Infosecurity News

  1. Shai-Hulud-Like Worm Targets Developers via npm and AI Tools

    Supply chain worm mimicking Shai-Hulud malware spread via malicious npm packages, targeting AI tools has been identified by security researchers

  2. Fraud Investigation Reveals Sophisticated Python Malware

    Sophisticated Python malware uncovered in fraud probe shows obfuscation, disposable infrastructure

  3. Russian Cyber Threat Actor Uses GenAI to Compromise Fortinet Firewalls

    A low-skilled Russian-speaking attacker has used GenAI tools to help deploy a successful attack workflow targeting FortiGate instances

  4. Leading Semiconductor Supplier Advantest Hit by Ransomware Attack

    Advantest, a Japanese specialist in testing computer chips for major semiconductor manufacturers, has deployed incident response protocols following a cybersecurity incident

  5. Jackpotting Surge Costs Banks Over $20m, Warns FBI

    A new FBI Flash alert claims $20m was lost to ATM jackpotting attacks in 2025 alone

  6. University of Mississippi Medical Center Still Offline After Ransomware Attack

    University of Mississippi Medical Center is still scrambling to respond to a ransomware attack last Thursday

  7. Dramatic Escalation in Frequency and Power of DDoS Attacks

    DDoS attack frequency has risen to ‘alarming levels,’ warns Radware report

  8. Android Malware Hijacks Google Gemini to Stay Hidden

    A new Android malware implant using Google Gemini to perform persistence tasks was discovered on VirusTotal and analyzed by ESET

  9. Remcos RAT Expands Real-Time Surveillance Capabilities

    New Remcos RAT variant enhances real-time surveillance and evasion techniques to compromise Windows

  10. Industrial-Scale Fake Coretax Apps Drive $2m Fraud in Indonesia

    Fraud campaign exploiting Indonesia’s Coretax resulted in $1.5m to $2m in losses via malicious apps

  11. Industrial Control System Vulnerabilities Hit Record Highs

    Forescout paper reveals ICS advisories hit a record 508 in 2025

  12. Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA

    A new cybercriminal toolkit uses proxies to mimic popular online services and represents a “significant escalation in phishing infrastructure,” warn researchers at Abnormal

  13. Flaws in Popular Software Development App Extensions Allow Data Exfiltration

    Four serious new vulnerabilities affect Microsoft Visual Studio Code, Cursor and Windsurf extensions, three of which remain unpatched

  14. Researchers Reveal Six New OpenClaw Vulnerabilities

    Endor Labs has published details of six new vulnerabilities in popular AI assistant OpenClaw

  15. Cryptojacking Campaign Exploits Driver to Boost Monero Mining

    Cryptojacking campaign used pirated software to deploy a persistent XMRig miner with stealth tactics

  16. AI Assistants Used as Covert Command-and-Control Relays

    AIs like Grok and Microsoft Copilot can be exploited as covert C2 channels for malware communication

  17. Record Number of Ransomware Victims and Groups in 2025

    Searchlight Cyber reports a 30% annual increase in ransomware victim numbers in 2025

  18. Chinese APT Group Exploits Dell Zero-Day for Two Years

    Mandiant reveals campaign featuring exploit of a CVSS 10.0 CVE in Dell RecoverPoint for Virtual Machines

  19. Android 17 Beta Introduces Secure-By-Default Architecture

    Android 17 Beta introduces privacy, security updates and a new Canary channel for improved development

  20. Apple Expands RCS Encryption and Memory Protections in iOS 26.4

    iOS 26.4 Beta adds end-to-end encryption for RCS messaging and enhanced Memory Integrity Enforcement

Why Not Watch?

  1. Modernizing GRC: From Checkbox to Strategic Advantage

  2. Time Is a New Attack Surface: Securing Networks with Trusted Time Synchronization

  3. The Intelligence Edge: Clarity, Context and the Human Advantage in Modern CTI

  4. How To Enhance Security Operations with AI-Powered Defenses

What’s Hot on Infosecurity Magazine?