Infosecurity News

  1. Cookeville Medical Center Notifies Patients After July 2025 Ransomware Attack

    Tennessee's CRMC notifies over 337,000 patients of Rhysida ransomware breach exposing sensitive data

  2. NIST Drops NVD Enrichment for Pre-March 2026 Vulnerabilities

    NIST’s National Vulnerability Database will now prioritize enriching new and exploited flaws to address the record growth of reported CVEs

  3. Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads

    Ox Security claims as many as 200,000 servers are exposed by newly discovered MCP vulnerability

  4. Automotive Ransomware Attacks Double in a Year

    Halcyon says ransomware now accounts for more than two-fifths of cyber-attacks targeting carmakers

  5. OpenAI Unveils GPT-5.4-Cyber for Improving Cyber Defense With AI

    OpenAI’s new frontier model focused on cybersecurity comes following Anthropic’s launch of Claude Mythos Preview and Project Glasswing

  6. European Cybersecurity Agency ENISA Seeks Top-Tier Status in CVE Program

    The EU cybersecurity agency looks to become the third Top-Level Root CVE Numbering Authority, alongside CISA and MITRE

  7. Signed Adware Operation Disables Antivirus Across 23,000 Hosts

    Huntress uncovers adware deploying AV-killing payloads via signed updates across 23,000 endpoints

  8. Critical Nginx-ui MCP Flaw Actively Exploited in the Wild

    Critical nginx-ui MCP authentication bypass CVE-2026-33032 actively exploited with CVSS 9.8

  9. AI Companies to Play Bigger Role in CVE Program, Says CISA

    At VulnCon, Lindsey Cerkovnik, head of vulnerability management at CISA, said AI companies should play a bigger role in vulnerability disclosures in the future

  10. Researchers Spot Surge in Brute-Force Attacks from Middle East

    Barracuda says 88% of brute-force attempts in Q1 were from the region

  11. Microsoft Fixes Two Zero-Days in April Patch Tuesday

    Microsoft has patched two zero-day flaws and over 160 others

  12. CISOs Urged to Innovate with Talent Retention as Job Satisfaction Declines

    A new IANS report claims just 34% of cybersecurity professionals plan to stay put in the next 12 months

  13. Triad Nexus Expands Global Fraud Operations Despite US Sanctions

    Triad Nexus scales $200m scams, uses infrastructure laundering, localized fraud and US-access blocks

  14. Malicious Chrome Extensions Campaign Exposes User Data

    108 malicious Chrome extensions steal sessions, Google data, inject ads via single C2 infrastructure

  15. AI Security Institute Advocates Security Best Practices After Mythos Test

    The AISI has issued its judgement on Anthropic’s Mythos Preview model

  16. Mailbox Rule Abuse Emerges as Stealthy Post-Compromise Threat

    Attackers are abusing Microsoft 365 mailbox rules to hide activity, exfiltrate data and retain access after account compromise, researchers warn

  17. Mirax Android Trojan Turns Devices Into Residential Proxy Nodes

    Security researchers warn of Mirax, an emerging Android banking trojan using MaaS, remote access and residential proxies to target European users

  18. FBI Dismantles $20m Phishing Operation W3LL

    The W3LL phishing kit has been associated with fraud attempts totaling $20m

  19. UK Cyber Security Council Launches Associate Cyber Security Professional Title

    The UK Cyber Security Council has unveiled a new Associate Cyber Security Professional title aimed at supporting early‑career cybersecurity professionals

  20. Operation Atlantic Seizes $12m in Crypto Losses

    UK, US and Canadian authorities have identified over 20,000 victims of approval phishing scams that trick users into handing over full crypto wallet access

Why Not Watch?

  1. How To Enhance Security Operations with AI-Powered Defenses

  2. How to Recover From a Cyber-Attack: A Step-by-Step Playbook

  3. Why Resilience‑Focused Cloud Design Is Your Best Defense Against Modern Attacks

  4. Securing M365 Data and Identity Systems Against Modern Adversaries

What’s Hot on Infosecurity Magazine?