Infosecurity News

  1. FBI Warns 'Kali365' Phishing Kit Hijacks Microsoft 365 OAuth Tokens

    The Kali365 phishing-as-a-service platform lowers the barrier of entry for cybercriminals, said the FBI

  2. Fake Streams, Counterfeit Merch and Other Scams: How Fraudsters Target F1 Fans

    From fake F1 streams to counterfeit merch, fraudsters are exploiting fans online and the Bitdefender Cybersecurity Grand Prix Fan Threat Index details how

  3. Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning

    The infostealer payload in this campaign collect a vast amount of data, from collaboration authentication keys to cryptocurrency wallets

  4. Apple Blocked $2.2bn in App Store Fraud in the Last Year

    Total figure for fraudulent transactions Apple has blocked since 2020 now stands at over $11bn

  5. Cybercriminal VPN Dismantled in Europol Crackdown

    First VPN, a service used by ransomware actors and fraudsters, was dismantled by Europol

  6. GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension

    A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio Marketplace

  7. Three-Quarters of Firms Knowingly Ship Vulnerable Code

    AI risks threaten to permeate supply chains through unvetted code and unaudited suppliers

  8. Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes

    Qualys finds nine-year-old Linux ptrace flaw exposing SSH keys and password hashes locally

  9. Grafana Labs Says Code Breach Stemmed from TanStack Attack

    Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack

  10. Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users

    Premium Deception campaign uses 250 Android apps to silently sign victims up to paid services

  11. Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem

    Mini Shai-Hulud worm hits Alibaba AntV ecosystem in largest npm supply chain wave to date

  12. China-Linked Webworm APT Evolves Tactics, Expands to European Targets

    China-linked Webworm APT expands beyond Asia, targeting European government organizations and refining its cyber espionage tactics, according to ESET research

  13. GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension

    The prolific threat group TeamPCP has claimed a hack into GitHub’s internal repositories

  14. Researchers Warn CypherLoc Scareware Has Targeted Millions of Users

    Barracuda reveals new CypherLoc scareware has featured in nearly three million attacks

  15. Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector

    Verizon DBIR finds 31% of data breaches began with software flaws last year

  16. Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool

    Microsoft’s Digital Crimes Unit has taken down the infrastructure of Fox Tempest, a prolific cybercrime-enabling threat group

  17. AI Raises the Bar on Vulnerability Awareness and Secure-by-Design Software

    AI-powered vulnerability scanning leaves no excuse for unpatched bugs as the EU Cyber Resilience Act pushes firms toward secure-by-design software

  18. Agentic AI Accelerates Software Builds and Mobile App Attacks

    Digital.ai data reveals 87% of apps were attacked over the past year

  19. Grafana Labs Confirms Hackers Stole Source Code

    Open source tool maker Grafana says hackers stole codebase via GitHub breach

  20. Hackers Bypass Security Tools to Target Users Directly

    Bridewell report calls out emergence of “fix-style” attacks

Why Not Watch?

  1. Cyber Resilience Under Pressure: Can Your Organisation Prove Control When it Matters Most?

  2. Financial Services Under Pressure: Supply Chain Risk, Regulation and Operational Resilience

  3. How To Enhance Security Operations with AI-Powered Defenses

  4. How to Harness Advanced Intelligence Capabilities to Strengthen Cyber Defence

What’s Hot on Infosecurity Magazine?