SpyNote Malware Targets Android Users with Fake Google Play Pages

Read more →

A new AI-powered framework dubbed “AkiraBot” has successfully spammed 80,000 websites since September 2024 This article has been indexed from www.infosecurity-magazine.com Read the original article: AI-Powered AkiraBot Evades CAPTCHA to Spam 80,000 Websites

Read more →

Police have made more arrests in the ongoing Operation Endgame, cracking down on malware customers This article has been indexed from www.infosecurity-magazine.com Read the original article: Operation Endgame Continues with Smokeloader Customer Arrests

Read more →

WK Kellogg breach exposed employee data after attackers exploited flaws in Cleo software This article has been indexed from www.infosecurity-magazine.com Read the original article: WK Kellogg Confirms Data Breach Tied to Cleo Software Exploit

Read more →

New phishing method targets high-value accounts using real-time email validation This article has been indexed from www.infosecurity-magazine.com Read the original article: Precision-Validated Phishing Elevates Credential Theft Risks

Read more →

While ransomware attack claims are at an all-time high, financial losses from actual attacks may be reducing This article has been indexed from www.infosecurity-magazine.com Read the original article: Ransomware Attacks Hit All-Time High as Payoffs Dwindle

Read more →

73% of respondents in an Armis survey said they worried about nation-state actors using AI for cyber-attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Three-Quarters of IT Leaders Fear Nation-State AI Cyber Threats

Read more →

Microsoft has issued security updates to fix 130+ vulnerabilities this month, including one zero-day This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Fixes Over 130 CVEs in April Patch Tuesday

Read more →

The UK and allies have warned of new mobile spyware targeting Uyghur, Tibetan and Taiwanese communities This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Warns of Spyware Targeting Chinese and Taiwanese Diaspora

Read more →

Google’s latest Android update fixes 62 flaws, including two zero-days previously used in limited targeted attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Google Releases April Android Update to Address Two Zero-Days

Read more →

NIST marks CVEs pre-2018 as “Deferred” in the NVD as agency focus shifts to managing emerging threats This article has been indexed from www.infosecurity-magazine.com Read the original article: NIST Defers Pre-2018 CVEs to Tackle Growing Vulnerability Backlog

Read more →

Armis survey reveals that the growing threat of nation-state cyber-attacks is disrupting digital transformation This article has been indexed from www.infosecurity-magazine.com Read the original article: Half of Firms Stall Digital Projects as Cyber Warfare Risk Surges

Read more →

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-31161 to its Known Exploited Vulnerabilities (KEV) catalog This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Warns of CrushFTP Vulnerability Exploitation in the Wild

Read more →

The British government has launched a new code of practice designed to boost corporate cyber governance This article has been indexed from www.infosecurity-magazine.com Read the original article: Boards Urged to Follow New Cyber Code of Practice

Read more →

Security researchers from ExtensionTotal have found nine malicious extensions in Visual Studio Code, Microsoft’s lightweight source-code editor This article has been indexed from www.infosecurity-magazine.com Read the original article: Malicious Microsoft VS Code Extensions Used in Cryptojacking Campaign

Read more →

A rise in smishing campaigns impersonating toll service providers has been linked to China’s Smishing Triad This article has been indexed from www.infosecurity-magazine.com Read the original article: Smishing Triad Fuels Surge in Toll Payment Scams in US, UK

Read more →

Xanthorox AI, a self-contained system for offensive cyber operations, has emerged on darknet forums This article has been indexed from www.infosecurity-magazine.com Read the original article: Darknet’s Xanthorox AI Offers Customizable Tools for Hackers

Read more →

Vodafone Business has urged the UK government to implement policy changes, including improvements to the Cyber Essentials scheme and tax incentives for cybersecurity This article has been indexed from www.infosecurity-magazine.com Read the original article: Vodafone Urges UK Cybersecurity Policy Reforms…

Read more →

Osney Capital’s new fund is the first to focus exclusively on early-stage UK cybersecurity This article has been indexed from www.infosecurity-magazine.com Read the original article: Government Backs Britain’s First Cyber Seed Fund, Worth £50m

Read more →

Cyber-attacks on Australian superannuation funds leave some savers out of pocket This article has been indexed from www.infosecurity-magazine.com Read the original article: Aussie Pension Savers Hit with Wave of Credential Stuffing Attacks

Read more →

A joint cybersecurity advisory warns organizations globally about the defense gap in detecting and blocking fast flux techniques, which are exploited for malicious activities This article has been indexed from www.infosecurity-magazine.com Read the original article: Cyber Agencies Warn of Fast…

Read more →

Mandiant warned that Chinese espionage actor UNC5221 is actively exploiting a critical Ivanti vulnerability, which can lead to remote code execution This article has been indexed from www.infosecurity-magazine.com Read the original article: Chinese State Hackers Exploiting Newly Disclosed Ivanti Flaw

Read more →

The threat actors initially attempted to compromise projects associated with the Coinbase cryptocurrency exchange, said Palo Alto Networks This article has been indexed from www.infosecurity-magazine.com Read the original article: Tj-actions Supply Chain Attack Traced Back to Single GitHub Token Compromise

Read more →

An international law enforcement operation has shut down Kidflix, a platform for child sexual exploitation with 1.8m registered users This article has been indexed from www.infosecurity-magazine.com Read the original article: Major Online Platform for Child Exploitation Dismantled

Read more →

A critical authentication bypass flaw in CrushFTP is under active exploitation following a mishandled disclosure process This article has been indexed from www.infosecurity-magazine.com Read the original article: CrushFTP Vulnerability Exploited Following Disclosure Issues

Read more →

The cybercriminal uses the service of Proton66, an infamous Russian-based bulletproof hosting provider, to deploy malware This article has been indexed from www.infosecurity-magazine.com Read the original article: Amateur Hacker Leverages Russian Bulletproof Hosting Server to Spread Malware

Read more →

Highline Public Schools revealed that sensitive personal, financial and medical data was accessed by ransomware attackers during the September 2024 incident This article has been indexed from www.infosecurity-magazine.com Read the original article: Sensitive Data Breached in Highline Schools Ransomware Incident

Read more →

Semperis claims 62% of water and electricity providers were hit by cyber-attacks in the past year This article has been indexed from www.infosecurity-magazine.com Read the original article: Over Half of Attacks on Electricity and Water Firms Are Destructive

Read more →

BforeAI researchers discover 596 suspicious Bybit-themed domains designed to defraud visitors This article has been indexed from www.infosecurity-magazine.com Read the original article: Nearly 600 Phishing Domains Emerge Following Bybit Heist

Read more →

A novel skimming attack has been observed by Jscramber, using the Stripe API to steal payment information by injecting malicious scripts into pages This article has been indexed from www.infosecurity-magazine.com Read the original article: Stripe API Skimming Campaign Unveils New…

Read more →

A cyber threat actor has claimed to have leaked 144GB of data from Royal Mail users This article has been indexed from www.infosecurity-magazine.com Read the original article: Royal Mail Investigates Data Breach Affecting Supplier

Read more →

Gray bots surge as generative AI scraper activity increases, impacting web applications with millions of requests daily This article has been indexed from www.infosecurity-magazine.com Read the original article: Gray Bots Surge as Generative AI Scraper Activity Increases

Read more →

Hackers stole $1.67bn of cryptocurrencies in the first quarter of 2025, a 303% increase This article has been indexed from www.infosecurity-magazine.com Read the original article: Bybit Heist Fuels Record Crypto-Theft Surge, Says CertiK

Read more →

Google has found a significant increase in North Korean actors attempting to gain employment as IT workers in European companies, leading to data theft and extortion This article has been indexed from www.infosecurity-magazine.com Read the original article: North Korea’s Fake…

Read more →

Gaming community Steam appeared most often in phishing emails and texts detected by Guardio in Q1 2025 This article has been indexed from www.infosecurity-magazine.com Read the original article: Steam Surges to Top of Most Spoofed Brands List in Q1

Read more →

The UK’s data protection regulator says it is overwhelmed with complaints from the public This article has been indexed from www.infosecurity-magazine.com Read the original article: ICO Apologizes After Data Protection Response Snafu

Read more →

The CERT-UA investigation concluded that the attack’s techniques were “characteristic of Russian intelligence services” This article has been indexed from www.infosecurity-magazine.com Read the original article: Ukraine Blames Russia for Railway Hack, Labels It “Act of Terrorism”

Read more →

WP Ultimate CSV Importer flaws expose 20,000 websites to attacks enabling attackers to achieve full site compromise This article has been indexed from www.infosecurity-magazine.com Read the original article: WP Ultimate CSV Importer Flaws Expose 20,000 Websites to Attacks

Read more →

A new attack targeting Microsoft Teams users used vishing, remote access tools and DLL sideloading to deploy a JavaScript backdoor This article has been indexed from www.infosecurity-magazine.com Read the original article: New Phishing Attack Combines Vishing and DLL Sideloading Techniques

Read more →

Google is set to roll out end-to-end encryption for all Gmail users, boosting security, compliance and data sovereignty efforts This article has been indexed from www.infosecurity-magazine.com Read the original article: Google to Switch on E2EE for All Gmail Users

Read more →

BlueVoyant found that the use of lookalike domains in email-based attacks is allowing actors to extend the types of individuals and organizations being targeted This article has been indexed from www.infosecurity-magazine.com Read the original article: Cybercriminals Expand Use of Lookalike…

Read more →

A thousand UK service providers will be expected to comply with the forthcoming Cyber Security and Resilience Bill This article has been indexed from www.infosecurity-magazine.com Read the original article: Cyber Security and Resilience Bill Will Apply to 1000 UK Firms

Read more →

CISA recommends immediate action to address malware variant RESURGE exploiting Ivanti vulnerability CVE-2025-0282 This article has been indexed from www.infosecurity-magazine.com Read the original article: New Malware Variant RESURGE Exploits Ivanti Vulnerability

Read more →

New “ClickFake Interview” campaign attributed to the Lazarus Group targets crypto professionals with fake job offers This article has been indexed from www.infosecurity-magazine.com Read the original article: ClickFake Interview Campaign by Lazarus Targets Crypto Job Seekers

Read more →

The funding will go to several projects within the Digital Europe Programme (DIGITAL) work program for 2025 to 2027 This article has been indexed from www.infosecurity-magazine.com Read the original article: EU Commission to Invest €1.3bn in Cybersecurity and AI

Read more →

The UK’s National Cyber Security Agency has called on Next.js users to patch CVE-2025-29927 This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Urges Users to Patch Next.js Flaw Immediately

Read more →

The DoJ has managed to recoup over $8m from scammers, stolen in romance baiting schemes This article has been indexed from www.infosecurity-magazine.com Read the original article: US Seizes $8.2m from Romance Baiting Scammers

Read more →

Claroty revealed that 89% of healthcare organizations use the top 1% of riskiest Internet-of-Medical-Things (IoMT) devices This article has been indexed from www.infosecurity-magazine.com Read the original article: Nine in Ten Healthcare Organizations Use the Most Vulnerable IoT Devices

Read more →

Forescout researchers found multiple vulnerabilities in leading solar power system manufacturers, which could be exploited to cause emergencies and blackouts This article has been indexed from www.infosecurity-magazine.com Read the original article: Solar Power System Vulnerabilities Could Result in Blackouts

Read more →

Expert speakers discussed the impact of reported cutbacks to CISA on the ability of local officials to protect against surging cyber-attacks on US election infrastructure This article has been indexed from www.infosecurity-magazine.com Read the original article: Trump CISA Cuts Threaten…

Read more →

A PhaaS platform, dubbed ‘Morphing Meerkat,’ uses DNS MX records to spoof over 100 brands and steal credentials, according to Infoblox Threat Intel This article has been indexed from www.infosecurity-magazine.com Read the original article: Morphing Meerkat PhaaS Platform Spoofs 100+…

Read more →

Newly identified CoffeeLoader uses multiple evasion techniques and persistence mechanisms to deploy payloads and bypass endpoint security This article has been indexed from www.infosecurity-magazine.com Read the original article: CoffeeLoader Malware Loader Linked to SmokeLoader Operations

Read more →

PJobRAT malware targets Taiwan Android users, stealing data through fake messaging platforms This article has been indexed from www.infosecurity-magazine.com Read the original article: PJobRAT Malware Targets Users in Taiwan via Fake Apps

Read more →

The ICO’s Deputy Commissioner told Infosecurity that organizations that fail to implement MFA and suffer a breach can expect heavy penalties This article has been indexed from www.infosecurity-magazine.com Read the original article: No MFA? Expect Hefty Fines, UK’s ICO Warns

Read more →

Once considered inactive, the Chinese cyber espionage group FamousSparrow has reemerged, targeting organizations across the US, Mexico and Honduras This article has been indexed from www.infosecurity-magazine.com Read the original article: Chinese Spy Group FamousSparrow Back with a Vengeance, Targets US

Read more →

The UK’s National Crime Agency is warning of a growing cyber and physical threat from homegrown teens This article has been indexed from www.infosecurity-magazine.com Read the original article: NCA Warns of Sadistic Online “Com” Networks

Read more →

The UK’s National Cyber Security Centre has released new guidance to help domain registrars enhance security This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Urges Domain Registrars to Improve Security

Read more →

In its 2025 Global Third-Party Breach Report, SecurityScorecard has found that 35.5% of all cyber breaches in 2024 were third-party related, up from 29% in 2023 This article has been indexed from www.infosecurity-magazine.com Read the original article: SecurityScorecard Observes Surge…

Read more →

Threat actors are exploiting cloud platforms like Adobe and Dropbox to evade email gateways and steal credentials This article has been indexed from www.infosecurity-magazine.com Read the original article: Threat Actors Abuse Trust in Cloud Collaboration Platforms

Read more →

A newly discovered malware campaign uses malicious npm packages to deploy reverse shells, compromising development environments This article has been indexed from www.infosecurity-magazine.com Read the original article: Malicious npm Packages Deliver Sophisticated Reverse Shells

Read more →

Standards body ETSI has defined a scheme for key encapsulation mechanisms with access control (KEMAC), enabling quantum-secure encryption This article has been indexed from www.infosecurity-magazine.com Read the original article: ETSI Publishes New Quantum-Safe Encryption Standards

Read more →

EU security agency ENISA has released a new report outlining the threats and potential mitigations for the space sector This article has been indexed from www.infosecurity-magazine.com Read the original article: ENISA Probes Space Threat Landscape in New Report

Read more →

The UK government’s new fraud minister will today announce plans for a newly expanded fraud strategy This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Government’s New Fraud Strategy to Focus on Tech-Enabled Threats

Read more →

McAfee researchers have identified a new wave of Android malware campaigns leveraging .NET MAUI to steal sensitive user information through fake apps This article has been indexed from www.infosecurity-magazine.com Read the original article: New Android Malware Uses .NET MAUI to…

Read more →

Cybercriminals are increasingly leveraging Atlantis AIO, which automates credential stuffing attacks across more than 140 platforms This article has been indexed from www.infosecurity-magazine.com Read the original article: Cybercriminals Use Atlantis AIO to Target 140+ Platforms

Read more →

NIST has urged more research and emphasis on developing mitigations for attacks on AI and ML systems This article has been indexed from www.infosecurity-magazine.com Read the original article: NIST Warns of Significant Limitations in AI/ML Security Mitigations

Read more →

Sygnia has uncovered Weaver Ant, a Chinese threat actor that spied on telecommunications networks for years This article has been indexed from www.infosecurity-magazine.com Read the original article: China-Linked Weaver Ant Hackers Exposed After Four-Year Telco Infiltration

Read more →

Kela researchers detect a 200%+ increase in dark web chatter about malicious AI tools This article has been indexed from www.infosecurity-magazine.com Read the original article: Dark Web Mentions of Malicious AI Tools Spike 200%

Read more →

Wiz Security finds four critical RCE vulnerabilities in the Ingress NGINX Controller for Kubernetes This article has been indexed from www.infosecurity-magazine.com Read the original article: IngressNightmare: Four Critical Bugs Found in 40% of Cloud Systems

Read more →

VanHelsingRaaS, a new ransomware-as-a-service program, infected three victims within two weeks of release, demanding ransoms of $500,000 This article has been indexed from www.infosecurity-magazine.com Read the original article: VanHelsingRaaS Expands Rapidly in Cybercrime Market

Read more →

Ukraine’s national railway company has suffered a “large-scale” cyber-attack, disrupting online services and operations This article has been indexed from www.infosecurity-magazine.com Read the original article: Ukraine Railway Systems Hit by Targeted Cyber-Attack

Read more →