Infosecurity News

  1. Government Agencies Falling Victim to Ransomware Daily, Warns Study

    Government organizations are targeted by attackers who know agencies cannot afford disruption to public services

  2. 23andMe Faces New Security Mandates in $18m Data Breach Settlement

    23andMe has agreed to an $18m settlement with 42 US attorneys general over its 2023 data breach, including enhanced data protection requirements

  3. CISA Mandates Urgent Patch for Actively Exploited Critical Fortinet Vulnerabilities

    US government agencies have until July 19 to patch two critical Fortinet vulnerabilities

  4. The Gentlemen Overtakes Qilin as Most Prolific Ransomware Threat

    Analysis of ransomware incidents by ReliaQuest indicates a shift in the ransomware landscape

  5. Phishing Campaign Hides Lua Loader as TrueType Font File

    Global phishing campaign disguised a Lua loader as a font file to deploy RATs and infostealers

  6. Modular macOS Stealer Uses Kill Loops to Force Password Entry

    New ClickLock macOS stealer locked victims out of their own system until they surrendered a password

  7. Single Prompt Enables ChatGPT to Execute Full Cyber-Attack Chain, Researchers Claim

    Cybersecurity researchers tested Open AI GPT 5.5’s offensive cyber capabilities – and the results showed how effective a frontier LLM can be for hackers

  8. "Selfish Bravado" Behind TfL Cyber-Attack, Judge Says as Pair Jailed

    The perpetrators of the 2024 TfL cyber-attack have been jailed for five and a half years each after pleading guilty to Computer Misuse Act offences

  9. SANS Warns of AI Governance Gap as Use by Security Teams Surges

    SANS Institute says governance programs are still nascent even as AI failures and threats grow

  10. US Launches Gold Eagle to Coordinate AI-Driven Vulnerability Management

    The White House announced Gold Eagle to help accelerate the discovery, prioritization and patching of flaws found by AI

  11. Phishing Campaign Abuses eCards to Deploy RMM Tools

    Six-month phishing campaign used seasonal eCard lures to plant legitimate RMM tools on victims

  12. Eleven Vulnerable UEFI Shims Enable Secure Boot Bypass

    Eleven forgotten Microsoft-signed UEFI shims can bypass Secure Boot on almost any machine

  13. Compromised Logins Surge as the Most Common Entry Point for Ransomware Attacks

    Research of incidents by Sophos finds that phishing, brute force attacks and other identity-based threats have surpassed software vulnerabilities as means of delivering ransomware

  14. Progress Restores ShareFile Storage Zones Access After Security Warning

    Progress has restored access to its ShareFile Storage Zones Controller after a four-day suspension triggered by a credible external security threat

  15. Microsoft Patches 570 CVEs in Record Patch Tuesday

    Microsoft released fixes for a record 570 CVEs in its July Patch Tuesday update, as experts warn AI is dramatically accelerating vulnerability discovery and increasing patch volumes

  16. Government Updates UK’s National Risk Register with Cyber Warnings

    The UK government is warning of the potential impact of catastrophic cyber-attacks

  17. US: Pentagon Suspends CMMC Phase II Requirements for Defense Contractors

    The US Department of Defense announced the immediate suspension of the CMMC Phase II requirements until further review

  18. New MacOS Malware Exploits Legitimate Developer ID to Pose as Apple Crash Reporter

    Researchers at Jamf Threat Labs detail CrashStealer, which steals passwords, cryptocurrency wallets and more

  19. Lidl Notifies Customers of Third-Party Data Breach

    Supermarket giant Lidl has revealed details of a supplier breach impacting customer data

  20. Five Charged in “Russian Coms” Fraud Platform Case

    Five UK residents have been charged in relation to supplying Russian Coms fraud devices and apps

What’s Hot on Infosecurity Magazine?