Infosecurity News
PJobRAT Malware Targets Users in Taiwan via Fake Apps
PJobRAT malware targets Taiwan Android users, stealing data through fake messaging platforms
No MFA? Expect Hefty Fines, UK’s ICO Warns
The ICO’s Deputy Commissioner told Infosecurity that organizations that fail to implement MFA and suffer a breach can expect heavy penalties
Chinese Spy Group FamousSparrow Back with a Vengeance, Targets US
Once considered inactive, the Chinese cyber espionage group FamousSparrow has reemerged, targeting organizations across the US, Mexico and Honduras
NCA Warns of Sadistic Online “Com” Networks
The UK’s National Crime Agency is warning of a growing cyber and physical threat from homegrown teens
NCSC Urges Domain Registrars to Improve Security
The UK’s National Cyber Security Centre has released new guidance to help domain registrars enhance security
SecurityScorecard Observes Surge in Third-Party Breaches
In its 2025 Global Third-Party Breach Report, SecurityScorecard has found that 35.5% of all cyber breaches in 2024 were third-party related, up from 29% in 2023
Threat Actors Abuse Trust in Cloud Collaboration Platforms
Threat actors are exploiting cloud platforms like Adobe and Dropbox to evade email gateways and steal credentials
Malicious npm Packages Deliver Sophisticated Reverse Shells
A newly discovered malware campaign uses malicious npm packages to deploy reverse shells, compromising development environments
ETSI Publishes New Quantum-Safe Encryption Standards
Standards body ETSI has defined a scheme for key encapsulation mechanisms with access control (KEMAC), enabling quantum-secure encryption
ENISA Probes Space Threat Landscape in New Report
EU security agency ENISA has released a new report outlining the threats and potential mitigations for the space sector
UK Government’s New Fraud Strategy to Focus on Tech-Enabled Threats
The UK government’s new fraud minister will today announce plans for a newly expanded fraud strategy
New Android Malware Uses .NET MAUI to Evade Detection
McAfee researchers have identified a new wave of Android malware campaigns leveraging .NET MAUI to steal sensitive user information through fake apps
Cybercriminals Use Atlantis AIO to Target 140+ Platforms
Cybercriminals are increasingly leveraging Atlantis AIO, which automates credential stuffing attacks across more than 140 platforms
NIST Warns of Significant Limitations in AI/ML Security Mitigations
NIST has urged more research and emphasis on developing mitigations for attacks on AI and ML systems
China-Linked Weaver Ant Hackers Exposed After Four-Year Telco Infiltration
Sygnia has uncovered Weaver Ant, a Chinese threat actor that spied on telecommunications networks for years
Dark Web Mentions of Malicious AI Tools Spike 200%
Kela researchers detect a 200%+ increase in dark web chatter about malicious AI tools
IngressNightmare: Four Critical Bugs Found in 40% of Cloud Systems
Wiz Security finds four critical RCE vulnerabilities in the Ingress NGINX Controller for Kubernetes
VanHelsingRaaS Expands Rapidly in Cybercrime Market
VanHelsingRaaS, a new ransomware-as-a-service program, infected three victims within two weeks of release, demanding ransoms of $500,000
Ukraine Railway Systems Hit by Targeted Cyber-Attack
Ukraine’s national railway company has suffered a “large-scale” cyber-attack, disrupting online services and operations
Authorities Seize 1842 Devices in Africa’s Cybercrime Crackdown
Authorities in seven African countries have arrested 306 suspects and seized 1842 devices in Operation Red Card
