Infosecurity News
Nation-State Cyber Ecosystems Weakened by Sanctions, Report Reveals
Cyber-related economic sanctions can alter adversary behavior, forcing underground networks to distance themselves from named actors
A Quarter of Scam Victims Have Considered Self-Harm
ITRC report charts shocking rise of identity fraud victims driven to thoughts of self-harm
Actively Exploited WSUS Bug Added to CISA KEV List
Sysadmins are urged to patch WSUS vulnerability CVE-2025-59287 as soon as possible, with federal agencies required to update by November 14
Qilin Ransomware Group Publishes Over 40 Cases Monthly
Qilin ransomware activity has surged in late 2025, threatening data leaks via double extortion tactics
Europol Warns of Rising Threat From Caller ID Spoofing Attacks
Europol called for action against caller ID spoofing, linking attacks to significant online fraud
Tata Consultancy Services Refutes Losing M&S Contract After Cyber-Attack
The IT outsourcing giant said its service desk contract with Marks & Spencer was terminated long before the hack
UK Fraud Cases Surge 17% Annually
UK Finance reveals a 3% increase in the value and 17% increase in the volume of fraud in H1 2025
Critical WordPress Plugin Bugs Exploited En Masse
Wordfence says threat actors are trying to exploit three critical vulnerabilities from 2024
New LockBit Ransomware Victims Identified by Security Researchers
Check Point has identified a dozen attacks in September that bore the LockBit stamp, with half of them attributed to the group’s new ransomware version
Blitz Spear Phishing Campaign Targets NGOs Supporting Ukraine
A spear phishing campaign dubbed PhantomCaptcha targeted Ukraine’s war relief efforts and regional government administrations for a single day in October
Threat Actors Ramp Up Public App Exploits as ToolShell Gains Traction
ToolShell exploit activity surged last quarter, appearing in over 60% of Cisco Talos IR cases and driving a sharp rise in public-facing application attacks
Pakistani-Linked Hacker Group Targets Indian Government
A cyber-espionage campaign by Pakistan’s TransparentTribe has been identified, targeting Indian government systems using DeskRAT
Lazarus Group’s Operation DreamJob Targets European Defense Firms
Cyber-attacks by North Korea’s Lazarus Group target European defense firms in drone development
Major Vulnerabilities Found in TP-Link VPN Routers
Forescout researchers discovered critical and high-severity vulnerabilities in several TP-Link VPN routers
Lumma Stealer Vacuum Filled by Upgraded Vidar 2.0 Infostealer, Researchers Say
Trend Micro believe security teams should anticipate increased Vidar 2.0 prevalence in campaigns through Q4 2025
PhantomCaptcha Campaign Targets Ukraine Relief Organizations
SentinelLABS Researchers have uncovered a new phishing campaign, PhantomCaptcha, targeting aid organizations supporting Ukraine
MuddyWater Uses Compromised Mailboxes in Global Phishing Campaign
Group-IB has uncovered a phishing campaign by Iran-linked MuddyWater, exploiting compromised emails for foreign intelligence
JLR Hack UK's Costliest Ever, Hitting Economy with £1.9bn Loss
The Cyber Monitoring Centre has classified the cyber-attack against Jaguar Land Rover as a “systemic cyber event”
Scattered Lapsus$ Hunters Signal Shift in Tactics
Scattered Lapsus$ Hunters may be preparing to launch an extortion-as-a-service model, according to Palo Alto Networks
Singapore Officials Impersonated in Sophisticated Investment Scam
Group-IB has uncovered a scam operation impersonating Singapore officials using Google Ads and deepfakes
