Infosecurity News
Bybit Heist Fuels Record Crypto-Theft Surge, Says CertiK
Hackers stole $1.67bn of cryptocurrencies in the first quarter of 2025, a 303% increase
North Korea's Fake IT Worker Scheme Sets Sights on Europe
Google has found a significant increase in North Korean actors attempting to gain employment as IT workers in European companies, leading to data theft and extortion
Steam Surges to Top of Most Spoofed Brands List in Q1
Gaming community Steam appeared most often in phishing emails and texts detected by Guardio in Q1 2025
ICO Apologizes After Data Protection Response Snafu
The UK’s data protection regulator says it is overwhelmed with complaints from the public
WP Ultimate CSV Importer Flaws Expose 20,000 Websites to Attacks
WP Ultimate CSV Importer flaws expose 20,000 websites to attacks enabling attackers to achieve full site compromise
Ukraine Blames Russia for Railway Hack, Labels It "Act of Terrorism"
The CERT-UA investigation concluded that the attack’s techniques were “characteristic of Russian intelligence services”
New Phishing Attack Combines Vishing and DLL Sideloading Techniques
A new attack targeting Microsoft Teams users used vishing, remote access tools and DLL sideloading to deploy a JavaScript backdoor
Google to Switch on E2EE for All Gmail Users
Google is set to roll out end-to-end encryption for all Gmail users, boosting security, compliance and data sovereignty efforts
Cybercriminals Expand Use of Lookalike Domains in Email Attacks
BlueVoyant found that the use of lookalike domains in email-based attacks is allowing actors to extend the types of individuals and organizations being targeted
Cyber Security and Resilience Bill Will Apply to 1000 UK Firms
A thousand UK service providers will be expected to comply with the forthcoming Cyber Security and Resilience Bill
New Malware Variant RESURGE Exploits Ivanti Vulnerability
CISA recommends immediate action to address malware variant RESURGE exploiting Ivanti vulnerability CVE-2025-0282
ClickFake Interview Campaign by Lazarus Targets Crypto Job Seekers
New “ClickFake Interview” campaign attributed to the Lazarus Group targets crypto professionals with fake job offers
EU Commission to Invest €1.3bn in Cybersecurity and AI
The funding will go to several projects within the Digital Europe Programme (DIGITAL) work program for 2025 to 2027
NCSC Urges Users to Patch Next.js Flaw Immediately
The UK’s National Cyber Security Agency has called on Next.js users to patch CVE-2025-29927
US Seizes $8.2m from Romance Baiting Scammers
The DoJ has managed to recoup over $8m from scammers, stolen in romance baiting schemes
Solar Power System Vulnerabilities Could Result in Blackouts
Forescout researchers found multiple vulnerabilities in leading solar power system manufacturers, which could be exploited to cause emergencies and blackouts
Nine in Ten Healthcare Organizations Use the Most Vulnerable IoT Devices
Claroty revealed that 89% of healthcare organizations use the top 1% of riskiest Internet-of-Medical-Things (IoMT) devices
Trump CISA Cuts Threaten US Election Integrity, Experts Warn
Expert speakers discussed the impact of reported cutbacks to CISA on the ability of local officials to protect against surging cyber-attacks on US election infrastructure
Morphing Meerkat PhaaS Platform Spoofs 100+ Brands
A PhaaS platform, dubbed 'Morphing Meerkat,' uses DNS MX records to spoof over 100 brands and steal credentials, according to Infoblox Threat Intel
CoffeeLoader Malware Loader Linked to SmokeLoader Operations
Newly identified CoffeeLoader uses multiple evasion techniques and persistence mechanisms to deploy payloads and bypass endpoint security
