Infosecurity News
Attackers Are Targeting Critical Apex One Vulnerabilities, Trend Micro Warns
Trend Micro has released a temporary fix for the flaws, which enable remote code execution on on-prem Apex One machines
#BHUSA: Malware Complexity Jumps 127% in Six Months
Adversaries are prioritizing stealth over scale, according to OPSWAT’s latest Threat Landscape Report
Ransomware Actors Expand Tactics Beyond Encryption and Exfiltration
Ransomware actors deploy a range of activities to make it harder for victims to recover and increase the consequences of not paying demands
NCSC Updates Cyber Assessment Framework to Build UK CNI Resilience
The UK’s National Cyber Security Centre has released the Cyber Assessment Framework 4.0
Chanel and Pandora Breached as Salesforce Campaign Continues
Chanel and Pandora have revealed data breaches reportedly linked to attacks on their Salesforce instances
Chinese Smishing Campaigns Compromise up to 115 Million US Payment Cards
SecAlliance highlighted the evolution in smishing campaigns orchestrated by Chinese syndicates, which exploit digital wallet tokenization
#BHUSA: Experts Urge Greater AI Supply Chain Transparency as GenAI Adoption Surges
Experts, including Allan Friedman, CISA's leading voice on SBOMs until July 2025, emphasized that AI BOMs should be standardized before being implemented
Critical Vulnerabilities Found in NVIDIA's Triton Inference Server
Critical vulnerabilities in NVIDIA's Triton Inference Server, discovered by researchers, could allow unauthenticated attackers to gain full server control through remote code execution
Cybersecurity Teams Hit by Lowest Budget Growth in Five Years
IANS found that stagnant budget growth rates have significantly impacted CISOs ability to increase their teams’ headcount
Pro-Iran Hackers Aligned Cyber with Kinetic War Aims
SecurityScorecard analysis highlights wide variety of Iranian threat actors and coordination with military activity
AI Fuels Record Number of Fraud Cases
Cifas noted a record number of filings in its National Fraud Database for the first half of 2025
Ghost in the Zip Reveals Expanding Ecosystem Behind PXA Stealer
Python-based PXA Stealer has stolen data from more than 4000 victims in over 62 countries, according to SentinalLabs
#BHUSA: Microsoft and Google Among Most Affected as Zero Day Exploits Jump 46%
Forescout also observed a big rise in CVEs added to CISA’s KEV catalog, some of which impacted end-of-life products
Web-Based AI Usage Surge Shifts Global Internet Traffic Patterns
Web traffic to AI sites surged 50% from Feb 2024 to Jan 2025, driven by browser-based GenAI tools
Uptick in Akira Ransomware Actors Targeting SonicWall VPNs
Arctic Wolf has spotted an increase in Akira ransomware attacks targeting SonicWall SSL VPNs
Pwn2Own Offers $1m for Zero-Click WhatsApp Exploit
The Pwn2Own competition is offering a $1m reward to any teams able to unearth a WhatsApp code execution exploit
#BHUSA: Cloud Intrusions Skyrocket in 2025
CrowdStrike revealed the surge in cloud intrusions was partly driven by a 40% increase in Chinese-state actors exploiting these environments
Secret Blizzard Targets Moscow-Based Embassies in New Espionage Campaign
Microsoft has observed Russian state actor Secret Blizzard using an AiTM position to gain initial access, assisted by official domestic intercept systems
Hackers Regularly Exploit Vulnerabilities Before Public Disclosure, Study Finds
Spikes in attacker activity precede the disclosure of vulnerabilities 80% of the time, according to a new GreyNoise report
Staggering 800% Rise in Infostealer Credential Theft
Flashpoint data reveals an 800% increase in credentials stolen via infostealers in just six months
