Infosecurity News

  1. NCSC Plugs Gap in Cyber-Deception Guidance

    The National Cyber Security Centre has released new learnings from a cyber deception pilot

  2. ICO Fines LastPass £1.2m After 2022 Breach

    The UK’s data protection regulator has fined password manager provider LastPass £1.2m after 2022 data breach

  3. South Korean Police Raid Coupang Over Data Breach as CEO Resigns

    The Coupang South Korean unit's response will be spearheaded by an executive based in the US

  4. OpenAI Enhances Defensive Models to Mitigate Cyber-Threats

    OpenAI has reported a surge in performance as GPT-5.1-Codex-Max reaching 76% in capability assessments, and warned of upcoming cyber-risks

  5. Malware Discovered in 19 Visual Studio Code Extensions

    A new campaign involving 19 malicious Visual Studio Code extensions used a legitimate npm package to embed malware in dependency folders

  6. Scam-Busting FCA Firm Checker Tool Given Cautious Welcome

    Experts say a new Firm Checker tool from the FCA won’t move the dial on fraud but is a step in the right direction

  7. Google Releases Critical Chrome Security Update to Address Three Zero-Days

    Google has released a Chrome security update to fix three zero-day vulnerabilities, including a high-severity flaw with an active exploit

  8. “Cyber Tax” Warning as Two-Fifths of SMBs Raise Prices After Breach

    New ITRC research finds 81% of US small businesses suffered a data or security breach in the past year

  9. ClickFix Social Engineering Sparks Rise of CastleLoader Attacks

    A new malware campaign has been identified using a Python-based delivery system to deploy CastleLoader malware

  10. Pro-Russia Hackers Target US Critical Infrastructure in New Wave

    Pro-Russia hacktivist groups have been observed exploiting exposed virtual network computing connections to breach OT systems

  11. Google Fixes Zero Click Gemini Enterprise Flaw That Exposed Corporate Data

    The flaw, dubbed ‘GeminiJack,’ exploits the trust boundary between user-controlled content in data sources and the AI model’s instruction processing

  12. Log4Shell Downloaded 40 Million Times in 2025

    Sonatype has claimed that 13% of Log4j versions downloaded this year were vulnerable to the legacy critical Log4Shell bug

  13. Microsoft Fixes Three Zero-Days in Final Patch Tuesday of 2025

    December’s Patch Tuesday sees the release of patches for over 50 CVEs including three zero-days

  14. React2Shell Exploit Campaigns Tied to North Korean Cyber Intrusion Tactics

    Sysdig has found sophisticated malicious campaigns exploiting React2Shell that delivered EtherRAT and suggested North Korean hackers’ involvement

  15. Malicious VS Code Extensions Deploy Advanced Infostealer

    Two malicious Visual Studio Code extensions, Bitcoin Black and Codo AI, have been observed harvesting sensitive user data

  16. DeadLock Ransomware Uses BYOVD to Evade Security Measures

    Cisco Talos has detected new tactics from a financially motivated actor using DeadLock ransomware

  17. UK NCSC Raises Alarms Over Prompt Injection Attacks

    The UK’s National Cyber Security Centre has warned of the dangers of comparing prompt injection to SQL injection

  18. Gartner Calls For Pause on AI Browser Use

    Gartner has called for organizations to block today’s AI browsers on security concerns

  19. ClayRat Android Spyware Expands Capabilities

    A new version of ClayRat Android spyware features enhanced surveillance and device-control features

  20. Marquis Software Breach Affects Over 780,000 Nationwide

    A data breach at Marquis Software Solutions due to a firewall flaw has affected over 780,000 people across the US

Why Not Watch?

  1. Audit & Compliance in the Era of AI and Emerging Technology

  2. How Mid-Market Businesses Can Leverage Microsoft Security for Proactive Defenses

  3. Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification

  4. Exposing AI’s Blind Spots: Security vs Safety in the Age of Gen AI

What’s Hot on Infosecurity Magazine?