Infosecurity News
RCE Vulnerability Found in RomethemeKit For Elementor Plugin
RomethemeKit for Elementor has released a patch addressing an RCE vulnerability exposing 30,000 sites
GDPR Changes Risk Undermining its Principles, Civil Society Groups Warn
Civil society groups and academics are calling for the EU's GDPR to remain unchanged following the EU Commission's plans to revisit it
SEC SIM Swapper Gets 14 Months for X Account Hijack
An Alabama man has been sentenced to 14 months for hacking the SEC’s X account
Legal Aid Agency Admits Major Breach of Applicant Data
The UK government says that hackers accessed a “large amount” of personal information in attack on Legal Aid Agency
#Infosec2025: How CISOs Can Stay Ahead of Evolving Cloud Threats
Security experts tell Infosecurity about the cloud attack trends in the past year, and how CISOs can mitigate evolving techniques
US Officials Impersonated Via SMS and Voice Deepfakes
The FBI has warned about an ongoing smishing and vishing scheme using AI deepfakes to impersonate US officials
UK Cyber Vacancies Growing 12% Per Year
An analysis by Robert Walters found there are around 17,000 cybersecurity vacancies in the UK currently, with organizations struggling to fill open positions
Russian Espionage Operation Targets Organizations Linked to Ukraine War
In Operation RoundPress, the compromise vector is a spearphishing email leveraging an XSS vulnerability to inject malicious JavaScript code into the victim's webmail page
Healthcare Cyber-Attacks Intensify, Sector Now Prime Target
New data from Darktrace showed that cyber-attacks targeting healthcare organizations increased in intensity in 2024
Coinbase Offers $20m Bounty to Take Down Cybercrime Ring Behind Hack
Coinbase is offering a $20m reward to help catch the threat actor behind a cyber-attack that could cost it between $180-$400m
PowerShell-Based Loader Deploys Remcos RAT in New Fileless Attack
A stealthy fileless PowerShell attack using Remcos RAT bypassed antivirus by operating in memory
SAP NetWeaver Flaw Exploited by Ransomware Groups and Chinese-Backed Hackers
The critical vulnerability is being exploited by BianLian, RansomwEXX and a Chinese nation-state actor known as Chaya_004
Dior Confirms Data Breach Affecting Customer Information
Dior confirmed a data breach compromising customer personal information, discovered on May 7
New Linux Vulnerabilities Surge 967% in a Year
Researchers discovered over 3000 Linux vulnerabilities in 2024, the most of any category
"Endemic" Ransomware Prompts NHS to Demand Supplier Action on Cybersecurity
The voluntary cybersecurity charter asks NHS suppliers to commit to eight cybersecurity pledges, amid rising attacks on healthcare
Fraud Losses Hit $11m Per Company as Customer Abuse Soars
Most online merchants now believe customers pose as big a threat as professional fraudsters
#Infosec2025: Ransomware Enters ‘Post-Trust Ecosystem,’ NCA Cyber Expert Says
The ransomware landscape is more fragmented than ever, with no “market leader,” says William Lyne, Head of Intelligence at the NCA
Android Enterprise Launches Device Trust For Enhanced Security
Android Enterprise introduced Device Trust to enhance mobile security on Android devices
CISA Reverses Decision on Cybersecurity Advisory Changes
CISA paused plans to overhaul its advisory system after backlash from the infosec community
New Fortinet and Ivanti Zero Days Exploited in the Wild
Fortinet and Ivanti published advisories on the same day revealing that attackers are exploiting new zero days, one of which is rated critical