Infosecurity News
US Sanctions Target Cambodian Scam Network Leaders
US sanctions target Cambodian scam networks tied to crypto fraud and trafficking
Utilities Tech Supplier Itron Discloses Cyber-Attack, Operations Unaffected
Itron confirmed a cyber incident but does not believe it is likely to have a material impact on the company
Widely Used Browser Extensions Selling User Data
Dozens of browser extensions openly sell user data via privacy policy disclosures
Most Cybersecurity Professionals Feel Undervalued and Underpaid
A new report by global technology recruitment firm, Harvey Nash, found that three quarters of cybersecurity staff are pessimistic on pay and half are looking for a new job
Researchers Identify Fast16 Sabotage Malware That Pre-Dates Stuxnet
The “fast16” malware may have been used to target Iran’s nuclear program prior to Stuxnet
BlackFile Group Targets Retail and Hospitality with Vishing Attacks
Researchers uncover a new data theft and extortion group dubbed “BlackFile”
UK Biobank Data Breach: Health Data of 500,000 Listed for Sale in China
UK government Minister confirms that breached health records of UK Biobank volunteers were up for sale on Chinese ecommerce platforms before being removed
AI Rush is Reviving Old Cybersecurity Mistakes, Mandiant VP Warns
AI tools are not just creating new vulnerabilities, they are reviving old security failures, warned Jurgen Kutscher, VP of Mandiant Consulting
Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation
Malicious npm packages spread via worm-like propagation and steal developer credentials
Google Favors General-Purpose Gemini Models Over Cybersecurity‑Specific AI
Google Cloud’s COO advocated for combining general-purpose frontier large language models with task-specific AI agents
Apple Fixes iOS Notification Bug Exposing Deleted Messages
Apple patches iOS flaw that retained deleted notifications, exposing message data
Google Introduces Unique AI Agent Identities in New Gemini Enterprise Platform
Google Cloud will attribute a unique cryptographic ID every AI agent that will be tied to “traceable and auditable” authorization policies
Cyber-Attacks Surge 63% Annually in Education Sector
Quorum Cyber report finds higher and further education institutions experienced 63% increase in attacks over a year
Researchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI Agents
Forcepoint has found 10 new indirect prompt injection attacks targeting AI agents
NCSC Backs Passkeys, Hailing a New Era of Sign-in
The UK’s NCSC has fully backed passkeys as consumers’ first choice for login, citing progress with FIDO and successful use across the NHS
MacOS Native Tools Enable Stealthy Enterprise Attacks
macOS LOTL techniques bypass detection using native tools and metadata abuse
NCSC Unveils SilentGlass, a Plug-In Device to Protect Monitors from Cyber-Attacks
The UK’s cybersecurity agency said the devices will be available for purchase by organizations around the world
UK Commits £90m for Cybersecurity and Pushes for ‘Resilience Pledge’
UK unveils £90m cybersecurity funding at CYBERUK to boost SME resilience, promote Cyber Essentials and a new Cyber Resilience Pledge, sparking industry debate
Surge in Silent Subject Phishing Attacks Targets VIP Users
Null subject phishing campaigns bypass filters and target VIPs with QR code and RMM abuse
Former Ransomware Negotiator Pleads Guilty to Working For BlackCat Cyber Gang
A former ransomware negotiator has pleaded guilty to abusing his position by working with noted cybercrime group BlackCat
