Infosecurity News

  1. Critical Flaws Found in Elementor King Addons Affect 10,000 Sites

    The King Addons for Elementor plugin contains two flaws allowing unauthenticated file uploads and privilege escalation

  2. Threat Actors Utilize AdaptixC2 for Malicious Payload Delivery

    Cybercriminals are abusing AdaptixC2, a legitimate emulation framework, in ransomware campaigns

  3. Shadow AI: One In Four Employees Use Unapproved AI Tools, Research Finds

    Over a quarter of employees work with AI tools that had not been authorized by their company

  4. Proton Claims 300 Million Records Compromised So Far This Year

    A new dark web analysis reveals more than 300 million records have been breached in 2025 to date

  5. Defense Contractor Boss Pleads Guilty to Selling Zero-Day Exploits to Russia

    The former general manager of defense contractor Trenchant has admitted selling zero-days to Russian broker

  6. Chrome to Make HTTPS Mandatory by Default in 2026

    Google Chrome will enhance security with enforced HTTPS connections from version 154, set for release in October 2026

  7. Npm Malware Uses Invisible Dependencies to Infect Dozens of Packages

    The ongoing ‘PhantomRaven’ malicious campaign has infected 126 npm packages to date, representing 86,000 downloads

  8. PHP Servers and IoT Devices Face Growing Cyber-Attack Risks

    A rise in attacks on PHP servers, IoT devices and cloud gateways is linked to botnets exploiting flaws, according to new research published by Qualys

  9. New Atroposia RAT Surfaces on Dark Web

    Atroposia is a newly discovered modular RAT that uses encrypted channels and advanced theft capabilities to target credentials and crypto wallets

  10. Open Source “b3” Benchmark to Boost LLM Security for Agents

    The backbone breaker benchmark (b3) has been launched to enhance the security of LLMs within AI agents

  11. BSI Warns of Looming AI Governance Crisis

    The British Standards Institution claims business leaders aren’t focused enough on managing AI risk

  12. Investment Scams Spread Across Asia With International Reach

    A surge in fake investment platforms targeting cryptocurrency and forex markets has been driving a new wave of financial crime in Asia

  13. Chrome Zero-Day Actively Exploited in Attacks by Mem3nt0 mori

    A zero-day flaw in Chrome has been exploited by Mem3nt0 mori in Operation ForumTroll as part of a targeted espionage campaign

  14. Nation-State Cyber Ecosystems Weakened by Sanctions, Report Reveals

    Cyber-related economic sanctions can alter adversary behavior, forcing underground networks to distance themselves from named actors

  15. A Quarter of Scam Victims Have Considered Self-Harm

    ITRC report charts shocking rise of identity fraud victims driven to thoughts of self-harm

  16. Actively Exploited WSUS Bug Added to CISA KEV List

    Sysadmins are urged to patch WSUS vulnerability CVE-2025-59287 as soon as possible, with federal agencies required to update by November 14

  17. Qilin Ransomware Group Publishes Over 40 Cases Monthly

    Qilin ransomware activity has surged in late 2025, threatening data leaks via double extortion tactics

  18. Europol Warns of Rising Threat From Caller ID Spoofing Attacks

    Europol called for action against caller ID spoofing, linking attacks to significant online fraud

  19. Tata Consultancy Services Refutes Losing M&S Contract After Cyber-Attack

    The IT outsourcing giant said its service desk contract with Marks & Spencer was terminated long before the hack

  20. UK Fraud Cases Surge 17% Annually

    UK Finance reveals a 3% increase in the value and 17% increase in the volume of fraud in H1 2025

Why Not Watch?

  1. Cyber Defense in the Age of AI: Stay Ahead of Threats Without Compromising Safety

  2. OT Security Ecosystem for Targeted Risk Reduction and Reporting

  3. Mastering Identity and Access for Non-Human Cloud Entities

  4. Mastering AI Security With ISACA’s New AAISM Certification

What’s Hot on Infosecurity Magazine?