Infosecurity News

  1. Investment Scams Spread Across Asia With International Reach

    A surge in fake investment platforms targeting cryptocurrency and forex markets has been driving a new wave of financial crime in Asia

  2. Chrome Zero-Day Actively Exploited in Attacks by Mem3nt0 mori

    A zero-day flaw in Chrome has been exploited by Mem3nt0 mori in Operation ForumTroll as part of a targeted espionage campaign

  3. Nation-State Cyber Ecosystems Weakened by Sanctions, Report Reveals

    Cyber-related economic sanctions can alter adversary behavior, forcing underground networks to distance themselves from named actors

  4. A Quarter of Scam Victims Have Considered Self-Harm

    ITRC report charts shocking rise of identity fraud victims driven to thoughts of self-harm

  5. Actively Exploited WSUS Bug Added to CISA KEV List

    Sysadmins are urged to patch WSUS vulnerability CVE-2025-59287 as soon as possible, with federal agencies required to update by November 14

  6. Qilin Ransomware Group Publishes Over 40 Cases Monthly

    Qilin ransomware activity has surged in late 2025, threatening data leaks via double extortion tactics

  7. Europol Warns of Rising Threat From Caller ID Spoofing Attacks

    Europol called for action against caller ID spoofing, linking attacks to significant online fraud

  8. Tata Consultancy Services Refutes Losing M&S Contract After Cyber-Attack

    The IT outsourcing giant said its service desk contract with Marks & Spencer was terminated long before the hack

  9. UK Fraud Cases Surge 17% Annually

    UK Finance reveals a 3% increase in the value and 17% increase in the volume of fraud in H1 2025

  10. Critical WordPress Plugin Bugs Exploited En Masse

    Wordfence says threat actors are trying to exploit three critical vulnerabilities from 2024

  11. New LockBit Ransomware Victims Identified by Security Researchers

    Check Point has identified a dozen attacks in September that bore the LockBit stamp, with half of them attributed to the group’s new ransomware version

  12. Blitz Spear Phishing Campaign Targets NGOs Supporting Ukraine

    A spear phishing campaign dubbed PhantomCaptcha targeted Ukraine’s war relief efforts and regional government administrations for a single day in October

  13. Threat Actors Ramp Up Public App Exploits as ToolShell Gains Traction

    ToolShell exploit activity surged last quarter, appearing in over 60% of Cisco Talos IR cases and driving a sharp rise in public-facing application attacks

  14. Pakistani-Linked Hacker Group Targets Indian Government

    A cyber-espionage campaign by Pakistan’s TransparentTribe has been identified, targeting Indian government systems using DeskRAT

  15. Lazarus Group’s Operation DreamJob Targets European Defense Firms

    Cyber-attacks by North Korea’s Lazarus Group target European defense firms in drone development

  16. Major Vulnerabilities Found in TP-Link VPN Routers

    Forescout researchers discovered critical and high-severity vulnerabilities in several TP-Link VPN routers

  17. Lumma Stealer Vacuum Filled by Upgraded Vidar 2.0 Infostealer, Researchers Say

    Trend Micro believe security teams should anticipate increased Vidar 2.0 prevalence in campaigns through Q4 2025

  18. PhantomCaptcha Campaign Targets Ukraine Relief Organizations

    SentinelLABS Researchers have uncovered a new phishing campaign, PhantomCaptcha, targeting aid organizations supporting Ukraine

  19. MuddyWater Uses Compromised Mailboxes in Global Phishing Campaign

    Group-IB has uncovered a phishing campaign by Iran-linked MuddyWater, exploiting compromised emails for foreign intelligence

  20. JLR Hack UK's Costliest Ever, Hitting Economy with £1.9bn Loss

    The Cyber Monitoring Centre has classified the cyber-attack against Jaguar Land Rover as a “systemic cyber event”

Why Not Watch?

  1. The Invisible Frontline: Proactive Approaches to Browser Defense

  2. Cyber Defense in the Age of AI: Stay Ahead of Threats Without Compromising Safety

  3. How Mid-Market Businesses Can Leverage Microsoft Security for Proactive Defenses

  4. Mastering AI Security With ISACA’s New AAISM Certification

What’s Hot on Infosecurity Magazine?