Infosecurity News

Indirect Prompt Injection in Web Content Targets AI Agents
Zscaler found sites hiding prompt-injection text to manipulate AI agents into crypto payments

Opera GX Flaw Let Sites Auto-Install Mods to Steal Data
Opera GX flaw let sites automatically install mods to steal data from other pages, now patched

NCA Issues Warning to Parents As Shared Child Photos Exploited by AI Tools
IWF and NCA warn that growing numbers of images and videos are being manipulated into sexual abuse material

Researchers Claim First Fully Agentic Ransomware: JadePuffer
Researchers have revealed JadePuffer, the first agentic AI-powered ransomware campaign, highlighting how autonomous agents can automate cyber-attacks

Qilin Dominates Ransomware Market Amid Growing Cybercrime Consolidation
The ransomware landscape is reconsolidating around major players, with Qilin emerging as the leading RaaS operation, researchers say

Warning Over “Industrialized” Cyber-Attacks After Ransomware Gang Partners With TeamPCP
Researchers warn that collaboration could lead to “unprecedented” ransomware attacks, as FBI also issues warning

FBI, Google Take Down NetNut Proxy Network Used by Cyber Threat Actors
The NetNut proxy network and the ‘Popa’ botnet are known to have infected devices with variants of Mirai DDoS botnets

Researcher Behind 'Exploitarium' Explains Release of Undisclosed Zero-Day Exploits
Infosecurity spoke with the researcher who dumped over 30 proof-of-concept exploits without disclosing the vulnerabilities first

Cybercriminals Pose as Interpol in Phishing Emails to Infect Victims With Ransomware
Bitdefender researchers warned of curious ransomware campaign which has targeted businesses around the world

NCSC Shares Tips on How to Make a Pen Tester’s Job Harder
The NCSC has shared best practice advice from pen testers which could help improve system resilience

Alleged Scattered Spider Member Extradited to US
A teenager accused of hacking as part of Scattered Spider has been arrested

Fileless Malware Abuses Google Blogspot to Deploy Infostealer in Memory
Securonix said the Veil#Drop campaign abuses Google Blogspot to deliver PureLog Stealer in memory

Brazilian Banking Trojan Ousaban Targets Spain and Portugal
FortiGuard says the Brazilian banking trojan Ousaban is targeting Spain and Portugal via phishing

Anthropic's Fable 5 and Mythos 5 Are Back with New Security Guardrails
The new classifier in Fable 5 blocks the jailbreak technique that prompted the US export controls “in over 99% of cases”

Microsoft Accelerates Quantum-Safe Push with New Timeline
Microsoft has brought forward its timelines for transitioning to post-quantum cryptography (PQC)

Insurance Giant Aflac Discloses Data Breach Impacting Millions
Aflac Japan has notified regulators that policy details and personal and banking information have been compromised

Nissan Discloses Employee Data Breach Linked to Oracle Zero-Day
Nissan says employees' data was stolen via the Oracle PeopleSoft zero-day campaign

Critical SimpleHelp Vulnerability Exploited For Malware Delivery
Attackers exploited a critical SimpleHelp RMM bug to deploy TaskWeaver and Djinn Stealer malware

ClickFix Now Cybercriminals' Favorite Malware Delivery Technique
ReliaQuest report warns of a surge in ClickFix social engineering attacks against Windows and macOS users

Hackers Leverage Blockchain to Hit Japan's Hotels Through Booking.com Phishing
A wave of phishing emails sent to Booking.com partner accommodations in Japan in May led to blockchain-hosted malware



