Infosecurity News
Under Armour Investigates Data Breach After 72 Million Records Allegedly Exposed
Under Armour said there is no evidence at this point to suggest the incident affected systems used to process payments or store customer passwords
Critical Appsmith Flaw Enables Account Takeovers
Critical vulnerability in Appsmith allows account takeover via flawed password reset process
RealHomes CRM Plugin Flaw Affected 30,000 WordPress Sites
Security flaw in RealHomes CRM plugin allowed file uploads; patches released for 30,000+ sites
Zero-Day Exploits Surge, Nearly 30% of Flaws Attacked Before Disclosure
VulnCheck analysts found that vulnerabilities exploited before being publicly disclosed rose from 23.6% in 2024 to 28.96% in 2025
LastPass Warns of Phishing Campaign Attempting to Steal Master Passwords
Phoney email alerts suggest users need to backup their LastPass accounts within 24 hours. LastPass says it would never require this action from users
UK Executives Warn They May Not Survive a Major Cyber-Attack, Vodafone Survey Finds
UK Executives Warn They May Not Survive a Major Cyber-Attack, Vodafone Survey Finds
Over 160,000 Companies Notify Regulators of GDPR Breaches
DLA Piper finds 22% increase in breached firms notifying European GDPR regulators
Phishing and Spoofed Sites Remain Primary Entry Points For Olympics
Cyber risks for the Milano-Cortina 2026 Winter Games include phishing and spoofed websites as key threat vectors
Peruvian Loan Scam Harvests Cards and PINs via Fake Applications
Loan phishing operation in Peru is stealing card info by impersonating financial institutions
VoidLink Linux Malware Was Built Using an AI Agent, Researchers Reveal
Sophisticated malware previously thought to be the work of a well-resourced cyber-crime group was built by one person - with the aid of AI tools
EU Unveils Cybersecurity Overhaul with Proposed Update to Cybersecurity Act
The EU’s Cybersecurity Act 2.0 will aim to address some of the challenges of the current CSA, including the slow rollout of certification schemes
Experts Welcome Global Cybersecurity Vulnerability Enumeration Launch
A new service, the Global Cybersecurity Vulnerability Enumeration (GCVE), offers an alternative to the US-led CVE
Report Fraud Promises to Streamline Fight Against Economic Crime
City of London Police has launched the UK’s national Report Fraud service
Risk of AI Model Collapse to Drive Zero Trust Data Governance, Gartner Says
Gartner predicts 50% of organizations will adopt zero trust data governance by 2028
Chainlit Security Flaws Highlight Infrastructure Risks in AI Apps
2 security vulnerabilities in the Chainlit framework expose risks from web flaws in AI applications
Prompt Injection Bugs Found in Official Anthropic Git MCP Server
Three vulnerabilities in Anthropic's Git server for the MCP can be exploited via prompt injection
Cyber Risks Among CEOs’ Top Worries Amid Weak Short Term Growth Outlook
PwC’s 29th Global CEO Survey shows cyber risk rising to the top of CEO concerns as confidence in short term business growth weakens
LinkedIn Phishing Campaign Exploits Open-Source Pen Testing Tool to Compromise Business Execs
Cybersecurity Researchers at ReliaQuest warn of an ongoing campaign delivered to “high-value individuals” via LinkedIn messages
AI Supercharges Attacks in Cybercrime's New 'Fifth Wave'
Weaponized AI is fueling a new wave of cybercrime, said Group-IB in its latest report
Scam Marketplace Tudou Guarantee Shutters Telegram Ops
A notorious marketplace for fraud, Tudou Guarantee, appears to have closed its public Telegram groups
