Infosecurity News
Attackers Increase Use of HTTP Clients for Account Takeovers
HTTP client tools used to compromise Microsoft 365 environments with 78% of tenants targeted in 2024
Syncjacking Attack Enables Full Browser and Device Takeover
SquareX researchers warn that browser syncjacking could lead to full browser and device hijacking
DeepSeek Exposed Database Leaks Sensitive Data
Researchers at Wiz uncovered a publicly accessible database belonging to Chinese GenAI provider DeepSeek that leaked sensitive data, including chat history
Ransomware Attack Disrupts Blood Donation Services in US
New York Blood Center Enterprises revealed that it has been hit by a ransomware attack, disrupting activities and blood drives at its centers across the country
UK Organizations Boost Cybersecurity Budgets
UK organizations are significantly increasing cybersecurity budgets, with a projected 31% growth in the next year
NCSC Calls on Vendors to Eradicate “Unforgivable” Vulnerabilities
The UK’s National Cyber Security Centre has released a new paper making it easier to assess if a flaw is “unforgivable”
AI Surge Drives Record 1205% Increase in API Vulnerabilities
AI-related API vulnerabilities surged 1,205% in 2024, with 99% tied to API flaws, according to a new report by Wallarm
Nation-State Hackers Abuse Gemini AI Tool
Google highlighted significant abuse of its Gemini LLM tool by nation state actors to support malicious activities, including research and malware development
New Hellcat Ransomware Gang Employs Humiliation Tactics
Cato Networks highlighted how the recently emerged HellCat ransomware group is using novel psychological tactics to court attention and pressurize victims
Threat Actors Exploit Government Websites for Phishing
Cybercriminals exploit government websites using open redirects and phishing tactics, bypassing secure email gateway protections
Chinese GenAI Startup DeepSeek Sparks Global Privacy Debate
Government agencies and privacy watchdogs have started investigating the Chinese AI chatbot provider over data privacy concerns
Breakout Time Accelerates 22% as Cyber-Attacks Speed Up
ReliaQuest warns threat actor innovation and infostealer activity helped to accelerate breakout time by 22% in 2024
Scores of Critical UK Government IT Systems Have Major Security Holes
The National Audit Office warns of major gaps in cyber resilience across UK government departments
ENGlobal Cyber-Attack Exposes Sensitive Data
Energy contractor ENGlobal reported that sensitive personal data was stolen by threat actors, with the incident disrupting operations for six weeks
Lynx Ransomware Group Unveiled with Sophisticated Affiliate Program
Group-IB researchers have exposed the highly organized affiliate platform and sophisticated operations of the Lynx Ransomware-as-a-Service group
API Supply Chain Attacks Put Millions of Airline Users at Risk
An API supply-chain attack affecting a popular online travel booking service put millions of airline users at risk
58% of Ransomware Victims Forced to Shut Down Operations
A Ponemon Institute survey highlighted the growing impact of ransomware attacks on victims’ revenue and reputation
Mega Data Breaches Push US Victim Count to 1.7 Billion
The number of data breach victims increased 312% annually to exceed 1.7 billion in 2024, according to the ITRC 2024 Annual Data Breach Report
EU Sanctions Three Russians For 2020 Cyber-Attack on Estonia
The three Russian hackers are believed to be part of Unit 29155 of the GRU, also known as Cadet Blizzard, Ember Bear and Ruinous Ursa
British Vishing-as-a-Service Trio Sentenced
Three men have been sentenced after pleading guilty to running an account hijacking service for fraudsters
