Infosecurity News
M&S Chair Details Ransomware Attack, Declines to Confirm if Payment Was Made
M&S chairman Archie Norman provided more insights into the April ransomware attack, but did not confirm whether a payment was made to the attackers
Researchers Reveal 18 Malicious Chrome and Edge Extensions Disguised as Everyday Tools
Researchers from Koi Security have detected 18 malicious Chrome and Edge extensions masquerading as benign productivity and entertainment tools
Over 500 Scattered Spider Phishing Domains Poised to Target Multiple Industries
Check Point discovered around 500 suspected Scattered Spider phishing domains, suggesting the group is preparing to expand its targeting
Malicious Open Source Packages Surge 188% Annually
Sonatype’s latest Open Source Malware Index report has identified more than 16,000 malicious open source packages, representing a 188% annual increase
Red Team Tool Developer Shellter Admits ‘Misuse’ by Adversaries
The company behind AV/EDR evasion tool Shellter has confirmed the product is being used by threat actors
Chinese Video Surveillance Vendor Hikvision to Fight Canadian Ban
China’s Hikvision vows legal battle after Canada bans its operations, citing national security concerns
New Bert Ransomware Group Strikes Globally with Multiple Variants
Trend Micro has observed the Bert ransomware group in operation since April 2025, with confirmed victims in sectors including healthcare, technology and event services
Iran-Aligned Hacking Group Targets Middle Eastern Governments
Iran-aligned BladedFeline group has been observed targeting the government of Iraq and KRG with advanced malware
Researchers Share CitrixBleed 2 Detection Analysis After Initial Hold
Vulnerability research company WatchTowr published a detection analysis for the Citrix Blled 2 flaw
Hackers Target Employee Credentials Amid Spike in ID Attacks
Cybersecurity researchers have observed a 156% increase in credential theft incidents between 2024 and Q1 2025
Qantas Contacted by Potential Cybercriminal Following Data Breach
Qantas said it is currently validating the contact, and has informed law enforcement
Hundreds of Malicious Domains Registered Ahead of Prime Day
Check Point has discovered over 1000 suspicious domains registered in the run-up to Amazon Prime Day
IT Giant Ingram Micro Reveals Ransomware Breach
Distributor Ingram Micro says it has found ransomware on its internal systems
Ransomware: Hunters International Is Not Shutting Down, It's Rebranding
Some admins of Hunters International are now part of the encryption-less cyber extortion group World Leaks
Taiwan Flags Chinese Apps Over Data Security Violations
Taiwan warned that popular Chinese-owned apps, including TikTok and Weibo, are harvesting personal data and sending it back to servers in China
EU Launches Plan to Implement Quantum-Secure Infrastructure
The EU’s Quantum Strategy includes plans to develop secure quantum communication infrastructure across the region
WordPress Plugin Flaw Exposes 600,000 Sites to File Deletion
A severe flaw identified in the Forminator WordPress plugin allows arbitrary file deletion and potential site takeover
Privilege Escalation Flaw Found in Azure Machine Learning Service
A critical Azure Machine Learning flaw allows privilege escalation, risking subscription compromise
CVE Program Launches Two New Forums to Enhance CVE Utilization
The CVE Board has launched a Consumer Working Group and a Researcher Working Group, allowing new stakeholders to shape the future of the CVE Program
Automation and Vulnerability Exploitation Drive Mass Ransomware Breaches
ReliaQuest warns that initial access vulnerability exploitation is driving successful ransomware attacks
