Infosecurity News
Attacker Breakout Time Falls to 18 Minutes
ReliaQuest report claims time from initial access to lateral movement has shrunk to just 18 minutes
Car Giant Stellantis Confims Third-Party Breach
Stellantis confirmed that customers’ personal information was potentially exposed
Jaguar Land Rover Extends Production Pause Again
UK carmaker Jaguar Land Rover has said production will remain shuttered until October 1
Organizations Must Update Defenses to Scattered Spider Tactics, Experts Urge
Experts at a Gartner event highlighted areas of focus in identity, processes and third-party risk management to tackle the novel tactics employed by Scattered Spider
Major Cyber Threat Detection Vendors Pull Out of MITRE Evaluations Test
MITRE said it understands why Microsoft, SentinelOne and Palo Alto pulled out of its 2025 of ATT&CK Evaluations test – and promises to do better next year
FBI Says Threat Actors Are Spoofing its IC3 Site
The FBI has warned that adversaries have published fake versions of its cybercrime reporting portal IC3
Airport Chaos Enters Third Day After Supply Chain Attack
Heathrow, Brussels, Dublin and Berlin airports are among those disrupted by a cyber-attack on Collins Aerospace
Russian State Hackers Collaborate in Attacks Against Ukraine
ESET found that the FSB-affiliated groups, Gamaredon and Turla, are sharing tools to help conduct espionage attacks against Ukrainian organizations
Zero-Click Vulnerability in ChatGPT's Agent Enables Silent Gmail Data Theft
Researchers at Radware found a zero-click flaw in ChatGPT Deep Research agent when connected to Gmail and browsing
Attackers Abuse AI Tools to Generate Fake CAPTCHAs in Phishing Attacks
Trend Micro said the use of AI platforms to create and host fake CAPTCHA pages helps attackers develop more sophisticated phishing campaigns at scale and speed
Pair of Suspected Scattered Spider Hackers Charged by UK, US Authorities
One of the teenage suspects is accused of involvement in at least 120 attacks, resulting in $115m in ransom payments
New York Blood Center Alerts 194,000 People to Data Breach
A breach at the New York Blood Center resulted in theft of data for 194,000 people, including SSNs, IDs, bank and health information
1 in 3 Android Apps Leak Sensitive Data
One third of Android and over half iOS apps shown to be leaking insecure APIs and hardcoded secrets
SonicWall Discloses Compromise of Cloud Backup Service
SonicWall said that threat actors accessed firewall preference files stored in the cloud for around 5% of its firewall install base
VC Firm Insight Partners Notifies Victims After Ransomware Breach
Insight Partners has released more details of a 2024 ransomware breach impacting thousands of individuals
NCA Singles Out “The Com” as it Chairs Five Eyes Group
The UK’s National Crime Agency is the new chair of the Five Eyes Law Enforcement Group
FileFix Campaign Using Steganography and Multistage Payloads
FileFix campaign hides PowerShell script and encrypted EXEs in JPGs via multilingual phishing
Critical CVEs in Chaos-Mesh Enable In-Cluster Code Execution
A trio of critical vulnerabilities in the Chaos-Mesh platform allow in-cluster attackers to run arbitrary code, even in default configuration
TaskUs Employees Behind Coinbase Breach, US Court Filing Alleges
An employee of outsourcing firm TaskUs allegedly sold data stolen during the Coinbase data breach to hackers for $200 per record before her arrest in January 2025
Microsoft Disrupts RaccoonO365 Phishing Kit, Seizes 338 Malicious Sites
Microsoft revealed it has seized 338 websites associated with RaccoonO365, a phishing kit which has stolen at least 5000 Microsoft credentials worldwide
