Infosecurity News

  1. Russian APT28 Hackers Hijack Routers to Steal Credentials, UK Security Agency Warns

    Newly identified malicious campaigns are linked to virtual private servers modified by APT28 to operate as malicious DNS servers

  2. GPU Rowhammer Attack Enables Privilege Escalation and Full System Compromise

    GPUBreach uses GPU Rowhammer on GDDR6 to flip bits, corrupt page tables and escalate to system root

  3. GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltration

    GrafanaGhost chains AI prompt injection and URL flaws to exfiltrate sensitive Grafana data

  4. Over $17bn Lost to Cyber Fraud in the Last Year, Warns FBI

    Cryptocurrency scams alone cost victims over $7 billion, while AI-enabled fraud threats are on the rise, says FBI

  5. Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks

    Microsoft has released a new report about the Storm-1175 group and its connection to Medusa ransomware

  6. Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploited

    Fortinet has updated its FortiClient EMS product after zero-day attacks surfaced

  7. New Phishing Platform Used in Credential Theft Campaigns Against C-Suite Execs

    A large-scale credential theft campaign targeting senior executives has been linked to a previously unknown automated phishing platform called Venom

  8. New 'Storm' Infostealer Remotely Decrypts Stolen Credentials

    This modern infostealer adopted server-side decryption of stolen credentials to bypass security controls

  9. NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts

    The UK’s cybersecurity agency offered advice to “high-risk’ individuals” on how to protect against social engineering and cyber-attacks

  10. Apple Expands iOS 18 Security Updates Amid DarkSword Threat

    iOS/iPadOS 18.7.7 updates expanded to protect older devices from DarkSword web exploit kit

  11. Researchers Observe Sub-One-Hour Ransomware Attacks

    Halcyon says Akira is now capable of carrying out an entire ransomware attack in less than an hour

  12. GitHub Used as Covert Channel in Multi-Stage Malware Campaign

    LNK files use GitHub C2, embedded decoders and PowerShell for persistence and data exfiltration

  13. Most CNI Firms Face Up to £5m in Downtime from OT Attacks

    E2e-assure says 80% of critical infrastructure providers could face millions in downtime from cyber-attacks

  14. Google Introduces Android Dev Verification Amid Openness Debate

    Android requires dev identity verification for sideloaded apps; phased global rollout from September

  15. New Venom Stealer MaaS Platform Automates Continuous Data Theft

    Venom Stealer malware-as-a-service automates ClickFix social engineering, credential and crypto exfiltration

  16. Chinese Hackers Target European Governments in Espionage Campaigns

    Chinese state-backed group TA416 had suspended its cyber espionage operations in Europe since 2023, noted Proofpoint

  17. Eight in 10 UK Manufacturers Hit by Cyber Incident in a Year

    Most UK manufacturers compromised last year suffered financial loss, says ESET

  18. Hackers Hijack Axios npm Package to Spread RATs

    Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s account, researchers warn

  19. Maryland Man Charged Over $53m Uranium Finance Crypto Hack

    Maryland man accused of $53m Uranium Finance hack, exploited smart contract flaws, laundered funds

  20. Phantom Project Bundles Infostealer, Crypter and RAT For Sale

    Phantom Stealer .NET harvests browser credentials, cookies, cards, sessions, as stealer-as-a-service

Why Not Watch?

  1. How to Recover From a Cyber-Attack: A Step-by-Step Playbook

  2. How Trusted Time Strengthens Network Security

  3. Securing M365 Data and Identity Systems Against Modern Adversaries

  4. How to Maintain the Intelligence Edge in a Disrupted Threat Landscape

What’s Hot on Infosecurity Magazine?