Infosecurity News

  1. npm Package Lottie-Player Compromised in Supply Chain Attack

    npm package @lottiefiles/lottie-player hacked with malicious code, draining crypto wallets via web3 pop-ups

  2. Google Deindexes Chinese Propaganda Network

    Google’s threat intelligence team uncovered four Chinese PR firms operating networks of inauthentic news sites

  3. UK Launches AI Security Lab to Combat Russian Cyber Threats

    UK Minister Pat McFadden will say in a speech at a NATO conference that adversaries are looking at using AI on the physical and cyber battlefield

  4. Meta Shutters Two Million Scam Accounts in Two-Year Crackdown

    Meta has closed down two million accounts it says were used in scams such as pig butchering

  5. ICO Urges More Data Sharing to Tackle Fraud Epidemic

    The UK’s Information Commissioner’s Office argues that regulatory concerns shouldn’t prevent firms sharing data to stop scams

  6. Microsoft Seizes 240 Websites to Disrupt Global Distribution of Phish Kits

    Microsoft has seized 240 websites associated with the “ONXX” phishing-as-a-service operation, and has sued the developer of this service

  7. Russian Cyber Spies Target Organizations with HatVibe and CherrySpy Malware

    Russian-aligned TAG-110 uses custom tools to spy on governments, human rights groups and educational institutions in Europe and Asia

  8. Three-Quarters of Black Friday Spam Emails Identified as Scams

    Bitdefender found that 77% of Black Friday-themed spam emails in 2024 have been identified as scams, with attackers becoming more creative in their campaigns

  9. Five Ransomware Groups Responsible for 40% of Cyber-Attacks in 2024

    Corvus Insurance highlighted the growing complexity and competition within the ransomware ecosystem, with the threat level remaining elevated

  10. MITRE Unveils Top 25 Most Critical Software Flaws

    The 25 most dangerous software weaknesses between June 2023 and June 2024 are responsible for almost 32,000 vulnerabilities

  11. Manufacturing Sector in the Crosshairs of Advanced Email Attacks

    Phishing attacks, business email compromise and vendor email compromise attacks on manufacturing have surged in the past 12 months

  12. Linux Malware WolfsBane and FireWood Linked to Gelsemium APT

    New Linux malware WolfsBane and FireWood have been linked to Gelsemium APT, a cyber-espionage group targeting critical systems

  13. Vietnam’s Infostealer Crackdown Reveals VietCredCare and DuckTail

    Group-IB revealed key differences in VietCredCare and DuckTail infostealer malware targeting Facebook Business accounts

  14. Google OSS-Fuzz Harnesses AI to Expose 26 Hidden Security Vulnerabilities

    One of these flaws detected using LLMs was in the widely used OpenSSL library

  15. BianLian Ransomware Group Adopts New Tactics, Posing Significant Risk

    The BianLian ransomware group has shifted exclusively to exfiltration-based extortion and is deploying multiple new TTPs for initial access and persistence

  16. Lumma Stealer Proliferation Fueled by Telegram Activity

    Spreading malware via Telegram channels allows threat actors to bypass traditional detection mechanisms and reach a broad, unsuspecting audience

  17. A Fifth of UK Enterprises “Not Sure” If NIS2 Applies

    Over a fifth of large UK businesses aren’t sure of their compliance responsibilities under the new NIS2 directive

  18. Five Charged in Scattered Spider Case

    Five men have been indicted in connection with crimes committed by the Scattered Spider group

  19. Five Privilege Escalation Flaws Found in Ubuntu needrestart

    Five LPE flaws in Ubuntu’s needrestart utility enable attackers to gain root access in versions prior to 3.8

  20. 60% of Emails with QR Codes Classified as Spam or Malicious

    60% of QR code emails are spam according findings from Cisco Talos, who also identified attackers using QR code art to bypass security filters

What’s hot on Infosecurity Magazine?