Infosecurity News
#Infosec2025: Concern Grows Over Agentic AI Security Risks
Agentic AI systems could threaten security and data privacy, unless organizations test each model and component
Phishing Campaign Uses Fake Booking.com Emails to Deliver Malware
A phishing campaign spoofing Booking.com has been observed targeting hospitality sector, using ClickFix to install malware
#Infosec2025: UK Retail Hack Was "Subtle," Not Complex, Says River Island CISO
The attacks on UK retailers are “a wake-up call” for the industry, said River Island’s Information Security Officer
Widespread Campaign Targets Cybercriminals and Gamers
Sophos has uncovered a scheme planting malicious code in 130+ GitHub repositories, targeting hackers and gamers
#Infosec2025: Device Theft Causes More Data Loss Than Ransomware
Stolen devices are a bigger cause of data loss than stolen credentials or ransomware, according to a new Blancco study
#Infosec2025: Startups Focus on Visibility and Governance, not AI
Startups at Infosecurity Europe focus on attack surface management and improving security data, even as some new vendors avoid AI-led marketing
#Infosec2025: Majority of Compromises Caused by Stolen Credentials, No MFA
Rapid7 found that 56% of all compromises in Q1 2025 resulted from the theft of valid account credentials with no MFA in place
#Infosec2025: Channel Bridges Security Skills Gap
Resellers and channel partners can add value, fill gaps in security teams and offer expertise in niche markets
#Infosec2025: Good Cybersecurity Enabled Ukraine’s Surprise Attack on Russia, Says NCSC
Effective cybersecurity played a key role Ukraine drone attack on Russian strategic bombers, a leading government security expert has claimed
Trump Budget Plan to Cut Nearly 1000 Jobs at Cyber Agency CISA
CISA is facing $495m budget cut, losing 1000 employees and reducing staff to 2324
#Infosec2025: Demand More of Your Vendors to Ease Quantum Transition, Say Experts
CISOs should demand more of their vendors and use regulation as an ally to persuade board members to accelerate the transition to post-quantum safety
Fake Docusign Pages Deliver Multi-Stage NetSupport RAT Malware
Malware campaign used fake DocuSign pages to deploy NetSupport RAT through clipboard manipulation
#Infosec2025: VEC Attacks Alarmingly Effective at Driving Engagement
Abnormal AI found that engagement rates with VEC attacks globally is “worrisomely high”, overtaking BEC in the EMEA region
#Infosec2025: Half of Firms Suffer Two Supply Chain Incidents in Past Year
Risk Ledger found that 90% of UK professionals view supply chain cyber incidents as a top concern for 2025
New Linux Vulnerabilities Expose Password Hashes via Core Dumps
Two local information disclosure flaws in Linux crash-reporting tools have been identified exposing system data to attackers
Sophisticated Malware Campaign Targets Windows and Linux Systems
A new malware campaign targeting Windows and Linux systems has been identified, deploying tools for evasion and credential theft
Cryptojacking Campaign Targets DevOps Servers Including Nomad
Wiz finds new threat group running cryptojacking campaign via exploited and misconfigured DevOps assets
#Infosec2025: Ransomware Drill to Spotlight Water Utility Cyber Risks in ‘Operation 999’
Semperis will host an immersive ransomware simulation focused on water utilities during Infosecurity Europe 2025
Acreed Emerges as Dominant Infostealer Threat Following Lumma Takedown
A report on the dark web marketplace Russian Market showed Acreed has emerged as the leading infostealer
Dutch Police Lead Shut Down of Counter AV Service AVCheck
Dutch, US and Finnish investigators have taken cybercrime service AVCheck offline
