Infosecurity News

  1. Ransomware Deployed in Compromised SharePoint Servers

    Microsoft said Chinese actor Storm-2603 is deploying Warlock ransomware following the exploitation of vulnerabilities in on-prem SharePoint systems

  2. UK and Romania Crack Down on ATM Fraudster Network

    Investigators assessed that the criminal group’s stolen funds amount to €580,000

  3. Active Campaign Exploits Cloud Flaws for Cryptomining

    Wiz believes the active campaign is part of a broader crypto-scam infrastructure, which uses a wide range of exploitation techniques

  4. New York Proposes Cybersecurity Regulations for Water Systems

    A series of new cybersecurity regulations related to the water industry have been set out by New York state agencies

  5. Suspected XSS Forum Admin Arrested in Ukraine

    The individual is accused of numerous illicit cybercrime and ransomware activities that have generated at least $7m in profit

  6. France: New Data Breach Could Affect 340,000 Jobseekers

    The French employment agency’s partner web portal has been accessed by a malicious actor

  7. Clorox Sues IT Service Provider Cognizant for Causing 2023 Cyber-Attack

    Cognizant handed over a password to the cybercriminal without asking any authentication questions

  8. US Government Warns of Wide-Ranging Interlock Attacks

    A joint US government advisory highlighted novel initial access techniques deployed by Interlock, and urged businesses and critical infrastructure to stay vigilant

  9. Global Ransomware Attacks Plummet 43% in Q2 2025

    NCC Group observed a 43% drop in ransomware attacks in Q2 2025, driven by law enforcement actions and internal conflicts in groups

  10. Russian Threat Actors Target NGOs with New OAuth Phishing Tactics

    A new wave of phishing attacks exploiting Microsoft 365 OAuth tools has been observed impersonating diplomats to steal access codes

  11. Widespread Net RFQ Scam Targets High-Value Goods

    A widespread RFQ scam exploited net payment terms to fraudulently obtain high-value devices

  12. SharePoint 'ToolShell' Vulnerabilities Exploited by Chinese Nation-State Hackers

    Microsoft has observed three China-based threat actors, Linen Typhoon, Violet Typhoon and Storm-2603, exploiting the SharePoint vulnerabilities

  13. UK Confirms Ransomware Payment Ban for Public Sector and CNI

    The UK government said a public consultation showed widespread support on a payment ban for public sector and CNI organizations

  14. Ransomware Group Uses AI Chatbot to Intensify Pressure on Victims

    Despite being a rebrand of several ransomware families, GLOBAL GROUP innovated with the use of an AI chatbot in the negotiation process

  15. Australian Regulator Alleges Financial Firm Exposed Clients to Unacceptable Cyber Risks

    ASIC said the financial services firm’s failings led to a data breach impacting nearly 10,000 clients

  16. AI Adoption is Driving SOC Role Reallocation Without Cutting Headcount

    Abnormal AI found that 96% of security leaders have no plans to reduce the headcount in SOC teams as a result of AI adoption, instead focusing on reallocating roles

  17. Iranian Hackers Deploy New Android Spyware Version

    New samples of DCHSpy, a spyware implant linked to Iranian APT group MuddyWater, were detected by Lookout one week after the start of the Israel-Iran conflict

  18. Fake Receipt Generators Fuel Rise in Online Fraud

    An investigation has revealed novel scams using tools like MaisonReceipts, creating realistic fake receipts to resell stolen or counterfeit good

  19. Accounting Firm Targeted by Malware Campaign Using New Crypter

    An attack on a US accounting firm delivered PureRAT via Ghost Crypt, involving social engineering and advanced obfuscation techniques

  20. New CrushFTP Critical Vulnerability Exploited in the Wild

    CVE-2025-54309 could allow remote attackers to obtain admin access via HTTPS

Why Not Watch?

  1. Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification

  2. Mastering AI Security With ISACA’s New AAISM Certification

  3. Exposing AI’s Blind Spots: Security vs Safety in the Age of Gen AI

  4. Five Non-Negotiable Strategies to Get Identity Security Right in 2026

What’s Hot on Infosecurity Magazine?