Infosecurity News

  1. OpenSSH Flaws Expose Systems to Critical Attacks

    Significant OpenSSH flaws are exposing systems to man-in-the-middle and denial-of service attacks

  2. Mustang Panda Leverages Microsoft Tools to Bypass Anti-Virus Solutions

    Trend Micro found that Chinese espionage group Mustang Panda is deploying malware via legitimate Microsoft tools, enabling it to bypass ESET antivirus applications

  3. Evolving Snake Keylogger Variant Targets Windows Users

    A new Snake Keylogger variant, responsible for over 280 million blocked infection attempts worldwide, has been identified targeting Windows users

  4. BlackLock On Track to Be 2025’s Most Prolific Ransomware Group

    The BlackLock or Eldorado ransomware gang could be the year’s fastest-growing ransomware-as-a-service group

  5. Proofpoint Uncovers FrigidStealer, A New MacOS Infostealer

    Proofpoint also identified two new threat actors operating components of web inject campaigns, TA2726 and TA2727

  6. Zacks Investment Research Breach Hits 12 Million

    A threat actor claims to have hacked and published data on 12 million Zacks Investment Research accounts

  7. Pro-Russia Hackers NoName057(16) Hit Italian Banks and Airports

    Pro-Russia hackers NoName057(16) has targeted Italian banks, airports and ports in a series of DDoS attacks

  8. South Korea Suspends Downloads of AI Chatbot DeepSeek

    South Korea’s Personal Information Protection Commission is blocking DeepSeek AI downloads over privacy concerns

  9. Microsoft Detects New XCSSET MacOS Malware Variant

    Microsoft has observed a new variant of XCSSET, a sophisticated macOS malware that infects Xcode projects

  10. Telegram Used as C2 Channel for New Golang Malware

    A Golang backdoor is using Telegram as its command and control (C2) channel, an approach that makes detection harder for defenders, according to Netskope researchers

  11. Estonian Duo Plead Guilty to $577m Crypto Ponzi Scheme

    Two Estonian nationals have pleaded guilty to running a cryptocurrency-related Ponzi scheme

  12. Palo Alto Networks and SonicWall Firewalls Under Attack

    Vulnerabilities in firewalls from Palo Alto Networks and SonicWall are currently under active exploitation

  13. Russian Hackers Target Microsoft 365 Accounts with Device Code Phishing

    Volexity highlighted how Russian nation-state actors are stealing Microsoft device authentication codes to compromise accounts

  14. UK's AI Safety Institute Rebrands Amid Government Strategy Shift

    The organization becomes the AI Security Institute as the UK shifts its focus to tackling AI risks to national security

  15. China-Linked Espionage Tools Used in Recent Ransomware Attack

    Symantec found that tools previously only used by Chinese nation-state espionage actors were deployed in a ransomware attack

  16. CISA and FBI Warn Against Buffer Overflow Vulnerabilities

    US agencies have issued a new alert to eliminate buffer overflow vulnerabilities, urging memory-safe programming for secure-by-design software development

  17. Astaroth Phishing Kit Bypasses 2FA Using Reverse Proxy Techniques

    Astaroth is an advanced phishing kit using real-time credential and session cookie capture to compromise Gmail, Yahoo and Office 365 accounts

  18. Romance Baiting Losses Surge 40% Annually

    Ahead of Valentine’s Day, Chainalysis figures reveal 40% increase in losses to pig butchering, or romance baiting, scams

  19. Russian Seashell Blizzard Enlists Specialist Initial Access Subgroup to Expand Ops

    Microsoft found that Russian state actor Seashell Blizzard has deployed an initial access subgroup to gain persistent access in a range of high-value global targets

  20. EFF Leads Fight Against DOGE and Musk's Access to US Federal Workers' Data

    The Electronic Frontier Foundation has requested a US federal court to block Elon Musk’s DOGE access to US Office of Personnel Management Data

What’s hot on Infosecurity Magazine?