Infosecurity News
Blind Eagle Targets Colombian Government with Malicious .url Files
Blind Eagle has been running campaigns targeting the Colombian government with malicious .url files and phishing attacks
New York Sues Allstate Over Data Breach and Security Failures
New York sues Allstate over data breach, alleging security failures that exposed the driver’s license numbers of nearly 200,000 individuals
95% of Data Breaches Tied to Human Error in 2024
Mimecast found that insider threats, credential misuse and user-driven errors were involved in most security incidents last year
CISA Urges All Organizations to Patch Exploited Critical Ivanti Vulnerabilities
The US Cybersecurity and Infrastructure Security Agency (CISA) has added five new flaws in Ivanti and VeraCore products to its Known Exploited Vulnerabilities catalog
Record Number of Girls Compete in CyberFirst Contest
More than 14,500 girls from across the UK took part in this year’s CyberFirst Girls competition
DDoS Blamed as X Suffers Multiple Outages
Pro-Palestine Dark Storm Team group claims responsibility for major DDoS attacks on X
SIM Swapping Fraud Surges in the Middle East
SIM swapping fraud surges in the Middle East as cybercriminals exploit websites mimicking legitimate services to steal personal data
Surge in Malicious Software Packages Exploits System Flaws
A new report by Fortinet reveals techniques used by attackers to evade detection and compromise systems
UK AI Research Under Threat From Nation-State Hackers
The Alan Turing institute urged government and academia to address systemic cultural and structural security barriers in UK AI research
Switzerland Mandates Cyber-Attack Reporting for Critical Infrastructure
Starting April 2025, Swiss critical infrastructure organizations will have to report cyber-attacks to the country’s authorities within 24 hours of discovery
Texas Developer Convicted After Kill Switch Sabotage Plot
Software developer Davis Lu cost his employer hundreds of thousands after deploying malware that caused crashes and failed logins
Number of Unauthorized Cobalt Strike Copies Plummets 80%
Fortra claims the number of unauthorized Cobalt Strike licenses in the wild fell 80% over two years
Ransomware Groups Favor Repeatable Access Over Mass Vulnerability Exploits
Travelers found that ransomware groups are focusing on targeting weak credentials on VPN and gateway accounts for initial access, marking a shift from 2023
Majority of Orgs Hit by AI Cyber-Attacks as Detection Lags
AI-driven cyberattacks are rapidly escalating, with a vast majority of security professionals reporting encounters and anticipating a surge, while struggling with detection
Medusa Ransomware Claims 40+ Victims in 2025, Confirmed Healthcare Attacks
Symantec found that Medusa has listed almost 400 victims on its data leaks site since early 2023, demanding ransom payments as high as $15m
Vulnerability in Chaty Pro Plugin Exposes 18,000 WordPress Sites
An arbitrary file upload vulnerability in the Chaty Pro plugin has been identified, affecting 18,000 WordPress sites
Attackers Target Japanese Firms with Cobalt Strike
Attackers are actively exploiting an RCE flaw in Windows PHP-CGI implementations to target Japanese firms, deploying Cobalt Strike for persistence
Cybersecurity Job Satisfaction Plummets, Women Hit Hardest
Layoffs and cutbacks have been cited as major factors in a significant drop in job satisfaction among women working in cybersecurity, according to ISC2
Six Critical Infrastructure Sectors Failing on NIS2 Compliance
Enisa identifies six sectors that it says must improve on NIS2 compliance
US Charges Members of Chinese Hacker-for-Hire Group i-Soon
The DoJ has charged Chinese government and i-Soon employees for a series of for-profit data theft campaigns
