Infosecurity News

Novel OAuth Client ID Spoofing Technique Targets Cloud Environments
New research reveals cyber-attackers can spoof OAuth Client IDs in Microsoft Entra ID, creating a stealthy path into cloud environments

Progress Software Warns of "External Security Threat" to ShareFile
Progress Software, the provider of the popular file-sharing and data storage solutions, has urged customers to shut down the server hosting their Storage Zone Controller

Russian State Hackers Target Vulnerable Routers Worldwide, Joint Advisory Warns
Cybersecurity agencies from 12 countries have warned that Russian state-backed hackers are actively targeting vulnerable routers using weak SNMP credentials

Hacker Extradited from Ukraine Pleads Guilty to Ryuk Ransomware Charges
An Armenian man has pleaded guilty to his role in the infamous Ryuk ransomware operation

Australian Cyber Agency Warns of Global CMS Exploitation Campaign
Australian Cyber Security Centre warns CMS users of mass scanning and exploitation campaign

CISA Details Incident Response to Exposed AWS GovCloud Keys
CISA reveals how it responded after sensitive AWS GovCloud credentials and internal data were exposed in a public GitHub repository

Microsoft Warns New 'GigaWiper' Malware Combines Espionage and Destructive Capabilities
A new multi-purpose backdoor allows cyber threat actors to conduct both quiet espionage activity and destructive wiping operations

Anthropic and OpenAI Security Tools Could Fuel Cyber-Attacks, Researchers Warn
Researchers at the AI Now Institute developed a proof-of-concept exploit showing common AI tools used for security could backfire

New Ransomware Exploits Malicious Driver to Remove Cybersecurity Protections
GodDamn ransomware uses remote desktop application to secretly move around networks and drop the malicious PoisonX kernel driver

Microsoft Warns of Increase in Number of Security Updates
Microsoft has said the volume of Windows security updates is set to grow as it uses AI to find new bugs

NHS Warns Staff Over Unauthorized Access to Patient Data
NHS tells staff they could face prison for “inappropriate” access to patients’ medical records

Vibe-Coded Malware Caught in Active Directory Attack
Huntress found a threat actor using vibe-coded PowerShell to map an Active Directory network

75% CISOs Fear Executives Don’t Understand Cybersecurity Risks Employees Face
Survey of cybersecurity leaders by MetaCompliance finds that many feel boards are uninterested in ever-evolving cyber risks

Chinese-Funded Interpol Cybercrime Crackdown Leads to 5,800 Arrests
Operation First Light 2026, coordinated by Interpol and funded by the Chinese government, has led to 5,811 arrests

GhostApproval Flaw Hits Six Major AI Coding Assistants
Wiz discovered GhostApproval, a symlink flaw in six major AI coding assistants that bypasses approval

New AI Security Charter Backed by Over 70 Cyber Firms
Over 70 cybersecurity organizations have signed the CREST AI Charter detailing responsible use of AI for security

Cybercriminals Plant Malicious AI Agents in Open Source Tool Repositories
Cybersecurity researchers at ESET identify big rise in suspicious and malicious toolsets which put users at risk from cyber-attacks

RedWing Android Spyware Sold as a Service on Telegram
Zimperium found RedWing, an Android spyware sold as a service via Telegram to target banking apps

China-Linked APT Expands Proxy Network With New Malware
Cisco Talos said China-linked APT UAT-7810 is growing its proxy relay network with new malware

Threat Actors Uses Agentic AI to Rapidly Compromise Cloud Target
Sygnia report details how agentic AI accelerated weeks-long attack to just 72 hours



