Infosecurity News
#Infosec2025: Threat Actors Weaponizing Hardware Devices to Exploit Fortified Environments
Sophisticated nation-state and cybercriminal groups are using insiders to infect targets via hardware devices, despite a lack of reporting of this threat
#Infosec2025: Defenders and Attackers are Locked in an AI Arms Race
Malicious actors are making more use of AI in attacks, even as governments look to boost AI investments
#Infosec2025: Seven Steps to Building a Mature Vulnerability Management Program
At Infosecurity Europe 2025, Axonius’ Jon Ridyard proposed seven best practices to build mature vulnerability management processes
#Infosec2025: Securing Endpoints is Still Vital Amid Changing Threats
Endpoint and network security is still essential, even as malicious actors turn to supply chains, identities and AI
#Infosec2025 Cloud-Native Technology Prompts New Security Approaches
Moving to cloud-native architecture and modern platforms is allowing enterprises to automate operations and improve security
#Infosec2025: Cybersecurity Support Networks Too Fragmented for SMBs, Say Experts
Experts argue the case for “communities of support” to boost SMB cyber-resilience
#Infosec2025: Simplicity Should Guide Cybersecurity Purchasing Decisions
Experts argue that CISOs should avoid product duplication and simplify their language to ensure budget is spent wisely
#Infosec2025: Concern Grows Over Agentic AI Security Risks
Agentic AI systems could threaten security and data privacy, unless organizations test each model and component
Phishing Campaign Uses Fake Booking.com Emails to Deliver Malware
A phishing campaign spoofing Booking.com has been observed targeting hospitality sector, using ClickFix to install malware
#Infosec2025: UK Retail Hack Was "Subtle," Not Complex, Says River Island CISO
The attacks on UK retailers are “a wake-up call” for the industry, said River Island’s Information Security Officer
Widespread Campaign Targets Cybercriminals and Gamers
Sophos has uncovered a scheme planting malicious code in 130+ GitHub repositories, targeting hackers and gamers
#Infosec2025: Device Theft Causes More Data Loss Than Ransomware
Stolen devices are a bigger cause of data loss than stolen credentials or ransomware, according to a new Blancco study
#Infosec2025: Startups Focus on Visibility and Governance, not AI
Startups at Infosecurity Europe focus on attack surface management and improving security data, even as some new vendors avoid AI-led marketing
#Infosec2025: Majority of Compromises Caused by Stolen Credentials, No MFA
Rapid7 found that 56% of all compromises in Q1 2025 resulted from the theft of valid account credentials with no MFA in place
#Infosec2025: Channel Bridges Security Skills Gap
Resellers and channel partners can add value, fill gaps in security teams and offer expertise in niche markets
#Infosec2025: Good Cybersecurity Enabled Ukraine’s Surprise Attack on Russia, Says NCSC
Effective cybersecurity played a key role Ukraine drone attack on Russian strategic bombers, a leading government security expert has claimed
Trump Budget Plan to Cut Nearly 1000 Jobs at Cyber Agency CISA
CISA is facing $495m budget cut, losing 1000 employees and reducing staff to 2324
#Infosec2025: Demand More of Your Vendors to Ease Quantum Transition, Say Experts
CISOs should demand more of their vendors and use regulation as an ally to persuade board members to accelerate the transition to post-quantum safety
Fake Docusign Pages Deliver Multi-Stage NetSupport RAT Malware
Malware campaign used fake DocuSign pages to deploy NetSupport RAT through clipboard manipulation
#Infosec2025: VEC Attacks Alarmingly Effective at Driving Engagement
Abnormal AI found that engagement rates with VEC attacks globally is “worrisomely high”, overtaking BEC in the EMEA region
