Infosecurity News
Software Vulnerabilities Take Almost Nine Months to Patch
Veracode found a 47% increase in the average time taken to patch software vulnerabilities, driven by growing reliance on third-party code
Chinese Cyber Espionage Jumps 150%, CrowdStrike Finds
In its 2025 Global Threat Report, CrowdStrike observed a significant escalation in Chinese cyber espionage activities
OpenSSF Publishes Security Framework for Open Source Software
OpenSSF has released new baseline security best practices to improve open source software quality
FBI Confirms North Korea’s Lazarus Group as Bybit Crypto Hackers
FBI confirms North Korea’s Lazarus Group responsible for Bybit crypto heist
99% of Organizations Report API-Related Security Issues
99% of organizations report API-related security issues, highlighting risks from API growth
DISA Global Solutions Confirms Data Breach Affecting 3.3M People
DISA Global Solutions confirms data breach affecting 3.3M people, exposing sensitive personal info
Signal May Exit Sweden If Government Imposes Encryption Backdoor
Meredith Whittaker, Signal's CEO, has threatened to pull the company out of Sweden if a proposed government bill requiring encryption backdoors becomes law
HaveIBeenPwned Adds 244 Million Passwords Stolen By Infostealers
HaveIBeenPwned has added over 500 million new passwords and email addresses lifted via infostealers
Ransomware Gang Publishes Stolen Genea IVF Patient Data
IVF clinic Genea has confirmed that stolen patient data has been published online, with the Termite ransomware group appearing to be the perpetrators
Geopolitical Tension Fuels APT and Hacktivism Surge
Europe is hit hard as geopolitics drives increase in state-backed APT and hacktivist activity
61% of Hackers Use New Exploit Code Within 48 Hours of Attack
61% of hackers use new exploit code within 48 hours, ransomware remains top threat in 2024
Ghostwriter Cyber-Attack Targets Ukrainian, Belarusian Opposition
Ghostwriter cyber-attack targets Ukrainian, Belarusian opposition using weaponized Excel documents
Chinese-Backed Silver Fox Plants Backdoors in Healthcare Networks
Forescout observed the recently identified Chinese hacking group using medical imaging software applications to deliver malware
Only a Fifth of Ransomware Attacks Now Encrypt Data
ReliaQuest claims 80% of ransomware attacks now focus solely on exfiltrating data as it is faster
Chinese Botnet Bypasses MFA in Microsoft 365 Attacks
SecurityScorecard revealed that the large-scale password spraying campaign can bypass MFA and security access policies by utilizing Non-interactive sign-ins
Quarter of Brits Report Deepfake Phone Scams
New Hiya data finds 26% of UK consumers encountered a deepfake scam call in Q4 2024
Essential Addons for Elementor XSS Vulnerability Discovered
Elementor plugin flaw puts 2m WordPress websites at risk, allowing XSS attacks via malicious scripts
Michigan Man Indicted for Dark Web Credential Fraud
Michigan man indicted for dark web credential fraud, purchased 2,500 logins from Genesis Market
Google Cloud Shields Data With Quantum-Resistant Digital Signatures
Google Cloud's Key Management Service now features quantum-safe digital signatures to strengthen data integrity and prepare for emerging quantum computing challenges
IT/OT Convergence Fuels Manufacturing Cyber Incidents
Telstra found that 75% of cyber incidents impacting manufacturing firms originated from the targeting of IT systems connected to OT environments