Infosecurity News
Scam-Busting FCA Firm Checker Tool Given Cautious Welcome
Experts say a new Firm Checker tool from the FCA won’t move the dial on fraud but is a step in the right direction
Google Releases Critical Chrome Security Update to Address Three Zero-Days
Google has released a Chrome security update to fix three zero-day vulnerabilities, including a high-severity flaw with an active exploit
“Cyber Tax” Warning as Two-Fifths of SMBs Raise Prices After Breach
New ITRC research finds 81% of US small businesses suffered a data or security breach in the past year
ClickFix Social Engineering Sparks Rise of CastleLoader Attacks
A new malware campaign has been identified using a Python-based delivery system to deploy CastleLoader malware
Pro-Russia Hackers Target US Critical Infrastructure in New Wave
Pro-Russia hacktivist groups have been observed exploiting exposed virtual network computing connections to breach OT systems
Google Fixes Zero Click Gemini Enterprise Flaw That Exposed Corporate Data
The flaw, dubbed ‘GeminiJack,’ exploits the trust boundary between user-controlled content in data sources and the AI model’s instruction processing
Log4Shell Downloaded 40 Million Times in 2025
Sonatype has claimed that 13% of Log4j versions downloaded this year were vulnerable to the legacy critical Log4Shell bug
Microsoft Fixes Three Zero-Days in Final Patch Tuesday of 2025
December’s Patch Tuesday sees the release of patches for over 50 CVEs including three zero-days
React2Shell Exploit Campaigns Tied to North Korean Cyber Intrusion Tactics
Sysdig has found sophisticated malicious campaigns exploiting React2Shell that delivered EtherRAT and suggested North Korean hackers’ involvement
Malicious VS Code Extensions Deploy Advanced Infostealer
Two malicious Visual Studio Code extensions, Bitcoin Black and Codo AI, have been observed harvesting sensitive user data
DeadLock Ransomware Uses BYOVD to Evade Security Measures
Cisco Talos has detected new tactics from a financially motivated actor using DeadLock ransomware
UK NCSC Raises Alarms Over Prompt Injection Attacks
The UK’s National Cyber Security Centre has warned of the dangers of comparing prompt injection to SQL injection
Gartner Calls For Pause on AI Browser Use
Gartner has called for organizations to block today’s AI browsers on security concerns
ClayRat Android Spyware Expands Capabilities
A new version of ClayRat Android spyware features enhanced surveillance and device-control features
Marquis Software Breach Affects Over 780,000 Nationwide
A data breach at Marquis Software Solutions due to a firewall flaw has affected over 780,000 people across the US
Portugal Revises Cybercrime Law to Protect Security Researchers
Security researchers will now be protected from prosecution in Portugal as long as they meet certain conditions
React2Shell Under Active Exploitation by China-Nexus Hackers
React2Shell (CVE-2025-55182) is under active exploitation by Earth Lamia and Jackpot Panda, risking over two million instances worldwide
UK ICO Demands “Urgent Clarity” on Facial Recognition Bias Claims
A Home Office report has revealed racial bias in facial recognition technology used by police
Barts Health Seeks High Court Ban After Oracle EBS Breach
Barts Health NHS Trust has revealed itself to be the latest victim of Cl0p’s Oracle EBS campaign
React.js Hit by Maximum-Severity 'React2Shell' Vulnerability
A critical RCE flaw in React.js, dubbed React2Shell (CVE-2025-55182), has been disclosed with a maximum CVSS score of 10.0, posing severe risks for server-side implementations
