Infosecurity News

  1. Chinese Threat Actors Ditch Static Phishing Pages for Live Credential Interception

    Almost all organizations impersonated by Chinese phishing platforms are non-Chinese entities, suggesting operators deliberately avoid domestic targets

  2. BTMOB Android RAT Spreads Through No-Code Builder Tooling

    BTMOB Android RAT sold as a service with a no-code builder for fast, regional phishing lures

  3. India's CERT-In Sets 12-Hour Patch Deadline for Exposed Flaws

    CERT-In urges 12-hour patching of exposed flaws as AI compresses exploitation timelines

  4. Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning Campaign

    Iran's Nimbus Manticore pushes AI-built MiniFast backdoor via phishing and SEO poisoning

  5. FBI Warns 'Kali365' Phishing Kit Hijacks Microsoft 365 OAuth Tokens

    The Kali365 phishing-as-a-service platform lowers the barrier of entry for cybercriminals, said the FBI

  6. Fake Streams, Counterfeit Merch and Other Scams: How Fraudsters Target F1 Fans

    From fake F1 streams to counterfeit merch, fraudsters are exploiting fans online and the Bitdefender Cybersecurity Grand Prix Fan Threat Index details how

  7. Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning

    The infostealer payload in this campaign collect a vast amount of data, from collaboration authentication keys to cryptocurrency wallets

  8. Apple Blocked $2.2bn in App Store Fraud in the Last Year

    Total figure for fraudulent transactions Apple has blocked since 2020 now stands at over $11bn

  9. Cybercriminal VPN Dismantled in Europol Crackdown

    First VPN, a service used by ransomware actors and fraudsters, was dismantled by Europol

  10. GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension

    A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio Marketplace

  11. Three-Quarters of Firms Knowingly Ship Vulnerable Code

    AI risks threaten to permeate supply chains through unvetted code and unaudited suppliers

  12. Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes

    Qualys finds nine-year-old Linux ptrace flaw exposing SSH keys and password hashes locally

  13. Grafana Labs Says Code Breach Stemmed from TanStack Attack

    Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack

  14. Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users

    Premium Deception campaign uses 250 Android apps to silently sign victims up to paid services

  15. Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem

    Mini Shai-Hulud worm hits Alibaba AntV ecosystem in largest npm supply chain wave to date

  16. China-Linked Webworm APT Evolves Tactics, Expands to European Targets

    China-linked Webworm APT expands beyond Asia, targeting European government organizations and refining its cyber espionage tactics, according to ESET research

  17. GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension

    The prolific threat group TeamPCP has claimed a hack into GitHub’s internal repositories

  18. Researchers Warn CypherLoc Scareware Has Targeted Millions of Users

    Barracuda reveals new CypherLoc scareware has featured in nearly three million attacks

  19. Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector

    Verizon DBIR finds 31% of data breaches began with software flaws last year

  20. Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool

    Microsoft’s Digital Crimes Unit has taken down the infrastructure of Fox Tempest, a prolific cybercrime-enabling threat group

Why Not Watch?

  1. How Trusted Time Strengthens Network Security

  2. How to Recover From a Cyber-Attack: A Step-by-Step Playbook

  3. Behind the Curtain of Microsoft 365 Cybersecurity: Lessons from Overlooked Resilience Gaps

  4. Building True Cyber Resilience Across Financial Supply Chains

What’s Hot on Infosecurity Magazine?