Infosecurity News
Ransomware Attacks Escalate to Physical Threats Against Executives
Semperis found that executives were physically threatened in 40% of ransomware incidents, in a bid to pressure victims to pay demands
Cybercriminals ‘Spooked’ After Scattered Spider Arrests
The arrest of members of the Scattered Spider cyber-attack group have temporarily halted new intrusions, however, similar threat actors continue to pose risks
FunkSec Ransomware Victims Can Now Recover Files with Free Decryptor
Avast researchers shared a step-by-step guide to decrypt files for victims of FunkSec ransomware
Passwordless Future Years Away Despite Microsoft Authenticator Move
Experts argue that password managers are still useful despite Microsoft Authenticator ditching its capabilities
Over 200 Malicious Open Source Packages Traced to Lazarus Campaign
North Korea’s Lazarus Group has been blamed for a cyber-espionage campaign using open source packages
Hafnium Tied to Advanced Chinese Surveillance Tools
A SentinelLabs report has revealed patents linked to firms aiding China's cyber-espionage operations, exposing new capabilities
Hidden Backdoor Found in ATM Network via Raspberry Pi
A covert ATM attack used a Raspberry Pi to breach bank systems, employing stealthy malware and anti-forensics techniques
Google to Publicly Report New Vulnerabilities Within One Week of Vendor Disclosure
Google’s Project Zero team will provide limited details of new vulnerabilities early following discovery, in a bid to speed up end users’ patching
Third of Exploited Vulnerabilities Weaponized Within a Day of Disclosure
32.1% of vulnerabilities listed in VulnCheck’s Known Exploited Vulnerabilities catalog were weaponized before being detected or within the following day
Data Breach Costs Fall for First Time in Five Years
IBM found that the global average cost of a data breach has fallen by 9% compared to 2024, driven by improved detection and containment
US Tops Hit List as 396 SharePoint Systems Compromised Globally
A total of 396 compromised Microsoft SharePoint systems have been identified globally, affecting 145 organizations across 41 countries in the wake of the ToolShell zero-day vulnerability
OWASP Launches Agentic AI Security Guidance
The comprehensive guidance focuses on technical recommendations for securing agentic AI applications, from development to deployment
French Telco Orange Hit by Cyber-Attack
Some of Orange’s professional and consumer services may be disrupted for a few days because of the cyber incident
Critical Authentication Flaw Identified in Base44 Vibe Coding Platform
Flaw in Base44 allowed unauthorized access to private apps, bypassing authentication systems
Auto-Color Backdoor Malware Exploits SAP Vulnerability
Backdoor malware Auto-Color targets Linux systems, exploiting SAP NetWeaver flaw CVE-2025-31324
CISA Warns of Exploited Critical Vulnerabilities in Cisco Identity Services Engine
Hackers are actively exploiting two critical flaws in Cisco Identity Services Engine, said the US Cybersecurity and Infrastructure Security Agency
FBI Seizes $2.4m in Crypto from Chaos Ransomware Gang
The federal government has applied for forfeiture of the funds, which were seized by FBI Dallas in April 2025
Charity Fined After Destroying “Irreplaceable” Records
A Scottish charity has been fined £18,000 for systematic data protection failings
Pro-Ukraine Hacktivists Ground Dozens of Aeroflot Flights
Two pro-Ukraine hacktivists have claimed responsibility for a destructive attack on Aeroflot
Critical Flaws in WordPress Plugin Leave 10,000 Sites Vulnerable
10,000 WordPress sites vulnerable to takeover due to critical flaws in HT Contact Form Widget plugin
