Infosecurity News
New Browser Exploit Technique Undermines Phishing Detection
Fullscreen Browser-in-the-Middle attacks are making it harder for users to detect malicious websites
Malware Analysis Reveals Sophisticated RAT With Corrupted Headers
Fortinet has identified a new Windows RAT operating stealthily on compromised systems with advanced evasion techniques
Thousands of ASUS Routers Hijacked in Stealthy Backdoor Campaign
A threat actor has used ASUS routers’ legitimate features to create persistent backdoors that survive firmware updates and reboots
Cybersecurity Teams Generate Average of $36M in Business Growth
A new EY report found that cybersecurity teams are a major vehicle for business growth, and CISOs should push for a seat at the top table
#Infosec2025: Over 90% of Top Email Domains Vulnerable to Spoofing Attacks
EasyDMARC found that just 7.7% of the world’s top 1.8 million email domains have implemented the most stringent DMARC policy
Ivanti Vulnerability Exploit Could Expose UK NHS Data
Two NHS England trusts could see highly sensitive patient records exposed
Fake Bitdefender Site Spreads Trio of Malware Tools
A spoofed Bitdefender site has been used in a malicious campaign distributing VenomRAT and other malware, according to DomainTools
Czech Republic Accuses China of Government Hack
This is the first time Czech authorities have officially called out a nation-state over a cyber-attack
Microsoft OneDrive Flaw Exposes Users to Data Overreach Risks
A flaw in OneDrive File Picker has exposed millions to data overreach through excessive OAuth permissions
Adidas Customer Data Stolen in Third-Party Attack
Adidas revealed that customer contact information, including names, emails and phone numbers were accessed by an unauthorized party
Vietnam-Nexus Hackers Distribute Malware Via Fake AI Video Generator Websites
A Vietnam-nexus hacking group distributes infostealers and backdoors via social media ads promoting fake AI generator websites
New Russian State Hacking Group Hits Europe and North America
A newly-discovered Russian group, Void Blizzard, has successfully compromised organizations in critical industries, Microsoft warned
DragonForce Ransomware Leveraged in MSP Attack Using RMM Tool
A targeted cyber-attack on an MSP exploited flaws in remote management tools, resulting in ransomware deployment and data theft
Malicious Machine Learning Model Attack Discovered on PyPI
A novel attack exploited machine learning models on PyPI, using zipped Pickle files to deliver infostealer malware
#Infosec2025: Rory Stewart and Paul Chichester to Headline at Infosecurity Europe 2025
Former UK government minister Rory Stewart and NCSC Director of Operations Paul Chichester will explore the growing link between geopolitics and cybersecurity
US Government Launches Audit of NIST’s National Vulnerability Database
The audit of the NVD will be conducted by the US Department of Commerce’s Office of Inspector General
Governments Urge Organizations to Prioritize SIEM/SOAR Adoption
A joint advisory from the US, UK, Australia and others highlights the importance of SIEM/SOAR platforms and overcoming implementation challenges
Chinese Hackers Exploit Cityworks Flaw to Target US Local Governments
Cisco Talos reported that a Chinese group has deployed web shells and malware in local government networks post-exploitation
NIST Introduces New Metric to Measure Likelihood of Vulnerability Exploits
The US National Institute of Standards and Technology (NIST) published a white paper introducing a new metric called Likely Exploited Vulnerabilities (LEV)
Law Enforcement Busts Initial Access Malware Used to Launch Ransomware
A new Europol-led operation has dismantled infrastructure for key initial access malware used to launch ransomware attacks
