Infosecurity News

  1. GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension

    A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio Marketplace

  2. Three-Quarters of Firms Knowingly Ship Vulnerable Code

    AI risks threaten to permeate supply chains through unvetted code and unaudited suppliers

  3. Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes

    Qualys finds nine-year-old Linux ptrace flaw exposing SSH keys and password hashes locally

  4. Grafana Labs Says Code Breach Stemmed from TanStack Attack

    Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack

  5. Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users

    Premium Deception campaign uses 250 Android apps to silently sign victims up to paid services

  6. Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem

    Mini Shai-Hulud worm hits Alibaba AntV ecosystem in largest npm supply chain wave to date

  7. China-Linked Webworm APT Evolves Tactics, Expands to European Targets

    China-linked Webworm APT expands beyond Asia, targeting European government organizations and refining its cyber espionage tactics, according to ESET research

  8. GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension

    The prolific threat group TeamPCP has claimed a hack into GitHub’s internal repositories

  9. Researchers Warn CypherLoc Scareware Has Targeted Millions of Users

    Barracuda reveals new CypherLoc scareware has featured in nearly three million attacks

  10. Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector

    Verizon DBIR finds 31% of data breaches began with software flaws last year

  11. Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool

    Microsoft’s Digital Crimes Unit has taken down the infrastructure of Fox Tempest, a prolific cybercrime-enabling threat group

  12. AI Raises the Bar on Vulnerability Awareness and Secure-by-Design Software

    AI-powered vulnerability scanning leaves no excuse for unpatched bugs as the EU Cyber Resilience Act pushes firms toward secure-by-design software

  13. Agentic AI Accelerates Software Builds and Mobile App Attacks

    Digital.ai data reveals 87% of apps were attacked over the past year

  14. Grafana Labs Confirms Hackers Stole Source Code

    Open source tool maker Grafana says hackers stole codebase via GitHub breach

  15. Hackers Bypass Security Tools to Target Users Directly

    Bridewell report calls out emergence of “fix-style” attacks

  16. Interpol Launches Sweeping Cybercrime Crackdown in MENA Region

    Over 200 people were arrested in an anti-cybercrime operation that spanned 13 countries across the Middle East and North Africa

  17. The Infosecurity Europe Cyber Startup Competition: Meet the Finalists

    New for 2026, the Infosecurity Europe Startup competition will see five finalists pitch their ideas in front of a live audience, including senior industry leaders, investors and buyers

  18. NCSC Publishes Guidance on Securing Agentic AI Use

    The UK’s National Cyber Security Centre is helping organizations to understand agentic AI security risks

  19. Security Researchers Find 47 Zero-Days at Pwn2Own Berlin

    The research community was awarded $1.3m as it found dozens of novel vulnerabilities at Pwn2Own Berlin

  20. Bank of England, FCA and Treasury Raise Alarm Over Frontier AI

    The UK’s financial authorities have set expectations for the sector on cybersecurity and operational resilience

Why Not Watch?

  1. Financial Services Under Pressure: Supply Chain Risk, Regulation and Operational Resilience

  2. How Trusted Time Strengthens Network Security

  3. How To Enhance Security Operations with AI-Powered Defenses

  4. How to Recover From a Cyber-Attack: A Step-by-Step Playbook

What’s Hot on Infosecurity Magazine?