Infosecurity News

  1. Secret Blizzard Targets Moscow-Based Embassies in New Espionage Campaign

    Microsoft has observed Russian state actor Secret Blizzard using an AiTM position to gain initial access, assisted by official domestic intercept systems

  2. Hackers Regularly Exploit Vulnerabilities Before Public Disclosure, Study Finds

    Spikes in attacker activity precede the disclosure of vulnerabilities 80% of the time, according to a new GreyNoise report

  3. Staggering 800% Rise in Infostealer Credential Theft

    Flashpoint data reveals an 800% increase in credentials stolen via infostealers in just six months

  4. UK Leads the Way with £15m AI Alignment Project

    The UK’s AI Security Institute has announced a new AI misalignment research program

  5. Android Malware Targets Banking Users Through Discord Channels

    The DoubleTrouble Android banking Trojan has evolved, using Discord for delivery and introducing several new features

  6. CISA Unveils Eviction Strategies Tool to Aid Incident Response

    CISA has launched a new tool to streamline cyber incident response and aid in adversary eviction

  7. Ransomware Attacks Escalate to Physical Threats Against Executives

    Semperis found that executives were physically threatened in 40% of ransomware incidents, in a bid to pressure victims to pay demands

  8. Cybercriminals ‘Spooked’ After Scattered Spider Arrests

    The arrest of members of the Scattered Spider cyber-attack group have temporarily halted new intrusions, however, similar threat actors continue to pose risks

  9. FunkSec Ransomware Victims Can Now Recover Files with Free Decryptor

    Avast researchers shared a step-by-step guide to decrypt files for victims of FunkSec ransomware

  10. Passwordless Future Years Away Despite Microsoft Authenticator Move

    Experts argue that password managers are still useful despite Microsoft Authenticator ditching its capabilities

  11. Over 200 Malicious Open Source Packages Traced to Lazarus Campaign

    North Korea’s Lazarus Group has been blamed for a cyber-espionage campaign using open source packages

  12. Hafnium Tied to Advanced Chinese Surveillance Tools

    A SentinelLabs report has revealed patents linked to firms aiding China's cyber-espionage operations, exposing new capabilities

  13. Hidden Backdoor Found in ATM Network via Raspberry Pi

    A covert ATM attack used a Raspberry Pi to breach bank systems, employing stealthy malware and anti-forensics techniques

  14. Google to Publicly Report New Vulnerabilities Within One Week of Vendor Disclosure

    Google’s Project Zero team will provide limited details of new vulnerabilities early following discovery, in a bid to speed up end users’ patching

  15. Third of Exploited Vulnerabilities Weaponized Within a Day of Disclosure

    32.1% of vulnerabilities listed in VulnCheck’s Known Exploited Vulnerabilities catalog were weaponized before being detected or within the following day

  16. Data Breach Costs Fall for First Time in Five Years

    IBM found that the global average cost of a data breach has fallen by 9% compared to 2024, driven by improved detection and containment

  17. US Tops Hit List as 396 SharePoint Systems Compromised Globally

    A total of 396 compromised Microsoft SharePoint systems have been identified globally, affecting 145 organizations across 41 countries in the wake of the ToolShell zero-day vulnerability

  18. OWASP Launches Agentic AI Security Guidance

    The comprehensive guidance focuses on technical recommendations for securing agentic AI applications, from development to deployment

  19. French Telco Orange Hit by Cyber-Attack

    Some of Orange’s professional and consumer services may be disrupted for a few days because of the cyber incident

  20. Critical Authentication Flaw Identified in Base44 Vibe Coding Platform

    Flaw in Base44 allowed unauthorized access to private apps, bypassing authentication systems

What’s hot on Infosecurity Magazine?