Infosecurity News

  1. Mobile App Users at Risk as API Keys of Email Marketing Services Exposed

    Leaked API keys allow threat actors to perform a variety of unauthorized actions

  2. NIST to Scrap SHA-1 Algorithm by 2030

    The agency said it will stop using SHA-1 in its last remaining specified protocols by December 31 2030

  3. API Vulnerabilities Discovered in LEGO Marketplace

    The vulnerabilities, which are now fixed, could have put sensitive customer data at risk

  4. Agenda Ransomware Switches to Rust to Attack Critical Infrastructure

    Victim companies have a combined revenue of around $550m

  5. Meta's Bug Bounty Program Shows $2m Awarded in 2022

    The total amount since the program's establishment in 2011 is reportedly $16m

  6. Social Blade Confirms Data Breach Exposing PII on the Dark Web

    The company confirmed the data does not include any credit card information

  7. Two-Thirds of Security Pros Have Burnt Out in Past Year

    Excessive workload is the most common contributing factor

  8. Former Twitter Employee Gets 42 Months for Saudi Scheme

    Insider was bribed by the Middle East kingdom

  9. OECD Signs "Landmark" Privacy Agreement

    Club of rich countries wants to improve cross-border data flows

  10. Senate Approves Bill Banning TikTok From US Government Devices

    The bill still needs to receive approval from the US House of Representatives

  11. NSA, CISA Warn Against Threats to 5G Network Slicing

    Improper network slice management may enable attackers to access data from different network slices

  12. Loan Scam Campaign 'MoneyMonger' Exploits Flutter to Hide Malware

    Zimperium said the code was part of an existing campaign previously discovered by K7 Security Labs

  13. Feds Hit DDoS-for-Hire Services with 48 Domain Seizures

    Six also charged in connection with booter services

  14. Over 85% of Attacks Hide in Encrypted Channels

    Zscaler reveals 20% increase in malicious use of encryption

  15. Platforms Flooded with 144,000 Phishing Packages

    NuGet, PyPi and npm inundated with malicious packages

  16. Signed Microsoft Drivers Used in Attacks Against Businesses

    In some cases, the threat actor's intent was to ultimately provide SIM-swapping services

  17. AgentTesla Remains Most Prolific Malware in November, Emotet and Qbot Grow

    These are some of the key findings from the latest Check Point Research Most Wanted report

  18. Apple Fixes Actively Exploited iPhone Zero-Day Vulnerability

    The vulnerability could allow remote code execution (RCE) on a victim's device

  19. New Google Tool Helps Devs Root Out Open Source Bugs

    Free OSV-Scanner searches transitive dependencies

  20. Loan Fee Fraud Surges by a Fifth as Christmas Approaches

    FCA warns of pressure tactics as cost of living bites

Why Not Watch?

  1. How Trusted Time Strengthens Network Security

  2. Securing M365 Data and Identity Systems Against Modern Adversaries

  3. Five Non-Negotiable Strategies to Get Identity Security Right in 2026

  4. How to Recover From a Cyber-Attack: A Step-by-Step Playbook

What’s Hot on Infosecurity Magazine?