Infosecurity News
#Infosec2025: Half of Firms Suffer Two Supply Chain Incidents in Past Year
Risk Ledger found that 90% of UK professionals view supply chain cyber incidents as a top concern for 2025
New Linux Vulnerabilities Expose Password Hashes via Core Dumps
Two local information disclosure flaws in Linux crash-reporting tools have been identified exposing system data to attackers
Sophisticated Malware Campaign Targets Windows and Linux Systems
A new malware campaign targeting Windows and Linux systems has been identified, deploying tools for evasion and credential theft
Cryptojacking Campaign Targets DevOps Servers Including Nomad
Wiz finds new threat group running cryptojacking campaign via exploited and misconfigured DevOps assets
#Infosec2025: Ransomware Drill to Spotlight Water Utility Cyber Risks in ‘Operation 999’
Semperis will host an immersive ransomware simulation focused on water utilities during Infosecurity Europe 2025
Acreed Emerges as Dominant Infostealer Threat Following Lumma Takedown
A report on the dark web marketplace Russian Market showed Acreed has emerged as the leading infostealer
Dutch Police Lead Shut Down of Counter AV Service AVCheck
Dutch, US and Finnish investigators have taken cybercrime service AVCheck offline
Mandatory Ransomware Payment Disclosure Begins in Australia
Australian firms with an annual turnover of AUS $3m are now required to report any payments to ransomware groups to authorities
US Banks Urge SEC to Repeal Cyber Disclosure Rule
Five major banking associations in the US claim the new SEC cyber incident disclosure rule puts a strain on their resources
FBI Flags Philippines Tech Company Behind Crypto Scam Infrastructure
The FBI provided details of Funnull’s malicious activities, selling infrastructure to criminal groups to facilitate cryptocurrency fraud in the US
UK MoD Launches New Cyber Warfare Command
The UK MoD has unveiled a new Cyber and Electromagnetic Command, which will focus on offensive cyber operations and “electromagnetic warfare” capabilities
CISA Urged to Enrich KEV Catalog with More Contextual Data
Security teams should use vulnerability context alongside KEV lists to prioritize patching, OX argued
ConnectWise Confirms Hack, “Very Small Number” of Customers Affected
The firm’s remote monitoring management tool, ScreenConnect, has reportedly been patched
New Browser Exploit Technique Undermines Phishing Detection
Fullscreen Browser-in-the-Middle attacks are making it harder for users to detect malicious websites
Malware Analysis Reveals Sophisticated RAT With Corrupted Headers
Fortinet has identified a new Windows RAT operating stealthily on compromised systems with advanced evasion techniques
Thousands of ASUS Routers Hijacked in Stealthy Backdoor Campaign
A threat actor has used ASUS routers’ legitimate features to create persistent backdoors that survive firmware updates and reboots
Cybersecurity Teams Generate Average of $36M in Business Growth
A new EY report found that cybersecurity teams are a major vehicle for business growth, and CISOs should push for a seat at the top table
#Infosec2025: Over 90% of Top Email Domains Vulnerable to Spoofing Attacks
EasyDMARC found that just 7.7% of the world’s top 1.8 million email domains have implemented the most stringent DMARC policy
Ivanti Vulnerability Exploit Could Expose UK NHS Data
Two NHS England trusts could see highly sensitive patient records exposed
Fake Bitdefender Site Spreads Trio of Malware Tools
A spoofed Bitdefender site has been used in a malicious campaign distributing VenomRAT and other malware, according to DomainTools
