Infosecurity News
AI Assistants Used as Covert Command-and-Control Relays
AIs like Grok and Microsoft Copilot can be exploited as covert C2 channels for malware communication
Record Number of Ransomware Victims and Groups in 2025
Searchlight Cyber reports a 30% annual increase in ransomware victim numbers in 2025
Chinese APT Group Exploits Dell Zero-Day for Two Years
Mandiant reveals campaign featuring exploit of a CVSS 10.0 CVE in Dell RecoverPoint for Virtual Machines
Android 17 Beta Introduces Secure-By-Default Architecture
Android 17 Beta introduces privacy, security updates and a new Canary channel for improved development
Apple Expands RCS Encryption and Memory Protections in iOS 26.4
iOS 26.4 Beta adds end-to-end encryption for RCS messaging and enhanced Memory Integrity Enforcement
Low-Skilled Cybercriminals Use AI to Perform "Vibe Extortion" Attacks
Unit 42 researchers observed a low-skilled threat actor using an LLM to script a professional extortion strategy, complete with deadlines and pressure tactics
Over-Privileged AI Drives 4.5 Times Higher Incident Rates
Teleport study reveals that organizations running over-privileged AI have a 76% incident rate
Significant Rise in Ransomware Attacks Targeting Industrial Operations
Dragos annual report warns of a surge in ransomware attacks causing increased operational disruption in industrial environments
Infostealer Targets OpenClaw to Loot Victim’s Digital Life
Hudson Rock has warned OpenClaw users that infostealers are targeting their configuration files
Vulnerabilities in Password Managers Allow Hackers to View and Change Passwords
Security researchers have challenged end-to-end encryption claims from popular commercial password managers
SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks, NCSC Boss Warns
NCSC’s Richard Horne has warned that cybercriminals do not care about business size and called for SMEs to act now to secure their organizations
OysterLoader Evolves With New C2 Infrastructure and Obfuscation
OysterLoader malware evolves into 2026, refining C2 infrastructure, obfuscation & infection stages
Operation DoppelBrand Weaponizes Trusted Brands For Credential Theft
New phishing campaign dubbed Operation DoppelBrand targeted major financial firms like Wells Fargo
Google Warns of In the Wild Exploit as It Patches New Chrome Zero Day
A high severity vulnerability in Google Chrome and allows remote attackers to execute code
Crypto Payments to Human Traffickers Surges 85%
Chainalysis warns that online fraud is fuelling sophisticated human trafficking operations
Odido Breach Impacts Millions of Dutch Telco Users
Dutch telco Odido has revealed a major data breach impacting over six million customers
Munich Security Conference: Cyber Threats Lead G7 Risk Index, Disinformation Ranks Third
G7 countries ranked cyber-attacks as the top risk, while BICS members placed cyber threats only as the eighth most pressing risk
Fake AI Assistants in Google Chrome Web Store Steal Passwords and Spy on Emails
Hundreds of thousands of users have downloaded malicious AI extensions masquerading as ChatGPT, Gemini, Grok and others, warn cybersecurity researchers at LayerX
World Leaks Ransomware Group Adds Stealthy, Custom Malware ‘RustyRocket’ to Attacks
Accenture Cybersecurity warns over difficult to detect, “sophisticated toolset” being deployed as part of extortion campaigns
Nation-State Hackers Embrace Gemini AI for Malicious Campaigns, Google Finds
Google researchers found that government-backed hackers now use AI throughout the whole attack lifecycle
