Infosecurity News
Attackers Abuse Shared Content for ChatGPT Phishing Campaign
Push Security says threat actors are delivering malware hosted on chatgpt.com/s/ domain
Palo Alto Warns High-Severity Bug Is Being Actively Exploited
A vulnerability in Palo Alto Networks’ PAN-OS software is being exploited in attacks
Infosecurity Europe: OWASP Forms New Agentic Research Council
OWASP’s new Agentic Research Council will aim to connect academic work to operational realities on agentic AI security
Silent Ransom Group Uses In-Person IT Impersonation to Breach Systems
Threat actors from the Silent Ransom Group, aka Luna Moth, are escalating attacks by impersonating IT staff in phone calls and even showing up in person to gain direct access to victim systems
Infosecurity Europe: CyCOS Project Expands to Support UK SMEs as CIISec Takes Over
From a research-driven pilot, the Cybersecurity Communities of Support (CyCOS) is about to be handed over to CIISec
Chinese Hackers Exploit Iran War to Target Maritime and Energy Companies
ESET’s 2026 APT Activity Report suggests China-backed APTs are using instability in the region to target victims, as well as continuing activity against organizations around the globe
AI-Generated npm Malware Leaks Its Own GitHub Token
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator
Attackers Move Past Typosquatting to Realistic Package Impersonation
Most malicious open source packages now mimic real code rather than rely on typosquatting
Microsoft Condemns "Uncoordinated" Zero Day Disclosures
Microsoft warned the disclosure of several unpatched vulnerabilities without notice has put “customers at unnecessary risk”
New Threat Actor Jinx-0164 Targets Crypto Developers on macOS
New actor Jinx-0164 hit crypto developers with fake recruiter lures and macOS malware
Infosecurity Europe: Cybersecurity Staff Prefer CISOs With Real Attack Response Experience, Study Reveals
ISC2 survey of cybersecurity professionals suggests that staff want their information security leaders to have experienced reacting to a significant cyber incident
GCHQ Chief Urges Action as AI Reshapes Cyber Threats
GCHQ director urges urgent business cyber action as AI and quantum reshape the threat
CrowdStrike, Google Take Down Glassworm Botnet
Operators of the malicious Glassworm botnet have been targeting software developers since at least early 2025
Infosecurity Europe: Why Burnout in Cybersecurity Demands Risk-Based Response
Cybermindz warns that cybersecurity burnout is a growing risk, urging organizations to move beyond wellness initiatives and adopt a measurable, risk-based approach to workforce stress
Thousands of Fake FIFA Domains Target World Cup Fans
Group-IB uncovered Ghost Stadium phishing and 4300 fake FIFA World Cup domains targeting fans
68% of UK Firms Plan to Increase Cyber Spending as AI Risks Rise
UK firms plan higher cyber spending as AI adoption raises security concerns
PureLogs Variant Steals Data via Purchase Order Lures
FortiGuard Labs detailed a PureLogs campaign using JavaScript, PowerShell and process hollowing
Chinese Threat Actors Ditch Static Phishing Pages for Live Credential Interception
Almost all organizations impersonated by Chinese phishing platforms are non-Chinese entities, suggesting operators deliberately avoid domestic targets
BTMOB Android RAT Spreads Through No-Code Builder Tooling
BTMOB Android RAT sold as a service with a no-code builder for fast, regional phishing lures
