Infosecurity News

  1. Threat Actors Target Public-Facing Apps for Initial Access

    Cisco Talos found that exploitation of public-facing applications made up 40% of incidents it observed in Q4 2024, marking a notable shift in initial access techniques

  2. Tata Technologies Hit by Ransomware Attack

    The Indian tech giant temporarily suspended some of its IT services, which have now been restored

  3. DeepSeek's Flagship AI Model Under Fire for Security Vulnerabilities

    Cyber reports exposed major security flaws in DeepSeek’s R1 LLM

  4. International Operation Dismantles Cracked and Nulled Cybercrime Hubs

    A global law enforcement operation has taken down infrastructure used by Cracked.io and Nulled.io, which provide cybercriminal tools and services

  5. Google Blocked 2.36 Million Policy-Violating Apps

    Google Play blocked 2.36 million policy-violating apps and banned 158,000 harmful developer accounts in 2024

  6. Attackers Increase Use of HTTP Clients for Account Takeovers

    HTTP client tools used to compromise Microsoft 365 environments with 78% of tenants targeted in 2024

  7. Syncjacking Attack Enables Full Browser and Device Takeover

    SquareX researchers warn that browser syncjacking could lead to full browser and device hijacking

  8. DeepSeek Exposed Database Leaks Sensitive Data

    Researchers at Wiz uncovered a publicly accessible database belonging to Chinese GenAI provider DeepSeek that leaked sensitive data, including chat history

  9. Ransomware Attack Disrupts Blood Donation Services in US

    New York Blood Center Enterprises revealed that it has been hit by a ransomware attack, disrupting activities and blood drives at its centers across the country

  10. UK Organizations Boost Cybersecurity Budgets

    UK organizations are significantly increasing cybersecurity budgets, with a projected 31% growth in the next year

  11. NCSC Calls on Vendors to Eradicate “Unforgivable” Vulnerabilities

    The UK’s National Cyber Security Centre has released a new paper making it easier to assess if a flaw is “unforgivable”

  12. AI Surge Drives Record 1205% Increase in API Vulnerabilities

    AI-related API vulnerabilities surged 1,205% in 2024, with 99% tied to API flaws, according to a new report by Wallarm

  13. Nation-State Hackers Abuse Gemini AI Tool

    Google highlighted significant abuse of its Gemini LLM tool by nation state actors to support malicious activities, including research and malware development

  14. New Hellcat Ransomware Gang Employs Humiliation Tactics

    Cato Networks highlighted how the recently emerged HellCat ransomware group is using novel psychological tactics to court attention and pressurize victims

  15. Threat Actors Exploit Government Websites for Phishing

    Cybercriminals exploit government websites using open redirects and phishing tactics, bypassing secure email gateway protections

  16. Chinese GenAI Startup DeepSeek Sparks Global Privacy Debate

    Government agencies and privacy watchdogs have started investigating the Chinese AI chatbot provider over data privacy concerns

  17. Breakout Time Accelerates 22% as Cyber-Attacks Speed Up

    ReliaQuest warns threat actor innovation and infostealer activity helped to accelerate breakout time by 22% in 2024

  18. Scores of Critical UK Government IT Systems Have Major Security Holes

    The National Audit Office warns of major gaps in cyber resilience across UK government departments

  19. ENGlobal Cyber-Attack Exposes Sensitive Data

    Energy contractor ENGlobal reported that sensitive personal data was stolen by threat actors, with the incident disrupting operations for six weeks

  20. Lynx Ransomware Group Unveiled with Sophisticated Affiliate Program

    Group-IB researchers have exposed the highly organized affiliate platform and sophisticated operations of the Lynx Ransomware-as-a-Service group

What’s hot on Infosecurity Magazine?