Infosecurity News

  1. Chinese National Extradited Over Silk Typhoon Cyber Campaign

    Extradition links alleged MSS-directed hacker to Silk Typhoon and COVID-19 espionage

  2. No Metrics Are Better Than Bad Metrics in the SOC, Says NCSC

    The National Cyber Security Centre has warned against measuring SOCs with ticket-based metrics

  3. North Korean Hackers Target Crypto Firms with ClickFix and AI-Made Zoom Lures

    Arctic Wolf attributed this large-scale spear-phishing campaign to BlueNoroff, a financially motivated subgroup of the Lazarus Group

  4. US Sanctions Target Cambodian Scam Network Leaders

    US sanctions target Cambodian scam networks tied to crypto fraud and trafficking

  5. Utilities Tech Supplier Itron Discloses Cyber-Attack, Operations Unaffected

    Itron confirmed a cyber incident but does not believe it is likely to have a material impact on the company

  6. Widely Used Browser Extensions Selling User Data

    Dozens of browser extensions openly sell user data via privacy policy disclosures

  7. Most Cybersecurity Professionals Feel Undervalued and Underpaid

    A new report by global technology recruitment firm, Harvey Nash, found that three quarters of cybersecurity staff are pessimistic on pay and half are looking for a new job

  8. Researchers Identify Fast16 Sabotage Malware That Pre-Dates Stuxnet

    The “fast16” malware may have been used to target Iran’s nuclear program prior to Stuxnet

  9. BlackFile Group Targets Retail and Hospitality with Vishing Attacks

    Researchers uncover a new data theft and extortion group dubbed “BlackFile”

  10. UK Biobank Data Breach: Health Data of 500,000 Listed for Sale in China

    UK government Minister confirms that breached health records of UK Biobank volunteers were up for sale on Chinese ecommerce platforms before being removed

  11. AI Rush is Reviving Old Cybersecurity Mistakes, Mandiant VP Warns

    AI tools are not just creating new vulnerabilities, they are reviving old security failures, warned Jurgen Kutscher, VP of Mandiant Consulting

  12. Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation

    Malicious npm packages spread via worm-like propagation and steal developer credentials

  13. Google Favors General-Purpose Gemini Models Over Cybersecurity‑Specific AI

    Google Cloud’s COO advocated for combining general-purpose frontier large language models with task-specific AI agents

  14. Apple Fixes iOS Notification Bug Exposing Deleted Messages

    Apple patches iOS flaw that retained deleted notifications, exposing message data

  15. Google Introduces Unique AI Agent Identities in New Gemini Enterprise Platform

    Google Cloud will attribute a unique cryptographic ID every AI agent that will be tied to “traceable and auditable” authorization policies

  16. Cyber-Attacks Surge 63% Annually in Education Sector

    Quorum Cyber report finds higher and further education institutions experienced 63% increase in attacks over a year

  17. Researchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI Agents

    Forcepoint has found 10 new indirect prompt injection attacks targeting AI agents

  18. NCSC Backs Passkeys, Hailing a New Era of Sign-in

    The UK’s NCSC has fully backed passkeys as consumers’ first choice for login, citing progress with FIDO and successful use across the NHS

  19. MacOS Native Tools Enable Stealthy Enterprise Attacks

    macOS LOTL techniques bypass detection using native tools and metadata abuse

  20. NCSC Unveils SilentGlass, a Plug-In Device to Protect Monitors from Cyber-Attacks

    The UK’s cybersecurity agency said the devices will be available for purchase by organizations around the world

Why Not Watch?

  1. How To Enhance Security Operations with AI-Powered Defenses

  2. Securing M365 Data and Identity Systems Against Modern Adversaries

  3. How to Recover From a Cyber-Attack: A Step-by-Step Playbook

  4. How Trusted Time Strengthens Network Security

What’s Hot on Infosecurity Magazine?