Infosecurity News
US Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw
An attacker has exploited a zero day in Oracle Peoplesoft to gain access to the IT systems of the NAIC, the standard-setting association for the US federal insurance system
Russian Hackers Accused of Destructive Cyber-Attack on Jaguar Land Rover
Experts warn the Jaguar Land Rover breach bears hallmarks of Kremlin-backed hackers, citing novel ransomware, strategic timing and efforts to obscure attribution
FBI Sounds Alarm Over Russian Intelligence Signal Phishing
The FBI claims Russian spies are targeting Signal backup keys
China-Linked Hackers Strike Asian Critical Infrastructure with TinyRCT Backdoor
A China-linked threat group has been targeting critical infrastructure in Southeast Asia with a new custom backdoor called TinyRCT
CMC Releases Analysis and Guidance for Education Sector After Canvas Data Breach
The UK Cyber Monitoring Centre reviews the Canvas breach affecting 160 UK universities, highlighting data theft risks and financial impacts of cyber incidents
Cisco Vulnerability Exploited Months Before Disclosure, Google Warns
A high-severity flaw in Cisco Catalyst SD-WAN Manager disclosed in early June was exploited as early as March
Twenty Million US IP Connections Used by Proxy Services
Digital Citizens Alliance report claims that millions of Americans may have unwittingly had IP connections used by cybercriminals
Trust in Automated AI Vulnerability Scanning Collapses to 9%, New Study Finds
Cobalt study finds 20-percentage-point drop in number of organizations relying solely on AI automation for testing
New CISA Guide Helps Agencies Adopt SASE For Zero Trust
New CISA guidance shows federal agencies how to use SASE to move from legacy TIC 2.0 to zero trust
macOS Flaw Lets Standard Users Disable EDR and MDM
macos-xpc-flaw-disable-edr-mdm-standard-user-xm-cyber
Major Increase in Ransomware Attacks Targeting Europe, Warns New Report
Analysis of ransomware incidents by researchers at Black Kite found that attacks have risen by over 50% in the last year, with supply chain attacks increasing
Researchers Trick AI Browsers Into Leaking Credentials
LayerX tricked AI browsers including ChatGPT Atlas and Comet into bypassing their guardrails
Europol-Led Operation Endgame Takes Down StealC and Amadey Infostealers
Operation Endgame seized around 50 domains and nearly 200 active IP-based servers associated with the infostealers
macOS Backdoor Uses Prompt Injection to Evade AI Triage
SentinelLabs found a North Korea-linked macOS backdoor using prompt injection on AI triage tools
KDDI Breach Affects Six Japanese ISPs, Exposes 14.2 Email Credentials
Customers of the affected Japanese email services are “strongly advised” to change their email passwords
Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Cyber Espionage
An NCC Group report warns state-backed hackers are attempting to hide activity by posing as ransomware groups and deploying commercially available malware
AI Is Making Attacks Cheaper, Faster and More Covert, Says ReliaQuest
New ReliaQuest study reveals the six ways AI is practically being used in attacks today
UK Museums Face Cybersecurity Risks, MPs Warn
Public Accounts Committee (PAC) warns that museums and galleries aren’t getting enough government support on cyber
Lookalike npm Package Hides a Multi-Stage Windows RAT
JFrog found an npm package impersonating postcss-selector-parser to drop a multi-stage Windows RAT
OpenAI Expands Daybreak to Help Defenders Patch Flaws
OpenAI expanded Daybreak with a full GPT-5.5-Cyber release to help defenders patch software flaws
