Infosecurity News

  1. “IndonesianFoods” npm Worm Publishes 44,000 Malicious Packages

    A new npm worm dubbed “IndonesianFoods” has doubled the number of known malicious packages

  2. CISO Pay Increases 7% As Budget Growth Slows

    An IANS study finds CISO compensation rose 6.7% on average in 2025 while budget growth halved compared to 2024

  3. Operation Endgame 3.0 Dismantles Three Major Malware Networks

    A global law enforcement operation has taken down the Rhadamanthys infostealer, VenomRAT trojan and the Elysium botnet

  4. Improve Collaboration to Hit Back At Rising Fraud, Says techUK

    Industry body techUK calls for real-time intelligence sharing across sectors to combat fraud

  5. Synnovis Finally Issues Breach Notification After 2024 Ransomware Attack

    NHS provider Synnovis is notifying clients about the extent of a data breach 17 months after it suffered a ransomware attack

  6. GlobalLogic Becomes Latest Cl0p Victim After Oracle EBS Attack

    GlobalLogic has notified 10,000 employees their data was stolen in the Oracle EBS campaign

  7. Cyber-Insurance Payouts Soar 230% in UK

    UK cyber-insurers paid 230% more to policyholders in 2024 than the year before

  8. Microsoft Fixes Windows Kernel Zero Day in November Patch Tuesday

    Microsoft has patched a zero-day vulnerability in the Windows Kernel under active exploitation by threat actors

  9. UK Government Finally Introduces Cyber Security and Resilience Bill

    The UK government is overhauling cybersecurity laws for the first time since 2018 with the Cyber Security and Resilience Bill

  10. Android Devices Targeted By KONNI APT in Find Hub Exploitation

    A new cyber-attack has been observed exploiting Google Find Hub to remotely wipe Android devices, linked to North Korean APTs

  11. Qilin Ransomware Activity Surges as Attacks Target Small Businesses

    Qilin group ransomware incidents have surged in SMBs, exploiting security gaps and collaborating with Scattered Spider threat group

  12. Hackers Exploit Critical Flaw in Gladinet's Triofox File Sharing Product

    Threat actors were exploiting vulnerable versions of Triofox after a patched version was released, said Google Cloud researchers

  13. CISA Adds Zero-Day Bug Used in Spyware Attacks to KEV

    CISA has demanded federal agencies patch a zero-day vulnerability affecting Samsung devices used in LandFall spyware attacks

  14. Quantum Route Redirect Phishing Kit Democratizes Cyber-Attacks

    KnowBe4 claims the new Quantum Route Redirect kit is supercharging phishing attacks on Microsoft365 users

  15. 65% of Leading AI Companies Found With Verified Secrets Leaks

    A new study has revealed 65% of top AI firms have leaked sensitive data on GitHub, risking $400bn in assets

  16. China-Aligned UTA0388 Uses AI Tools in Global Phishing Campaigns

    Volexity has linked spear phishing operations to China-aligned UTA0388 in new campaigns using advanced tactics and LLMs

  17. New NCA Campaign Warns Men Off Crypto Investment Scams

    The UK’s National Crime Agency is warning men under 45 that crypto dreams can soon become a scam nightmare

  18. NCSC Set to Retire Web Check and Mail Check Tools

    The UK’s National Cyber Security Centre has urged users of its Web Check and Mail Check services to find alternatives

  19. Russian Hacking Group Sandworm Deploys New Wiper Malware in Ukraine

    Sandworm deployed data wipers against Ukrainian governmental entities and companies in the energy, logistics and grain sectors

  20. “I Paid Twice” Phishing Campaign Targets Booking.com

    Experts have uncovered large-scale phishing exploiting Booking.com, Airbnb and Expedia accounts, targeting hotels and customers

Why Not Watch?

  1. Exposing AI’s Blind Spots: Security vs Safety in the Age of Gen AI

  2. Mastering AI Security With ISACA’s New AAISM Certification

  3. OT Security Ecosystem for Targeted Risk Reduction and Reporting

  4. Audit & Compliance in the Era of AI and Emerging Technology

What’s Hot on Infosecurity Magazine?