Infosecurity News

  1. Cencora Confirms Patient Data Stolen in Cyber-Attack

    Pharma company Cencora confirmed in an updated SEC filing that sensitive personal and health data was exfiltrated by attackers in a February 2024 incident

  2. E-Commerce Fraud Campaign Uses 600+ Fake Sites

    The “Eriakos” info-stealing campaign is using hundreds of fake web shops to defraud victims

  3. BEC Attacks Surge 20% Annually Thanks to AI Tooling

    A Vipre study reveals a 20% increase in business email compromise attacks

  4. Urgent Blood Appeal Issued in US After Ransomware Attack

    US non-profit OneBlood has issued an urgent appeal for donations after a ransomware attack has significantly reduced its capacity to distribute blood to hospitals

  5. New SMS Stealer Malware Targets Over 600 Global Brands

    Discovered by Zimperium’s zLabs team, the SMS Stealer malware was found in over 105,000 samples

  6. Meta to Pay Texas $1.4bn for Unlawful Biometric Data Capture

    Meta has agreed a $1.4bn settlement with the State of Texas for failing to inform Facebook users about its biometric data capturing practices

  7. New PyPI Package Zlibxjson Steals Discord, Browser Data

    According to Fortinet, PyPI package Zlibxjson steals Discord tokens and browser data, including passwords and extensive user information

  8. DDoS Attack Triggers New Microsoft Global Outage

    A global outage of Microsoft services was triggered by a DDoS attack, with an error Microsoft’s DDoS protection measures amplifying the impact

  9. Cost of a Data Breach Surges 10% on Shadow Data Challenge

    IBM reveals a 10% increase in the global cost of a data breach to $4.9m

  10. Researchers Uncover Largest Ever Ransomware Payment of $75m

    Zscaler warns of copycat attacks after revealing one ransomware victim paid $75m

  11. Sophisticated Phishing Campaign Targets Microsoft OneDrive Users

    The OneDrive campaign uses social engineering to trick users into executing a PowerShell script

  12. Stolen GenAI Accounts Flood Dark Web With 400 Daily Listings

    According to eSentire, around 400 GenAI account logins are sold daily on the dark web, including credentials for GPT, Quillbot, Notion and Replit

  13. ICO Slams Electoral Commission for Basic Security Failings

    The ICO found that the Electoral Commission did not have appropriate security measures in place, allowing hackers to access the personal details of 40 million UK voters

  14. Just One in 10 Attacks Flagged By Security Tools

    Picus Security claims just 12% of simulated attacks trigger an alert

  15. Millions of Spoofed Emails Bypass Proofpoint Security in Phishing Campaign

    Guardio Labs found that attackers exploited a configuration setting in Proofpoint’s email protection service, allowing outbound messages to bypass email protections

  16. HealthEquity Breach Hits 4.3 Million Customers

    Health savings specialist HealthEquity reveals over four million customers were impacted in a recent breach

  17. Mandrake Spyware Infects 32,000 Devices Via Google Play Apps

    Updated Mandrake samples, identified by Kaspersky, displayed enhanced obfuscation and evasion tactics

  18. Walmart Discovers New PowerShell Backdoor Linked to Zloader Malware

    Walmart detailed findings about an unknown PowerShell backdoor, which was potentially utilized alongside a new Zloader variant

  19. Hotjar, Business Insider Vulnerabilities Expose OAuth Data Risks

    Salt Labs also said XSS combined with OAuth can lead to severe breaches

  20. Less Than Half of European Firms Have AI Controls in Place

    Sapio Research claims that fewer than 50% of European companies place usage and other restrictions on AI

Why Not Watch?

  1. Audit & Compliance in the Era of AI and Emerging Technology

  2. Five Non-Negotiable Strategies to Get Identity Security Right in 2026

  3. Modernizing GRC: From Checkbox to Strategic Advantage

  4. Exposing AI’s Blind Spots: Security vs Safety in the Age of Gen AI

What’s Hot on Infosecurity Magazine?