Infosecurity News
Infosecurity Europe: UK Firms Prioritize AI Threat Preparedness as Cyber Risks Evolve
UK organizations are prioritizing AI-driven cybersecurity as 43% cite AI-powered attacks as their top risk, prompting significant investment in advanced threat defense
Attackers Hijack Red Hat npm Scope to Steal Cloud Secrets
Attackers backdoored 32 packages in Red Hat's official npm scope to steal cloud and CI secrets
Infosecurity Europe: Business Leaders Lack Understanding of Threat Intelligence, Study Warns
A new Silobreaker and SANS Institute paper examines the ‘Intelligence-Stakeholder Gap’ and what organizations must do to achieve business buy-in on threat intelligence
Critical Flowise Flaw Gives Attackers Full Server Control
Obsidian publishes PoC for a 1-click Flowise RCE that can fully compromise self-hosted servers
Infosecurity Europe: Tabletop Exercise to Test How CISOs Respond to Major Supermarket Cyber-Attack
Semperis is set to bring ‘Enter the War Room: A Tabletop Experience’ to Infosecurity Europe to help cybersecurity leaders prepare to face real incidents
Infosecurity Europe: AI SOCs Will Still Need SOC Analysts, Security Vendors Say
Top cybersecurity vendors said AI won't replace entry-level – only routine ticket-taking and triage
FSB Group Gamaredon Hides Worm in Windows Data Streams
FSB-linked Gamaredon concealed a fileless worm in NTFS data streams to spy on Ukraine targets
Attackers Abuse Shared Content for ChatGPT Phishing Campaign
Push Security says threat actors are delivering malware hosted on chatgpt.com/s/ domain
Palo Alto Warns High-Severity Bug Is Being Actively Exploited
A vulnerability in Palo Alto Networks’ PAN-OS software is being exploited in attacks
Infosecurity Europe: OWASP Forms New Agentic Research Council
OWASP’s new Agentic Research Council will aim to connect academic work to operational realities on agentic AI security
Silent Ransom Group Uses In-Person IT Impersonation to Breach Systems
Threat actors from the Silent Ransom Group, aka Luna Moth, are escalating attacks by impersonating IT staff in phone calls and even showing up in person to gain direct access to victim systems
Infosecurity Europe: CyCOS Project Expands to Support UK SMEs as CIISec Takes Over
From a research-driven pilot, the Cybersecurity Communities of Support (CyCOS) is about to be handed over to CIISec
Chinese Hackers Exploit Iran War to Target Maritime and Energy Companies
ESET’s 2026 APT Activity Report suggests China-backed APTs are using instability in the region to target victims, as well as continuing activity against organizations around the globe
AI-Generated npm Malware Leaks Its Own GitHub Token
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator
Attackers Move Past Typosquatting to Realistic Package Impersonation
Most malicious open source packages now mimic real code rather than rely on typosquatting
Microsoft Condemns "Uncoordinated" Zero Day Disclosures
Microsoft warned the disclosure of several unpatched vulnerabilities without notice has put “customers at unnecessary risk”
New Threat Actor Jinx-0164 Targets Crypto Developers on macOS
New actor Jinx-0164 hit crypto developers with fake recruiter lures and macOS malware
Infosecurity Europe: Cybersecurity Staff Prefer CISOs With Real Attack Response Experience, Study Reveals
ISC2 survey of cybersecurity professionals suggests that staff want their information security leaders to have experienced reacting to a significant cyber incident
GCHQ Chief Urges Action as AI Reshapes Cyber Threats
GCHQ director urges urgent business cyber action as AI and quantum reshape the threat
CrowdStrike, Google Take Down Glassworm Botnet
Operators of the malicious Glassworm botnet have been targeting software developers since at least early 2025
