Infosecurity News

  1. A Quarter of UK and US Firms Suffer Data Poisoning Attacks

    New IO research reveals a surge in AI attacks attempting to corrupt underlying training data

  2. Shai-Hulud Worm Prowls npm to Steal Hundreds of Secrets

    A secret-stealing worm is spreading fast across the npm ecosystem, experts have warned

  3. Fifteen Ransomware Gangs “Retire,” Future Unclear

    Fifteen ransomware groups have claimed shutdown on BreachForums; experts warn of rebrands and copycats

  4. Gucci and Alexander McQueen Hit by Customer Data Breach

    The attack, which is linked to ShinyHunters, has reportedly compromised data relating to 7.4 million unique email addresses

  5. Chinese AI Villager Pen Testing Tool Hits 11,000 PyPI Downloads

    AI-native Villager, which automates Kali and DeepSeek penetration tests, has reached 11,000 PyPI downloads fueling dual-use threat

  6. UK: Tax Refund-Themed Phishing Slows in 2025

    Reports of email phishing attempts impersonating the UK’s HM Revenue & Customs plummeted in the first half of 2025

  7. JLR Extends Production Halt After Cyber-Attack

    Jaguar Land Rover (JLR) has confirmed that its pause in production will last until at least Wednesday, September 24

  8. API Threats Surge to 40,000 Incidents in 1H 2025

    Thales claims there were over 40,000 API incidents in the first half of 2025

  9. FinWise Bank Warns of Insider Data Breach

    An insider data breach at FinWise may have impacted 689,000 customers

  10. HybridPetya Mimics NotPetya, Adds UEFI Compromise

    HybridPetya ransomware mimics Petya/NotPetya, with an added UEFI bootkit and Secure Boot bypass

  11. SEO Poisoning Targets Chinese Users with Fake Software Sites

    SEO poisoning attack has been observed targeting Chinese Windows users via lookalike domains, installing Hiddengh0st and Winos

  12. AI-Forged Military IDs Used in North Korean Phishing Attack

    Genians observed the Kimsuky group impersonate a defense institution in a spear-phishing attack, leveraging ChatGPT to create fake military ID cards

  13. CISA at Risk After OIG Accuses it of Wasting Federal Funds

    US Department of Homeland Security OIG claims CISA mismanaged a key cyber retention incentive program

  14. Phishing Campaigns Drop RMM Tools for Remote Access

    Threat actors are using multiple lures to trick users into installing RMM tools

  15. Attackers Adopt Novel LOTL Techniques to Evade Detection

    HP Wolf has reported the use of multiple, uncommon binaries and novel uses of legitimate image files in recent malicious campaigns

  16. France Warns Apple Users of New Spyware Campaign

    Apple has sent at least four notifications in 2025, according to the French national cybersecurity agency

  17. ICO Warns of Student-Led Data Breaches in UK Schools

    ICO warned that growing hacks by children into school computer systems is setting them up for “a life of cybercrime”

  18. CISA Launches Roadmap for the CVE Program

    The US cybersecurity agency called for the CVE program to remain publicly maintained and vendor-neutral while emphasizing the need for broader engagement

  19. Fileless Malware Deploys Advanced RAT via Legitimate Tools

    A sophisticated fileless malware campaign has been observed using legitimate tools to deliver AsyncRAT executed in memory

  20. Wyden Urges FTC Investigation Over Ascension Ransomware Hack

    Senator Ron Wyden of Oregon has urged the FTC to investigate Microsoft for cybersecurity lapses linked to ransomware attacks on US critical infrastructure

Why not watch?

  1. OT Security Ecosystem for Targeted Risk Reduction and Reporting

  2. The Invisible Frontline: Proactive Approaches to Browser Defense

  3. Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification

  4. Strategic AI in Cyber Defense: How to Stay Ahead Without Increasing Risk

What’s hot on Infosecurity Magazine?