Infosecurity News
Fraud Fears But No Breach Spike Expected This Festive Season
Analysis of ICO records shows no surge in breaches during Q4 2024 with no seasonal spike in reported incidents
Scattered Lapsus$ Hunters Take Aim At Zendesk Users
New phishing domains point to a campaign from the notorious Scattered Lapsus$ Hunters collective
Key provisions of the UK Cyber Resilience Bill Revealed
Shona Lester, head of the Cyber Security and Resilience Bill team within the UK government, outlined some of the provisions that should be included in the future law
Cyber-Attack Disrupts OnSolve CodeRED Emergency Notification System
A cyber-attack claimed to be the resposibility of INC Ransom group and targeting the OnSolve CodeRED platform has disrupted emergency notification and exposed user data across the US
UK Report Proposes Liability For Software Provider Insecurity
A new report from the UK Business and Trade Committee has called for accountability of software providers for cyber flaws amid rising attack costs
FBI Warns of $262M Losses from Account Takeover Fraud in 2025
The FBI reports over $262m in losses from account takeover schemes since January 2025, as cybercriminals impersonate financial institutions to steal data and funds
Gainsight Cyber-Attack Affect More Salesforce Customers
The CEO of the customer support platform said “a handful of customers” saw their data exposed after the breach
HashJack Indirect Prompt Injection Weaponizes Websites
A new vulnerability dubbed “HashJack” could enable attackers to booby trap websites when they interact with AI browsers
London Councils Hit By Serious Cyber “Incidents”
At least three London local authorities are dealing with a major cybersecurity incident
Smishing Triad Impersonation Campaigns Expand Globally
A cluster of fraudulent domains impersonating Egyptian providers have been identified linked to Smishing Triad operations
New FlexibleFerret Malware Chain Targets macOS With Go Backdoor
A new macOS malware chain using staged scripts and a Go-based backdoor has been attributed to FlexibleFerret, designed to steal credentials and maintain system access
AI and Deepfake-Powered Fraud Skyrockets Amid Identity Fraud Stagnation
In its latest annual identity fraud report, Sumsub observed a “sophistication shift” in global fraud trends
Mounting Cyber-Threats Prompt Calls For Economic Security Bill
MPs in the UK want a new economic security regime to tackle cyber and related threats
New Shai-Hulud Worm Spells Trouble For npm Users
A new version of the Shai-Hulud worm has infected hundreds of npm packages and caused disruption to global CI/CD workflows
Flaws Expose Risks in Fluent Bit Logging Agent
Critical flaws in Fluent Bit threaten telemetry across platforms according to an advisory published by Oligo Security researchers
Russian-linked Malware Campaign Hides in Blender 3D Files
Morphisec has observed a new operation embedding StealC V2 malware in Blender project files, targeting users via 3D assets and launching a multi-stage infection chain
CISA Urges Patch of Actively Exploited Flaw in Oracle Identity Manager
The US cybersecurity agency has added the critical flaw to its Known Exploited Vulnerabilities list
Iberia Airlines Notifies Customers of Supply Chain Data Breach
Spanish airline Iberia has begun emailing its customers about a supplier data breach
MoD Launches World’s First Military Gaming Tournament
The International Defence Esports Games (IDEG) will help sharpen cyber and battlefield skills for allied soldiers
Cybercriminals Exploit Browser Push Notifications to Deliver Malware
Researchers at BlackFrog have uncovered Matrix Push C2, a malicious command-and-control system that abuses web browser push notifications to deliver malware
