Infosecurity News

  1. Autonomous System Uncovers Long-Standing OpenSSL Flaws

    A recent update has fixed 12 vulnerabilities in OpenSSL, some existing in the codebase for years

  2. Critical and High Severity n8n Sandbox Flaws Allow RCE

    Two critical security flaws in n8n have exposed sandboxing vulnerabilities, enabling remote code execution for attackers

  3. Emojis in PureRAT’s Code Point to AI-Generated Malware Campaign

    Researchers discover that PureRAT’s code now contains emojis – indicating it has been written by AI based-on comments ripped from social media.

  4. AI Security Threats Loom as Enterprise Usage Jumps 91%

    Zscaler analysts found critical vulnerabilities in 100% of enterprise AI systems, with 90% compromised in under 90 minutes

  5. Researchers Uncover 454,000+ Malicious Open Source Packages

    Sonatype warns that open source threats became industrialized with a surge in malicious packages in 2025

  6. Chinese Money Launderers Drive Global Ecosystem Worth $82bn

    Chainalysis claims Chinese money launderers now account for 20% of global activity

  7. Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core

    Critical sandbox escape vulnerability in Grist-Core enables remote code execution via a malicious formula

  8. PeckBirdy Framework Tied to China-Aligned Cyber Campaigns

    PeckBirdy command-and-control framework targeting gambling, government sectors in Asia since 2023 has been linked to China-aligned APTs

  9. Over 80% of Ethical Hackers Now Use AI

    Bugcrowd study reveals 82% of security researchers now use AI, a big increase from 2023 figures

  10. Microsoft Releases Patch for Office Zero Day Amid Evidence of Exploitation

    Microsoft urged customers running Microsoft Office 2016 and 2019 to apply the patch to be protected

  11. World Leaks Ransomware Group Claims 1.4TB Nike Data Breach

    Nike is investigating after the World Leaks ransomware group posted a 1.4TB data dump

  12. CISA Releases List of Post-Quantum Cryptography Product Categories

    CISA released initial list of PQC-capable hardware and software to guide companies amid quantum threats

  13. Researchers Uncover “Haxor” SEO Poisoning Marketplace

    Fortra researchers have discovered a new SEO poisoning operation known as “HaxorSEO”

  14. Law Firm Investigates Coupang Security Failures Ahead of Class Action Deadline

    The US law firm Hagens Berman will lead a class action lawsuit against Coupang over security failures that led to a June 2025 data breach

  15. Okta Flags Customized, Reactive Vishing Attacks Which Bypass MFA

    Threat actors posing as IT support teams use phishing kits to generate fake login sites in real-time to trick victims into handing over credentials

  16. Wiper Attack on Polish Power Grid Linked to Russia’s Sandworm

    A destructive cyber attack targeting Poland’s energy sector has been linked to Russian APT group Sandworm

  17. NHS Issues Open Letter Demanding Improved Cybersecurity Standards from Suppliers

    Open letter by NHS technology leaders outlines plans to identify risks to software supply chain security across health and social care system

  18. Under Armour Investigates Data Breach After 72 Million Records Allegedly Exposed

    Under Armour said there is no evidence at this point to suggest the incident affected systems used to process payments or store customer passwords

  19. Critical Appsmith Flaw Enables Account Takeovers

    Critical vulnerability in Appsmith allows account takeover via flawed password reset process

  20. RealHomes CRM Plugin Flaw Affected 30,000 WordPress Sites

    Security flaw in RealHomes CRM plugin allowed file uploads; patches released for 30,000+ sites

Why Not Watch?

  1. Mastering AI Security With ISACA’s New AAISM Certification

  2. Modernizing GRC: From Checkbox to Strategic Advantage

  3. How To Enhance Security Operations with AI-Powered Defenses

  4. Five Non-Negotiable Strategies to Get Identity Security Right in 2026

What’s Hot on Infosecurity Magazine?