Infosecurity News

  1. CISA Adds Zero-Day Bug Used in Spyware Attacks to KEV

    CISA has demanded federal agencies patch a zero-day vulnerability affecting Samsung devices used in LandFall spyware attacks

  2. Quantum Route Redirect Phishing Kit Democratizes Cyber-Attacks

    KnowBe4 claims the new Quantum Route Redirect kit is supercharging phishing attacks on Microsoft365 users

  3. 65% of Leading AI Companies Found With Verified Secrets Leaks

    A new study has revealed 65% of top AI firms have leaked sensitive data on GitHub, risking $400bn in assets

  4. China-Aligned UTA0388 Uses AI Tools in Global Phishing Campaigns

    Volexity has linked spear phishing operations to China-aligned UTA0388 in new campaigns using advanced tactics and LLMs

  5. New NCA Campaign Warns Men Off Crypto Investment Scams

    The UK’s National Crime Agency is warning men under 45 that crypto dreams can soon become a scam nightmare

  6. NCSC Set to Retire Web Check and Mail Check Tools

    The UK’s National Cyber Security Centre has urged users of its Web Check and Mail Check services to find alternatives

  7. Russian Hacking Group Sandworm Deploys New Wiper Malware in Ukraine

    Sandworm deployed data wipers against Ukrainian governmental entities and companies in the energy, logistics and grain sectors

  8. “I Paid Twice” Phishing Campaign Targets Booking.com

    Experts have uncovered large-scale phishing exploiting Booking.com, Airbnb and Expedia accounts, targeting hotels and customers

  9. Multi-Turn Attacks Expose Weaknesses in Open-Weight LLM Models

    A new Cisco report exposed large language models to multi-turn adversarial attacks with 90% success rates

  10. Hacktivist-Driven DDoS Dominates Attacks on Public Sector

    ENISA report reveals DDoS accounted for 60% of public sector security incidents last year

  11. AI-Enabled Malware Now Actively Deployed, Says Google

    Google warns of “just-in-time AI” malware using LLMs to evade detection and generate malicious code on-demand

  12. Google Forecasts Rise of Cyber-Physical Attacks Targeting Europe in 2026

    Europe will likely face a combination of heightened cyber-physical attacks and information operations coming from nation-state groups in 2026

  13. Operation Chargeback Uncovers €300m Fraud Scheme in 193 Countries

    Operation “Chargeback” has dismantled global fraud networks misusing stolen card data from more than 4.3 million victims

  14. UNK_SmudgedSerpent Targets Academics With Political Lures

    A previously unknown cyber actor UNK_SmudgedSerpent has been observed targeting academics with phishing and malware, merging techniques from Iranian groups

  15. Claude Desktop Extensions Vulnerable to Web-Based Prompt Injection

    Three of Anthropic’s Claude Desktop extensions were vulnerable to command injection – flaws that have now been fixed

  16. SMS Fraud Losses Set to Decline 11% in 2026

    Juniper Research predicts a $9bn drop in losses to SMS fraud next year

  17. Hundreds of Malware-Laden Apps Downloaded 42 Million Times From Google Play

    Zscaler estimates 239 malicious Android apps made it onto the official Play store over the past year

  18. French Police Seize €1.6m Amid Crypto Scam Network Crackdown

    Nine alleged crypto scammers arrested in Cyprus, Germany and Spain

  19. OpenAI Assistants API Exploited in 'SesameOp' Backdoor

    Instead of relying on more traditional methods, the backdoor exploits OpenAI’s Assistants API for command-and-control communications

  20. Scattered Spider, ShinyHunters and LAPSUS$ Form Unified Collective

    Scattered Spider, ShinyHunters and LAPSUS$ have formed an enhanced coordinated threat network for extortion efforts

Why Not Watch?

  1. The Invisible Frontline: Proactive Approaches to Browser Defense

  2. Mastering AI Security With ISACA’s New AAISM Certification

  3. Mastering Identity and Access for Non-Human Cloud Entities

  4. From Chaos to Confidence: Establishing Trust in Every Cloud Interaction

What’s Hot on Infosecurity Magazine?