Infosecurity News

  1. Pro-Russia Hackers NoName057(16) Hit Italian Banks and Airports

    Pro-Russia hackers NoName057(16) has targeted Italian banks, airports and ports in a series of DDoS attacks

  2. South Korea Suspends Downloads of AI Chatbot DeepSeek

    South Korea’s Personal Information Protection Commission is blocking DeepSeek AI downloads over privacy concerns

  3. Microsoft Detects New XCSSET MacOS Malware Variant

    Microsoft has observed a new variant of XCSSET, a sophisticated macOS malware that infects Xcode projects

  4. Telegram Used as C2 Channel for New Golang Malware

    A Golang backdoor is using Telegram as its command and control (C2) channel, an approach that makes detection harder for defenders, according to Netskope researchers

  5. Estonian Duo Plead Guilty to $577m Crypto Ponzi Scheme

    Two Estonian nationals have pleaded guilty to running a cryptocurrency-related Ponzi scheme

  6. Palo Alto Networks and SonicWall Firewalls Under Attack

    Vulnerabilities in firewalls from Palo Alto Networks and SonicWall are currently under active exploitation

  7. Russian Hackers Target Microsoft 365 Accounts with Device Code Phishing

    Volexity highlighted how Russian nation-state actors are stealing Microsoft device authentication codes to compromise accounts

  8. UK's AI Safety Institute Rebrands Amid Government Strategy Shift

    The organization becomes the AI Security Institute as the UK shifts its focus to tackling AI risks to national security

  9. China-Linked Espionage Tools Used in Recent Ransomware Attack

    Symantec found that tools previously only used by Chinese nation-state espionage actors were deployed in a ransomware attack

  10. CISA and FBI Warn Against Buffer Overflow Vulnerabilities

    US agencies have issued a new alert to eliminate buffer overflow vulnerabilities, urging memory-safe programming for secure-by-design software development

  11. Astaroth Phishing Kit Bypasses 2FA Using Reverse Proxy Techniques

    Astaroth is an advanced phishing kit using real-time credential and session cookie capture to compromise Gmail, Yahoo and Office 365 accounts

  12. Romance Baiting Losses Surge 40% Annually

    Ahead of Valentine’s Day, Chainalysis figures reveal 40% increase in losses to pig butchering, or romance baiting, scams

  13. Russian Seashell Blizzard Enlists Specialist Initial Access Subgroup to Expand Ops

    Microsoft found that Russian state actor Seashell Blizzard has deployed an initial access subgroup to gain persistent access in a range of high-value global targets

  14. EFF Leads Fight Against DOGE and Musk's Access to US Federal Workers' Data

    The Electronic Frontier Foundation has requested a US federal court to block Elon Musk’s DOGE access to US Office of Personnel Management Data

  15. North Korea Targets Crypto Devs Through NPM Packages

    SecurityScorecard has uncovered a sophisticated campaign linked to North Korea’s Lazarus Group, distributing crypto-stealing malware

  16. CHERI Security Hardware Program Essential to UK Security, Says Government

    NCSC CTO Ollie Whitehouse discussed a UK government-backed project designed to secure underlying computer hardware, preventing most vulnerabilities from occurring

  17. Romance Scams Cost Americans $697.3M Last Year

    Romance scams cost Americans $697.3m in 2024, with crypto fraud schemes on the rise

  18. Exclusive: Massive IoT Data Breach Exposes 2.7 Billion Records

    Massive IoT data breach exposed 2.7 billion records including Wi-Fi credentials

  19. Security Detection Tech Failing, Say Cyber Leaders in Regulated Industries

    A new Everfox survey shows a growing consensus among regulated organizations in favor of a strategic shift away from detecting cyber threats to preventing them

  20. Microsoft Fixes Another Two Actively Exploited Zero-Days

    February Patch Tuesday sees Microsoft fix four zero-days, including two under active exploitation

What’s hot on Infosecurity Magazine?