Infosecurity News
Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users
Premium Deception campaign uses 250 Android apps to silently sign victims up to paid services
Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem
Mini Shai-Hulud worm hits Alibaba AntV ecosystem in largest npm supply chain wave to date
China-Linked Webworm APT Evolves Tactics, Expands to European Targets
China-linked Webworm APT expands beyond Asia, targeting European government organizations and refining its cyber espionage tactics, according to ESET research
GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension
The prolific threat group TeamPCP has claimed a hack into GitHub’s internal repositories
Researchers Warn CypherLoc Scareware Has Targeted Millions of Users
Barracuda reveals new CypherLoc scareware has featured in nearly three million attacks
Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector
Verizon DBIR finds 31% of data breaches began with software flaws last year
Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool
Microsoft’s Digital Crimes Unit has taken down the infrastructure of Fox Tempest, a prolific cybercrime-enabling threat group
AI Raises the Bar on Vulnerability Awareness and Secure-by-Design Software
AI-powered vulnerability scanning leaves no excuse for unpatched bugs as the EU Cyber Resilience Act pushes firms toward secure-by-design software
Agentic AI Accelerates Software Builds and Mobile App Attacks
Digital.ai data reveals 87% of apps were attacked over the past year
Grafana Labs Confirms Hackers Stole Source Code
Open source tool maker Grafana says hackers stole codebase via GitHub breach
Hackers Bypass Security Tools to Target Users Directly
Bridewell report calls out emergence of “fix-style” attacks
Interpol Launches Sweeping Cybercrime Crackdown in MENA Region
Over 200 people were arrested in an anti-cybercrime operation that spanned 13 countries across the Middle East and North Africa
The Infosecurity Europe Cyber Startup Competition: Meet the Finalists
New for 2026, the Infosecurity Europe Startup competition will see five finalists pitch their ideas in front of a live audience, including senior industry leaders, investors and buyers
NCSC Publishes Guidance on Securing Agentic AI Use
The UK’s National Cyber Security Centre is helping organizations to understand agentic AI security risks
Security Researchers Find 47 Zero-Days at Pwn2Own Berlin
The research community was awarded $1.3m as it found dozens of novel vulnerabilities at Pwn2Own Berlin
Bank of England, FCA and Treasury Raise Alarm Over Frontier AI
The UK’s financial authorities have set expectations for the sector on cybersecurity and operational resilience
Gremlin Stealer Evolves into Modular Threat with Advanced Evasion Capabilities
A new Gremlin stealer variant has evolved into a modular toolkit with advanced evasion and data theft capabilities, according to new Unit 42 research
Microsoft Reports Severe Zero-Day Flaw in On-Prem Exchange Servers
The zero-day vulnerability affects on-premises installations for all versions of Exchange Server 2016, 2019 and Subscription Edition
China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer
A suspected China-linked threat actor targeted the Indian branch of a global manufacturer leveraging an open source offensive toolkit
Mustang Panda Linked to Updated FDMTP Backdoor in Asia-Pacific Espionage Campaign
Mustang Panda campaign deploys updated FDMTP backdoor against Asia-Pacific and Japan networks
