Infosecurity News
Google Researchers Claim First Vulnerability Found Using AI
The flaw, an exploitable stack buffer underflow in SQLite, was found by Google’s Big Sleep team using a large language model (LLM)
US Says Russia Behind Fake Haitian Voters Video
US government agencies said the video, widely shared on social media, is part of Russia’s broader strategy of undermining the integrity of the Presidential Election
Supply Chain Attack Uses Smart Contracts for C2 Ops
Checkmarx has observed a novel npm supply chain attack using Ethereum smart contracts to manage command-and-control (C2) operations
UK Council Sites Recover Following Russian DDoS Blitz
Several UK council websites are back online after being disrupted by Russian hacktivist DDoS attacks
Sophos Warns Chinese Hackers Are Becoming Stealthier
Sophos provided details of changing tactics by Chinese APT groups over a five-year period, involving a shift towards stealthy, targeted attacks
CISA Warns of Critical Software Vulnerabilities in Industrial Devices
Multiple vulnerabilities in Rockwell Automation and Mitsubishi products could allow ICS cyber-attacks
US and Israel Warn of Iranian Threat Actor’s New Tradecraft
US and Israeli government agencies have warned that the Iranian state-sponsored threat actor Cotton Sandstorm is deploying new tradecraft to expand its operations
New Xiu Gou Phishing Kit Targets US, Other Countries with Mascot
New phishing kit Xiu Gou, featuring a unique “doggo” mascot, targets users in US, UK, Spain, Australia and Japan with 2000+ scam websites
Misconfigured Git Configurations Targeted in Emeraldwhale Attack
Emeraldwhale breach allowed access to over 10,000 repositories and resulted in the theft of more than 15,000 cloud service credentials
Canadian Government Data Stolen By Chinese Hackers
A report by the Canadian Centre for Cyber Security described China as the most sophisticated cyber threat to Canada, also identified India as an emerging threat
North Korean Hackers Collaborate with Play Ransomware
Palo Alto Networks’ Unit 42 has observed the first-ever collaboration between North Korean-backed Jumpy Pisces and Play ransomware
Government Sector Suffers 236% Surge in Malware Attacks
Malware-related attacks against global government organizations increased 236% year-on-year in Q1 2024, according to SonicWall
Over 80% of US Small Businesses Have Been Breached
ITRC data finds 81% of US small businesses have suffered a data or security breach over the past year
LiteSpeed Cache Plugin Vulnerability Poses Admin Access Risk
The LiteSpeed Cache vulnerability allows administrator-level access, risking security for over 6 million WordPress sites
Updated FakeCall Malware Targets Mobile Devices with Vishing
The new FakeCall variant uses advanced vishing tactics, featuring Bluetooth for device monitoring
Apple Rolls Out Major Security Update to Patch macOS and iOS Vulnerabilities
In a major security update, Apple has fixed dozens of bugs and vulnerabilities across its operating systems and services
CISA Launches First International Cybersecurity Plan
CISA’s 2025-2026 International Strategic Plan aims to strengthen external partnerships to reduce risks to critical infrastructure relied on in the US
Over Half of US County Websites “Could Be Spoofed”
Comparitech warns that voters could be misled as most local government sites are failing on basic security
Midnight Blizzard Spearphishing Campaign Targets Thousands with RDP Files
Microsoft has spotted a major spearphishing campaign from the Russian APT29 group using RDP for compromise
New LightSpy Spyware Targets iOS with Enhanced Capabilities
ThreatFabric researchers have discovered significant updates to the LightSpy spyware, featuring plugins designed to interfere with device functionality
