Infosecurity News

Modular macOS Stealer Uses Kill Loops to Force Password Entry
New ClickLock macOS stealer locked victims out of their own system until they surrendered a password

Single Prompt Enables ChatGPT to Execute Full Cyber-Attack Chain, Researchers Claim
Cybersecurity researchers tested Open AI GPT 5.5’s offensive cyber capabilities – and the results showed how effective a frontier LLM can be for hackers

"Selfish Bravado" Behind TfL Cyber-Attack, Judge Says as Pair Jailed
The perpetrators of the 2024 TfL cyber-attack have been jailed for five and a half years each after pleading guilty to Computer Misuse Act offences

SANS Warns of AI Governance Gap as Use by Security Teams Surges
SANS Institute says governance programs are still nascent even as AI failures and threats grow

US Launches Gold Eagle to Coordinate AI-Driven Vulnerability Management
The White House announced Gold Eagle to help accelerate the discovery, prioritization and patching of flaws found by AI

Phishing Campaign Abuses eCards to Deploy RMM Tools
Six-month phishing campaign used seasonal eCard lures to plant legitimate RMM tools on victims

Eleven Vulnerable UEFI Shims Enable Secure Boot Bypass
Eleven forgotten Microsoft-signed UEFI shims can bypass Secure Boot on almost any machine

Compromised Logins Surge as the Most Common Entry Point for Ransomware Attacks
Research of incidents by Sophos finds that phishing, brute force attacks and other identity-based threats have surpassed software vulnerabilities as means of delivering ransomware

Progress Restores ShareFile Storage Zones Access After Security Warning
Progress has restored access to its ShareFile Storage Zones Controller after a four-day suspension triggered by a credible external security threat

Microsoft Patches 570 CVEs in Record Patch Tuesday
Microsoft released fixes for a record 570 CVEs in its July Patch Tuesday update, as experts warn AI is dramatically accelerating vulnerability discovery and increasing patch volumes

Government Updates UK’s National Risk Register with Cyber Warnings
The UK government is warning of the potential impact of catastrophic cyber-attacks

US: Pentagon Suspends CMMC Phase II Requirements for Defense Contractors
The US Department of Defense announced the immediate suspension of the CMMC Phase II requirements until further review

New MacOS Malware Exploits Legitimate Developer ID to Pose as Apple Crash Reporter
Researchers at Jamf Threat Labs detail CrashStealer, which steals passwords, cryptocurrency wallets and more

Lidl Notifies Customers of Third-Party Data Breach
Supermarket giant Lidl has revealed details of a supplier breach impacting customer data

Five Charged in “Russian Coms” Fraud Platform Case
Five UK residents have been charged in relation to supplying Russian Coms fraud devices and apps

Open Directory Exposes Three Evilginx Phishing Operators
Misconfigured server exposed three phishing operators running Evilginx forks to bypass MFA

Pakistani Police Systems Hit by Chinese and Indian Espionage
Chinese and Indian spies converged on the same Balochistan police force, SentinelLabs found

Novel OAuth Client ID Spoofing Technique Targets Cloud Environments
New research reveals cyber-attackers can spoof OAuth Client IDs in Microsoft Entra ID, creating a stealthy path into cloud environments

Progress Software Warns of "External Security Threat" to ShareFile
Progress Software, the provider of the popular file-sharing and data storage solutions, has urged customers to shut down the server hosting their Storage Zone Controller

Russian State Hackers Target Vulnerable Routers Worldwide, Joint Advisory Warns
Cybersecurity agencies from 12 countries have warned that Russian state-backed hackers are actively targeting vulnerable routers using weak SNMP credentials



