Infosecurity News

  1. Critical Appsmith Flaw Enables Account Takeovers

    Critical vulnerability in Appsmith allows account takeover via flawed password reset process

  2. RealHomes CRM Plugin Flaw Affected 30,000 WordPress Sites

    Security flaw in RealHomes CRM plugin allowed file uploads; patches released for 30,000+ sites

  3. Zero-Day Exploits Surge, Nearly 30% of Flaws Attacked Before Disclosure

    VulnCheck analysts found that vulnerabilities exploited before being publicly disclosed rose from 23.6% in 2024 to 28.96% in 2025

  4. LastPass Warns of Phishing Campaign Attempting to Steal Master Passwords

    Phoney email alerts suggest users need to backup their LastPass accounts within 24 hours. LastPass says it would never require this action from users

  5. UK Executives Warn They May Not Survive a Major Cyber-Attack, Vodafone Survey Finds

    UK Executives Warn They May Not Survive a Major Cyber-Attack, Vodafone Survey Finds

  6. Over 160,000 Companies Notify Regulators of GDPR Breaches

    DLA Piper finds 22% increase in breached firms notifying European GDPR regulators

  7. Phishing and Spoofed Sites Remain Primary Entry Points For Olympics

    Cyber risks for the Milano-Cortina 2026 Winter Games include phishing and spoofed websites as key threat vectors

  8. Peruvian Loan Scam Harvests Cards and PINs via Fake Applications

    Loan phishing operation in Peru is stealing card info by impersonating financial institutions

  9. VoidLink Linux Malware Was Built Using an AI Agent, Researchers Reveal

    Sophisticated malware previously thought to be the work of a well-resourced cyber-crime group was built by one person - with the aid of AI tools

  10. EU Unveils Cybersecurity Overhaul with Proposed Update to Cybersecurity Act

    The EU’s Cybersecurity Act 2.0 will aim to address some of the challenges of the current CSA, including the slow rollout of certification schemes

  11. Experts Welcome Global Cybersecurity Vulnerability Enumeration Launch

    A new service, the Global Cybersecurity Vulnerability Enumeration (GCVE), offers an alternative to the US-led CVE

  12. Report Fraud Promises to Streamline Fight Against Economic Crime

    City of London Police has launched the UK’s national Report Fraud service

  13. Risk of AI Model Collapse to Drive Zero Trust Data Governance, Gartner Says

    Gartner predicts 50% of organizations will adopt zero trust data governance by 2028

  14. Chainlit Security Flaws Highlight Infrastructure Risks in AI Apps

    2 security vulnerabilities in the Chainlit framework expose risks from web flaws in AI applications

  15. Prompt Injection Bugs Found in Official Anthropic Git MCP Server

    Three vulnerabilities in Anthropic's Git server for the MCP can be exploited via prompt injection

  16. Cyber Risks Among CEOs’ Top Worries Amid Weak Short Term Growth Outlook

    PwC’s 29th Global CEO Survey shows cyber risk rising to the top of CEO concerns as confidence in short term business growth weakens

  17. LinkedIn Phishing Campaign Exploits Open-Source Pen Testing Tool to Compromise Business Execs

    Cybersecurity Researchers at ReliaQuest warn of an ongoing campaign delivered to “high-value individuals” via LinkedIn messages

  18. AI Supercharges Attacks in Cybercrime's New 'Fifth Wave'

    Weaponized AI is fueling a new wave of cybercrime, said Group-IB in its latest report

  19. Scam Marketplace Tudou Guarantee Shutters Telegram Ops

    A notorious marketplace for fraud, Tudou Guarantee, appears to have closed its public Telegram groups

  20. Researchers Uncover PDFSIDER Malware Built for Long-Term, Covert System Access

    New malware PDFSIDER enables covert, long-term access to compromised systems via advanced techniques

Why Not Watch?

  1. Five Non-Negotiable Strategies to Get Identity Security Right in 2026

  2. Audit & Compliance in the Era of AI and Emerging Technology

  3. Mastering AI Security With ISACA’s New AAISM Certification

  4. Modernizing GRC: From Checkbox to Strategic Advantage

What’s Hot on Infosecurity Magazine?