Infosecurity News
Phishing Attacks Exploit Misconfigured Email Routing Settings to Target Microsoft 365 Users
Misconfigurations abused to make phishing emails look like they come from within the organization
Fifth of Breaches Take Two Weeks to Recover From
Absolute Security claims that full recovery from endpoint-related downtime can take up to a fortnight for most organizations
US To Leave Global Forum on Cyber Expertise
The Trump administration decided to leave 66 international organizations, including the GFCE and the European Centre of Excellence for Countering Hybrid Threats
Maximum Severity “Ni8mare” Bug Lets Hackers Hijack n8n Servers
A newly discovered vulnerability in authentication platform n8n could allow threat actors to take control of n8n servers
Versatile Malware Loader pkr_mtsi Delivers Diverse Payloads
Malicious Windows packer named pkr_mtsi used as a flexible malware loader in malvertising campaigns
Ghost Tap Malware Fuels Surge in Remote NFC Payment Fraud
New Android malware enables unauthorized tap-to-pay transactions without physical access to bank cards
China intensifies Cyber-Attacks on Taiwan as Energy Sector Sees Tenfold Spike
Taiwan recorded an average of 2.63 million cyber intrusion attempts to it critical infrastructure per day coming from China in 2025
Personal LLM Accounts Drive Shadow AI Data Leak Risks
Lack of visibility and governance around employees using generative AI is resulting in rise in data security risks
Hackers Claim to Disconnect Brightspeed Customers After Breach
A hacking collective claims it has disconnected customers of US ISP Brightspeed
MFA Failure Enables Infostealer Breach At 50 Enterprises
Threat actor “Zestix” was able to breach around 50 firms using infostealers because they lacked multi-factor authentication
Hospitality Sector Hit By PHALT#BLYX ClickFix Malware Campaign
Multi-stage malware campaign targets hospitality organizations using social engineering and abuse of MSBuild.exe
High-Severity Flaw in Open WebUI Affects AI Connections
A high-severity security flaw in Open WebUI Direct Connections risks account takeover and server compromises
UK Launches New Cyber Unit to Bolster Defences Against Cyber Threats
UK government’s new Cyber Action plan looks to provide more ‘hands-on’ support for protecting against and responding to security incidents
Jaguar Land Rover's Q3 Sales Crash Amid Cyber-Attack Fallout
JLR’s wholesale sales plunged 43% and retail drops 25% in the third quarter of 2025 following the 2025 cyber-attack
Ilya Lichtenstein Released Early After Bitfinex Hack Conviction
Ilya Lichtenstein, convicted for the 2016 Bitfinex hack, has been released early from prison to home confinement
VVS Stealer Uses Advanced Obfuscation to Target Discord Users
A new Python-based malware called VVS stealer has been identified, targeting Discord users with stealthy techniques to steal data
New Zealand Orders Review of Manage My Health Breach Affecting 100,000+ Patients
A breach affecting Manage My Health could have exposed sensitive data for up to 120,000 New Zealand patients
European Space Agency Confirms Server Breach
The European Space Agency has said that external servers were recently involved in a security “issue”
Experts Trace $35m in Stolen Crypto to LastPass Breach
TRM Labs says it has recorded $35m drained from users’ wallets following 2022 LastPass breach
Infosecurity's Top 10 Cybersecurity Stories of 2025
Explore Infosecurity Magazine’s most-read cybersecurity stories of 2025, from major vendor shake-ups and zero-day exploits to AI-driven threats and supply chain attacks
