Infosecurity News
Law Firm Investigates Coupang Security Failures Ahead of Class Action Deadline
The US law firm Hagens Berman will lead a class action lawsuit against Coupang over security failures that led to a June 2025 data breach
Okta Flags Customised, Reactive Vishing Attacks Which Bypass MFA
Threat actors posing as IT support teams use phishing kits to generate fake login sites in real-time to trick victims into handing over credentials
Wiper Attack on Polish Power Grid Linked to Russia’s Sandworm
A destructive cyber attack targeting Poland’s energy sector has been linked to Russian APT group Sandworm
NHS Issues Open Letter Demanding Improved Cybersecurity Standards from Suppliers
Open letter by NHS technology leaders outlines plans to identify risks to software supply chain security across health and social care system
Under Armour Investigates Data Breach After 72 Million Records Allegedly Exposed
Under Armour said there is no evidence at this point to suggest the incident affected systems used to process payments or store customer passwords
Critical Appsmith Flaw Enables Account Takeovers
Critical vulnerability in Appsmith allows account takeover via flawed password reset process
RealHomes CRM Plugin Flaw Affected 30,000 WordPress Sites
Security flaw in RealHomes CRM plugin allowed file uploads; patches released for 30,000+ sites
Zero-Day Exploits Surge, Nearly 30% of Flaws Attacked Before Disclosure
VulnCheck analysts found that vulnerabilities exploited before being publicly disclosed rose from 23.6% in 2024 to 28.96% in 2025
LastPass Warns of Phishing Campaign Attempting to Steal Master Passwords
Phoney email alerts suggest users need to backup their LastPass accounts within 24 hours. LastPass says it would never require this action from users
UK Executives Warn They May Not Survive a Major Cyber-Attack, Vodafone Survey Finds
UK Executives Warn They May Not Survive a Major Cyber-Attack, Vodafone Survey Finds
Over 160,000 Companies Notify Regulators of GDPR Breaches
DLA Piper finds 22% increase in breached firms notifying European GDPR regulators
Phishing and Spoofed Sites Remain Primary Entry Points For Olympics
Cyber risks for the Milano-Cortina 2026 Winter Games include phishing and spoofed websites as key threat vectors
Peruvian Loan Scam Harvests Cards and PINs via Fake Applications
Loan phishing operation in Peru is stealing card info by impersonating financial institutions
VoidLink Linux Malware Was Built Using an AI Agent, Researchers Reveal
Sophisticated malware previously thought to be the work of a well-resourced cyber-crime group was built by one person - with the aid of AI tools
EU Unveils Cybersecurity Overhaul with Proposed Update to Cybersecurity Act
The EU’s Cybersecurity Act 2.0 will aim to address some of the challenges of the current CSA, including the slow rollout of certification schemes
Experts Welcome Global Cybersecurity Vulnerability Enumeration Launch
A new service, the Global Cybersecurity Vulnerability Enumeration (GCVE), offers an alternative to the US-led CVE
Report Fraud Promises to Streamline Fight Against Economic Crime
City of London Police has launched the UK’s national Report Fraud service
Risk of AI Model Collapse to Drive Zero Trust Data Governance, Gartner Says
Gartner predicts 50% of organizations will adopt zero trust data governance by 2028
Chainlit Security Flaws Highlight Infrastructure Risks in AI Apps
2 security vulnerabilities in the Chainlit framework expose risks from web flaws in AI applications
Prompt Injection Bugs Found in Official Anthropic Git MCP Server
Three vulnerabilities in Anthropic's Git server for the MCP can be exploited via prompt injection
