Infosecurity News

  1. Industrial-Scale Fake Coretax Apps Drive $2m Fraud in Indonesia

    Fraud campaign exploiting Indonesia’s Coretax resulted in $1.5m to $2m in losses via malicious apps

  2. Industrial Control System Vulnerabilities Hit Record Highs

    Forescout paper reveals ICS advisories hit a record 508 in 2025

  3. Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA

    A new cybercriminal toolkit uses proxies to mimic popular online services and represents a “significant escalation in phishing infrastructure,” warn researchers at Abnormal

  4. Flaws in Popular Software Development App Extensions Allow Data Exfiltration

    Four serious new vulnerabilities affect Microsoft Visual Studio Code, Cursor and Windsurf extensions, three of which remain unpatched

  5. Researchers Reveal Six New OpenClaw Vulnerabilities

    Endor Labs has published details of six new vulnerabilities in popular AI assistant OpenClaw

  6. Cryptojacking Campaign Exploits Driver to Boost Monero Mining

    Cryptojacking campaign used pirated software to deploy a persistent XMRig miner with stealth tactics

  7. AI Assistants Used as Covert Command-and-Control Relays

    AIs like Grok and Microsoft Copilot can be exploited as covert C2 channels for malware communication

  8. Record Number of Ransomware Victims and Groups in 2025

    Searchlight Cyber reports a 30% annual increase in ransomware victim numbers in 2025

  9. Chinese APT Group Exploits Dell Zero-Day for Two Years

    Mandiant reveals campaign featuring exploit of a CVSS 10.0 CVE in Dell RecoverPoint for Virtual Machines

  10. Android 17 Beta Introduces Secure-By-Default Architecture

    Android 17 Beta introduces privacy, security updates and a new Canary channel for improved development

  11. Apple Expands RCS Encryption and Memory Protections in iOS 26.4

    iOS 26.4 Beta adds end-to-end encryption for RCS messaging and enhanced Memory Integrity Enforcement

  12. Low-Skilled Cybercriminals Use AI to Perform "Vibe Extortion" Attacks

    Unit 42 researchers observed a low-skilled threat actor using an LLM to script a professional extortion strategy, complete with deadlines and pressure tactics

  13. Over-Privileged AI Drives 4.5 Times Higher Incident Rates

    Teleport study reveals that organizations running over-privileged AI have a 76% incident rate

  14. Significant Rise in Ransomware Attacks Targeting Industrial Operations

    Dragos annual report warns of a surge in ransomware attacks causing increased operational disruption in industrial environments

  15. Infostealer Targets OpenClaw to Loot Victim’s Digital Life

    Hudson Rock has warned OpenClaw users that infostealers are targeting their configuration files

  16. Vulnerabilities in Password Managers Allow Hackers to View and Change Passwords

    Security researchers have challenged end-to-end encryption claims from popular commercial password managers

  17. SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks, NCSC Boss Warns

    NCSC’s Richard Horne has warned that cybercriminals do not care about business size and called for SMEs to act now to secure their organizations

  18. OysterLoader Evolves With New C2 Infrastructure and Obfuscation

    OysterLoader malware evolves into 2026, refining C2 infrastructure, obfuscation & infection stages

  19. Operation DoppelBrand Weaponizes Trusted Brands For Credential Theft

    New phishing campaign dubbed Operation DoppelBrand targeted major financial firms like Wells Fargo

  20. Google Warns of In the Wild Exploit as It Patches New Chrome Zero Day

    A high severity vulnerability in Google Chrome and allows remote attackers to execute code

Why Not Watch?

  1. Five Non-Negotiable Strategies to Get Identity Security Right in 2026

  2. Securing M365 Data and Identity Systems Against Modern Adversaries

  3. Audit & Compliance in the Era of AI and Emerging Technology

  4. Time Is a New Attack Surface: Securing Networks with Trusted Time Synchronization

What’s Hot on Infosecurity Magazine?